diff --git a/__tests__/main.test.ts b/__tests__/main.test.ts
index 96f85fa..2a1e418 100644
--- a/__tests__/main.test.ts
+++ b/__tests__/main.test.ts
@@ -1,7 +1,79 @@
+import {normalizeCweId} from '../src/utils'
+
 describe('main', () => {
   it('placeholder test', () => {
     // This is a placeholder test to prevent Jest from failing
     // TODO: Add proper unit tests for the main module
     expect(true).toBe(true)
   })
+
+  describe('CWE ID normalization', () => {
+    it('should handle CWE IDs with leading zeros', () => {
+      // Test that 099 maps to 99
+      const normalizedId = normalizeCweId('099')
+      expect(normalizedId).toBe('99')
+    })
+
+    it('should handle CWE IDs without leading zeros', () => {
+      // Test that 89 maps to 89
+      const normalizedId = normalizeCweId('89')
+      expect(normalizedId).toBe('89')
+    })
+
+    it('should handle CWE IDs with multiple leading zeros', () => {
+      // Test that 020 maps to 20
+      const normalizedId = normalizeCweId('020')
+      expect(normalizedId).toBe('20')
+    })
+
+    it('should return null for non-numeric CWE IDs', () => {
+      // Test that invalid CWE IDs return null
+      const normalizedId = normalizeCweId('abc')
+      expect(normalizedId).toBeNull()
+    })
+
+    it('should return null for empty strings', () => {
+      // Test that empty strings return null
+      const normalizedId = normalizeCweId('')
+      expect(normalizedId).toBeNull()
+    })
+
+    it('should return null for strings with only spaces', () => {
+      // Test that strings with only spaces return null
+      const normalizedId = normalizeCweId('   ')
+      expect(normalizedId).toBeNull()
+    })
+
+    it('should handle strings with leading/trailing spaces', () => {
+      // Test that strings with spaces are parsed correctly
+      const normalizedId = normalizeCweId('  99  ')
+      expect(normalizedId).toBe('99')
+    })
+
+    it('should return null for negative numbers', () => {
+      // Test that negative numbers return null (CWE IDs should be positive)
+      const normalizedId = normalizeCweId('-99')
+      expect(normalizedId).toBeNull()
+    })
+
+    it('should handle strings with mixed alphanumeric characters (parseInt is lenient)', () => {
+      // Test that mixed alphanumeric strings are parsed leniently
+      // parseInt stops at first non-numeric character, so '99abc' becomes 99
+      // This is acceptable for our use case as malformed tags would be rare
+      const normalizedId = normalizeCweId('99abc')
+      expect(normalizedId).toBe('99')
+    })
+
+    it('should handle zero', () => {
+      // Test that zero is handled correctly
+      const normalizedId = normalizeCweId('0')
+      expect(normalizedId).toBe('0')
+    })
+
+    it('should handle zero with leading zeros', () => {
+      // Test that zero with leading zeros is handled correctly
+      const normalizedId = normalizeCweId('000')
+      expect(normalizedId).toBe('0')
+    })
+  })
 })
diff --git a/dist/index.js b/dist/index.js
index 42cb06c..e43bd13 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -140,9 +140,15 @@ for (const cweCategoryNode of cweCategoryNodes) {
         for (const tag of tags) {
             if (tag.startsWith(codeQlCweTagPrefix)) {
                 const cweId = tag.replace(codeQlCweTagPrefix, '');
-                if (cweIds.includes(cweId)) {
+                // Normalize CWE ID by converting to integer to remove leading zeros
+                const normalizedCweId = (0, utils_1.normalizeCweId)(cweId);
+                // Skip if the CWE ID is not a valid number
+                if (normalizedCweId === null) {
+                    continue;
+                }
+                if (cweIds.includes(normalizedCweId)) {
                     tags.push(securityStandardTag);
-                    tags.push(...cweCategories[cweId]);
+                    tags.push(...cweCategories[normalizedCweId]);
                     return;
                 }
             }
@@ -203,6 +209,7 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.LogLevel = void 0;
 exports.log = log;
+exports.normalizeCweId = normalizeCweId;
 /* eslint-disable no-console */
 const process_1 = __nccwpck_require__(932);
 const core = __importStar(__nccwpck_require__(7484));
@@ -246,6 +253,18 @@ function log(message, level = LogLevel.Info) {
         }
     }
 }
+/**
+ * Normalize a CWE ID by removing leading zeros
+ * @param cweId - The CWE ID string (e.g., "099", "020", "89")
+ * @returns The normalized CWE ID string (e.g., "99", "20", "89") or null if invalid
+ */
+function normalizeCweId(cweId) {
+    const parsedCweId = parseInt(cweId, 10);
+    if (Number.isNaN(parsedCweId) || parsedCweId < 0) {
+        return null;
+    }
+    return String(parsedCweId);
+}
 //# sourceMappingURL=utils.js.map
 
 /***/ }),
diff --git a/dist/index.js.map b/dist/index.js.map
index 0f8b5e0..05e8669 100644
--- a/dist/index.js.map
+++ b/dist/index.js.map
@@ -1 +1 @@
-{"version":3,"file":"index.js","mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACzJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC/HA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1XA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACvGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1RA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACnHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChuBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC7FA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC/NA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACvTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1MA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACjUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACt1DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACrnEA;AACA;AACA;AACA;;;;;;;;ACHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACrpBA;;;;;;;;;ACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvQA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACtKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACnJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACxPA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnLA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC3NA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACxGA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACNA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACjUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC7CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC7LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACr0BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/IA;AACA;AACA;AACA;AACA;;;;;;;;;ACJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AChDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1uEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACXA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACtLA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5TA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjRA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AClfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC9DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACzgBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACpmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACxQA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AChlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnmEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACj7BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1jBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvnCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACroBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjSA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC7EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5NA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/UA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACpBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;ACrRA;;;;;;;;ACAA;;;;;;;;;ACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1KA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AChBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC7MA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACtBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC9VA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACpHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACjMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC3GA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AChGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClSA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC9SA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACxEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACXA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChoBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACh7JA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACpNA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACpFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC7LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;ACrhEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AC7BA;AACA;;;;AEDA;AACA;AACA;AACA","sources":[".././lib/main.js",".././lib/utils.js",".././node_modules/@actions/core/lib/command.js",".././node_modules/@actions/core/lib/core.js",".././node_modules/@actions/core/lib/file-command.js",".././node_modules/@actions/core/lib/oidc-utils.js",".././node_modules/@actions/core/lib/path-utils.js",".././node_modules/@actions/core/lib/platform.js",".././node_modules/@actions/core/lib/summary.js",".././node_modules/@actions/core/lib/utils.js",".././node_modules/@actions/exec/lib/exec.js",".././node_modules/@actions/exec/lib/toolrunner.js",".././node_modules/@actions/http-client/lib/auth.js",".././node_modules/@actions/http-client/lib/index.js",".././node_modules/@actions/http-client/lib/proxy.js",".././node_modules/@actions/io/lib/io-util.js",".././node_modules/@actions/io/lib/io.js",".././node_modules/@xmldom/xmldom/lib/conventions.js",".././node_modules/@xmldom/xmldom/lib/dom-parser.js",".././node_modules/@xmldom/xmldom/lib/dom.js",".././node_modules/@xmldom/xmldom/lib/entities.js",".././node_modules/@xmldom/xmldom/lib/index.js",".././node_modules/@xmldom/xmldom/lib/sax.js",".././node_modules/tunnel/index.js",".././node_modules/tunnel/lib/tunnel.js",".././node_modules/undici/index.js",".././node_modules/undici/lib/agent.js",".././node_modules/undici/lib/api/abort-signal.js",".././node_modules/undici/lib/api/api-connect.js",".././node_modules/undici/lib/api/api-pipeline.js",".././node_modules/undici/lib/api/api-request.js",".././node_modules/undici/lib/api/api-stream.js",".././node_modules/undici/lib/api/api-upgrade.js",".././node_modules/undici/lib/api/index.js",".././node_modules/undici/lib/api/readable.js",".././node_modules/undici/lib/api/util.js",".././node_modules/undici/lib/balanced-pool.js",".././node_modules/undici/lib/cache/cache.js",".././node_modules/undici/lib/cache/cachestorage.js",".././node_modules/undici/lib/cache/symbols.js",".././node_modules/undici/lib/cache/util.js",".././node_modules/undici/lib/client.js",".././node_modules/undici/lib/compat/dispatcher-weakref.js",".././node_modules/undici/lib/cookies/constants.js",".././node_modules/undici/lib/cookies/index.js",".././node_modules/undici/lib/cookies/parse.js",".././node_modules/undici/lib/cookies/util.js",".././node_modules/undici/lib/core/connect.js",".././node_modules/undici/lib/core/constants.js",".././node_modules/undici/lib/core/errors.js",".././node_modules/undici/lib/core/request.js",".././node_modules/undici/lib/core/symbols.js",".././node_modules/undici/lib/core/util.js",".././node_modules/undici/lib/dispatcher-base.js",".././node_modules/undici/lib/dispatcher.js",".././node_modules/undici/lib/fetch/body.js",".././node_modules/undici/lib/fetch/constants.js",".././node_modules/undici/lib/fetch/dataURL.js",".././node_modules/undici/lib/fetch/file.js",".././node_modules/undici/lib/fetch/formdata.js",".././node_modules/undici/lib/fetch/global.js",".././node_modules/undici/lib/fetch/headers.js",".././node_modules/undici/lib/fetch/index.js",".././node_modules/undici/lib/fetch/request.js",".././node_modules/undici/lib/fetch/response.js",".././node_modules/undici/lib/fetch/symbols.js",".././node_modules/undici/lib/fetch/util.js",".././node_modules/undici/lib/fetch/webidl.js",".././node_modules/undici/lib/fileapi/encoding.js",".././node_modules/undici/lib/fileapi/filereader.js",".././node_modules/undici/lib/fileapi/progressevent.js",".././node_modules/undici/lib/fileapi/symbols.js",".././node_modules/undici/lib/fileapi/util.js",".././node_modules/undici/lib/global.js",".././node_modules/undici/lib/handler/DecoratorHandler.js",".././node_modules/undici/lib/handler/RedirectHandler.js",".././node_modules/undici/lib/handler/RetryHandler.js",".././node_modules/undici/lib/interceptor/redirectInterceptor.js",".././node_modules/undici/lib/llhttp/constants.js",".././node_modules/undici/lib/llhttp/llhttp-wasm.js",".././node_modules/undici/lib/llhttp/llhttp_simd-wasm.js",".././node_modules/undici/lib/llhttp/utils.js",".././node_modules/undici/lib/mock/mock-agent.js",".././node_modules/undici/lib/mock/mock-client.js",".././node_modules/undici/lib/mock/mock-errors.js",".././node_modules/undici/lib/mock/mock-interceptor.js",".././node_modules/undici/lib/mock/mock-pool.js",".././node_modules/undici/lib/mock/mock-symbols.js",".././node_modules/undici/lib/mock/mock-utils.js",".././node_modules/undici/lib/mock/pending-interceptors-formatter.js",".././node_modules/undici/lib/mock/pluralizer.js",".././node_modules/undici/lib/node/fixed-queue.js",".././node_modules/undici/lib/pool-base.js",".././node_modules/undici/lib/pool-stats.js",".././node_modules/undici/lib/pool.js",".././node_modules/undici/lib/proxy-agent.js",".././node_modules/undici/lib/timers.js",".././node_modules/undici/lib/websocket/connection.js",".././node_modules/undici/lib/websocket/constants.js",".././node_modules/undici/lib/websocket/events.js",".././node_modules/undici/lib/websocket/frame.js",".././node_modules/undici/lib/websocket/receiver.js",".././node_modules/undici/lib/websocket/symbols.js",".././node_modules/undici/lib/websocket/util.js",".././node_modules/undici/lib/websocket/websocket.js",".././node_modules/xpath/xpath.js","../external node-commonjs \"assert\"","../external node-commonjs \"async_hooks\"","../external node-commonjs \"buffer\"","../external node-commonjs \"child_process\"","../external node-commonjs \"console\"","../external node-commonjs \"crypto\"","../external node-commonjs \"diagnostics_channel\"","../external node-commonjs \"events\"","../external node-commonjs \"fs\"","../external node-commonjs \"http\"","../external node-commonjs \"http2\"","../external node-commonjs \"https\"","../external node-commonjs \"net\"","../external node-commonjs \"node:crypto\"","../external node-commonjs \"node:events\"","../external node-commonjs \"node:stream\"","../external node-commonjs \"node:util\"","../external node-commonjs \"os\"","../external node-commonjs \"path\"","../external node-commonjs \"perf_hooks\"","../external node-commonjs \"process\"","../external node-commonjs \"querystring\"","../external node-commonjs \"stream\"","../external node-commonjs \"stream/web\"","../external node-commonjs \"string_decoder\"","../external node-commonjs \"timers\"","../external node-commonjs \"tls\"","../external node-commonjs \"url\"","../external node-commonjs \"util\"","../external node-commonjs \"util/types\"","../external node-commonjs \"vm\"","../external node-commonjs \"worker_threads\"","../external node-commonjs \"zlib\"",".././node_modules/@fastify/busboy/deps/dicer/lib/Dicer.js",".././node_modules/@fastify/busboy/deps/dicer/lib/HeaderParser.js",".././node_modules/@fastify/busboy/deps/dicer/lib/PartStream.js",".././node_modules/@fastify/busboy/deps/streamsearch/sbmh.js",".././node_modules/@fastify/busboy/lib/main.js",".././node_modules/@fastify/busboy/lib/types/multipart.js",".././node_modules/@fastify/busboy/lib/types/urlencoded.js",".././node_modules/@fastify/busboy/lib/utils/Decoder.js",".././node_modules/@fastify/busboy/lib/utils/basename.js",".././node_modules/@fastify/busboy/lib/utils/decodeText.js",".././node_modules/@fastify/busboy/lib/utils/getLimit.js",".././node_modules/@fastify/busboy/lib/utils/parseParams.js",".././node_modules/jsonpath-plus/dist/index-node-cjs.cjs","../webpack/bootstrap","../webpack/runtime/compat","../webpack/before-startup","../webpack/startup","../webpack/after-startup"],"sourcesContent":["\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nObject.defineProperty(exports, \"__esModule\", { value: true });\nconst path_1 = require(\"path\");\nconst process_1 = require(\"process\");\nconst fs_1 = require(\"fs\");\nconst core = __importStar(require(\"@actions/core\"));\nconst xmldom_1 = require(\"@xmldom/xmldom\");\nconst xpath = __importStar(require(\"xpath\"));\nconst jsonpath_plus_1 = require(\"jsonpath-plus\");\nconst utils_1 = require(\"./utils\");\nlet sarifFilePath;\nlet outputFilePath;\nlet sarifResults;\nlet cweXml;\nlet cweFilePath = (0, path_1.resolve)((0, path_1.dirname)(process.argv[1]), '..//security-standards/owasp-top10-2021.xml');\nconst cweFileXmlNs = { cwe: 'http://cwe.mitre.org/cwe-6' };\nlet cweIdXpath = '/cwe:Weakness_Catalog/cwe:Weaknesses/cwe:Weakness/@ID';\nlet categoryXpath = '/cwe:Weakness_Catalog/cwe:Categories/cwe:Category[contains(@Name, \"OWASP Top Ten 2021\")]';\nconst categoryMembersXpath = 'cwe:Relationships/cwe:Has_Member/@CWE_ID';\nconst categoryNameAttr = '@Name';\nconst categoryNameReplaceSearch = 'OWASP Top Ten 2021 Category ';\nconst codeQlCweTagPrefix = 'external/cwe/cwe-';\nlet securityStandardTag = 'owasp-top10-2021';\nconst codeQlTagsJsonPath = '$.runs[*].tool.extensions[*].rules[*].properties.tags';\n// Simple CLI argument parser for non-GitHub Actions use\nfunction parseCliArgs() {\n    const args = {};\n    for (let i = 2; i < process.argv.length; i++) {\n        const arg = process.argv[i];\n        if (arg.startsWith('--')) {\n            const key = arg.substring(2);\n            const value = process.argv[i + 1];\n            if (value && !value.startsWith('--')) {\n                args[key] = value;\n                i++;\n            }\n        }\n    }\n    return args;\n}\n// Parse Actions or CLI inputs\nif (process_1.env.GITHUB_ACTIONS === 'true') {\n    sarifFilePath = (0, path_1.resolve)(core.getInput('sarifFile'));\n    cweFilePath = (0, path_1.resolve)(core.getInput('cweFile') || cweFilePath);\n    cweIdXpath = core.getInput('cweIdXpath') || cweIdXpath;\n    categoryXpath = core.getInput('cweCategoryXpath') || categoryXpath;\n    securityStandardTag = core.getInput('securityStandardTag') || securityStandardTag;\n    outputFilePath = (0, path_1.resolve)(core.getInput('outputFile') || sarifFilePath);\n}\nelse {\n    const argv = parseCliArgs();\n    if (!argv.sarifFile) {\n        (0, utils_1.log)('Error: --sarifFile is required', utils_1.LogLevel.Error);\n        process.exit(1);\n    }\n    sarifFilePath = (0, path_1.resolve)(argv.sarifFile);\n    cweFilePath = (0, path_1.resolve)(argv.cweFile || cweFilePath);\n    cweIdXpath = argv.cweIdXpath || cweIdXpath;\n    categoryXpath = argv.cweCategoryXpath || categoryXpath;\n    securityStandardTag = argv.securityStandardTag || securityStandardTag;\n    outputFilePath = (0, path_1.resolve)(argv.outputFile || sarifFilePath);\n}\n(0, utils_1.log)(`Using ${sarifFilePath} for SARIF file`);\n(0, utils_1.log)(`Using ${cweFilePath} for CWE file`);\n(0, utils_1.log)(`Using ${outputFilePath} for output file`);\n// Load SARIF file\ntry {\n    sarifResults = JSON.parse((0, fs_1.readFileSync)(sarifFilePath, 'utf8'));\n}\ncatch (err) {\n    (0, utils_1.log)(`Unable to load SARIF file`, utils_1.LogLevel.Error);\n    core.setFailed(err);\n    throw err;\n}\n// Load security standard CWE XML file\ntry {\n    cweXml = new xmldom_1.DOMParser().parseFromString((0, fs_1.readFileSync)(cweFilePath, 'utf8'));\n}\ncatch (err) {\n    (0, utils_1.log)(`Unable to load CWE file`, utils_1.LogLevel.Error);\n    core.setFailed(err);\n    throw err;\n}\nconst select = xpath.useNamespaces(cweFileXmlNs);\nconst cweIds = select(cweIdXpath, cweXml).map(attribute => attribute.value);\nconst cweCategoryNodes = select(categoryXpath, cweXml);\nconst cweCategories = {};\nfor (const cweCategoryNode of cweCategoryNodes) {\n    const memberCweIds = select(categoryMembersXpath, cweCategoryNode).map(attr => attr.value);\n    const categoryName = select(categoryNameAttr, cweCategoryNode, true).value.replace(categoryNameReplaceSearch, '');\n    for (const cweId of memberCweIds) {\n        cweCategories[cweId] = [...(cweCategories[cweId] || []), categoryName];\n    }\n}\n// Add tag to SARIF file\n(0, jsonpath_plus_1.JSONPath)({\n    path: codeQlTagsJsonPath,\n    json: sarifResults,\n    callback: (tags) => {\n        for (const tag of tags) {\n            if (tag.startsWith(codeQlCweTagPrefix)) {\n                const cweId = tag.replace(codeQlCweTagPrefix, '');\n                if (cweIds.includes(cweId)) {\n                    tags.push(securityStandardTag);\n                    tags.push(...cweCategories[cweId]);\n                    return;\n                }\n            }\n        }\n    }\n});\n// Output SARIF file with tag added\ntry {\n    (0, fs_1.writeFileSync)(outputFilePath, JSON.stringify(sarifResults));\n}\ncatch (err) {\n    (0, utils_1.log)(`Unable to write SARIF file`, utils_1.LogLevel.Error);\n    core.setFailed(err);\n    throw err;\n}\n//# sourceMappingURL=main.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.LogLevel = void 0;\nexports.log = log;\n/* eslint-disable no-console */\nconst process_1 = require(\"process\");\nconst core = __importStar(require(\"@actions/core\"));\nvar LogLevel;\n(function (LogLevel) {\n    LogLevel[\"Info\"] = \"Info\";\n    LogLevel[\"Warn\"] = \"Warn\";\n    LogLevel[\"Error\"] = \"Error\";\n})(LogLevel || (exports.LogLevel = LogLevel = {}));\nfunction log(message, level = LogLevel.Info) {\n    if (process_1.env.GITHUB_ACTIONS === 'true') {\n        switch (level) {\n            case LogLevel.Info: {\n                core.info(message);\n                break;\n            }\n            case LogLevel.Warn: {\n                core.warning(message);\n                break;\n            }\n            case LogLevel.Error: {\n                core.error(message);\n                break;\n            }\n        }\n    }\n    else {\n        switch (level) {\n            case LogLevel.Info: {\n                console.info(message);\n                break;\n            }\n            case LogLevel.Warn: {\n                console.warn(message);\n                break;\n            }\n            case LogLevel.Error: {\n                console.error(message);\n                break;\n            }\n        }\n    }\n}\n//# sourceMappingURL=utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.issueCommand = issueCommand;\nexports.issue = issue;\nconst os = __importStar(require(\"os\"));\nconst utils_1 = require(\"./utils\");\n/**\n * Issues a command to the GitHub Actions runner\n *\n * @param command - The command name to issue\n * @param properties - Additional properties for the command (key-value pairs)\n * @param message - The message to include with the command\n * @remarks\n * This function outputs a specially formatted string to stdout that the Actions\n * runner interprets as a command. These commands can control workflow behavior,\n * set outputs, create annotations, mask values, and more.\n *\n * Command Format:\n *   ::name key=value,key=value::message\n *\n * @example\n * ```typescript\n * // Issue a warning annotation\n * issueCommand('warning', {}, 'This is a warning message');\n * // Output: ::warning::This is a warning message\n *\n * // Set an environment variable\n * issueCommand('set-env', { name: 'MY_VAR' }, 'some value');\n * // Output: ::set-env name=MY_VAR::some value\n *\n * // Add a secret mask\n * issueCommand('add-mask', {}, 'secretValue123');\n * // Output: ::add-mask::secretValue123\n * ```\n *\n * @internal\n * This is an internal utility function that powers the public API functions\n * such as setSecret, warning, error, and exportVariable.\n */\nfunction issueCommand(command, properties, message) {\n    const cmd = new Command(command, properties, message);\n    process.stdout.write(cmd.toString() + os.EOL);\n}\nfunction issue(name, message = '') {\n    issueCommand(name, {}, message);\n}\nconst CMD_STRING = '::';\nclass Command {\n    constructor(command, properties, message) {\n        if (!command) {\n            command = 'missing.command';\n        }\n        this.command = command;\n        this.properties = properties;\n        this.message = message;\n    }\n    toString() {\n        let cmdStr = CMD_STRING + this.command;\n        if (this.properties && Object.keys(this.properties).length > 0) {\n            cmdStr += ' ';\n            let first = true;\n            for (const key in this.properties) {\n                if (this.properties.hasOwnProperty(key)) {\n                    const val = this.properties[key];\n                    if (val) {\n                        if (first) {\n                            first = false;\n                        }\n                        else {\n                            cmdStr += ',';\n                        }\n                        cmdStr += `${key}=${escapeProperty(val)}`;\n                    }\n                }\n            }\n        }\n        cmdStr += `${CMD_STRING}${escapeData(this.message)}`;\n        return cmdStr;\n    }\n}\nfunction escapeData(s) {\n    return (0, utils_1.toCommandValue)(s)\n        .replace(/%/g, '%25')\n        .replace(/\\r/g, '%0D')\n        .replace(/\\n/g, '%0A');\n}\nfunction escapeProperty(s) {\n    return (0, utils_1.toCommandValue)(s)\n        .replace(/%/g, '%25')\n        .replace(/\\r/g, '%0D')\n        .replace(/\\n/g, '%0A')\n        .replace(/:/g, '%3A')\n        .replace(/,/g, '%2C');\n}\n//# sourceMappingURL=command.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.platform = exports.toPlatformPath = exports.toWin32Path = exports.toPosixPath = exports.markdownSummary = exports.summary = exports.ExitCode = void 0;\nexports.exportVariable = exportVariable;\nexports.setSecret = setSecret;\nexports.addPath = addPath;\nexports.getInput = getInput;\nexports.getMultilineInput = getMultilineInput;\nexports.getBooleanInput = getBooleanInput;\nexports.setOutput = setOutput;\nexports.setCommandEcho = setCommandEcho;\nexports.setFailed = setFailed;\nexports.isDebug = isDebug;\nexports.debug = debug;\nexports.error = error;\nexports.warning = warning;\nexports.notice = notice;\nexports.info = info;\nexports.startGroup = startGroup;\nexports.endGroup = endGroup;\nexports.group = group;\nexports.saveState = saveState;\nexports.getState = getState;\nexports.getIDToken = getIDToken;\nconst command_1 = require(\"./command\");\nconst file_command_1 = require(\"./file-command\");\nconst utils_1 = require(\"./utils\");\nconst os = __importStar(require(\"os\"));\nconst path = __importStar(require(\"path\"));\nconst oidc_utils_1 = require(\"./oidc-utils\");\n/**\n * The code to exit an action\n */\nvar ExitCode;\n(function (ExitCode) {\n    /**\n     * A code indicating that the action was successful\n     */\n    ExitCode[ExitCode[\"Success\"] = 0] = \"Success\";\n    /**\n     * A code indicating that the action was a failure\n     */\n    ExitCode[ExitCode[\"Failure\"] = 1] = \"Failure\";\n})(ExitCode || (exports.ExitCode = ExitCode = {}));\n//-----------------------------------------------------------------------\n// Variables\n//-----------------------------------------------------------------------\n/**\n * Sets env variable for this action and future actions in the job\n * @param name the name of the variable to set\n * @param val the value of the variable. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction exportVariable(name, val) {\n    const convertedVal = (0, utils_1.toCommandValue)(val);\n    process.env[name] = convertedVal;\n    const filePath = process.env['GITHUB_ENV'] || '';\n    if (filePath) {\n        return (0, file_command_1.issueFileCommand)('ENV', (0, file_command_1.prepareKeyValueMessage)(name, val));\n    }\n    (0, command_1.issueCommand)('set-env', { name }, convertedVal);\n}\n/**\n * Registers a secret which will get masked from logs\n *\n * @param secret - Value of the secret to be masked\n * @remarks\n * This function instructs the Actions runner to mask the specified value in any\n * logs produced during the workflow run. Once registered, the secret value will\n * be replaced with asterisks (***) whenever it appears in console output, logs,\n * or error messages.\n *\n * This is useful for protecting sensitive information such as:\n * - API keys\n * - Access tokens\n * - Authentication credentials\n * - URL parameters containing signatures (SAS tokens)\n *\n * Note that masking only affects future logs; any previous appearances of the\n * secret in logs before calling this function will remain unmasked.\n *\n * @example\n * ```typescript\n * // Register an API token as a secret\n * const apiToken = \"abc123xyz456\";\n * setSecret(apiToken);\n *\n * // Now any logs containing this value will show *** instead\n * console.log(`Using token: ${apiToken}`); // Outputs: \"Using token: ***\"\n * ```\n */\nfunction setSecret(secret) {\n    (0, command_1.issueCommand)('add-mask', {}, secret);\n}\n/**\n * Prepends inputPath to the PATH (for this action and future actions)\n * @param inputPath\n */\nfunction addPath(inputPath) {\n    const filePath = process.env['GITHUB_PATH'] || '';\n    if (filePath) {\n        (0, file_command_1.issueFileCommand)('PATH', inputPath);\n    }\n    else {\n        (0, command_1.issueCommand)('add-path', {}, inputPath);\n    }\n    process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;\n}\n/**\n * Gets the value of an input.\n * Unless trimWhitespace is set to false in InputOptions, the value is also trimmed.\n * Returns an empty string if the value is not defined.\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   string\n */\nfunction getInput(name, options) {\n    const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';\n    if (options && options.required && !val) {\n        throw new Error(`Input required and not supplied: ${name}`);\n    }\n    if (options && options.trimWhitespace === false) {\n        return val;\n    }\n    return val.trim();\n}\n/**\n * Gets the values of an multiline input.  Each value is also trimmed.\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   string[]\n *\n */\nfunction getMultilineInput(name, options) {\n    const inputs = getInput(name, options)\n        .split('\\n')\n        .filter(x => x !== '');\n    if (options && options.trimWhitespace === false) {\n        return inputs;\n    }\n    return inputs.map(input => input.trim());\n}\n/**\n * Gets the input value of the boolean type in the YAML 1.2 \"core schema\" specification.\n * Support boolean input list: `true | True | TRUE | false | False | FALSE` .\n * The return value is also in boolean type.\n * ref: https://yaml.org/spec/1.2/spec.html#id2804923\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   boolean\n */\nfunction getBooleanInput(name, options) {\n    const trueValue = ['true', 'True', 'TRUE'];\n    const falseValue = ['false', 'False', 'FALSE'];\n    const val = getInput(name, options);\n    if (trueValue.includes(val))\n        return true;\n    if (falseValue.includes(val))\n        return false;\n    throw new TypeError(`Input does not meet YAML 1.2 \"Core Schema\" specification: ${name}\\n` +\n        `Support boolean input list: \\`true | True | TRUE | false | False | FALSE\\``);\n}\n/**\n * Sets the value of an output.\n *\n * @param     name     name of the output to set\n * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction setOutput(name, value) {\n    const filePath = process.env['GITHUB_OUTPUT'] || '';\n    if (filePath) {\n        return (0, file_command_1.issueFileCommand)('OUTPUT', (0, file_command_1.prepareKeyValueMessage)(name, value));\n    }\n    process.stdout.write(os.EOL);\n    (0, command_1.issueCommand)('set-output', { name }, (0, utils_1.toCommandValue)(value));\n}\n/**\n * Enables or disables the echoing of commands into stdout for the rest of the step.\n * Echoing is disabled by default if ACTIONS_STEP_DEBUG is not set.\n *\n */\nfunction setCommandEcho(enabled) {\n    (0, command_1.issue)('echo', enabled ? 'on' : 'off');\n}\n//-----------------------------------------------------------------------\n// Results\n//-----------------------------------------------------------------------\n/**\n * Sets the action status to failed.\n * When the action exits it will be with an exit code of 1\n * @param message add error issue message\n */\nfunction setFailed(message) {\n    process.exitCode = ExitCode.Failure;\n    error(message);\n}\n//-----------------------------------------------------------------------\n// Logging Commands\n//-----------------------------------------------------------------------\n/**\n * Gets whether Actions Step Debug is on or not\n */\nfunction isDebug() {\n    return process.env['RUNNER_DEBUG'] === '1';\n}\n/**\n * Writes debug message to user log\n * @param message debug message\n */\nfunction debug(message) {\n    (0, command_1.issueCommand)('debug', {}, message);\n}\n/**\n * Adds an error issue\n * @param message error issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction error(message, properties = {}) {\n    (0, command_1.issueCommand)('error', (0, utils_1.toCommandProperties)(properties), message instanceof Error ? message.toString() : message);\n}\n/**\n * Adds a warning issue\n * @param message warning issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction warning(message, properties = {}) {\n    (0, command_1.issueCommand)('warning', (0, utils_1.toCommandProperties)(properties), message instanceof Error ? message.toString() : message);\n}\n/**\n * Adds a notice issue\n * @param message notice issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction notice(message, properties = {}) {\n    (0, command_1.issueCommand)('notice', (0, utils_1.toCommandProperties)(properties), message instanceof Error ? message.toString() : message);\n}\n/**\n * Writes info to log with console.log.\n * @param message info message\n */\nfunction info(message) {\n    process.stdout.write(message + os.EOL);\n}\n/**\n * Begin an output group.\n *\n * Output until the next `groupEnd` will be foldable in this group\n *\n * @param name The name of the output group\n */\nfunction startGroup(name) {\n    (0, command_1.issue)('group', name);\n}\n/**\n * End an output group.\n */\nfunction endGroup() {\n    (0, command_1.issue)('endgroup');\n}\n/**\n * Wrap an asynchronous function call in a group.\n *\n * Returns the same type as the function itself.\n *\n * @param name The name of the group\n * @param fn The function to wrap in the group\n */\nfunction group(name, fn) {\n    return __awaiter(this, void 0, void 0, function* () {\n        startGroup(name);\n        let result;\n        try {\n            result = yield fn();\n        }\n        finally {\n            endGroup();\n        }\n        return result;\n    });\n}\n//-----------------------------------------------------------------------\n// Wrapper action state\n//-----------------------------------------------------------------------\n/**\n * Saves state for current action, the state can only be retrieved by this action's post job execution.\n *\n * @param     name     name of the state to store\n * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction saveState(name, value) {\n    const filePath = process.env['GITHUB_STATE'] || '';\n    if (filePath) {\n        return (0, file_command_1.issueFileCommand)('STATE', (0, file_command_1.prepareKeyValueMessage)(name, value));\n    }\n    (0, command_1.issueCommand)('save-state', { name }, (0, utils_1.toCommandValue)(value));\n}\n/**\n * Gets the value of an state set by this action's main execution.\n *\n * @param     name     name of the state to get\n * @returns   string\n */\nfunction getState(name) {\n    return process.env[`STATE_${name}`] || '';\n}\nfunction getIDToken(aud) {\n    return __awaiter(this, void 0, void 0, function* () {\n        return yield oidc_utils_1.OidcClient.getIDToken(aud);\n    });\n}\n/**\n * Summary exports\n */\nvar summary_1 = require(\"./summary\");\nObject.defineProperty(exports, \"summary\", { enumerable: true, get: function () { return summary_1.summary; } });\n/**\n * @deprecated use core.summary\n */\nvar summary_2 = require(\"./summary\");\nObject.defineProperty(exports, \"markdownSummary\", { enumerable: true, get: function () { return summary_2.markdownSummary; } });\n/**\n * Path exports\n */\nvar path_utils_1 = require(\"./path-utils\");\nObject.defineProperty(exports, \"toPosixPath\", { enumerable: true, get: function () { return path_utils_1.toPosixPath; } });\nObject.defineProperty(exports, \"toWin32Path\", { enumerable: true, get: function () { return path_utils_1.toWin32Path; } });\nObject.defineProperty(exports, \"toPlatformPath\", { enumerable: true, get: function () { return path_utils_1.toPlatformPath; } });\n/**\n * Platform utilities exports\n */\nexports.platform = __importStar(require(\"./platform\"));\n//# sourceMappingURL=core.js.map","\"use strict\";\n// For internal use, subject to change.\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.issueFileCommand = issueFileCommand;\nexports.prepareKeyValueMessage = prepareKeyValueMessage;\n// We use any as a valid input type\n/* eslint-disable @typescript-eslint/no-explicit-any */\nconst crypto = __importStar(require(\"crypto\"));\nconst fs = __importStar(require(\"fs\"));\nconst os = __importStar(require(\"os\"));\nconst utils_1 = require(\"./utils\");\nfunction issueFileCommand(command, message) {\n    const filePath = process.env[`GITHUB_${command}`];\n    if (!filePath) {\n        throw new Error(`Unable to find environment variable for file command ${command}`);\n    }\n    if (!fs.existsSync(filePath)) {\n        throw new Error(`Missing file at path: ${filePath}`);\n    }\n    fs.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os.EOL}`, {\n        encoding: 'utf8'\n    });\n}\nfunction prepareKeyValueMessage(key, value) {\n    const delimiter = `ghadelimiter_${crypto.randomUUID()}`;\n    const convertedValue = (0, utils_1.toCommandValue)(value);\n    // These should realistically never happen, but just in case someone finds a\n    // way to exploit uuid generation let's not allow keys or values that contain\n    // the delimiter.\n    if (key.includes(delimiter)) {\n        throw new Error(`Unexpected input: name should not contain the delimiter \"${delimiter}\"`);\n    }\n    if (convertedValue.includes(delimiter)) {\n        throw new Error(`Unexpected input: value should not contain the delimiter \"${delimiter}\"`);\n    }\n    return `${key}<<${delimiter}${os.EOL}${convertedValue}${os.EOL}${delimiter}`;\n}\n//# sourceMappingURL=file-command.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.OidcClient = void 0;\nconst http_client_1 = require(\"@actions/http-client\");\nconst auth_1 = require(\"@actions/http-client/lib/auth\");\nconst core_1 = require(\"./core\");\nclass OidcClient {\n    static createHttpClient(allowRetry = true, maxRetry = 10) {\n        const requestOptions = {\n            allowRetries: allowRetry,\n            maxRetries: maxRetry\n        };\n        return new http_client_1.HttpClient('actions/oidc-client', [new auth_1.BearerCredentialHandler(OidcClient.getRequestToken())], requestOptions);\n    }\n    static getRequestToken() {\n        const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];\n        if (!token) {\n            throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_TOKEN env variable');\n        }\n        return token;\n    }\n    static getIDTokenUrl() {\n        const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];\n        if (!runtimeUrl) {\n            throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable');\n        }\n        return runtimeUrl;\n    }\n    static getCall(id_token_url) {\n        return __awaiter(this, void 0, void 0, function* () {\n            var _a;\n            const httpclient = OidcClient.createHttpClient();\n            const res = yield httpclient\n                .getJson(id_token_url)\n                .catch(error => {\n                throw new Error(`Failed to get ID Token. \\n \n        Error Code : ${error.statusCode}\\n \n        Error Message: ${error.message}`);\n            });\n            const id_token = (_a = res.result) === null || _a === void 0 ? void 0 : _a.value;\n            if (!id_token) {\n                throw new Error('Response json body do not have ID Token field');\n            }\n            return id_token;\n        });\n    }\n    static getIDToken(audience) {\n        return __awaiter(this, void 0, void 0, function* () {\n            try {\n                // New ID Token is requested from action service\n                let id_token_url = OidcClient.getIDTokenUrl();\n                if (audience) {\n                    const encodedAudience = encodeURIComponent(audience);\n                    id_token_url = `${id_token_url}&audience=${encodedAudience}`;\n                }\n                (0, core_1.debug)(`ID token url is ${id_token_url}`);\n                const id_token = yield OidcClient.getCall(id_token_url);\n                (0, core_1.setSecret)(id_token);\n                return id_token;\n            }\n            catch (error) {\n                throw new Error(`Error message: ${error.message}`);\n            }\n        });\n    }\n}\nexports.OidcClient = OidcClient;\n//# sourceMappingURL=oidc-utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.toPosixPath = toPosixPath;\nexports.toWin32Path = toWin32Path;\nexports.toPlatformPath = toPlatformPath;\nconst path = __importStar(require(\"path\"));\n/**\n * toPosixPath converts the given path to the posix form. On Windows, \\\\ will be\n * replaced with /.\n *\n * @param pth. Path to transform.\n * @return string Posix path.\n */\nfunction toPosixPath(pth) {\n    return pth.replace(/[\\\\]/g, '/');\n}\n/**\n * toWin32Path converts the given path to the win32 form. On Linux, / will be\n * replaced with \\\\.\n *\n * @param pth. Path to transform.\n * @return string Win32 path.\n */\nfunction toWin32Path(pth) {\n    return pth.replace(/[/]/g, '\\\\');\n}\n/**\n * toPlatformPath converts the given path to a platform-specific path. It does\n * this by replacing instances of / and \\ with the platform-specific path\n * separator.\n *\n * @param pth The path to platformize.\n * @return string The platform-specific path.\n */\nfunction toPlatformPath(pth) {\n    return pth.replace(/[/\\\\]/g, path.sep);\n}\n//# sourceMappingURL=path-utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nvar __importDefault = (this && this.__importDefault) || function (mod) {\n    return (mod && mod.__esModule) ? mod : { \"default\": mod };\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.isLinux = exports.isMacOS = exports.isWindows = exports.arch = exports.platform = void 0;\nexports.getDetails = getDetails;\nconst os_1 = __importDefault(require(\"os\"));\nconst exec = __importStar(require(\"@actions/exec\"));\nconst getWindowsInfo = () => __awaiter(void 0, void 0, void 0, function* () {\n    const { stdout: version } = yield exec.getExecOutput('powershell -command \"(Get-CimInstance -ClassName Win32_OperatingSystem).Version\"', undefined, {\n        silent: true\n    });\n    const { stdout: name } = yield exec.getExecOutput('powershell -command \"(Get-CimInstance -ClassName Win32_OperatingSystem).Caption\"', undefined, {\n        silent: true\n    });\n    return {\n        name: name.trim(),\n        version: version.trim()\n    };\n});\nconst getMacOsInfo = () => __awaiter(void 0, void 0, void 0, function* () {\n    var _a, _b, _c, _d;\n    const { stdout } = yield exec.getExecOutput('sw_vers', undefined, {\n        silent: true\n    });\n    const version = (_b = (_a = stdout.match(/ProductVersion:\\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : '';\n    const name = (_d = (_c = stdout.match(/ProductName:\\s*(.+)/)) === null || _c === void 0 ? void 0 : _c[1]) !== null && _d !== void 0 ? _d : '';\n    return {\n        name,\n        version\n    };\n});\nconst getLinuxInfo = () => __awaiter(void 0, void 0, void 0, function* () {\n    const { stdout } = yield exec.getExecOutput('lsb_release', ['-i', '-r', '-s'], {\n        silent: true\n    });\n    const [name, version] = stdout.trim().split('\\n');\n    return {\n        name,\n        version\n    };\n});\nexports.platform = os_1.default.platform();\nexports.arch = os_1.default.arch();\nexports.isWindows = exports.platform === 'win32';\nexports.isMacOS = exports.platform === 'darwin';\nexports.isLinux = exports.platform === 'linux';\nfunction getDetails() {\n    return __awaiter(this, void 0, void 0, function* () {\n        return Object.assign(Object.assign({}, (yield (exports.isWindows\n            ? getWindowsInfo()\n            : exports.isMacOS\n                ? getMacOsInfo()\n                : getLinuxInfo()))), { platform: exports.platform,\n            arch: exports.arch,\n            isWindows: exports.isWindows,\n            isMacOS: exports.isMacOS,\n            isLinux: exports.isLinux });\n    });\n}\n//# sourceMappingURL=platform.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.summary = exports.markdownSummary = exports.SUMMARY_DOCS_URL = exports.SUMMARY_ENV_VAR = void 0;\nconst os_1 = require(\"os\");\nconst fs_1 = require(\"fs\");\nconst { access, appendFile, writeFile } = fs_1.promises;\nexports.SUMMARY_ENV_VAR = 'GITHUB_STEP_SUMMARY';\nexports.SUMMARY_DOCS_URL = 'https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary';\nclass Summary {\n    constructor() {\n        this._buffer = '';\n    }\n    /**\n     * Finds the summary file path from the environment, rejects if env var is not found or file does not exist\n     * Also checks r/w permissions.\n     *\n     * @returns step summary file path\n     */\n    filePath() {\n        return __awaiter(this, void 0, void 0, function* () {\n            if (this._filePath) {\n                return this._filePath;\n            }\n            const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];\n            if (!pathFromEnv) {\n                throw new Error(`Unable to find environment variable for $${exports.SUMMARY_ENV_VAR}. Check if your runtime environment supports job summaries.`);\n            }\n            try {\n                yield access(pathFromEnv, fs_1.constants.R_OK | fs_1.constants.W_OK);\n            }\n            catch (_a) {\n                throw new Error(`Unable to access summary file: '${pathFromEnv}'. Check if the file has correct read/write permissions.`);\n            }\n            this._filePath = pathFromEnv;\n            return this._filePath;\n        });\n    }\n    /**\n     * Wraps content in an HTML tag, adding any HTML attributes\n     *\n     * @param {string} tag HTML tag to wrap\n     * @param {string | null} content content within the tag\n     * @param {[attribute: string]: string} attrs key-value list of HTML attributes to add\n     *\n     * @returns {string} content wrapped in HTML element\n     */\n    wrap(tag, content, attrs = {}) {\n        const htmlAttrs = Object.entries(attrs)\n            .map(([key, value]) => ` ${key}=\"${value}\"`)\n            .join('');\n        if (!content) {\n            return `<${tag}${htmlAttrs}>`;\n        }\n        return `<${tag}${htmlAttrs}>${content}</${tag}>`;\n    }\n    /**\n     * Writes text in the buffer to the summary buffer file and empties buffer. Will append by default.\n     *\n     * @param {SummaryWriteOptions} [options] (optional) options for write operation\n     *\n     * @returns {Promise<Summary>} summary instance\n     */\n    write(options) {\n        return __awaiter(this, void 0, void 0, function* () {\n            const overwrite = !!(options === null || options === void 0 ? void 0 : options.overwrite);\n            const filePath = yield this.filePath();\n            const writeFunc = overwrite ? writeFile : appendFile;\n            yield writeFunc(filePath, this._buffer, { encoding: 'utf8' });\n            return this.emptyBuffer();\n        });\n    }\n    /**\n     * Clears the summary buffer and wipes the summary file\n     *\n     * @returns {Summary} summary instance\n     */\n    clear() {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.emptyBuffer().write({ overwrite: true });\n        });\n    }\n    /**\n     * Returns the current summary buffer as a string\n     *\n     * @returns {string} string of summary buffer\n     */\n    stringify() {\n        return this._buffer;\n    }\n    /**\n     * If the summary buffer is empty\n     *\n     * @returns {boolen} true if the buffer is empty\n     */\n    isEmptyBuffer() {\n        return this._buffer.length === 0;\n    }\n    /**\n     * Resets the summary buffer without writing to summary file\n     *\n     * @returns {Summary} summary instance\n     */\n    emptyBuffer() {\n        this._buffer = '';\n        return this;\n    }\n    /**\n     * Adds raw text to the summary buffer\n     *\n     * @param {string} text content to add\n     * @param {boolean} [addEOL=false] (optional) append an EOL to the raw text (default: false)\n     *\n     * @returns {Summary} summary instance\n     */\n    addRaw(text, addEOL = false) {\n        this._buffer += text;\n        return addEOL ? this.addEOL() : this;\n    }\n    /**\n     * Adds the operating system-specific end-of-line marker to the buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addEOL() {\n        return this.addRaw(os_1.EOL);\n    }\n    /**\n     * Adds an HTML codeblock to the summary buffer\n     *\n     * @param {string} code content to render within fenced code block\n     * @param {string} lang (optional) language to syntax highlight code\n     *\n     * @returns {Summary} summary instance\n     */\n    addCodeBlock(code, lang) {\n        const attrs = Object.assign({}, (lang && { lang }));\n        const element = this.wrap('pre', this.wrap('code', code), attrs);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML list to the summary buffer\n     *\n     * @param {string[]} items list of items to render\n     * @param {boolean} [ordered=false] (optional) if the rendered list should be ordered or not (default: false)\n     *\n     * @returns {Summary} summary instance\n     */\n    addList(items, ordered = false) {\n        const tag = ordered ? 'ol' : 'ul';\n        const listItems = items.map(item => this.wrap('li', item)).join('');\n        const element = this.wrap(tag, listItems);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML table to the summary buffer\n     *\n     * @param {SummaryTableCell[]} rows table rows\n     *\n     * @returns {Summary} summary instance\n     */\n    addTable(rows) {\n        const tableBody = rows\n            .map(row => {\n            const cells = row\n                .map(cell => {\n                if (typeof cell === 'string') {\n                    return this.wrap('td', cell);\n                }\n                const { header, data, colspan, rowspan } = cell;\n                const tag = header ? 'th' : 'td';\n                const attrs = Object.assign(Object.assign({}, (colspan && { colspan })), (rowspan && { rowspan }));\n                return this.wrap(tag, data, attrs);\n            })\n                .join('');\n            return this.wrap('tr', cells);\n        })\n            .join('');\n        const element = this.wrap('table', tableBody);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds a collapsable HTML details element to the summary buffer\n     *\n     * @param {string} label text for the closed state\n     * @param {string} content collapsable content\n     *\n     * @returns {Summary} summary instance\n     */\n    addDetails(label, content) {\n        const element = this.wrap('details', this.wrap('summary', label) + content);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML image tag to the summary buffer\n     *\n     * @param {string} src path to the image you to embed\n     * @param {string} alt text description of the image\n     * @param {SummaryImageOptions} options (optional) addition image attributes\n     *\n     * @returns {Summary} summary instance\n     */\n    addImage(src, alt, options) {\n        const { width, height } = options || {};\n        const attrs = Object.assign(Object.assign({}, (width && { width })), (height && { height }));\n        const element = this.wrap('img', null, Object.assign({ src, alt }, attrs));\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML section heading element\n     *\n     * @param {string} text heading text\n     * @param {number | string} [level=1] (optional) the heading level, default: 1\n     *\n     * @returns {Summary} summary instance\n     */\n    addHeading(text, level) {\n        const tag = `h${level}`;\n        const allowedTag = ['h1', 'h2', 'h3', 'h4', 'h5', 'h6'].includes(tag)\n            ? tag\n            : 'h1';\n        const element = this.wrap(allowedTag, text);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML thematic break (<hr>) to the summary buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addSeparator() {\n        const element = this.wrap('hr', null);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML line break (<br>) to the summary buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addBreak() {\n        const element = this.wrap('br', null);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML blockquote to the summary buffer\n     *\n     * @param {string} text quote text\n     * @param {string} cite (optional) citation url\n     *\n     * @returns {Summary} summary instance\n     */\n    addQuote(text, cite) {\n        const attrs = Object.assign({}, (cite && { cite }));\n        const element = this.wrap('blockquote', text, attrs);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML anchor tag to the summary buffer\n     *\n     * @param {string} text link text/content\n     * @param {string} href hyperlink\n     *\n     * @returns {Summary} summary instance\n     */\n    addLink(text, href) {\n        const element = this.wrap('a', text, { href });\n        return this.addRaw(element).addEOL();\n    }\n}\nconst _summary = new Summary();\n/**\n * @deprecated use `core.summary`\n */\nexports.markdownSummary = _summary;\nexports.summary = _summary;\n//# sourceMappingURL=summary.js.map","\"use strict\";\n// We use any as a valid input type\n/* eslint-disable @typescript-eslint/no-explicit-any */\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.toCommandValue = toCommandValue;\nexports.toCommandProperties = toCommandProperties;\n/**\n * Sanitizes an input into a string so it can be passed into issueCommand safely\n * @param input input to sanitize into a string\n */\nfunction toCommandValue(input) {\n    if (input === null || input === undefined) {\n        return '';\n    }\n    else if (typeof input === 'string' || input instanceof String) {\n        return input;\n    }\n    return JSON.stringify(input);\n}\n/**\n *\n * @param annotationProperties\n * @returns The command properties to send with the actual annotation command\n * See IssueCommandProperties: https://github.com/actions/runner/blob/main/src/Runner.Worker/ActionCommandManager.cs#L646\n */\nfunction toCommandProperties(annotationProperties) {\n    if (!Object.keys(annotationProperties).length) {\n        return {};\n    }\n    return {\n        title: annotationProperties.title,\n        file: annotationProperties.file,\n        line: annotationProperties.startLine,\n        endLine: annotationProperties.endLine,\n        col: annotationProperties.startColumn,\n        endColumn: annotationProperties.endColumn\n    };\n}\n//# sourceMappingURL=utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.exec = exec;\nexports.getExecOutput = getExecOutput;\nconst string_decoder_1 = require(\"string_decoder\");\nconst tr = __importStar(require(\"./toolrunner\"));\n/**\n * Exec a command.\n * Output will be streamed to the live console.\n * Returns promise with return code\n *\n * @param     commandLine        command to execute (can include additional args). Must be correctly escaped.\n * @param     args               optional arguments for tool. Escaping is handled by the lib.\n * @param     options            optional exec options.  See ExecOptions\n * @returns   Promise<number>    exit code\n */\nfunction exec(commandLine, args, options) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const commandArgs = tr.argStringToArray(commandLine);\n        if (commandArgs.length === 0) {\n            throw new Error(`Parameter 'commandLine' cannot be null or empty.`);\n        }\n        // Path to tool to execute should be first arg\n        const toolPath = commandArgs[0];\n        args = commandArgs.slice(1).concat(args || []);\n        const runner = new tr.ToolRunner(toolPath, args, options);\n        return runner.exec();\n    });\n}\n/**\n * Exec a command and get the output.\n * Output will be streamed to the live console.\n * Returns promise with the exit code and collected stdout and stderr\n *\n * @param     commandLine           command to execute (can include additional args). Must be correctly escaped.\n * @param     args                  optional arguments for tool. Escaping is handled by the lib.\n * @param     options               optional exec options.  See ExecOptions\n * @returns   Promise<ExecOutput>   exit code, stdout, and stderr\n */\nfunction getExecOutput(commandLine, args, options) {\n    return __awaiter(this, void 0, void 0, function* () {\n        var _a, _b;\n        let stdout = '';\n        let stderr = '';\n        //Using string decoder covers the case where a mult-byte character is split\n        const stdoutDecoder = new string_decoder_1.StringDecoder('utf8');\n        const stderrDecoder = new string_decoder_1.StringDecoder('utf8');\n        const originalStdoutListener = (_a = options === null || options === void 0 ? void 0 : options.listeners) === null || _a === void 0 ? void 0 : _a.stdout;\n        const originalStdErrListener = (_b = options === null || options === void 0 ? void 0 : options.listeners) === null || _b === void 0 ? void 0 : _b.stderr;\n        const stdErrListener = (data) => {\n            stderr += stderrDecoder.write(data);\n            if (originalStdErrListener) {\n                originalStdErrListener(data);\n            }\n        };\n        const stdOutListener = (data) => {\n            stdout += stdoutDecoder.write(data);\n            if (originalStdoutListener) {\n                originalStdoutListener(data);\n            }\n        };\n        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });\n        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));\n        //flush any remaining characters\n        stdout += stdoutDecoder.end();\n        stderr += stderrDecoder.end();\n        return {\n            exitCode,\n            stdout,\n            stderr\n        };\n    });\n}\n//# sourceMappingURL=exec.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.ToolRunner = void 0;\nexports.argStringToArray = argStringToArray;\nconst os = __importStar(require(\"os\"));\nconst events = __importStar(require(\"events\"));\nconst child = __importStar(require(\"child_process\"));\nconst path = __importStar(require(\"path\"));\nconst io = __importStar(require(\"@actions/io\"));\nconst ioUtil = __importStar(require(\"@actions/io/lib/io-util\"));\nconst timers_1 = require(\"timers\");\n/* eslint-disable @typescript-eslint/unbound-method */\nconst IS_WINDOWS = process.platform === 'win32';\n/*\n * Class for running command line tools. Handles quoting and arg parsing in a platform agnostic way.\n */\nclass ToolRunner extends events.EventEmitter {\n    constructor(toolPath, args, options) {\n        super();\n        if (!toolPath) {\n            throw new Error(\"Parameter 'toolPath' cannot be null or empty.\");\n        }\n        this.toolPath = toolPath;\n        this.args = args || [];\n        this.options = options || {};\n    }\n    _debug(message) {\n        if (this.options.listeners && this.options.listeners.debug) {\n            this.options.listeners.debug(message);\n        }\n    }\n    _getCommandString(options, noPrefix) {\n        const toolPath = this._getSpawnFileName();\n        const args = this._getSpawnArgs(options);\n        let cmd = noPrefix ? '' : '[command]'; // omit prefix when piped to a second tool\n        if (IS_WINDOWS) {\n            // Windows + cmd file\n            if (this._isCmdFile()) {\n                cmd += toolPath;\n                for (const a of args) {\n                    cmd += ` ${a}`;\n                }\n            }\n            // Windows + verbatim\n            else if (options.windowsVerbatimArguments) {\n                cmd += `\"${toolPath}\"`;\n                for (const a of args) {\n                    cmd += ` ${a}`;\n                }\n            }\n            // Windows (regular)\n            else {\n                cmd += this._windowsQuoteCmdArg(toolPath);\n                for (const a of args) {\n                    cmd += ` ${this._windowsQuoteCmdArg(a)}`;\n                }\n            }\n        }\n        else {\n            // OSX/Linux - this can likely be improved with some form of quoting.\n            // creating processes on Unix is fundamentally different than Windows.\n            // on Unix, execvp() takes an arg array.\n            cmd += toolPath;\n            for (const a of args) {\n                cmd += ` ${a}`;\n            }\n        }\n        return cmd;\n    }\n    _processLineBuffer(data, strBuffer, onLine) {\n        try {\n            let s = strBuffer + data.toString();\n            let n = s.indexOf(os.EOL);\n            while (n > -1) {\n                const line = s.substring(0, n);\n                onLine(line);\n                // the rest of the string ...\n                s = s.substring(n + os.EOL.length);\n                n = s.indexOf(os.EOL);\n            }\n            return s;\n        }\n        catch (err) {\n            // streaming lines to console is best effort.  Don't fail a build.\n            this._debug(`error processing line. Failed with error ${err}`);\n            return '';\n        }\n    }\n    _getSpawnFileName() {\n        if (IS_WINDOWS) {\n            if (this._isCmdFile()) {\n                return process.env['COMSPEC'] || 'cmd.exe';\n            }\n        }\n        return this.toolPath;\n    }\n    _getSpawnArgs(options) {\n        if (IS_WINDOWS) {\n            if (this._isCmdFile()) {\n                let argline = `/D /S /C \"${this._windowsQuoteCmdArg(this.toolPath)}`;\n                for (const a of this.args) {\n                    argline += ' ';\n                    argline += options.windowsVerbatimArguments\n                        ? a\n                        : this._windowsQuoteCmdArg(a);\n                }\n                argline += '\"';\n                return [argline];\n            }\n        }\n        return this.args;\n    }\n    _endsWith(str, end) {\n        return str.endsWith(end);\n    }\n    _isCmdFile() {\n        const upperToolPath = this.toolPath.toUpperCase();\n        return (this._endsWith(upperToolPath, '.CMD') ||\n            this._endsWith(upperToolPath, '.BAT'));\n    }\n    _windowsQuoteCmdArg(arg) {\n        // for .exe, apply the normal quoting rules that libuv applies\n        if (!this._isCmdFile()) {\n            return this._uvQuoteCmdArg(arg);\n        }\n        // otherwise apply quoting rules specific to the cmd.exe command line parser.\n        // the libuv rules are generic and are not designed specifically for cmd.exe\n        // command line parser.\n        //\n        // for a detailed description of the cmd.exe command line parser, refer to\n        // http://stackoverflow.com/questions/4094699/how-does-the-windows-command-interpreter-cmd-exe-parse-scripts/7970912#7970912\n        // need quotes for empty arg\n        if (!arg) {\n            return '\"\"';\n        }\n        // determine whether the arg needs to be quoted\n        const cmdSpecialChars = [\n            ' ',\n            '\\t',\n            '&',\n            '(',\n            ')',\n            '[',\n            ']',\n            '{',\n            '}',\n            '^',\n            '=',\n            ';',\n            '!',\n            \"'\",\n            '+',\n            ',',\n            '`',\n            '~',\n            '|',\n            '<',\n            '>',\n            '\"'\n        ];\n        let needsQuotes = false;\n        for (const char of arg) {\n            if (cmdSpecialChars.some(x => x === char)) {\n                needsQuotes = true;\n                break;\n            }\n        }\n        // short-circuit if quotes not needed\n        if (!needsQuotes) {\n            return arg;\n        }\n        // the following quoting rules are very similar to the rules that by libuv applies.\n        //\n        // 1) wrap the string in quotes\n        //\n        // 2) double-up quotes - i.e. \" => \"\"\n        //\n        //    this is different from the libuv quoting rules. libuv replaces \" with \\\", which unfortunately\n        //    doesn't work well with a cmd.exe command line.\n        //\n        //    note, replacing \" with \"\" also works well if the arg is passed to a downstream .NET console app.\n        //    for example, the command line:\n        //          foo.exe \"myarg:\"\"my val\"\"\"\n        //    is parsed by a .NET console app into an arg array:\n        //          [ \"myarg:\\\"my val\\\"\" ]\n        //    which is the same end result when applying libuv quoting rules. although the actual\n        //    command line from libuv quoting rules would look like:\n        //          foo.exe \"myarg:\\\"my val\\\"\"\n        //\n        // 3) double-up slashes that precede a quote,\n        //    e.g.  hello \\world    => \"hello \\world\"\n        //          hello\\\"world    => \"hello\\\\\"\"world\"\n        //          hello\\\\\"world   => \"hello\\\\\\\\\"\"world\"\n        //          hello world\\    => \"hello world\\\\\"\n        //\n        //    technically this is not required for a cmd.exe command line, or the batch argument parser.\n        //    the reasons for including this as a .cmd quoting rule are:\n        //\n        //    a) this is optimized for the scenario where the argument is passed from the .cmd file to an\n        //       external program. many programs (e.g. .NET console apps) rely on the slash-doubling rule.\n        //\n        //    b) it's what we've been doing previously (by deferring to node default behavior) and we\n        //       haven't heard any complaints about that aspect.\n        //\n        // note, a weakness of the quoting rules chosen here, is that % is not escaped. in fact, % cannot be\n        // escaped when used on the command line directly - even though within a .cmd file % can be escaped\n        // by using %%.\n        //\n        // the saving grace is, on the command line, %var% is left as-is if var is not defined. this contrasts\n        // the line parsing rules within a .cmd file, where if var is not defined it is replaced with nothing.\n        //\n        // one option that was explored was replacing % with ^% - i.e. %var% => ^%var^%. this hack would\n        // often work, since it is unlikely that var^ would exist, and the ^ character is removed when the\n        // variable is used. the problem, however, is that ^ is not removed when %* is used to pass the args\n        // to an external program.\n        //\n        // an unexplored potential solution for the % escaping problem, is to create a wrapper .cmd file.\n        // % can be escaped within a .cmd file.\n        let reverse = '\"';\n        let quoteHit = true;\n        for (let i = arg.length; i > 0; i--) {\n            // walk the string in reverse\n            reverse += arg[i - 1];\n            if (quoteHit && arg[i - 1] === '\\\\') {\n                reverse += '\\\\'; // double the slash\n            }\n            else if (arg[i - 1] === '\"') {\n                quoteHit = true;\n                reverse += '\"'; // double the quote\n            }\n            else {\n                quoteHit = false;\n            }\n        }\n        reverse += '\"';\n        return reverse.split('').reverse().join('');\n    }\n    _uvQuoteCmdArg(arg) {\n        // Tool runner wraps child_process.spawn() and needs to apply the same quoting as\n        // Node in certain cases where the undocumented spawn option windowsVerbatimArguments\n        // is used.\n        //\n        // Since this function is a port of quote_cmd_arg from Node 4.x (technically, lib UV,\n        // see https://github.com/nodejs/node/blob/v4.x/deps/uv/src/win/process.c for details),\n        // pasting copyright notice from Node within this function:\n        //\n        //      Copyright Joyent, Inc. and other Node contributors. All rights reserved.\n        //\n        //      Permission is hereby granted, free of charge, to any person obtaining a copy\n        //      of this software and associated documentation files (the \"Software\"), to\n        //      deal in the Software without restriction, including without limitation the\n        //      rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n        //      sell copies of the Software, and to permit persons to whom the Software is\n        //      furnished to do so, subject to the following conditions:\n        //\n        //      The above copyright notice and this permission notice shall be included in\n        //      all copies or substantial portions of the Software.\n        //\n        //      THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n        //      IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n        //      FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n        //      AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n        //      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n        //      FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n        //      IN THE SOFTWARE.\n        if (!arg) {\n            // Need double quotation for empty argument\n            return '\"\"';\n        }\n        if (!arg.includes(' ') && !arg.includes('\\t') && !arg.includes('\"')) {\n            // No quotation needed\n            return arg;\n        }\n        if (!arg.includes('\"') && !arg.includes('\\\\')) {\n            // No embedded double quotes or backslashes, so I can just wrap\n            // quote marks around the whole thing.\n            return `\"${arg}\"`;\n        }\n        // Expected input/output:\n        //   input : hello\"world\n        //   output: \"hello\\\"world\"\n        //   input : hello\"\"world\n        //   output: \"hello\\\"\\\"world\"\n        //   input : hello\\world\n        //   output: hello\\world\n        //   input : hello\\\\world\n        //   output: hello\\\\world\n        //   input : hello\\\"world\n        //   output: \"hello\\\\\\\"world\"\n        //   input : hello\\\\\"world\n        //   output: \"hello\\\\\\\\\\\"world\"\n        //   input : hello world\\\n        //   output: \"hello world\\\\\" - note the comment in libuv actually reads \"hello world\\\"\n        //                             but it appears the comment is wrong, it should be \"hello world\\\\\"\n        let reverse = '\"';\n        let quoteHit = true;\n        for (let i = arg.length; i > 0; i--) {\n            // walk the string in reverse\n            reverse += arg[i - 1];\n            if (quoteHit && arg[i - 1] === '\\\\') {\n                reverse += '\\\\';\n            }\n            else if (arg[i - 1] === '\"') {\n                quoteHit = true;\n                reverse += '\\\\';\n            }\n            else {\n                quoteHit = false;\n            }\n        }\n        reverse += '\"';\n        return reverse.split('').reverse().join('');\n    }\n    _cloneExecOptions(options) {\n        options = options || {};\n        const result = {\n            cwd: options.cwd || process.cwd(),\n            env: options.env || process.env,\n            silent: options.silent || false,\n            windowsVerbatimArguments: options.windowsVerbatimArguments || false,\n            failOnStdErr: options.failOnStdErr || false,\n            ignoreReturnCode: options.ignoreReturnCode || false,\n            delay: options.delay || 10000\n        };\n        result.outStream = options.outStream || process.stdout;\n        result.errStream = options.errStream || process.stderr;\n        return result;\n    }\n    _getSpawnOptions(options, toolPath) {\n        options = options || {};\n        const result = {};\n        result.cwd = options.cwd;\n        result.env = options.env;\n        result['windowsVerbatimArguments'] =\n            options.windowsVerbatimArguments || this._isCmdFile();\n        if (options.windowsVerbatimArguments) {\n            result.argv0 = `\"${toolPath}\"`;\n        }\n        return result;\n    }\n    /**\n     * Exec a tool.\n     * Output will be streamed to the live console.\n     * Returns promise with return code\n     *\n     * @param     tool     path to tool to exec\n     * @param     options  optional exec options.  See ExecOptions\n     * @returns   number\n     */\n    exec() {\n        return __awaiter(this, void 0, void 0, function* () {\n            // root the tool path if it is unrooted and contains relative pathing\n            if (!ioUtil.isRooted(this.toolPath) &&\n                (this.toolPath.includes('/') ||\n                    (IS_WINDOWS && this.toolPath.includes('\\\\')))) {\n                // prefer options.cwd if it is specified, however options.cwd may also need to be rooted\n                this.toolPath = path.resolve(process.cwd(), this.options.cwd || process.cwd(), this.toolPath);\n            }\n            // if the tool is only a file name, then resolve it from the PATH\n            // otherwise verify it exists (add extension on Windows if necessary)\n            this.toolPath = yield io.which(this.toolPath, true);\n            return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {\n                this._debug(`exec tool: ${this.toolPath}`);\n                this._debug('arguments:');\n                for (const arg of this.args) {\n                    this._debug(`   ${arg}`);\n                }\n                const optionsNonNull = this._cloneExecOptions(this.options);\n                if (!optionsNonNull.silent && optionsNonNull.outStream) {\n                    optionsNonNull.outStream.write(this._getCommandString(optionsNonNull) + os.EOL);\n                }\n                const state = new ExecState(optionsNonNull, this.toolPath);\n                state.on('debug', (message) => {\n                    this._debug(message);\n                });\n                if (this.options.cwd && !(yield ioUtil.exists(this.options.cwd))) {\n                    return reject(new Error(`The cwd: ${this.options.cwd} does not exist!`));\n                }\n                const fileName = this._getSpawnFileName();\n                const cp = child.spawn(fileName, this._getSpawnArgs(optionsNonNull), this._getSpawnOptions(this.options, fileName));\n                let stdbuffer = '';\n                if (cp.stdout) {\n                    cp.stdout.on('data', (data) => {\n                        if (this.options.listeners && this.options.listeners.stdout) {\n                            this.options.listeners.stdout(data);\n                        }\n                        if (!optionsNonNull.silent && optionsNonNull.outStream) {\n                            optionsNonNull.outStream.write(data);\n                        }\n                        stdbuffer = this._processLineBuffer(data, stdbuffer, (line) => {\n                            if (this.options.listeners && this.options.listeners.stdline) {\n                                this.options.listeners.stdline(line);\n                            }\n                        });\n                    });\n                }\n                let errbuffer = '';\n                if (cp.stderr) {\n                    cp.stderr.on('data', (data) => {\n                        state.processStderr = true;\n                        if (this.options.listeners && this.options.listeners.stderr) {\n                            this.options.listeners.stderr(data);\n                        }\n                        if (!optionsNonNull.silent &&\n                            optionsNonNull.errStream &&\n                            optionsNonNull.outStream) {\n                            const s = optionsNonNull.failOnStdErr\n                                ? optionsNonNull.errStream\n                                : optionsNonNull.outStream;\n                            s.write(data);\n                        }\n                        errbuffer = this._processLineBuffer(data, errbuffer, (line) => {\n                            if (this.options.listeners && this.options.listeners.errline) {\n                                this.options.listeners.errline(line);\n                            }\n                        });\n                    });\n                }\n                cp.on('error', (err) => {\n                    state.processError = err.message;\n                    state.processExited = true;\n                    state.processClosed = true;\n                    state.CheckComplete();\n                });\n                cp.on('exit', (code) => {\n                    state.processExitCode = code;\n                    state.processExited = true;\n                    this._debug(`Exit code ${code} received from tool '${this.toolPath}'`);\n                    state.CheckComplete();\n                });\n                cp.on('close', (code) => {\n                    state.processExitCode = code;\n                    state.processExited = true;\n                    state.processClosed = true;\n                    this._debug(`STDIO streams have closed for tool '${this.toolPath}'`);\n                    state.CheckComplete();\n                });\n                state.on('done', (error, exitCode) => {\n                    if (stdbuffer.length > 0) {\n                        this.emit('stdline', stdbuffer);\n                    }\n                    if (errbuffer.length > 0) {\n                        this.emit('errline', errbuffer);\n                    }\n                    cp.removeAllListeners();\n                    if (error) {\n                        reject(error);\n                    }\n                    else {\n                        resolve(exitCode);\n                    }\n                });\n                if (this.options.input) {\n                    if (!cp.stdin) {\n                        throw new Error('child process missing stdin');\n                    }\n                    cp.stdin.end(this.options.input);\n                }\n            }));\n        });\n    }\n}\nexports.ToolRunner = ToolRunner;\n/**\n * Convert an arg string to an array of args. Handles escaping\n *\n * @param    argString   string of arguments\n * @returns  string[]    array of arguments\n */\nfunction argStringToArray(argString) {\n    const args = [];\n    let inQuotes = false;\n    let escaped = false;\n    let arg = '';\n    function append(c) {\n        // we only escape double quotes.\n        if (escaped && c !== '\"') {\n            arg += '\\\\';\n        }\n        arg += c;\n        escaped = false;\n    }\n    for (let i = 0; i < argString.length; i++) {\n        const c = argString.charAt(i);\n        if (c === '\"') {\n            if (!escaped) {\n                inQuotes = !inQuotes;\n            }\n            else {\n                append(c);\n            }\n            continue;\n        }\n        if (c === '\\\\' && escaped) {\n            append(c);\n            continue;\n        }\n        if (c === '\\\\' && inQuotes) {\n            escaped = true;\n            continue;\n        }\n        if (c === ' ' && !inQuotes) {\n            if (arg.length > 0) {\n                args.push(arg);\n                arg = '';\n            }\n            continue;\n        }\n        append(c);\n    }\n    if (arg.length > 0) {\n        args.push(arg.trim());\n    }\n    return args;\n}\nclass ExecState extends events.EventEmitter {\n    constructor(options, toolPath) {\n        super();\n        this.processClosed = false; // tracks whether the process has exited and stdio is closed\n        this.processError = '';\n        this.processExitCode = 0;\n        this.processExited = false; // tracks whether the process has exited\n        this.processStderr = false; // tracks whether stderr was written to\n        this.delay = 10000; // 10 seconds\n        this.done = false;\n        this.timeout = null;\n        if (!toolPath) {\n            throw new Error('toolPath must not be empty');\n        }\n        this.options = options;\n        this.toolPath = toolPath;\n        if (options.delay) {\n            this.delay = options.delay;\n        }\n    }\n    CheckComplete() {\n        if (this.done) {\n            return;\n        }\n        if (this.processClosed) {\n            this._setResult();\n        }\n        else if (this.processExited) {\n            this.timeout = (0, timers_1.setTimeout)(ExecState.HandleTimeout, this.delay, this);\n        }\n    }\n    _debug(message) {\n        this.emit('debug', message);\n    }\n    _setResult() {\n        // determine whether there is an error\n        let error;\n        if (this.processExited) {\n            if (this.processError) {\n                error = new Error(`There was an error when attempting to execute the process '${this.toolPath}'. This may indicate the process failed to start. Error: ${this.processError}`);\n            }\n            else if (this.processExitCode !== 0 && !this.options.ignoreReturnCode) {\n                error = new Error(`The process '${this.toolPath}' failed with exit code ${this.processExitCode}`);\n            }\n            else if (this.processStderr && this.options.failOnStdErr) {\n                error = new Error(`The process '${this.toolPath}' failed because one or more lines were written to the STDERR stream`);\n            }\n        }\n        // clear the timeout\n        if (this.timeout) {\n            clearTimeout(this.timeout);\n            this.timeout = null;\n        }\n        this.done = true;\n        this.emit('done', error, this.processExitCode);\n    }\n    static HandleTimeout(state) {\n        if (state.done) {\n            return;\n        }\n        if (!state.processClosed && state.processExited) {\n            const message = `The STDIO streams did not close within ${state.delay / 1000} seconds of the exit event from process '${state.toolPath}'. This may indicate a child process inherited the STDIO streams and has not yet exited.`;\n            state._debug(message);\n        }\n        state._setResult();\n    }\n}\n//# sourceMappingURL=toolrunner.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.PersonalAccessTokenCredentialHandler = exports.BearerCredentialHandler = exports.BasicCredentialHandler = void 0;\nclass BasicCredentialHandler {\n    constructor(username, password) {\n        this.username = username;\n        this.password = password;\n    }\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Basic ${Buffer.from(`${this.username}:${this.password}`).toString('base64')}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.BasicCredentialHandler = BasicCredentialHandler;\nclass BearerCredentialHandler {\n    constructor(token) {\n        this.token = token;\n    }\n    // currently implements pre-authorization\n    // TODO: support preAuth = false where it hooks on 401\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Bearer ${this.token}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.BearerCredentialHandler = BearerCredentialHandler;\nclass PersonalAccessTokenCredentialHandler {\n    constructor(token) {\n        this.token = token;\n    }\n    // currently implements pre-authorization\n    // TODO: support preAuth = false where it hooks on 401\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Basic ${Buffer.from(`PAT:${this.token}`).toString('base64')}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.PersonalAccessTokenCredentialHandler = PersonalAccessTokenCredentialHandler;\n//# sourceMappingURL=auth.js.map","\"use strict\";\n/* eslint-disable @typescript-eslint/no-explicit-any */\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.HttpClient = exports.HttpClientResponse = exports.HttpClientError = exports.MediaTypes = exports.Headers = exports.HttpCodes = void 0;\nexports.getProxyUrl = getProxyUrl;\nexports.isHttps = isHttps;\nconst http = __importStar(require(\"http\"));\nconst https = __importStar(require(\"https\"));\nconst pm = __importStar(require(\"./proxy\"));\nconst tunnel = __importStar(require(\"tunnel\"));\nconst undici_1 = require(\"undici\");\nvar HttpCodes;\n(function (HttpCodes) {\n    HttpCodes[HttpCodes[\"OK\"] = 200] = \"OK\";\n    HttpCodes[HttpCodes[\"MultipleChoices\"] = 300] = \"MultipleChoices\";\n    HttpCodes[HttpCodes[\"MovedPermanently\"] = 301] = \"MovedPermanently\";\n    HttpCodes[HttpCodes[\"ResourceMoved\"] = 302] = \"ResourceMoved\";\n    HttpCodes[HttpCodes[\"SeeOther\"] = 303] = \"SeeOther\";\n    HttpCodes[HttpCodes[\"NotModified\"] = 304] = \"NotModified\";\n    HttpCodes[HttpCodes[\"UseProxy\"] = 305] = \"UseProxy\";\n    HttpCodes[HttpCodes[\"SwitchProxy\"] = 306] = \"SwitchProxy\";\n    HttpCodes[HttpCodes[\"TemporaryRedirect\"] = 307] = \"TemporaryRedirect\";\n    HttpCodes[HttpCodes[\"PermanentRedirect\"] = 308] = \"PermanentRedirect\";\n    HttpCodes[HttpCodes[\"BadRequest\"] = 400] = \"BadRequest\";\n    HttpCodes[HttpCodes[\"Unauthorized\"] = 401] = \"Unauthorized\";\n    HttpCodes[HttpCodes[\"PaymentRequired\"] = 402] = \"PaymentRequired\";\n    HttpCodes[HttpCodes[\"Forbidden\"] = 403] = \"Forbidden\";\n    HttpCodes[HttpCodes[\"NotFound\"] = 404] = \"NotFound\";\n    HttpCodes[HttpCodes[\"MethodNotAllowed\"] = 405] = \"MethodNotAllowed\";\n    HttpCodes[HttpCodes[\"NotAcceptable\"] = 406] = \"NotAcceptable\";\n    HttpCodes[HttpCodes[\"ProxyAuthenticationRequired\"] = 407] = \"ProxyAuthenticationRequired\";\n    HttpCodes[HttpCodes[\"RequestTimeout\"] = 408] = \"RequestTimeout\";\n    HttpCodes[HttpCodes[\"Conflict\"] = 409] = \"Conflict\";\n    HttpCodes[HttpCodes[\"Gone\"] = 410] = \"Gone\";\n    HttpCodes[HttpCodes[\"TooManyRequests\"] = 429] = \"TooManyRequests\";\n    HttpCodes[HttpCodes[\"InternalServerError\"] = 500] = \"InternalServerError\";\n    HttpCodes[HttpCodes[\"NotImplemented\"] = 501] = \"NotImplemented\";\n    HttpCodes[HttpCodes[\"BadGateway\"] = 502] = \"BadGateway\";\n    HttpCodes[HttpCodes[\"ServiceUnavailable\"] = 503] = \"ServiceUnavailable\";\n    HttpCodes[HttpCodes[\"GatewayTimeout\"] = 504] = \"GatewayTimeout\";\n})(HttpCodes || (exports.HttpCodes = HttpCodes = {}));\nvar Headers;\n(function (Headers) {\n    Headers[\"Accept\"] = \"accept\";\n    Headers[\"ContentType\"] = \"content-type\";\n})(Headers || (exports.Headers = Headers = {}));\nvar MediaTypes;\n(function (MediaTypes) {\n    MediaTypes[\"ApplicationJson\"] = \"application/json\";\n})(MediaTypes || (exports.MediaTypes = MediaTypes = {}));\n/**\n * Returns the proxy URL, depending upon the supplied url and proxy environment variables.\n * @param serverUrl  The server URL where the request will be sent. For example, https://api.github.com\n */\nfunction getProxyUrl(serverUrl) {\n    const proxyUrl = pm.getProxyUrl(new URL(serverUrl));\n    return proxyUrl ? proxyUrl.href : '';\n}\nconst HttpRedirectCodes = [\n    HttpCodes.MovedPermanently,\n    HttpCodes.ResourceMoved,\n    HttpCodes.SeeOther,\n    HttpCodes.TemporaryRedirect,\n    HttpCodes.PermanentRedirect\n];\nconst HttpResponseRetryCodes = [\n    HttpCodes.BadGateway,\n    HttpCodes.ServiceUnavailable,\n    HttpCodes.GatewayTimeout\n];\nconst RetryableHttpVerbs = ['OPTIONS', 'GET', 'DELETE', 'HEAD'];\nconst ExponentialBackoffCeiling = 10;\nconst ExponentialBackoffTimeSlice = 5;\nclass HttpClientError extends Error {\n    constructor(message, statusCode) {\n        super(message);\n        this.name = 'HttpClientError';\n        this.statusCode = statusCode;\n        Object.setPrototypeOf(this, HttpClientError.prototype);\n    }\n}\nexports.HttpClientError = HttpClientError;\nclass HttpClientResponse {\n    constructor(message) {\n        this.message = message;\n    }\n    readBody() {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve) => __awaiter(this, void 0, void 0, function* () {\n                let output = Buffer.alloc(0);\n                this.message.on('data', (chunk) => {\n                    output = Buffer.concat([output, chunk]);\n                });\n                this.message.on('end', () => {\n                    resolve(output.toString());\n                });\n            }));\n        });\n    }\n    readBodyBuffer() {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve) => __awaiter(this, void 0, void 0, function* () {\n                const chunks = [];\n                this.message.on('data', (chunk) => {\n                    chunks.push(chunk);\n                });\n                this.message.on('end', () => {\n                    resolve(Buffer.concat(chunks));\n                });\n            }));\n        });\n    }\n}\nexports.HttpClientResponse = HttpClientResponse;\nfunction isHttps(requestUrl) {\n    const parsedUrl = new URL(requestUrl);\n    return parsedUrl.protocol === 'https:';\n}\nclass HttpClient {\n    constructor(userAgent, handlers, requestOptions) {\n        this._ignoreSslError = false;\n        this._allowRedirects = true;\n        this._allowRedirectDowngrade = false;\n        this._maxRedirects = 50;\n        this._allowRetries = false;\n        this._maxRetries = 1;\n        this._keepAlive = false;\n        this._disposed = false;\n        this.userAgent = this._getUserAgentWithOrchestrationId(userAgent);\n        this.handlers = handlers || [];\n        this.requestOptions = requestOptions;\n        if (requestOptions) {\n            if (requestOptions.ignoreSslError != null) {\n                this._ignoreSslError = requestOptions.ignoreSslError;\n            }\n            this._socketTimeout = requestOptions.socketTimeout;\n            if (requestOptions.allowRedirects != null) {\n                this._allowRedirects = requestOptions.allowRedirects;\n            }\n            if (requestOptions.allowRedirectDowngrade != null) {\n                this._allowRedirectDowngrade = requestOptions.allowRedirectDowngrade;\n            }\n            if (requestOptions.maxRedirects != null) {\n                this._maxRedirects = Math.max(requestOptions.maxRedirects, 0);\n            }\n            if (requestOptions.keepAlive != null) {\n                this._keepAlive = requestOptions.keepAlive;\n            }\n            if (requestOptions.allowRetries != null) {\n                this._allowRetries = requestOptions.allowRetries;\n            }\n            if (requestOptions.maxRetries != null) {\n                this._maxRetries = requestOptions.maxRetries;\n            }\n        }\n    }\n    options(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('OPTIONS', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    get(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('GET', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    del(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('DELETE', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    post(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('POST', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    patch(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('PATCH', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    put(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('PUT', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    head(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('HEAD', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    sendStream(verb, requestUrl, stream, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request(verb, requestUrl, stream, additionalHeaders);\n        });\n    }\n    /**\n     * Gets a typed object from an endpoint\n     * Be aware that not found returns a null.  Other errors (4xx, 5xx) reject the promise\n     */\n    getJson(requestUrl_1) {\n        return __awaiter(this, arguments, void 0, function* (requestUrl, additionalHeaders = {}) {\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            const res = yield this.get(requestUrl, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    postJson(requestUrl_1, obj_1) {\n        return __awaiter(this, arguments, void 0, function* (requestUrl, obj, additionalHeaders = {}) {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] =\n                this._getExistingOrDefaultContentTypeHeader(additionalHeaders, MediaTypes.ApplicationJson);\n            const res = yield this.post(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    putJson(requestUrl_1, obj_1) {\n        return __awaiter(this, arguments, void 0, function* (requestUrl, obj, additionalHeaders = {}) {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] =\n                this._getExistingOrDefaultContentTypeHeader(additionalHeaders, MediaTypes.ApplicationJson);\n            const res = yield this.put(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    patchJson(requestUrl_1, obj_1) {\n        return __awaiter(this, arguments, void 0, function* (requestUrl, obj, additionalHeaders = {}) {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] =\n                this._getExistingOrDefaultContentTypeHeader(additionalHeaders, MediaTypes.ApplicationJson);\n            const res = yield this.patch(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    /**\n     * Makes a raw http request.\n     * All other methods such as get, post, patch, and request ultimately call this.\n     * Prefer get, del, post and patch\n     */\n    request(verb, requestUrl, data, headers) {\n        return __awaiter(this, void 0, void 0, function* () {\n            if (this._disposed) {\n                throw new Error('Client has already been disposed.');\n            }\n            const parsedUrl = new URL(requestUrl);\n            let info = this._prepareRequest(verb, parsedUrl, headers);\n            // Only perform retries on reads since writes may not be idempotent.\n            const maxTries = this._allowRetries && RetryableHttpVerbs.includes(verb)\n                ? this._maxRetries + 1\n                : 1;\n            let numTries = 0;\n            let response;\n            do {\n                response = yield this.requestRaw(info, data);\n                // Check if it's an authentication challenge\n                if (response &&\n                    response.message &&\n                    response.message.statusCode === HttpCodes.Unauthorized) {\n                    let authenticationHandler;\n                    for (const handler of this.handlers) {\n                        if (handler.canHandleAuthentication(response)) {\n                            authenticationHandler = handler;\n                            break;\n                        }\n                    }\n                    if (authenticationHandler) {\n                        return authenticationHandler.handleAuthentication(this, info, data);\n                    }\n                    else {\n                        // We have received an unauthorized response but have no handlers to handle it.\n                        // Let the response return to the caller.\n                        return response;\n                    }\n                }\n                let redirectsRemaining = this._maxRedirects;\n                while (response.message.statusCode &&\n                    HttpRedirectCodes.includes(response.message.statusCode) &&\n                    this._allowRedirects &&\n                    redirectsRemaining > 0) {\n                    const redirectUrl = response.message.headers['location'];\n                    if (!redirectUrl) {\n                        // if there's no location to redirect to, we won't\n                        break;\n                    }\n                    const parsedRedirectUrl = new URL(redirectUrl);\n                    if (parsedUrl.protocol === 'https:' &&\n                        parsedUrl.protocol !== parsedRedirectUrl.protocol &&\n                        !this._allowRedirectDowngrade) {\n                        throw new Error('Redirect from HTTPS to HTTP protocol. This downgrade is not allowed for security reasons. If you want to allow this behavior, set the allowRedirectDowngrade option to true.');\n                    }\n                    // we need to finish reading the response before reassigning response\n                    // which will leak the open socket.\n                    yield response.readBody();\n                    // strip authorization header if redirected to a different hostname\n                    if (parsedRedirectUrl.hostname !== parsedUrl.hostname) {\n                        for (const header in headers) {\n                            // header names are case insensitive\n                            if (header.toLowerCase() === 'authorization') {\n                                delete headers[header];\n                            }\n                        }\n                    }\n                    // let's make the request with the new redirectUrl\n                    info = this._prepareRequest(verb, parsedRedirectUrl, headers);\n                    response = yield this.requestRaw(info, data);\n                    redirectsRemaining--;\n                }\n                if (!response.message.statusCode ||\n                    !HttpResponseRetryCodes.includes(response.message.statusCode)) {\n                    // If not a retry code, return immediately instead of retrying\n                    return response;\n                }\n                numTries += 1;\n                if (numTries < maxTries) {\n                    yield response.readBody();\n                    yield this._performExponentialBackoff(numTries);\n                }\n            } while (numTries < maxTries);\n            return response;\n        });\n    }\n    /**\n     * Needs to be called if keepAlive is set to true in request options.\n     */\n    dispose() {\n        if (this._agent) {\n            this._agent.destroy();\n        }\n        this._disposed = true;\n    }\n    /**\n     * Raw request.\n     * @param info\n     * @param data\n     */\n    requestRaw(info, data) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve, reject) => {\n                function callbackForResult(err, res) {\n                    if (err) {\n                        reject(err);\n                    }\n                    else if (!res) {\n                        // If `err` is not passed, then `res` must be passed.\n                        reject(new Error('Unknown error'));\n                    }\n                    else {\n                        resolve(res);\n                    }\n                }\n                this.requestRawWithCallback(info, data, callbackForResult);\n            });\n        });\n    }\n    /**\n     * Raw request with callback.\n     * @param info\n     * @param data\n     * @param onResult\n     */\n    requestRawWithCallback(info, data, onResult) {\n        if (typeof data === 'string') {\n            if (!info.options.headers) {\n                info.options.headers = {};\n            }\n            info.options.headers['Content-Length'] = Buffer.byteLength(data, 'utf8');\n        }\n        let callbackCalled = false;\n        function handleResult(err, res) {\n            if (!callbackCalled) {\n                callbackCalled = true;\n                onResult(err, res);\n            }\n        }\n        const req = info.httpModule.request(info.options, (msg) => {\n            const res = new HttpClientResponse(msg);\n            handleResult(undefined, res);\n        });\n        let socket;\n        req.on('socket', sock => {\n            socket = sock;\n        });\n        // If we ever get disconnected, we want the socket to timeout eventually\n        req.setTimeout(this._socketTimeout || 3 * 60000, () => {\n            if (socket) {\n                socket.end();\n            }\n            handleResult(new Error(`Request timeout: ${info.options.path}`));\n        });\n        req.on('error', function (err) {\n            // err has statusCode property\n            // res should have headers\n            handleResult(err);\n        });\n        if (data && typeof data === 'string') {\n            req.write(data, 'utf8');\n        }\n        if (data && typeof data !== 'string') {\n            data.on('close', function () {\n                req.end();\n            });\n            data.pipe(req);\n        }\n        else {\n            req.end();\n        }\n    }\n    /**\n     * Gets an http agent. This function is useful when you need an http agent that handles\n     * routing through a proxy server - depending upon the url and proxy environment variables.\n     * @param serverUrl  The server URL where the request will be sent. For example, https://api.github.com\n     */\n    getAgent(serverUrl) {\n        const parsedUrl = new URL(serverUrl);\n        return this._getAgent(parsedUrl);\n    }\n    getAgentDispatcher(serverUrl) {\n        const parsedUrl = new URL(serverUrl);\n        const proxyUrl = pm.getProxyUrl(parsedUrl);\n        const useProxy = proxyUrl && proxyUrl.hostname;\n        if (!useProxy) {\n            return;\n        }\n        return this._getProxyAgentDispatcher(parsedUrl, proxyUrl);\n    }\n    _prepareRequest(method, requestUrl, headers) {\n        const info = {};\n        info.parsedUrl = requestUrl;\n        const usingSsl = info.parsedUrl.protocol === 'https:';\n        info.httpModule = usingSsl ? https : http;\n        const defaultPort = usingSsl ? 443 : 80;\n        info.options = {};\n        info.options.host = info.parsedUrl.hostname;\n        info.options.port = info.parsedUrl.port\n            ? parseInt(info.parsedUrl.port)\n            : defaultPort;\n        info.options.path =\n            (info.parsedUrl.pathname || '') + (info.parsedUrl.search || '');\n        info.options.method = method;\n        info.options.headers = this._mergeHeaders(headers);\n        if (this.userAgent != null) {\n            info.options.headers['user-agent'] = this.userAgent;\n        }\n        info.options.agent = this._getAgent(info.parsedUrl);\n        // gives handlers an opportunity to participate\n        if (this.handlers) {\n            for (const handler of this.handlers) {\n                handler.prepareRequest(info.options);\n            }\n        }\n        return info;\n    }\n    _mergeHeaders(headers) {\n        if (this.requestOptions && this.requestOptions.headers) {\n            return Object.assign({}, lowercaseKeys(this.requestOptions.headers), lowercaseKeys(headers || {}));\n        }\n        return lowercaseKeys(headers || {});\n    }\n    /**\n     * Gets an existing header value or returns a default.\n     * Handles converting number header values to strings since HTTP headers must be strings.\n     * Note: This returns string | string[] since some headers can have multiple values.\n     * For headers that must always be a single string (like Content-Type), use the\n     * specialized _getExistingOrDefaultContentTypeHeader method instead.\n     */\n    _getExistingOrDefaultHeader(additionalHeaders, header, _default) {\n        let clientHeader;\n        if (this.requestOptions && this.requestOptions.headers) {\n            const headerValue = lowercaseKeys(this.requestOptions.headers)[header];\n            if (headerValue) {\n                clientHeader =\n                    typeof headerValue === 'number' ? headerValue.toString() : headerValue;\n            }\n        }\n        const additionalValue = additionalHeaders[header];\n        if (additionalValue !== undefined) {\n            return typeof additionalValue === 'number'\n                ? additionalValue.toString()\n                : additionalValue;\n        }\n        if (clientHeader !== undefined) {\n            return clientHeader;\n        }\n        return _default;\n    }\n    /**\n     * Specialized version of _getExistingOrDefaultHeader for Content-Type header.\n     * Always returns a single string (not an array) since Content-Type should be a single value.\n     * Converts arrays to comma-separated strings and numbers to strings to ensure type safety.\n     * This was split from _getExistingOrDefaultHeader to provide stricter typing for callers\n     * that assign the result to places expecting a string (e.g., additionalHeaders[Headers.ContentType]).\n     */\n    _getExistingOrDefaultContentTypeHeader(additionalHeaders, _default) {\n        let clientHeader;\n        if (this.requestOptions && this.requestOptions.headers) {\n            const headerValue = lowercaseKeys(this.requestOptions.headers)[Headers.ContentType];\n            if (headerValue) {\n                if (typeof headerValue === 'number') {\n                    clientHeader = String(headerValue);\n                }\n                else if (Array.isArray(headerValue)) {\n                    clientHeader = headerValue.join(', ');\n                }\n                else {\n                    clientHeader = headerValue;\n                }\n            }\n        }\n        const additionalValue = additionalHeaders[Headers.ContentType];\n        // Return the first non-undefined value, converting numbers or arrays to strings if necessary\n        if (additionalValue !== undefined) {\n            if (typeof additionalValue === 'number') {\n                return String(additionalValue);\n            }\n            else if (Array.isArray(additionalValue)) {\n                return additionalValue.join(', ');\n            }\n            else {\n                return additionalValue;\n            }\n        }\n        if (clientHeader !== undefined) {\n            return clientHeader;\n        }\n        return _default;\n    }\n    _getAgent(parsedUrl) {\n        let agent;\n        const proxyUrl = pm.getProxyUrl(parsedUrl);\n        const useProxy = proxyUrl && proxyUrl.hostname;\n        if (this._keepAlive && useProxy) {\n            agent = this._proxyAgent;\n        }\n        if (!useProxy) {\n            agent = this._agent;\n        }\n        // if agent is already assigned use that agent.\n        if (agent) {\n            return agent;\n        }\n        const usingSsl = parsedUrl.protocol === 'https:';\n        let maxSockets = 100;\n        if (this.requestOptions) {\n            maxSockets = this.requestOptions.maxSockets || http.globalAgent.maxSockets;\n        }\n        // This is `useProxy` again, but we need to check `proxyURl` directly for TypeScripts's flow analysis.\n        if (proxyUrl && proxyUrl.hostname) {\n            const agentOptions = {\n                maxSockets,\n                keepAlive: this._keepAlive,\n                proxy: Object.assign(Object.assign({}, ((proxyUrl.username || proxyUrl.password) && {\n                    proxyAuth: `${proxyUrl.username}:${proxyUrl.password}`\n                })), { host: proxyUrl.hostname, port: proxyUrl.port })\n            };\n            let tunnelAgent;\n            const overHttps = proxyUrl.protocol === 'https:';\n            if (usingSsl) {\n                tunnelAgent = overHttps ? tunnel.httpsOverHttps : tunnel.httpsOverHttp;\n            }\n            else {\n                tunnelAgent = overHttps ? tunnel.httpOverHttps : tunnel.httpOverHttp;\n            }\n            agent = tunnelAgent(agentOptions);\n            this._proxyAgent = agent;\n        }\n        // if tunneling agent isn't assigned create a new agent\n        if (!agent) {\n            const options = { keepAlive: this._keepAlive, maxSockets };\n            agent = usingSsl ? new https.Agent(options) : new http.Agent(options);\n            this._agent = agent;\n        }\n        if (usingSsl && this._ignoreSslError) {\n            // we don't want to set NODE_TLS_REJECT_UNAUTHORIZED=0 since that will affect request for entire process\n            // http.RequestOptions doesn't expose a way to modify RequestOptions.agent.options\n            // we have to cast it to any and change it directly\n            agent.options = Object.assign(agent.options || {}, {\n                rejectUnauthorized: false\n            });\n        }\n        return agent;\n    }\n    _getProxyAgentDispatcher(parsedUrl, proxyUrl) {\n        let proxyAgent;\n        if (this._keepAlive) {\n            proxyAgent = this._proxyAgentDispatcher;\n        }\n        // if agent is already assigned use that agent.\n        if (proxyAgent) {\n            return proxyAgent;\n        }\n        const usingSsl = parsedUrl.protocol === 'https:';\n        proxyAgent = new undici_1.ProxyAgent(Object.assign({ uri: proxyUrl.href, pipelining: !this._keepAlive ? 0 : 1 }, ((proxyUrl.username || proxyUrl.password) && {\n            token: `Basic ${Buffer.from(`${proxyUrl.username}:${proxyUrl.password}`).toString('base64')}`\n        })));\n        this._proxyAgentDispatcher = proxyAgent;\n        if (usingSsl && this._ignoreSslError) {\n            // we don't want to set NODE_TLS_REJECT_UNAUTHORIZED=0 since that will affect request for entire process\n            // http.RequestOptions doesn't expose a way to modify RequestOptions.agent.options\n            // we have to cast it to any and change it directly\n            proxyAgent.options = Object.assign(proxyAgent.options.requestTls || {}, {\n                rejectUnauthorized: false\n            });\n        }\n        return proxyAgent;\n    }\n    _getUserAgentWithOrchestrationId(userAgent) {\n        const baseUserAgent = userAgent || 'actions/http-client';\n        const orchId = process.env['ACTIONS_ORCHESTRATION_ID'];\n        if (orchId) {\n            // Sanitize the orchestration ID to ensure it contains only valid characters\n            // Valid characters: 0-9, a-z, _, -, .\n            const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_');\n            return `${baseUserAgent} actions_orchestration_id/${sanitizedId}`;\n        }\n        return baseUserAgent;\n    }\n    _performExponentialBackoff(retryNumber) {\n        return __awaiter(this, void 0, void 0, function* () {\n            retryNumber = Math.min(ExponentialBackoffCeiling, retryNumber);\n            const ms = ExponentialBackoffTimeSlice * Math.pow(2, retryNumber);\n            return new Promise(resolve => setTimeout(() => resolve(), ms));\n        });\n    }\n    _processResponse(res, options) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {\n                const statusCode = res.message.statusCode || 0;\n                const response = {\n                    statusCode,\n                    result: null,\n                    headers: {}\n                };\n                // not found leads to null obj returned\n                if (statusCode === HttpCodes.NotFound) {\n                    resolve(response);\n                }\n                // get the result from the body\n                function dateTimeDeserializer(key, value) {\n                    if (typeof value === 'string') {\n                        const a = new Date(value);\n                        if (!isNaN(a.valueOf())) {\n                            return a;\n                        }\n                    }\n                    return value;\n                }\n                let obj;\n                let contents;\n                try {\n                    contents = yield res.readBody();\n                    if (contents && contents.length > 0) {\n                        if (options && options.deserializeDates) {\n                            obj = JSON.parse(contents, dateTimeDeserializer);\n                        }\n                        else {\n                            obj = JSON.parse(contents);\n                        }\n                        response.result = obj;\n                    }\n                    response.headers = res.message.headers;\n                }\n                catch (err) {\n                    // Invalid resource (contents not json);  leaving result obj null\n                }\n                // note that 3xx redirects are handled by the http layer.\n                if (statusCode > 299) {\n                    let msg;\n                    // if exception/error in body, attempt to get better error\n                    if (obj && obj.message) {\n                        msg = obj.message;\n                    }\n                    else if (contents && contents.length > 0) {\n                        // it may be the case that the exception is in the body message as string\n                        msg = contents;\n                    }\n                    else {\n                        msg = `Failed request: (${statusCode})`;\n                    }\n                    const err = new HttpClientError(msg, statusCode);\n                    err.result = response.result;\n                    reject(err);\n                }\n                else {\n                    resolve(response);\n                }\n            }));\n        });\n    }\n}\nexports.HttpClient = HttpClient;\nconst lowercaseKeys = (obj) => Object.keys(obj).reduce((c, k) => ((c[k.toLowerCase()] = obj[k]), c), {});\n//# sourceMappingURL=index.js.map","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getProxyUrl = getProxyUrl;\nexports.checkBypass = checkBypass;\nfunction getProxyUrl(reqUrl) {\n    const usingSsl = reqUrl.protocol === 'https:';\n    if (checkBypass(reqUrl)) {\n        return undefined;\n    }\n    const proxyVar = (() => {\n        if (usingSsl) {\n            return process.env['https_proxy'] || process.env['HTTPS_PROXY'];\n        }\n        else {\n            return process.env['http_proxy'] || process.env['HTTP_PROXY'];\n        }\n    })();\n    if (proxyVar) {\n        try {\n            return new DecodedURL(proxyVar);\n        }\n        catch (_a) {\n            if (!proxyVar.startsWith('http://') && !proxyVar.startsWith('https://'))\n                return new DecodedURL(`http://${proxyVar}`);\n        }\n    }\n    else {\n        return undefined;\n    }\n}\nfunction checkBypass(reqUrl) {\n    if (!reqUrl.hostname) {\n        return false;\n    }\n    const reqHost = reqUrl.hostname;\n    if (isLoopbackAddress(reqHost)) {\n        return true;\n    }\n    const noProxy = process.env['no_proxy'] || process.env['NO_PROXY'] || '';\n    if (!noProxy) {\n        return false;\n    }\n    // Determine the request port\n    let reqPort;\n    if (reqUrl.port) {\n        reqPort = Number(reqUrl.port);\n    }\n    else if (reqUrl.protocol === 'http:') {\n        reqPort = 80;\n    }\n    else if (reqUrl.protocol === 'https:') {\n        reqPort = 443;\n    }\n    // Format the request hostname and hostname with port\n    const upperReqHosts = [reqUrl.hostname.toUpperCase()];\n    if (typeof reqPort === 'number') {\n        upperReqHosts.push(`${upperReqHosts[0]}:${reqPort}`);\n    }\n    // Compare request host against noproxy\n    for (const upperNoProxyItem of noProxy\n        .split(',')\n        .map(x => x.trim().toUpperCase())\n        .filter(x => x)) {\n        if (upperNoProxyItem === '*' ||\n            upperReqHosts.some(x => x === upperNoProxyItem ||\n                x.endsWith(`.${upperNoProxyItem}`) ||\n                (upperNoProxyItem.startsWith('.') &&\n                    x.endsWith(`${upperNoProxyItem}`)))) {\n            return true;\n        }\n    }\n    return false;\n}\nfunction isLoopbackAddress(host) {\n    const hostLower = host.toLowerCase();\n    return (hostLower === 'localhost' ||\n        hostLower.startsWith('127.') ||\n        hostLower.startsWith('[::1]') ||\n        hostLower.startsWith('[0:0:0:0:0:0:0:1]'));\n}\nclass DecodedURL extends URL {\n    constructor(url, base) {\n        super(url, base);\n        this._decodedUsername = decodeURIComponent(super.username);\n        this._decodedPassword = decodeURIComponent(super.password);\n    }\n    get username() {\n        return this._decodedUsername;\n    }\n    get password() {\n        return this._decodedPassword;\n    }\n}\n//# sourceMappingURL=proxy.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nvar _a;\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.READONLY = exports.UV_FS_O_EXLOCK = exports.IS_WINDOWS = exports.unlink = exports.symlink = exports.stat = exports.rmdir = exports.rm = exports.rename = exports.readdir = exports.open = exports.mkdir = exports.lstat = exports.copyFile = exports.chmod = void 0;\nexports.readlink = readlink;\nexports.exists = exists;\nexports.isDirectory = isDirectory;\nexports.isRooted = isRooted;\nexports.tryGetExecutablePath = tryGetExecutablePath;\nexports.getCmdPath = getCmdPath;\nconst fs = __importStar(require(\"fs\"));\nconst path = __importStar(require(\"path\"));\n_a = fs.promises\n// export const {open} = 'fs'\n, exports.chmod = _a.chmod, exports.copyFile = _a.copyFile, exports.lstat = _a.lstat, exports.mkdir = _a.mkdir, exports.open = _a.open, exports.readdir = _a.readdir, exports.rename = _a.rename, exports.rm = _a.rm, exports.rmdir = _a.rmdir, exports.stat = _a.stat, exports.symlink = _a.symlink, exports.unlink = _a.unlink;\n// export const {open} = 'fs'\nexports.IS_WINDOWS = process.platform === 'win32';\n/**\n * Custom implementation of readlink to ensure Windows junctions\n * maintain trailing backslash for backward compatibility with Node.js < 24\n *\n * In Node.js 20, Windows junctions (directory symlinks) always returned paths\n * with trailing backslashes. Node.js 24 removed this behavior, which breaks\n * code that relied on this format for path operations.