{"version": 3, "term": {"cols": 140, "rows": 35}, "timestamp": 1776865910, "command": "bash --noprofile --norc -c \"PS1=\\\"opentaint-demo \\$ \\\"; printf \\\"%s\\\" \\\"\\$PS1\\\"; printf \\\"opentaint scan\\\\n\\\"; opentaint scan\"", "env": {"SHELL": "/bin/zsh"}}
[0.0072, "o", "opentaint-demo $ opentaint scan\r\n"]
[0.013199999999999998, "o", "\u001b]11;?\u0007\u001b[c"]
[0.18, "o", "\u001b]11;?\u0007\u001b[c"]
[0.18, "o", "\u001b]11;?\u0007\u001b[c"]
[0.18, "o", "\u001b]11;?\u0007\u001b[c"]
[0.18, "o", "\u001b[2m╭─\u001b[m\u001b[1;95mOpenTaint Scan\u001b[m\u001b[2m─╮\u001b[m\r\n\u001b[2m╰─┬──────────────╯\u001b[m\r\n"]
[0.0, "o", "  \u001b[2m├─ \u001b[m\u001b[94mProject model:\u001b[m ~/.opentaint/cache/java-spring-demo/project-model\r\n  \u001b[2m└─ \u001b[m\u001b[94mBundled ruleset:\u001b[m rules/v0.1.1\r\n"]
[0.0, "o", "\r\n"]
[0.06119999999999999, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m0s\u001b[m"]
[0.0594, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m0s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m0s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m0s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m1s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m1s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m1s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m1s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m1s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m1s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m1s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m1s\u001b[m"]
[0.0594, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m1s\u001b[m"]
[0.0606, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m1s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m2s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m2s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m2s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m2s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m2s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m2s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m2s\u001b[m"]
[0.063, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m2s\u001b[m"]
[0.0576, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m2s\u001b[m"]
[0.0594, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m2s\u001b[m"]
[0.0606, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m3s\u001b[m"]
[0.0594, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m3s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m3s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m3s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m3s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m3s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m3s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m3s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m3s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m3s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m4s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m4s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m4s\u001b[m"]
[0.0606, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m4s\u001b[m"]
[0.0594, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m4s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m4s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m4s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m4s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m4s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m4s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m5s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m5s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m5s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m5s\u001b[m"]
[0.0606, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m5s\u001b[m"]
[0.0594, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m5s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m5s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m5s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m5s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m5s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m6s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m6s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m6s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m6s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m6s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m6s\u001b[m"]
[0.0678, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m6s\u001b[m"]
[0.052199999999999996, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m6s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m6s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m6s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m7s\u001b[m"]
[0.0606, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m7s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m7s\u001b[m"]
[0.0594, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m7s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m7s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m7s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m7s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m7s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m7s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m7s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m8s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m8s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m8s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m8s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m8s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m8s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m8s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m8s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m8s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m8s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m9s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m9s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m9s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m9s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m9s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m9s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m9s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m9s\u001b[m"]
[0.0606, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m9s\u001b[m"]
[0.0594, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m9s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m10s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m10s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▱▱\u001b[m Analyzing project \u001b[90m10s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▱\u001b[m Analyzing project \u001b[90m10s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m10s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m10s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m10s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▱\u001b[m Analyzing project \u001b[90m10s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▱▰\u001b[m Analyzing project \u001b[90m10s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▱▰▰\u001b[m Analyzing project \u001b[90m10s\u001b[m"]
[0.06, "o", "\r\u001b[K\u001b[94m▰▰▰\u001b[m Analyzing project \u001b[90m11s\u001b[m"]
[0.0564, "o", "\r\u001b[K\u001b[92m✓\u001b[m Analyzing project in \u001b[90m11s\u001b[m\r\n"]
[0.0024, "o", "\r\n"]
[0.0006, "o", "\u001b[2m╭─\u001b[m\u001b[1;95mRule Statistics\u001b[m\u001b[2m─╮\u001b[m\r\n\u001b[2m╰─┬───────────────╯\u001b[m\r\n"]
[0.0, "o", "  \u001b[2m└─ \u001b[mRule parsing issues\r\n  \u001b[2m   \u001b[m\u001b[2m└─ \u001b[mNo issues found\r\n\r\n"]
[0.0006, "o", "\u001b[2m╭─\u001b[m\u001b[1;95mScan Summary\u001b[m\u001b[2m─╮\u001b[m\r\n\u001b[2m╰─┬────────────╯\u001b[m\r\n"]
[0.0, "o", "  \u001b[2m├─ \u001b[mFindings\r\n  \u001b[2m│  \u001b[m\u001b[2m├─ \u001b[m\u001b[94mTotal:\u001b[m \u001b[1;91m13 errors\u001b[m\r\n  \u001b[2m│  \u001b[m\u001b[2m├─ \u001b[m\u001b[94mFiles affected:\u001b[m 5\r\n  \u001b[2m│  \u001b[m\u001b[2m├─ \u001b[m\u001b[94mRules executed:\u001b[m 78\r\n  \u001b[2m│  \u001b[m\u001b[2m└─ \u001b[m\u001b[94mRules triggered:\u001b[m 3\r\n  \u001b[2m│  \u001b[m\u001b[2m   \u001b[m\u001b[2m├─ \u001b[mjava.security.xss-in-spring-app: \u001b[1;91m10 errors\u001b[m [CWE-79]\r\n  \u001b[2m│  \u001b[m\u001b[2m   \u001b[m\u001b[2m│  \u001b[m\u001b[2m└─ \u001b[mPotential cross-site scripting (XSS)\r\n  \u001b[2m│  \u001b[m\u001b[2m   \u001b[m\u001b[2m├─ \u001b[mjava.security.ssti: \u001b[1;91m2 errors\u001b[m [CWE-1336, CWE-94]\r\n  \u001b[2m│  \u001b[m\u001b[2m   \u001b[m\u001b[2m│  \u001b[m\u001b[2m└─ \u001b[mUnvalidated user data flows into template engine\r\n  \u001b[2m│  \u001b[m\u001b[2m   \u001b[m\u001b[2m└─ \u001b[mjava.security.ssrf: \u001b[1;91m1 error\u001b[m [CWE-918]\r\n  \u001b[2m│  \u001b[m\u001b[2m   \u001b[m\u001b[2m   \u001b[m\u001b[2m└─ \u001b[mPotential server-side request forgery (SSRF)\r\n  \u001b[2m└─ \u001b[mOutput\r\n  \u001b[2m   \u001b[m\u001b[2m├─ \u001b[m\u001b[94mReport:\u001b[m ~/.opentaint/cache/java-spring-demo/project-model/sources/opentaint.sarif\r\n  \u001b[2m   \u001b[m\u001b[2m└─ \u001b[m\u001b[94mLog"]
[0.0, "o", ":\u001b[m ~/.opentaint/logs/java-spring-demo/scan.log\r\n"]
[0.0, "o", "\r\n"]
[0.0, "o", "\u001b[2m╭─\u001b[m\u001b[1;95mSuggestions\u001b[m\u001b[2m─╮\u001b[m\r\n\u001b[2m╰─┬───────────╯\u001b[m\r\n"]
[0.0, "o", "  \u001b[2m└─ \u001b[m\u001b[92mTo view findings run\u001b[m\r\n  \u001b[2m   \u001b[m\u001b[2m└─ \u001b[m\u001b[1mopentaint summary ~/.opentaint/cache/java-spring-demo/project-model/sources/opentaint.sarif --show-findings\u001b[m\r\n"]
[2.5, "o", ""]