\n *\n * This implementation restores the Node 20 behavior by adding a trailing\n * backslash to all junction results on Windows.\n */\nfunction readlink(fsPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const result = yield fs.promises.readlink(fsPath);\n        // On Windows, restore Node 20 behavior: add trailing backslash to all results\n        // since junctions on Windows are always directory links\n        if (exports.IS_WINDOWS && !result.endsWith('\\\\')) {\n            return `${result}\\\\`;\n        }\n        return result;\n    });\n}\n// See https://github.com/nodejs/node/blob/d0153aee367422d0858105abec186da4dff0a0c5/deps/uv/include/uv/win.h#L691\nexports.UV_FS_O_EXLOCK = 0x10000000;\nexports.READONLY = fs.constants.O_RDONLY;\nfunction exists(fsPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        try {\n            yield (0, exports.stat)(fsPath);\n        }\n        catch (err) {\n            if (err.code === 'ENOENT') {\n                return false;\n            }\n            throw err;\n        }\n        return true;\n    });\n}\nfunction isDirectory(fsPath_1) {\n    return __awaiter(this, arguments, void 0, function* (fsPath, useStat = false) {\n        const stats = useStat ? yield (0, exports.stat)(fsPath) : yield (0, exports.lstat)(fsPath);\n        return stats.isDirectory();\n    });\n}\n/**\n * On OSX/Linux, true if path starts with '/'. On Windows, true for paths like:\n * \\, \\hello, \\\\hello\\share, C:, and C:\\hello (and corresponding alternate separator cases).\n */\nfunction isRooted(p) {\n    p = normalizeSeparators(p);\n    if (!p) {\n        throw new Error('isRooted() parameter \"p\" cannot be empty');\n    }\n    if (exports.IS_WINDOWS) {\n        return (p.startsWith('\\\\') || /^[A-Z]:/i.test(p) // e.g. \\ or \\hello or \\\\hello\n        ); // e.g. C: or C:\\hello\n    }\n    return p.startsWith('/');\n}\n/**\n * Best effort attempt to determine whether a file exists and is executable.\n * @param filePath    file path to check\n * @param extensions  additional file extensions to try\n * @return if file exists and is executable, returns the file path. otherwise empty string.\n */\nfunction tryGetExecutablePath(filePath, extensions) {\n    return __awaiter(this, void 0, void 0, function* () {\n        let stats = undefined;\n        try {\n            // test file exists\n            stats = yield (0, exports.stat)(filePath);\n        }\n        catch (err) {\n            if (err.code !== 'ENOENT') {\n                // eslint-disable-next-line no-console\n                console.log(`Unexpected error attempting to determine if executable file exists '${filePath}': ${err}`);\n            }\n        }\n        if (stats && stats.isFile()) {\n            if (exports.IS_WINDOWS) {\n                // on Windows, test for valid extension\n                const upperExt = path.extname(filePath).toUpperCase();\n                if (extensions.some(validExt => validExt.toUpperCase() === upperExt)) {\n                    return filePath;\n                }\n            }\n            else {\n                if (isUnixExecutable(stats)) {\n                    return filePath;\n                }\n            }\n        }\n        // try each extension\n        const originalFilePath = filePath;\n        for (const extension of extensions) {\n            filePath = originalFilePath + extension;\n            stats = undefined;\n            try {\n                stats = yield (0, exports.stat)(filePath);\n            }\n            catch (err) {\n                if (err.code !== 'ENOENT') {\n                    // eslint-disable-next-line no-console\n                    console.log(`Unexpected error attempting to determine if executable file exists '${filePath}': ${err}`);\n                }\n            }\n            if (stats && stats.isFile()) {\n                if (exports.IS_WINDOWS) {\n                    // preserve the case of the actual file (since an extension was appended)\n                    try {\n                        const directory = path.dirname(filePath);\n                        const upperName = path.basename(filePath).toUpperCase();\n                        for (const actualName of yield (0, exports.readdir)(directory)) {\n                            if (upperName === actualName.toUpperCase()) {\n                                filePath = path.join(directory, actualName);\n                                break;\n                            }\n                        }\n                    }\n                    catch (err) {\n                        // eslint-disable-next-line no-console\n                        console.log(`Unexpected error attempting to determine the actual case of the file '${filePath}': ${err}`);\n                    }\n                    return filePath;\n                }\n                else {\n                    if (isUnixExecutable(stats)) {\n                        return filePath;\n                    }\n                }\n            }\n        }\n        return '';\n    });\n}\nfunction normalizeSeparators(p) {\n    p = p || '';\n    if (exports.IS_WINDOWS) {\n        // convert slashes on Windows\n        p = p.replace(/\\//g, '\\\\');\n        // remove redundant slashes\n        return p.replace(/\\\\\\\\+/g, '\\\\');\n    }\n    // remove redundant slashes\n    return p.replace(/\\/\\/+/g, '/');\n}\n// on Mac/Linux, test the execute bit\n//     R   W  X  R  W X R W X\n//   256 128 64 32 16 8 4 2 1\nfunction isUnixExecutable(stats) {\n    return ((stats.mode & 1) > 0 ||\n        ((stats.mode & 8) > 0 &&\n            process.getgid !== undefined &&\n            stats.gid === process.getgid()) ||\n        ((stats.mode & 64) > 0 &&\n            process.getuid !== undefined &&\n            stats.uid === process.getuid()));\n}\n// Get the path of cmd.exe in windows\nfunction getCmdPath() {\n    var _a;\n    return (_a = process.env['COMSPEC']) !== null && _a !== void 0 ? _a : `cmd.exe`;\n}\n//# sourceMappingURL=io-util.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.cp = cp;\nexports.mv = mv;\nexports.rmRF = rmRF;\nexports.mkdirP = mkdirP;\nexports.which = which;\nexports.findInPath = findInPath;\nconst assert_1 = require(\"assert\");\nconst path = __importStar(require(\"path\"));\nconst ioUtil = __importStar(require(\"./io-util\"));\n/**\n * Copies a file or folder.\n * Based off of shelljs - https://github.com/shelljs/shelljs/blob/9237f66c52e5daa40458f94f9565e18e8132f5a6/src/cp.js\n *\n * @param     source    source path\n * @param     dest      destination path\n * @param     options   optional. See CopyOptions.\n */\nfunction cp(source_1, dest_1) {\n    return __awaiter(this, arguments, void 0, function* (source, dest, options = {}) {\n        const { force, recursive, copySourceDirectory } = readCopyOptions(options);\n        const destStat = (yield ioUtil.exists(dest)) ? yield ioUtil.stat(dest) : null;\n        // Dest is an existing file, but not forcing\n        if (destStat && destStat.isFile() && !force) {\n            return;\n        }\n        // If dest is an existing directory, should copy inside.\n        const newDest = destStat && destStat.isDirectory() && copySourceDirectory\n            ? path.join(dest, path.basename(source))\n            : dest;\n        if (!(yield ioUtil.exists(source))) {\n            throw new Error(`no such file or directory: ${source}`);\n        }\n        const sourceStat = yield ioUtil.stat(source);\n        if (sourceStat.isDirectory()) {\n            if (!recursive) {\n                throw new Error(`Failed to copy. ${source} is a directory, but tried to copy without recursive flag.`);\n            }\n            else {\n                yield cpDirRecursive(source, newDest, 0, force);\n            }\n        }\n        else {\n            if (path.relative(source, newDest) === '') {\n                // a file cannot be copied to itself\n                throw new Error(`'${newDest}' and '${source}' are the same file`);\n            }\n            yield copyFile(source, newDest, force);\n        }\n    });\n}\n/**\n * Moves a path.\n *\n * @param     source    source path\n * @param     dest      destination path\n * @param     options   optional. See MoveOptions.\n */\nfunction mv(source_1, dest_1) {\n    return __awaiter(this, arguments, void 0, function* (source, dest, options = {}) {\n        if (yield ioUtil.exists(dest)) {\n            let destExists = true;\n            if (yield ioUtil.isDirectory(dest)) {\n                // If dest is directory copy src into dest\n                dest = path.join(dest, path.basename(source));\n                destExists = yield ioUtil.exists(dest);\n            }\n            if (destExists) {\n                if (options.force == null || options.force) {\n                    yield rmRF(dest);\n                }\n                else {\n                    throw new Error('Destination already exists');\n                }\n            }\n        }\n        yield mkdirP(path.dirname(dest));\n        yield ioUtil.rename(source, dest);\n    });\n}\n/**\n * Remove a path recursively with force\n *\n * @param inputPath path to remove\n */\nfunction rmRF(inputPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (ioUtil.IS_WINDOWS) {\n            // Check for invalid characters\n            // https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file\n            if (/[*\"<>|]/.test(inputPath)) {\n                throw new Error('File path must not contain `*`, `\"`, `<`, `>` or `|` on Windows');\n            }\n        }\n        try {\n            // note if path does not exist, error is silent\n            yield ioUtil.rm(inputPath, {\n                force: true,\n                maxRetries: 3,\n                recursive: true,\n                retryDelay: 300\n            });\n        }\n        catch (err) {\n            throw new Error(`File was unable to be removed ${err}`);\n        }\n    });\n}\n/**\n * Make a directory.  Creates the full path with folders in between\n * Will throw if it fails\n *\n * @param   fsPath        path to create\n * @returns Promise<void>\n */\nfunction mkdirP(fsPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        (0, assert_1.ok)(fsPath, 'a path argument must be provided');\n        yield ioUtil.mkdir(fsPath, { recursive: true });\n    });\n}\n/**\n * Returns path of a tool had the tool actually been invoked.  Resolves via paths.\n * If you check and the tool does not exist, it will throw.\n *\n * @param     tool              name of the tool\n * @param     check             whether to check if tool exists\n * @returns   Promise<string>   path to tool\n */\nfunction which(tool, check) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!tool) {\n            throw new Error(\"parameter 'tool' is required\");\n        }\n        // recursive when check=true\n        if (check) {\n            const result = yield which(tool, false);\n            if (!result) {\n                if (ioUtil.IS_WINDOWS) {\n                    throw new Error(`Unable to locate executable file: ${tool}. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also verify the file has a valid extension for an executable file.`);\n                }\n                else {\n                    throw new Error(`Unable to locate executable file: ${tool}. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.`);\n                }\n            }\n            return result;\n        }\n        const matches = yield findInPath(tool);\n        if (matches && matches.length > 0) {\n            return matches[0];\n        }\n        return '';\n    });\n}\n/**\n * Returns a list of all occurrences of the given tool on the system path.\n *\n * @returns   Promise<string[]>  the paths of the tool\n */\nfunction findInPath(tool) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!tool) {\n            throw new Error(\"parameter 'tool' is required\");\n        }\n        // build the list of extensions to try\n        const extensions = [];\n        if (ioUtil.IS_WINDOWS && process.env['PATHEXT']) {\n            for (const extension of process.env['PATHEXT'].split(path.delimiter)) {\n                if (extension) {\n                    extensions.push(extension);\n                }\n            }\n        }\n        // if it's rooted, return it if exists. otherwise return empty.\n        if (ioUtil.isRooted(tool)) {\n            const filePath = yield ioUtil.tryGetExecutablePath(tool, extensions);\n            if (filePath) {\n                return [filePath];\n            }\n            return [];\n        }\n        // if any path separators, return empty\n        if (tool.includes(path.sep)) {\n            return [];\n        }\n        // build the list of directories\n        //\n        // Note, technically \"where\" checks the current directory on Windows. From a toolkit perspective,\n        // it feels like we should not do this. Checking the current directory seems like more of a use\n        // case of a shell, and the which() function exposed by the toolkit should strive for consistency\n        // across platforms.\n        const directories = [];\n        if (process.env.PATH) {\n            for (const p of process.env.PATH.split(path.delimiter)) {\n                if (p) {\n                    directories.push(p);\n                }\n            }\n        }\n        // find all matches\n        const matches = [];\n        for (const directory of directories) {\n            const filePath = yield ioUtil.tryGetExecutablePath(path.join(directory, tool), extensions);\n            if (filePath) {\n                matches.push(filePath);\n            }\n        }\n        return matches;\n    });\n}\nfunction readCopyOptions(options) {\n    const force = options.force == null ? true : options.force;\n    const recursive = Boolean(options.recursive);\n    const copySourceDirectory = options.copySourceDirectory == null\n        ? true\n        : Boolean(options.copySourceDirectory);\n    return { force, recursive, copySourceDirectory };\n}\nfunction cpDirRecursive(sourceDir, destDir, currentDepth, force) {\n    return __awaiter(this, void 0, void 0, function* () {\n        // Ensure there is not a run away recursive copy\n        if (currentDepth >= 255)\n            return;\n        currentDepth++;\n        yield mkdirP(destDir);\n        const files = yield ioUtil.readdir(sourceDir);\n        for (const fileName of files) {\n            const srcFile = `${sourceDir}/${fileName}`;\n            const destFile = `${destDir}/${fileName}`;\n            const srcFileStat = yield ioUtil.lstat(srcFile);\n            if (srcFileStat.isDirectory()) {\n                // Recurse\n                yield cpDirRecursive(srcFile, destFile, currentDepth, force);\n            }\n            else {\n                yield copyFile(srcFile, destFile, force);\n            }\n        }\n        // Change the mode for the newly created directory\n        yield ioUtil.chmod(destDir, (yield ioUtil.stat(sourceDir)).mode);\n    });\n}\n// Buffered file copy\nfunction copyFile(srcFile, destFile, force) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if ((yield ioUtil.lstat(srcFile)).isSymbolicLink()) {\n            // unlink/re-link it\n            try {\n                yield ioUtil.lstat(destFile);\n                yield ioUtil.unlink(destFile);\n            }\n            catch (e) {\n                // Try to override file permission\n                if (e.code === 'EPERM') {\n                    yield ioUtil.chmod(destFile, '0666');\n                    yield ioUtil.unlink(destFile);\n                }\n                // other errors = it doesn't exist, no work to do\n            }\n            // Copy over symlink\n            const symlinkFull = yield ioUtil.readlink(srcFile);\n            yield ioUtil.symlink(symlinkFull, destFile, ioUtil.IS_WINDOWS ? 'junction' : null);\n        }\n        else if (!(yield ioUtil.exists(destFile)) || force) {\n            yield ioUtil.copyFile(srcFile, destFile);\n        }\n    });\n}\n//# sourceMappingURL=io.js.map","'use strict'\n\n/**\n * Ponyfill for `Array.prototype.find` which is only available in ES6 runtimes.\n *\n * Works with anything that has a `length` property and index access properties, including NodeList.\n *\n * @template {unknown} T\n * @param {Array<T> | ({length:number, [number]: T})} list\n * @param {function (item: T, index: number, list:Array<T> | ({length:number, [number]: T})):boolean} predicate\n * @param {Partial<Pick<ArrayConstructor['prototype'], 'find'>>?} ac `Array.prototype` by default,\n * \t\t\t\tallows injecting a custom implementation in tests\n * @returns {T | undefined}\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/find\n * @see https://tc39.es/ecma262/multipage/indexed-collections.html#sec-array.prototype.find\n */\nfunction find(list, predicate, ac) {\n\tif (ac === undefined) {\n\t\tac = Array.prototype;\n\t}\n\tif (list && typeof ac.find === 'function') {\n\t\treturn ac.find.call(list, predicate);\n\t}\n\tfor (var i = 0; i < list.length; i++) {\n\t\tif (Object.prototype.hasOwnProperty.call(list, i)) {\n\t\t\tvar item = list[i];\n\t\t\tif (predicate.call(undefined, item, i, list)) {\n\t\t\t\treturn item;\n\t\t\t}\n\t\t}\n\t}\n}\n\n/**\n * \"Shallow freezes\" an object to render it immutable.\n * Uses `Object.freeze` if available,\n * otherwise the immutability is only in the type.\n *\n * Is used to create \"enum like\" objects.\n *\n * @template T\n * @param {T} object the object to freeze\n * @param {Pick<ObjectConstructor, 'freeze'> = Object} oc `Object` by default,\n * \t\t\t\tallows to inject custom object constructor for tests\n * @returns {Readonly<T>}\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/freeze\n */\nfunction freeze(object, oc) {\n\tif (oc === undefined) {\n\t\toc = Object\n\t}\n\treturn oc && typeof oc.freeze === 'function' ? oc.freeze(object) : object\n}\n\n/**\n * Since we can not rely on `Object.assign` we provide a simplified version\n * that is sufficient for our needs.\n *\n * @param {Object} target\n * @param {Object | null | undefined} source\n *\n * @returns {Object} target\n * @throws TypeError if target is not an object\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/assign\n * @see https://tc39.es/ecma262/multipage/fundamental-objects.html#sec-object.assign\n */\nfunction assign(target, source) {\n\tif (target === null || typeof target !== 'object') {\n\t\tthrow new TypeError('target is not an object')\n\t}\n\tfor (var key in source) {\n\t\tif (Object.prototype.hasOwnProperty.call(source, key)) {\n\t\t\ttarget[key] = source[key]\n\t\t}\n\t}\n\treturn target\n}\n\n/**\n * All mime types that are allowed as input to `DOMParser.parseFromString`\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMParser/parseFromString#Argument02 MDN\n * @see https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#domparsersupportedtype WHATWG HTML Spec\n * @see DOMParser.prototype.parseFromString\n */\nvar MIME_TYPE = freeze({\n\t/**\n\t * `text/html`, the only mime type that triggers treating an XML document as HTML.\n\t *\n\t * @see DOMParser.SupportedType.isHTML\n\t * @see https://www.iana.org/assignments/media-types/text/html IANA MimeType registration\n\t * @see https://en.wikipedia.org/wiki/HTML Wikipedia\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMParser/parseFromString MDN\n\t * @see https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-domparser-parsefromstring WHATWG HTML Spec\n\t */\n\tHTML: 'text/html',\n\n\t/**\n\t * Helper method to check a mime type if it indicates an HTML document\n\t *\n\t * @param {string} [value]\n\t * @returns {boolean}\n\t *\n\t * @see https://www.iana.org/assignments/media-types/text/html IANA MimeType registration\n\t * @see https://en.wikipedia.org/wiki/HTML Wikipedia\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMParser/parseFromString MDN\n\t * @see https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-domparser-parsefromstring \t */\n\tisHTML: function (value) {\n\t\treturn value === MIME_TYPE.HTML\n\t},\n\n\t/**\n\t * `application/xml`, the standard mime type for XML documents.\n\t *\n\t * @see https://www.iana.org/assignments/media-types/application/xml IANA MimeType registration\n\t * @see https://tools.ietf.org/html/rfc7303#section-9.1 RFC 7303\n\t * @see https://en.wikipedia.org/wiki/XML_and_MIME Wikipedia\n\t */\n\tXML_APPLICATION: 'application/xml',\n\n\t/**\n\t * `text/html`, an alias for `application/xml`.\n\t *\n\t * @see https://tools.ietf.org/html/rfc7303#section-9.2 RFC 7303\n\t * @see https://www.iana.org/assignments/media-types/text/xml IANA MimeType registration\n\t * @see https://en.wikipedia.org/wiki/XML_and_MIME Wikipedia\n\t */\n\tXML_TEXT: 'text/xml',\n\n\t/**\n\t * `application/xhtml+xml`, indicates an XML document that has the default HTML namespace,\n\t * but is parsed as an XML document.\n\t *\n\t * @see https://www.iana.org/assignments/media-types/application/xhtml+xml IANA MimeType registration\n\t * @see https://dom.spec.whatwg.org/#dom-domimplementation-createdocument WHATWG DOM Spec\n\t * @see https://en.wikipedia.org/wiki/XHTML Wikipedia\n\t */\n\tXML_XHTML_APPLICATION: 'application/xhtml+xml',\n\n\t/**\n\t * `image/svg+xml`,\n\t *\n\t * @see https://www.iana.org/assignments/media-types/image/svg+xml IANA MimeType registration\n\t * @see https://www.w3.org/TR/SVG11/ W3C SVG 1.1\n\t * @see https://en.wikipedia.org/wiki/Scalable_Vector_Graphics Wikipedia\n\t */\n\tXML_SVG_IMAGE: 'image/svg+xml',\n})\n\n/**\n * Namespaces that are used in this code base.\n *\n * @see http://www.w3.org/TR/REC-xml-names\n */\nvar NAMESPACE = freeze({\n\t/**\n\t * The XHTML namespace.\n\t *\n\t * @see http://www.w3.org/1999/xhtml\n\t */\n\tHTML: 'http://www.w3.org/1999/xhtml',\n\n\t/**\n\t * Checks if `uri` equals `NAMESPACE.HTML`.\n\t *\n\t * @param {string} [uri]\n\t *\n\t * @see NAMESPACE.HTML\n\t */\n\tisHTML: function (uri) {\n\t\treturn uri === NAMESPACE.HTML\n\t},\n\n\t/**\n\t * The SVG namespace.\n\t *\n\t * @see http://www.w3.org/2000/svg\n\t */\n\tSVG: 'http://www.w3.org/2000/svg',\n\n\t/**\n\t * The `xml:` namespace.\n\t *\n\t * @see http://www.w3.org/XML/1998/namespace\n\t */\n\tXML: 'http://www.w3.org/XML/1998/namespace',\n\n\t/**\n\t * The `xmlns:` namespace\n\t *\n\t * @see https://www.w3.org/2000/xmlns/\n\t */\n\tXMLNS: 'http://www.w3.org/2000/xmlns/',\n})\n\nexports.assign = assign;\nexports.find = find;\nexports.freeze = freeze;\nexports.MIME_TYPE = MIME_TYPE;\nexports.NAMESPACE = NAMESPACE;\n","var conventions = require(\"./conventions\");\nvar dom = require('./dom')\nvar entities = require('./entities');\nvar sax = require('./sax');\n\nvar DOMImplementation = dom.DOMImplementation;\n\nvar NAMESPACE = conventions.NAMESPACE;\n\nvar ParseError = sax.ParseError;\nvar XMLReader = sax.XMLReader;\n\n/**\n * Normalizes line ending according to https://www.w3.org/TR/xml11/#sec-line-ends:\n *\n * > XML parsed entities are often stored in computer files which,\n * > for editing convenience, are organized into lines.\n * > These lines are typically separated by some combination\n * > of the characters CARRIAGE RETURN (#xD) and LINE FEED (#xA).\n * >\n * > To simplify the tasks of applications, the XML processor must behave\n * > as if it normalized all line breaks in external parsed entities (including the document entity)\n * > on input, before parsing, by translating all of the following to a single #xA character:\n * >\n * > 1. the two-character sequence #xD #xA\n * > 2. the two-character sequence #xD #x85\n * > 3. the single character #x85\n * > 4. the single character #x2028\n * > 5. any #xD character that is not immediately followed by #xA or #x85.\n *\n * @param {string} input\n * @returns {string}\n */\nfunction normalizeLineEndings(input) {\n\treturn input\n\t\t.replace(/\\r[\\n\\u0085]/g, '\\n')\n\t\t.replace(/[\\r\\u0085\\u2028]/g, '\\n')\n}\n\n/**\n * @typedef Locator\n * @property {number} [columnNumber]\n * @property {number} [lineNumber]\n */\n\n/**\n * @typedef DOMParserOptions\n * @property {DOMHandler} [domBuilder]\n * @property {Function} [errorHandler]\n * @property {(string) => string} [normalizeLineEndings] used to replace line endings before parsing\n * \t\t\t\t\t\tdefaults to `normalizeLineEndings`\n * @property {Locator} [locator]\n * @property {Record<string, string>} [xmlns]\n *\n * @see normalizeLineEndings\n */\n\n/**\n * The DOMParser interface provides the ability to parse XML or HTML source code\n * from a string into a DOM `Document`.\n *\n * _xmldom is different from the spec in that it allows an `options` parameter,\n * to override the default behavior._\n *\n * @param {DOMParserOptions} [options]\n * @constructor\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMParser\n * @see https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-parsing-and-serialization\n */\nfunction DOMParser(options){\n\tthis.options = options ||{locator:{}};\n}\n\nDOMParser.prototype.parseFromString = function(source,mimeType){\n\tvar options = this.options;\n\tvar sax =  new XMLReader();\n\tvar domBuilder = options.domBuilder || new DOMHandler();//contentHandler and LexicalHandler\n\tvar errorHandler = options.errorHandler;\n\tvar locator = options.locator;\n\tvar defaultNSMap = options.xmlns||{};\n\tvar isHTML = /\\/x?html?$/.test(mimeType);//mimeType.toLowerCase().indexOf('html') > -1;\n  \tvar entityMap = isHTML ? entities.HTML_ENTITIES : entities.XML_ENTITIES;\n\tif(locator){\n\t\tdomBuilder.setDocumentLocator(locator)\n\t}\n\n\tsax.errorHandler = buildErrorHandler(errorHandler,domBuilder,locator);\n\tsax.domBuilder = options.domBuilder || domBuilder;\n\tif(isHTML){\n\t\tdefaultNSMap[''] = NAMESPACE.HTML;\n\t}\n\tdefaultNSMap.xml = defaultNSMap.xml || NAMESPACE.XML;\n\tvar normalize = options.normalizeLineEndings || normalizeLineEndings;\n\tif (source && typeof source === 'string') {\n\t\tsax.parse(\n\t\t\tnormalize(source),\n\t\t\tdefaultNSMap,\n\t\t\tentityMap\n\t\t)\n\t} else {\n\t\tsax.errorHandler.error('invalid doc source')\n\t}\n\treturn domBuilder.doc;\n}\nfunction buildErrorHandler(errorImpl,domBuilder,locator){\n\tif(!errorImpl){\n\t\tif(domBuilder instanceof DOMHandler){\n\t\t\treturn domBuilder;\n\t\t}\n\t\terrorImpl = domBuilder ;\n\t}\n\tvar errorHandler = {}\n\tvar isCallback = errorImpl instanceof Function;\n\tlocator = locator||{}\n\tfunction build(key){\n\t\tvar fn = errorImpl[key];\n\t\tif(!fn && isCallback){\n\t\t\tfn = errorImpl.length == 2?function(msg){errorImpl(key,msg)}:errorImpl;\n\t\t}\n\t\terrorHandler[key] = fn && function(msg){\n\t\t\tfn('[xmldom '+key+']\\t'+msg+_locator(locator));\n\t\t}||function(){};\n\t}\n\tbuild('warning');\n\tbuild('error');\n\tbuild('fatalError');\n\treturn errorHandler;\n}\n\n//console.log('#\\n\\n\\n\\n\\n\\n\\n####')\n/**\n * +ContentHandler+ErrorHandler\n * +LexicalHandler+EntityResolver2\n * -DeclHandler-DTDHandler\n *\n * DefaultHandler:EntityResolver, DTDHandler, ContentHandler, ErrorHandler\n * DefaultHandler2:DefaultHandler,LexicalHandler, DeclHandler, EntityResolver2\n * @link http://www.saxproject.org/apidoc/org/xml/sax/helpers/DefaultHandler.html\n */\nfunction DOMHandler() {\n    this.cdata = false;\n}\nfunction position(locator,node){\n\tnode.lineNumber = locator.lineNumber;\n\tnode.columnNumber = locator.columnNumber;\n}\n/**\n * @see org.xml.sax.ContentHandler#startDocument\n * @link http://www.saxproject.org/apidoc/org/xml/sax/ContentHandler.html\n */\nDOMHandler.prototype = {\n\tstartDocument : function() {\n    \tthis.doc = new DOMImplementation().createDocument(null, null, null);\n    \tif (this.locator) {\n        \tthis.doc.documentURI = this.locator.systemId;\n    \t}\n\t},\n\tstartElement:function(namespaceURI, localName, qName, attrs) {\n\t\tvar doc = this.doc;\n\t    var el = doc.createElementNS(namespaceURI, qName||localName);\n\t    var len = attrs.length;\n\t    appendElement(this, el);\n\t    this.currentElement = el;\n\n\t\tthis.locator && position(this.locator,el)\n\t    for (var i = 0 ; i < len; i++) {\n\t        var namespaceURI = attrs.getURI(i);\n\t        var value = attrs.getValue(i);\n\t        var qName = attrs.getQName(i);\n\t\t\tvar attr = doc.createAttributeNS(namespaceURI, qName);\n\t\t\tthis.locator &&position(attrs.getLocator(i),attr);\n\t\t\tattr.value = attr.nodeValue = value;\n\t\t\tel.setAttributeNode(attr)\n\t    }\n\t},\n\tendElement:function(namespaceURI, localName, qName) {\n\t\tvar current = this.currentElement\n\t\tvar tagName = current.tagName;\n\t\tthis.currentElement = current.parentNode;\n\t},\n\tstartPrefixMapping:function(prefix, uri) {\n\t},\n\tendPrefixMapping:function(prefix) {\n\t},\n\tprocessingInstruction:function(target, data) {\n\t    var ins = this.doc.createProcessingInstruction(target, data);\n\t    this.locator && position(this.locator,ins)\n\t    appendElement(this, ins);\n\t},\n\tignorableWhitespace:function(ch, start, length) {\n\t},\n\tcharacters:function(chars, start, length) {\n\t\tchars = _toString.apply(this,arguments)\n\t\t//console.log(chars)\n\t\tif(chars){\n\t\t\tif (this.cdata) {\n\t\t\t\tvar charNode = this.doc.createCDATASection(chars);\n\t\t\t} else {\n\t\t\t\tvar charNode = this.doc.createTextNode(chars);\n\t\t\t}\n\t\t\tif(this.currentElement){\n\t\t\t\tthis.currentElement.appendChild(charNode);\n\t\t\t}else if(/^\\s*$/.test(chars)){\n\t\t\t\tthis.doc.appendChild(charNode);\n\t\t\t\t//process xml\n\t\t\t}\n\t\t\tthis.locator && position(this.locator,charNode)\n\t\t}\n\t},\n\tskippedEntity:function(name) {\n\t},\n\tendDocument:function() {\n\t\tthis.doc.normalize();\n\t},\n\tsetDocumentLocator:function (locator) {\n\t    if(this.locator = locator){// && !('lineNumber' in locator)){\n\t    \tlocator.lineNumber = 0;\n\t    }\n\t},\n\t//LexicalHandler\n\tcomment:function(chars, start, length) {\n\t\tchars = _toString.apply(this,arguments)\n\t    var comm = this.doc.createComment(chars);\n\t    this.locator && position(this.locator,comm)\n\t    appendElement(this, comm);\n\t},\n\n\tstartCDATA:function() {\n\t    //used in characters() methods\n\t    this.cdata = true;\n\t},\n\tendCDATA:function() {\n\t    this.cdata = false;\n\t},\n\n\tstartDTD:function(name, publicId, systemId) {\n\t\tvar impl = this.doc.implementation;\n\t    if (impl && impl.createDocumentType) {\n\t        var dt = impl.createDocumentType(name, publicId, systemId);\n\t        this.locator && position(this.locator,dt)\n\t        appendElement(this, dt);\n\t\t\t\t\tthis.doc.doctype = dt;\n\t    }\n\t},\n\t/**\n\t * @see org.xml.sax.ErrorHandler\n\t * @link http://www.saxproject.org/apidoc/org/xml/sax/ErrorHandler.html\n\t */\n\twarning:function(error) {\n\t\tconsole.warn('[xmldom warning]\\t'+error,_locator(this.locator));\n\t},\n\terror:function(error) {\n\t\tconsole.error('[xmldom error]\\t'+error,_locator(this.locator));\n\t},\n\tfatalError:function(error) {\n\t\tthrow new ParseError(error, this.locator);\n\t}\n}\nfunction _locator(l){\n\tif(l){\n\t\treturn '\\n@'+(l.systemId ||'')+'#[line:'+l.lineNumber+',col:'+l.columnNumber+']'\n\t}\n}\nfunction _toString(chars,start,length){\n\tif(typeof chars == 'string'){\n\t\treturn chars.substr(start,length)\n\t}else{//java sax connect width xmldom on rhino(what about: \"? && !(chars instanceof String)\")\n\t\tif(chars.length >= start+length || start){\n\t\t\treturn new java.lang.String(chars,start,length)+'';\n\t\t}\n\t\treturn chars;\n\t}\n}\n\n/*\n * @link http://www.saxproject.org/apidoc/org/xml/sax/ext/LexicalHandler.html\n * used method of org.xml.sax.ext.LexicalHandler:\n *  #comment(chars, start, length)\n *  #startCDATA()\n *  #endCDATA()\n *  #startDTD(name, publicId, systemId)\n *\n *\n * IGNORED method of org.xml.sax.ext.LexicalHandler:\n *  #endDTD()\n *  #startEntity(name)\n *  #endEntity(name)\n *\n *\n * @link http://www.saxproject.org/apidoc/org/xml/sax/ext/DeclHandler.html\n * IGNORED method of org.xml.sax.ext.DeclHandler\n * \t#attributeDecl(eName, aName, type, mode, value)\n *  #elementDecl(name, model)\n *  #externalEntityDecl(name, publicId, systemId)\n *  #internalEntityDecl(name, value)\n * @link http://www.saxproject.org/apidoc/org/xml/sax/ext/EntityResolver2.html\n * IGNORED method of org.xml.sax.EntityResolver2\n *  #resolveEntity(String name,String publicId,String baseURI,String systemId)\n *  #resolveEntity(publicId, systemId)\n *  #getExternalSubset(name, baseURI)\n * @link http://www.saxproject.org/apidoc/org/xml/sax/DTDHandler.html\n * IGNORED method of org.xml.sax.DTDHandler\n *  #notationDecl(name, publicId, systemId) {};\n *  #unparsedEntityDecl(name, publicId, systemId, notationName) {};\n */\n\"endDTD,startEntity,endEntity,attributeDecl,elementDecl,externalEntityDecl,internalEntityDecl,resolveEntity,getExternalSubset,notationDecl,unparsedEntityDecl\".replace(/\\w+/g,function(key){\n\tDOMHandler.prototype[key] = function(){return null}\n})\n\n/* Private static helpers treated below as private instance methods, so don't need to add these to the public API; we might use a Relator to also get rid of non-standard public properties */\nfunction appendElement (hander,node) {\n    if (!hander.currentElement) {\n        hander.doc.appendChild(node);\n    } else {\n        hander.currentElement.appendChild(node);\n    }\n}//appendChild and setAttributeNS are preformance key\n\nexports.__DOMHandler = DOMHandler;\nexports.normalizeLineEndings = normalizeLineEndings;\nexports.DOMParser = DOMParser;\n","var conventions = require(\"./conventions\");\n\nvar find = conventions.find;\nvar NAMESPACE = conventions.NAMESPACE;\n\n/**\n * A prerequisite for `[].filter`, to drop elements that are empty\n * @param {string} input\n * @returns {boolean}\n */\nfunction notEmptyString (input) {\n\treturn input !== ''\n}\n/**\n * @see https://infra.spec.whatwg.org/#split-on-ascii-whitespace\n * @see https://infra.spec.whatwg.org/#ascii-whitespace\n *\n * @param {string} input\n * @returns {string[]} (can be empty)\n */\nfunction splitOnASCIIWhitespace(input) {\n\t// U+0009 TAB, U+000A LF, U+000C FF, U+000D CR, U+0020 SPACE\n\treturn input ? input.split(/[\\t\\n\\f\\r ]+/).filter(notEmptyString) : []\n}\n\n/**\n * Adds element as a key to current if it is not already present.\n *\n * @param {Record<string, boolean | undefined>} current\n * @param {string} element\n * @returns {Record<string, boolean | undefined>}\n */\nfunction orderedSetReducer (current, element) {\n\tif (!current.hasOwnProperty(element)) {\n\t\tcurrent[element] = true;\n\t}\n\treturn current;\n}\n\n/**\n * @see https://infra.spec.whatwg.org/#ordered-set\n * @param {string} input\n * @returns {string[]}\n */\nfunction toOrderedSet(input) {\n\tif (!input) return [];\n\tvar list = splitOnASCIIWhitespace(input);\n\treturn Object.keys(list.reduce(orderedSetReducer, {}))\n}\n\n/**\n * Uses `list.indexOf` to implement something like `Array.prototype.includes`,\n * which we can not rely on being available.\n *\n * @param {any[]} list\n * @returns {function(any): boolean}\n */\nfunction arrayIncludes (list) {\n\treturn function(element) {\n\t\treturn list && list.indexOf(element) !== -1;\n\t}\n}\n\nfunction copy(src,dest){\n\tfor(var p in src){\n\t\tif (Object.prototype.hasOwnProperty.call(src, p)) {\n\t\t\tdest[p] = src[p];\n\t\t}\n\t}\n}\n\n/**\n^\\w+\\.prototype\\.([_\\w]+)\\s*=\\s*((?:.*\\{\\s*?[\\r\\n][\\s\\S]*?^})|\\S.*?(?=[;\\r\\n]));?\n^\\w+\\.prototype\\.([_\\w]+)\\s*=\\s*(\\S.*?(?=[;\\r\\n]));?\n */\nfunction _extends(Class,Super){\n\tvar pt = Class.prototype;\n\tif(!(pt instanceof Super)){\n\t\tfunction t(){};\n\t\tt.prototype = Super.prototype;\n\t\tt = new t();\n\t\tcopy(pt,t);\n\t\tClass.prototype = pt = t;\n\t}\n\tif(pt.constructor != Class){\n\t\tif(typeof Class != 'function'){\n\t\t\tconsole.error(\"unknown Class:\"+Class)\n\t\t}\n\t\tpt.constructor = Class\n\t}\n}\n\n// Node Types\nvar NodeType = {}\nvar ELEMENT_NODE                = NodeType.ELEMENT_NODE                = 1;\nvar ATTRIBUTE_NODE              = NodeType.ATTRIBUTE_NODE              = 2;\nvar TEXT_NODE                   = NodeType.TEXT_NODE                   = 3;\nvar CDATA_SECTION_NODE          = NodeType.CDATA_SECTION_NODE          = 4;\nvar ENTITY_REFERENCE_NODE       = NodeType.ENTITY_REFERENCE_NODE       = 5;\nvar ENTITY_NODE                 = NodeType.ENTITY_NODE                 = 6;\nvar PROCESSING_INSTRUCTION_NODE = NodeType.PROCESSING_INSTRUCTION_NODE = 7;\nvar COMMENT_NODE                = NodeType.COMMENT_NODE                = 8;\nvar DOCUMENT_NODE               = NodeType.DOCUMENT_NODE               = 9;\nvar DOCUMENT_TYPE_NODE          = NodeType.DOCUMENT_TYPE_NODE          = 10;\nvar DOCUMENT_FRAGMENT_NODE      = NodeType.DOCUMENT_FRAGMENT_NODE      = 11;\nvar NOTATION_NODE               = NodeType.NOTATION_NODE               = 12;\n\n// ExceptionCode\nvar ExceptionCode = {}\nvar ExceptionMessage = {};\nvar INDEX_SIZE_ERR              = ExceptionCode.INDEX_SIZE_ERR              = ((ExceptionMessage[1]=\"Index size error\"),1);\nvar DOMSTRING_SIZE_ERR          = ExceptionCode.DOMSTRING_SIZE_ERR          = ((ExceptionMessage[2]=\"DOMString size error\"),2);\nvar HIERARCHY_REQUEST_ERR       = ExceptionCode.HIERARCHY_REQUEST_ERR       = ((ExceptionMessage[3]=\"Hierarchy request error\"),3);\nvar WRONG_DOCUMENT_ERR          = ExceptionCode.WRONG_DOCUMENT_ERR          = ((ExceptionMessage[4]=\"Wrong document\"),4);\nvar INVALID_CHARACTER_ERR       = ExceptionCode.INVALID_CHARACTER_ERR       = ((ExceptionMessage[5]=\"Invalid character\"),5);\nvar NO_DATA_ALLOWED_ERR         = ExceptionCode.NO_DATA_ALLOWED_ERR         = ((ExceptionMessage[6]=\"No data allowed\"),6);\nvar NO_MODIFICATION_ALLOWED_ERR = ExceptionCode.NO_MODIFICATION_ALLOWED_ERR = ((ExceptionMessage[7]=\"No modification allowed\"),7);\nvar NOT_FOUND_ERR               = ExceptionCode.NOT_FOUND_ERR               = ((ExceptionMessage[8]=\"Not found\"),8);\nvar NOT_SUPPORTED_ERR           = ExceptionCode.NOT_SUPPORTED_ERR           = ((ExceptionMessage[9]=\"Not supported\"),9);\nvar INUSE_ATTRIBUTE_ERR         = ExceptionCode.INUSE_ATTRIBUTE_ERR         = ((ExceptionMessage[10]=\"Attribute in use\"),10);\n//level2\nvar INVALID_STATE_ERR        \t= ExceptionCode.INVALID_STATE_ERR        \t= ((ExceptionMessage[11]=\"Invalid state\"),11);\nvar SYNTAX_ERR               \t= ExceptionCode.SYNTAX_ERR               \t= ((ExceptionMessage[12]=\"Syntax error\"),12);\nvar INVALID_MODIFICATION_ERR \t= ExceptionCode.INVALID_MODIFICATION_ERR \t= ((ExceptionMessage[13]=\"Invalid modification\"),13);\nvar NAMESPACE_ERR            \t= ExceptionCode.NAMESPACE_ERR           \t= ((ExceptionMessage[14]=\"Invalid namespace\"),14);\nvar INVALID_ACCESS_ERR       \t= ExceptionCode.INVALID_ACCESS_ERR      \t= ((ExceptionMessage[15]=\"Invalid access\"),15);\n\n/**\n * DOM Level 2\n * Object DOMException\n * @see http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/ecma-script-binding.html\n * @see http://www.w3.org/TR/REC-DOM-Level-1/ecma-script-language-binding.html\n */\nfunction DOMException(code, message) {\n\tif(message instanceof Error){\n\t\tvar error = message;\n\t}else{\n\t\terror = this;\n\t\tError.call(this, ExceptionMessage[code]);\n\t\tthis.message = ExceptionMessage[code];\n\t\tif(Error.captureStackTrace) Error.captureStackTrace(this, DOMException);\n\t}\n\terror.code = code;\n\tif(message) this.message = this.message + \": \" + message;\n\treturn error;\n};\nDOMException.prototype = Error.prototype;\ncopy(ExceptionCode,DOMException)\n\n/**\n * @see http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/core.html#ID-536297177\n * The NodeList interface provides the abstraction of an ordered collection of nodes, without defining or constraining how this collection is implemented. NodeList objects in the DOM are live.\n * The items in the NodeList are accessible via an integral index, starting from 0.\n */\nfunction NodeList() {\n};\nNodeList.prototype = {\n\t/**\n\t * The number of nodes in the list. The range of valid child node indices is 0 to length-1 inclusive.\n\t * @standard level1\n\t */\n\tlength:0,\n\t/**\n\t * Returns the indexth item in the collection. If index is greater than or equal to the number of nodes in the list, this returns null.\n\t * @standard level1\n\t * @param index  unsigned long\n\t *   Index into the collection.\n\t * @return Node\n\t * \tThe node at the indexth position in the NodeList, or null if that is not a valid index.\n\t */\n\titem: function(index) {\n\t\treturn index >= 0 && index < this.length ? this[index] : null;\n\t},\n\ttoString:function(isHTML,nodeFilter){\n\t\tfor(var buf = [], i = 0;i<this.length;i++){\n\t\t\tserializeToString(this[i],buf,isHTML,nodeFilter);\n\t\t}\n\t\treturn buf.join('');\n\t},\n\t/**\n\t * @private\n\t * @param {function (Node):boolean} predicate\n\t * @returns {Node[]}\n\t */\n\tfilter: function (predicate) {\n\t\treturn Array.prototype.filter.call(this, predicate);\n\t},\n\t/**\n\t * @private\n\t * @param {Node} item\n\t * @returns {number}\n\t */\n\tindexOf: function (item) {\n\t\treturn Array.prototype.indexOf.call(this, item);\n\t},\n};\n\nfunction LiveNodeList(node,refresh){\n\tthis._node = node;\n\tthis._refresh = refresh\n\t_updateLiveList(this);\n}\nfunction _updateLiveList(list){\n\tvar inc = list._node._inc || list._node.ownerDocument._inc;\n\tif (list._inc !== inc) {\n\t\tvar ls = list._refresh(list._node);\n\t\t__set__(list,'length',ls.length);\n\t\tif (!list.$$length || ls.length < list.$$length) {\n\t\t\tfor (var i = ls.length; i in list; i++) {\n\t\t\t\tif (Object.prototype.hasOwnProperty.call(list, i)) {\n\t\t\t\t\tdelete list[i];\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tcopy(ls,list);\n\t\tlist._inc = inc;\n\t}\n}\nLiveNodeList.prototype.item = function(i){\n\t_updateLiveList(this);\n\treturn this[i] || null;\n}\n\n_extends(LiveNodeList,NodeList);\n\n/**\n * Objects implementing the NamedNodeMap interface are used\n * to represent collections of nodes that can be accessed by name.\n * Note that NamedNodeMap does not inherit from NodeList;\n * NamedNodeMaps are not maintained in any particular order.\n * Objects contained in an object implementing NamedNodeMap may also be accessed by an ordinal index,\n * but this is simply to allow convenient enumeration of the contents of a NamedNodeMap,\n * and does not imply that the DOM specifies an order to these Nodes.\n * NamedNodeMap objects in the DOM are live.\n * used for attributes or DocumentType entities\n */\nfunction NamedNodeMap() {\n};\n\nfunction _findNodeIndex(list,node){\n\tvar i = list.length;\n\twhile(i--){\n\t\tif(list[i] === node){return i}\n\t}\n}\n\nfunction _addNamedNode(el,list,newAttr,oldAttr){\n\tif(oldAttr){\n\t\tlist[_findNodeIndex(list,oldAttr)] = newAttr;\n\t}else{\n\t\tlist[list.length++] = newAttr;\n\t}\n\tif(el){\n\t\tnewAttr.ownerElement = el;\n\t\tvar doc = el.ownerDocument;\n\t\tif(doc){\n\t\t\toldAttr && _onRemoveAttribute(doc,el,oldAttr);\n\t\t\t_onAddAttribute(doc,el,newAttr);\n\t\t}\n\t}\n}\nfunction _removeNamedNode(el,list,attr){\n\t//console.log('remove attr:'+attr)\n\tvar i = _findNodeIndex(list,attr);\n\tif(i>=0){\n\t\tvar lastIndex = list.length-1\n\t\twhile(i<lastIndex){\n\t\t\tlist[i] = list[++i]\n\t\t}\n\t\tlist.length = lastIndex;\n\t\tif(el){\n\t\t\tvar doc = el.ownerDocument;\n\t\t\tif(doc){\n\t\t\t\t_onRemoveAttribute(doc,el,attr);\n\t\t\t\tattr.ownerElement = null;\n\t\t\t}\n\t\t}\n\t}else{\n\t\tthrow new DOMException(NOT_FOUND_ERR,new Error(el.tagName+'@'+attr))\n\t}\n}\nNamedNodeMap.prototype = {\n\tlength:0,\n\titem:NodeList.prototype.item,\n\tgetNamedItem: function(key) {\n//\t\tif(key.indexOf(':')>0 || key == 'xmlns'){\n//\t\t\treturn null;\n//\t\t}\n\t\t//console.log()\n\t\tvar i = this.length;\n\t\twhile(i--){\n\t\t\tvar attr = this[i];\n\t\t\t//console.log(attr.nodeName,key)\n\t\t\tif(attr.nodeName == key){\n\t\t\t\treturn attr;\n\t\t\t}\n\t\t}\n\t},\n\tsetNamedItem: function(attr) {\n\t\tvar el = attr.ownerElement;\n\t\tif(el && el!=this._ownerElement){\n\t\t\tthrow new DOMException(INUSE_ATTRIBUTE_ERR);\n\t\t}\n\t\tvar oldAttr = this.getNamedItem(attr.nodeName);\n\t\t_addNamedNode(this._ownerElement,this,attr,oldAttr);\n\t\treturn oldAttr;\n\t},\n\t/* returns Node */\n\tsetNamedItemNS: function(attr) {// raises: WRONG_DOCUMENT_ERR,NO_MODIFICATION_ALLOWED_ERR,INUSE_ATTRIBUTE_ERR\n\t\tvar el = attr.ownerElement, oldAttr;\n\t\tif(el && el!=this._ownerElement){\n\t\t\tthrow new DOMException(INUSE_ATTRIBUTE_ERR);\n\t\t}\n\t\toldAttr = this.getNamedItemNS(attr.namespaceURI,attr.localName);\n\t\t_addNamedNode(this._ownerElement,this,attr,oldAttr);\n\t\treturn oldAttr;\n\t},\n\n\t/* returns Node */\n\tremoveNamedItem: function(key) {\n\t\tvar attr = this.getNamedItem(key);\n\t\t_removeNamedNode(this._ownerElement,this,attr);\n\t\treturn attr;\n\n\n\t},// raises: NOT_FOUND_ERR,NO_MODIFICATION_ALLOWED_ERR\n\n\t//for level2\n\tremoveNamedItemNS:function(namespaceURI,localName){\n\t\tvar attr = this.getNamedItemNS(namespaceURI,localName);\n\t\t_removeNamedNode(this._ownerElement,this,attr);\n\t\treturn attr;\n\t},\n\tgetNamedItemNS: function(namespaceURI, localName) {\n\t\tvar i = this.length;\n\t\twhile(i--){\n\t\t\tvar node = this[i];\n\t\t\tif(node.localName == localName && node.namespaceURI == namespaceURI){\n\t\t\t\treturn node;\n\t\t\t}\n\t\t}\n\t\treturn null;\n\t}\n};\n\n/**\n * The DOMImplementation interface represents an object providing methods\n * which are not dependent on any particular document.\n * Such an object is returned by the `Document.implementation` property.\n *\n * __The individual methods describe the differences compared to the specs.__\n *\n * @constructor\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMImplementation MDN\n * @see https://www.w3.org/TR/REC-DOM-Level-1/level-one-core.html#ID-102161490 DOM Level 1 Core (Initial)\n * @see https://www.w3.org/TR/DOM-Level-2-Core/core.html#ID-102161490 DOM Level 2 Core\n * @see https://www.w3.org/TR/DOM-Level-3-Core/core.html#ID-102161490 DOM Level 3 Core\n * @see https://dom.spec.whatwg.org/#domimplementation DOM Living Standard\n */\nfunction DOMImplementation() {\n}\n\nDOMImplementation.prototype = {\n\t/**\n\t * The DOMImplementation.hasFeature() method returns a Boolean flag indicating if a given feature is supported.\n\t * The different implementations fairly diverged in what kind of features were reported.\n\t * The latest version of the spec settled to force this method to always return true, where the functionality was accurate and in use.\n\t *\n\t * @deprecated It is deprecated and modern browsers return true in all cases.\n\t *\n\t * @param {string} feature\n\t * @param {string} [version]\n\t * @returns {boolean} always true\n\t *\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMImplementation/hasFeature MDN\n\t * @see https://www.w3.org/TR/REC-DOM-Level-1/level-one-core.html#ID-5CED94D7 DOM Level 1 Core\n\t * @see https://dom.spec.whatwg.org/#dom-domimplementation-hasfeature DOM Living Standard\n\t */\n\thasFeature: function(feature, version) {\n\t\t\treturn true;\n\t},\n\t/**\n\t * Creates an XML Document object of the specified type with its document element.\n\t *\n\t * __It behaves slightly different from the description in the living standard__:\n\t * - There is no interface/class `XMLDocument`, it returns a `Document` instance.\n\t * - `contentType`, `encoding`, `mode`, `origin`, `url` fields are currently not declared.\n\t * - this implementation is not validating names or qualified names\n\t *   (when parsing XML strings, the SAX parser takes care of that)\n\t *\n\t * @param {string|null} namespaceURI\n\t * @param {string} qualifiedName\n\t * @param {DocumentType=null} doctype\n\t * @returns {Document}\n\t *\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMImplementation/createDocument MDN\n\t * @see https://www.w3.org/TR/DOM-Level-2-Core/core.html#Level-2-Core-DOM-createDocument DOM Level 2 Core (initial)\n\t * @see https://dom.spec.whatwg.org/#dom-domimplementation-createdocument  DOM Level 2 Core\n\t *\n\t * @see https://dom.spec.whatwg.org/#validate-and-extract DOM: Validate and extract\n\t * @see https://www.w3.org/TR/xml/#NT-NameStartChar XML Spec: Names\n\t * @see https://www.w3.org/TR/xml-names/#ns-qualnames XML Namespaces: Qualified names\n\t */\n\tcreateDocument: function(namespaceURI,  qualifiedName, doctype){\n\t\tvar doc = new Document();\n\t\tdoc.implementation = this;\n\t\tdoc.childNodes = new NodeList();\n\t\tdoc.doctype = doctype || null;\n\t\tif (doctype){\n\t\t\tdoc.appendChild(doctype);\n\t\t}\n\t\tif (qualifiedName){\n\t\t\tvar root = doc.createElementNS(namespaceURI, qualifiedName);\n\t\t\tdoc.appendChild(root);\n\t\t}\n\t\treturn doc;\n\t},\n\t/**\n\t * Returns a doctype, with the given `qualifiedName`, `publicId`, and `systemId`.\n\t *\n\t * __This behavior is slightly different from the in the specs__:\n\t * - this implementation is not validating names or qualified names\n\t *   (when parsing XML strings, the SAX parser takes care of that)\n\t *\n\t * @param {string} qualifiedName\n\t * @param {string} [publicId]\n\t * @param {string} [systemId]\n\t * @returns {DocumentType} which can either be used with `DOMImplementation.createDocument` upon document creation\n\t * \t\t\t\t  or can be put into the document via methods like `Node.insertBefore()` or `Node.replaceChild()`\n\t *\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMImplementation/createDocumentType MDN\n\t * @see https://www.w3.org/TR/DOM-Level-2-Core/core.html#Level-2-Core-DOM-createDocType DOM Level 2 Core\n\t * @see https://dom.spec.whatwg.org/#dom-domimplementation-createdocumenttype DOM Living Standard\n\t *\n\t * @see https://dom.spec.whatwg.org/#validate-and-extract DOM: Validate and extract\n\t * @see https://www.w3.org/TR/xml/#NT-NameStartChar XML Spec: Names\n\t * @see https://www.w3.org/TR/xml-names/#ns-qualnames XML Namespaces: Qualified names\n\t */\n\tcreateDocumentType: function(qualifiedName, publicId, systemId){\n\t\tvar node = new DocumentType();\n\t\tnode.name = qualifiedName;\n\t\tnode.nodeName = qualifiedName;\n\t\tnode.publicId = publicId || '';\n\t\tnode.systemId = systemId || '';\n\n\t\treturn node;\n\t}\n};\n\n\n/**\n * @see http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/core.html#ID-1950641247\n */\n\nfunction Node() {\n};\n\nNode.prototype = {\n\tfirstChild : null,\n\tlastChild : null,\n\tpreviousSibling : null,\n\tnextSibling : null,\n\tattributes : null,\n\tparentNode : null,\n\tchildNodes : null,\n\townerDocument : null,\n\tnodeValue : null,\n\tnamespaceURI : null,\n\tprefix : null,\n\tlocalName : null,\n\t// Modified in DOM Level 2:\n\tinsertBefore:function(newChild, refChild){//raises\n\t\treturn _insertBefore(this,newChild,refChild);\n\t},\n\treplaceChild:function(newChild, oldChild){//raises\n\t\t_insertBefore(this, newChild,oldChild, assertPreReplacementValidityInDocument);\n\t\tif(oldChild){\n\t\t\tthis.removeChild(oldChild);\n\t\t}\n\t},\n\tremoveChild:function(oldChild){\n\t\treturn _removeChild(this,oldChild);\n\t},\n\tappendChild:function(newChild){\n\t\treturn this.insertBefore(newChild,null);\n\t},\n\thasChildNodes:function(){\n\t\treturn this.firstChild != null;\n\t},\n\tcloneNode:function(deep){\n\t\treturn cloneNode(this.ownerDocument||this,this,deep);\n\t},\n\t// Modified in DOM Level 2:\n\tnormalize:function(){\n\t\tvar child = this.firstChild;\n\t\twhile(child){\n\t\t\tvar next = child.nextSibling;\n\t\t\tif(next && next.nodeType == TEXT_NODE && child.nodeType == TEXT_NODE){\n\t\t\t\tthis.removeChild(next);\n\t\t\t\tchild.appendData(next.data);\n\t\t\t}else{\n\t\t\t\tchild.normalize();\n\t\t\t\tchild = next;\n\t\t\t}\n\t\t}\n\t},\n  \t// Introduced in DOM Level 2:\n\tisSupported:function(feature, version){\n\t\treturn this.ownerDocument.implementation.hasFeature(feature,version);\n\t},\n    // Introduced in DOM Level 2:\n    hasAttributes:function(){\n    \treturn this.attributes.length>0;\n    },\n\t/**\n\t * Look up the prefix associated to the given namespace URI, starting from this node.\n\t * **The default namespace declarations are ignored by this method.**\n\t * See Namespace Prefix Lookup for details on the algorithm used by this method.\n\t *\n\t * _Note: The implementation seems to be incomplete when compared to the algorithm described in the specs._\n\t *\n\t * @param {string | null} namespaceURI\n\t * @returns {string | null}\n\t * @see https://www.w3.org/TR/DOM-Level-3-Core/core.html#Node3-lookupNamespacePrefix\n\t * @see https://www.w3.org/TR/DOM-Level-3-Core/namespaces-algorithms.html#lookupNamespacePrefixAlgo\n\t * @see https://dom.spec.whatwg.org/#dom-node-lookupprefix\n\t * @see https://github.com/xmldom/xmldom/issues/322\n\t */\n    lookupPrefix:function(namespaceURI){\n    \tvar el = this;\n    \twhile(el){\n    \t\tvar map = el._nsMap;\n    \t\t//console.dir(map)\n    \t\tif(map){\n    \t\t\tfor(var n in map){\n\t\t\t\t\t\tif (Object.prototype.hasOwnProperty.call(map, n) && map[n] === namespaceURI) {\n\t\t\t\t\t\t\treturn n;\n\t\t\t\t\t\t}\n    \t\t\t}\n    \t\t}\n    \t\tel = el.nodeType == ATTRIBUTE_NODE?el.ownerDocument : el.parentNode;\n    \t}\n    \treturn null;\n    },\n    // Introduced in DOM Level 3:\n    lookupNamespaceURI:function(prefix){\n    \tvar el = this;\n    \twhile(el){\n    \t\tvar map = el._nsMap;\n    \t\t//console.dir(map)\n    \t\tif(map){\n    \t\t\tif(Object.prototype.hasOwnProperty.call(map, prefix)){\n    \t\t\t\treturn map[prefix] ;\n    \t\t\t}\n    \t\t}\n    \t\tel = el.nodeType == ATTRIBUTE_NODE?el.ownerDocument : el.parentNode;\n    \t}\n    \treturn null;\n    },\n    // Introduced in DOM Level 3:\n    isDefaultNamespace:function(namespaceURI){\n    \tvar prefix = this.lookupPrefix(namespaceURI);\n    \treturn prefix == null;\n    }\n};\n\n\nfunction _xmlEncoder(c){\n\treturn c == '<' && '&lt;' ||\n         c == '>' && '&gt;' ||\n         c == '&' && '&amp;' ||\n         c == '\"' && '&quot;' ||\n         '&#'+c.charCodeAt()+';'\n}\n\n\ncopy(NodeType,Node);\ncopy(NodeType,Node.prototype);\n\n/**\n * @param callback return true for continue,false for break\n * @return boolean true: break visit;\n */\nfunction _visitNode(node,callback){\n\tif(callback(node)){\n\t\treturn true;\n\t}\n\tif(node = node.firstChild){\n\t\tdo{\n\t\t\tif(_visitNode(node,callback)){return true}\n        }while(node=node.nextSibling)\n    }\n}\n\n\n\nfunction Document(){\n\tthis.ownerDocument = this;\n}\n\nfunction _onAddAttribute(doc,el,newAttr){\n\tdoc && doc._inc++;\n\tvar ns = newAttr.namespaceURI ;\n\tif(ns === NAMESPACE.XMLNS){\n\t\t//update namespace\n\t\tel._nsMap[newAttr.prefix?newAttr.localName:''] = newAttr.value\n\t}\n}\n\nfunction _onRemoveAttribute(doc,el,newAttr,remove){\n\tdoc && doc._inc++;\n\tvar ns = newAttr.namespaceURI ;\n\tif(ns === NAMESPACE.XMLNS){\n\t\t//update namespace\n\t\tdelete el._nsMap[newAttr.prefix?newAttr.localName:'']\n\t}\n}\n\n/**\n * Updates `el.childNodes`, updating the indexed items and it's `length`.\n * Passing `newChild` means it will be appended.\n * Otherwise it's assumed that an item has been removed,\n * and `el.firstNode` and it's `.nextSibling` are used\n * to walk the current list of child nodes.\n *\n * @param {Document} doc\n * @param {Node} el\n * @param {Node} [newChild]\n * @private\n */\nfunction _onUpdateChild (doc, el, newChild) {\n\tif(doc && doc._inc){\n\t\tdoc._inc++;\n\t\t//update childNodes\n\t\tvar cs = el.childNodes;\n\t\tif (newChild) {\n\t\t\tcs[cs.length++] = newChild;\n\t\t} else {\n\t\t\tvar child = el.firstChild;\n\t\t\tvar i = 0;\n\t\t\twhile (child) {\n\t\t\t\tcs[i++] = child;\n\t\t\t\tchild = child.nextSibling;\n\t\t\t}\n\t\t\tcs.length = i;\n\t\t\tdelete cs[cs.length];\n\t\t}\n\t}\n}\n\n/**\n * Removes the connections between `parentNode` and `child`\n * and any existing `child.previousSibling` or `child.nextSibling`.\n *\n * @see https://github.com/xmldom/xmldom/issues/135\n * @see https://github.com/xmldom/xmldom/issues/145\n *\n * @param {Node} parentNode\n * @param {Node} child\n * @returns {Node} the child that was removed.\n * @private\n */\nfunction _removeChild (parentNode, child) {\n\tvar previous = child.previousSibling;\n\tvar next = child.nextSibling;\n\tif (previous) {\n\t\tprevious.nextSibling = next;\n\t} else {\n\t\tparentNode.firstChild = next;\n\t}\n\tif (next) {\n\t\tnext.previousSibling = previous;\n\t} else {\n\t\tparentNode.lastChild = previous;\n\t}\n\tchild.parentNode = null;\n\tchild.previousSibling = null;\n\tchild.nextSibling = null;\n\t_onUpdateChild(parentNode.ownerDocument, parentNode);\n\treturn child;\n}\n\n/**\n * Returns `true` if `node` can be a parent for insertion.\n * @param {Node} node\n * @returns {boolean}\n */\nfunction hasValidParentNodeType(node) {\n\treturn (\n\t\tnode &&\n\t\t(node.nodeType === Node.DOCUMENT_NODE || node.nodeType === Node.DOCUMENT_FRAGMENT_NODE || node.nodeType === Node.ELEMENT_NODE)\n\t);\n}\n\n/**\n * Returns `true` if `node` can be inserted according to it's `nodeType`.\n * @param {Node} node\n * @returns {boolean}\n */\nfunction hasInsertableNodeType(node) {\n\treturn (\n\t\tnode &&\n\t\t(isElementNode(node) ||\n\t\t\tisTextNode(node) ||\n\t\t\tisDocTypeNode(node) ||\n\t\t\tnode.nodeType === Node.DOCUMENT_FRAGMENT_NODE ||\n\t\t\tnode.nodeType === Node.COMMENT_NODE ||\n\t\t\tnode.nodeType === Node.PROCESSING_INSTRUCTION_NODE)\n\t);\n}\n\n/**\n * Returns true if `node` is a DOCTYPE node\n * @param {Node} node\n * @returns {boolean}\n */\nfunction isDocTypeNode(node) {\n\treturn node && node.nodeType === Node.DOCUMENT_TYPE_NODE;\n}\n\n/**\n * Returns true if the node is an element\n * @param {Node} node\n * @returns {boolean}\n */\nfunction isElementNode(node) {\n\treturn node && node.nodeType === Node.ELEMENT_NODE;\n}\n/**\n * Returns true if `node` is a text node\n * @param {Node} node\n * @returns {boolean}\n */\nfunction isTextNode(node) {\n\treturn node && node.nodeType === Node.TEXT_NODE;\n}\n\n/**\n * Check if en element node can be inserted before `child`, or at the end if child is falsy,\n * according to the presence and position of a doctype node on the same level.\n *\n * @param {Document} doc The document node\n * @param {Node} child the node that would become the nextSibling if the element would be inserted\n * @returns {boolean} `true` if an element can be inserted before child\n * @private\n * https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n */\nfunction isElementInsertionPossible(doc, child) {\n\tvar parentChildNodes = doc.childNodes || [];\n\tif (find(parentChildNodes, isElementNode) || isDocTypeNode(child)) {\n\t\treturn false;\n\t}\n\tvar docTypeNode = find(parentChildNodes, isDocTypeNode);\n\treturn !(child && docTypeNode && parentChildNodes.indexOf(docTypeNode) > parentChildNodes.indexOf(child));\n}\n\n/**\n * Check if en element node can be inserted before `child`, or at the end if child is falsy,\n * according to the presence and position of a doctype node on the same level.\n *\n * @param {Node} doc The document node\n * @param {Node} child the node that would become the nextSibling if the element would be inserted\n * @returns {boolean} `true` if an element can be inserted before child\n * @private\n * https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n */\nfunction isElementReplacementPossible(doc, child) {\n\tvar parentChildNodes = doc.childNodes || [];\n\n\tfunction hasElementChildThatIsNotChild(node) {\n\t\treturn isElementNode(node) && node !== child;\n\t}\n\n\tif (find(parentChildNodes, hasElementChildThatIsNotChild)) {\n\t\treturn false;\n\t}\n\tvar docTypeNode = find(parentChildNodes, isDocTypeNode);\n\treturn !(child && docTypeNode && parentChildNodes.indexOf(docTypeNode) > parentChildNodes.indexOf(child));\n}\n\n/**\n * @private\n * Steps 1-5 of the checks before inserting and before replacing a child are the same.\n *\n * @param {Node} parent the parent node to insert `node` into\n * @param {Node} node the node to insert\n * @param {Node=} child the node that should become the `nextSibling` of `node`\n * @returns {Node}\n * @throws DOMException for several node combinations that would create a DOM that is not well-formed.\n * @throws DOMException if `child` is provided but is not a child of `parent`.\n * @see https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n * @see https://dom.spec.whatwg.org/#concept-node-replace\n */\nfunction assertPreInsertionValidity1to5(parent, node, child) {\n\t// 1. If `parent` is not a Document, DocumentFragment, or Element node, then throw a \"HierarchyRequestError\" DOMException.\n\tif (!hasValidParentNodeType(parent)) {\n\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Unexpected parent node type ' + parent.nodeType);\n\t}\n\t// 2. If `node` is a host-including inclusive ancestor of `parent`, then throw a \"HierarchyRequestError\" DOMException.\n\t// not implemented!\n\t// 3. If `child` is non-null and its parent is not `parent`, then throw a \"NotFoundError\" DOMException.\n\tif (child && child.parentNode !== parent) {\n\t\tthrow new DOMException(NOT_FOUND_ERR, 'child not in parent');\n\t}\n\tif (\n\t\t// 4. If `node` is not a DocumentFragment, DocumentType, Element, or CharacterData node, then throw a \"HierarchyRequestError\" DOMException.\n\t\t!hasInsertableNodeType(node) ||\n\t\t// 5. If either `node` is a Text node and `parent` is a document,\n\t\t// the sax parser currently adds top level text nodes, this will be fixed in 0.9.0\n\t\t// || (node.nodeType === Node.TEXT_NODE && parent.nodeType === Node.DOCUMENT_NODE)\n\t\t// or `node` is a doctype and `parent` is not a document, then throw a \"HierarchyRequestError\" DOMException.\n\t\t(isDocTypeNode(node) && parent.nodeType !== Node.DOCUMENT_NODE)\n\t) {\n\t\tthrow new DOMException(\n\t\t\tHIERARCHY_REQUEST_ERR,\n\t\t\t'Unexpected node type ' + node.nodeType + ' for parent node type ' + parent.nodeType\n\t\t);\n\t}\n}\n\n/**\n * @private\n * Step 6 of the checks before inserting and before replacing a child are different.\n *\n * @param {Document} parent the parent node to insert `node` into\n * @param {Node} node the node to insert\n * @param {Node | undefined} child the node that should become the `nextSibling` of `node`\n * @returns {Node}\n * @throws DOMException for several node combinations that would create a DOM that is not well-formed.\n * @throws DOMException if `child` is provided but is not a child of `parent`.\n * @see https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n * @see https://dom.spec.whatwg.org/#concept-node-replace\n */\nfunction assertPreInsertionValidityInDocument(parent, node, child) {\n\tvar parentChildNodes = parent.childNodes || [];\n\tvar nodeChildNodes = node.childNodes || [];\n\n\t// DocumentFragment\n\tif (node.nodeType === Node.DOCUMENT_FRAGMENT_NODE) {\n\t\tvar nodeChildElements = nodeChildNodes.filter(isElementNode);\n\t\t// If node has more than one element child or has a Text node child.\n\t\tif (nodeChildElements.length > 1 || find(nodeChildNodes, isTextNode)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'More than one element or text in fragment');\n\t\t}\n\t\t// Otherwise, if `node` has one element child and either `parent` has an element child,\n\t\t// `child` is a doctype, or `child` is non-null and a doctype is following `child`.\n\t\tif (nodeChildElements.length === 1 && !isElementInsertionPossible(parent, child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Element in fragment can not be inserted before doctype');\n\t\t}\n\t}\n\t// Element\n\tif (isElementNode(node)) {\n\t\t// `parent` has an element child, `child` is a doctype,\n\t\t// or `child` is non-null and a doctype is following `child`.\n\t\tif (!isElementInsertionPossible(parent, child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Only one element can be added and only after doctype');\n\t\t}\n\t}\n\t// DocumentType\n\tif (isDocTypeNode(node)) {\n\t\t// `parent` has a doctype child,\n\t\tif (find(parentChildNodes, isDocTypeNode)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Only one doctype is allowed');\n\t\t}\n\t\tvar parentElementChild = find(parentChildNodes, isElementNode);\n\t\t// `child` is non-null and an element is preceding `child`,\n\t\tif (child && parentChildNodes.indexOf(parentElementChild) < parentChildNodes.indexOf(child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Doctype can only be inserted before an element');\n\t\t}\n\t\t// or `child` is null and `parent` has an element child.\n\t\tif (!child && parentElementChild) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Doctype can not be appended since element is present');\n\t\t}\n\t}\n}\n\n/**\n * @private\n * Step 6 of the checks before inserting and before replacing a child are different.\n *\n * @param {Document} parent the parent node to insert `node` into\n * @param {Node} node the node to insert\n * @param {Node | undefined} child the node that should become the `nextSibling` of `node`\n * @returns {Node}\n * @throws DOMException for several node combinations that would create a DOM that is not well-formed.\n * @throws DOMException if `child` is provided but is not a child of `parent`.\n * @see https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n * @see https://dom.spec.whatwg.org/#concept-node-replace\n */\nfunction assertPreReplacementValidityInDocument(parent, node, child) {\n\tvar parentChildNodes = parent.childNodes || [];\n\tvar nodeChildNodes = node.childNodes || [];\n\n\t// DocumentFragment\n\tif (node.nodeType === Node.DOCUMENT_FRAGMENT_NODE) {\n\t\tvar nodeChildElements = nodeChildNodes.filter(isElementNode);\n\t\t// If `node` has more than one element child or has a Text node child.\n\t\tif (nodeChildElements.length > 1 || find(nodeChildNodes, isTextNode)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'More than one element or text in fragment');\n\t\t}\n\t\t// Otherwise, if `node` has one element child and either `parent` has an element child that is not `child` or a doctype is following `child`.\n\t\tif (nodeChildElements.length === 1 && !isElementReplacementPossible(parent, child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Element in fragment can not be inserted before doctype');\n\t\t}\n\t}\n\t// Element\n\tif (isElementNode(node)) {\n\t\t// `parent` has an element child that is not `child` or a doctype is following `child`.\n\t\tif (!isElementReplacementPossible(parent, child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Only one element can be added and only after doctype');\n\t\t}\n\t}\n\t// DocumentType\n\tif (isDocTypeNode(node)) {\n\t\tfunction hasDoctypeChildThatIsNotChild(node) {\n\t\t\treturn isDocTypeNode(node) && node !== child;\n\t\t}\n\n\t\t// `parent` has a doctype child that is not `child`,\n\t\tif (find(parentChildNodes, hasDoctypeChildThatIsNotChild)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Only one doctype is allowed');\n\t\t}\n\t\tvar parentElementChild = find(parentChildNodes, isElementNode);\n\t\t// or an element is preceding `child`.\n\t\tif (child && parentChildNodes.indexOf(parentElementChild) < parentChildNodes.indexOf(child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Doctype can only be inserted before an element');\n\t\t}\n\t}\n}\n\n/**\n * @private\n * @param {Node} parent the parent node to insert `node` into\n * @param {Node} node the node to insert\n * @param {Node=} child the node that should become the `nextSibling` of `node`\n * @returns {Node}\n * @throws DOMException for several node combinations that would create a DOM that is not well-formed.\n * @throws DOMException if `child` is provided but is not a child of `parent`.\n * @see https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n */\nfunction _insertBefore(parent, node, child, _inDocumentAssertion) {\n\t// To ensure pre-insertion validity of a node into a parent before a child, run these steps:\n\tassertPreInsertionValidity1to5(parent, node, child);\n\n\t// If parent is a document, and any of the statements below, switched on the interface node implements,\n\t// are true, then throw a \"HierarchyRequestError\" DOMException.\n\tif (parent.nodeType === Node.DOCUMENT_NODE) {\n\t\t(_inDocumentAssertion || assertPreInsertionValidityInDocument)(parent, node, child);\n\t}\n\n\tvar cp = node.parentNode;\n\tif(cp){\n\t\tcp.removeChild(node);//remove and update\n\t}\n\tif(node.nodeType === DOCUMENT_FRAGMENT_NODE){\n\t\tvar newFirst = node.firstChild;\n\t\tif (newFirst == null) {\n\t\t\treturn node;\n\t\t}\n\t\tvar newLast = node.lastChild;\n\t}else{\n\t\tnewFirst = newLast = node;\n\t}\n\tvar pre = child ? child.previousSibling : parent.lastChild;\n\n\tnewFirst.previousSibling = pre;\n\tnewLast.nextSibling = child;\n\n\n\tif(pre){\n\t\tpre.nextSibling = newFirst;\n\t}else{\n\t\tparent.firstChild = newFirst;\n\t}\n\tif(child == null){\n\t\tparent.lastChild = newLast;\n\t}else{\n\t\tchild.previousSibling = newLast;\n\t}\n\tdo{\n\t\tnewFirst.parentNode = parent;\n\t\t// Update ownerDocument for each node being inserted\n\t\tvar targetDoc = parent.ownerDocument || parent;\n\t\t_updateOwnerDocument(newFirst, targetDoc);\n\t}while(newFirst !== newLast && (newFirst= newFirst.nextSibling))\n\t_onUpdateChild(parent.ownerDocument||parent, parent);\n\t//console.log(parent.lastChild.nextSibling == null)\n\tif (node.nodeType == DOCUMENT_FRAGMENT_NODE) {\n\t\tnode.firstChild = node.lastChild = null;\n\t}\n\treturn node;\n}\n\n/**\n * Recursively updates the ownerDocument property for a node and all its descendants\n * @param {Node} node\n * @param {Document} newOwnerDocument\n * @private\n */\nfunction _updateOwnerDocument(node, newOwnerDocument) {\n\tif (node.ownerDocument === newOwnerDocument) {\n\t\treturn;\n\t}\n\t\n\tnode.ownerDocument = newOwnerDocument;\n\t\n\t// Update attributes if this is an element\n\tif (node.nodeType === ELEMENT_NODE && node.attributes) {\n\t\tfor (var i = 0; i < node.attributes.length; i++) {\n\t\t\tvar attr = node.attributes.item(i);\n\t\t\tif (attr) {\n\t\t\t\tattr.ownerDocument = newOwnerDocument;\n\t\t\t}\n\t\t}\n\t}\n\t\n\t// Recursively update child nodes\n\tvar child = node.firstChild;\n\twhile (child) {\n\t\t_updateOwnerDocument(child, newOwnerDocument);\n\t\tchild = child.nextSibling;\n\t}\n}\n\n/**\n * Appends `newChild` to `parentNode`.\n * If `newChild` is already connected to a `parentNode` it is first removed from it.\n *\n * @see https://github.com/xmldom/xmldom/issues/135\n * @see https://github.com/xmldom/xmldom/issues/145\n * @param {Node} parentNode\n * @param {Node} newChild\n * @returns {Node}\n * @private\n */\nfunction _appendSingleChild (parentNode, newChild) {\n\tif (newChild.parentNode) {\n\t\tnewChild.parentNode.removeChild(newChild);\n\t}\n\tnewChild.parentNode = parentNode;\n\tnewChild.previousSibling = parentNode.lastChild;\n\tnewChild.nextSibling = null;\n\tif (newChild.previousSibling) {\n\t\tnewChild.previousSibling.nextSibling = newChild;\n\t} else {\n\t\tparentNode.firstChild = newChild;\n\t}\n\tparentNode.lastChild = newChild;\n\t_onUpdateChild(parentNode.ownerDocument, parentNode, newChild);\n\t\n\t// Update ownerDocument for the new child and all its descendants\n\tvar targetDoc = parentNode.ownerDocument || parentNode;\n\t_updateOwnerDocument(newChild, targetDoc);\n\t\n\treturn newChild;\n}\n\nDocument.prototype = {\n\t//implementation : null,\n\tnodeName :  '#document',\n\tnodeType :  DOCUMENT_NODE,\n\t/**\n\t * The DocumentType node of the document.\n\t *\n\t * @readonly\n\t * @type DocumentType\n\t */\n\tdoctype :  null,\n\tdocumentElement :  null,\n\t_inc : 1,\n\n\tinsertBefore :  function(newChild, refChild){//raises\n\t\tif(newChild.nodeType == DOCUMENT_FRAGMENT_NODE){\n\t\t\tvar child = newChild.firstChild;\n\t\t\twhile(child){\n\t\t\t\tvar next = child.nextSibling;\n\t\t\t\tthis.insertBefore(child,refChild);\n\t\t\t\tchild = next;\n\t\t\t}\n\t\t\treturn newChild;\n\t\t}\n\t\t_insertBefore(this, newChild, refChild);\n\t\t_updateOwnerDocument(newChild, this);\n\t\tif (this.documentElement === null && newChild.nodeType === ELEMENT_NODE) {\n\t\t\tthis.documentElement = newChild;\n\t\t}\n\n\t\treturn newChild;\n\t},\n\tremoveChild :  function(oldChild){\n\t\tif(this.documentElement == oldChild){\n\t\t\tthis.documentElement = null;\n\t\t}\n\t\treturn _removeChild(this,oldChild);\n\t},\n\treplaceChild: function (newChild, oldChild) {\n\t\t//raises\n\t\t_insertBefore(this, newChild, oldChild, assertPreReplacementValidityInDocument);\n\t\t_updateOwnerDocument(newChild, this);\n\t\tif (oldChild) {\n\t\t\tthis.removeChild(oldChild);\n\t\t}\n\t\tif (isElementNode(newChild)) {\n\t\t\tthis.documentElement = newChild;\n\t\t}\n\t},\n\t// Introduced in DOM Level 2:\n\timportNode : function(importedNode,deep){\n\t\treturn importNode(this,importedNode,deep);\n\t},\n\t// Introduced in DOM Level 2:\n\tgetElementById :\tfunction(id){\n\t\tvar rtv = null;\n\t\t_visitNode(this.documentElement,function(node){\n\t\t\tif(node.nodeType == ELEMENT_NODE){\n\t\t\t\tif(node.getAttribute('id') == id){\n\t\t\t\t\trtv = node;\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\t\treturn rtv;\n\t},\n\n\t/**\n\t * The `getElementsByClassName` method of `Document` interface returns an array-like object\n\t * of all child elements which have **all** of the given class name(s).\n\t *\n\t * Returns an empty list if `classeNames` is an empty string or only contains HTML white space characters.\n\t *\n\t *\n\t * Warning: This is a live LiveNodeList.\n\t * Changes in the DOM will reflect in the array as the changes occur.\n\t * If an element selected by this array no longer qualifies for the selector,\n\t * it will automatically be removed. Be aware of this for iteration purposes.\n\t *\n\t * @param {string} classNames is a string representing the class name(s) to match; multiple class names are separated by (ASCII-)whitespace\n\t *\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/Document/getElementsByClassName\n\t * @see https://dom.spec.whatwg.org/#concept-getelementsbyclassname\n\t */\n\tgetElementsByClassName: function(classNames) {\n\t\tvar classNamesSet = toOrderedSet(classNames)\n\t\treturn new LiveNodeList(this, function(base) {\n\t\t\tvar ls = [];\n\t\t\tif (classNamesSet.length > 0) {\n\t\t\t\t_visitNode(base.documentElement, function(node) {\n\t\t\t\t\tif(node !== base && node.nodeType === ELEMENT_NODE) {\n\t\t\t\t\t\tvar nodeClassNames = node.getAttribute('class')\n\t\t\t\t\t\t// can be null if the attribute does not exist\n\t\t\t\t\t\tif (nodeClassNames) {\n\t\t\t\t\t\t\t// before splitting and iterating just compare them for the most common case\n\t\t\t\t\t\t\tvar matches = classNames === nodeClassNames;\n\t\t\t\t\t\t\tif (!matches) {\n\t\t\t\t\t\t\t\tvar nodeClassNamesSet = toOrderedSet(nodeClassNames)\n\t\t\t\t\t\t\t\tmatches = classNamesSet.every(arrayIncludes(nodeClassNamesSet))\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif(matches) {\n\t\t\t\t\t\t\t\tls.push(node);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn ls;\n\t\t});\n\t},\n\n\t//document factory method:\n\tcreateElement :\tfunction(tagName){\n\t\tvar node = new Element();\n\t\tnode.ownerDocument = this;\n\t\tnode.nodeName = tagName;\n\t\tnode.tagName = tagName;\n\t\tnode.localName = tagName;\n\t\tnode.childNodes = new NodeList();\n\t\tvar attrs\t= node.attributes = new NamedNodeMap();\n\t\tattrs._ownerElement = node;\n\t\treturn node;\n\t},\n\tcreateDocumentFragment :\tfunction(){\n\t\tvar node = new DocumentFragment();\n\t\tnode.ownerDocument = this;\n\t\tnode.childNodes = new NodeList();\n\t\treturn node;\n\t},\n\tcreateTextNode :\tfunction(data){\n\t\tvar node = new Text();\n\t\tnode.ownerDocument = this;\n\t\tnode.appendData(data)\n\t\treturn node;\n\t},\n\tcreateComment :\tfunction(data){\n\t\tvar node = new Comment();\n\t\tnode.ownerDocument = this;\n\t\tnode.appendData(data)\n\t\treturn node;\n\t},\n\tcreateCDATASection :\tfunction(data){\n\t\tvar node = new CDATASection();\n\t\tnode.ownerDocument = this;\n\t\tnode.appendData(data)\n\t\treturn node;\n\t},\n\tcreateProcessingInstruction :\tfunction(target,data){\n\t\tvar node = new ProcessingInstruction();\n\t\tnode.ownerDocument = this;\n\t\tnode.tagName = node.nodeName = node.target = target;\n\t\tnode.nodeValue = node.data = data;\n\t\treturn node;\n\t},\n\tcreateAttribute :\tfunction(name){\n\t\tvar node = new Attr();\n\t\tnode.ownerDocument\t= this;\n\t\tnode.name = name;\n\t\tnode.nodeName\t= name;\n\t\tnode.localName = name;\n\t\tnode.specified = true;\n\t\treturn node;\n\t},\n\tcreateEntityReference :\tfunction(name){\n\t\tvar node = new EntityReference();\n\t\tnode.ownerDocument\t= this;\n\t\tnode.nodeName\t= name;\n\t\treturn node;\n\t},\n\t// Introduced in DOM Level 2:\n\tcreateElementNS :\tfunction(namespaceURI,qualifiedName){\n\t\tvar node = new Element();\n\t\tvar pl = qualifiedName.split(':');\n\t\tvar attrs\t= node.attributes = new NamedNodeMap();\n\t\tnode.childNodes = new NodeList();\n\t\tnode.ownerDocument = this;\n\t\tnode.nodeName = qualifiedName;\n\t\tnode.tagName = qualifiedName;\n\t\tnode.namespaceURI = namespaceURI;\n\t\tif(pl.length == 2){\n\t\t\tnode.prefix = pl[0];\n\t\t\tnode.localName = pl[1];\n\t\t}else{\n\t\t\t//el.prefix = null;\n\t\t\tnode.localName = qualifiedName;\n\t\t}\n\t\tattrs._ownerElement = node;\n\t\treturn node;\n\t},\n\t// Introduced in DOM Level 2:\n\tcreateAttributeNS :\tfunction(namespaceURI,qualifiedName){\n\t\tvar node = new Attr();\n\t\tvar pl = qualifiedName.split(':');\n\t\tnode.ownerDocument = this;\n\t\tnode.nodeName = qualifiedName;\n\t\tnode.name = qualifiedName;\n\t\tnode.namespaceURI = namespaceURI;\n\t\tnode.specified = true;\n\t\tif(pl.length == 2){\n\t\t\tnode.prefix = pl[0];\n\t\t\tnode.localName = pl[1];\n\t\t}else{\n\t\t\t//el.prefix = null;\n\t\t\tnode.localName = qualifiedName;\n\t\t}\n\t\treturn node;\n\t}\n};\n_extends(Document,Node);\n\n\nfunction Element() {\n\tthis._nsMap = {};\n};\nElement.prototype = {\n\tnodeType : ELEMENT_NODE,\n\thasAttribute : function(name){\n\t\treturn this.getAttributeNode(name)!=null;\n\t},\n\tgetAttribute : function(name){\n\t\tvar attr = this.getAttributeNode(name);\n\t\treturn attr && attr.value || '';\n\t},\n\tgetAttributeNode : function(name){\n\t\treturn this.attributes.getNamedItem(name);\n\t},\n\tsetAttribute : function(name, value){\n\t\tvar attr = this.ownerDocument.createAttribute(name);\n\t\tattr.value = attr.nodeValue = \"\" + value;\n\t\tthis.setAttributeNode(attr)\n\t},\n\tremoveAttribute : function(name){\n\t\tvar attr = this.getAttributeNode(name)\n\t\tattr && this.removeAttributeNode(attr);\n\t},\n\n\t//four real opeartion method\n\tappendChild:function(newChild){\n\t\tif(newChild.nodeType === DOCUMENT_FRAGMENT_NODE){\n\t\t\treturn this.insertBefore(newChild,null);\n\t\t}else{\n\t\t\treturn _appendSingleChild(this,newChild);\n\t\t}\n\t},\n\tsetAttributeNode : function(newAttr){\n\t\treturn this.attributes.setNamedItem(newAttr);\n\t},\n\tsetAttributeNodeNS : function(newAttr){\n\t\treturn this.attributes.setNamedItemNS(newAttr);\n\t},\n\tremoveAttributeNode : function(oldAttr){\n\t\t//console.log(this == oldAttr.ownerElement)\n\t\treturn this.attributes.removeNamedItem(oldAttr.nodeName);\n\t},\n\t//get real attribute name,and remove it by removeAttributeNode\n\tremoveAttributeNS : function(namespaceURI, localName){\n\t\tvar old = this.getAttributeNodeNS(namespaceURI, localName);\n\t\told && this.removeAttributeNode(old);\n\t},\n\n\thasAttributeNS : function(namespaceURI, localName){\n\t\treturn this.getAttributeNodeNS(namespaceURI, localName)!=null;\n\t},\n\tgetAttributeNS : function(namespaceURI, localName){\n\t\tvar attr = this.getAttributeNodeNS(namespaceURI, localName);\n\t\treturn attr && attr.value || '';\n\t},\n\tsetAttributeNS : function(namespaceURI, qualifiedName, value){\n\t\tvar attr = this.ownerDocument.createAttributeNS(namespaceURI, qualifiedName);\n\t\tattr.value = attr.nodeValue = \"\" + value;\n\t\tthis.setAttributeNode(attr)\n\t},\n\tgetAttributeNodeNS : function(namespaceURI, localName){\n\t\treturn this.attributes.getNamedItemNS(namespaceURI, localName);\n\t},\n\n\tgetElementsByTagName : function(tagName){\n\t\treturn new LiveNodeList(this,function(base){\n\t\t\tvar ls = [];\n\t\t\t_visitNode(base,function(node){\n\t\t\t\tif(node !== base && node.nodeType == ELEMENT_NODE && (tagName === '*' || node.tagName == tagName)){\n\t\t\t\t\tls.push(node);\n\t\t\t\t}\n\t\t\t});\n\t\t\treturn ls;\n\t\t});\n\t},\n\tgetElementsByTagNameNS : function(namespaceURI, localName){\n\t\treturn new LiveNodeList(this,function(base){\n\t\t\tvar ls = [];\n\t\t\t_visitNode(base,function(node){\n\t\t\t\tif(node !== base && node.nodeType === ELEMENT_NODE && (namespaceURI === '*' || node.namespaceURI === namespaceURI) && (localName === '*' || node.localName == localName)){\n\t\t\t\t\tls.push(node);\n\t\t\t\t}\n\t\t\t});\n\t\t\treturn ls;\n\n\t\t});\n\t}\n};\nDocument.prototype.getElementsByTagName = Element.prototype.getElementsByTagName;\nDocument.prototype.getElementsByTagNameNS = Element.prototype.getElementsByTagNameNS;\n\n\n_extends(Element,Node);\nfunction Attr() {\n};\nAttr.prototype.nodeType = ATTRIBUTE_NODE;\n_extends(Attr,Node);\n\n\nfunction CharacterData() {\n};\nCharacterData.prototype = {\n\tdata : '',\n\tsubstringData : function(offset, count) {\n\t\treturn this.data.substring(offset, offset+count);\n\t},\n\tappendData: function(text) {\n\t\ttext = this.data+text;\n\t\tthis.nodeValue = this.data = text;\n\t\tthis.length = text.length;\n\t},\n\tinsertData: function(offset,text) {\n\t\tthis.replaceData(offset,0,text);\n\n\t},\n\tappendChild:function(newChild){\n\t\tthrow new Error(ExceptionMessage[HIERARCHY_REQUEST_ERR])\n\t},\n\tdeleteData: function(offset, count) {\n\t\tthis.replaceData(offset,count,\"\");\n\t},\n\treplaceData: function(offset, count, text) {\n\t\tvar start = this.data.substring(0,offset);\n\t\tvar end = this.data.substring(offset+count);\n\t\ttext = start + text + end;\n\t\tthis.nodeValue = this.data = text;\n\t\tthis.length = text.length;\n\t}\n}\n_extends(CharacterData,Node);\nfunction Text() {\n};\nText.prototype = {\n\tnodeName : \"#text\",\n\tnodeType : TEXT_NODE,\n\tsplitText : function(offset) {\n\t\tvar text = this.data;\n\t\tvar newText = text.substring(offset);\n\t\ttext = text.substring(0, offset);\n\t\tthis.data = this.nodeValue = text;\n\t\tthis.length = text.length;\n\t\tvar newNode = this.ownerDocument.createTextNode(newText);\n\t\tif(this.parentNode){\n\t\t\tthis.parentNode.insertBefore(newNode, this.nextSibling);\n\t\t}\n\t\treturn newNode;\n\t}\n}\n_extends(Text,CharacterData);\nfunction Comment() {\n};\nComment.prototype = {\n\tnodeName : \"#comment\",\n\tnodeType : COMMENT_NODE\n}\n_extends(Comment,CharacterData);\n\nfunction CDATASection() {\n};\nCDATASection.prototype = {\n\tnodeName : \"#cdata-section\",\n\tnodeType : CDATA_SECTION_NODE\n}\n_extends(CDATASection,CharacterData);\n\n\nfunction DocumentType() {\n};\nDocumentType.prototype.nodeType = DOCUMENT_TYPE_NODE;\n_extends(DocumentType,Node);\n\nfunction Notation() {\n};\nNotation.prototype.nodeType = NOTATION_NODE;\n_extends(Notation,Node);\n\nfunction Entity() {\n};\nEntity.prototype.nodeType = ENTITY_NODE;\n_extends(Entity,Node);\n\nfunction EntityReference() {\n};\nEntityReference.prototype.nodeType = ENTITY_REFERENCE_NODE;\n_extends(EntityReference,Node);\n\nfunction DocumentFragment() {\n};\nDocumentFragment.prototype.nodeName =\t\"#document-fragment\";\nDocumentFragment.prototype.nodeType =\tDOCUMENT_FRAGMENT_NODE;\n_extends(DocumentFragment,Node);\n\n\nfunction ProcessingInstruction() {\n}\nProcessingInstruction.prototype.nodeType = PROCESSING_INSTRUCTION_NODE;\n_extends(ProcessingInstruction,Node);\nfunction XMLSerializer(){}\nXMLSerializer.prototype.serializeToString = function(node,isHtml,nodeFilter){\n\treturn nodeSerializeToString.call(node,isHtml,nodeFilter);\n}\nNode.prototype.toString = nodeSerializeToString;\nfunction nodeSerializeToString(isHtml,nodeFilter){\n\tvar buf = [];\n\tvar refNode = this.nodeType == 9 && this.documentElement || this;\n\tvar prefix = refNode.prefix;\n\tvar uri = refNode.namespaceURI;\n\n\tif(uri && prefix == null){\n\t\t//console.log(prefix)\n\t\tvar prefix = refNode.lookupPrefix(uri);\n\t\tif(prefix == null){\n\t\t\t//isHTML = true;\n\t\t\tvar visibleNamespaces=[\n\t\t\t{namespace:uri,prefix:null}\n\t\t\t//{namespace:uri,prefix:''}\n\t\t\t]\n\t\t}\n\t}\n\tserializeToString(this,buf,isHtml,nodeFilter,visibleNamespaces);\n\t//console.log('###',this.nodeType,uri,prefix,buf.join(''))\n\treturn buf.join('');\n}\n\nfunction needNamespaceDefine(node, isHTML, visibleNamespaces) {\n\tvar prefix = node.prefix || '';\n\tvar uri = node.namespaceURI;\n\t// According to [Namespaces in XML 1.0](https://www.w3.org/TR/REC-xml-names/#ns-using) ,\n\t// and more specifically https://www.w3.org/TR/REC-xml-names/#nsc-NoPrefixUndecl :\n\t// > In a namespace declaration for a prefix [...], the attribute value MUST NOT be empty.\n\t// in a similar manner [Namespaces in XML 1.1](https://www.w3.org/TR/xml-names11/#ns-using)\n\t// and more specifically https://www.w3.org/TR/xml-names11/#nsc-NSDeclared :\n\t// > [...] Furthermore, the attribute value [...] must not be an empty string.\n\t// so serializing empty namespace value like xmlns:ds=\"\" would produce an invalid XML document.\n\tif (!uri) {\n\t\treturn false;\n\t}\n\tif (prefix === \"xml\" && uri === NAMESPACE.XML || uri === NAMESPACE.XMLNS) {\n\t\treturn false;\n\t}\n\n\tvar i = visibleNamespaces.length\n\twhile (i--) {\n\t\tvar ns = visibleNamespaces[i];\n\t\t// get namespace prefix\n\t\tif (ns.prefix === prefix) {\n\t\t\treturn ns.namespace !== uri;\n\t\t}\n\t}\n\treturn true;\n}\n/**\n * Well-formed constraint: No < in Attribute Values\n * > The replacement text of any entity referred to directly or indirectly\n * > in an attribute value must not contain a <.\n * @see https://www.w3.org/TR/xml11/#CleanAttrVals\n * @see https://www.w3.org/TR/xml11/#NT-AttValue\n *\n * Literal whitespace other than space that appear in attribute values\n * are serialized as their entity references, so they will be preserved.\n * (In contrast to whitespace literals in the input which are normalized to spaces)\n * @see https://www.w3.org/TR/xml11/#AVNormalize\n * @see https://w3c.github.io/DOM-Parsing/#serializing-an-element-s-attributes\n */\nfunction addSerializedAttribute(buf, qualifiedName, value) {\n\tbuf.push(' ', qualifiedName, '=\"', value.replace(/[<>&\"\\t\\n\\r]/g, _xmlEncoder), '\"')\n}\n\nfunction serializeToString(node,buf,isHTML,nodeFilter,visibleNamespaces){\n\tif (!visibleNamespaces) {\n\t\tvisibleNamespaces = [];\n\t}\n\n\tif(nodeFilter){\n\t\tnode = nodeFilter(node);\n\t\tif(node){\n\t\t\tif(typeof node == 'string'){\n\t\t\t\tbuf.push(node);\n\t\t\t\treturn;\n\t\t\t}\n\t\t}else{\n\t\t\treturn;\n\t\t}\n\t\t//buf.sort.apply(attrs, attributeSorter);\n\t}\n\n\tswitch(node.nodeType){\n\tcase ELEMENT_NODE:\n\t\tvar attrs = node.attributes;\n\t\tvar len = attrs.length;\n\t\tvar child = node.firstChild;\n\t\tvar nodeName = node.tagName;\n\n\t\tisHTML = NAMESPACE.isHTML(node.namespaceURI) || isHTML\n\n\t\tvar prefixedNodeName = nodeName\n\t\tif (!isHTML && !node.prefix && node.namespaceURI) {\n\t\t\tvar defaultNS\n\t\t\t// lookup current default ns from `xmlns` attribute\n\t\t\tfor (var ai = 0; ai < attrs.length; ai++) {\n\t\t\t\tif (attrs.item(ai).name === 'xmlns') {\n\t\t\t\t\tdefaultNS = attrs.item(ai).value\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (!defaultNS) {\n\t\t\t\t// lookup current default ns in visibleNamespaces\n\t\t\t\tfor (var nsi = visibleNamespaces.length - 1; nsi >= 0; nsi--) {\n\t\t\t\t\tvar namespace = visibleNamespaces[nsi]\n\t\t\t\t\tif (namespace.prefix === '' && namespace.namespace === node.namespaceURI) {\n\t\t\t\t\t\tdefaultNS = namespace.namespace\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (defaultNS !== node.namespaceURI) {\n\t\t\t\tfor (var nsi = visibleNamespaces.length - 1; nsi >= 0; nsi--) {\n\t\t\t\t\tvar namespace = visibleNamespaces[nsi]\n\t\t\t\t\tif (namespace.namespace === node.namespaceURI) {\n\t\t\t\t\t\tif (namespace.prefix) {\n\t\t\t\t\t\t\tprefixedNodeName = namespace.prefix + ':' + nodeName\n\t\t\t\t\t\t}\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tbuf.push('<', prefixedNodeName);\n\n\t\tfor(var i=0;i<len;i++){\n\t\t\t// add namespaces for attributes\n\t\t\tvar attr = attrs.item(i);\n\t\t\tif (attr.prefix == 'xmlns') {\n\t\t\t\tvisibleNamespaces.push({ prefix: attr.localName, namespace: attr.value });\n\t\t\t}else if(attr.nodeName == 'xmlns'){\n\t\t\t\tvisibleNamespaces.push({ prefix: '', namespace: attr.value });\n\t\t\t}\n\t\t}\n\n\t\tfor(var i=0;i<len;i++){\n\t\t\tvar attr = attrs.item(i);\n\t\t\tif (needNamespaceDefine(attr,isHTML, visibleNamespaces)) {\n\t\t\t\tvar prefix = attr.prefix||'';\n\t\t\t\tvar uri = attr.namespaceURI;\n\t\t\t\taddSerializedAttribute(buf, prefix ? 'xmlns:' + prefix : \"xmlns\", uri);\n\t\t\t\tvisibleNamespaces.push({ prefix: prefix, namespace:uri });\n\t\t\t}\n\t\t\tserializeToString(attr,buf,isHTML,nodeFilter,visibleNamespaces);\n\t\t}\n\n\t\t// add namespace for current node\n\t\tif (nodeName === prefixedNodeName && needNamespaceDefine(node, isHTML, visibleNamespaces)) {\n\t\t\tvar prefix = node.prefix||'';\n\t\t\tvar uri = node.namespaceURI;\n\t\t\taddSerializedAttribute(buf, prefix ? 'xmlns:' + prefix : \"xmlns\", uri);\n\t\t\tvisibleNamespaces.push({ prefix: prefix, namespace:uri });\n\t\t}\n\n\t\tif(child || isHTML && !/^(?:meta|link|img|br|hr|input)$/i.test(nodeName)){\n\t\t\tbuf.push('>');\n\t\t\t//if is cdata child node\n\t\t\tif(isHTML && /^script$/i.test(nodeName)){\n\t\t\t\twhile(child){\n\t\t\t\t\tif(child.data){\n\t\t\t\t\t\tbuf.push(child.data);\n\t\t\t\t\t}else{\n\t\t\t\t\t\tserializeToString(child, buf, isHTML, nodeFilter, visibleNamespaces.slice());\n\t\t\t\t\t}\n\t\t\t\t\tchild = child.nextSibling;\n\t\t\t\t}\n\t\t\t}else\n\t\t\t{\n\t\t\t\twhile(child){\n\t\t\t\t\tserializeToString(child, buf, isHTML, nodeFilter, visibleNamespaces.slice());\n\t\t\t\t\tchild = child.nextSibling;\n\t\t\t\t}\n\t\t\t}\n\t\t\tbuf.push('</',prefixedNodeName,'>');\n\t\t}else{\n\t\t\tbuf.push('/>');\n\t\t}\n\t\t// remove added visible namespaces\n\t\t//visibleNamespaces.length = startVisibleNamespaces;\n\t\treturn;\n\tcase DOCUMENT_NODE:\n\tcase DOCUMENT_FRAGMENT_NODE:\n\t\tvar child = node.firstChild;\n\t\twhile(child){\n\t\t\tserializeToString(child, buf, isHTML, nodeFilter, visibleNamespaces.slice());\n\t\t\tchild = child.nextSibling;\n\t\t}\n\t\treturn;\n\tcase ATTRIBUTE_NODE:\n\t\treturn addSerializedAttribute(buf, node.name, node.value);\n\tcase TEXT_NODE:\n\t\t/**\n\t\t * The ampersand character (&) and the left angle bracket (<) must not appear in their literal form,\n\t\t * except when used as markup delimiters, or within a comment, a processing instruction, or a CDATA section.\n\t\t * If they are needed elsewhere, they must be escaped using either numeric character references or the strings\n\t\t * `&amp;` and `&lt;` respectively.\n\t\t * The right angle bracket (>) may be represented using the string \" &gt; \", and must, for compatibility,\n\t\t * be escaped using either `&gt;` or a character reference when it appears in the string `]]>` in content,\n\t\t * when that string is not marking the end of a CDATA section.\n\t\t *\n\t\t * In the content of elements, character data is any string of characters\n\t\t * which does not contain the start-delimiter of any markup\n\t\t * and does not include the CDATA-section-close delimiter, `]]>`.\n\t\t *\n\t\t * @see https://www.w3.org/TR/xml/#NT-CharData\n\t\t * @see https://w3c.github.io/DOM-Parsing/#xml-serializing-a-text-node\n\t\t */\n\t\treturn buf.push(node.data\n\t\t\t.replace(/[<&>]/g,_xmlEncoder)\n\t\t);\n\tcase CDATA_SECTION_NODE:\n\t\treturn buf.push( '<![CDATA[',node.data,']]>');\n\tcase COMMENT_NODE:\n\t\treturn buf.push( \"<!--\",node.data,\"-->\");\n\tcase DOCUMENT_TYPE_NODE:\n\t\tvar pubid = node.publicId;\n\t\tvar sysid = node.systemId;\n\t\tbuf.push('<!DOCTYPE ',node.name);\n\t\tif(pubid){\n\t\t\tbuf.push(' PUBLIC ', pubid);\n\t\t\tif (sysid && sysid!='.') {\n\t\t\t\tbuf.push(' ', sysid);\n\t\t\t}\n\t\t\tbuf.push('>');\n\t\t}else if(sysid && sysid!='.'){\n\t\t\tbuf.push(' SYSTEM ', sysid, '>');\n\t\t}else{\n\t\t\tvar sub = node.internalSubset;\n\t\t\tif(sub){\n\t\t\t\tbuf.push(\" [\",sub,\"]\");\n\t\t\t}\n\t\t\tbuf.push(\">\");\n\t\t}\n\t\treturn;\n\tcase PROCESSING_INSTRUCTION_NODE:\n\t\treturn buf.push( \"<?\",node.target,\" \",node.data,\"?>\");\n\tcase ENTITY_REFERENCE_NODE:\n\t\treturn buf.push( '&',node.nodeName,';');\n\t//case ENTITY_NODE:\n\t//case NOTATION_NODE:\n\tdefault:\n\t\tbuf.push('??',node.nodeName);\n\t}\n}\nfunction importNode(doc,node,deep){\n\tvar node2;\n\tswitch (node.nodeType) {\n\tcase ELEMENT_NODE:\n\t\tnode2 = node.cloneNode(false);\n\t\tnode2.ownerDocument = doc;\n\t\t//var attrs = node2.attributes;\n\t\t//var len = attrs.length;\n\t\t//for(var i=0;i<len;i++){\n\t\t\t//node2.setAttributeNodeNS(importNode(doc,attrs.item(i),deep));\n\t\t//}\n\tcase DOCUMENT_FRAGMENT_NODE:\n\t\tbreak;\n\tcase ATTRIBUTE_NODE:\n\t\tdeep = true;\n\t\tbreak;\n\t//case ENTITY_REFERENCE_NODE:\n\t//case PROCESSING_INSTRUCTION_NODE:\n\t////case TEXT_NODE:\n\t//case CDATA_SECTION_NODE:\n\t//case COMMENT_NODE:\n\t//\tdeep = false;\n\t//\tbreak;\n\t//case DOCUMENT_NODE:\n\t//case DOCUMENT_TYPE_NODE:\n\t//cannot be imported.\n\t//case ENTITY_NODE:\n\t//case NOTATION_NODE：\n\t//can not hit in level3\n\t//default:throw e;\n\t}\n\tif(!node2){\n\t\tnode2 = node.cloneNode(false);//false\n\t}\n\tnode2.ownerDocument = doc;\n\tnode2.parentNode = null;\n\tif(deep){\n\t\tvar child = node.firstChild;\n\t\twhile(child){\n\t\t\tnode2.appendChild(importNode(doc,child,deep));\n\t\t\tchild = child.nextSibling;\n\t\t}\n\t}\n\treturn node2;\n}\n//\n//var _relationMap = {firstChild:1,lastChild:1,previousSibling:1,nextSibling:1,\n//\t\t\t\t\tattributes:1,childNodes:1,parentNode:1,documentElement:1,doctype,};\nfunction cloneNode(doc,node,deep){\n\tvar node2 = new node.constructor();\n\tfor (var n in node) {\n\t\tif (Object.prototype.hasOwnProperty.call(node, n)) {\n\t\t\tvar v = node[n];\n\t\t\tif (typeof v != \"object\") {\n\t\t\t\tif (v != node2[n]) {\n\t\t\t\t\tnode2[n] = v;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\tif(node.childNodes){\n\t\tnode2.childNodes = new NodeList();\n\t}\n\tnode2.ownerDocument = doc;\n\tswitch (node2.nodeType) {\n\tcase ELEMENT_NODE:\n\t\tvar attrs\t= node.attributes;\n\t\tvar attrs2\t= node2.attributes = new NamedNodeMap();\n\t\tvar len = attrs.length\n\t\tattrs2._ownerElement = node2;\n\t\tfor(var i=0;i<len;i++){\n\t\t\tnode2.setAttributeNode(cloneNode(doc,attrs.item(i),true));\n\t\t}\n\t\tbreak;;\n\tcase ATTRIBUTE_NODE:\n\t\tdeep = true;\n\t}\n\tif(deep){\n\t\tvar child = node.firstChild;\n\t\twhile(child){\n\t\t\tnode2.appendChild(cloneNode(doc,child,deep));\n\t\t\tchild = child.nextSibling;\n\t\t}\n\t}\n\treturn node2;\n}\n\nfunction __set__(object,key,value){\n\tobject[key] = value\n}\n//do dynamic\ntry{\n\tif(Object.defineProperty){\n\t\tObject.defineProperty(LiveNodeList.prototype,'length',{\n\t\t\tget:function(){\n\t\t\t\t_updateLiveList(this);\n\t\t\t\treturn this.$$length;\n\t\t\t}\n\t\t});\n\n\t\tObject.defineProperty(Node.prototype,'textContent',{\n\t\t\tget:function(){\n\t\t\t\treturn getTextContent(this);\n\t\t\t},\n\n\t\t\tset:function(data){\n\t\t\t\tswitch(this.nodeType){\n\t\t\t\tcase ELEMENT_NODE:\n\t\t\t\tcase DOCUMENT_FRAGMENT_NODE:\n\t\t\t\t\twhile(this.firstChild){\n\t\t\t\t\t\tthis.removeChild(this.firstChild);\n\t\t\t\t\t}\n\t\t\t\t\tif(data || String(data)){\n\t\t\t\t\t\tthis.appendChild(this.ownerDocument.createTextNode(data));\n\t\t\t\t\t}\n\t\t\t\t\tbreak;\n\n\t\t\t\tdefault:\n\t\t\t\t\tthis.data = data;\n\t\t\t\t\tthis.value = data;\n\t\t\t\t\tthis.nodeValue = data;\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\n\t\tfunction getTextContent(node){\n\t\t\tswitch(node.nodeType){\n\t\t\tcase ELEMENT_NODE:\n\t\t\tcase DOCUMENT_FRAGMENT_NODE:\n\t\t\t\tvar buf = [];\n\t\t\t\tnode = node.firstChild;\n\t\t\t\twhile(node){\n\t\t\t\t\tif(node.nodeType!==7 && node.nodeType !==8){\n\t\t\t\t\t\tbuf.push(getTextContent(node));\n\t\t\t\t\t}\n\t\t\t\t\tnode = node.nextSibling;\n\t\t\t\t}\n\t\t\t\treturn buf.join('');\n\t\t\tdefault:\n\t\t\t\treturn node.nodeValue;\n\t\t\t}\n\t\t}\n\n\t\t__set__ = function(object,key,value){\n\t\t\t//console.log(value)\n\t\t\tobject['$$'+key] = value\n\t\t}\n\t}\n}catch(e){//ie8\n}\n\n//if(typeof require == 'function'){\n\texports.DocumentType = DocumentType;\n\texports.DOMException = DOMException;\n\texports.DOMImplementation = DOMImplementation;\n\texports.Element = Element;\n\texports.Node = Node;\n\texports.NodeList = NodeList;\n\texports.XMLSerializer = XMLSerializer;\n//}\n","'use strict';\n\nvar freeze = require('./conventions').freeze;\n\n/**\n * The entities that are predefined in every XML document.\n *\n * @see https://www.w3.org/TR/2006/REC-xml11-20060816/#sec-predefined-ent W3C XML 1.1\n * @see https://www.w3.org/TR/2008/REC-xml-20081126/#sec-predefined-ent W3C XML 1.0\n * @see https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Predefined_entities_in_XML Wikipedia\n */\nexports.XML_ENTITIES = freeze({\n\tamp: '&',\n\tapos: \"'\",\n\tgt: '>',\n\tlt: '<',\n\tquot: '\"',\n});\n\n/**\n * A map of all entities that are detected in an HTML document.\n * They contain all entries from `XML_ENTITIES`.\n *\n * @see XML_ENTITIES\n * @see DOMParser.parseFromString\n * @see DOMImplementation.prototype.createHTMLDocument\n * @see https://html.spec.whatwg.org/#named-character-references WHATWG HTML(5) Spec\n * @see https://html.spec.whatwg.org/entities.json JSON\n * @see https://www.w3.org/TR/xml-entity-names/ W3C XML Entity Names\n * @see https://www.w3.org/TR/html4/sgml/entities.html W3C HTML4/SGML\n * @see https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Character_entity_references_in_HTML Wikipedia (HTML)\n * @see https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Entities_representing_special_characters_in_XHTML Wikpedia (XHTML)\n */\nexports.HTML_ENTITIES = freeze({\n\tAacute: '\\u00C1',\n\taacute: '\\u00E1',\n\tAbreve: '\\u0102',\n\tabreve: '\\u0103',\n\tac: '\\u223E',\n\tacd: '\\u223F',\n\tacE: '\\u223E\\u0333',\n\tAcirc: '\\u00C2',\n\tacirc: '\\u00E2',\n\tacute: '\\u00B4',\n\tAcy: '\\u0410',\n\tacy: '\\u0430',\n\tAElig: '\\u00C6',\n\taelig: '\\u00E6',\n\taf: '\\u2061',\n\tAfr: '\\uD835\\uDD04',\n\tafr: '\\uD835\\uDD1E',\n\tAgrave: '\\u00C0',\n\tagrave: '\\u00E0',\n\talefsym: '\\u2135',\n\taleph: '\\u2135',\n\tAlpha: '\\u0391',\n\talpha: '\\u03B1',\n\tAmacr: '\\u0100',\n\tamacr: '\\u0101',\n\tamalg: '\\u2A3F',\n\tAMP: '\\u0026',\n\tamp: '\\u0026',\n\tAnd: '\\u2A53',\n\tand: '\\u2227',\n\tandand: '\\u2A55',\n\tandd: '\\u2A5C',\n\tandslope: '\\u2A58',\n\tandv: '\\u2A5A',\n\tang: '\\u2220',\n\tange: '\\u29A4',\n\tangle: '\\u2220',\n\tangmsd: '\\u2221',\n\tangmsdaa: '\\u29A8',\n\tangmsdab: '\\u29A9',\n\tangmsdac: '\\u29AA',\n\tangmsdad: '\\u29AB',\n\tangmsdae: '\\u29AC',\n\tangmsdaf: '\\u29AD',\n\tangmsdag: '\\u29AE',\n\tangmsdah: '\\u29AF',\n\tangrt: '\\u221F',\n\tangrtvb: '\\u22BE',\n\tangrtvbd: '\\u299D',\n\tangsph: '\\u2222',\n\tangst: '\\u00C5',\n\tangzarr: '\\u237C',\n\tAogon: '\\u0104',\n\taogon: '\\u0105',\n\tAopf: '\\uD835\\uDD38',\n\taopf: '\\uD835\\uDD52',\n\tap: '\\u2248',\n\tapacir: '\\u2A6F',\n\tapE: '\\u2A70',\n\tape: '\\u224A',\n\tapid: '\\u224B',\n\tapos: '\\u0027',\n\tApplyFunction: '\\u2061',\n\tapprox: '\\u2248',\n\tapproxeq: '\\u224A',\n\tAring: '\\u00C5',\n\taring: '\\u00E5',\n\tAscr: '\\uD835\\uDC9C',\n\tascr: '\\uD835\\uDCB6',\n\tAssign: '\\u2254',\n\tast: '\\u002A',\n\tasymp: '\\u2248',\n\tasympeq: '\\u224D',\n\tAtilde: '\\u00C3',\n\tatilde: '\\u00E3',\n\tAuml: '\\u00C4',\n\tauml: '\\u00E4',\n\tawconint: '\\u2233',\n\tawint: '\\u2A11',\n\tbackcong: '\\u224C',\n\tbackepsilon: '\\u03F6',\n\tbackprime: '\\u2035',\n\tbacksim: '\\u223D',\n\tbacksimeq: '\\u22CD',\n\tBackslash: '\\u2216',\n\tBarv: '\\u2AE7',\n\tbarvee: '\\u22BD',\n\tBarwed: '\\u2306',\n\tbarwed: '\\u2305',\n\tbarwedge: '\\u2305',\n\tbbrk: '\\u23B5',\n\tbbrktbrk: '\\u23B6',\n\tbcong: '\\u224C',\n\tBcy: '\\u0411',\n\tbcy: '\\u0431',\n\tbdquo: '\\u201E',\n\tbecaus: '\\u2235',\n\tBecause: '\\u2235',\n\tbecause: '\\u2235',\n\tbemptyv: '\\u29B0',\n\tbepsi: '\\u03F6',\n\tbernou: '\\u212C',\n\tBernoullis: '\\u212C',\n\tBeta: '\\u0392',\n\tbeta: '\\u03B2',\n\tbeth: '\\u2136',\n\tbetween: '\\u226C',\n\tBfr: '\\uD835\\uDD05',\n\tbfr: '\\uD835\\uDD1F',\n\tbigcap: '\\u22C2',\n\tbigcirc: '\\u25EF',\n\tbigcup: '\\u22C3',\n\tbigodot: '\\u2A00',\n\tbigoplus: '\\u2A01',\n\tbigotimes: '\\u2A02',\n\tbigsqcup: '\\u2A06',\n\tbigstar: '\\u2605',\n\tbigtriangledown: '\\u25BD',\n\tbigtriangleup: '\\u25B3',\n\tbiguplus: '\\u2A04',\n\tbigvee: '\\u22C1',\n\tbigwedge: '\\u22C0',\n\tbkarow: '\\u290D',\n\tblacklozenge: '\\u29EB',\n\tblacksquare: '\\u25AA',\n\tblacktriangle: '\\u25B4',\n\tblacktriangledown: '\\u25BE',\n\tblacktriangleleft: '\\u25C2',\n\tblacktriangleright: '\\u25B8',\n\tblank: '\\u2423',\n\tblk12: '\\u2592',\n\tblk14: '\\u2591',\n\tblk34: '\\u2593',\n\tblock: '\\u2588',\n\tbne: '\\u003D\\u20E5',\n\tbnequiv: '\\u2261\\u20E5',\n\tbNot: '\\u2AED',\n\tbnot: '\\u2310',\n\tBopf: '\\uD835\\uDD39',\n\tbopf: '\\uD835\\uDD53',\n\tbot: '\\u22A5',\n\tbottom: '\\u22A5',\n\tbowtie: '\\u22C8',\n\tboxbox: '\\u29C9',\n\tboxDL: '\\u2557',\n\tboxDl: '\\u2556',\n\tboxdL: '\\u2555',\n\tboxdl: '\\u2510',\n\tboxDR: '\\u2554',\n\tboxDr: '\\u2553',\n\tboxdR: '\\u2552',\n\tboxdr: '\\u250C',\n\tboxH: '\\u2550',\n\tboxh: '\\u2500',\n\tboxHD: '\\u2566',\n\tboxHd: '\\u2564',\n\tboxhD: '\\u2565',\n\tboxhd: '\\u252C',\n\tboxHU: '\\u2569',\n\tboxHu: '\\u2567',\n\tboxhU: '\\u2568',\n\tboxhu: '\\u2534',\n\tboxminus: '\\u229F',\n\tboxplus: '\\u229E',\n\tboxtimes: '\\u22A0',\n\tboxUL: '\\u255D',\n\tboxUl: '\\u255C',\n\tboxuL: '\\u255B',\n\tboxul: '\\u2518',\n\tboxUR: '\\u255A',\n\tboxUr: '\\u2559',\n\tboxuR: '\\u2558',\n\tboxur: '\\u2514',\n\tboxV: '\\u2551',\n\tboxv: '\\u2502',\n\tboxVH: '\\u256C',\n\tboxVh: '\\u256B',\n\tboxvH: '\\u256A',\n\tboxvh: '\\u253C',\n\tboxVL: '\\u2563',\n\tboxVl: '\\u2562',\n\tboxvL: '\\u2561',\n\tboxvl: '\\u2524',\n\tboxVR: '\\u2560',\n\tboxVr: '\\u255F',\n\tboxvR: '\\u255E',\n\tboxvr: '\\u251C',\n\tbprime: '\\u2035',\n\tBreve: '\\u02D8',\n\tbreve: '\\u02D8',\n\tbrvbar: '\\u00A6',\n\tBscr: '\\u212C',\n\tbscr: '\\uD835\\uDCB7',\n\tbsemi: '\\u204F',\n\tbsim: '\\u223D',\n\tbsime: '\\u22CD',\n\tbsol: '\\u005C',\n\tbsolb: '\\u29C5',\n\tbsolhsub: '\\u27C8',\n\tbull: '\\u2022',\n\tbullet: '\\u2022',\n\tbump: '\\u224E',\n\tbumpE: '\\u2AAE',\n\tbumpe: '\\u224F',\n\tBumpeq: '\\u224E',\n\tbumpeq: '\\u224F',\n\tCacute: '\\u0106',\n\tcacute: '\\u0107',\n\tCap: '\\u22D2',\n\tcap: '\\u2229',\n\tcapand: '\\u2A44',\n\tcapbrcup: '\\u2A49',\n\tcapcap: '\\u2A4B',\n\tcapcup: '\\u2A47',\n\tcapdot: '\\u2A40',\n\tCapitalDifferentialD: '\\u2145',\n\tcaps: '\\u2229\\uFE00',\n\tcaret: '\\u2041',\n\tcaron: '\\u02C7',\n\tCayleys: '\\u212D',\n\tccaps: '\\u2A4D',\n\tCcaron: '\\u010C',\n\tccaron: '\\u010D',\n\tCcedil: '\\u00C7',\n\tccedil: '\\u00E7',\n\tCcirc: '\\u0108',\n\tccirc: '\\u0109',\n\tCconint: '\\u2230',\n\tccups: '\\u2A4C',\n\tccupssm: '\\u2A50',\n\tCdot: '\\u010A',\n\tcdot: '\\u010B',\n\tcedil: '\\u00B8',\n\tCedilla: '\\u00B8',\n\tcemptyv: '\\u29B2',\n\tcent: '\\u00A2',\n\tCenterDot: '\\u00B7',\n\tcenterdot: '\\u00B7',\n\tCfr: '\\u212D',\n\tcfr: '\\uD835\\uDD20',\n\tCHcy: '\\u0427',\n\tchcy: '\\u0447',\n\tcheck: '\\u2713',\n\tcheckmark: '\\u2713',\n\tChi: '\\u03A7',\n\tchi: '\\u03C7',\n\tcir: '\\u25CB',\n\tcirc: '\\u02C6',\n\tcirceq: '\\u2257',\n\tcirclearrowleft: '\\u21BA',\n\tcirclearrowright: '\\u21BB',\n\tcircledast: '\\u229B',\n\tcircledcirc: '\\u229A',\n\tcircleddash: '\\u229D',\n\tCircleDot: '\\u2299',\n\tcircledR: '\\u00AE',\n\tcircledS: '\\u24C8',\n\tCircleMinus: '\\u2296',\n\tCirclePlus: '\\u2295',\n\tCircleTimes: '\\u2297',\n\tcirE: '\\u29C3',\n\tcire: '\\u2257',\n\tcirfnint: '\\u2A10',\n\tcirmid: '\\u2AEF',\n\tcirscir: '\\u29C2',\n\tClockwiseContourIntegral: '\\u2232',\n\tCloseCurlyDoubleQuote: '\\u201D',\n\tCloseCurlyQuote: '\\u2019',\n\tclubs: '\\u2663',\n\tclubsuit: '\\u2663',\n\tColon: '\\u2237',\n\tcolon: '\\u003A',\n\tColone: '\\u2A74',\n\tcolone: '\\u2254',\n\tcoloneq: '\\u2254',\n\tcomma: '\\u002C',\n\tcommat: '\\u0040',\n\tcomp: '\\u2201',\n\tcompfn: '\\u2218',\n\tcomplement: '\\u2201',\n\tcomplexes: '\\u2102',\n\tcong: '\\u2245',\n\tcongdot: '\\u2A6D',\n\tCongruent: '\\u2261',\n\tConint: '\\u222F',\n\tconint: '\\u222E',\n\tContourIntegral: '\\u222E',\n\tCopf: '\\u2102',\n\tcopf: '\\uD835\\uDD54',\n\tcoprod: '\\u2210',\n\tCoproduct: '\\u2210',\n\tCOPY: '\\u00A9',\n\tcopy: '\\u00A9',\n\tcopysr: '\\u2117',\n\tCounterClockwiseContourIntegral: '\\u2233',\n\tcrarr: '\\u21B5',\n\tCross: '\\u2A2F',\n\tcross: '\\u2717',\n\tCscr: '\\uD835\\uDC9E',\n\tcscr: '\\uD835\\uDCB8',\n\tcsub: '\\u2ACF',\n\tcsube: '\\u2AD1',\n\tcsup: '\\u2AD0',\n\tcsupe: '\\u2AD2',\n\tctdot: '\\u22EF',\n\tcudarrl: '\\u2938',\n\tcudarrr: '\\u2935',\n\tcuepr: '\\u22DE',\n\tcuesc: '\\u22DF',\n\tcularr: '\\u21B6',\n\tcularrp: '\\u293D',\n\tCup: '\\u22D3',\n\tcup: '\\u222A',\n\tcupbrcap: '\\u2A48',\n\tCupCap: '\\u224D',\n\tcupcap: '\\u2A46',\n\tcupcup: '\\u2A4A',\n\tcupdot: '\\u228D',\n\tcupor: '\\u2A45',\n\tcups: '\\u222A\\uFE00',\n\tcurarr: '\\u21B7',\n\tcurarrm: '\\u293C',\n\tcurlyeqprec: '\\u22DE',\n\tcurlyeqsucc: '\\u22DF',\n\tcurlyvee: '\\u22CE',\n\tcurlywedge: '\\u22CF',\n\tcurren: '\\u00A4',\n\tcurvearrowleft: '\\u21B6',\n\tcurvearrowright: '\\u21B7',\n\tcuvee: '\\u22CE',\n\tcuwed: '\\u22CF',\n\tcwconint: '\\u2232',\n\tcwint: '\\u2231',\n\tcylcty: '\\u232D',\n\tDagger: '\\u2021',\n\tdagger: '\\u2020',\n\tdaleth: '\\u2138',\n\tDarr: '\\u21A1',\n\tdArr: '\\u21D3',\n\tdarr: '\\u2193',\n\tdash: '\\u2010',\n\tDashv: '\\u2AE4',\n\tdashv: '\\u22A3',\n\tdbkarow: '\\u290F',\n\tdblac: '\\u02DD',\n\tDcaron: '\\u010E',\n\tdcaron: '\\u010F',\n\tDcy: '\\u0414',\n\tdcy: '\\u0434',\n\tDD: '\\u2145',\n\tdd: '\\u2146',\n\tddagger: '\\u2021',\n\tddarr: '\\u21CA',\n\tDDotrahd: '\\u2911',\n\tddotseq: '\\u2A77',\n\tdeg: '\\u00B0',\n\tDel: '\\u2207',\n\tDelta: '\\u0394',\n\tdelta: '\\u03B4',\n\tdemptyv: '\\u29B1',\n\tdfisht: '\\u297F',\n\tDfr: '\\uD835\\uDD07',\n\tdfr: '\\uD835\\uDD21',\n\tdHar: '\\u2965',\n\tdharl: '\\u21C3',\n\tdharr: '\\u21C2',\n\tDiacriticalAcute: '\\u00B4',\n\tDiacriticalDot: '\\u02D9',\n\tDiacriticalDoubleAcute: '\\u02DD',\n\tDiacriticalGrave: '\\u0060',\n\tDiacriticalTilde: '\\u02DC',\n\tdiam: '\\u22C4',\n\tDiamond: '\\u22C4',\n\tdiamond: '\\u22C4',\n\tdiamondsuit: '\\u2666',\n\tdiams: '\\u2666',\n\tdie: '\\u00A8',\n\tDifferentialD: '\\u2146',\n\tdigamma: '\\u03DD',\n\tdisin: '\\u22F2',\n\tdiv: '\\u00F7',\n\tdivide: '\\u00F7',\n\tdivideontimes: '\\u22C7',\n\tdivonx: '\\u22C7',\n\tDJcy: '\\u0402',\n\tdjcy: '\\u0452',\n\tdlcorn: '\\u231E',\n\tdlcrop: '\\u230D',\n\tdollar: '\\u0024',\n\tDopf: '\\uD835\\uDD3B',\n\tdopf: '\\uD835\\uDD55',\n\tDot: '\\u00A8',\n\tdot: '\\u02D9',\n\tDotDot: '\\u20DC',\n\tdoteq: '\\u2250',\n\tdoteqdot: '\\u2251',\n\tDotEqual: '\\u2250',\n\tdotminus: '\\u2238',\n\tdotplus: '\\u2214',\n\tdotsquare: '\\u22A1',\n\tdoublebarwedge: '\\u2306',\n\tDoubleContourIntegral: '\\u222F',\n\tDoubleDot: '\\u00A8',\n\tDoubleDownArrow: '\\u21D3',\n\tDoubleLeftArrow: '\\u21D0',\n\tDoubleLeftRightArrow: '\\u21D4',\n\tDoubleLeftTee: '\\u2AE4',\n\tDoubleLongLeftArrow: '\\u27F8',\n\tDoubleLongLeftRightArrow: '\\u27FA',\n\tDoubleLongRightArrow: '\\u27F9',\n\tDoubleRightArrow: '\\u21D2',\n\tDoubleRightTee: '\\u22A8',\n\tDoubleUpArrow: '\\u21D1',\n\tDoubleUpDownArrow: '\\u21D5',\n\tDoubleVerticalBar: '\\u2225',\n\tDownArrow: '\\u2193',\n\tDownarrow: '\\u21D3',\n\tdownarrow: '\\u2193',\n\tDownArrowBar: '\\u2913',\n\tDownArrowUpArrow: '\\u21F5',\n\tDownBreve: '\\u0311',\n\tdowndownarrows: '\\u21CA',\n\tdownharpoonleft: '\\u21C3',\n\tdownharpoonright: '\\u21C2',\n\tDownLeftRightVector: '\\u2950',\n\tDownLeftTeeVector: '\\u295E',\n\tDownLeftVector: '\\u21BD',\n\tDownLeftVectorBar: '\\u2956',\n\tDownRightTeeVector: '\\u295F',\n\tDownRightVector: '\\u21C1',\n\tDownRightVectorBar: '\\u2957',\n\tDownTee: '\\u22A4',\n\tDownTeeArrow: '\\u21A7',\n\tdrbkarow: '\\u2910',\n\tdrcorn: '\\u231F',\n\tdrcrop: '\\u230C',\n\tDscr: '\\uD835\\uDC9F',\n\tdscr: '\\uD835\\uDCB9',\n\tDScy: '\\u0405',\n\tdscy: '\\u0455',\n\tdsol: '\\u29F6',\n\tDstrok: '\\u0110',\n\tdstrok: '\\u0111',\n\tdtdot: '\\u22F1',\n\tdtri: '\\u25BF',\n\tdtrif: '\\u25BE',\n\tduarr: '\\u21F5',\n\tduhar: '\\u296F',\n\tdwangle: '\\u29A6',\n\tDZcy: '\\u040F',\n\tdzcy: '\\u045F',\n\tdzigrarr: '\\u27FF',\n\tEacute: '\\u00C9',\n\teacute: '\\u00E9',\n\teaster: '\\u2A6E',\n\tEcaron: '\\u011A',\n\tecaron: '\\u011B',\n\tecir: '\\u2256',\n\tEcirc: '\\u00CA',\n\tecirc: '\\u00EA',\n\tecolon: '\\u2255',\n\tEcy: '\\u042D',\n\tecy: '\\u044D',\n\teDDot: '\\u2A77',\n\tEdot: '\\u0116',\n\teDot: '\\u2251',\n\tedot: '\\u0117',\n\tee: '\\u2147',\n\tefDot: '\\u2252',\n\tEfr: '\\uD835\\uDD08',\n\tefr: '\\uD835\\uDD22',\n\teg: '\\u2A9A',\n\tEgrave: '\\u00C8',\n\tegrave: '\\u00E8',\n\tegs: '\\u2A96',\n\tegsdot: '\\u2A98',\n\tel: '\\u2A99',\n\tElement: '\\u2208',\n\telinters: '\\u23E7',\n\tell: '\\u2113',\n\tels: '\\u2A95',\n\telsdot: '\\u2A97',\n\tEmacr: '\\u0112',\n\temacr: '\\u0113',\n\tempty: '\\u2205',\n\temptyset: '\\u2205',\n\tEmptySmallSquare: '\\u25FB',\n\temptyv: '\\u2205',\n\tEmptyVerySmallSquare: '\\u25AB',\n\temsp: '\\u2003',\n\temsp13: '\\u2004',\n\temsp14: '\\u2005',\n\tENG: '\\u014A',\n\teng: '\\u014B',\n\tensp: '\\u2002',\n\tEogon: '\\u0118',\n\teogon: '\\u0119',\n\tEopf: '\\uD835\\uDD3C',\n\teopf: '\\uD835\\uDD56',\n\tepar: '\\u22D5',\n\teparsl: '\\u29E3',\n\teplus: '\\u2A71',\n\tepsi: '\\u03B5',\n\tEpsilon: '\\u0395',\n\tepsilon: '\\u03B5',\n\tepsiv: '\\u03F5',\n\teqcirc: '\\u2256',\n\teqcolon: '\\u2255',\n\teqsim: '\\u2242',\n\teqslantgtr: '\\u2A96',\n\teqslantless: '\\u2A95',\n\tEqual: '\\u2A75',\n\tequals: '\\u003D',\n\tEqualTilde: '\\u2242',\n\tequest: '\\u225F',\n\tEquilibrium: '\\u21CC',\n\tequiv: '\\u2261',\n\tequivDD: '\\u2A78',\n\teqvparsl: '\\u29E5',\n\terarr: '\\u2971',\n\terDot: '\\u2253',\n\tEscr: '\\u2130',\n\tescr: '\\u212F',\n\tesdot: '\\u2250',\n\tEsim: '\\u2A73',\n\tesim: '\\u2242',\n\tEta: '\\u0397',\n\teta: '\\u03B7',\n\tETH: '\\u00D0',\n\teth: '\\u00F0',\n\tEuml: '\\u00CB',\n\teuml: '\\u00EB',\n\teuro: '\\u20AC',\n\texcl: '\\u0021',\n\texist: '\\u2203',\n\tExists: '\\u2203',\n\texpectation: '\\u2130',\n\tExponentialE: '\\u2147',\n\texponentiale: '\\u2147',\n\tfallingdotseq: '\\u2252',\n\tFcy: '\\u0424',\n\tfcy: '\\u0444',\n\tfemale: '\\u2640',\n\tffilig: '\\uFB03',\n\tfflig: '\\uFB00',\n\tffllig: '\\uFB04',\n\tFfr: '\\uD835\\uDD09',\n\tffr: '\\uD835\\uDD23',\n\tfilig: '\\uFB01',\n\tFilledSmallSquare: '\\u25FC',\n\tFilledVerySmallSquare: '\\u25AA',\n\tfjlig: '\\u0066\\u006A',\n\tflat: '\\u266D',\n\tfllig: '\\uFB02',\n\tfltns: '\\u25B1',\n\tfnof: '\\u0192',\n\tFopf: '\\uD835\\uDD3D',\n\tfopf: '\\uD835\\uDD57',\n\tForAll: '\\u2200',\n\tforall: '\\u2200',\n\tfork: '\\u22D4',\n\tforkv: '\\u2AD9',\n\tFouriertrf: '\\u2131',\n\tfpartint: '\\u2A0D',\n\tfrac12: '\\u00BD',\n\tfrac13: '\\u2153',\n\tfrac14: '\\u00BC',\n\tfrac15: '\\u2155',\n\tfrac16: '\\u2159',\n\tfrac18: '\\u215B',\n\tfrac23: '\\u2154',\n\tfrac25: '\\u2156',\n\tfrac34: '\\u00BE',\n\tfrac35: '\\u2157',\n\tfrac38: '\\u215C',\n\tfrac45: '\\u2158',\n\tfrac56: '\\u215A',\n\tfrac58: '\\u215D',\n\tfrac78: '\\u215E',\n\tfrasl: '\\u2044',\n\tfrown: '\\u2322',\n\tFscr: '\\u2131',\n\tfscr: '\\uD835\\uDCBB',\n\tgacute: '\\u01F5',\n\tGamma: '\\u0393',\n\tgamma: '\\u03B3',\n\tGammad: '\\u03DC',\n\tgammad: '\\u03DD',\n\tgap: '\\u2A86',\n\tGbreve: '\\u011E',\n\tgbreve: '\\u011F',\n\tGcedil: '\\u0122',\n\tGcirc: '\\u011C',\n\tgcirc: '\\u011D',\n\tGcy: '\\u0413',\n\tgcy: '\\u0433',\n\tGdot: '\\u0120',\n\tgdot: '\\u0121',\n\tgE: '\\u2267',\n\tge: '\\u2265',\n\tgEl: '\\u2A8C',\n\tgel: '\\u22DB',\n\tgeq: '\\u2265',\n\tgeqq: '\\u2267',\n\tgeqslant: '\\u2A7E',\n\tges: '\\u2A7E',\n\tgescc: '\\u2AA9',\n\tgesdot: '\\u2A80',\n\tgesdoto: '\\u2A82',\n\tgesdotol: '\\u2A84',\n\tgesl: '\\u22DB\\uFE00',\n\tgesles: '\\u2A94',\n\tGfr: '\\uD835\\uDD0A',\n\tgfr: '\\uD835\\uDD24',\n\tGg: '\\u22D9',\n\tgg: '\\u226B',\n\tggg: '\\u22D9',\n\tgimel: '\\u2137',\n\tGJcy: '\\u0403',\n\tgjcy: '\\u0453',\n\tgl: '\\u2277',\n\tgla: '\\u2AA5',\n\tglE: '\\u2A92',\n\tglj: '\\u2AA4',\n\tgnap: '\\u2A8A',\n\tgnapprox: '\\u2A8A',\n\tgnE: '\\u2269',\n\tgne: '\\u2A88',\n\tgneq: '\\u2A88',\n\tgneqq: '\\u2269',\n\tgnsim: '\\u22E7',\n\tGopf: '\\uD835\\uDD3E',\n\tgopf: '\\uD835\\uDD58',\n\tgrave: '\\u0060',\n\tGreaterEqual: '\\u2265',\n\tGreaterEqualLess: '\\u22DB',\n\tGreaterFullEqual: '\\u2267',\n\tGreaterGreater: '\\u2AA2',\n\tGreaterLess: '\\u2277',\n\tGreaterSlantEqual: '\\u2A7E',\n\tGreaterTilde: '\\u2273',\n\tGscr: '\\uD835\\uDCA2',\n\tgscr: '\\u210A',\n\tgsim: '\\u2273',\n\tgsime: '\\u2A8E',\n\tgsiml: '\\u2A90',\n\tGt: '\\u226B',\n\tGT: '\\u003E',\n\tgt: '\\u003E',\n\tgtcc: '\\u2AA7',\n\tgtcir: '\\u2A7A',\n\tgtdot: '\\u22D7',\n\tgtlPar: '\\u2995',\n\tgtquest: '\\u2A7C',\n\tgtrapprox: '\\u2A86',\n\tgtrarr: '\\u2978',\n\tgtrdot: '\\u22D7',\n\tgtreqless: '\\u22DB',\n\tgtreqqless: '\\u2A8C',\n\tgtrless: '\\u2277',\n\tgtrsim: '\\u2273',\n\tgvertneqq: '\\u2269\\uFE00',\n\tgvnE: '\\u2269\\uFE00',\n\tHacek: '\\u02C7',\n\thairsp: '\\u200A',\n\thalf: '\\u00BD',\n\thamilt: '\\u210B',\n\tHARDcy: '\\u042A',\n\thardcy: '\\u044A',\n\thArr: '\\u21D4',\n\tharr: '\\u2194',\n\tharrcir: '\\u2948',\n\tharrw: '\\u21AD',\n\tHat: '\\u005E',\n\thbar: '\\u210F',\n\tHcirc: '\\u0124',\n\thcirc: '\\u0125',\n\thearts: '\\u2665',\n\theartsuit: '\\u2665',\n\thellip: '\\u2026',\n\thercon: '\\u22B9',\n\tHfr: '\\u210C',\n\thfr: '\\uD835\\uDD25',\n\tHilbertSpace: '\\u210B',\n\thksearow: '\\u2925',\n\thkswarow: '\\u2926',\n\thoarr: '\\u21FF',\n\thomtht: '\\u223B',\n\thookleftarrow: '\\u21A9',\n\thookrightarrow: '\\u21AA',\n\tHopf: '\\u210D',\n\thopf: '\\uD835\\uDD59',\n\thorbar: '\\u2015',\n\tHorizontalLine: '\\u2500',\n\tHscr: '\\u210B',\n\thscr: '\\uD835\\uDCBD',\n\thslash: '\\u210F',\n\tHstrok: '\\u0126',\n\thstrok: '\\u0127',\n\tHumpDownHump: '\\u224E',\n\tHumpEqual: '\\u224F',\n\thybull: '\\u2043',\n\thyphen: '\\u2010',\n\tIacute: '\\u00CD',\n\tiacute: '\\u00ED',\n\tic: '\\u2063',\n\tIcirc: '\\u00CE',\n\ticirc: '\\u00EE',\n\tIcy: '\\u0418',\n\ticy: '\\u0438',\n\tIdot: '\\u0130',\n\tIEcy: '\\u0415',\n\tiecy: '\\u0435',\n\tiexcl: '\\u00A1',\n\tiff: '\\u21D4',\n\tIfr: '\\u2111',\n\tifr: '\\uD835\\uDD26',\n\tIgrave: '\\u00CC',\n\tigrave: '\\u00EC',\n\tii: '\\u2148',\n\tiiiint: '\\u2A0C',\n\tiiint: '\\u222D',\n\tiinfin: '\\u29DC',\n\tiiota: '\\u2129',\n\tIJlig: '\\u0132',\n\tijlig: '\\u0133',\n\tIm: '\\u2111',\n\tImacr: '\\u012A',\n\timacr: '\\u012B',\n\timage: '\\u2111',\n\tImaginaryI: '\\u2148',\n\timagline: '\\u2110',\n\timagpart: '\\u2111',\n\timath: '\\u0131',\n\timof: '\\u22B7',\n\timped: '\\u01B5',\n\tImplies: '\\u21D2',\n\tin: '\\u2208',\n\tincare: '\\u2105',\n\tinfin: '\\u221E',\n\tinfintie: '\\u29DD',\n\tinodot: '\\u0131',\n\tInt: '\\u222C',\n\tint: '\\u222B',\n\tintcal: '\\u22BA',\n\tintegers: '\\u2124',\n\tIntegral: '\\u222B',\n\tintercal: '\\u22BA',\n\tIntersection: '\\u22C2',\n\tintlarhk: '\\u2A17',\n\tintprod: '\\u2A3C',\n\tInvisibleComma: '\\u2063',\n\tInvisibleTimes: '\\u2062',\n\tIOcy: '\\u0401',\n\tiocy: '\\u0451',\n\tIogon: '\\u012E',\n\tiogon: '\\u012F',\n\tIopf: '\\uD835\\uDD40',\n\tiopf: '\\uD835\\uDD5A',\n\tIota: '\\u0399',\n\tiota: '\\u03B9',\n\tiprod: '\\u2A3C',\n\tiquest: '\\u00BF',\n\tIscr: '\\u2110',\n\tiscr: '\\uD835\\uDCBE',\n\tisin: '\\u2208',\n\tisindot: '\\u22F5',\n\tisinE: '\\u22F9',\n\tisins: '\\u22F4',\n\tisinsv: '\\u22F3',\n\tisinv: '\\u2208',\n\tit: '\\u2062',\n\tItilde: '\\u0128',\n\titilde: '\\u0129',\n\tIukcy: '\\u0406',\n\tiukcy: '\\u0456',\n\tIuml: '\\u00CF',\n\tiuml: '\\u00EF',\n\tJcirc: '\\u0134',\n\tjcirc: '\\u0135',\n\tJcy: '\\u0419',\n\tjcy: '\\u0439',\n\tJfr: '\\uD835\\uDD0D',\n\tjfr: '\\uD835\\uDD27',\n\tjmath: '\\u0237',\n\tJopf: '\\uD835\\uDD41',\n\tjopf: '\\uD835\\uDD5B',\n\tJscr: '\\uD835\\uDCA5',\n\tjscr: '\\uD835\\uDCBF',\n\tJsercy: '\\u0408',\n\tjsercy: '\\u0458',\n\tJukcy: '\\u0404',\n\tjukcy: '\\u0454',\n\tKappa: '\\u039A',\n\tkappa: '\\u03BA',\n\tkappav: '\\u03F0',\n\tKcedil: '\\u0136',\n\tkcedil: '\\u0137',\n\tKcy: '\\u041A',\n\tkcy: '\\u043A',\n\tKfr: '\\uD835\\uDD0E',\n\tkfr: '\\uD835\\uDD28',\n\tkgreen: '\\u0138',\n\tKHcy: '\\u0425',\n\tkhcy: '\\u0445',\n\tKJcy: '\\u040C',\n\tkjcy: '\\u045C',\n\tKopf: '\\uD835\\uDD42',\n\tkopf: '\\uD835\\uDD5C',\n\tKscr: '\\uD835\\uDCA6',\n\tkscr: '\\uD835\\uDCC0',\n\tlAarr: '\\u21DA',\n\tLacute: '\\u0139',\n\tlacute: '\\u013A',\n\tlaemptyv: '\\u29B4',\n\tlagran: '\\u2112',\n\tLambda: '\\u039B',\n\tlambda: '\\u03BB',\n\tLang: '\\u27EA',\n\tlang: '\\u27E8',\n\tlangd: '\\u2991',\n\tlangle: '\\u27E8',\n\tlap: '\\u2A85',\n\tLaplacetrf: '\\u2112',\n\tlaquo: '\\u00AB',\n\tLarr: '\\u219E',\n\tlArr: '\\u21D0',\n\tlarr: '\\u2190',\n\tlarrb: '\\u21E4',\n\tlarrbfs: '\\u291F',\n\tlarrfs: '\\u291D',\n\tlarrhk: '\\u21A9',\n\tlarrlp: '\\u21AB',\n\tlarrpl: '\\u2939',\n\tlarrsim: '\\u2973',\n\tlarrtl: '\\u21A2',\n\tlat: '\\u2AAB',\n\tlAtail: '\\u291B',\n\tlatail: '\\u2919',\n\tlate: '\\u2AAD',\n\tlates: '\\u2AAD\\uFE00',\n\tlBarr: '\\u290E',\n\tlbarr: '\\u290C',\n\tlbbrk: '\\u2772',\n\tlbrace: '\\u007B',\n\tlbrack: '\\u005B',\n\tlbrke: '\\u298B',\n\tlbrksld: '\\u298F',\n\tlbrkslu: '\\u298D',\n\tLcaron: '\\u013D',\n\tlcaron: '\\u013E',\n\tLcedil: '\\u013B',\n\tlcedil: '\\u013C',\n\tlceil: '\\u2308',\n\tlcub: '\\u007B',\n\tLcy: '\\u041B',\n\tlcy: '\\u043B',\n\tldca: '\\u2936',\n\tldquo: '\\u201C',\n\tldquor: '\\u201E',\n\tldrdhar: '\\u2967',\n\tldrushar: '\\u294B',\n\tldsh: '\\u21B2',\n\tlE: '\\u2266',\n\tle: '\\u2264',\n\tLeftAngleBracket: '\\u27E8',\n\tLeftArrow: '\\u2190',\n\tLeftarrow: '\\u21D0',\n\tleftarrow: '\\u2190',\n\tLeftArrowBar: '\\u21E4',\n\tLeftArrowRightArrow: '\\u21C6',\n\tleftarrowtail: '\\u21A2',\n\tLeftCeiling: '\\u2308',\n\tLeftDoubleBracket: '\\u27E6',\n\tLeftDownTeeVector: '\\u2961',\n\tLeftDownVector: '\\u21C3',\n\tLeftDownVectorBar: '\\u2959',\n\tLeftFloor: '\\u230A',\n\tleftharpoondown: '\\u21BD',\n\tleftharpoonup: '\\u21BC',\n\tleftleftarrows: '\\u21C7',\n\tLeftRightArrow: '\\u2194',\n\tLeftrightarrow: '\\u21D4',\n\tleftrightarrow: '\\u2194',\n\tleftrightarrows: '\\u21C6',\n\tleftrightharpoons: '\\u21CB',\n\tleftrightsquigarrow: '\\u21AD',\n\tLeftRightVector: '\\u294E',\n\tLeftTee: '\\u22A3',\n\tLeftTeeArrow: '\\u21A4',\n\tLeftTeeVector: '\\u295A',\n\tleftthreetimes: '\\u22CB',\n\tLeftTriangle: '\\u22B2',\n\tLeftTriangleBar: '\\u29CF',\n\tLeftTriangleEqual: '\\u22B4',\n\tLeftUpDownVector: '\\u2951',\n\tLeftUpTeeVector: '\\u2960',\n\tLeftUpVector: '\\u21BF',\n\tLeftUpVectorBar: '\\u2958',\n\tLeftVector: '\\u21BC',\n\tLeftVectorBar: '\\u2952',\n\tlEg: '\\u2A8B',\n\tleg: '\\u22DA',\n\tleq: '\\u2264',\n\tleqq: '\\u2266',\n\tleqslant: '\\u2A7D',\n\tles: '\\u2A7D',\n\tlescc: '\\u2AA8',\n\tlesdot: '\\u2A7F',\n\tlesdoto: '\\u2A81',\n\tlesdotor: '\\u2A83',\n\tlesg: '\\u22DA\\uFE00',\n\tlesges: '\\u2A93',\n\tlessapprox: '\\u2A85',\n\tlessdot: '\\u22D6',\n\tlesseqgtr: '\\u22DA',\n\tlesseqqgtr: '\\u2A8B',\n\tLessEqualGreater: '\\u22DA',\n\tLessFullEqual: '\\u2266',\n\tLessGreater: '\\u2276',\n\tlessgtr: '\\u2276',\n\tLessLess: '\\u2AA1',\n\tlesssim: '\\u2272',\n\tLessSlantEqual: '\\u2A7D',\n\tLessTilde: '\\u2272',\n\tlfisht: '\\u297C',\n\tlfloor: '\\u230A',\n\tLfr: '\\uD835\\uDD0F',\n\tlfr: '\\uD835\\uDD29',\n\tlg: '\\u2276',\n\tlgE: '\\u2A91',\n\tlHar: '\\u2962',\n\tlhard: '\\u21BD',\n\tlharu: '\\u21BC',\n\tlharul: '\\u296A',\n\tlhblk: '\\u2584',\n\tLJcy: '\\u0409',\n\tljcy: '\\u0459',\n\tLl: '\\u22D8',\n\tll: '\\u226A',\n\tllarr: '\\u21C7',\n\tllcorner: '\\u231E',\n\tLleftarrow: '\\u21DA',\n\tllhard: '\\u296B',\n\tlltri: '\\u25FA',\n\tLmidot: '\\u013F',\n\tlmidot: '\\u0140',\n\tlmoust: '\\u23B0',\n\tlmoustache: '\\u23B0',\n\tlnap: '\\u2A89',\n\tlnapprox: '\\u2A89',\n\tlnE: '\\u2268',\n\tlne: '\\u2A87',\n\tlneq: '\\u2A87',\n\tlneqq: '\\u2268',\n\tlnsim: '\\u22E6',\n\tloang: '\\u27EC',\n\tloarr: '\\u21FD',\n\tlobrk: '\\u27E6',\n\tLongLeftArrow: '\\u27F5',\n\tLongleftarrow: '\\u27F8',\n\tlongleftarrow: '\\u27F5',\n\tLongLeftRightArrow: '\\u27F7',\n\tLongleftrightarrow: '\\u27FA',\n\tlongleftrightarrow: '\\u27F7',\n\tlongmapsto: '\\u27FC',\n\tLongRightArrow: '\\u27F6',\n\tLongrightarrow: '\\u27F9',\n\tlongrightarrow: '\\u27F6',\n\tlooparrowleft: '\\u21AB',\n\tlooparrowright: '\\u21AC',\n\tlopar: '\\u2985',\n\tLopf: '\\uD835\\uDD43',\n\tlopf: '\\uD835\\uDD5D',\n\tloplus: '\\u2A2D',\n\tlotimes: '\\u2A34',\n\tlowast: '\\u2217',\n\tlowbar: '\\u005F',\n\tLowerLeftArrow: '\\u2199',\n\tLowerRightArrow: '\\u2198',\n\tloz: '\\u25CA',\n\tlozenge: '\\u25CA',\n\tlozf: '\\u29EB',\n\tlpar: '\\u0028',\n\tlparlt: '\\u2993',\n\tlrarr: '\\u21C6',\n\tlrcorner: '\\u231F',\n\tlrhar: '\\u21CB',\n\tlrhard: '\\u296D',\n\tlrm: '\\u200E',\n\tlrtri: '\\u22BF',\n\tlsaquo: '\\u2039',\n\tLscr: '\\u2112',\n\tlscr: '\\uD835\\uDCC1',\n\tLsh: '\\u21B0',\n\tlsh: '\\u21B0',\n\tlsim: '\\u2272',\n\tlsime: '\\u2A8D',\n\tlsimg: '\\u2A8F',\n\tlsqb: '\\u005B',\n\tlsquo: '\\u2018',\n\tlsquor: '\\u201A',\n\tLstrok: '\\u0141',\n\tlstrok: '\\u0142',\n\tLt: '\\u226A',\n\tLT: '\\u003C',\n\tlt: '\\u003C',\n\tltcc: '\\u2AA6',\n\tltcir: '\\u2A79',\n\tltdot: '\\u22D6',\n\tlthree: '\\u22CB',\n\tltimes: '\\u22C9',\n\tltlarr: '\\u2976',\n\tltquest: '\\u2A7B',\n\tltri: '\\u25C3',\n\tltrie: '\\u22B4',\n\tltrif: '\\u25C2',\n\tltrPar: '\\u2996',\n\tlurdshar: '\\u294A',\n\tluruhar: '\\u2966',\n\tlvertneqq: '\\u2268\\uFE00',\n\tlvnE: '\\u2268\\uFE00',\n\tmacr: '\\u00AF',\n\tmale: '\\u2642',\n\tmalt: '\\u2720',\n\tmaltese: '\\u2720',\n\tMap: '\\u2905',\n\tmap: '\\u21A6',\n\tmapsto: '\\u21A6',\n\tmapstodown: '\\u21A7',\n\tmapstoleft: '\\u21A4',\n\tmapstoup: '\\u21A5',\n\tmarker: '\\u25AE',\n\tmcomma: '\\u2A29',\n\tMcy: '\\u041C',\n\tmcy: '\\u043C',\n\tmdash: '\\u2014',\n\tmDDot: '\\u223A',\n\tmeasuredangle: '\\u2221',\n\tMediumSpace: '\\u205F',\n\tMellintrf: '\\u2133',\n\tMfr: '\\uD835\\uDD10',\n\tmfr: '\\uD835\\uDD2A',\n\tmho: '\\u2127',\n\tmicro: '\\u00B5',\n\tmid: '\\u2223',\n\tmidast: '\\u002A',\n\tmidcir: '\\u2AF0',\n\tmiddot: '\\u00B7',\n\tminus: '\\u2212',\n\tminusb: '\\u229F',\n\tminusd: '\\u2238',\n\tminusdu: '\\u2A2A',\n\tMinusPlus: '\\u2213',\n\tmlcp: '\\u2ADB',\n\tmldr: '\\u2026',\n\tmnplus: '\\u2213',\n\tmodels: '\\u22A7',\n\tMopf: '\\uD835\\uDD44',\n\tmopf: '\\uD835\\uDD5E',\n\tmp: '\\u2213',\n\tMscr: '\\u2133',\n\tmscr: '\\uD835\\uDCC2',\n\tmstpos: '\\u223E',\n\tMu: '\\u039C',\n\tmu: '\\u03BC',\n\tmultimap: '\\u22B8',\n\tmumap: '\\u22B8',\n\tnabla: '\\u2207',\n\tNacute: '\\u0143',\n\tnacute: '\\u0144',\n\tnang: '\\u2220\\u20D2',\n\tnap: '\\u2249',\n\tnapE: '\\u2A70\\u0338',\n\tnapid: '\\u224B\\u0338',\n\tnapos: '\\u0149',\n\tnapprox: '\\u2249',\n\tnatur: '\\u266E',\n\tnatural: '\\u266E',\n\tnaturals: '\\u2115',\n\tnbsp: '\\u00A0',\n\tnbump: '\\u224E\\u0338',\n\tnbumpe: '\\u224F\\u0338',\n\tncap: '\\u2A43',\n\tNcaron: '\\u0147',\n\tncaron: '\\u0148',\n\tNcedil: '\\u0145',\n\tncedil: '\\u0146',\n\tncong: '\\u2247',\n\tncongdot: '\\u2A6D\\u0338',\n\tncup: '\\u2A42',\n\tNcy: '\\u041D',\n\tncy: '\\u043D',\n\tndash: '\\u2013',\n\tne: '\\u2260',\n\tnearhk: '\\u2924',\n\tneArr: '\\u21D7',\n\tnearr: '\\u2197',\n\tnearrow: '\\u2197',\n\tnedot: '\\u2250\\u0338',\n\tNegativeMediumSpace: '\\u200B',\n\tNegativeThickSpace: '\\u200B',\n\tNegativeThinSpace: '\\u200B',\n\tNegativeVeryThinSpace: '\\u200B',\n\tnequiv: '\\u2262',\n\tnesear: '\\u2928',\n\tnesim: '\\u2242\\u0338',\n\tNestedGreaterGreater: '\\u226B',\n\tNestedLessLess: '\\u226A',\n\tNewLine: '\\u000A',\n\tnexist: '\\u2204',\n\tnexists: '\\u2204',\n\tNfr: '\\uD835\\uDD11',\n\tnfr: '\\uD835\\uDD2B',\n\tngE: '\\u2267\\u0338',\n\tnge: '\\u2271',\n\tngeq: '\\u2271',\n\tngeqq: '\\u2267\\u0338',\n\tngeqslant: '\\u2A7E\\u0338',\n\tnges: '\\u2A7E\\u0338',\n\tnGg: '\\u22D9\\u0338',\n\tngsim: '\\u2275',\n\tnGt: '\\u226B\\u20D2',\n\tngt: '\\u226F',\n\tngtr: '\\u226F',\n\tnGtv: '\\u226B\\u0338',\n\tnhArr: '\\u21CE',\n\tnharr: '\\u21AE',\n\tnhpar: '\\u2AF2',\n\tni: '\\u220B',\n\tnis: '\\u22FC',\n\tnisd: '\\u22FA',\n\tniv: '\\u220B',\n\tNJcy: '\\u040A',\n\tnjcy: '\\u045A',\n\tnlArr: '\\u21CD',\n\tnlarr: '\\u219A',\n\tnldr: '\\u2025',\n\tnlE: '\\u2266\\u0338',\n\tnle: '\\u2270',\n\tnLeftarrow: '\\u21CD',\n\tnleftarrow: '\\u219A',\n\tnLeftrightarrow: '\\u21CE',\n\tnleftrightarrow: '\\u21AE',\n\tnleq: '\\u2270',\n\tnleqq: '\\u2266\\u0338',\n\tnleqslant: '\\u2A7D\\u0338',\n\tnles: '\\u2A7D\\u0338',\n\tnless: '\\u226E',\n\tnLl: '\\u22D8\\u0338',\n\tnlsim: '\\u2274',\n\tnLt: '\\u226A\\u20D2',\n\tnlt: '\\u226E',\n\tnltri: '\\u22EA',\n\tnltrie: '\\u22EC',\n\tnLtv: '\\u226A\\u0338',\n\tnmid: '\\u2224',\n\tNoBreak: '\\u2060',\n\tNonBreakingSpace: '\\u00A0',\n\tNopf: '\\u2115',\n\tnopf: '\\uD835\\uDD5F',\n\tNot: '\\u2AEC',\n\tnot: '\\u00AC',\n\tNotCongruent: '\\u2262',\n\tNotCupCap: '\\u226D',\n\tNotDoubleVerticalBar: '\\u2226',\n\tNotElement: '\\u2209',\n\tNotEqual: '\\u2260',\n\tNotEqualTilde: '\\u2242\\u0338',\n\tNotExists: '\\u2204',\n\tNotGreater: '\\u226F',\n\tNotGreaterEqual: '\\u2271',\n\tNotGreaterFullEqual: '\\u2267\\u0338',\n\tNotGreaterGreater: '\\u226B\\u0338',\n\tNotGreaterLess: '\\u2279',\n\tNotGreaterSlantEqual: '\\u2A7E\\u0338',\n\tNotGreaterTilde: '\\u2275',\n\tNotHumpDownHump: '\\u224E\\u0338',\n\tNotHumpEqual: '\\u224F\\u0338',\n\tnotin: '\\u2209',\n\tnotindot: '\\u22F5\\u0338',\n\tnotinE: '\\u22F9\\u0338',\n\tnotinva: '\\u2209',\n\tnotinvb: '\\u22F7',\n\tnotinvc: '\\u22F6',\n\tNotLeftTriangle: '\\u22EA',\n\tNotLeftTriangleBar: '\\u29CF\\u0338',\n\tNotLeftTriangleEqual: '\\u22EC',\n\tNotLess: '\\u226E',\n\tNotLessEqual: '\\u2270',\n\tNotLessGreater: '\\u2278',\n\tNotLessLess: '\\u226A\\u0338',\n\tNotLessSlantEqual: '\\u2A7D\\u0338',\n\tNotLessTilde: '\\u2274',\n\tNotNestedGreaterGreater: '\\u2AA2\\u0338',\n\tNotNestedLessLess: '\\u2AA1\\u0338',\n\tnotni: '\\u220C',\n\tnotniva: '\\u220C',\n\tnotnivb: '\\u22FE',\n\tnotnivc: '\\u22FD',\n\tNotPrecedes: '\\u2280',\n\tNotPrecedesEqual: '\\u2AAF\\u0338',\n\tNotPrecedesSlantEqual: '\\u22E0',\n\tNotReverseElement: '\\u220C',\n\tNotRightTriangle: '\\u22EB',\n\tNotRightTriangleBar: '\\u29D0\\u0338',\n\tNotRightTriangleEqual: '\\u22ED',\n\tNotSquareSubset: '\\u228F\\u0338',\n\tNotSquareSubsetEqual: '\\u22E2',\n\tNotSquareSuperset: '\\u2290\\u0338',\n\tNotSquareSupersetEqual: '\\u22E3',\n\tNotSubset: '\\u2282\\u20D2',\n\tNotSubsetEqual: '\\u2288',\n\tNotSucceeds: '\\u2281',\n\tNotSucceedsEqual: '\\u2AB0\\u0338',\n\tNotSucceedsSlantEqual: '\\u22E1',\n\tNotSucceedsTilde: '\\u227F\\u0338',\n\tNotSuperset: '\\u2283\\u20D2',\n\tNotSupersetEqual: '\\u2289',\n\tNotTilde: '\\u2241',\n\tNotTildeEqual: '\\u2244',\n\tNotTildeFullEqual: '\\u2247',\n\tNotTildeTilde: '\\u2249',\n\tNotVerticalBar: '\\u2224',\n\tnpar: '\\u2226',\n\tnparallel: '\\u2226',\n\tnparsl: '\\u2AFD\\u20E5',\n\tnpart: '\\u2202\\u0338',\n\tnpolint: '\\u2A14',\n\tnpr: '\\u2280',\n\tnprcue: '\\u22E0',\n\tnpre: '\\u2AAF\\u0338',\n\tnprec: '\\u2280',\n\tnpreceq: '\\u2AAF\\u0338',\n\tnrArr: '\\u21CF',\n\tnrarr: '\\u219B',\n\tnrarrc: '\\u2933\\u0338',\n\tnrarrw: '\\u219D\\u0338',\n\tnRightarrow: '\\u21CF',\n\tnrightarrow: '\\u219B',\n\tnrtri: '\\u22EB',\n\tnrtrie: '\\u22ED',\n\tnsc: '\\u2281',\n\tnsccue: '\\u22E1',\n\tnsce: '\\u2AB0\\u0338',\n\tNscr: '\\uD835\\uDCA9',\n\tnscr: '\\uD835\\uDCC3',\n\tnshortmid: '\\u2224',\n\tnshortparallel: '\\u2226',\n\tnsim: '\\u2241',\n\tnsime: '\\u2244',\n\tnsimeq: '\\u2244',\n\tnsmid: '\\u2224',\n\tnspar: '\\u2226',\n\tnsqsube: '\\u22E2',\n\tnsqsupe: '\\u22E3',\n\tnsub: '\\u2284',\n\tnsubE: '\\u2AC5\\u0338',\n\tnsube: '\\u2288',\n\tnsubset: '\\u2282\\u20D2',\n\tnsubseteq: '\\u2288',\n\tnsubseteqq: '\\u2AC5\\u0338',\n\tnsucc: '\\u2281',\n\tnsucceq: '\\u2AB0\\u0338',\n\tnsup: '\\u2285',\n\tnsupE: '\\u2AC6\\u0338',\n\tnsupe: '\\u2289',\n\tnsupset: '\\u2283\\u20D2',\n\tnsupseteq: '\\u2289',\n\tnsupseteqq: '\\u2AC6\\u0338',\n\tntgl: '\\u2279',\n\tNtilde: '\\u00D1',\n\tntilde: '\\u00F1',\n\tntlg: '\\u2278',\n\tntriangleleft: '\\u22EA',\n\tntrianglelefteq: '\\u22EC',\n\tntriangleright: '\\u22EB',\n\tntrianglerighteq: '\\u22ED',\n\tNu: '\\u039D',\n\tnu: '\\u03BD',\n\tnum: '\\u0023',\n\tnumero: '\\u2116',\n\tnumsp: '\\u2007',\n\tnvap: '\\u224D\\u20D2',\n\tnVDash: '\\u22AF',\n\tnVdash: '\\u22AE',\n\tnvDash: '\\u22AD',\n\tnvdash: '\\u22AC',\n\tnvge: '\\u2265\\u20D2',\n\tnvgt: '\\u003E\\u20D2',\n\tnvHarr: '\\u2904',\n\tnvinfin: '\\u29DE',\n\tnvlArr: '\\u2902',\n\tnvle: '\\u2264\\u20D2',\n\tnvlt: '\\u003C\\u20D2',\n\tnvltrie: '\\u22B4\\u20D2',\n\tnvrArr: '\\u2903',\n\tnvrtrie: '\\u22B5\\u20D2',\n\tnvsim: '\\u223C\\u20D2',\n\tnwarhk: '\\u2923',\n\tnwArr: '\\u21D6',\n\tnwarr: '\\u2196',\n\tnwarrow: '\\u2196',\n\tnwnear: '\\u2927',\n\tOacute: '\\u00D3',\n\toacute: '\\u00F3',\n\toast: '\\u229B',\n\tocir: '\\u229A',\n\tOcirc: '\\u00D4',\n\tocirc: '\\u00F4',\n\tOcy: '\\u041E',\n\tocy: '\\u043E',\n\todash: '\\u229D',\n\tOdblac: '\\u0150',\n\todblac: '\\u0151',\n\todiv: '\\u2A38',\n\todot: '\\u2299',\n\todsold: '\\u29BC',\n\tOElig: '\\u0152',\n\toelig: '\\u0153',\n\tofcir: '\\u29BF',\n\tOfr: '\\uD835\\uDD12',\n\tofr: '\\uD835\\uDD2C',\n\togon: '\\u02DB',\n\tOgrave: '\\u00D2',\n\tograve: '\\u00F2',\n\togt: '\\u29C1',\n\tohbar: '\\u29B5',\n\tohm: '\\u03A9',\n\toint: '\\u222E',\n\tolarr: '\\u21BA',\n\tolcir: '\\u29BE',\n\tolcross: '\\u29BB',\n\toline: '\\u203E',\n\tolt: '\\u29C0',\n\tOmacr: '\\u014C',\n\tomacr: '\\u014D',\n\tOmega: '\\u03A9',\n\tomega: '\\u03C9',\n\tOmicron: '\\u039F',\n\tomicron: '\\u03BF',\n\tomid: '\\u29B6',\n\tominus: '\\u2296',\n\tOopf: '\\uD835\\uDD46',\n\toopf: '\\uD835\\uDD60',\n\topar: '\\u29B7',\n\tOpenCurlyDoubleQuote: '\\u201C',\n\tOpenCurlyQuote: '\\u2018',\n\toperp: '\\u29B9',\n\toplus: '\\u2295',\n\tOr: '\\u2A54',\n\tor: '\\u2228',\n\torarr: '\\u21BB',\n\tord: '\\u2A5D',\n\torder: '\\u2134',\n\torderof: '\\u2134',\n\tordf: '\\u00AA',\n\tordm: '\\u00BA',\n\torigof: '\\u22B6',\n\toror: '\\u2A56',\n\torslope: '\\u2A57',\n\torv: '\\u2A5B',\n\toS: '\\u24C8',\n\tOscr: '\\uD835\\uDCAA',\n\toscr: '\\u2134',\n\tOslash: '\\u00D8',\n\toslash: '\\u00F8',\n\tosol: '\\u2298',\n\tOtilde: '\\u00D5',\n\totilde: '\\u00F5',\n\tOtimes: '\\u2A37',\n\totimes: '\\u2297',\n\totimesas: '\\u2A36',\n\tOuml: '\\u00D6',\n\touml: '\\u00F6',\n\tovbar: '\\u233D',\n\tOverBar: '\\u203E',\n\tOverBrace: '\\u23DE',\n\tOverBracket: '\\u23B4',\n\tOverParenthesis: '\\u23DC',\n\tpar: '\\u2225',\n\tpara: '\\u00B6',\n\tparallel: '\\u2225',\n\tparsim: '\\u2AF3',\n\tparsl: '\\u2AFD',\n\tpart: '\\u2202',\n\tPartialD: '\\u2202',\n\tPcy: '\\u041F',\n\tpcy: '\\u043F',\n\tpercnt: '\\u0025',\n\tperiod: '\\u002E',\n\tpermil: '\\u2030',\n\tperp: '\\u22A5',\n\tpertenk: '\\u2031',\n\tPfr: '\\uD835\\uDD13',\n\tpfr: '\\uD835\\uDD2D',\n\tPhi: '\\u03A6',\n\tphi: '\\u03C6',\n\tphiv: '\\u03D5',\n\tphmmat: '\\u2133',\n\tphone: '\\u260E',\n\tPi: '\\u03A0',\n\tpi: '\\u03C0',\n\tpitchfork: '\\u22D4',\n\tpiv: '\\u03D6',\n\tplanck: '\\u210F',\n\tplanckh: '\\u210E',\n\tplankv: '\\u210F',\n\tplus: '\\u002B',\n\tplusacir: '\\u2A23',\n\tplusb: '\\u229E',\n\tpluscir: '\\u2A22',\n\tplusdo: '\\u2214',\n\tplusdu: '\\u2A25',\n\tpluse: '\\u2A72',\n\tPlusMinus: '\\u00B1',\n\tplusmn: '\\u00B1',\n\tplussim: '\\u2A26',\n\tplustwo: '\\u2A27',\n\tpm: '\\u00B1',\n\tPoincareplane: '\\u210C',\n\tpointint: '\\u2A15',\n\tPopf: '\\u2119',\n\tpopf: '\\uD835\\uDD61',\n\tpound: '\\u00A3',\n\tPr: '\\u2ABB',\n\tpr: '\\u227A',\n\tprap: '\\u2AB7',\n\tprcue: '\\u227C',\n\tprE: '\\u2AB3',\n\tpre: '\\u2AAF',\n\tprec: '\\u227A',\n\tprecapprox: '\\u2AB7',\n\tpreccurlyeq: '\\u227C',\n\tPrecedes: '\\u227A',\n\tPrecedesEqual: '\\u2AAF',\n\tPrecedesSlantEqual: '\\u227C',\n\tPrecedesTilde: '\\u227E',\n\tpreceq: '\\u2AAF',\n\tprecnapprox: '\\u2AB9',\n\tprecneqq: '\\u2AB5',\n\tprecnsim: '\\u22E8',\n\tprecsim: '\\u227E',\n\tPrime: '\\u2033',\n\tprime: '\\u2032',\n\tprimes: '\\u2119',\n\tprnap: '\\u2AB9',\n\tprnE: '\\u2AB5',\n\tprnsim: '\\u22E8',\n\tprod: '\\u220F',\n\tProduct: '\\u220F',\n\tprofalar: '\\u232E',\n\tprofline: '\\u2312',\n\tprofsurf: '\\u2313',\n\tprop: '\\u221D',\n\tProportion: '\\u2237',\n\tProportional: '\\u221D',\n\tpropto: '\\u221D',\n\tprsim: '\\u227E',\n\tprurel: '\\u22B0',\n\tPscr: '\\uD835\\uDCAB',\n\tpscr: '\\uD835\\uDCC5',\n\tPsi: '\\u03A8',\n\tpsi: '\\u03C8',\n\tpuncsp: '\\u2008',\n\tQfr: '\\uD835\\uDD14',\n\tqfr: '\\uD835\\uDD2E',\n\tqint: '\\u2A0C',\n\tQopf: '\\u211A',\n\tqopf: '\\uD835\\uDD62',\n\tqprime: '\\u2057',\n\tQscr: '\\uD835\\uDCAC',\n\tqscr: '\\uD835\\uDCC6',\n\tquaternions: '\\u210D',\n\tquatint: '\\u2A16',\n\tquest: '\\u003F',\n\tquesteq: '\\u225F',\n\tQUOT: '\\u0022',\n\tquot: '\\u0022',\n\trAarr: '\\u21DB',\n\trace: '\\u223D\\u0331',\n\tRacute: '\\u0154',\n\tracute: '\\u0155',\n\tradic: '\\u221A',\n\traemptyv: '\\u29B3',\n\tRang: '\\u27EB',\n\trang: '\\u27E9',\n\trangd: '\\u2992',\n\trange: '\\u29A5',\n\trangle: '\\u27E9',\n\traquo: '\\u00BB',\n\tRarr: '\\u21A0',\n\trArr: '\\u21D2',\n\trarr: '\\u2192',\n\trarrap: '\\u2975',\n\trarrb: '\\u21E5',\n\trarrbfs: '\\u2920',\n\trarrc: '\\u2933',\n\trarrfs: '\\u291E',\n\trarrhk: '\\u21AA',\n\trarrlp: '\\u21AC',\n\trarrpl: '\\u2945',\n\trarrsim: '\\u2974',\n\tRarrtl: '\\u2916',\n\trarrtl: '\\u21A3',\n\trarrw: '\\u219D',\n\trAtail: '\\u291C',\n\tratail: '\\u291A',\n\tratio: '\\u2236',\n\trationals: '\\u211A',\n\tRBarr: '\\u2910',\n\trBarr: '\\u290F',\n\trbarr: '\\u290D',\n\trbbrk: '\\u2773',\n\trbrace: '\\u007D',\n\trbrack: '\\u005D',\n\trbrke: '\\u298C',\n\trbrksld: '\\u298E',\n\trbrkslu: '\\u2990',\n\tRcaron: '\\u0158',\n\trcaron: '\\u0159',\n\tRcedil: '\\u0156',\n\trcedil: '\\u0157',\n\trceil: '\\u2309',\n\trcub: '\\u007D',\n\tRcy: '\\u0420',\n\trcy: '\\u0440',\n\trdca: '\\u2937',\n\trdldhar: '\\u2969',\n\trdquo: '\\u201D',\n\trdquor: '\\u201D',\n\trdsh: '\\u21B3',\n\tRe: '\\u211C',\n\treal: '\\u211C',\n\trealine: '\\u211B',\n\trealpart: '\\u211C',\n\treals: '\\u211D',\n\trect: '\\u25AD',\n\tREG: '\\u00AE',\n\treg: '\\u00AE',\n\tReverseElement: '\\u220B',\n\tReverseEquilibrium: '\\u21CB',\n\tReverseUpEquilibrium: '\\u296F',\n\trfisht: '\\u297D',\n\trfloor: '\\u230B',\n\tRfr: '\\u211C',\n\trfr: '\\uD835\\uDD2F',\n\trHar: '\\u2964',\n\trhard: '\\u21C1',\n\trharu: '\\u21C0',\n\trharul: '\\u296C',\n\tRho: '\\u03A1',\n\trho: '\\u03C1',\n\trhov: '\\u03F1',\n\tRightAngleBracket: '\\u27E9',\n\tRightArrow: '\\u2192',\n\tRightarrow: '\\u21D2',\n\trightarrow: '\\u2192',\n\tRightArrowBar: '\\u21E5',\n\tRightArrowLeftArrow: '\\u21C4',\n\trightarrowtail: '\\u21A3',\n\tRightCeiling: '\\u2309',\n\tRightDoubleBracket: '\\u27E7',\n\tRightDownTeeVector: '\\u295D',\n\tRightDownVector: '\\u21C2',\n\tRightDownVectorBar: '\\u2955',\n\tRightFloor: '\\u230B',\n\trightharpoondown: '\\u21C1',\n\trightharpoonup: '\\u21C0',\n\trightleftarrows: '\\u21C4',\n\trightleftharpoons: '\\u21CC',\n\trightrightarrows: '\\u21C9',\n\trightsquigarrow: '\\u219D',\n\tRightTee: '\\u22A2',\n\tRightTeeArrow: '\\u21A6',\n\tRightTeeVector: '\\u295B',\n\trightthreetimes: '\\u22CC',\n\tRightTriangle: '\\u22B3',\n\tRightTriangleBar: '\\u29D0',\n\tRightTriangleEqual: '\\u22B5',\n\tRightUpDownVector: '\\u294F',\n\tRightUpTeeVector: '\\u295C',\n\tRightUpVector: '\\u21BE',\n\tRightUpVectorBar: '\\u2954',\n\tRightVector: '\\u21C0',\n\tRightVectorBar: '\\u2953',\n\tring: '\\u02DA',\n\trisingdotseq: '\\u2253',\n\trlarr: '\\u21C4',\n\trlhar: '\\u21CC',\n\trlm: '\\u200F',\n\trmoust: '\\u23B1',\n\trmoustache: '\\u23B1',\n\trnmid: '\\u2AEE',\n\troang: '\\u27ED',\n\troarr: '\\u21FE',\n\trobrk: '\\u27E7',\n\tropar: '\\u2986',\n\tRopf: '\\u211D',\n\tropf: '\\uD835\\uDD63',\n\troplus: '\\u2A2E',\n\trotimes: '\\u2A35',\n\tRoundImplies: '\\u2970',\n\trpar: '\\u0029',\n\trpargt: '\\u2994',\n\trppolint: '\\u2A12',\n\trrarr: '\\u21C9',\n\tRrightarrow: '\\u21DB',\n\trsaquo: '\\u203A',\n\tRscr: '\\u211B',\n\trscr: '\\uD835\\uDCC7',\n\tRsh: '\\u21B1',\n\trsh: '\\u21B1',\n\trsqb: '\\u005D',\n\trsquo: '\\u2019',\n\trsquor: '\\u2019',\n\trthree: '\\u22CC',\n\trtimes: '\\u22CA',\n\trtri: '\\u25B9',\n\trtrie: '\\u22B5',\n\trtrif: '\\u25B8',\n\trtriltri: '\\u29CE',\n\tRuleDelayed: '\\u29F4',\n\truluhar: '\\u2968',\n\trx: '\\u211E',\n\tSacute: '\\u015A',\n\tsacute: '\\u015B',\n\tsbquo: '\\u201A',\n\tSc: '\\u2ABC',\n\tsc: '\\u227B',\n\tscap: '\\u2AB8',\n\tScaron: '\\u0160',\n\tscaron: '\\u0161',\n\tsccue: '\\u227D',\n\tscE: '\\u2AB4',\n\tsce: '\\u2AB0',\n\tScedil: '\\u015E',\n\tscedil: '\\u015F',\n\tScirc: '\\u015C',\n\tscirc: '\\u015D',\n\tscnap: '\\u2ABA',\n\tscnE: '\\u2AB6',\n\tscnsim: '\\u22E9',\n\tscpolint: '\\u2A13',\n\tscsim: '\\u227F',\n\tScy: '\\u0421',\n\tscy: '\\u0441',\n\tsdot: '\\u22C5',\n\tsdotb: '\\u22A1',\n\tsdote: '\\u2A66',\n\tsearhk: '\\u2925',\n\tseArr: '\\u21D8',\n\tsearr: '\\u2198',\n\tsearrow: '\\u2198',\n\tsect: '\\u00A7',\n\tsemi: '\\u003B',\n\tseswar: '\\u2929',\n\tsetminus: '\\u2216',\n\tsetmn: '\\u2216',\n\tsext: '\\u2736',\n\tSfr: '\\uD835\\uDD16',\n\tsfr: '\\uD835\\uDD30',\n\tsfrown: '\\u2322',\n\tsharp: '\\u266F',\n\tSHCHcy: '\\u0429',\n\tshchcy: '\\u0449',\n\tSHcy: '\\u0428',\n\tshcy: '\\u0448',\n\tShortDownArrow: '\\u2193',\n\tShortLeftArrow: '\\u2190',\n\tshortmid: '\\u2223',\n\tshortparallel: '\\u2225',\n\tShortRightArrow: '\\u2192',\n\tShortUpArrow: '\\u2191',\n\tshy: '\\u00AD',\n\tSigma: '\\u03A3',\n\tsigma: '\\u03C3',\n\tsigmaf: '\\u03C2',\n\tsigmav: '\\u03C2',\n\tsim: '\\u223C',\n\tsimdot: '\\u2A6A',\n\tsime: '\\u2243',\n\tsimeq: '\\u2243',\n\tsimg: '\\u2A9E',\n\tsimgE: '\\u2AA0',\n\tsiml: '\\u2A9D',\n\tsimlE: '\\u2A9F',\n\tsimne: '\\u2246',\n\tsimplus: '\\u2A24',\n\tsimrarr: '\\u2972',\n\tslarr: '\\u2190',\n\tSmallCircle: '\\u2218',\n\tsmallsetminus: '\\u2216',\n\tsmashp: '\\u2A33',\n\tsmeparsl: '\\u29E4',\n\tsmid: '\\u2223',\n\tsmile: '\\u2323',\n\tsmt: '\\u2AAA',\n\tsmte: '\\u2AAC',\n\tsmtes: '\\u2AAC\\uFE00',\n\tSOFTcy: '\\u042C',\n\tsoftcy: '\\u044C',\n\tsol: '\\u002F',\n\tsolb: '\\u29C4',\n\tsolbar: '\\u233F',\n\tSopf: '\\uD835\\uDD4A',\n\tsopf: '\\uD835\\uDD64',\n\tspades: '\\u2660',\n\tspadesuit: '\\u2660',\n\tspar: '\\u2225',\n\tsqcap: '\\u2293',\n\tsqcaps: '\\u2293\\uFE00',\n\tsqcup: '\\u2294',\n\tsqcups: '\\u2294\\uFE00',\n\tSqrt: '\\u221A',\n\tsqsub: '\\u228F',\n\tsqsube: '\\u2291',\n\tsqsubset: '\\u228F',\n\tsqsubseteq: '\\u2291',\n\tsqsup: '\\u2290',\n\tsqsupe: '\\u2292',\n\tsqsupset: '\\u2290',\n\tsqsupseteq: '\\u2292',\n\tsqu: '\\u25A1',\n\tSquare: '\\u25A1',\n\tsquare: '\\u25A1',\n\tSquareIntersection: '\\u2293',\n\tSquareSubset: '\\u228F',\n\tSquareSubsetEqual: '\\u2291',\n\tSquareSuperset: '\\u2290',\n\tSquareSupersetEqual: '\\u2292',\n\tSquareUnion: '\\u2294',\n\tsquarf: '\\u25AA',\n\tsquf: '\\u25AA',\n\tsrarr: '\\u2192',\n\tSscr: '\\uD835\\uDCAE',\n\tsscr: '\\uD835\\uDCC8',\n\tssetmn: '\\u2216',\n\tssmile: '\\u2323',\n\tsstarf: '\\u22C6',\n\tStar: '\\u22C6',\n\tstar: '\\u2606',\n\tstarf: '\\u2605',\n\tstraightepsilon: '\\u03F5',\n\tstraightphi: '\\u03D5',\n\tstrns: '\\u00AF',\n\tSub: '\\u22D0',\n\tsub: '\\u2282',\n\tsubdot: '\\u2ABD',\n\tsubE: '\\u2AC5',\n\tsube: '\\u2286',\n\tsubedot: '\\u2AC3',\n\tsubmult: '\\u2AC1',\n\tsubnE: '\\u2ACB',\n\tsubne: '\\u228A',\n\tsubplus: '\\u2ABF',\n\tsubrarr: '\\u2979',\n\tSubset: '\\u22D0',\n\tsubset: '\\u2282',\n\tsubseteq: '\\u2286',\n\tsubseteqq: '\\u2AC5',\n\tSubsetEqual: '\\u2286',\n\tsubsetneq: '\\u228A',\n\tsubsetneqq: '\\u2ACB',\n\tsubsim: '\\u2AC7',\n\tsubsub: '\\u2AD5',\n\tsubsup: '\\u2AD3',\n\tsucc: '\\u227B',\n\tsuccapprox: '\\u2AB8',\n\tsucccurlyeq: '\\u227D',\n\tSucceeds: '\\u227B',\n\tSucceedsEqual: '\\u2AB0',\n\tSucceedsSlantEqual: '\\u227D',\n\tSucceedsTilde: '\\u227F',\n\tsucceq: '\\u2AB0',\n\tsuccnapprox: '\\u2ABA',\n\tsuccneqq: '\\u2AB6',\n\tsuccnsim: '\\u22E9',\n\tsuccsim: '\\u227F',\n\tSuchThat: '\\u220B',\n\tSum: '\\u2211',\n\tsum: '\\u2211',\n\tsung: '\\u266A',\n\tSup: '\\u22D1',\n\tsup: '\\u2283',\n\tsup1: '\\u00B9',\n\tsup2: '\\u00B2',\n\tsup3: '\\u00B3',\n\tsupdot: '\\u2ABE',\n\tsupdsub: '\\u2AD8',\n\tsupE: '\\u2AC6',\n\tsupe: '\\u2287',\n\tsupedot: '\\u2AC4',\n\tSuperset: '\\u2283',\n\tSupersetEqual: '\\u2287',\n\tsuphsol: '\\u27C9',\n\tsuphsub: '\\u2AD7',\n\tsuplarr: '\\u297B',\n\tsupmult: '\\u2AC2',\n\tsupnE: '\\u2ACC',\n\tsupne: '\\u228B',\n\tsupplus: '\\u2AC0',\n\tSupset: '\\u22D1',\n\tsupset: '\\u2283',\n\tsupseteq: '\\u2287',\n\tsupseteqq: '\\u2AC6',\n\tsupsetneq: '\\u228B',\n\tsupsetneqq: '\\u2ACC',\n\tsupsim: '\\u2AC8',\n\tsupsub: '\\u2AD4',\n\tsupsup: '\\u2AD6',\n\tswarhk: '\\u2926',\n\tswArr: '\\u21D9',\n\tswarr: '\\u2199',\n\tswarrow: '\\u2199',\n\tswnwar: '\\u292A',\n\tszlig: '\\u00DF',\n\tTab: '\\u0009',\n\ttarget: '\\u2316',\n\tTau: '\\u03A4',\n\ttau: '\\u03C4',\n\ttbrk: '\\u23B4',\n\tTcaron: '\\u0164',\n\ttcaron: '\\u0165',\n\tTcedil: '\\u0162',\n\ttcedil: '\\u0163',\n\tTcy: '\\u0422',\n\ttcy: '\\u0442',\n\ttdot: '\\u20DB',\n\ttelrec: '\\u2315',\n\tTfr: '\\uD835\\uDD17',\n\ttfr: '\\uD835\\uDD31',\n\tthere4: '\\u2234',\n\tTherefore: '\\u2234',\n\ttherefore: '\\u2234',\n\tTheta: '\\u0398',\n\ttheta: '\\u03B8',\n\tthetasym: '\\u03D1',\n\tthetav: '\\u03D1',\n\tthickapprox: '\\u2248',\n\tthicksim: '\\u223C',\n\tThickSpace: '\\u205F\\u200A',\n\tthinsp: '\\u2009',\n\tThinSpace: '\\u2009',\n\tthkap: '\\u2248',\n\tthksim: '\\u223C',\n\tTHORN: '\\u00DE',\n\tthorn: '\\u00FE',\n\tTilde: '\\u223C',\n\ttilde: '\\u02DC',\n\tTildeEqual: '\\u2243',\n\tTildeFullEqual: '\\u2245',\n\tTildeTilde: '\\u2248',\n\ttimes: '\\u00D7',\n\ttimesb: '\\u22A0',\n\ttimesbar: '\\u2A31',\n\ttimesd: '\\u2A30',\n\ttint: '\\u222D',\n\ttoea: '\\u2928',\n\ttop: '\\u22A4',\n\ttopbot: '\\u2336',\n\ttopcir: '\\u2AF1',\n\tTopf: '\\uD835\\uDD4B',\n\ttopf: '\\uD835\\uDD65',\n\ttopfork: '\\u2ADA',\n\ttosa: '\\u2929',\n\ttprime: '\\u2034',\n\tTRADE: '\\u2122',\n\ttrade: '\\u2122',\n\ttriangle: '\\u25B5',\n\ttriangledown: '\\u25BF',\n\ttriangleleft: '\\u25C3',\n\ttrianglelefteq: '\\u22B4',\n\ttriangleq: '\\u225C',\n\ttriangleright: '\\u25B9',\n\ttrianglerighteq: '\\u22B5',\n\ttridot: '\\u25EC',\n\ttrie: '\\u225C',\n\ttriminus: '\\u2A3A',\n\tTripleDot: '\\u20DB',\n\ttriplus: '\\u2A39',\n\ttrisb: '\\u29CD',\n\ttritime: '\\u2A3B',\n\ttrpezium: '\\u23E2',\n\tTscr: '\\uD835\\uDCAF',\n\ttscr: '\\uD835\\uDCC9',\n\tTScy: '\\u0426',\n\ttscy: '\\u0446',\n\tTSHcy: '\\u040B',\n\ttshcy: '\\u045B',\n\tTstrok: '\\u0166',\n\ttstrok: '\\u0167',\n\ttwixt: '\\u226C',\n\ttwoheadleftarrow: '\\u219E',\n\ttwoheadrightarrow: '\\u21A0',\n\tUacute: '\\u00DA',\n\tuacute: '\\u00FA',\n\tUarr: '\\u219F',\n\tuArr: '\\u21D1',\n\tuarr: '\\u2191',\n\tUarrocir: '\\u2949',\n\tUbrcy: '\\u040E',\n\tubrcy: '\\u045E',\n\tUbreve: '\\u016C',\n\tubreve: '\\u016D',\n\tUcirc: '\\u00DB',\n\tucirc: '\\u00FB',\n\tUcy: '\\u0423',\n\tucy: '\\u0443',\n\tudarr: '\\u21C5',\n\tUdblac: '\\u0170',\n\tudblac: '\\u0171',\n\tudhar: '\\u296E',\n\tufisht: '\\u297E',\n\tUfr: '\\uD835\\uDD18',\n\tufr: '\\uD835\\uDD32',\n\tUgrave: '\\u00D9',\n\tugrave: '\\u00F9',\n\tuHar: '\\u2963',\n\tuharl: '\\u21BF',\n\tuharr: '\\u21BE',\n\tuhblk: '\\u2580',\n\tulcorn: '\\u231C',\n\tulcorner: '\\u231C',\n\tulcrop: '\\u230F',\n\tultri: '\\u25F8',\n\tUmacr: '\\u016A',\n\tumacr: '\\u016B',\n\tuml: '\\u00A8',\n\tUnderBar: '\\u005F',\n\tUnderBrace: '\\u23DF',\n\tUnderBracket: '\\u23B5',\n\tUnderParenthesis: '\\u23DD',\n\tUnion: '\\u22C3',\n\tUnionPlus: '\\u228E',\n\tUogon: '\\u0172',\n\tuogon: '\\u0173',\n\tUopf: '\\uD835\\uDD4C',\n\tuopf: '\\uD835\\uDD66',\n\tUpArrow: '\\u2191',\n\tUparrow: '\\u21D1',\n\tuparrow: '\\u2191',\n\tUpArrowBar: '\\u2912',\n\tUpArrowDownArrow: '\\u21C5',\n\tUpDownArrow: '\\u2195',\n\tUpdownarrow: '\\u21D5',\n\tupdownarrow: '\\u2195',\n\tUpEquilibrium: '\\u296E',\n\tupharpoonleft: '\\u21BF',\n\tupharpoonright: '\\u21BE',\n\tuplus: '\\u228E',\n\tUpperLeftArrow: '\\u2196',\n\tUpperRightArrow: '\\u2197',\n\tUpsi: '\\u03D2',\n\tupsi: '\\u03C5',\n\tupsih: '\\u03D2',\n\tUpsilon: '\\u03A5',\n\tupsilon: '\\u03C5',\n\tUpTee: '\\u22A5',\n\tUpTeeArrow: '\\u21A5',\n\tupuparrows: '\\u21C8',\n\turcorn: '\\u231D',\n\turcorner: '\\u231D',\n\turcrop: '\\u230E',\n\tUring: '\\u016E',\n\turing: '\\u016F',\n\turtri: '\\u25F9',\n\tUscr: '\\uD835\\uDCB0',\n\tuscr: '\\uD835\\uDCCA',\n\tutdot: '\\u22F0',\n\tUtilde: '\\u0168',\n\tutilde: '\\u0169',\n\tutri: '\\u25B5',\n\tutrif: '\\u25B4',\n\tuuarr: '\\u21C8',\n\tUuml: '\\u00DC',\n\tuuml: '\\u00FC',\n\tuwangle: '\\u29A7',\n\tvangrt: '\\u299C',\n\tvarepsilon: '\\u03F5',\n\tvarkappa: '\\u03F0',\n\tvarnothing: '\\u2205',\n\tvarphi: '\\u03D5',\n\tvarpi: '\\u03D6',\n\tvarpropto: '\\u221D',\n\tvArr: '\\u21D5',\n\tvarr: '\\u2195',\n\tvarrho: '\\u03F1',\n\tvarsigma: '\\u03C2',\n\tvarsubsetneq: '\\u228A\\uFE00',\n\tvarsubsetneqq: '\\u2ACB\\uFE00',\n\tvarsupsetneq: '\\u228B\\uFE00',\n\tvarsupsetneqq: '\\u2ACC\\uFE00',\n\tvartheta: '\\u03D1',\n\tvartriangleleft: '\\u22B2',\n\tvartriangleright: '\\u22B3',\n\tVbar: '\\u2AEB',\n\tvBar: '\\u2AE8',\n\tvBarv: '\\u2AE9',\n\tVcy: '\\u0412',\n\tvcy: '\\u0432',\n\tVDash: '\\u22AB',\n\tVdash: '\\u22A9',\n\tvDash: '\\u22A8',\n\tvdash: '\\u22A2',\n\tVdashl: '\\u2AE6',\n\tVee: '\\u22C1',\n\tvee: '\\u2228',\n\tveebar: '\\u22BB',\n\tveeeq: '\\u225A',\n\tvellip: '\\u22EE',\n\tVerbar: '\\u2016',\n\tverbar: '\\u007C',\n\tVert: '\\u2016',\n\tvert: '\\u007C',\n\tVerticalBar: '\\u2223',\n\tVerticalLine: '\\u007C',\n\tVerticalSeparator: '\\u2758',\n\tVerticalTilde: '\\u2240',\n\tVeryThinSpace: '\\u200A',\n\tVfr: '\\uD835\\uDD19',\n\tvfr: '\\uD835\\uDD33',\n\tvltri: '\\u22B2',\n\tvnsub: '\\u2282\\u20D2',\n\tvnsup: '\\u2283\\u20D2',\n\tVopf: '\\uD835\\uDD4D',\n\tvopf: '\\uD835\\uDD67',\n\tvprop: '\\u221D',\n\tvrtri: '\\u22B3',\n\tVscr: '\\uD835\\uDCB1',\n\tvscr: '\\uD835\\uDCCB',\n\tvsubnE: '\\u2ACB\\uFE00',\n\tvsubne: '\\u228A\\uFE00',\n\tvsupnE: '\\u2ACC\\uFE00',\n\tvsupne: '\\u228B\\uFE00',\n\tVvdash: '\\u22AA',\n\tvzigzag: '\\u299A',\n\tWcirc: '\\u0174',\n\twcirc: '\\u0175',\n\twedbar: '\\u2A5F',\n\tWedge: '\\u22C0',\n\twedge: '\\u2227',\n\twedgeq: '\\u2259',\n\tweierp: '\\u2118',\n\tWfr: '\\uD835\\uDD1A',\n\twfr: '\\uD835\\uDD34',\n\tWopf: '\\uD835\\uDD4E',\n\twopf: '\\uD835\\uDD68',\n\twp: '\\u2118',\n\twr: '\\u2240',\n\twreath: '\\u2240',\n\tWscr: '\\uD835\\uDCB2',\n\twscr: '\\uD835\\uDCCC',\n\txcap: '\\u22C2',\n\txcirc: '\\u25EF',\n\txcup: '\\u22C3',\n\txdtri: '\\u25BD',\n\tXfr: '\\uD835\\uDD1B',\n\txfr: '\\uD835\\uDD35',\n\txhArr: '\\u27FA',\n\txharr: '\\u27F7',\n\tXi: '\\u039E',\n\txi: '\\u03BE',\n\txlArr: '\\u27F8',\n\txlarr: '\\u27F5',\n\txmap: '\\u27FC',\n\txnis: '\\u22FB',\n\txodot: '\\u2A00',\n\tXopf: '\\uD835\\uDD4F',\n\txopf: '\\uD835\\uDD69',\n\txoplus: '\\u2A01',\n\txotime: '\\u2A02',\n\txrArr: '\\u27F9',\n\txrarr: '\\u27F6',\n\tXscr: '\\uD835\\uDCB3',\n\txscr: '\\uD835\\uDCCD',\n\txsqcup: '\\u2A06',\n\txuplus: '\\u2A04',\n\txutri: '\\u25B3',\n\txvee: '\\u22C1',\n\txwedge: '\\u22C0',\n\tYacute: '\\u00DD',\n\tyacute: '\\u00FD',\n\tYAcy: '\\u042F',\n\tyacy: '\\u044F',\n\tYcirc: '\\u0176',\n\tycirc: '\\u0177',\n\tYcy: '\\u042B',\n\tycy: '\\u044B',\n\tyen: '\\u00A5',\n\tYfr: '\\uD835\\uDD1C',\n\tyfr: '\\uD835\\uDD36',\n\tYIcy: '\\u0407',\n\tyicy: '\\u0457',\n\tYopf: '\\uD835\\uDD50',\n\tyopf: '\\uD835\\uDD6A',\n\tYscr: '\\uD835\\uDCB4',\n\tyscr: '\\uD835\\uDCCE',\n\tYUcy: '\\u042E',\n\tyucy: '\\u044E',\n\tYuml: '\\u0178',\n\tyuml: '\\u00FF',\n\tZacute: '\\u0179',\n\tzacute: '\\u017A',\n\tZcaron: '\\u017D',\n\tzcaron: '\\u017E',\n\tZcy: '\\u0417',\n\tzcy: '\\u0437',\n\tZdot: '\\u017B',\n\tzdot: '\\u017C',\n\tzeetrf: '\\u2128',\n\tZeroWidthSpace: '\\u200B',\n\tZeta: '\\u0396',\n\tzeta: '\\u03B6',\n\tZfr: '\\u2128',\n\tzfr: '\\uD835\\uDD37',\n\tZHcy: '\\u0416',\n\tzhcy: '\\u0436',\n\tzigrarr: '\\u21DD',\n\tZopf: '\\u2124',\n\tzopf: '\\uD835\\uDD6B',\n\tZscr: '\\uD835\\uDCB5',\n\tzscr: '\\uD835\\uDCCF',\n\tzwj: '\\u200D',\n\tzwnj: '\\u200C',\n});\n\n/**\n * @deprecated use `HTML_ENTITIES` instead\n * @see HTML_ENTITIES\n */\nexports.entityMap = exports.HTML_ENTITIES;\n","var dom = require('./dom')\nexports.DOMImplementation = dom.DOMImplementation\nexports.XMLSerializer = dom.XMLSerializer\nexports.DOMParser = require('./dom-parser').DOMParser\n","var NAMESPACE = require(\"./conventions\").NAMESPACE;\n\n//[4]   \tNameStartChar\t   ::=   \t\":\" | [A-Z] | \"_\" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]\n//[4a]   \tNameChar\t   ::=   \tNameStartChar | \"-\" | \".\" | [0-9] | #xB7 | [#x0300-#x036F] | [#x203F-#x2040]\n//[5]   \tName\t   ::=   \tNameStartChar (NameChar)*\nvar nameStartChar = /[A-Z_a-z\\xC0-\\xD6\\xD8-\\xF6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD]///\\u10000-\\uEFFFF\nvar nameChar = new RegExp(\"[\\\\-\\\\.0-9\"+nameStartChar.source.slice(1,-1)+\"\\\\u00B7\\\\u0300-\\\\u036F\\\\u203F-\\\\u2040]\");\nvar tagNamePattern = new RegExp('^'+nameStartChar.source+nameChar.source+'*(?:\\:'+nameStartChar.source+nameChar.source+'*)?$');\n//var tagNamePattern = /^[a-zA-Z_][\\w\\-\\.]*(?:\\:[a-zA-Z_][\\w\\-\\.]*)?$/\n//var handlers = 'resolveEntity,getExternalSubset,characters,endDocument,endElement,endPrefixMapping,ignorableWhitespace,processingInstruction,setDocumentLocator,skippedEntity,startDocument,startElement,startPrefixMapping,notationDecl,unparsedEntityDecl,error,fatalError,warning,attributeDecl,elementDecl,externalEntityDecl,internalEntityDecl,comment,endCDATA,endDTD,endEntity,startCDATA,startDTD,startEntity'.split(',')\n\n//S_TAG,\tS_ATTR,\tS_EQ,\tS_ATTR_NOQUOT_VALUE\n//S_ATTR_SPACE,\tS_ATTR_END,\tS_TAG_SPACE, S_TAG_CLOSE\nvar S_TAG = 0;//tag name offerring\nvar S_ATTR = 1;//attr name offerring\nvar S_ATTR_SPACE=2;//attr name end and space offer\nvar S_EQ = 3;//=space?\nvar S_ATTR_NOQUOT_VALUE = 4;//attr value(no quot value only)\nvar S_ATTR_END = 5;//attr value end and no space(quot end)\nvar S_TAG_SPACE = 6;//(attr value end || tag end ) && (space offer)\nvar S_TAG_CLOSE = 7;//closed el<el />\n\n/**\n * Creates an error that will not be caught by XMLReader aka the SAX parser.\n *\n * @param {string} message\n * @param {any?} locator Optional, can provide details about the location in the source\n * @constructor\n */\nfunction ParseError(message, locator) {\n\tthis.message = message\n\tthis.locator = locator\n\tif(Error.captureStackTrace) Error.captureStackTrace(this, ParseError);\n}\nParseError.prototype = new Error();\nParseError.prototype.name = ParseError.name\n\nfunction XMLReader(){\n\n}\n\nXMLReader.prototype = {\n\tparse:function(source,defaultNSMap,entityMap){\n\t\tvar domBuilder = this.domBuilder;\n\t\tdomBuilder.startDocument();\n\t\t_copy(defaultNSMap ,defaultNSMap = {})\n\t\tparse(source,defaultNSMap,entityMap,\n\t\t\t\tdomBuilder,this.errorHandler);\n\t\tdomBuilder.endDocument();\n\t}\n}\nfunction parse(source,defaultNSMapCopy,entityMap,domBuilder,errorHandler){\n\tfunction fixedFromCharCode(code) {\n\t\t// String.prototype.fromCharCode does not supports\n\t\t// > 2 bytes unicode chars directly\n\t\tif (code > 0xffff) {\n\t\t\tcode -= 0x10000;\n\t\t\tvar surrogate1 = 0xd800 + (code >> 10)\n\t\t\t\t, surrogate2 = 0xdc00 + (code & 0x3ff);\n\n\t\t\treturn String.fromCharCode(surrogate1, surrogate2);\n\t\t} else {\n\t\t\treturn String.fromCharCode(code);\n\t\t}\n\t}\n\tfunction entityReplacer(a){\n\t\tvar k = a.slice(1,-1);\n\t\tif (Object.hasOwnProperty.call(entityMap, k)) {\n\t\t\treturn entityMap[k];\n\t\t}else if(k.charAt(0) === '#'){\n\t\t\treturn fixedFromCharCode(parseInt(k.substr(1).replace('x','0x')))\n\t\t}else{\n\t\t\terrorHandler.error('entity not found:'+a);\n\t\t\treturn a;\n\t\t}\n\t}\n\tfunction appendText(end){//has some bugs\n\t\tif(end>start){\n\t\t\tvar xt = source.substring(start,end).replace(/&#?\\w+;/g,entityReplacer);\n\t\t\tlocator&&position(start);\n\t\t\tdomBuilder.characters(xt,0,end-start);\n\t\t\tstart = end\n\t\t}\n\t}\n\tfunction position(p,m){\n\t\twhile(p>=lineEnd && (m = linePattern.exec(source))){\n\t\t\tlineStart = m.index;\n\t\t\tlineEnd = lineStart + m[0].length;\n\t\t\tlocator.lineNumber++;\n\t\t\t//console.log('line++:',locator,startPos,endPos)\n\t\t}\n\t\tlocator.columnNumber = p-lineStart+1;\n\t}\n\tvar lineStart = 0;\n\tvar lineEnd = 0;\n\tvar linePattern = /.*(?:\\r\\n?|\\n)|.*$/g\n\tvar locator = domBuilder.locator;\n\n\tvar parseStack = [{currentNSMap:defaultNSMapCopy}]\n\tvar closeMap = {};\n\tvar start = 0;\n\twhile(true){\n\t\ttry{\n\t\t\tvar tagStart = source.indexOf('<',start);\n\t\t\tif(tagStart<0){\n\t\t\t\tif(!source.substr(start).match(/^\\s*$/)){\n\t\t\t\t\tvar doc = domBuilder.doc;\n\t    \t\t\tvar text = doc.createTextNode(source.substr(start));\n\t    \t\t\tdoc.appendChild(text);\n\t    \t\t\tdomBuilder.currentElement = text;\n\t\t\t\t}\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tif(tagStart>start){\n\t\t\t\tappendText(tagStart);\n\t\t\t}\n\t\t\tswitch(source.charAt(tagStart+1)){\n\t\t\tcase '/':\n\t\t\t\tvar end = source.indexOf('>',tagStart+3);\n\t\t\t\tvar tagName = source.substring(tagStart + 2, end).replace(/[ \\t\\n\\r]+$/g, '');\n\t\t\t\tvar config = parseStack.pop();\n\t\t\t\tif(end<0){\n\n\t        \t\ttagName = source.substring(tagStart+2).replace(/[\\s<].*/,'');\n\t        \t\terrorHandler.error(\"end tag name: \"+tagName+' is not complete:'+config.tagName);\n\t        \t\tend = tagStart+1+tagName.length;\n\t        \t}else if(tagName.match(/\\s</)){\n\t        \t\ttagName = tagName.replace(/[\\s<].*/,'');\n\t        \t\terrorHandler.error(\"end tag name: \"+tagName+' maybe not complete');\n\t        \t\tend = tagStart+1+tagName.length;\n\t\t\t\t}\n\t\t\t\tvar localNSMap = config.localNSMap;\n\t\t\t\tvar endMatch = config.tagName == tagName;\n\t\t\t\tvar endIgnoreCaseMach = endMatch || config.tagName&&config.tagName.toLowerCase() == tagName.toLowerCase()\n\t\t        if(endIgnoreCaseMach){\n\t\t        \tdomBuilder.endElement(config.uri,config.localName,tagName);\n\t\t\t\t\tif(localNSMap){\n\t\t\t\t\t\tfor (var prefix in localNSMap) {\n\t\t\t\t\t\t\tif (Object.prototype.hasOwnProperty.call(localNSMap, prefix)) {\n\t\t\t\t\t\t\t\tdomBuilder.endPrefixMapping(prefix);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif(!endMatch){\n\t\t            \terrorHandler.fatalError(\"end tag name: \"+tagName+' is not match the current start tagName:'+config.tagName ); // No known test case\n\t\t\t\t\t}\n\t\t        }else{\n\t\t        \tparseStack.push(config)\n\t\t        }\n\n\t\t\t\tend++;\n\t\t\t\tbreak;\n\t\t\t\t// end elment\n\t\t\tcase '?':// <?...?>\n\t\t\t\tlocator&&position(tagStart);\n\t\t\t\tend = parseInstruction(source,tagStart,domBuilder);\n\t\t\t\tbreak;\n\t\t\tcase '!':// <!doctype,<![CDATA,<!--\n\t\t\t\tlocator&&position(tagStart);\n\t\t\t\tend = parseDCC(source,tagStart,domBuilder,errorHandler);\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\tlocator&&position(tagStart);\n\t\t\t\tvar el = new ElementAttributes();\n\t\t\t\tvar currentNSMap = parseStack[parseStack.length-1].currentNSMap;\n\t\t\t\t//elStartEnd\n\t\t\t\tvar end = parseElementStartPart(source,tagStart,el,currentNSMap,entityReplacer,errorHandler);\n\t\t\t\tvar len = el.length;\n\n\n\t\t\t\tif(!el.closed && fixSelfClosed(source,end,el.tagName,closeMap)){\n\t\t\t\t\tel.closed = true;\n\t\t\t\t\tif(!entityMap.nbsp){\n\t\t\t\t\t\terrorHandler.warning('unclosed xml attribute');\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif(locator && len){\n\t\t\t\t\tvar locator2 = copyLocator(locator,{});\n\t\t\t\t\t//try{//attribute position fixed\n\t\t\t\t\tfor(var i = 0;i<len;i++){\n\t\t\t\t\t\tvar a = el[i];\n\t\t\t\t\t\tposition(a.offset);\n\t\t\t\t\t\ta.locator = copyLocator(locator,{});\n\t\t\t\t\t}\n\t\t\t\t\tdomBuilder.locator = locator2\n\t\t\t\t\tif(appendElement(el,domBuilder,currentNSMap)){\n\t\t\t\t\t\tparseStack.push(el)\n\t\t\t\t\t}\n\t\t\t\t\tdomBuilder.locator = locator;\n\t\t\t\t}else{\n\t\t\t\t\tif(appendElement(el,domBuilder,currentNSMap)){\n\t\t\t\t\t\tparseStack.push(el)\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (NAMESPACE.isHTML(el.uri) && !el.closed) {\n\t\t\t\t\tend = parseHtmlSpecialContent(source,end,el.tagName,entityReplacer,domBuilder)\n\t\t\t\t} else {\n\t\t\t\t\tend++;\n\t\t\t\t}\n\t\t\t}\n\t\t}catch(e){\n\t\t\tif (e instanceof ParseError) {\n\t\t\t\tthrow e;\n\t\t\t}\n\t\t\terrorHandler.error('element parse error: '+e)\n\t\t\tend = -1;\n\t\t}\n\t\tif(end>start){\n\t\t\tstart = end;\n\t\t}else{\n\t\t\t//TODO: 这里有可能sax回退，有位置错误风险\n\t\t\tappendText(Math.max(tagStart,start)+1);\n\t\t}\n\t}\n}\nfunction copyLocator(f,t){\n\tt.lineNumber = f.lineNumber;\n\tt.columnNumber = f.columnNumber;\n\treturn t;\n}\n\n/**\n * @see #appendElement(source,elStartEnd,el,selfClosed,entityReplacer,domBuilder,parseStack);\n * @return end of the elementStartPart(end of elementEndPart for selfClosed el)\n */\nfunction parseElementStartPart(source,start,el,currentNSMap,entityReplacer,errorHandler){\n\n\t/**\n\t * @param {string} qname\n\t * @param {string} value\n\t * @param {number} startIndex\n\t */\n\tfunction addAttribute(qname, value, startIndex) {\n\t\tif (el.attributeNames.hasOwnProperty(qname)) {\n\t\t\terrorHandler.fatalError('Attribute ' + qname + ' redefined')\n\t\t}\n\t\tel.addValue(\n\t\t\tqname,\n\t\t\t// @see https://www.w3.org/TR/xml/#AVNormalize\n\t\t\t// since the xmldom sax parser does not \"interpret\" DTD the following is not implemented:\n\t\t\t// - recursive replacement of (DTD) entity references\n\t\t\t// - trimming and collapsing multiple spaces into a single one for attributes that are not of type CDATA\n\t\t\tvalue.replace(/[\\t\\n\\r]/g, ' ').replace(/&#?\\w+;/g, entityReplacer),\n\t\t\tstartIndex\n\t\t)\n\t}\n\tvar attrName;\n\tvar value;\n\tvar p = ++start;\n\tvar s = S_TAG;//status\n\twhile(true){\n\t\tvar c = source.charAt(p);\n\t\tswitch(c){\n\t\tcase '=':\n\t\t\tif(s === S_ATTR){//attrName\n\t\t\t\tattrName = source.slice(start,p);\n\t\t\t\ts = S_EQ;\n\t\t\t}else if(s === S_ATTR_SPACE){\n\t\t\t\ts = S_EQ;\n\t\t\t}else{\n\t\t\t\t//fatalError: equal must after attrName or space after attrName\n\t\t\t\tthrow new Error('attribute equal must after attrName'); // No known test case\n\t\t\t}\n\t\t\tbreak;\n\t\tcase '\\'':\n\t\tcase '\"':\n\t\t\tif(s === S_EQ || s === S_ATTR //|| s == S_ATTR_SPACE\n\t\t\t\t){//equal\n\t\t\t\tif(s === S_ATTR){\n\t\t\t\t\terrorHandler.warning('attribute value must after \"=\"')\n\t\t\t\t\tattrName = source.slice(start,p)\n\t\t\t\t}\n\t\t\t\tstart = p+1;\n\t\t\t\tp = source.indexOf(c,start)\n\t\t\t\tif(p>0){\n\t\t\t\t\tvalue = source.slice(start, p);\n\t\t\t\t\taddAttribute(attrName, value, start-1);\n\t\t\t\t\ts = S_ATTR_END;\n\t\t\t\t}else{\n\t\t\t\t\t//fatalError: no end quot match\n\t\t\t\t\tthrow new Error('attribute value no end \\''+c+'\\' match');\n\t\t\t\t}\n\t\t\t}else if(s == S_ATTR_NOQUOT_VALUE){\n\t\t\t\tvalue = source.slice(start, p);\n\t\t\t\taddAttribute(attrName, value, start);\n\t\t\t\terrorHandler.warning('attribute \"'+attrName+'\" missed start quot('+c+')!!');\n\t\t\t\tstart = p+1;\n\t\t\t\ts = S_ATTR_END\n\t\t\t}else{\n\t\t\t\t//fatalError: no equal before\n\t\t\t\tthrow new Error('attribute value must after \"=\"'); // No known test case\n\t\t\t}\n\t\t\tbreak;\n\t\tcase '/':\n\t\t\tswitch(s){\n\t\t\tcase S_TAG:\n\t\t\t\tel.setTagName(source.slice(start,p));\n\t\t\tcase S_ATTR_END:\n\t\t\tcase S_TAG_SPACE:\n\t\t\tcase S_TAG_CLOSE:\n\t\t\t\ts =S_TAG_CLOSE;\n\t\t\t\tel.closed = true;\n\t\t\tcase S_ATTR_NOQUOT_VALUE:\n\t\t\tcase S_ATTR:\n\t\t\t\tbreak;\n\t\t\t\tcase S_ATTR_SPACE:\n\t\t\t\t\tel.closed = true;\n\t\t\t\tbreak;\n\t\t\t//case S_EQ:\n\t\t\tdefault:\n\t\t\t\tthrow new Error(\"attribute invalid close char('/')\") // No known test case\n\t\t\t}\n\t\t\tbreak;\n\t\tcase ''://end document\n\t\t\terrorHandler.error('unexpected end of input');\n\t\t\tif(s == S_TAG){\n\t\t\t\tel.setTagName(source.slice(start,p));\n\t\t\t}\n\t\t\treturn p;\n\t\tcase '>':\n\t\t\tswitch(s){\n\t\t\tcase S_TAG:\n\t\t\t\tel.setTagName(source.slice(start,p));\n\t\t\tcase S_ATTR_END:\n\t\t\tcase S_TAG_SPACE:\n\t\t\tcase S_TAG_CLOSE:\n\t\t\t\tbreak;//normal\n\t\t\tcase S_ATTR_NOQUOT_VALUE://Compatible state\n\t\t\tcase S_ATTR:\n\t\t\t\tvalue = source.slice(start,p);\n\t\t\t\tif(value.slice(-1) === '/'){\n\t\t\t\t\tel.closed  = true;\n\t\t\t\t\tvalue = value.slice(0,-1)\n\t\t\t\t}\n\t\t\tcase S_ATTR_SPACE:\n\t\t\t\tif(s === S_ATTR_SPACE){\n\t\t\t\t\tvalue = attrName;\n\t\t\t\t}\n\t\t\t\tif(s == S_ATTR_NOQUOT_VALUE){\n\t\t\t\t\terrorHandler.warning('attribute \"'+value+'\" missed quot(\")!');\n\t\t\t\t\taddAttribute(attrName, value, start)\n\t\t\t\t}else{\n\t\t\t\t\tif(!NAMESPACE.isHTML(currentNSMap['']) || !value.match(/^(?:disabled|checked|selected)$/i)){\n\t\t\t\t\t\terrorHandler.warning('attribute \"'+value+'\" missed value!! \"'+value+'\" instead!!')\n\t\t\t\t\t}\n\t\t\t\t\taddAttribute(value, value, start)\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase S_EQ:\n\t\t\t\tthrow new Error('attribute value missed!!');\n\t\t\t}\n//\t\t\tconsole.log(tagName,tagNamePattern,tagNamePattern.test(tagName))\n\t\t\treturn p;\n\t\t/*xml space '\\x20' | #x9 | #xD | #xA; */\n\t\tcase '\\u0080':\n\t\t\tc = ' ';\n\t\tdefault:\n\t\t\tif(c<= ' '){//space\n\t\t\t\tswitch(s){\n\t\t\t\tcase S_TAG:\n\t\t\t\t\tel.setTagName(source.slice(start,p));//tagName\n\t\t\t\t\ts = S_TAG_SPACE;\n\t\t\t\t\tbreak;\n\t\t\t\tcase S_ATTR:\n\t\t\t\t\tattrName = source.slice(start,p)\n\t\t\t\t\ts = S_ATTR_SPACE;\n\t\t\t\t\tbreak;\n\t\t\t\tcase S_ATTR_NOQUOT_VALUE:\n\t\t\t\t\tvar value = source.slice(start, p);\n\t\t\t\t\terrorHandler.warning('attribute \"'+value+'\" missed quot(\")!!');\n\t\t\t\t\taddAttribute(attrName, value, start)\n\t\t\t\tcase S_ATTR_END:\n\t\t\t\t\ts = S_TAG_SPACE;\n\t\t\t\t\tbreak;\n\t\t\t\t//case S_TAG_SPACE:\n\t\t\t\t//case S_EQ:\n\t\t\t\t//case S_ATTR_SPACE:\n\t\t\t\t//\tvoid();break;\n\t\t\t\t//case S_TAG_CLOSE:\n\t\t\t\t\t//ignore warning\n\t\t\t\t}\n\t\t\t}else{//not space\n//S_TAG,\tS_ATTR,\tS_EQ,\tS_ATTR_NOQUOT_VALUE\n//S_ATTR_SPACE,\tS_ATTR_END,\tS_TAG_SPACE, S_TAG_CLOSE\n\t\t\t\tswitch(s){\n\t\t\t\t//case S_TAG:void();break;\n\t\t\t\t//case S_ATTR:void();break;\n\t\t\t\t//case S_ATTR_NOQUOT_VALUE:void();break;\n\t\t\t\tcase S_ATTR_SPACE:\n\t\t\t\t\tvar tagName =  el.tagName;\n\t\t\t\t\tif (!NAMESPACE.isHTML(currentNSMap['']) || !attrName.match(/^(?:disabled|checked|selected)$/i)) {\n\t\t\t\t\t\terrorHandler.warning('attribute \"'+attrName+'\" missed value!! \"'+attrName+'\" instead2!!')\n\t\t\t\t\t}\n\t\t\t\t\taddAttribute(attrName, attrName, start);\n\t\t\t\t\tstart = p;\n\t\t\t\t\ts = S_ATTR;\n\t\t\t\t\tbreak;\n\t\t\t\tcase S_ATTR_END:\n\t\t\t\t\terrorHandler.warning('attribute space is required\"'+attrName+'\"!!')\n\t\t\t\tcase S_TAG_SPACE:\n\t\t\t\t\ts = S_ATTR;\n\t\t\t\t\tstart = p;\n\t\t\t\t\tbreak;\n\t\t\t\tcase S_EQ:\n\t\t\t\t\ts = S_ATTR_NOQUOT_VALUE;\n\t\t\t\t\tstart = p;\n\t\t\t\t\tbreak;\n\t\t\t\tcase S_TAG_CLOSE:\n\t\t\t\t\tthrow new Error(\"elements closed character '/' and '>' must be connected to\");\n\t\t\t\t}\n\t\t\t}\n\t\t}//end outer switch\n\t\t//console.log('p++',p)\n\t\tp++;\n\t}\n}\n/**\n * @return true if has new namespace define\n */\nfunction appendElement(el,domBuilder,currentNSMap){\n\tvar tagName = el.tagName;\n\tvar localNSMap = null;\n\t//var currentNSMap = parseStack[parseStack.length-1].currentNSMap;\n\tvar i = el.length;\n\twhile(i--){\n\t\tvar a = el[i];\n\t\tvar qName = a.qName;\n\t\tvar value = a.value;\n\t\tvar nsp = qName.indexOf(':');\n\t\tif(nsp>0){\n\t\t\tvar prefix = a.prefix = qName.slice(0,nsp);\n\t\t\tvar localName = qName.slice(nsp+1);\n\t\t\tvar nsPrefix = prefix === 'xmlns' && localName\n\t\t}else{\n\t\t\tlocalName = qName;\n\t\t\tprefix = null\n\t\t\tnsPrefix = qName === 'xmlns' && ''\n\t\t}\n\t\t//can not set prefix,because prefix !== ''\n\t\ta.localName = localName ;\n\t\t//prefix == null for no ns prefix attribute\n\t\tif(nsPrefix !== false){//hack!!\n\t\t\tif(localNSMap == null){\n\t\t\t\tlocalNSMap = {}\n\t\t\t\t//console.log(currentNSMap,0)\n\t\t\t\t_copy(currentNSMap,currentNSMap={})\n\t\t\t\t//console.log(currentNSMap,1)\n\t\t\t}\n\t\t\tcurrentNSMap[nsPrefix] = localNSMap[nsPrefix] = value;\n\t\t\ta.uri = NAMESPACE.XMLNS\n\t\t\tdomBuilder.startPrefixMapping(nsPrefix, value)\n\t\t}\n\t}\n\tvar i = el.length;\n\twhile(i--){\n\t\ta = el[i];\n\t\tvar prefix = a.prefix;\n\t\tif(prefix){//no prefix attribute has no namespace\n\t\t\tif(prefix === 'xml'){\n\t\t\t\ta.uri = NAMESPACE.XML;\n\t\t\t}if(prefix !== 'xmlns'){\n\t\t\t\ta.uri = currentNSMap[prefix || '']\n\n\t\t\t\t//{console.log('###'+a.qName,domBuilder.locator.systemId+'',currentNSMap,a.uri)}\n\t\t\t}\n\t\t}\n\t}\n\tvar nsp = tagName.indexOf(':');\n\tif(nsp>0){\n\t\tprefix = el.prefix = tagName.slice(0,nsp);\n\t\tlocalName = el.localName = tagName.slice(nsp+1);\n\t}else{\n\t\tprefix = null;//important!!\n\t\tlocalName = el.localName = tagName;\n\t}\n\t//no prefix element has default namespace\n\tvar ns = el.uri = currentNSMap[prefix || ''];\n\tdomBuilder.startElement(ns,localName,tagName,el);\n\t//endPrefixMapping and startPrefixMapping have not any help for dom builder\n\t//localNSMap = null\n\tif(el.closed){\n\t\tdomBuilder.endElement(ns,localName,tagName);\n\t\tif(localNSMap){\n\t\t\tfor (prefix in localNSMap) {\n\t\t\t\tif (Object.prototype.hasOwnProperty.call(localNSMap, prefix)) {\n\t\t\t\t\tdomBuilder.endPrefixMapping(prefix);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}else{\n\t\tel.currentNSMap = currentNSMap;\n\t\tel.localNSMap = localNSMap;\n\t\t//parseStack.push(el);\n\t\treturn true;\n\t}\n}\nfunction parseHtmlSpecialContent(source,elStartEnd,tagName,entityReplacer,domBuilder){\n\tif(/^(?:script|textarea)$/i.test(tagName)){\n\t\tvar elEndStart =  source.indexOf('</'+tagName+'>',elStartEnd);\n\t\tvar text = source.substring(elStartEnd+1,elEndStart);\n\t\tif(/[&<]/.test(text)){\n\t\t\tif(/^script$/i.test(tagName)){\n\t\t\t\t//if(!/\\]\\]>/.test(text)){\n\t\t\t\t\t//lexHandler.startCDATA();\n\t\t\t\t\tdomBuilder.characters(text,0,text.length);\n\t\t\t\t\t//lexHandler.endCDATA();\n\t\t\t\t\treturn elEndStart;\n\t\t\t\t//}\n\t\t\t}//}else{//text area\n\t\t\t\ttext = text.replace(/&#?\\w+;/g,entityReplacer);\n\t\t\t\tdomBuilder.characters(text,0,text.length);\n\t\t\t\treturn elEndStart;\n\t\t\t//}\n\n\t\t}\n\t}\n\treturn elStartEnd+1;\n}\nfunction fixSelfClosed(source,elStartEnd,tagName,closeMap){\n\t//if(tagName in closeMap){\n\tvar pos = closeMap[tagName];\n\tif(pos == null){\n\t\t//console.log(tagName)\n\t\tpos =  source.lastIndexOf('</'+tagName+'>')\n\t\tif(pos<elStartEnd){//忘记闭合\n\t\t\tpos = source.lastIndexOf('</'+tagName)\n\t\t}\n\t\tcloseMap[tagName] =pos\n\t}\n\treturn pos<elStartEnd;\n\t//}\n}\n\nfunction _copy (source, target) {\n\tfor (var n in source) {\n\t\tif (Object.prototype.hasOwnProperty.call(source, n)) {\n\t\t\ttarget[n] = source[n];\n\t\t}\n\t}\n}\n\nfunction parseDCC(source,start,domBuilder,errorHandler){//sure start with '<!'\n\tvar next= source.charAt(start+2)\n\tswitch(next){\n\tcase '-':\n\t\tif(source.charAt(start + 3) === '-'){\n\t\t\tvar end = source.indexOf('-->',start+4);\n\t\t\t//append comment source.substring(4,end)//<!--\n\t\t\tif(end>start){\n\t\t\t\tdomBuilder.comment(source,start+4,end-start-4);\n\t\t\t\treturn end+3;\n\t\t\t}else{\n\t\t\t\terrorHandler.error(\"Unclosed comment\");\n\t\t\t\treturn -1;\n\t\t\t}\n\t\t}else{\n\t\t\t//error\n\t\t\treturn -1;\n\t\t}\n\tdefault:\n\t\tif(source.substr(start+3,6) == 'CDATA['){\n\t\t\tvar end = source.indexOf(']]>',start+9);\n\t\t\tdomBuilder.startCDATA();\n\t\t\tdomBuilder.characters(source,start+9,end-start-9);\n\t\t\tdomBuilder.endCDATA()\n\t\t\treturn end+3;\n\t\t}\n\t\t//<!DOCTYPE\n\t\t//startDTD(java.lang.String name, java.lang.String publicId, java.lang.String systemId)\n\t\tvar matchs = split(source,start);\n\t\tvar len = matchs.length;\n\t\tif(len>1 && /!doctype/i.test(matchs[0][0])){\n\t\t\tvar name = matchs[1][0];\n\t\t\tvar pubid = false;\n\t\t\tvar sysid = false;\n\t\t\tif(len>3){\n\t\t\t\tif(/^public$/i.test(matchs[2][0])){\n\t\t\t\t\tpubid = matchs[3][0];\n\t\t\t\t\tsysid = len>4 && matchs[4][0];\n\t\t\t\t}else if(/^system$/i.test(matchs[2][0])){\n\t\t\t\t\tsysid = matchs[3][0];\n\t\t\t\t}\n\t\t\t}\n\t\t\tvar lastMatch = matchs[len-1]\n\t\t\tdomBuilder.startDTD(name, pubid, sysid);\n\t\t\tdomBuilder.endDTD();\n\n\t\t\treturn lastMatch.index+lastMatch[0].length\n\t\t}\n\t}\n\treturn -1;\n}\n\n\n\nfunction parseInstruction(source,start,domBuilder){\n\tvar end = source.indexOf('?>',start);\n\tif(end){\n\t\tvar match = source.substring(start,end).match(/^<\\?(\\S*)\\s*([\\s\\S]*?)\\s*$/);\n\t\tif(match){\n\t\t\tvar len = match[0].length;\n\t\t\tdomBuilder.processingInstruction(match[1], match[2]) ;\n\t\t\treturn end+2;\n\t\t}else{//error\n\t\t\treturn -1;\n\t\t}\n\t}\n\treturn -1;\n}\n\nfunction ElementAttributes(){\n\tthis.attributeNames = {}\n}\nElementAttributes.prototype = {\n\tsetTagName:function(tagName){\n\t\tif(!tagNamePattern.test(tagName)){\n\t\t\tthrow new Error('invalid tagName:'+tagName)\n\t\t}\n\t\tthis.tagName = tagName\n\t},\n\taddValue:function(qName, value, offset) {\n\t\tif(!tagNamePattern.test(qName)){\n\t\t\tthrow new Error('invalid attribute:'+qName)\n\t\t}\n\t\tthis.attributeNames[qName] = this.length;\n\t\tthis[this.length++] = {qName:qName,value:value,offset:offset}\n\t},\n\tlength:0,\n\tgetLocalName:function(i){return this[i].localName},\n\tgetLocator:function(i){return this[i].locator},\n\tgetQName:function(i){return this[i].qName},\n\tgetURI:function(i){return this[i].uri},\n\tgetValue:function(i){return this[i].value}\n//\t,getIndex:function(uri, localName)){\n//\t\tif(localName){\n//\n//\t\t}else{\n//\t\t\tvar qName = uri\n//\t\t}\n//\t},\n//\tgetValue:function(){return this.getValue(this.getIndex.apply(this,arguments))},\n//\tgetType:function(uri,localName){}\n//\tgetType:function(i){},\n}\n\n\n\nfunction split(source,start){\n\tvar match;\n\tvar buf = [];\n\tvar reg = /'[^']+'|\"[^\"]+\"|[^\\s<>\\/=]+=?|(\\/?\\s*>|<)/g;\n\treg.lastIndex = start;\n\treg.exec(source);//skip <\n\twhile(match = reg.exec(source)){\n\t\tbuf.push(match);\n\t\tif(match[1])return buf;\n\t}\n}\n\nexports.XMLReader = XMLReader;\nexports.ParseError = ParseError;\n","module.exports = require('./lib/tunnel');\n","'use strict';\n\nvar net = require('net');\nvar tls = require('tls');\nvar http = require('http');\nvar https = require('https');\nvar events = require('events');\nvar assert = require('assert');\nvar util = require('util');\n\n\nexports.httpOverHttp = httpOverHttp;\nexports.httpsOverHttp = httpsOverHttp;\nexports.httpOverHttps = httpOverHttps;\nexports.httpsOverHttps = httpsOverHttps;\n\n\nfunction httpOverHttp(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = http.request;\n  return agent;\n}\n\nfunction httpsOverHttp(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = http.request;\n  agent.createSocket = createSecureSocket;\n  agent.defaultPort = 443;\n  return agent;\n}\n\nfunction httpOverHttps(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = https.request;\n  return agent;\n}\n\nfunction httpsOverHttps(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = https.request;\n  agent.createSocket = createSecureSocket;\n  agent.defaultPort = 443;\n  return agent;\n}\n\n\nfunction TunnelingAgent(options) {\n  var self = this;\n  self.options = options || {};\n  self.proxyOptions = self.options.proxy || {};\n  self.maxSockets = self.options.maxSockets || http.Agent.defaultMaxSockets;\n  self.requests = [];\n  self.sockets = [];\n\n  self.on('free', function onFree(socket, host, port, localAddress) {\n    var options = toOptions(host, port, localAddress);\n    for (var i = 0, len = self.requests.length; i < len; ++i) {\n      var pending = self.requests[i];\n      if (pending.host === options.host && pending.port === options.port) {\n        // Detect the request to connect same origin server,\n        // reuse the connection.\n        self.requests.splice(i, 1);\n        pending.request.onSocket(socket);\n        return;\n      }\n    }\n    socket.destroy();\n    self.removeSocket(socket);\n  });\n}\nutil.inherits(TunnelingAgent, events.EventEmitter);\n\nTunnelingAgent.prototype.addRequest = function addRequest(req, host, port, localAddress) {\n  var self = this;\n  var options = mergeOptions({request: req}, self.options, toOptions(host, port, localAddress));\n\n  if (self.sockets.length >= this.maxSockets) {\n    // We are over limit so we'll add it to the queue.\n    self.requests.push(options);\n    return;\n  }\n\n  // If we are under maxSockets create a new one.\n  self.createSocket(options, function(socket) {\n    socket.on('free', onFree);\n    socket.on('close', onCloseOrRemove);\n    socket.on('agentRemove', onCloseOrRemove);\n    req.onSocket(socket);\n\n    function onFree() {\n      self.emit('free', socket, options);\n    }\n\n    function onCloseOrRemove(err) {\n      self.removeSocket(socket);\n      socket.removeListener('free', onFree);\n      socket.removeListener('close', onCloseOrRemove);\n      socket.removeListener('agentRemove', onCloseOrRemove);\n    }\n  });\n};\n\nTunnelingAgent.prototype.createSocket = function createSocket(options, cb) {\n  var self = this;\n  var placeholder = {};\n  self.sockets.push(placeholder);\n\n  var connectOptions = mergeOptions({}, self.proxyOptions, {\n    method: 'CONNECT',\n    path: options.host + ':' + options.port,\n    agent: false,\n    headers: {\n      host: options.host + ':' + options.port\n    }\n  });\n  if (options.localAddress) {\n    connectOptions.localAddress = options.localAddress;\n  }\n  if (connectOptions.proxyAuth) {\n    connectOptions.headers = connectOptions.headers || {};\n    connectOptions.headers['Proxy-Authorization'] = 'Basic ' +\n        new Buffer(connectOptions.proxyAuth).toString('base64');\n  }\n\n  debug('making CONNECT request');\n  var connectReq = self.request(connectOptions);\n  connectReq.useChunkedEncodingByDefault = false; // for v0.6\n  connectReq.once('response', onResponse); // for v0.6\n  connectReq.once('upgrade', onUpgrade);   // for v0.6\n  connectReq.once('connect', onConnect);   // for v0.7 or later\n  connectReq.once('error', onError);\n  connectReq.end();\n\n  function onResponse(res) {\n    // Very hacky. This is necessary to avoid http-parser leaks.\n    res.upgrade = true;\n  }\n\n  function onUpgrade(res, socket, head) {\n    // Hacky.\n    process.nextTick(function() {\n      onConnect(res, socket, head);\n    });\n  }\n\n  function onConnect(res, socket, head) {\n    connectReq.removeAllListeners();\n    socket.removeAllListeners();\n\n    if (res.statusCode !== 200) {\n      debug('tunneling socket could not be established, statusCode=%d',\n        res.statusCode);\n      socket.destroy();\n      var error = new Error('tunneling socket could not be established, ' +\n        'statusCode=' + res.statusCode);\n      error.code = 'ECONNRESET';\n      options.request.emit('error', error);\n      self.removeSocket(placeholder);\n      return;\n    }\n    if (head.length > 0) {\n      debug('got illegal response body from proxy');\n      socket.destroy();\n      var error = new Error('got illegal response body from proxy');\n      error.code = 'ECONNRESET';\n      options.request.emit('error', error);\n      self.removeSocket(placeholder);\n      return;\n    }\n    debug('tunneling connection has established');\n    self.sockets[self.sockets.indexOf(placeholder)] = socket;\n    return cb(socket);\n  }\n\n  function onError(cause) {\n    connectReq.removeAllListeners();\n\n    debug('tunneling socket could not be established, cause=%s\\n',\n          cause.message, cause.stack);\n    var error = new Error('tunneling socket could not be established, ' +\n                          'cause=' + cause.message);\n    error.code = 'ECONNRESET';\n    options.request.emit('error', error);\n    self.removeSocket(placeholder);\n  }\n};\n\nTunnelingAgent.prototype.removeSocket = function removeSocket(socket) {\n  var pos = this.sockets.indexOf(socket)\n  if (pos === -1) {\n    return;\n  }\n  this.sockets.splice(pos, 1);\n\n  var pending = this.requests.shift();\n  if (pending) {\n    // If we have pending requests and a socket gets closed a new one\n    // needs to be created to take over in the pool for the one that closed.\n    this.createSocket(pending, function(socket) {\n      pending.request.onSocket(socket);\n    });\n  }\n};\n\nfunction createSecureSocket(options, cb) {\n  var self = this;\n  TunnelingAgent.prototype.createSocket.call(self, options, function(socket) {\n    var hostHeader = options.request.getHeader('host');\n    var tlsOptions = mergeOptions({}, self.options, {\n      socket: socket,\n      servername: hostHeader ? hostHeader.replace(/:.*$/, '') : options.host\n    });\n\n    // 0 is dummy port for v0.6\n    var secureSocket = tls.connect(0, tlsOptions);\n    self.sockets[self.sockets.indexOf(socket)] = secureSocket;\n    cb(secureSocket);\n  });\n}\n\n\nfunction toOptions(host, port, localAddress) {\n  if (typeof host === 'string') { // since v0.10\n    return {\n      host: host,\n      port: port,\n      localAddress: localAddress\n    };\n  }\n  return host; // for v0.11 or later\n}\n\nfunction mergeOptions(target) {\n  for (var i = 1, len = arguments.length; i < len; ++i) {\n    var overrides = arguments[i];\n    if (typeof overrides === 'object') {\n      var keys = Object.keys(overrides);\n      for (var j = 0, keyLen = keys.length; j < keyLen; ++j) {\n        var k = keys[j];\n        if (overrides[k] !== undefined) {\n          target[k] = overrides[k];\n        }\n      }\n    }\n  }\n  return target;\n}\n\n\nvar debug;\nif (process.env.NODE_DEBUG && /\\btunnel\\b/.test(process.env.NODE_DEBUG)) {\n  debug = function() {\n    var args = Array.prototype.slice.call(arguments);\n    if (typeof args[0] === 'string') {\n      args[0] = 'TUNNEL: ' + args[0];\n    } else {\n      args.unshift('TUNNEL:');\n    }\n    console.error.apply(console, args);\n  }\n} else {\n  debug = function() {};\n}\nexports.debug = debug; // for test\n","'use strict'\n\nconst Client = require('./lib/client')\nconst Dispatcher = require('./lib/dispatcher')\nconst errors = require('./lib/core/errors')\nconst Pool = require('./lib/pool')\nconst BalancedPool = require('./lib/balanced-pool')\nconst Agent = require('./lib/agent')\nconst util = require('./lib/core/util')\nconst { InvalidArgumentError } = errors\nconst api = require('./lib/api')\nconst buildConnector = require('./lib/core/connect')\nconst MockClient = require('./lib/mock/mock-client')\nconst MockAgent = require('./lib/mock/mock-agent')\nconst MockPool = require('./lib/mock/mock-pool')\nconst mockErrors = require('./lib/mock/mock-errors')\nconst ProxyAgent = require('./lib/proxy-agent')\nconst RetryHandler = require('./lib/handler/RetryHandler')\nconst { getGlobalDispatcher, setGlobalDispatcher } = require('./lib/global')\nconst DecoratorHandler = require('./lib/handler/DecoratorHandler')\nconst RedirectHandler = require('./lib/handler/RedirectHandler')\nconst createRedirectInterceptor = require('./lib/interceptor/redirectInterceptor')\n\nlet hasCrypto\ntry {\n  require('crypto')\n  hasCrypto = true\n} catch {\n  hasCrypto = false\n}\n\nObject.assign(Dispatcher.prototype, api)\n\nmodule.exports.Dispatcher = Dispatcher\nmodule.exports.Client = Client\nmodule.exports.Pool = Pool\nmodule.exports.BalancedPool = BalancedPool\nmodule.exports.Agent = Agent\nmodule.exports.ProxyAgent = ProxyAgent\nmodule.exports.RetryHandler = RetryHandler\n\nmodule.exports.DecoratorHandler = DecoratorHandler\nmodule.exports.RedirectHandler = RedirectHandler\nmodule.exports.createRedirectInterceptor = createRedirectInterceptor\n\nmodule.exports.buildConnector = buildConnector\nmodule.exports.errors = errors\n\nfunction makeDispatcher (fn) {\n  return (url, opts, handler) => {\n    if (typeof opts === 'function') {\n      handler = opts\n      opts = null\n    }\n\n    if (!url || (typeof url !== 'string' && typeof url !== 'object' && !(url instanceof URL))) {\n      throw new InvalidArgumentError('invalid url')\n    }\n\n    if (opts != null && typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    if (opts && opts.path != null) {\n      if (typeof opts.path !== 'string') {\n        throw new InvalidArgumentError('invalid opts.path')\n      }\n\n      let path = opts.path\n      if (!opts.path.startsWith('/')) {\n        path = `/${path}`\n      }\n\n      url = new URL(util.parseOrigin(url).origin + path)\n    } else {\n      if (!opts) {\n        opts = typeof url === 'object' ? url : {}\n      }\n\n      url = util.parseURL(url)\n    }\n\n    const { agent, dispatcher = getGlobalDispatcher() } = opts\n\n    if (agent) {\n      throw new InvalidArgumentError('unsupported opts.agent. Did you mean opts.client?')\n    }\n\n    return fn.call(dispatcher, {\n      ...opts,\n      origin: url.origin,\n      path: url.search ? `${url.pathname}${url.search}` : url.pathname,\n      method: opts.method || (opts.body ? 'PUT' : 'GET')\n    }, handler)\n  }\n}\n\nmodule.exports.setGlobalDispatcher = setGlobalDispatcher\nmodule.exports.getGlobalDispatcher = getGlobalDispatcher\n\nif (util.nodeMajor > 16 || (util.nodeMajor === 16 && util.nodeMinor >= 8)) {\n  let fetchImpl = null\n  module.exports.fetch = async function fetch (resource) {\n    if (!fetchImpl) {\n      fetchImpl = require('./lib/fetch').fetch\n    }\n\n    try {\n      return await fetchImpl(...arguments)\n    } catch (err) {\n      if (typeof err === 'object') {\n        Error.captureStackTrace(err, this)\n      }\n\n      throw err\n    }\n  }\n  module.exports.Headers = require('./lib/fetch/headers').Headers\n  module.exports.Response = require('./lib/fetch/response').Response\n  module.exports.Request = require('./lib/fetch/request').Request\n  module.exports.FormData = require('./lib/fetch/formdata').FormData\n  module.exports.File = require('./lib/fetch/file').File\n  module.exports.FileReader = require('./lib/fileapi/filereader').FileReader\n\n  const { setGlobalOrigin, getGlobalOrigin } = require('./lib/fetch/global')\n\n  module.exports.setGlobalOrigin = setGlobalOrigin\n  module.exports.getGlobalOrigin = getGlobalOrigin\n\n  const { CacheStorage } = require('./lib/cache/cachestorage')\n  const { kConstruct } = require('./lib/cache/symbols')\n\n  // Cache & CacheStorage are tightly coupled with fetch. Even if it may run\n  // in an older version of Node, it doesn't have any use without fetch.\n  module.exports.caches = new CacheStorage(kConstruct)\n}\n\nif (util.nodeMajor >= 16) {\n  const { deleteCookie, getCookies, getSetCookies, setCookie } = require('./lib/cookies')\n\n  module.exports.deleteCookie = deleteCookie\n  module.exports.getCookies = getCookies\n  module.exports.getSetCookies = getSetCookies\n  module.exports.setCookie = setCookie\n\n  const { parseMIMEType, serializeAMimeType } = require('./lib/fetch/dataURL')\n\n  module.exports.parseMIMEType = parseMIMEType\n  module.exports.serializeAMimeType = serializeAMimeType\n}\n\nif (util.nodeMajor >= 18 && hasCrypto) {\n  const { WebSocket } = require('./lib/websocket/websocket')\n\n  module.exports.WebSocket = WebSocket\n}\n\nmodule.exports.request = makeDispatcher(api.request)\nmodule.exports.stream = makeDispatcher(api.stream)\nmodule.exports.pipeline = makeDispatcher(api.pipeline)\nmodule.exports.connect = makeDispatcher(api.connect)\nmodule.exports.upgrade = makeDispatcher(api.upgrade)\n\nmodule.exports.MockClient = MockClient\nmodule.exports.MockPool = MockPool\nmodule.exports.MockAgent = MockAgent\nmodule.exports.mockErrors = mockErrors\n","'use strict'\n\nconst { InvalidArgumentError } = require('./core/errors')\nconst { kClients, kRunning, kClose, kDestroy, kDispatch, kInterceptors } = require('./core/symbols')\nconst DispatcherBase = require('./dispatcher-base')\nconst Pool = require('./pool')\nconst Client = require('./client')\nconst util = require('./core/util')\nconst createRedirectInterceptor = require('./interceptor/redirectInterceptor')\nconst { WeakRef, FinalizationRegistry } = require('./compat/dispatcher-weakref')()\n\nconst kOnConnect = Symbol('onConnect')\nconst kOnDisconnect = Symbol('onDisconnect')\nconst kOnConnectionError = Symbol('onConnectionError')\nconst kMaxRedirections = Symbol('maxRedirections')\nconst kOnDrain = Symbol('onDrain')\nconst kFactory = Symbol('factory')\nconst kFinalizer = Symbol('finalizer')\nconst kOptions = Symbol('options')\n\nfunction defaultFactory (origin, opts) {\n  return opts && opts.connections === 1\n    ? new Client(origin, opts)\n    : new Pool(origin, opts)\n}\n\nclass Agent extends DispatcherBase {\n  constructor ({ factory = defaultFactory, maxRedirections = 0, connect, ...options } = {}) {\n    super()\n\n    if (typeof factory !== 'function') {\n      throw new InvalidArgumentError('factory must be a function.')\n    }\n\n    if (connect != null && typeof connect !== 'function' && typeof connect !== 'object') {\n      throw new InvalidArgumentError('connect must be a function or an object')\n    }\n\n    if (!Number.isInteger(maxRedirections) || maxRedirections < 0) {\n      throw new InvalidArgumentError('maxRedirections must be a positive number')\n    }\n\n    if (connect && typeof connect !== 'function') {\n      connect = { ...connect }\n    }\n\n    this[kInterceptors] = options.interceptors && options.interceptors.Agent && Array.isArray(options.interceptors.Agent)\n      ? options.interceptors.Agent\n      : [createRedirectInterceptor({ maxRedirections })]\n\n    this[kOptions] = { ...util.deepClone(options), connect }\n    this[kOptions].interceptors = options.interceptors\n      ? { ...options.interceptors }\n      : undefined\n    this[kMaxRedirections] = maxRedirections\n    this[kFactory] = factory\n    this[kClients] = new Map()\n    this[kFinalizer] = new FinalizationRegistry(/* istanbul ignore next: gc is undeterministic */ key => {\n      const ref = this[kClients].get(key)\n      if (ref !== undefined && ref.deref() === undefined) {\n        this[kClients].delete(key)\n      }\n    })\n\n    const agent = this\n\n    this[kOnDrain] = (origin, targets) => {\n      agent.emit('drain', origin, [agent, ...targets])\n    }\n\n    this[kOnConnect] = (origin, targets) => {\n      agent.emit('connect', origin, [agent, ...targets])\n    }\n\n    this[kOnDisconnect] = (origin, targets, err) => {\n      agent.emit('disconnect', origin, [agent, ...targets], err)\n    }\n\n    this[kOnConnectionError] = (origin, targets, err) => {\n      agent.emit('connectionError', origin, [agent, ...targets], err)\n    }\n  }\n\n  get [kRunning] () {\n    let ret = 0\n    for (const ref of this[kClients].values()) {\n      const client = ref.deref()\n      /* istanbul ignore next: gc is undeterministic */\n      if (client) {\n        ret += client[kRunning]\n      }\n    }\n    return ret\n  }\n\n  [kDispatch] (opts, handler) {\n    let key\n    if (opts.origin && (typeof opts.origin === 'string' || opts.origin instanceof URL)) {\n      key = String(opts.origin)\n    } else {\n      throw new InvalidArgumentError('opts.origin must be a non-empty string or URL.')\n    }\n\n    const ref = this[kClients].get(key)\n\n    let dispatcher = ref ? ref.deref() : null\n    if (!dispatcher) {\n      dispatcher = this[kFactory](opts.origin, this[kOptions])\n        .on('drain', this[kOnDrain])\n        .on('connect', this[kOnConnect])\n        .on('disconnect', this[kOnDisconnect])\n        .on('connectionError', this[kOnConnectionError])\n\n      this[kClients].set(key, new WeakRef(dispatcher))\n      this[kFinalizer].register(dispatcher, key)\n    }\n\n    return dispatcher.dispatch(opts, handler)\n  }\n\n  async [kClose] () {\n    const closePromises = []\n    for (const ref of this[kClients].values()) {\n      const client = ref.deref()\n      /* istanbul ignore else: gc is undeterministic */\n      if (client) {\n        closePromises.push(client.close())\n      }\n    }\n\n    await Promise.all(closePromises)\n  }\n\n  async [kDestroy] (err) {\n    const destroyPromises = []\n    for (const ref of this[kClients].values()) {\n      const client = ref.deref()\n      /* istanbul ignore else: gc is undeterministic */\n      if (client) {\n        destroyPromises.push(client.destroy(err))\n      }\n    }\n\n    await Promise.all(destroyPromises)\n  }\n}\n\nmodule.exports = Agent\n","const { addAbortListener } = require('../core/util')\nconst { RequestAbortedError } = require('../core/errors')\n\nconst kListener = Symbol('kListener')\nconst kSignal = Symbol('kSignal')\n\nfunction abort (self) {\n  if (self.abort) {\n    self.abort()\n  } else {\n    self.onError(new RequestAbortedError())\n  }\n}\n\nfunction addSignal (self, signal) {\n  self[kSignal] = null\n  self[kListener] = null\n\n  if (!signal) {\n    return\n  }\n\n  if (signal.aborted) {\n    abort(self)\n    return\n  }\n\n  self[kSignal] = signal\n  self[kListener] = () => {\n    abort(self)\n  }\n\n  addAbortListener(self[kSignal], self[kListener])\n}\n\nfunction removeSignal (self) {\n  if (!self[kSignal]) {\n    return\n  }\n\n  if ('removeEventListener' in self[kSignal]) {\n    self[kSignal].removeEventListener('abort', self[kListener])\n  } else {\n    self[kSignal].removeListener('abort', self[kListener])\n  }\n\n  self[kSignal] = null\n  self[kListener] = null\n}\n\nmodule.exports = {\n  addSignal,\n  removeSignal\n}\n","'use strict'\n\nconst { AsyncResource } = require('async_hooks')\nconst { InvalidArgumentError, RequestAbortedError, SocketError } = require('../core/errors')\nconst util = require('../core/util')\nconst { addSignal, removeSignal } = require('./abort-signal')\n\nclass ConnectHandler extends AsyncResource {\n  constructor (opts, callback) {\n    if (!opts || typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    if (typeof callback !== 'function') {\n      throw new InvalidArgumentError('invalid callback')\n    }\n\n    const { signal, opaque, responseHeaders } = opts\n\n    if (signal && typeof signal.on !== 'function' && typeof signal.addEventListener !== 'function') {\n      throw new InvalidArgumentError('signal must be an EventEmitter or EventTarget')\n    }\n\n    super('UNDICI_CONNECT')\n\n    this.opaque = opaque || null\n    this.responseHeaders = responseHeaders || null\n    this.callback = callback\n    this.abort = null\n\n    addSignal(this, signal)\n  }\n\n  onConnect (abort, context) {\n    if (!this.callback) {\n      throw new RequestAbortedError()\n    }\n\n    this.abort = abort\n    this.context = context\n  }\n\n  onHeaders () {\n    throw new SocketError('bad connect', null)\n  }\n\n  onUpgrade (statusCode, rawHeaders, socket) {\n    const { callback, opaque, context } = this\n\n    removeSignal(this)\n\n    this.callback = null\n\n    let headers = rawHeaders\n    // Indicates is an HTTP2Session\n    if (headers != null) {\n      headers = this.responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n    }\n\n    this.runInAsyncScope(callback, null, null, {\n      statusCode,\n      headers,\n      socket,\n      opaque,\n      context\n    })\n  }\n\n  onError (err) {\n    const { callback, opaque } = this\n\n    removeSignal(this)\n\n    if (callback) {\n      this.callback = null\n      queueMicrotask(() => {\n        this.runInAsyncScope(callback, null, err, { opaque })\n      })\n    }\n  }\n}\n\nfunction connect (opts, callback) {\n  if (callback === undefined) {\n    return new Promise((resolve, reject) => {\n      connect.call(this, opts, (err, data) => {\n        return err ? reject(err) : resolve(data)\n      })\n    })\n  }\n\n  try {\n    const connectHandler = new ConnectHandler(opts, callback)\n    this.dispatch({ ...opts, method: 'CONNECT' }, connectHandler)\n  } catch (err) {\n    if (typeof callback !== 'function') {\n      throw err\n    }\n    const opaque = opts && opts.opaque\n    queueMicrotask(() => callback(err, { opaque }))\n  }\n}\n\nmodule.exports = connect\n","'use strict'\n\nconst {\n  Readable,\n  Duplex,\n  PassThrough\n} = require('stream')\nconst {\n  InvalidArgumentError,\n  InvalidReturnValueError,\n  RequestAbortedError\n} = require('../core/errors')\nconst util = require('../core/util')\nconst { AsyncResource } = require('async_hooks')\nconst { addSignal, removeSignal } = require('./abort-signal')\nconst assert = require('assert')\n\nconst kResume = Symbol('resume')\n\nclass PipelineRequest extends Readable {\n  constructor () {\n    super({ autoDestroy: true })\n\n    this[kResume] = null\n  }\n\n  _read () {\n    const { [kResume]: resume } = this\n\n    if (resume) {\n      this[kResume] = null\n      resume()\n    }\n  }\n\n  _destroy (err, callback) {\n    this._read()\n\n    callback(err)\n  }\n}\n\nclass PipelineResponse extends Readable {\n  constructor (resume) {\n    super({ autoDestroy: true })\n    this[kResume] = resume\n  }\n\n  _read () {\n    this[kResume]()\n  }\n\n  _destroy (err, callback) {\n    if (!err && !this._readableState.endEmitted) {\n      err = new RequestAbortedError()\n    }\n\n    callback(err)\n  }\n}\n\nclass PipelineHandler extends AsyncResource {\n  constructor (opts, handler) {\n    if (!opts || typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    if (typeof handler !== 'function') {\n      throw new InvalidArgumentError('invalid handler')\n    }\n\n    const { signal, method, opaque, onInfo, responseHeaders } = opts\n\n    if (signal && typeof signal.on !== 'function' && typeof signal.addEventListener !== 'function') {\n      throw new InvalidArgumentError('signal must be an EventEmitter or EventTarget')\n    }\n\n    if (method === 'CONNECT') {\n      throw new InvalidArgumentError('invalid method')\n    }\n\n    if (onInfo && typeof onInfo !== 'function') {\n      throw new InvalidArgumentError('invalid onInfo callback')\n    }\n\n    super('UNDICI_PIPELINE')\n\n    this.opaque = opaque || null\n    this.responseHeaders = responseHeaders || null\n    this.handler = handler\n    this.abort = null\n    this.context = null\n    this.onInfo = onInfo || null\n\n    this.req = new PipelineRequest().on('error', util.nop)\n\n    this.ret = new Duplex({\n      readableObjectMode: opts.objectMode,\n      autoDestroy: true,\n      read: () => {\n        const { body } = this\n\n        if (body && body.resume) {\n          body.resume()\n        }\n      },\n      write: (chunk, encoding, callback) => {\n        const { req } = this\n\n        if (req.push(chunk, encoding) || req._readableState.destroyed) {\n          callback()\n        } else {\n          req[kResume] = callback\n        }\n      },\n      destroy: (err, callback) => {\n        const { body, req, res, ret, abort } = this\n\n        if (!err && !ret._readableState.endEmitted) {\n          err = new RequestAbortedError()\n        }\n\n        if (abort && err) {\n          abort()\n        }\n\n        util.destroy(body, err)\n        util.destroy(req, err)\n        util.destroy(res, err)\n\n        removeSignal(this)\n\n        callback(err)\n      }\n    }).on('prefinish', () => {\n      const { req } = this\n\n      // Node < 15 does not call _final in same tick.\n      req.push(null)\n    })\n\n    this.res = null\n\n    addSignal(this, signal)\n  }\n\n  onConnect (abort, context) {\n    const { ret, res } = this\n\n    assert(!res, 'pipeline cannot be retried')\n\n    if (ret.destroyed) {\n      throw new RequestAbortedError()\n    }\n\n    this.abort = abort\n    this.context = context\n  }\n\n  onHeaders (statusCode, rawHeaders, resume) {\n    const { opaque, handler, context } = this\n\n    if (statusCode < 200) {\n      if (this.onInfo) {\n        const headers = this.responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n        this.onInfo({ statusCode, headers })\n      }\n      return\n    }\n\n    this.res = new PipelineResponse(resume)\n\n    let body\n    try {\n      this.handler = null\n      const headers = this.responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n      body = this.runInAsyncScope(handler, null, {\n        statusCode,\n        headers,\n        opaque,\n        body: this.res,\n        context\n      })\n    } catch (err) {\n      this.res.on('error', util.nop)\n      throw err\n    }\n\n    if (!body || typeof body.on !== 'function') {\n      throw new InvalidReturnValueError('expected Readable')\n    }\n\n    body\n      .on('data', (chunk) => {\n        const { ret, body } = this\n\n        if (!ret.push(chunk) && body.pause) {\n          body.pause()\n        }\n      })\n      .on('error', (err) => {\n        const { ret } = this\n\n        util.destroy(ret, err)\n      })\n      .on('end', () => {\n        const { ret } = this\n\n        ret.push(null)\n      })\n      .on('close', () => {\n        const { ret } = this\n\n        if (!ret._readableState.ended) {\n          util.destroy(ret, new RequestAbortedError())\n        }\n      })\n\n    this.body = body\n  }\n\n  onData (chunk) {\n    const { res } = this\n    return res.push(chunk)\n  }\n\n  onComplete (trailers) {\n    const { res } = this\n    res.push(null)\n  }\n\n  onError (err) {\n    const { ret } = this\n    this.handler = null\n    util.destroy(ret, err)\n  }\n}\n\nfunction pipeline (opts, handler) {\n  try {\n    const pipelineHandler = new PipelineHandler(opts, handler)\n    this.dispatch({ ...opts, body: pipelineHandler.req }, pipelineHandler)\n    return pipelineHandler.ret\n  } catch (err) {\n    return new PassThrough().destroy(err)\n  }\n}\n\nmodule.exports = pipeline\n","'use strict'\n\nconst Readable = require('./readable')\nconst {\n  InvalidArgumentError,\n  RequestAbortedError\n} = require('../core/errors')\nconst util = require('../core/util')\nconst { getResolveErrorBodyCallback } = require('./util')\nconst { AsyncResource } = require('async_hooks')\nconst { addSignal, removeSignal } = require('./abort-signal')\n\nclass RequestHandler extends AsyncResource {\n  constructor (opts, callback) {\n    if (!opts || typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    const { signal, method, opaque, body, onInfo, responseHeaders, throwOnError, highWaterMark } = opts\n\n    try {\n      if (typeof callback !== 'function') {\n        throw new InvalidArgumentError('invalid callback')\n      }\n\n      if (highWaterMark && (typeof highWaterMark !== 'number' || highWaterMark < 0)) {\n        throw new InvalidArgumentError('invalid highWaterMark')\n      }\n\n      if (signal && typeof signal.on !== 'function' && typeof signal.addEventListener !== 'function') {\n        throw new InvalidArgumentError('signal must be an EventEmitter or EventTarget')\n      }\n\n      if (method === 'CONNECT') {\n        throw new InvalidArgumentError('invalid method')\n      }\n\n      if (onInfo && typeof onInfo !== 'function') {\n        throw new InvalidArgumentError('invalid onInfo callback')\n      }\n\n      super('UNDICI_REQUEST')\n    } catch (err) {\n      if (util.isStream(body)) {\n        util.destroy(body.on('error', util.nop), err)\n      }\n      throw err\n    }\n\n    this.responseHeaders = responseHeaders || null\n    this.opaque = opaque || null\n    this.callback = callback\n    this.res = null\n    this.abort = null\n    this.body = body\n    this.trailers = {}\n    this.context = null\n    this.onInfo = onInfo || null\n    this.throwOnError = throwOnError\n    this.highWaterMark = highWaterMark\n\n    if (util.isStream(body)) {\n      body.on('error', (err) => {\n        this.onError(err)\n      })\n    }\n\n    addSignal(this, signal)\n  }\n\n  onConnect (abort, context) {\n    if (!this.callback) {\n      throw new RequestAbortedError()\n    }\n\n    this.abort = abort\n    this.context = context\n  }\n\n  onHeaders (statusCode, rawHeaders, resume, statusMessage) {\n    const { callback, opaque, abort, context, responseHeaders, highWaterMark } = this\n\n    const headers = responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n\n    if (statusCode < 200) {\n      if (this.onInfo) {\n        this.onInfo({ statusCode, headers })\n      }\n      return\n    }\n\n    const parsedHeaders = responseHeaders === 'raw' ? util.parseHeaders(rawHeaders) : headers\n    const contentType = parsedHeaders['content-type']\n    const body = new Readable({ resume, abort, contentType, highWaterMark })\n\n    this.callback = null\n    this.res = body\n    if (callback !== null) {\n      if (this.throwOnError && statusCode >= 400) {\n        this.runInAsyncScope(getResolveErrorBodyCallback, null,\n          { callback, body, contentType, statusCode, statusMessage, headers }\n        )\n      } else {\n        this.runInAsyncScope(callback, null, null, {\n          statusCode,\n          headers,\n          trailers: this.trailers,\n          opaque,\n          body,\n          context\n        })\n      }\n    }\n  }\n\n  onData (chunk) {\n    const { res } = this\n    return res.push(chunk)\n  }\n\n  onComplete (trailers) {\n    const { res } = this\n\n    removeSignal(this)\n\n    util.parseHeaders(trailers, this.trailers)\n\n    res.push(null)\n  }\n\n  onError (err) {\n    const { res, callback, body, opaque } = this\n\n    removeSignal(this)\n\n    if (callback) {\n      // TODO: Does this need queueMicrotask?\n      this.callback = null\n      queueMicrotask(() => {\n        this.runInAsyncScope(callback, null, err, { opaque })\n      })\n    }\n\n    if (res) {\n      this.res = null\n      // Ensure all queued handlers are invoked before destroying res.\n      queueMicrotask(() => {\n        util.destroy(res, err)\n      })\n    }\n\n    if (body) {\n      this.body = null\n      util.destroy(body, err)\n    }\n  }\n}\n\nfunction request (opts, callback) {\n  if (callback === undefined) {\n    return new Promise((resolve, reject) => {\n      request.call(this, opts, (err, data) => {\n        return err ? reject(err) : resolve(data)\n      })\n    })\n  }\n\n  try {\n    this.dispatch(opts, new RequestHandler(opts, callback))\n  } catch (err) {\n    if (typeof callback !== 'function') {\n      throw err\n    }\n    const opaque = opts && opts.opaque\n    queueMicrotask(() => callback(err, { opaque }))\n  }\n}\n\nmodule.exports = request\nmodule.exports.RequestHandler = RequestHandler\n","'use strict'\n\nconst { finished, PassThrough } = require('stream')\nconst {\n  InvalidArgumentError,\n  InvalidReturnValueError,\n  RequestAbortedError\n} = require('../core/errors')\nconst util = require('../core/util')\nconst { getResolveErrorBodyCallback } = require('./util')\nconst { AsyncResource } = require('async_hooks')\nconst { addSignal, removeSignal } = require('./abort-signal')\n\nclass StreamHandler extends AsyncResource {\n  constructor (opts, factory, callback) {\n    if (!opts || typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    const { signal, method, opaque, body, onInfo, responseHeaders, throwOnError } = opts\n\n    try {\n      if (typeof callback !== 'function') {\n        throw new InvalidArgumentError('invalid callback')\n      }\n\n      if (typeof factory !== 'function') {\n        throw new InvalidArgumentError('invalid factory')\n      }\n\n      if (signal && typeof signal.on !== 'function' && typeof signal.addEventListener !== 'function') {\n        throw new InvalidArgumentError('signal must be an EventEmitter or EventTarget')\n      }\n\n      if (method === 'CONNECT') {\n        throw new InvalidArgumentError('invalid method')\n      }\n\n      if (onInfo && typeof onInfo !== 'function') {\n        throw new InvalidArgumentError('invalid onInfo callback')\n      }\n\n      super('UNDICI_STREAM')\n    } catch (err) {\n      if (util.isStream(body)) {\n        util.destroy(body.on('error', util.nop), err)\n      }\n      throw err\n    }\n\n    this.responseHeaders = responseHeaders || null\n    this.opaque = opaque || null\n    this.factory = factory\n    this.callback = callback\n    this.res = null\n    this.abort = null\n    this.context = null\n    this.trailers = null\n    this.body = body\n    this.onInfo = onInfo || null\n    this.throwOnError = throwOnError || false\n\n    if (util.isStream(body)) {\n      body.on('error', (err) => {\n        this.onError(err)\n      })\n    }\n\n    addSignal(this, signal)\n  }\n\n  onConnect (abort, context) {\n    if (!this.callback) {\n      throw new RequestAbortedError()\n    }\n\n    this.abort = abort\n    this.context = context\n  }\n\n  onHeaders (statusCode, rawHeaders, resume, statusMessage) {\n    const { factory, opaque, context, callback, responseHeaders } = this\n\n    const headers = responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n\n    if (statusCode < 200) {\n      if (this.onInfo) {\n        this.onInfo({ statusCode, headers })\n      }\n      return\n    }\n\n    this.factory = null\n\n    let res\n\n    if (this.throwOnError && statusCode >= 400) {\n      const parsedHeaders = responseHeaders === 'raw' ? util.parseHeaders(rawHeaders) : headers\n      const contentType = parsedHeaders['content-type']\n      res = new PassThrough()\n\n      this.callback = null\n      this.runInAsyncScope(getResolveErrorBodyCallback, null,\n        { callback, body: res, contentType, statusCode, statusMessage, headers }\n      )\n    } else {\n      if (factory === null) {\n        return\n      }\n\n      res = this.runInAsyncScope(factory, null, {\n        statusCode,\n        headers,\n        opaque,\n        context\n      })\n\n      if (\n        !res ||\n        typeof res.write !== 'function' ||\n        typeof res.end !== 'function' ||\n        typeof res.on !== 'function'\n      ) {\n        throw new InvalidReturnValueError('expected Writable')\n      }\n\n      // TODO: Avoid finished. It registers an unnecessary amount of listeners.\n      finished(res, { readable: false }, (err) => {\n        const { callback, res, opaque, trailers, abort } = this\n\n        this.res = null\n        if (err || !res.readable) {\n          util.destroy(res, err)\n        }\n\n        this.callback = null\n        this.runInAsyncScope(callback, null, err || null, { opaque, trailers })\n\n        if (err) {\n          abort()\n        }\n      })\n    }\n\n    res.on('drain', resume)\n\n    this.res = res\n\n    const needDrain = res.writableNeedDrain !== undefined\n      ? res.writableNeedDrain\n      : res._writableState && res._writableState.needDrain\n\n    return needDrain !== true\n  }\n\n  onData (chunk) {\n    const { res } = this\n\n    return res ? res.write(chunk) : true\n  }\n\n  onComplete (trailers) {\n    const { res } = this\n\n    removeSignal(this)\n\n    if (!res) {\n      return\n    }\n\n    this.trailers = util.parseHeaders(trailers)\n\n    res.end()\n  }\n\n  onError (err) {\n    const { res, callback, opaque, body } = this\n\n    removeSignal(this)\n\n    this.factory = null\n\n    if (res) {\n      this.res = null\n      util.destroy(res, err)\n    } else if (callback) {\n      this.callback = null\n      queueMicrotask(() => {\n        this.runInAsyncScope(callback, null, err, { opaque })\n      })\n    }\n\n    if (body) {\n      this.body = null\n      util.destroy(body, err)\n    }\n  }\n}\n\nfunction stream (opts, factory, callback) {\n  if (callback === undefined) {\n    return new Promise((resolve, reject) => {\n      stream.call(this, opts, factory, (err, data) => {\n        return err ? reject(err) : resolve(data)\n      })\n    })\n  }\n\n  try {\n    this.dispatch(opts, new StreamHandler(opts, factory, callback))\n  } catch (err) {\n    if (typeof callback !== 'function') {\n      throw err\n    }\n    const opaque = opts && opts.opaque\n    queueMicrotask(() => callback(err, { opaque }))\n  }\n}\n\nmodule.exports = stream\n","'use strict'\n\nconst { InvalidArgumentError, RequestAbortedError, SocketError } = require('../core/errors')\nconst { AsyncResource } = require('async_hooks')\nconst util = require('../core/util')\nconst { addSignal, removeSignal } = require('./abort-signal')\nconst assert = require('assert')\n\nclass UpgradeHandler extends AsyncResource {\n  constructor (opts, callback) {\n    if (!opts || typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    if (typeof callback !== 'function') {\n      throw new InvalidArgumentError('invalid callback')\n    }\n\n    const { signal, opaque, responseHeaders } = opts\n\n    if (signal && typeof signal.on !== 'function' && typeof signal.addEventListener !== 'function') {\n      throw new InvalidArgumentError('signal must be an EventEmitter or EventTarget')\n    }\n\n    super('UNDICI_UPGRADE')\n\n    this.responseHeaders = responseHeaders || null\n    this.opaque = opaque || null\n    this.callback = callback\n    this.abort = null\n    this.context = null\n\n    addSignal(this, signal)\n  }\n\n  onConnect (abort, context) {\n    if (!this.callback) {\n      throw new RequestAbortedError()\n    }\n\n    this.abort = abort\n    this.context = null\n  }\n\n  onHeaders () {\n    throw new SocketError('bad upgrade', null)\n  }\n\n  onUpgrade (statusCode, rawHeaders, socket) {\n    const { callback, opaque, context } = this\n\n    assert.strictEqual(statusCode, 101)\n\n    removeSignal(this)\n\n    this.callback = null\n    const headers = this.responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n    this.runInAsyncScope(callback, null, null, {\n      headers,\n      socket,\n      opaque,\n      context\n    })\n  }\n\n  onError (err) {\n    const { callback, opaque } = this\n\n    removeSignal(this)\n\n    if (callback) {\n      this.callback = null\n      queueMicrotask(() => {\n        this.runInAsyncScope(callback, null, err, { opaque })\n      })\n    }\n  }\n}\n\nfunction upgrade (opts, callback) {\n  if (callback === undefined) {\n    return new Promise((resolve, reject) => {\n      upgrade.call(this, opts, (err, data) => {\n        return err ? reject(err) : resolve(data)\n      })\n    })\n  }\n\n  try {\n    const upgradeHandler = new UpgradeHandler(opts, callback)\n    this.dispatch({\n      ...opts,\n      method: opts.method || 'GET',\n      upgrade: opts.protocol || 'Websocket'\n    }, upgradeHandler)\n  } catch (err) {\n    if (typeof callback !== 'function') {\n      throw err\n    }\n    const opaque = opts && opts.opaque\n    queueMicrotask(() => callback(err, { opaque }))\n  }\n}\n\nmodule.exports = upgrade\n","'use strict'\n\nmodule.exports.request = require('./api-request')\nmodule.exports.stream = require('./api-stream')\nmodule.exports.pipeline = require('./api-pipeline')\nmodule.exports.upgrade = require('./api-upgrade')\nmodule.exports.connect = require('./api-connect')\n","// Ported from https://github.com/nodejs/undici/pull/907\n\n'use strict'\n\nconst assert = require('assert')\nconst { Readable } = require('stream')\nconst { RequestAbortedError, NotSupportedError, InvalidArgumentError } = require('../core/errors')\nconst util = require('../core/util')\nconst { ReadableStreamFrom, toUSVString } = require('../core/util')\n\nlet Blob\n\nconst kConsume = Symbol('kConsume')\nconst kReading = Symbol('kReading')\nconst kBody = Symbol('kBody')\nconst kAbort = Symbol('abort')\nconst kContentType = Symbol('kContentType')\n\nconst noop = () => {}\n\nmodule.exports = class BodyReadable extends Readable {\n  constructor ({\n    resume,\n    abort,\n    contentType = '',\n    highWaterMark = 64 * 1024 // Same as nodejs fs streams.\n  }) {\n    super({\n      autoDestroy: true,\n      read: resume,\n      highWaterMark\n    })\n\n    this._readableState.dataEmitted = false\n\n    this[kAbort] = abort\n    this[kConsume] = null\n    this[kBody] = null\n    this[kContentType] = contentType\n\n    // Is stream being consumed through Readable API?\n    // This is an optimization so that we avoid checking\n    // for 'data' and 'readable' listeners in the hot path\n    // inside push().\n    this[kReading] = false\n  }\n\n  destroy (err) {\n    if (this.destroyed) {\n      // Node < 16\n      return this\n    }\n\n    if (!err && !this._readableState.endEmitted) {\n      err = new RequestAbortedError()\n    }\n\n    if (err) {\n      this[kAbort]()\n    }\n\n    return super.destroy(err)\n  }\n\n  emit (ev, ...args) {\n    if (ev === 'data') {\n      // Node < 16.7\n      this._readableState.dataEmitted = true\n    } else if (ev === 'error') {\n      // Node < 16\n      this._readableState.errorEmitted = true\n    }\n    return super.emit(ev, ...args)\n  }\n\n  on (ev, ...args) {\n    if (ev === 'data' || ev === 'readable') {\n      this[kReading] = true\n    }\n    return super.on(ev, ...args)\n  }\n\n  addListener (ev, ...args) {\n    return this.on(ev, ...args)\n  }\n\n  off (ev, ...args) {\n    const ret = super.off(ev, ...args)\n    if (ev === 'data' || ev === 'readable') {\n      this[kReading] = (\n        this.listenerCount('data') > 0 ||\n        this.listenerCount('readable') > 0\n      )\n    }\n    return ret\n  }\n\n  removeListener (ev, ...args) {\n    return this.off(ev, ...args)\n  }\n\n  push (chunk) {\n    if (this[kConsume] && chunk !== null && this.readableLength === 0) {\n      consumePush(this[kConsume], chunk)\n      return this[kReading] ? super.push(chunk) : true\n    }\n    return super.push(chunk)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-text\n  async text () {\n    return consume(this, 'text')\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-json\n  async json () {\n    return consume(this, 'json')\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-blob\n  async blob () {\n    return consume(this, 'blob')\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-arraybuffer\n  async arrayBuffer () {\n    return consume(this, 'arrayBuffer')\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-formdata\n  async formData () {\n    // TODO: Implement.\n    throw new NotSupportedError()\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-bodyused\n  get bodyUsed () {\n    return util.isDisturbed(this)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-body\n  get body () {\n    if (!this[kBody]) {\n      this[kBody] = ReadableStreamFrom(this)\n      if (this[kConsume]) {\n        // TODO: Is this the best way to force a lock?\n        this[kBody].getReader() // Ensure stream is locked.\n        assert(this[kBody].locked)\n      }\n    }\n    return this[kBody]\n  }\n\n  dump (opts) {\n    let limit = opts && Number.isFinite(opts.limit) ? opts.limit : 262144\n    const signal = opts && opts.signal\n\n    if (signal) {\n      try {\n        if (typeof signal !== 'object' || !('aborted' in signal)) {\n          throw new InvalidArgumentError('signal must be an AbortSignal')\n        }\n        util.throwIfAborted(signal)\n      } catch (err) {\n        return Promise.reject(err)\n      }\n    }\n\n    if (this.closed) {\n      return Promise.resolve(null)\n    }\n\n    return new Promise((resolve, reject) => {\n      const signalListenerCleanup = signal\n        ? util.addAbortListener(signal, () => {\n          this.destroy()\n        })\n        : noop\n\n      this\n        .on('close', function () {\n          signalListenerCleanup()\n          if (signal && signal.aborted) {\n            reject(signal.reason || Object.assign(new Error('The operation was aborted'), { name: 'AbortError' }))\n          } else {\n            resolve(null)\n          }\n        })\n        .on('error', noop)\n        .on('data', function (chunk) {\n          limit -= chunk.length\n          if (limit <= 0) {\n            this.destroy()\n          }\n        })\n        .resume()\n    })\n  }\n}\n\n// https://streams.spec.whatwg.org/#readablestream-locked\nfunction isLocked (self) {\n  // Consume is an implicit lock.\n  return (self[kBody] && self[kBody].locked === true) || self[kConsume]\n}\n\n// https://fetch.spec.whatwg.org/#body-unusable\nfunction isUnusable (self) {\n  return util.isDisturbed(self) || isLocked(self)\n}\n\nasync function consume (stream, type) {\n  if (isUnusable(stream)) {\n    throw new TypeError('unusable')\n  }\n\n  assert(!stream[kConsume])\n\n  return new Promise((resolve, reject) => {\n    stream[kConsume] = {\n      type,\n      stream,\n      resolve,\n      reject,\n      length: 0,\n      body: []\n    }\n\n    stream\n      .on('error', function (err) {\n        consumeFinish(this[kConsume], err)\n      })\n      .on('close', function () {\n        if (this[kConsume].body !== null) {\n          consumeFinish(this[kConsume], new RequestAbortedError())\n        }\n      })\n\n    process.nextTick(consumeStart, stream[kConsume])\n  })\n}\n\nfunction consumeStart (consume) {\n  if (consume.body === null) {\n    return\n  }\n\n  const { _readableState: state } = consume.stream\n\n  for (const chunk of state.buffer) {\n    consumePush(consume, chunk)\n  }\n\n  if (state.endEmitted) {\n    consumeEnd(this[kConsume])\n  } else {\n    consume.stream.on('end', function () {\n      consumeEnd(this[kConsume])\n    })\n  }\n\n  consume.stream.resume()\n\n  while (consume.stream.read() != null) {\n    // Loop\n  }\n}\n\nfunction consumeEnd (consume) {\n  const { type, body, resolve, stream, length } = consume\n\n  try {\n    if (type === 'text') {\n      resolve(toUSVString(Buffer.concat(body)))\n    } else if (type === 'json') {\n      resolve(JSON.parse(Buffer.concat(body)))\n    } else if (type === 'arrayBuffer') {\n      const dst = new Uint8Array(length)\n\n      let pos = 0\n      for (const buf of body) {\n        dst.set(buf, pos)\n        pos += buf.byteLength\n      }\n\n      resolve(dst.buffer)\n    } else if (type === 'blob') {\n      if (!Blob) {\n        Blob = require('buffer').Blob\n      }\n      resolve(new Blob(body, { type: stream[kContentType] }))\n    }\n\n    consumeFinish(consume)\n  } catch (err) {\n    stream.destroy(err)\n  }\n}\n\nfunction consumePush (consume, chunk) {\n  consume.length += chunk.length\n  consume.body.push(chunk)\n}\n\nfunction consumeFinish (consume, err) {\n  if (consume.body === null) {\n    return\n  }\n\n  if (err) {\n    consume.reject(err)\n  } else {\n    consume.resolve()\n  }\n\n  consume.type = null\n  consume.stream = null\n  consume.resolve = null\n  consume.reject = null\n  consume.length = 0\n  consume.body = null\n}\n","const assert = require('assert')\nconst {\n  ResponseStatusCodeError\n} = require('../core/errors')\nconst { toUSVString } = require('../core/util')\n\nasync function getResolveErrorBodyCallback ({ callback, body, contentType, statusCode, statusMessage, headers }) {\n  assert(body)\n\n  let chunks = []\n  let limit = 0\n\n  for await (const chunk of body) {\n    chunks.push(chunk)\n    limit += chunk.length\n    if (limit > 128 * 1024) {\n      chunks = null\n      break\n    }\n  }\n\n  if (statusCode === 204 || !contentType || !chunks) {\n    process.nextTick(callback, new ResponseStatusCodeError(`Response status code ${statusCode}${statusMessage ? `: ${statusMessage}` : ''}`, statusCode, headers))\n    return\n  }\n\n  try {\n    if (contentType.startsWith('application/json')) {\n      const payload = JSON.parse(toUSVString(Buffer.concat(chunks)))\n      process.nextTick(callback, new ResponseStatusCodeError(`Response status code ${statusCode}${statusMessage ? `: ${statusMessage}` : ''}`, statusCode, headers, payload))\n      return\n    }\n\n    if (contentType.startsWith('text/')) {\n      const payload = toUSVString(Buffer.concat(chunks))\n      process.nextTick(callback, new ResponseStatusCodeError(`Response status code ${statusCode}${statusMessage ? `: ${statusMessage}` : ''}`, statusCode, headers, payload))\n      return\n    }\n  } catch (err) {\n    // Process in a fallback if error\n  }\n\n  process.nextTick(callback, new ResponseStatusCodeError(`Response status code ${statusCode}${statusMessage ? `: ${statusMessage}` : ''}`, statusCode, headers))\n}\n\nmodule.exports = { getResolveErrorBodyCallback }\n","'use strict'\n\nconst {\n  BalancedPoolMissingUpstreamError,\n  InvalidArgumentError\n} = require('./core/errors')\nconst {\n  PoolBase,\n  kClients,\n  kNeedDrain,\n  kAddClient,\n  kRemoveClient,\n  kGetDispatcher\n} = require('./pool-base')\nconst Pool = require('./pool')\nconst { kUrl, kInterceptors } = require('./core/symbols')\nconst { parseOrigin } = require('./core/util')\nconst kFactory = Symbol('factory')\n\nconst kOptions = Symbol('options')\nconst kGreatestCommonDivisor = Symbol('kGreatestCommonDivisor')\nconst kCurrentWeight = Symbol('kCurrentWeight')\nconst kIndex = Symbol('kIndex')\nconst kWeight = Symbol('kWeight')\nconst kMaxWeightPerServer = Symbol('kMaxWeightPerServer')\nconst kErrorPenalty = Symbol('kErrorPenalty')\n\nfunction getGreatestCommonDivisor (a, b) {\n  if (b === 0) return a\n  return getGreatestCommonDivisor(b, a % b)\n}\n\nfunction defaultFactory (origin, opts) {\n  return new Pool(origin, opts)\n}\n\nclass BalancedPool extends PoolBase {\n  constructor (upstreams = [], { factory = defaultFactory, ...opts } = {}) {\n    super()\n\n    this[kOptions] = opts\n    this[kIndex] = -1\n    this[kCurrentWeight] = 0\n\n    this[kMaxWeightPerServer] = this[kOptions].maxWeightPerServer || 100\n    this[kErrorPenalty] = this[kOptions].errorPenalty || 15\n\n    if (!Array.isArray(upstreams)) {\n      upstreams = [upstreams]\n    }\n\n    if (typeof factory !== 'function') {\n      throw new InvalidArgumentError('factory must be a function.')\n    }\n\n    this[kInterceptors] = opts.interceptors && opts.interceptors.BalancedPool && Array.isArray(opts.interceptors.BalancedPool)\n      ? opts.interceptors.BalancedPool\n      : []\n    this[kFactory] = factory\n\n    for (const upstream of upstreams) {\n      this.addUpstream(upstream)\n    }\n    this._updateBalancedPoolStats()\n  }\n\n  addUpstream (upstream) {\n    const upstreamOrigin = parseOrigin(upstream).origin\n\n    if (this[kClients].find((pool) => (\n      pool[kUrl].origin === upstreamOrigin &&\n      pool.closed !== true &&\n      pool.destroyed !== true\n    ))) {\n      return this\n    }\n    const pool = this[kFactory](upstreamOrigin, Object.assign({}, this[kOptions]))\n\n    this[kAddClient](pool)\n    pool.on('connect', () => {\n      pool[kWeight] = Math.min(this[kMaxWeightPerServer], pool[kWeight] + this[kErrorPenalty])\n    })\n\n    pool.on('connectionError', () => {\n      pool[kWeight] = Math.max(1, pool[kWeight] - this[kErrorPenalty])\n      this._updateBalancedPoolStats()\n    })\n\n    pool.on('disconnect', (...args) => {\n      const err = args[2]\n      if (err && err.code === 'UND_ERR_SOCKET') {\n        // decrease the weight of the pool.\n        pool[kWeight] = Math.max(1, pool[kWeight] - this[kErrorPenalty])\n        this._updateBalancedPoolStats()\n      }\n    })\n\n    for (const client of this[kClients]) {\n      client[kWeight] = this[kMaxWeightPerServer]\n    }\n\n    this._updateBalancedPoolStats()\n\n    return this\n  }\n\n  _updateBalancedPoolStats () {\n    this[kGreatestCommonDivisor] = this[kClients].map(p => p[kWeight]).reduce(getGreatestCommonDivisor, 0)\n  }\n\n  removeUpstream (upstream) {\n    const upstreamOrigin = parseOrigin(upstream).origin\n\n    const pool = this[kClients].find((pool) => (\n      pool[kUrl].origin === upstreamOrigin &&\n      pool.closed !== true &&\n      pool.destroyed !== true\n    ))\n\n    if (pool) {\n      this[kRemoveClient](pool)\n    }\n\n    return this\n  }\n\n  get upstreams () {\n    return this[kClients]\n      .filter(dispatcher => dispatcher.closed !== true && dispatcher.destroyed !== true)\n      .map((p) => p[kUrl].origin)\n  }\n\n  [kGetDispatcher] () {\n    // We validate that pools is greater than 0,\n    // otherwise we would have to wait until an upstream\n    // is added, which might never happen.\n    if (this[kClients].length === 0) {\n      throw new BalancedPoolMissingUpstreamError()\n    }\n\n    const dispatcher = this[kClients].find(dispatcher => (\n      !dispatcher[kNeedDrain] &&\n      dispatcher.closed !== true &&\n      dispatcher.destroyed !== true\n    ))\n\n    if (!dispatcher) {\n      return\n    }\n\n    const allClientsBusy = this[kClients].map(pool => pool[kNeedDrain]).reduce((a, b) => a && b, true)\n\n    if (allClientsBusy) {\n      return\n    }\n\n    let counter = 0\n\n    let maxWeightIndex = this[kClients].findIndex(pool => !pool[kNeedDrain])\n\n    while (counter++ < this[kClients].length) {\n      this[kIndex] = (this[kIndex] + 1) % this[kClients].length\n      const pool = this[kClients][this[kIndex]]\n\n      // find pool index with the largest weight\n      if (pool[kWeight] > this[kClients][maxWeightIndex][kWeight] && !pool[kNeedDrain]) {\n        maxWeightIndex = this[kIndex]\n      }\n\n      // decrease the current weight every `this[kClients].length`.\n      if (this[kIndex] === 0) {\n        // Set the current weight to the next lower weight.\n        this[kCurrentWeight] = this[kCurrentWeight] - this[kGreatestCommonDivisor]\n\n        if (this[kCurrentWeight] <= 0) {\n          this[kCurrentWeight] = this[kMaxWeightPerServer]\n        }\n      }\n      if (pool[kWeight] >= this[kCurrentWeight] && (!pool[kNeedDrain])) {\n        return pool\n      }\n    }\n\n    this[kCurrentWeight] = this[kClients][maxWeightIndex][kWeight]\n    this[kIndex] = maxWeightIndex\n    return this[kClients][maxWeightIndex]\n  }\n}\n\nmodule.exports = BalancedPool\n","'use strict'\n\nconst { kConstruct } = require('./symbols')\nconst { urlEquals, fieldValues: getFieldValues } = require('./util')\nconst { kEnumerableProperty, isDisturbed } = require('../core/util')\nconst { kHeadersList } = require('../core/symbols')\nconst { webidl } = require('../fetch/webidl')\nconst { Response, cloneResponse } = require('../fetch/response')\nconst { Request } = require('../fetch/request')\nconst { kState, kHeaders, kGuard, kRealm } = require('../fetch/symbols')\nconst { fetching } = require('../fetch/index')\nconst { urlIsHttpHttpsScheme, createDeferredPromise, readAllBytes } = require('../fetch/util')\nconst assert = require('assert')\nconst { getGlobalDispatcher } = require('../global')\n\n/**\n * @see https://w3c.github.io/ServiceWorker/#dfn-cache-batch-operation\n * @typedef {Object} CacheBatchOperation\n * @property {'delete' | 'put'} type\n * @property {any} request\n * @property {any} response\n * @property {import('../../types/cache').CacheQueryOptions} options\n */\n\n/**\n * @see https://w3c.github.io/ServiceWorker/#dfn-request-response-list\n * @typedef {[any, any][]} requestResponseList\n */\n\nclass Cache {\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#dfn-relevant-request-response-list\n   * @type {requestResponseList}\n   */\n  #relevantRequestResponseList\n\n  constructor () {\n    if (arguments[0] !== kConstruct) {\n      webidl.illegalConstructor()\n    }\n\n    this.#relevantRequestResponseList = arguments[1]\n  }\n\n  async match (request, options = {}) {\n    webidl.brandCheck(this, Cache)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Cache.match' })\n\n    request = webidl.converters.RequestInfo(request)\n    options = webidl.converters.CacheQueryOptions(options)\n\n    const p = await this.matchAll(request, options)\n\n    if (p.length === 0) {\n      return\n    }\n\n    return p[0]\n  }\n\n  async matchAll (request = undefined, options = {}) {\n    webidl.brandCheck(this, Cache)\n\n    if (request !== undefined) request = webidl.converters.RequestInfo(request)\n    options = webidl.converters.CacheQueryOptions(options)\n\n    // 1.\n    let r = null\n\n    // 2.\n    if (request !== undefined) {\n      if (request instanceof Request) {\n        // 2.1.1\n        r = request[kState]\n\n        // 2.1.2\n        if (r.method !== 'GET' && !options.ignoreMethod) {\n          return []\n        }\n      } else if (typeof request === 'string') {\n        // 2.2.1\n        r = new Request(request)[kState]\n      }\n    }\n\n    // 5.\n    // 5.1\n    const responses = []\n\n    // 5.2\n    if (request === undefined) {\n      // 5.2.1\n      for (const requestResponse of this.#relevantRequestResponseList) {\n        responses.push(requestResponse[1])\n      }\n    } else { // 5.3\n      // 5.3.1\n      const requestResponses = this.#queryCache(r, options)\n\n      // 5.3.2\n      for (const requestResponse of requestResponses) {\n        responses.push(requestResponse[1])\n      }\n    }\n\n    // 5.4\n    // We don't implement CORs so we don't need to loop over the responses, yay!\n\n    // 5.5.1\n    const responseList = []\n\n    // 5.5.2\n    for (const response of responses) {\n      // 5.5.2.1\n      const responseObject = new Response(response.body?.source ?? null)\n      const body = responseObject[kState].body\n      responseObject[kState] = response\n      responseObject[kState].body = body\n      responseObject[kHeaders][kHeadersList] = response.headersList\n      responseObject[kHeaders][kGuard] = 'immutable'\n\n      responseList.push(responseObject)\n    }\n\n    // 6.\n    return Object.freeze(responseList)\n  }\n\n  async add (request) {\n    webidl.brandCheck(this, Cache)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Cache.add' })\n\n    request = webidl.converters.RequestInfo(request)\n\n    // 1.\n    const requests = [request]\n\n    // 2.\n    const responseArrayPromise = this.addAll(requests)\n\n    // 3.\n    return await responseArrayPromise\n  }\n\n  async addAll (requests) {\n    webidl.brandCheck(this, Cache)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Cache.addAll' })\n\n    requests = webidl.converters['sequence<RequestInfo>'](requests)\n\n    // 1.\n    const responsePromises = []\n\n    // 2.\n    const requestList = []\n\n    // 3.\n    for (const request of requests) {\n      if (typeof request === 'string') {\n        continue\n      }\n\n      // 3.1\n      const r = request[kState]\n\n      // 3.2\n      if (!urlIsHttpHttpsScheme(r.url) || r.method !== 'GET') {\n        throw webidl.errors.exception({\n          header: 'Cache.addAll',\n          message: 'Expected http/s scheme when method is not GET.'\n        })\n      }\n    }\n\n    // 4.\n    /** @type {ReturnType<typeof fetching>[]} */\n    const fetchControllers = []\n\n    // 5.\n    for (const request of requests) {\n      // 5.1\n      const r = new Request(request)[kState]\n\n      // 5.2\n      if (!urlIsHttpHttpsScheme(r.url)) {\n        throw webidl.errors.exception({\n          header: 'Cache.addAll',\n          message: 'Expected http/s scheme.'\n        })\n      }\n\n      // 5.4\n      r.initiator = 'fetch'\n      r.destination = 'subresource'\n\n      // 5.5\n      requestList.push(r)\n\n      // 5.6\n      const responsePromise = createDeferredPromise()\n\n      // 5.7\n      fetchControllers.push(fetching({\n        request: r,\n        dispatcher: getGlobalDispatcher(),\n        processResponse (response) {\n          // 1.\n          if (response.type === 'error' || response.status === 206 || response.status < 200 || response.status > 299) {\n            responsePromise.reject(webidl.errors.exception({\n              header: 'Cache.addAll',\n              message: 'Received an invalid status code or the request failed.'\n            }))\n          } else if (response.headersList.contains('vary')) { // 2.\n            // 2.1\n            const fieldValues = getFieldValues(response.headersList.get('vary'))\n\n            // 2.2\n            for (const fieldValue of fieldValues) {\n              // 2.2.1\n              if (fieldValue === '*') {\n                responsePromise.reject(webidl.errors.exception({\n                  header: 'Cache.addAll',\n                  message: 'invalid vary field value'\n                }))\n\n                for (const controller of fetchControllers) {\n                  controller.abort()\n                }\n\n                return\n              }\n            }\n          }\n        },\n        processResponseEndOfBody (response) {\n          // 1.\n          if (response.aborted) {\n            responsePromise.reject(new DOMException('aborted', 'AbortError'))\n            return\n          }\n\n          // 2.\n          responsePromise.resolve(response)\n        }\n      }))\n\n      // 5.8\n      responsePromises.push(responsePromise.promise)\n    }\n\n    // 6.\n    const p = Promise.all(responsePromises)\n\n    // 7.\n    const responses = await p\n\n    // 7.1\n    const operations = []\n\n    // 7.2\n    let index = 0\n\n    // 7.3\n    for (const response of responses) {\n      // 7.3.1\n      /** @type {CacheBatchOperation} */\n      const operation = {\n        type: 'put', // 7.3.2\n        request: requestList[index], // 7.3.3\n        response // 7.3.4\n      }\n\n      operations.push(operation) // 7.3.5\n\n      index++ // 7.3.6\n    }\n\n    // 7.5\n    const cacheJobPromise = createDeferredPromise()\n\n    // 7.6.1\n    let errorData = null\n\n    // 7.6.2\n    try {\n      this.#batchCacheOperations(operations)\n    } catch (e) {\n      errorData = e\n    }\n\n    // 7.6.3\n    queueMicrotask(() => {\n      // 7.6.3.1\n      if (errorData === null) {\n        cacheJobPromise.resolve(undefined)\n      } else {\n        // 7.6.3.2\n        cacheJobPromise.reject(errorData)\n      }\n    })\n\n    // 7.7\n    return cacheJobPromise.promise\n  }\n\n  async put (request, response) {\n    webidl.brandCheck(this, Cache)\n    webidl.argumentLengthCheck(arguments, 2, { header: 'Cache.put' })\n\n    request = webidl.converters.RequestInfo(request)\n    response = webidl.converters.Response(response)\n\n    // 1.\n    let innerRequest = null\n\n    // 2.\n    if (request instanceof Request) {\n      innerRequest = request[kState]\n    } else { // 3.\n      innerRequest = new Request(request)[kState]\n    }\n\n    // 4.\n    if (!urlIsHttpHttpsScheme(innerRequest.url) || innerRequest.method !== 'GET') {\n      throw webidl.errors.exception({\n        header: 'Cache.put',\n        message: 'Expected an http/s scheme when method is not GET'\n      })\n    }\n\n    // 5.\n    const innerResponse = response[kState]\n\n    // 6.\n    if (innerResponse.status === 206) {\n      throw webidl.errors.exception({\n        header: 'Cache.put',\n        message: 'Got 206 status'\n      })\n    }\n\n    // 7.\n    if (innerResponse.headersList.contains('vary')) {\n      // 7.1.\n      const fieldValues = getFieldValues(innerResponse.headersList.get('vary'))\n\n      // 7.2.\n      for (const fieldValue of fieldValues) {\n        // 7.2.1\n        if (fieldValue === '*') {\n          throw webidl.errors.exception({\n            header: 'Cache.put',\n            message: 'Got * vary field value'\n          })\n        }\n      }\n    }\n\n    // 8.\n    if (innerResponse.body && (isDisturbed(innerResponse.body.stream) || innerResponse.body.stream.locked)) {\n      throw webidl.errors.exception({\n        header: 'Cache.put',\n        message: 'Response body is locked or disturbed'\n      })\n    }\n\n    // 9.\n    const clonedResponse = cloneResponse(innerResponse)\n\n    // 10.\n    const bodyReadPromise = createDeferredPromise()\n\n    // 11.\n    if (innerResponse.body != null) {\n      // 11.1\n      const stream = innerResponse.body.stream\n\n      // 11.2\n      const reader = stream.getReader()\n\n      // 11.3\n      readAllBytes(reader).then(bodyReadPromise.resolve, bodyReadPromise.reject)\n    } else {\n      bodyReadPromise.resolve(undefined)\n    }\n\n    // 12.\n    /** @type {CacheBatchOperation[]} */\n    const operations = []\n\n    // 13.\n    /** @type {CacheBatchOperation} */\n    const operation = {\n      type: 'put', // 14.\n      request: innerRequest, // 15.\n      response: clonedResponse // 16.\n    }\n\n    // 17.\n    operations.push(operation)\n\n    // 19.\n    const bytes = await bodyReadPromise.promise\n\n    if (clonedResponse.body != null) {\n      clonedResponse.body.source = bytes\n    }\n\n    // 19.1\n    const cacheJobPromise = createDeferredPromise()\n\n    // 19.2.1\n    let errorData = null\n\n    // 19.2.2\n    try {\n      this.#batchCacheOperations(operations)\n    } catch (e) {\n      errorData = e\n    }\n\n    // 19.2.3\n    queueMicrotask(() => {\n      // 19.2.3.1\n      if (errorData === null) {\n        cacheJobPromise.resolve()\n      } else { // 19.2.3.2\n        cacheJobPromise.reject(errorData)\n      }\n    })\n\n    return cacheJobPromise.promise\n  }\n\n  async delete (request, options = {}) {\n    webidl.brandCheck(this, Cache)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Cache.delete' })\n\n    request = webidl.converters.RequestInfo(request)\n    options = webidl.converters.CacheQueryOptions(options)\n\n    /**\n     * @type {Request}\n     */\n    let r = null\n\n    if (request instanceof Request) {\n      r = request[kState]\n\n      if (r.method !== 'GET' && !options.ignoreMethod) {\n        return false\n      }\n    } else {\n      assert(typeof request === 'string')\n\n      r = new Request(request)[kState]\n    }\n\n    /** @type {CacheBatchOperation[]} */\n    const operations = []\n\n    /** @type {CacheBatchOperation} */\n    const operation = {\n      type: 'delete',\n      request: r,\n      options\n    }\n\n    operations.push(operation)\n\n    const cacheJobPromise = createDeferredPromise()\n\n    let errorData = null\n    let requestResponses\n\n    try {\n      requestResponses = this.#batchCacheOperations(operations)\n    } catch (e) {\n      errorData = e\n    }\n\n    queueMicrotask(() => {\n      if (errorData === null) {\n        cacheJobPromise.resolve(!!requestResponses?.length)\n      } else {\n        cacheJobPromise.reject(errorData)\n      }\n    })\n\n    return cacheJobPromise.promise\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#dom-cache-keys\n   * @param {any} request\n   * @param {import('../../types/cache').CacheQueryOptions} options\n   * @returns {readonly Request[]}\n   */\n  async keys (request = undefined, options = {}) {\n    webidl.brandCheck(this, Cache)\n\n    if (request !== undefined) request = webidl.converters.RequestInfo(request)\n    options = webidl.converters.CacheQueryOptions(options)\n\n    // 1.\n    let r = null\n\n    // 2.\n    if (request !== undefined) {\n      // 2.1\n      if (request instanceof Request) {\n        // 2.1.1\n        r = request[kState]\n\n        // 2.1.2\n        if (r.method !== 'GET' && !options.ignoreMethod) {\n          return []\n        }\n      } else if (typeof request === 'string') { // 2.2\n        r = new Request(request)[kState]\n      }\n    }\n\n    // 4.\n    const promise = createDeferredPromise()\n\n    // 5.\n    // 5.1\n    const requests = []\n\n    // 5.2\n    if (request === undefined) {\n      // 5.2.1\n      for (const requestResponse of this.#relevantRequestResponseList) {\n        // 5.2.1.1\n        requests.push(requestResponse[0])\n      }\n    } else { // 5.3\n      // 5.3.1\n      const requestResponses = this.#queryCache(r, options)\n\n      // 5.3.2\n      for (const requestResponse of requestResponses) {\n        // 5.3.2.1\n        requests.push(requestResponse[0])\n      }\n    }\n\n    // 5.4\n    queueMicrotask(() => {\n      // 5.4.1\n      const requestList = []\n\n      // 5.4.2\n      for (const request of requests) {\n        const requestObject = new Request('https://a')\n        requestObject[kState] = request\n        requestObject[kHeaders][kHeadersList] = request.headersList\n        requestObject[kHeaders][kGuard] = 'immutable'\n        requestObject[kRealm] = request.client\n\n        // 5.4.2.1\n        requestList.push(requestObject)\n      }\n\n      // 5.4.3\n      promise.resolve(Object.freeze(requestList))\n    })\n\n    return promise.promise\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#batch-cache-operations-algorithm\n   * @param {CacheBatchOperation[]} operations\n   * @returns {requestResponseList}\n   */\n  #batchCacheOperations (operations) {\n    // 1.\n    const cache = this.#relevantRequestResponseList\n\n    // 2.\n    const backupCache = [...cache]\n\n    // 3.\n    const addedItems = []\n\n    // 4.1\n    const resultList = []\n\n    try {\n      // 4.2\n      for (const operation of operations) {\n        // 4.2.1\n        if (operation.type !== 'delete' && operation.type !== 'put') {\n          throw webidl.errors.exception({\n            header: 'Cache.#batchCacheOperations',\n            message: 'operation type does not match \"delete\" or \"put\"'\n          })\n        }\n\n        // 4.2.2\n        if (operation.type === 'delete' && operation.response != null) {\n          throw webidl.errors.exception({\n            header: 'Cache.#batchCacheOperations',\n            message: 'delete operation should not have an associated response'\n          })\n        }\n\n        // 4.2.3\n        if (this.#queryCache(operation.request, operation.options, addedItems).length) {\n          throw new DOMException('???', 'InvalidStateError')\n        }\n\n        // 4.2.4\n        let requestResponses\n\n        // 4.2.5\n        if (operation.type === 'delete') {\n          // 4.2.5.1\n          requestResponses = this.#queryCache(operation.request, operation.options)\n\n          // TODO: the spec is wrong, this is needed to pass WPTs\n          if (requestResponses.length === 0) {\n            return []\n          }\n\n          // 4.2.5.2\n          for (const requestResponse of requestResponses) {\n            const idx = cache.indexOf(requestResponse)\n            assert(idx !== -1)\n\n            // 4.2.5.2.1\n            cache.splice(idx, 1)\n          }\n        } else if (operation.type === 'put') { // 4.2.6\n          // 4.2.6.1\n          if (operation.response == null) {\n            throw webidl.errors.exception({\n              header: 'Cache.#batchCacheOperations',\n              message: 'put operation should have an associated response'\n            })\n          }\n\n          // 4.2.6.2\n          const r = operation.request\n\n          // 4.2.6.3\n          if (!urlIsHttpHttpsScheme(r.url)) {\n            throw webidl.errors.exception({\n              header: 'Cache.#batchCacheOperations',\n              message: 'expected http or https scheme'\n            })\n          }\n\n          // 4.2.6.4\n          if (r.method !== 'GET') {\n            throw webidl.errors.exception({\n              header: 'Cache.#batchCacheOperations',\n              message: 'not get method'\n            })\n          }\n\n          // 4.2.6.5\n          if (operation.options != null) {\n            throw webidl.errors.exception({\n              header: 'Cache.#batchCacheOperations',\n              message: 'options must not be defined'\n            })\n          }\n\n          // 4.2.6.6\n          requestResponses = this.#queryCache(operation.request)\n\n          // 4.2.6.7\n          for (const requestResponse of requestResponses) {\n            const idx = cache.indexOf(requestResponse)\n            assert(idx !== -1)\n\n            // 4.2.6.7.1\n            cache.splice(idx, 1)\n          }\n\n          // 4.2.6.8\n          cache.push([operation.request, operation.response])\n\n          // 4.2.6.10\n          addedItems.push([operation.request, operation.response])\n        }\n\n        // 4.2.7\n        resultList.push([operation.request, operation.response])\n      }\n\n      // 4.3\n      return resultList\n    } catch (e) { // 5.\n      // 5.1\n      this.#relevantRequestResponseList.length = 0\n\n      // 5.2\n      this.#relevantRequestResponseList = backupCache\n\n      // 5.3\n      throw e\n    }\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#query-cache\n   * @param {any} requestQuery\n   * @param {import('../../types/cache').CacheQueryOptions} options\n   * @param {requestResponseList} targetStorage\n   * @returns {requestResponseList}\n   */\n  #queryCache (requestQuery, options, targetStorage) {\n    /** @type {requestResponseList} */\n    const resultList = []\n\n    const storage = targetStorage ?? this.#relevantRequestResponseList\n\n    for (const requestResponse of storage) {\n      const [cachedRequest, cachedResponse] = requestResponse\n      if (this.#requestMatchesCachedItem(requestQuery, cachedRequest, cachedResponse, options)) {\n        resultList.push(requestResponse)\n      }\n    }\n\n    return resultList\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#request-matches-cached-item-algorithm\n   * @param {any} requestQuery\n   * @param {any} request\n   * @param {any | null} response\n   * @param {import('../../types/cache').CacheQueryOptions | undefined} options\n   * @returns {boolean}\n   */\n  #requestMatchesCachedItem (requestQuery, request, response = null, options) {\n    // if (options?.ignoreMethod === false && request.method === 'GET') {\n    //   return false\n    // }\n\n    const queryURL = new URL(requestQuery.url)\n\n    const cachedURL = new URL(request.url)\n\n    if (options?.ignoreSearch) {\n      cachedURL.search = ''\n\n      queryURL.search = ''\n    }\n\n    if (!urlEquals(queryURL, cachedURL, true)) {\n      return false\n    }\n\n    if (\n      response == null ||\n      options?.ignoreVary ||\n      !response.headersList.contains('vary')\n    ) {\n      return true\n    }\n\n    const fieldValues = getFieldValues(response.headersList.get('vary'))\n\n    for (const fieldValue of fieldValues) {\n      if (fieldValue === '*') {\n        return false\n      }\n\n      const requestValue = request.headersList.get(fieldValue)\n      const queryValue = requestQuery.headersList.get(fieldValue)\n\n      // If one has the header and the other doesn't, or one has\n      // a different value than the other, return false\n      if (requestValue !== queryValue) {\n        return false\n      }\n    }\n\n    return true\n  }\n}\n\nObject.defineProperties(Cache.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'Cache',\n    configurable: true\n  },\n  match: kEnumerableProperty,\n  matchAll: kEnumerableProperty,\n  add: kEnumerableProperty,\n  addAll: kEnumerableProperty,\n  put: kEnumerableProperty,\n  delete: kEnumerableProperty,\n  keys: kEnumerableProperty\n})\n\nconst cacheQueryOptionConverters = [\n  {\n    key: 'ignoreSearch',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'ignoreMethod',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'ignoreVary',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  }\n]\n\nwebidl.converters.CacheQueryOptions = webidl.dictionaryConverter(cacheQueryOptionConverters)\n\nwebidl.converters.MultiCacheQueryOptions = webidl.dictionaryConverter([\n  ...cacheQueryOptionConverters,\n  {\n    key: 'cacheName',\n    converter: webidl.converters.DOMString\n  }\n])\n\nwebidl.converters.Response = webidl.interfaceConverter(Response)\n\nwebidl.converters['sequence<RequestInfo>'] = webidl.sequenceConverter(\n  webidl.converters.RequestInfo\n)\n\nmodule.exports = {\n  Cache\n}\n","'use strict'\n\nconst { kConstruct } = require('./symbols')\nconst { Cache } = require('./cache')\nconst { webidl } = require('../fetch/webidl')\nconst { kEnumerableProperty } = require('../core/util')\n\nclass CacheStorage {\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#dfn-relevant-name-to-cache-map\n   * @type {Map<string, import('./cache').requestResponseList}\n   */\n  #caches = new Map()\n\n  constructor () {\n    if (arguments[0] !== kConstruct) {\n      webidl.illegalConstructor()\n    }\n  }\n\n  async match (request, options = {}) {\n    webidl.brandCheck(this, CacheStorage)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'CacheStorage.match' })\n\n    request = webidl.converters.RequestInfo(request)\n    options = webidl.converters.MultiCacheQueryOptions(options)\n\n    // 1.\n    if (options.cacheName != null) {\n      // 1.1.1.1\n      if (this.#caches.has(options.cacheName)) {\n        // 1.1.1.1.1\n        const cacheList = this.#caches.get(options.cacheName)\n        const cache = new Cache(kConstruct, cacheList)\n\n        return await cache.match(request, options)\n      }\n    } else { // 2.\n      // 2.2\n      for (const cacheList of this.#caches.values()) {\n        const cache = new Cache(kConstruct, cacheList)\n\n        // 2.2.1.2\n        const response = await cache.match(request, options)\n\n        if (response !== undefined) {\n          return response\n        }\n      }\n    }\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#cache-storage-has\n   * @param {string} cacheName\n   * @returns {Promise<boolean>}\n   */\n  async has (cacheName) {\n    webidl.brandCheck(this, CacheStorage)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'CacheStorage.has' })\n\n    cacheName = webidl.converters.DOMString(cacheName)\n\n    // 2.1.1\n    // 2.2\n    return this.#caches.has(cacheName)\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#dom-cachestorage-open\n   * @param {string} cacheName\n   * @returns {Promise<Cache>}\n   */\n  async open (cacheName) {\n    webidl.brandCheck(this, CacheStorage)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'CacheStorage.open' })\n\n    cacheName = webidl.converters.DOMString(cacheName)\n\n    // 2.1\n    if (this.#caches.has(cacheName)) {\n      // await caches.open('v1') !== await caches.open('v1')\n\n      // 2.1.1\n      const cache = this.#caches.get(cacheName)\n\n      // 2.1.1.1\n      return new Cache(kConstruct, cache)\n    }\n\n    // 2.2\n    const cache = []\n\n    // 2.3\n    this.#caches.set(cacheName, cache)\n\n    // 2.4\n    return new Cache(kConstruct, cache)\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#cache-storage-delete\n   * @param {string} cacheName\n   * @returns {Promise<boolean>}\n   */\n  async delete (cacheName) {\n    webidl.brandCheck(this, CacheStorage)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'CacheStorage.delete' })\n\n    cacheName = webidl.converters.DOMString(cacheName)\n\n    return this.#caches.delete(cacheName)\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#cache-storage-keys\n   * @returns {string[]}\n   */\n  async keys () {\n    webidl.brandCheck(this, CacheStorage)\n\n    // 2.1\n    const keys = this.#caches.keys()\n\n    // 2.2\n    return [...keys]\n  }\n}\n\nObject.defineProperties(CacheStorage.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'CacheStorage',\n    configurable: true\n  },\n  match: kEnumerableProperty,\n  has: kEnumerableProperty,\n  open: kEnumerableProperty,\n  delete: kEnumerableProperty,\n  keys: kEnumerableProperty\n})\n\nmodule.exports = {\n  CacheStorage\n}\n","'use strict'\n\nmodule.exports = {\n  kConstruct: require('../core/symbols').kConstruct\n}\n","'use strict'\n\nconst assert = require('assert')\nconst { URLSerializer } = require('../fetch/dataURL')\nconst { isValidHeaderName } = require('../fetch/util')\n\n/**\n * @see https://url.spec.whatwg.org/#concept-url-equals\n * @param {URL} A\n * @param {URL} B\n * @param {boolean | undefined} excludeFragment\n * @returns {boolean}\n */\nfunction urlEquals (A, B, excludeFragment = false) {\n  const serializedA = URLSerializer(A, excludeFragment)\n\n  const serializedB = URLSerializer(B, excludeFragment)\n\n  return serializedA === serializedB\n}\n\n/**\n * @see https://github.com/chromium/chromium/blob/694d20d134cb553d8d89e5500b9148012b1ba299/content/browser/cache_storage/cache_storage_cache.cc#L260-L262\n * @param {string} header\n */\nfunction fieldValues (header) {\n  assert(header !== null)\n\n  const values = []\n\n  for (let value of header.split(',')) {\n    value = value.trim()\n\n    if (!value.length) {\n      continue\n    } else if (!isValidHeaderName(value)) {\n      continue\n    }\n\n    values.push(value)\n  }\n\n  return values\n}\n\nmodule.exports = {\n  urlEquals,\n  fieldValues\n}\n","// @ts-check\n\n'use strict'\n\n/* global WebAssembly */\n\nconst assert = require('assert')\nconst net = require('net')\nconst http = require('http')\nconst { pipeline } = require('stream')\nconst util = require('./core/util')\nconst timers = require('./timers')\nconst Request = require('./core/request')\nconst DispatcherBase = require('./dispatcher-base')\nconst {\n  RequestContentLengthMismatchError,\n  ResponseContentLengthMismatchError,\n  InvalidArgumentError,\n  RequestAbortedError,\n  HeadersTimeoutError,\n  HeadersOverflowError,\n  SocketError,\n  InformationalError,\n  BodyTimeoutError,\n  HTTPParserError,\n  ResponseExceededMaxSizeError,\n  ClientDestroyedError\n} = require('./core/errors')\nconst buildConnector = require('./core/connect')\nconst {\n  kUrl,\n  kReset,\n  kServerName,\n  kClient,\n  kBusy,\n  kParser,\n  kConnect,\n  kBlocking,\n  kResuming,\n  kRunning,\n  kPending,\n  kSize,\n  kWriting,\n  kQueue,\n  kConnected,\n  kConnecting,\n  kNeedDrain,\n  kNoRef,\n  kKeepAliveDefaultTimeout,\n  kHostHeader,\n  kPendingIdx,\n  kRunningIdx,\n  kError,\n  kPipelining,\n  kSocket,\n  kKeepAliveTimeoutValue,\n  kMaxHeadersSize,\n  kKeepAliveMaxTimeout,\n  kKeepAliveTimeoutThreshold,\n  kHeadersTimeout,\n  kBodyTimeout,\n  kStrictContentLength,\n  kConnector,\n  kMaxRedirections,\n  kMaxRequests,\n  kCounter,\n  kClose,\n  kDestroy,\n  kDispatch,\n  kInterceptors,\n  kLocalAddress,\n  kMaxResponseSize,\n  kHTTPConnVersion,\n  // HTTP2\n  kHost,\n  kHTTP2Session,\n  kHTTP2SessionState,\n  kHTTP2BuildRequest,\n  kHTTP2CopyHeaders,\n  kHTTP1BuildRequest\n} = require('./core/symbols')\n\n/** @type {import('http2')} */\nlet http2\ntry {\n  http2 = require('http2')\n} catch {\n  // @ts-ignore\n  http2 = { constants: {} }\n}\n\nconst {\n  constants: {\n    HTTP2_HEADER_AUTHORITY,\n    HTTP2_HEADER_METHOD,\n    HTTP2_HEADER_PATH,\n    HTTP2_HEADER_SCHEME,\n    HTTP2_HEADER_CONTENT_LENGTH,\n    HTTP2_HEADER_EXPECT,\n    HTTP2_HEADER_STATUS\n  }\n} = http2\n\n// Experimental\nlet h2ExperimentalWarned = false\n\nconst FastBuffer = Buffer[Symbol.species]\n\nconst kClosedResolve = Symbol('kClosedResolve')\n\nconst channels = {}\n\ntry {\n  const diagnosticsChannel = require('diagnostics_channel')\n  channels.sendHeaders = diagnosticsChannel.channel('undici:client:sendHeaders')\n  channels.beforeConnect = diagnosticsChannel.channel('undici:client:beforeConnect')\n  channels.connectError = diagnosticsChannel.channel('undici:client:connectError')\n  channels.connected = diagnosticsChannel.channel('undici:client:connected')\n} catch {\n  channels.sendHeaders = { hasSubscribers: false }\n  channels.beforeConnect = { hasSubscribers: false }\n  channels.connectError = { hasSubscribers: false }\n  channels.connected = { hasSubscribers: false }\n}\n\n/**\n * @type {import('../types/client').default}\n */\nclass Client extends DispatcherBase {\n  /**\n   *\n   * @param {string|URL} url\n   * @param {import('../types/client').Client.Options} options\n   */\n  constructor (url, {\n    interceptors,\n    maxHeaderSize,\n    headersTimeout,\n    socketTimeout,\n    requestTimeout,\n    connectTimeout,\n    bodyTimeout,\n    idleTimeout,\n    keepAlive,\n    keepAliveTimeout,\n    maxKeepAliveTimeout,\n    keepAliveMaxTimeout,\n    keepAliveTimeoutThreshold,\n    socketPath,\n    pipelining,\n    tls,\n    strictContentLength,\n    maxCachedSessions,\n    maxRedirections,\n    connect,\n    maxRequestsPerClient,\n    localAddress,\n    maxResponseSize,\n    autoSelectFamily,\n    autoSelectFamilyAttemptTimeout,\n    // h2\n    allowH2,\n    maxConcurrentStreams\n  } = {}) {\n    super()\n\n    if (keepAlive !== undefined) {\n      throw new InvalidArgumentError('unsupported keepAlive, use pipelining=0 instead')\n    }\n\n    if (socketTimeout !== undefined) {\n      throw new InvalidArgumentError('unsupported socketTimeout, use headersTimeout & bodyTimeout instead')\n    }\n\n    if (requestTimeout !== undefined) {\n      throw new InvalidArgumentError('unsupported requestTimeout, use headersTimeout & bodyTimeout instead')\n    }\n\n    if (idleTimeout !== undefined) {\n      throw new InvalidArgumentError('unsupported idleTimeout, use keepAliveTimeout instead')\n    }\n\n    if (maxKeepAliveTimeout !== undefined) {\n      throw new InvalidArgumentError('unsupported maxKeepAliveTimeout, use keepAliveMaxTimeout instead')\n    }\n\n    if (maxHeaderSize != null && !Number.isFinite(maxHeaderSize)) {\n      throw new InvalidArgumentError('invalid maxHeaderSize')\n    }\n\n    if (socketPath != null && typeof socketPath !== 'string') {\n      throw new InvalidArgumentError('invalid socketPath')\n    }\n\n    if (connectTimeout != null && (!Number.isFinite(connectTimeout) || connectTimeout < 0)) {\n      throw new InvalidArgumentError('invalid connectTimeout')\n    }\n\n    if (keepAliveTimeout != null && (!Number.isFinite(keepAliveTimeout) || keepAliveTimeout <= 0)) {\n      throw new InvalidArgumentError('invalid keepAliveTimeout')\n    }\n\n    if (keepAliveMaxTimeout != null && (!Number.isFinite(keepAliveMaxTimeout) || keepAliveMaxTimeout <= 0)) {\n      throw new InvalidArgumentError('invalid keepAliveMaxTimeout')\n    }\n\n    if (keepAliveTimeoutThreshold != null && !Number.isFinite(keepAliveTimeoutThreshold)) {\n      throw new InvalidArgumentError('invalid keepAliveTimeoutThreshold')\n    }\n\n    if (headersTimeout != null && (!Number.isInteger(headersTimeout) || headersTimeout < 0)) {\n      throw new InvalidArgumentError('headersTimeout must be a positive integer or zero')\n    }\n\n    if (bodyTimeout != null && (!Number.isInteger(bodyTimeout) || bodyTimeout < 0)) {\n      throw new InvalidArgumentError('bodyTimeout must be a positive integer or zero')\n    }\n\n    if (connect != null && typeof connect !== 'function' && typeof connect !== 'object') {\n      throw new InvalidArgumentError('connect must be a function or an object')\n    }\n\n    if (maxRedirections != null && (!Number.isInteger(maxRedirections) || maxRedirections < 0)) {\n      throw new InvalidArgumentError('maxRedirections must be a positive number')\n    }\n\n    if (maxRequestsPerClient != null && (!Number.isInteger(maxRequestsPerClient) || maxRequestsPerClient < 0)) {\n      throw new InvalidArgumentError('maxRequestsPerClient must be a positive number')\n    }\n\n    if (localAddress != null && (typeof localAddress !== 'string' || net.isIP(localAddress) === 0)) {\n      throw new InvalidArgumentError('localAddress must be valid string IP address')\n    }\n\n    if (maxResponseSize != null && (!Number.isInteger(maxResponseSize) || maxResponseSize < -1)) {\n      throw new InvalidArgumentError('maxResponseSize must be a positive number')\n    }\n\n    if (\n      autoSelectFamilyAttemptTimeout != null &&\n      (!Number.isInteger(autoSelectFamilyAttemptTimeout) || autoSelectFamilyAttemptTimeout < -1)\n    ) {\n      throw new InvalidArgumentError('autoSelectFamilyAttemptTimeout must be a positive number')\n    }\n\n    // h2\n    if (allowH2 != null && typeof allowH2 !== 'boolean') {\n      throw new InvalidArgumentError('allowH2 must be a valid boolean value')\n    }\n\n    if (maxConcurrentStreams != null && (typeof maxConcurrentStreams !== 'number' || maxConcurrentStreams < 1)) {\n      throw new InvalidArgumentError('maxConcurrentStreams must be a possitive integer, greater than 0')\n    }\n\n    if (typeof connect !== 'function') {\n      connect = buildConnector({\n        ...tls,\n        maxCachedSessions,\n        allowH2,\n        socketPath,\n        timeout: connectTimeout,\n        ...(util.nodeHasAutoSelectFamily && autoSelectFamily ? { autoSelectFamily, autoSelectFamilyAttemptTimeout } : undefined),\n        ...connect\n      })\n    }\n\n    this[kInterceptors] = interceptors && interceptors.Client && Array.isArray(interceptors.Client)\n      ? interceptors.Client\n      : [createRedirectInterceptor({ maxRedirections })]\n    this[kUrl] = util.parseOrigin(url)\n    this[kConnector] = connect\n    this[kSocket] = null\n    this[kPipelining] = pipelining != null ? pipelining : 1\n    this[kMaxHeadersSize] = maxHeaderSize || http.maxHeaderSize\n    this[kKeepAliveDefaultTimeout] = keepAliveTimeout == null ? 4e3 : keepAliveTimeout\n    this[kKeepAliveMaxTimeout] = keepAliveMaxTimeout == null ? 600e3 : keepAliveMaxTimeout\n    this[kKeepAliveTimeoutThreshold] = keepAliveTimeoutThreshold == null ? 1e3 : keepAliveTimeoutThreshold\n    this[kKeepAliveTimeoutValue] = this[kKeepAliveDefaultTimeout]\n    this[kServerName] = null\n    this[kLocalAddress] = localAddress != null ? localAddress : null\n    this[kResuming] = 0 // 0, idle, 1, scheduled, 2 resuming\n    this[kNeedDrain] = 0 // 0, idle, 1, scheduled, 2 resuming\n    this[kHostHeader] = `host: ${this[kUrl].hostname}${this[kUrl].port ? `:${this[kUrl].port}` : ''}\\r\\n`\n    this[kBodyTimeout] = bodyTimeout != null ? bodyTimeout : 300e3\n    this[kHeadersTimeout] = headersTimeout != null ? headersTimeout : 300e3\n    this[kStrictContentLength] = strictContentLength == null ? true : strictContentLength\n    this[kMaxRedirections] = maxRedirections\n    this[kMaxRequests] = maxRequestsPerClient\n    this[kClosedResolve] = null\n    this[kMaxResponseSize] = maxResponseSize > -1 ? maxResponseSize : -1\n    this[kHTTPConnVersion] = 'h1'\n\n    // HTTP/2\n    this[kHTTP2Session] = null\n    this[kHTTP2SessionState] = !allowH2\n      ? null\n      : {\n        // streams: null, // Fixed queue of streams - For future support of `push`\n          openStreams: 0, // Keep track of them to decide wether or not unref the session\n          maxConcurrentStreams: maxConcurrentStreams != null ? maxConcurrentStreams : 100 // Max peerConcurrentStreams for a Node h2 server\n        }\n    this[kHost] = `${this[kUrl].hostname}${this[kUrl].port ? `:${this[kUrl].port}` : ''}`\n\n    // kQueue is built up of 3 sections separated by\n    // the kRunningIdx and kPendingIdx indices.\n    // |   complete   |   running   |   pending   |\n    //                ^ kRunningIdx ^ kPendingIdx ^ kQueue.length\n    // kRunningIdx points to the first running element.\n    // kPendingIdx points to the first pending element.\n    // This implements a fast queue with an amortized\n    // time of O(1).\n\n    this[kQueue] = []\n    this[kRunningIdx] = 0\n    this[kPendingIdx] = 0\n  }\n\n  get pipelining () {\n    return this[kPipelining]\n  }\n\n  set pipelining (value) {\n    this[kPipelining] = value\n    resume(this, true)\n  }\n\n  get [kPending] () {\n    return this[kQueue].length - this[kPendingIdx]\n  }\n\n  get [kRunning] () {\n    return this[kPendingIdx] - this[kRunningIdx]\n  }\n\n  get [kSize] () {\n    return this[kQueue].length - this[kRunningIdx]\n  }\n\n  get [kConnected] () {\n    return !!this[kSocket] && !this[kConnecting] && !this[kSocket].destroyed\n  }\n\n  get [kBusy] () {\n    const socket = this[kSocket]\n    return (\n      (socket && (socket[kReset] || socket[kWriting] || socket[kBlocking])) ||\n      (this[kSize] >= (this[kPipelining] || 1)) ||\n      this[kPending] > 0\n    )\n  }\n\n  /* istanbul ignore: only used for test */\n  [kConnect] (cb) {\n    connect(this)\n    this.once('connect', cb)\n  }\n\n  [kDispatch] (opts, handler) {\n    const origin = opts.origin || this[kUrl].origin\n\n    const request = this[kHTTPConnVersion] === 'h2'\n      ? Request[kHTTP2BuildRequest](origin, opts, handler)\n      : Request[kHTTP1BuildRequest](origin, opts, handler)\n\n    this[kQueue].push(request)\n    if (this[kResuming]) {\n      // Do nothing.\n    } else if (util.bodyLength(request.body) == null && util.isIterable(request.body)) {\n      // Wait a tick in case stream/iterator is ended in the same tick.\n      this[kResuming] = 1\n      process.nextTick(resume, this)\n    } else {\n      resume(this, true)\n    }\n\n    if (this[kResuming] && this[kNeedDrain] !== 2 && this[kBusy]) {\n      this[kNeedDrain] = 2\n    }\n\n    return this[kNeedDrain] < 2\n  }\n\n  async [kClose] () {\n    // TODO: for H2 we need to gracefully flush the remaining enqueued\n    // request and close each stream.\n    return new Promise((resolve) => {\n      if (!this[kSize]) {\n        resolve(null)\n      } else {\n        this[kClosedResolve] = resolve\n      }\n    })\n  }\n\n  async [kDestroy] (err) {\n    return new Promise((resolve) => {\n      const requests = this[kQueue].splice(this[kPendingIdx])\n      for (let i = 0; i < requests.length; i++) {\n        const request = requests[i]\n        errorRequest(this, request, err)\n      }\n\n      const callback = () => {\n        if (this[kClosedResolve]) {\n          // TODO (fix): Should we error here with ClientDestroyedError?\n          this[kClosedResolve]()\n          this[kClosedResolve] = null\n        }\n        resolve()\n      }\n\n      if (this[kHTTP2Session] != null) {\n        util.destroy(this[kHTTP2Session], err)\n        this[kHTTP2Session] = null\n        this[kHTTP2SessionState] = null\n      }\n\n      if (!this[kSocket]) {\n        queueMicrotask(callback)\n      } else {\n        util.destroy(this[kSocket].on('close', callback), err)\n      }\n\n      resume(this)\n    })\n  }\n}\n\nfunction onHttp2SessionError (err) {\n  assert(err.code !== 'ERR_TLS_CERT_ALTNAME_INVALID')\n\n  this[kSocket][kError] = err\n\n  onError(this[kClient], err)\n}\n\nfunction onHttp2FrameError (type, code, id) {\n  const err = new InformationalError(`HTTP/2: \"frameError\" received - type ${type}, code ${code}`)\n\n  if (id === 0) {\n    this[kSocket][kError] = err\n    onError(this[kClient], err)\n  }\n}\n\nfunction onHttp2SessionEnd () {\n  util.destroy(this, new SocketError('other side closed'))\n  util.destroy(this[kSocket], new SocketError('other side closed'))\n}\n\nfunction onHTTP2GoAway (code) {\n  const client = this[kClient]\n  const err = new InformationalError(`HTTP/2: \"GOAWAY\" frame received with code ${code}`)\n  client[kSocket] = null\n  client[kHTTP2Session] = null\n\n  if (client.destroyed) {\n    assert(this[kPending] === 0)\n\n    // Fail entire queue.\n    const requests = client[kQueue].splice(client[kRunningIdx])\n    for (let i = 0; i < requests.length; i++) {\n      const request = requests[i]\n      errorRequest(this, request, err)\n    }\n  } else if (client[kRunning] > 0) {\n    // Fail head of pipeline.\n    const request = client[kQueue][client[kRunningIdx]]\n    client[kQueue][client[kRunningIdx]++] = null\n\n    errorRequest(client, request, err)\n  }\n\n  client[kPendingIdx] = client[kRunningIdx]\n\n  assert(client[kRunning] === 0)\n\n  client.emit('disconnect',\n    client[kUrl],\n    [client],\n    err\n  )\n\n  resume(client)\n}\n\nconst constants = require('./llhttp/constants')\nconst createRedirectInterceptor = require('./interceptor/redirectInterceptor')\nconst EMPTY_BUF = Buffer.alloc(0)\n\nasync function lazyllhttp () {\n  const llhttpWasmData = process.env.JEST_WORKER_ID ? require('./llhttp/llhttp-wasm.js') : undefined\n\n  let mod\n  try {\n    mod = await WebAssembly.compile(Buffer.from(require('./llhttp/llhttp_simd-wasm.js'), 'base64'))\n  } catch (e) {\n    /* istanbul ignore next */\n\n    // We could check if the error was caused by the simd option not\n    // being enabled, but the occurring of this other error\n    // * https://github.com/emscripten-core/emscripten/issues/11495\n    // got me to remove that check to avoid breaking Node 12.\n    mod = await WebAssembly.compile(Buffer.from(llhttpWasmData || require('./llhttp/llhttp-wasm.js'), 'base64'))\n  }\n\n  return await WebAssembly.instantiate(mod, {\n    env: {\n      /* eslint-disable camelcase */\n\n      wasm_on_url: (p, at, len) => {\n        /* istanbul ignore next */\n        return 0\n      },\n      wasm_on_status: (p, at, len) => {\n        assert.strictEqual(currentParser.ptr, p)\n        const start = at - currentBufferPtr + currentBufferRef.byteOffset\n        return currentParser.onStatus(new FastBuffer(currentBufferRef.buffer, start, len)) || 0\n      },\n      wasm_on_message_begin: (p) => {\n        assert.strictEqual(currentParser.ptr, p)\n        return currentParser.onMessageBegin() || 0\n      },\n      wasm_on_header_field: (p, at, len) => {\n        assert.strictEqual(currentParser.ptr, p)\n        const start = at - currentBufferPtr + currentBufferRef.byteOffset\n        return currentParser.onHeaderField(new FastBuffer(currentBufferRef.buffer, start, len)) || 0\n      },\n      wasm_on_header_value: (p, at, len) => {\n        assert.strictEqual(currentParser.ptr, p)\n        const start = at - currentBufferPtr + currentBufferRef.byteOffset\n        return currentParser.onHeaderValue(new FastBuffer(currentBufferRef.buffer, start, len)) || 0\n      },\n      wasm_on_headers_complete: (p, statusCode, upgrade, shouldKeepAlive) => {\n        assert.strictEqual(currentParser.ptr, p)\n        return currentParser.onHeadersComplete(statusCode, Boolean(upgrade), Boolean(shouldKeepAlive)) || 0\n      },\n      wasm_on_body: (p, at, len) => {\n        assert.strictEqual(currentParser.ptr, p)\n        const start = at - currentBufferPtr + currentBufferRef.byteOffset\n        return currentParser.onBody(new FastBuffer(currentBufferRef.buffer, start, len)) || 0\n      },\n      wasm_on_message_complete: (p) => {\n        assert.strictEqual(currentParser.ptr, p)\n        return currentParser.onMessageComplete() || 0\n      }\n\n      /* eslint-enable camelcase */\n    }\n  })\n}\n\nlet llhttpInstance = null\nlet llhttpPromise = lazyllhttp()\nllhttpPromise.catch()\n\nlet currentParser = null\nlet currentBufferRef = null\nlet currentBufferSize = 0\nlet currentBufferPtr = null\n\nconst TIMEOUT_HEADERS = 1\nconst TIMEOUT_BODY = 2\nconst TIMEOUT_IDLE = 3\n\nclass Parser {\n  constructor (client, socket, { exports }) {\n    assert(Number.isFinite(client[kMaxHeadersSize]) && client[kMaxHeadersSize] > 0)\n\n    this.llhttp = exports\n    this.ptr = this.llhttp.llhttp_alloc(constants.TYPE.RESPONSE)\n    this.client = client\n    this.socket = socket\n    this.timeout = null\n    this.timeoutValue = null\n    this.timeoutType = null\n    this.statusCode = null\n    this.statusText = ''\n    this.upgrade = false\n    this.headers = []\n    this.headersSize = 0\n    this.headersMaxSize = client[kMaxHeadersSize]\n    this.shouldKeepAlive = false\n    this.paused = false\n    this.resume = this.resume.bind(this)\n\n    this.bytesRead = 0\n\n    this.keepAlive = ''\n    this.contentLength = ''\n    this.connection = ''\n    this.maxResponseSize = client[kMaxResponseSize]\n  }\n\n  setTimeout (value, type) {\n    this.timeoutType = type\n    if (value !== this.timeoutValue) {\n      timers.clearTimeout(this.timeout)\n      if (value) {\n        this.timeout = timers.setTimeout(onParserTimeout, value, this)\n        // istanbul ignore else: only for jest\n        if (this.timeout.unref) {\n          this.timeout.unref()\n        }\n      } else {\n        this.timeout = null\n      }\n      this.timeoutValue = value\n    } else if (this.timeout) {\n      // istanbul ignore else: only for jest\n      if (this.timeout.refresh) {\n        this.timeout.refresh()\n      }\n    }\n  }\n\n  resume () {\n    if (this.socket.destroyed || !this.paused) {\n      return\n    }\n\n    assert(this.ptr != null)\n    assert(currentParser == null)\n\n    this.llhttp.llhttp_resume(this.ptr)\n\n    assert(this.timeoutType === TIMEOUT_BODY)\n    if (this.timeout) {\n      // istanbul ignore else: only for jest\n      if (this.timeout.refresh) {\n        this.timeout.refresh()\n      }\n    }\n\n    this.paused = false\n    this.execute(this.socket.read() || EMPTY_BUF) // Flush parser.\n    this.readMore()\n  }\n\n  readMore () {\n    while (!this.paused && this.ptr) {\n      const chunk = this.socket.read()\n      if (chunk === null) {\n        break\n      }\n      this.execute(chunk)\n    }\n  }\n\n  execute (data) {\n    assert(this.ptr != null)\n    assert(currentParser == null)\n    assert(!this.paused)\n\n    const { socket, llhttp } = this\n\n    if (data.length > currentBufferSize) {\n      if (currentBufferPtr) {\n        llhttp.free(currentBufferPtr)\n      }\n      currentBufferSize = Math.ceil(data.length / 4096) * 4096\n      currentBufferPtr = llhttp.malloc(currentBufferSize)\n    }\n\n    new Uint8Array(llhttp.memory.buffer, currentBufferPtr, currentBufferSize).set(data)\n\n    // Call `execute` on the wasm parser.\n    // We pass the `llhttp_parser` pointer address, the pointer address of buffer view data,\n    // and finally the length of bytes to parse.\n    // The return value is an error code or `constants.ERROR.OK`.\n    try {\n      let ret\n\n      try {\n        currentBufferRef = data\n        currentParser = this\n        ret = llhttp.llhttp_execute(this.ptr, currentBufferPtr, data.length)\n        /* eslint-disable-next-line no-useless-catch */\n      } catch (err) {\n        /* istanbul ignore next: difficult to make a test case for */\n        throw err\n      } finally {\n        currentParser = null\n        currentBufferRef = null\n      }\n\n      const offset = llhttp.llhttp_get_error_pos(this.ptr) - currentBufferPtr\n\n      if (ret === constants.ERROR.PAUSED_UPGRADE) {\n        this.onUpgrade(data.slice(offset))\n      } else if (ret === constants.ERROR.PAUSED) {\n        this.paused = true\n        socket.unshift(data.slice(offset))\n      } else if (ret !== constants.ERROR.OK) {\n        const ptr = llhttp.llhttp_get_error_reason(this.ptr)\n        let message = ''\n        /* istanbul ignore else: difficult to make a test case for */\n        if (ptr) {\n          const len = new Uint8Array(llhttp.memory.buffer, ptr).indexOf(0)\n          message =\n            'Response does not match the HTTP/1.1 protocol (' +\n            Buffer.from(llhttp.memory.buffer, ptr, len).toString() +\n            ')'\n        }\n        throw new HTTPParserError(message, constants.ERROR[ret], data.slice(offset))\n      }\n    } catch (err) {\n      util.destroy(socket, err)\n    }\n  }\n\n  destroy () {\n    assert(this.ptr != null)\n    assert(currentParser == null)\n\n    this.llhttp.llhttp_free(this.ptr)\n    this.ptr = null\n\n    timers.clearTimeout(this.timeout)\n    this.timeout = null\n    this.timeoutValue = null\n    this.timeoutType = null\n\n    this.paused = false\n  }\n\n  onStatus (buf) {\n    this.statusText = buf.toString()\n  }\n\n  onMessageBegin () {\n    const { socket, client } = this\n\n    /* istanbul ignore next: difficult to make a test case for */\n    if (socket.destroyed) {\n      return -1\n    }\n\n    const request = client[kQueue][client[kRunningIdx]]\n    if (!request) {\n      return -1\n    }\n  }\n\n  onHeaderField (buf) {\n    const len = this.headers.length\n\n    if ((len & 1) === 0) {\n      this.headers.push(buf)\n    } else {\n      this.headers[len - 1] = Buffer.concat([this.headers[len - 1], buf])\n    }\n\n    this.trackHeader(buf.length)\n  }\n\n  onHeaderValue (buf) {\n    let len = this.headers.length\n\n    if ((len & 1) === 1) {\n      this.headers.push(buf)\n      len += 1\n    } else {\n      this.headers[len - 1] = Buffer.concat([this.headers[len - 1], buf])\n    }\n\n    const key = this.headers[len - 2]\n    if (key.length === 10 && key.toString().toLowerCase() === 'keep-alive') {\n      this.keepAlive += buf.toString()\n    } else if (key.length === 10 && key.toString().toLowerCase() === 'connection') {\n      this.connection += buf.toString()\n    } else if (key.length === 14 && key.toString().toLowerCase() === 'content-length') {\n      this.contentLength += buf.toString()\n    }\n\n    this.trackHeader(buf.length)\n  }\n\n  trackHeader (len) {\n    this.headersSize += len\n    if (this.headersSize >= this.headersMaxSize) {\n      util.destroy(this.socket, new HeadersOverflowError())\n    }\n  }\n\n  onUpgrade (head) {\n    const { upgrade, client, socket, headers, statusCode } = this\n\n    assert(upgrade)\n\n    const request = client[kQueue][client[kRunningIdx]]\n    assert(request)\n\n    assert(!socket.destroyed)\n    assert(socket === client[kSocket])\n    assert(!this.paused)\n    assert(request.upgrade || request.method === 'CONNECT')\n\n    this.statusCode = null\n    this.statusText = ''\n    this.shouldKeepAlive = null\n\n    assert(this.headers.length % 2 === 0)\n    this.headers = []\n    this.headersSize = 0\n\n    socket.unshift(head)\n\n    socket[kParser].destroy()\n    socket[kParser] = null\n\n    socket[kClient] = null\n    socket[kError] = null\n    socket\n      .removeListener('error', onSocketError)\n      .removeListener('readable', onSocketReadable)\n      .removeListener('end', onSocketEnd)\n      .removeListener('close', onSocketClose)\n\n    client[kSocket] = null\n    client[kQueue][client[kRunningIdx]++] = null\n    client.emit('disconnect', client[kUrl], [client], new InformationalError('upgrade'))\n\n    try {\n      request.onUpgrade(statusCode, headers, socket)\n    } catch (err) {\n      util.destroy(socket, err)\n    }\n\n    resume(client)\n  }\n\n  onHeadersComplete (statusCode, upgrade, shouldKeepAlive) {\n    const { client, socket, headers, statusText } = this\n\n    /* istanbul ignore next: difficult to make a test case for */\n    if (socket.destroyed) {\n      return -1\n    }\n\n    const request = client[kQueue][client[kRunningIdx]]\n\n    /* istanbul ignore next: difficult to make a test case for */\n    if (!request) {\n      return -1\n    }\n\n    assert(!this.upgrade)\n    assert(this.statusCode < 200)\n\n    if (statusCode === 100) {\n      util.destroy(socket, new SocketError('bad response', util.getSocketInfo(socket)))\n      return -1\n    }\n\n    /* this can only happen if server is misbehaving */\n    if (upgrade && !request.upgrade) {\n      util.destroy(socket, new SocketError('bad upgrade', util.getSocketInfo(socket)))\n      return -1\n    }\n\n    assert.strictEqual(this.timeoutType, TIMEOUT_HEADERS)\n\n    this.statusCode = statusCode\n    this.shouldKeepAlive = (\n      shouldKeepAlive ||\n      // Override llhttp value which does not allow keepAlive for HEAD.\n      (request.method === 'HEAD' && !socket[kReset] && this.connection.toLowerCase() === 'keep-alive')\n    )\n\n    if (this.statusCode >= 200) {\n      const bodyTimeout = request.bodyTimeout != null\n        ? request.bodyTimeout\n        : client[kBodyTimeout]\n      this.setTimeout(bodyTimeout, TIMEOUT_BODY)\n    } else if (this.timeout) {\n      // istanbul ignore else: only for jest\n      if (this.timeout.refresh) {\n        this.timeout.refresh()\n      }\n    }\n\n    if (request.method === 'CONNECT') {\n      assert(client[kRunning] === 1)\n      this.upgrade = true\n      return 2\n    }\n\n    if (upgrade) {\n      assert(client[kRunning] === 1)\n      this.upgrade = true\n      return 2\n    }\n\n    assert(this.headers.length % 2 === 0)\n    this.headers = []\n    this.headersSize = 0\n\n    if (this.shouldKeepAlive && client[kPipelining]) {\n      const keepAliveTimeout = this.keepAlive ? util.parseKeepAliveTimeout(this.keepAlive) : null\n\n      if (keepAliveTimeout != null) {\n        const timeout = Math.min(\n          keepAliveTimeout - client[kKeepAliveTimeoutThreshold],\n          client[kKeepAliveMaxTimeout]\n        )\n        if (timeout <= 0) {\n          socket[kReset] = true\n        } else {\n          client[kKeepAliveTimeoutValue] = timeout\n        }\n      } else {\n        client[kKeepAliveTimeoutValue] = client[kKeepAliveDefaultTimeout]\n      }\n    } else {\n      // Stop more requests from being dispatched.\n      socket[kReset] = true\n    }\n\n    const pause = request.onHeaders(statusCode, headers, this.resume, statusText) === false\n\n    if (request.aborted) {\n      return -1\n    }\n\n    if (request.method === 'HEAD') {\n      return 1\n    }\n\n    if (statusCode < 200) {\n      return 1\n    }\n\n    if (socket[kBlocking]) {\n      socket[kBlocking] = false\n      resume(client)\n    }\n\n    return pause ? constants.ERROR.PAUSED : 0\n  }\n\n  onBody (buf) {\n    const { client, socket, statusCode, maxResponseSize } = this\n\n    if (socket.destroyed) {\n      return -1\n    }\n\n    const request = client[kQueue][client[kRunningIdx]]\n    assert(request)\n\n    assert.strictEqual(this.timeoutType, TIMEOUT_BODY)\n    if (this.timeout) {\n      // istanbul ignore else: only for jest\n      if (this.timeout.refresh) {\n        this.timeout.refresh()\n      }\n    }\n\n    assert(statusCode >= 200)\n\n    if (maxResponseSize > -1 && this.bytesRead + buf.length > maxResponseSize) {\n      util.destroy(socket, new ResponseExceededMaxSizeError())\n      return -1\n    }\n\n    this.bytesRead += buf.length\n\n    if (request.onData(buf) === false) {\n      return constants.ERROR.PAUSED\n    }\n  }\n\n  onMessageComplete () {\n    const { client, socket, statusCode, upgrade, headers, contentLength, bytesRead, shouldKeepAlive } = this\n\n    if (socket.destroyed && (!statusCode || shouldKeepAlive)) {\n      return -1\n    }\n\n    if (upgrade) {\n      return\n    }\n\n    const request = client[kQueue][client[kRunningIdx]]\n    assert(request)\n\n    assert(statusCode >= 100)\n\n    this.statusCode = null\n    this.statusText = ''\n    this.bytesRead = 0\n    this.contentLength = ''\n    this.keepAlive = ''\n    this.connection = ''\n\n    assert(this.headers.length % 2 === 0)\n    this.headers = []\n    this.headersSize = 0\n\n    if (statusCode < 200) {\n      return\n    }\n\n    /* istanbul ignore next: should be handled by llhttp? */\n    if (request.method !== 'HEAD' && contentLength && bytesRead !== parseInt(contentLength, 10)) {\n      util.destroy(socket, new ResponseContentLengthMismatchError())\n      return -1\n    }\n\n    request.onComplete(headers)\n\n    client[kQueue][client[kRunningIdx]++] = null\n\n    if (socket[kWriting]) {\n      assert.strictEqual(client[kRunning], 0)\n      // Response completed before request.\n      util.destroy(socket, new InformationalError('reset'))\n      return constants.ERROR.PAUSED\n    } else if (!shouldKeepAlive) {\n      util.destroy(socket, new InformationalError('reset'))\n      return constants.ERROR.PAUSED\n    } else if (socket[kReset] && client[kRunning] === 0) {\n      // Destroy socket once all requests have completed.\n      // The request at the tail of the pipeline is the one\n      // that requested reset and no further requests should\n      // have been queued since then.\n      util.destroy(socket, new InformationalError('reset'))\n      return constants.ERROR.PAUSED\n    } else if (client[kPipelining] === 1) {\n      // We must wait a full event loop cycle to reuse this socket to make sure\n      // that non-spec compliant servers are not closing the connection even if they\n      // said they won't.\n      setImmediate(resume, client)\n    } else {\n      resume(client)\n    }\n  }\n}\n\nfunction onParserTimeout (parser) {\n  const { socket, timeoutType, client } = parser\n\n  /* istanbul ignore else */\n  if (timeoutType === TIMEOUT_HEADERS) {\n    if (!socket[kWriting] || socket.writableNeedDrain || client[kRunning] > 1) {\n      assert(!parser.paused, 'cannot be paused while waiting for headers')\n      util.destroy(socket, new HeadersTimeoutError())\n    }\n  } else if (timeoutType === TIMEOUT_BODY) {\n    if (!parser.paused) {\n      util.destroy(socket, new BodyTimeoutError())\n    }\n  } else if (timeoutType === TIMEOUT_IDLE) {\n    assert(client[kRunning] === 0 && client[kKeepAliveTimeoutValue])\n    util.destroy(socket, new InformationalError('socket idle timeout'))\n  }\n}\n\nfunction onSocketReadable () {\n  const { [kParser]: parser } = this\n  if (parser) {\n    parser.readMore()\n  }\n}\n\nfunction onSocketError (err) {\n  const { [kClient]: client, [kParser]: parser } = this\n\n  assert(err.code !== 'ERR_TLS_CERT_ALTNAME_INVALID')\n\n  if (client[kHTTPConnVersion] !== 'h2') {\n    // On Mac OS, we get an ECONNRESET even if there is a full body to be forwarded\n    // to the user.\n    if (err.code === 'ECONNRESET' && parser.statusCode && !parser.shouldKeepAlive) {\n      // We treat all incoming data so for as a valid response.\n      parser.onMessageComplete()\n      return\n    }\n  }\n\n  this[kError] = err\n\n  onError(this[kClient], err)\n}\n\nfunction onError (client, err) {\n  if (\n    client[kRunning] === 0 &&\n    err.code !== 'UND_ERR_INFO' &&\n    err.code !== 'UND_ERR_SOCKET'\n  ) {\n    // Error is not caused by running request and not a recoverable\n    // socket error.\n\n    assert(client[kPendingIdx] === client[kRunningIdx])\n\n    const requests = client[kQueue].splice(client[kRunningIdx])\n    for (let i = 0; i < requests.length; i++) {\n      const request = requests[i]\n      errorRequest(client, request, err)\n    }\n    assert(client[kSize] === 0)\n  }\n}\n\nfunction onSocketEnd () {\n  const { [kParser]: parser, [kClient]: client } = this\n\n  if (client[kHTTPConnVersion] !== 'h2') {\n    if (parser.statusCode && !parser.shouldKeepAlive) {\n      // We treat all incoming data so far as a valid response.\n      parser.onMessageComplete()\n      return\n    }\n  }\n\n  util.destroy(this, new SocketError('other side closed', util.getSocketInfo(this)))\n}\n\nfunction onSocketClose () {\n  const { [kClient]: client, [kParser]: parser } = this\n\n  if (client[kHTTPConnVersion] === 'h1' && parser) {\n    if (!this[kError] && parser.statusCode && !parser.shouldKeepAlive) {\n      // We treat all incoming data so far as a valid response.\n      parser.onMessageComplete()\n    }\n\n    this[kParser].destroy()\n    this[kParser] = null\n  }\n\n  const err = this[kError] || new SocketError('closed', util.getSocketInfo(this))\n\n  client[kSocket] = null\n\n  if (client.destroyed) {\n    assert(client[kPending] === 0)\n\n    // Fail entire queue.\n    const requests = client[kQueue].splice(client[kRunningIdx])\n    for (let i = 0; i < requests.length; i++) {\n      const request = requests[i]\n      errorRequest(client, request, err)\n    }\n  } else if (client[kRunning] > 0 && err.code !== 'UND_ERR_INFO') {\n    // Fail head of pipeline.\n    const request = client[kQueue][client[kRunningIdx]]\n    client[kQueue][client[kRunningIdx]++] = null\n\n    errorRequest(client, request, err)\n  }\n\n  client[kPendingIdx] = client[kRunningIdx]\n\n  assert(client[kRunning] === 0)\n\n  client.emit('disconnect', client[kUrl], [client], err)\n\n  resume(client)\n}\n\nasync function connect (client) {\n  assert(!client[kConnecting])\n  assert(!client[kSocket])\n\n  let { host, hostname, protocol, port } = client[kUrl]\n\n  // Resolve ipv6\n  if (hostname[0] === '[') {\n    const idx = hostname.indexOf(']')\n\n    assert(idx !== -1)\n    const ip = hostname.substring(1, idx)\n\n    assert(net.isIP(ip))\n    hostname = ip\n  }\n\n  client[kConnecting] = true\n\n  if (channels.beforeConnect.hasSubscribers) {\n    channels.beforeConnect.publish({\n      connectParams: {\n        host,\n        hostname,\n        protocol,\n        port,\n        servername: client[kServerName],\n        localAddress: client[kLocalAddress]\n      },\n      connector: client[kConnector]\n    })\n  }\n\n  try {\n    const socket = await new Promise((resolve, reject) => {\n      client[kConnector]({\n        host,\n        hostname,\n        protocol,\n        port,\n        servername: client[kServerName],\n        localAddress: client[kLocalAddress]\n      }, (err, socket) => {\n        if (err) {\n          reject(err)\n        } else {\n          resolve(socket)\n        }\n      })\n    })\n\n    if (client.destroyed) {\n      util.destroy(socket.on('error', () => {}), new ClientDestroyedError())\n      return\n    }\n\n    client[kConnecting] = false\n\n    assert(socket)\n\n    const isH2 = socket.alpnProtocol === 'h2'\n    if (isH2) {\n      if (!h2ExperimentalWarned) {\n        h2ExperimentalWarned = true\n        process.emitWarning('H2 support is experimental, expect them to change at any time.', {\n          code: 'UNDICI-H2'\n        })\n      }\n\n      const session = http2.connect(client[kUrl], {\n        createConnection: () => socket,\n        peerMaxConcurrentStreams: client[kHTTP2SessionState].maxConcurrentStreams\n      })\n\n      client[kHTTPConnVersion] = 'h2'\n      session[kClient] = client\n      session[kSocket] = socket\n      session.on('error', onHttp2SessionError)\n      session.on('frameError', onHttp2FrameError)\n      session.on('end', onHttp2SessionEnd)\n      session.on('goaway', onHTTP2GoAway)\n      session.on('close', onSocketClose)\n      session.unref()\n\n      client[kHTTP2Session] = session\n      socket[kHTTP2Session] = session\n    } else {\n      if (!llhttpInstance) {\n        llhttpInstance = await llhttpPromise\n        llhttpPromise = null\n      }\n\n      socket[kNoRef] = false\n      socket[kWriting] = false\n      socket[kReset] = false\n      socket[kBlocking] = false\n      socket[kParser] = new Parser(client, socket, llhttpInstance)\n    }\n\n    socket[kCounter] = 0\n    socket[kMaxRequests] = client[kMaxRequests]\n    socket[kClient] = client\n    socket[kError] = null\n\n    socket\n      .on('error', onSocketError)\n      .on('readable', onSocketReadable)\n      .on('end', onSocketEnd)\n      .on('close', onSocketClose)\n\n    client[kSocket] = socket\n\n    if (channels.connected.hasSubscribers) {\n      channels.connected.publish({\n        connectParams: {\n          host,\n          hostname,\n          protocol,\n          port,\n          servername: client[kServerName],\n          localAddress: client[kLocalAddress]\n        },\n        connector: client[kConnector],\n        socket\n      })\n    }\n    client.emit('connect', client[kUrl], [client])\n  } catch (err) {\n    if (client.destroyed) {\n      return\n    }\n\n    client[kConnecting] = false\n\n    if (channels.connectError.hasSubscribers) {\n      channels.connectError.publish({\n        connectParams: {\n          host,\n          hostname,\n          protocol,\n          port,\n          servername: client[kServerName],\n          localAddress: client[kLocalAddress]\n        },\n        connector: client[kConnector],\n        error: err\n      })\n    }\n\n    if (err.code === 'ERR_TLS_CERT_ALTNAME_INVALID') {\n      assert(client[kRunning] === 0)\n      while (client[kPending] > 0 && client[kQueue][client[kPendingIdx]].servername === client[kServerName]) {\n        const request = client[kQueue][client[kPendingIdx]++]\n        errorRequest(client, request, err)\n      }\n    } else {\n      onError(client, err)\n    }\n\n    client.emit('connectionError', client[kUrl], [client], err)\n  }\n\n  resume(client)\n}\n\nfunction emitDrain (client) {\n  client[kNeedDrain] = 0\n  client.emit('drain', client[kUrl], [client])\n}\n\nfunction resume (client, sync) {\n  if (client[kResuming] === 2) {\n    return\n  }\n\n  client[kResuming] = 2\n\n  _resume(client, sync)\n  client[kResuming] = 0\n\n  if (client[kRunningIdx] > 256) {\n    client[kQueue].splice(0, client[kRunningIdx])\n    client[kPendingIdx] -= client[kRunningIdx]\n    client[kRunningIdx] = 0\n  }\n}\n\nfunction _resume (client, sync) {\n  while (true) {\n    if (client.destroyed) {\n      assert(client[kPending] === 0)\n      return\n    }\n\n    if (client[kClosedResolve] && !client[kSize]) {\n      client[kClosedResolve]()\n      client[kClosedResolve] = null\n      return\n    }\n\n    const socket = client[kSocket]\n\n    if (socket && !socket.destroyed && socket.alpnProtocol !== 'h2') {\n      if (client[kSize] === 0) {\n        if (!socket[kNoRef] && socket.unref) {\n          socket.unref()\n          socket[kNoRef] = true\n        }\n      } else if (socket[kNoRef] && socket.ref) {\n        socket.ref()\n        socket[kNoRef] = false\n      }\n\n      if (client[kSize] === 0) {\n        if (socket[kParser].timeoutType !== TIMEOUT_IDLE) {\n          socket[kParser].setTimeout(client[kKeepAliveTimeoutValue], TIMEOUT_IDLE)\n        }\n      } else if (client[kRunning] > 0 && socket[kParser].statusCode < 200) {\n        if (socket[kParser].timeoutType !== TIMEOUT_HEADERS) {\n          const request = client[kQueue][client[kRunningIdx]]\n          const headersTimeout = request.headersTimeout != null\n            ? request.headersTimeout\n            : client[kHeadersTimeout]\n          socket[kParser].setTimeout(headersTimeout, TIMEOUT_HEADERS)\n        }\n      }\n    }\n\n    if (client[kBusy]) {\n      client[kNeedDrain] = 2\n    } else if (client[kNeedDrain] === 2) {\n      if (sync) {\n        client[kNeedDrain] = 1\n        process.nextTick(emitDrain, client)\n      } else {\n        emitDrain(client)\n      }\n      continue\n    }\n\n    if (client[kPending] === 0) {\n      return\n    }\n\n    if (client[kRunning] >= (client[kPipelining] || 1)) {\n      return\n    }\n\n    const request = client[kQueue][client[kPendingIdx]]\n\n    if (client[kUrl].protocol === 'https:' && client[kServerName] !== request.servername) {\n      if (client[kRunning] > 0) {\n        return\n      }\n\n      client[kServerName] = request.servername\n\n      if (socket && socket.servername !== request.servername) {\n        util.destroy(socket, new InformationalError('servername changed'))\n        return\n      }\n    }\n\n    if (client[kConnecting]) {\n      return\n    }\n\n    if (!socket && !client[kHTTP2Session]) {\n      connect(client)\n      return\n    }\n\n    if (socket.destroyed || socket[kWriting] || socket[kReset] || socket[kBlocking]) {\n      return\n    }\n\n    if (client[kRunning] > 0 && !request.idempotent) {\n      // Non-idempotent request cannot be retried.\n      // Ensure that no other requests are inflight and\n      // could cause failure.\n      return\n    }\n\n    if (client[kRunning] > 0 && (request.upgrade || request.method === 'CONNECT')) {\n      // Don't dispatch an upgrade until all preceding requests have completed.\n      // A misbehaving server might upgrade the connection before all pipelined\n      // request has completed.\n      return\n    }\n\n    if (client[kRunning] > 0 && util.bodyLength(request.body) !== 0 &&\n      (util.isStream(request.body) || util.isAsyncIterable(request.body))) {\n      // Request with stream or iterator body can error while other requests\n      // are inflight and indirectly error those as well.\n      // Ensure this doesn't happen by waiting for inflight\n      // to complete before dispatching.\n\n      // Request with stream or iterator body cannot be retried.\n      // Ensure that no other requests are inflight and\n      // could cause failure.\n      return\n    }\n\n    if (!request.aborted && write(client, request)) {\n      client[kPendingIdx]++\n    } else {\n      client[kQueue].splice(client[kPendingIdx], 1)\n    }\n  }\n}\n\n// https://www.rfc-editor.org/rfc/rfc7230#section-3.3.2\nfunction shouldSendContentLength (method) {\n  return method !== 'GET' && method !== 'HEAD' && method !== 'OPTIONS' && method !== 'TRACE' && method !== 'CONNECT'\n}\n\nfunction write (client, request) {\n  if (client[kHTTPConnVersion] === 'h2') {\n    writeH2(client, client[kHTTP2Session], request)\n    return\n  }\n\n  const { body, method, path, host, upgrade, headers, blocking, reset } = request\n\n  // https://tools.ietf.org/html/rfc7231#section-4.3.1\n  // https://tools.ietf.org/html/rfc7231#section-4.3.2\n  // https://tools.ietf.org/html/rfc7231#section-4.3.5\n\n  // Sending a payload body on a request that does not\n  // expect it can cause undefined behavior on some\n  // servers and corrupt connection state. Do not\n  // re-use the connection for further requests.\n\n  const expectsPayload = (\n    method === 'PUT' ||\n    method === 'POST' ||\n    method === 'PATCH'\n  )\n\n  if (body && typeof body.read === 'function') {\n    // Try to read EOF in order to get length.\n    body.read(0)\n  }\n\n  const bodyLength = util.bodyLength(body)\n\n  let contentLength = bodyLength\n\n  if (contentLength === null) {\n    contentLength = request.contentLength\n  }\n\n  if (contentLength === 0 && !expectsPayload) {\n    // https://tools.ietf.org/html/rfc7230#section-3.3.2\n    // A user agent SHOULD NOT send a Content-Length header field when\n    // the request message does not contain a payload body and the method\n    // semantics do not anticipate such a body.\n\n    contentLength = null\n  }\n\n  // https://github.com/nodejs/undici/issues/2046\n  // A user agent may send a Content-Length header with 0 value, this should be allowed.\n  if (shouldSendContentLength(method) && contentLength > 0 && request.contentLength !== null && request.contentLength !== contentLength) {\n    if (client[kStrictContentLength]) {\n      errorRequest(client, request, new RequestContentLengthMismatchError())\n      return false\n    }\n\n    process.emitWarning(new RequestContentLengthMismatchError())\n  }\n\n  const socket = client[kSocket]\n\n  try {\n    request.onConnect((err) => {\n      if (request.aborted || request.completed) {\n        return\n      }\n\n      errorRequest(client, request, err || new RequestAbortedError())\n\n      util.destroy(socket, new InformationalError('aborted'))\n    })\n  } catch (err) {\n    errorRequest(client, request, err)\n  }\n\n  if (request.aborted) {\n    return false\n  }\n\n  if (method === 'HEAD') {\n    // https://github.com/mcollina/undici/issues/258\n    // Close after a HEAD request to interop with misbehaving servers\n    // that may send a body in the response.\n\n    socket[kReset] = true\n  }\n\n  if (upgrade || method === 'CONNECT') {\n    // On CONNECT or upgrade, block pipeline from dispatching further\n    // requests on this connection.\n\n    socket[kReset] = true\n  }\n\n  if (reset != null) {\n    socket[kReset] = reset\n  }\n\n  if (client[kMaxRequests] && socket[kCounter]++ >= client[kMaxRequests]) {\n    socket[kReset] = true\n  }\n\n  if (blocking) {\n    socket[kBlocking] = true\n  }\n\n  let header = `${method} ${path} HTTP/1.1\\r\\n`\n\n  if (typeof host === 'string') {\n    header += `host: ${host}\\r\\n`\n  } else {\n    header += client[kHostHeader]\n  }\n\n  if (upgrade) {\n    header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n  } else if (client[kPipelining] && !socket[kReset]) {\n    header += 'connection: keep-alive\\r\\n'\n  } else {\n    header += 'connection: close\\r\\n'\n  }\n\n  if (headers) {\n    header += headers\n  }\n\n  if (channels.sendHeaders.hasSubscribers) {\n    channels.sendHeaders.publish({ request, headers: header, socket })\n  }\n\n  /* istanbul ignore else: assertion */\n  if (!body || bodyLength === 0) {\n    if (contentLength === 0) {\n      socket.write(`${header}content-length: 0\\r\\n\\r\\n`, 'latin1')\n    } else {\n      assert(contentLength === null, 'no body must not have content length')\n      socket.write(`${header}\\r\\n`, 'latin1')\n    }\n    request.onRequestSent()\n  } else if (util.isBuffer(body)) {\n    assert(contentLength === body.byteLength, 'buffer body must have content length')\n\n    socket.cork()\n    socket.write(`${header}content-length: ${contentLength}\\r\\n\\r\\n`, 'latin1')\n    socket.write(body)\n    socket.uncork()\n    request.onBodySent(body)\n    request.onRequestSent()\n    if (!expectsPayload) {\n      socket[kReset] = true\n    }\n  } else if (util.isBlobLike(body)) {\n    if (typeof body.stream === 'function') {\n      writeIterable({ body: body.stream(), client, request, socket, contentLength, header, expectsPayload })\n    } else {\n      writeBlob({ body, client, request, socket, contentLength, header, expectsPayload })\n    }\n  } else if (util.isStream(body)) {\n    writeStream({ body, client, request, socket, contentLength, header, expectsPayload })\n  } else if (util.isIterable(body)) {\n    writeIterable({ body, client, request, socket, contentLength, header, expectsPayload })\n  } else {\n    assert(false)\n  }\n\n  return true\n}\n\nfunction writeH2 (client, session, request) {\n  const { body, method, path, host, upgrade, expectContinue, signal, headers: reqHeaders } = request\n\n  let headers\n  if (typeof reqHeaders === 'string') headers = Request[kHTTP2CopyHeaders](reqHeaders.trim())\n  else headers = reqHeaders\n\n  if (upgrade) {\n    errorRequest(client, request, new Error('Upgrade not supported for H2'))\n    return false\n  }\n\n  try {\n    // TODO(HTTP/2): Should we call onConnect immediately or on stream ready event?\n    request.onConnect((err) => {\n      if (request.aborted || request.completed) {\n        return\n      }\n\n      errorRequest(client, request, err || new RequestAbortedError())\n    })\n  } catch (err) {\n    errorRequest(client, request, err)\n  }\n\n  if (request.aborted) {\n    return false\n  }\n\n  /** @type {import('node:http2').ClientHttp2Stream} */\n  let stream\n  const h2State = client[kHTTP2SessionState]\n\n  headers[HTTP2_HEADER_AUTHORITY] = host || client[kHost]\n  headers[HTTP2_HEADER_METHOD] = method\n\n  if (method === 'CONNECT') {\n    session.ref()\n    // we are already connected, streams are pending, first request\n    // will create a new stream. We trigger a request to create the stream and wait until\n    // `ready` event is triggered\n    // We disabled endStream to allow the user to write to the stream\n    stream = session.request(headers, { endStream: false, signal })\n\n    if (stream.id && !stream.pending) {\n      request.onUpgrade(null, null, stream)\n      ++h2State.openStreams\n    } else {\n      stream.once('ready', () => {\n        request.onUpgrade(null, null, stream)\n        ++h2State.openStreams\n      })\n    }\n\n    stream.once('close', () => {\n      h2State.openStreams -= 1\n      // TODO(HTTP/2): unref only if current streams count is 0\n      if (h2State.openStreams === 0) session.unref()\n    })\n\n    return true\n  }\n\n  // https://tools.ietf.org/html/rfc7540#section-8.3\n  // :path and :scheme headers must be omited when sending CONNECT\n\n  headers[HTTP2_HEADER_PATH] = path\n  headers[HTTP2_HEADER_SCHEME] = 'https'\n\n  // https://tools.ietf.org/html/rfc7231#section-4.3.1\n  // https://tools.ietf.org/html/rfc7231#section-4.3.2\n  // https://tools.ietf.org/html/rfc7231#section-4.3.5\n\n  // Sending a payload body on a request that does not\n  // expect it can cause undefined behavior on some\n  // servers and corrupt connection state. Do not\n  // re-use the connection for further requests.\n\n  const expectsPayload = (\n    method === 'PUT' ||\n    method === 'POST' ||\n    method === 'PATCH'\n  )\n\n  if (body && typeof body.read === 'function') {\n    // Try to read EOF in order to get length.\n    body.read(0)\n  }\n\n  let contentLength = util.bodyLength(body)\n\n  if (contentLength == null) {\n    contentLength = request.contentLength\n  }\n\n  if (contentLength === 0 || !expectsPayload) {\n    // https://tools.ietf.org/html/rfc7230#section-3.3.2\n    // A user agent SHOULD NOT send a Content-Length header field when\n    // the request message does not contain a payload body and the method\n    // semantics do not anticipate such a body.\n\n    contentLength = null\n  }\n\n  // https://github.com/nodejs/undici/issues/2046\n  // A user agent may send a Content-Length header with 0 value, this should be allowed.\n  if (shouldSendContentLength(method) && contentLength > 0 && request.contentLength != null && request.contentLength !== contentLength) {\n    if (client[kStrictContentLength]) {\n      errorRequest(client, request, new RequestContentLengthMismatchError())\n      return false\n    }\n\n    process.emitWarning(new RequestContentLengthMismatchError())\n  }\n\n  if (contentLength != null) {\n    assert(body, 'no body must not have content length')\n    headers[HTTP2_HEADER_CONTENT_LENGTH] = `${contentLength}`\n  }\n\n  session.ref()\n\n  const shouldEndStream = method === 'GET' || method === 'HEAD'\n  if (expectContinue) {\n    headers[HTTP2_HEADER_EXPECT] = '100-continue'\n    stream = session.request(headers, { endStream: shouldEndStream, signal })\n\n    stream.once('continue', writeBodyH2)\n  } else {\n    stream = session.request(headers, {\n      endStream: shouldEndStream,\n      signal\n    })\n    writeBodyH2()\n  }\n\n  // Increment counter as we have new several streams open\n  ++h2State.openStreams\n\n  stream.once('response', headers => {\n    const { [HTTP2_HEADER_STATUS]: statusCode, ...realHeaders } = headers\n\n    if (request.onHeaders(Number(statusCode), realHeaders, stream.resume.bind(stream), '') === false) {\n      stream.pause()\n    }\n  })\n\n  stream.once('end', () => {\n    request.onComplete([])\n  })\n\n  stream.on('data', (chunk) => {\n    if (request.onData(chunk) === false) {\n      stream.pause()\n    }\n  })\n\n  stream.once('close', () => {\n    h2State.openStreams -= 1\n    // TODO(HTTP/2): unref only if current streams count is 0\n    if (h2State.openStreams === 0) {\n      session.unref()\n    }\n  })\n\n  stream.once('error', function (err) {\n    if (client[kHTTP2Session] && !client[kHTTP2Session].destroyed && !this.closed && !this.destroyed) {\n      h2State.streams -= 1\n      util.destroy(stream, err)\n    }\n  })\n\n  stream.once('frameError', (type, code) => {\n    const err = new InformationalError(`HTTP/2: \"frameError\" received - type ${type}, code ${code}`)\n    errorRequest(client, request, err)\n\n    if (client[kHTTP2Session] && !client[kHTTP2Session].destroyed && !this.closed && !this.destroyed) {\n      h2State.streams -= 1\n      util.destroy(stream, err)\n    }\n  })\n\n  // stream.on('aborted', () => {\n  //   // TODO(HTTP/2): Support aborted\n  // })\n\n  // stream.on('timeout', () => {\n  //   // TODO(HTTP/2): Support timeout\n  // })\n\n  // stream.on('push', headers => {\n  //   // TODO(HTTP/2): Suppor push\n  // })\n\n  // stream.on('trailers', headers => {\n  //   // TODO(HTTP/2): Support trailers\n  // })\n\n  return true\n\n  function writeBodyH2 () {\n    /* istanbul ignore else: assertion */\n    if (!body) {\n      request.onRequestSent()\n    } else if (util.isBuffer(body)) {\n      assert(contentLength === body.byteLength, 'buffer body must have content length')\n      stream.cork()\n      stream.write(body)\n      stream.uncork()\n      stream.end()\n      request.onBodySent(body)\n      request.onRequestSent()\n    } else if (util.isBlobLike(body)) {\n      if (typeof body.stream === 'function') {\n        writeIterable({\n          client,\n          request,\n          contentLength,\n          h2stream: stream,\n          expectsPayload,\n          body: body.stream(),\n          socket: client[kSocket],\n          header: ''\n        })\n      } else {\n        writeBlob({\n          body,\n          client,\n          request,\n          contentLength,\n          expectsPayload,\n          h2stream: stream,\n          header: '',\n          socket: client[kSocket]\n        })\n      }\n    } else if (util.isStream(body)) {\n      writeStream({\n        body,\n        client,\n        request,\n        contentLength,\n        expectsPayload,\n        socket: client[kSocket],\n        h2stream: stream,\n        header: ''\n      })\n    } else if (util.isIterable(body)) {\n      writeIterable({\n        body,\n        client,\n        request,\n        contentLength,\n        expectsPayload,\n        header: '',\n        h2stream: stream,\n        socket: client[kSocket]\n      })\n    } else {\n      assert(false)\n    }\n  }\n}\n\nfunction writeStream ({ h2stream, body, client, request, socket, contentLength, header, expectsPayload }) {\n  assert(contentLength !== 0 || client[kRunning] === 0, 'stream body cannot be pipelined')\n\n  if (client[kHTTPConnVersion] === 'h2') {\n    // For HTTP/2, is enough to pipe the stream\n    const pipe = pipeline(\n      body,\n      h2stream,\n      (err) => {\n        if (err) {\n          util.destroy(body, err)\n          util.destroy(h2stream, err)\n        } else {\n          request.onRequestSent()\n        }\n      }\n    )\n\n    pipe.on('data', onPipeData)\n    pipe.once('end', () => {\n      pipe.removeListener('data', onPipeData)\n      util.destroy(pipe)\n    })\n\n    function onPipeData (chunk) {\n      request.onBodySent(chunk)\n    }\n\n    return\n  }\n\n  let finished = false\n\n  const writer = new AsyncWriter({ socket, request, contentLength, client, expectsPayload, header })\n\n  const onData = function (chunk) {\n    if (finished) {\n      return\n    }\n\n    try {\n      if (!writer.write(chunk) && this.pause) {\n        this.pause()\n      }\n    } catch (err) {\n      util.destroy(this, err)\n    }\n  }\n  const onDrain = function () {\n    if (finished) {\n      return\n    }\n\n    if (body.resume) {\n      body.resume()\n    }\n  }\n  const onAbort = function () {\n    if (finished) {\n      return\n    }\n    const err = new RequestAbortedError()\n    queueMicrotask(() => onFinished(err))\n  }\n  const onFinished = function (err) {\n    if (finished) {\n      return\n    }\n\n    finished = true\n\n    assert(socket.destroyed || (socket[kWriting] && client[kRunning] <= 1))\n\n    socket\n      .off('drain', onDrain)\n      .off('error', onFinished)\n\n    body\n      .removeListener('data', onData)\n      .removeListener('end', onFinished)\n      .removeListener('error', onFinished)\n      .removeListener('close', onAbort)\n\n    if (!err) {\n      try {\n        writer.end()\n      } catch (er) {\n        err = er\n      }\n    }\n\n    writer.destroy(err)\n\n    if (err && (err.code !== 'UND_ERR_INFO' || err.message !== 'reset')) {\n      util.destroy(body, err)\n    } else {\n      util.destroy(body)\n    }\n  }\n\n  body\n    .on('data', onData)\n    .on('end', onFinished)\n    .on('error', onFinished)\n    .on('close', onAbort)\n\n  if (body.resume) {\n    body.resume()\n  }\n\n  socket\n    .on('drain', onDrain)\n    .on('error', onFinished)\n}\n\nasync function writeBlob ({ h2stream, body, client, request, socket, contentLength, header, expectsPayload }) {\n  assert(contentLength === body.size, 'blob body must have content length')\n\n  const isH2 = client[kHTTPConnVersion] === 'h2'\n  try {\n    if (contentLength != null && contentLength !== body.size) {\n      throw new RequestContentLengthMismatchError()\n    }\n\n    const buffer = Buffer.from(await body.arrayBuffer())\n\n    if (isH2) {\n      h2stream.cork()\n      h2stream.write(buffer)\n      h2stream.uncork()\n    } else {\n      socket.cork()\n      socket.write(`${header}content-length: ${contentLength}\\r\\n\\r\\n`, 'latin1')\n      socket.write(buffer)\n      socket.uncork()\n    }\n\n    request.onBodySent(buffer)\n    request.onRequestSent()\n\n    if (!expectsPayload) {\n      socket[kReset] = true\n    }\n\n    resume(client)\n  } catch (err) {\n    util.destroy(isH2 ? h2stream : socket, err)\n  }\n}\n\nasync function writeIterable ({ h2stream, body, client, request, socket, contentLength, header, expectsPayload }) {\n  assert(contentLength !== 0 || client[kRunning] === 0, 'iterator body cannot be pipelined')\n\n  let callback = null\n  function onDrain () {\n    if (callback) {\n      const cb = callback\n      callback = null\n      cb()\n    }\n  }\n\n  const waitForDrain = () => new Promise((resolve, reject) => {\n    assert(callback === null)\n\n    if (socket[kError]) {\n      reject(socket[kError])\n    } else {\n      callback = resolve\n    }\n  })\n\n  if (client[kHTTPConnVersion] === 'h2') {\n    h2stream\n      .on('close', onDrain)\n      .on('drain', onDrain)\n\n    try {\n      // It's up to the user to somehow abort the async iterable.\n      for await (const chunk of body) {\n        if (socket[kError]) {\n          throw socket[kError]\n        }\n\n        const res = h2stream.write(chunk)\n        request.onBodySent(chunk)\n        if (!res) {\n          await waitForDrain()\n        }\n      }\n    } catch (err) {\n      h2stream.destroy(err)\n    } finally {\n      request.onRequestSent()\n      h2stream.end()\n      h2stream\n        .off('close', onDrain)\n        .off('drain', onDrain)\n    }\n\n    return\n  }\n\n  socket\n    .on('close', onDrain)\n    .on('drain', onDrain)\n\n  const writer = new AsyncWriter({ socket, request, contentLength, client, expectsPayload, header })\n  try {\n    // It's up to the user to somehow abort the async iterable.\n    for await (const chunk of body) {\n      if (socket[kError]) {\n        throw socket[kError]\n      }\n\n      if (!writer.write(chunk)) {\n        await waitForDrain()\n      }\n    }\n\n    writer.end()\n  } catch (err) {\n    writer.destroy(err)\n  } finally {\n    socket\n      .off('close', onDrain)\n      .off('drain', onDrain)\n  }\n}\n\nclass AsyncWriter {\n  constructor ({ socket, request, contentLength, client, expectsPayload, header }) {\n    this.socket = socket\n    this.request = request\n    this.contentLength = contentLength\n    this.client = client\n    this.bytesWritten = 0\n    this.expectsPayload = expectsPayload\n    this.header = header\n\n    socket[kWriting] = true\n  }\n\n  write (chunk) {\n    const { socket, request, contentLength, client, bytesWritten, expectsPayload, header } = this\n\n    if (socket[kError]) {\n      throw socket[kError]\n    }\n\n    if (socket.destroyed) {\n      return false\n    }\n\n    const len = Buffer.byteLength(chunk)\n    if (!len) {\n      return true\n    }\n\n    // We should defer writing chunks.\n    if (contentLength !== null && bytesWritten + len > contentLength) {\n      if (client[kStrictContentLength]) {\n        throw new RequestContentLengthMismatchError()\n      }\n\n      process.emitWarning(new RequestContentLengthMismatchError())\n    }\n\n    socket.cork()\n\n    if (bytesWritten === 0) {\n      if (!expectsPayload) {\n        socket[kReset] = true\n      }\n\n      if (contentLength === null) {\n        socket.write(`${header}transfer-encoding: chunked\\r\\n`, 'latin1')\n      } else {\n        socket.write(`${header}content-length: ${contentLength}\\r\\n\\r\\n`, 'latin1')\n      }\n    }\n\n    if (contentLength === null) {\n      socket.write(`\\r\\n${len.toString(16)}\\r\\n`, 'latin1')\n    }\n\n    this.bytesWritten += len\n\n    const ret = socket.write(chunk)\n\n    socket.uncork()\n\n    request.onBodySent(chunk)\n\n    if (!ret) {\n      if (socket[kParser].timeout && socket[kParser].timeoutType === TIMEOUT_HEADERS) {\n        // istanbul ignore else: only for jest\n        if (socket[kParser].timeout.refresh) {\n          socket[kParser].timeout.refresh()\n        }\n      }\n    }\n\n    return ret\n  }\n\n  end () {\n    const { socket, contentLength, client, bytesWritten, expectsPayload, header, request } = this\n    request.onRequestSent()\n\n    socket[kWriting] = false\n\n    if (socket[kError]) {\n      throw socket[kError]\n    }\n\n    if (socket.destroyed) {\n      return\n    }\n\n    if (bytesWritten === 0) {\n      if (expectsPayload) {\n        // https://tools.ietf.org/html/rfc7230#section-3.3.2\n        // A user agent SHOULD send a Content-Length in a request message when\n        // no Transfer-Encoding is sent and the request method defines a meaning\n        // for an enclosed payload body.\n\n        socket.write(`${header}content-length: 0\\r\\n\\r\\n`, 'latin1')\n      } else {\n        socket.write(`${header}\\r\\n`, 'latin1')\n      }\n    } else if (contentLength === null) {\n      socket.write('\\r\\n0\\r\\n\\r\\n', 'latin1')\n    }\n\n    if (contentLength !== null && bytesWritten !== contentLength) {\n      if (client[kStrictContentLength]) {\n        throw new RequestContentLengthMismatchError()\n      } else {\n        process.emitWarning(new RequestContentLengthMismatchError())\n      }\n    }\n\n    if (socket[kParser].timeout && socket[kParser].timeoutType === TIMEOUT_HEADERS) {\n      // istanbul ignore else: only for jest\n      if (socket[kParser].timeout.refresh) {\n        socket[kParser].timeout.refresh()\n      }\n    }\n\n    resume(client)\n  }\n\n  destroy (err) {\n    const { socket, client } = this\n\n    socket[kWriting] = false\n\n    if (err) {\n      assert(client[kRunning] <= 1, 'pipeline should only contain this request')\n      util.destroy(socket, err)\n    }\n  }\n}\n\nfunction errorRequest (client, request, err) {\n  try {\n    request.onError(err)\n    assert(request.aborted)\n  } catch (err) {\n    client.emit('error', err)\n  }\n}\n\nmodule.exports = Client\n","'use strict'\n\n/* istanbul ignore file: only for Node 12 */\n\nconst { kConnected, kSize } = require('../core/symbols')\n\nclass CompatWeakRef {\n  constructor (value) {\n    this.value = value\n  }\n\n  deref () {\n    return this.value[kConnected] === 0 && this.value[kSize] === 0\n      ? undefined\n      : this.value\n  }\n}\n\nclass CompatFinalizer {\n  constructor (finalizer) {\n    this.finalizer = finalizer\n  }\n\n  register (dispatcher, key) {\n    if (dispatcher.on) {\n      dispatcher.on('disconnect', () => {\n        if (dispatcher[kConnected] === 0 && dispatcher[kSize] === 0) {\n          this.finalizer(key)\n        }\n      })\n    }\n  }\n}\n\nmodule.exports = function () {\n  // FIXME: remove workaround when the Node bug is fixed\n  // https://github.com/nodejs/node/issues/49344#issuecomment-1741776308\n  if (process.env.NODE_V8_COVERAGE) {\n    return {\n      WeakRef: CompatWeakRef,\n      FinalizationRegistry: CompatFinalizer\n    }\n  }\n  return {\n    WeakRef: global.WeakRef || CompatWeakRef,\n    FinalizationRegistry: global.FinalizationRegistry || CompatFinalizer\n  }\n}\n","'use strict'\n\n// https://wicg.github.io/cookie-store/#cookie-maximum-attribute-value-size\nconst maxAttributeValueSize = 1024\n\n// https://wicg.github.io/cookie-store/#cookie-maximum-name-value-pair-size\nconst maxNameValuePairSize = 4096\n\nmodule.exports = {\n  maxAttributeValueSize,\n  maxNameValuePairSize\n}\n","'use strict'\n\nconst { parseSetCookie } = require('./parse')\nconst { stringify } = require('./util')\nconst { webidl } = require('../fetch/webidl')\nconst { Headers } = require('../fetch/headers')\n\n/**\n * @typedef {Object} Cookie\n * @property {string} name\n * @property {string} value\n * @property {Date|number|undefined} expires\n * @property {number|undefined} maxAge\n * @property {string|undefined} domain\n * @property {string|undefined} path\n * @property {boolean|undefined} secure\n * @property {boolean|undefined} httpOnly\n * @property {'Strict'|'Lax'|'None'} sameSite\n * @property {string[]} unparsed\n */\n\n/**\n * @param {Headers} headers\n * @returns {Record<string, string>}\n */\nfunction getCookies (headers) {\n  webidl.argumentLengthCheck(arguments, 1, { header: 'getCookies' })\n\n  webidl.brandCheck(headers, Headers, { strict: false })\n\n  const cookie = headers.get('cookie')\n  const out = {}\n\n  if (!cookie) {\n    return out\n  }\n\n  for (const piece of cookie.split(';')) {\n    const [name, ...value] = piece.split('=')\n\n    out[name.trim()] = value.join('=')\n  }\n\n  return out\n}\n\n/**\n * @param {Headers} headers\n * @param {string} name\n * @param {{ path?: string, domain?: string }|undefined} attributes\n * @returns {void}\n */\nfunction deleteCookie (headers, name, attributes) {\n  webidl.argumentLengthCheck(arguments, 2, { header: 'deleteCookie' })\n\n  webidl.brandCheck(headers, Headers, { strict: false })\n\n  name = webidl.converters.DOMString(name)\n  attributes = webidl.converters.DeleteCookieAttributes(attributes)\n\n  // Matches behavior of\n  // https://github.com/denoland/deno_std/blob/63827b16330b82489a04614027c33b7904e08be5/http/cookie.ts#L278\n  setCookie(headers, {\n    name,\n    value: '',\n    expires: new Date(0),\n    ...attributes\n  })\n}\n\n/**\n * @param {Headers} headers\n * @returns {Cookie[]}\n */\nfunction getSetCookies (headers) {\n  webidl.argumentLengthCheck(arguments, 1, { header: 'getSetCookies' })\n\n  webidl.brandCheck(headers, Headers, { strict: false })\n\n  const cookies = headers.getSetCookie()\n\n  if (!cookies) {\n    return []\n  }\n\n  return cookies.map((pair) => parseSetCookie(pair))\n}\n\n/**\n * @param {Headers} headers\n * @param {Cookie} cookie\n * @returns {void}\n */\nfunction setCookie (headers, cookie) {\n  webidl.argumentLengthCheck(arguments, 2, { header: 'setCookie' })\n\n  webidl.brandCheck(headers, Headers, { strict: false })\n\n  cookie = webidl.converters.Cookie(cookie)\n\n  const str = stringify(cookie)\n\n  if (str) {\n    headers.append('Set-Cookie', stringify(cookie))\n  }\n}\n\nwebidl.converters.DeleteCookieAttributes = webidl.dictionaryConverter([\n  {\n    converter: webidl.nullableConverter(webidl.converters.DOMString),\n    key: 'path',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters.DOMString),\n    key: 'domain',\n    defaultValue: null\n  }\n])\n\nwebidl.converters.Cookie = webidl.dictionaryConverter([\n  {\n    converter: webidl.converters.DOMString,\n    key: 'name'\n  },\n  {\n    converter: webidl.converters.DOMString,\n    key: 'value'\n  },\n  {\n    converter: webidl.nullableConverter((value) => {\n      if (typeof value === 'number') {\n        return webidl.converters['unsigned long long'](value)\n      }\n\n      return new Date(value)\n    }),\n    key: 'expires',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters['long long']),\n    key: 'maxAge',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters.DOMString),\n    key: 'domain',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters.DOMString),\n    key: 'path',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters.boolean),\n    key: 'secure',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters.boolean),\n    key: 'httpOnly',\n    defaultValue: null\n  },\n  {\n    converter: webidl.converters.USVString,\n    key: 'sameSite',\n    allowedValues: ['Strict', 'Lax', 'None']\n  },\n  {\n    converter: webidl.sequenceConverter(webidl.converters.DOMString),\n    key: 'unparsed',\n    defaultValue: []\n  }\n])\n\nmodule.exports = {\n  getCookies,\n  deleteCookie,\n  getSetCookies,\n  setCookie\n}\n","'use strict'\n\nconst { maxNameValuePairSize, maxAttributeValueSize } = require('./constants')\nconst { isCTLExcludingHtab } = require('./util')\nconst { collectASequenceOfCodePointsFast } = require('../fetch/dataURL')\nconst assert = require('assert')\n\n/**\n * @description Parses the field-value attributes of a set-cookie header string.\n * @see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4\n * @param {string} header\n * @returns if the header is invalid, null will be returned\n */\nfunction parseSetCookie (header) {\n  // 1. If the set-cookie-string contains a %x00-08 / %x0A-1F / %x7F\n  //    character (CTL characters excluding HTAB): Abort these steps and\n  //    ignore the set-cookie-string entirely.\n  if (isCTLExcludingHtab(header)) {\n    return null\n  }\n\n  let nameValuePair = ''\n  let unparsedAttributes = ''\n  let name = ''\n  let value = ''\n\n  // 2. If the set-cookie-string contains a %x3B (\";\") character:\n  if (header.includes(';')) {\n    // 1. The name-value-pair string consists of the characters up to,\n    //    but not including, the first %x3B (\";\"), and the unparsed-\n    //    attributes consist of the remainder of the set-cookie-string\n    //    (including the %x3B (\";\") in question).\n    const position = { position: 0 }\n\n    nameValuePair = collectASequenceOfCodePointsFast(';', header, position)\n    unparsedAttributes = header.slice(position.position)\n  } else {\n    // Otherwise:\n\n    // 1. The name-value-pair string consists of all the characters\n    //    contained in the set-cookie-string, and the unparsed-\n    //    attributes is the empty string.\n    nameValuePair = header\n  }\n\n  // 3. If the name-value-pair string lacks a %x3D (\"=\") character, then\n  //    the name string is empty, and the value string is the value of\n  //    name-value-pair.\n  if (!nameValuePair.includes('=')) {\n    value = nameValuePair\n  } else {\n    //    Otherwise, the name string consists of the characters up to, but\n    //    not including, the first %x3D (\"=\") character, and the (possibly\n    //    empty) value string consists of the characters after the first\n    //    %x3D (\"=\") character.\n    const position = { position: 0 }\n    name = collectASequenceOfCodePointsFast(\n      '=',\n      nameValuePair,\n      position\n    )\n    value = nameValuePair.slice(position.position + 1)\n  }\n\n  // 4. Remove any leading or trailing WSP characters from the name\n  //    string and the value string.\n  name = name.trim()\n  value = value.trim()\n\n  // 5. If the sum of the lengths of the name string and the value string\n  //    is more than 4096 octets, abort these steps and ignore the set-\n  //    cookie-string entirely.\n  if (name.length + value.length > maxNameValuePairSize) {\n    return null\n  }\n\n  // 6. The cookie-name is the name string, and the cookie-value is the\n  //    value string.\n  return {\n    name, value, ...parseUnparsedAttributes(unparsedAttributes)\n  }\n}\n\n/**\n * Parses the remaining attributes of a set-cookie header\n * @see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4\n * @param {string} unparsedAttributes\n * @param {[Object.<string, unknown>]={}} cookieAttributeList\n */\nfunction parseUnparsedAttributes (unparsedAttributes, cookieAttributeList = {}) {\n  // 1. If the unparsed-attributes string is empty, skip the rest of\n  //    these steps.\n  if (unparsedAttributes.length === 0) {\n    return cookieAttributeList\n  }\n\n  // 2. Discard the first character of the unparsed-attributes (which\n  //    will be a %x3B (\";\") character).\n  assert(unparsedAttributes[0] === ';')\n  unparsedAttributes = unparsedAttributes.slice(1)\n\n  let cookieAv = ''\n\n  // 3. If the remaining unparsed-attributes contains a %x3B (\";\")\n  //    character:\n  if (unparsedAttributes.includes(';')) {\n    // 1. Consume the characters of the unparsed-attributes up to, but\n    //    not including, the first %x3B (\";\") character.\n    cookieAv = collectASequenceOfCodePointsFast(\n      ';',\n      unparsedAttributes,\n      { position: 0 }\n    )\n    unparsedAttributes = unparsedAttributes.slice(cookieAv.length)\n  } else {\n    // Otherwise:\n\n    // 1. Consume the remainder of the unparsed-attributes.\n    cookieAv = unparsedAttributes\n    unparsedAttributes = ''\n  }\n\n  // Let the cookie-av string be the characters consumed in this step.\n\n  let attributeName = ''\n  let attributeValue = ''\n\n  // 4. If the cookie-av string contains a %x3D (\"=\") character:\n  if (cookieAv.includes('=')) {\n    // 1. The (possibly empty) attribute-name string consists of the\n    //    characters up to, but not including, the first %x3D (\"=\")\n    //    character, and the (possibly empty) attribute-value string\n    //    consists of the characters after the first %x3D (\"=\")\n    //    character.\n    const position = { position: 0 }\n\n    attributeName = collectASequenceOfCodePointsFast(\n      '=',\n      cookieAv,\n      position\n    )\n    attributeValue = cookieAv.slice(position.position + 1)\n  } else {\n    // Otherwise:\n\n    // 1. The attribute-name string consists of the entire cookie-av\n    //    string, and the attribute-value string is empty.\n    attributeName = cookieAv\n  }\n\n  // 5. Remove any leading or trailing WSP characters from the attribute-\n  //    name string and the attribute-value string.\n  attributeName = attributeName.trim()\n  attributeValue = attributeValue.trim()\n\n  // 6. If the attribute-value is longer than 1024 octets, ignore the\n  //    cookie-av string and return to Step 1 of this algorithm.\n  if (attributeValue.length > maxAttributeValueSize) {\n    return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)\n  }\n\n  // 7. Process the attribute-name and attribute-value according to the\n  //    requirements in the following subsections.  (Notice that\n  //    attributes with unrecognized attribute-names are ignored.)\n  const attributeNameLowercase = attributeName.toLowerCase()\n\n  // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.1\n  // If the attribute-name case-insensitively matches the string\n  // \"Expires\", the user agent MUST process the cookie-av as follows.\n  if (attributeNameLowercase === 'expires') {\n    // 1. Let the expiry-time be the result of parsing the attribute-value\n    //    as cookie-date (see Section 5.1.1).\n    const expiryTime = new Date(attributeValue)\n\n    // 2. If the attribute-value failed to parse as a cookie date, ignore\n    //    the cookie-av.\n\n    cookieAttributeList.expires = expiryTime\n  } else if (attributeNameLowercase === 'max-age') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.2\n    // If the attribute-name case-insensitively matches the string \"Max-\n    // Age\", the user agent MUST process the cookie-av as follows.\n\n    // 1. If the first character of the attribute-value is not a DIGIT or a\n    //    \"-\" character, ignore the cookie-av.\n    const charCode = attributeValue.charCodeAt(0)\n\n    if ((charCode < 48 || charCode > 57) && attributeValue[0] !== '-') {\n      return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)\n    }\n\n    // 2. If the remainder of attribute-value contains a non-DIGIT\n    //    character, ignore the cookie-av.\n    if (!/^\\d+$/.test(attributeValue)) {\n      return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)\n    }\n\n    // 3. Let delta-seconds be the attribute-value converted to an integer.\n    const deltaSeconds = Number(attributeValue)\n\n    // 4. Let cookie-age-limit be the maximum age of the cookie (which\n    //    SHOULD be 400 days or less, see Section 4.1.2.2).\n\n    // 5. Set delta-seconds to the smaller of its present value and cookie-\n    //    age-limit.\n    // deltaSeconds = Math.min(deltaSeconds * 1000, maxExpiresMs)\n\n    // 6. If delta-seconds is less than or equal to zero (0), let expiry-\n    //    time be the earliest representable date and time.  Otherwise, let\n    //    the expiry-time be the current date and time plus delta-seconds\n    //    seconds.\n    // const expiryTime = deltaSeconds <= 0 ? Date.now() : Date.now() + deltaSeconds\n\n    // 7. Append an attribute to the cookie-attribute-list with an\n    //    attribute-name of Max-Age and an attribute-value of expiry-time.\n    cookieAttributeList.maxAge = deltaSeconds\n  } else if (attributeNameLowercase === 'domain') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.3\n    // If the attribute-name case-insensitively matches the string \"Domain\",\n    // the user agent MUST process the cookie-av as follows.\n\n    // 1. Let cookie-domain be the attribute-value.\n    let cookieDomain = attributeValue\n\n    // 2. If cookie-domain starts with %x2E (\".\"), let cookie-domain be\n    //    cookie-domain without its leading %x2E (\".\").\n    if (cookieDomain[0] === '.') {\n      cookieDomain = cookieDomain.slice(1)\n    }\n\n    // 3. Convert the cookie-domain to lower case.\n    cookieDomain = cookieDomain.toLowerCase()\n\n    // 4. Append an attribute to the cookie-attribute-list with an\n    //    attribute-name of Domain and an attribute-value of cookie-domain.\n    cookieAttributeList.domain = cookieDomain\n  } else if (attributeNameLowercase === 'path') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.4\n    // If the attribute-name case-insensitively matches the string \"Path\",\n    // the user agent MUST process the cookie-av as follows.\n\n    // 1. If the attribute-value is empty or if the first character of the\n    //    attribute-value is not %x2F (\"/\"):\n    let cookiePath = ''\n    if (attributeValue.length === 0 || attributeValue[0] !== '/') {\n      // 1. Let cookie-path be the default-path.\n      cookiePath = '/'\n    } else {\n      // Otherwise:\n\n      // 1. Let cookie-path be the attribute-value.\n      cookiePath = attributeValue\n    }\n\n    // 2. Append an attribute to the cookie-attribute-list with an\n    //    attribute-name of Path and an attribute-value of cookie-path.\n    cookieAttributeList.path = cookiePath\n  } else if (attributeNameLowercase === 'secure') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.5\n    // If the attribute-name case-insensitively matches the string \"Secure\",\n    // the user agent MUST append an attribute to the cookie-attribute-list\n    // with an attribute-name of Secure and an empty attribute-value.\n\n    cookieAttributeList.secure = true\n  } else if (attributeNameLowercase === 'httponly') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.6\n    // If the attribute-name case-insensitively matches the string\n    // \"HttpOnly\", the user agent MUST append an attribute to the cookie-\n    // attribute-list with an attribute-name of HttpOnly and an empty\n    // attribute-value.\n\n    cookieAttributeList.httpOnly = true\n  } else if (attributeNameLowercase === 'samesite') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.7\n    // If the attribute-name case-insensitively matches the string\n    // \"SameSite\", the user agent MUST process the cookie-av as follows:\n\n    // 1. Let enforcement be \"Default\".\n    let enforcement = 'Default'\n\n    const attributeValueLowercase = attributeValue.toLowerCase()\n    // 2. If cookie-av's attribute-value is a case-insensitive match for\n    //    \"None\", set enforcement to \"None\".\n    if (attributeValueLowercase.includes('none')) {\n      enforcement = 'None'\n    }\n\n    // 3. If cookie-av's attribute-value is a case-insensitive match for\n    //    \"Strict\", set enforcement to \"Strict\".\n    if (attributeValueLowercase.includes('strict')) {\n      enforcement = 'Strict'\n    }\n\n    // 4. If cookie-av's attribute-value is a case-insensitive match for\n    //    \"Lax\", set enforcement to \"Lax\".\n    if (attributeValueLowercase.includes('lax')) {\n      enforcement = 'Lax'\n    }\n\n    // 5. Append an attribute to the cookie-attribute-list with an\n    //    attribute-name of \"SameSite\" and an attribute-value of\n    //    enforcement.\n    cookieAttributeList.sameSite = enforcement\n  } else {\n    cookieAttributeList.unparsed ??= []\n\n    cookieAttributeList.unparsed.push(`${attributeName}=${attributeValue}`)\n  }\n\n  // 8. Return to Step 1 of this algorithm.\n  return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)\n}\n\nmodule.exports = {\n  parseSetCookie,\n  parseUnparsedAttributes\n}\n","'use strict'\n\n/**\n * @param {string} value\n * @returns {boolean}\n */\nfunction isCTLExcludingHtab (value) {\n  if (value.length === 0) {\n    return false\n  }\n\n  for (const char of value) {\n    const code = char.charCodeAt(0)\n\n    if (\n      (code >= 0x00 || code <= 0x08) ||\n      (code >= 0x0A || code <= 0x1F) ||\n      code === 0x7F\n    ) {\n      return false\n    }\n  }\n}\n\n/**\n CHAR           = <any US-ASCII character (octets 0 - 127)>\n token          = 1*<any CHAR except CTLs or separators>\n separators     = \"(\" | \")\" | \"<\" | \">\" | \"@\"\n                | \",\" | \";\" | \":\" | \"\\\" | <\">\n                | \"/\" | \"[\" | \"]\" | \"?\" | \"=\"\n                | \"{\" | \"}\" | SP | HT\n * @param {string} name\n */\nfunction validateCookieName (name) {\n  for (const char of name) {\n    const code = char.charCodeAt(0)\n\n    if (\n      (code <= 0x20 || code > 0x7F) ||\n      char === '(' ||\n      char === ')' ||\n      char === '>' ||\n      char === '<' ||\n      char === '@' ||\n      char === ',' ||\n      char === ';' ||\n      char === ':' ||\n      char === '\\\\' ||\n      char === '\"' ||\n      char === '/' ||\n      char === '[' ||\n      char === ']' ||\n      char === '?' ||\n      char === '=' ||\n      char === '{' ||\n      char === '}'\n    ) {\n      throw new Error('Invalid cookie name')\n    }\n  }\n}\n\n/**\n cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )\n cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E\n                       ; US-ASCII characters excluding CTLs,\n                       ; whitespace DQUOTE, comma, semicolon,\n                       ; and backslash\n * @param {string} value\n */\nfunction validateCookieValue (value) {\n  for (const char of value) {\n    const code = char.charCodeAt(0)\n\n    if (\n      code < 0x21 || // exclude CTLs (0-31)\n      code === 0x22 ||\n      code === 0x2C ||\n      code === 0x3B ||\n      code === 0x5C ||\n      code > 0x7E // non-ascii\n    ) {\n      throw new Error('Invalid header value')\n    }\n  }\n}\n\n/**\n * path-value        = <any CHAR except CTLs or \";\">\n * @param {string} path\n */\nfunction validateCookiePath (path) {\n  for (const char of path) {\n    const code = char.charCodeAt(0)\n\n    if (code < 0x21 || char === ';') {\n      throw new Error('Invalid cookie path')\n    }\n  }\n}\n\n/**\n * I have no idea why these values aren't allowed to be honest,\n * but Deno tests these. - Khafra\n * @param {string} domain\n */\nfunction validateCookieDomain (domain) {\n  if (\n    domain.startsWith('-') ||\n    domain.endsWith('.') ||\n    domain.endsWith('-')\n  ) {\n    throw new Error('Invalid cookie domain')\n  }\n}\n\n/**\n * @see https://www.rfc-editor.org/rfc/rfc7231#section-7.1.1.1\n * @param {number|Date} date\n  IMF-fixdate  = day-name \",\" SP date1 SP time-of-day SP GMT\n  ; fixed length/zone/capitalization subset of the format\n  ; see Section 3.3 of [RFC5322]\n\n  day-name     = %x4D.6F.6E ; \"Mon\", case-sensitive\n              / %x54.75.65 ; \"Tue\", case-sensitive\n              / %x57.65.64 ; \"Wed\", case-sensitive\n              / %x54.68.75 ; \"Thu\", case-sensitive\n              / %x46.72.69 ; \"Fri\", case-sensitive\n              / %x53.61.74 ; \"Sat\", case-sensitive\n              / %x53.75.6E ; \"Sun\", case-sensitive\n  date1        = day SP month SP year\n                  ; e.g., 02 Jun 1982\n\n  day          = 2DIGIT\n  month        = %x4A.61.6E ; \"Jan\", case-sensitive\n              / %x46.65.62 ; \"Feb\", case-sensitive\n              / %x4D.61.72 ; \"Mar\", case-sensitive\n              / %x41.70.72 ; \"Apr\", case-sensitive\n              / %x4D.61.79 ; \"May\", case-sensitive\n              / %x4A.75.6E ; \"Jun\", case-sensitive\n              / %x4A.75.6C ; \"Jul\", case-sensitive\n              / %x41.75.67 ; \"Aug\", case-sensitive\n              / %x53.65.70 ; \"Sep\", case-sensitive\n              / %x4F.63.74 ; \"Oct\", case-sensitive\n              / %x4E.6F.76 ; \"Nov\", case-sensitive\n              / %x44.65.63 ; \"Dec\", case-sensitive\n  year         = 4DIGIT\n\n  GMT          = %x47.4D.54 ; \"GMT\", case-sensitive\n\n  time-of-day  = hour \":\" minute \":\" second\n              ; 00:00:00 - 23:59:60 (leap second)\n\n  hour         = 2DIGIT\n  minute       = 2DIGIT\n  second       = 2DIGIT\n */\nfunction toIMFDate (date) {\n  if (typeof date === 'number') {\n    date = new Date(date)\n  }\n\n  const days = [\n    'Sun', 'Mon', 'Tue', 'Wed',\n    'Thu', 'Fri', 'Sat'\n  ]\n\n  const months = [\n    'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',\n    'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'\n  ]\n\n  const dayName = days[date.getUTCDay()]\n  const day = date.getUTCDate().toString().padStart(2, '0')\n  const month = months[date.getUTCMonth()]\n  const year = date.getUTCFullYear()\n  const hour = date.getUTCHours().toString().padStart(2, '0')\n  const minute = date.getUTCMinutes().toString().padStart(2, '0')\n  const second = date.getUTCSeconds().toString().padStart(2, '0')\n\n  return `${dayName}, ${day} ${month} ${year} ${hour}:${minute}:${second} GMT`\n}\n\n/**\n max-age-av        = \"Max-Age=\" non-zero-digit *DIGIT\n                       ; In practice, both expires-av and max-age-av\n                       ; are limited to dates representable by the\n                       ; user agent.\n * @param {number} maxAge\n */\nfunction validateCookieMaxAge (maxAge) {\n  if (maxAge < 0) {\n    throw new Error('Invalid cookie max-age')\n  }\n}\n\n/**\n * @see https://www.rfc-editor.org/rfc/rfc6265#section-4.1.1\n * @param {import('./index').Cookie} cookie\n */\nfunction stringify (cookie) {\n  if (cookie.name.length === 0) {\n    return null\n  }\n\n  validateCookieName(cookie.name)\n  validateCookieValue(cookie.value)\n\n  const out = [`${cookie.name}=${cookie.value}`]\n\n  // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.1\n  // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.2\n  if (cookie.name.startsWith('__Secure-')) {\n    cookie.secure = true\n  }\n\n  if (cookie.name.startsWith('__Host-')) {\n    cookie.secure = true\n    cookie.domain = null\n    cookie.path = '/'\n  }\n\n  if (cookie.secure) {\n    out.push('Secure')\n  }\n\n  if (cookie.httpOnly) {\n    out.push('HttpOnly')\n  }\n\n  if (typeof cookie.maxAge === 'number') {\n    validateCookieMaxAge(cookie.maxAge)\n    out.push(`Max-Age=${cookie.maxAge}`)\n  }\n\n  if (cookie.domain) {\n    validateCookieDomain(cookie.domain)\n    out.push(`Domain=${cookie.domain}`)\n  }\n\n  if (cookie.path) {\n    validateCookiePath(cookie.path)\n    out.push(`Path=${cookie.path}`)\n  }\n\n  if (cookie.expires && cookie.expires.toString() !== 'Invalid Date') {\n    out.push(`Expires=${toIMFDate(cookie.expires)}`)\n  }\n\n  if (cookie.sameSite) {\n    out.push(`SameSite=${cookie.sameSite}`)\n  }\n\n  for (const part of cookie.unparsed) {\n    if (!part.includes('=')) {\n      throw new Error('Invalid unparsed')\n    }\n\n    const [key, ...value] = part.split('=')\n\n    out.push(`${key.trim()}=${value.join('=')}`)\n  }\n\n  return out.join('; ')\n}\n\nmodule.exports = {\n  isCTLExcludingHtab,\n  validateCookieName,\n  validateCookiePath,\n  validateCookieValue,\n  toIMFDate,\n  stringify\n}\n","'use strict'\n\nconst net = require('net')\nconst assert = require('assert')\nconst util = require('./util')\nconst { InvalidArgumentError, ConnectTimeoutError } = require('./errors')\n\nlet tls // include tls conditionally since it is not always available\n\n// TODO: session re-use does not wait for the first\n// connection to resolve the session and might therefore\n// resolve the same servername multiple times even when\n// re-use is enabled.\n\nlet SessionCache\n// FIXME: remove workaround when the Node bug is fixed\n// https://github.com/nodejs/node/issues/49344#issuecomment-1741776308\nif (global.FinalizationRegistry && !process.env.NODE_V8_COVERAGE) {\n  SessionCache = class WeakSessionCache {\n    constructor (maxCachedSessions) {\n      this._maxCachedSessions = maxCachedSessions\n      this._sessionCache = new Map()\n      this._sessionRegistry = new global.FinalizationRegistry((key) => {\n        if (this._sessionCache.size < this._maxCachedSessions) {\n          return\n        }\n\n        const ref = this._sessionCache.get(key)\n        if (ref !== undefined && ref.deref() === undefined) {\n          this._sessionCache.delete(key)\n        }\n      })\n    }\n\n    get (sessionKey) {\n      const ref = this._sessionCache.get(sessionKey)\n      return ref ? ref.deref() : null\n    }\n\n    set (sessionKey, session) {\n      if (this._maxCachedSessions === 0) {\n        return\n      }\n\n      this._sessionCache.set(sessionKey, new WeakRef(session))\n      this._sessionRegistry.register(session, sessionKey)\n    }\n  }\n} else {\n  SessionCache = class SimpleSessionCache {\n    constructor (maxCachedSessions) {\n      this._maxCachedSessions = maxCachedSessions\n      this._sessionCache = new Map()\n    }\n\n    get (sessionKey) {\n      return this._sessionCache.get(sessionKey)\n    }\n\n    set (sessionKey, session) {\n      if (this._maxCachedSessions === 0) {\n        return\n      }\n\n      if (this._sessionCache.size >= this._maxCachedSessions) {\n        // remove the oldest session\n        const { value: oldestKey } = this._sessionCache.keys().next()\n        this._sessionCache.delete(oldestKey)\n      }\n\n      this._sessionCache.set(sessionKey, session)\n    }\n  }\n}\n\nfunction buildConnector ({ allowH2, maxCachedSessions, socketPath, timeout, ...opts }) {\n  if (maxCachedSessions != null && (!Number.isInteger(maxCachedSessions) || maxCachedSessions < 0)) {\n    throw new InvalidArgumentError('maxCachedSessions must be a positive integer or zero')\n  }\n\n  const options = { path: socketPath, ...opts }\n  const sessionCache = new SessionCache(maxCachedSessions == null ? 100 : maxCachedSessions)\n  timeout = timeout == null ? 10e3 : timeout\n  allowH2 = allowH2 != null ? allowH2 : false\n  return function connect ({ hostname, host, protocol, port, servername, localAddress, httpSocket }, callback) {\n    let socket\n    if (protocol === 'https:') {\n      if (!tls) {\n        tls = require('tls')\n      }\n      servername = servername || options.servername || util.getServerName(host) || null\n\n      const sessionKey = servername || hostname\n      const session = sessionCache.get(sessionKey) || null\n\n      assert(sessionKey)\n\n      socket = tls.connect({\n        highWaterMark: 16384, // TLS in node can't have bigger HWM anyway...\n        ...options,\n        servername,\n        session,\n        localAddress,\n        // TODO(HTTP/2): Add support for h2c\n        ALPNProtocols: allowH2 ? ['http/1.1', 'h2'] : ['http/1.1'],\n        socket: httpSocket, // upgrade socket connection\n        port: port || 443,\n        host: hostname\n      })\n\n      socket\n        .on('session', function (session) {\n          // TODO (fix): Can a session become invalid once established? Don't think so?\n          sessionCache.set(sessionKey, session)\n        })\n    } else {\n      assert(!httpSocket, 'httpSocket can only be sent on TLS update')\n      socket = net.connect({\n        highWaterMark: 64 * 1024, // Same as nodejs fs streams.\n        ...options,\n        localAddress,\n        port: port || 80,\n        host: hostname\n      })\n    }\n\n    // Set TCP keep alive options on the socket here instead of in connect() for the case of assigning the socket\n    if (options.keepAlive == null || options.keepAlive) {\n      const keepAliveInitialDelay = options.keepAliveInitialDelay === undefined ? 60e3 : options.keepAliveInitialDelay\n      socket.setKeepAlive(true, keepAliveInitialDelay)\n    }\n\n    const cancelTimeout = setupTimeout(() => onConnectTimeout(socket), timeout)\n\n    socket\n      .setNoDelay(true)\n      .once(protocol === 'https:' ? 'secureConnect' : 'connect', function () {\n        cancelTimeout()\n\n        if (callback) {\n          const cb = callback\n          callback = null\n          cb(null, this)\n        }\n      })\n      .on('error', function (err) {\n        cancelTimeout()\n\n        if (callback) {\n          const cb = callback\n          callback = null\n          cb(err)\n        }\n      })\n\n    return socket\n  }\n}\n\nfunction setupTimeout (onConnectTimeout, timeout) {\n  if (!timeout) {\n    return () => {}\n  }\n\n  let s1 = null\n  let s2 = null\n  const timeoutId = setTimeout(() => {\n    // setImmediate is added to make sure that we priotorise socket error events over timeouts\n    s1 = setImmediate(() => {\n      if (process.platform === 'win32') {\n        // Windows needs an extra setImmediate probably due to implementation differences in the socket logic\n        s2 = setImmediate(() => onConnectTimeout())\n      } else {\n        onConnectTimeout()\n      }\n    })\n  }, timeout)\n  return () => {\n    clearTimeout(timeoutId)\n    clearImmediate(s1)\n    clearImmediate(s2)\n  }\n}\n\nfunction onConnectTimeout (socket) {\n  util.destroy(socket, new ConnectTimeoutError())\n}\n\nmodule.exports = buildConnector\n","'use strict'\n\n/** @type {Record<string, string | undefined>} */\nconst headerNameLowerCasedRecord = {}\n\n// https://developer.mozilla.org/docs/Web/HTTP/Headers\nconst wellknownHeaderNames = [\n  'Accept',\n  'Accept-Encoding',\n  'Accept-Language',\n  'Accept-Ranges',\n  'Access-Control-Allow-Credentials',\n  'Access-Control-Allow-Headers',\n  'Access-Control-Allow-Methods',\n  'Access-Control-Allow-Origin',\n  'Access-Control-Expose-Headers',\n  'Access-Control-Max-Age',\n  'Access-Control-Request-Headers',\n  'Access-Control-Request-Method',\n  'Age',\n  'Allow',\n  'Alt-Svc',\n  'Alt-Used',\n  'Authorization',\n  'Cache-Control',\n  'Clear-Site-Data',\n  'Connection',\n  'Content-Disposition',\n  'Content-Encoding',\n  'Content-Language',\n  'Content-Length',\n  'Content-Location',\n  'Content-Range',\n  'Content-Security-Policy',\n  'Content-Security-Policy-Report-Only',\n  'Content-Type',\n  'Cookie',\n  'Cross-Origin-Embedder-Policy',\n  'Cross-Origin-Opener-Policy',\n  'Cross-Origin-Resource-Policy',\n  'Date',\n  'Device-Memory',\n  'Downlink',\n  'ECT',\n  'ETag',\n  'Expect',\n  'Expect-CT',\n  'Expires',\n  'Forwarded',\n  'From',\n  'Host',\n  'If-Match',\n  'If-Modified-Since',\n  'If-None-Match',\n  'If-Range',\n  'If-Unmodified-Since',\n  'Keep-Alive',\n  'Last-Modified',\n  'Link',\n  'Location',\n  'Max-Forwards',\n  'Origin',\n  'Permissions-Policy',\n  'Pragma',\n  'Proxy-Authenticate',\n  'Proxy-Authorization',\n  'RTT',\n  'Range',\n  'Referer',\n  'Referrer-Policy',\n  'Refresh',\n  'Retry-After',\n  'Sec-WebSocket-Accept',\n  'Sec-WebSocket-Extensions',\n  'Sec-WebSocket-Key',\n  'Sec-WebSocket-Protocol',\n  'Sec-WebSocket-Version',\n  'Server',\n  'Server-Timing',\n  'Service-Worker-Allowed',\n  'Service-Worker-Navigation-Preload',\n  'Set-Cookie',\n  'SourceMap',\n  'Strict-Transport-Security',\n  'Supports-Loading-Mode',\n  'TE',\n  'Timing-Allow-Origin',\n  'Trailer',\n  'Transfer-Encoding',\n  'Upgrade',\n  'Upgrade-Insecure-Requests',\n  'User-Agent',\n  'Vary',\n  'Via',\n  'WWW-Authenticate',\n  'X-Content-Type-Options',\n  'X-DNS-Prefetch-Control',\n  'X-Frame-Options',\n  'X-Permitted-Cross-Domain-Policies',\n  'X-Powered-By',\n  'X-Requested-With',\n  'X-XSS-Protection'\n]\n\nfor (let i = 0; i < wellknownHeaderNames.length; ++i) {\n  const key = wellknownHeaderNames[i]\n  const lowerCasedKey = key.toLowerCase()\n  headerNameLowerCasedRecord[key] = headerNameLowerCasedRecord[lowerCasedKey] =\n    lowerCasedKey\n}\n\n// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.\nObject.setPrototypeOf(headerNameLowerCasedRecord, null)\n\nmodule.exports = {\n  wellknownHeaderNames,\n  headerNameLowerCasedRecord\n}\n","'use strict'\n\nclass UndiciError extends Error {\n  constructor (message) {\n    super(message)\n    this.name = 'UndiciError'\n    this.code = 'UND_ERR'\n  }\n}\n\nclass ConnectTimeoutError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, ConnectTimeoutError)\n    this.name = 'ConnectTimeoutError'\n    this.message = message || 'Connect Timeout Error'\n    this.code = 'UND_ERR_CONNECT_TIMEOUT'\n  }\n}\n\nclass HeadersTimeoutError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, HeadersTimeoutError)\n    this.name = 'HeadersTimeoutError'\n    this.message = message || 'Headers Timeout Error'\n    this.code = 'UND_ERR_HEADERS_TIMEOUT'\n  }\n}\n\nclass HeadersOverflowError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, HeadersOverflowError)\n    this.name = 'HeadersOverflowError'\n    this.message = message || 'Headers Overflow Error'\n    this.code = 'UND_ERR_HEADERS_OVERFLOW'\n  }\n}\n\nclass BodyTimeoutError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, BodyTimeoutError)\n    this.name = 'BodyTimeoutError'\n    this.message = message || 'Body Timeout Error'\n    this.code = 'UND_ERR_BODY_TIMEOUT'\n  }\n}\n\nclass ResponseStatusCodeError extends UndiciError {\n  constructor (message, statusCode, headers, body) {\n    super(message)\n    Error.captureStackTrace(this, ResponseStatusCodeError)\n    this.name = 'ResponseStatusCodeError'\n    this.message = message || 'Response Status Code Error'\n    this.code = 'UND_ERR_RESPONSE_STATUS_CODE'\n    this.body = body\n    this.status = statusCode\n    this.statusCode = statusCode\n    this.headers = headers\n  }\n}\n\nclass InvalidArgumentError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, InvalidArgumentError)\n    this.name = 'InvalidArgumentError'\n    this.message = message || 'Invalid Argument Error'\n    this.code = 'UND_ERR_INVALID_ARG'\n  }\n}\n\nclass InvalidReturnValueError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, InvalidReturnValueError)\n    this.name = 'InvalidReturnValueError'\n    this.message = message || 'Invalid Return Value Error'\n    this.code = 'UND_ERR_INVALID_RETURN_VALUE'\n  }\n}\n\nclass RequestAbortedError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, RequestAbortedError)\n    this.name = 'AbortError'\n    this.message = message || 'Request aborted'\n    this.code = 'UND_ERR_ABORTED'\n  }\n}\n\nclass InformationalError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, InformationalError)\n    this.name = 'InformationalError'\n    this.message = message || 'Request information'\n    this.code = 'UND_ERR_INFO'\n  }\n}\n\nclass RequestContentLengthMismatchError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, RequestContentLengthMismatchError)\n    this.name = 'RequestContentLengthMismatchError'\n    this.message = message || 'Request body length does not match content-length header'\n    this.code = 'UND_ERR_REQ_CONTENT_LENGTH_MISMATCH'\n  }\n}\n\nclass ResponseContentLengthMismatchError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, ResponseContentLengthMismatchError)\n    this.name = 'ResponseContentLengthMismatchError'\n    this.message = message || 'Response body length does not match content-length header'\n    this.code = 'UND_ERR_RES_CONTENT_LENGTH_MISMATCH'\n  }\n}\n\nclass ClientDestroyedError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, ClientDestroyedError)\n    this.name = 'ClientDestroyedError'\n    this.message = message || 'The client is destroyed'\n    this.code = 'UND_ERR_DESTROYED'\n  }\n}\n\nclass ClientClosedError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, ClientClosedError)\n    this.name = 'ClientClosedError'\n    this.message = message || 'The client is closed'\n    this.code = 'UND_ERR_CLOSED'\n  }\n}\n\nclass SocketError extends UndiciError {\n  constructor (message, socket) {\n    super(message)\n    Error.captureStackTrace(this, SocketError)\n    this.name = 'SocketError'\n    this.message = message || 'Socket error'\n    this.code = 'UND_ERR_SOCKET'\n    this.socket = socket\n  }\n}\n\nclass NotSupportedError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, NotSupportedError)\n    this.name = 'NotSupportedError'\n    this.message = message || 'Not supported error'\n    this.code = 'UND_ERR_NOT_SUPPORTED'\n  }\n}\n\nclass BalancedPoolMissingUpstreamError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, NotSupportedError)\n    this.name = 'MissingUpstreamError'\n    this.message = message || 'No upstream has been added to the BalancedPool'\n    this.code = 'UND_ERR_BPL_MISSING_UPSTREAM'\n  }\n}\n\nclass HTTPParserError extends Error {\n  constructor (message, code, data) {\n    super(message)\n    Error.captureStackTrace(this, HTTPParserError)\n    this.name = 'HTTPParserError'\n    this.code = code ? `HPE_${code}` : undefined\n    this.data = data ? data.toString() : undefined\n  }\n}\n\nclass ResponseExceededMaxSizeError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, ResponseExceededMaxSizeError)\n    this.name = 'ResponseExceededMaxSizeError'\n    this.message = message || 'Response content exceeded max size'\n    this.code = 'UND_ERR_RES_EXCEEDED_MAX_SIZE'\n  }\n}\n\nclass RequestRetryError extends UndiciError {\n  constructor (message, code, { headers, data }) {\n    super(message)\n    Error.captureStackTrace(this, RequestRetryError)\n    this.name = 'RequestRetryError'\n    this.message = message || 'Request retry error'\n    this.code = 'UND_ERR_REQ_RETRY'\n    this.statusCode = code\n    this.data = data\n    this.headers = headers\n  }\n}\n\nmodule.exports = {\n  HTTPParserError,\n  UndiciError,\n  HeadersTimeoutError,\n  HeadersOverflowError,\n  BodyTimeoutError,\n  RequestContentLengthMismatchError,\n  ConnectTimeoutError,\n  ResponseStatusCodeError,\n  InvalidArgumentError,\n  InvalidReturnValueError,\n  RequestAbortedError,\n  ClientDestroyedError,\n  ClientClosedError,\n  InformationalError,\n  SocketError,\n  NotSupportedError,\n  ResponseContentLengthMismatchError,\n  BalancedPoolMissingUpstreamError,\n  ResponseExceededMaxSizeError,\n  RequestRetryError\n}\n","'use strict'\n\nconst {\n  InvalidArgumentError,\n  NotSupportedError\n} = require('./errors')\nconst assert = require('assert')\nconst { kHTTP2BuildRequest, kHTTP2CopyHeaders, kHTTP1BuildRequest } = require('./symbols')\nconst util = require('./util')\n\n// tokenRegExp and headerCharRegex have been lifted from\n// https://github.com/nodejs/node/blob/main/lib/_http_common.js\n\n/**\n * Verifies that the given val is a valid HTTP token\n * per the rules defined in RFC 7230\n * See https://tools.ietf.org/html/rfc7230#section-3.2.6\n */\nconst tokenRegExp = /^[\\^_`a-zA-Z\\-0-9!#$%&'*+.|~]+$/\n\n/**\n * Matches if val contains an invalid field-vchar\n *  field-value    = *( field-content / obs-fold )\n *  field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]\n *  field-vchar    = VCHAR / obs-text\n */\nconst headerCharRegex = /[^\\t\\x20-\\x7e\\x80-\\xff]/\n\n// Verifies that a given path is valid does not contain control chars \\x00 to \\x20\nconst invalidPathRegex = /[^\\u0021-\\u00ff]/\n\nconst kHandler = Symbol('handler')\n\nconst channels = {}\n\nlet extractBody\n\ntry {\n  const diagnosticsChannel = require('diagnostics_channel')\n  channels.create = diagnosticsChannel.channel('undici:request:create')\n  channels.bodySent = diagnosticsChannel.channel('undici:request:bodySent')\n  channels.headers = diagnosticsChannel.channel('undici:request:headers')\n  channels.trailers = diagnosticsChannel.channel('undici:request:trailers')\n  channels.error = diagnosticsChannel.channel('undici:request:error')\n} catch {\n  channels.create = { hasSubscribers: false }\n  channels.bodySent = { hasSubscribers: false }\n  channels.headers = { hasSubscribers: false }\n  channels.trailers = { hasSubscribers: false }\n  channels.error = { hasSubscribers: false }\n}\n\nclass Request {\n  constructor (origin, {\n    path,\n    method,\n    body,\n    headers,\n    query,\n    idempotent,\n    blocking,\n    upgrade,\n    headersTimeout,\n    bodyTimeout,\n    reset,\n    throwOnError,\n    expectContinue\n  }, handler) {\n    if (typeof path !== 'string') {\n      throw new InvalidArgumentError('path must be a string')\n    } else if (\n      path[0] !== '/' &&\n      !(path.startsWith('http://') || path.startsWith('https://')) &&\n      method !== 'CONNECT'\n    ) {\n      throw new InvalidArgumentError('path must be an absolute URL or start with a slash')\n    } else if (invalidPathRegex.exec(path) !== null) {\n      throw new InvalidArgumentError('invalid request path')\n    }\n\n    if (typeof method !== 'string') {\n      throw new InvalidArgumentError('method must be a string')\n    } else if (tokenRegExp.exec(method) === null) {\n      throw new InvalidArgumentError('invalid request method')\n    }\n\n    if (upgrade && typeof upgrade !== 'string') {\n      throw new InvalidArgumentError('upgrade must be a string')\n    }\n\n    if (headersTimeout != null && (!Number.isFinite(headersTimeout) || headersTimeout < 0)) {\n      throw new InvalidArgumentError('invalid headersTimeout')\n    }\n\n    if (bodyTimeout != null && (!Number.isFinite(bodyTimeout) || bodyTimeout < 0)) {\n      throw new InvalidArgumentError('invalid bodyTimeout')\n    }\n\n    if (reset != null && typeof reset !== 'boolean') {\n      throw new InvalidArgumentError('invalid reset')\n    }\n\n    if (expectContinue != null && typeof expectContinue !== 'boolean') {\n      throw new InvalidArgumentError('invalid expectContinue')\n    }\n\n    this.headersTimeout = headersTimeout\n\n    this.bodyTimeout = bodyTimeout\n\n    this.throwOnError = throwOnError === true\n\n    this.method = method\n\n    this.abort = null\n\n    if (body == null) {\n      this.body = null\n    } else if (util.isStream(body)) {\n      this.body = body\n\n      const rState = this.body._readableState\n      if (!rState || !rState.autoDestroy) {\n        this.endHandler = function autoDestroy () {\n          util.destroy(this)\n        }\n        this.body.on('end', this.endHandler)\n      }\n\n      this.errorHandler = err => {\n        if (this.abort) {\n          this.abort(err)\n        } else {\n          this.error = err\n        }\n      }\n      this.body.on('error', this.errorHandler)\n    } else if (util.isBuffer(body)) {\n      this.body = body.byteLength ? body : null\n    } else if (ArrayBuffer.isView(body)) {\n      this.body = body.buffer.byteLength ? Buffer.from(body.buffer, body.byteOffset, body.byteLength) : null\n    } else if (body instanceof ArrayBuffer) {\n      this.body = body.byteLength ? Buffer.from(body) : null\n    } else if (typeof body === 'string') {\n      this.body = body.length ? Buffer.from(body) : null\n    } else if (util.isFormDataLike(body) || util.isIterable(body) || util.isBlobLike(body)) {\n      this.body = body\n    } else {\n      throw new InvalidArgumentError('body must be a string, a Buffer, a Readable stream, an iterable, or an async iterable')\n    }\n\n    this.completed = false\n\n    this.aborted = false\n\n    this.upgrade = upgrade || null\n\n    this.path = query ? util.buildURL(path, query) : path\n\n    this.origin = origin\n\n    this.idempotent = idempotent == null\n      ? method === 'HEAD' || method === 'GET'\n      : idempotent\n\n    this.blocking = blocking == null ? false : blocking\n\n    this.reset = reset == null ? null : reset\n\n    this.host = null\n\n    this.contentLength = null\n\n    this.contentType = null\n\n    this.headers = ''\n\n    // Only for H2\n    this.expectContinue = expectContinue != null ? expectContinue : false\n\n    if (Array.isArray(headers)) {\n      if (headers.length % 2 !== 0) {\n        throw new InvalidArgumentError('headers array must be even')\n      }\n      for (let i = 0; i < headers.length; i += 2) {\n        processHeader(this, headers[i], headers[i + 1])\n      }\n    } else if (headers && typeof headers === 'object') {\n      const keys = Object.keys(headers)\n      for (let i = 0; i < keys.length; i++) {\n        const key = keys[i]\n        processHeader(this, key, headers[key])\n      }\n    } else if (headers != null) {\n      throw new InvalidArgumentError('headers must be an object or an array')\n    }\n\n    if (util.isFormDataLike(this.body)) {\n      if (util.nodeMajor < 16 || (util.nodeMajor === 16 && util.nodeMinor < 8)) {\n        throw new InvalidArgumentError('Form-Data bodies are only supported in node v16.8 and newer.')\n      }\n\n      if (!extractBody) {\n        extractBody = require('../fetch/body.js').extractBody\n      }\n\n      const [bodyStream, contentType] = extractBody(body)\n      if (this.contentType == null) {\n        this.contentType = contentType\n        this.headers += `content-type: ${contentType}\\r\\n`\n      }\n      this.body = bodyStream.stream\n      this.contentLength = bodyStream.length\n    } else if (util.isBlobLike(body) && this.contentType == null && body.type) {\n      this.contentType = body.type\n      this.headers += `content-type: ${body.type}\\r\\n`\n    }\n\n    util.validateHandler(handler, method, upgrade)\n\n    this.servername = util.getServerName(this.host)\n\n    this[kHandler] = handler\n\n    if (channels.create.hasSubscribers) {\n      channels.create.publish({ request: this })\n    }\n  }\n\n  onBodySent (chunk) {\n    if (this[kHandler].onBodySent) {\n      try {\n        return this[kHandler].onBodySent(chunk)\n      } catch (err) {\n        this.abort(err)\n      }\n    }\n  }\n\n  onRequestSent () {\n    if (channels.bodySent.hasSubscribers) {\n      channels.bodySent.publish({ request: this })\n    }\n\n    if (this[kHandler].onRequestSent) {\n      try {\n        return this[kHandler].onRequestSent()\n      } catch (err) {\n        this.abort(err)\n      }\n    }\n  }\n\n  onConnect (abort) {\n    assert(!this.aborted)\n    assert(!this.completed)\n\n    if (this.error) {\n      abort(this.error)\n    } else {\n      this.abort = abort\n      return this[kHandler].onConnect(abort)\n    }\n  }\n\n  onHeaders (statusCode, headers, resume, statusText) {\n    assert(!this.aborted)\n    assert(!this.completed)\n\n    if (channels.headers.hasSubscribers) {\n      channels.headers.publish({ request: this, response: { statusCode, headers, statusText } })\n    }\n\n    try {\n      return this[kHandler].onHeaders(statusCode, headers, resume, statusText)\n    } catch (err) {\n      this.abort(err)\n    }\n  }\n\n  onData (chunk) {\n    assert(!this.aborted)\n    assert(!this.completed)\n\n    try {\n      return this[kHandler].onData(chunk)\n    } catch (err) {\n      this.abort(err)\n      return false\n    }\n  }\n\n  onUpgrade (statusCode, headers, socket) {\n    assert(!this.aborted)\n    assert(!this.completed)\n\n    return this[kHandler].onUpgrade(statusCode, headers, socket)\n  }\n\n  onComplete (trailers) {\n    this.onFinally()\n\n    assert(!this.aborted)\n\n    this.completed = true\n    if (channels.trailers.hasSubscribers) {\n      channels.trailers.publish({ request: this, trailers })\n    }\n\n    try {\n      return this[kHandler].onComplete(trailers)\n    } catch (err) {\n      // TODO (fix): This might be a bad idea?\n      this.onError(err)\n    }\n  }\n\n  onError (error) {\n    this.onFinally()\n\n    if (channels.error.hasSubscribers) {\n      channels.error.publish({ request: this, error })\n    }\n\n    if (this.aborted) {\n      return\n    }\n    this.aborted = true\n\n    return this[kHandler].onError(error)\n  }\n\n  onFinally () {\n    if (this.errorHandler) {\n      this.body.off('error', this.errorHandler)\n      this.errorHandler = null\n    }\n\n    if (this.endHandler) {\n      this.body.off('end', this.endHandler)\n      this.endHandler = null\n    }\n  }\n\n  // TODO: adjust to support H2\n  addHeader (key, value) {\n    processHeader(this, key, value)\n    return this\n  }\n\n  static [kHTTP1BuildRequest] (origin, opts, handler) {\n    // TODO: Migrate header parsing here, to make Requests\n    // HTTP agnostic\n    return new Request(origin, opts, handler)\n  }\n\n  static [kHTTP2BuildRequest] (origin, opts, handler) {\n    const headers = opts.headers\n    opts = { ...opts, headers: null }\n\n    const request = new Request(origin, opts, handler)\n\n    request.headers = {}\n\n    if (Array.isArray(headers)) {\n      if (headers.length % 2 !== 0) {\n        throw new InvalidArgumentError('headers array must be even')\n      }\n      for (let i = 0; i < headers.length; i += 2) {\n        processHeader(request, headers[i], headers[i + 1], true)\n      }\n    } else if (headers && typeof headers === 'object') {\n      const keys = Object.keys(headers)\n      for (let i = 0; i < keys.length; i++) {\n        const key = keys[i]\n        processHeader(request, key, headers[key], true)\n      }\n    } else if (headers != null) {\n      throw new InvalidArgumentError('headers must be an object or an array')\n    }\n\n    return request\n  }\n\n  static [kHTTP2CopyHeaders] (raw) {\n    const rawHeaders = raw.split('\\r\\n')\n    const headers = {}\n\n    for (const header of rawHeaders) {\n      const [key, value] = header.split(': ')\n\n      if (value == null || value.length === 0) continue\n\n      if (headers[key]) headers[key] += `,${value}`\n      else headers[key] = value\n    }\n\n    return headers\n  }\n}\n\nfunction processHeaderValue (key, val, skipAppend) {\n  if (val && typeof val === 'object') {\n    throw new InvalidArgumentError(`invalid ${key} header`)\n  }\n\n  val = val != null ? `${val}` : ''\n\n  if (headerCharRegex.exec(val) !== null) {\n    throw new InvalidArgumentError(`invalid ${key} header`)\n  }\n\n  return skipAppend ? val : `${key}: ${val}\\r\\n`\n}\n\nfunction processHeader (request, key, val, skipAppend = false) {\n  if (val && (typeof val === 'object' && !Array.isArray(val))) {\n    throw new InvalidArgumentError(`invalid ${key} header`)\n  } else if (val === undefined) {\n    return\n  }\n\n  if (\n    request.host === null &&\n    key.length === 4 &&\n    key.toLowerCase() === 'host'\n  ) {\n    if (headerCharRegex.exec(val) !== null) {\n      throw new InvalidArgumentError(`invalid ${key} header`)\n    }\n    // Consumed by Client\n    request.host = val\n  } else if (\n    request.contentLength === null &&\n    key.length === 14 &&\n    key.toLowerCase() === 'content-length'\n  ) {\n    request.contentLength = parseInt(val, 10)\n    if (!Number.isFinite(request.contentLength)) {\n      throw new InvalidArgumentError('invalid content-length header')\n    }\n  } else if (\n    request.contentType === null &&\n    key.length === 12 &&\n    key.toLowerCase() === 'content-type'\n  ) {\n    request.contentType = val\n    if (skipAppend) request.headers[key] = processHeaderValue(key, val, skipAppend)\n    else request.headers += processHeaderValue(key, val)\n  } else if (\n    key.length === 17 &&\n    key.toLowerCase() === 'transfer-encoding'\n  ) {\n    throw new InvalidArgumentError('invalid transfer-encoding header')\n  } else if (\n    key.length === 10 &&\n    key.toLowerCase() === 'connection'\n  ) {\n    const value = typeof val === 'string' ? val.toLowerCase() : null\n    if (value !== 'close' && value !== 'keep-alive') {\n      throw new InvalidArgumentError('invalid connection header')\n    } else if (value === 'close') {\n      request.reset = true\n    }\n  } else if (\n    key.length === 10 &&\n    key.toLowerCase() === 'keep-alive'\n  ) {\n    throw new InvalidArgumentError('invalid keep-alive header')\n  } else if (\n    key.length === 7 &&\n    key.toLowerCase() === 'upgrade'\n  ) {\n    throw new InvalidArgumentError('invalid upgrade header')\n  } else if (\n    key.length === 6 &&\n    key.toLowerCase() === 'expect'\n  ) {\n    throw new NotSupportedError('expect header not supported')\n  } else if (tokenRegExp.exec(key) === null) {\n    throw new InvalidArgumentError('invalid header key')\n  } else {\n    if (Array.isArray(val)) {\n      for (let i = 0; i < val.length; i++) {\n        if (skipAppend) {\n          if (request.headers[key]) request.headers[key] += `,${processHeaderValue(key, val[i], skipAppend)}`\n          else request.headers[key] = processHeaderValue(key, val[i], skipAppend)\n        } else {\n          request.headers += processHeaderValue(key, val[i])\n        }\n      }\n    } else {\n      if (skipAppend) request.headers[key] = processHeaderValue(key, val, skipAppend)\n      else request.headers += processHeaderValue(key, val)\n    }\n  }\n}\n\nmodule.exports = Request\n","module.exports = {\n  kClose: Symbol('close'),\n  kDestroy: Symbol('destroy'),\n  kDispatch: Symbol('dispatch'),\n  kUrl: Symbol('url'),\n  kWriting: Symbol('writing'),\n  kResuming: Symbol('resuming'),\n  kQueue: Symbol('queue'),\n  kConnect: Symbol('connect'),\n  kConnecting: Symbol('connecting'),\n  kHeadersList: Symbol('headers list'),\n  kKeepAliveDefaultTimeout: Symbol('default keep alive timeout'),\n  kKeepAliveMaxTimeout: Symbol('max keep alive timeout'),\n  kKeepAliveTimeoutThreshold: Symbol('keep alive timeout threshold'),\n  kKeepAliveTimeoutValue: Symbol('keep alive timeout'),\n  kKeepAlive: Symbol('keep alive'),\n  kHeadersTimeout: Symbol('headers timeout'),\n  kBodyTimeout: Symbol('body timeout'),\n  kServerName: Symbol('server name'),\n  kLocalAddress: Symbol('local address'),\n  kHost: Symbol('host'),\n  kNoRef: Symbol('no ref'),\n  kBodyUsed: Symbol('used'),\n  kRunning: Symbol('running'),\n  kBlocking: Symbol('blocking'),\n  kPending: Symbol('pending'),\n  kSize: Symbol('size'),\n  kBusy: Symbol('busy'),\n  kQueued: Symbol('queued'),\n  kFree: Symbol('free'),\n  kConnected: Symbol('connected'),\n  kClosed: Symbol('closed'),\n  kNeedDrain: Symbol('need drain'),\n  kReset: Symbol('reset'),\n  kDestroyed: Symbol.for('nodejs.stream.destroyed'),\n  kMaxHeadersSize: Symbol('max headers size'),\n  kRunningIdx: Symbol('running index'),\n  kPendingIdx: Symbol('pending index'),\n  kError: Symbol('error'),\n  kClients: Symbol('clients'),\n  kClient: Symbol('client'),\n  kParser: Symbol('parser'),\n  kOnDestroyed: Symbol('destroy callbacks'),\n  kPipelining: Symbol('pipelining'),\n  kSocket: Symbol('socket'),\n  kHostHeader: Symbol('host header'),\n  kConnector: Symbol('connector'),\n  kStrictContentLength: Symbol('strict content length'),\n  kMaxRedirections: Symbol('maxRedirections'),\n  kMaxRequests: Symbol('maxRequestsPerClient'),\n  kProxy: Symbol('proxy agent options'),\n  kCounter: Symbol('socket request counter'),\n  kInterceptors: Symbol('dispatch interceptors'),\n  kMaxResponseSize: Symbol('max response size'),\n  kHTTP2Session: Symbol('http2Session'),\n  kHTTP2SessionState: Symbol('http2Session state'),\n  kHTTP2BuildRequest: Symbol('http2 build request'),\n  kHTTP1BuildRequest: Symbol('http1 build request'),\n  kHTTP2CopyHeaders: Symbol('http2 copy headers'),\n  kHTTPConnVersion: Symbol('http connection version'),\n  kRetryHandlerDefaultRetry: Symbol('retry agent default retry'),\n  kConstruct: Symbol('constructable')\n}\n","'use strict'\n\nconst assert = require('assert')\nconst { kDestroyed, kBodyUsed } = require('./symbols')\nconst { IncomingMessage } = require('http')\nconst stream = require('stream')\nconst net = require('net')\nconst { InvalidArgumentError } = require('./errors')\nconst { Blob } = require('buffer')\nconst nodeUtil = require('util')\nconst { stringify } = require('querystring')\nconst { headerNameLowerCasedRecord } = require('./constants')\n\nconst [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))\n\nfunction nop () {}\n\nfunction isStream (obj) {\n  return obj && typeof obj === 'object' && typeof obj.pipe === 'function' && typeof obj.on === 'function'\n}\n\n// based on https://github.com/node-fetch/fetch-blob/blob/8ab587d34080de94140b54f07168451e7d0b655e/index.js#L229-L241 (MIT License)\nfunction isBlobLike (object) {\n  return (Blob && object instanceof Blob) || (\n    object &&\n    typeof object === 'object' &&\n    (typeof object.stream === 'function' ||\n      typeof object.arrayBuffer === 'function') &&\n    /^(Blob|File)$/.test(object[Symbol.toStringTag])\n  )\n}\n\nfunction buildURL (url, queryParams) {\n  if (url.includes('?') || url.includes('#')) {\n    throw new Error('Query params cannot be passed when url already contains \"?\" or \"#\".')\n  }\n\n  const stringified = stringify(queryParams)\n\n  if (stringified) {\n    url += '?' + stringified\n  }\n\n  return url\n}\n\nfunction parseURL (url) {\n  if (typeof url === 'string') {\n    url = new URL(url)\n\n    if (!/^https?:/.test(url.origin || url.protocol)) {\n      throw new InvalidArgumentError('Invalid URL protocol: the URL must start with `http:` or `https:`.')\n    }\n\n    return url\n  }\n\n  if (!url || typeof url !== 'object') {\n    throw new InvalidArgumentError('Invalid URL: The URL argument must be a non-null object.')\n  }\n\n  if (!/^https?:/.test(url.origin || url.protocol)) {\n    throw new InvalidArgumentError('Invalid URL protocol: the URL must start with `http:` or `https:`.')\n  }\n\n  if (!(url instanceof URL)) {\n    if (url.port != null && url.port !== '' && !Number.isFinite(parseInt(url.port))) {\n      throw new InvalidArgumentError('Invalid URL: port must be a valid integer or a string representation of an integer.')\n    }\n\n    if (url.path != null && typeof url.path !== 'string') {\n      throw new InvalidArgumentError('Invalid URL path: the path must be a string or null/undefined.')\n    }\n\n    if (url.pathname != null && typeof url.pathname !== 'string') {\n      throw new InvalidArgumentError('Invalid URL pathname: the pathname must be a string or null/undefined.')\n    }\n\n    if (url.hostname != null && typeof url.hostname !== 'string') {\n      throw new InvalidArgumentError('Invalid URL hostname: the hostname must be a string or null/undefined.')\n    }\n\n    if (url.origin != null && typeof url.origin !== 'string') {\n      throw new InvalidArgumentError('Invalid URL origin: the origin must be a string or null/undefined.')\n    }\n\n    const port = url.port != null\n      ? url.port\n      : (url.protocol === 'https:' ? 443 : 80)\n    let origin = url.origin != null\n      ? url.origin\n      : `${url.protocol}//${url.hostname}:${port}`\n    let path = url.path != null\n      ? url.path\n      : `${url.pathname || ''}${url.search || ''}`\n\n    if (origin.endsWith('/')) {\n      origin = origin.substring(0, origin.length - 1)\n    }\n\n    if (path && !path.startsWith('/')) {\n      path = `/${path}`\n    }\n    // new URL(path, origin) is unsafe when `path` contains an absolute URL\n    // From https://developer.mozilla.org/en-US/docs/Web/API/URL/URL:\n    // If first parameter is a relative URL, second param is required, and will be used as the base URL.\n    // If first parameter is an absolute URL, a given second param will be ignored.\n    url = new URL(origin + path)\n  }\n\n  return url\n}\n\nfunction parseOrigin (url) {\n  url = parseURL(url)\n\n  if (url.pathname !== '/' || url.search || url.hash) {\n    throw new InvalidArgumentError('invalid url')\n  }\n\n  return url\n}\n\nfunction getHostname (host) {\n  if (host[0] === '[') {\n    const idx = host.indexOf(']')\n\n    assert(idx !== -1)\n    return host.substring(1, idx)\n  }\n\n  const idx = host.indexOf(':')\n  if (idx === -1) return host\n\n  return host.substring(0, idx)\n}\n\n// IP addresses are not valid server names per RFC6066\n// > Currently, the only server names supported are DNS hostnames\nfunction getServerName (host) {\n  if (!host) {\n    return null\n  }\n\n  assert.strictEqual(typeof host, 'string')\n\n  const servername = getHostname(host)\n  if (net.isIP(servername)) {\n    return ''\n  }\n\n  return servername\n}\n\nfunction deepClone (obj) {\n  return JSON.parse(JSON.stringify(obj))\n}\n\nfunction isAsyncIterable (obj) {\n  return !!(obj != null && typeof obj[Symbol.asyncIterator] === 'function')\n}\n\nfunction isIterable (obj) {\n  return !!(obj != null && (typeof obj[Symbol.iterator] === 'function' || typeof obj[Symbol.asyncIterator] === 'function'))\n}\n\nfunction bodyLength (body) {\n  if (body == null) {\n    return 0\n  } else if (isStream(body)) {\n    const state = body._readableState\n    return state && state.objectMode === false && state.ended === true && Number.isFinite(state.length)\n      ? state.length\n      : null\n  } else if (isBlobLike(body)) {\n    return body.size != null ? body.size : null\n  } else if (isBuffer(body)) {\n    return body.byteLength\n  }\n\n  return null\n}\n\nfunction isDestroyed (stream) {\n  return !stream || !!(stream.destroyed || stream[kDestroyed])\n}\n\nfunction isReadableAborted (stream) {\n  const state = stream && stream._readableState\n  return isDestroyed(stream) && state && !state.endEmitted\n}\n\nfunction destroy (stream, err) {\n  if (stream == null || !isStream(stream) || isDestroyed(stream)) {\n    return\n  }\n\n  if (typeof stream.destroy === 'function') {\n    if (Object.getPrototypeOf(stream).constructor === IncomingMessage) {\n      // See: https://github.com/nodejs/node/pull/38505/files\n      stream.socket = null\n    }\n\n    stream.destroy(err)\n  } else if (err) {\n    process.nextTick((stream, err) => {\n      stream.emit('error', err)\n    }, stream, err)\n  }\n\n  if (stream.destroyed !== true) {\n    stream[kDestroyed] = true\n  }\n}\n\nconst KEEPALIVE_TIMEOUT_EXPR = /timeout=(\\d+)/\nfunction parseKeepAliveTimeout (val) {\n  const m = val.toString().match(KEEPALIVE_TIMEOUT_EXPR)\n  return m ? parseInt(m[1], 10) * 1000 : null\n}\n\n/**\n * Retrieves a header name and returns its lowercase value.\n * @param {string | Buffer} value Header name\n * @returns {string}\n */\nfunction headerNameToString (value) {\n  return headerNameLowerCasedRecord[value] || value.toLowerCase()\n}\n\nfunction parseHeaders (headers, obj = {}) {\n  // For H2 support\n  if (!Array.isArray(headers)) return headers\n\n  for (let i = 0; i < headers.length; i += 2) {\n    const key = headers[i].toString().toLowerCase()\n    let val = obj[key]\n\n    if (!val) {\n      if (Array.isArray(headers[i + 1])) {\n        obj[key] = headers[i + 1].map(x => x.toString('utf8'))\n      } else {\n        obj[key] = headers[i + 1].toString('utf8')\n      }\n    } else {\n      if (!Array.isArray(val)) {\n        val = [val]\n        obj[key] = val\n      }\n      val.push(headers[i + 1].toString('utf8'))\n    }\n  }\n\n  // See https://github.com/nodejs/node/pull/46528\n  if ('content-length' in obj && 'content-disposition' in obj) {\n    obj['content-disposition'] = Buffer.from(obj['content-disposition']).toString('latin1')\n  }\n\n  return obj\n}\n\nfunction parseRawHeaders (headers) {\n  const ret = []\n  let hasContentLength = false\n  let contentDispositionIdx = -1\n\n  for (let n = 0; n < headers.length; n += 2) {\n    const key = headers[n + 0].toString()\n    const val = headers[n + 1].toString('utf8')\n\n    if (key.length === 14 && (key === 'content-length' || key.toLowerCase() === 'content-length')) {\n      ret.push(key, val)\n      hasContentLength = true\n    } else if (key.length === 19 && (key === 'content-disposition' || key.toLowerCase() === 'content-disposition')) {\n      contentDispositionIdx = ret.push(key, val) - 1\n    } else {\n      ret.push(key, val)\n    }\n  }\n\n  // See https://github.com/nodejs/node/pull/46528\n  if (hasContentLength && contentDispositionIdx !== -1) {\n    ret[contentDispositionIdx] = Buffer.from(ret[contentDispositionIdx]).toString('latin1')\n  }\n\n  return ret\n}\n\nfunction isBuffer (buffer) {\n  // See, https://github.com/mcollina/undici/pull/319\n  return buffer instanceof Uint8Array || Buffer.isBuffer(buffer)\n}\n\nfunction validateHandler (handler, method, upgrade) {\n  if (!handler || typeof handler !== 'object') {\n    throw new InvalidArgumentError('handler must be an object')\n  }\n\n  if (typeof handler.onConnect !== 'function') {\n    throw new InvalidArgumentError('invalid onConnect method')\n  }\n\n  if (typeof handler.onError !== 'function') {\n    throw new InvalidArgumentError('invalid onError method')\n  }\n\n  if (typeof handler.onBodySent !== 'function' && handler.onBodySent !== undefined) {\n    throw new InvalidArgumentError('invalid onBodySent method')\n  }\n\n  if (upgrade || method === 'CONNECT') {\n    if (typeof handler.onUpgrade !== 'function') {\n      throw new InvalidArgumentError('invalid onUpgrade method')\n    }\n  } else {\n    if (typeof handler.onHeaders !== 'function') {\n      throw new InvalidArgumentError('invalid onHeaders method')\n    }\n\n    if (typeof handler.onData !== 'function') {\n      throw new InvalidArgumentError('invalid onData method')\n    }\n\n    if (typeof handler.onComplete !== 'function') {\n      throw new InvalidArgumentError('invalid onComplete method')\n    }\n  }\n}\n\n// A body is disturbed if it has been read from and it cannot\n// be re-used without losing state or data.\nfunction isDisturbed (body) {\n  return !!(body && (\n    stream.isDisturbed\n      ? stream.isDisturbed(body) || body[kBodyUsed] // TODO (fix): Why is body[kBodyUsed] needed?\n      : body[kBodyUsed] ||\n        body.readableDidRead ||\n        (body._readableState && body._readableState.dataEmitted) ||\n        isReadableAborted(body)\n  ))\n}\n\nfunction isErrored (body) {\n  return !!(body && (\n    stream.isErrored\n      ? stream.isErrored(body)\n      : /state: 'errored'/.test(nodeUtil.inspect(body)\n      )))\n}\n\nfunction isReadable (body) {\n  return !!(body && (\n    stream.isReadable\n      ? stream.isReadable(body)\n      : /state: 'readable'/.test(nodeUtil.inspect(body)\n      )))\n}\n\nfunction getSocketInfo (socket) {\n  return {\n    localAddress: socket.localAddress,\n    localPort: socket.localPort,\n    remoteAddress: socket.remoteAddress,\n    remotePort: socket.remotePort,\n    remoteFamily: socket.remoteFamily,\n    timeout: socket.timeout,\n    bytesWritten: socket.bytesWritten,\n    bytesRead: socket.bytesRead\n  }\n}\n\nasync function * convertIterableToBuffer (iterable) {\n  for await (const chunk of iterable) {\n    yield Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)\n  }\n}\n\nlet ReadableStream\nfunction ReadableStreamFrom (iterable) {\n  if (!ReadableStream) {\n    ReadableStream = require('stream/web').ReadableStream\n  }\n\n  if (ReadableStream.from) {\n    return ReadableStream.from(convertIterableToBuffer(iterable))\n  }\n\n  let iterator\n  return new ReadableStream(\n    {\n      async start () {\n        iterator = iterable[Symbol.asyncIterator]()\n      },\n      async pull (controller) {\n        const { done, value } = await iterator.next()\n        if (done) {\n          queueMicrotask(() => {\n            controller.close()\n          })\n        } else {\n          const buf = Buffer.isBuffer(value) ? value : Buffer.from(value)\n          controller.enqueue(new Uint8Array(buf))\n        }\n        return controller.desiredSize > 0\n      },\n      async cancel (reason) {\n        await iterator.return()\n      }\n    },\n    0\n  )\n}\n\n// The chunk should be a FormData instance and contains\n// all the required methods.\nfunction isFormDataLike (object) {\n  return (\n    object &&\n    typeof object === 'object' &&\n    typeof object.append === 'function' &&\n    typeof object.delete === 'function' &&\n    typeof object.get === 'function' &&\n    typeof object.getAll === 'function' &&\n    typeof object.has === 'function' &&\n    typeof object.set === 'function' &&\n    object[Symbol.toStringTag] === 'FormData'\n  )\n}\n\nfunction throwIfAborted (signal) {\n  if (!signal) { return }\n  if (typeof signal.throwIfAborted === 'function') {\n    signal.throwIfAborted()\n  } else {\n    if (signal.aborted) {\n      // DOMException not available < v17.0.0\n      const err = new Error('The operation was aborted')\n      err.name = 'AbortError'\n      throw err\n    }\n  }\n}\n\nfunction addAbortListener (signal, listener) {\n  if ('addEventListener' in signal) {\n    signal.addEventListener('abort', listener, { once: true })\n    return () => signal.removeEventListener('abort', listener)\n  }\n  signal.addListener('abort', listener)\n  return () => signal.removeListener('abort', listener)\n}\n\nconst hasToWellFormed = !!String.prototype.toWellFormed\n\n/**\n * @param {string} val\n */\nfunction toUSVString (val) {\n  if (hasToWellFormed) {\n    return `${val}`.toWellFormed()\n  } else if (nodeUtil.toUSVString) {\n    return nodeUtil.toUSVString(val)\n  }\n\n  return `${val}`\n}\n\n// Parsed accordingly to RFC 9110\n// https://www.rfc-editor.org/rfc/rfc9110#field.content-range\nfunction parseRangeHeader (range) {\n  if (range == null || range === '') return { start: 0, end: null, size: null }\n\n  const m = range ? range.match(/^bytes (\\d+)-(\\d+)\\/(\\d+)?$/) : null\n  return m\n    ? {\n        start: parseInt(m[1]),\n        end: m[2] ? parseInt(m[2]) : null,\n        size: m[3] ? parseInt(m[3]) : null\n      }\n    : null\n}\n\nconst kEnumerableProperty = Object.create(null)\nkEnumerableProperty.enumerable = true\n\nmodule.exports = {\n  kEnumerableProperty,\n  nop,\n  isDisturbed,\n  isErrored,\n  isReadable,\n  toUSVString,\n  isReadableAborted,\n  isBlobLike,\n  parseOrigin,\n  parseURL,\n  getServerName,\n  isStream,\n  isIterable,\n  isAsyncIterable,\n  isDestroyed,\n  headerNameToString,\n  parseRawHeaders,\n  parseHeaders,\n  parseKeepAliveTimeout,\n  destroy,\n  bodyLength,\n  deepClone,\n  ReadableStreamFrom,\n  isBuffer,\n  validateHandler,\n  getSocketInfo,\n  isFormDataLike,\n  buildURL,\n  throwIfAborted,\n  addAbortListener,\n  parseRangeHeader,\n  nodeMajor,\n  nodeMinor,\n  nodeHasAutoSelectFamily: nodeMajor > 18 || (nodeMajor === 18 && nodeMinor >= 13),\n  safeHTTPMethods: ['GET', 'HEAD', 'OPTIONS', 'TRACE']\n}\n","'use strict'\n\nconst Dispatcher = require('./dispatcher')\nconst {\n  ClientDestroyedError,\n  ClientClosedError,\n  InvalidArgumentError\n} = require('./core/errors')\nconst { kDestroy, kClose, kDispatch, kInterceptors } = require('./core/symbols')\n\nconst kDestroyed = Symbol('destroyed')\nconst kClosed = Symbol('closed')\nconst kOnDestroyed = Symbol('onDestroyed')\nconst kOnClosed = Symbol('onClosed')\nconst kInterceptedDispatch = Symbol('Intercepted Dispatch')\n\nclass DispatcherBase extends Dispatcher {\n  constructor () {\n    super()\n\n    this[kDestroyed] = false\n    this[kOnDestroyed] = null\n    this[kClosed] = false\n    this[kOnClosed] = []\n  }\n\n  get destroyed () {\n    return this[kDestroyed]\n  }\n\n  get closed () {\n    return this[kClosed]\n  }\n\n  get interceptors () {\n    return this[kInterceptors]\n  }\n\n  set interceptors (newInterceptors) {\n    if (newInterceptors) {\n      for (let i = newInterceptors.length - 1; i >= 0; i--) {\n        const interceptor = this[kInterceptors][i]\n        if (typeof interceptor !== 'function') {\n          throw new InvalidArgumentError('interceptor must be an function')\n        }\n      }\n    }\n\n    this[kInterceptors] = newInterceptors\n  }\n\n  close (callback) {\n    if (callback === undefined) {\n      return new Promise((resolve, reject) => {\n        this.close((err, data) => {\n          return err ? reject(err) : resolve(data)\n        })\n      })\n    }\n\n    if (typeof callback !== 'function') {\n      throw new InvalidArgumentError('invalid callback')\n    }\n\n    if (this[kDestroyed]) {\n      queueMicrotask(() => callback(new ClientDestroyedError(), null))\n      return\n    }\n\n    if (this[kClosed]) {\n      if (this[kOnClosed]) {\n        this[kOnClosed].push(callback)\n      } else {\n        queueMicrotask(() => callback(null, null))\n      }\n      return\n    }\n\n    this[kClosed] = true\n    this[kOnClosed].push(callback)\n\n    const onClosed = () => {\n      const callbacks = this[kOnClosed]\n      this[kOnClosed] = null\n      for (let i = 0; i < callbacks.length; i++) {\n        callbacks[i](null, null)\n      }\n    }\n\n    // Should not error.\n    this[kClose]()\n      .then(() => this.destroy())\n      .then(() => {\n        queueMicrotask(onClosed)\n      })\n  }\n\n  destroy (err, callback) {\n    if (typeof err === 'function') {\n      callback = err\n      err = null\n    }\n\n    if (callback === undefined) {\n      return new Promise((resolve, reject) => {\n        this.destroy(err, (err, data) => {\n          return err ? /* istanbul ignore next: should never error */ reject(err) : resolve(data)\n        })\n      })\n    }\n\n    if (typeof callback !== 'function') {\n      throw new InvalidArgumentError('invalid callback')\n    }\n\n    if (this[kDestroyed]) {\n      if (this[kOnDestroyed]) {\n        this[kOnDestroyed].push(callback)\n      } else {\n        queueMicrotask(() => callback(null, null))\n      }\n      return\n    }\n\n    if (!err) {\n      err = new ClientDestroyedError()\n    }\n\n    this[kDestroyed] = true\n    this[kOnDestroyed] = this[kOnDestroyed] || []\n    this[kOnDestroyed].push(callback)\n\n    const onDestroyed = () => {\n      const callbacks = this[kOnDestroyed]\n      this[kOnDestroyed] = null\n      for (let i = 0; i < callbacks.length; i++) {\n        callbacks[i](null, null)\n      }\n    }\n\n    // Should not error.\n    this[kDestroy](err).then(() => {\n      queueMicrotask(onDestroyed)\n    })\n  }\n\n  [kInterceptedDispatch] (opts, handler) {\n    if (!this[kInterceptors] || this[kInterceptors].length === 0) {\n      this[kInterceptedDispatch] = this[kDispatch]\n      return this[kDispatch](opts, handler)\n    }\n\n    let dispatch = this[kDispatch].bind(this)\n    for (let i = this[kInterceptors].length - 1; i >= 0; i--) {\n      dispatch = this[kInterceptors][i](dispatch)\n    }\n    this[kInterceptedDispatch] = dispatch\n    return dispatch(opts, handler)\n  }\n\n  dispatch (opts, handler) {\n    if (!handler || typeof handler !== 'object') {\n      throw new InvalidArgumentError('handler must be an object')\n    }\n\n    try {\n      if (!opts || typeof opts !== 'object') {\n        throw new InvalidArgumentError('opts must be an object.')\n      }\n\n      if (this[kDestroyed] || this[kOnDestroyed]) {\n        throw new ClientDestroyedError()\n      }\n\n      if (this[kClosed]) {\n        throw new ClientClosedError()\n      }\n\n      return this[kInterceptedDispatch](opts, handler)\n    } catch (err) {\n      if (typeof handler.onError !== 'function') {\n        throw new InvalidArgumentError('invalid onError method')\n      }\n\n      handler.onError(err)\n\n      return false\n    }\n  }\n}\n\nmodule.exports = DispatcherBase\n","'use strict'\n\nconst EventEmitter = require('events')\n\nclass Dispatcher extends EventEmitter {\n  dispatch () {\n    throw new Error('not implemented')\n  }\n\n  close () {\n    throw new Error('not implemented')\n  }\n\n  destroy () {\n    throw new Error('not implemented')\n  }\n}\n\nmodule.exports = Dispatcher\n","'use strict'\n\nconst Busboy = require('@fastify/busboy')\nconst util = require('../core/util')\nconst {\n  ReadableStreamFrom,\n  isBlobLike,\n  isReadableStreamLike,\n  readableStreamClose,\n  createDeferredPromise,\n  fullyReadBody\n} = require('./util')\nconst { FormData } = require('./formdata')\nconst { kState } = require('./symbols')\nconst { webidl } = require('./webidl')\nconst { DOMException, structuredClone } = require('./constants')\nconst { Blob, File: NativeFile } = require('buffer')\nconst { kBodyUsed } = require('../core/symbols')\nconst assert = require('assert')\nconst { isErrored } = require('../core/util')\nconst { isUint8Array, isArrayBuffer } = require('util/types')\nconst { File: UndiciFile } = require('./file')\nconst { parseMIMEType, serializeAMimeType } = require('./dataURL')\n\nlet random\ntry {\n  const crypto = require('node:crypto')\n  random = (max) => crypto.randomInt(0, max)\n} catch {\n  random = (max) => Math.floor(Math.random(max))\n}\n\nlet ReadableStream = globalThis.ReadableStream\n\n/** @type {globalThis['File']} */\nconst File = NativeFile ?? UndiciFile\nconst textEncoder = new TextEncoder()\nconst textDecoder = new TextDecoder()\n\n// https://fetch.spec.whatwg.org/#concept-bodyinit-extract\nfunction extractBody (object, keepalive = false) {\n  if (!ReadableStream) {\n    ReadableStream = require('stream/web').ReadableStream\n  }\n\n  // 1. Let stream be null.\n  let stream = null\n\n  // 2. If object is a ReadableStream object, then set stream to object.\n  if (object instanceof ReadableStream) {\n    stream = object\n  } else if (isBlobLike(object)) {\n    // 3. Otherwise, if object is a Blob object, set stream to the\n    //    result of running object’s get stream.\n    stream = object.stream()\n  } else {\n    // 4. Otherwise, set stream to a new ReadableStream object, and set\n    //    up stream.\n    stream = new ReadableStream({\n      async pull (controller) {\n        controller.enqueue(\n          typeof source === 'string' ? textEncoder.encode(source) : source\n        )\n        queueMicrotask(() => readableStreamClose(controller))\n      },\n      start () {},\n      type: undefined\n    })\n  }\n\n  // 5. Assert: stream is a ReadableStream object.\n  assert(isReadableStreamLike(stream))\n\n  // 6. Let action be null.\n  let action = null\n\n  // 7. Let source be null.\n  let source = null\n\n  // 8. Let length be null.\n  let length = null\n\n  // 9. Let type be null.\n  let type = null\n\n  // 10. Switch on object:\n  if (typeof object === 'string') {\n    // Set source to the UTF-8 encoding of object.\n    // Note: setting source to a Uint8Array here breaks some mocking assumptions.\n    source = object\n\n    // Set type to `text/plain;charset=UTF-8`.\n    type = 'text/plain;charset=UTF-8'\n  } else if (object instanceof URLSearchParams) {\n    // URLSearchParams\n\n    // spec says to run application/x-www-form-urlencoded on body.list\n    // this is implemented in Node.js as apart of an URLSearchParams instance toString method\n    // See: https://github.com/nodejs/node/blob/e46c680bf2b211bbd52cf959ca17ee98c7f657f5/lib/internal/url.js#L490\n    // and https://github.com/nodejs/node/blob/e46c680bf2b211bbd52cf959ca17ee98c7f657f5/lib/internal/url.js#L1100\n\n    // Set source to the result of running the application/x-www-form-urlencoded serializer with object’s list.\n    source = object.toString()\n\n    // Set type to `application/x-www-form-urlencoded;charset=UTF-8`.\n    type = 'application/x-www-form-urlencoded;charset=UTF-8'\n  } else if (isArrayBuffer(object)) {\n    // BufferSource/ArrayBuffer\n\n    // Set source to a copy of the bytes held by object.\n    source = new Uint8Array(object.slice())\n  } else if (ArrayBuffer.isView(object)) {\n    // BufferSource/ArrayBufferView\n\n    // Set source to a copy of the bytes held by object.\n    source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength))\n  } else if (util.isFormDataLike(object)) {\n    const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}`\n    const prefix = `--${boundary}\\r\\nContent-Disposition: form-data`\n\n    /*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */\n    const escape = (str) =>\n      str.replace(/\\n/g, '%0A').replace(/\\r/g, '%0D').replace(/\"/g, '%22')\n    const normalizeLinefeeds = (value) => value.replace(/\\r?\\n|\\r/g, '\\r\\n')\n\n    // Set action to this step: run the multipart/form-data\n    // encoding algorithm, with object’s entry list and UTF-8.\n    // - This ensures that the body is immutable and can't be changed afterwords\n    // - That the content-length is calculated in advance.\n    // - And that all parts are pre-encoded and ready to be sent.\n\n    const blobParts = []\n    const rn = new Uint8Array([13, 10]) // '\\r\\n'\n    length = 0\n    let hasUnknownSizeValue = false\n\n    for (const [name, value] of object) {\n      if (typeof value === 'string') {\n        const chunk = textEncoder.encode(prefix +\n          `; name=\"${escape(normalizeLinefeeds(name))}\"` +\n          `\\r\\n\\r\\n${normalizeLinefeeds(value)}\\r\\n`)\n        blobParts.push(chunk)\n        length += chunk.byteLength\n      } else {\n        const chunk = textEncoder.encode(`${prefix}; name=\"${escape(normalizeLinefeeds(name))}\"` +\n          (value.name ? `; filename=\"${escape(value.name)}\"` : '') + '\\r\\n' +\n          `Content-Type: ${\n            value.type || 'application/octet-stream'\n          }\\r\\n\\r\\n`)\n        blobParts.push(chunk, value, rn)\n        if (typeof value.size === 'number') {\n          length += chunk.byteLength + value.size + rn.byteLength\n        } else {\n          hasUnknownSizeValue = true\n        }\n      }\n    }\n\n    const chunk = textEncoder.encode(`--${boundary}--`)\n    blobParts.push(chunk)\n    length += chunk.byteLength\n    if (hasUnknownSizeValue) {\n      length = null\n    }\n\n    // Set source to object.\n    source = object\n\n    action = async function * () {\n      for (const part of blobParts) {\n        if (part.stream) {\n          yield * part.stream()\n        } else {\n          yield part\n        }\n      }\n    }\n\n    // Set type to `multipart/form-data; boundary=`,\n    // followed by the multipart/form-data boundary string generated\n    // by the multipart/form-data encoding algorithm.\n    type = 'multipart/form-data; boundary=' + boundary\n  } else if (isBlobLike(object)) {\n    // Blob\n\n    // Set source to object.\n    source = object\n\n    // Set length to object’s size.\n    length = object.size\n\n    // If object’s type attribute is not the empty byte sequence, set\n    // type to its value.\n    if (object.type) {\n      type = object.type\n    }\n  } else if (typeof object[Symbol.asyncIterator] === 'function') {\n    // If keepalive is true, then throw a TypeError.\n    if (keepalive) {\n      throw new TypeError('keepalive')\n    }\n\n    // If object is disturbed or locked, then throw a TypeError.\n    if (util.isDisturbed(object) || object.locked) {\n      throw new TypeError(\n        'Response body object should not be disturbed or locked'\n      )\n    }\n\n    stream =\n      object instanceof ReadableStream ? object : ReadableStreamFrom(object)\n  }\n\n  // 11. If source is a byte sequence, then set action to a\n  // step that returns source and length to source’s length.\n  if (typeof source === 'string' || util.isBuffer(source)) {\n    length = Buffer.byteLength(source)\n  }\n\n  // 12. If action is non-null, then run these steps in in parallel:\n  if (action != null) {\n    // Run action.\n    let iterator\n    stream = new ReadableStream({\n      async start () {\n        iterator = action(object)[Symbol.asyncIterator]()\n      },\n      async pull (controller) {\n        const { value, done } = await iterator.next()\n        if (done) {\n          // When running action is done, close stream.\n          queueMicrotask(() => {\n            controller.close()\n          })\n        } else {\n          // Whenever one or more bytes are available and stream is not errored,\n          // enqueue a Uint8Array wrapping an ArrayBuffer containing the available\n          // bytes into stream.\n          if (!isErrored(stream)) {\n            controller.enqueue(new Uint8Array(value))\n          }\n        }\n        return controller.desiredSize > 0\n      },\n      async cancel (reason) {\n        await iterator.return()\n      },\n      type: undefined\n    })\n  }\n\n  // 13. Let body be a body whose stream is stream, source is source,\n  // and length is length.\n  const body = { stream, source, length }\n\n  // 14. Return (body, type).\n  return [body, type]\n}\n\n// https://fetch.spec.whatwg.org/#bodyinit-safely-extract\nfunction safelyExtractBody (object, keepalive = false) {\n  if (!ReadableStream) {\n    // istanbul ignore next\n    ReadableStream = require('stream/web').ReadableStream\n  }\n\n  // To safely extract a body and a `Content-Type` value from\n  // a byte sequence or BodyInit object object, run these steps:\n\n  // 1. If object is a ReadableStream object, then:\n  if (object instanceof ReadableStream) {\n    // Assert: object is neither disturbed nor locked.\n    // istanbul ignore next\n    assert(!util.isDisturbed(object), 'The body has already been consumed.')\n    // istanbul ignore next\n    assert(!object.locked, 'The stream is locked.')\n  }\n\n  // 2. Return the results of extracting object.\n  return extractBody(object, keepalive)\n}\n\nfunction cloneBody (body) {\n  // To clone a body body, run these steps:\n\n  // https://fetch.spec.whatwg.org/#concept-body-clone\n\n  // 1. Let « out1, out2 » be the result of teeing body’s stream.\n  const [out1, out2] = body.stream.tee()\n  const out2Clone = structuredClone(out2, { transfer: [out2] })\n  // This, for whatever reasons, unrefs out2Clone which allows\n  // the process to exit by itself.\n  const [, finalClone] = out2Clone.tee()\n\n  // 2. Set body’s stream to out1.\n  body.stream = out1\n\n  // 3. Return a body whose stream is out2 and other members are copied from body.\n  return {\n    stream: finalClone,\n    length: body.length,\n    source: body.source\n  }\n}\n\nasync function * consumeBody (body) {\n  if (body) {\n    if (isUint8Array(body)) {\n      yield body\n    } else {\n      const stream = body.stream\n\n      if (util.isDisturbed(stream)) {\n        throw new TypeError('The body has already been consumed.')\n      }\n\n      if (stream.locked) {\n        throw new TypeError('The stream is locked.')\n      }\n\n      // Compat.\n      stream[kBodyUsed] = true\n\n      yield * stream\n    }\n  }\n}\n\nfunction throwIfAborted (state) {\n  if (state.aborted) {\n    throw new DOMException('The operation was aborted.', 'AbortError')\n  }\n}\n\nfunction bodyMixinMethods (instance) {\n  const methods = {\n    blob () {\n      // The blob() method steps are to return the result of\n      // running consume body with this and the following step\n      // given a byte sequence bytes: return a Blob whose\n      // contents are bytes and whose type attribute is this’s\n      // MIME type.\n      return specConsumeBody(this, (bytes) => {\n        let mimeType = bodyMimeType(this)\n\n        if (mimeType === 'failure') {\n          mimeType = ''\n        } else if (mimeType) {\n          mimeType = serializeAMimeType(mimeType)\n        }\n\n        // Return a Blob whose contents are bytes and type attribute\n        // is mimeType.\n        return new Blob([bytes], { type: mimeType })\n      }, instance)\n    },\n\n    arrayBuffer () {\n      // The arrayBuffer() method steps are to return the result\n      // of running consume body with this and the following step\n      // given a byte sequence bytes: return a new ArrayBuffer\n      // whose contents are bytes.\n      return specConsumeBody(this, (bytes) => {\n        return new Uint8Array(bytes).buffer\n      }, instance)\n    },\n\n    text () {\n      // The text() method steps are to return the result of running\n      // consume body with this and UTF-8 decode.\n      return specConsumeBody(this, utf8DecodeBytes, instance)\n    },\n\n    json () {\n      // The json() method steps are to return the result of running\n      // consume body with this and parse JSON from bytes.\n      return specConsumeBody(this, parseJSONFromBytes, instance)\n    },\n\n    async formData () {\n      webidl.brandCheck(this, instance)\n\n      throwIfAborted(this[kState])\n\n      const contentType = this.headers.get('Content-Type')\n\n      // If mimeType’s essence is \"multipart/form-data\", then:\n      if (/multipart\\/form-data/.test(contentType)) {\n        const headers = {}\n        for (const [key, value] of this.headers) headers[key.toLowerCase()] = value\n\n        const responseFormData = new FormData()\n\n        let busboy\n\n        try {\n          busboy = new Busboy({\n            headers,\n            preservePath: true\n          })\n        } catch (err) {\n          throw new DOMException(`${err}`, 'AbortError')\n        }\n\n        busboy.on('field', (name, value) => {\n          responseFormData.append(name, value)\n        })\n        busboy.on('file', (name, value, filename, encoding, mimeType) => {\n          const chunks = []\n\n          if (encoding === 'base64' || encoding.toLowerCase() === 'base64') {\n            let base64chunk = ''\n\n            value.on('data', (chunk) => {\n              base64chunk += chunk.toString().replace(/[\\r\\n]/gm, '')\n\n              const end = base64chunk.length - base64chunk.length % 4\n              chunks.push(Buffer.from(base64chunk.slice(0, end), 'base64'))\n\n              base64chunk = base64chunk.slice(end)\n            })\n            value.on('end', () => {\n              chunks.push(Buffer.from(base64chunk, 'base64'))\n              responseFormData.append(name, new File(chunks, filename, { type: mimeType }))\n            })\n          } else {\n            value.on('data', (chunk) => {\n              chunks.push(chunk)\n            })\n            value.on('end', () => {\n              responseFormData.append(name, new File(chunks, filename, { type: mimeType }))\n            })\n          }\n        })\n\n        const busboyResolve = new Promise((resolve, reject) => {\n          busboy.on('finish', resolve)\n          busboy.on('error', (err) => reject(new TypeError(err)))\n        })\n\n        if (this.body !== null) for await (const chunk of consumeBody(this[kState].body)) busboy.write(chunk)\n        busboy.end()\n        await busboyResolve\n\n        return responseFormData\n      } else if (/application\\/x-www-form-urlencoded/.test(contentType)) {\n        // Otherwise, if mimeType’s essence is \"application/x-www-form-urlencoded\", then:\n\n        // 1. Let entries be the result of parsing bytes.\n        let entries\n        try {\n          let text = ''\n          // application/x-www-form-urlencoded parser will keep the BOM.\n          // https://url.spec.whatwg.org/#concept-urlencoded-parser\n          // Note that streaming decoder is stateful and cannot be reused\n          const streamingDecoder = new TextDecoder('utf-8', { ignoreBOM: true })\n\n          for await (const chunk of consumeBody(this[kState].body)) {\n            if (!isUint8Array(chunk)) {\n              throw new TypeError('Expected Uint8Array chunk')\n            }\n            text += streamingDecoder.decode(chunk, { stream: true })\n          }\n          text += streamingDecoder.decode()\n          entries = new URLSearchParams(text)\n        } catch (err) {\n          // istanbul ignore next: Unclear when new URLSearchParams can fail on a string.\n          // 2. If entries is failure, then throw a TypeError.\n          throw Object.assign(new TypeError(), { cause: err })\n        }\n\n        // 3. Return a new FormData object whose entries are entries.\n        const formData = new FormData()\n        for (const [name, value] of entries) {\n          formData.append(name, value)\n        }\n        return formData\n      } else {\n        // Wait a tick before checking if the request has been aborted.\n        // Otherwise, a TypeError can be thrown when an AbortError should.\n        await Promise.resolve()\n\n        throwIfAborted(this[kState])\n\n        // Otherwise, throw a TypeError.\n        throw webidl.errors.exception({\n          header: `${instance.name}.formData`,\n          message: 'Could not parse content as FormData.'\n        })\n      }\n    }\n  }\n\n  return methods\n}\n\nfunction mixinBody (prototype) {\n  Object.assign(prototype.prototype, bodyMixinMethods(prototype))\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#concept-body-consume-body\n * @param {Response|Request} object\n * @param {(value: unknown) => unknown} convertBytesToJSValue\n * @param {Response|Request} instance\n */\nasync function specConsumeBody (object, convertBytesToJSValue, instance) {\n  webidl.brandCheck(object, instance)\n\n  throwIfAborted(object[kState])\n\n  // 1. If object is unusable, then return a promise rejected\n  //    with a TypeError.\n  if (bodyUnusable(object[kState].body)) {\n    throw new TypeError('Body is unusable')\n  }\n\n  // 2. Let promise be a new promise.\n  const promise = createDeferredPromise()\n\n  // 3. Let errorSteps given error be to reject promise with error.\n  const errorSteps = (error) => promise.reject(error)\n\n  // 4. Let successSteps given a byte sequence data be to resolve\n  //    promise with the result of running convertBytesToJSValue\n  //    with data. If that threw an exception, then run errorSteps\n  //    with that exception.\n  const successSteps = (data) => {\n    try {\n      promise.resolve(convertBytesToJSValue(data))\n    } catch (e) {\n      errorSteps(e)\n    }\n  }\n\n  // 5. If object’s body is null, then run successSteps with an\n  //    empty byte sequence.\n  if (object[kState].body == null) {\n    successSteps(new Uint8Array())\n    return promise.promise\n  }\n\n  // 6. Otherwise, fully read object’s body given successSteps,\n  //    errorSteps, and object’s relevant global object.\n  await fullyReadBody(object[kState].body, successSteps, errorSteps)\n\n  // 7. Return promise.\n  return promise.promise\n}\n\n// https://fetch.spec.whatwg.org/#body-unusable\nfunction bodyUnusable (body) {\n  // An object including the Body interface mixin is\n  // said to be unusable if its body is non-null and\n  // its body’s stream is disturbed or locked.\n  return body != null && (body.stream.locked || util.isDisturbed(body.stream))\n}\n\n/**\n * @see https://encoding.spec.whatwg.org/#utf-8-decode\n * @param {Buffer} buffer\n */\nfunction utf8DecodeBytes (buffer) {\n  if (buffer.length === 0) {\n    return ''\n  }\n\n  // 1. Let buffer be the result of peeking three bytes from\n  //    ioQueue, converted to a byte sequence.\n\n  // 2. If buffer is 0xEF 0xBB 0xBF, then read three\n  //    bytes from ioQueue. (Do nothing with those bytes.)\n  if (buffer[0] === 0xEF && buffer[1] === 0xBB && buffer[2] === 0xBF) {\n    buffer = buffer.subarray(3)\n  }\n\n  // 3. Process a queue with an instance of UTF-8’s\n  //    decoder, ioQueue, output, and \"replacement\".\n  const output = textDecoder.decode(buffer)\n\n  // 4. Return output.\n  return output\n}\n\n/**\n * @see https://infra.spec.whatwg.org/#parse-json-bytes-to-a-javascript-value\n * @param {Uint8Array} bytes\n */\nfunction parseJSONFromBytes (bytes) {\n  return JSON.parse(utf8DecodeBytes(bytes))\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#concept-body-mime-type\n * @param {import('./response').Response|import('./request').Request} object\n */\nfunction bodyMimeType (object) {\n  const { headersList } = object[kState]\n  const contentType = headersList.get('content-type')\n\n  if (contentType === null) {\n    return 'failure'\n  }\n\n  return parseMIMEType(contentType)\n}\n\nmodule.exports = {\n  extractBody,\n  safelyExtractBody,\n  cloneBody,\n  mixinBody\n}\n","'use strict'\n\nconst { MessageChannel, receiveMessageOnPort } = require('worker_threads')\n\nconst corsSafeListedMethods = ['GET', 'HEAD', 'POST']\nconst corsSafeListedMethodsSet = new Set(corsSafeListedMethods)\n\nconst nullBodyStatus = [101, 204, 205, 304]\n\nconst redirectStatus = [301, 302, 303, 307, 308]\nconst redirectStatusSet = new Set(redirectStatus)\n\n// https://fetch.spec.whatwg.org/#block-bad-port\nconst badPorts = [\n  '1', '7', '9', '11', '13', '15', '17', '19', '20', '21', '22', '23', '25', '37', '42', '43', '53', '69', '77', '79',\n  '87', '95', '101', '102', '103', '104', '109', '110', '111', '113', '115', '117', '119', '123', '135', '137',\n  '139', '143', '161', '179', '389', '427', '465', '512', '513', '514', '515', '526', '530', '531', '532',\n  '540', '548', '554', '556', '563', '587', '601', '636', '989', '990', '993', '995', '1719', '1720', '1723',\n  '2049', '3659', '4045', '5060', '5061', '6000', '6566', '6665', '6666', '6667', '6668', '6669', '6697',\n  '10080'\n]\n\nconst badPortsSet = new Set(badPorts)\n\n// https://w3c.github.io/webappsec-referrer-policy/#referrer-policies\nconst referrerPolicy = [\n  '',\n  'no-referrer',\n  'no-referrer-when-downgrade',\n  'same-origin',\n  'origin',\n  'strict-origin',\n  'origin-when-cross-origin',\n  'strict-origin-when-cross-origin',\n  'unsafe-url'\n]\nconst referrerPolicySet = new Set(referrerPolicy)\n\nconst requestRedirect = ['follow', 'manual', 'error']\n\nconst safeMethods = ['GET', 'HEAD', 'OPTIONS', 'TRACE']\nconst safeMethodsSet = new Set(safeMethods)\n\nconst requestMode = ['navigate', 'same-origin', 'no-cors', 'cors']\n\nconst requestCredentials = ['omit', 'same-origin', 'include']\n\nconst requestCache = [\n  'default',\n  'no-store',\n  'reload',\n  'no-cache',\n  'force-cache',\n  'only-if-cached'\n]\n\n// https://fetch.spec.whatwg.org/#request-body-header-name\nconst requestBodyHeader = [\n  'content-encoding',\n  'content-language',\n  'content-location',\n  'content-type',\n  // See https://github.com/nodejs/undici/issues/2021\n  // 'Content-Length' is a forbidden header name, which is typically\n  // removed in the Headers implementation. However, undici doesn't\n  // filter out headers, so we add it here.\n  'content-length'\n]\n\n// https://fetch.spec.whatwg.org/#enumdef-requestduplex\nconst requestDuplex = [\n  'half'\n]\n\n// http://fetch.spec.whatwg.org/#forbidden-method\nconst forbiddenMethods = ['CONNECT', 'TRACE', 'TRACK']\nconst forbiddenMethodsSet = new Set(forbiddenMethods)\n\nconst subresource = [\n  'audio',\n  'audioworklet',\n  'font',\n  'image',\n  'manifest',\n  'paintworklet',\n  'script',\n  'style',\n  'track',\n  'video',\n  'xslt',\n  ''\n]\nconst subresourceSet = new Set(subresource)\n\n/** @type {globalThis['DOMException']} */\nconst DOMException = globalThis.DOMException ?? (() => {\n  // DOMException was only made a global in Node v17.0.0,\n  // but fetch supports >= v16.8.\n  try {\n    atob('~')\n  } catch (err) {\n    return Object.getPrototypeOf(err).constructor\n  }\n})()\n\nlet channel\n\n/** @type {globalThis['structuredClone']} */\nconst structuredClone =\n  globalThis.structuredClone ??\n  // https://github.com/nodejs/node/blob/b27ae24dcc4251bad726d9d84baf678d1f707fed/lib/internal/structured_clone.js\n  // structuredClone was added in v17.0.0, but fetch supports v16.8\n  function structuredClone (value, options = undefined) {\n    if (arguments.length === 0) {\n      throw new TypeError('missing argument')\n    }\n\n    if (!channel) {\n      channel = new MessageChannel()\n    }\n    channel.port1.unref()\n    channel.port2.unref()\n    channel.port1.postMessage(value, options?.transfer)\n    return receiveMessageOnPort(channel.port2).message\n  }\n\nmodule.exports = {\n  DOMException,\n  structuredClone,\n  subresource,\n  forbiddenMethods,\n  requestBodyHeader,\n  referrerPolicy,\n  requestRedirect,\n  requestMode,\n  requestCredentials,\n  requestCache,\n  redirectStatus,\n  corsSafeListedMethods,\n  nullBodyStatus,\n  safeMethods,\n  badPorts,\n  requestDuplex,\n  subresourceSet,\n  badPortsSet,\n  redirectStatusSet,\n  corsSafeListedMethodsSet,\n  safeMethodsSet,\n  forbiddenMethodsSet,\n  referrerPolicySet\n}\n","const assert = require('assert')\nconst { atob } = require('buffer')\nconst { isomorphicDecode } = require('./util')\n\nconst encoder = new TextEncoder()\n\n/**\n * @see https://mimesniff.spec.whatwg.org/#http-token-code-point\n */\nconst HTTP_TOKEN_CODEPOINTS = /^[!#$%&'*+-.^_|~A-Za-z0-9]+$/\nconst HTTP_WHITESPACE_REGEX = /(\\u000A|\\u000D|\\u0009|\\u0020)/ // eslint-disable-line\n/**\n * @see https://mimesniff.spec.whatwg.org/#http-quoted-string-token-code-point\n */\nconst HTTP_QUOTED_STRING_TOKENS = /[\\u0009|\\u0020-\\u007E|\\u0080-\\u00FF]/ // eslint-disable-line\n\n// https://fetch.spec.whatwg.org/#data-url-processor\n/** @param {URL} dataURL */\nfunction dataURLProcessor (dataURL) {\n  // 1. Assert: dataURL’s scheme is \"data\".\n  assert(dataURL.protocol === 'data:')\n\n  // 2. Let input be the result of running the URL\n  // serializer on dataURL with exclude fragment\n  // set to true.\n  let input = URLSerializer(dataURL, true)\n\n  // 3. Remove the leading \"data:\" string from input.\n  input = input.slice(5)\n\n  // 4. Let position point at the start of input.\n  const position = { position: 0 }\n\n  // 5. Let mimeType be the result of collecting a\n  // sequence of code points that are not equal\n  // to U+002C (,), given position.\n  let mimeType = collectASequenceOfCodePointsFast(\n    ',',\n    input,\n    position\n  )\n\n  // 6. Strip leading and trailing ASCII whitespace\n  // from mimeType.\n  // Undici implementation note: we need to store the\n  // length because if the mimetype has spaces removed,\n  // the wrong amount will be sliced from the input in\n  // step #9\n  const mimeTypeLength = mimeType.length\n  mimeType = removeASCIIWhitespace(mimeType, true, true)\n\n  // 7. If position is past the end of input, then\n  // return failure\n  if (position.position >= input.length) {\n    return 'failure'\n  }\n\n  // 8. Advance position by 1.\n  position.position++\n\n  // 9. Let encodedBody be the remainder of input.\n  const encodedBody = input.slice(mimeTypeLength + 1)\n\n  // 10. Let body be the percent-decoding of encodedBody.\n  let body = stringPercentDecode(encodedBody)\n\n  // 11. If mimeType ends with U+003B (;), followed by\n  // zero or more U+0020 SPACE, followed by an ASCII\n  // case-insensitive match for \"base64\", then:\n  if (/;(\\u0020){0,}base64$/i.test(mimeType)) {\n    // 1. Let stringBody be the isomorphic decode of body.\n    const stringBody = isomorphicDecode(body)\n\n    // 2. Set body to the forgiving-base64 decode of\n    // stringBody.\n    body = forgivingBase64(stringBody)\n\n    // 3. If body is failure, then return failure.\n    if (body === 'failure') {\n      return 'failure'\n    }\n\n    // 4. Remove the last 6 code points from mimeType.\n    mimeType = mimeType.slice(0, -6)\n\n    // 5. Remove trailing U+0020 SPACE code points from mimeType,\n    // if any.\n    mimeType = mimeType.replace(/(\\u0020)+$/, '')\n\n    // 6. Remove the last U+003B (;) code point from mimeType.\n    mimeType = mimeType.slice(0, -1)\n  }\n\n  // 12. If mimeType starts with U+003B (;), then prepend\n  // \"text/plain\" to mimeType.\n  if (mimeType.startsWith(';')) {\n    mimeType = 'text/plain' + mimeType\n  }\n\n  // 13. Let mimeTypeRecord be the result of parsing\n  // mimeType.\n  let mimeTypeRecord = parseMIMEType(mimeType)\n\n  // 14. If mimeTypeRecord is failure, then set\n  // mimeTypeRecord to text/plain;charset=US-ASCII.\n  if (mimeTypeRecord === 'failure') {\n    mimeTypeRecord = parseMIMEType('text/plain;charset=US-ASCII')\n  }\n\n  // 15. Return a new data: URL struct whose MIME\n  // type is mimeTypeRecord and body is body.\n  // https://fetch.spec.whatwg.org/#data-url-struct\n  return { mimeType: mimeTypeRecord, body }\n}\n\n// https://url.spec.whatwg.org/#concept-url-serializer\n/**\n * @param {URL} url\n * @param {boolean} excludeFragment\n */\nfunction URLSerializer (url, excludeFragment = false) {\n  if (!excludeFragment) {\n    return url.href\n  }\n\n  const href = url.href\n  const hashLength = url.hash.length\n\n  return hashLength === 0 ? href : href.substring(0, href.length - hashLength)\n}\n\n// https://infra.spec.whatwg.org/#collect-a-sequence-of-code-points\n/**\n * @param {(char: string) => boolean} condition\n * @param {string} input\n * @param {{ position: number }} position\n */\nfunction collectASequenceOfCodePoints (condition, input, position) {\n  // 1. Let result be the empty string.\n  let result = ''\n\n  // 2. While position doesn’t point past the end of input and the\n  // code point at position within input meets the condition condition:\n  while (position.position < input.length && condition(input[position.position])) {\n    // 1. Append that code point to the end of result.\n    result += input[position.position]\n\n    // 2. Advance position by 1.\n    position.position++\n  }\n\n  // 3. Return result.\n  return result\n}\n\n/**\n * A faster collectASequenceOfCodePoints that only works when comparing a single character.\n * @param {string} char\n * @param {string} input\n * @param {{ position: number }} position\n */\nfunction collectASequenceOfCodePointsFast (char, input, position) {\n  const idx = input.indexOf(char, position.position)\n  const start = position.position\n\n  if (idx === -1) {\n    position.position = input.length\n    return input.slice(start)\n  }\n\n  position.position = idx\n  return input.slice(start, position.position)\n}\n\n// https://url.spec.whatwg.org/#string-percent-decode\n/** @param {string} input */\nfunction stringPercentDecode (input) {\n  // 1. Let bytes be the UTF-8 encoding of input.\n  const bytes = encoder.encode(input)\n\n  // 2. Return the percent-decoding of bytes.\n  return percentDecode(bytes)\n}\n\n// https://url.spec.whatwg.org/#percent-decode\n/** @param {Uint8Array} input */\nfunction percentDecode (input) {\n  // 1. Let output be an empty byte sequence.\n  /** @type {number[]} */\n  const output = []\n\n  // 2. For each byte byte in input:\n  for (let i = 0; i < input.length; i++) {\n    const byte = input[i]\n\n    // 1. If byte is not 0x25 (%), then append byte to output.\n    if (byte !== 0x25) {\n      output.push(byte)\n\n    // 2. Otherwise, if byte is 0x25 (%) and the next two bytes\n    // after byte in input are not in the ranges\n    // 0x30 (0) to 0x39 (9), 0x41 (A) to 0x46 (F),\n    // and 0x61 (a) to 0x66 (f), all inclusive, append byte\n    // to output.\n    } else if (\n      byte === 0x25 &&\n      !/^[0-9A-Fa-f]{2}$/i.test(String.fromCharCode(input[i + 1], input[i + 2]))\n    ) {\n      output.push(0x25)\n\n    // 3. Otherwise:\n    } else {\n      // 1. Let bytePoint be the two bytes after byte in input,\n      // decoded, and then interpreted as hexadecimal number.\n      const nextTwoBytes = String.fromCharCode(input[i + 1], input[i + 2])\n      const bytePoint = Number.parseInt(nextTwoBytes, 16)\n\n      // 2. Append a byte whose value is bytePoint to output.\n      output.push(bytePoint)\n\n      // 3. Skip the next two bytes in input.\n      i += 2\n    }\n  }\n\n  // 3. Return output.\n  return Uint8Array.from(output)\n}\n\n// https://mimesniff.spec.whatwg.org/#parse-a-mime-type\n/** @param {string} input */\nfunction parseMIMEType (input) {\n  // 1. Remove any leading and trailing HTTP whitespace\n  // from input.\n  input = removeHTTPWhitespace(input, true, true)\n\n  // 2. Let position be a position variable for input,\n  // initially pointing at the start of input.\n  const position = { position: 0 }\n\n  // 3. Let type be the result of collecting a sequence\n  // of code points that are not U+002F (/) from\n  // input, given position.\n  const type = collectASequenceOfCodePointsFast(\n    '/',\n    input,\n    position\n  )\n\n  // 4. If type is the empty string or does not solely\n  // contain HTTP token code points, then return failure.\n  // https://mimesniff.spec.whatwg.org/#http-token-code-point\n  if (type.length === 0 || !HTTP_TOKEN_CODEPOINTS.test(type)) {\n    return 'failure'\n  }\n\n  // 5. If position is past the end of input, then return\n  // failure\n  if (position.position > input.length) {\n    return 'failure'\n  }\n\n  // 6. Advance position by 1. (This skips past U+002F (/).)\n  position.position++\n\n  // 7. Let subtype be the result of collecting a sequence of\n  // code points that are not U+003B (;) from input, given\n  // position.\n  let subtype = collectASequenceOfCodePointsFast(\n    ';',\n    input,\n    position\n  )\n\n  // 8. Remove any trailing HTTP whitespace from subtype.\n  subtype = removeHTTPWhitespace(subtype, false, true)\n\n  // 9. If subtype is the empty string or does not solely\n  // contain HTTP token code points, then return failure.\n  if (subtype.length === 0 || !HTTP_TOKEN_CODEPOINTS.test(subtype)) {\n    return 'failure'\n  }\n\n  const typeLowercase = type.toLowerCase()\n  const subtypeLowercase = subtype.toLowerCase()\n\n  // 10. Let mimeType be a new MIME type record whose type\n  // is type, in ASCII lowercase, and subtype is subtype,\n  // in ASCII lowercase.\n  // https://mimesniff.spec.whatwg.org/#mime-type\n  const mimeType = {\n    type: typeLowercase,\n    subtype: subtypeLowercase,\n    /** @type {Map<string, string>} */\n    parameters: new Map(),\n    // https://mimesniff.spec.whatwg.org/#mime-type-essence\n    essence: `${typeLowercase}/${subtypeLowercase}`\n  }\n\n  // 11. While position is not past the end of input:\n  while (position.position < input.length) {\n    // 1. Advance position by 1. (This skips past U+003B (;).)\n    position.position++\n\n    // 2. Collect a sequence of code points that are HTTP\n    // whitespace from input given position.\n    collectASequenceOfCodePoints(\n      // https://fetch.spec.whatwg.org/#http-whitespace\n      char => HTTP_WHITESPACE_REGEX.test(char),\n      input,\n      position\n    )\n\n    // 3. Let parameterName be the result of collecting a\n    // sequence of code points that are not U+003B (;)\n    // or U+003D (=) from input, given position.\n    let parameterName = collectASequenceOfCodePoints(\n      (char) => char !== ';' && char !== '=',\n      input,\n      position\n    )\n\n    // 4. Set parameterName to parameterName, in ASCII\n    // lowercase.\n    parameterName = parameterName.toLowerCase()\n\n    // 5. If position is not past the end of input, then:\n    if (position.position < input.length) {\n      // 1. If the code point at position within input is\n      // U+003B (;), then continue.\n      if (input[position.position] === ';') {\n        continue\n      }\n\n      // 2. Advance position by 1. (This skips past U+003D (=).)\n      position.position++\n    }\n\n    // 6. If position is past the end of input, then break.\n    if (position.position > input.length) {\n      break\n    }\n\n    // 7. Let parameterValue be null.\n    let parameterValue = null\n\n    // 8. If the code point at position within input is\n    // U+0022 (\"), then:\n    if (input[position.position] === '\"') {\n      // 1. Set parameterValue to the result of collecting\n      // an HTTP quoted string from input, given position\n      // and the extract-value flag.\n      parameterValue = collectAnHTTPQuotedString(input, position, true)\n\n      // 2. Collect a sequence of code points that are not\n      // U+003B (;) from input, given position.\n      collectASequenceOfCodePointsFast(\n        ';',\n        input,\n        position\n      )\n\n    // 9. Otherwise:\n    } else {\n      // 1. Set parameterValue to the result of collecting\n      // a sequence of code points that are not U+003B (;)\n      // from input, given position.\n      parameterValue = collectASequenceOfCodePointsFast(\n        ';',\n        input,\n        position\n      )\n\n      // 2. Remove any trailing HTTP whitespace from parameterValue.\n      parameterValue = removeHTTPWhitespace(parameterValue, false, true)\n\n      // 3. If parameterValue is the empty string, then continue.\n      if (parameterValue.length === 0) {\n        continue\n      }\n    }\n\n    // 10. If all of the following are true\n    // - parameterName is not the empty string\n    // - parameterName solely contains HTTP token code points\n    // - parameterValue solely contains HTTP quoted-string token code points\n    // - mimeType’s parameters[parameterName] does not exist\n    // then set mimeType’s parameters[parameterName] to parameterValue.\n    if (\n      parameterName.length !== 0 &&\n      HTTP_TOKEN_CODEPOINTS.test(parameterName) &&\n      (parameterValue.length === 0 || HTTP_QUOTED_STRING_TOKENS.test(parameterValue)) &&\n      !mimeType.parameters.has(parameterName)\n    ) {\n      mimeType.parameters.set(parameterName, parameterValue)\n    }\n  }\n\n  // 12. Return mimeType.\n  return mimeType\n}\n\n// https://infra.spec.whatwg.org/#forgiving-base64-decode\n/** @param {string} data */\nfunction forgivingBase64 (data) {\n  // 1. Remove all ASCII whitespace from data.\n  data = data.replace(/[\\u0009\\u000A\\u000C\\u000D\\u0020]/g, '')  // eslint-disable-line\n\n  // 2. If data’s code point length divides by 4 leaving\n  // no remainder, then:\n  if (data.length % 4 === 0) {\n    // 1. If data ends with one or two U+003D (=) code points,\n    // then remove them from data.\n    data = data.replace(/=?=$/, '')\n  }\n\n  // 3. If data’s code point length divides by 4 leaving\n  // a remainder of 1, then return failure.\n  if (data.length % 4 === 1) {\n    return 'failure'\n  }\n\n  // 4. If data contains a code point that is not one of\n  //  U+002B (+)\n  //  U+002F (/)\n  //  ASCII alphanumeric\n  // then return failure.\n  if (/[^+/0-9A-Za-z]/.test(data)) {\n    return 'failure'\n  }\n\n  const binary = atob(data)\n  const bytes = new Uint8Array(binary.length)\n\n  for (let byte = 0; byte < binary.length; byte++) {\n    bytes[byte] = binary.charCodeAt(byte)\n  }\n\n  return bytes\n}\n\n// https://fetch.spec.whatwg.org/#collect-an-http-quoted-string\n// tests: https://fetch.spec.whatwg.org/#example-http-quoted-string\n/**\n * @param {string} input\n * @param {{ position: number }} position\n * @param {boolean?} extractValue\n */\nfunction collectAnHTTPQuotedString (input, position, extractValue) {\n  // 1. Let positionStart be position.\n  const positionStart = position.position\n\n  // 2. Let value be the empty string.\n  let value = ''\n\n  // 3. Assert: the code point at position within input\n  // is U+0022 (\").\n  assert(input[position.position] === '\"')\n\n  // 4. Advance position by 1.\n  position.position++\n\n  // 5. While true:\n  while (true) {\n    // 1. Append the result of collecting a sequence of code points\n    // that are not U+0022 (\") or U+005C (\\) from input, given\n    // position, to value.\n    value += collectASequenceOfCodePoints(\n      (char) => char !== '\"' && char !== '\\\\',\n      input,\n      position\n    )\n\n    // 2. If position is past the end of input, then break.\n    if (position.position >= input.length) {\n      break\n    }\n\n    // 3. Let quoteOrBackslash be the code point at position within\n    // input.\n    const quoteOrBackslash = input[position.position]\n\n    // 4. Advance position by 1.\n    position.position++\n\n    // 5. If quoteOrBackslash is U+005C (\\), then:\n    if (quoteOrBackslash === '\\\\') {\n      // 1. If position is past the end of input, then append\n      // U+005C (\\) to value and break.\n      if (position.position >= input.length) {\n        value += '\\\\'\n        break\n      }\n\n      // 2. Append the code point at position within input to value.\n      value += input[position.position]\n\n      // 3. Advance position by 1.\n      position.position++\n\n    // 6. Otherwise:\n    } else {\n      // 1. Assert: quoteOrBackslash is U+0022 (\").\n      assert(quoteOrBackslash === '\"')\n\n      // 2. Break.\n      break\n    }\n  }\n\n  // 6. If the extract-value flag is set, then return value.\n  if (extractValue) {\n    return value\n  }\n\n  // 7. Return the code points from positionStart to position,\n  // inclusive, within input.\n  return input.slice(positionStart, position.position)\n}\n\n/**\n * @see https://mimesniff.spec.whatwg.org/#serialize-a-mime-type\n */\nfunction serializeAMimeType (mimeType) {\n  assert(mimeType !== 'failure')\n  const { parameters, essence } = mimeType\n\n  // 1. Let serialization be the concatenation of mimeType’s\n  //    type, U+002F (/), and mimeType’s subtype.\n  let serialization = essence\n\n  // 2. For each name → value of mimeType’s parameters:\n  for (let [name, value] of parameters.entries()) {\n    // 1. Append U+003B (;) to serialization.\n    serialization += ';'\n\n    // 2. Append name to serialization.\n    serialization += name\n\n    // 3. Append U+003D (=) to serialization.\n    serialization += '='\n\n    // 4. If value does not solely contain HTTP token code\n    //    points or value is the empty string, then:\n    if (!HTTP_TOKEN_CODEPOINTS.test(value)) {\n      // 1. Precede each occurence of U+0022 (\") or\n      //    U+005C (\\) in value with U+005C (\\).\n      value = value.replace(/(\\\\|\")/g, '\\\\$1')\n\n      // 2. Prepend U+0022 (\") to value.\n      value = '\"' + value\n\n      // 3. Append U+0022 (\") to value.\n      value += '\"'\n    }\n\n    // 5. Append value to serialization.\n    serialization += value\n  }\n\n  // 3. Return serialization.\n  return serialization\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#http-whitespace\n * @param {string} char\n */\nfunction isHTTPWhiteSpace (char) {\n  return char === '\\r' || char === '\\n' || char === '\\t' || char === ' '\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#http-whitespace\n * @param {string} str\n */\nfunction removeHTTPWhitespace (str, leading = true, trailing = true) {\n  let lead = 0\n  let trail = str.length - 1\n\n  if (leading) {\n    for (; lead < str.length && isHTTPWhiteSpace(str[lead]); lead++);\n  }\n\n  if (trailing) {\n    for (; trail > 0 && isHTTPWhiteSpace(str[trail]); trail--);\n  }\n\n  return str.slice(lead, trail + 1)\n}\n\n/**\n * @see https://infra.spec.whatwg.org/#ascii-whitespace\n * @param {string} char\n */\nfunction isASCIIWhitespace (char) {\n  return char === '\\r' || char === '\\n' || char === '\\t' || char === '\\f' || char === ' '\n}\n\n/**\n * @see https://infra.spec.whatwg.org/#strip-leading-and-trailing-ascii-whitespace\n */\nfunction removeASCIIWhitespace (str, leading = true, trailing = true) {\n  let lead = 0\n  let trail = str.length - 1\n\n  if (leading) {\n    for (; lead < str.length && isASCIIWhitespace(str[lead]); lead++);\n  }\n\n  if (trailing) {\n    for (; trail > 0 && isASCIIWhitespace(str[trail]); trail--);\n  }\n\n  return str.slice(lead, trail + 1)\n}\n\nmodule.exports = {\n  dataURLProcessor,\n  URLSerializer,\n  collectASequenceOfCodePoints,\n  collectASequenceOfCodePointsFast,\n  stringPercentDecode,\n  parseMIMEType,\n  collectAnHTTPQuotedString,\n  serializeAMimeType\n}\n","'use strict'\n\nconst { Blob, File: NativeFile } = require('buffer')\nconst { types } = require('util')\nconst { kState } = require('./symbols')\nconst { isBlobLike } = require('./util')\nconst { webidl } = require('./webidl')\nconst { parseMIMEType, serializeAMimeType } = require('./dataURL')\nconst { kEnumerableProperty } = require('../core/util')\nconst encoder = new TextEncoder()\n\nclass File extends Blob {\n  constructor (fileBits, fileName, options = {}) {\n    // The File constructor is invoked with two or three parameters, depending\n    // on whether the optional dictionary parameter is used. When the File()\n    // constructor is invoked, user agents must run the following steps:\n    webidl.argumentLengthCheck(arguments, 2, { header: 'File constructor' })\n\n    fileBits = webidl.converters['sequence<BlobPart>'](fileBits)\n    fileName = webidl.converters.USVString(fileName)\n    options = webidl.converters.FilePropertyBag(options)\n\n    // 1. Let bytes be the result of processing blob parts given fileBits and\n    // options.\n    // Note: Blob handles this for us\n\n    // 2. Let n be the fileName argument to the constructor.\n    const n = fileName\n\n    // 3. Process FilePropertyBag dictionary argument by running the following\n    // substeps:\n\n    //    1. If the type member is provided and is not the empty string, let t\n    //    be set to the type dictionary member. If t contains any characters\n    //    outside the range U+0020 to U+007E, then set t to the empty string\n    //    and return from these substeps.\n    //    2. Convert every character in t to ASCII lowercase.\n    let t = options.type\n    let d\n\n    // eslint-disable-next-line no-labels\n    substep: {\n      if (t) {\n        t = parseMIMEType(t)\n\n        if (t === 'failure') {\n          t = ''\n          // eslint-disable-next-line no-labels\n          break substep\n        }\n\n        t = serializeAMimeType(t).toLowerCase()\n      }\n\n      //    3. If the lastModified member is provided, let d be set to the\n      //    lastModified dictionary member. If it is not provided, set d to the\n      //    current date and time represented as the number of milliseconds since\n      //    the Unix Epoch (which is the equivalent of Date.now() [ECMA-262]).\n      d = options.lastModified\n    }\n\n    // 4. Return a new File object F such that:\n    // F refers to the bytes byte sequence.\n    // F.size is set to the number of total bytes in bytes.\n    // F.name is set to n.\n    // F.type is set to t.\n    // F.lastModified is set to d.\n\n    super(processBlobParts(fileBits, options), { type: t })\n    this[kState] = {\n      name: n,\n      lastModified: d,\n      type: t\n    }\n  }\n\n  get name () {\n    webidl.brandCheck(this, File)\n\n    return this[kState].name\n  }\n\n  get lastModified () {\n    webidl.brandCheck(this, File)\n\n    return this[kState].lastModified\n  }\n\n  get type () {\n    webidl.brandCheck(this, File)\n\n    return this[kState].type\n  }\n}\n\nclass FileLike {\n  constructor (blobLike, fileName, options = {}) {\n    // TODO: argument idl type check\n\n    // The File constructor is invoked with two or three parameters, depending\n    // on whether the optional dictionary parameter is used. When the File()\n    // constructor is invoked, user agents must run the following steps:\n\n    // 1. Let bytes be the result of processing blob parts given fileBits and\n    // options.\n\n    // 2. Let n be the fileName argument to the constructor.\n    const n = fileName\n\n    // 3. Process FilePropertyBag dictionary argument by running the following\n    // substeps:\n\n    //    1. If the type member is provided and is not the empty string, let t\n    //    be set to the type dictionary member. If t contains any characters\n    //    outside the range U+0020 to U+007E, then set t to the empty string\n    //    and return from these substeps.\n    //    TODO\n    const t = options.type\n\n    //    2. Convert every character in t to ASCII lowercase.\n    //    TODO\n\n    //    3. If the lastModified member is provided, let d be set to the\n    //    lastModified dictionary member. If it is not provided, set d to the\n    //    current date and time represented as the number of milliseconds since\n    //    the Unix Epoch (which is the equivalent of Date.now() [ECMA-262]).\n    const d = options.lastModified ?? Date.now()\n\n    // 4. Return a new File object F such that:\n    // F refers to the bytes byte sequence.\n    // F.size is set to the number of total bytes in bytes.\n    // F.name is set to n.\n    // F.type is set to t.\n    // F.lastModified is set to d.\n\n    this[kState] = {\n      blobLike,\n      name: n,\n      type: t,\n      lastModified: d\n    }\n  }\n\n  stream (...args) {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.stream(...args)\n  }\n\n  arrayBuffer (...args) {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.arrayBuffer(...args)\n  }\n\n  slice (...args) {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.slice(...args)\n  }\n\n  text (...args) {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.text(...args)\n  }\n\n  get size () {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.size\n  }\n\n  get type () {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.type\n  }\n\n  get name () {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].name\n  }\n\n  get lastModified () {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].lastModified\n  }\n\n  get [Symbol.toStringTag] () {\n    return 'File'\n  }\n}\n\nObject.defineProperties(File.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'File',\n    configurable: true\n  },\n  name: kEnumerableProperty,\n  lastModified: kEnumerableProperty\n})\n\nwebidl.converters.Blob = webidl.interfaceConverter(Blob)\n\nwebidl.converters.BlobPart = function (V, opts) {\n  if (webidl.util.Type(V) === 'Object') {\n    if (isBlobLike(V)) {\n      return webidl.converters.Blob(V, { strict: false })\n    }\n\n    if (\n      ArrayBuffer.isView(V) ||\n      types.isAnyArrayBuffer(V)\n    ) {\n      return webidl.converters.BufferSource(V, opts)\n    }\n  }\n\n  return webidl.converters.USVString(V, opts)\n}\n\nwebidl.converters['sequence<BlobPart>'] = webidl.sequenceConverter(\n  webidl.converters.BlobPart\n)\n\n// https://www.w3.org/TR/FileAPI/#dfn-FilePropertyBag\nwebidl.converters.FilePropertyBag = webidl.dictionaryConverter([\n  {\n    key: 'lastModified',\n    converter: webidl.converters['long long'],\n    get defaultValue () {\n      return Date.now()\n    }\n  },\n  {\n    key: 'type',\n    converter: webidl.converters.DOMString,\n    defaultValue: ''\n  },\n  {\n    key: 'endings',\n    converter: (value) => {\n      value = webidl.converters.DOMString(value)\n      value = value.toLowerCase()\n\n      if (value !== 'native') {\n        value = 'transparent'\n      }\n\n      return value\n    },\n    defaultValue: 'transparent'\n  }\n])\n\n/**\n * @see https://www.w3.org/TR/FileAPI/#process-blob-parts\n * @param {(NodeJS.TypedArray|Blob|string)[]} parts\n * @param {{ type: string, endings: string }} options\n */\nfunction processBlobParts (parts, options) {\n  // 1. Let bytes be an empty sequence of bytes.\n  /** @type {NodeJS.TypedArray[]} */\n  const bytes = []\n\n  // 2. For each element in parts:\n  for (const element of parts) {\n    // 1. If element is a USVString, run the following substeps:\n    if (typeof element === 'string') {\n      // 1. Let s be element.\n      let s = element\n\n      // 2. If the endings member of options is \"native\", set s\n      //    to the result of converting line endings to native\n      //    of element.\n      if (options.endings === 'native') {\n        s = convertLineEndingsNative(s)\n      }\n\n      // 3. Append the result of UTF-8 encoding s to bytes.\n      bytes.push(encoder.encode(s))\n    } else if (\n      types.isAnyArrayBuffer(element) ||\n      types.isTypedArray(element)\n    ) {\n      // 2. If element is a BufferSource, get a copy of the\n      //    bytes held by the buffer source, and append those\n      //    bytes to bytes.\n      if (!element.buffer) { // ArrayBuffer\n        bytes.push(new Uint8Array(element))\n      } else {\n        bytes.push(\n          new Uint8Array(element.buffer, element.byteOffset, element.byteLength)\n        )\n      }\n    } else if (isBlobLike(element)) {\n      // 3. If element is a Blob, append the bytes it represents\n      //    to bytes.\n      bytes.push(element)\n    }\n  }\n\n  // 3. Return bytes.\n  return bytes\n}\n\n/**\n * @see https://www.w3.org/TR/FileAPI/#convert-line-endings-to-native\n * @param {string} s\n */\nfunction convertLineEndingsNative (s) {\n  // 1. Let native line ending be be the code point U+000A LF.\n  let nativeLineEnding = '\\n'\n\n  // 2. If the underlying platform’s conventions are to\n  //    represent newlines as a carriage return and line feed\n  //    sequence, set native line ending to the code point\n  //    U+000D CR followed by the code point U+000A LF.\n  if (process.platform === 'win32') {\n    nativeLineEnding = '\\r\\n'\n  }\n\n  return s.replace(/\\r?\\n/g, nativeLineEnding)\n}\n\n// If this function is moved to ./util.js, some tools (such as\n// rollup) will warn about circular dependencies. See:\n// https://github.com/nodejs/undici/issues/1629\nfunction isFileLike (object) {\n  return (\n    (NativeFile && object instanceof NativeFile) ||\n    object instanceof File || (\n      object &&\n      (typeof object.stream === 'function' ||\n      typeof object.arrayBuffer === 'function') &&\n      object[Symbol.toStringTag] === 'File'\n    )\n  )\n}\n\nmodule.exports = { File, FileLike, isFileLike }\n","'use strict'\n\nconst { isBlobLike, toUSVString, makeIterator } = require('./util')\nconst { kState } = require('./symbols')\nconst { File: UndiciFile, FileLike, isFileLike } = require('./file')\nconst { webidl } = require('./webidl')\nconst { Blob, File: NativeFile } = require('buffer')\n\n/** @type {globalThis['File']} */\nconst File = NativeFile ?? UndiciFile\n\n// https://xhr.spec.whatwg.org/#formdata\nclass FormData {\n  constructor (form) {\n    if (form !== undefined) {\n      throw webidl.errors.conversionFailed({\n        prefix: 'FormData constructor',\n        argument: 'Argument 1',\n        types: ['undefined']\n      })\n    }\n\n    this[kState] = []\n  }\n\n  append (name, value, filename = undefined) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 2, { header: 'FormData.append' })\n\n    if (arguments.length === 3 && !isBlobLike(value)) {\n      throw new TypeError(\n        \"Failed to execute 'append' on 'FormData': parameter 2 is not of type 'Blob'\"\n      )\n    }\n\n    // 1. Let value be value if given; otherwise blobValue.\n\n    name = webidl.converters.USVString(name)\n    value = isBlobLike(value)\n      ? webidl.converters.Blob(value, { strict: false })\n      : webidl.converters.USVString(value)\n    filename = arguments.length === 3\n      ? webidl.converters.USVString(filename)\n      : undefined\n\n    // 2. Let entry be the result of creating an entry with\n    // name, value, and filename if given.\n    const entry = makeEntry(name, value, filename)\n\n    // 3. Append entry to this’s entry list.\n    this[kState].push(entry)\n  }\n\n  delete (name) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FormData.delete' })\n\n    name = webidl.converters.USVString(name)\n\n    // The delete(name) method steps are to remove all entries whose name\n    // is name from this’s entry list.\n    this[kState] = this[kState].filter(entry => entry.name !== name)\n  }\n\n  get (name) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FormData.get' })\n\n    name = webidl.converters.USVString(name)\n\n    // 1. If there is no entry whose name is name in this’s entry list,\n    // then return null.\n    const idx = this[kState].findIndex((entry) => entry.name === name)\n    if (idx === -1) {\n      return null\n    }\n\n    // 2. Return the value of the first entry whose name is name from\n    // this’s entry list.\n    return this[kState][idx].value\n  }\n\n  getAll (name) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FormData.getAll' })\n\n    name = webidl.converters.USVString(name)\n\n    // 1. If there is no entry whose name is name in this’s entry list,\n    // then return the empty list.\n    // 2. Return the values of all entries whose name is name, in order,\n    // from this’s entry list.\n    return this[kState]\n      .filter((entry) => entry.name === name)\n      .map((entry) => entry.value)\n  }\n\n  has (name) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FormData.has' })\n\n    name = webidl.converters.USVString(name)\n\n    // The has(name) method steps are to return true if there is an entry\n    // whose name is name in this’s entry list; otherwise false.\n    return this[kState].findIndex((entry) => entry.name === name) !== -1\n  }\n\n  set (name, value, filename = undefined) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 2, { header: 'FormData.set' })\n\n    if (arguments.length === 3 && !isBlobLike(value)) {\n      throw new TypeError(\n        \"Failed to execute 'set' on 'FormData': parameter 2 is not of type 'Blob'\"\n      )\n    }\n\n    // The set(name, value) and set(name, blobValue, filename) method steps\n    // are:\n\n    // 1. Let value be value if given; otherwise blobValue.\n\n    name = webidl.converters.USVString(name)\n    value = isBlobLike(value)\n      ? webidl.converters.Blob(value, { strict: false })\n      : webidl.converters.USVString(value)\n    filename = arguments.length === 3\n      ? toUSVString(filename)\n      : undefined\n\n    // 2. Let entry be the result of creating an entry with name, value, and\n    // filename if given.\n    const entry = makeEntry(name, value, filename)\n\n    // 3. If there are entries in this’s entry list whose name is name, then\n    // replace the first such entry with entry and remove the others.\n    const idx = this[kState].findIndex((entry) => entry.name === name)\n    if (idx !== -1) {\n      this[kState] = [\n        ...this[kState].slice(0, idx),\n        entry,\n        ...this[kState].slice(idx + 1).filter((entry) => entry.name !== name)\n      ]\n    } else {\n      // 4. Otherwise, append entry to this’s entry list.\n      this[kState].push(entry)\n    }\n  }\n\n  entries () {\n    webidl.brandCheck(this, FormData)\n\n    return makeIterator(\n      () => this[kState].map(pair => [pair.name, pair.value]),\n      'FormData',\n      'key+value'\n    )\n  }\n\n  keys () {\n    webidl.brandCheck(this, FormData)\n\n    return makeIterator(\n      () => this[kState].map(pair => [pair.name, pair.value]),\n      'FormData',\n      'key'\n    )\n  }\n\n  values () {\n    webidl.brandCheck(this, FormData)\n\n    return makeIterator(\n      () => this[kState].map(pair => [pair.name, pair.value]),\n      'FormData',\n      'value'\n    )\n  }\n\n  /**\n   * @param {(value: string, key: string, self: FormData) => void} callbackFn\n   * @param {unknown} thisArg\n   */\n  forEach (callbackFn, thisArg = globalThis) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FormData.forEach' })\n\n    if (typeof callbackFn !== 'function') {\n      throw new TypeError(\n        \"Failed to execute 'forEach' on 'FormData': parameter 1 is not of type 'Function'.\"\n      )\n    }\n\n    for (const [key, value] of this) {\n      callbackFn.apply(thisArg, [value, key, this])\n    }\n  }\n}\n\nFormData.prototype[Symbol.iterator] = FormData.prototype.entries\n\nObject.defineProperties(FormData.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'FormData',\n    configurable: true\n  }\n})\n\n/**\n * @see https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#create-an-entry\n * @param {string} name\n * @param {string|Blob} value\n * @param {?string} filename\n * @returns\n */\nfunction makeEntry (name, value, filename) {\n  // 1. Set name to the result of converting name into a scalar value string.\n  // \"To convert a string into a scalar value string, replace any surrogates\n  //  with U+FFFD.\"\n  // see: https://nodejs.org/dist/latest-v18.x/docs/api/buffer.html#buftostringencoding-start-end\n  name = Buffer.from(name).toString('utf8')\n\n  // 2. If value is a string, then set value to the result of converting\n  //    value into a scalar value string.\n  if (typeof value === 'string') {\n    value = Buffer.from(value).toString('utf8')\n  } else {\n    // 3. Otherwise:\n\n    // 1. If value is not a File object, then set value to a new File object,\n    //    representing the same bytes, whose name attribute value is \"blob\"\n    if (!isFileLike(value)) {\n      value = value instanceof Blob\n        ? new File([value], 'blob', { type: value.type })\n        : new FileLike(value, 'blob', { type: value.type })\n    }\n\n    // 2. If filename is given, then set value to a new File object,\n    //    representing the same bytes, whose name attribute is filename.\n    if (filename !== undefined) {\n      /** @type {FilePropertyBag} */\n      const options = {\n        type: value.type,\n        lastModified: value.lastModified\n      }\n\n      value = (NativeFile && value instanceof NativeFile) || value instanceof UndiciFile\n        ? new File([value], filename, options)\n        : new FileLike(value, filename, options)\n    }\n  }\n\n  // 4. Return an entry whose name is name and whose value is value.\n  return { name, value }\n}\n\nmodule.exports = { FormData }\n","'use strict'\n\n// In case of breaking changes, increase the version\n// number to avoid conflicts.\nconst globalOrigin = Symbol.for('undici.globalOrigin.1')\n\nfunction getGlobalOrigin () {\n  return globalThis[globalOrigin]\n}\n\nfunction setGlobalOrigin (newOrigin) {\n  if (newOrigin === undefined) {\n    Object.defineProperty(globalThis, globalOrigin, {\n      value: undefined,\n      writable: true,\n      enumerable: false,\n      configurable: false\n    })\n\n    return\n  }\n\n  const parsedURL = new URL(newOrigin)\n\n  if (parsedURL.protocol !== 'http:' && parsedURL.protocol !== 'https:') {\n    throw new TypeError(`Only http & https urls are allowed, received ${parsedURL.protocol}`)\n  }\n\n  Object.defineProperty(globalThis, globalOrigin, {\n    value: parsedURL,\n    writable: true,\n    enumerable: false,\n    configurable: false\n  })\n}\n\nmodule.exports = {\n  getGlobalOrigin,\n  setGlobalOrigin\n}\n","// https://github.com/Ethan-Arrowood/undici-fetch\n\n'use strict'\n\nconst { kHeadersList, kConstruct } = require('../core/symbols')\nconst { kGuard } = require('./symbols')\nconst { kEnumerableProperty } = require('../core/util')\nconst {\n  makeIterator,\n  isValidHeaderName,\n  isValidHeaderValue\n} = require('./util')\nconst util = require('util')\nconst { webidl } = require('./webidl')\nconst assert = require('assert')\n\nconst kHeadersMap = Symbol('headers map')\nconst kHeadersSortedMap = Symbol('headers map sorted')\n\n/**\n * @param {number} code\n */\nfunction isHTTPWhiteSpaceCharCode (code) {\n  return code === 0x00a || code === 0x00d || code === 0x009 || code === 0x020\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#concept-header-value-normalize\n * @param {string} potentialValue\n */\nfunction headerValueNormalize (potentialValue) {\n  //  To normalize a byte sequence potentialValue, remove\n  //  any leading and trailing HTTP whitespace bytes from\n  //  potentialValue.\n  let i = 0; let j = potentialValue.length\n\n  while (j > i && isHTTPWhiteSpaceCharCode(potentialValue.charCodeAt(j - 1))) --j\n  while (j > i && isHTTPWhiteSpaceCharCode(potentialValue.charCodeAt(i))) ++i\n\n  return i === 0 && j === potentialValue.length ? potentialValue : potentialValue.substring(i, j)\n}\n\nfunction fill (headers, object) {\n  // To fill a Headers object headers with a given object object, run these steps:\n\n  // 1. If object is a sequence, then for each header in object:\n  // Note: webidl conversion to array has already been done.\n  if (Array.isArray(object)) {\n    for (let i = 0; i < object.length; ++i) {\n      const header = object[i]\n      // 1. If header does not contain exactly two items, then throw a TypeError.\n      if (header.length !== 2) {\n        throw webidl.errors.exception({\n          header: 'Headers constructor',\n          message: `expected name/value pair to be length 2, found ${header.length}.`\n        })\n      }\n\n      // 2. Append (header’s first item, header’s second item) to headers.\n      appendHeader(headers, header[0], header[1])\n    }\n  } else if (typeof object === 'object' && object !== null) {\n    // Note: null should throw\n\n    // 2. Otherwise, object is a record, then for each key → value in object,\n    //    append (key, value) to headers\n    const keys = Object.keys(object)\n    for (let i = 0; i < keys.length; ++i) {\n      appendHeader(headers, keys[i], object[keys[i]])\n    }\n  } else {\n    throw webidl.errors.conversionFailed({\n      prefix: 'Headers constructor',\n      argument: 'Argument 1',\n      types: ['sequence<sequence<ByteString>>', 'record<ByteString, ByteString>']\n    })\n  }\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#concept-headers-append\n */\nfunction appendHeader (headers, name, value) {\n  // 1. Normalize value.\n  value = headerValueNormalize(value)\n\n  // 2. If name is not a header name or value is not a\n  //    header value, then throw a TypeError.\n  if (!isValidHeaderName(name)) {\n    throw webidl.errors.invalidArgument({\n      prefix: 'Headers.append',\n      value: name,\n      type: 'header name'\n    })\n  } else if (!isValidHeaderValue(value)) {\n    throw webidl.errors.invalidArgument({\n      prefix: 'Headers.append',\n      value,\n      type: 'header value'\n    })\n  }\n\n  // 3. If headers’s guard is \"immutable\", then throw a TypeError.\n  // 4. Otherwise, if headers’s guard is \"request\" and name is a\n  //    forbidden header name, return.\n  // Note: undici does not implement forbidden header names\n  if (headers[kGuard] === 'immutable') {\n    throw new TypeError('immutable')\n  } else if (headers[kGuard] === 'request-no-cors') {\n    // 5. Otherwise, if headers’s guard is \"request-no-cors\":\n    // TODO\n  }\n\n  // 6. Otherwise, if headers’s guard is \"response\" and name is a\n  //    forbidden response-header name, return.\n\n  // 7. Append (name, value) to headers’s header list.\n  return headers[kHeadersList].append(name, value)\n\n  // 8. If headers’s guard is \"request-no-cors\", then remove\n  //    privileged no-CORS request headers from headers\n}\n\nclass HeadersList {\n  /** @type {[string, string][]|null} */\n  cookies = null\n\n  constructor (init) {\n    if (init instanceof HeadersList) {\n      this[kHeadersMap] = new Map(init[kHeadersMap])\n      this[kHeadersSortedMap] = init[kHeadersSortedMap]\n      this.cookies = init.cookies === null ? null : [...init.cookies]\n    } else {\n      this[kHeadersMap] = new Map(init)\n      this[kHeadersSortedMap] = null\n    }\n  }\n\n  // https://fetch.spec.whatwg.org/#header-list-contains\n  contains (name) {\n    // A header list list contains a header name name if list\n    // contains a header whose name is a byte-case-insensitive\n    // match for name.\n    name = name.toLowerCase()\n\n    return this[kHeadersMap].has(name)\n  }\n\n  clear () {\n    this[kHeadersMap].clear()\n    this[kHeadersSortedMap] = null\n    this.cookies = null\n  }\n\n  // https://fetch.spec.whatwg.org/#concept-header-list-append\n  append (name, value) {\n    this[kHeadersSortedMap] = null\n\n    // 1. If list contains name, then set name to the first such\n    //    header’s name.\n    const lowercaseName = name.toLowerCase()\n    const exists = this[kHeadersMap].get(lowercaseName)\n\n    // 2. Append (name, value) to list.\n    if (exists) {\n      const delimiter = lowercaseName === 'cookie' ? '; ' : ', '\n      this[kHeadersMap].set(lowercaseName, {\n        name: exists.name,\n        value: `${exists.value}${delimiter}${value}`\n      })\n    } else {\n      this[kHeadersMap].set(lowercaseName, { name, value })\n    }\n\n    if (lowercaseName === 'set-cookie') {\n      this.cookies ??= []\n      this.cookies.push(value)\n    }\n  }\n\n  // https://fetch.spec.whatwg.org/#concept-header-list-set\n  set (name, value) {\n    this[kHeadersSortedMap] = null\n    const lowercaseName = name.toLowerCase()\n\n    if (lowercaseName === 'set-cookie') {\n      this.cookies = [value]\n    }\n\n    // 1. If list contains name, then set the value of\n    //    the first such header to value and remove the\n    //    others.\n    // 2. Otherwise, append header (name, value) to list.\n    this[kHeadersMap].set(lowercaseName, { name, value })\n  }\n\n  // https://fetch.spec.whatwg.org/#concept-header-list-delete\n  delete (name) {\n    this[kHeadersSortedMap] = null\n\n    name = name.toLowerCase()\n\n    if (name === 'set-cookie') {\n      this.cookies = null\n    }\n\n    this[kHeadersMap].delete(name)\n  }\n\n  // https://fetch.spec.whatwg.org/#concept-header-list-get\n  get (name) {\n    const value = this[kHeadersMap].get(name.toLowerCase())\n\n    // 1. If list does not contain name, then return null.\n    // 2. Return the values of all headers in list whose name\n    //    is a byte-case-insensitive match for name,\n    //    separated from each other by 0x2C 0x20, in order.\n    return value === undefined ? null : value.value\n  }\n\n  * [Symbol.iterator] () {\n    // use the lowercased name\n    for (const [name, { value }] of this[kHeadersMap]) {\n      yield [name, value]\n    }\n  }\n\n  get entries () {\n    const headers = {}\n\n    if (this[kHeadersMap].size) {\n      for (const { name, value } of this[kHeadersMap].values()) {\n        headers[name] = value\n      }\n    }\n\n    return headers\n  }\n}\n\n// https://fetch.spec.whatwg.org/#headers-class\nclass Headers {\n  constructor (init = undefined) {\n    if (init === kConstruct) {\n      return\n    }\n    this[kHeadersList] = new HeadersList()\n\n    // The new Headers(init) constructor steps are:\n\n    // 1. Set this’s guard to \"none\".\n    this[kGuard] = 'none'\n\n    // 2. If init is given, then fill this with init.\n    if (init !== undefined) {\n      init = webidl.converters.HeadersInit(init)\n      fill(this, init)\n    }\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-append\n  append (name, value) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 2, { header: 'Headers.append' })\n\n    name = webidl.converters.ByteString(name)\n    value = webidl.converters.ByteString(value)\n\n    return appendHeader(this, name, value)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-delete\n  delete (name) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Headers.delete' })\n\n    name = webidl.converters.ByteString(name)\n\n    // 1. If name is not a header name, then throw a TypeError.\n    if (!isValidHeaderName(name)) {\n      throw webidl.errors.invalidArgument({\n        prefix: 'Headers.delete',\n        value: name,\n        type: 'header name'\n      })\n    }\n\n    // 2. If this’s guard is \"immutable\", then throw a TypeError.\n    // 3. Otherwise, if this’s guard is \"request\" and name is a\n    //    forbidden header name, return.\n    // 4. Otherwise, if this’s guard is \"request-no-cors\", name\n    //    is not a no-CORS-safelisted request-header name, and\n    //    name is not a privileged no-CORS request-header name,\n    //    return.\n    // 5. Otherwise, if this’s guard is \"response\" and name is\n    //    a forbidden response-header name, return.\n    // Note: undici does not implement forbidden header names\n    if (this[kGuard] === 'immutable') {\n      throw new TypeError('immutable')\n    } else if (this[kGuard] === 'request-no-cors') {\n      // TODO\n    }\n\n    // 6. If this’s header list does not contain name, then\n    //    return.\n    if (!this[kHeadersList].contains(name)) {\n      return\n    }\n\n    // 7. Delete name from this’s header list.\n    // 8. If this’s guard is \"request-no-cors\", then remove\n    //    privileged no-CORS request headers from this.\n    this[kHeadersList].delete(name)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-get\n  get (name) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Headers.get' })\n\n    name = webidl.converters.ByteString(name)\n\n    // 1. If name is not a header name, then throw a TypeError.\n    if (!isValidHeaderName(name)) {\n      throw webidl.errors.invalidArgument({\n        prefix: 'Headers.get',\n        value: name,\n        type: 'header name'\n      })\n    }\n\n    // 2. Return the result of getting name from this’s header\n    //    list.\n    return this[kHeadersList].get(name)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-has\n  has (name) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Headers.has' })\n\n    name = webidl.converters.ByteString(name)\n\n    // 1. If name is not a header name, then throw a TypeError.\n    if (!isValidHeaderName(name)) {\n      throw webidl.errors.invalidArgument({\n        prefix: 'Headers.has',\n        value: name,\n        type: 'header name'\n      })\n    }\n\n    // 2. Return true if this’s header list contains name;\n    //    otherwise false.\n    return this[kHeadersList].contains(name)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-set\n  set (name, value) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 2, { header: 'Headers.set' })\n\n    name = webidl.converters.ByteString(name)\n    value = webidl.converters.ByteString(value)\n\n    // 1. Normalize value.\n    value = headerValueNormalize(value)\n\n    // 2. If name is not a header name or value is not a\n    //    header value, then throw a TypeError.\n    if (!isValidHeaderName(name)) {\n      throw webidl.errors.invalidArgument({\n        prefix: 'Headers.set',\n        value: name,\n        type: 'header name'\n      })\n    } else if (!isValidHeaderValue(value)) {\n      throw webidl.errors.invalidArgument({\n        prefix: 'Headers.set',\n        value,\n        type: 'header value'\n      })\n    }\n\n    // 3. If this’s guard is \"immutable\", then throw a TypeError.\n    // 4. Otherwise, if this’s guard is \"request\" and name is a\n    //    forbidden header name, return.\n    // 5. Otherwise, if this’s guard is \"request-no-cors\" and\n    //    name/value is not a no-CORS-safelisted request-header,\n    //    return.\n    // 6. Otherwise, if this’s guard is \"response\" and name is a\n    //    forbidden response-header name, return.\n    // Note: undici does not implement forbidden header names\n    if (this[kGuard] === 'immutable') {\n      throw new TypeError('immutable')\n    } else if (this[kGuard] === 'request-no-cors') {\n      // TODO\n    }\n\n    // 7. Set (name, value) in this’s header list.\n    // 8. If this’s guard is \"request-no-cors\", then remove\n    //    privileged no-CORS request headers from this\n    this[kHeadersList].set(name, value)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-getsetcookie\n  getSetCookie () {\n    webidl.brandCheck(this, Headers)\n\n    // 1. If this’s header list does not contain `Set-Cookie`, then return « ».\n    // 2. Return the values of all headers in this’s header list whose name is\n    //    a byte-case-insensitive match for `Set-Cookie`, in order.\n\n    const list = this[kHeadersList].cookies\n\n    if (list) {\n      return [...list]\n    }\n\n    return []\n  }\n\n  // https://fetch.spec.whatwg.org/#concept-header-list-sort-and-combine\n  get [kHeadersSortedMap] () {\n    if (this[kHeadersList][kHeadersSortedMap]) {\n      return this[kHeadersList][kHeadersSortedMap]\n    }\n\n    // 1. Let headers be an empty list of headers with the key being the name\n    //    and value the value.\n    const headers = []\n\n    // 2. Let names be the result of convert header names to a sorted-lowercase\n    //    set with all the names of the headers in list.\n    const names = [...this[kHeadersList]].sort((a, b) => a[0] < b[0] ? -1 : 1)\n    const cookies = this[kHeadersList].cookies\n\n    // 3. For each name of names:\n    for (let i = 0; i < names.length; ++i) {\n      const [name, value] = names[i]\n      // 1. If name is `set-cookie`, then:\n      if (name === 'set-cookie') {\n        // 1. Let values be a list of all values of headers in list whose name\n        //    is a byte-case-insensitive match for name, in order.\n\n        // 2. For each value of values:\n        // 1. Append (name, value) to headers.\n        for (let j = 0; j < cookies.length; ++j) {\n          headers.push([name, cookies[j]])\n        }\n      } else {\n        // 2. Otherwise:\n\n        // 1. Let value be the result of getting name from list.\n\n        // 2. Assert: value is non-null.\n        assert(value !== null)\n\n        // 3. Append (name, value) to headers.\n        headers.push([name, value])\n      }\n    }\n\n    this[kHeadersList][kHeadersSortedMap] = headers\n\n    // 4. Return headers.\n    return headers\n  }\n\n  keys () {\n    webidl.brandCheck(this, Headers)\n\n    if (this[kGuard] === 'immutable') {\n      const value = this[kHeadersSortedMap]\n      return makeIterator(() => value, 'Headers',\n        'key')\n    }\n\n    return makeIterator(\n      () => [...this[kHeadersSortedMap].values()],\n      'Headers',\n      'key'\n    )\n  }\n\n  values () {\n    webidl.brandCheck(this, Headers)\n\n    if (this[kGuard] === 'immutable') {\n      const value = this[kHeadersSortedMap]\n      return makeIterator(() => value, 'Headers',\n        'value')\n    }\n\n    return makeIterator(\n      () => [...this[kHeadersSortedMap].values()],\n      'Headers',\n      'value'\n    )\n  }\n\n  entries () {\n    webidl.brandCheck(this, Headers)\n\n    if (this[kGuard] === 'immutable') {\n      const value = this[kHeadersSortedMap]\n      return makeIterator(() => value, 'Headers',\n        'key+value')\n    }\n\n    return makeIterator(\n      () => [...this[kHeadersSortedMap].values()],\n      'Headers',\n      'key+value'\n    )\n  }\n\n  /**\n   * @param {(value: string, key: string, self: Headers) => void} callbackFn\n   * @param {unknown} thisArg\n   */\n  forEach (callbackFn, thisArg = globalThis) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Headers.forEach' })\n\n    if (typeof callbackFn !== 'function') {\n      throw new TypeError(\n        \"Failed to execute 'forEach' on 'Headers': parameter 1 is not of type 'Function'.\"\n      )\n    }\n\n    for (const [key, value] of this) {\n      callbackFn.apply(thisArg, [value, key, this])\n    }\n  }\n\n  [Symbol.for('nodejs.util.inspect.custom')] () {\n    webidl.brandCheck(this, Headers)\n\n    return this[kHeadersList]\n  }\n}\n\nHeaders.prototype[Symbol.iterator] = Headers.prototype.entries\n\nObject.defineProperties(Headers.prototype, {\n  append: kEnumerableProperty,\n  delete: kEnumerableProperty,\n  get: kEnumerableProperty,\n  has: kEnumerableProperty,\n  set: kEnumerableProperty,\n  getSetCookie: kEnumerableProperty,\n  keys: kEnumerableProperty,\n  values: kEnumerableProperty,\n  entries: kEnumerableProperty,\n  forEach: kEnumerableProperty,\n  [Symbol.iterator]: { enumerable: false },\n  [Symbol.toStringTag]: {\n    value: 'Headers',\n    configurable: true\n  },\n  [util.inspect.custom]: {\n    enumerable: false\n  }\n})\n\nwebidl.converters.HeadersInit = function (V) {\n  if (webidl.util.Type(V) === 'Object') {\n    if (V[Symbol.iterator]) {\n      return webidl.converters['sequence<sequence<ByteString>>'](V)\n    }\n\n    return webidl.converters['record<ByteString, ByteString>'](V)\n  }\n\n  throw webidl.errors.conversionFailed({\n    prefix: 'Headers constructor',\n    argument: 'Argument 1',\n    types: ['sequence<sequence<ByteString>>', 'record<ByteString, ByteString>']\n  })\n}\n\nmodule.exports = {\n  fill,\n  Headers,\n  HeadersList\n}\n","// https://github.com/Ethan-Arrowood/undici-fetch\n\n'use strict'\n\nconst {\n  Response,\n  makeNetworkError,\n  makeAppropriateNetworkError,\n  filterResponse,\n  makeResponse\n} = require('./response')\nconst { Headers } = require('./headers')\nconst { Request, makeRequest } = require('./request')\nconst zlib = require('zlib')\nconst {\n  bytesMatch,\n  makePolicyContainer,\n  clonePolicyContainer,\n  requestBadPort,\n  TAOCheck,\n  appendRequestOriginHeader,\n  responseLocationURL,\n  requestCurrentURL,\n  setRequestReferrerPolicyOnRedirect,\n  tryUpgradeRequestToAPotentiallyTrustworthyURL,\n  createOpaqueTimingInfo,\n  appendFetchMetadata,\n  corsCheck,\n  crossOriginResourcePolicyCheck,\n  determineRequestsReferrer,\n  coarsenedSharedCurrentTime,\n  createDeferredPromise,\n  isBlobLike,\n  sameOrigin,\n  isCancelled,\n  isAborted,\n  isErrorLike,\n  fullyReadBody,\n  readableStreamClose,\n  isomorphicEncode,\n  urlIsLocal,\n  urlIsHttpHttpsScheme,\n  urlHasHttpsScheme\n} = require('./util')\nconst { kState, kHeaders, kGuard, kRealm } = require('./symbols')\nconst assert = require('assert')\nconst { safelyExtractBody } = require('./body')\nconst {\n  redirectStatusSet,\n  nullBodyStatus,\n  safeMethodsSet,\n  requestBodyHeader,\n  subresourceSet,\n  DOMException\n} = require('./constants')\nconst { kHeadersList } = require('../core/symbols')\nconst EE = require('events')\nconst { Readable, pipeline } = require('stream')\nconst { addAbortListener, isErrored, isReadable, nodeMajor, nodeMinor } = require('../core/util')\nconst { dataURLProcessor, serializeAMimeType } = require('./dataURL')\nconst { TransformStream } = require('stream/web')\nconst { getGlobalDispatcher } = require('../global')\nconst { webidl } = require('./webidl')\nconst { STATUS_CODES } = require('http')\nconst GET_OR_HEAD = ['GET', 'HEAD']\n\n/** @type {import('buffer').resolveObjectURL} */\nlet resolveObjectURL\nlet ReadableStream = globalThis.ReadableStream\n\nclass Fetch extends EE {\n  constructor (dispatcher) {\n    super()\n\n    this.dispatcher = dispatcher\n    this.connection = null\n    this.dump = false\n    this.state = 'ongoing'\n    // 2 terminated listeners get added per request,\n    // but only 1 gets removed. If there are 20 redirects,\n    // 21 listeners will be added.\n    // See https://github.com/nodejs/undici/issues/1711\n    // TODO (fix): Find and fix root cause for leaked listener.\n    this.setMaxListeners(21)\n  }\n\n  terminate (reason) {\n    if (this.state !== 'ongoing') {\n      return\n    }\n\n    this.state = 'terminated'\n    this.connection?.destroy(reason)\n    this.emit('terminated', reason)\n  }\n\n  // https://fetch.spec.whatwg.org/#fetch-controller-abort\n  abort (error) {\n    if (this.state !== 'ongoing') {\n      return\n    }\n\n    // 1. Set controller’s state to \"aborted\".\n    this.state = 'aborted'\n\n    // 2. Let fallbackError be an \"AbortError\" DOMException.\n    // 3. Set error to fallbackError if it is not given.\n    if (!error) {\n      error = new DOMException('The operation was aborted.', 'AbortError')\n    }\n\n    // 4. Let serializedError be StructuredSerialize(error).\n    //    If that threw an exception, catch it, and let\n    //    serializedError be StructuredSerialize(fallbackError).\n\n    // 5. Set controller’s serialized abort reason to serializedError.\n    this.serializedAbortReason = error\n\n    this.connection?.destroy(error)\n    this.emit('terminated', error)\n  }\n}\n\n// https://fetch.spec.whatwg.org/#fetch-method\nfunction fetch (input, init = {}) {\n  webidl.argumentLengthCheck(arguments, 1, { header: 'globalThis.fetch' })\n\n  // 1. Let p be a new promise.\n  const p = createDeferredPromise()\n\n  // 2. Let requestObject be the result of invoking the initial value of\n  // Request as constructor with input and init as arguments. If this throws\n  // an exception, reject p with it and return p.\n  let requestObject\n\n  try {\n    requestObject = new Request(input, init)\n  } catch (e) {\n    p.reject(e)\n    return p.promise\n  }\n\n  // 3. Let request be requestObject’s request.\n  const request = requestObject[kState]\n\n  // 4. If requestObject’s signal’s aborted flag is set, then:\n  if (requestObject.signal.aborted) {\n    // 1. Abort the fetch() call with p, request, null, and\n    //    requestObject’s signal’s abort reason.\n    abortFetch(p, request, null, requestObject.signal.reason)\n\n    // 2. Return p.\n    return p.promise\n  }\n\n  // 5. Let globalObject be request’s client’s global object.\n  const globalObject = request.client.globalObject\n\n  // 6. If globalObject is a ServiceWorkerGlobalScope object, then set\n  // request’s service-workers mode to \"none\".\n  if (globalObject?.constructor?.name === 'ServiceWorkerGlobalScope') {\n    request.serviceWorkers = 'none'\n  }\n\n  // 7. Let responseObject be null.\n  let responseObject = null\n\n  // 8. Let relevantRealm be this’s relevant Realm.\n  const relevantRealm = null\n\n  // 9. Let locallyAborted be false.\n  let locallyAborted = false\n\n  // 10. Let controller be null.\n  let controller = null\n\n  // 11. Add the following abort steps to requestObject’s signal:\n  addAbortListener(\n    requestObject.signal,\n    () => {\n      // 1. Set locallyAborted to true.\n      locallyAborted = true\n\n      // 2. Assert: controller is non-null.\n      assert(controller != null)\n\n      // 3. Abort controller with requestObject’s signal’s abort reason.\n      controller.abort(requestObject.signal.reason)\n\n      // 4. Abort the fetch() call with p, request, responseObject,\n      //    and requestObject’s signal’s abort reason.\n      abortFetch(p, request, responseObject, requestObject.signal.reason)\n    }\n  )\n\n  // 12. Let handleFetchDone given response response be to finalize and\n  // report timing with response, globalObject, and \"fetch\".\n  const handleFetchDone = (response) =>\n    finalizeAndReportTiming(response, 'fetch')\n\n  // 13. Set controller to the result of calling fetch given request,\n  // with processResponseEndOfBody set to handleFetchDone, and processResponse\n  // given response being these substeps:\n\n  const processResponse = (response) => {\n    // 1. If locallyAborted is true, terminate these substeps.\n    if (locallyAborted) {\n      return Promise.resolve()\n    }\n\n    // 2. If response’s aborted flag is set, then:\n    if (response.aborted) {\n      // 1. Let deserializedError be the result of deserialize a serialized\n      //    abort reason given controller’s serialized abort reason and\n      //    relevantRealm.\n\n      // 2. Abort the fetch() call with p, request, responseObject, and\n      //    deserializedError.\n\n      abortFetch(p, request, responseObject, controller.serializedAbortReason)\n      return Promise.resolve()\n    }\n\n    // 3. If response is a network error, then reject p with a TypeError\n    // and terminate these substeps.\n    if (response.type === 'error') {\n      p.reject(\n        Object.assign(new TypeError('fetch failed'), { cause: response.error })\n      )\n      return Promise.resolve()\n    }\n\n    // 4. Set responseObject to the result of creating a Response object,\n    // given response, \"immutable\", and relevantRealm.\n    responseObject = new Response()\n    responseObject[kState] = response\n    responseObject[kRealm] = relevantRealm\n    responseObject[kHeaders][kHeadersList] = response.headersList\n    responseObject[kHeaders][kGuard] = 'immutable'\n    responseObject[kHeaders][kRealm] = relevantRealm\n\n    // 5. Resolve p with responseObject.\n    p.resolve(responseObject)\n  }\n\n  controller = fetching({\n    request,\n    processResponseEndOfBody: handleFetchDone,\n    processResponse,\n    dispatcher: init.dispatcher ?? getGlobalDispatcher() // undici\n  })\n\n  // 14. Return p.\n  return p.promise\n}\n\n// https://fetch.spec.whatwg.org/#finalize-and-report-timing\nfunction finalizeAndReportTiming (response, initiatorType = 'other') {\n  // 1. If response is an aborted network error, then return.\n  if (response.type === 'error' && response.aborted) {\n    return\n  }\n\n  // 2. If response’s URL list is null or empty, then return.\n  if (!response.urlList?.length) {\n    return\n  }\n\n  // 3. Let originalURL be response’s URL list[0].\n  const originalURL = response.urlList[0]\n\n  // 4. Let timingInfo be response’s timing info.\n  let timingInfo = response.timingInfo\n\n  // 5. Let cacheState be response’s cache state.\n  let cacheState = response.cacheState\n\n  // 6. If originalURL’s scheme is not an HTTP(S) scheme, then return.\n  if (!urlIsHttpHttpsScheme(originalURL)) {\n    return\n  }\n\n  // 7. If timingInfo is null, then return.\n  if (timingInfo === null) {\n    return\n  }\n\n  // 8. If response’s timing allow passed flag is not set, then:\n  if (!response.timingAllowPassed) {\n    //  1. Set timingInfo to a the result of creating an opaque timing info for timingInfo.\n    timingInfo = createOpaqueTimingInfo({\n      startTime: timingInfo.startTime\n    })\n\n    //  2. Set cacheState to the empty string.\n    cacheState = ''\n  }\n\n  // 9. Set timingInfo’s end time to the coarsened shared current time\n  // given global’s relevant settings object’s cross-origin isolated\n  // capability.\n  // TODO: given global’s relevant settings object’s cross-origin isolated\n  // capability?\n  timingInfo.endTime = coarsenedSharedCurrentTime()\n\n  // 10. Set response’s timing info to timingInfo.\n  response.timingInfo = timingInfo\n\n  // 11. Mark resource timing for timingInfo, originalURL, initiatorType,\n  // global, and cacheState.\n  markResourceTiming(\n    timingInfo,\n    originalURL,\n    initiatorType,\n    globalThis,\n    cacheState\n  )\n}\n\n// https://w3c.github.io/resource-timing/#dfn-mark-resource-timing\nfunction markResourceTiming (timingInfo, originalURL, initiatorType, globalThis, cacheState) {\n  if (nodeMajor > 18 || (nodeMajor === 18 && nodeMinor >= 2)) {\n    performance.markResourceTiming(timingInfo, originalURL.href, initiatorType, globalThis, cacheState)\n  }\n}\n\n// https://fetch.spec.whatwg.org/#abort-fetch\nfunction abortFetch (p, request, responseObject, error) {\n  // Note: AbortSignal.reason was added in node v17.2.0\n  // which would give us an undefined error to reject with.\n  // Remove this once node v16 is no longer supported.\n  if (!error) {\n    error = new DOMException('The operation was aborted.', 'AbortError')\n  }\n\n  // 1. Reject promise with error.\n  p.reject(error)\n\n  // 2. If request’s body is not null and is readable, then cancel request’s\n  // body with error.\n  if (request.body != null && isReadable(request.body?.stream)) {\n    request.body.stream.cancel(error).catch((err) => {\n      if (err.code === 'ERR_INVALID_STATE') {\n        // Node bug?\n        return\n      }\n      throw err\n    })\n  }\n\n  // 3. If responseObject is null, then return.\n  if (responseObject == null) {\n    return\n  }\n\n  // 4. Let response be responseObject’s response.\n  const response = responseObject[kState]\n\n  // 5. If response’s body is not null and is readable, then error response’s\n  // body with error.\n  if (response.body != null && isReadable(response.body?.stream)) {\n    response.body.stream.cancel(error).catch((err) => {\n      if (err.code === 'ERR_INVALID_STATE') {\n        // Node bug?\n        return\n      }\n      throw err\n    })\n  }\n}\n\n// https://fetch.spec.whatwg.org/#fetching\nfunction fetching ({\n  request,\n  processRequestBodyChunkLength,\n  processRequestEndOfBody,\n  processResponse,\n  processResponseEndOfBody,\n  processResponseConsumeBody,\n  useParallelQueue = false,\n  dispatcher // undici\n}) {\n  // 1. Let taskDestination be null.\n  let taskDestination = null\n\n  // 2. Let crossOriginIsolatedCapability be false.\n  let crossOriginIsolatedCapability = false\n\n  // 3. If request’s client is non-null, then:\n  if (request.client != null) {\n    // 1. Set taskDestination to request’s client’s global object.\n    taskDestination = request.client.globalObject\n\n    // 2. Set crossOriginIsolatedCapability to request’s client’s cross-origin\n    // isolated capability.\n    crossOriginIsolatedCapability =\n      request.client.crossOriginIsolatedCapability\n  }\n\n  // 4. If useParallelQueue is true, then set taskDestination to the result of\n  // starting a new parallel queue.\n  // TODO\n\n  // 5. Let timingInfo be a new fetch timing info whose start time and\n  // post-redirect start time are the coarsened shared current time given\n  // crossOriginIsolatedCapability.\n  const currenTime = coarsenedSharedCurrentTime(crossOriginIsolatedCapability)\n  const timingInfo = createOpaqueTimingInfo({\n    startTime: currenTime\n  })\n\n  // 6. Let fetchParams be a new fetch params whose\n  // request is request,\n  // timing info is timingInfo,\n  // process request body chunk length is processRequestBodyChunkLength,\n  // process request end-of-body is processRequestEndOfBody,\n  // process response is processResponse,\n  // process response consume body is processResponseConsumeBody,\n  // process response end-of-body is processResponseEndOfBody,\n  // task destination is taskDestination,\n  // and cross-origin isolated capability is crossOriginIsolatedCapability.\n  const fetchParams = {\n    controller: new Fetch(dispatcher),\n    request,\n    timingInfo,\n    processRequestBodyChunkLength,\n    processRequestEndOfBody,\n    processResponse,\n    processResponseConsumeBody,\n    processResponseEndOfBody,\n    taskDestination,\n    crossOriginIsolatedCapability\n  }\n\n  // 7. If request’s body is a byte sequence, then set request’s body to\n  //    request’s body as a body.\n  // NOTE: Since fetching is only called from fetch, body should already be\n  // extracted.\n  assert(!request.body || request.body.stream)\n\n  // 8. If request’s window is \"client\", then set request’s window to request’s\n  // client, if request’s client’s global object is a Window object; otherwise\n  // \"no-window\".\n  if (request.window === 'client') {\n    // TODO: What if request.client is null?\n    request.window =\n      request.client?.globalObject?.constructor?.name === 'Window'\n        ? request.client\n        : 'no-window'\n  }\n\n  // 9. If request’s origin is \"client\", then set request’s origin to request’s\n  // client’s origin.\n  if (request.origin === 'client') {\n    // TODO: What if request.client is null?\n    request.origin = request.client?.origin\n  }\n\n  // 10. If all of the following conditions are true:\n  // TODO\n\n  // 11. If request’s policy container is \"client\", then:\n  if (request.policyContainer === 'client') {\n    // 1. If request’s client is non-null, then set request’s policy\n    // container to a clone of request’s client’s policy container. [HTML]\n    if (request.client != null) {\n      request.policyContainer = clonePolicyContainer(\n        request.client.policyContainer\n      )\n    } else {\n      // 2. Otherwise, set request’s policy container to a new policy\n      // container.\n      request.policyContainer = makePolicyContainer()\n    }\n  }\n\n  // 12. If request’s header list does not contain `Accept`, then:\n  if (!request.headersList.contains('accept')) {\n    // 1. Let value be `*/*`.\n    const value = '*/*'\n\n    // 2. A user agent should set value to the first matching statement, if\n    // any, switching on request’s destination:\n    // \"document\"\n    // \"frame\"\n    // \"iframe\"\n    // `text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8`\n    // \"image\"\n    // `image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5`\n    // \"style\"\n    // `text/css,*/*;q=0.1`\n    // TODO\n\n    // 3. Append `Accept`/value to request’s header list.\n    request.headersList.append('accept', value)\n  }\n\n  // 13. If request’s header list does not contain `Accept-Language`, then\n  // user agents should append `Accept-Language`/an appropriate value to\n  // request’s header list.\n  if (!request.headersList.contains('accept-language')) {\n    request.headersList.append('accept-language', '*')\n  }\n\n  // 14. If request’s priority is null, then use request’s initiator and\n  // destination appropriately in setting request’s priority to a\n  // user-agent-defined object.\n  if (request.priority === null) {\n    // TODO\n  }\n\n  // 15. If request is a subresource request, then:\n  if (subresourceSet.has(request.destination)) {\n    // TODO\n  }\n\n  // 16. Run main fetch given fetchParams.\n  mainFetch(fetchParams)\n    .catch(err => {\n      fetchParams.controller.terminate(err)\n    })\n\n  // 17. Return fetchParam's controller\n  return fetchParams.controller\n}\n\n// https://fetch.spec.whatwg.org/#concept-main-fetch\nasync function mainFetch (fetchParams, recursive = false) {\n  // 1. Let request be fetchParams’s request.\n  const request = fetchParams.request\n\n  // 2. Let response be null.\n  let response = null\n\n  // 3. If request’s local-URLs-only flag is set and request’s current URL is\n  // not local, then set response to a network error.\n  if (request.localURLsOnly && !urlIsLocal(requestCurrentURL(request))) {\n    response = makeNetworkError('local URLs only')\n  }\n\n  // 4. Run report Content Security Policy violations for request.\n  // TODO\n\n  // 5. Upgrade request to a potentially trustworthy URL, if appropriate.\n  tryUpgradeRequestToAPotentiallyTrustworthyURL(request)\n\n  // 6. If should request be blocked due to a bad port, should fetching request\n  // be blocked as mixed content, or should request be blocked by Content\n  // Security Policy returns blocked, then set response to a network error.\n  if (requestBadPort(request) === 'blocked') {\n    response = makeNetworkError('bad port')\n  }\n  // TODO: should fetching request be blocked as mixed content?\n  // TODO: should request be blocked by Content Security Policy?\n\n  // 7. If request’s referrer policy is the empty string, then set request’s\n  // referrer policy to request’s policy container’s referrer policy.\n  if (request.referrerPolicy === '') {\n    request.referrerPolicy = request.policyContainer.referrerPolicy\n  }\n\n  // 8. If request’s referrer is not \"no-referrer\", then set request’s\n  // referrer to the result of invoking determine request’s referrer.\n  if (request.referrer !== 'no-referrer') {\n    request.referrer = determineRequestsReferrer(request)\n  }\n\n  // 9. Set request’s current URL’s scheme to \"https\" if all of the following\n  // conditions are true:\n  // - request’s current URL’s scheme is \"http\"\n  // - request’s current URL’s host is a domain\n  // - Matching request’s current URL’s host per Known HSTS Host Domain Name\n  //   Matching results in either a superdomain match with an asserted\n  //   includeSubDomains directive or a congruent match (with or without an\n  //   asserted includeSubDomains directive). [HSTS]\n  // TODO\n\n  // 10. If recursive is false, then run the remaining steps in parallel.\n  // TODO\n\n  // 11. If response is null, then set response to the result of running\n  // the steps corresponding to the first matching statement:\n  if (response === null) {\n    response = await (async () => {\n      const currentURL = requestCurrentURL(request)\n\n      if (\n        // - request’s current URL’s origin is same origin with request’s origin,\n        //   and request’s response tainting is \"basic\"\n        (sameOrigin(currentURL, request.url) && request.responseTainting === 'basic') ||\n        // request’s current URL’s scheme is \"data\"\n        (currentURL.protocol === 'data:') ||\n        // - request’s mode is \"navigate\" or \"websocket\"\n        (request.mode === 'navigate' || request.mode === 'websocket')\n      ) {\n        // 1. Set request’s response tainting to \"basic\".\n        request.responseTainting = 'basic'\n\n        // 2. Return the result of running scheme fetch given fetchParams.\n        return await schemeFetch(fetchParams)\n      }\n\n      // request’s mode is \"same-origin\"\n      if (request.mode === 'same-origin') {\n        // 1. Return a network error.\n        return makeNetworkError('request mode cannot be \"same-origin\"')\n      }\n\n      // request’s mode is \"no-cors\"\n      if (request.mode === 'no-cors') {\n        // 1. If request’s redirect mode is not \"follow\", then return a network\n        // error.\n        if (request.redirect !== 'follow') {\n          return makeNetworkError(\n            'redirect mode cannot be \"follow\" for \"no-cors\" request'\n          )\n        }\n\n        // 2. Set request’s response tainting to \"opaque\".\n        request.responseTainting = 'opaque'\n\n        // 3. Return the result of running scheme fetch given fetchParams.\n        return await schemeFetch(fetchParams)\n      }\n\n      // request’s current URL’s scheme is not an HTTP(S) scheme\n      if (!urlIsHttpHttpsScheme(requestCurrentURL(request))) {\n        // Return a network error.\n        return makeNetworkError('URL scheme must be a HTTP(S) scheme')\n      }\n\n      // - request’s use-CORS-preflight flag is set\n      // - request’s unsafe-request flag is set and either request’s method is\n      //   not a CORS-safelisted method or CORS-unsafe request-header names with\n      //   request’s header list is not empty\n      //    1. Set request’s response tainting to \"cors\".\n      //    2. Let corsWithPreflightResponse be the result of running HTTP fetch\n      //    given fetchParams and true.\n      //    3. If corsWithPreflightResponse is a network error, then clear cache\n      //    entries using request.\n      //    4. Return corsWithPreflightResponse.\n      // TODO\n\n      // Otherwise\n      //    1. Set request’s response tainting to \"cors\".\n      request.responseTainting = 'cors'\n\n      //    2. Return the result of running HTTP fetch given fetchParams.\n      return await httpFetch(fetchParams)\n    })()\n  }\n\n  // 12. If recursive is true, then return response.\n  if (recursive) {\n    return response\n  }\n\n  // 13. If response is not a network error and response is not a filtered\n  // response, then:\n  if (response.status !== 0 && !response.internalResponse) {\n    // If request’s response tainting is \"cors\", then:\n    if (request.responseTainting === 'cors') {\n      // 1. Let headerNames be the result of extracting header list values\n      // given `Access-Control-Expose-Headers` and response’s header list.\n      // TODO\n      // 2. If request’s credentials mode is not \"include\" and headerNames\n      // contains `*`, then set response’s CORS-exposed header-name list to\n      // all unique header names in response’s header list.\n      // TODO\n      // 3. Otherwise, if headerNames is not null or failure, then set\n      // response’s CORS-exposed header-name list to headerNames.\n      // TODO\n    }\n\n    // Set response to the following filtered response with response as its\n    // internal response, depending on request’s response tainting:\n    if (request.responseTainting === 'basic') {\n      response = filterResponse(response, 'basic')\n    } else if (request.responseTainting === 'cors') {\n      response = filterResponse(response, 'cors')\n    } else if (request.responseTainting === 'opaque') {\n      response = filterResponse(response, 'opaque')\n    } else {\n      assert(false)\n    }\n  }\n\n  // 14. Let internalResponse be response, if response is a network error,\n  // and response’s internal response otherwise.\n  let internalResponse =\n    response.status === 0 ? response : response.internalResponse\n\n  // 15. If internalResponse’s URL list is empty, then set it to a clone of\n  // request’s URL list.\n  if (internalResponse.urlList.length === 0) {\n    internalResponse.urlList.push(...request.urlList)\n  }\n\n  // 16. If request’s timing allow failed flag is unset, then set\n  // internalResponse’s timing allow passed flag.\n  if (!request.timingAllowFailed) {\n    response.timingAllowPassed = true\n  }\n\n  // 17. If response is not a network error and any of the following returns\n  // blocked\n  // - should internalResponse to request be blocked as mixed content\n  // - should internalResponse to request be blocked by Content Security Policy\n  // - should internalResponse to request be blocked due to its MIME type\n  // - should internalResponse to request be blocked due to nosniff\n  // TODO\n\n  // 18. If response’s type is \"opaque\", internalResponse’s status is 206,\n  // internalResponse’s range-requested flag is set, and request’s header\n  // list does not contain `Range`, then set response and internalResponse\n  // to a network error.\n  if (\n    response.type === 'opaque' &&\n    internalResponse.status === 206 &&\n    internalResponse.rangeRequested &&\n    !request.headers.contains('range')\n  ) {\n    response = internalResponse = makeNetworkError()\n  }\n\n  // 19. If response is not a network error and either request’s method is\n  // `HEAD` or `CONNECT`, or internalResponse’s status is a null body status,\n  // set internalResponse’s body to null and disregard any enqueuing toward\n  // it (if any).\n  if (\n    response.status !== 0 &&\n    (request.method === 'HEAD' ||\n      request.method === 'CONNECT' ||\n      nullBodyStatus.includes(internalResponse.status))\n  ) {\n    internalResponse.body = null\n    fetchParams.controller.dump = true\n  }\n\n  // 20. If request’s integrity metadata is not the empty string, then:\n  if (request.integrity) {\n    // 1. Let processBodyError be this step: run fetch finale given fetchParams\n    // and a network error.\n    const processBodyError = (reason) =>\n      fetchFinale(fetchParams, makeNetworkError(reason))\n\n    // 2. If request’s response tainting is \"opaque\", or response’s body is null,\n    // then run processBodyError and abort these steps.\n    if (request.responseTainting === 'opaque' || response.body == null) {\n      processBodyError(response.error)\n      return\n    }\n\n    // 3. Let processBody given bytes be these steps:\n    const processBody = (bytes) => {\n      // 1. If bytes do not match request’s integrity metadata,\n      // then run processBodyError and abort these steps. [SRI]\n      if (!bytesMatch(bytes, request.integrity)) {\n        processBodyError('integrity mismatch')\n        return\n      }\n\n      // 2. Set response’s body to bytes as a body.\n      response.body = safelyExtractBody(bytes)[0]\n\n      // 3. Run fetch finale given fetchParams and response.\n      fetchFinale(fetchParams, response)\n    }\n\n    // 4. Fully read response’s body given processBody and processBodyError.\n    await fullyReadBody(response.body, processBody, processBodyError)\n  } else {\n    // 21. Otherwise, run fetch finale given fetchParams and response.\n    fetchFinale(fetchParams, response)\n  }\n}\n\n// https://fetch.spec.whatwg.org/#concept-scheme-fetch\n// given a fetch params fetchParams\nfunction schemeFetch (fetchParams) {\n  // Note: since the connection is destroyed on redirect, which sets fetchParams to a\n  // cancelled state, we do not want this condition to trigger *unless* there have been\n  // no redirects. See https://github.com/nodejs/undici/issues/1776\n  // 1. If fetchParams is canceled, then return the appropriate network error for fetchParams.\n  if (isCancelled(fetchParams) && fetchParams.request.redirectCount === 0) {\n    return Promise.resolve(makeAppropriateNetworkError(fetchParams))\n  }\n\n  // 2. Let request be fetchParams’s request.\n  const { request } = fetchParams\n\n  const { protocol: scheme } = requestCurrentURL(request)\n\n  // 3. Switch on request’s current URL’s scheme and run the associated steps:\n  switch (scheme) {\n    case 'about:': {\n      // If request’s current URL’s path is the string \"blank\", then return a new response\n      // whose status message is `OK`, header list is « (`Content-Type`, `text/html;charset=utf-8`) »,\n      // and body is the empty byte sequence as a body.\n\n      // Otherwise, return a network error.\n      return Promise.resolve(makeNetworkError('about scheme is not supported'))\n    }\n    case 'blob:': {\n      if (!resolveObjectURL) {\n        resolveObjectURL = require('buffer').resolveObjectURL\n      }\n\n      // 1. Let blobURLEntry be request’s current URL’s blob URL entry.\n      const blobURLEntry = requestCurrentURL(request)\n\n      // https://github.com/web-platform-tests/wpt/blob/7b0ebaccc62b566a1965396e5be7bb2bc06f841f/FileAPI/url/resources/fetch-tests.js#L52-L56\n      // Buffer.resolveObjectURL does not ignore URL queries.\n      if (blobURLEntry.search.length !== 0) {\n        return Promise.resolve(makeNetworkError('NetworkError when attempting to fetch resource.'))\n      }\n\n      const blobURLEntryObject = resolveObjectURL(blobURLEntry.toString())\n\n      // 2. If request’s method is not `GET`, blobURLEntry is null, or blobURLEntry’s\n      //    object is not a Blob object, then return a network error.\n      if (request.method !== 'GET' || !isBlobLike(blobURLEntryObject)) {\n        return Promise.resolve(makeNetworkError('invalid method'))\n      }\n\n      // 3. Let bodyWithType be the result of safely extracting blobURLEntry’s object.\n      const bodyWithType = safelyExtractBody(blobURLEntryObject)\n\n      // 4. Let body be bodyWithType’s body.\n      const body = bodyWithType[0]\n\n      // 5. Let length be body’s length, serialized and isomorphic encoded.\n      const length = isomorphicEncode(`${body.length}`)\n\n      // 6. Let type be bodyWithType’s type if it is non-null; otherwise the empty byte sequence.\n      const type = bodyWithType[1] ?? ''\n\n      // 7. Return a new response whose status message is `OK`, header list is\n      //    « (`Content-Length`, length), (`Content-Type`, type) », and body is body.\n      const response = makeResponse({\n        statusText: 'OK',\n        headersList: [\n          ['content-length', { name: 'Content-Length', value: length }],\n          ['content-type', { name: 'Content-Type', value: type }]\n        ]\n      })\n\n      response.body = body\n\n      return Promise.resolve(response)\n    }\n    case 'data:': {\n      // 1. Let dataURLStruct be the result of running the\n      //    data: URL processor on request’s current URL.\n      const currentURL = requestCurrentURL(request)\n      const dataURLStruct = dataURLProcessor(currentURL)\n\n      // 2. If dataURLStruct is failure, then return a\n      //    network error.\n      if (dataURLStruct === 'failure') {\n        return Promise.resolve(makeNetworkError('failed to fetch the data URL'))\n      }\n\n      // 3. Let mimeType be dataURLStruct’s MIME type, serialized.\n      const mimeType = serializeAMimeType(dataURLStruct.mimeType)\n\n      // 4. Return a response whose status message is `OK`,\n      //    header list is « (`Content-Type`, mimeType) »,\n      //    and body is dataURLStruct’s body as a body.\n      return Promise.resolve(makeResponse({\n        statusText: 'OK',\n        headersList: [\n          ['content-type', { name: 'Content-Type', value: mimeType }]\n        ],\n        body: safelyExtractBody(dataURLStruct.body)[0]\n      }))\n    }\n    case 'file:': {\n      // For now, unfortunate as it is, file URLs are left as an exercise for the reader.\n      // When in doubt, return a network error.\n      return Promise.resolve(makeNetworkError('not implemented... yet...'))\n    }\n    case 'http:':\n    case 'https:': {\n      // Return the result of running HTTP fetch given fetchParams.\n\n      return httpFetch(fetchParams)\n        .catch((err) => makeNetworkError(err))\n    }\n    default: {\n      return Promise.resolve(makeNetworkError('unknown scheme'))\n    }\n  }\n}\n\n// https://fetch.spec.whatwg.org/#finalize-response\nfunction finalizeResponse (fetchParams, response) {\n  // 1. Set fetchParams’s request’s done flag.\n  fetchParams.request.done = true\n\n  // 2, If fetchParams’s process response done is not null, then queue a fetch\n  // task to run fetchParams’s process response done given response, with\n  // fetchParams’s task destination.\n  if (fetchParams.processResponseDone != null) {\n    queueMicrotask(() => fetchParams.processResponseDone(response))\n  }\n}\n\n// https://fetch.spec.whatwg.org/#fetch-finale\nfunction fetchFinale (fetchParams, response) {\n  // 1. If response is a network error, then:\n  if (response.type === 'error') {\n    // 1. Set response’s URL list to « fetchParams’s request’s URL list[0] ».\n    response.urlList = [fetchParams.request.urlList[0]]\n\n    // 2. Set response’s timing info to the result of creating an opaque timing\n    // info for fetchParams’s timing info.\n    response.timingInfo = createOpaqueTimingInfo({\n      startTime: fetchParams.timingInfo.startTime\n    })\n  }\n\n  // 2. Let processResponseEndOfBody be the following steps:\n  const processResponseEndOfBody = () => {\n    // 1. Set fetchParams’s request’s done flag.\n    fetchParams.request.done = true\n\n    // If fetchParams’s process response end-of-body is not null,\n    // then queue a fetch task to run fetchParams’s process response\n    // end-of-body given response with fetchParams’s task destination.\n    if (fetchParams.processResponseEndOfBody != null) {\n      queueMicrotask(() => fetchParams.processResponseEndOfBody(response))\n    }\n  }\n\n  // 3. If fetchParams’s process response is non-null, then queue a fetch task\n  // to run fetchParams’s process response given response, with fetchParams’s\n  // task destination.\n  if (fetchParams.processResponse != null) {\n    queueMicrotask(() => fetchParams.processResponse(response))\n  }\n\n  // 4. If response’s body is null, then run processResponseEndOfBody.\n  if (response.body == null) {\n    processResponseEndOfBody()\n  } else {\n  // 5. Otherwise:\n\n    // 1. Let transformStream be a new a TransformStream.\n\n    // 2. Let identityTransformAlgorithm be an algorithm which, given chunk,\n    // enqueues chunk in transformStream.\n    const identityTransformAlgorithm = (chunk, controller) => {\n      controller.enqueue(chunk)\n    }\n\n    // 3. Set up transformStream with transformAlgorithm set to identityTransformAlgorithm\n    // and flushAlgorithm set to processResponseEndOfBody.\n    const transformStream = new TransformStream({\n      start () {},\n      transform: identityTransformAlgorithm,\n      flush: processResponseEndOfBody\n    }, {\n      size () {\n        return 1\n      }\n    }, {\n      size () {\n        return 1\n      }\n    })\n\n    // 4. Set response’s body to the result of piping response’s body through transformStream.\n    response.body = { stream: response.body.stream.pipeThrough(transformStream) }\n  }\n\n  // 6. If fetchParams’s process response consume body is non-null, then:\n  if (fetchParams.processResponseConsumeBody != null) {\n    // 1. Let processBody given nullOrBytes be this step: run fetchParams’s\n    // process response consume body given response and nullOrBytes.\n    const processBody = (nullOrBytes) => fetchParams.processResponseConsumeBody(response, nullOrBytes)\n\n    // 2. Let processBodyError be this step: run fetchParams’s process\n    // response consume body given response and failure.\n    const processBodyError = (failure) => fetchParams.processResponseConsumeBody(response, failure)\n\n    // 3. If response’s body is null, then queue a fetch task to run processBody\n    // given null, with fetchParams’s task destination.\n    if (response.body == null) {\n      queueMicrotask(() => processBody(null))\n    } else {\n      // 4. Otherwise, fully read response’s body given processBody, processBodyError,\n      // and fetchParams’s task destination.\n      return fullyReadBody(response.body, processBody, processBodyError)\n    }\n    return Promise.resolve()\n  }\n}\n\n// https://fetch.spec.whatwg.org/#http-fetch\nasync function httpFetch (fetchParams) {\n  // 1. Let request be fetchParams’s request.\n  const request = fetchParams.request\n\n  // 2. Let response be null.\n  let response = null\n\n  // 3. Let actualResponse be null.\n  let actualResponse = null\n\n  // 4. Let timingInfo be fetchParams’s timing info.\n  const timingInfo = fetchParams.timingInfo\n\n  // 5. If request’s service-workers mode is \"all\", then:\n  if (request.serviceWorkers === 'all') {\n    // TODO\n  }\n\n  // 6. If response is null, then:\n  if (response === null) {\n    // 1. If makeCORSPreflight is true and one of these conditions is true:\n    // TODO\n\n    // 2. If request’s redirect mode is \"follow\", then set request’s\n    // service-workers mode to \"none\".\n    if (request.redirect === 'follow') {\n      request.serviceWorkers = 'none'\n    }\n\n    // 3. Set response and actualResponse to the result of running\n    // HTTP-network-or-cache fetch given fetchParams.\n    actualResponse = response = await httpNetworkOrCacheFetch(fetchParams)\n\n    // 4. If request’s response tainting is \"cors\" and a CORS check\n    // for request and response returns failure, then return a network error.\n    if (\n      request.responseTainting === 'cors' &&\n      corsCheck(request, response) === 'failure'\n    ) {\n      return makeNetworkError('cors failure')\n    }\n\n    // 5. If the TAO check for request and response returns failure, then set\n    // request’s timing allow failed flag.\n    if (TAOCheck(request, response) === 'failure') {\n      request.timingAllowFailed = true\n    }\n  }\n\n  // 7. If either request’s response tainting or response’s type\n  // is \"opaque\", and the cross-origin resource policy check with\n  // request’s origin, request’s client, request’s destination,\n  // and actualResponse returns blocked, then return a network error.\n  if (\n    (request.responseTainting === 'opaque' || response.type === 'opaque') &&\n    crossOriginResourcePolicyCheck(\n      request.origin,\n      request.client,\n      request.destination,\n      actualResponse\n    ) === 'blocked'\n  ) {\n    return makeNetworkError('blocked')\n  }\n\n  // 8. If actualResponse’s status is a redirect status, then:\n  if (redirectStatusSet.has(actualResponse.status)) {\n    // 1. If actualResponse’s status is not 303, request’s body is not null,\n    // and the connection uses HTTP/2, then user agents may, and are even\n    // encouraged to, transmit an RST_STREAM frame.\n    // See, https://github.com/whatwg/fetch/issues/1288\n    if (request.redirect !== 'manual') {\n      fetchParams.controller.connection.destroy()\n    }\n\n    // 2. Switch on request’s redirect mode:\n    if (request.redirect === 'error') {\n      // Set response to a network error.\n      response = makeNetworkError('unexpected redirect')\n    } else if (request.redirect === 'manual') {\n      // Set response to an opaque-redirect filtered response whose internal\n      // response is actualResponse.\n      // NOTE(spec): On the web this would return an `opaqueredirect` response,\n      // but that doesn't make sense server side.\n      // See https://github.com/nodejs/undici/issues/1193.\n      response = actualResponse\n    } else if (request.redirect === 'follow') {\n      // Set response to the result of running HTTP-redirect fetch given\n      // fetchParams and response.\n      response = await httpRedirectFetch(fetchParams, response)\n    } else {\n      assert(false)\n    }\n  }\n\n  // 9. Set response’s timing info to timingInfo.\n  response.timingInfo = timingInfo\n\n  // 10. Return response.\n  return response\n}\n\n// https://fetch.spec.whatwg.org/#http-redirect-fetch\nfunction httpRedirectFetch (fetchParams, response) {\n  // 1. Let request be fetchParams’s request.\n  const request = fetchParams.request\n\n  // 2. Let actualResponse be response, if response is not a filtered response,\n  // and response’s internal response otherwise.\n  const actualResponse = response.internalResponse\n    ? response.internalResponse\n    : response\n\n  // 3. Let locationURL be actualResponse’s location URL given request’s current\n  // URL’s fragment.\n  let locationURL\n\n  try {\n    locationURL = responseLocationURL(\n      actualResponse,\n      requestCurrentURL(request).hash\n    )\n\n    // 4. If locationURL is null, then return response.\n    if (locationURL == null) {\n      return response\n    }\n  } catch (err) {\n    // 5. If locationURL is failure, then return a network error.\n    return Promise.resolve(makeNetworkError(err))\n  }\n\n  // 6. If locationURL’s scheme is not an HTTP(S) scheme, then return a network\n  // error.\n  if (!urlIsHttpHttpsScheme(locationURL)) {\n    return Promise.resolve(makeNetworkError('URL scheme must be a HTTP(S) scheme'))\n  }\n\n  // 7. If request’s redirect count is 20, then return a network error.\n  if (request.redirectCount === 20) {\n    return Promise.resolve(makeNetworkError('redirect count exceeded'))\n  }\n\n  // 8. Increase request’s redirect count by 1.\n  request.redirectCount += 1\n\n  // 9. If request’s mode is \"cors\", locationURL includes credentials, and\n  // request’s origin is not same origin with locationURL’s origin, then return\n  //  a network error.\n  if (\n    request.mode === 'cors' &&\n    (locationURL.username || locationURL.password) &&\n    !sameOrigin(request, locationURL)\n  ) {\n    return Promise.resolve(makeNetworkError('cross origin not allowed for request mode \"cors\"'))\n  }\n\n  // 10. If request’s response tainting is \"cors\" and locationURL includes\n  // credentials, then return a network error.\n  if (\n    request.responseTainting === 'cors' &&\n    (locationURL.username || locationURL.password)\n  ) {\n    return Promise.resolve(makeNetworkError(\n      'URL cannot contain credentials for request mode \"cors\"'\n    ))\n  }\n\n  // 11. If actualResponse’s status is not 303, request’s body is non-null,\n  // and request’s body’s source is null, then return a network error.\n  if (\n    actualResponse.status !== 303 &&\n    request.body != null &&\n    request.body.source == null\n  ) {\n    return Promise.resolve(makeNetworkError())\n  }\n\n  // 12. If one of the following is true\n  // - actualResponse’s status is 301 or 302 and request’s method is `POST`\n  // - actualResponse’s status is 303 and request’s method is not `GET` or `HEAD`\n  if (\n    ([301, 302].includes(actualResponse.status) && request.method === 'POST') ||\n    (actualResponse.status === 303 &&\n      !GET_OR_HEAD.includes(request.method))\n  ) {\n    // then:\n    // 1. Set request’s method to `GET` and request’s body to null.\n    request.method = 'GET'\n    request.body = null\n\n    // 2. For each headerName of request-body-header name, delete headerName from\n    // request’s header list.\n    for (const headerName of requestBodyHeader) {\n      request.headersList.delete(headerName)\n    }\n  }\n\n  // 13. If request’s current URL’s origin is not same origin with locationURL’s\n  //     origin, then for each headerName of CORS non-wildcard request-header name,\n  //     delete headerName from request’s header list.\n  if (!sameOrigin(requestCurrentURL(request), locationURL)) {\n    // https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name\n    request.headersList.delete('authorization')\n\n    // https://fetch.spec.whatwg.org/#authentication-entries\n    request.headersList.delete('proxy-authorization', true)\n\n    // \"Cookie\" and \"Host\" are forbidden request-headers, which undici doesn't implement.\n    request.headersList.delete('cookie')\n    request.headersList.delete('host')\n  }\n\n  // 14. If request’s body is non-null, then set request’s body to the first return\n  // value of safely extracting request’s body’s source.\n  if (request.body != null) {\n    assert(request.body.source != null)\n    request.body = safelyExtractBody(request.body.source)[0]\n  }\n\n  // 15. Let timingInfo be fetchParams’s timing info.\n  const timingInfo = fetchParams.timingInfo\n\n  // 16. Set timingInfo’s redirect end time and post-redirect start time to the\n  // coarsened shared current time given fetchParams’s cross-origin isolated\n  // capability.\n  timingInfo.redirectEndTime = timingInfo.postRedirectStartTime =\n    coarsenedSharedCurrentTime(fetchParams.crossOriginIsolatedCapability)\n\n  // 17. If timingInfo’s redirect start time is 0, then set timingInfo’s\n  //  redirect start time to timingInfo’s start time.\n  if (timingInfo.redirectStartTime === 0) {\n    timingInfo.redirectStartTime = timingInfo.startTime\n  }\n\n  // 18. Append locationURL to request’s URL list.\n  request.urlList.push(locationURL)\n\n  // 19. Invoke set request’s referrer policy on redirect on request and\n  // actualResponse.\n  setRequestReferrerPolicyOnRedirect(request, actualResponse)\n\n  // 20. Return the result of running main fetch given fetchParams and true.\n  return mainFetch(fetchParams, true)\n}\n\n// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch\nasync function httpNetworkOrCacheFetch (\n  fetchParams,\n  isAuthenticationFetch = false,\n  isNewConnectionFetch = false\n) {\n  // 1. Let request be fetchParams’s request.\n  const request = fetchParams.request\n\n  // 2. Let httpFetchParams be null.\n  let httpFetchParams = null\n\n  // 3. Let httpRequest be null.\n  let httpRequest = null\n\n  // 4. Let response be null.\n  let response = null\n\n  // 5. Let storedResponse be null.\n  // TODO: cache\n\n  // 6. Let httpCache be null.\n  const httpCache = null\n\n  // 7. Let the revalidatingFlag be unset.\n  const revalidatingFlag = false\n\n  // 8. Run these steps, but abort when the ongoing fetch is terminated:\n\n  //    1. If request’s window is \"no-window\" and request’s redirect mode is\n  //    \"error\", then set httpFetchParams to fetchParams and httpRequest to\n  //    request.\n  if (request.window === 'no-window' && request.redirect === 'error') {\n    httpFetchParams = fetchParams\n    httpRequest = request\n  } else {\n    // Otherwise:\n\n    // 1. Set httpRequest to a clone of request.\n    httpRequest = makeRequest(request)\n\n    // 2. Set httpFetchParams to a copy of fetchParams.\n    httpFetchParams = { ...fetchParams }\n\n    // 3. Set httpFetchParams’s request to httpRequest.\n    httpFetchParams.request = httpRequest\n  }\n\n  //    3. Let includeCredentials be true if one of\n  const includeCredentials =\n    request.credentials === 'include' ||\n    (request.credentials === 'same-origin' &&\n      request.responseTainting === 'basic')\n\n  //    4. Let contentLength be httpRequest’s body’s length, if httpRequest’s\n  //    body is non-null; otherwise null.\n  const contentLength = httpRequest.body ? httpRequest.body.length : null\n\n  //    5. Let contentLengthHeaderValue be null.\n  let contentLengthHeaderValue = null\n\n  //    6. If httpRequest’s body is null and httpRequest’s method is `POST` or\n  //    `PUT`, then set contentLengthHeaderValue to `0`.\n  if (\n    httpRequest.body == null &&\n    ['POST', 'PUT'].includes(httpRequest.method)\n  ) {\n    contentLengthHeaderValue = '0'\n  }\n\n  //    7. If contentLength is non-null, then set contentLengthHeaderValue to\n  //    contentLength, serialized and isomorphic encoded.\n  if (contentLength != null) {\n    contentLengthHeaderValue = isomorphicEncode(`${contentLength}`)\n  }\n\n  //    8. If contentLengthHeaderValue is non-null, then append\n  //    `Content-Length`/contentLengthHeaderValue to httpRequest’s header\n  //    list.\n  if (contentLengthHeaderValue != null) {\n    httpRequest.headersList.append('content-length', contentLengthHeaderValue)\n  }\n\n  //    9. If contentLengthHeaderValue is non-null, then append (`Content-Length`,\n  //    contentLengthHeaderValue) to httpRequest’s header list.\n\n  //    10. If contentLength is non-null and httpRequest’s keepalive is true,\n  //    then:\n  if (contentLength != null && httpRequest.keepalive) {\n    // NOTE: keepalive is a noop outside of browser context.\n  }\n\n  //    11. If httpRequest’s referrer is a URL, then append\n  //    `Referer`/httpRequest’s referrer, serialized and isomorphic encoded,\n  //     to httpRequest’s header list.\n  if (httpRequest.referrer instanceof URL) {\n    httpRequest.headersList.append('referer', isomorphicEncode(httpRequest.referrer.href))\n  }\n\n  //    12. Append a request `Origin` header for httpRequest.\n  appendRequestOriginHeader(httpRequest)\n\n  //    13. Append the Fetch metadata headers for httpRequest. [FETCH-METADATA]\n  appendFetchMetadata(httpRequest)\n\n  //    14. If httpRequest’s header list does not contain `User-Agent`, then\n  //    user agents should append `User-Agent`/default `User-Agent` value to\n  //    httpRequest’s header list.\n  if (!httpRequest.headersList.contains('user-agent')) {\n    httpRequest.headersList.append('user-agent', typeof esbuildDetection === 'undefined' ? 'undici' : 'node')\n  }\n\n  //    15. If httpRequest’s cache mode is \"default\" and httpRequest’s header\n  //    list contains `If-Modified-Since`, `If-None-Match`,\n  //    `If-Unmodified-Since`, `If-Match`, or `If-Range`, then set\n  //    httpRequest’s cache mode to \"no-store\".\n  if (\n    httpRequest.cache === 'default' &&\n    (httpRequest.headersList.contains('if-modified-since') ||\n      httpRequest.headersList.contains('if-none-match') ||\n      httpRequest.headersList.contains('if-unmodified-since') ||\n      httpRequest.headersList.contains('if-match') ||\n      httpRequest.headersList.contains('if-range'))\n  ) {\n    httpRequest.cache = 'no-store'\n  }\n\n  //    16. If httpRequest’s cache mode is \"no-cache\", httpRequest’s prevent\n  //    no-cache cache-control header modification flag is unset, and\n  //    httpRequest’s header list does not contain `Cache-Control`, then append\n  //    `Cache-Control`/`max-age=0` to httpRequest’s header list.\n  if (\n    httpRequest.cache === 'no-cache' &&\n    !httpRequest.preventNoCacheCacheControlHeaderModification &&\n    !httpRequest.headersList.contains('cache-control')\n  ) {\n    httpRequest.headersList.append('cache-control', 'max-age=0')\n  }\n\n  //    17. If httpRequest’s cache mode is \"no-store\" or \"reload\", then:\n  if (httpRequest.cache === 'no-store' || httpRequest.cache === 'reload') {\n    // 1. If httpRequest’s header list does not contain `Pragma`, then append\n    // `Pragma`/`no-cache` to httpRequest’s header list.\n    if (!httpRequest.headersList.contains('pragma')) {\n      httpRequest.headersList.append('pragma', 'no-cache')\n    }\n\n    // 2. If httpRequest’s header list does not contain `Cache-Control`,\n    // then append `Cache-Control`/`no-cache` to httpRequest’s header list.\n    if (!httpRequest.headersList.contains('cache-control')) {\n      httpRequest.headersList.append('cache-control', 'no-cache')\n    }\n  }\n\n  //    18. If httpRequest’s header list contains `Range`, then append\n  //    `Accept-Encoding`/`identity` to httpRequest’s header list.\n  if (httpRequest.headersList.contains('range')) {\n    httpRequest.headersList.append('accept-encoding', 'identity')\n  }\n\n  //    19. Modify httpRequest’s header list per HTTP. Do not append a given\n  //    header if httpRequest’s header list contains that header’s name.\n  //    TODO: https://github.com/whatwg/fetch/issues/1285#issuecomment-896560129\n  if (!httpRequest.headersList.contains('accept-encoding')) {\n    if (urlHasHttpsScheme(requestCurrentURL(httpRequest))) {\n      httpRequest.headersList.append('accept-encoding', 'br, gzip, deflate')\n    } else {\n      httpRequest.headersList.append('accept-encoding', 'gzip, deflate')\n    }\n  }\n\n  httpRequest.headersList.delete('host')\n\n  //    20. If includeCredentials is true, then:\n  if (includeCredentials) {\n    // 1. If the user agent is not configured to block cookies for httpRequest\n    // (see section 7 of [COOKIES]), then:\n    // TODO: credentials\n    // 2. If httpRequest’s header list does not contain `Authorization`, then:\n    // TODO: credentials\n  }\n\n  //    21. If there’s a proxy-authentication entry, use it as appropriate.\n  //    TODO: proxy-authentication\n\n  //    22. Set httpCache to the result of determining the HTTP cache\n  //    partition, given httpRequest.\n  //    TODO: cache\n\n  //    23. If httpCache is null, then set httpRequest’s cache mode to\n  //    \"no-store\".\n  if (httpCache == null) {\n    httpRequest.cache = 'no-store'\n  }\n\n  //    24. If httpRequest’s cache mode is neither \"no-store\" nor \"reload\",\n  //    then:\n  if (httpRequest.mode !== 'no-store' && httpRequest.mode !== 'reload') {\n    // TODO: cache\n  }\n\n  // 9. If aborted, then return the appropriate network error for fetchParams.\n  // TODO\n\n  // 10. If response is null, then:\n  if (response == null) {\n    // 1. If httpRequest’s cache mode is \"only-if-cached\", then return a\n    // network error.\n    if (httpRequest.mode === 'only-if-cached') {\n      return makeNetworkError('only if cached')\n    }\n\n    // 2. Let forwardResponse be the result of running HTTP-network fetch\n    // given httpFetchParams, includeCredentials, and isNewConnectionFetch.\n    const forwardResponse = await httpNetworkFetch(\n      httpFetchParams,\n      includeCredentials,\n      isNewConnectionFetch\n    )\n\n    // 3. If httpRequest’s method is unsafe and forwardResponse’s status is\n    // in the range 200 to 399, inclusive, invalidate appropriate stored\n    // responses in httpCache, as per the \"Invalidation\" chapter of HTTP\n    // Caching, and set storedResponse to null. [HTTP-CACHING]\n    if (\n      !safeMethodsSet.has(httpRequest.method) &&\n      forwardResponse.status >= 200 &&\n      forwardResponse.status <= 399\n    ) {\n      // TODO: cache\n    }\n\n    // 4. If the revalidatingFlag is set and forwardResponse’s status is 304,\n    // then:\n    if (revalidatingFlag && forwardResponse.status === 304) {\n      // TODO: cache\n    }\n\n    // 5. If response is null, then:\n    if (response == null) {\n      // 1. Set response to forwardResponse.\n      response = forwardResponse\n\n      // 2. Store httpRequest and forwardResponse in httpCache, as per the\n      // \"Storing Responses in Caches\" chapter of HTTP Caching. [HTTP-CACHING]\n      // TODO: cache\n    }\n  }\n\n  // 11. Set response’s URL list to a clone of httpRequest’s URL list.\n  response.urlList = [...httpRequest.urlList]\n\n  // 12. If httpRequest’s header list contains `Range`, then set response’s\n  // range-requested flag.\n  if (httpRequest.headersList.contains('range')) {\n    response.rangeRequested = true\n  }\n\n  // 13. Set response’s request-includes-credentials to includeCredentials.\n  response.requestIncludesCredentials = includeCredentials\n\n  // 14. If response’s status is 401, httpRequest’s response tainting is not\n  // \"cors\", includeCredentials is true, and request’s window is an environment\n  // settings object, then:\n  // TODO\n\n  // 15. If response’s status is 407, then:\n  if (response.status === 407) {\n    // 1. If request’s window is \"no-window\", then return a network error.\n    if (request.window === 'no-window') {\n      return makeNetworkError()\n    }\n\n    // 2. ???\n\n    // 3. If fetchParams is canceled, then return the appropriate network error for fetchParams.\n    if (isCancelled(fetchParams)) {\n      return makeAppropriateNetworkError(fetchParams)\n    }\n\n    // 4. Prompt the end user as appropriate in request’s window and store\n    // the result as a proxy-authentication entry. [HTTP-AUTH]\n    // TODO: Invoke some kind of callback?\n\n    // 5. Set response to the result of running HTTP-network-or-cache fetch given\n    // fetchParams.\n    // TODO\n    return makeNetworkError('proxy authentication required')\n  }\n\n  // 16. If all of the following are true\n  if (\n    // response’s status is 421\n    response.status === 421 &&\n    // isNewConnectionFetch is false\n    !isNewConnectionFetch &&\n    // request’s body is null, or request’s body is non-null and request’s body’s source is non-null\n    (request.body == null || request.body.source != null)\n  ) {\n    // then:\n\n    // 1. If fetchParams is canceled, then return the appropriate network error for fetchParams.\n    if (isCancelled(fetchParams)) {\n      return makeAppropriateNetworkError(fetchParams)\n    }\n\n    // 2. Set response to the result of running HTTP-network-or-cache\n    // fetch given fetchParams, isAuthenticationFetch, and true.\n\n    // TODO (spec): The spec doesn't specify this but we need to cancel\n    // the active response before we can start a new one.\n    // https://github.com/whatwg/fetch/issues/1293\n    fetchParams.controller.connection.destroy()\n\n    response = await httpNetworkOrCacheFetch(\n      fetchParams,\n      isAuthenticationFetch,\n      true\n    )\n  }\n\n  // 17. If isAuthenticationFetch is true, then create an authentication entry\n  if (isAuthenticationFetch) {\n    // TODO\n  }\n\n  // 18. Return response.\n  return response\n}\n\n// https://fetch.spec.whatwg.org/#http-network-fetch\nasync function httpNetworkFetch (\n  fetchParams,\n  includeCredentials = false,\n  forceNewConnection = false\n) {\n  assert(!fetchParams.controller.connection || fetchParams.controller.connection.destroyed)\n\n  fetchParams.controller.connection = {\n    abort: null,\n    destroyed: false,\n    destroy (err) {\n      if (!this.destroyed) {\n        this.destroyed = true\n        this.abort?.(err ?? new DOMException('The operation was aborted.', 'AbortError'))\n      }\n    }\n  }\n\n  // 1. Let request be fetchParams’s request.\n  const request = fetchParams.request\n\n  // 2. Let response be null.\n  let response = null\n\n  // 3. Let timingInfo be fetchParams’s timing info.\n  const timingInfo = fetchParams.timingInfo\n\n  // 4. Let httpCache be the result of determining the HTTP cache partition,\n  // given request.\n  // TODO: cache\n  const httpCache = null\n\n  // 5. If httpCache is null, then set request’s cache mode to \"no-store\".\n  if (httpCache == null) {\n    request.cache = 'no-store'\n  }\n\n  // 6. Let networkPartitionKey be the result of determining the network\n  // partition key given request.\n  // TODO\n\n  // 7. Let newConnection be \"yes\" if forceNewConnection is true; otherwise\n  // \"no\".\n  const newConnection = forceNewConnection ? 'yes' : 'no' // eslint-disable-line no-unused-vars\n\n  // 8. Switch on request’s mode:\n  if (request.mode === 'websocket') {\n    // Let connection be the result of obtaining a WebSocket connection,\n    // given request’s current URL.\n    // TODO\n  } else {\n    // Let connection be the result of obtaining a connection, given\n    // networkPartitionKey, request’s current URL’s origin,\n    // includeCredentials, and forceNewConnection.\n    // TODO\n  }\n\n  // 9. Run these steps, but abort when the ongoing fetch is terminated:\n\n  //    1. If connection is failure, then return a network error.\n\n  //    2. Set timingInfo’s final connection timing info to the result of\n  //    calling clamp and coarsen connection timing info with connection’s\n  //    timing info, timingInfo’s post-redirect start time, and fetchParams’s\n  //    cross-origin isolated capability.\n\n  //    3. If connection is not an HTTP/2 connection, request’s body is non-null,\n  //    and request’s body’s source is null, then append (`Transfer-Encoding`,\n  //    `chunked`) to request’s header list.\n\n  //    4. Set timingInfo’s final network-request start time to the coarsened\n  //    shared current time given fetchParams’s cross-origin isolated\n  //    capability.\n\n  //    5. Set response to the result of making an HTTP request over connection\n  //    using request with the following caveats:\n\n  //        - Follow the relevant requirements from HTTP. [HTTP] [HTTP-SEMANTICS]\n  //        [HTTP-COND] [HTTP-CACHING] [HTTP-AUTH]\n\n  //        - If request’s body is non-null, and request’s body’s source is null,\n  //        then the user agent may have a buffer of up to 64 kibibytes and store\n  //        a part of request’s body in that buffer. If the user agent reads from\n  //        request’s body beyond that buffer’s size and the user agent needs to\n  //        resend request, then instead return a network error.\n\n  //        - Set timingInfo’s final network-response start time to the coarsened\n  //        shared current time given fetchParams’s cross-origin isolated capability,\n  //        immediately after the user agent’s HTTP parser receives the first byte\n  //        of the response (e.g., frame header bytes for HTTP/2 or response status\n  //        line for HTTP/1.x).\n\n  //        - Wait until all the headers are transmitted.\n\n  //        - Any responses whose status is in the range 100 to 199, inclusive,\n  //        and is not 101, are to be ignored, except for the purposes of setting\n  //        timingInfo’s final network-response start time above.\n\n  //    - If request’s header list contains `Transfer-Encoding`/`chunked` and\n  //    response is transferred via HTTP/1.0 or older, then return a network\n  //    error.\n\n  //    - If the HTTP request results in a TLS client certificate dialog, then:\n\n  //        1. If request’s window is an environment settings object, make the\n  //        dialog available in request’s window.\n\n  //        2. Otherwise, return a network error.\n\n  // To transmit request’s body body, run these steps:\n  let requestBody = null\n  // 1. If body is null and fetchParams’s process request end-of-body is\n  // non-null, then queue a fetch task given fetchParams’s process request\n  // end-of-body and fetchParams’s task destination.\n  if (request.body == null && fetchParams.processRequestEndOfBody) {\n    queueMicrotask(() => fetchParams.processRequestEndOfBody())\n  } else if (request.body != null) {\n    // 2. Otherwise, if body is non-null:\n\n    //    1. Let processBodyChunk given bytes be these steps:\n    const processBodyChunk = async function * (bytes) {\n      // 1. If the ongoing fetch is terminated, then abort these steps.\n      if (isCancelled(fetchParams)) {\n        return\n      }\n\n      // 2. Run this step in parallel: transmit bytes.\n      yield bytes\n\n      // 3. If fetchParams’s process request body is non-null, then run\n      // fetchParams’s process request body given bytes’s length.\n      fetchParams.processRequestBodyChunkLength?.(bytes.byteLength)\n    }\n\n    // 2. Let processEndOfBody be these steps:\n    const processEndOfBody = () => {\n      // 1. If fetchParams is canceled, then abort these steps.\n      if (isCancelled(fetchParams)) {\n        return\n      }\n\n      // 2. If fetchParams’s process request end-of-body is non-null,\n      // then run fetchParams’s process request end-of-body.\n      if (fetchParams.processRequestEndOfBody) {\n        fetchParams.processRequestEndOfBody()\n      }\n    }\n\n    // 3. Let processBodyError given e be these steps:\n    const processBodyError = (e) => {\n      // 1. If fetchParams is canceled, then abort these steps.\n      if (isCancelled(fetchParams)) {\n        return\n      }\n\n      // 2. If e is an \"AbortError\" DOMException, then abort fetchParams’s controller.\n      if (e.name === 'AbortError') {\n        fetchParams.controller.abort()\n      } else {\n        fetchParams.controller.terminate(e)\n      }\n    }\n\n    // 4. Incrementally read request’s body given processBodyChunk, processEndOfBody,\n    // processBodyError, and fetchParams’s task destination.\n    requestBody = (async function * () {\n      try {\n        for await (const bytes of request.body.stream) {\n          yield * processBodyChunk(bytes)\n        }\n        processEndOfBody()\n      } catch (err) {\n        processBodyError(err)\n      }\n    })()\n  }\n\n  try {\n    // socket is only provided for websockets\n    const { body, status, statusText, headersList, socket } = await dispatch({ body: requestBody })\n\n    if (socket) {\n      response = makeResponse({ status, statusText, headersList, socket })\n    } else {\n      const iterator = body[Symbol.asyncIterator]()\n      fetchParams.controller.next = () => iterator.next()\n\n      response = makeResponse({ status, statusText, headersList })\n    }\n  } catch (err) {\n    // 10. If aborted, then:\n    if (err.name === 'AbortError') {\n      // 1. If connection uses HTTP/2, then transmit an RST_STREAM frame.\n      fetchParams.controller.connection.destroy()\n\n      // 2. Return the appropriate network error for fetchParams.\n      return makeAppropriateNetworkError(fetchParams, err)\n    }\n\n    return makeNetworkError(err)\n  }\n\n  // 11. Let pullAlgorithm be an action that resumes the ongoing fetch\n  // if it is suspended.\n  const pullAlgorithm = () => {\n    fetchParams.controller.resume()\n  }\n\n  // 12. Let cancelAlgorithm be an algorithm that aborts fetchParams’s\n  // controller with reason, given reason.\n  const cancelAlgorithm = (reason) => {\n    fetchParams.controller.abort(reason)\n  }\n\n  // 13. Let highWaterMark be a non-negative, non-NaN number, chosen by\n  // the user agent.\n  // TODO\n\n  // 14. Let sizeAlgorithm be an algorithm that accepts a chunk object\n  // and returns a non-negative, non-NaN, non-infinite number, chosen by the user agent.\n  // TODO\n\n  // 15. Let stream be a new ReadableStream.\n  // 16. Set up stream with pullAlgorithm set to pullAlgorithm,\n  // cancelAlgorithm set to cancelAlgorithm, highWaterMark set to\n  // highWaterMark, and sizeAlgorithm set to sizeAlgorithm.\n  if (!ReadableStream) {\n    ReadableStream = require('stream/web').ReadableStream\n  }\n\n  const stream = new ReadableStream(\n    {\n      async start (controller) {\n        fetchParams.controller.controller = controller\n      },\n      async pull (controller) {\n        await pullAlgorithm(controller)\n      },\n      async cancel (reason) {\n        await cancelAlgorithm(reason)\n      }\n    },\n    {\n      highWaterMark: 0,\n      size () {\n        return 1\n      }\n    }\n  )\n\n  // 17. Run these steps, but abort when the ongoing fetch is terminated:\n\n  //    1. Set response’s body to a new body whose stream is stream.\n  response.body = { stream }\n\n  //    2. If response is not a network error and request’s cache mode is\n  //    not \"no-store\", then update response in httpCache for request.\n  //    TODO\n\n  //    3. If includeCredentials is true and the user agent is not configured\n  //    to block cookies for request (see section 7 of [COOKIES]), then run the\n  //    \"set-cookie-string\" parsing algorithm (see section 5.2 of [COOKIES]) on\n  //    the value of each header whose name is a byte-case-insensitive match for\n  //    `Set-Cookie` in response’s header list, if any, and request’s current URL.\n  //    TODO\n\n  // 18. If aborted, then:\n  // TODO\n\n  // 19. Run these steps in parallel:\n\n  //    1. Run these steps, but abort when fetchParams is canceled:\n  fetchParams.controller.on('terminated', onAborted)\n  fetchParams.controller.resume = async () => {\n    // 1. While true\n    while (true) {\n      // 1-3. See onData...\n\n      // 4. Set bytes to the result of handling content codings given\n      // codings and bytes.\n      let bytes\n      let isFailure\n      try {\n        const { done, value } = await fetchParams.controller.next()\n\n        if (isAborted(fetchParams)) {\n          break\n        }\n\n        bytes = done ? undefined : value\n      } catch (err) {\n        if (fetchParams.controller.ended && !timingInfo.encodedBodySize) {\n          // zlib doesn't like empty streams.\n          bytes = undefined\n        } else {\n          bytes = err\n\n          // err may be propagated from the result of calling readablestream.cancel,\n          // which might not be an error. https://github.com/nodejs/undici/issues/2009\n          isFailure = true\n        }\n      }\n\n      if (bytes === undefined) {\n        // 2. Otherwise, if the bytes transmission for response’s message\n        // body is done normally and stream is readable, then close\n        // stream, finalize response for fetchParams and response, and\n        // abort these in-parallel steps.\n        readableStreamClose(fetchParams.controller.controller)\n\n        finalizeResponse(fetchParams, response)\n\n        return\n      }\n\n      // 5. Increase timingInfo’s decoded body size by bytes’s length.\n      timingInfo.decodedBodySize += bytes?.byteLength ?? 0\n\n      // 6. If bytes is failure, then terminate fetchParams’s controller.\n      if (isFailure) {\n        fetchParams.controller.terminate(bytes)\n        return\n      }\n\n      // 7. Enqueue a Uint8Array wrapping an ArrayBuffer containing bytes\n      // into stream.\n      fetchParams.controller.controller.enqueue(new Uint8Array(bytes))\n\n      // 8. If stream is errored, then terminate the ongoing fetch.\n      if (isErrored(stream)) {\n        fetchParams.controller.terminate()\n        return\n      }\n\n      // 9. If stream doesn’t need more data ask the user agent to suspend\n      // the ongoing fetch.\n      if (!fetchParams.controller.controller.desiredSize) {\n        return\n      }\n    }\n  }\n\n  //    2. If aborted, then:\n  function onAborted (reason) {\n    // 2. If fetchParams is aborted, then:\n    if (isAborted(fetchParams)) {\n      // 1. Set response’s aborted flag.\n      response.aborted = true\n\n      // 2. If stream is readable, then error stream with the result of\n      //    deserialize a serialized abort reason given fetchParams’s\n      //    controller’s serialized abort reason and an\n      //    implementation-defined realm.\n      if (isReadable(stream)) {\n        fetchParams.controller.controller.error(\n          fetchParams.controller.serializedAbortReason\n        )\n      }\n    } else {\n      // 3. Otherwise, if stream is readable, error stream with a TypeError.\n      if (isReadable(stream)) {\n        fetchParams.controller.controller.error(new TypeError('terminated', {\n          cause: isErrorLike(reason) ? reason : undefined\n        }))\n      }\n    }\n\n    // 4. If connection uses HTTP/2, then transmit an RST_STREAM frame.\n    // 5. Otherwise, the user agent should close connection unless it would be bad for performance to do so.\n    fetchParams.controller.connection.destroy()\n  }\n\n  // 20. Return response.\n  return response\n\n  async function dispatch ({ body }) {\n    const url = requestCurrentURL(request)\n    /** @type {import('../..').Agent} */\n    const agent = fetchParams.controller.dispatcher\n\n    return new Promise((resolve, reject) => agent.dispatch(\n      {\n        path: url.pathname + url.search,\n        origin: url.origin,\n        method: request.method,\n        body: fetchParams.controller.dispatcher.isMockActive ? request.body && (request.body.source || request.body.stream) : body,\n        headers: request.headersList.entries,\n        maxRedirections: 0,\n        upgrade: request.mode === 'websocket' ? 'websocket' : undefined\n      },\n      {\n        body: null,\n        abort: null,\n\n        onConnect (abort) {\n          // TODO (fix): Do we need connection here?\n          const { connection } = fetchParams.controller\n\n          if (connection.destroyed) {\n            abort(new DOMException('The operation was aborted.', 'AbortError'))\n          } else {\n            fetchParams.controller.on('terminated', abort)\n            this.abort = connection.abort = abort\n          }\n        },\n\n        onHeaders (status, headersList, resume, statusText) {\n          if (status < 200) {\n            return\n          }\n\n          let codings = []\n          let location = ''\n\n          const headers = new Headers()\n\n          // For H2, the headers are a plain JS object\n          // We distinguish between them and iterate accordingly\n          if (Array.isArray(headersList)) {\n            for (let n = 0; n < headersList.length; n += 2) {\n              const key = headersList[n + 0].toString('latin1')\n              const val = headersList[n + 1].toString('latin1')\n              if (key.toLowerCase() === 'content-encoding') {\n                // https://www.rfc-editor.org/rfc/rfc7231#section-3.1.2.1\n                // \"All content-coding values are case-insensitive...\"\n                codings = val.toLowerCase().split(',').map((x) => x.trim())\n              } else if (key.toLowerCase() === 'location') {\n                location = val\n              }\n\n              headers[kHeadersList].append(key, val)\n            }\n          } else {\n            const keys = Object.keys(headersList)\n            for (const key of keys) {\n              const val = headersList[key]\n              if (key.toLowerCase() === 'content-encoding') {\n                // https://www.rfc-editor.org/rfc/rfc7231#section-3.1.2.1\n                // \"All content-coding values are case-insensitive...\"\n                codings = val.toLowerCase().split(',').map((x) => x.trim()).reverse()\n              } else if (key.toLowerCase() === 'location') {\n                location = val\n              }\n\n              headers[kHeadersList].append(key, val)\n            }\n          }\n\n          this.body = new Readable({ read: resume })\n\n          const decoders = []\n\n          const willFollow = request.redirect === 'follow' &&\n            location &&\n            redirectStatusSet.has(status)\n\n          // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding\n          if (request.method !== 'HEAD' && request.method !== 'CONNECT' && !nullBodyStatus.includes(status) && !willFollow) {\n            for (const coding of codings) {\n              // https://www.rfc-editor.org/rfc/rfc9112.html#section-7.2\n              if (coding === 'x-gzip' || coding === 'gzip') {\n                decoders.push(zlib.createGunzip({\n                  // Be less strict when decoding compressed responses, since sometimes\n                  // servers send slightly invalid responses that are still accepted\n                  // by common browsers.\n                  // Always using Z_SYNC_FLUSH is what cURL does.\n                  flush: zlib.constants.Z_SYNC_FLUSH,\n                  finishFlush: zlib.constants.Z_SYNC_FLUSH\n                }))\n              } else if (coding === 'deflate') {\n                decoders.push(zlib.createInflate())\n              } else if (coding === 'br') {\n                decoders.push(zlib.createBrotliDecompress())\n              } else {\n                decoders.length = 0\n                break\n              }\n            }\n          }\n\n          resolve({\n            status,\n            statusText,\n            headersList: headers[kHeadersList],\n            body: decoders.length\n              ? pipeline(this.body, ...decoders, () => { })\n              : this.body.on('error', () => {})\n          })\n\n          return true\n        },\n\n        onData (chunk) {\n          if (fetchParams.controller.dump) {\n            return\n          }\n\n          // 1. If one or more bytes have been transmitted from response’s\n          // message body, then:\n\n          //  1. Let bytes be the transmitted bytes.\n          const bytes = chunk\n\n          //  2. Let codings be the result of extracting header list values\n          //  given `Content-Encoding` and response’s header list.\n          //  See pullAlgorithm.\n\n          //  3. Increase timingInfo’s encoded body size by bytes’s length.\n          timingInfo.encodedBodySize += bytes.byteLength\n\n          //  4. See pullAlgorithm...\n\n          return this.body.push(bytes)\n        },\n\n        onComplete () {\n          if (this.abort) {\n            fetchParams.controller.off('terminated', this.abort)\n          }\n\n          fetchParams.controller.ended = true\n\n          this.body.push(null)\n        },\n\n        onError (error) {\n          if (this.abort) {\n            fetchParams.controller.off('terminated', this.abort)\n          }\n\n          this.body?.destroy(error)\n\n          fetchParams.controller.terminate(error)\n\n          reject(error)\n        },\n\n        onUpgrade (status, headersList, socket) {\n          if (status !== 101) {\n            return\n          }\n\n          const headers = new Headers()\n\n          for (let n = 0; n < headersList.length; n += 2) {\n            const key = headersList[n + 0].toString('latin1')\n            const val = headersList[n + 1].toString('latin1')\n\n            headers[kHeadersList].append(key, val)\n          }\n\n          resolve({\n            status,\n            statusText: STATUS_CODES[status],\n            headersList: headers[kHeadersList],\n            socket\n          })\n\n          return true\n        }\n      }\n    ))\n  }\n}\n\nmodule.exports = {\n  fetch,\n  Fetch,\n  fetching,\n  finalizeAndReportTiming\n}\n","/* globals AbortController */\n\n'use strict'\n\nconst { extractBody, mixinBody, cloneBody } = require('./body')\nconst { Headers, fill: fillHeaders, HeadersList } = require('./headers')\nconst { FinalizationRegistry } = require('../compat/dispatcher-weakref')()\nconst util = require('../core/util')\nconst {\n  isValidHTTPToken,\n  sameOrigin,\n  normalizeMethod,\n  makePolicyContainer,\n  normalizeMethodRecord\n} = require('./util')\nconst {\n  forbiddenMethodsSet,\n  corsSafeListedMethodsSet,\n  referrerPolicy,\n  requestRedirect,\n  requestMode,\n  requestCredentials,\n  requestCache,\n  requestDuplex\n} = require('./constants')\nconst { kEnumerableProperty } = util\nconst { kHeaders, kSignal, kState, kGuard, kRealm } = require('./symbols')\nconst { webidl } = require('./webidl')\nconst { getGlobalOrigin } = require('./global')\nconst { URLSerializer } = require('./dataURL')\nconst { kHeadersList, kConstruct } = require('../core/symbols')\nconst assert = require('assert')\nconst { getMaxListeners, setMaxListeners, getEventListeners, defaultMaxListeners } = require('events')\n\nlet TransformStream = globalThis.TransformStream\n\nconst kAbortController = Symbol('abortController')\n\nconst requestFinalizer = new FinalizationRegistry(({ signal, abort }) => {\n  signal.removeEventListener('abort', abort)\n})\n\n// https://fetch.spec.whatwg.org/#request-class\nclass Request {\n  // https://fetch.spec.whatwg.org/#dom-request\n  constructor (input, init = {}) {\n    if (input === kConstruct) {\n      return\n    }\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Request constructor' })\n\n    input = webidl.converters.RequestInfo(input)\n    init = webidl.converters.RequestInit(init)\n\n    // https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object\n    this[kRealm] = {\n      settingsObject: {\n        baseUrl: getGlobalOrigin(),\n        get origin () {\n          return this.baseUrl?.origin\n        },\n        policyContainer: makePolicyContainer()\n      }\n    }\n\n    // 1. Let request be null.\n    let request = null\n\n    // 2. Let fallbackMode be null.\n    let fallbackMode = null\n\n    // 3. Let baseURL be this’s relevant settings object’s API base URL.\n    const baseUrl = this[kRealm].settingsObject.baseUrl\n\n    // 4. Let signal be null.\n    let signal = null\n\n    // 5. If input is a string, then:\n    if (typeof input === 'string') {\n      // 1. Let parsedURL be the result of parsing input with baseURL.\n      // 2. If parsedURL is failure, then throw a TypeError.\n      let parsedURL\n      try {\n        parsedURL = new URL(input, baseUrl)\n      } catch (err) {\n        throw new TypeError('Failed to parse URL from ' + input, { cause: err })\n      }\n\n      // 3. If parsedURL includes credentials, then throw a TypeError.\n      if (parsedURL.username || parsedURL.password) {\n        throw new TypeError(\n          'Request cannot be constructed from a URL that includes credentials: ' +\n            input\n        )\n      }\n\n      // 4. Set request to a new request whose URL is parsedURL.\n      request = makeRequest({ urlList: [parsedURL] })\n\n      // 5. Set fallbackMode to \"cors\".\n      fallbackMode = 'cors'\n    } else {\n      // 6. Otherwise:\n\n      // 7. Assert: input is a Request object.\n      assert(input instanceof Request)\n\n      // 8. Set request to input’s request.\n      request = input[kState]\n\n      // 9. Set signal to input’s signal.\n      signal = input[kSignal]\n    }\n\n    // 7. Let origin be this’s relevant settings object’s origin.\n    const origin = this[kRealm].settingsObject.origin\n\n    // 8. Let window be \"client\".\n    let window = 'client'\n\n    // 9. If request’s window is an environment settings object and its origin\n    // is same origin with origin, then set window to request’s window.\n    if (\n      request.window?.constructor?.name === 'EnvironmentSettingsObject' &&\n      sameOrigin(request.window, origin)\n    ) {\n      window = request.window\n    }\n\n    // 10. If init[\"window\"] exists and is non-null, then throw a TypeError.\n    if (init.window != null) {\n      throw new TypeError(`'window' option '${window}' must be null`)\n    }\n\n    // 11. If init[\"window\"] exists, then set window to \"no-window\".\n    if ('window' in init) {\n      window = 'no-window'\n    }\n\n    // 12. Set request to a new request with the following properties:\n    request = makeRequest({\n      // URL request’s URL.\n      // undici implementation note: this is set as the first item in request's urlList in makeRequest\n      // method request’s method.\n      method: request.method,\n      // header list A copy of request’s header list.\n      // undici implementation note: headersList is cloned in makeRequest\n      headersList: request.headersList,\n      // unsafe-request flag Set.\n      unsafeRequest: request.unsafeRequest,\n      // client This’s relevant settings object.\n      client: this[kRealm].settingsObject,\n      // window window.\n      window,\n      // priority request’s priority.\n      priority: request.priority,\n      // origin request’s origin. The propagation of the origin is only significant for navigation requests\n      // being handled by a service worker. In this scenario a request can have an origin that is different\n      // from the current client.\n      origin: request.origin,\n      // referrer request’s referrer.\n      referrer: request.referrer,\n      // referrer policy request’s referrer policy.\n      referrerPolicy: request.referrerPolicy,\n      // mode request’s mode.\n      mode: request.mode,\n      // credentials mode request’s credentials mode.\n      credentials: request.credentials,\n      // cache mode request’s cache mode.\n      cache: request.cache,\n      // redirect mode request’s redirect mode.\n      redirect: request.redirect,\n      // integrity metadata request’s integrity metadata.\n      integrity: request.integrity,\n      // keepalive request’s keepalive.\n      keepalive: request.keepalive,\n      // reload-navigation flag request’s reload-navigation flag.\n      reloadNavigation: request.reloadNavigation,\n      // history-navigation flag request’s history-navigation flag.\n      historyNavigation: request.historyNavigation,\n      // URL list A clone of request’s URL list.\n      urlList: [...request.urlList]\n    })\n\n    const initHasKey = Object.keys(init).length !== 0\n\n    // 13. If init is not empty, then:\n    if (initHasKey) {\n      // 1. If request’s mode is \"navigate\", then set it to \"same-origin\".\n      if (request.mode === 'navigate') {\n        request.mode = 'same-origin'\n      }\n\n      // 2. Unset request’s reload-navigation flag.\n      request.reloadNavigation = false\n\n      // 3. Unset request’s history-navigation flag.\n      request.historyNavigation = false\n\n      // 4. Set request’s origin to \"client\".\n      request.origin = 'client'\n\n      // 5. Set request’s referrer to \"client\"\n      request.referrer = 'client'\n\n      // 6. Set request’s referrer policy to the empty string.\n      request.referrerPolicy = ''\n\n      // 7. Set request’s URL to request’s current URL.\n      request.url = request.urlList[request.urlList.length - 1]\n\n      // 8. Set request’s URL list to « request’s URL ».\n      request.urlList = [request.url]\n    }\n\n    // 14. If init[\"referrer\"] exists, then:\n    if (init.referrer !== undefined) {\n      // 1. Let referrer be init[\"referrer\"].\n      const referrer = init.referrer\n\n      // 2. If referrer is the empty string, then set request’s referrer to \"no-referrer\".\n      if (referrer === '') {\n        request.referrer = 'no-referrer'\n      } else {\n        // 1. Let parsedReferrer be the result of parsing referrer with\n        // baseURL.\n        // 2. If parsedReferrer is failure, then throw a TypeError.\n        let parsedReferrer\n        try {\n          parsedReferrer = new URL(referrer, baseUrl)\n        } catch (err) {\n          throw new TypeError(`Referrer \"${referrer}\" is not a valid URL.`, { cause: err })\n        }\n\n        // 3. If one of the following is true\n        // - parsedReferrer’s scheme is \"about\" and path is the string \"client\"\n        // - parsedReferrer’s origin is not same origin with origin\n        // then set request’s referrer to \"client\".\n        if (\n          (parsedReferrer.protocol === 'about:' && parsedReferrer.hostname === 'client') ||\n          (origin && !sameOrigin(parsedReferrer, this[kRealm].settingsObject.baseUrl))\n        ) {\n          request.referrer = 'client'\n        } else {\n          // 4. Otherwise, set request’s referrer to parsedReferrer.\n          request.referrer = parsedReferrer\n        }\n      }\n    }\n\n    // 15. If init[\"referrerPolicy\"] exists, then set request’s referrer policy\n    // to it.\n    if (init.referrerPolicy !== undefined) {\n      request.referrerPolicy = init.referrerPolicy\n    }\n\n    // 16. Let mode be init[\"mode\"] if it exists, and fallbackMode otherwise.\n    let mode\n    if (init.mode !== undefined) {\n      mode = init.mode\n    } else {\n      mode = fallbackMode\n    }\n\n    // 17. If mode is \"navigate\", then throw a TypeError.\n    if (mode === 'navigate') {\n      throw webidl.errors.exception({\n        header: 'Request constructor',\n        message: 'invalid request mode navigate.'\n      })\n    }\n\n    // 18. If mode is non-null, set request’s mode to mode.\n    if (mode != null) {\n      request.mode = mode\n    }\n\n    // 19. If init[\"credentials\"] exists, then set request’s credentials mode\n    // to it.\n    if (init.credentials !== undefined) {\n      request.credentials = init.credentials\n    }\n\n    // 18. If init[\"cache\"] exists, then set request’s cache mode to it.\n    if (init.cache !== undefined) {\n      request.cache = init.cache\n    }\n\n    // 21. If request’s cache mode is \"only-if-cached\" and request’s mode is\n    // not \"same-origin\", then throw a TypeError.\n    if (request.cache === 'only-if-cached' && request.mode !== 'same-origin') {\n      throw new TypeError(\n        \"'only-if-cached' can be set only with 'same-origin' mode\"\n      )\n    }\n\n    // 22. If init[\"redirect\"] exists, then set request’s redirect mode to it.\n    if (init.redirect !== undefined) {\n      request.redirect = init.redirect\n    }\n\n    // 23. If init[\"integrity\"] exists, then set request’s integrity metadata to it.\n    if (init.integrity != null) {\n      request.integrity = String(init.integrity)\n    }\n\n    // 24. If init[\"keepalive\"] exists, then set request’s keepalive to it.\n    if (init.keepalive !== undefined) {\n      request.keepalive = Boolean(init.keepalive)\n    }\n\n    // 25. If init[\"method\"] exists, then:\n    if (init.method !== undefined) {\n      // 1. Let method be init[\"method\"].\n      let method = init.method\n\n      // 2. If method is not a method or method is a forbidden method, then\n      // throw a TypeError.\n      if (!isValidHTTPToken(method)) {\n        throw new TypeError(`'${method}' is not a valid HTTP method.`)\n      }\n\n      if (forbiddenMethodsSet.has(method.toUpperCase())) {\n        throw new TypeError(`'${method}' HTTP method is unsupported.`)\n      }\n\n      // 3. Normalize method.\n      method = normalizeMethodRecord[method] ?? normalizeMethod(method)\n\n      // 4. Set request’s method to method.\n      request.method = method\n    }\n\n    // 26. If init[\"signal\"] exists, then set signal to it.\n    if (init.signal !== undefined) {\n      signal = init.signal\n    }\n\n    // 27. Set this’s request to request.\n    this[kState] = request\n\n    // 28. Set this’s signal to a new AbortSignal object with this’s relevant\n    // Realm.\n    // TODO: could this be simplified with AbortSignal.any\n    // (https://dom.spec.whatwg.org/#dom-abortsignal-any)\n    const ac = new AbortController()\n    this[kSignal] = ac.signal\n    this[kSignal][kRealm] = this[kRealm]\n\n    // 29. If signal is not null, then make this’s signal follow signal.\n    if (signal != null) {\n      if (\n        !signal ||\n        typeof signal.aborted !== 'boolean' ||\n        typeof signal.addEventListener !== 'function'\n      ) {\n        throw new TypeError(\n          \"Failed to construct 'Request': member signal is not of type AbortSignal.\"\n        )\n      }\n\n      if (signal.aborted) {\n        ac.abort(signal.reason)\n      } else {\n        // Keep a strong ref to ac while request object\n        // is alive. This is needed to prevent AbortController\n        // from being prematurely garbage collected.\n        // See, https://github.com/nodejs/undici/issues/1926.\n        this[kAbortController] = ac\n\n        const acRef = new WeakRef(ac)\n        const abort = function () {\n          const ac = acRef.deref()\n          if (ac !== undefined) {\n            ac.abort(this.reason)\n          }\n        }\n\n        // Third-party AbortControllers may not work with these.\n        // See, https://github.com/nodejs/undici/pull/1910#issuecomment-1464495619.\n        try {\n          // If the max amount of listeners is equal to the default, increase it\n          // This is only available in node >= v19.9.0\n          if (typeof getMaxListeners === 'function' && getMaxListeners(signal) === defaultMaxListeners) {\n            setMaxListeners(100, signal)\n          } else if (getEventListeners(signal, 'abort').length >= defaultMaxListeners) {\n            setMaxListeners(100, signal)\n          }\n        } catch {}\n\n        util.addAbortListener(signal, abort)\n        requestFinalizer.register(ac, { signal, abort })\n      }\n    }\n\n    // 30. Set this’s headers to a new Headers object with this’s relevant\n    // Realm, whose header list is request’s header list and guard is\n    // \"request\".\n    this[kHeaders] = new Headers(kConstruct)\n    this[kHeaders][kHeadersList] = request.headersList\n    this[kHeaders][kGuard] = 'request'\n    this[kHeaders][kRealm] = this[kRealm]\n\n    // 31. If this’s request’s mode is \"no-cors\", then:\n    if (mode === 'no-cors') {\n      // 1. If this’s request’s method is not a CORS-safelisted method,\n      // then throw a TypeError.\n      if (!corsSafeListedMethodsSet.has(request.method)) {\n        throw new TypeError(\n          `'${request.method} is unsupported in no-cors mode.`\n        )\n      }\n\n      // 2. Set this’s headers’s guard to \"request-no-cors\".\n      this[kHeaders][kGuard] = 'request-no-cors'\n    }\n\n    // 32. If init is not empty, then:\n    if (initHasKey) {\n      /** @type {HeadersList} */\n      const headersList = this[kHeaders][kHeadersList]\n      // 1. Let headers be a copy of this’s headers and its associated header\n      // list.\n      // 2. If init[\"headers\"] exists, then set headers to init[\"headers\"].\n      const headers = init.headers !== undefined ? init.headers : new HeadersList(headersList)\n\n      // 3. Empty this’s headers’s header list.\n      headersList.clear()\n\n      // 4. If headers is a Headers object, then for each header in its header\n      // list, append header’s name/header’s value to this’s headers.\n      if (headers instanceof HeadersList) {\n        for (const [key, val] of headers) {\n          headersList.append(key, val)\n        }\n        // Note: Copy the `set-cookie` meta-data.\n        headersList.cookies = headers.cookies\n      } else {\n        // 5. Otherwise, fill this’s headers with headers.\n        fillHeaders(this[kHeaders], headers)\n      }\n    }\n\n    // 33. Let inputBody be input’s request’s body if input is a Request\n    // object; otherwise null.\n    const inputBody = input instanceof Request ? input[kState].body : null\n\n    // 34. If either init[\"body\"] exists and is non-null or inputBody is\n    // non-null, and request’s method is `GET` or `HEAD`, then throw a\n    // TypeError.\n    if (\n      (init.body != null || inputBody != null) &&\n      (request.method === 'GET' || request.method === 'HEAD')\n    ) {\n      throw new TypeError('Request with GET/HEAD method cannot have body.')\n    }\n\n    // 35. Let initBody be null.\n    let initBody = null\n\n    // 36. If init[\"body\"] exists and is non-null, then:\n    if (init.body != null) {\n      // 1. Let Content-Type be null.\n      // 2. Set initBody and Content-Type to the result of extracting\n      // init[\"body\"], with keepalive set to request’s keepalive.\n      const [extractedBody, contentType] = extractBody(\n        init.body,\n        request.keepalive\n      )\n      initBody = extractedBody\n\n      // 3, If Content-Type is non-null and this’s headers’s header list does\n      // not contain `Content-Type`, then append `Content-Type`/Content-Type to\n      // this’s headers.\n      if (contentType && !this[kHeaders][kHeadersList].contains('content-type')) {\n        this[kHeaders].append('content-type', contentType)\n      }\n    }\n\n    // 37. Let inputOrInitBody be initBody if it is non-null; otherwise\n    // inputBody.\n    const inputOrInitBody = initBody ?? inputBody\n\n    // 38. If inputOrInitBody is non-null and inputOrInitBody’s source is\n    // null, then:\n    if (inputOrInitBody != null && inputOrInitBody.source == null) {\n      // 1. If initBody is non-null and init[\"duplex\"] does not exist,\n      //    then throw a TypeError.\n      if (initBody != null && init.duplex == null) {\n        throw new TypeError('RequestInit: duplex option is required when sending a body.')\n      }\n\n      // 2. If this’s request’s mode is neither \"same-origin\" nor \"cors\",\n      // then throw a TypeError.\n      if (request.mode !== 'same-origin' && request.mode !== 'cors') {\n        throw new TypeError(\n          'If request is made from ReadableStream, mode should be \"same-origin\" or \"cors\"'\n        )\n      }\n\n      // 3. Set this’s request’s use-CORS-preflight flag.\n      request.useCORSPreflightFlag = true\n    }\n\n    // 39. Let finalBody be inputOrInitBody.\n    let finalBody = inputOrInitBody\n\n    // 40. If initBody is null and inputBody is non-null, then:\n    if (initBody == null && inputBody != null) {\n      // 1. If input is unusable, then throw a TypeError.\n      if (util.isDisturbed(inputBody.stream) || inputBody.stream.locked) {\n        throw new TypeError(\n          'Cannot construct a Request with a Request object that has already been used.'\n        )\n      }\n\n      // 2. Set finalBody to the result of creating a proxy for inputBody.\n      if (!TransformStream) {\n        TransformStream = require('stream/web').TransformStream\n      }\n\n      // https://streams.spec.whatwg.org/#readablestream-create-a-proxy\n      const identityTransform = new TransformStream()\n      inputBody.stream.pipeThrough(identityTransform)\n      finalBody = {\n        source: inputBody.source,\n        length: inputBody.length,\n        stream: identityTransform.readable\n      }\n    }\n\n    // 41. Set this’s request’s body to finalBody.\n    this[kState].body = finalBody\n  }\n\n  // Returns request’s HTTP method, which is \"GET\" by default.\n  get method () {\n    webidl.brandCheck(this, Request)\n\n    // The method getter steps are to return this’s request’s method.\n    return this[kState].method\n  }\n\n  // Returns the URL of request as a string.\n  get url () {\n    webidl.brandCheck(this, Request)\n\n    // The url getter steps are to return this’s request’s URL, serialized.\n    return URLSerializer(this[kState].url)\n  }\n\n  // Returns a Headers object consisting of the headers associated with request.\n  // Note that headers added in the network layer by the user agent will not\n  // be accounted for in this object, e.g., the \"Host\" header.\n  get headers () {\n    webidl.brandCheck(this, Request)\n\n    // The headers getter steps are to return this’s headers.\n    return this[kHeaders]\n  }\n\n  // Returns the kind of resource requested by request, e.g., \"document\"\n  // or \"script\".\n  get destination () {\n    webidl.brandCheck(this, Request)\n\n    // The destination getter are to return this’s request’s destination.\n    return this[kState].destination\n  }\n\n  // Returns the referrer of request. Its value can be a same-origin URL if\n  // explicitly set in init, the empty string to indicate no referrer, and\n  // \"about:client\" when defaulting to the global’s default. This is used\n  // during fetching to determine the value of the `Referer` header of the\n  // request being made.\n  get referrer () {\n    webidl.brandCheck(this, Request)\n\n    // 1. If this’s request’s referrer is \"no-referrer\", then return the\n    // empty string.\n    if (this[kState].referrer === 'no-referrer') {\n      return ''\n    }\n\n    // 2. If this’s request’s referrer is \"client\", then return\n    // \"about:client\".\n    if (this[kState].referrer === 'client') {\n      return 'about:client'\n    }\n\n    // Return this’s request’s referrer, serialized.\n    return this[kState].referrer.toString()\n  }\n\n  // Returns the referrer policy associated with request.\n  // This is used during fetching to compute the value of the request’s\n  // referrer.\n  get referrerPolicy () {\n    webidl.brandCheck(this, Request)\n\n    // The referrerPolicy getter steps are to return this’s request’s referrer policy.\n    return this[kState].referrerPolicy\n  }\n\n  // Returns the mode associated with request, which is a string indicating\n  // whether the request will use CORS, or will be restricted to same-origin\n  // URLs.\n  get mode () {\n    webidl.brandCheck(this, Request)\n\n    // The mode getter steps are to return this’s request’s mode.\n    return this[kState].mode\n  }\n\n  // Returns the credentials mode associated with request,\n  // which is a string indicating whether credentials will be sent with the\n  // request always, never, or only when sent to a same-origin URL.\n  get credentials () {\n    // The credentials getter steps are to return this’s request’s credentials mode.\n    return this[kState].credentials\n  }\n\n  // Returns the cache mode associated with request,\n  // which is a string indicating how the request will\n  // interact with the browser’s cache when fetching.\n  get cache () {\n    webidl.brandCheck(this, Request)\n\n    // The cache getter steps are to return this’s request’s cache mode.\n    return this[kState].cache\n  }\n\n  // Returns the redirect mode associated with request,\n  // which is a string indicating how redirects for the\n  // request will be handled during fetching. A request\n  // will follow redirects by default.\n  get redirect () {\n    webidl.brandCheck(this, Request)\n\n    // The redirect getter steps are to return this’s request’s redirect mode.\n    return this[kState].redirect\n  }\n\n  // Returns request’s subresource integrity metadata, which is a\n  // cryptographic hash of the resource being fetched. Its value\n  // consists of multiple hashes separated by whitespace. [SRI]\n  get integrity () {\n    webidl.brandCheck(this, Request)\n\n    // The integrity getter steps are to return this’s request’s integrity\n    // metadata.\n    return this[kState].integrity\n  }\n\n  // Returns a boolean indicating whether or not request can outlive the\n  // global in which it was created.\n  get keepalive () {\n    webidl.brandCheck(this, Request)\n\n    // The keepalive getter steps are to return this’s request’s keepalive.\n    return this[kState].keepalive\n  }\n\n  // Returns a boolean indicating whether or not request is for a reload\n  // navigation.\n  get isReloadNavigation () {\n    webidl.brandCheck(this, Request)\n\n    // The isReloadNavigation getter steps are to return true if this’s\n    // request’s reload-navigation flag is set; otherwise false.\n    return this[kState].reloadNavigation\n  }\n\n  // Returns a boolean indicating whether or not request is for a history\n  // navigation (a.k.a. back-foward navigation).\n  get isHistoryNavigation () {\n    webidl.brandCheck(this, Request)\n\n    // The isHistoryNavigation getter steps are to return true if this’s request’s\n    // history-navigation flag is set; otherwise false.\n    return this[kState].historyNavigation\n  }\n\n  // Returns the signal associated with request, which is an AbortSignal\n  // object indicating whether or not request has been aborted, and its\n  // abort event handler.\n  get signal () {\n    webidl.brandCheck(this, Request)\n\n    // The signal getter steps are to return this’s signal.\n    return this[kSignal]\n  }\n\n  get body () {\n    webidl.brandCheck(this, Request)\n\n    return this[kState].body ? this[kState].body.stream : null\n  }\n\n  get bodyUsed () {\n    webidl.brandCheck(this, Request)\n\n    return !!this[kState].body && util.isDisturbed(this[kState].body.stream)\n  }\n\n  get duplex () {\n    webidl.brandCheck(this, Request)\n\n    return 'half'\n  }\n\n  // Returns a clone of request.\n  clone () {\n    webidl.brandCheck(this, Request)\n\n    // 1. If this is unusable, then throw a TypeError.\n    if (this.bodyUsed || this.body?.locked) {\n      throw new TypeError('unusable')\n    }\n\n    // 2. Let clonedRequest be the result of cloning this’s request.\n    const clonedRequest = cloneRequest(this[kState])\n\n    // 3. Let clonedRequestObject be the result of creating a Request object,\n    // given clonedRequest, this’s headers’s guard, and this’s relevant Realm.\n    const clonedRequestObject = new Request(kConstruct)\n    clonedRequestObject[kState] = clonedRequest\n    clonedRequestObject[kRealm] = this[kRealm]\n    clonedRequestObject[kHeaders] = new Headers(kConstruct)\n    clonedRequestObject[kHeaders][kHeadersList] = clonedRequest.headersList\n    clonedRequestObject[kHeaders][kGuard] = this[kHeaders][kGuard]\n    clonedRequestObject[kHeaders][kRealm] = this[kHeaders][kRealm]\n\n    // 4. Make clonedRequestObject’s signal follow this’s signal.\n    const ac = new AbortController()\n    if (this.signal.aborted) {\n      ac.abort(this.signal.reason)\n    } else {\n      util.addAbortListener(\n        this.signal,\n        () => {\n          ac.abort(this.signal.reason)\n        }\n      )\n    }\n    clonedRequestObject[kSignal] = ac.signal\n\n    // 4. Return clonedRequestObject.\n    return clonedRequestObject\n  }\n}\n\nmixinBody(Request)\n\nfunction makeRequest (init) {\n  // https://fetch.spec.whatwg.org/#requests\n  const request = {\n    method: 'GET',\n    localURLsOnly: false,\n    unsafeRequest: false,\n    body: null,\n    client: null,\n    reservedClient: null,\n    replacesClientId: '',\n    window: 'client',\n    keepalive: false,\n    serviceWorkers: 'all',\n    initiator: '',\n    destination: '',\n    priority: null,\n    origin: 'client',\n    policyContainer: 'client',\n    referrer: 'client',\n    referrerPolicy: '',\n    mode: 'no-cors',\n    useCORSPreflightFlag: false,\n    credentials: 'same-origin',\n    useCredentials: false,\n    cache: 'default',\n    redirect: 'follow',\n    integrity: '',\n    cryptoGraphicsNonceMetadata: '',\n    parserMetadata: '',\n    reloadNavigation: false,\n    historyNavigation: false,\n    userActivation: false,\n    taintedOrigin: false,\n    redirectCount: 0,\n    responseTainting: 'basic',\n    preventNoCacheCacheControlHeaderModification: false,\n    done: false,\n    timingAllowFailed: false,\n    ...init,\n    headersList: init.headersList\n      ? new HeadersList(init.headersList)\n      : new HeadersList()\n  }\n  request.url = request.urlList[0]\n  return request\n}\n\n// https://fetch.spec.whatwg.org/#concept-request-clone\nfunction cloneRequest (request) {\n  // To clone a request request, run these steps:\n\n  // 1. Let newRequest be a copy of request, except for its body.\n  const newRequest = makeRequest({ ...request, body: null })\n\n  // 2. If request’s body is non-null, set newRequest’s body to the\n  // result of cloning request’s body.\n  if (request.body != null) {\n    newRequest.body = cloneBody(request.body)\n  }\n\n  // 3. Return newRequest.\n  return newRequest\n}\n\nObject.defineProperties(Request.prototype, {\n  method: kEnumerableProperty,\n  url: kEnumerableProperty,\n  headers: kEnumerableProperty,\n  redirect: kEnumerableProperty,\n  clone: kEnumerableProperty,\n  signal: kEnumerableProperty,\n  duplex: kEnumerableProperty,\n  destination: kEnumerableProperty,\n  body: kEnumerableProperty,\n  bodyUsed: kEnumerableProperty,\n  isHistoryNavigation: kEnumerableProperty,\n  isReloadNavigation: kEnumerableProperty,\n  keepalive: kEnumerableProperty,\n  integrity: kEnumerableProperty,\n  cache: kEnumerableProperty,\n  credentials: kEnumerableProperty,\n  attribute: kEnumerableProperty,\n  referrerPolicy: kEnumerableProperty,\n  referrer: kEnumerableProperty,\n  mode: kEnumerableProperty,\n  [Symbol.toStringTag]: {\n    value: 'Request',\n    configurable: true\n  }\n})\n\nwebidl.converters.Request = webidl.interfaceConverter(\n  Request\n)\n\n// https://fetch.spec.whatwg.org/#requestinfo\nwebidl.converters.RequestInfo = function (V) {\n  if (typeof V === 'string') {\n    return webidl.converters.USVString(V)\n  }\n\n  if (V instanceof Request) {\n    return webidl.converters.Request(V)\n  }\n\n  return webidl.converters.USVString(V)\n}\n\nwebidl.converters.AbortSignal = webidl.interfaceConverter(\n  AbortSignal\n)\n\n// https://fetch.spec.whatwg.org/#requestinit\nwebidl.converters.RequestInit = webidl.dictionaryConverter([\n  {\n    key: 'method',\n    converter: webidl.converters.ByteString\n  },\n  {\n    key: 'headers',\n    converter: webidl.converters.HeadersInit\n  },\n  {\n    key: 'body',\n    converter: webidl.nullableConverter(\n      webidl.converters.BodyInit\n    )\n  },\n  {\n    key: 'referrer',\n    converter: webidl.converters.USVString\n  },\n  {\n    key: 'referrerPolicy',\n    converter: webidl.converters.DOMString,\n    // https://w3c.github.io/webappsec-referrer-policy/#referrer-policy\n    allowedValues: referrerPolicy\n  },\n  {\n    key: 'mode',\n    converter: webidl.converters.DOMString,\n    // https://fetch.spec.whatwg.org/#concept-request-mode\n    allowedValues: requestMode\n  },\n  {\n    key: 'credentials',\n    converter: webidl.converters.DOMString,\n    // https://fetch.spec.whatwg.org/#requestcredentials\n    allowedValues: requestCredentials\n  },\n  {\n    key: 'cache',\n    converter: webidl.converters.DOMString,\n    // https://fetch.spec.whatwg.org/#requestcache\n    allowedValues: requestCache\n  },\n  {\n    key: 'redirect',\n    converter: webidl.converters.DOMString,\n    // https://fetch.spec.whatwg.org/#requestredirect\n    allowedValues: requestRedirect\n  },\n  {\n    key: 'integrity',\n    converter: webidl.converters.DOMString\n  },\n  {\n    key: 'keepalive',\n    converter: webidl.converters.boolean\n  },\n  {\n    key: 'signal',\n    converter: webidl.nullableConverter(\n      (signal) => webidl.converters.AbortSignal(\n        signal,\n        { strict: false }\n      )\n    )\n  },\n  {\n    key: 'window',\n    converter: webidl.converters.any\n  },\n  {\n    key: 'duplex',\n    converter: webidl.converters.DOMString,\n    allowedValues: requestDuplex\n  }\n])\n\nmodule.exports = { Request, makeRequest }\n","'use strict'\n\nconst { Headers, HeadersList, fill } = require('./headers')\nconst { extractBody, cloneBody, mixinBody } = require('./body')\nconst util = require('../core/util')\nconst { kEnumerableProperty } = util\nconst {\n  isValidReasonPhrase,\n  isCancelled,\n  isAborted,\n  isBlobLike,\n  serializeJavascriptValueToJSONString,\n  isErrorLike,\n  isomorphicEncode\n} = require('./util')\nconst {\n  redirectStatusSet,\n  nullBodyStatus,\n  DOMException\n} = require('./constants')\nconst { kState, kHeaders, kGuard, kRealm } = require('./symbols')\nconst { webidl } = require('./webidl')\nconst { FormData } = require('./formdata')\nconst { getGlobalOrigin } = require('./global')\nconst { URLSerializer } = require('./dataURL')\nconst { kHeadersList, kConstruct } = require('../core/symbols')\nconst assert = require('assert')\nconst { types } = require('util')\n\nconst ReadableStream = globalThis.ReadableStream || require('stream/web').ReadableStream\nconst textEncoder = new TextEncoder('utf-8')\n\n// https://fetch.spec.whatwg.org/#response-class\nclass Response {\n  // Creates network error Response.\n  static error () {\n    // TODO\n    const relevantRealm = { settingsObject: {} }\n\n    // The static error() method steps are to return the result of creating a\n    // Response object, given a new network error, \"immutable\", and this’s\n    // relevant Realm.\n    const responseObject = new Response()\n    responseObject[kState] = makeNetworkError()\n    responseObject[kRealm] = relevantRealm\n    responseObject[kHeaders][kHeadersList] = responseObject[kState].headersList\n    responseObject[kHeaders][kGuard] = 'immutable'\n    responseObject[kHeaders][kRealm] = relevantRealm\n    return responseObject\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-response-json\n  static json (data, init = {}) {\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Response.json' })\n\n    if (init !== null) {\n      init = webidl.converters.ResponseInit(init)\n    }\n\n    // 1. Let bytes the result of running serialize a JavaScript value to JSON bytes on data.\n    const bytes = textEncoder.encode(\n      serializeJavascriptValueToJSONString(data)\n    )\n\n    // 2. Let body be the result of extracting bytes.\n    const body = extractBody(bytes)\n\n    // 3. Let responseObject be the result of creating a Response object, given a new response,\n    //    \"response\", and this’s relevant Realm.\n    const relevantRealm = { settingsObject: {} }\n    const responseObject = new Response()\n    responseObject[kRealm] = relevantRealm\n    responseObject[kHeaders][kGuard] = 'response'\n    responseObject[kHeaders][kRealm] = relevantRealm\n\n    // 4. Perform initialize a response given responseObject, init, and (body, \"application/json\").\n    initializeResponse(responseObject, init, { body: body[0], type: 'application/json' })\n\n    // 5. Return responseObject.\n    return responseObject\n  }\n\n  // Creates a redirect Response that redirects to url with status status.\n  static redirect (url, status = 302) {\n    const relevantRealm = { settingsObject: {} }\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Response.redirect' })\n\n    url = webidl.converters.USVString(url)\n    status = webidl.converters['unsigned short'](status)\n\n    // 1. Let parsedURL be the result of parsing url with current settings\n    // object’s API base URL.\n    // 2. If parsedURL is failure, then throw a TypeError.\n    // TODO: base-URL?\n    let parsedURL\n    try {\n      parsedURL = new URL(url, getGlobalOrigin())\n    } catch (err) {\n      throw Object.assign(new TypeError('Failed to parse URL from ' + url), {\n        cause: err\n      })\n    }\n\n    // 3. If status is not a redirect status, then throw a RangeError.\n    if (!redirectStatusSet.has(status)) {\n      throw new RangeError('Invalid status code ' + status)\n    }\n\n    // 4. Let responseObject be the result of creating a Response object,\n    // given a new response, \"immutable\", and this’s relevant Realm.\n    const responseObject = new Response()\n    responseObject[kRealm] = relevantRealm\n    responseObject[kHeaders][kGuard] = 'immutable'\n    responseObject[kHeaders][kRealm] = relevantRealm\n\n    // 5. Set responseObject’s response’s status to status.\n    responseObject[kState].status = status\n\n    // 6. Let value be parsedURL, serialized and isomorphic encoded.\n    const value = isomorphicEncode(URLSerializer(parsedURL))\n\n    // 7. Append `Location`/value to responseObject’s response’s header list.\n    responseObject[kState].headersList.append('location', value)\n\n    // 8. Return responseObject.\n    return responseObject\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-response\n  constructor (body = null, init = {}) {\n    if (body !== null) {\n      body = webidl.converters.BodyInit(body)\n    }\n\n    init = webidl.converters.ResponseInit(init)\n\n    // TODO\n    this[kRealm] = { settingsObject: {} }\n\n    // 1. Set this’s response to a new response.\n    this[kState] = makeResponse({})\n\n    // 2. Set this’s headers to a new Headers object with this’s relevant\n    // Realm, whose header list is this’s response’s header list and guard\n    // is \"response\".\n    this[kHeaders] = new Headers(kConstruct)\n    this[kHeaders][kGuard] = 'response'\n    this[kHeaders][kHeadersList] = this[kState].headersList\n    this[kHeaders][kRealm] = this[kRealm]\n\n    // 3. Let bodyWithType be null.\n    let bodyWithType = null\n\n    // 4. If body is non-null, then set bodyWithType to the result of extracting body.\n    if (body != null) {\n      const [extractedBody, type] = extractBody(body)\n      bodyWithType = { body: extractedBody, type }\n    }\n\n    // 5. Perform initialize a response given this, init, and bodyWithType.\n    initializeResponse(this, init, bodyWithType)\n  }\n\n  // Returns response’s type, e.g., \"cors\".\n  get type () {\n    webidl.brandCheck(this, Response)\n\n    // The type getter steps are to return this’s response’s type.\n    return this[kState].type\n  }\n\n  // Returns response’s URL, if it has one; otherwise the empty string.\n  get url () {\n    webidl.brandCheck(this, Response)\n\n    const urlList = this[kState].urlList\n\n    // The url getter steps are to return the empty string if this’s\n    // response’s URL is null; otherwise this’s response’s URL,\n    // serialized with exclude fragment set to true.\n    const url = urlList[urlList.length - 1] ?? null\n\n    if (url === null) {\n      return ''\n    }\n\n    return URLSerializer(url, true)\n  }\n\n  // Returns whether response was obtained through a redirect.\n  get redirected () {\n    webidl.brandCheck(this, Response)\n\n    // The redirected getter steps are to return true if this’s response’s URL\n    // list has more than one item; otherwise false.\n    return this[kState].urlList.length > 1\n  }\n\n  // Returns response’s status.\n  get status () {\n    webidl.brandCheck(this, Response)\n\n    // The status getter steps are to return this’s response’s status.\n    return this[kState].status\n  }\n\n  // Returns whether response’s status is an ok status.\n  get ok () {\n    webidl.brandCheck(this, Response)\n\n    // The ok getter steps are to return true if this’s response’s status is an\n    // ok status; otherwise false.\n    return this[kState].status >= 200 && this[kState].status <= 299\n  }\n\n  // Returns response’s status message.\n  get statusText () {\n    webidl.brandCheck(this, Response)\n\n    // The statusText getter steps are to return this’s response’s status\n    // message.\n    return this[kState].statusText\n  }\n\n  // Returns response’s headers as Headers.\n  get headers () {\n    webidl.brandCheck(this, Response)\n\n    // The headers getter steps are to return this’s headers.\n    return this[kHeaders]\n  }\n\n  get body () {\n    webidl.brandCheck(this, Response)\n\n    return this[kState].body ? this[kState].body.stream : null\n  }\n\n  get bodyUsed () {\n    webidl.brandCheck(this, Response)\n\n    return !!this[kState].body && util.isDisturbed(this[kState].body.stream)\n  }\n\n  // Returns a clone of response.\n  clone () {\n    webidl.brandCheck(this, Response)\n\n    // 1. If this is unusable, then throw a TypeError.\n    if (this.bodyUsed || (this.body && this.body.locked)) {\n      throw webidl.errors.exception({\n        header: 'Response.clone',\n        message: 'Body has already been consumed.'\n      })\n    }\n\n    // 2. Let clonedResponse be the result of cloning this’s response.\n    const clonedResponse = cloneResponse(this[kState])\n\n    // 3. Return the result of creating a Response object, given\n    // clonedResponse, this’s headers’s guard, and this’s relevant Realm.\n    const clonedResponseObject = new Response()\n    clonedResponseObject[kState] = clonedResponse\n    clonedResponseObject[kRealm] = this[kRealm]\n    clonedResponseObject[kHeaders][kHeadersList] = clonedResponse.headersList\n    clonedResponseObject[kHeaders][kGuard] = this[kHeaders][kGuard]\n    clonedResponseObject[kHeaders][kRealm] = this[kHeaders][kRealm]\n\n    return clonedResponseObject\n  }\n}\n\nmixinBody(Response)\n\nObject.defineProperties(Response.prototype, {\n  type: kEnumerableProperty,\n  url: kEnumerableProperty,\n  status: kEnumerableProperty,\n  ok: kEnumerableProperty,\n  redirected: kEnumerableProperty,\n  statusText: kEnumerableProperty,\n  headers: kEnumerableProperty,\n  clone: kEnumerableProperty,\n  body: kEnumerableProperty,\n  bodyUsed: kEnumerableProperty,\n  [Symbol.toStringTag]: {\n    value: 'Response',\n    configurable: true\n  }\n})\n\nObject.defineProperties(Response, {\n  json: kEnumerableProperty,\n  redirect: kEnumerableProperty,\n  error: kEnumerableProperty\n})\n\n// https://fetch.spec.whatwg.org/#concept-response-clone\nfunction cloneResponse (response) {\n  // To clone a response response, run these steps:\n\n  // 1. If response is a filtered response, then return a new identical\n  // filtered response whose internal response is a clone of response’s\n  // internal response.\n  if (response.internalResponse) {\n    return filterResponse(\n      cloneResponse(response.internalResponse),\n      response.type\n    )\n  }\n\n  // 2. Let newResponse be a copy of response, except for its body.\n  const newResponse = makeResponse({ ...response, body: null })\n\n  // 3. If response’s body is non-null, then set newResponse’s body to the\n  // result of cloning response’s body.\n  if (response.body != null) {\n    newResponse.body = cloneBody(response.body)\n  }\n\n  // 4. Return newResponse.\n  return newResponse\n}\n\nfunction makeResponse (init) {\n  return {\n    aborted: false,\n    rangeRequested: false,\n    timingAllowPassed: false,\n    requestIncludesCredentials: false,\n    type: 'default',\n    status: 200,\n    timingInfo: null,\n    cacheState: '',\n    statusText: '',\n    ...init,\n    headersList: init.headersList\n      ? new HeadersList(init.headersList)\n      : new HeadersList(),\n    urlList: init.urlList ? [...init.urlList] : []\n  }\n}\n\nfunction makeNetworkError (reason) {\n  const isError = isErrorLike(reason)\n  return makeResponse({\n    type: 'error',\n    status: 0,\n    error: isError\n      ? reason\n      : new Error(reason ? String(reason) : reason),\n    aborted: reason && reason.name === 'AbortError'\n  })\n}\n\nfunction makeFilteredResponse (response, state) {\n  state = {\n    internalResponse: response,\n    ...state\n  }\n\n  return new Proxy(response, {\n    get (target, p) {\n      return p in state ? state[p] : target[p]\n    },\n    set (target, p, value) {\n      assert(!(p in state))\n      target[p] = value\n      return true\n    }\n  })\n}\n\n// https://fetch.spec.whatwg.org/#concept-filtered-response\nfunction filterResponse (response, type) {\n  // Set response to the following filtered response with response as its\n  // internal response, depending on request’s response tainting:\n  if (type === 'basic') {\n    // A basic filtered response is a filtered response whose type is \"basic\"\n    // and header list excludes any headers in internal response’s header list\n    // whose name is a forbidden response-header name.\n\n    // Note: undici does not implement forbidden response-header names\n    return makeFilteredResponse(response, {\n      type: 'basic',\n      headersList: response.headersList\n    })\n  } else if (type === 'cors') {\n    // A CORS filtered response is a filtered response whose type is \"cors\"\n    // and header list excludes any headers in internal response’s header\n    // list whose name is not a CORS-safelisted response-header name, given\n    // internal response’s CORS-exposed header-name list.\n\n    // Note: undici does not implement CORS-safelisted response-header names\n    return makeFilteredResponse(response, {\n      type: 'cors',\n      headersList: response.headersList\n    })\n  } else if (type === 'opaque') {\n    // An opaque filtered response is a filtered response whose type is\n    // \"opaque\", URL list is the empty list, status is 0, status message\n    // is the empty byte sequence, header list is empty, and body is null.\n\n    return makeFilteredResponse(response, {\n      type: 'opaque',\n      urlList: Object.freeze([]),\n      status: 0,\n      statusText: '',\n      body: null\n    })\n  } else if (type === 'opaqueredirect') {\n    // An opaque-redirect filtered response is a filtered response whose type\n    // is \"opaqueredirect\", status is 0, status message is the empty byte\n    // sequence, header list is empty, and body is null.\n\n    return makeFilteredResponse(response, {\n      type: 'opaqueredirect',\n      status: 0,\n      statusText: '',\n      headersList: [],\n      body: null\n    })\n  } else {\n    assert(false)\n  }\n}\n\n// https://fetch.spec.whatwg.org/#appropriate-network-error\nfunction makeAppropriateNetworkError (fetchParams, err = null) {\n  // 1. Assert: fetchParams is canceled.\n  assert(isCancelled(fetchParams))\n\n  // 2. Return an aborted network error if fetchParams is aborted;\n  // otherwise return a network error.\n  return isAborted(fetchParams)\n    ? makeNetworkError(Object.assign(new DOMException('The operation was aborted.', 'AbortError'), { cause: err }))\n    : makeNetworkError(Object.assign(new DOMException('Request was cancelled.'), { cause: err }))\n}\n\n// https://whatpr.org/fetch/1392.html#initialize-a-response\nfunction initializeResponse (response, init, body) {\n  // 1. If init[\"status\"] is not in the range 200 to 599, inclusive, then\n  //    throw a RangeError.\n  if (init.status !== null && (init.status < 200 || init.status > 599)) {\n    throw new RangeError('init[\"status\"] must be in the range of 200 to 599, inclusive.')\n  }\n\n  // 2. If init[\"statusText\"] does not match the reason-phrase token production,\n  //    then throw a TypeError.\n  if ('statusText' in init && init.statusText != null) {\n    // See, https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.2:\n    //   reason-phrase  = *( HTAB / SP / VCHAR / obs-text )\n    if (!isValidReasonPhrase(String(init.statusText))) {\n      throw new TypeError('Invalid statusText')\n    }\n  }\n\n  // 3. Set response’s response’s status to init[\"status\"].\n  if ('status' in init && init.status != null) {\n    response[kState].status = init.status\n  }\n\n  // 4. Set response’s response’s status message to init[\"statusText\"].\n  if ('statusText' in init && init.statusText != null) {\n    response[kState].statusText = init.statusText\n  }\n\n  // 5. If init[\"headers\"] exists, then fill response’s headers with init[\"headers\"].\n  if ('headers' in init && init.headers != null) {\n    fill(response[kHeaders], init.headers)\n  }\n\n  // 6. If body was given, then:\n  if (body) {\n    // 1. If response's status is a null body status, then throw a TypeError.\n    if (nullBodyStatus.includes(response.status)) {\n      throw webidl.errors.exception({\n        header: 'Response constructor',\n        message: 'Invalid response status code ' + response.status\n      })\n    }\n\n    // 2. Set response's body to body's body.\n    response[kState].body = body.body\n\n    // 3. If body's type is non-null and response's header list does not contain\n    //    `Content-Type`, then append (`Content-Type`, body's type) to response's header list.\n    if (body.type != null && !response[kState].headersList.contains('Content-Type')) {\n      response[kState].headersList.append('content-type', body.type)\n    }\n  }\n}\n\nwebidl.converters.ReadableStream = webidl.interfaceConverter(\n  ReadableStream\n)\n\nwebidl.converters.FormData = webidl.interfaceConverter(\n  FormData\n)\n\nwebidl.converters.URLSearchParams = webidl.interfaceConverter(\n  URLSearchParams\n)\n\n// https://fetch.spec.whatwg.org/#typedefdef-xmlhttprequestbodyinit\nwebidl.converters.XMLHttpRequestBodyInit = function (V) {\n  if (typeof V === 'string') {\n    return webidl.converters.USVString(V)\n  }\n\n  if (isBlobLike(V)) {\n    return webidl.converters.Blob(V, { strict: false })\n  }\n\n  if (types.isArrayBuffer(V) || types.isTypedArray(V) || types.isDataView(V)) {\n    return webidl.converters.BufferSource(V)\n  }\n\n  if (util.isFormDataLike(V)) {\n    return webidl.converters.FormData(V, { strict: false })\n  }\n\n  if (V instanceof URLSearchParams) {\n    return webidl.converters.URLSearchParams(V)\n  }\n\n  return webidl.converters.DOMString(V)\n}\n\n// https://fetch.spec.whatwg.org/#bodyinit\nwebidl.converters.BodyInit = function (V) {\n  if (V instanceof ReadableStream) {\n    return webidl.converters.ReadableStream(V)\n  }\n\n  // Note: the spec doesn't include async iterables,\n  // this is an undici extension.\n  if (V?.[Symbol.asyncIterator]) {\n    return V\n  }\n\n  return webidl.converters.XMLHttpRequestBodyInit(V)\n}\n\nwebidl.converters.ResponseInit = webidl.dictionaryConverter([\n  {\n    key: 'status',\n    converter: webidl.converters['unsigned short'],\n    defaultValue: 200\n  },\n  {\n    key: 'statusText',\n    converter: webidl.converters.ByteString,\n    defaultValue: ''\n  },\n  {\n    key: 'headers',\n    converter: webidl.converters.HeadersInit\n  }\n])\n\nmodule.exports = {\n  makeNetworkError,\n  makeResponse,\n  makeAppropriateNetworkError,\n  filterResponse,\n  Response,\n  cloneResponse\n}\n","'use strict'\n\nmodule.exports = {\n  kUrl: Symbol('url'),\n  kHeaders: Symbol('headers'),\n  kSignal: Symbol('signal'),\n  kState: Symbol('state'),\n  kGuard: Symbol('guard'),\n  kRealm: Symbol('realm')\n}\n","'use strict'\n\nconst { redirectStatusSet, referrerPolicySet: referrerPolicyTokens, badPortsSet } = require('./constants')\nconst { getGlobalOrigin } = require('./global')\nconst { performance } = require('perf_hooks')\nconst { isBlobLike, toUSVString, ReadableStreamFrom } = require('../core/util')\nconst assert = require('assert')\nconst { isUint8Array } = require('util/types')\n\nlet supportedHashes = []\n\n// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable\n/** @type {import('crypto')|undefined} */\nlet crypto\n\ntry {\n  crypto = require('crypto')\n  const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']\n  supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))\n/* c8 ignore next 3 */\n} catch {\n}\n\nfunction responseURL (response) {\n  // https://fetch.spec.whatwg.org/#responses\n  // A response has an associated URL. It is a pointer to the last URL\n  // in response’s URL list and null if response’s URL list is empty.\n  const urlList = response.urlList\n  const length = urlList.length\n  return length === 0 ? null : urlList[length - 1].toString()\n}\n\n// https://fetch.spec.whatwg.org/#concept-response-location-url\nfunction responseLocationURL (response, requestFragment) {\n  // 1. If response’s status is not a redirect status, then return null.\n  if (!redirectStatusSet.has(response.status)) {\n    return null\n  }\n\n  // 2. Let location be the result of extracting header list values given\n  // `Location` and response’s header list.\n  let location = response.headersList.get('location')\n\n  // 3. If location is a header value, then set location to the result of\n  //    parsing location with response’s URL.\n  if (location !== null && isValidHeaderValue(location)) {\n    location = new URL(location, responseURL(response))\n  }\n\n  // 4. If location is a URL whose fragment is null, then set location’s\n  // fragment to requestFragment.\n  if (location && !location.hash) {\n    location.hash = requestFragment\n  }\n\n  // 5. Return location.\n  return location\n}\n\n/** @returns {URL} */\nfunction requestCurrentURL (request) {\n  return request.urlList[request.urlList.length - 1]\n}\n\nfunction requestBadPort (request) {\n  // 1. Let url be request’s current URL.\n  const url = requestCurrentURL(request)\n\n  // 2. If url’s scheme is an HTTP(S) scheme and url’s port is a bad port,\n  // then return blocked.\n  if (urlIsHttpHttpsScheme(url) && badPortsSet.has(url.port)) {\n    return 'blocked'\n  }\n\n  // 3. Return allowed.\n  return 'allowed'\n}\n\nfunction isErrorLike (object) {\n  return object instanceof Error || (\n    object?.constructor?.name === 'Error' ||\n    object?.constructor?.name === 'DOMException'\n  )\n}\n\n// Check whether |statusText| is a ByteString and\n// matches the Reason-Phrase token production.\n// RFC 2616: https://tools.ietf.org/html/rfc2616\n// RFC 7230: https://tools.ietf.org/html/rfc7230\n// \"reason-phrase = *( HTAB / SP / VCHAR / obs-text )\"\n// https://github.com/chromium/chromium/blob/94.0.4604.1/third_party/blink/renderer/core/fetch/response.cc#L116\nfunction isValidReasonPhrase (statusText) {\n  for (let i = 0; i < statusText.length; ++i) {\n    const c = statusText.charCodeAt(i)\n    if (\n      !(\n        (\n          c === 0x09 || // HTAB\n          (c >= 0x20 && c <= 0x7e) || // SP / VCHAR\n          (c >= 0x80 && c <= 0xff)\n        ) // obs-text\n      )\n    ) {\n      return false\n    }\n  }\n  return true\n}\n\n/**\n * @see https://tools.ietf.org/html/rfc7230#section-3.2.6\n * @param {number} c\n */\nfunction isTokenCharCode (c) {\n  switch (c) {\n    case 0x22:\n    case 0x28:\n    case 0x29:\n    case 0x2c:\n    case 0x2f:\n    case 0x3a:\n    case 0x3b:\n    case 0x3c:\n    case 0x3d:\n    case 0x3e:\n    case 0x3f:\n    case 0x40:\n    case 0x5b:\n    case 0x5c:\n    case 0x5d:\n    case 0x7b:\n    case 0x7d:\n      // DQUOTE and \"(),/:;<=>?@[\\]{}\"\n      return false\n    default:\n      // VCHAR %x21-7E\n      return c >= 0x21 && c <= 0x7e\n  }\n}\n\n/**\n * @param {string} characters\n */\nfunction isValidHTTPToken (characters) {\n  if (characters.length === 0) {\n    return false\n  }\n  for (let i = 0; i < characters.length; ++i) {\n    if (!isTokenCharCode(characters.charCodeAt(i))) {\n      return false\n    }\n  }\n  return true\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#header-name\n * @param {string} potentialValue\n */\nfunction isValidHeaderName (potentialValue) {\n  return isValidHTTPToken(potentialValue)\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#header-value\n * @param {string} potentialValue\n */\nfunction isValidHeaderValue (potentialValue) {\n  // - Has no leading or trailing HTTP tab or space bytes.\n  // - Contains no 0x00 (NUL) or HTTP newline bytes.\n  if (\n    potentialValue.startsWith('\\t') ||\n    potentialValue.startsWith(' ') ||\n    potentialValue.endsWith('\\t') ||\n    potentialValue.endsWith(' ')\n  ) {\n    return false\n  }\n\n  if (\n    potentialValue.includes('\\0') ||\n    potentialValue.includes('\\r') ||\n    potentialValue.includes('\\n')\n  ) {\n    return false\n  }\n\n  return true\n}\n\n// https://w3c.github.io/webappsec-referrer-policy/#set-requests-referrer-policy-on-redirect\nfunction setRequestReferrerPolicyOnRedirect (request, actualResponse) {\n  //  Given a request request and a response actualResponse, this algorithm\n  //  updates request’s referrer policy according to the Referrer-Policy\n  //  header (if any) in actualResponse.\n\n  // 1. Let policy be the result of executing § 8.1 Parse a referrer policy\n  // from a Referrer-Policy header on actualResponse.\n\n  // 8.1 Parse a referrer policy from a Referrer-Policy header\n  // 1. Let policy-tokens be the result of extracting header list values given `Referrer-Policy` and response’s header list.\n  const { headersList } = actualResponse\n  // 2. Let policy be the empty string.\n  // 3. For each token in policy-tokens, if token is a referrer policy and token is not the empty string, then set policy to token.\n  // 4. Return policy.\n  const policyHeader = (headersList.get('referrer-policy') ?? '').split(',')\n\n  // Note: As the referrer-policy can contain multiple policies\n  // separated by comma, we need to loop through all of them\n  // and pick the first valid one.\n  // Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#specify_a_fallback_policy\n  let policy = ''\n  if (policyHeader.length > 0) {\n    // The right-most policy takes precedence.\n    // The left-most policy is the fallback.\n    for (let i = policyHeader.length; i !== 0; i--) {\n      const token = policyHeader[i - 1].trim()\n      if (referrerPolicyTokens.has(token)) {\n        policy = token\n        break\n      }\n    }\n  }\n\n  // 2. If policy is not the empty string, then set request’s referrer policy to policy.\n  if (policy !== '') {\n    request.referrerPolicy = policy\n  }\n}\n\n// https://fetch.spec.whatwg.org/#cross-origin-resource-policy-check\nfunction crossOriginResourcePolicyCheck () {\n  // TODO\n  return 'allowed'\n}\n\n// https://fetch.spec.whatwg.org/#concept-cors-check\nfunction corsCheck () {\n  // TODO\n  return 'success'\n}\n\n// https://fetch.spec.whatwg.org/#concept-tao-check\nfunction TAOCheck () {\n  // TODO\n  return 'success'\n}\n\nfunction appendFetchMetadata (httpRequest) {\n  //  https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-dest-header\n  //  TODO\n\n  //  https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-mode-header\n\n  //  1. Assert: r’s url is a potentially trustworthy URL.\n  //  TODO\n\n  //  2. Let header be a Structured Header whose value is a token.\n  let header = null\n\n  //  3. Set header’s value to r’s mode.\n  header = httpRequest.mode\n\n  //  4. Set a structured field value `Sec-Fetch-Mode`/header in r’s header list.\n  httpRequest.headersList.set('sec-fetch-mode', header)\n\n  //  https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-site-header\n  //  TODO\n\n  //  https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-user-header\n  //  TODO\n}\n\n// https://fetch.spec.whatwg.org/#append-a-request-origin-header\nfunction appendRequestOriginHeader (request) {\n  // 1. Let serializedOrigin be the result of byte-serializing a request origin with request.\n  let serializedOrigin = request.origin\n\n  // 2. If request’s response tainting is \"cors\" or request’s mode is \"websocket\", then append (`Origin`, serializedOrigin) to request’s header list.\n  if (request.responseTainting === 'cors' || request.mode === 'websocket') {\n    if (serializedOrigin) {\n      request.headersList.append('origin', serializedOrigin)\n    }\n\n  // 3. Otherwise, if request’s method is neither `GET` nor `HEAD`, then:\n  } else if (request.method !== 'GET' && request.method !== 'HEAD') {\n    // 1. Switch on request’s referrer policy:\n    switch (request.referrerPolicy) {\n      case 'no-referrer':\n        // Set serializedOrigin to `null`.\n        serializedOrigin = null\n        break\n      case 'no-referrer-when-downgrade':\n      case 'strict-origin':\n      case 'strict-origin-when-cross-origin':\n        // If request’s origin is a tuple origin, its scheme is \"https\", and request’s current URL’s scheme is not \"https\", then set serializedOrigin to `null`.\n        if (request.origin && urlHasHttpsScheme(request.origin) && !urlHasHttpsScheme(requestCurrentURL(request))) {\n          serializedOrigin = null\n        }\n        break\n      case 'same-origin':\n        // If request’s origin is not same origin with request’s current URL’s origin, then set serializedOrigin to `null`.\n        if (!sameOrigin(request, requestCurrentURL(request))) {\n          serializedOrigin = null\n        }\n        break\n      default:\n        // Do nothing.\n    }\n\n    if (serializedOrigin) {\n      // 2. Append (`Origin`, serializedOrigin) to request’s header list.\n      request.headersList.append('origin', serializedOrigin)\n    }\n  }\n}\n\nfunction coarsenedSharedCurrentTime (crossOriginIsolatedCapability) {\n  // TODO\n  return performance.now()\n}\n\n// https://fetch.spec.whatwg.org/#create-an-opaque-timing-info\nfunction createOpaqueTimingInfo (timingInfo) {\n  return {\n    startTime: timingInfo.startTime ?? 0,\n    redirectStartTime: 0,\n    redirectEndTime: 0,\n    postRedirectStartTime: timingInfo.startTime ?? 0,\n    finalServiceWorkerStartTime: 0,\n    finalNetworkResponseStartTime: 0,\n    finalNetworkRequestStartTime: 0,\n    endTime: 0,\n    encodedBodySize: 0,\n    decodedBodySize: 0,\n    finalConnectionTimingInfo: null\n  }\n}\n\n// https://html.spec.whatwg.org/multipage/origin.html#policy-container\nfunction makePolicyContainer () {\n  // Note: the fetch spec doesn't make use of embedder policy or CSP list\n  return {\n    referrerPolicy: 'strict-origin-when-cross-origin'\n  }\n}\n\n// https://html.spec.whatwg.org/multipage/origin.html#clone-a-policy-container\nfunction clonePolicyContainer (policyContainer) {\n  return {\n    referrerPolicy: policyContainer.referrerPolicy\n  }\n}\n\n// https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer\nfunction determineRequestsReferrer (request) {\n  // 1. Let policy be request's referrer policy.\n  const policy = request.referrerPolicy\n\n  // Note: policy cannot (shouldn't) be null or an empty string.\n  assert(policy)\n\n  // 2. Let environment be request’s client.\n\n  let referrerSource = null\n\n  // 3. Switch on request’s referrer:\n  if (request.referrer === 'client') {\n    // Note: node isn't a browser and doesn't implement document/iframes,\n    // so we bypass this step and replace it with our own.\n\n    const globalOrigin = getGlobalOrigin()\n\n    if (!globalOrigin || globalOrigin.origin === 'null') {\n      return 'no-referrer'\n    }\n\n    // note: we need to clone it as it's mutated\n    referrerSource = new URL(globalOrigin)\n  } else if (request.referrer instanceof URL) {\n    // Let referrerSource be request’s referrer.\n    referrerSource = request.referrer\n  }\n\n  // 4. Let request’s referrerURL be the result of stripping referrerSource for\n  //    use as a referrer.\n  let referrerURL = stripURLForReferrer(referrerSource)\n\n  // 5. Let referrerOrigin be the result of stripping referrerSource for use as\n  //    a referrer, with the origin-only flag set to true.\n  const referrerOrigin = stripURLForReferrer(referrerSource, true)\n\n  // 6. If the result of serializing referrerURL is a string whose length is\n  //    greater than 4096, set referrerURL to referrerOrigin.\n  if (referrerURL.toString().length > 4096) {\n    referrerURL = referrerOrigin\n  }\n\n  const areSameOrigin = sameOrigin(request, referrerURL)\n  const isNonPotentiallyTrustWorthy = isURLPotentiallyTrustworthy(referrerURL) &&\n    !isURLPotentiallyTrustworthy(request.url)\n\n  // 8. Execute the switch statements corresponding to the value of policy:\n  switch (policy) {\n    case 'origin': return referrerOrigin != null ? referrerOrigin : stripURLForReferrer(referrerSource, true)\n    case 'unsafe-url': return referrerURL\n    case 'same-origin':\n      return areSameOrigin ? referrerOrigin : 'no-referrer'\n    case 'origin-when-cross-origin':\n      return areSameOrigin ? referrerURL : referrerOrigin\n    case 'strict-origin-when-cross-origin': {\n      const currentURL = requestCurrentURL(request)\n\n      // 1. If the origin of referrerURL and the origin of request’s current\n      //    URL are the same, then return referrerURL.\n      if (sameOrigin(referrerURL, currentURL)) {\n        return referrerURL\n      }\n\n      // 2. If referrerURL is a potentially trustworthy URL and request’s\n      //    current URL is not a potentially trustworthy URL, then return no\n      //    referrer.\n      if (isURLPotentiallyTrustworthy(referrerURL) && !isURLPotentiallyTrustworthy(currentURL)) {\n        return 'no-referrer'\n      }\n\n      // 3. Return referrerOrigin.\n      return referrerOrigin\n    }\n    case 'strict-origin': // eslint-disable-line\n      /**\n         * 1. If referrerURL is a potentially trustworthy URL and\n         * request’s current URL is not a potentially trustworthy URL,\n         * then return no referrer.\n         * 2. Return referrerOrigin\n        */\n    case 'no-referrer-when-downgrade': // eslint-disable-line\n      /**\n       * 1. If referrerURL is a potentially trustworthy URL and\n       * request’s current URL is not a potentially trustworthy URL,\n       * then return no referrer.\n       * 2. Return referrerOrigin\n      */\n\n    default: // eslint-disable-line\n      return isNonPotentiallyTrustWorthy ? 'no-referrer' : referrerOrigin\n  }\n}\n\n/**\n * @see https://w3c.github.io/webappsec-referrer-policy/#strip-url\n * @param {URL} url\n * @param {boolean|undefined} originOnly\n */\nfunction stripURLForReferrer (url, originOnly) {\n  // 1. Assert: url is a URL.\n  assert(url instanceof URL)\n\n  // 2. If url’s scheme is a local scheme, then return no referrer.\n  if (url.protocol === 'file:' || url.protocol === 'about:' || url.protocol === 'blank:') {\n    return 'no-referrer'\n  }\n\n  // 3. Set url’s username to the empty string.\n  url.username = ''\n\n  // 4. Set url’s password to the empty string.\n  url.password = ''\n\n  // 5. Set url’s fragment to null.\n  url.hash = ''\n\n  // 6. If the origin-only flag is true, then:\n  if (originOnly) {\n    // 1. Set url’s path to « the empty string ».\n    url.pathname = ''\n\n    // 2. Set url’s query to null.\n    url.search = ''\n  }\n\n  // 7. Return url.\n  return url\n}\n\nfunction isURLPotentiallyTrustworthy (url) {\n  if (!(url instanceof URL)) {\n    return false\n  }\n\n  // If child of about, return true\n  if (url.href === 'about:blank' || url.href === 'about:srcdoc') {\n    return true\n  }\n\n  // If scheme is data, return true\n  if (url.protocol === 'data:') return true\n\n  // If file, return true\n  if (url.protocol === 'file:') return true\n\n  return isOriginPotentiallyTrustworthy(url.origin)\n\n  function isOriginPotentiallyTrustworthy (origin) {\n    // If origin is explicitly null, return false\n    if (origin == null || origin === 'null') return false\n\n    const originAsURL = new URL(origin)\n\n    // If secure, return true\n    if (originAsURL.protocol === 'https:' || originAsURL.protocol === 'wss:') {\n      return true\n    }\n\n    // If localhost or variants, return true\n    if (/^127(?:\\.[0-9]+){0,2}\\.[0-9]+$|^\\[(?:0*:)*?:?0*1\\]$/.test(originAsURL.hostname) ||\n     (originAsURL.hostname === 'localhost' || originAsURL.hostname.includes('localhost.')) ||\n     (originAsURL.hostname.endsWith('.localhost'))) {\n      return true\n    }\n\n    // If any other, return false\n    return false\n  }\n}\n\n/**\n * @see https://w3c.github.io/webappsec-subresource-integrity/#does-response-match-metadatalist\n * @param {Uint8Array} bytes\n * @param {string} metadataList\n */\nfunction bytesMatch (bytes, metadataList) {\n  // If node is not built with OpenSSL support, we cannot check\n  // a request's integrity, so allow it by default (the spec will\n  // allow requests if an invalid hash is given, as precedence).\n  /* istanbul ignore if: only if node is built with --without-ssl */\n  if (crypto === undefined) {\n    return true\n  }\n\n  // 1. Let parsedMetadata be the result of parsing metadataList.\n  const parsedMetadata = parseMetadata(metadataList)\n\n  // 2. If parsedMetadata is no metadata, return true.\n  if (parsedMetadata === 'no metadata') {\n    return true\n  }\n\n  // 3. If response is not eligible for integrity validation, return false.\n  // TODO\n\n  // 4. If parsedMetadata is the empty set, return true.\n  if (parsedMetadata.length === 0) {\n    return true\n  }\n\n  // 5. Let metadata be the result of getting the strongest\n  //    metadata from parsedMetadata.\n  const strongest = getStrongestMetadata(parsedMetadata)\n  const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest)\n\n  // 6. For each item in metadata:\n  for (const item of metadata) {\n    // 1. Let algorithm be the alg component of item.\n    const algorithm = item.algo\n\n    // 2. Let expectedValue be the val component of item.\n    const expectedValue = item.hash\n\n    // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e\n    // \"be liberal with padding\". This is annoying, and it's not even in the spec.\n\n    // 3. Let actualValue be the result of applying algorithm to bytes.\n    let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')\n\n    if (actualValue[actualValue.length - 1] === '=') {\n      if (actualValue[actualValue.length - 2] === '=') {\n        actualValue = actualValue.slice(0, -2)\n      } else {\n        actualValue = actualValue.slice(0, -1)\n      }\n    }\n\n    // 4. If actualValue is a case-sensitive match for expectedValue,\n    //    return true.\n    if (compareBase64Mixed(actualValue, expectedValue)) {\n      return true\n    }\n  }\n\n  // 7. Return false.\n  return false\n}\n\n// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options\n// https://www.w3.org/TR/CSP2/#source-list-syntax\n// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1\nconst parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\\s|$)( +[!-~]*)?)?/i\n\n/**\n * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata\n * @param {string} metadata\n */\nfunction parseMetadata (metadata) {\n  // 1. Let result be the empty set.\n  /** @type {{ algo: string, hash: string }[]} */\n  const result = []\n\n  // 2. Let empty be equal to true.\n  let empty = true\n\n  // 3. For each token returned by splitting metadata on spaces:\n  for (const token of metadata.split(' ')) {\n    // 1. Set empty to false.\n    empty = false\n\n    // 2. Parse token as a hash-with-options.\n    const parsedToken = parseHashWithOptions.exec(token)\n\n    // 3. If token does not parse, continue to the next token.\n    if (\n      parsedToken === null ||\n      parsedToken.groups === undefined ||\n      parsedToken.groups.algo === undefined\n    ) {\n      // Note: Chromium blocks the request at this point, but Firefox\n      // gives a warning that an invalid integrity was given. The\n      // correct behavior is to ignore these, and subsequently not\n      // check the integrity of the resource.\n      continue\n    }\n\n    // 4. Let algorithm be the hash-algo component of token.\n    const algorithm = parsedToken.groups.algo.toLowerCase()\n\n    // 5. If algorithm is a hash function recognized by the user\n    //    agent, add the parsed token to result.\n    if (supportedHashes.includes(algorithm)) {\n      result.push(parsedToken.groups)\n    }\n  }\n\n  // 4. Return no metadata if empty is true, otherwise return result.\n  if (empty === true) {\n    return 'no metadata'\n  }\n\n  return result\n}\n\n/**\n * @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList\n */\nfunction getStrongestMetadata (metadataList) {\n  // Let algorithm be the algo component of the first item in metadataList.\n  // Can be sha256\n  let algorithm = metadataList[0].algo\n  // If the algorithm is sha512, then it is the strongest\n  // and we can return immediately\n  if (algorithm[3] === '5') {\n    return algorithm\n  }\n\n  for (let i = 1; i < metadataList.length; ++i) {\n    const metadata = metadataList[i]\n    // If the algorithm is sha512, then it is the strongest\n    // and we can break the loop immediately\n    if (metadata.algo[3] === '5') {\n      algorithm = 'sha512'\n      break\n    // If the algorithm is sha384, then a potential sha256 or sha384 is ignored\n    } else if (algorithm[3] === '3') {\n      continue\n    // algorithm is sha256, check if algorithm is sha384 and if so, set it as\n    // the strongest\n    } else if (metadata.algo[3] === '3') {\n      algorithm = 'sha384'\n    }\n  }\n  return algorithm\n}\n\nfunction filterMetadataListByAlgorithm (metadataList, algorithm) {\n  if (metadataList.length === 1) {\n    return metadataList\n  }\n\n  let pos = 0\n  for (let i = 0; i < metadataList.length; ++i) {\n    if (metadataList[i].algo === algorithm) {\n      metadataList[pos++] = metadataList[i]\n    }\n  }\n\n  metadataList.length = pos\n\n  return metadataList\n}\n\n/**\n * Compares two base64 strings, allowing for base64url\n * in the second string.\n *\n* @param {string} actualValue always base64\n * @param {string} expectedValue base64 or base64url\n * @returns {boolean}\n */\nfunction compareBase64Mixed (actualValue, expectedValue) {\n  if (actualValue.length !== expectedValue.length) {\n    return false\n  }\n  for (let i = 0; i < actualValue.length; ++i) {\n    if (actualValue[i] !== expectedValue[i]) {\n      if (\n        (actualValue[i] === '+' && expectedValue[i] === '-') ||\n        (actualValue[i] === '/' && expectedValue[i] === '_')\n      ) {\n        continue\n      }\n      return false\n    }\n  }\n\n  return true\n}\n\n// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request\nfunction tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {\n  // TODO\n}\n\n/**\n * @link {https://html.spec.whatwg.org/multipage/origin.html#same-origin}\n * @param {URL} A\n * @param {URL} B\n */\nfunction sameOrigin (A, B) {\n  // 1. If A and B are the same opaque origin, then return true.\n  if (A.origin === B.origin && A.origin === 'null') {\n    return true\n  }\n\n  // 2. If A and B are both tuple origins and their schemes,\n  //    hosts, and port are identical, then return true.\n  if (A.protocol === B.protocol && A.hostname === B.hostname && A.port === B.port) {\n    return true\n  }\n\n  // 3. Return false.\n  return false\n}\n\nfunction createDeferredPromise () {\n  let res\n  let rej\n  const promise = new Promise((resolve, reject) => {\n    res = resolve\n    rej = reject\n  })\n\n  return { promise, resolve: res, reject: rej }\n}\n\nfunction isAborted (fetchParams) {\n  return fetchParams.controller.state === 'aborted'\n}\n\nfunction isCancelled (fetchParams) {\n  return fetchParams.controller.state === 'aborted' ||\n    fetchParams.controller.state === 'terminated'\n}\n\nconst normalizeMethodRecord = {\n  delete: 'DELETE',\n  DELETE: 'DELETE',\n  get: 'GET',\n  GET: 'GET',\n  head: 'HEAD',\n  HEAD: 'HEAD',\n  options: 'OPTIONS',\n  OPTIONS: 'OPTIONS',\n  post: 'POST',\n  POST: 'POST',\n  put: 'PUT',\n  PUT: 'PUT'\n}\n\n// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.\nObject.setPrototypeOf(normalizeMethodRecord, null)\n\n/**\n * @see https://fetch.spec.whatwg.org/#concept-method-normalize\n * @param {string} method\n */\nfunction normalizeMethod (method) {\n  return normalizeMethodRecord[method.toLowerCase()] ?? method\n}\n\n// https://infra.spec.whatwg.org/#serialize-a-javascript-value-to-a-json-string\nfunction serializeJavascriptValueToJSONString (value) {\n  // 1. Let result be ? Call(%JSON.stringify%, undefined, « value »).\n  const result = JSON.stringify(value)\n\n  // 2. If result is undefined, then throw a TypeError.\n  if (result === undefined) {\n    throw new TypeError('Value is not JSON serializable')\n  }\n\n  // 3. Assert: result is a string.\n  assert(typeof result === 'string')\n\n  // 4. Return result.\n  return result\n}\n\n// https://tc39.es/ecma262/#sec-%25iteratorprototype%25-object\nconst esIteratorPrototype = Object.getPrototypeOf(Object.getPrototypeOf([][Symbol.iterator]()))\n\n/**\n * @see https://webidl.spec.whatwg.org/#dfn-iterator-prototype-object\n * @param {() => unknown[]} iterator\n * @param {string} name name of the instance\n * @param {'key'|'value'|'key+value'} kind\n */\nfunction makeIterator (iterator, name, kind) {\n  const object = {\n    index: 0,\n    kind,\n    target: iterator\n  }\n\n  const i = {\n    next () {\n      // 1. Let interface be the interface for which the iterator prototype object exists.\n\n      // 2. Let thisValue be the this value.\n\n      // 3. Let object be ? ToObject(thisValue).\n\n      // 4. If object is a platform object, then perform a security\n      //    check, passing:\n\n      // 5. If object is not a default iterator object for interface,\n      //    then throw a TypeError.\n      if (Object.getPrototypeOf(this) !== i) {\n        throw new TypeError(\n          `'next' called on an object that does not implement interface ${name} Iterator.`\n        )\n      }\n\n      // 6. Let index be object’s index.\n      // 7. Let kind be object’s kind.\n      // 8. Let values be object’s target's value pairs to iterate over.\n      const { index, kind, target } = object\n      const values = target()\n\n      // 9. Let len be the length of values.\n      const len = values.length\n\n      // 10. If index is greater than or equal to len, then return\n      //     CreateIterResultObject(undefined, true).\n      if (index >= len) {\n        return { value: undefined, done: true }\n      }\n\n      // 11. Let pair be the entry in values at index index.\n      const pair = values[index]\n\n      // 12. Set object’s index to index + 1.\n      object.index = index + 1\n\n      // 13. Return the iterator result for pair and kind.\n      return iteratorResult(pair, kind)\n    },\n    // The class string of an iterator prototype object for a given interface is the\n    // result of concatenating the identifier of the interface and the string \" Iterator\".\n    [Symbol.toStringTag]: `${name} Iterator`\n  }\n\n  // The [[Prototype]] internal slot of an iterator prototype object must be %IteratorPrototype%.\n  Object.setPrototypeOf(i, esIteratorPrototype)\n  // esIteratorPrototype needs to be the prototype of i\n  // which is the prototype of an empty object. Yes, it's confusing.\n  return Object.setPrototypeOf({}, i)\n}\n\n// https://webidl.spec.whatwg.org/#iterator-result\nfunction iteratorResult (pair, kind) {\n  let result\n\n  // 1. Let result be a value determined by the value of kind:\n  switch (kind) {\n    case 'key': {\n      // 1. Let idlKey be pair’s key.\n      // 2. Let key be the result of converting idlKey to an\n      //    ECMAScript value.\n      // 3. result is key.\n      result = pair[0]\n      break\n    }\n    case 'value': {\n      // 1. Let idlValue be pair’s value.\n      // 2. Let value be the result of converting idlValue to\n      //    an ECMAScript value.\n      // 3. result is value.\n      result = pair[1]\n      break\n    }\n    case 'key+value': {\n      // 1. Let idlKey be pair’s key.\n      // 2. Let idlValue be pair’s value.\n      // 3. Let key be the result of converting idlKey to an\n      //    ECMAScript value.\n      // 4. Let value be the result of converting idlValue to\n      //    an ECMAScript value.\n      // 5. Let array be ! ArrayCreate(2).\n      // 6. Call ! CreateDataProperty(array, \"0\", key).\n      // 7. Call ! CreateDataProperty(array, \"1\", value).\n      // 8. result is array.\n      result = pair\n      break\n    }\n  }\n\n  // 2. Return CreateIterResultObject(result, false).\n  return { value: result, done: false }\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#body-fully-read\n */\nasync function fullyReadBody (body, processBody, processBodyError) {\n  // 1. If taskDestination is null, then set taskDestination to\n  //    the result of starting a new parallel queue.\n\n  // 2. Let successSteps given a byte sequence bytes be to queue a\n  //    fetch task to run processBody given bytes, with taskDestination.\n  const successSteps = processBody\n\n  // 3. Let errorSteps be to queue a fetch task to run processBodyError,\n  //    with taskDestination.\n  const errorSteps = processBodyError\n\n  // 4. Let reader be the result of getting a reader for body’s stream.\n  //    If that threw an exception, then run errorSteps with that\n  //    exception and return.\n  let reader\n\n  try {\n    reader = body.stream.getReader()\n  } catch (e) {\n    errorSteps(e)\n    return\n  }\n\n  // 5. Read all bytes from reader, given successSteps and errorSteps.\n  try {\n    const result = await readAllBytes(reader)\n    successSteps(result)\n  } catch (e) {\n    errorSteps(e)\n  }\n}\n\n/** @type {ReadableStream} */\nlet ReadableStream = globalThis.ReadableStream\n\nfunction isReadableStreamLike (stream) {\n  if (!ReadableStream) {\n    ReadableStream = require('stream/web').ReadableStream\n  }\n\n  return stream instanceof ReadableStream || (\n    stream[Symbol.toStringTag] === 'ReadableStream' &&\n    typeof stream.tee === 'function'\n  )\n}\n\nconst MAXIMUM_ARGUMENT_LENGTH = 65535\n\n/**\n * @see https://infra.spec.whatwg.org/#isomorphic-decode\n * @param {number[]|Uint8Array} input\n */\nfunction isomorphicDecode (input) {\n  // 1. To isomorphic decode a byte sequence input, return a string whose code point\n  //    length is equal to input’s length and whose code points have the same values\n  //    as the values of input’s bytes, in the same order.\n\n  if (input.length < MAXIMUM_ARGUMENT_LENGTH) {\n    return String.fromCharCode(...input)\n  }\n\n  return input.reduce((previous, current) => previous + String.fromCharCode(current), '')\n}\n\n/**\n * @param {ReadableStreamController<Uint8Array>} controller\n */\nfunction readableStreamClose (controller) {\n  try {\n    controller.close()\n  } catch (err) {\n    // TODO: add comment explaining why this error occurs.\n    if (!err.message.includes('Controller is already closed')) {\n      throw err\n    }\n  }\n}\n\n/**\n * @see https://infra.spec.whatwg.org/#isomorphic-encode\n * @param {string} input\n */\nfunction isomorphicEncode (input) {\n  // 1. Assert: input contains no code points greater than U+00FF.\n  for (let i = 0; i < input.length; i++) {\n    assert(input.charCodeAt(i) <= 0xFF)\n  }\n\n  // 2. Return a byte sequence whose length is equal to input’s code\n  //    point length and whose bytes have the same values as the\n  //    values of input’s code points, in the same order\n  return input\n}\n\n/**\n * @see https://streams.spec.whatwg.org/#readablestreamdefaultreader-read-all-bytes\n * @see https://streams.spec.whatwg.org/#read-loop\n * @param {ReadableStreamDefaultReader} reader\n */\nasync function readAllBytes (reader) {\n  const bytes = []\n  let byteLength = 0\n\n  while (true) {\n    const { done, value: chunk } = await reader.read()\n\n    if (done) {\n      // 1. Call successSteps with bytes.\n      return Buffer.concat(bytes, byteLength)\n    }\n\n    // 1. If chunk is not a Uint8Array object, call failureSteps\n    //    with a TypeError and abort these steps.\n    if (!isUint8Array(chunk)) {\n      throw new TypeError('Received non-Uint8Array chunk')\n    }\n\n    // 2. Append the bytes represented by chunk to bytes.\n    bytes.push(chunk)\n    byteLength += chunk.length\n\n    // 3. Read-loop given reader, bytes, successSteps, and failureSteps.\n  }\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#is-local\n * @param {URL} url\n */\nfunction urlIsLocal (url) {\n  assert('protocol' in url) // ensure it's a url object\n\n  const protocol = url.protocol\n\n  return protocol === 'about:' || protocol === 'blob:' || protocol === 'data:'\n}\n\n/**\n * @param {string|URL} url\n */\nfunction urlHasHttpsScheme (url) {\n  if (typeof url === 'string') {\n    return url.startsWith('https:')\n  }\n\n  return url.protocol === 'https:'\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#http-scheme\n * @param {URL} url\n */\nfunction urlIsHttpHttpsScheme (url) {\n  assert('protocol' in url) // ensure it's a url object\n\n  const protocol = url.protocol\n\n  return protocol === 'http:' || protocol === 'https:'\n}\n\n/**\n * Fetch supports node >= 16.8.0, but Object.hasOwn was added in v16.9.0.\n */\nconst hasOwn = Object.hasOwn || ((dict, key) => Object.prototype.hasOwnProperty.call(dict, key))\n\nmodule.exports = {\n  isAborted,\n  isCancelled,\n  createDeferredPromise,\n  ReadableStreamFrom,\n  toUSVString,\n  tryUpgradeRequestToAPotentiallyTrustworthyURL,\n  coarsenedSharedCurrentTime,\n  determineRequestsReferrer,\n  makePolicyContainer,\n  clonePolicyContainer,\n  appendFetchMetadata,\n  appendRequestOriginHeader,\n  TAOCheck,\n  corsCheck,\n  crossOriginResourcePolicyCheck,\n  createOpaqueTimingInfo,\n  setRequestReferrerPolicyOnRedirect,\n  isValidHTTPToken,\n  requestBadPort,\n  requestCurrentURL,\n  responseURL,\n  responseLocationURL,\n  isBlobLike,\n  isURLPotentiallyTrustworthy,\n  isValidReasonPhrase,\n  sameOrigin,\n  normalizeMethod,\n  serializeJavascriptValueToJSONString,\n  makeIterator,\n  isValidHeaderName,\n  isValidHeaderValue,\n  hasOwn,\n  isErrorLike,\n  fullyReadBody,\n  bytesMatch,\n  isReadableStreamLike,\n  readableStreamClose,\n  isomorphicEncode,\n  isomorphicDecode,\n  urlIsLocal,\n  urlHasHttpsScheme,\n  urlIsHttpHttpsScheme,\n  readAllBytes,\n  normalizeMethodRecord,\n  parseMetadata\n}\n","'use strict'\n\nconst { types } = require('util')\nconst { hasOwn, toUSVString } = require('./util')\n\n/** @type {import('../../types/webidl').Webidl} */\nconst webidl = {}\nwebidl.converters = {}\nwebidl.util = {}\nwebidl.errors = {}\n\nwebidl.errors.exception = function (message) {\n  return new TypeError(`${message.header}: ${message.message}`)\n}\n\nwebidl.errors.conversionFailed = function (context) {\n  const plural = context.types.length === 1 ? '' : ' one of'\n  const message =\n    `${context.argument} could not be converted to` +\n    `${plural}: ${context.types.join(', ')}.`\n\n  return webidl.errors.exception({\n    header: context.prefix,\n    message\n  })\n}\n\nwebidl.errors.invalidArgument = function (context) {\n  return webidl.errors.exception({\n    header: context.prefix,\n    message: `\"${context.value}\" is an invalid ${context.type}.`\n  })\n}\n\n// https://webidl.spec.whatwg.org/#implements\nwebidl.brandCheck = function (V, I, opts = undefined) {\n  if (opts?.strict !== false && !(V instanceof I)) {\n    throw new TypeError('Illegal invocation')\n  } else {\n    return V?.[Symbol.toStringTag] === I.prototype[Symbol.toStringTag]\n  }\n}\n\nwebidl.argumentLengthCheck = function ({ length }, min, ctx) {\n  if (length < min) {\n    throw webidl.errors.exception({\n      message: `${min} argument${min !== 1 ? 's' : ''} required, ` +\n               `but${length ? ' only' : ''} ${length} found.`,\n      ...ctx\n    })\n  }\n}\n\nwebidl.illegalConstructor = function () {\n  throw webidl.errors.exception({\n    header: 'TypeError',\n    message: 'Illegal constructor'\n  })\n}\n\n// https://tc39.es/ecma262/#sec-ecmascript-data-types-and-values\nwebidl.util.Type = function (V) {\n  switch (typeof V) {\n    case 'undefined': return 'Undefined'\n    case 'boolean': return 'Boolean'\n    case 'string': return 'String'\n    case 'symbol': return 'Symbol'\n    case 'number': return 'Number'\n    case 'bigint': return 'BigInt'\n    case 'function':\n    case 'object': {\n      if (V === null) {\n        return 'Null'\n      }\n\n      return 'Object'\n    }\n  }\n}\n\n// https://webidl.spec.whatwg.org/#abstract-opdef-converttoint\nwebidl.util.ConvertToInt = function (V, bitLength, signedness, opts = {}) {\n  let upperBound\n  let lowerBound\n\n  // 1. If bitLength is 64, then:\n  if (bitLength === 64) {\n    // 1. Let upperBound be 2^53 − 1.\n    upperBound = Math.pow(2, 53) - 1\n\n    // 2. If signedness is \"unsigned\", then let lowerBound be 0.\n    if (signedness === 'unsigned') {\n      lowerBound = 0\n    } else {\n      // 3. Otherwise let lowerBound be −2^53 + 1.\n      lowerBound = Math.pow(-2, 53) + 1\n    }\n  } else if (signedness === 'unsigned') {\n    // 2. Otherwise, if signedness is \"unsigned\", then:\n\n    // 1. Let lowerBound be 0.\n    lowerBound = 0\n\n    // 2. Let upperBound be 2^bitLength − 1.\n    upperBound = Math.pow(2, bitLength) - 1\n  } else {\n    // 3. Otherwise:\n\n    // 1. Let lowerBound be -2^bitLength − 1.\n    lowerBound = Math.pow(-2, bitLength) - 1\n\n    // 2. Let upperBound be 2^bitLength − 1 − 1.\n    upperBound = Math.pow(2, bitLength - 1) - 1\n  }\n\n  // 4. Let x be ? ToNumber(V).\n  let x = Number(V)\n\n  // 5. If x is −0, then set x to +0.\n  if (x === 0) {\n    x = 0\n  }\n\n  // 6. If the conversion is to an IDL type associated\n  //    with the [EnforceRange] extended attribute, then:\n  if (opts.enforceRange === true) {\n    // 1. If x is NaN, +∞, or −∞, then throw a TypeError.\n    if (\n      Number.isNaN(x) ||\n      x === Number.POSITIVE_INFINITY ||\n      x === Number.NEGATIVE_INFINITY\n    ) {\n      throw webidl.errors.exception({\n        header: 'Integer conversion',\n        message: `Could not convert ${V} to an integer.`\n      })\n    }\n\n    // 2. Set x to IntegerPart(x).\n    x = webidl.util.IntegerPart(x)\n\n    // 3. If x < lowerBound or x > upperBound, then\n    //    throw a TypeError.\n    if (x < lowerBound || x > upperBound) {\n      throw webidl.errors.exception({\n        header: 'Integer conversion',\n        message: `Value must be between ${lowerBound}-${upperBound}, got ${x}.`\n      })\n    }\n\n    // 4. Return x.\n    return x\n  }\n\n  // 7. If x is not NaN and the conversion is to an IDL\n  //    type associated with the [Clamp] extended\n  //    attribute, then:\n  if (!Number.isNaN(x) && opts.clamp === true) {\n    // 1. Set x to min(max(x, lowerBound), upperBound).\n    x = Math.min(Math.max(x, lowerBound), upperBound)\n\n    // 2. Round x to the nearest integer, choosing the\n    //    even integer if it lies halfway between two,\n    //    and choosing +0 rather than −0.\n    if (Math.floor(x) % 2 === 0) {\n      x = Math.floor(x)\n    } else {\n      x = Math.ceil(x)\n    }\n\n    // 3. Return x.\n    return x\n  }\n\n  // 8. If x is NaN, +0, +∞, or −∞, then return +0.\n  if (\n    Number.isNaN(x) ||\n    (x === 0 && Object.is(0, x)) ||\n    x === Number.POSITIVE_INFINITY ||\n    x === Number.NEGATIVE_INFINITY\n  ) {\n    return 0\n  }\n\n  // 9. Set x to IntegerPart(x).\n  x = webidl.util.IntegerPart(x)\n\n  // 10. Set x to x modulo 2^bitLength.\n  x = x % Math.pow(2, bitLength)\n\n  // 11. If signedness is \"signed\" and x ≥ 2^bitLength − 1,\n  //    then return x − 2^bitLength.\n  if (signedness === 'signed' && x >= Math.pow(2, bitLength) - 1) {\n    return x - Math.pow(2, bitLength)\n  }\n\n  // 12. Otherwise, return x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#abstract-opdef-integerpart\nwebidl.util.IntegerPart = function (n) {\n  // 1. Let r be floor(abs(n)).\n  const r = Math.floor(Math.abs(n))\n\n  // 2. If n < 0, then return -1 × r.\n  if (n < 0) {\n    return -1 * r\n  }\n\n  // 3. Otherwise, return r.\n  return r\n}\n\n// https://webidl.spec.whatwg.org/#es-sequence\nwebidl.sequenceConverter = function (converter) {\n  return (V) => {\n    // 1. If Type(V) is not Object, throw a TypeError.\n    if (webidl.util.Type(V) !== 'Object') {\n      throw webidl.errors.exception({\n        header: 'Sequence',\n        message: `Value of type ${webidl.util.Type(V)} is not an Object.`\n      })\n    }\n\n    // 2. Let method be ? GetMethod(V, @@iterator).\n    /** @type {Generator} */\n    const method = V?.[Symbol.iterator]?.()\n    const seq = []\n\n    // 3. If method is undefined, throw a TypeError.\n    if (\n      method === undefined ||\n      typeof method.next !== 'function'\n    ) {\n      throw webidl.errors.exception({\n        header: 'Sequence',\n        message: 'Object is not an iterator.'\n      })\n    }\n\n    // https://webidl.spec.whatwg.org/#create-sequence-from-iterable\n    while (true) {\n      const { done, value } = method.next()\n\n      if (done) {\n        break\n      }\n\n      seq.push(converter(value))\n    }\n\n    return seq\n  }\n}\n\n// https://webidl.spec.whatwg.org/#es-to-record\nwebidl.recordConverter = function (keyConverter, valueConverter) {\n  return (O) => {\n    // 1. If Type(O) is not Object, throw a TypeError.\n    if (webidl.util.Type(O) !== 'Object') {\n      throw webidl.errors.exception({\n        header: 'Record',\n        message: `Value of type ${webidl.util.Type(O)} is not an Object.`\n      })\n    }\n\n    // 2. Let result be a new empty instance of record<K, V>.\n    const result = {}\n\n    if (!types.isProxy(O)) {\n      // Object.keys only returns enumerable properties\n      const keys = Object.keys(O)\n\n      for (const key of keys) {\n        // 1. Let typedKey be key converted to an IDL value of type K.\n        const typedKey = keyConverter(key)\n\n        // 2. Let value be ? Get(O, key).\n        // 3. Let typedValue be value converted to an IDL value of type V.\n        const typedValue = valueConverter(O[key])\n\n        // 4. Set result[typedKey] to typedValue.\n        result[typedKey] = typedValue\n      }\n\n      // 5. Return result.\n      return result\n    }\n\n    // 3. Let keys be ? O.[[OwnPropertyKeys]]().\n    const keys = Reflect.ownKeys(O)\n\n    // 4. For each key of keys.\n    for (const key of keys) {\n      // 1. Let desc be ? O.[[GetOwnProperty]](key).\n      const desc = Reflect.getOwnPropertyDescriptor(O, key)\n\n      // 2. If desc is not undefined and desc.[[Enumerable]] is true:\n      if (desc?.enumerable) {\n        // 1. Let typedKey be key converted to an IDL value of type K.\n        const typedKey = keyConverter(key)\n\n        // 2. Let value be ? Get(O, key).\n        // 3. Let typedValue be value converted to an IDL value of type V.\n        const typedValue = valueConverter(O[key])\n\n        // 4. Set result[typedKey] to typedValue.\n        result[typedKey] = typedValue\n      }\n    }\n\n    // 5. Return result.\n    return result\n  }\n}\n\nwebidl.interfaceConverter = function (i) {\n  return (V, opts = {}) => {\n    if (opts.strict !== false && !(V instanceof i)) {\n      throw webidl.errors.exception({\n        header: i.name,\n        message: `Expected ${V} to be an instance of ${i.name}.`\n      })\n    }\n\n    return V\n  }\n}\n\nwebidl.dictionaryConverter = function (converters) {\n  return (dictionary) => {\n    const type = webidl.util.Type(dictionary)\n    const dict = {}\n\n    if (type === 'Null' || type === 'Undefined') {\n      return dict\n    } else if (type !== 'Object') {\n      throw webidl.errors.exception({\n        header: 'Dictionary',\n        message: `Expected ${dictionary} to be one of: Null, Undefined, Object.`\n      })\n    }\n\n    for (const options of converters) {\n      const { key, defaultValue, required, converter } = options\n\n      if (required === true) {\n        if (!hasOwn(dictionary, key)) {\n          throw webidl.errors.exception({\n            header: 'Dictionary',\n            message: `Missing required key \"${key}\".`\n          })\n        }\n      }\n\n      let value = dictionary[key]\n      const hasDefault = hasOwn(options, 'defaultValue')\n\n      // Only use defaultValue if value is undefined and\n      // a defaultValue options was provided.\n      if (hasDefault && value !== null) {\n        value = value ?? defaultValue\n      }\n\n      // A key can be optional and have no default value.\n      // When this happens, do not perform a conversion,\n      // and do not assign the key a value.\n      if (required || hasDefault || value !== undefined) {\n        value = converter(value)\n\n        if (\n          options.allowedValues &&\n          !options.allowedValues.includes(value)\n        ) {\n          throw webidl.errors.exception({\n            header: 'Dictionary',\n            message: `${value} is not an accepted type. Expected one of ${options.allowedValues.join(', ')}.`\n          })\n        }\n\n        dict[key] = value\n      }\n    }\n\n    return dict\n  }\n}\n\nwebidl.nullableConverter = function (converter) {\n  return (V) => {\n    if (V === null) {\n      return V\n    }\n\n    return converter(V)\n  }\n}\n\n// https://webidl.spec.whatwg.org/#es-DOMString\nwebidl.converters.DOMString = function (V, opts = {}) {\n  // 1. If V is null and the conversion is to an IDL type\n  //    associated with the [LegacyNullToEmptyString]\n  //    extended attribute, then return the DOMString value\n  //    that represents the empty string.\n  if (V === null && opts.legacyNullToEmptyString) {\n    return ''\n  }\n\n  // 2. Let x be ? ToString(V).\n  if (typeof V === 'symbol') {\n    throw new TypeError('Could not convert argument of type symbol to string.')\n  }\n\n  // 3. Return the IDL DOMString value that represents the\n  //    same sequence of code units as the one the\n  //    ECMAScript String value x represents.\n  return String(V)\n}\n\n// https://webidl.spec.whatwg.org/#es-ByteString\nwebidl.converters.ByteString = function (V) {\n  // 1. Let x be ? ToString(V).\n  // Note: DOMString converter perform ? ToString(V)\n  const x = webidl.converters.DOMString(V)\n\n  // 2. If the value of any element of x is greater than\n  //    255, then throw a TypeError.\n  for (let index = 0; index < x.length; index++) {\n    if (x.charCodeAt(index) > 255) {\n      throw new TypeError(\n        'Cannot convert argument to a ByteString because the character at ' +\n        `index ${index} has a value of ${x.charCodeAt(index)} which is greater than 255.`\n      )\n    }\n  }\n\n  // 3. Return an IDL ByteString value whose length is the\n  //    length of x, and where the value of each element is\n  //    the value of the corresponding element of x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#es-USVString\nwebidl.converters.USVString = toUSVString\n\n// https://webidl.spec.whatwg.org/#es-boolean\nwebidl.converters.boolean = function (V) {\n  // 1. Let x be the result of computing ToBoolean(V).\n  const x = Boolean(V)\n\n  // 2. Return the IDL boolean value that is the one that represents\n  //    the same truth value as the ECMAScript Boolean value x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#es-any\nwebidl.converters.any = function (V) {\n  return V\n}\n\n// https://webidl.spec.whatwg.org/#es-long-long\nwebidl.converters['long long'] = function (V) {\n  // 1. Let x be ? ConvertToInt(V, 64, \"signed\").\n  const x = webidl.util.ConvertToInt(V, 64, 'signed')\n\n  // 2. Return the IDL long long value that represents\n  //    the same numeric value as x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#es-unsigned-long-long\nwebidl.converters['unsigned long long'] = function (V) {\n  // 1. Let x be ? ConvertToInt(V, 64, \"unsigned\").\n  const x = webidl.util.ConvertToInt(V, 64, 'unsigned')\n\n  // 2. Return the IDL unsigned long long value that\n  //    represents the same numeric value as x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#es-unsigned-long\nwebidl.converters['unsigned long'] = function (V) {\n  // 1. Let x be ? ConvertToInt(V, 32, \"unsigned\").\n  const x = webidl.util.ConvertToInt(V, 32, 'unsigned')\n\n  // 2. Return the IDL unsigned long value that\n  //    represents the same numeric value as x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#es-unsigned-short\nwebidl.converters['unsigned short'] = function (V, opts) {\n  // 1. Let x be ? ConvertToInt(V, 16, \"unsigned\").\n  const x = webidl.util.ConvertToInt(V, 16, 'unsigned', opts)\n\n  // 2. Return the IDL unsigned short value that represents\n  //    the same numeric value as x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#idl-ArrayBuffer\nwebidl.converters.ArrayBuffer = function (V, opts = {}) {\n  // 1. If Type(V) is not Object, or V does not have an\n  //    [[ArrayBufferData]] internal slot, then throw a\n  //    TypeError.\n  // see: https://tc39.es/ecma262/#sec-properties-of-the-arraybuffer-instances\n  // see: https://tc39.es/ecma262/#sec-properties-of-the-sharedarraybuffer-instances\n  if (\n    webidl.util.Type(V) !== 'Object' ||\n    !types.isAnyArrayBuffer(V)\n  ) {\n    throw webidl.errors.conversionFailed({\n      prefix: `${V}`,\n      argument: `${V}`,\n      types: ['ArrayBuffer']\n    })\n  }\n\n  // 2. If the conversion is not to an IDL type associated\n  //    with the [AllowShared] extended attribute, and\n  //    IsSharedArrayBuffer(V) is true, then throw a\n  //    TypeError.\n  if (opts.allowShared === false && types.isSharedArrayBuffer(V)) {\n    throw webidl.errors.exception({\n      header: 'ArrayBuffer',\n      message: 'SharedArrayBuffer is not allowed.'\n    })\n  }\n\n  // 3. If the conversion is not to an IDL type associated\n  //    with the [AllowResizable] extended attribute, and\n  //    IsResizableArrayBuffer(V) is true, then throw a\n  //    TypeError.\n  // Note: resizable ArrayBuffers are currently a proposal.\n\n  // 4. Return the IDL ArrayBuffer value that is a\n  //    reference to the same object as V.\n  return V\n}\n\nwebidl.converters.TypedArray = function (V, T, opts = {}) {\n  // 1. Let T be the IDL type V is being converted to.\n\n  // 2. If Type(V) is not Object, or V does not have a\n  //    [[TypedArrayName]] internal slot with a value\n  //    equal to T’s name, then throw a TypeError.\n  if (\n    webidl.util.Type(V) !== 'Object' ||\n    !types.isTypedArray(V) ||\n    V.constructor.name !== T.name\n  ) {\n    throw webidl.errors.conversionFailed({\n      prefix: `${T.name}`,\n      argument: `${V}`,\n      types: [T.name]\n    })\n  }\n\n  // 3. If the conversion is not to an IDL type associated\n  //    with the [AllowShared] extended attribute, and\n  //    IsSharedArrayBuffer(V.[[ViewedArrayBuffer]]) is\n  //    true, then throw a TypeError.\n  if (opts.allowShared === false && types.isSharedArrayBuffer(V.buffer)) {\n    throw webidl.errors.exception({\n      header: 'ArrayBuffer',\n      message: 'SharedArrayBuffer is not allowed.'\n    })\n  }\n\n  // 4. If the conversion is not to an IDL type associated\n  //    with the [AllowResizable] extended attribute, and\n  //    IsResizableArrayBuffer(V.[[ViewedArrayBuffer]]) is\n  //    true, then throw a TypeError.\n  // Note: resizable array buffers are currently a proposal\n\n  // 5. Return the IDL value of type T that is a reference\n  //    to the same object as V.\n  return V\n}\n\nwebidl.converters.DataView = function (V, opts = {}) {\n  // 1. If Type(V) is not Object, or V does not have a\n  //    [[DataView]] internal slot, then throw a TypeError.\n  if (webidl.util.Type(V) !== 'Object' || !types.isDataView(V)) {\n    throw webidl.errors.exception({\n      header: 'DataView',\n      message: 'Object is not a DataView.'\n    })\n  }\n\n  // 2. If the conversion is not to an IDL type associated\n  //    with the [AllowShared] extended attribute, and\n  //    IsSharedArrayBuffer(V.[[ViewedArrayBuffer]]) is true,\n  //    then throw a TypeError.\n  if (opts.allowShared === false && types.isSharedArrayBuffer(V.buffer)) {\n    throw webidl.errors.exception({\n      header: 'ArrayBuffer',\n      message: 'SharedArrayBuffer is not allowed.'\n    })\n  }\n\n  // 3. If the conversion is not to an IDL type associated\n  //    with the [AllowResizable] extended attribute, and\n  //    IsResizableArrayBuffer(V.[[ViewedArrayBuffer]]) is\n  //    true, then throw a TypeError.\n  // Note: resizable ArrayBuffers are currently a proposal\n\n  // 4. Return the IDL DataView value that is a reference\n  //    to the same object as V.\n  return V\n}\n\n// https://webidl.spec.whatwg.org/#BufferSource\nwebidl.converters.BufferSource = function (V, opts = {}) {\n  if (types.isAnyArrayBuffer(V)) {\n    return webidl.converters.ArrayBuffer(V, opts)\n  }\n\n  if (types.isTypedArray(V)) {\n    return webidl.converters.TypedArray(V, V.constructor)\n  }\n\n  if (types.isDataView(V)) {\n    return webidl.converters.DataView(V, opts)\n  }\n\n  throw new TypeError(`Could not convert ${V} to a BufferSource.`)\n}\n\nwebidl.converters['sequence<ByteString>'] = webidl.sequenceConverter(\n  webidl.converters.ByteString\n)\n\nwebidl.converters['sequence<sequence<ByteString>>'] = webidl.sequenceConverter(\n  webidl.converters['sequence<ByteString>']\n)\n\nwebidl.converters['record<ByteString, ByteString>'] = webidl.recordConverter(\n  webidl.converters.ByteString,\n  webidl.converters.ByteString\n)\n\nmodule.exports = {\n  webidl\n}\n","'use strict'\n\n/**\n * @see https://encoding.spec.whatwg.org/#concept-encoding-get\n * @param {string|undefined} label\n */\nfunction getEncoding (label) {\n  if (!label) {\n    return 'failure'\n  }\n\n  // 1. Remove any leading and trailing ASCII whitespace from label.\n  // 2. If label is an ASCII case-insensitive match for any of the\n  //    labels listed in the table below, then return the\n  //    corresponding encoding; otherwise return failure.\n  switch (label.trim().toLowerCase()) {\n    case 'unicode-1-1-utf-8':\n    case 'unicode11utf8':\n    case 'unicode20utf8':\n    case 'utf-8':\n    case 'utf8':\n    case 'x-unicode20utf8':\n      return 'UTF-8'\n    case '866':\n    case 'cp866':\n    case 'csibm866':\n    case 'ibm866':\n      return 'IBM866'\n    case 'csisolatin2':\n    case 'iso-8859-2':\n    case 'iso-ir-101':\n    case 'iso8859-2':\n    case 'iso88592':\n    case 'iso_8859-2':\n    case 'iso_8859-2:1987':\n    case 'l2':\n    case 'latin2':\n      return 'ISO-8859-2'\n    case 'csisolatin3':\n    case 'iso-8859-3':\n    case 'iso-ir-109':\n    case 'iso8859-3':\n    case 'iso88593':\n    case 'iso_8859-3':\n    case 'iso_8859-3:1988':\n    case 'l3':\n    case 'latin3':\n      return 'ISO-8859-3'\n    case 'csisolatin4':\n    case 'iso-8859-4':\n    case 'iso-ir-110':\n    case 'iso8859-4':\n    case 'iso88594':\n    case 'iso_8859-4':\n    case 'iso_8859-4:1988':\n    case 'l4':\n    case 'latin4':\n      return 'ISO-8859-4'\n    case 'csisolatincyrillic':\n    case 'cyrillic':\n    case 'iso-8859-5':\n    case 'iso-ir-144':\n    case 'iso8859-5':\n    case 'iso88595':\n    case 'iso_8859-5':\n    case 'iso_8859-5:1988':\n      return 'ISO-8859-5'\n    case 'arabic':\n    case 'asmo-708':\n    case 'csiso88596e':\n    case 'csiso88596i':\n    case 'csisolatinarabic':\n    case 'ecma-114':\n    case 'iso-8859-6':\n    case 'iso-8859-6-e':\n    case 'iso-8859-6-i':\n    case 'iso-ir-127':\n    case 'iso8859-6':\n    case 'iso88596':\n    case 'iso_8859-6':\n    case 'iso_8859-6:1987':\n      return 'ISO-8859-6'\n    case 'csisolatingreek':\n    case 'ecma-118':\n    case 'elot_928':\n    case 'greek':\n    case 'greek8':\n    case 'iso-8859-7':\n    case 'iso-ir-126':\n    case 'iso8859-7':\n    case 'iso88597':\n    case 'iso_8859-7':\n    case 'iso_8859-7:1987':\n    case 'sun_eu_greek':\n      return 'ISO-8859-7'\n    case 'csiso88598e':\n    case 'csisolatinhebrew':\n    case 'hebrew':\n    case 'iso-8859-8':\n    case 'iso-8859-8-e':\n    case 'iso-ir-138':\n    case 'iso8859-8':\n    case 'iso88598':\n    case 'iso_8859-8':\n    case 'iso_8859-8:1988':\n    case 'visual':\n      return 'ISO-8859-8'\n    case 'csiso88598i':\n    case 'iso-8859-8-i':\n    case 'logical':\n      return 'ISO-8859-8-I'\n    case 'csisolatin6':\n    case 'iso-8859-10':\n    case 'iso-ir-157':\n    case 'iso8859-10':\n    case 'iso885910':\n    case 'l6':\n    case 'latin6':\n      return 'ISO-8859-10'\n    case 'iso-8859-13':\n    case 'iso8859-13':\n    case 'iso885913':\n      return 'ISO-8859-13'\n    case 'iso-8859-14':\n    case 'iso8859-14':\n    case 'iso885914':\n      return 'ISO-8859-14'\n    case 'csisolatin9':\n    case 'iso-8859-15':\n    case 'iso8859-15':\n    case 'iso885915':\n    case 'iso_8859-15':\n    case 'l9':\n      return 'ISO-8859-15'\n    case 'iso-8859-16':\n      return 'ISO-8859-16'\n    case 'cskoi8r':\n    case 'koi':\n    case 'koi8':\n    case 'koi8-r':\n    case 'koi8_r':\n      return 'KOI8-R'\n    case 'koi8-ru':\n    case 'koi8-u':\n      return 'KOI8-U'\n    case 'csmacintosh':\n    case 'mac':\n    case 'macintosh':\n    case 'x-mac-roman':\n      return 'macintosh'\n    case 'iso-8859-11':\n    case 'iso8859-11':\n    case 'iso885911':\n    case 'tis-620':\n    case 'windows-874':\n      return 'windows-874'\n    case 'cp1250':\n    case 'windows-1250':\n    case 'x-cp1250':\n      return 'windows-1250'\n    case 'cp1251':\n    case 'windows-1251':\n    case 'x-cp1251':\n      return 'windows-1251'\n    case 'ansi_x3.4-1968':\n    case 'ascii':\n    case 'cp1252':\n    case 'cp819':\n    case 'csisolatin1':\n    case 'ibm819':\n    case 'iso-8859-1':\n    case 'iso-ir-100':\n    case 'iso8859-1':\n    case 'iso88591':\n    case 'iso_8859-1':\n    case 'iso_8859-1:1987':\n    case 'l1':\n    case 'latin1':\n    case 'us-ascii':\n    case 'windows-1252':\n    case 'x-cp1252':\n      return 'windows-1252'\n    case 'cp1253':\n    case 'windows-1253':\n    case 'x-cp1253':\n      return 'windows-1253'\n    case 'cp1254':\n    case 'csisolatin5':\n    case 'iso-8859-9':\n    case 'iso-ir-148':\n    case 'iso8859-9':\n    case 'iso88599':\n    case 'iso_8859-9':\n    case 'iso_8859-9:1989':\n    case 'l5':\n    case 'latin5':\n    case 'windows-1254':\n    case 'x-cp1254':\n      return 'windows-1254'\n    case 'cp1255':\n    case 'windows-1255':\n    case 'x-cp1255':\n      return 'windows-1255'\n    case 'cp1256':\n    case 'windows-1256':\n    case 'x-cp1256':\n      return 'windows-1256'\n    case 'cp1257':\n    case 'windows-1257':\n    case 'x-cp1257':\n      return 'windows-1257'\n    case 'cp1258':\n    case 'windows-1258':\n    case 'x-cp1258':\n      return 'windows-1258'\n    case 'x-mac-cyrillic':\n    case 'x-mac-ukrainian':\n      return 'x-mac-cyrillic'\n    case 'chinese':\n    case 'csgb2312':\n    case 'csiso58gb231280':\n    case 'gb2312':\n    case 'gb_2312':\n    case 'gb_2312-80':\n    case 'gbk':\n    case 'iso-ir-58':\n    case 'x-gbk':\n      return 'GBK'\n    case 'gb18030':\n      return 'gb18030'\n    case 'big5':\n    case 'big5-hkscs':\n    case 'cn-big5':\n    case 'csbig5':\n    case 'x-x-big5':\n      return 'Big5'\n    case 'cseucpkdfmtjapanese':\n    case 'euc-jp':\n    case 'x-euc-jp':\n      return 'EUC-JP'\n    case 'csiso2022jp':\n    case 'iso-2022-jp':\n      return 'ISO-2022-JP'\n    case 'csshiftjis':\n    case 'ms932':\n    case 'ms_kanji':\n    case 'shift-jis':\n    case 'shift_jis':\n    case 'sjis':\n    case 'windows-31j':\n    case 'x-sjis':\n      return 'Shift_JIS'\n    case 'cseuckr':\n    case 'csksc56011987':\n    case 'euc-kr':\n    case 'iso-ir-149':\n    case 'korean':\n    case 'ks_c_5601-1987':\n    case 'ks_c_5601-1989':\n    case 'ksc5601':\n    case 'ksc_5601':\n    case 'windows-949':\n      return 'EUC-KR'\n    case 'csiso2022kr':\n    case 'hz-gb-2312':\n    case 'iso-2022-cn':\n    case 'iso-2022-cn-ext':\n    case 'iso-2022-kr':\n    case 'replacement':\n      return 'replacement'\n    case 'unicodefffe':\n    case 'utf-16be':\n      return 'UTF-16BE'\n    case 'csunicode':\n    case 'iso-10646-ucs-2':\n    case 'ucs-2':\n    case 'unicode':\n    case 'unicodefeff':\n    case 'utf-16':\n    case 'utf-16le':\n      return 'UTF-16LE'\n    case 'x-user-defined':\n      return 'x-user-defined'\n    default: return 'failure'\n  }\n}\n\nmodule.exports = {\n  getEncoding\n}\n","'use strict'\n\nconst {\n  staticPropertyDescriptors,\n  readOperation,\n  fireAProgressEvent\n} = require('./util')\nconst {\n  kState,\n  kError,\n  kResult,\n  kEvents,\n  kAborted\n} = require('./symbols')\nconst { webidl } = require('../fetch/webidl')\nconst { kEnumerableProperty } = require('../core/util')\n\nclass FileReader extends EventTarget {\n  constructor () {\n    super()\n\n    this[kState] = 'empty'\n    this[kResult] = null\n    this[kError] = null\n    this[kEvents] = {\n      loadend: null,\n      error: null,\n      abort: null,\n      load: null,\n      progress: null,\n      loadstart: null\n    }\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dfn-readAsArrayBuffer\n   * @param {import('buffer').Blob} blob\n   */\n  readAsArrayBuffer (blob) {\n    webidl.brandCheck(this, FileReader)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FileReader.readAsArrayBuffer' })\n\n    blob = webidl.converters.Blob(blob, { strict: false })\n\n    // The readAsArrayBuffer(blob) method, when invoked,\n    // must initiate a read operation for blob with ArrayBuffer.\n    readOperation(this, blob, 'ArrayBuffer')\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#readAsBinaryString\n   * @param {import('buffer').Blob} blob\n   */\n  readAsBinaryString (blob) {\n    webidl.brandCheck(this, FileReader)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FileReader.readAsBinaryString' })\n\n    blob = webidl.converters.Blob(blob, { strict: false })\n\n    // The readAsBinaryString(blob) method, when invoked,\n    // must initiate a read operation for blob with BinaryString.\n    readOperation(this, blob, 'BinaryString')\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#readAsDataText\n   * @param {import('buffer').Blob} blob\n   * @param {string?} encoding\n   */\n  readAsText (blob, encoding = undefined) {\n    webidl.brandCheck(this, FileReader)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FileReader.readAsText' })\n\n    blob = webidl.converters.Blob(blob, { strict: false })\n\n    if (encoding !== undefined) {\n      encoding = webidl.converters.DOMString(encoding)\n    }\n\n    // The readAsText(blob, encoding) method, when invoked,\n    // must initiate a read operation for blob with Text and encoding.\n    readOperation(this, blob, 'Text', encoding)\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dfn-readAsDataURL\n   * @param {import('buffer').Blob} blob\n   */\n  readAsDataURL (blob) {\n    webidl.brandCheck(this, FileReader)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FileReader.readAsDataURL' })\n\n    blob = webidl.converters.Blob(blob, { strict: false })\n\n    // The readAsDataURL(blob) method, when invoked, must\n    // initiate a read operation for blob with DataURL.\n    readOperation(this, blob, 'DataURL')\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dfn-abort\n   */\n  abort () {\n    // 1. If this's state is \"empty\" or if this's state is\n    //    \"done\" set this's result to null and terminate\n    //    this algorithm.\n    if (this[kState] === 'empty' || this[kState] === 'done') {\n      this[kResult] = null\n      return\n    }\n\n    // 2. If this's state is \"loading\" set this's state to\n    //    \"done\" and set this's result to null.\n    if (this[kState] === 'loading') {\n      this[kState] = 'done'\n      this[kResult] = null\n    }\n\n    // 3. If there are any tasks from this on the file reading\n    //    task source in an affiliated task queue, then remove\n    //    those tasks from that task queue.\n    this[kAborted] = true\n\n    // 4. Terminate the algorithm for the read method being processed.\n    // TODO\n\n    // 5. Fire a progress event called abort at this.\n    fireAProgressEvent('abort', this)\n\n    // 6. If this's state is not \"loading\", fire a progress\n    //    event called loadend at this.\n    if (this[kState] !== 'loading') {\n      fireAProgressEvent('loadend', this)\n    }\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dom-filereader-readystate\n   */\n  get readyState () {\n    webidl.brandCheck(this, FileReader)\n\n    switch (this[kState]) {\n      case 'empty': return this.EMPTY\n      case 'loading': return this.LOADING\n      case 'done': return this.DONE\n    }\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dom-filereader-result\n   */\n  get result () {\n    webidl.brandCheck(this, FileReader)\n\n    // The result attribute’s getter, when invoked, must return\n    // this's result.\n    return this[kResult]\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dom-filereader-error\n   */\n  get error () {\n    webidl.brandCheck(this, FileReader)\n\n    // The error attribute’s getter, when invoked, must return\n    // this's error.\n    return this[kError]\n  }\n\n  get onloadend () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].loadend\n  }\n\n  set onloadend (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].loadend) {\n      this.removeEventListener('loadend', this[kEvents].loadend)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].loadend = fn\n      this.addEventListener('loadend', fn)\n    } else {\n      this[kEvents].loadend = null\n    }\n  }\n\n  get onerror () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].error\n  }\n\n  set onerror (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].error) {\n      this.removeEventListener('error', this[kEvents].error)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].error = fn\n      this.addEventListener('error', fn)\n    } else {\n      this[kEvents].error = null\n    }\n  }\n\n  get onloadstart () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].loadstart\n  }\n\n  set onloadstart (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].loadstart) {\n      this.removeEventListener('loadstart', this[kEvents].loadstart)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].loadstart = fn\n      this.addEventListener('loadstart', fn)\n    } else {\n      this[kEvents].loadstart = null\n    }\n  }\n\n  get onprogress () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].progress\n  }\n\n  set onprogress (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].progress) {\n      this.removeEventListener('progress', this[kEvents].progress)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].progress = fn\n      this.addEventListener('progress', fn)\n    } else {\n      this[kEvents].progress = null\n    }\n  }\n\n  get onload () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].load\n  }\n\n  set onload (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].load) {\n      this.removeEventListener('load', this[kEvents].load)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].load = fn\n      this.addEventListener('load', fn)\n    } else {\n      this[kEvents].load = null\n    }\n  }\n\n  get onabort () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].abort\n  }\n\n  set onabort (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].abort) {\n      this.removeEventListener('abort', this[kEvents].abort)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].abort = fn\n      this.addEventListener('abort', fn)\n    } else {\n      this[kEvents].abort = null\n    }\n  }\n}\n\n// https://w3c.github.io/FileAPI/#dom-filereader-empty\nFileReader.EMPTY = FileReader.prototype.EMPTY = 0\n// https://w3c.github.io/FileAPI/#dom-filereader-loading\nFileReader.LOADING = FileReader.prototype.LOADING = 1\n// https://w3c.github.io/FileAPI/#dom-filereader-done\nFileReader.DONE = FileReader.prototype.DONE = 2\n\nObject.defineProperties(FileReader.prototype, {\n  EMPTY: staticPropertyDescriptors,\n  LOADING: staticPropertyDescriptors,\n  DONE: staticPropertyDescriptors,\n  readAsArrayBuffer: kEnumerableProperty,\n  readAsBinaryString: kEnumerableProperty,\n  readAsText: kEnumerableProperty,\n  readAsDataURL: kEnumerableProperty,\n  abort: kEnumerableProperty,\n  readyState: kEnumerableProperty,\n  result: kEnumerableProperty,\n  error: kEnumerableProperty,\n  onloadstart: kEnumerableProperty,\n  onprogress: kEnumerableProperty,\n  onload: kEnumerableProperty,\n  onabort: kEnumerableProperty,\n  onerror: kEnumerableProperty,\n  onloadend: kEnumerableProperty,\n  [Symbol.toStringTag]: {\n    value: 'FileReader',\n    writable: false,\n    enumerable: false,\n    configurable: true\n  }\n})\n\nObject.defineProperties(FileReader, {\n  EMPTY: staticPropertyDescriptors,\n  LOADING: staticPropertyDescriptors,\n  DONE: staticPropertyDescriptors\n})\n\nmodule.exports = {\n  FileReader\n}\n","'use strict'\n\nconst { webidl } = require('../fetch/webidl')\n\nconst kState = Symbol('ProgressEvent state')\n\n/**\n * @see https://xhr.spec.whatwg.org/#progressevent\n */\nclass ProgressEvent extends Event {\n  constructor (type, eventInitDict = {}) {\n    type = webidl.converters.DOMString(type)\n    eventInitDict = webidl.converters.ProgressEventInit(eventInitDict ?? {})\n\n    super(type, eventInitDict)\n\n    this[kState] = {\n      lengthComputable: eventInitDict.lengthComputable,\n      loaded: eventInitDict.loaded,\n      total: eventInitDict.total\n    }\n  }\n\n  get lengthComputable () {\n    webidl.brandCheck(this, ProgressEvent)\n\n    return this[kState].lengthComputable\n  }\n\n  get loaded () {\n    webidl.brandCheck(this, ProgressEvent)\n\n    return this[kState].loaded\n  }\n\n  get total () {\n    webidl.brandCheck(this, ProgressEvent)\n\n    return this[kState].total\n  }\n}\n\nwebidl.converters.ProgressEventInit = webidl.dictionaryConverter([\n  {\n    key: 'lengthComputable',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'loaded',\n    converter: webidl.converters['unsigned long long'],\n    defaultValue: 0\n  },\n  {\n    key: 'total',\n    converter: webidl.converters['unsigned long long'],\n    defaultValue: 0\n  },\n  {\n    key: 'bubbles',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'cancelable',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'composed',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  }\n])\n\nmodule.exports = {\n  ProgressEvent\n}\n","'use strict'\n\nmodule.exports = {\n  kState: Symbol('FileReader state'),\n  kResult: Symbol('FileReader result'),\n  kError: Symbol('FileReader error'),\n  kLastProgressEventFired: Symbol('FileReader last progress event fired timestamp'),\n  kEvents: Symbol('FileReader events'),\n  kAborted: Symbol('FileReader aborted')\n}\n","'use strict'\n\nconst {\n  kState,\n  kError,\n  kResult,\n  kAborted,\n  kLastProgressEventFired\n} = require('./symbols')\nconst { ProgressEvent } = require('./progressevent')\nconst { getEncoding } = require('./encoding')\nconst { DOMException } = require('../fetch/constants')\nconst { serializeAMimeType, parseMIMEType } = require('../fetch/dataURL')\nconst { types } = require('util')\nconst { StringDecoder } = require('string_decoder')\nconst { btoa } = require('buffer')\n\n/** @type {PropertyDescriptor} */\nconst staticPropertyDescriptors = {\n  enumerable: true,\n  writable: false,\n  configurable: false\n}\n\n/**\n * @see https://w3c.github.io/FileAPI/#readOperation\n * @param {import('./filereader').FileReader} fr\n * @param {import('buffer').Blob} blob\n * @param {string} type\n * @param {string?} encodingName\n */\nfunction readOperation (fr, blob, type, encodingName) {\n  // 1. If fr’s state is \"loading\", throw an InvalidStateError\n  //    DOMException.\n  if (fr[kState] === 'loading') {\n    throw new DOMException('Invalid state', 'InvalidStateError')\n  }\n\n  // 2. Set fr’s state to \"loading\".\n  fr[kState] = 'loading'\n\n  // 3. Set fr’s result to null.\n  fr[kResult] = null\n\n  // 4. Set fr’s error to null.\n  fr[kError] = null\n\n  // 5. Let stream be the result of calling get stream on blob.\n  /** @type {import('stream/web').ReadableStream} */\n  const stream = blob.stream()\n\n  // 6. Let reader be the result of getting a reader from stream.\n  const reader = stream.getReader()\n\n  // 7. Let bytes be an empty byte sequence.\n  /** @type {Uint8Array[]} */\n  const bytes = []\n\n  // 8. Let chunkPromise be the result of reading a chunk from\n  //    stream with reader.\n  let chunkPromise = reader.read()\n\n  // 9. Let isFirstChunk be true.\n  let isFirstChunk = true\n\n  // 10. In parallel, while true:\n  // Note: \"In parallel\" just means non-blocking\n  // Note 2: readOperation itself cannot be async as double\n  // reading the body would then reject the promise, instead\n  // of throwing an error.\n  ;(async () => {\n    while (!fr[kAborted]) {\n      // 1. Wait for chunkPromise to be fulfilled or rejected.\n      try {\n        const { done, value } = await chunkPromise\n\n        // 2. If chunkPromise is fulfilled, and isFirstChunk is\n        //    true, queue a task to fire a progress event called\n        //    loadstart at fr.\n        if (isFirstChunk && !fr[kAborted]) {\n          queueMicrotask(() => {\n            fireAProgressEvent('loadstart', fr)\n          })\n        }\n\n        // 3. Set isFirstChunk to false.\n        isFirstChunk = false\n\n        // 4. If chunkPromise is fulfilled with an object whose\n        //    done property is false and whose value property is\n        //    a Uint8Array object, run these steps:\n        if (!done && types.isUint8Array(value)) {\n          // 1. Let bs be the byte sequence represented by the\n          //    Uint8Array object.\n\n          // 2. Append bs to bytes.\n          bytes.push(value)\n\n          // 3. If roughly 50ms have passed since these steps\n          //    were last invoked, queue a task to fire a\n          //    progress event called progress at fr.\n          if (\n            (\n              fr[kLastProgressEventFired] === undefined ||\n              Date.now() - fr[kLastProgressEventFired] >= 50\n            ) &&\n            !fr[kAborted]\n          ) {\n            fr[kLastProgressEventFired] = Date.now()\n            queueMicrotask(() => {\n              fireAProgressEvent('progress', fr)\n            })\n          }\n\n          // 4. Set chunkPromise to the result of reading a\n          //    chunk from stream with reader.\n          chunkPromise = reader.read()\n        } else if (done) {\n          // 5. Otherwise, if chunkPromise is fulfilled with an\n          //    object whose done property is true, queue a task\n          //    to run the following steps and abort this algorithm:\n          queueMicrotask(() => {\n            // 1. Set fr’s state to \"done\".\n            fr[kState] = 'done'\n\n            // 2. Let result be the result of package data given\n            //    bytes, type, blob’s type, and encodingName.\n            try {\n              const result = packageData(bytes, type, blob.type, encodingName)\n\n              // 4. Else:\n\n              if (fr[kAborted]) {\n                return\n              }\n\n              // 1. Set fr’s result to result.\n              fr[kResult] = result\n\n              // 2. Fire a progress event called load at the fr.\n              fireAProgressEvent('load', fr)\n            } catch (error) {\n              // 3. If package data threw an exception error:\n\n              // 1. Set fr’s error to error.\n              fr[kError] = error\n\n              // 2. Fire a progress event called error at fr.\n              fireAProgressEvent('error', fr)\n            }\n\n            // 5. If fr’s state is not \"loading\", fire a progress\n            //    event called loadend at the fr.\n            if (fr[kState] !== 'loading') {\n              fireAProgressEvent('loadend', fr)\n            }\n          })\n\n          break\n        }\n      } catch (error) {\n        if (fr[kAborted]) {\n          return\n        }\n\n        // 6. Otherwise, if chunkPromise is rejected with an\n        //    error error, queue a task to run the following\n        //    steps and abort this algorithm:\n        queueMicrotask(() => {\n          // 1. Set fr’s state to \"done\".\n          fr[kState] = 'done'\n\n          // 2. Set fr’s error to error.\n          fr[kError] = error\n\n          // 3. Fire a progress event called error at fr.\n          fireAProgressEvent('error', fr)\n\n          // 4. If fr’s state is not \"loading\", fire a progress\n          //    event called loadend at fr.\n          if (fr[kState] !== 'loading') {\n            fireAProgressEvent('loadend', fr)\n          }\n        })\n\n        break\n      }\n    }\n  })()\n}\n\n/**\n * @see https://w3c.github.io/FileAPI/#fire-a-progress-event\n * @see https://dom.spec.whatwg.org/#concept-event-fire\n * @param {string} e The name of the event\n * @param {import('./filereader').FileReader} reader\n */\nfunction fireAProgressEvent (e, reader) {\n  // The progress event e does not bubble. e.bubbles must be false\n  // The progress event e is NOT cancelable. e.cancelable must be false\n  const event = new ProgressEvent(e, {\n    bubbles: false,\n    cancelable: false\n  })\n\n  reader.dispatchEvent(event)\n}\n\n/**\n * @see https://w3c.github.io/FileAPI/#blob-package-data\n * @param {Uint8Array[]} bytes\n * @param {string} type\n * @param {string?} mimeType\n * @param {string?} encodingName\n */\nfunction packageData (bytes, type, mimeType, encodingName) {\n  // 1. A Blob has an associated package data algorithm, given\n  //    bytes, a type, a optional mimeType, and a optional\n  //    encodingName, which switches on type and runs the\n  //    associated steps:\n\n  switch (type) {\n    case 'DataURL': {\n      // 1. Return bytes as a DataURL [RFC2397] subject to\n      //    the considerations below:\n      //  * Use mimeType as part of the Data URL if it is\n      //    available in keeping with the Data URL\n      //    specification [RFC2397].\n      //  * If mimeType is not available return a Data URL\n      //    without a media-type. [RFC2397].\n\n      // https://datatracker.ietf.org/doc/html/rfc2397#section-3\n      // dataurl    := \"data:\" [ mediatype ] [ \";base64\" ] \",\" data\n      // mediatype  := [ type \"/\" subtype ] *( \";\" parameter )\n      // data       := *urlchar\n      // parameter  := attribute \"=\" value\n      let dataURL = 'data:'\n\n      const parsed = parseMIMEType(mimeType || 'application/octet-stream')\n\n      if (parsed !== 'failure') {\n        dataURL += serializeAMimeType(parsed)\n      }\n\n      dataURL += ';base64,'\n\n      const decoder = new StringDecoder('latin1')\n\n      for (const chunk of bytes) {\n        dataURL += btoa(decoder.write(chunk))\n      }\n\n      dataURL += btoa(decoder.end())\n\n      return dataURL\n    }\n    case 'Text': {\n      // 1. Let encoding be failure\n      let encoding = 'failure'\n\n      // 2. If the encodingName is present, set encoding to the\n      //    result of getting an encoding from encodingName.\n      if (encodingName) {\n        encoding = getEncoding(encodingName)\n      }\n\n      // 3. If encoding is failure, and mimeType is present:\n      if (encoding === 'failure' && mimeType) {\n        // 1. Let type be the result of parse a MIME type\n        //    given mimeType.\n        const type = parseMIMEType(mimeType)\n\n        // 2. If type is not failure, set encoding to the result\n        //    of getting an encoding from type’s parameters[\"charset\"].\n        if (type !== 'failure') {\n          encoding = getEncoding(type.parameters.get('charset'))\n        }\n      }\n\n      // 4. If encoding is failure, then set encoding to UTF-8.\n      if (encoding === 'failure') {\n        encoding = 'UTF-8'\n      }\n\n      // 5. Decode bytes using fallback encoding encoding, and\n      //    return the result.\n      return decode(bytes, encoding)\n    }\n    case 'ArrayBuffer': {\n      // Return a new ArrayBuffer whose contents are bytes.\n      const sequence = combineByteSequences(bytes)\n\n      return sequence.buffer\n    }\n    case 'BinaryString': {\n      // Return bytes as a binary string, in which every byte\n      //  is represented by a code unit of equal value [0..255].\n      let binaryString = ''\n\n      const decoder = new StringDecoder('latin1')\n\n      for (const chunk of bytes) {\n        binaryString += decoder.write(chunk)\n      }\n\n      binaryString += decoder.end()\n\n      return binaryString\n    }\n  }\n}\n\n/**\n * @see https://encoding.spec.whatwg.org/#decode\n * @param {Uint8Array[]} ioQueue\n * @param {string} encoding\n */\nfunction decode (ioQueue, encoding) {\n  const bytes = combineByteSequences(ioQueue)\n\n  // 1. Let BOMEncoding be the result of BOM sniffing ioQueue.\n  const BOMEncoding = BOMSniffing(bytes)\n\n  let slice = 0\n\n  // 2. If BOMEncoding is non-null:\n  if (BOMEncoding !== null) {\n    // 1. Set encoding to BOMEncoding.\n    encoding = BOMEncoding\n\n    // 2. Read three bytes from ioQueue, if BOMEncoding is\n    //    UTF-8; otherwise read two bytes.\n    //    (Do nothing with those bytes.)\n    slice = BOMEncoding === 'UTF-8' ? 3 : 2\n  }\n\n  // 3. Process a queue with an instance of encoding’s\n  //    decoder, ioQueue, output, and \"replacement\".\n\n  // 4. Return output.\n\n  const sliced = bytes.slice(slice)\n  return new TextDecoder(encoding).decode(sliced)\n}\n\n/**\n * @see https://encoding.spec.whatwg.org/#bom-sniff\n * @param {Uint8Array} ioQueue\n */\nfunction BOMSniffing (ioQueue) {\n  // 1. Let BOM be the result of peeking 3 bytes from ioQueue,\n  //    converted to a byte sequence.\n  const [a, b, c] = ioQueue\n\n  // 2. For each of the rows in the table below, starting with\n  //    the first one and going down, if BOM starts with the\n  //    bytes given in the first column, then return the\n  //    encoding given in the cell in the second column of that\n  //    row. Otherwise, return null.\n  if (a === 0xEF && b === 0xBB && c === 0xBF) {\n    return 'UTF-8'\n  } else if (a === 0xFE && b === 0xFF) {\n    return 'UTF-16BE'\n  } else if (a === 0xFF && b === 0xFE) {\n    return 'UTF-16LE'\n  }\n\n  return null\n}\n\n/**\n * @param {Uint8Array[]} sequences\n */\nfunction combineByteSequences (sequences) {\n  const size = sequences.reduce((a, b) => {\n    return a + b.byteLength\n  }, 0)\n\n  let offset = 0\n\n  return sequences.reduce((a, b) => {\n    a.set(b, offset)\n    offset += b.byteLength\n    return a\n  }, new Uint8Array(size))\n}\n\nmodule.exports = {\n  staticPropertyDescriptors,\n  readOperation,\n  fireAProgressEvent\n}\n","'use strict'\n\n// We include a version number for the Dispatcher API. In case of breaking changes,\n// this version number must be increased to avoid conflicts.\nconst globalDispatcher = Symbol.for('undici.globalDispatcher.1')\nconst { InvalidArgumentError } = require('./core/errors')\nconst Agent = require('./agent')\n\nif (getGlobalDispatcher() === undefined) {\n  setGlobalDispatcher(new Agent())\n}\n\nfunction setGlobalDispatcher (agent) {\n  if (!agent || typeof agent.dispatch !== 'function') {\n    throw new InvalidArgumentError('Argument agent must implement Agent')\n  }\n  Object.defineProperty(globalThis, globalDispatcher, {\n    value: agent,\n    writable: true,\n    enumerable: false,\n    configurable: false\n  })\n}\n\nfunction getGlobalDispatcher () {\n  return globalThis[globalDispatcher]\n}\n\nmodule.exports = {\n  setGlobalDispatcher,\n  getGlobalDispatcher\n}\n","'use strict'\n\nmodule.exports = class DecoratorHandler {\n  constructor (handler) {\n    this.handler = handler\n  }\n\n  onConnect (...args) {\n    return this.handler.onConnect(...args)\n  }\n\n  onError (...args) {\n    return this.handler.onError(...args)\n  }\n\n  onUpgrade (...args) {\n    return this.handler.onUpgrade(...args)\n  }\n\n  onHeaders (...args) {\n    return this.handler.onHeaders(...args)\n  }\n\n  onData (...args) {\n    return this.handler.onData(...args)\n  }\n\n  onComplete (...args) {\n    return this.handler.onComplete(...args)\n  }\n\n  onBodySent (...args) {\n    return this.handler.onBodySent(...args)\n  }\n}\n","'use strict'\n\nconst util = require('../core/util')\nconst { kBodyUsed } = require('../core/symbols')\nconst assert = require('assert')\nconst { InvalidArgumentError } = require('../core/errors')\nconst EE = require('events')\n\nconst redirectableStatusCodes = [300, 301, 302, 303, 307, 308]\n\nconst kBody = Symbol('body')\n\nclass BodyAsyncIterable {\n  constructor (body) {\n    this[kBody] = body\n    this[kBodyUsed] = false\n  }\n\n  async * [Symbol.asyncIterator] () {\n    assert(!this[kBodyUsed], 'disturbed')\n    this[kBodyUsed] = true\n    yield * this[kBody]\n  }\n}\n\nclass RedirectHandler {\n  constructor (dispatch, maxRedirections, opts, handler) {\n    if (maxRedirections != null && (!Number.isInteger(maxRedirections) || maxRedirections < 0)) {\n      throw new InvalidArgumentError('maxRedirections must be a positive number')\n    }\n\n    util.validateHandler(handler, opts.method, opts.upgrade)\n\n    this.dispatch = dispatch\n    this.location = null\n    this.abort = null\n    this.opts = { ...opts, maxRedirections: 0 } // opts must be a copy\n    this.maxRedirections = maxRedirections\n    this.handler = handler\n    this.history = []\n\n    if (util.isStream(this.opts.body)) {\n      // TODO (fix): Provide some way for the user to cache the file to e.g. /tmp\n      // so that it can be dispatched again?\n      // TODO (fix): Do we need 100-expect support to provide a way to do this properly?\n      if (util.bodyLength(this.opts.body) === 0) {\n        this.opts.body\n          .on('data', function () {\n            assert(false)\n          })\n      }\n\n      if (typeof this.opts.body.readableDidRead !== 'boolean') {\n        this.opts.body[kBodyUsed] = false\n        EE.prototype.on.call(this.opts.body, 'data', function () {\n          this[kBodyUsed] = true\n        })\n      }\n    } else if (this.opts.body && typeof this.opts.body.pipeTo === 'function') {\n      // TODO (fix): We can't access ReadableStream internal state\n      // to determine whether or not it has been disturbed. This is just\n      // a workaround.\n      this.opts.body = new BodyAsyncIterable(this.opts.body)\n    } else if (\n      this.opts.body &&\n      typeof this.opts.body !== 'string' &&\n      !ArrayBuffer.isView(this.opts.body) &&\n      util.isIterable(this.opts.body)\n    ) {\n      // TODO: Should we allow re-using iterable if !this.opts.idempotent\n      // or through some other flag?\n      this.opts.body = new BodyAsyncIterable(this.opts.body)\n    }\n  }\n\n  onConnect (abort) {\n    this.abort = abort\n    this.handler.onConnect(abort, { history: this.history })\n  }\n\n  onUpgrade (statusCode, headers, socket) {\n    this.handler.onUpgrade(statusCode, headers, socket)\n  }\n\n  onError (error) {\n    this.handler.onError(error)\n  }\n\n  onHeaders (statusCode, headers, resume, statusText) {\n    this.location = this.history.length >= this.maxRedirections || util.isDisturbed(this.opts.body)\n      ? null\n      : parseLocation(statusCode, headers)\n\n    if (this.opts.origin) {\n      this.history.push(new URL(this.opts.path, this.opts.origin))\n    }\n\n    if (!this.location) {\n      return this.handler.onHeaders(statusCode, headers, resume, statusText)\n    }\n\n    const { origin, pathname, search } = util.parseURL(new URL(this.location, this.opts.origin && new URL(this.opts.path, this.opts.origin)))\n    const path = search ? `${pathname}${search}` : pathname\n\n    // Remove headers referring to the original URL.\n    // By default it is Host only, unless it's a 303 (see below), which removes also all Content-* headers.\n    // https://tools.ietf.org/html/rfc7231#section-6.4\n    this.opts.headers = cleanRequestHeaders(this.opts.headers, statusCode === 303, this.opts.origin !== origin)\n    this.opts.path = path\n    this.opts.origin = origin\n    this.opts.maxRedirections = 0\n    this.opts.query = null\n\n    // https://tools.ietf.org/html/rfc7231#section-6.4.4\n    // In case of HTTP 303, always replace method to be either HEAD or GET\n    if (statusCode === 303 && this.opts.method !== 'HEAD') {\n      this.opts.method = 'GET'\n      this.opts.body = null\n    }\n  }\n\n  onData (chunk) {\n    if (this.location) {\n      /*\n        https://tools.ietf.org/html/rfc7231#section-6.4\n\n        TLDR: undici always ignores 3xx response bodies.\n\n        Redirection is used to serve the requested resource from another URL, so it is assumes that\n        no body is generated (and thus can be ignored). Even though generating a body is not prohibited.\n\n        For status 301, 302, 303, 307 and 308 (the latter from RFC 7238), the specs mention that the body usually\n        (which means it's optional and not mandated) contain just an hyperlink to the value of\n        the Location response header, so the body can be ignored safely.\n\n        For status 300, which is \"Multiple Choices\", the spec mentions both generating a Location\n        response header AND a response body with the other possible location to follow.\n        Since the spec explicitily chooses not to specify a format for such body and leave it to\n        servers and browsers implementors, we ignore the body as there is no specified way to eventually parse it.\n      */\n    } else {\n      return this.handler.onData(chunk)\n    }\n  }\n\n  onComplete (trailers) {\n    if (this.location) {\n      /*\n        https://tools.ietf.org/html/rfc7231#section-6.4\n\n        TLDR: undici always ignores 3xx response trailers as they are not expected in case of redirections\n        and neither are useful if present.\n\n        See comment on onData method above for more detailed informations.\n      */\n\n      this.location = null\n      this.abort = null\n\n      this.dispatch(this.opts, this)\n    } else {\n      this.handler.onComplete(trailers)\n    }\n  }\n\n  onBodySent (chunk) {\n    if (this.handler.onBodySent) {\n      this.handler.onBodySent(chunk)\n    }\n  }\n}\n\nfunction parseLocation (statusCode, headers) {\n  if (redirectableStatusCodes.indexOf(statusCode) === -1) {\n    return null\n  }\n\n  for (let i = 0; i < headers.length; i += 2) {\n    if (headers[i].toString().toLowerCase() === 'location') {\n      return headers[i + 1]\n    }\n  }\n}\n\n// https://tools.ietf.org/html/rfc7231#section-6.4.4\nfunction shouldRemoveHeader (header, removeContent, unknownOrigin) {\n  if (header.length === 4) {\n    return util.headerNameToString(header) === 'host'\n  }\n  if (removeContent && util.headerNameToString(header).startsWith('content-')) {\n    return true\n  }\n  if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {\n    const name = util.headerNameToString(header)\n    return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'\n  }\n  return false\n}\n\n// https://tools.ietf.org/html/rfc7231#section-6.4\nfunction cleanRequestHeaders (headers, removeContent, unknownOrigin) {\n  const ret = []\n  if (Array.isArray(headers)) {\n    for (let i = 0; i < headers.length; i += 2) {\n      if (!shouldRemoveHeader(headers[i], removeContent, unknownOrigin)) {\n        ret.push(headers[i], headers[i + 1])\n      }\n    }\n  } else if (headers && typeof headers === 'object') {\n    for (const key of Object.keys(headers)) {\n      if (!shouldRemoveHeader(key, removeContent, unknownOrigin)) {\n        ret.push(key, headers[key])\n      }\n    }\n  } else {\n    assert(headers == null, 'headers must be an object or an array')\n  }\n  return ret\n}\n\nmodule.exports = RedirectHandler\n","const assert = require('assert')\n\nconst { kRetryHandlerDefaultRetry } = require('../core/symbols')\nconst { RequestRetryError } = require('../core/errors')\nconst { isDisturbed, parseHeaders, parseRangeHeader } = require('../core/util')\n\nfunction calculateRetryAfterHeader (retryAfter) {\n  const current = Date.now()\n  const diff = new Date(retryAfter).getTime() - current\n\n  return diff\n}\n\nclass RetryHandler {\n  constructor (opts, handlers) {\n    const { retryOptions, ...dispatchOpts } = opts\n    const {\n      // Retry scoped\n      retry: retryFn,\n      maxRetries,\n      maxTimeout,\n      minTimeout,\n      timeoutFactor,\n      // Response scoped\n      methods,\n      errorCodes,\n      retryAfter,\n      statusCodes\n    } = retryOptions ?? {}\n\n    this.dispatch = handlers.dispatch\n    this.handler = handlers.handler\n    this.opts = dispatchOpts\n    this.abort = null\n    this.aborted = false\n    this.retryOpts = {\n      retry: retryFn ?? RetryHandler[kRetryHandlerDefaultRetry],\n      retryAfter: retryAfter ?? true,\n      maxTimeout: maxTimeout ?? 30 * 1000, // 30s,\n      timeout: minTimeout ?? 500, // .5s\n      timeoutFactor: timeoutFactor ?? 2,\n      maxRetries: maxRetries ?? 5,\n      // What errors we should retry\n      methods: methods ?? ['GET', 'HEAD', 'OPTIONS', 'PUT', 'DELETE', 'TRACE'],\n      // Indicates which errors to retry\n      statusCodes: statusCodes ?? [500, 502, 503, 504, 429],\n      // List of errors to retry\n      errorCodes: errorCodes ?? [\n        'ECONNRESET',\n        'ECONNREFUSED',\n        'ENOTFOUND',\n        'ENETDOWN',\n        'ENETUNREACH',\n        'EHOSTDOWN',\n        'EHOSTUNREACH',\n        'EPIPE'\n      ]\n    }\n\n    this.retryCount = 0\n    this.start = 0\n    this.end = null\n    this.etag = null\n    this.resume = null\n\n    // Handle possible onConnect duplication\n    this.handler.onConnect(reason => {\n      this.aborted = true\n      if (this.abort) {\n        this.abort(reason)\n      } else {\n        this.reason = reason\n      }\n    })\n  }\n\n  onRequestSent () {\n    if (this.handler.onRequestSent) {\n      this.handler.onRequestSent()\n    }\n  }\n\n  onUpgrade (statusCode, headers, socket) {\n    if (this.handler.onUpgrade) {\n      this.handler.onUpgrade(statusCode, headers, socket)\n    }\n  }\n\n  onConnect (abort) {\n    if (this.aborted) {\n      abort(this.reason)\n    } else {\n      this.abort = abort\n    }\n  }\n\n  onBodySent (chunk) {\n    if (this.handler.onBodySent) return this.handler.onBodySent(chunk)\n  }\n\n  static [kRetryHandlerDefaultRetry] (err, { state, opts }, cb) {\n    const { statusCode, code, headers } = err\n    const { method, retryOptions } = opts\n    const {\n      maxRetries,\n      timeout,\n      maxTimeout,\n      timeoutFactor,\n      statusCodes,\n      errorCodes,\n      methods\n    } = retryOptions\n    let { counter, currentTimeout } = state\n\n    currentTimeout =\n      currentTimeout != null && currentTimeout > 0 ? currentTimeout : timeout\n\n    // Any code that is not a Undici's originated and allowed to retry\n    if (\n      code &&\n      code !== 'UND_ERR_REQ_RETRY' &&\n      code !== 'UND_ERR_SOCKET' &&\n      !errorCodes.includes(code)\n    ) {\n      cb(err)\n      return\n    }\n\n    // If a set of method are provided and the current method is not in the list\n    if (Array.isArray(methods) && !methods.includes(method)) {\n      cb(err)\n      return\n    }\n\n    // If a set of status code are provided and the current status code is not in the list\n    if (\n      statusCode != null &&\n      Array.isArray(statusCodes) &&\n      !statusCodes.includes(statusCode)\n    ) {\n      cb(err)\n      return\n    }\n\n    // If we reached the max number of retries\n    if (counter > maxRetries) {\n      cb(err)\n      return\n    }\n\n    let retryAfterHeader = headers != null && headers['retry-after']\n    if (retryAfterHeader) {\n      retryAfterHeader = Number(retryAfterHeader)\n      retryAfterHeader = isNaN(retryAfterHeader)\n        ? calculateRetryAfterHeader(retryAfterHeader)\n        : retryAfterHeader * 1e3 // Retry-After is in seconds\n    }\n\n    const retryTimeout =\n      retryAfterHeader > 0\n        ? Math.min(retryAfterHeader, maxTimeout)\n        : Math.min(currentTimeout * timeoutFactor ** counter, maxTimeout)\n\n    state.currentTimeout = retryTimeout\n\n    setTimeout(() => cb(null), retryTimeout)\n  }\n\n  onHeaders (statusCode, rawHeaders, resume, statusMessage) {\n    const headers = parseHeaders(rawHeaders)\n\n    this.retryCount += 1\n\n    if (statusCode >= 300) {\n      this.abort(\n        new RequestRetryError('Request failed', statusCode, {\n          headers,\n          count: this.retryCount\n        })\n      )\n      return false\n    }\n\n    // Checkpoint for resume from where we left it\n    if (this.resume != null) {\n      this.resume = null\n\n      if (statusCode !== 206) {\n        return true\n      }\n\n      const contentRange = parseRangeHeader(headers['content-range'])\n      // If no content range\n      if (!contentRange) {\n        this.abort(\n          new RequestRetryError('Content-Range mismatch', statusCode, {\n            headers,\n            count: this.retryCount\n          })\n        )\n        return false\n      }\n\n      // Let's start with a weak etag check\n      if (this.etag != null && this.etag !== headers.etag) {\n        this.abort(\n          new RequestRetryError('ETag mismatch', statusCode, {\n            headers,\n            count: this.retryCount\n          })\n        )\n        return false\n      }\n\n      const { start, size, end = size } = contentRange\n\n      assert(this.start === start, 'content-range mismatch')\n      assert(this.end == null || this.end === end, 'content-range mismatch')\n\n      this.resume = resume\n      return true\n    }\n\n    if (this.end == null) {\n      if (statusCode === 206) {\n        // First time we receive 206\n        const range = parseRangeHeader(headers['content-range'])\n\n        if (range == null) {\n          return this.handler.onHeaders(\n            statusCode,\n            rawHeaders,\n            resume,\n            statusMessage\n          )\n        }\n\n        const { start, size, end = size } = range\n\n        assert(\n          start != null && Number.isFinite(start) && this.start !== start,\n          'content-range mismatch'\n        )\n        assert(Number.isFinite(start))\n        assert(\n          end != null && Number.isFinite(end) && this.end !== end,\n          'invalid content-length'\n        )\n\n        this.start = start\n        this.end = end\n      }\n\n      // We make our best to checkpoint the body for further range headers\n      if (this.end == null) {\n        const contentLength = headers['content-length']\n        this.end = contentLength != null ? Number(contentLength) : null\n      }\n\n      assert(Number.isFinite(this.start))\n      assert(\n        this.end == null || Number.isFinite(this.end),\n        'invalid content-length'\n      )\n\n      this.resume = resume\n      this.etag = headers.etag != null ? headers.etag : null\n\n      return this.handler.onHeaders(\n        statusCode,\n        rawHeaders,\n        resume,\n        statusMessage\n      )\n    }\n\n    const err = new RequestRetryError('Request failed', statusCode, {\n      headers,\n      count: this.retryCount\n    })\n\n    this.abort(err)\n\n    return false\n  }\n\n  onData (chunk) {\n    this.start += chunk.length\n\n    return this.handler.onData(chunk)\n  }\n\n  onComplete (rawTrailers) {\n    this.retryCount = 0\n    return this.handler.onComplete(rawTrailers)\n  }\n\n  onError (err) {\n    if (this.aborted || isDisturbed(this.opts.body)) {\n      return this.handler.onError(err)\n    }\n\n    this.retryOpts.retry(\n      err,\n      {\n        state: { counter: this.retryCount++, currentTimeout: this.retryAfter },\n        opts: { retryOptions: this.retryOpts, ...this.opts }\n      },\n      onRetry.bind(this)\n    )\n\n    function onRetry (err) {\n      if (err != null || this.aborted || isDisturbed(this.opts.body)) {\n        return this.handler.onError(err)\n      }\n\n      if (this.start !== 0) {\n        this.opts = {\n          ...this.opts,\n          headers: {\n            ...this.opts.headers,\n            range: `bytes=${this.start}-${this.end ?? ''}`\n          }\n        }\n      }\n\n      try {\n        this.dispatch(this.opts, this)\n      } catch (err) {\n        this.handler.onError(err)\n      }\n    }\n  }\n}\n\nmodule.exports = RetryHandler\n","'use strict'\n\nconst RedirectHandler = require('../handler/RedirectHandler')\n\nfunction createRedirectInterceptor ({ maxRedirections: defaultMaxRedirections }) {\n  return (dispatch) => {\n    return function Intercept (opts, handler) {\n      const { maxRedirections = defaultMaxRedirections } = opts\n\n      if (!maxRedirections) {\n        return dispatch(opts, handler)\n      }\n\n      const redirectHandler = new RedirectHandler(dispatch, maxRedirections, opts, handler)\n      opts = { ...opts, maxRedirections: 0 } // Stop sub dispatcher from also redirecting.\n      return dispatch(opts, redirectHandler)\n    }\n  }\n}\n\nmodule.exports = createRedirectInterceptor\n","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.SPECIAL_HEADERS = exports.HEADER_STATE = exports.MINOR = exports.MAJOR = exports.CONNECTION_TOKEN_CHARS = exports.HEADER_CHARS = exports.TOKEN = exports.STRICT_TOKEN = exports.HEX = exports.URL_CHAR = exports.STRICT_URL_CHAR = exports.USERINFO_CHARS = exports.MARK = exports.ALPHANUM = exports.NUM = exports.HEX_MAP = exports.NUM_MAP = exports.ALPHA = exports.FINISH = exports.H_METHOD_MAP = exports.METHOD_MAP = exports.METHODS_RTSP = exports.METHODS_ICE = exports.METHODS_HTTP = exports.METHODS = exports.LENIENT_FLAGS = exports.FLAGS = exports.TYPE = exports.ERROR = void 0;\nconst utils_1 = require(\"./utils\");\n// C headers\nvar ERROR;\n(function (ERROR) {\n    ERROR[ERROR[\"OK\"] = 0] = \"OK\";\n    ERROR[ERROR[\"INTERNAL\"] = 1] = \"INTERNAL\";\n    ERROR[ERROR[\"STRICT\"] = 2] = \"STRICT\";\n    ERROR[ERROR[\"LF_EXPECTED\"] = 3] = \"LF_EXPECTED\";\n    ERROR[ERROR[\"UNEXPECTED_CONTENT_LENGTH\"] = 4] = \"UNEXPECTED_CONTENT_LENGTH\";\n    ERROR[ERROR[\"CLOSED_CONNECTION\"] = 5] = \"CLOSED_CONNECTION\";\n    ERROR[ERROR[\"INVALID_METHOD\"] = 6] = \"INVALID_METHOD\";\n    ERROR[ERROR[\"INVALID_URL\"] = 7] = \"INVALID_URL\";\n    ERROR[ERROR[\"INVALID_CONSTANT\"] = 8] = \"INVALID_CONSTANT\";\n    ERROR[ERROR[\"INVALID_VERSION\"] = 9] = \"INVALID_VERSION\";\n    ERROR[ERROR[\"INVALID_HEADER_TOKEN\"] = 10] = \"INVALID_HEADER_TOKEN\";\n    ERROR[ERROR[\"INVALID_CONTENT_LENGTH\"] = 11] = \"INVALID_CONTENT_LENGTH\";\n    ERROR[ERROR[\"INVALID_CHUNK_SIZE\"] = 12] = \"INVALID_CHUNK_SIZE\";\n    ERROR[ERROR[\"INVALID_STATUS\"] = 13] = \"INVALID_STATUS\";\n    ERROR[ERROR[\"INVALID_EOF_STATE\"] = 14] = \"INVALID_EOF_STATE\";\n    ERROR[ERROR[\"INVALID_TRANSFER_ENCODING\"] = 15] = \"INVALID_TRANSFER_ENCODING\";\n    ERROR[ERROR[\"CB_MESSAGE_BEGIN\"] = 16] = \"CB_MESSAGE_BEGIN\";\n    ERROR[ERROR[\"CB_HEADERS_COMPLETE\"] = 17] = \"CB_HEADERS_COMPLETE\";\n    ERROR[ERROR[\"CB_MESSAGE_COMPLETE\"] = 18] = \"CB_MESSAGE_COMPLETE\";\n    ERROR[ERROR[\"CB_CHUNK_HEADER\"] = 19] = \"CB_CHUNK_HEADER\";\n    ERROR[ERROR[\"CB_CHUNK_COMPLETE\"] = 20] = \"CB_CHUNK_COMPLETE\";\n    ERROR[ERROR[\"PAUSED\"] = 21] = \"PAUSED\";\n    ERROR[ERROR[\"PAUSED_UPGRADE\"] = 22] = \"PAUSED_UPGRADE\";\n    ERROR[ERROR[\"PAUSED_H2_UPGRADE\"] = 23] = \"PAUSED_H2_UPGRADE\";\n    ERROR[ERROR[\"USER\"] = 24] = \"USER\";\n})(ERROR = exports.ERROR || (exports.ERROR = {}));\nvar TYPE;\n(function (TYPE) {\n    TYPE[TYPE[\"BOTH\"] = 0] = \"BOTH\";\n    TYPE[TYPE[\"REQUEST\"] = 1] = \"REQUEST\";\n    TYPE[TYPE[\"RESPONSE\"] = 2] = \"RESPONSE\";\n})(TYPE = exports.TYPE || (exports.TYPE = {}));\nvar FLAGS;\n(function (FLAGS) {\n    FLAGS[FLAGS[\"CONNECTION_KEEP_ALIVE\"] = 1] = \"CONNECTION_KEEP_ALIVE\";\n    FLAGS[FLAGS[\"CONNECTION_CLOSE\"] = 2] = \"CONNECTION_CLOSE\";\n    FLAGS[FLAGS[\"CONNECTION_UPGRADE\"] = 4] = \"CONNECTION_UPGRADE\";\n    FLAGS[FLAGS[\"CHUNKED\"] = 8] = \"CHUNKED\";\n    FLAGS[FLAGS[\"UPGRADE\"] = 16] = \"UPGRADE\";\n    FLAGS[FLAGS[\"CONTENT_LENGTH\"] = 32] = \"CONTENT_LENGTH\";\n    FLAGS[FLAGS[\"SKIPBODY\"] = 64] = \"SKIPBODY\";\n    FLAGS[FLAGS[\"TRAILING\"] = 128] = \"TRAILING\";\n    // 1 << 8 is unused\n    FLAGS[FLAGS[\"TRANSFER_ENCODING\"] = 512] = \"TRANSFER_ENCODING\";\n})(FLAGS = exports.FLAGS || (exports.FLAGS = {}));\nvar LENIENT_FLAGS;\n(function (LENIENT_FLAGS) {\n    LENIENT_FLAGS[LENIENT_FLAGS[\"HEADERS\"] = 1] = \"HEADERS\";\n    LENIENT_FLAGS[LENIENT_FLAGS[\"CHUNKED_LENGTH\"] = 2] = \"CHUNKED_LENGTH\";\n    LENIENT_FLAGS[LENIENT_FLAGS[\"KEEP_ALIVE\"] = 4] = \"KEEP_ALIVE\";\n})(LENIENT_FLAGS = exports.LENIENT_FLAGS || (exports.LENIENT_FLAGS = {}));\nvar METHODS;\n(function (METHODS) {\n    METHODS[METHODS[\"DELETE\"] = 0] = \"DELETE\";\n    METHODS[METHODS[\"GET\"] = 1] = \"GET\";\n    METHODS[METHODS[\"HEAD\"] = 2] = \"HEAD\";\n    METHODS[METHODS[\"POST\"] = 3] = \"POST\";\n    METHODS[METHODS[\"PUT\"] = 4] = \"PUT\";\n    /* pathological */\n    METHODS[METHODS[\"CONNECT\"] = 5] = \"CONNECT\";\n    METHODS[METHODS[\"OPTIONS\"] = 6] = \"OPTIONS\";\n    METHODS[METHODS[\"TRACE\"] = 7] = \"TRACE\";\n    /* WebDAV */\n    METHODS[METHODS[\"COPY\"] = 8] = \"COPY\";\n    METHODS[METHODS[\"LOCK\"] = 9] = \"LOCK\";\n    METHODS[METHODS[\"MKCOL\"] = 10] = \"MKCOL\";\n    METHODS[METHODS[\"MOVE\"] = 11] = \"MOVE\";\n    METHODS[METHODS[\"PROPFIND\"] = 12] = \"PROPFIND\";\n    METHODS[METHODS[\"PROPPATCH\"] = 13] = \"PROPPATCH\";\n    METHODS[METHODS[\"SEARCH\"] = 14] = \"SEARCH\";\n    METHODS[METHODS[\"UNLOCK\"] = 15] = \"UNLOCK\";\n    METHODS[METHODS[\"BIND\"] = 16] = \"BIND\";\n    METHODS[METHODS[\"REBIND\"] = 17] = \"REBIND\";\n    METHODS[METHODS[\"UNBIND\"] = 18] = \"UNBIND\";\n    METHODS[METHODS[\"ACL\"] = 19] = \"ACL\";\n    /* subversion */\n    METHODS[METHODS[\"REPORT\"] = 20] = \"REPORT\";\n    METHODS[METHODS[\"MKACTIVITY\"] = 21] = \"MKACTIVITY\";\n    METHODS[METHODS[\"CHECKOUT\"] = 22] = \"CHECKOUT\";\n    METHODS[METHODS[\"MERGE\"] = 23] = \"MERGE\";\n    /* upnp */\n    METHODS[METHODS[\"M-SEARCH\"] = 24] = \"M-SEARCH\";\n    METHODS[METHODS[\"NOTIFY\"] = 25] = \"NOTIFY\";\n    METHODS[METHODS[\"SUBSCRIBE\"] = 26] = \"SUBSCRIBE\";\n    METHODS[METHODS[\"UNSUBSCRIBE\"] = 27] = \"UNSUBSCRIBE\";\n    /* RFC-5789 */\n    METHODS[METHODS[\"PATCH\"] = 28] = \"PATCH\";\n    METHODS[METHODS[\"PURGE\"] = 29] = \"PURGE\";\n    /* CalDAV */\n    METHODS[METHODS[\"MKCALENDAR\"] = 30] = \"MKCALENDAR\";\n    /* RFC-2068, section 19.6.1.2 */\n    METHODS[METHODS[\"LINK\"] = 31] = \"LINK\";\n    METHODS[METHODS[\"UNLINK\"] = 32] = \"UNLINK\";\n    /* icecast */\n    METHODS[METHODS[\"SOURCE\"] = 33] = \"SOURCE\";\n    /* RFC-7540, section 11.6 */\n    METHODS[METHODS[\"PRI\"] = 34] = \"PRI\";\n    /* RFC-2326 RTSP */\n    METHODS[METHODS[\"DESCRIBE\"] = 35] = \"DESCRIBE\";\n    METHODS[METHODS[\"ANNOUNCE\"] = 36] = \"ANNOUNCE\";\n    METHODS[METHODS[\"SETUP\"] = 37] = \"SETUP\";\n    METHODS[METHODS[\"PLAY\"] = 38] = \"PLAY\";\n    METHODS[METHODS[\"PAUSE\"] = 39] = \"PAUSE\";\n    METHODS[METHODS[\"TEARDOWN\"] = 40] = \"TEARDOWN\";\n    METHODS[METHODS[\"GET_PARAMETER\"] = 41] = \"GET_PARAMETER\";\n    METHODS[METHODS[\"SET_PARAMETER\"] = 42] = \"SET_PARAMETER\";\n    METHODS[METHODS[\"REDIRECT\"] = 43] = \"REDIRECT\";\n    METHODS[METHODS[\"RECORD\"] = 44] = \"RECORD\";\n    /* RAOP */\n    METHODS[METHODS[\"FLUSH\"] = 45] = \"FLUSH\";\n})(METHODS = exports.METHODS || (exports.METHODS = {}));\nexports.METHODS_HTTP = [\n    METHODS.DELETE,\n    METHODS.GET,\n    METHODS.HEAD,\n    METHODS.POST,\n    METHODS.PUT,\n    METHODS.CONNECT,\n    METHODS.OPTIONS,\n    METHODS.TRACE,\n    METHODS.COPY,\n    METHODS.LOCK,\n    METHODS.MKCOL,\n    METHODS.MOVE,\n    METHODS.PROPFIND,\n    METHODS.PROPPATCH,\n    METHODS.SEARCH,\n    METHODS.UNLOCK,\n    METHODS.BIND,\n    METHODS.REBIND,\n    METHODS.UNBIND,\n    METHODS.ACL,\n    METHODS.REPORT,\n    METHODS.MKACTIVITY,\n    METHODS.CHECKOUT,\n    METHODS.MERGE,\n    METHODS['M-SEARCH'],\n    METHODS.NOTIFY,\n    METHODS.SUBSCRIBE,\n    METHODS.UNSUBSCRIBE,\n    METHODS.PATCH,\n    METHODS.PURGE,\n    METHODS.MKCALENDAR,\n    METHODS.LINK,\n    METHODS.UNLINK,\n    METHODS.PRI,\n    // TODO(indutny): should we allow it with HTTP?\n    METHODS.SOURCE,\n];\nexports.METHODS_ICE = [\n    METHODS.SOURCE,\n];\nexports.METHODS_RTSP = [\n    METHODS.OPTIONS,\n    METHODS.DESCRIBE,\n    METHODS.ANNOUNCE,\n    METHODS.SETUP,\n    METHODS.PLAY,\n    METHODS.PAUSE,\n    METHODS.TEARDOWN,\n    METHODS.GET_PARAMETER,\n    METHODS.SET_PARAMETER,\n    METHODS.REDIRECT,\n    METHODS.RECORD,\n    METHODS.FLUSH,\n    // For AirPlay\n    METHODS.GET,\n    METHODS.POST,\n];\nexports.METHOD_MAP = utils_1.enumToMap(METHODS);\nexports.H_METHOD_MAP = {};\nObject.keys(exports.METHOD_MAP).forEach((key) => {\n    if (/^H/.test(key)) {\n        exports.H_METHOD_MAP[key] = exports.METHOD_MAP[key];\n    }\n});\nvar FINISH;\n(function (FINISH) {\n    FINISH[FINISH[\"SAFE\"] = 0] = \"SAFE\";\n    FINISH[FINISH[\"SAFE_WITH_CB\"] = 1] = \"SAFE_WITH_CB\";\n    FINISH[FINISH[\"UNSAFE\"] = 2] = \"UNSAFE\";\n})(FINISH = exports.FINISH || (exports.FINISH = {}));\nexports.ALPHA = [];\nfor (let i = 'A'.charCodeAt(0); i <= 'Z'.charCodeAt(0); i++) {\n    // Upper case\n    exports.ALPHA.push(String.fromCharCode(i));\n    // Lower case\n    exports.ALPHA.push(String.fromCharCode(i + 0x20));\n}\nexports.NUM_MAP = {\n    0: 0, 1: 1, 2: 2, 3: 3, 4: 4,\n    5: 5, 6: 6, 7: 7, 8: 8, 9: 9,\n};\nexports.HEX_MAP = {\n    0: 0, 1: 1, 2: 2, 3: 3, 4: 4,\n    5: 5, 6: 6, 7: 7, 8: 8, 9: 9,\n    A: 0XA, B: 0XB, C: 0XC, D: 0XD, E: 0XE, F: 0XF,\n    a: 0xa, b: 0xb, c: 0xc, d: 0xd, e: 0xe, f: 0xf,\n};\nexports.NUM = [\n    '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',\n];\nexports.ALPHANUM = exports.ALPHA.concat(exports.NUM);\nexports.MARK = ['-', '_', '.', '!', '~', '*', '\\'', '(', ')'];\nexports.USERINFO_CHARS = exports.ALPHANUM\n    .concat(exports.MARK)\n    .concat(['%', ';', ':', '&', '=', '+', '$', ',']);\n// TODO(indutny): use RFC\nexports.STRICT_URL_CHAR = [\n    '!', '\"', '$', '%', '&', '\\'',\n    '(', ')', '*', '+', ',', '-', '.', '/',\n    ':', ';', '<', '=', '>',\n    '@', '[', '\\\\', ']', '^', '_',\n    '`',\n    '{', '|', '}', '~',\n].concat(exports.ALPHANUM);\nexports.URL_CHAR = exports.STRICT_URL_CHAR\n    .concat(['\\t', '\\f']);\n// All characters with 0x80 bit set to 1\nfor (let i = 0x80; i <= 0xff; i++) {\n    exports.URL_CHAR.push(i);\n}\nexports.HEX = exports.NUM.concat(['a', 'b', 'c', 'd', 'e', 'f', 'A', 'B', 'C', 'D', 'E', 'F']);\n/* Tokens as defined by rfc 2616. Also lowercases them.\n *        token       = 1*<any CHAR except CTLs or separators>\n *     separators     = \"(\" | \")\" | \"<\" | \">\" | \"@\"\n *                    | \",\" | \";\" | \":\" | \"\\\" | <\">\n *                    | \"/\" | \"[\" | \"]\" | \"?\" | \"=\"\n *                    | \"{\" | \"}\" | SP | HT\n */\nexports.STRICT_TOKEN = [\n    '!', '#', '$', '%', '&', '\\'',\n    '*', '+', '-', '.',\n    '^', '_', '`',\n    '|', '~',\n].concat(exports.ALPHANUM);\nexports.TOKEN = exports.STRICT_TOKEN.concat([' ']);\n/*\n * Verify that a char is a valid visible (printable) US-ASCII\n * character or %x80-FF\n */\nexports.HEADER_CHARS = ['\\t'];\nfor (let i = 32; i <= 255; i++) {\n    if (i !== 127) {\n        exports.HEADER_CHARS.push(i);\n    }\n}\n// ',' = \\x44\nexports.CONNECTION_TOKEN_CHARS = exports.HEADER_CHARS.filter((c) => c !== 44);\nexports.MAJOR = exports.NUM_MAP;\nexports.MINOR = exports.MAJOR;\nvar HEADER_STATE;\n(function (HEADER_STATE) {\n    HEADER_STATE[HEADER_STATE[\"GENERAL\"] = 0] = \"GENERAL\";\n    HEADER_STATE[HEADER_STATE[\"CONNECTION\"] = 1] = \"CONNECTION\";\n    HEADER_STATE[HEADER_STATE[\"CONTENT_LENGTH\"] = 2] = \"CONTENT_LENGTH\";\n    HEADER_STATE[HEADER_STATE[\"TRANSFER_ENCODING\"] = 3] = \"TRANSFER_ENCODING\";\n    HEADER_STATE[HEADER_STATE[\"UPGRADE\"] = 4] = \"UPGRADE\";\n    HEADER_STATE[HEADER_STATE[\"CONNECTION_KEEP_ALIVE\"] = 5] = \"CONNECTION_KEEP_ALIVE\";\n    HEADER_STATE[HEADER_STATE[\"CONNECTION_CLOSE\"] = 6] = \"CONNECTION_CLOSE\";\n    HEADER_STATE[HEADER_STATE[\"CONNECTION_UPGRADE\"] = 7] = \"CONNECTION_UPGRADE\";\n    HEADER_STATE[HEADER_STATE[\"TRANSFER_ENCODING_CHUNKED\"] = 8] = \"TRANSFER_ENCODING_CHUNKED\";\n})(HEADER_STATE = exports.HEADER_STATE || (exports.HEADER_STATE = {}));\nexports.SPECIAL_HEADERS = {\n    'connection': HEADER_STATE.CONNECTION,\n    'content-length': HEADER_STATE.CONTENT_LENGTH,\n    'proxy-connection': HEADER_STATE.CONNECTION,\n    'transfer-encoding': HEADER_STATE.TRANSFER_ENCODING,\n    'upgrade': HEADER_STATE.UPGRADE,\n};\n//# sourceMappingURL=constants.js.map","module.exports = 'AGFzbQEAAAABMAhgAX8Bf2ADf39/AX9gBH9/f38Bf2AAAGADf39/AGABfwBgAn9/AGAGf39/f39/AALLAQgDZW52GHdhc21fb25faGVhZGVyc19jb21wbGV0ZQACA2VudhV3YXNtX29uX21lc3NhZ2VfYmVnaW4AAANlbnYLd2FzbV9vbl91cmwAAQNlbnYOd2FzbV9vbl9zdGF0dXMAAQNlbnYUd2FzbV9vbl9oZWFkZXJfZmllbGQAAQNlbnYUd2FzbV9vbl9oZWFkZXJfdmFsdWUAAQNlbnYMd2FzbV9vbl9ib2R5AAEDZW52GHdhc21fb25fbWVzc2FnZV9jb21wbGV0ZQAAA0ZFAwMEAAAFAAAAAAAABQEFAAUFBQAABgAAAAAGBgYGAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAAABAQcAAAUFAwABBAUBcAESEgUDAQACBggBfwFBgNQECwfRBSIGbWVtb3J5AgALX2luaXRpYWxpemUACRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALbGxodHRwX2luaXQAChhsbGh0dHBfc2hvdWxkX2tlZXBfYWxpdmUAQQxsbGh0dHBfYWxsb2MADAZtYWxsb2MARgtsbGh0dHBfZnJlZQANBGZyZWUASA9sbGh0dHBfZ2V0X3R5cGUADhVsbGh0dHBfZ2V0X2h0dHBfbWFqb3IADxVsbGh0dHBfZ2V0X2h0dHBfbWlub3IAEBFsbGh0dHBfZ2V0X21ldGhvZAARFmxsaHR0cF9nZXRfc3RhdHVzX2NvZGUAEhJsbGh0dHBfZ2V0X3VwZ3JhZGUAEwxsbGh0dHBfcmVzZXQAFA5sbGh0dHBfZXhlY3V0ZQAVFGxsaHR0cF9zZXR0aW5nc19pbml0ABYNbGxodHRwX2ZpbmlzaAAXDGxsaHR0cF9wYXVzZQAYDWxsaHR0cF9yZXN1bWUAGRtsbGh0dHBfcmVzdW1lX2FmdGVyX3VwZ3JhZGUAGhBsbGh0dHBfZ2V0X2Vycm5vABsXbGxodHRwX2dldF9lcnJvcl9yZWFzb24AHBdsbGh0dHBfc2V0X2Vycm9yX3JlYXNvbgAdFGxsaHR0cF9nZXRfZXJyb3JfcG9zAB4RbGxodHRwX2Vycm5vX25hbWUAHxJsbGh0dHBfbWV0aG9kX25hbWUAIBJsbGh0dHBfc3RhdHVzX25hbWUAIRpsbGh0dHBfc2V0X2xlbmllbnRfaGVhZGVycwAiIWxsaHR0cF9zZXRfbGVuaWVudF9jaHVua2VkX2xlbmd0aAAjHWxsaHR0cF9zZXRfbGVuaWVudF9rZWVwX2FsaXZlACQkbGxodHRwX3NldF9sZW5pZW50X3RyYW5zZmVyX2VuY29kaW5nACUYbGxodHRwX21lc3NhZ2VfbmVlZHNfZW9mAD8JFwEAQQELEQECAwQFCwYHNTk3MS8tJyspCsLgAkUCAAsIABCIgICAAAsZACAAEMKAgIAAGiAAIAI2AjggACABOgAoCxwAIAAgAC8BMiAALQAuIAAQwYCAgAAQgICAgAALKgEBf0HAABDGgICAACIBEMKAgIAAGiABQYCIgIAANgI4IAEgADoAKCABCwoAIAAQyICAgAALBwAgAC0AKAsHACAALQAqCwcAIAAtACsLBwAgAC0AKQsHACAALwEyCwcAIAAtAC4LRQEEfyAAKAIYIQEgAC0ALSECIAAtACghAyAAKAI4IQQgABDCgICAABogACAENgI4IAAgAzoAKCAAIAI6AC0gACABNgIYCxEAIAAgASABIAJqEMOAgIAACxAAIABBAEHcABDMgICAABoLZwEBf0EAIQECQCAAKAIMDQACQAJAAkACQCAALQAvDgMBAAMCCyAAKAI4IgFFDQAgASgCLCIBRQ0AIAAgARGAgICAAAAiAQ0DC0EADwsQyoCAgAAACyAAQcOWgIAANgIQQQ4hAQsgAQseAAJAIAAoAgwNACAAQdGbgIAANgIQIABBFTYCDAsLFgACQCAAKAIMQRVHDQAgAEEANgIMCwsWAAJAIAAoAgxBFkcNACAAQQA2AgwLCwcAIAAoAgwLBwAgACgCEAsJACAAIAE2AhALBwAgACgCFAsiAAJAIABBJEkNABDKgICAAAALIABBAnRBoLOAgABqKAIACyIAAkAgAEEuSQ0AEMqAgIAAAAsgAEECdEGwtICAAGooAgAL7gsBAX9B66iAgAAhAQJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAIABBnH9qDvQDY2IAAWFhYWFhYQIDBAVhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhBgcICQoLDA0OD2FhYWFhEGFhYWFhYWFhYWFhEWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYRITFBUWFxgZGhthYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2YTc4OTphYWFhYWFhYTthYWE8YWFhYT0+P2FhYWFhYWFhQGFhQWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYUJDREVGR0hJSktMTU5PUFFSU2FhYWFhYWFhVFVWV1hZWlthXF1hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFeYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhX2BhC0Hhp4CAAA8LQaShgIAADwtBy6yAgAAPC0H+sYCAAA8LQcCkgIAADwtBq6SAgAAPC0GNqICAAA8LQeKmgIAADwtBgLCAgAAPC0G5r4CAAA8LQdekgIAADwtB75+AgAAPC0Hhn4CAAA8LQfqfgIAADwtB8qCAgAAPC0Gor4CAAA8LQa6ygIAADwtBiLCAgAAPC0Hsp4CAAA8LQYKigIAADwtBjp2AgAAPC0HQroCAAA8LQcqjgIAADwtBxbKAgAAPC0HfnICAAA8LQdKcgIAADwtBxKCAgAAPC0HXoICAAA8LQaKfgIAADwtB7a6AgAAPC0GrsICAAA8LQdSlgIAADwtBzK6AgAAPC0H6roCAAA8LQfyrgIAADwtB0rCAgAAPC0HxnYCAAA8LQbuggIAADwtB96uAgAAPC0GQsYCAAA8LQdexgIAADwtBoq2AgAAPC0HUp4CAAA8LQeCrgIAADwtBn6yAgAAPC0HrsYCAAA8LQdWfgIAADwtByrGAgAAPC0HepYCAAA8LQdSegIAADwtB9JyAgAAPC0GnsoCAAA8LQbGdgIAADwtBoJ2AgAAPC0G5sYCAAA8LQbywgIAADwtBkqGAgAAPC0GzpoCAAA8LQemsgIAADwtBrJ6AgAAPC0HUq4CAAA8LQfemgIAADwtBgKaAgAAPC0GwoYCAAA8LQf6egIAADwtBjaOAgAAPC0GJrYCAAA8LQfeigIAADwtBoLGAgAAPC0Gun4CAAA8LQcalgIAADwtB6J6AgAAPC0GTooCAAA8LQcKvgIAADwtBw52AgAAPC0GLrICAAA8LQeGdgIAADwtBja+AgAAPC0HqoYCAAA8LQbStgIAADwtB0q+AgAAPC0HfsoCAAA8LQdKygIAADwtB8LCAgAAPC0GpooCAAA8LQfmjgIAADwtBmZ6AgAAPC0G1rICAAA8LQZuwgIAADwtBkrKAgAAPC0G2q4CAAA8LQcKigIAADwtB+LKAgAAPC0GepYCAAA8LQdCigIAADwtBup6AgAAPC0GBnoCAAA8LEMqAgIAAAAtB1qGAgAAhAQsgAQsWACAAIAAtAC1B/gFxIAFBAEdyOgAtCxkAIAAgAC0ALUH9AXEgAUEAR0EBdHI6AC0LGQAgACAALQAtQfsBcSABQQBHQQJ0cjoALQsZACAAIAAtAC1B9wFxIAFBAEdBA3RyOgAtCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAgAiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCBCIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQcaRgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIwIgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAggiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEH2ioCAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCNCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIMIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABB7ZqAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAjgiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCECIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQZWQgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAI8IgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAhQiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEGqm4CAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCQCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIYIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABB7ZOAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAkQiBEUNACAAIAQRgICAgAAAIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCJCIERQ0AIAAgBBGAgICAAAAhAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIsIgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAigiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEH2iICAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCUCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIcIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABBwpmAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAkgiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCICIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQZSUgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAJMIgRFDQAgACAEEYCAgIAAACEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAlQiBEUNACAAIAQRgICAgAAAIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCWCIERQ0AIAAgBBGAgICAAAAhAwsgAwtFAQF/AkACQCAALwEwQRRxQRRHDQBBASEDIAAtAChBAUYNASAALwEyQeUARiEDDAELIAAtAClBBUYhAwsgACADOgAuQQAL/gEBA39BASEDAkAgAC8BMCIEQQhxDQAgACkDIEIAUiEDCwJAAkAgAC0ALkUNAEEBIQUgAC0AKUEFRg0BQQEhBSAEQcAAcUUgA3FBAUcNAQtBACEFIARBwABxDQBBAiEFIARB//8DcSIDQQhxDQACQCADQYAEcUUNAAJAIAAtAChBAUcNACAALQAtQQpxDQBBBQ8LQQQPCwJAIANBIHENAAJAIAAtAChBAUYNACAALwEyQf//A3EiAEGcf2pB5ABJDQAgAEHMAUYNACAAQbACRg0AQQQhBSAEQShxRQ0CIANBiARxQYAERg0CC0EADwtBAEEDIAApAyBQGyEFCyAFC2IBAn9BACEBAkAgAC0AKEEBRg0AIAAvATJB//8DcSICQZx/akHkAEkNACACQcwBRg0AIAJBsAJGDQAgAC8BMCIAQcAAcQ0AQQEhASAAQYgEcUGABEYNACAAQShxRSEBCyABC6cBAQN/AkACQAJAIAAtACpFDQAgAC0AK0UNAEEAIQMgAC8BMCIEQQJxRQ0BDAILQQAhAyAALwEwIgRBAXFFDQELQQEhAyAALQAoQQFGDQAgAC8BMkH//wNxIgVBnH9qQeQASQ0AIAVBzAFGDQAgBUGwAkYNACAEQcAAcQ0AQQAhAyAEQYgEcUGABEYNACAEQShxQQBHIQMLIABBADsBMCAAQQA6AC8gAwuZAQECfwJAAkACQCAALQAqRQ0AIAAtACtFDQBBACEBIAAvATAiAkECcUUNAQwCC0EAIQEgAC8BMCICQQFxRQ0BC0EBIQEgAC0AKEEBRg0AIAAvATJB//8DcSIAQZx/akHkAEkNACAAQcwBRg0AIABBsAJGDQAgAkHAAHENAEEAIQEgAkGIBHFBgARGDQAgAkEocUEARyEBCyABC1kAIABBGGpCADcDACAAQgA3AwAgAEE4akIANwMAIABBMGpCADcDACAAQShqQgA3AwAgAEEgakIANwMAIABBEGpCADcDACAAQQhqQgA3AwAgAEHdATYCHEEAC3sBAX8CQCAAKAIMIgMNAAJAIAAoAgRFDQAgACABNgIECwJAIAAgASACEMSAgIAAIgMNACAAKAIMDwsgACADNgIcQQAhAyAAKAIEIgFFDQAgACABIAIgACgCCBGBgICAAAAiAUUNACAAIAI2AhQgACABNgIMIAEhAwsgAwvk8wEDDn8DfgR/I4CAgIAAQRBrIgMkgICAgAAgASEEIAEhBSABIQYgASEHIAEhCCABIQkgASEKIAEhCyABIQwgASENIAEhDiABIQ8CQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkAgACgCHCIQQX9qDt0B2gEB2QECAwQFBgcICQoLDA0O2AEPENcBERLWARMUFRYXGBkaG+AB3wEcHR7VAR8gISIjJCXUASYnKCkqKyzTAdIBLS7RAdABLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVG2wFHSElKzwHOAUvNAUzMAU1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4ABgQGCAYMBhAGFAYYBhwGIAYkBigGLAYwBjQGOAY8BkAGRAZIBkwGUAZUBlgGXAZgBmQGaAZsBnAGdAZ4BnwGgAaEBogGjAaQBpQGmAacBqAGpAaoBqwGsAa0BrgGvAbABsQGyAbMBtAG1AbYBtwHLAcoBuAHJAbkByAG6AbsBvAG9Ab4BvwHAAcEBwgHDAcQBxQHGAQDcAQtBACEQDMYBC0EOIRAMxQELQQ0hEAzEAQtBDyEQDMMBC0EQIRAMwgELQRMhEAzBAQtBFCEQDMABC0EVIRAMvwELQRYhEAy+AQtBFyEQDL0BC0EYIRAMvAELQRkhEAy7AQtBGiEQDLoBC0EbIRAMuQELQRwhEAy4AQtBCCEQDLcBC0EdIRAMtgELQSAhEAy1AQtBHyEQDLQBC0EHIRAMswELQSEhEAyyAQtBIiEQDLEBC0EeIRAMsAELQSMhEAyvAQtBEiEQDK4BC0ERIRAMrQELQSQhEAysAQtBJSEQDKsBC0EmIRAMqgELQSchEAypAQtBwwEhEAyoAQtBKSEQDKcBC0ErIRAMpgELQSwhEAylAQtBLSEQDKQBC0EuIRAMowELQS8hEAyiAQtBxAEhEAyhAQtBMCEQDKABC0E0IRAMnwELQQwhEAyeAQtBMSEQDJ0BC0EyIRAMnAELQTMhEAybAQtBOSEQDJoBC0E1IRAMmQELQcUBIRAMmAELQQshEAyXAQtBOiEQDJYBC0E2IRAMlQELQQohEAyUAQtBNyEQDJMBC0E4IRAMkgELQTwhEAyRAQtBOyEQDJABC0E9IRAMjwELQQkhEAyOAQtBKCEQDI0BC0E+IRAMjAELQT8hEAyLAQtBwAAhEAyKAQtBwQAhEAyJAQtBwgAhEAyIAQtBwwAhEAyHAQtBxAAhEAyGAQtBxQAhEAyFAQtBxgAhEAyEAQtBKiEQDIMBC0HHACEQDIIBC0HIACEQDIEBC0HJACEQDIABC0HKACEQDH8LQcsAIRAMfgtBzQAhEAx9C0HMACEQDHwLQc4AIRAMewtBzwAhEAx6C0HQACEQDHkLQdEAIRAMeAtB0gAhEAx3C0HTACEQDHYLQdQAIRAMdQtB1gAhEAx0C0HVACEQDHMLQQYhEAxyC0HXACEQDHELQQUhEAxwC0HYACEQDG8LQQQhEAxuC0HZACEQDG0LQdoAIRAMbAtB2wAhEAxrC0HcACEQDGoLQQMhEAxpC0HdACEQDGgLQd4AIRAMZwtB3wAhEAxmC0HhACEQDGULQeAAIRAMZAtB4gAhEAxjC0HjACEQDGILQQIhEAxhC0HkACEQDGALQeUAIRAMXwtB5gAhEAxeC0HnACEQDF0LQegAIRAMXAtB6QAhEAxbC0HqACEQDFoLQesAIRAMWQtB7AAhEAxYC0HtACEQDFcLQe4AIRAMVgtB7wAhEAxVC0HwACEQDFQLQfEAIRAMUwtB8gAhEAxSC0HzACEQDFELQfQAIRAMUAtB9QAhEAxPC0H2ACEQDE4LQfcAIRAMTQtB+AAhEAxMC0H5ACEQDEsLQfoAIRAMSgtB+wAhEAxJC0H8ACEQDEgLQf0AIRAMRwtB/gAhEAxGC0H/ACEQDEULQYABIRAMRAtBgQEhEAxDC0GCASEQDEILQYMBIRAMQQtBhAEhEAxAC0GFASEQDD8LQYYBIRAMPgtBhwEhEAw9C0GIASEQDDwLQYkBIRAMOwtBigEhEAw6C0GLASEQDDkLQYwBIRAMOAtBjQEhEAw3C0GOASEQDDYLQY8BIRAMNQtBkAEhEAw0C0GRASEQDDMLQZIBIRAMMgtBkwEhEAwxC0GUASEQDDALQZUBIRAMLwtBlgEhEAwuC0GXASEQDC0LQZgBIRAMLAtBmQEhEAwrC0GaASEQDCoLQZsBIRAMKQtBnAEhEAwoC0GdASEQDCcLQZ4BIRAMJgtBnwEhEAwlC0GgASEQDCQLQaEBIRAMIwtBogEhEAwiC0GjASEQDCELQaQBIRAMIAtBpQEhEAwfC0GmASEQDB4LQacBIRAMHQtBqAEhEAwcC0GpASEQDBsLQaoBIRAMGgtBqwEhEAwZC0GsASEQDBgLQa0BIRAMFwtBrgEhEAwWC0EBIRAMFQtBrwEhEAwUC0GwASEQDBMLQbEBIRAMEgtBswEhEAwRC0GyASEQDBALQbQBIRAMDwtBtQEhEAwOC0G2ASEQDA0LQbcBIRAMDAtBuAEhEAwLC0G5ASEQDAoLQboBIRAMCQtBuwEhEAwIC0HGASEQDAcLQbwBIRAMBgtBvQEhEAwFC0G+ASEQDAQLQb8BIRAMAwtBwAEhEAwCC0HCASEQDAELQcEBIRALA0ACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQCAQDscBAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxweHyAhIyUoP0BBREVGR0hJSktMTU9QUVJT3gNXWVtcXWBiZWZnaGlqa2xtb3BxcnN0dXZ3eHl6e3x9foABggGFAYYBhwGJAYsBjAGNAY4BjwGQAZEBlAGVAZYBlwGYAZkBmgGbAZwBnQGeAZ8BoAGhAaIBowGkAaUBpgGnAagBqQGqAasBrAGtAa4BrwGwAbEBsgGzAbQBtQG2AbcBuAG5AboBuwG8Ab0BvgG/AcABwQHCAcMBxAHFAcYBxwHIAckBygHLAcwBzQHOAc8B0AHRAdIB0wHUAdUB1gHXAdgB2QHaAdsB3AHdAd4B4AHhAeIB4wHkAeUB5gHnAegB6QHqAesB7AHtAe4B7wHwAfEB8gHzAZkCpAKwAv4C/gILIAEiBCACRw3zAUHdASEQDP8DCyABIhAgAkcN3QFBwwEhEAz+AwsgASIBIAJHDZABQfcAIRAM/QMLIAEiASACRw2GAUHvACEQDPwDCyABIgEgAkcNf0HqACEQDPsDCyABIgEgAkcNe0HoACEQDPoDCyABIgEgAkcNeEHmACEQDPkDCyABIgEgAkcNGkEYIRAM+AMLIAEiASACRw0UQRIhEAz3AwsgASIBIAJHDVlBxQAhEAz2AwsgASIBIAJHDUpBPyEQDPUDCyABIgEgAkcNSEE8IRAM9AMLIAEiASACRw1BQTEhEAzzAwsgAC0ALkEBRg3rAwyHAgsgACABIgEgAhDAgICAAEEBRw3mASAAQgA3AyAM5wELIAAgASIBIAIQtICAgAAiEA3nASABIQEM9QILAkAgASIBIAJHDQBBBiEQDPADCyAAIAFBAWoiASACELuAgIAAIhAN6AEgASEBDDELIABCADcDIEESIRAM1QMLIAEiECACRw0rQR0hEAztAwsCQCABIgEgAkYNACABQQFqIQFBECEQDNQDC0EHIRAM7AMLIABCACAAKQMgIhEgAiABIhBrrSISfSITIBMgEVYbNwMgIBEgElYiFEUN5QFBCCEQDOsDCwJAIAEiASACRg0AIABBiYCAgAA2AgggACABNgIEIAEhAUEUIRAM0gMLQQkhEAzqAwsgASEBIAApAyBQDeQBIAEhAQzyAgsCQCABIgEgAkcNAEELIRAM6QMLIAAgAUEBaiIBIAIQtoCAgAAiEA3lASABIQEM8gILIAAgASIBIAIQuICAgAAiEA3lASABIQEM8gILIAAgASIBIAIQuICAgAAiEA3mASABIQEMDQsgACABIgEgAhC6gICAACIQDecBIAEhAQzwAgsCQCABIgEgAkcNAEEPIRAM5QMLIAEtAAAiEEE7Rg0IIBBBDUcN6AEgAUEBaiEBDO8CCyAAIAEiASACELqAgIAAIhAN6AEgASEBDPICCwNAAkAgAS0AAEHwtYCAAGotAAAiEEEBRg0AIBBBAkcN6wEgACgCBCEQIABBADYCBCAAIBAgAUEBaiIBELmAgIAAIhAN6gEgASEBDPQCCyABQQFqIgEgAkcNAAtBEiEQDOIDCyAAIAEiASACELqAgIAAIhAN6QEgASEBDAoLIAEiASACRw0GQRshEAzgAwsCQCABIgEgAkcNAEEWIRAM4AMLIABBioCAgAA2AgggACABNgIEIAAgASACELiAgIAAIhAN6gEgASEBQSAhEAzGAwsCQCABIgEgAkYNAANAAkAgAS0AAEHwt4CAAGotAAAiEEECRg0AAkAgEEF/ag4E5QHsAQDrAewBCyABQQFqIQFBCCEQDMgDCyABQQFqIgEgAkcNAAtBFSEQDN8DC0EVIRAM3gMLA0ACQCABLQAAQfC5gIAAai0AACIQQQJGDQAgEEF/ag4E3gHsAeAB6wHsAQsgAUEBaiIBIAJHDQALQRghEAzdAwsCQCABIgEgAkYNACAAQYuAgIAANgIIIAAgATYCBCABIQFBByEQDMQDC0EZIRAM3AMLIAFBAWohAQwCCwJAIAEiFCACRw0AQRohEAzbAwsgFCEBAkAgFC0AAEFzag4U3QLuAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gIA7gILQQAhECAAQQA2AhwgAEGvi4CAADYCECAAQQI2AgwgACAUQQFqNgIUDNoDCwJAIAEtAAAiEEE7Rg0AIBBBDUcN6AEgAUEBaiEBDOUCCyABQQFqIQELQSIhEAy/AwsCQCABIhAgAkcNAEEcIRAM2AMLQgAhESAQIQEgEC0AAEFQag435wHmAQECAwQFBgcIAAAAAAAAAAkKCwwNDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxAREhMUAAtBHiEQDL0DC0ICIREM5QELQgMhEQzkAQtCBCERDOMBC0IFIREM4gELQgYhEQzhAQtCByERDOABC0IIIREM3wELQgkhEQzeAQtCCiERDN0BC0ILIREM3AELQgwhEQzbAQtCDSERDNoBC0IOIREM2QELQg8hEQzYAQtCCiERDNcBC0ILIREM1gELQgwhEQzVAQtCDSERDNQBC0IOIREM0wELQg8hEQzSAQtCACERAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQCAQLQAAQVBqDjflAeQBAAECAwQFBgfmAeYB5gHmAeYB5gHmAQgJCgsMDeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gEODxAREhPmAQtCAiERDOQBC0IDIREM4wELQgQhEQziAQtCBSERDOEBC0IGIREM4AELQgchEQzfAQtCCCERDN4BC0IJIREM3QELQgohEQzcAQtCCyERDNsBC0IMIREM2gELQg0hEQzZAQtCDiERDNgBC0IPIREM1wELQgohEQzWAQtCCyERDNUBC0IMIREM1AELQg0hEQzTAQtCDiERDNIBC0IPIREM0QELIABCACAAKQMgIhEgAiABIhBrrSISfSITIBMgEVYbNwMgIBEgElYiFEUN0gFBHyEQDMADCwJAIAEiASACRg0AIABBiYCAgAA2AgggACABNgIEIAEhAUEkIRAMpwMLQSAhEAy/AwsgACABIhAgAhC+gICAAEF/ag4FtgEAxQIB0QHSAQtBESEQDKQDCyAAQQE6AC8gECEBDLsDCyABIgEgAkcN0gFBJCEQDLsDCyABIg0gAkcNHkHGACEQDLoDCyAAIAEiASACELKAgIAAIhAN1AEgASEBDLUBCyABIhAgAkcNJkHQACEQDLgDCwJAIAEiASACRw0AQSghEAy4AwsgAEEANgIEIABBjICAgAA2AgggACABIAEQsYCAgAAiEA3TASABIQEM2AELAkAgASIQIAJHDQBBKSEQDLcDCyAQLQAAIgFBIEYNFCABQQlHDdMBIBBBAWohAQwVCwJAIAEiASACRg0AIAFBAWohAQwXC0EqIRAMtQMLAkAgASIQIAJHDQBBKyEQDLUDCwJAIBAtAAAiAUEJRg0AIAFBIEcN1QELIAAtACxBCEYN0wEgECEBDJEDCwJAIAEiASACRw0AQSwhEAy0AwsgAS0AAEEKRw3VASABQQFqIQEMyQILIAEiDiACRw3VAUEvIRAMsgMLA0ACQCABLQAAIhBBIEYNAAJAIBBBdmoOBADcAdwBANoBCyABIQEM4AELIAFBAWoiASACRw0AC0ExIRAMsQMLQTIhECABIhQgAkYNsAMgAiAUayAAKAIAIgFqIRUgFCABa0EDaiEWAkADQCAULQAAIhdBIHIgFyAXQb9/akH/AXFBGkkbQf8BcSABQfC7gIAAai0AAEcNAQJAIAFBA0cNAEEGIQEMlgMLIAFBAWohASAUQQFqIhQgAkcNAAsgACAVNgIADLEDCyAAQQA2AgAgFCEBDNkBC0EzIRAgASIUIAJGDa8DIAIgFGsgACgCACIBaiEVIBQgAWtBCGohFgJAA0AgFC0AACIXQSByIBcgF0G/f2pB/wFxQRpJG0H/AXEgAUH0u4CAAGotAABHDQECQCABQQhHDQBBBSEBDJUDCyABQQFqIQEgFEEBaiIUIAJHDQALIAAgFTYCAAywAwsgAEEANgIAIBQhAQzYAQtBNCEQIAEiFCACRg2uAyACIBRrIAAoAgAiAWohFSAUIAFrQQVqIRYCQANAIBQtAAAiF0EgciAXIBdBv39qQf8BcUEaSRtB/wFxIAFB0MKAgABqLQAARw0BAkAgAUEFRw0AQQchAQyUAwsgAUEBaiEBIBRBAWoiFCACRw0ACyAAIBU2AgAMrwMLIABBADYCACAUIQEM1wELAkAgASIBIAJGDQADQAJAIAEtAABBgL6AgABqLQAAIhBBAUYNACAQQQJGDQogASEBDN0BCyABQQFqIgEgAkcNAAtBMCEQDK4DC0EwIRAMrQMLAkAgASIBIAJGDQADQAJAIAEtAAAiEEEgRg0AIBBBdmoOBNkB2gHaAdkB2gELIAFBAWoiASACRw0AC0E4IRAMrQMLQTghEAysAwsDQAJAIAEtAAAiEEEgRg0AIBBBCUcNAwsgAUEBaiIBIAJHDQALQTwhEAyrAwsDQAJAIAEtAAAiEEEgRg0AAkACQCAQQXZqDgTaAQEB2gEACyAQQSxGDdsBCyABIQEMBAsgAUEBaiIBIAJHDQALQT8hEAyqAwsgASEBDNsBC0HAACEQIAEiFCACRg2oAyACIBRrIAAoAgAiAWohFiAUIAFrQQZqIRcCQANAIBQtAABBIHIgAUGAwICAAGotAABHDQEgAUEGRg2OAyABQQFqIQEgFEEBaiIUIAJHDQALIAAgFjYCAAypAwsgAEEANgIAIBQhAQtBNiEQDI4DCwJAIAEiDyACRw0AQcEAIRAMpwMLIABBjICAgAA2AgggACAPNgIEIA8hASAALQAsQX9qDgTNAdUB1wHZAYcDCyABQQFqIQEMzAELAkAgASIBIAJGDQADQAJAIAEtAAAiEEEgciAQIBBBv39qQf8BcUEaSRtB/wFxIhBBCUYNACAQQSBGDQACQAJAAkACQCAQQZ1/ag4TAAMDAwMDAwMBAwMDAwMDAwMDAgMLIAFBAWohAUExIRAMkQMLIAFBAWohAUEyIRAMkAMLIAFBAWohAUEzIRAMjwMLIAEhAQzQAQsgAUEBaiIBIAJHDQALQTUhEAylAwtBNSEQDKQDCwJAIAEiASACRg0AA0ACQCABLQAAQYC8gIAAai0AAEEBRg0AIAEhAQzTAQsgAUEBaiIBIAJHDQALQT0hEAykAwtBPSEQDKMDCyAAIAEiASACELCAgIAAIhAN1gEgASEBDAELIBBBAWohAQtBPCEQDIcDCwJAIAEiASACRw0AQcIAIRAMoAMLAkADQAJAIAEtAABBd2oOGAAC/gL+AoQD/gL+Av4C/gL+Av4C/gL+Av4C/gL+Av4C/gL+Av4C/gL+Av4CAP4CCyABQQFqIgEgAkcNAAtBwgAhEAygAwsgAUEBaiEBIAAtAC1BAXFFDb0BIAEhAQtBLCEQDIUDCyABIgEgAkcN0wFBxAAhEAydAwsDQAJAIAEtAABBkMCAgABqLQAAQQFGDQAgASEBDLcCCyABQQFqIgEgAkcNAAtBxQAhEAycAwsgDS0AACIQQSBGDbMBIBBBOkcNgQMgACgCBCEBIABBADYCBCAAIAEgDRCvgICAACIBDdABIA1BAWohAQyzAgtBxwAhECABIg0gAkYNmgMgAiANayAAKAIAIgFqIRYgDSABa0EFaiEXA0AgDS0AACIUQSByIBQgFEG/f2pB/wFxQRpJG0H/AXEgAUGQwoCAAGotAABHDYADIAFBBUYN9AIgAUEBaiEBIA1BAWoiDSACRw0ACyAAIBY2AgAMmgMLQcgAIRAgASINIAJGDZkDIAIgDWsgACgCACIBaiEWIA0gAWtBCWohFwNAIA0tAAAiFEEgciAUIBRBv39qQf8BcUEaSRtB/wFxIAFBlsKAgABqLQAARw3/AgJAIAFBCUcNAEECIQEM9QILIAFBAWohASANQQFqIg0gAkcNAAsgACAWNgIADJkDCwJAIAEiDSACRw0AQckAIRAMmQMLAkACQCANLQAAIgFBIHIgASABQb9/akH/AXFBGkkbQf8BcUGSf2oOBwCAA4ADgAOAA4ADAYADCyANQQFqIQFBPiEQDIADCyANQQFqIQFBPyEQDP8CC0HKACEQIAEiDSACRg2XAyACIA1rIAAoAgAiAWohFiANIAFrQQFqIRcDQCANLQAAIhRBIHIgFCAUQb9/akH/AXFBGkkbQf8BcSABQaDCgIAAai0AAEcN/QIgAUEBRg3wAiABQQFqIQEgDUEBaiINIAJHDQALIAAgFjYCAAyXAwtBywAhECABIg0gAkYNlgMgAiANayAAKAIAIgFqIRYgDSABa0EOaiEXA0AgDS0AACIUQSByIBQgFEG/f2pB/wFxQRpJG0H/AXEgAUGiwoCAAGotAABHDfwCIAFBDkYN8AIgAUEBaiEBIA1BAWoiDSACRw0ACyAAIBY2AgAMlgMLQcwAIRAgASINIAJGDZUDIAIgDWsgACgCACIBaiEWIA0gAWtBD2ohFwNAIA0tAAAiFEEgciAUIBRBv39qQf8BcUEaSRtB/wFxIAFBwMKAgABqLQAARw37AgJAIAFBD0cNAEEDIQEM8QILIAFBAWohASANQQFqIg0gAkcNAAsgACAWNgIADJUDC0HNACEQIAEiDSACRg2UAyACIA1rIAAoAgAiAWohFiANIAFrQQVqIRcDQCANLQAAIhRBIHIgFCAUQb9/akH/AXFBGkkbQf8BcSABQdDCgIAAai0AAEcN+gICQCABQQVHDQBBBCEBDPACCyABQQFqIQEgDUEBaiINIAJHDQALIAAgFjYCAAyUAwsCQCABIg0gAkcNAEHOACEQDJQDCwJAAkACQAJAIA0tAAAiAUEgciABIAFBv39qQf8BcUEaSRtB/wFxQZ1/ag4TAP0C/QL9Av0C/QL9Av0C/QL9Av0C/QL9AgH9Av0C/QICA/0CCyANQQFqIQFBwQAhEAz9AgsgDUEBaiEBQcIAIRAM/AILIA1BAWohAUHDACEQDPsCCyANQQFqIQFBxAAhEAz6AgsCQCABIgEgAkYNACAAQY2AgIAANgIIIAAgATYCBCABIQFBxQAhEAz6AgtBzwAhEAySAwsgECEBAkACQCAQLQAAQXZqDgQBqAKoAgCoAgsgEEEBaiEBC0EnIRAM+AILAkAgASIBIAJHDQBB0QAhEAyRAwsCQCABLQAAQSBGDQAgASEBDI0BCyABQQFqIQEgAC0ALUEBcUUNxwEgASEBDIwBCyABIhcgAkcNyAFB0gAhEAyPAwtB0wAhECABIhQgAkYNjgMgAiAUayAAKAIAIgFqIRYgFCABa0EBaiEXA0AgFC0AACABQdbCgIAAai0AAEcNzAEgAUEBRg3HASABQQFqIQEgFEEBaiIUIAJHDQALIAAgFjYCAAyOAwsCQCABIgEgAkcNAEHVACEQDI4DCyABLQAAQQpHDcwBIAFBAWohAQzHAQsCQCABIgEgAkcNAEHWACEQDI0DCwJAAkAgAS0AAEF2ag4EAM0BzQEBzQELIAFBAWohAQzHAQsgAUEBaiEBQcoAIRAM8wILIAAgASIBIAIQroCAgAAiEA3LASABIQFBzQAhEAzyAgsgAC0AKUEiRg2FAwymAgsCQCABIgEgAkcNAEHbACEQDIoDC0EAIRRBASEXQQEhFkEAIRACQAJAAkACQAJAAkACQAJAAkAgAS0AAEFQag4K1AHTAQABAgMEBQYI1QELQQIhEAwGC0EDIRAMBQtBBCEQDAQLQQUhEAwDC0EGIRAMAgtBByEQDAELQQghEAtBACEXQQAhFkEAIRQMzAELQQkhEEEBIRRBACEXQQAhFgzLAQsCQCABIgEgAkcNAEHdACEQDIkDCyABLQAAQS5HDcwBIAFBAWohAQymAgsgASIBIAJHDcwBQd8AIRAMhwMLAkAgASIBIAJGDQAgAEGOgICAADYCCCAAIAE2AgQgASEBQdAAIRAM7gILQeAAIRAMhgMLQeEAIRAgASIBIAJGDYUDIAIgAWsgACgCACIUaiEWIAEgFGtBA2ohFwNAIAEtAAAgFEHiwoCAAGotAABHDc0BIBRBA0YNzAEgFEEBaiEUIAFBAWoiASACRw0ACyAAIBY2AgAMhQMLQeIAIRAgASIBIAJGDYQDIAIgAWsgACgCACIUaiEWIAEgFGtBAmohFwNAIAEtAAAgFEHmwoCAAGotAABHDcwBIBRBAkYNzgEgFEEBaiEUIAFBAWoiASACRw0ACyAAIBY2AgAMhAMLQeMAIRAgASIBIAJGDYMDIAIgAWsgACgCACIUaiEWIAEgFGtBA2ohFwNAIAEtAAAgFEHpwoCAAGotAABHDcsBIBRBA0YNzgEgFEEBaiEUIAFBAWoiASACRw0ACyAAIBY2AgAMgwMLAkAgASIBIAJHDQBB5QAhEAyDAwsgACABQQFqIgEgAhCogICAACIQDc0BIAEhAUHWACEQDOkCCwJAIAEiASACRg0AA0ACQCABLQAAIhBBIEYNAAJAAkACQCAQQbh/ag4LAAHPAc8BzwHPAc8BzwHPAc8BAs8BCyABQQFqIQFB0gAhEAztAgsgAUEBaiEBQdMAIRAM7AILIAFBAWohAUHUACEQDOsCCyABQQFqIgEgAkcNAAtB5AAhEAyCAwtB5AAhEAyBAwsDQAJAIAEtAABB8MKAgABqLQAAIhBBAUYNACAQQX5qDgPPAdAB0QHSAQsgAUEBaiIBIAJHDQALQeYAIRAMgAMLAkAgASIBIAJGDQAgAUEBaiEBDAMLQecAIRAM/wILA0ACQCABLQAAQfDEgIAAai0AACIQQQFGDQACQCAQQX5qDgTSAdMB1AEA1QELIAEhAUHXACEQDOcCCyABQQFqIgEgAkcNAAtB6AAhEAz+AgsCQCABIgEgAkcNAEHpACEQDP4CCwJAIAEtAAAiEEF2ag4augHVAdUBvAHVAdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHKAdUB1QEA0wELIAFBAWohAQtBBiEQDOMCCwNAAkAgAS0AAEHwxoCAAGotAABBAUYNACABIQEMngILIAFBAWoiASACRw0AC0HqACEQDPsCCwJAIAEiASACRg0AIAFBAWohAQwDC0HrACEQDPoCCwJAIAEiASACRw0AQewAIRAM+gILIAFBAWohAQwBCwJAIAEiASACRw0AQe0AIRAM+QILIAFBAWohAQtBBCEQDN4CCwJAIAEiFCACRw0AQe4AIRAM9wILIBQhAQJAAkACQCAULQAAQfDIgIAAai0AAEF/ag4H1AHVAdYBAJwCAQLXAQsgFEEBaiEBDAoLIBRBAWohAQzNAQtBACEQIABBADYCHCAAQZuSgIAANgIQIABBBzYCDCAAIBRBAWo2AhQM9gILAkADQAJAIAEtAABB8MiAgABqLQAAIhBBBEYNAAJAAkAgEEF/ag4H0gHTAdQB2QEABAHZAQsgASEBQdoAIRAM4AILIAFBAWohAUHcACEQDN8CCyABQQFqIgEgAkcNAAtB7wAhEAz2AgsgAUEBaiEBDMsBCwJAIAEiFCACRw0AQfAAIRAM9QILIBQtAABBL0cN1AEgFEEBaiEBDAYLAkAgASIUIAJHDQBB8QAhEAz0AgsCQCAULQAAIgFBL0cNACAUQQFqIQFB3QAhEAzbAgsgAUF2aiIEQRZLDdMBQQEgBHRBiYCAAnFFDdMBDMoCCwJAIAEiASACRg0AIAFBAWohAUHeACEQDNoCC0HyACEQDPICCwJAIAEiFCACRw0AQfQAIRAM8gILIBQhAQJAIBQtAABB8MyAgABqLQAAQX9qDgPJApQCANQBC0HhACEQDNgCCwJAIAEiFCACRg0AA0ACQCAULQAAQfDKgIAAai0AACIBQQNGDQACQCABQX9qDgLLAgDVAQsgFCEBQd8AIRAM2gILIBRBAWoiFCACRw0AC0HzACEQDPECC0HzACEQDPACCwJAIAEiASACRg0AIABBj4CAgAA2AgggACABNgIEIAEhAUHgACEQDNcCC0H1ACEQDO8CCwJAIAEiASACRw0AQfYAIRAM7wILIABBj4CAgAA2AgggACABNgIEIAEhAQtBAyEQDNQCCwNAIAEtAABBIEcNwwIgAUEBaiIBIAJHDQALQfcAIRAM7AILAkAgASIBIAJHDQBB+AAhEAzsAgsgAS0AAEEgRw3OASABQQFqIQEM7wELIAAgASIBIAIQrICAgAAiEA3OASABIQEMjgILAkAgASIEIAJHDQBB+gAhEAzqAgsgBC0AAEHMAEcN0QEgBEEBaiEBQRMhEAzPAQsCQCABIgQgAkcNAEH7ACEQDOkCCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRADQCAELQAAIAFB8M6AgABqLQAARw3QASABQQVGDc4BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQfsAIRAM6AILAkAgASIEIAJHDQBB/AAhEAzoAgsCQAJAIAQtAABBvX9qDgwA0QHRAdEB0QHRAdEB0QHRAdEB0QEB0QELIARBAWohAUHmACEQDM8CCyAEQQFqIQFB5wAhEAzOAgsCQCABIgQgAkcNAEH9ACEQDOcCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHtz4CAAGotAABHDc8BIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEH9ACEQDOcCCyAAQQA2AgAgEEEBaiEBQRAhEAzMAQsCQCABIgQgAkcNAEH+ACEQDOYCCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRACQANAIAQtAAAgAUH2zoCAAGotAABHDc4BIAFBBUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEH+ACEQDOYCCyAAQQA2AgAgEEEBaiEBQRYhEAzLAQsCQCABIgQgAkcNAEH/ACEQDOUCCyACIARrIAAoAgAiAWohFCAEIAFrQQNqIRACQANAIAQtAAAgAUH8zoCAAGotAABHDc0BIAFBA0YNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEH/ACEQDOUCCyAAQQA2AgAgEEEBaiEBQQUhEAzKAQsCQCABIgQgAkcNAEGAASEQDOQCCyAELQAAQdkARw3LASAEQQFqIQFBCCEQDMkBCwJAIAEiBCACRw0AQYEBIRAM4wILAkACQCAELQAAQbJ/ag4DAMwBAcwBCyAEQQFqIQFB6wAhEAzKAgsgBEEBaiEBQewAIRAMyQILAkAgASIEIAJHDQBBggEhEAziAgsCQAJAIAQtAABBuH9qDggAywHLAcsBywHLAcsBAcsBCyAEQQFqIQFB6gAhEAzJAgsgBEEBaiEBQe0AIRAMyAILAkAgASIEIAJHDQBBgwEhEAzhAgsgAiAEayAAKAIAIgFqIRAgBCABa0ECaiEUAkADQCAELQAAIAFBgM+AgABqLQAARw3JASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBA2AgBBgwEhEAzhAgtBACEQIABBADYCACAUQQFqIQEMxgELAkAgASIEIAJHDQBBhAEhEAzgAgsgAiAEayAAKAIAIgFqIRQgBCABa0EEaiEQAkADQCAELQAAIAFBg8+AgABqLQAARw3IASABQQRGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBhAEhEAzgAgsgAEEANgIAIBBBAWohAUEjIRAMxQELAkAgASIEIAJHDQBBhQEhEAzfAgsCQAJAIAQtAABBtH9qDggAyAHIAcgByAHIAcgBAcgBCyAEQQFqIQFB7wAhEAzGAgsgBEEBaiEBQfAAIRAMxQILAkAgASIEIAJHDQBBhgEhEAzeAgsgBC0AAEHFAEcNxQEgBEEBaiEBDIMCCwJAIAEiBCACRw0AQYcBIRAM3QILIAIgBGsgACgCACIBaiEUIAQgAWtBA2ohEAJAA0AgBC0AACABQYjPgIAAai0AAEcNxQEgAUEDRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQYcBIRAM3QILIABBADYCACAQQQFqIQFBLSEQDMIBCwJAIAEiBCACRw0AQYgBIRAM3AILIAIgBGsgACgCACIBaiEUIAQgAWtBCGohEAJAA0AgBC0AACABQdDPgIAAai0AAEcNxAEgAUEIRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQYgBIRAM3AILIABBADYCACAQQQFqIQFBKSEQDMEBCwJAIAEiASACRw0AQYkBIRAM2wILQQEhECABLQAAQd8ARw3AASABQQFqIQEMgQILAkAgASIEIAJHDQBBigEhEAzaAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQA0AgBC0AACABQYzPgIAAai0AAEcNwQEgAUEBRg2vAiABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGKASEQDNkCCwJAIAEiBCACRw0AQYsBIRAM2QILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQY7PgIAAai0AAEcNwQEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQYsBIRAM2QILIABBADYCACAQQQFqIQFBAiEQDL4BCwJAIAEiBCACRw0AQYwBIRAM2AILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQfDPgIAAai0AAEcNwAEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQYwBIRAM2AILIABBADYCACAQQQFqIQFBHyEQDL0BCwJAIAEiBCACRw0AQY0BIRAM1wILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQfLPgIAAai0AAEcNvwEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQY0BIRAM1wILIABBADYCACAQQQFqIQFBCSEQDLwBCwJAIAEiBCACRw0AQY4BIRAM1gILAkACQCAELQAAQbd/ag4HAL8BvwG/Ab8BvwEBvwELIARBAWohAUH4ACEQDL0CCyAEQQFqIQFB+QAhEAy8AgsCQCABIgQgAkcNAEGPASEQDNUCCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRACQANAIAQtAAAgAUGRz4CAAGotAABHDb0BIAFBBUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGPASEQDNUCCyAAQQA2AgAgEEEBaiEBQRghEAy6AQsCQCABIgQgAkcNAEGQASEQDNQCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUGXz4CAAGotAABHDbwBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGQASEQDNQCCyAAQQA2AgAgEEEBaiEBQRchEAy5AQsCQCABIgQgAkcNAEGRASEQDNMCCyACIARrIAAoAgAiAWohFCAEIAFrQQZqIRACQANAIAQtAAAgAUGaz4CAAGotAABHDbsBIAFBBkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGRASEQDNMCCyAAQQA2AgAgEEEBaiEBQRUhEAy4AQsCQCABIgQgAkcNAEGSASEQDNICCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRACQANAIAQtAAAgAUGhz4CAAGotAABHDboBIAFBBUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGSASEQDNICCyAAQQA2AgAgEEEBaiEBQR4hEAy3AQsCQCABIgQgAkcNAEGTASEQDNECCyAELQAAQcwARw24ASAEQQFqIQFBCiEQDLYBCwJAIAQgAkcNAEGUASEQDNACCwJAAkAgBC0AAEG/f2oODwC5AbkBuQG5AbkBuQG5AbkBuQG5AbkBuQG5AQG5AQsgBEEBaiEBQf4AIRAMtwILIARBAWohAUH/ACEQDLYCCwJAIAQgAkcNAEGVASEQDM8CCwJAAkAgBC0AAEG/f2oOAwC4AQG4AQsgBEEBaiEBQf0AIRAMtgILIARBAWohBEGAASEQDLUCCwJAIAQgAkcNAEGWASEQDM4CCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRACQANAIAQtAAAgAUGnz4CAAGotAABHDbYBIAFBAUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGWASEQDM4CCyAAQQA2AgAgEEEBaiEBQQshEAyzAQsCQCAEIAJHDQBBlwEhEAzNAgsCQAJAAkACQCAELQAAQVNqDiMAuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AQG4AbgBuAG4AbgBArgBuAG4AQO4AQsgBEEBaiEBQfsAIRAMtgILIARBAWohAUH8ACEQDLUCCyAEQQFqIQRBgQEhEAy0AgsgBEEBaiEEQYIBIRAMswILAkAgBCACRw0AQZgBIRAMzAILIAIgBGsgACgCACIBaiEUIAQgAWtBBGohEAJAA0AgBC0AACABQanPgIAAai0AAEcNtAEgAUEERg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZgBIRAMzAILIABBADYCACAQQQFqIQFBGSEQDLEBCwJAIAQgAkcNAEGZASEQDMsCCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRACQANAIAQtAAAgAUGuz4CAAGotAABHDbMBIAFBBUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGZASEQDMsCCyAAQQA2AgAgEEEBaiEBQQYhEAywAQsCQCAEIAJHDQBBmgEhEAzKAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFBtM+AgABqLQAARw2yASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBmgEhEAzKAgsgAEEANgIAIBBBAWohAUEcIRAMrwELAkAgBCACRw0AQZsBIRAMyQILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQbbPgIAAai0AAEcNsQEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZsBIRAMyQILIABBADYCACAQQQFqIQFBJyEQDK4BCwJAIAQgAkcNAEGcASEQDMgCCwJAAkAgBC0AAEGsf2oOAgABsQELIARBAWohBEGGASEQDK8CCyAEQQFqIQRBhwEhEAyuAgsCQCAEIAJHDQBBnQEhEAzHAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFBuM+AgABqLQAARw2vASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBnQEhEAzHAgsgAEEANgIAIBBBAWohAUEmIRAMrAELAkAgBCACRw0AQZ4BIRAMxgILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQbrPgIAAai0AAEcNrgEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZ4BIRAMxgILIABBADYCACAQQQFqIQFBAyEQDKsBCwJAIAQgAkcNAEGfASEQDMUCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHtz4CAAGotAABHDa0BIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGfASEQDMUCCyAAQQA2AgAgEEEBaiEBQQwhEAyqAQsCQCAEIAJHDQBBoAEhEAzEAgsgAiAEayAAKAIAIgFqIRQgBCABa0EDaiEQAkADQCAELQAAIAFBvM+AgABqLQAARw2sASABQQNGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBoAEhEAzEAgsgAEEANgIAIBBBAWohAUENIRAMqQELAkAgBCACRw0AQaEBIRAMwwILAkACQCAELQAAQbp/ag4LAKwBrAGsAawBrAGsAawBrAGsAQGsAQsgBEEBaiEEQYsBIRAMqgILIARBAWohBEGMASEQDKkCCwJAIAQgAkcNAEGiASEQDMICCyAELQAAQdAARw2pASAEQQFqIQQM6QELAkAgBCACRw0AQaMBIRAMwQILAkACQCAELQAAQbd/ag4HAaoBqgGqAaoBqgEAqgELIARBAWohBEGOASEQDKgCCyAEQQFqIQFBIiEQDKYBCwJAIAQgAkcNAEGkASEQDMACCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRACQANAIAQtAAAgAUHAz4CAAGotAABHDagBIAFBAUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGkASEQDMACCyAAQQA2AgAgEEEBaiEBQR0hEAylAQsCQCAEIAJHDQBBpQEhEAy/AgsCQAJAIAQtAABBrn9qDgMAqAEBqAELIARBAWohBEGQASEQDKYCCyAEQQFqIQFBBCEQDKQBCwJAIAQgAkcNAEGmASEQDL4CCwJAAkACQAJAAkAgBC0AAEG/f2oOFQCqAaoBqgGqAaoBqgGqAaoBqgGqAQGqAaoBAqoBqgEDqgGqAQSqAQsgBEEBaiEEQYgBIRAMqAILIARBAWohBEGJASEQDKcCCyAEQQFqIQRBigEhEAymAgsgBEEBaiEEQY8BIRAMpQILIARBAWohBEGRASEQDKQCCwJAIAQgAkcNAEGnASEQDL0CCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHtz4CAAGotAABHDaUBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGnASEQDL0CCyAAQQA2AgAgEEEBaiEBQREhEAyiAQsCQCAEIAJHDQBBqAEhEAy8AgsgAiAEayAAKAIAIgFqIRQgBCABa0ECaiEQAkADQCAELQAAIAFBws+AgABqLQAARw2kASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBqAEhEAy8AgsgAEEANgIAIBBBAWohAUEsIRAMoQELAkAgBCACRw0AQakBIRAMuwILIAIgBGsgACgCACIBaiEUIAQgAWtBBGohEAJAA0AgBC0AACABQcXPgIAAai0AAEcNowEgAUEERg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQakBIRAMuwILIABBADYCACAQQQFqIQFBKyEQDKABCwJAIAQgAkcNAEGqASEQDLoCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHKz4CAAGotAABHDaIBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGqASEQDLoCCyAAQQA2AgAgEEEBaiEBQRQhEAyfAQsCQCAEIAJHDQBBqwEhEAy5AgsCQAJAAkACQCAELQAAQb5/ag4PAAECpAGkAaQBpAGkAaQBpAGkAaQBpAGkAQOkAQsgBEEBaiEEQZMBIRAMogILIARBAWohBEGUASEQDKECCyAEQQFqIQRBlQEhEAygAgsgBEEBaiEEQZYBIRAMnwILAkAgBCACRw0AQawBIRAMuAILIAQtAABBxQBHDZ8BIARBAWohBAzgAQsCQCAEIAJHDQBBrQEhEAy3AgsgAiAEayAAKAIAIgFqIRQgBCABa0ECaiEQAkADQCAELQAAIAFBzc+AgABqLQAARw2fASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBrQEhEAy3AgsgAEEANgIAIBBBAWohAUEOIRAMnAELAkAgBCACRw0AQa4BIRAMtgILIAQtAABB0ABHDZ0BIARBAWohAUElIRAMmwELAkAgBCACRw0AQa8BIRAMtQILIAIgBGsgACgCACIBaiEUIAQgAWtBCGohEAJAA0AgBC0AACABQdDPgIAAai0AAEcNnQEgAUEIRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQa8BIRAMtQILIABBADYCACAQQQFqIQFBKiEQDJoBCwJAIAQgAkcNAEGwASEQDLQCCwJAAkAgBC0AAEGrf2oOCwCdAZ0BnQGdAZ0BnQGdAZ0BnQEBnQELIARBAWohBEGaASEQDJsCCyAEQQFqIQRBmwEhEAyaAgsCQCAEIAJHDQBBsQEhEAyzAgsCQAJAIAQtAABBv39qDhQAnAGcAZwBnAGcAZwBnAGcAZwBnAGcAZwBnAGcAZwBnAGcAZwBAZwBCyAEQQFqIQRBmQEhEAyaAgsgBEEBaiEEQZwBIRAMmQILAkAgBCACRw0AQbIBIRAMsgILIAIgBGsgACgCACIBaiEUIAQgAWtBA2ohEAJAA0AgBC0AACABQdnPgIAAai0AAEcNmgEgAUEDRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQbIBIRAMsgILIABBADYCACAQQQFqIQFBISEQDJcBCwJAIAQgAkcNAEGzASEQDLECCyACIARrIAAoAgAiAWohFCAEIAFrQQZqIRACQANAIAQtAAAgAUHdz4CAAGotAABHDZkBIAFBBkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGzASEQDLECCyAAQQA2AgAgEEEBaiEBQRohEAyWAQsCQCAEIAJHDQBBtAEhEAywAgsCQAJAAkAgBC0AAEG7f2oOEQCaAZoBmgGaAZoBmgGaAZoBmgEBmgGaAZoBmgGaAQKaAQsgBEEBaiEEQZ0BIRAMmAILIARBAWohBEGeASEQDJcCCyAEQQFqIQRBnwEhEAyWAgsCQCAEIAJHDQBBtQEhEAyvAgsgAiAEayAAKAIAIgFqIRQgBCABa0EFaiEQAkADQCAELQAAIAFB5M+AgABqLQAARw2XASABQQVGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBtQEhEAyvAgsgAEEANgIAIBBBAWohAUEoIRAMlAELAkAgBCACRw0AQbYBIRAMrgILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQerPgIAAai0AAEcNlgEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQbYBIRAMrgILIABBADYCACAQQQFqIQFBByEQDJMBCwJAIAQgAkcNAEG3ASEQDK0CCwJAAkAgBC0AAEG7f2oODgCWAZYBlgGWAZYBlgGWAZYBlgGWAZYBlgEBlgELIARBAWohBEGhASEQDJQCCyAEQQFqIQRBogEhEAyTAgsCQCAEIAJHDQBBuAEhEAysAgsgAiAEayAAKAIAIgFqIRQgBCABa0ECaiEQAkADQCAELQAAIAFB7c+AgABqLQAARw2UASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBuAEhEAysAgsgAEEANgIAIBBBAWohAUESIRAMkQELAkAgBCACRw0AQbkBIRAMqwILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQfDPgIAAai0AAEcNkwEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQbkBIRAMqwILIABBADYCACAQQQFqIQFBICEQDJABCwJAIAQgAkcNAEG6ASEQDKoCCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRACQANAIAQtAAAgAUHyz4CAAGotAABHDZIBIAFBAUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEG6ASEQDKoCCyAAQQA2AgAgEEEBaiEBQQ8hEAyPAQsCQCAEIAJHDQBBuwEhEAypAgsCQAJAIAQtAABBt39qDgcAkgGSAZIBkgGSAQGSAQsgBEEBaiEEQaUBIRAMkAILIARBAWohBEGmASEQDI8CCwJAIAQgAkcNAEG8ASEQDKgCCyACIARrIAAoAgAiAWohFCAEIAFrQQdqIRACQANAIAQtAAAgAUH0z4CAAGotAABHDZABIAFBB0YNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEG8ASEQDKgCCyAAQQA2AgAgEEEBaiEBQRshEAyNAQsCQCAEIAJHDQBBvQEhEAynAgsCQAJAAkAgBC0AAEG+f2oOEgCRAZEBkQGRAZEBkQGRAZEBkQEBkQGRAZEBkQGRAZEBApEBCyAEQQFqIQRBpAEhEAyPAgsgBEEBaiEEQacBIRAMjgILIARBAWohBEGoASEQDI0CCwJAIAQgAkcNAEG+ASEQDKYCCyAELQAAQc4ARw2NASAEQQFqIQQMzwELAkAgBCACRw0AQb8BIRAMpQILAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkAgBC0AAEG/f2oOFQABAgOcAQQFBpwBnAGcAQcICQoLnAEMDQ4PnAELIARBAWohAUHoACEQDJoCCyAEQQFqIQFB6QAhEAyZAgsgBEEBaiEBQe4AIRAMmAILIARBAWohAUHyACEQDJcCCyAEQQFqIQFB8wAhEAyWAgsgBEEBaiEBQfYAIRAMlQILIARBAWohAUH3ACEQDJQCCyAEQQFqIQFB+gAhEAyTAgsgBEEBaiEEQYMBIRAMkgILIARBAWohBEGEASEQDJECCyAEQQFqIQRBhQEhEAyQAgsgBEEBaiEEQZIBIRAMjwILIARBAWohBEGYASEQDI4CCyAEQQFqIQRBoAEhEAyNAgsgBEEBaiEEQaMBIRAMjAILIARBAWohBEGqASEQDIsCCwJAIAQgAkYNACAAQZCAgIAANgIIIAAgBDYCBEGrASEQDIsCC0HAASEQDKMCCyAAIAUgAhCqgICAACIBDYsBIAUhAQxcCwJAIAYgAkYNACAGQQFqIQUMjQELQcIBIRAMoQILA0ACQCAQLQAAQXZqDgSMAQAAjwEACyAQQQFqIhAgAkcNAAtBwwEhEAygAgsCQCAHIAJGDQAgAEGRgICAADYCCCAAIAc2AgQgByEBQQEhEAyHAgtBxAEhEAyfAgsCQCAHIAJHDQBBxQEhEAyfAgsCQAJAIActAABBdmoOBAHOAc4BAM4BCyAHQQFqIQYMjQELIAdBAWohBQyJAQsCQCAHIAJHDQBBxgEhEAyeAgsCQAJAIActAABBdmoOFwGPAY8BAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAQCPAQsgB0EBaiEHC0GwASEQDIQCCwJAIAggAkcNAEHIASEQDJ0CCyAILQAAQSBHDY0BIABBADsBMiAIQQFqIQFBswEhEAyDAgsgASEXAkADQCAXIgcgAkYNASAHLQAAQVBqQf8BcSIQQQpPDcwBAkAgAC8BMiIUQZkzSw0AIAAgFEEKbCIUOwEyIBBB//8DcyAUQf7/A3FJDQAgB0EBaiEXIAAgFCAQaiIQOwEyIBBB//8DcUHoB0kNAQsLQQAhECAAQQA2AhwgAEHBiYCAADYCECAAQQ02AgwgACAHQQFqNgIUDJwCC0HHASEQDJsCCyAAIAggAhCugICAACIQRQ3KASAQQRVHDYwBIABByAE2AhwgACAINgIUIABByZeAgAA2AhAgAEEVNgIMQQAhEAyaAgsCQCAJIAJHDQBBzAEhEAyaAgtBACEUQQEhF0EBIRZBACEQAkACQAJAAkACQAJAAkACQAJAIAktAABBUGoOCpYBlQEAAQIDBAUGCJcBC0ECIRAMBgtBAyEQDAULQQQhEAwEC0EFIRAMAwtBBiEQDAILQQchEAwBC0EIIRALQQAhF0EAIRZBACEUDI4BC0EJIRBBASEUQQAhF0EAIRYMjQELAkAgCiACRw0AQc4BIRAMmQILIAotAABBLkcNjgEgCkEBaiEJDMoBCyALIAJHDY4BQdABIRAMlwILAkAgCyACRg0AIABBjoCAgAA2AgggACALNgIEQbcBIRAM/gELQdEBIRAMlgILAkAgBCACRw0AQdIBIRAMlgILIAIgBGsgACgCACIQaiEUIAQgEGtBBGohCwNAIAQtAAAgEEH8z4CAAGotAABHDY4BIBBBBEYN6QEgEEEBaiEQIARBAWoiBCACRw0ACyAAIBQ2AgBB0gEhEAyVAgsgACAMIAIQrICAgAAiAQ2NASAMIQEMuAELAkAgBCACRw0AQdQBIRAMlAILIAIgBGsgACgCACIQaiEUIAQgEGtBAWohDANAIAQtAAAgEEGB0ICAAGotAABHDY8BIBBBAUYNjgEgEEEBaiEQIARBAWoiBCACRw0ACyAAIBQ2AgBB1AEhEAyTAgsCQCAEIAJHDQBB1gEhEAyTAgsgAiAEayAAKAIAIhBqIRQgBCAQa0ECaiELA0AgBC0AACAQQYPQgIAAai0AAEcNjgEgEEECRg2QASAQQQFqIRAgBEEBaiIEIAJHDQALIAAgFDYCAEHWASEQDJICCwJAIAQgAkcNAEHXASEQDJICCwJAAkAgBC0AAEG7f2oOEACPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BAY8BCyAEQQFqIQRBuwEhEAz5AQsgBEEBaiEEQbwBIRAM+AELAkAgBCACRw0AQdgBIRAMkQILIAQtAABByABHDYwBIARBAWohBAzEAQsCQCAEIAJGDQAgAEGQgICAADYCCCAAIAQ2AgRBvgEhEAz3AQtB2QEhEAyPAgsCQCAEIAJHDQBB2gEhEAyPAgsgBC0AAEHIAEYNwwEgAEEBOgAoDLkBCyAAQQI6AC8gACAEIAIQpoCAgAAiEA2NAUHCASEQDPQBCyAALQAoQX9qDgK3AbkBuAELA0ACQCAELQAAQXZqDgQAjgGOAQCOAQsgBEEBaiIEIAJHDQALQd0BIRAMiwILIABBADoALyAALQAtQQRxRQ2EAgsgAEEAOgAvIABBAToANCABIQEMjAELIBBBFUYN2gEgAEEANgIcIAAgATYCFCAAQaeOgIAANgIQIABBEjYCDEEAIRAMiAILAkAgACAQIAIQtICAgAAiBA0AIBAhAQyBAgsCQCAEQRVHDQAgAEEDNgIcIAAgEDYCFCAAQbCYgIAANgIQIABBFTYCDEEAIRAMiAILIABBADYCHCAAIBA2AhQgAEGnjoCAADYCECAAQRI2AgxBACEQDIcCCyAQQRVGDdYBIABBADYCHCAAIAE2AhQgAEHajYCAADYCECAAQRQ2AgxBACEQDIYCCyAAKAIEIRcgAEEANgIEIBAgEadqIhYhASAAIBcgECAWIBQbIhAQtYCAgAAiFEUNjQEgAEEHNgIcIAAgEDYCFCAAIBQ2AgxBACEQDIUCCyAAIAAvATBBgAFyOwEwIAEhAQtBKiEQDOoBCyAQQRVGDdEBIABBADYCHCAAIAE2AhQgAEGDjICAADYCECAAQRM2AgxBACEQDIICCyAQQRVGDc8BIABBADYCHCAAIAE2AhQgAEGaj4CAADYCECAAQSI2AgxBACEQDIECCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQt4CAgAAiEA0AIAFBAWohAQyNAQsgAEEMNgIcIAAgEDYCDCAAIAFBAWo2AhRBACEQDIACCyAQQRVGDcwBIABBADYCHCAAIAE2AhQgAEGaj4CAADYCECAAQSI2AgxBACEQDP8BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQt4CAgAAiEA0AIAFBAWohAQyMAQsgAEENNgIcIAAgEDYCDCAAIAFBAWo2AhRBACEQDP4BCyAQQRVGDckBIABBADYCHCAAIAE2AhQgAEHGjICAADYCECAAQSM2AgxBACEQDP0BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQuYCAgAAiEA0AIAFBAWohAQyLAQsgAEEONgIcIAAgEDYCDCAAIAFBAWo2AhRBACEQDPwBCyAAQQA2AhwgACABNgIUIABBwJWAgAA2AhAgAEECNgIMQQAhEAz7AQsgEEEVRg3FASAAQQA2AhwgACABNgIUIABBxoyAgAA2AhAgAEEjNgIMQQAhEAz6AQsgAEEQNgIcIAAgATYCFCAAIBA2AgxBACEQDPkBCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQuYCAgAAiBA0AIAFBAWohAQzxAQsgAEERNgIcIAAgBDYCDCAAIAFBAWo2AhRBACEQDPgBCyAQQRVGDcEBIABBADYCHCAAIAE2AhQgAEHGjICAADYCECAAQSM2AgxBACEQDPcBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQuYCAgAAiEA0AIAFBAWohAQyIAQsgAEETNgIcIAAgEDYCDCAAIAFBAWo2AhRBACEQDPYBCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQuYCAgAAiBA0AIAFBAWohAQztAQsgAEEUNgIcIAAgBDYCDCAAIAFBAWo2AhRBACEQDPUBCyAQQRVGDb0BIABBADYCHCAAIAE2AhQgAEGaj4CAADYCECAAQSI2AgxBACEQDPQBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQt4CAgAAiEA0AIAFBAWohAQyGAQsgAEEWNgIcIAAgEDYCDCAAIAFBAWo2AhRBACEQDPMBCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQt4CAgAAiBA0AIAFBAWohAQzpAQsgAEEXNgIcIAAgBDYCDCAAIAFBAWo2AhRBACEQDPIBCyAAQQA2AhwgACABNgIUIABBzZOAgAA2AhAgAEEMNgIMQQAhEAzxAQtCASERCyAQQQFqIQECQCAAKQMgIhJC//////////8PVg0AIAAgEkIEhiARhDcDICABIQEMhAELIABBADYCHCAAIAE2AhQgAEGtiYCAADYCECAAQQw2AgxBACEQDO8BCyAAQQA2AhwgACAQNgIUIABBzZOAgAA2AhAgAEEMNgIMQQAhEAzuAQsgACgCBCEXIABBADYCBCAQIBGnaiIWIQEgACAXIBAgFiAUGyIQELWAgIAAIhRFDXMgAEEFNgIcIAAgEDYCFCAAIBQ2AgxBACEQDO0BCyAAQQA2AhwgACAQNgIUIABBqpyAgAA2AhAgAEEPNgIMQQAhEAzsAQsgACAQIAIQtICAgAAiAQ0BIBAhAQtBDiEQDNEBCwJAIAFBFUcNACAAQQI2AhwgACAQNgIUIABBsJiAgAA2AhAgAEEVNgIMQQAhEAzqAQsgAEEANgIcIAAgEDYCFCAAQaeOgIAANgIQIABBEjYCDEEAIRAM6QELIAFBAWohEAJAIAAvATAiAUGAAXFFDQACQCAAIBAgAhC7gICAACIBDQAgECEBDHALIAFBFUcNugEgAEEFNgIcIAAgEDYCFCAAQfmXgIAANgIQIABBFTYCDEEAIRAM6QELAkAgAUGgBHFBoARHDQAgAC0ALUECcQ0AIABBADYCHCAAIBA2AhQgAEGWk4CAADYCECAAQQQ2AgxBACEQDOkBCyAAIBAgAhC9gICAABogECEBAkACQAJAAkACQCAAIBAgAhCzgICAAA4WAgEABAQEBAQEBAQEBAQEBAQEBAQEAwQLIABBAToALgsgACAALwEwQcAAcjsBMCAQIQELQSYhEAzRAQsgAEEjNgIcIAAgEDYCFCAAQaWWgIAANgIQIABBFTYCDEEAIRAM6QELIABBADYCHCAAIBA2AhQgAEHVi4CAADYCECAAQRE2AgxBACEQDOgBCyAALQAtQQFxRQ0BQcMBIRAMzgELAkAgDSACRg0AA0ACQCANLQAAQSBGDQAgDSEBDMQBCyANQQFqIg0gAkcNAAtBJSEQDOcBC0ElIRAM5gELIAAoAgQhBCAAQQA2AgQgACAEIA0Qr4CAgAAiBEUNrQEgAEEmNgIcIAAgBDYCDCAAIA1BAWo2AhRBACEQDOUBCyAQQRVGDasBIABBADYCHCAAIAE2AhQgAEH9jYCAADYCECAAQR02AgxBACEQDOQBCyAAQSc2AhwgACABNgIUIAAgEDYCDEEAIRAM4wELIBAhAUEBIRQCQAJAAkACQAJAAkACQCAALQAsQX5qDgcGBQUDAQIABQsgACAALwEwQQhyOwEwDAMLQQIhFAwBC0EEIRQLIABBAToALCAAIAAvATAgFHI7ATALIBAhAQtBKyEQDMoBCyAAQQA2AhwgACAQNgIUIABBq5KAgAA2AhAgAEELNgIMQQAhEAziAQsgAEEANgIcIAAgATYCFCAAQeGPgIAANgIQIABBCjYCDEEAIRAM4QELIABBADoALCAQIQEMvQELIBAhAUEBIRQCQAJAAkACQAJAIAAtACxBe2oOBAMBAgAFCyAAIAAvATBBCHI7ATAMAwtBAiEUDAELQQQhFAsgAEEBOgAsIAAgAC8BMCAUcjsBMAsgECEBC0EpIRAMxQELIABBADYCHCAAIAE2AhQgAEHwlICAADYCECAAQQM2AgxBACEQDN0BCwJAIA4tAABBDUcNACAAKAIEIQEgAEEANgIEAkAgACABIA4QsYCAgAAiAQ0AIA5BAWohAQx1CyAAQSw2AhwgACABNgIMIAAgDkEBajYCFEEAIRAM3QELIAAtAC1BAXFFDQFBxAEhEAzDAQsCQCAOIAJHDQBBLSEQDNwBCwJAAkADQAJAIA4tAABBdmoOBAIAAAMACyAOQQFqIg4gAkcNAAtBLSEQDN0BCyAAKAIEIQEgAEEANgIEAkAgACABIA4QsYCAgAAiAQ0AIA4hAQx0CyAAQSw2AhwgACAONgIUIAAgATYCDEEAIRAM3AELIAAoAgQhASAAQQA2AgQCQCAAIAEgDhCxgICAACIBDQAgDkEBaiEBDHMLIABBLDYCHCAAIAE2AgwgACAOQQFqNgIUQQAhEAzbAQsgACgCBCEEIABBADYCBCAAIAQgDhCxgICAACIEDaABIA4hAQzOAQsgEEEsRw0BIAFBAWohEEEBIQECQAJAAkACQAJAIAAtACxBe2oOBAMBAgQACyAQIQEMBAtBAiEBDAELQQQhAQsgAEEBOgAsIAAgAC8BMCABcjsBMCAQIQEMAQsgACAALwEwQQhyOwEwIBAhAQtBOSEQDL8BCyAAQQA6ACwgASEBC0E0IRAMvQELIAAgAC8BMEEgcjsBMCABIQEMAgsgACgCBCEEIABBADYCBAJAIAAgBCABELGAgIAAIgQNACABIQEMxwELIABBNzYCHCAAIAE2AhQgACAENgIMQQAhEAzUAQsgAEEIOgAsIAEhAQtBMCEQDLkBCwJAIAAtAChBAUYNACABIQEMBAsgAC0ALUEIcUUNkwEgASEBDAMLIAAtADBBIHENlAFBxQEhEAy3AQsCQCAPIAJGDQACQANAAkAgDy0AAEFQaiIBQf8BcUEKSQ0AIA8hAUE1IRAMugELIAApAyAiEUKZs+bMmbPmzBlWDQEgACARQgp+IhE3AyAgESABrUL/AYMiEkJ/hVYNASAAIBEgEnw3AyAgD0EBaiIPIAJHDQALQTkhEAzRAQsgACgCBCECIABBADYCBCAAIAIgD0EBaiIEELGAgIAAIgINlQEgBCEBDMMBC0E5IRAMzwELAkAgAC8BMCIBQQhxRQ0AIAAtAChBAUcNACAALQAtQQhxRQ2QAQsgACABQff7A3FBgARyOwEwIA8hAQtBNyEQDLQBCyAAIAAvATBBEHI7ATAMqwELIBBBFUYNiwEgAEEANgIcIAAgATYCFCAAQfCOgIAANgIQIABBHDYCDEEAIRAMywELIABBwwA2AhwgACABNgIMIAAgDUEBajYCFEEAIRAMygELAkAgAS0AAEE6Rw0AIAAoAgQhECAAQQA2AgQCQCAAIBAgARCvgICAACIQDQAgAUEBaiEBDGMLIABBwwA2AhwgACAQNgIMIAAgAUEBajYCFEEAIRAMygELIABBADYCHCAAIAE2AhQgAEGxkYCAADYCECAAQQo2AgxBACEQDMkBCyAAQQA2AhwgACABNgIUIABBoJmAgAA2AhAgAEEeNgIMQQAhEAzIAQsgAEEANgIACyAAQYASOwEqIAAgF0EBaiIBIAIQqICAgAAiEA0BIAEhAQtBxwAhEAysAQsgEEEVRw2DASAAQdEANgIcIAAgATYCFCAAQeOXgIAANgIQIABBFTYCDEEAIRAMxAELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDF4LIABB0gA2AhwgACABNgIUIAAgEDYCDEEAIRAMwwELIABBADYCHCAAIBQ2AhQgAEHBqICAADYCECAAQQc2AgwgAEEANgIAQQAhEAzCAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMXQsgAEHTADYCHCAAIAE2AhQgACAQNgIMQQAhEAzBAQtBACEQIABBADYCHCAAIAE2AhQgAEGAkYCAADYCECAAQQk2AgwMwAELIBBBFUYNfSAAQQA2AhwgACABNgIUIABBlI2AgAA2AhAgAEEhNgIMQQAhEAy/AQtBASEWQQAhF0EAIRRBASEQCyAAIBA6ACsgAUEBaiEBAkACQCAALQAtQRBxDQACQAJAAkAgAC0AKg4DAQACBAsgFkUNAwwCCyAUDQEMAgsgF0UNAQsgACgCBCEQIABBADYCBAJAIAAgECABEK2AgIAAIhANACABIQEMXAsgAEHYADYCHCAAIAE2AhQgACAQNgIMQQAhEAy+AQsgACgCBCEEIABBADYCBAJAIAAgBCABEK2AgIAAIgQNACABIQEMrQELIABB2QA2AhwgACABNgIUIAAgBDYCDEEAIRAMvQELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARCtgICAACIEDQAgASEBDKsBCyAAQdoANgIcIAAgATYCFCAAIAQ2AgxBACEQDLwBCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQrYCAgAAiBA0AIAEhAQypAQsgAEHcADYCHCAAIAE2AhQgACAENgIMQQAhEAy7AQsCQCABLQAAQVBqIhBB/wFxQQpPDQAgACAQOgAqIAFBAWohAUHPACEQDKIBCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQrYCAgAAiBA0AIAEhAQynAQsgAEHeADYCHCAAIAE2AhQgACAENgIMQQAhEAy6AQsgAEEANgIAIBdBAWohAQJAIAAtAClBI08NACABIQEMWQsgAEEANgIcIAAgATYCFCAAQdOJgIAANgIQIABBCDYCDEEAIRAMuQELIABBADYCAAtBACEQIABBADYCHCAAIAE2AhQgAEGQs4CAADYCECAAQQg2AgwMtwELIABBADYCACAXQQFqIQECQCAALQApQSFHDQAgASEBDFYLIABBADYCHCAAIAE2AhQgAEGbioCAADYCECAAQQg2AgxBACEQDLYBCyAAQQA2AgAgF0EBaiEBAkAgAC0AKSIQQV1qQQtPDQAgASEBDFULAkAgEEEGSw0AQQEgEHRBygBxRQ0AIAEhAQxVC0EAIRAgAEEANgIcIAAgATYCFCAAQfeJgIAANgIQIABBCDYCDAy1AQsgEEEVRg1xIABBADYCHCAAIAE2AhQgAEG5jYCAADYCECAAQRo2AgxBACEQDLQBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxUCyAAQeUANgIcIAAgATYCFCAAIBA2AgxBACEQDLMBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxNCyAAQdIANgIcIAAgATYCFCAAIBA2AgxBACEQDLIBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxNCyAAQdMANgIcIAAgATYCFCAAIBA2AgxBACEQDLEBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxRCyAAQeUANgIcIAAgATYCFCAAIBA2AgxBACEQDLABCyAAQQA2AhwgACABNgIUIABBxoqAgAA2AhAgAEEHNgIMQQAhEAyvAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMSQsgAEHSADYCHCAAIAE2AhQgACAQNgIMQQAhEAyuAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMSQsgAEHTADYCHCAAIAE2AhQgACAQNgIMQQAhEAytAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMTQsgAEHlADYCHCAAIAE2AhQgACAQNgIMQQAhEAysAQsgAEEANgIcIAAgATYCFCAAQdyIgIAANgIQIABBBzYCDEEAIRAMqwELIBBBP0cNASABQQFqIQELQQUhEAyQAQtBACEQIABBADYCHCAAIAE2AhQgAEH9koCAADYCECAAQQc2AgwMqAELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDEILIABB0gA2AhwgACABNgIUIAAgEDYCDEEAIRAMpwELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDEILIABB0wA2AhwgACABNgIUIAAgEDYCDEEAIRAMpgELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDEYLIABB5QA2AhwgACABNgIUIAAgEDYCDEEAIRAMpQELIAAoAgQhASAAQQA2AgQCQCAAIAEgFBCngICAACIBDQAgFCEBDD8LIABB0gA2AhwgACAUNgIUIAAgATYCDEEAIRAMpAELIAAoAgQhASAAQQA2AgQCQCAAIAEgFBCngICAACIBDQAgFCEBDD8LIABB0wA2AhwgACAUNgIUIAAgATYCDEEAIRAMowELIAAoAgQhASAAQQA2AgQCQCAAIAEgFBCngICAACIBDQAgFCEBDEMLIABB5QA2AhwgACAUNgIUIAAgATYCDEEAIRAMogELIABBADYCHCAAIBQ2AhQgAEHDj4CAADYCECAAQQc2AgxBACEQDKEBCyAAQQA2AhwgACABNgIUIABBw4+AgAA2AhAgAEEHNgIMQQAhEAygAQtBACEQIABBADYCHCAAIBQ2AhQgAEGMnICAADYCECAAQQc2AgwMnwELIABBADYCHCAAIBQ2AhQgAEGMnICAADYCECAAQQc2AgxBACEQDJ4BCyAAQQA2AhwgACAUNgIUIABB/pGAgAA2AhAgAEEHNgIMQQAhEAydAQsgAEEANgIcIAAgATYCFCAAQY6bgIAANgIQIABBBjYCDEEAIRAMnAELIBBBFUYNVyAAQQA2AhwgACABNgIUIABBzI6AgAA2AhAgAEEgNgIMQQAhEAybAQsgAEEANgIAIBBBAWohAUEkIRALIAAgEDoAKSAAKAIEIRAgAEEANgIEIAAgECABEKuAgIAAIhANVCABIQEMPgsgAEEANgIAC0EAIRAgAEEANgIcIAAgBDYCFCAAQfGbgIAANgIQIABBBjYCDAyXAQsgAUEVRg1QIABBADYCHCAAIAU2AhQgAEHwjICAADYCECAAQRs2AgxBACEQDJYBCyAAKAIEIQUgAEEANgIEIAAgBSAQEKmAgIAAIgUNASAQQQFqIQULQa0BIRAMewsgAEHBATYCHCAAIAU2AgwgACAQQQFqNgIUQQAhEAyTAQsgACgCBCEGIABBADYCBCAAIAYgEBCpgICAACIGDQEgEEEBaiEGC0GuASEQDHgLIABBwgE2AhwgACAGNgIMIAAgEEEBajYCFEEAIRAMkAELIABBADYCHCAAIAc2AhQgAEGXi4CAADYCECAAQQ02AgxBACEQDI8BCyAAQQA2AhwgACAINgIUIABB45CAgAA2AhAgAEEJNgIMQQAhEAyOAQsgAEEANgIcIAAgCDYCFCAAQZSNgIAANgIQIABBITYCDEEAIRAMjQELQQEhFkEAIRdBACEUQQEhEAsgACAQOgArIAlBAWohCAJAAkAgAC0ALUEQcQ0AAkACQAJAIAAtACoOAwEAAgQLIBZFDQMMAgsgFA0BDAILIBdFDQELIAAoAgQhECAAQQA2AgQgACAQIAgQrYCAgAAiEEUNPSAAQckBNgIcIAAgCDYCFCAAIBA2AgxBACEQDIwBCyAAKAIEIQQgAEEANgIEIAAgBCAIEK2AgIAAIgRFDXYgAEHKATYCHCAAIAg2AhQgACAENgIMQQAhEAyLAQsgACgCBCEEIABBADYCBCAAIAQgCRCtgICAACIERQ10IABBywE2AhwgACAJNgIUIAAgBDYCDEEAIRAMigELIAAoAgQhBCAAQQA2AgQgACAEIAoQrYCAgAAiBEUNciAAQc0BNgIcIAAgCjYCFCAAIAQ2AgxBACEQDIkBCwJAIAstAABBUGoiEEH/AXFBCk8NACAAIBA6ACogC0EBaiEKQbYBIRAMcAsgACgCBCEEIABBADYCBCAAIAQgCxCtgICAACIERQ1wIABBzwE2AhwgACALNgIUIAAgBDYCDEEAIRAMiAELIABBADYCHCAAIAQ2AhQgAEGQs4CAADYCECAAQQg2AgwgAEEANgIAQQAhEAyHAQsgAUEVRg0/IABBADYCHCAAIAw2AhQgAEHMjoCAADYCECAAQSA2AgxBACEQDIYBCyAAQYEEOwEoIAAoAgQhECAAQgA3AwAgACAQIAxBAWoiDBCrgICAACIQRQ04IABB0wE2AhwgACAMNgIUIAAgEDYCDEEAIRAMhQELIABBADYCAAtBACEQIABBADYCHCAAIAQ2AhQgAEHYm4CAADYCECAAQQg2AgwMgwELIAAoAgQhECAAQgA3AwAgACAQIAtBAWoiCxCrgICAACIQDQFBxgEhEAxpCyAAQQI6ACgMVQsgAEHVATYCHCAAIAs2AhQgACAQNgIMQQAhEAyAAQsgEEEVRg03IABBADYCHCAAIAQ2AhQgAEGkjICAADYCECAAQRA2AgxBACEQDH8LIAAtADRBAUcNNCAAIAQgAhC8gICAACIQRQ00IBBBFUcNNSAAQdwBNgIcIAAgBDYCFCAAQdWWgIAANgIQIABBFTYCDEEAIRAMfgtBACEQIABBADYCHCAAQa+LgIAANgIQIABBAjYCDCAAIBRBAWo2AhQMfQtBACEQDGMLQQIhEAxiC0ENIRAMYQtBDyEQDGALQSUhEAxfC0ETIRAMXgtBFSEQDF0LQRYhEAxcC0EXIRAMWwtBGCEQDFoLQRkhEAxZC0EaIRAMWAtBGyEQDFcLQRwhEAxWC0EdIRAMVQtBHyEQDFQLQSEhEAxTC0EjIRAMUgtBxgAhEAxRC0EuIRAMUAtBLyEQDE8LQTshEAxOC0E9IRAMTQtByAAhEAxMC0HJACEQDEsLQcsAIRAMSgtBzAAhEAxJC0HOACEQDEgLQdEAIRAMRwtB1QAhEAxGC0HYACEQDEULQdkAIRAMRAtB2wAhEAxDC0HkACEQDEILQeUAIRAMQQtB8QAhEAxAC0H0ACEQDD8LQY0BIRAMPgtBlwEhEAw9C0GpASEQDDwLQawBIRAMOwtBwAEhEAw6C0G5ASEQDDkLQa8BIRAMOAtBsQEhEAw3C0GyASEQDDYLQbQBIRAMNQtBtQEhEAw0C0G6ASEQDDMLQb0BIRAMMgtBvwEhEAwxC0HBASEQDDALIABBADYCHCAAIAQ2AhQgAEHpi4CAADYCECAAQR82AgxBACEQDEgLIABB2wE2AhwgACAENgIUIABB+paAgAA2AhAgAEEVNgIMQQAhEAxHCyAAQfgANgIcIAAgDDYCFCAAQcqYgIAANgIQIABBFTYCDEEAIRAMRgsgAEHRADYCHCAAIAU2AhQgAEGwl4CAADYCECAAQRU2AgxBACEQDEULIABB+QA2AhwgACABNgIUIAAgEDYCDEEAIRAMRAsgAEH4ADYCHCAAIAE2AhQgAEHKmICAADYCECAAQRU2AgxBACEQDEMLIABB5AA2AhwgACABNgIUIABB45eAgAA2AhAgAEEVNgIMQQAhEAxCCyAAQdcANgIcIAAgATYCFCAAQcmXgIAANgIQIABBFTYCDEEAIRAMQQsgAEEANgIcIAAgATYCFCAAQbmNgIAANgIQIABBGjYCDEEAIRAMQAsgAEHCADYCHCAAIAE2AhQgAEHjmICAADYCECAAQRU2AgxBACEQDD8LIABBADYCBCAAIA8gDxCxgICAACIERQ0BIABBOjYCHCAAIAQ2AgwgACAPQQFqNgIUQQAhEAw+CyAAKAIEIQQgAEEANgIEAkAgACAEIAEQsYCAgAAiBEUNACAAQTs2AhwgACAENgIMIAAgAUEBajYCFEEAIRAMPgsgAUEBaiEBDC0LIA9BAWohAQwtCyAAQQA2AhwgACAPNgIUIABB5JKAgAA2AhAgAEEENgIMQQAhEAw7CyAAQTY2AhwgACAENgIUIAAgAjYCDEEAIRAMOgsgAEEuNgIcIAAgDjYCFCAAIAQ2AgxBACEQDDkLIABB0AA2AhwgACABNgIUIABBkZiAgAA2AhAgAEEVNgIMQQAhEAw4CyANQQFqIQEMLAsgAEEVNgIcIAAgATYCFCAAQYKZgIAANgIQIABBFTYCDEEAIRAMNgsgAEEbNgIcIAAgATYCFCAAQZGXgIAANgIQIABBFTYCDEEAIRAMNQsgAEEPNgIcIAAgATYCFCAAQZGXgIAANgIQIABBFTYCDEEAIRAMNAsgAEELNgIcIAAgATYCFCAAQZGXgIAANgIQIABBFTYCDEEAIRAMMwsgAEEaNgIcIAAgATYCFCAAQYKZgIAANgIQIABBFTYCDEEAIRAMMgsgAEELNgIcIAAgATYCFCAAQYKZgIAANgIQIABBFTYCDEEAIRAMMQsgAEEKNgIcIAAgATYCFCAAQeSWgIAANgIQIABBFTYCDEEAIRAMMAsgAEEeNgIcIAAgATYCFCAAQfmXgIAANgIQIABBFTYCDEEAIRAMLwsgAEEANgIcIAAgEDYCFCAAQdqNgIAANgIQIABBFDYCDEEAIRAMLgsgAEEENgIcIAAgATYCFCAAQbCYgIAANgIQIABBFTYCDEEAIRAMLQsgAEEANgIAIAtBAWohCwtBuAEhEAwSCyAAQQA2AgAgEEEBaiEBQfUAIRAMEQsgASEBAkAgAC0AKUEFRw0AQeMAIRAMEQtB4gAhEAwQC0EAIRAgAEEANgIcIABB5JGAgAA2AhAgAEEHNgIMIAAgFEEBajYCFAwoCyAAQQA2AgAgF0EBaiEBQcAAIRAMDgtBASEBCyAAIAE6ACwgAEEANgIAIBdBAWohAQtBKCEQDAsLIAEhAQtBOCEQDAkLAkAgASIPIAJGDQADQAJAIA8tAABBgL6AgABqLQAAIgFBAUYNACABQQJHDQMgD0EBaiEBDAQLIA9BAWoiDyACRw0AC0E+IRAMIgtBPiEQDCELIABBADoALCAPIQEMAQtBCyEQDAYLQTohEAwFCyABQQFqIQFBLSEQDAQLIAAgAToALCAAQQA2AgAgFkEBaiEBQQwhEAwDCyAAQQA2AgAgF0EBaiEBQQohEAwCCyAAQQA2AgALIABBADoALCANIQFBCSEQDAALC0EAIRAgAEEANgIcIAAgCzYCFCAAQc2QgIAANgIQIABBCTYCDAwXC0EAIRAgAEEANgIcIAAgCjYCFCAAQemKgIAANgIQIABBCTYCDAwWC0EAIRAgAEEANgIcIAAgCTYCFCAAQbeQgIAANgIQIABBCTYCDAwVC0EAIRAgAEEANgIcIAAgCDYCFCAAQZyRgIAANgIQIABBCTYCDAwUC0EAIRAgAEEANgIcIAAgATYCFCAAQc2QgIAANgIQIABBCTYCDAwTC0EAIRAgAEEANgIcIAAgATYCFCAAQemKgIAANgIQIABBCTYCDAwSC0EAIRAgAEEANgIcIAAgATYCFCAAQbeQgIAANgIQIABBCTYCDAwRC0EAIRAgAEEANgIcIAAgATYCFCAAQZyRgIAANgIQIABBCTYCDAwQC0EAIRAgAEEANgIcIAAgATYCFCAAQZeVgIAANgIQIABBDzYCDAwPC0EAIRAgAEEANgIcIAAgATYCFCAAQZeVgIAANgIQIABBDzYCDAwOC0EAIRAgAEEANgIcIAAgATYCFCAAQcCSgIAANgIQIABBCzYCDAwNC0EAIRAgAEEANgIcIAAgATYCFCAAQZWJgIAANgIQIABBCzYCDAwMC0EAIRAgAEEANgIcIAAgATYCFCAAQeGPgIAANgIQIABBCjYCDAwLC0EAIRAgAEEANgIcIAAgATYCFCAAQfuPgIAANgIQIABBCjYCDAwKC0EAIRAgAEEANgIcIAAgATYCFCAAQfGZgIAANgIQIABBAjYCDAwJC0EAIRAgAEEANgIcIAAgATYCFCAAQcSUgIAANgIQIABBAjYCDAwIC0EAIRAgAEEANgIcIAAgATYCFCAAQfKVgIAANgIQIABBAjYCDAwHCyAAQQI2AhwgACABNgIUIABBnJqAgAA2AhAgAEEWNgIMQQAhEAwGC0EBIRAMBQtB1AAhECABIgQgAkYNBCADQQhqIAAgBCACQdjCgIAAQQoQxYCAgAAgAygCDCEEIAMoAggOAwEEAgALEMqAgIAAAAsgAEEANgIcIABBtZqAgAA2AhAgAEEXNgIMIAAgBEEBajYCFEEAIRAMAgsgAEEANgIcIAAgBDYCFCAAQcqagIAANgIQIABBCTYCDEEAIRAMAQsCQCABIgQgAkcNAEEiIRAMAQsgAEGJgICAADYCCCAAIAQ2AgRBISEQCyADQRBqJICAgIAAIBALrwEBAn8gASgCACEGAkACQCACIANGDQAgBCAGaiEEIAYgA2ogAmshByACIAZBf3MgBWoiBmohBQNAAkAgAi0AACAELQAARg0AQQIhBAwDCwJAIAYNAEEAIQQgBSECDAMLIAZBf2ohBiAEQQFqIQQgAkEBaiICIANHDQALIAchBiADIQILIABBATYCACABIAY2AgAgACACNgIEDwsgAUEANgIAIAAgBDYCACAAIAI2AgQLCgAgABDHgICAAAvyNgELfyOAgICAAEEQayIBJICAgIAAAkBBACgCoNCAgAANAEEAEMuAgIAAQYDUhIAAayICQdkASQ0AQQAhAwJAQQAoAuDTgIAAIgQNAEEAQn83AuzTgIAAQQBCgICEgICAwAA3AuTTgIAAQQAgAUEIakFwcUHYqtWqBXMiBDYC4NOAgABBAEEANgL004CAAEEAQQA2AsTTgIAAC0EAIAI2AszTgIAAQQBBgNSEgAA2AsjTgIAAQQBBgNSEgAA2ApjQgIAAQQAgBDYCrNCAgABBAEF/NgKo0ICAAANAIANBxNCAgABqIANBuNCAgABqIgQ2AgAgBCADQbDQgIAAaiIFNgIAIANBvNCAgABqIAU2AgAgA0HM0ICAAGogA0HA0ICAAGoiBTYCACAFIAQ2AgAgA0HU0ICAAGogA0HI0ICAAGoiBDYCACAEIAU2AgAgA0HQ0ICAAGogBDYCACADQSBqIgNBgAJHDQALQYDUhIAAQXhBgNSEgABrQQ9xQQBBgNSEgABBCGpBD3EbIgNqIgRBBGogAkFIaiIFIANrIgNBAXI2AgBBAEEAKALw04CAADYCpNCAgABBACADNgKU0ICAAEEAIAQ2AqDQgIAAQYDUhIAAIAVqQTg2AgQLAkACQAJAAkACQAJAAkACQAJAAkACQAJAIABB7AFLDQACQEEAKAKI0ICAACIGQRAgAEETakFwcSAAQQtJGyICQQN2IgR2IgNBA3FFDQACQAJAIANBAXEgBHJBAXMiBUEDdCIEQbDQgIAAaiIDIARBuNCAgABqKAIAIgQoAggiAkcNAEEAIAZBfiAFd3E2AojQgIAADAELIAMgAjYCCCACIAM2AgwLIARBCGohAyAEIAVBA3QiBUEDcjYCBCAEIAVqIgQgBCgCBEEBcjYCBAwMCyACQQAoApDQgIAAIgdNDQECQCADRQ0AAkACQCADIAR0QQIgBHQiA0EAIANrcnEiA0EAIANrcUF/aiIDIANBDHZBEHEiA3YiBEEFdkEIcSIFIANyIAQgBXYiA0ECdkEEcSIEciADIAR2IgNBAXZBAnEiBHIgAyAEdiIDQQF2QQFxIgRyIAMgBHZqIgRBA3QiA0Gw0ICAAGoiBSADQbjQgIAAaigCACIDKAIIIgBHDQBBACAGQX4gBHdxIgY2AojQgIAADAELIAUgADYCCCAAIAU2AgwLIAMgAkEDcjYCBCADIARBA3QiBGogBCACayIFNgIAIAMgAmoiACAFQQFyNgIEAkAgB0UNACAHQXhxQbDQgIAAaiECQQAoApzQgIAAIQQCQAJAIAZBASAHQQN2dCIIcQ0AQQAgBiAIcjYCiNCAgAAgAiEIDAELIAIoAgghCAsgCCAENgIMIAIgBDYCCCAEIAI2AgwgBCAINgIICyADQQhqIQNBACAANgKc0ICAAEEAIAU2ApDQgIAADAwLQQAoAozQgIAAIglFDQEgCUEAIAlrcUF/aiIDIANBDHZBEHEiA3YiBEEFdkEIcSIFIANyIAQgBXYiA0ECdkEEcSIEciADIAR2IgNBAXZBAnEiBHIgAyAEdiIDQQF2QQFxIgRyIAMgBHZqQQJ0QbjSgIAAaigCACIAKAIEQXhxIAJrIQQgACEFAkADQAJAIAUoAhAiAw0AIAVBFGooAgAiA0UNAgsgAygCBEF4cSACayIFIAQgBSAESSIFGyEEIAMgACAFGyEAIAMhBQwACwsgACgCGCEKAkAgACgCDCIIIABGDQAgACgCCCIDQQAoApjQgIAASRogCCADNgIIIAMgCDYCDAwLCwJAIABBFGoiBSgCACIDDQAgACgCECIDRQ0DIABBEGohBQsDQCAFIQsgAyIIQRRqIgUoAgAiAw0AIAhBEGohBSAIKAIQIgMNAAsgC0EANgIADAoLQX8hAiAAQb9/Sw0AIABBE2oiA0FwcSECQQAoAozQgIAAIgdFDQBBACELAkAgAkGAAkkNAEEfIQsgAkH///8HSw0AIANBCHYiAyADQYD+P2pBEHZBCHEiA3QiBCAEQYDgH2pBEHZBBHEiBHQiBSAFQYCAD2pBEHZBAnEiBXRBD3YgAyAEciAFcmsiA0EBdCACIANBFWp2QQFxckEcaiELC0EAIAJrIQQCQAJAAkACQCALQQJ0QbjSgIAAaigCACIFDQBBACEDQQAhCAwBC0EAIQMgAkEAQRkgC0EBdmsgC0EfRht0IQBBACEIA0ACQCAFKAIEQXhxIAJrIgYgBE8NACAGIQQgBSEIIAYNAEEAIQQgBSEIIAUhAwwDCyADIAVBFGooAgAiBiAGIAUgAEEddkEEcWpBEGooAgAiBUYbIAMgBhshAyAAQQF0IQAgBQ0ACwsCQCADIAhyDQBBACEIQQIgC3QiA0EAIANrciAHcSIDRQ0DIANBACADa3FBf2oiAyADQQx2QRBxIgN2IgVBBXZBCHEiACADciAFIAB2IgNBAnZBBHEiBXIgAyAFdiIDQQF2QQJxIgVyIAMgBXYiA0EBdkEBcSIFciADIAV2akECdEG40oCAAGooAgAhAwsgA0UNAQsDQCADKAIEQXhxIAJrIgYgBEkhAAJAIAMoAhAiBQ0AIANBFGooAgAhBQsgBiAEIAAbIQQgAyAIIAAbIQggBSEDIAUNAAsLIAhFDQAgBEEAKAKQ0ICAACACa08NACAIKAIYIQsCQCAIKAIMIgAgCEYNACAIKAIIIgNBACgCmNCAgABJGiAAIAM2AgggAyAANgIMDAkLAkAgCEEUaiIFKAIAIgMNACAIKAIQIgNFDQMgCEEQaiEFCwNAIAUhBiADIgBBFGoiBSgCACIDDQAgAEEQaiEFIAAoAhAiAw0ACyAGQQA2AgAMCAsCQEEAKAKQ0ICAACIDIAJJDQBBACgCnNCAgAAhBAJAAkAgAyACayIFQRBJDQAgBCACaiIAIAVBAXI2AgRBACAFNgKQ0ICAAEEAIAA2ApzQgIAAIAQgA2ogBTYCACAEIAJBA3I2AgQMAQsgBCADQQNyNgIEIAQgA2oiAyADKAIEQQFyNgIEQQBBADYCnNCAgABBAEEANgKQ0ICAAAsgBEEIaiEDDAoLAkBBACgClNCAgAAiACACTQ0AQQAoAqDQgIAAIgMgAmoiBCAAIAJrIgVBAXI2AgRBACAFNgKU0ICAAEEAIAQ2AqDQgIAAIAMgAkEDcjYCBCADQQhqIQMMCgsCQAJAQQAoAuDTgIAARQ0AQQAoAujTgIAAIQQMAQtBAEJ/NwLs04CAAEEAQoCAhICAgMAANwLk04CAAEEAIAFBDGpBcHFB2KrVqgVzNgLg04CAAEEAQQA2AvTTgIAAQQBBADYCxNOAgABBgIAEIQQLQQAhAwJAIAQgAkHHAGoiB2oiBkEAIARrIgtxIgggAksNAEEAQTA2AvjTgIAADAoLAkBBACgCwNOAgAAiA0UNAAJAQQAoArjTgIAAIgQgCGoiBSAETQ0AIAUgA00NAQtBACEDQQBBMDYC+NOAgAAMCgtBAC0AxNOAgABBBHENBAJAAkACQEEAKAKg0ICAACIERQ0AQcjTgIAAIQMDQAJAIAMoAgAiBSAESw0AIAUgAygCBGogBEsNAwsgAygCCCIDDQALC0EAEMuAgIAAIgBBf0YNBSAIIQYCQEEAKALk04CAACIDQX9qIgQgAHFFDQAgCCAAayAEIABqQQAgA2txaiEGCyAGIAJNDQUgBkH+////B0sNBQJAQQAoAsDTgIAAIgNFDQBBACgCuNOAgAAiBCAGaiIFIARNDQYgBSADSw0GCyAGEMuAgIAAIgMgAEcNAQwHCyAGIABrIAtxIgZB/v///wdLDQQgBhDLgICAACIAIAMoAgAgAygCBGpGDQMgACEDCwJAIANBf0YNACACQcgAaiAGTQ0AAkAgByAGa0EAKALo04CAACIEakEAIARrcSIEQf7///8HTQ0AIAMhAAwHCwJAIAQQy4CAgABBf0YNACAEIAZqIQYgAyEADAcLQQAgBmsQy4CAgAAaDAQLIAMhACADQX9HDQUMAwtBACEIDAcLQQAhAAwFCyAAQX9HDQILQQBBACgCxNOAgABBBHI2AsTTgIAACyAIQf7///8HSw0BIAgQy4CAgAAhAEEAEMuAgIAAIQMgAEF/Rg0BIANBf0YNASAAIANPDQEgAyAAayIGIAJBOGpNDQELQQBBACgCuNOAgAAgBmoiAzYCuNOAgAACQCADQQAoArzTgIAATQ0AQQAgAzYCvNOAgAALAkACQAJAAkBBACgCoNCAgAAiBEUNAEHI04CAACEDA0AgACADKAIAIgUgAygCBCIIakYNAiADKAIIIgMNAAwDCwsCQAJAQQAoApjQgIAAIgNFDQAgACADTw0BC0EAIAA2ApjQgIAAC0EAIQNBACAGNgLM04CAAEEAIAA2AsjTgIAAQQBBfzYCqNCAgABBAEEAKALg04CAADYCrNCAgABBAEEANgLU04CAAANAIANBxNCAgABqIANBuNCAgABqIgQ2AgAgBCADQbDQgIAAaiIFNgIAIANBvNCAgABqIAU2AgAgA0HM0ICAAGogA0HA0ICAAGoiBTYCACAFIAQ2AgAgA0HU0ICAAGogA0HI0ICAAGoiBDYCACAEIAU2AgAgA0HQ0ICAAGogBDYCACADQSBqIgNBgAJHDQALIABBeCAAa0EPcUEAIABBCGpBD3EbIgNqIgQgBkFIaiIFIANrIgNBAXI2AgRBAEEAKALw04CAADYCpNCAgABBACADNgKU0ICAAEEAIAQ2AqDQgIAAIAAgBWpBODYCBAwCCyADLQAMQQhxDQAgBCAFSQ0AIAQgAE8NACAEQXggBGtBD3FBACAEQQhqQQ9xGyIFaiIAQQAoApTQgIAAIAZqIgsgBWsiBUEBcjYCBCADIAggBmo2AgRBAEEAKALw04CAADYCpNCAgABBACAFNgKU0ICAAEEAIAA2AqDQgIAAIAQgC2pBODYCBAwBCwJAIABBACgCmNCAgAAiCE8NAEEAIAA2ApjQgIAAIAAhCAsgACAGaiEFQcjTgIAAIQMCQAJAAkACQAJAAkACQANAIAMoAgAgBUYNASADKAIIIgMNAAwCCwsgAy0ADEEIcUUNAQtByNOAgAAhAwNAAkAgAygCACIFIARLDQAgBSADKAIEaiIFIARLDQMLIAMoAgghAwwACwsgAyAANgIAIAMgAygCBCAGajYCBCAAQXggAGtBD3FBACAAQQhqQQ9xG2oiCyACQQNyNgIEIAVBeCAFa0EPcUEAIAVBCGpBD3EbaiIGIAsgAmoiAmshAwJAIAYgBEcNAEEAIAI2AqDQgIAAQQBBACgClNCAgAAgA2oiAzYClNCAgAAgAiADQQFyNgIEDAMLAkAgBkEAKAKc0ICAAEcNAEEAIAI2ApzQgIAAQQBBACgCkNCAgAAgA2oiAzYCkNCAgAAgAiADQQFyNgIEIAIgA2ogAzYCAAwDCwJAIAYoAgQiBEEDcUEBRw0AIARBeHEhBwJAAkAgBEH/AUsNACAGKAIIIgUgBEEDdiIIQQN0QbDQgIAAaiIARhoCQCAGKAIMIgQgBUcNAEEAQQAoAojQgIAAQX4gCHdxNgKI0ICAAAwCCyAEIABGGiAEIAU2AgggBSAENgIMDAELIAYoAhghCQJAAkAgBigCDCIAIAZGDQAgBigCCCIEIAhJGiAAIAQ2AgggBCAANgIMDAELAkAgBkEUaiIEKAIAIgUNACAGQRBqIgQoAgAiBQ0AQQAhAAwBCwNAIAQhCCAFIgBBFGoiBCgCACIFDQAgAEEQaiEEIAAoAhAiBQ0ACyAIQQA2AgALIAlFDQACQAJAIAYgBigCHCIFQQJ0QbjSgIAAaiIEKAIARw0AIAQgADYCACAADQFBAEEAKAKM0ICAAEF+IAV3cTYCjNCAgAAMAgsgCUEQQRQgCSgCECAGRhtqIAA2AgAgAEUNAQsgACAJNgIYAkAgBigCECIERQ0AIAAgBDYCECAEIAA2AhgLIAYoAhQiBEUNACAAQRRqIAQ2AgAgBCAANgIYCyAHIANqIQMgBiAHaiIGKAIEIQQLIAYgBEF+cTYCBCACIANqIAM2AgAgAiADQQFyNgIEAkAgA0H/AUsNACADQXhxQbDQgIAAaiEEAkACQEEAKAKI0ICAACIFQQEgA0EDdnQiA3ENAEEAIAUgA3I2AojQgIAAIAQhAwwBCyAEKAIIIQMLIAMgAjYCDCAEIAI2AgggAiAENgIMIAIgAzYCCAwDC0EfIQQCQCADQf///wdLDQAgA0EIdiIEIARBgP4/akEQdkEIcSIEdCIFIAVBgOAfakEQdkEEcSIFdCIAIABBgIAPakEQdkECcSIAdEEPdiAEIAVyIAByayIEQQF0IAMgBEEVanZBAXFyQRxqIQQLIAIgBDYCHCACQgA3AhAgBEECdEG40oCAAGohBQJAQQAoAozQgIAAIgBBASAEdCIIcQ0AIAUgAjYCAEEAIAAgCHI2AozQgIAAIAIgBTYCGCACIAI2AgggAiACNgIMDAMLIANBAEEZIARBAXZrIARBH0YbdCEEIAUoAgAhAANAIAAiBSgCBEF4cSADRg0CIARBHXYhACAEQQF0IQQgBSAAQQRxakEQaiIIKAIAIgANAAsgCCACNgIAIAIgBTYCGCACIAI2AgwgAiACNgIIDAILIABBeCAAa0EPcUEAIABBCGpBD3EbIgNqIgsgBkFIaiIIIANrIgNBAXI2AgQgACAIakE4NgIEIAQgBUE3IAVrQQ9xQQAgBUFJakEPcRtqQUFqIgggCCAEQRBqSRsiCEEjNgIEQQBBACgC8NOAgAA2AqTQgIAAQQAgAzYClNCAgABBACALNgKg0ICAACAIQRBqQQApAtDTgIAANwIAIAhBACkCyNOAgAA3AghBACAIQQhqNgLQ04CAAEEAIAY2AszTgIAAQQAgADYCyNOAgABBAEEANgLU04CAACAIQSRqIQMDQCADQQc2AgAgA0EEaiIDIAVJDQALIAggBEYNAyAIIAgoAgRBfnE2AgQgCCAIIARrIgA2AgAgBCAAQQFyNgIEAkAgAEH/AUsNACAAQXhxQbDQgIAAaiEDAkACQEEAKAKI0ICAACIFQQEgAEEDdnQiAHENAEEAIAUgAHI2AojQgIAAIAMhBQwBCyADKAIIIQULIAUgBDYCDCADIAQ2AgggBCADNgIMIAQgBTYCCAwEC0EfIQMCQCAAQf///wdLDQAgAEEIdiIDIANBgP4/akEQdkEIcSIDdCIFIAVBgOAfakEQdkEEcSIFdCIIIAhBgIAPakEQdkECcSIIdEEPdiADIAVyIAhyayIDQQF0IAAgA0EVanZBAXFyQRxqIQMLIAQgAzYCHCAEQgA3AhAgA0ECdEG40oCAAGohBQJAQQAoAozQgIAAIghBASADdCIGcQ0AIAUgBDYCAEEAIAggBnI2AozQgIAAIAQgBTYCGCAEIAQ2AgggBCAENgIMDAQLIABBAEEZIANBAXZrIANBH0YbdCEDIAUoAgAhCANAIAgiBSgCBEF4cSAARg0DIANBHXYhCCADQQF0IQMgBSAIQQRxakEQaiIGKAIAIggNAAsgBiAENgIAIAQgBTYCGCAEIAQ2AgwgBCAENgIIDAMLIAUoAggiAyACNgIMIAUgAjYCCCACQQA2AhggAiAFNgIMIAIgAzYCCAsgC0EIaiEDDAULIAUoAggiAyAENgIMIAUgBDYCCCAEQQA2AhggBCAFNgIMIAQgAzYCCAtBACgClNCAgAAiAyACTQ0AQQAoAqDQgIAAIgQgAmoiBSADIAJrIgNBAXI2AgRBACADNgKU0ICAAEEAIAU2AqDQgIAAIAQgAkEDcjYCBCAEQQhqIQMMAwtBACEDQQBBMDYC+NOAgAAMAgsCQCALRQ0AAkACQCAIIAgoAhwiBUECdEG40oCAAGoiAygCAEcNACADIAA2AgAgAA0BQQAgB0F+IAV3cSIHNgKM0ICAAAwCCyALQRBBFCALKAIQIAhGG2ogADYCACAARQ0BCyAAIAs2AhgCQCAIKAIQIgNFDQAgACADNgIQIAMgADYCGAsgCEEUaigCACIDRQ0AIABBFGogAzYCACADIAA2AhgLAkACQCAEQQ9LDQAgCCAEIAJqIgNBA3I2AgQgCCADaiIDIAMoAgRBAXI2AgQMAQsgCCACaiIAIARBAXI2AgQgCCACQQNyNgIEIAAgBGogBDYCAAJAIARB/wFLDQAgBEF4cUGw0ICAAGohAwJAAkBBACgCiNCAgAAiBUEBIARBA3Z0IgRxDQBBACAFIARyNgKI0ICAACADIQQMAQsgAygCCCEECyAEIAA2AgwgAyAANgIIIAAgAzYCDCAAIAQ2AggMAQtBHyEDAkAgBEH///8HSw0AIARBCHYiAyADQYD+P2pBEHZBCHEiA3QiBSAFQYDgH2pBEHZBBHEiBXQiAiACQYCAD2pBEHZBAnEiAnRBD3YgAyAFciACcmsiA0EBdCAEIANBFWp2QQFxckEcaiEDCyAAIAM2AhwgAEIANwIQIANBAnRBuNKAgABqIQUCQCAHQQEgA3QiAnENACAFIAA2AgBBACAHIAJyNgKM0ICAACAAIAU2AhggACAANgIIIAAgADYCDAwBCyAEQQBBGSADQQF2ayADQR9GG3QhAyAFKAIAIQICQANAIAIiBSgCBEF4cSAERg0BIANBHXYhAiADQQF0IQMgBSACQQRxakEQaiIGKAIAIgINAAsgBiAANgIAIAAgBTYCGCAAIAA2AgwgACAANgIIDAELIAUoAggiAyAANgIMIAUgADYCCCAAQQA2AhggACAFNgIMIAAgAzYCCAsgCEEIaiEDDAELAkAgCkUNAAJAAkAgACAAKAIcIgVBAnRBuNKAgABqIgMoAgBHDQAgAyAINgIAIAgNAUEAIAlBfiAFd3E2AozQgIAADAILIApBEEEUIAooAhAgAEYbaiAINgIAIAhFDQELIAggCjYCGAJAIAAoAhAiA0UNACAIIAM2AhAgAyAINgIYCyAAQRRqKAIAIgNFDQAgCEEUaiADNgIAIAMgCDYCGAsCQAJAIARBD0sNACAAIAQgAmoiA0EDcjYCBCAAIANqIgMgAygCBEEBcjYCBAwBCyAAIAJqIgUgBEEBcjYCBCAAIAJBA3I2AgQgBSAEaiAENgIAAkAgB0UNACAHQXhxQbDQgIAAaiECQQAoApzQgIAAIQMCQAJAQQEgB0EDdnQiCCAGcQ0AQQAgCCAGcjYCiNCAgAAgAiEIDAELIAIoAgghCAsgCCADNgIMIAIgAzYCCCADIAI2AgwgAyAINgIIC0EAIAU2ApzQgIAAQQAgBDYCkNCAgAALIABBCGohAwsgAUEQaiSAgICAACADCwoAIAAQyYCAgAAL4g0BB38CQCAARQ0AIABBeGoiASAAQXxqKAIAIgJBeHEiAGohAwJAIAJBAXENACACQQNxRQ0BIAEgASgCACICayIBQQAoApjQgIAAIgRJDQEgAiAAaiEAAkAgAUEAKAKc0ICAAEYNAAJAIAJB/wFLDQAgASgCCCIEIAJBA3YiBUEDdEGw0ICAAGoiBkYaAkAgASgCDCICIARHDQBBAEEAKAKI0ICAAEF+IAV3cTYCiNCAgAAMAwsgAiAGRhogAiAENgIIIAQgAjYCDAwCCyABKAIYIQcCQAJAIAEoAgwiBiABRg0AIAEoAggiAiAESRogBiACNgIIIAIgBjYCDAwBCwJAIAFBFGoiAigCACIEDQAgAUEQaiICKAIAIgQNAEEAIQYMAQsDQCACIQUgBCIGQRRqIgIoAgAiBA0AIAZBEGohAiAGKAIQIgQNAAsgBUEANgIACyAHRQ0BAkACQCABIAEoAhwiBEECdEG40oCAAGoiAigCAEcNACACIAY2AgAgBg0BQQBBACgCjNCAgABBfiAEd3E2AozQgIAADAMLIAdBEEEUIAcoAhAgAUYbaiAGNgIAIAZFDQILIAYgBzYCGAJAIAEoAhAiAkUNACAGIAI2AhAgAiAGNgIYCyABKAIUIgJFDQEgBkEUaiACNgIAIAIgBjYCGAwBCyADKAIEIgJBA3FBA0cNACADIAJBfnE2AgRBACAANgKQ0ICAACABIABqIAA2AgAgASAAQQFyNgIEDwsgASADTw0AIAMoAgQiAkEBcUUNAAJAAkAgAkECcQ0AAkAgA0EAKAKg0ICAAEcNAEEAIAE2AqDQgIAAQQBBACgClNCAgAAgAGoiADYClNCAgAAgASAAQQFyNgIEIAFBACgCnNCAgABHDQNBAEEANgKQ0ICAAEEAQQA2ApzQgIAADwsCQCADQQAoApzQgIAARw0AQQAgATYCnNCAgABBAEEAKAKQ0ICAACAAaiIANgKQ0ICAACABIABBAXI2AgQgASAAaiAANgIADwsgAkF4cSAAaiEAAkACQCACQf8BSw0AIAMoAggiBCACQQN2IgVBA3RBsNCAgABqIgZGGgJAIAMoAgwiAiAERw0AQQBBACgCiNCAgABBfiAFd3E2AojQgIAADAILIAIgBkYaIAIgBDYCCCAEIAI2AgwMAQsgAygCGCEHAkACQCADKAIMIgYgA0YNACADKAIIIgJBACgCmNCAgABJGiAGIAI2AgggAiAGNgIMDAELAkAgA0EUaiICKAIAIgQNACADQRBqIgIoAgAiBA0AQQAhBgwBCwNAIAIhBSAEIgZBFGoiAigCACIEDQAgBkEQaiECIAYoAhAiBA0ACyAFQQA2AgALIAdFDQACQAJAIAMgAygCHCIEQQJ0QbjSgIAAaiICKAIARw0AIAIgBjYCACAGDQFBAEEAKAKM0ICAAEF+IAR3cTYCjNCAgAAMAgsgB0EQQRQgBygCECADRhtqIAY2AgAgBkUNAQsgBiAHNgIYAkAgAygCECICRQ0AIAYgAjYCECACIAY2AhgLIAMoAhQiAkUNACAGQRRqIAI2AgAgAiAGNgIYCyABIABqIAA2AgAgASAAQQFyNgIEIAFBACgCnNCAgABHDQFBACAANgKQ0ICAAA8LIAMgAkF+cTYCBCABIABqIAA2AgAgASAAQQFyNgIECwJAIABB/wFLDQAgAEF4cUGw0ICAAGohAgJAAkBBACgCiNCAgAAiBEEBIABBA3Z0IgBxDQBBACAEIAByNgKI0ICAACACIQAMAQsgAigCCCEACyAAIAE2AgwgAiABNgIIIAEgAjYCDCABIAA2AggPC0EfIQICQCAAQf///wdLDQAgAEEIdiICIAJBgP4/akEQdkEIcSICdCIEIARBgOAfakEQdkEEcSIEdCIGIAZBgIAPakEQdkECcSIGdEEPdiACIARyIAZyayICQQF0IAAgAkEVanZBAXFyQRxqIQILIAEgAjYCHCABQgA3AhAgAkECdEG40oCAAGohBAJAAkBBACgCjNCAgAAiBkEBIAJ0IgNxDQAgBCABNgIAQQAgBiADcjYCjNCAgAAgASAENgIYIAEgATYCCCABIAE2AgwMAQsgAEEAQRkgAkEBdmsgAkEfRht0IQIgBCgCACEGAkADQCAGIgQoAgRBeHEgAEYNASACQR12IQYgAkEBdCECIAQgBkEEcWpBEGoiAygCACIGDQALIAMgATYCACABIAQ2AhggASABNgIMIAEgATYCCAwBCyAEKAIIIgAgATYCDCAEIAE2AgggAUEANgIYIAEgBDYCDCABIAA2AggLQQBBACgCqNCAgABBf2oiAUF/IAEbNgKo0ICAAAsLBAAAAAtOAAJAIAANAD8AQRB0DwsCQCAAQf//A3ENACAAQX9MDQACQCAAQRB2QAAiAEF/Rw0AQQBBMDYC+NOAgABBfw8LIABBEHQPCxDKgICAAAAL8gICA38BfgJAIAJFDQAgACABOgAAIAIgAGoiA0F/aiABOgAAIAJBA0kNACAAIAE6AAIgACABOgABIANBfWogAToAACADQX5qIAE6AAAgAkEHSQ0AIAAgAToAAyADQXxqIAE6AAAgAkEJSQ0AIABBACAAa0EDcSIEaiIDIAFB/wFxQYGChAhsIgE2AgAgAyACIARrQXxxIgRqIgJBfGogATYCACAEQQlJDQAgAyABNgIIIAMgATYCBCACQXhqIAE2AgAgAkF0aiABNgIAIARBGUkNACADIAE2AhggAyABNgIUIAMgATYCECADIAE2AgwgAkFwaiABNgIAIAJBbGogATYCACACQWhqIAE2AgAgAkFkaiABNgIAIAQgA0EEcUEYciIFayICQSBJDQAgAa1CgYCAgBB+IQYgAyAFaiEBA0AgASAGNwMYIAEgBjcDECABIAY3AwggASAGNwMAIAFBIGohASACQWBqIgJBH0sNAAsLIAALC45IAQBBgAgLhkgBAAAAAgAAAAMAAAAAAAAAAAAAAAQAAAAFAAAAAAAAAAAAAAAGAAAABwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEludmFsaWQgY2hhciBpbiB1cmwgcXVlcnkAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9ib2R5AENvbnRlbnQtTGVuZ3RoIG92ZXJmbG93AENodW5rIHNpemUgb3ZlcmZsb3cAUmVzcG9uc2Ugb3ZlcmZsb3cASW52YWxpZCBtZXRob2QgZm9yIEhUVFAveC54IHJlcXVlc3QASW52YWxpZCBtZXRob2QgZm9yIFJUU1AveC54IHJlcXVlc3QARXhwZWN0ZWQgU09VUkNFIG1ldGhvZCBmb3IgSUNFL3gueCByZXF1ZXN0AEludmFsaWQgY2hhciBpbiB1cmwgZnJhZ21lbnQgc3RhcnQARXhwZWN0ZWQgZG90AFNwYW4gY2FsbGJhY2sgZXJyb3IgaW4gb25fc3RhdHVzAEludmFsaWQgcmVzcG9uc2Ugc3RhdHVzAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIGV4dGVuc2lvbnMAVXNlciBjYWxsYmFjayBlcnJvcgBgb25fcmVzZXRgIGNhbGxiYWNrIGVycm9yAGBvbl9jaHVua19oZWFkZXJgIGNhbGxiYWNrIGVycm9yAGBvbl9tZXNzYWdlX2JlZ2luYCBjYWxsYmFjayBlcnJvcgBgb25fY2h1bmtfZXh0ZW5zaW9uX3ZhbHVlYCBjYWxsYmFjayBlcnJvcgBgb25fc3RhdHVzX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fdmVyc2lvbl9jb21wbGV0ZWAgY2FsbGJhY2sgZXJyb3IAYG9uX3VybF9jb21wbGV0ZWAgY2FsbGJhY2sgZXJyb3IAYG9uX2NodW5rX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25faGVhZGVyX3ZhbHVlX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fbWVzc2FnZV9jb21wbGV0ZWAgY2FsbGJhY2sgZXJyb3IAYG9uX21ldGhvZF9jb21wbGV0ZWAgY2FsbGJhY2sgZXJyb3IAYG9uX2hlYWRlcl9maWVsZF9jb21wbGV0ZWAgY2FsbGJhY2sgZXJyb3IAYG9uX2NodW5rX2V4dGVuc2lvbl9uYW1lYCBjYWxsYmFjayBlcnJvcgBVbmV4cGVjdGVkIGNoYXIgaW4gdXJsIHNlcnZlcgBJbnZhbGlkIGhlYWRlciB2YWx1ZSBjaGFyAEludmFsaWQgaGVhZGVyIGZpZWxkIGNoYXIAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl92ZXJzaW9uAEludmFsaWQgbWlub3IgdmVyc2lvbgBJbnZhbGlkIG1ham9yIHZlcnNpb24ARXhwZWN0ZWQgc3BhY2UgYWZ0ZXIgdmVyc2lvbgBFeHBlY3RlZCBDUkxGIGFmdGVyIHZlcnNpb24ASW52YWxpZCBIVFRQIHZlcnNpb24ASW52YWxpZCBoZWFkZXIgdG9rZW4AU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl91cmwASW52YWxpZCBjaGFyYWN0ZXJzIGluIHVybABVbmV4cGVjdGVkIHN0YXJ0IGNoYXIgaW4gdXJsAERvdWJsZSBAIGluIHVybABFbXB0eSBDb250ZW50LUxlbmd0aABJbnZhbGlkIGNoYXJhY3RlciBpbiBDb250ZW50LUxlbmd0aABEdXBsaWNhdGUgQ29udGVudC1MZW5ndGgASW52YWxpZCBjaGFyIGluIHVybCBwYXRoAENvbnRlbnQtTGVuZ3RoIGNhbid0IGJlIHByZXNlbnQgd2l0aCBUcmFuc2Zlci1FbmNvZGluZwBJbnZhbGlkIGNoYXJhY3RlciBpbiBjaHVuayBzaXplAFNwYW4gY2FsbGJhY2sgZXJyb3IgaW4gb25faGVhZGVyX3ZhbHVlAFNwYW4gY2FsbGJhY2sgZXJyb3IgaW4gb25fY2h1bmtfZXh0ZW5zaW9uX3ZhbHVlAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIGV4dGVuc2lvbnMgdmFsdWUATWlzc2luZyBleHBlY3RlZCBMRiBhZnRlciBoZWFkZXIgdmFsdWUASW52YWxpZCBgVHJhbnNmZXItRW5jb2RpbmdgIGhlYWRlciB2YWx1ZQBJbnZhbGlkIGNoYXJhY3RlciBpbiBjaHVuayBleHRlbnNpb25zIHF1b3RlIHZhbHVlAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIGV4dGVuc2lvbnMgcXVvdGVkIHZhbHVlAFBhdXNlZCBieSBvbl9oZWFkZXJzX2NvbXBsZXRlAEludmFsaWQgRU9GIHN0YXRlAG9uX3Jlc2V0IHBhdXNlAG9uX2NodW5rX2hlYWRlciBwYXVzZQBvbl9tZXNzYWdlX2JlZ2luIHBhdXNlAG9uX2NodW5rX2V4dGVuc2lvbl92YWx1ZSBwYXVzZQBvbl9zdGF0dXNfY29tcGxldGUgcGF1c2UAb25fdmVyc2lvbl9jb21wbGV0ZSBwYXVzZQBvbl91cmxfY29tcGxldGUgcGF1c2UAb25fY2h1bmtfY29tcGxldGUgcGF1c2UAb25faGVhZGVyX3ZhbHVlX2NvbXBsZXRlIHBhdXNlAG9uX21lc3NhZ2VfY29tcGxldGUgcGF1c2UAb25fbWV0aG9kX2NvbXBsZXRlIHBhdXNlAG9uX2hlYWRlcl9maWVsZF9jb21wbGV0ZSBwYXVzZQBvbl9jaHVua19leHRlbnNpb25fbmFtZSBwYXVzZQBVbmV4cGVjdGVkIHNwYWNlIGFmdGVyIHN0YXJ0IGxpbmUAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9jaHVua19leHRlbnNpb25fbmFtZQBJbnZhbGlkIGNoYXJhY3RlciBpbiBjaHVuayBleHRlbnNpb25zIG5hbWUAUGF1c2Ugb24gQ09OTkVDVC9VcGdyYWRlAFBhdXNlIG9uIFBSSS9VcGdyYWRlAEV4cGVjdGVkIEhUVFAvMiBDb25uZWN0aW9uIFByZWZhY2UAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9tZXRob2QARXhwZWN0ZWQgc3BhY2UgYWZ0ZXIgbWV0aG9kAFNwYW4gY2FsbGJhY2sgZXJyb3IgaW4gb25faGVhZGVyX2ZpZWxkAFBhdXNlZABJbnZhbGlkIHdvcmQgZW5jb3VudGVyZWQASW52YWxpZCBtZXRob2QgZW5jb3VudGVyZWQAVW5leHBlY3RlZCBjaGFyIGluIHVybCBzY2hlbWEAUmVxdWVzdCBoYXMgaW52YWxpZCBgVHJhbnNmZXItRW5jb2RpbmdgAFNXSVRDSF9QUk9YWQBVU0VfUFJPWFkATUtBQ1RJVklUWQBVTlBST0NFU1NBQkxFX0VOVElUWQBDT1BZAE1PVkVEX1BFUk1BTkVOVExZAFRPT19FQVJMWQBOT1RJRlkARkFJTEVEX0RFUEVOREVOQ1kAQkFEX0dBVEVXQVkAUExBWQBQVVQAQ0hFQ0tPVVQAR0FURVdBWV9USU1FT1VUAFJFUVVFU1RfVElNRU9VVABORVRXT1JLX0NPTk5FQ1RfVElNRU9VVABDT05ORUNUSU9OX1RJTUVPVVQATE9HSU5fVElNRU9VVABORVRXT1JLX1JFQURfVElNRU9VVABQT1NUAE1JU0RJUkVDVEVEX1JFUVVFU1QAQ0xJRU5UX0NMT1NFRF9SRVFVRVNUAENMSUVOVF9DTE9TRURfTE9BRF9CQUxBTkNFRF9SRVFVRVNUAEJBRF9SRVFVRVNUAEhUVFBfUkVRVUVTVF9TRU5UX1RPX0hUVFBTX1BPUlQAUkVQT1JUAElNX0FfVEVBUE9UAFJFU0VUX0NPTlRFTlQATk9fQ09OVEVOVABQQVJUSUFMX0NPTlRFTlQASFBFX0lOVkFMSURfQ09OU1RBTlQASFBFX0NCX1JFU0VUAEdFVABIUEVfU1RSSUNUAENPTkZMSUNUAFRFTVBPUkFSWV9SRURJUkVDVABQRVJNQU5FTlRfUkVESVJFQ1QAQ09OTkVDVABNVUxUSV9TVEFUVVMASFBFX0lOVkFMSURfU1RBVFVTAFRPT19NQU5ZX1JFUVVFU1RTAEVBUkxZX0hJTlRTAFVOQVZBSUxBQkxFX0ZPUl9MRUdBTF9SRUFTT05TAE9QVElPTlMAU1dJVENISU5HX1BST1RPQ09MUwBWQVJJQU5UX0FMU09fTkVHT1RJQVRFUwBNVUxUSVBMRV9DSE9JQ0VTAElOVEVSTkFMX1NFUlZFUl9FUlJPUgBXRUJfU0VSVkVSX1VOS05PV05fRVJST1IAUkFJTEdVTl9FUlJPUgBJREVOVElUWV9QUk9WSURFUl9BVVRIRU5USUNBVElPTl9FUlJPUgBTU0xfQ0VSVElGSUNBVEVfRVJST1IASU5WQUxJRF9YX0ZPUldBUkRFRF9GT1IAU0VUX1BBUkFNRVRFUgBHRVRfUEFSQU1FVEVSAEhQRV9VU0VSAFNFRV9PVEhFUgBIUEVfQ0JfQ0hVTktfSEVBREVSAE1LQ0FMRU5EQVIAU0VUVVAAV0VCX1NFUlZFUl9JU19ET1dOAFRFQVJET1dOAEhQRV9DTE9TRURfQ09OTkVDVElPTgBIRVVSSVNUSUNfRVhQSVJBVElPTgBESVNDT05ORUNURURfT1BFUkFUSU9OAE5PTl9BVVRIT1JJVEFUSVZFX0lORk9STUFUSU9OAEhQRV9JTlZBTElEX1ZFUlNJT04ASFBFX0NCX01FU1NBR0VfQkVHSU4AU0lURV9JU19GUk9aRU4ASFBFX0lOVkFMSURfSEVBREVSX1RPS0VOAElOVkFMSURfVE9LRU4ARk9SQklEREVOAEVOSEFOQ0VfWU9VUl9DQUxNAEhQRV9JTlZBTElEX1VSTABCTE9DS0VEX0JZX1BBUkVOVEFMX0NPTlRST0wATUtDT0wAQUNMAEhQRV9JTlRFUk5BTABSRVFVRVNUX0hFQURFUl9GSUVMRFNfVE9PX0xBUkdFX1VOT0ZGSUNJQUwASFBFX09LAFVOTElOSwBVTkxPQ0sAUFJJAFJFVFJZX1dJVEgASFBFX0lOVkFMSURfQ09OVEVOVF9MRU5HVEgASFBFX1VORVhQRUNURURfQ09OVEVOVF9MRU5HVEgARkxVU0gAUFJPUFBBVENIAE0tU0VBUkNIAFVSSV9UT09fTE9ORwBQUk9DRVNTSU5HAE1JU0NFTExBTkVPVVNfUEVSU0lTVEVOVF9XQVJOSU5HAE1JU0NFTExBTkVPVVNfV0FSTklORwBIUEVfSU5WQUxJRF9UUkFOU0ZFUl9FTkNPRElORwBFeHBlY3RlZCBDUkxGAEhQRV9JTlZBTElEX0NIVU5LX1NJWkUATU9WRQBDT05USU5VRQBIUEVfQ0JfU1RBVFVTX0NPTVBMRVRFAEhQRV9DQl9IRUFERVJTX0NPTVBMRVRFAEhQRV9DQl9WRVJTSU9OX0NPTVBMRVRFAEhQRV9DQl9VUkxfQ09NUExFVEUASFBFX0NCX0NIVU5LX0NPTVBMRVRFAEhQRV9DQl9IRUFERVJfVkFMVUVfQ09NUExFVEUASFBFX0NCX0NIVU5LX0VYVEVOU0lPTl9WQUxVRV9DT01QTEVURQBIUEVfQ0JfQ0hVTktfRVhURU5TSU9OX05BTUVfQ09NUExFVEUASFBFX0NCX01FU1NBR0VfQ09NUExFVEUASFBFX0NCX01FVEhPRF9DT01QTEVURQBIUEVfQ0JfSEVBREVSX0ZJRUxEX0NPTVBMRVRFAERFTEVURQBIUEVfSU5WQUxJRF9FT0ZfU1RBVEUASU5WQUxJRF9TU0xfQ0VSVElGSUNBVEUAUEFVU0UATk9fUkVTUE9OU0UAVU5TVVBQT1JURURfTUVESUFfVFlQRQBHT05FAE5PVF9BQ0NFUFRBQkxFAFNFUlZJQ0VfVU5BVkFJTEFCTEUAUkFOR0VfTk9UX1NBVElTRklBQkxFAE9SSUdJTl9JU19VTlJFQUNIQUJMRQBSRVNQT05TRV9JU19TVEFMRQBQVVJHRQBNRVJHRQBSRVFVRVNUX0hFQURFUl9GSUVMRFNfVE9PX0xBUkdFAFJFUVVFU1RfSEVBREVSX1RPT19MQVJHRQBQQVlMT0FEX1RPT19MQVJHRQBJTlNVRkZJQ0lFTlRfU1RPUkFHRQBIUEVfUEFVU0VEX1VQR1JBREUASFBFX1BBVVNFRF9IMl9VUEdSQURFAFNPVVJDRQBBTk5PVU5DRQBUUkFDRQBIUEVfVU5FWFBFQ1RFRF9TUEFDRQBERVNDUklCRQBVTlNVQlNDUklCRQBSRUNPUkQASFBFX0lOVkFMSURfTUVUSE9EAE5PVF9GT1VORABQUk9QRklORABVTkJJTkQAUkVCSU5EAFVOQVVUSE9SSVpFRABNRVRIT0RfTk9UX0FMTE9XRUQASFRUUF9WRVJTSU9OX05PVF9TVVBQT1JURUQAQUxSRUFEWV9SRVBPUlRFRABBQ0NFUFRFRABOT1RfSU1QTEVNRU5URUQATE9PUF9ERVRFQ1RFRABIUEVfQ1JfRVhQRUNURUQASFBFX0xGX0VYUEVDVEVEAENSRUFURUQASU1fVVNFRABIUEVfUEFVU0VEAFRJTUVPVVRfT0NDVVJFRABQQVlNRU5UX1JFUVVJUkVEAFBSRUNPTkRJVElPTl9SRVFVSVJFRABQUk9YWV9BVVRIRU5USUNBVElPTl9SRVFVSVJFRABORVRXT1JLX0FVVEhFTlRJQ0FUSU9OX1JFUVVJUkVEAExFTkdUSF9SRVFVSVJFRABTU0xfQ0VSVElGSUNBVEVfUkVRVUlSRUQAVVBHUkFERV9SRVFVSVJFRABQQUdFX0VYUElSRUQAUFJFQ09ORElUSU9OX0ZBSUxFRABFWFBFQ1RBVElPTl9GQUlMRUQAUkVWQUxJREFUSU9OX0ZBSUxFRABTU0xfSEFORFNIQUtFX0ZBSUxFRABMT0NLRUQAVFJBTlNGT1JNQVRJT05fQVBQTElFRABOT1RfTU9ESUZJRUQATk9UX0VYVEVOREVEAEJBTkRXSURUSF9MSU1JVF9FWENFRURFRABTSVRFX0lTX09WRVJMT0FERUQASEVBRABFeHBlY3RlZCBIVFRQLwAAXhMAACYTAAAwEAAA8BcAAJ0TAAAVEgAAORcAAPASAAAKEAAAdRIAAK0SAACCEwAATxQAAH8QAACgFQAAIxQAAIkSAACLFAAATRUAANQRAADPFAAAEBgAAMkWAADcFgAAwREAAOAXAAC7FAAAdBQAAHwVAADlFAAACBcAAB8QAABlFQAAoxQAACgVAAACFQAAmRUAACwQAACLGQAATw8AANQOAABqEAAAzhAAAAIXAACJDgAAbhMAABwTAABmFAAAVhcAAMETAADNEwAAbBMAAGgXAABmFwAAXxcAACITAADODwAAaQ4AANgOAABjFgAAyxMAAKoOAAAoFwAAJhcAAMUTAABdFgAA6BEAAGcTAABlEwAA8hYAAHMTAAAdFwAA+RYAAPMRAADPDgAAzhUAAAwSAACzEQAApREAAGEQAAAyFwAAuxMAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQIBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAIDAgICAgIAAAICAAICAAICAgICAgICAgIABAAAAAAAAgICAgICAgICAgICAgICAgICAgICAgICAgIAAAACAgICAgICAgICAgICAgICAgICAgICAgICAgICAgACAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAACAAICAgICAAACAgACAgACAgICAgICAgICAAMABAAAAAICAgICAgICAgICAgICAgICAgICAgICAgICAAAAAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbG9zZWVlcC1hbGl2ZQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQIBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBY2h1bmtlZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAQEBAQEAAAEBAAEBAAEBAQEBAQEBAQEAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABlY3Rpb25lbnQtbGVuZ3Rob25yb3h5LWNvbm5lY3Rpb24AAAAAAAAAAAAAAAAAAAByYW5zZmVyLWVuY29kaW5ncGdyYWRlDQoNCg0KU00NCg0KVFRQL0NFL1RTUC8AAAAAAAAAAAAAAAABAgABAwAAAAAAAAAAAAAAAAAAAAAAAAQBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAQIAAQMAAAAAAAAAAAAAAAAAAAAAAAAEAQEFAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAAQAAAgAAAAAAAAAAAAAAAAAAAAAAAAMEAAAEBAQEBAQEBAQEBAUEBAQEBAQEBAQEBAQABAAGBwQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEAAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAADAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwAAAAAAAAMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAIAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMAAAAAAAADAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOT1VOQ0VFQ0tPVVRORUNURVRFQ1JJQkVMVVNIRVRFQURTRUFSQ0hSR0VDVElWSVRZTEVOREFSVkVPVElGWVBUSU9OU0NIU0VBWVNUQVRDSEdFT1JESVJFQ1RPUlRSQ0hQQVJBTUVURVJVUkNFQlNDUklCRUFSRE9XTkFDRUlORE5LQ0tVQlNDUklCRUhUVFAvQURUUC8='\n","module.exports = 'AGFzbQEAAAABMAhgAX8Bf2ADf39/AX9gBH9/f38Bf2AAAGADf39/AGABfwBgAn9/AGAGf39/f39/AALLAQgDZW52GHdhc21fb25faGVhZGVyc19jb21wbGV0ZQACA2VudhV3YXNtX29uX21lc3NhZ2VfYmVnaW4AAANlbnYLd2FzbV9vbl91cmwAAQNlbnYOd2FzbV9vbl9zdGF0dXMAAQNlbnYUd2FzbV9vbl9oZWFkZXJfZmllbGQAAQNlbnYUd2FzbV9vbl9oZWFkZXJfdmFsdWUAAQNlbnYMd2FzbV9vbl9ib2R5AAEDZW52GHdhc21fb25fbWVzc2FnZV9jb21wbGV0ZQAAA0ZFAwMEAAAFAAAAAAAABQEFAAUFBQAABgAAAAAGBgYGAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAAABAQcAAAUFAwABBAUBcAESEgUDAQACBggBfwFBgNQECwfRBSIGbWVtb3J5AgALX2luaXRpYWxpemUACRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALbGxodHRwX2luaXQAChhsbGh0dHBfc2hvdWxkX2tlZXBfYWxpdmUAQQxsbGh0dHBfYWxsb2MADAZtYWxsb2MARgtsbGh0dHBfZnJlZQANBGZyZWUASA9sbGh0dHBfZ2V0X3R5cGUADhVsbGh0dHBfZ2V0X2h0dHBfbWFqb3IADxVsbGh0dHBfZ2V0X2h0dHBfbWlub3IAEBFsbGh0dHBfZ2V0X21ldGhvZAARFmxsaHR0cF9nZXRfc3RhdHVzX2NvZGUAEhJsbGh0dHBfZ2V0X3VwZ3JhZGUAEwxsbGh0dHBfcmVzZXQAFA5sbGh0dHBfZXhlY3V0ZQAVFGxsaHR0cF9zZXR0aW5nc19pbml0ABYNbGxodHRwX2ZpbmlzaAAXDGxsaHR0cF9wYXVzZQAYDWxsaHR0cF9yZXN1bWUAGRtsbGh0dHBfcmVzdW1lX2FmdGVyX3VwZ3JhZGUAGhBsbGh0dHBfZ2V0X2Vycm5vABsXbGxodHRwX2dldF9lcnJvcl9yZWFzb24AHBdsbGh0dHBfc2V0X2Vycm9yX3JlYXNvbgAdFGxsaHR0cF9nZXRfZXJyb3JfcG9zAB4RbGxodHRwX2Vycm5vX25hbWUAHxJsbGh0dHBfbWV0aG9kX25hbWUAIBJsbGh0dHBfc3RhdHVzX25hbWUAIRpsbGh0dHBfc2V0X2xlbmllbnRfaGVhZGVycwAiIWxsaHR0cF9zZXRfbGVuaWVudF9jaHVua2VkX2xlbmd0aAAjHWxsaHR0cF9zZXRfbGVuaWVudF9rZWVwX2FsaXZlACQkbGxodHRwX3NldF9sZW5pZW50X3RyYW5zZmVyX2VuY29kaW5nACUYbGxodHRwX21lc3NhZ2VfbmVlZHNfZW9mAD8JFwEAQQELEQECAwQFCwYHNTk3MS8tJyspCrLgAkUCAAsIABCIgICAAAsZACAAEMKAgIAAGiAAIAI2AjggACABOgAoCxwAIAAgAC8BMiAALQAuIAAQwYCAgAAQgICAgAALKgEBf0HAABDGgICAACIBEMKAgIAAGiABQYCIgIAANgI4IAEgADoAKCABCwoAIAAQyICAgAALBwAgAC0AKAsHACAALQAqCwcAIAAtACsLBwAgAC0AKQsHACAALwEyCwcAIAAtAC4LRQEEfyAAKAIYIQEgAC0ALSECIAAtACghAyAAKAI4IQQgABDCgICAABogACAENgI4IAAgAzoAKCAAIAI6AC0gACABNgIYCxEAIAAgASABIAJqEMOAgIAACxAAIABBAEHcABDMgICAABoLZwEBf0EAIQECQCAAKAIMDQACQAJAAkACQCAALQAvDgMBAAMCCyAAKAI4IgFFDQAgASgCLCIBRQ0AIAAgARGAgICAAAAiAQ0DC0EADwsQyoCAgAAACyAAQcOWgIAANgIQQQ4hAQsgAQseAAJAIAAoAgwNACAAQdGbgIAANgIQIABBFTYCDAsLFgACQCAAKAIMQRVHDQAgAEEANgIMCwsWAAJAIAAoAgxBFkcNACAAQQA2AgwLCwcAIAAoAgwLBwAgACgCEAsJACAAIAE2AhALBwAgACgCFAsiAAJAIABBJEkNABDKgICAAAALIABBAnRBoLOAgABqKAIACyIAAkAgAEEuSQ0AEMqAgIAAAAsgAEECdEGwtICAAGooAgAL7gsBAX9B66iAgAAhAQJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAIABBnH9qDvQDY2IAAWFhYWFhYQIDBAVhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhBgcICQoLDA0OD2FhYWFhEGFhYWFhYWFhYWFhEWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYRITFBUWFxgZGhthYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2YTc4OTphYWFhYWFhYTthYWE8YWFhYT0+P2FhYWFhYWFhQGFhQWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYUJDREVGR0hJSktMTU5PUFFSU2FhYWFhYWFhVFVWV1hZWlthXF1hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFeYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhX2BhC0Hhp4CAAA8LQaShgIAADwtBy6yAgAAPC0H+sYCAAA8LQcCkgIAADwtBq6SAgAAPC0GNqICAAA8LQeKmgIAADwtBgLCAgAAPC0G5r4CAAA8LQdekgIAADwtB75+AgAAPC0Hhn4CAAA8LQfqfgIAADwtB8qCAgAAPC0Gor4CAAA8LQa6ygIAADwtBiLCAgAAPC0Hsp4CAAA8LQYKigIAADwtBjp2AgAAPC0HQroCAAA8LQcqjgIAADwtBxbKAgAAPC0HfnICAAA8LQdKcgIAADwtBxKCAgAAPC0HXoICAAA8LQaKfgIAADwtB7a6AgAAPC0GrsICAAA8LQdSlgIAADwtBzK6AgAAPC0H6roCAAA8LQfyrgIAADwtB0rCAgAAPC0HxnYCAAA8LQbuggIAADwtB96uAgAAPC0GQsYCAAA8LQdexgIAADwtBoq2AgAAPC0HUp4CAAA8LQeCrgIAADwtBn6yAgAAPC0HrsYCAAA8LQdWfgIAADwtByrGAgAAPC0HepYCAAA8LQdSegIAADwtB9JyAgAAPC0GnsoCAAA8LQbGdgIAADwtBoJ2AgAAPC0G5sYCAAA8LQbywgIAADwtBkqGAgAAPC0GzpoCAAA8LQemsgIAADwtBrJ6AgAAPC0HUq4CAAA8LQfemgIAADwtBgKaAgAAPC0GwoYCAAA8LQf6egIAADwtBjaOAgAAPC0GJrYCAAA8LQfeigIAADwtBoLGAgAAPC0Gun4CAAA8LQcalgIAADwtB6J6AgAAPC0GTooCAAA8LQcKvgIAADwtBw52AgAAPC0GLrICAAA8LQeGdgIAADwtBja+AgAAPC0HqoYCAAA8LQbStgIAADwtB0q+AgAAPC0HfsoCAAA8LQdKygIAADwtB8LCAgAAPC0GpooCAAA8LQfmjgIAADwtBmZ6AgAAPC0G1rICAAA8LQZuwgIAADwtBkrKAgAAPC0G2q4CAAA8LQcKigIAADwtB+LKAgAAPC0GepYCAAA8LQdCigIAADwtBup6AgAAPC0GBnoCAAA8LEMqAgIAAAAtB1qGAgAAhAQsgAQsWACAAIAAtAC1B/gFxIAFBAEdyOgAtCxkAIAAgAC0ALUH9AXEgAUEAR0EBdHI6AC0LGQAgACAALQAtQfsBcSABQQBHQQJ0cjoALQsZACAAIAAtAC1B9wFxIAFBAEdBA3RyOgAtCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAgAiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCBCIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQcaRgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIwIgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAggiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEH2ioCAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCNCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIMIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABB7ZqAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAjgiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCECIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQZWQgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAI8IgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAhQiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEGqm4CAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCQCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIYIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABB7ZOAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAkQiBEUNACAAIAQRgICAgAAAIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCJCIERQ0AIAAgBBGAgICAAAAhAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIsIgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAigiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEH2iICAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCUCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIcIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABBwpmAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAkgiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCICIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQZSUgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAJMIgRFDQAgACAEEYCAgIAAACEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAlQiBEUNACAAIAQRgICAgAAAIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCWCIERQ0AIAAgBBGAgICAAAAhAwsgAwtFAQF/AkACQCAALwEwQRRxQRRHDQBBASEDIAAtAChBAUYNASAALwEyQeUARiEDDAELIAAtAClBBUYhAwsgACADOgAuQQAL/gEBA39BASEDAkAgAC8BMCIEQQhxDQAgACkDIEIAUiEDCwJAAkAgAC0ALkUNAEEBIQUgAC0AKUEFRg0BQQEhBSAEQcAAcUUgA3FBAUcNAQtBACEFIARBwABxDQBBAiEFIARB//8DcSIDQQhxDQACQCADQYAEcUUNAAJAIAAtAChBAUcNACAALQAtQQpxDQBBBQ8LQQQPCwJAIANBIHENAAJAIAAtAChBAUYNACAALwEyQf//A3EiAEGcf2pB5ABJDQAgAEHMAUYNACAAQbACRg0AQQQhBSAEQShxRQ0CIANBiARxQYAERg0CC0EADwtBAEEDIAApAyBQGyEFCyAFC2IBAn9BACEBAkAgAC0AKEEBRg0AIAAvATJB//8DcSICQZx/akHkAEkNACACQcwBRg0AIAJBsAJGDQAgAC8BMCIAQcAAcQ0AQQEhASAAQYgEcUGABEYNACAAQShxRSEBCyABC6cBAQN/AkACQAJAIAAtACpFDQAgAC0AK0UNAEEAIQMgAC8BMCIEQQJxRQ0BDAILQQAhAyAALwEwIgRBAXFFDQELQQEhAyAALQAoQQFGDQAgAC8BMkH//wNxIgVBnH9qQeQASQ0AIAVBzAFGDQAgBUGwAkYNACAEQcAAcQ0AQQAhAyAEQYgEcUGABEYNACAEQShxQQBHIQMLIABBADsBMCAAQQA6AC8gAwuZAQECfwJAAkACQCAALQAqRQ0AIAAtACtFDQBBACEBIAAvATAiAkECcUUNAQwCC0EAIQEgAC8BMCICQQFxRQ0BC0EBIQEgAC0AKEEBRg0AIAAvATJB//8DcSIAQZx/akHkAEkNACAAQcwBRg0AIABBsAJGDQAgAkHAAHENAEEAIQEgAkGIBHFBgARGDQAgAkEocUEARyEBCyABC0kBAXsgAEEQav0MAAAAAAAAAAAAAAAAAAAAACIB/QsDACAAIAH9CwMAIABBMGogAf0LAwAgAEEgaiAB/QsDACAAQd0BNgIcQQALewEBfwJAIAAoAgwiAw0AAkAgACgCBEUNACAAIAE2AgQLAkAgACABIAIQxICAgAAiAw0AIAAoAgwPCyAAIAM2AhxBACEDIAAoAgQiAUUNACAAIAEgAiAAKAIIEYGAgIAAACIBRQ0AIAAgAjYCFCAAIAE2AgwgASEDCyADC+TzAQMOfwN+BH8jgICAgABBEGsiAySAgICAACABIQQgASEFIAEhBiABIQcgASEIIAEhCSABIQogASELIAEhDCABIQ0gASEOIAEhDwJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQCAAKAIcIhBBf2oO3QHaAQHZAQIDBAUGBwgJCgsMDQ7YAQ8Q1wEREtYBExQVFhcYGRob4AHfARwdHtUBHyAhIiMkJdQBJicoKSorLNMB0gEtLtEB0AEvMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUbbAUdISUrPAc4BS80BTMwBTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5/gAGBAYIBgwGEAYUBhgGHAYgBiQGKAYsBjAGNAY4BjwGQAZEBkgGTAZQBlQGWAZcBmAGZAZoBmwGcAZ0BngGfAaABoQGiAaMBpAGlAaYBpwGoAakBqgGrAawBrQGuAa8BsAGxAbIBswG0AbUBtgG3AcsBygG4AckBuQHIAboBuwG8Ab0BvgG/AcABwQHCAcMBxAHFAcYBANwBC0EAIRAMxgELQQ4hEAzFAQtBDSEQDMQBC0EPIRAMwwELQRAhEAzCAQtBEyEQDMEBC0EUIRAMwAELQRUhEAy/AQtBFiEQDL4BC0EXIRAMvQELQRghEAy8AQtBGSEQDLsBC0EaIRAMugELQRshEAy5AQtBHCEQDLgBC0EIIRAMtwELQR0hEAy2AQtBICEQDLUBC0EfIRAMtAELQQchEAyzAQtBISEQDLIBC0EiIRAMsQELQR4hEAywAQtBIyEQDK8BC0ESIRAMrgELQREhEAytAQtBJCEQDKwBC0ElIRAMqwELQSYhEAyqAQtBJyEQDKkBC0HDASEQDKgBC0EpIRAMpwELQSshEAymAQtBLCEQDKUBC0EtIRAMpAELQS4hEAyjAQtBLyEQDKIBC0HEASEQDKEBC0EwIRAMoAELQTQhEAyfAQtBDCEQDJ4BC0ExIRAMnQELQTIhEAycAQtBMyEQDJsBC0E5IRAMmgELQTUhEAyZAQtBxQEhEAyYAQtBCyEQDJcBC0E6IRAMlgELQTYhEAyVAQtBCiEQDJQBC0E3IRAMkwELQTghEAySAQtBPCEQDJEBC0E7IRAMkAELQT0hEAyPAQtBCSEQDI4BC0EoIRAMjQELQT4hEAyMAQtBPyEQDIsBC0HAACEQDIoBC0HBACEQDIkBC0HCACEQDIgBC0HDACEQDIcBC0HEACEQDIYBC0HFACEQDIUBC0HGACEQDIQBC0EqIRAMgwELQccAIRAMggELQcgAIRAMgQELQckAIRAMgAELQcoAIRAMfwtBywAhEAx+C0HNACEQDH0LQcwAIRAMfAtBzgAhEAx7C0HPACEQDHoLQdAAIRAMeQtB0QAhEAx4C0HSACEQDHcLQdMAIRAMdgtB1AAhEAx1C0HWACEQDHQLQdUAIRAMcwtBBiEQDHILQdcAIRAMcQtBBSEQDHALQdgAIRAMbwtBBCEQDG4LQdkAIRAMbQtB2gAhEAxsC0HbACEQDGsLQdwAIRAMagtBAyEQDGkLQd0AIRAMaAtB3gAhEAxnC0HfACEQDGYLQeEAIRAMZQtB4AAhEAxkC0HiACEQDGMLQeMAIRAMYgtBAiEQDGELQeQAIRAMYAtB5QAhEAxfC0HmACEQDF4LQecAIRAMXQtB6AAhEAxcC0HpACEQDFsLQeoAIRAMWgtB6wAhEAxZC0HsACEQDFgLQe0AIRAMVwtB7gAhEAxWC0HvACEQDFULQfAAIRAMVAtB8QAhEAxTC0HyACEQDFILQfMAIRAMUQtB9AAhEAxQC0H1ACEQDE8LQfYAIRAMTgtB9wAhEAxNC0H4ACEQDEwLQfkAIRAMSwtB+gAhEAxKC0H7ACEQDEkLQfwAIRAMSAtB/QAhEAxHC0H+ACEQDEYLQf8AIRAMRQtBgAEhEAxEC0GBASEQDEMLQYIBIRAMQgtBgwEhEAxBC0GEASEQDEALQYUBIRAMPwtBhgEhEAw+C0GHASEQDD0LQYgBIRAMPAtBiQEhEAw7C0GKASEQDDoLQYsBIRAMOQtBjAEhEAw4C0GNASEQDDcLQY4BIRAMNgtBjwEhEAw1C0GQASEQDDQLQZEBIRAMMwtBkgEhEAwyC0GTASEQDDELQZQBIRAMMAtBlQEhEAwvC0GWASEQDC4LQZcBIRAMLQtBmAEhEAwsC0GZASEQDCsLQZoBIRAMKgtBmwEhEAwpC0GcASEQDCgLQZ0BIRAMJwtBngEhEAwmC0GfASEQDCULQaABIRAMJAtBoQEhEAwjC0GiASEQDCILQaMBIRAMIQtBpAEhEAwgC0GlASEQDB8LQaYBIRAMHgtBpwEhEAwdC0GoASEQDBwLQakBIRAMGwtBqgEhEAwaC0GrASEQDBkLQawBIRAMGAtBrQEhEAwXC0GuASEQDBYLQQEhEAwVC0GvASEQDBQLQbABIRAMEwtBsQEhEAwSC0GzASEQDBELQbIBIRAMEAtBtAEhEAwPC0G1ASEQDA4LQbYBIRAMDQtBtwEhEAwMC0G4ASEQDAsLQbkBIRAMCgtBugEhEAwJC0G7ASEQDAgLQcYBIRAMBwtBvAEhEAwGC0G9ASEQDAULQb4BIRAMBAtBvwEhEAwDC0HAASEQDAILQcIBIRAMAQtBwQEhEAsDQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAIBAOxwEAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB4fICEjJSg/QEFERUZHSElKS0xNT1BRUlPeA1dZW1xdYGJlZmdoaWprbG1vcHFyc3R1dnd4eXp7fH1+gAGCAYUBhgGHAYkBiwGMAY0BjgGPAZABkQGUAZUBlgGXAZgBmQGaAZsBnAGdAZ4BnwGgAaEBogGjAaQBpQGmAacBqAGpAaoBqwGsAa0BrgGvAbABsQGyAbMBtAG1AbYBtwG4AbkBugG7AbwBvQG+Ab8BwAHBAcIBwwHEAcUBxgHHAcgByQHKAcsBzAHNAc4BzwHQAdEB0gHTAdQB1QHWAdcB2AHZAdoB2wHcAd0B3gHgAeEB4gHjAeQB5QHmAecB6AHpAeoB6wHsAe0B7gHvAfAB8QHyAfMBmQKkArAC/gL+AgsgASIEIAJHDfMBQd0BIRAM/wMLIAEiECACRw3dAUHDASEQDP4DCyABIgEgAkcNkAFB9wAhEAz9AwsgASIBIAJHDYYBQe8AIRAM/AMLIAEiASACRw1/QeoAIRAM+wMLIAEiASACRw17QegAIRAM+gMLIAEiASACRw14QeYAIRAM+QMLIAEiASACRw0aQRghEAz4AwsgASIBIAJHDRRBEiEQDPcDCyABIgEgAkcNWUHFACEQDPYDCyABIgEgAkcNSkE/IRAM9QMLIAEiASACRw1IQTwhEAz0AwsgASIBIAJHDUFBMSEQDPMDCyAALQAuQQFGDesDDIcCCyAAIAEiASACEMCAgIAAQQFHDeYBIABCADcDIAznAQsgACABIgEgAhC0gICAACIQDecBIAEhAQz1AgsCQCABIgEgAkcNAEEGIRAM8AMLIAAgAUEBaiIBIAIQu4CAgAAiEA3oASABIQEMMQsgAEIANwMgQRIhEAzVAwsgASIQIAJHDStBHSEQDO0DCwJAIAEiASACRg0AIAFBAWohAUEQIRAM1AMLQQchEAzsAwsgAEIAIAApAyAiESACIAEiEGutIhJ9IhMgEyARVhs3AyAgESASViIURQ3lAUEIIRAM6wMLAkAgASIBIAJGDQAgAEGJgICAADYCCCAAIAE2AgQgASEBQRQhEAzSAwtBCSEQDOoDCyABIQEgACkDIFAN5AEgASEBDPICCwJAIAEiASACRw0AQQshEAzpAwsgACABQQFqIgEgAhC2gICAACIQDeUBIAEhAQzyAgsgACABIgEgAhC4gICAACIQDeUBIAEhAQzyAgsgACABIgEgAhC4gICAACIQDeYBIAEhAQwNCyAAIAEiASACELqAgIAAIhAN5wEgASEBDPACCwJAIAEiASACRw0AQQ8hEAzlAwsgAS0AACIQQTtGDQggEEENRw3oASABQQFqIQEM7wILIAAgASIBIAIQuoCAgAAiEA3oASABIQEM8gILA0ACQCABLQAAQfC1gIAAai0AACIQQQFGDQAgEEECRw3rASAAKAIEIRAgAEEANgIEIAAgECABQQFqIgEQuYCAgAAiEA3qASABIQEM9AILIAFBAWoiASACRw0AC0ESIRAM4gMLIAAgASIBIAIQuoCAgAAiEA3pASABIQEMCgsgASIBIAJHDQZBGyEQDOADCwJAIAEiASACRw0AQRYhEAzgAwsgAEGKgICAADYCCCAAIAE2AgQgACABIAIQuICAgAAiEA3qASABIQFBICEQDMYDCwJAIAEiASACRg0AA0ACQCABLQAAQfC3gIAAai0AACIQQQJGDQACQCAQQX9qDgTlAewBAOsB7AELIAFBAWohAUEIIRAMyAMLIAFBAWoiASACRw0AC0EVIRAM3wMLQRUhEAzeAwsDQAJAIAEtAABB8LmAgABqLQAAIhBBAkYNACAQQX9qDgTeAewB4AHrAewBCyABQQFqIgEgAkcNAAtBGCEQDN0DCwJAIAEiASACRg0AIABBi4CAgAA2AgggACABNgIEIAEhAUEHIRAMxAMLQRkhEAzcAwsgAUEBaiEBDAILAkAgASIUIAJHDQBBGiEQDNsDCyAUIQECQCAULQAAQXNqDhTdAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gLuAgDuAgtBACEQIABBADYCHCAAQa+LgIAANgIQIABBAjYCDCAAIBRBAWo2AhQM2gMLAkAgAS0AACIQQTtGDQAgEEENRw3oASABQQFqIQEM5QILIAFBAWohAQtBIiEQDL8DCwJAIAEiECACRw0AQRwhEAzYAwtCACERIBAhASAQLQAAQVBqDjfnAeYBAQIDBAUGBwgAAAAAAAAACQoLDA0OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPEBESExQAC0EeIRAMvQMLQgIhEQzlAQtCAyERDOQBC0IEIREM4wELQgUhEQziAQtCBiERDOEBC0IHIREM4AELQgghEQzfAQtCCSERDN4BC0IKIREM3QELQgshEQzcAQtCDCERDNsBC0INIREM2gELQg4hEQzZAQtCDyERDNgBC0IKIREM1wELQgshEQzWAQtCDCERDNUBC0INIREM1AELQg4hEQzTAQtCDyERDNIBC0IAIRECQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAIBAtAABBUGoON+UB5AEAAQIDBAUGB+YB5gHmAeYB5gHmAeYBCAkKCwwN5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAQ4PEBESE+YBC0ICIREM5AELQgMhEQzjAQtCBCERDOIBC0IFIREM4QELQgYhEQzgAQtCByERDN8BC0IIIREM3gELQgkhEQzdAQtCCiERDNwBC0ILIREM2wELQgwhEQzaAQtCDSERDNkBC0IOIREM2AELQg8hEQzXAQtCCiERDNYBC0ILIREM1QELQgwhEQzUAQtCDSERDNMBC0IOIREM0gELQg8hEQzRAQsgAEIAIAApAyAiESACIAEiEGutIhJ9IhMgEyARVhs3AyAgESASViIURQ3SAUEfIRAMwAMLAkAgASIBIAJGDQAgAEGJgICAADYCCCAAIAE2AgQgASEBQSQhEAynAwtBICEQDL8DCyAAIAEiECACEL6AgIAAQX9qDgW2AQDFAgHRAdIBC0ERIRAMpAMLIABBAToALyAQIQEMuwMLIAEiASACRw3SAUEkIRAMuwMLIAEiDSACRw0eQcYAIRAMugMLIAAgASIBIAIQsoCAgAAiEA3UASABIQEMtQELIAEiECACRw0mQdAAIRAMuAMLAkAgASIBIAJHDQBBKCEQDLgDCyAAQQA2AgQgAEGMgICAADYCCCAAIAEgARCxgICAACIQDdMBIAEhAQzYAQsCQCABIhAgAkcNAEEpIRAMtwMLIBAtAAAiAUEgRg0UIAFBCUcN0wEgEEEBaiEBDBULAkAgASIBIAJGDQAgAUEBaiEBDBcLQSohEAy1AwsCQCABIhAgAkcNAEErIRAMtQMLAkAgEC0AACIBQQlGDQAgAUEgRw3VAQsgAC0ALEEIRg3TASAQIQEMkQMLAkAgASIBIAJHDQBBLCEQDLQDCyABLQAAQQpHDdUBIAFBAWohAQzJAgsgASIOIAJHDdUBQS8hEAyyAwsDQAJAIAEtAAAiEEEgRg0AAkAgEEF2ag4EANwB3AEA2gELIAEhAQzgAQsgAUEBaiIBIAJHDQALQTEhEAyxAwtBMiEQIAEiFCACRg2wAyACIBRrIAAoAgAiAWohFSAUIAFrQQNqIRYCQANAIBQtAAAiF0EgciAXIBdBv39qQf8BcUEaSRtB/wFxIAFB8LuAgABqLQAARw0BAkAgAUEDRw0AQQYhAQyWAwsgAUEBaiEBIBRBAWoiFCACRw0ACyAAIBU2AgAMsQMLIABBADYCACAUIQEM2QELQTMhECABIhQgAkYNrwMgAiAUayAAKAIAIgFqIRUgFCABa0EIaiEWAkADQCAULQAAIhdBIHIgFyAXQb9/akH/AXFBGkkbQf8BcSABQfS7gIAAai0AAEcNAQJAIAFBCEcNAEEFIQEMlQMLIAFBAWohASAUQQFqIhQgAkcNAAsgACAVNgIADLADCyAAQQA2AgAgFCEBDNgBC0E0IRAgASIUIAJGDa4DIAIgFGsgACgCACIBaiEVIBQgAWtBBWohFgJAA0AgFC0AACIXQSByIBcgF0G/f2pB/wFxQRpJG0H/AXEgAUHQwoCAAGotAABHDQECQCABQQVHDQBBByEBDJQDCyABQQFqIQEgFEEBaiIUIAJHDQALIAAgFTYCAAyvAwsgAEEANgIAIBQhAQzXAQsCQCABIgEgAkYNAANAAkAgAS0AAEGAvoCAAGotAAAiEEEBRg0AIBBBAkYNCiABIQEM3QELIAFBAWoiASACRw0AC0EwIRAMrgMLQTAhEAytAwsCQCABIgEgAkYNAANAAkAgAS0AACIQQSBGDQAgEEF2ag4E2QHaAdoB2QHaAQsgAUEBaiIBIAJHDQALQTghEAytAwtBOCEQDKwDCwNAAkAgAS0AACIQQSBGDQAgEEEJRw0DCyABQQFqIgEgAkcNAAtBPCEQDKsDCwNAAkAgAS0AACIQQSBGDQACQAJAIBBBdmoOBNoBAQHaAQALIBBBLEYN2wELIAEhAQwECyABQQFqIgEgAkcNAAtBPyEQDKoDCyABIQEM2wELQcAAIRAgASIUIAJGDagDIAIgFGsgACgCACIBaiEWIBQgAWtBBmohFwJAA0AgFC0AAEEgciABQYDAgIAAai0AAEcNASABQQZGDY4DIAFBAWohASAUQQFqIhQgAkcNAAsgACAWNgIADKkDCyAAQQA2AgAgFCEBC0E2IRAMjgMLAkAgASIPIAJHDQBBwQAhEAynAwsgAEGMgICAADYCCCAAIA82AgQgDyEBIAAtACxBf2oOBM0B1QHXAdkBhwMLIAFBAWohAQzMAQsCQCABIgEgAkYNAANAAkAgAS0AACIQQSByIBAgEEG/f2pB/wFxQRpJG0H/AXEiEEEJRg0AIBBBIEYNAAJAAkACQAJAIBBBnX9qDhMAAwMDAwMDAwEDAwMDAwMDAwMCAwsgAUEBaiEBQTEhEAyRAwsgAUEBaiEBQTIhEAyQAwsgAUEBaiEBQTMhEAyPAwsgASEBDNABCyABQQFqIgEgAkcNAAtBNSEQDKUDC0E1IRAMpAMLAkAgASIBIAJGDQADQAJAIAEtAABBgLyAgABqLQAAQQFGDQAgASEBDNMBCyABQQFqIgEgAkcNAAtBPSEQDKQDC0E9IRAMowMLIAAgASIBIAIQsICAgAAiEA3WASABIQEMAQsgEEEBaiEBC0E8IRAMhwMLAkAgASIBIAJHDQBBwgAhEAygAwsCQANAAkAgAS0AAEF3ag4YAAL+Av4ChAP+Av4C/gL+Av4C/gL+Av4C/gL+Av4C/gL+Av4C/gL+Av4C/gIA/gILIAFBAWoiASACRw0AC0HCACEQDKADCyABQQFqIQEgAC0ALUEBcUUNvQEgASEBC0EsIRAMhQMLIAEiASACRw3TAUHEACEQDJ0DCwNAAkAgAS0AAEGQwICAAGotAABBAUYNACABIQEMtwILIAFBAWoiASACRw0AC0HFACEQDJwDCyANLQAAIhBBIEYNswEgEEE6Rw2BAyAAKAIEIQEgAEEANgIEIAAgASANEK+AgIAAIgEN0AEgDUEBaiEBDLMCC0HHACEQIAEiDSACRg2aAyACIA1rIAAoAgAiAWohFiANIAFrQQVqIRcDQCANLQAAIhRBIHIgFCAUQb9/akH/AXFBGkkbQf8BcSABQZDCgIAAai0AAEcNgAMgAUEFRg30AiABQQFqIQEgDUEBaiINIAJHDQALIAAgFjYCAAyaAwtByAAhECABIg0gAkYNmQMgAiANayAAKAIAIgFqIRYgDSABa0EJaiEXA0AgDS0AACIUQSByIBQgFEG/f2pB/wFxQRpJG0H/AXEgAUGWwoCAAGotAABHDf8CAkAgAUEJRw0AQQIhAQz1AgsgAUEBaiEBIA1BAWoiDSACRw0ACyAAIBY2AgAMmQMLAkAgASINIAJHDQBByQAhEAyZAwsCQAJAIA0tAAAiAUEgciABIAFBv39qQf8BcUEaSRtB/wFxQZJ/ag4HAIADgAOAA4ADgAMBgAMLIA1BAWohAUE+IRAMgAMLIA1BAWohAUE/IRAM/wILQcoAIRAgASINIAJGDZcDIAIgDWsgACgCACIBaiEWIA0gAWtBAWohFwNAIA0tAAAiFEEgciAUIBRBv39qQf8BcUEaSRtB/wFxIAFBoMKAgABqLQAARw39AiABQQFGDfACIAFBAWohASANQQFqIg0gAkcNAAsgACAWNgIADJcDC0HLACEQIAEiDSACRg2WAyACIA1rIAAoAgAiAWohFiANIAFrQQ5qIRcDQCANLQAAIhRBIHIgFCAUQb9/akH/AXFBGkkbQf8BcSABQaLCgIAAai0AAEcN/AIgAUEORg3wAiABQQFqIQEgDUEBaiINIAJHDQALIAAgFjYCAAyWAwtBzAAhECABIg0gAkYNlQMgAiANayAAKAIAIgFqIRYgDSABa0EPaiEXA0AgDS0AACIUQSByIBQgFEG/f2pB/wFxQRpJG0H/AXEgAUHAwoCAAGotAABHDfsCAkAgAUEPRw0AQQMhAQzxAgsgAUEBaiEBIA1BAWoiDSACRw0ACyAAIBY2AgAMlQMLQc0AIRAgASINIAJGDZQDIAIgDWsgACgCACIBaiEWIA0gAWtBBWohFwNAIA0tAAAiFEEgciAUIBRBv39qQf8BcUEaSRtB/wFxIAFB0MKAgABqLQAARw36AgJAIAFBBUcNAEEEIQEM8AILIAFBAWohASANQQFqIg0gAkcNAAsgACAWNgIADJQDCwJAIAEiDSACRw0AQc4AIRAMlAMLAkACQAJAAkAgDS0AACIBQSByIAEgAUG/f2pB/wFxQRpJG0H/AXFBnX9qDhMA/QL9Av0C/QL9Av0C/QL9Av0C/QL9Av0CAf0C/QL9AgID/QILIA1BAWohAUHBACEQDP0CCyANQQFqIQFBwgAhEAz8AgsgDUEBaiEBQcMAIRAM+wILIA1BAWohAUHEACEQDPoCCwJAIAEiASACRg0AIABBjYCAgAA2AgggACABNgIEIAEhAUHFACEQDPoCC0HPACEQDJIDCyAQIQECQAJAIBAtAABBdmoOBAGoAqgCAKgCCyAQQQFqIQELQSchEAz4AgsCQCABIgEgAkcNAEHRACEQDJEDCwJAIAEtAABBIEYNACABIQEMjQELIAFBAWohASAALQAtQQFxRQ3HASABIQEMjAELIAEiFyACRw3IAUHSACEQDI8DC0HTACEQIAEiFCACRg2OAyACIBRrIAAoAgAiAWohFiAUIAFrQQFqIRcDQCAULQAAIAFB1sKAgABqLQAARw3MASABQQFGDccBIAFBAWohASAUQQFqIhQgAkcNAAsgACAWNgIADI4DCwJAIAEiASACRw0AQdUAIRAMjgMLIAEtAABBCkcNzAEgAUEBaiEBDMcBCwJAIAEiASACRw0AQdYAIRAMjQMLAkACQCABLQAAQXZqDgQAzQHNAQHNAQsgAUEBaiEBDMcBCyABQQFqIQFBygAhEAzzAgsgACABIgEgAhCugICAACIQDcsBIAEhAUHNACEQDPICCyAALQApQSJGDYUDDKYCCwJAIAEiASACRw0AQdsAIRAMigMLQQAhFEEBIRdBASEWQQAhEAJAAkACQAJAAkACQAJAAkACQCABLQAAQVBqDgrUAdMBAAECAwQFBgjVAQtBAiEQDAYLQQMhEAwFC0EEIRAMBAtBBSEQDAMLQQYhEAwCC0EHIRAMAQtBCCEQC0EAIRdBACEWQQAhFAzMAQtBCSEQQQEhFEEAIRdBACEWDMsBCwJAIAEiASACRw0AQd0AIRAMiQMLIAEtAABBLkcNzAEgAUEBaiEBDKYCCyABIgEgAkcNzAFB3wAhEAyHAwsCQCABIgEgAkYNACAAQY6AgIAANgIIIAAgATYCBCABIQFB0AAhEAzuAgtB4AAhEAyGAwtB4QAhECABIgEgAkYNhQMgAiABayAAKAIAIhRqIRYgASAUa0EDaiEXA0AgAS0AACAUQeLCgIAAai0AAEcNzQEgFEEDRg3MASAUQQFqIRQgAUEBaiIBIAJHDQALIAAgFjYCAAyFAwtB4gAhECABIgEgAkYNhAMgAiABayAAKAIAIhRqIRYgASAUa0ECaiEXA0AgAS0AACAUQebCgIAAai0AAEcNzAEgFEECRg3OASAUQQFqIRQgAUEBaiIBIAJHDQALIAAgFjYCAAyEAwtB4wAhECABIgEgAkYNgwMgAiABayAAKAIAIhRqIRYgASAUa0EDaiEXA0AgAS0AACAUQenCgIAAai0AAEcNywEgFEEDRg3OASAUQQFqIRQgAUEBaiIBIAJHDQALIAAgFjYCAAyDAwsCQCABIgEgAkcNAEHlACEQDIMDCyAAIAFBAWoiASACEKiAgIAAIhANzQEgASEBQdYAIRAM6QILAkAgASIBIAJGDQADQAJAIAEtAAAiEEEgRg0AAkACQAJAIBBBuH9qDgsAAc8BzwHPAc8BzwHPAc8BzwECzwELIAFBAWohAUHSACEQDO0CCyABQQFqIQFB0wAhEAzsAgsgAUEBaiEBQdQAIRAM6wILIAFBAWoiASACRw0AC0HkACEQDIIDC0HkACEQDIEDCwNAAkAgAS0AAEHwwoCAAGotAAAiEEEBRg0AIBBBfmoOA88B0AHRAdIBCyABQQFqIgEgAkcNAAtB5gAhEAyAAwsCQCABIgEgAkYNACABQQFqIQEMAwtB5wAhEAz/AgsDQAJAIAEtAABB8MSAgABqLQAAIhBBAUYNAAJAIBBBfmoOBNIB0wHUAQDVAQsgASEBQdcAIRAM5wILIAFBAWoiASACRw0AC0HoACEQDP4CCwJAIAEiASACRw0AQekAIRAM/gILAkAgAS0AACIQQXZqDhq6AdUB1QG8AdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHVAcoB1QHVAQDTAQsgAUEBaiEBC0EGIRAM4wILA0ACQCABLQAAQfDGgIAAai0AAEEBRg0AIAEhAQyeAgsgAUEBaiIBIAJHDQALQeoAIRAM+wILAkAgASIBIAJGDQAgAUEBaiEBDAMLQesAIRAM+gILAkAgASIBIAJHDQBB7AAhEAz6AgsgAUEBaiEBDAELAkAgASIBIAJHDQBB7QAhEAz5AgsgAUEBaiEBC0EEIRAM3gILAkAgASIUIAJHDQBB7gAhEAz3AgsgFCEBAkACQAJAIBQtAABB8MiAgABqLQAAQX9qDgfUAdUB1gEAnAIBAtcBCyAUQQFqIQEMCgsgFEEBaiEBDM0BC0EAIRAgAEEANgIcIABBm5KAgAA2AhAgAEEHNgIMIAAgFEEBajYCFAz2AgsCQANAAkAgAS0AAEHwyICAAGotAAAiEEEERg0AAkACQCAQQX9qDgfSAdMB1AHZAQAEAdkBCyABIQFB2gAhEAzgAgsgAUEBaiEBQdwAIRAM3wILIAFBAWoiASACRw0AC0HvACEQDPYCCyABQQFqIQEMywELAkAgASIUIAJHDQBB8AAhEAz1AgsgFC0AAEEvRw3UASAUQQFqIQEMBgsCQCABIhQgAkcNAEHxACEQDPQCCwJAIBQtAAAiAUEvRw0AIBRBAWohAUHdACEQDNsCCyABQXZqIgRBFksN0wFBASAEdEGJgIACcUUN0wEMygILAkAgASIBIAJGDQAgAUEBaiEBQd4AIRAM2gILQfIAIRAM8gILAkAgASIUIAJHDQBB9AAhEAzyAgsgFCEBAkAgFC0AAEHwzICAAGotAABBf2oOA8kClAIA1AELQeEAIRAM2AILAkAgASIUIAJGDQADQAJAIBQtAABB8MqAgABqLQAAIgFBA0YNAAJAIAFBf2oOAssCANUBCyAUIQFB3wAhEAzaAgsgFEEBaiIUIAJHDQALQfMAIRAM8QILQfMAIRAM8AILAkAgASIBIAJGDQAgAEGPgICAADYCCCAAIAE2AgQgASEBQeAAIRAM1wILQfUAIRAM7wILAkAgASIBIAJHDQBB9gAhEAzvAgsgAEGPgICAADYCCCAAIAE2AgQgASEBC0EDIRAM1AILA0AgAS0AAEEgRw3DAiABQQFqIgEgAkcNAAtB9wAhEAzsAgsCQCABIgEgAkcNAEH4ACEQDOwCCyABLQAAQSBHDc4BIAFBAWohAQzvAQsgACABIgEgAhCsgICAACIQDc4BIAEhAQyOAgsCQCABIgQgAkcNAEH6ACEQDOoCCyAELQAAQcwARw3RASAEQQFqIQFBEyEQDM8BCwJAIAEiBCACRw0AQfsAIRAM6QILIAIgBGsgACgCACIBaiEUIAQgAWtBBWohEANAIAQtAAAgAUHwzoCAAGotAABHDdABIAFBBUYNzgEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBB+wAhEAzoAgsCQCABIgQgAkcNAEH8ACEQDOgCCwJAAkAgBC0AAEG9f2oODADRAdEB0QHRAdEB0QHRAdEB0QHRAQHRAQsgBEEBaiEBQeYAIRAMzwILIARBAWohAUHnACEQDM4CCwJAIAEiBCACRw0AQf0AIRAM5wILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQe3PgIAAai0AAEcNzwEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQf0AIRAM5wILIABBADYCACAQQQFqIQFBECEQDMwBCwJAIAEiBCACRw0AQf4AIRAM5gILIAIgBGsgACgCACIBaiEUIAQgAWtBBWohEAJAA0AgBC0AACABQfbOgIAAai0AAEcNzgEgAUEFRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQf4AIRAM5gILIABBADYCACAQQQFqIQFBFiEQDMsBCwJAIAEiBCACRw0AQf8AIRAM5QILIAIgBGsgACgCACIBaiEUIAQgAWtBA2ohEAJAA0AgBC0AACABQfzOgIAAai0AAEcNzQEgAUEDRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQf8AIRAM5QILIABBADYCACAQQQFqIQFBBSEQDMoBCwJAIAEiBCACRw0AQYABIRAM5AILIAQtAABB2QBHDcsBIARBAWohAUEIIRAMyQELAkAgASIEIAJHDQBBgQEhEAzjAgsCQAJAIAQtAABBsn9qDgMAzAEBzAELIARBAWohAUHrACEQDMoCCyAEQQFqIQFB7AAhEAzJAgsCQCABIgQgAkcNAEGCASEQDOICCwJAAkAgBC0AAEG4f2oOCADLAcsBywHLAcsBywEBywELIARBAWohAUHqACEQDMkCCyAEQQFqIQFB7QAhEAzIAgsCQCABIgQgAkcNAEGDASEQDOECCyACIARrIAAoAgAiAWohECAEIAFrQQJqIRQCQANAIAQtAAAgAUGAz4CAAGotAABHDckBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgEDYCAEGDASEQDOECC0EAIRAgAEEANgIAIBRBAWohAQzGAQsCQCABIgQgAkcNAEGEASEQDOACCyACIARrIAAoAgAiAWohFCAEIAFrQQRqIRACQANAIAQtAAAgAUGDz4CAAGotAABHDcgBIAFBBEYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGEASEQDOACCyAAQQA2AgAgEEEBaiEBQSMhEAzFAQsCQCABIgQgAkcNAEGFASEQDN8CCwJAAkAgBC0AAEG0f2oOCADIAcgByAHIAcgByAEByAELIARBAWohAUHvACEQDMYCCyAEQQFqIQFB8AAhEAzFAgsCQCABIgQgAkcNAEGGASEQDN4CCyAELQAAQcUARw3FASAEQQFqIQEMgwILAkAgASIEIAJHDQBBhwEhEAzdAgsgAiAEayAAKAIAIgFqIRQgBCABa0EDaiEQAkADQCAELQAAIAFBiM+AgABqLQAARw3FASABQQNGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBhwEhEAzdAgsgAEEANgIAIBBBAWohAUEtIRAMwgELAkAgASIEIAJHDQBBiAEhEAzcAgsgAiAEayAAKAIAIgFqIRQgBCABa0EIaiEQAkADQCAELQAAIAFB0M+AgABqLQAARw3EASABQQhGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBiAEhEAzcAgsgAEEANgIAIBBBAWohAUEpIRAMwQELAkAgASIBIAJHDQBBiQEhEAzbAgtBASEQIAEtAABB3wBHDcABIAFBAWohAQyBAgsCQCABIgQgAkcNAEGKASEQDNoCCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRADQCAELQAAIAFBjM+AgABqLQAARw3BASABQQFGDa8CIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQYoBIRAM2QILAkAgASIEIAJHDQBBiwEhEAzZAgsgAiAEayAAKAIAIgFqIRQgBCABa0ECaiEQAkADQCAELQAAIAFBjs+AgABqLQAARw3BASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBiwEhEAzZAgsgAEEANgIAIBBBAWohAUECIRAMvgELAkAgASIEIAJHDQBBjAEhEAzYAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFB8M+AgABqLQAARw3AASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBjAEhEAzYAgsgAEEANgIAIBBBAWohAUEfIRAMvQELAkAgASIEIAJHDQBBjQEhEAzXAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFB8s+AgABqLQAARw2/ASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBjQEhEAzXAgsgAEEANgIAIBBBAWohAUEJIRAMvAELAkAgASIEIAJHDQBBjgEhEAzWAgsCQAJAIAQtAABBt39qDgcAvwG/Ab8BvwG/AQG/AQsgBEEBaiEBQfgAIRAMvQILIARBAWohAUH5ACEQDLwCCwJAIAEiBCACRw0AQY8BIRAM1QILIAIgBGsgACgCACIBaiEUIAQgAWtBBWohEAJAA0AgBC0AACABQZHPgIAAai0AAEcNvQEgAUEFRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQY8BIRAM1QILIABBADYCACAQQQFqIQFBGCEQDLoBCwJAIAEiBCACRw0AQZABIRAM1AILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQZfPgIAAai0AAEcNvAEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZABIRAM1AILIABBADYCACAQQQFqIQFBFyEQDLkBCwJAIAEiBCACRw0AQZEBIRAM0wILIAIgBGsgACgCACIBaiEUIAQgAWtBBmohEAJAA0AgBC0AACABQZrPgIAAai0AAEcNuwEgAUEGRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZEBIRAM0wILIABBADYCACAQQQFqIQFBFSEQDLgBCwJAIAEiBCACRw0AQZIBIRAM0gILIAIgBGsgACgCACIBaiEUIAQgAWtBBWohEAJAA0AgBC0AACABQaHPgIAAai0AAEcNugEgAUEFRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZIBIRAM0gILIABBADYCACAQQQFqIQFBHiEQDLcBCwJAIAEiBCACRw0AQZMBIRAM0QILIAQtAABBzABHDbgBIARBAWohAUEKIRAMtgELAkAgBCACRw0AQZQBIRAM0AILAkACQCAELQAAQb9/ag4PALkBuQG5AbkBuQG5AbkBuQG5AbkBuQG5AbkBAbkBCyAEQQFqIQFB/gAhEAy3AgsgBEEBaiEBQf8AIRAMtgILAkAgBCACRw0AQZUBIRAMzwILAkACQCAELQAAQb9/ag4DALgBAbgBCyAEQQFqIQFB/QAhEAy2AgsgBEEBaiEEQYABIRAMtQILAkAgBCACRw0AQZYBIRAMzgILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQafPgIAAai0AAEcNtgEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZYBIRAMzgILIABBADYCACAQQQFqIQFBCyEQDLMBCwJAIAQgAkcNAEGXASEQDM0CCwJAAkACQAJAIAQtAABBU2oOIwC4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBAbgBuAG4AbgBuAECuAG4AbgBA7gBCyAEQQFqIQFB+wAhEAy2AgsgBEEBaiEBQfwAIRAMtQILIARBAWohBEGBASEQDLQCCyAEQQFqIQRBggEhEAyzAgsCQCAEIAJHDQBBmAEhEAzMAgsgAiAEayAAKAIAIgFqIRQgBCABa0EEaiEQAkADQCAELQAAIAFBqc+AgABqLQAARw20ASABQQRGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBmAEhEAzMAgsgAEEANgIAIBBBAWohAUEZIRAMsQELAkAgBCACRw0AQZkBIRAMywILIAIgBGsgACgCACIBaiEUIAQgAWtBBWohEAJAA0AgBC0AACABQa7PgIAAai0AAEcNswEgAUEFRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZkBIRAMywILIABBADYCACAQQQFqIQFBBiEQDLABCwJAIAQgAkcNAEGaASEQDMoCCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRACQANAIAQtAAAgAUG0z4CAAGotAABHDbIBIAFBAUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGaASEQDMoCCyAAQQA2AgAgEEEBaiEBQRwhEAyvAQsCQCAEIAJHDQBBmwEhEAzJAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFBts+AgABqLQAARw2xASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBmwEhEAzJAgsgAEEANgIAIBBBAWohAUEnIRAMrgELAkAgBCACRw0AQZwBIRAMyAILAkACQCAELQAAQax/ag4CAAGxAQsgBEEBaiEEQYYBIRAMrwILIARBAWohBEGHASEQDK4CCwJAIAQgAkcNAEGdASEQDMcCCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRACQANAIAQtAAAgAUG4z4CAAGotAABHDa8BIAFBAUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGdASEQDMcCCyAAQQA2AgAgEEEBaiEBQSYhEAysAQsCQCAEIAJHDQBBngEhEAzGAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFBus+AgABqLQAARw2uASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBngEhEAzGAgsgAEEANgIAIBBBAWohAUEDIRAMqwELAkAgBCACRw0AQZ8BIRAMxQILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQe3PgIAAai0AAEcNrQEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZ8BIRAMxQILIABBADYCACAQQQFqIQFBDCEQDKoBCwJAIAQgAkcNAEGgASEQDMQCCyACIARrIAAoAgAiAWohFCAEIAFrQQNqIRACQANAIAQtAAAgAUG8z4CAAGotAABHDawBIAFBA0YNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGgASEQDMQCCyAAQQA2AgAgEEEBaiEBQQ0hEAypAQsCQCAEIAJHDQBBoQEhEAzDAgsCQAJAIAQtAABBun9qDgsArAGsAawBrAGsAawBrAGsAawBAawBCyAEQQFqIQRBiwEhEAyqAgsgBEEBaiEEQYwBIRAMqQILAkAgBCACRw0AQaIBIRAMwgILIAQtAABB0ABHDakBIARBAWohBAzpAQsCQCAEIAJHDQBBowEhEAzBAgsCQAJAIAQtAABBt39qDgcBqgGqAaoBqgGqAQCqAQsgBEEBaiEEQY4BIRAMqAILIARBAWohAUEiIRAMpgELAkAgBCACRw0AQaQBIRAMwAILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQcDPgIAAai0AAEcNqAEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQaQBIRAMwAILIABBADYCACAQQQFqIQFBHSEQDKUBCwJAIAQgAkcNAEGlASEQDL8CCwJAAkAgBC0AAEGuf2oOAwCoAQGoAQsgBEEBaiEEQZABIRAMpgILIARBAWohAUEEIRAMpAELAkAgBCACRw0AQaYBIRAMvgILAkACQAJAAkACQCAELQAAQb9/ag4VAKoBqgGqAaoBqgGqAaoBqgGqAaoBAaoBqgECqgGqAQOqAaoBBKoBCyAEQQFqIQRBiAEhEAyoAgsgBEEBaiEEQYkBIRAMpwILIARBAWohBEGKASEQDKYCCyAEQQFqIQRBjwEhEAylAgsgBEEBaiEEQZEBIRAMpAILAkAgBCACRw0AQacBIRAMvQILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQe3PgIAAai0AAEcNpQEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQacBIRAMvQILIABBADYCACAQQQFqIQFBESEQDKIBCwJAIAQgAkcNAEGoASEQDLwCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHCz4CAAGotAABHDaQBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGoASEQDLwCCyAAQQA2AgAgEEEBaiEBQSwhEAyhAQsCQCAEIAJHDQBBqQEhEAy7AgsgAiAEayAAKAIAIgFqIRQgBCABa0EEaiEQAkADQCAELQAAIAFBxc+AgABqLQAARw2jASABQQRGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBqQEhEAy7AgsgAEEANgIAIBBBAWohAUErIRAMoAELAkAgBCACRw0AQaoBIRAMugILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQcrPgIAAai0AAEcNogEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQaoBIRAMugILIABBADYCACAQQQFqIQFBFCEQDJ8BCwJAIAQgAkcNAEGrASEQDLkCCwJAAkACQAJAIAQtAABBvn9qDg8AAQKkAaQBpAGkAaQBpAGkAaQBpAGkAaQBA6QBCyAEQQFqIQRBkwEhEAyiAgsgBEEBaiEEQZQBIRAMoQILIARBAWohBEGVASEQDKACCyAEQQFqIQRBlgEhEAyfAgsCQCAEIAJHDQBBrAEhEAy4AgsgBC0AAEHFAEcNnwEgBEEBaiEEDOABCwJAIAQgAkcNAEGtASEQDLcCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHNz4CAAGotAABHDZ8BIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGtASEQDLcCCyAAQQA2AgAgEEEBaiEBQQ4hEAycAQsCQCAEIAJHDQBBrgEhEAy2AgsgBC0AAEHQAEcNnQEgBEEBaiEBQSUhEAybAQsCQCAEIAJHDQBBrwEhEAy1AgsgAiAEayAAKAIAIgFqIRQgBCABa0EIaiEQAkADQCAELQAAIAFB0M+AgABqLQAARw2dASABQQhGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBrwEhEAy1AgsgAEEANgIAIBBBAWohAUEqIRAMmgELAkAgBCACRw0AQbABIRAMtAILAkACQCAELQAAQat/ag4LAJ0BnQGdAZ0BnQGdAZ0BnQGdAQGdAQsgBEEBaiEEQZoBIRAMmwILIARBAWohBEGbASEQDJoCCwJAIAQgAkcNAEGxASEQDLMCCwJAAkAgBC0AAEG/f2oOFACcAZwBnAGcAZwBnAGcAZwBnAGcAZwBnAGcAZwBnAGcAZwBnAEBnAELIARBAWohBEGZASEQDJoCCyAEQQFqIQRBnAEhEAyZAgsCQCAEIAJHDQBBsgEhEAyyAgsgAiAEayAAKAIAIgFqIRQgBCABa0EDaiEQAkADQCAELQAAIAFB2c+AgABqLQAARw2aASABQQNGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBsgEhEAyyAgsgAEEANgIAIBBBAWohAUEhIRAMlwELAkAgBCACRw0AQbMBIRAMsQILIAIgBGsgACgCACIBaiEUIAQgAWtBBmohEAJAA0AgBC0AACABQd3PgIAAai0AAEcNmQEgAUEGRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQbMBIRAMsQILIABBADYCACAQQQFqIQFBGiEQDJYBCwJAIAQgAkcNAEG0ASEQDLACCwJAAkACQCAELQAAQbt/ag4RAJoBmgGaAZoBmgGaAZoBmgGaAQGaAZoBmgGaAZoBApoBCyAEQQFqIQRBnQEhEAyYAgsgBEEBaiEEQZ4BIRAMlwILIARBAWohBEGfASEQDJYCCwJAIAQgAkcNAEG1ASEQDK8CCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRACQANAIAQtAAAgAUHkz4CAAGotAABHDZcBIAFBBUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEG1ASEQDK8CCyAAQQA2AgAgEEEBaiEBQSghEAyUAQsCQCAEIAJHDQBBtgEhEAyuAgsgAiAEayAAKAIAIgFqIRQgBCABa0ECaiEQAkADQCAELQAAIAFB6s+AgABqLQAARw2WASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBtgEhEAyuAgsgAEEANgIAIBBBAWohAUEHIRAMkwELAkAgBCACRw0AQbcBIRAMrQILAkACQCAELQAAQbt/ag4OAJYBlgGWAZYBlgGWAZYBlgGWAZYBlgGWAQGWAQsgBEEBaiEEQaEBIRAMlAILIARBAWohBEGiASEQDJMCCwJAIAQgAkcNAEG4ASEQDKwCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHtz4CAAGotAABHDZQBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEG4ASEQDKwCCyAAQQA2AgAgEEEBaiEBQRIhEAyRAQsCQCAEIAJHDQBBuQEhEAyrAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFB8M+AgABqLQAARw2TASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBuQEhEAyrAgsgAEEANgIAIBBBAWohAUEgIRAMkAELAkAgBCACRw0AQboBIRAMqgILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQfLPgIAAai0AAEcNkgEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQboBIRAMqgILIABBADYCACAQQQFqIQFBDyEQDI8BCwJAIAQgAkcNAEG7ASEQDKkCCwJAAkAgBC0AAEG3f2oOBwCSAZIBkgGSAZIBAZIBCyAEQQFqIQRBpQEhEAyQAgsgBEEBaiEEQaYBIRAMjwILAkAgBCACRw0AQbwBIRAMqAILIAIgBGsgACgCACIBaiEUIAQgAWtBB2ohEAJAA0AgBC0AACABQfTPgIAAai0AAEcNkAEgAUEHRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQbwBIRAMqAILIABBADYCACAQQQFqIQFBGyEQDI0BCwJAIAQgAkcNAEG9ASEQDKcCCwJAAkACQCAELQAAQb5/ag4SAJEBkQGRAZEBkQGRAZEBkQGRAQGRAZEBkQGRAZEBkQECkQELIARBAWohBEGkASEQDI8CCyAEQQFqIQRBpwEhEAyOAgsgBEEBaiEEQagBIRAMjQILAkAgBCACRw0AQb4BIRAMpgILIAQtAABBzgBHDY0BIARBAWohBAzPAQsCQCAEIAJHDQBBvwEhEAylAgsCQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQCAELQAAQb9/ag4VAAECA5wBBAUGnAGcAZwBBwgJCgucAQwNDg+cAQsgBEEBaiEBQegAIRAMmgILIARBAWohAUHpACEQDJkCCyAEQQFqIQFB7gAhEAyYAgsgBEEBaiEBQfIAIRAMlwILIARBAWohAUHzACEQDJYCCyAEQQFqIQFB9gAhEAyVAgsgBEEBaiEBQfcAIRAMlAILIARBAWohAUH6ACEQDJMCCyAEQQFqIQRBgwEhEAySAgsgBEEBaiEEQYQBIRAMkQILIARBAWohBEGFASEQDJACCyAEQQFqIQRBkgEhEAyPAgsgBEEBaiEEQZgBIRAMjgILIARBAWohBEGgASEQDI0CCyAEQQFqIQRBowEhEAyMAgsgBEEBaiEEQaoBIRAMiwILAkAgBCACRg0AIABBkICAgAA2AgggACAENgIEQasBIRAMiwILQcABIRAMowILIAAgBSACEKqAgIAAIgENiwEgBSEBDFwLAkAgBiACRg0AIAZBAWohBQyNAQtBwgEhEAyhAgsDQAJAIBAtAABBdmoOBIwBAACPAQALIBBBAWoiECACRw0AC0HDASEQDKACCwJAIAcgAkYNACAAQZGAgIAANgIIIAAgBzYCBCAHIQFBASEQDIcCC0HEASEQDJ8CCwJAIAcgAkcNAEHFASEQDJ8CCwJAAkAgBy0AAEF2ag4EAc4BzgEAzgELIAdBAWohBgyNAQsgB0EBaiEFDIkBCwJAIAcgAkcNAEHGASEQDJ4CCwJAAkAgBy0AAEF2ag4XAY8BjwEBjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BAI8BCyAHQQFqIQcLQbABIRAMhAILAkAgCCACRw0AQcgBIRAMnQILIAgtAABBIEcNjQEgAEEAOwEyIAhBAWohAUGzASEQDIMCCyABIRcCQANAIBciByACRg0BIActAABBUGpB/wFxIhBBCk8NzAECQCAALwEyIhRBmTNLDQAgACAUQQpsIhQ7ATIgEEH//wNzIBRB/v8DcUkNACAHQQFqIRcgACAUIBBqIhA7ATIgEEH//wNxQegHSQ0BCwtBACEQIABBADYCHCAAQcGJgIAANgIQIABBDTYCDCAAIAdBAWo2AhQMnAILQccBIRAMmwILIAAgCCACEK6AgIAAIhBFDcoBIBBBFUcNjAEgAEHIATYCHCAAIAg2AhQgAEHJl4CAADYCECAAQRU2AgxBACEQDJoCCwJAIAkgAkcNAEHMASEQDJoCC0EAIRRBASEXQQEhFkEAIRACQAJAAkACQAJAAkACQAJAAkAgCS0AAEFQag4KlgGVAQABAgMEBQYIlwELQQIhEAwGC0EDIRAMBQtBBCEQDAQLQQUhEAwDC0EGIRAMAgtBByEQDAELQQghEAtBACEXQQAhFkEAIRQMjgELQQkhEEEBIRRBACEXQQAhFgyNAQsCQCAKIAJHDQBBzgEhEAyZAgsgCi0AAEEuRw2OASAKQQFqIQkMygELIAsgAkcNjgFB0AEhEAyXAgsCQCALIAJGDQAgAEGOgICAADYCCCAAIAs2AgRBtwEhEAz+AQtB0QEhEAyWAgsCQCAEIAJHDQBB0gEhEAyWAgsgAiAEayAAKAIAIhBqIRQgBCAQa0EEaiELA0AgBC0AACAQQfzPgIAAai0AAEcNjgEgEEEERg3pASAQQQFqIRAgBEEBaiIEIAJHDQALIAAgFDYCAEHSASEQDJUCCyAAIAwgAhCsgICAACIBDY0BIAwhAQy4AQsCQCAEIAJHDQBB1AEhEAyUAgsgAiAEayAAKAIAIhBqIRQgBCAQa0EBaiEMA0AgBC0AACAQQYHQgIAAai0AAEcNjwEgEEEBRg2OASAQQQFqIRAgBEEBaiIEIAJHDQALIAAgFDYCAEHUASEQDJMCCwJAIAQgAkcNAEHWASEQDJMCCyACIARrIAAoAgAiEGohFCAEIBBrQQJqIQsDQCAELQAAIBBBg9CAgABqLQAARw2OASAQQQJGDZABIBBBAWohECAEQQFqIgQgAkcNAAsgACAUNgIAQdYBIRAMkgILAkAgBCACRw0AQdcBIRAMkgILAkACQCAELQAAQbt/ag4QAI8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwEBjwELIARBAWohBEG7ASEQDPkBCyAEQQFqIQRBvAEhEAz4AQsCQCAEIAJHDQBB2AEhEAyRAgsgBC0AAEHIAEcNjAEgBEEBaiEEDMQBCwJAIAQgAkYNACAAQZCAgIAANgIIIAAgBDYCBEG+ASEQDPcBC0HZASEQDI8CCwJAIAQgAkcNAEHaASEQDI8CCyAELQAAQcgARg3DASAAQQE6ACgMuQELIABBAjoALyAAIAQgAhCmgICAACIQDY0BQcIBIRAM9AELIAAtAChBf2oOArcBuQG4AQsDQAJAIAQtAABBdmoOBACOAY4BAI4BCyAEQQFqIgQgAkcNAAtB3QEhEAyLAgsgAEEAOgAvIAAtAC1BBHFFDYQCCyAAQQA6AC8gAEEBOgA0IAEhAQyMAQsgEEEVRg3aASAAQQA2AhwgACABNgIUIABBp46AgAA2AhAgAEESNgIMQQAhEAyIAgsCQCAAIBAgAhC0gICAACIEDQAgECEBDIECCwJAIARBFUcNACAAQQM2AhwgACAQNgIUIABBsJiAgAA2AhAgAEEVNgIMQQAhEAyIAgsgAEEANgIcIAAgEDYCFCAAQaeOgIAANgIQIABBEjYCDEEAIRAMhwILIBBBFUYN1gEgAEEANgIcIAAgATYCFCAAQdqNgIAANgIQIABBFDYCDEEAIRAMhgILIAAoAgQhFyAAQQA2AgQgECARp2oiFiEBIAAgFyAQIBYgFBsiEBC1gICAACIURQ2NASAAQQc2AhwgACAQNgIUIAAgFDYCDEEAIRAMhQILIAAgAC8BMEGAAXI7ATAgASEBC0EqIRAM6gELIBBBFUYN0QEgAEEANgIcIAAgATYCFCAAQYOMgIAANgIQIABBEzYCDEEAIRAMggILIBBBFUYNzwEgAEEANgIcIAAgATYCFCAAQZqPgIAANgIQIABBIjYCDEEAIRAMgQILIAAoAgQhECAAQQA2AgQCQCAAIBAgARC3gICAACIQDQAgAUEBaiEBDI0BCyAAQQw2AhwgACAQNgIMIAAgAUEBajYCFEEAIRAMgAILIBBBFUYNzAEgAEEANgIcIAAgATYCFCAAQZqPgIAANgIQIABBIjYCDEEAIRAM/wELIAAoAgQhECAAQQA2AgQCQCAAIBAgARC3gICAACIQDQAgAUEBaiEBDIwBCyAAQQ02AhwgACAQNgIMIAAgAUEBajYCFEEAIRAM/gELIBBBFUYNyQEgAEEANgIcIAAgATYCFCAAQcaMgIAANgIQIABBIzYCDEEAIRAM/QELIAAoAgQhECAAQQA2AgQCQCAAIBAgARC5gICAACIQDQAgAUEBaiEBDIsBCyAAQQ42AhwgACAQNgIMIAAgAUEBajYCFEEAIRAM/AELIABBADYCHCAAIAE2AhQgAEHAlYCAADYCECAAQQI2AgxBACEQDPsBCyAQQRVGDcUBIABBADYCHCAAIAE2AhQgAEHGjICAADYCECAAQSM2AgxBACEQDPoBCyAAQRA2AhwgACABNgIUIAAgEDYCDEEAIRAM+QELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARC5gICAACIEDQAgAUEBaiEBDPEBCyAAQRE2AhwgACAENgIMIAAgAUEBajYCFEEAIRAM+AELIBBBFUYNwQEgAEEANgIcIAAgATYCFCAAQcaMgIAANgIQIABBIzYCDEEAIRAM9wELIAAoAgQhECAAQQA2AgQCQCAAIBAgARC5gICAACIQDQAgAUEBaiEBDIgBCyAAQRM2AhwgACAQNgIMIAAgAUEBajYCFEEAIRAM9gELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARC5gICAACIEDQAgAUEBaiEBDO0BCyAAQRQ2AhwgACAENgIMIAAgAUEBajYCFEEAIRAM9QELIBBBFUYNvQEgAEEANgIcIAAgATYCFCAAQZqPgIAANgIQIABBIjYCDEEAIRAM9AELIAAoAgQhECAAQQA2AgQCQCAAIBAgARC3gICAACIQDQAgAUEBaiEBDIYBCyAAQRY2AhwgACAQNgIMIAAgAUEBajYCFEEAIRAM8wELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARC3gICAACIEDQAgAUEBaiEBDOkBCyAAQRc2AhwgACAENgIMIAAgAUEBajYCFEEAIRAM8gELIABBADYCHCAAIAE2AhQgAEHNk4CAADYCECAAQQw2AgxBACEQDPEBC0IBIRELIBBBAWohAQJAIAApAyAiEkL//////////w9WDQAgACASQgSGIBGENwMgIAEhAQyEAQsgAEEANgIcIAAgATYCFCAAQa2JgIAANgIQIABBDDYCDEEAIRAM7wELIABBADYCHCAAIBA2AhQgAEHNk4CAADYCECAAQQw2AgxBACEQDO4BCyAAKAIEIRcgAEEANgIEIBAgEadqIhYhASAAIBcgECAWIBQbIhAQtYCAgAAiFEUNcyAAQQU2AhwgACAQNgIUIAAgFDYCDEEAIRAM7QELIABBADYCHCAAIBA2AhQgAEGqnICAADYCECAAQQ82AgxBACEQDOwBCyAAIBAgAhC0gICAACIBDQEgECEBC0EOIRAM0QELAkAgAUEVRw0AIABBAjYCHCAAIBA2AhQgAEGwmICAADYCECAAQRU2AgxBACEQDOoBCyAAQQA2AhwgACAQNgIUIABBp46AgAA2AhAgAEESNgIMQQAhEAzpAQsgAUEBaiEQAkAgAC8BMCIBQYABcUUNAAJAIAAgECACELuAgIAAIgENACAQIQEMcAsgAUEVRw26ASAAQQU2AhwgACAQNgIUIABB+ZeAgAA2AhAgAEEVNgIMQQAhEAzpAQsCQCABQaAEcUGgBEcNACAALQAtQQJxDQAgAEEANgIcIAAgEDYCFCAAQZaTgIAANgIQIABBBDYCDEEAIRAM6QELIAAgECACEL2AgIAAGiAQIQECQAJAAkACQAJAIAAgECACELOAgIAADhYCAQAEBAQEBAQEBAQEBAQEBAQEBAQDBAsgAEEBOgAuCyAAIAAvATBBwAByOwEwIBAhAQtBJiEQDNEBCyAAQSM2AhwgACAQNgIUIABBpZaAgAA2AhAgAEEVNgIMQQAhEAzpAQsgAEEANgIcIAAgEDYCFCAAQdWLgIAANgIQIABBETYCDEEAIRAM6AELIAAtAC1BAXFFDQFBwwEhEAzOAQsCQCANIAJGDQADQAJAIA0tAABBIEYNACANIQEMxAELIA1BAWoiDSACRw0AC0ElIRAM5wELQSUhEAzmAQsgACgCBCEEIABBADYCBCAAIAQgDRCvgICAACIERQ2tASAAQSY2AhwgACAENgIMIAAgDUEBajYCFEEAIRAM5QELIBBBFUYNqwEgAEEANgIcIAAgATYCFCAAQf2NgIAANgIQIABBHTYCDEEAIRAM5AELIABBJzYCHCAAIAE2AhQgACAQNgIMQQAhEAzjAQsgECEBQQEhFAJAAkACQAJAAkACQAJAIAAtACxBfmoOBwYFBQMBAgAFCyAAIAAvATBBCHI7ATAMAwtBAiEUDAELQQQhFAsgAEEBOgAsIAAgAC8BMCAUcjsBMAsgECEBC0ErIRAMygELIABBADYCHCAAIBA2AhQgAEGrkoCAADYCECAAQQs2AgxBACEQDOIBCyAAQQA2AhwgACABNgIUIABB4Y+AgAA2AhAgAEEKNgIMQQAhEAzhAQsgAEEAOgAsIBAhAQy9AQsgECEBQQEhFAJAAkACQAJAAkAgAC0ALEF7ag4EAwECAAULIAAgAC8BMEEIcjsBMAwDC0ECIRQMAQtBBCEUCyAAQQE6ACwgACAALwEwIBRyOwEwCyAQIQELQSkhEAzFAQsgAEEANgIcIAAgATYCFCAAQfCUgIAANgIQIABBAzYCDEEAIRAM3QELAkAgDi0AAEENRw0AIAAoAgQhASAAQQA2AgQCQCAAIAEgDhCxgICAACIBDQAgDkEBaiEBDHULIABBLDYCHCAAIAE2AgwgACAOQQFqNgIUQQAhEAzdAQsgAC0ALUEBcUUNAUHEASEQDMMBCwJAIA4gAkcNAEEtIRAM3AELAkACQANAAkAgDi0AAEF2ag4EAgAAAwALIA5BAWoiDiACRw0AC0EtIRAM3QELIAAoAgQhASAAQQA2AgQCQCAAIAEgDhCxgICAACIBDQAgDiEBDHQLIABBLDYCHCAAIA42AhQgACABNgIMQQAhEAzcAQsgACgCBCEBIABBADYCBAJAIAAgASAOELGAgIAAIgENACAOQQFqIQEMcwsgAEEsNgIcIAAgATYCDCAAIA5BAWo2AhRBACEQDNsBCyAAKAIEIQQgAEEANgIEIAAgBCAOELGAgIAAIgQNoAEgDiEBDM4BCyAQQSxHDQEgAUEBaiEQQQEhAQJAAkACQAJAAkAgAC0ALEF7ag4EAwECBAALIBAhAQwEC0ECIQEMAQtBBCEBCyAAQQE6ACwgACAALwEwIAFyOwEwIBAhAQwBCyAAIAAvATBBCHI7ATAgECEBC0E5IRAMvwELIABBADoALCABIQELQTQhEAy9AQsgACAALwEwQSByOwEwIAEhAQwCCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQsYCAgAAiBA0AIAEhAQzHAQsgAEE3NgIcIAAgATYCFCAAIAQ2AgxBACEQDNQBCyAAQQg6ACwgASEBC0EwIRAMuQELAkAgAC0AKEEBRg0AIAEhAQwECyAALQAtQQhxRQ2TASABIQEMAwsgAC0AMEEgcQ2UAUHFASEQDLcBCwJAIA8gAkYNAAJAA0ACQCAPLQAAQVBqIgFB/wFxQQpJDQAgDyEBQTUhEAy6AQsgACkDICIRQpmz5syZs+bMGVYNASAAIBFCCn4iETcDICARIAGtQv8BgyISQn+FVg0BIAAgESASfDcDICAPQQFqIg8gAkcNAAtBOSEQDNEBCyAAKAIEIQIgAEEANgIEIAAgAiAPQQFqIgQQsYCAgAAiAg2VASAEIQEMwwELQTkhEAzPAQsCQCAALwEwIgFBCHFFDQAgAC0AKEEBRw0AIAAtAC1BCHFFDZABCyAAIAFB9/sDcUGABHI7ATAgDyEBC0E3IRAMtAELIAAgAC8BMEEQcjsBMAyrAQsgEEEVRg2LASAAQQA2AhwgACABNgIUIABB8I6AgAA2AhAgAEEcNgIMQQAhEAzLAQsgAEHDADYCHCAAIAE2AgwgACANQQFqNgIUQQAhEAzKAQsCQCABLQAAQTpHDQAgACgCBCEQIABBADYCBAJAIAAgECABEK+AgIAAIhANACABQQFqIQEMYwsgAEHDADYCHCAAIBA2AgwgACABQQFqNgIUQQAhEAzKAQsgAEEANgIcIAAgATYCFCAAQbGRgIAANgIQIABBCjYCDEEAIRAMyQELIABBADYCHCAAIAE2AhQgAEGgmYCAADYCECAAQR42AgxBACEQDMgBCyAAQQA2AgALIABBgBI7ASogACAXQQFqIgEgAhCogICAACIQDQEgASEBC0HHACEQDKwBCyAQQRVHDYMBIABB0QA2AhwgACABNgIUIABB45eAgAA2AhAgAEEVNgIMQQAhEAzEAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMXgsgAEHSADYCHCAAIAE2AhQgACAQNgIMQQAhEAzDAQsgAEEANgIcIAAgFDYCFCAAQcGogIAANgIQIABBBzYCDCAAQQA2AgBBACEQDMIBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxdCyAAQdMANgIcIAAgATYCFCAAIBA2AgxBACEQDMEBC0EAIRAgAEEANgIcIAAgATYCFCAAQYCRgIAANgIQIABBCTYCDAzAAQsgEEEVRg19IABBADYCHCAAIAE2AhQgAEGUjYCAADYCECAAQSE2AgxBACEQDL8BC0EBIRZBACEXQQAhFEEBIRALIAAgEDoAKyABQQFqIQECQAJAIAAtAC1BEHENAAJAAkACQCAALQAqDgMBAAIECyAWRQ0DDAILIBQNAQwCCyAXRQ0BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQrYCAgAAiEA0AIAEhAQxcCyAAQdgANgIcIAAgATYCFCAAIBA2AgxBACEQDL4BCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQrYCAgAAiBA0AIAEhAQytAQsgAEHZADYCHCAAIAE2AhQgACAENgIMQQAhEAy9AQsgACgCBCEEIABBADYCBAJAIAAgBCABEK2AgIAAIgQNACABIQEMqwELIABB2gA2AhwgACABNgIUIAAgBDYCDEEAIRAMvAELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARCtgICAACIEDQAgASEBDKkBCyAAQdwANgIcIAAgATYCFCAAIAQ2AgxBACEQDLsBCwJAIAEtAABBUGoiEEH/AXFBCk8NACAAIBA6ACogAUEBaiEBQc8AIRAMogELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARCtgICAACIEDQAgASEBDKcBCyAAQd4ANgIcIAAgATYCFCAAIAQ2AgxBACEQDLoBCyAAQQA2AgAgF0EBaiEBAkAgAC0AKUEjTw0AIAEhAQxZCyAAQQA2AhwgACABNgIUIABB04mAgAA2AhAgAEEINgIMQQAhEAy5AQsgAEEANgIAC0EAIRAgAEEANgIcIAAgATYCFCAAQZCzgIAANgIQIABBCDYCDAy3AQsgAEEANgIAIBdBAWohAQJAIAAtAClBIUcNACABIQEMVgsgAEEANgIcIAAgATYCFCAAQZuKgIAANgIQIABBCDYCDEEAIRAMtgELIABBADYCACAXQQFqIQECQCAALQApIhBBXWpBC08NACABIQEMVQsCQCAQQQZLDQBBASAQdEHKAHFFDQAgASEBDFULQQAhECAAQQA2AhwgACABNgIUIABB94mAgAA2AhAgAEEINgIMDLUBCyAQQRVGDXEgAEEANgIcIAAgATYCFCAAQbmNgIAANgIQIABBGjYCDEEAIRAMtAELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDFQLIABB5QA2AhwgACABNgIUIAAgEDYCDEEAIRAMswELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDE0LIABB0gA2AhwgACABNgIUIAAgEDYCDEEAIRAMsgELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDE0LIABB0wA2AhwgACABNgIUIAAgEDYCDEEAIRAMsQELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDFELIABB5QA2AhwgACABNgIUIAAgEDYCDEEAIRAMsAELIABBADYCHCAAIAE2AhQgAEHGioCAADYCECAAQQc2AgxBACEQDK8BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxJCyAAQdIANgIcIAAgATYCFCAAIBA2AgxBACEQDK4BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxJCyAAQdMANgIcIAAgATYCFCAAIBA2AgxBACEQDK0BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxNCyAAQeUANgIcIAAgATYCFCAAIBA2AgxBACEQDKwBCyAAQQA2AhwgACABNgIUIABB3IiAgAA2AhAgAEEHNgIMQQAhEAyrAQsgEEE/Rw0BIAFBAWohAQtBBSEQDJABC0EAIRAgAEEANgIcIAAgATYCFCAAQf2SgIAANgIQIABBBzYCDAyoAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMQgsgAEHSADYCHCAAIAE2AhQgACAQNgIMQQAhEAynAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMQgsgAEHTADYCHCAAIAE2AhQgACAQNgIMQQAhEAymAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMRgsgAEHlADYCHCAAIAE2AhQgACAQNgIMQQAhEAylAQsgACgCBCEBIABBADYCBAJAIAAgASAUEKeAgIAAIgENACAUIQEMPwsgAEHSADYCHCAAIBQ2AhQgACABNgIMQQAhEAykAQsgACgCBCEBIABBADYCBAJAIAAgASAUEKeAgIAAIgENACAUIQEMPwsgAEHTADYCHCAAIBQ2AhQgACABNgIMQQAhEAyjAQsgACgCBCEBIABBADYCBAJAIAAgASAUEKeAgIAAIgENACAUIQEMQwsgAEHlADYCHCAAIBQ2AhQgACABNgIMQQAhEAyiAQsgAEEANgIcIAAgFDYCFCAAQcOPgIAANgIQIABBBzYCDEEAIRAMoQELIABBADYCHCAAIAE2AhQgAEHDj4CAADYCECAAQQc2AgxBACEQDKABC0EAIRAgAEEANgIcIAAgFDYCFCAAQYycgIAANgIQIABBBzYCDAyfAQsgAEEANgIcIAAgFDYCFCAAQYycgIAANgIQIABBBzYCDEEAIRAMngELIABBADYCHCAAIBQ2AhQgAEH+kYCAADYCECAAQQc2AgxBACEQDJ0BCyAAQQA2AhwgACABNgIUIABBjpuAgAA2AhAgAEEGNgIMQQAhEAycAQsgEEEVRg1XIABBADYCHCAAIAE2AhQgAEHMjoCAADYCECAAQSA2AgxBACEQDJsBCyAAQQA2AgAgEEEBaiEBQSQhEAsgACAQOgApIAAoAgQhECAAQQA2AgQgACAQIAEQq4CAgAAiEA1UIAEhAQw+CyAAQQA2AgALQQAhECAAQQA2AhwgACAENgIUIABB8ZuAgAA2AhAgAEEGNgIMDJcBCyABQRVGDVAgAEEANgIcIAAgBTYCFCAAQfCMgIAANgIQIABBGzYCDEEAIRAMlgELIAAoAgQhBSAAQQA2AgQgACAFIBAQqYCAgAAiBQ0BIBBBAWohBQtBrQEhEAx7CyAAQcEBNgIcIAAgBTYCDCAAIBBBAWo2AhRBACEQDJMBCyAAKAIEIQYgAEEANgIEIAAgBiAQEKmAgIAAIgYNASAQQQFqIQYLQa4BIRAMeAsgAEHCATYCHCAAIAY2AgwgACAQQQFqNgIUQQAhEAyQAQsgAEEANgIcIAAgBzYCFCAAQZeLgIAANgIQIABBDTYCDEEAIRAMjwELIABBADYCHCAAIAg2AhQgAEHjkICAADYCECAAQQk2AgxBACEQDI4BCyAAQQA2AhwgACAINgIUIABBlI2AgAA2AhAgAEEhNgIMQQAhEAyNAQtBASEWQQAhF0EAIRRBASEQCyAAIBA6ACsgCUEBaiEIAkACQCAALQAtQRBxDQACQAJAAkAgAC0AKg4DAQACBAsgFkUNAwwCCyAUDQEMAgsgF0UNAQsgACgCBCEQIABBADYCBCAAIBAgCBCtgICAACIQRQ09IABByQE2AhwgACAINgIUIAAgEDYCDEEAIRAMjAELIAAoAgQhBCAAQQA2AgQgACAEIAgQrYCAgAAiBEUNdiAAQcoBNgIcIAAgCDYCFCAAIAQ2AgxBACEQDIsBCyAAKAIEIQQgAEEANgIEIAAgBCAJEK2AgIAAIgRFDXQgAEHLATYCHCAAIAk2AhQgACAENgIMQQAhEAyKAQsgACgCBCEEIABBADYCBCAAIAQgChCtgICAACIERQ1yIABBzQE2AhwgACAKNgIUIAAgBDYCDEEAIRAMiQELAkAgCy0AAEFQaiIQQf8BcUEKTw0AIAAgEDoAKiALQQFqIQpBtgEhEAxwCyAAKAIEIQQgAEEANgIEIAAgBCALEK2AgIAAIgRFDXAgAEHPATYCHCAAIAs2AhQgACAENgIMQQAhEAyIAQsgAEEANgIcIAAgBDYCFCAAQZCzgIAANgIQIABBCDYCDCAAQQA2AgBBACEQDIcBCyABQRVGDT8gAEEANgIcIAAgDDYCFCAAQcyOgIAANgIQIABBIDYCDEEAIRAMhgELIABBgQQ7ASggACgCBCEQIABCADcDACAAIBAgDEEBaiIMEKuAgIAAIhBFDTggAEHTATYCHCAAIAw2AhQgACAQNgIMQQAhEAyFAQsgAEEANgIAC0EAIRAgAEEANgIcIAAgBDYCFCAAQdibgIAANgIQIABBCDYCDAyDAQsgACgCBCEQIABCADcDACAAIBAgC0EBaiILEKuAgIAAIhANAUHGASEQDGkLIABBAjoAKAxVCyAAQdUBNgIcIAAgCzYCFCAAIBA2AgxBACEQDIABCyAQQRVGDTcgAEEANgIcIAAgBDYCFCAAQaSMgIAANgIQIABBEDYCDEEAIRAMfwsgAC0ANEEBRw00IAAgBCACELyAgIAAIhBFDTQgEEEVRw01IABB3AE2AhwgACAENgIUIABB1ZaAgAA2AhAgAEEVNgIMQQAhEAx+C0EAIRAgAEEANgIcIABBr4uAgAA2AhAgAEECNgIMIAAgFEEBajYCFAx9C0EAIRAMYwtBAiEQDGILQQ0hEAxhC0EPIRAMYAtBJSEQDF8LQRMhEAxeC0EVIRAMXQtBFiEQDFwLQRchEAxbC0EYIRAMWgtBGSEQDFkLQRohEAxYC0EbIRAMVwtBHCEQDFYLQR0hEAxVC0EfIRAMVAtBISEQDFMLQSMhEAxSC0HGACEQDFELQS4hEAxQC0EvIRAMTwtBOyEQDE4LQT0hEAxNC0HIACEQDEwLQckAIRAMSwtBywAhEAxKC0HMACEQDEkLQc4AIRAMSAtB0QAhEAxHC0HVACEQDEYLQdgAIRAMRQtB2QAhEAxEC0HbACEQDEMLQeQAIRAMQgtB5QAhEAxBC0HxACEQDEALQfQAIRAMPwtBjQEhEAw+C0GXASEQDD0LQakBIRAMPAtBrAEhEAw7C0HAASEQDDoLQbkBIRAMOQtBrwEhEAw4C0GxASEQDDcLQbIBIRAMNgtBtAEhEAw1C0G1ASEQDDQLQboBIRAMMwtBvQEhEAwyC0G/ASEQDDELQcEBIRAMMAsgAEEANgIcIAAgBDYCFCAAQemLgIAANgIQIABBHzYCDEEAIRAMSAsgAEHbATYCHCAAIAQ2AhQgAEH6loCAADYCECAAQRU2AgxBACEQDEcLIABB+AA2AhwgACAMNgIUIABBypiAgAA2AhAgAEEVNgIMQQAhEAxGCyAAQdEANgIcIAAgBTYCFCAAQbCXgIAANgIQIABBFTYCDEEAIRAMRQsgAEH5ADYCHCAAIAE2AhQgACAQNgIMQQAhEAxECyAAQfgANgIcIAAgATYCFCAAQcqYgIAANgIQIABBFTYCDEEAIRAMQwsgAEHkADYCHCAAIAE2AhQgAEHjl4CAADYCECAAQRU2AgxBACEQDEILIABB1wA2AhwgACABNgIUIABByZeAgAA2AhAgAEEVNgIMQQAhEAxBCyAAQQA2AhwgACABNgIUIABBuY2AgAA2AhAgAEEaNgIMQQAhEAxACyAAQcIANgIcIAAgATYCFCAAQeOYgIAANgIQIABBFTYCDEEAIRAMPwsgAEEANgIEIAAgDyAPELGAgIAAIgRFDQEgAEE6NgIcIAAgBDYCDCAAIA9BAWo2AhRBACEQDD4LIAAoAgQhBCAAQQA2AgQCQCAAIAQgARCxgICAACIERQ0AIABBOzYCHCAAIAQ2AgwgACABQQFqNgIUQQAhEAw+CyABQQFqIQEMLQsgD0EBaiEBDC0LIABBADYCHCAAIA82AhQgAEHkkoCAADYCECAAQQQ2AgxBACEQDDsLIABBNjYCHCAAIAQ2AhQgACACNgIMQQAhEAw6CyAAQS42AhwgACAONgIUIAAgBDYCDEEAIRAMOQsgAEHQADYCHCAAIAE2AhQgAEGRmICAADYCECAAQRU2AgxBACEQDDgLIA1BAWohAQwsCyAAQRU2AhwgACABNgIUIABBgpmAgAA2AhAgAEEVNgIMQQAhEAw2CyAAQRs2AhwgACABNgIUIABBkZeAgAA2AhAgAEEVNgIMQQAhEAw1CyAAQQ82AhwgACABNgIUIABBkZeAgAA2AhAgAEEVNgIMQQAhEAw0CyAAQQs2AhwgACABNgIUIABBkZeAgAA2AhAgAEEVNgIMQQAhEAwzCyAAQRo2AhwgACABNgIUIABBgpmAgAA2AhAgAEEVNgIMQQAhEAwyCyAAQQs2AhwgACABNgIUIABBgpmAgAA2AhAgAEEVNgIMQQAhEAwxCyAAQQo2AhwgACABNgIUIABB5JaAgAA2AhAgAEEVNgIMQQAhEAwwCyAAQR42AhwgACABNgIUIABB+ZeAgAA2AhAgAEEVNgIMQQAhEAwvCyAAQQA2AhwgACAQNgIUIABB2o2AgAA2AhAgAEEUNgIMQQAhEAwuCyAAQQQ2AhwgACABNgIUIABBsJiAgAA2AhAgAEEVNgIMQQAhEAwtCyAAQQA2AgAgC0EBaiELC0G4ASEQDBILIABBADYCACAQQQFqIQFB9QAhEAwRCyABIQECQCAALQApQQVHDQBB4wAhEAwRC0HiACEQDBALQQAhECAAQQA2AhwgAEHkkYCAADYCECAAQQc2AgwgACAUQQFqNgIUDCgLIABBADYCACAXQQFqIQFBwAAhEAwOC0EBIQELIAAgAToALCAAQQA2AgAgF0EBaiEBC0EoIRAMCwsgASEBC0E4IRAMCQsCQCABIg8gAkYNAANAAkAgDy0AAEGAvoCAAGotAAAiAUEBRg0AIAFBAkcNAyAPQQFqIQEMBAsgD0EBaiIPIAJHDQALQT4hEAwiC0E+IRAMIQsgAEEAOgAsIA8hAQwBC0ELIRAMBgtBOiEQDAULIAFBAWohAUEtIRAMBAsgACABOgAsIABBADYCACAWQQFqIQFBDCEQDAMLIABBADYCACAXQQFqIQFBCiEQDAILIABBADYCAAsgAEEAOgAsIA0hAUEJIRAMAAsLQQAhECAAQQA2AhwgACALNgIUIABBzZCAgAA2AhAgAEEJNgIMDBcLQQAhECAAQQA2AhwgACAKNgIUIABB6YqAgAA2AhAgAEEJNgIMDBYLQQAhECAAQQA2AhwgACAJNgIUIABBt5CAgAA2AhAgAEEJNgIMDBULQQAhECAAQQA2AhwgACAINgIUIABBnJGAgAA2AhAgAEEJNgIMDBQLQQAhECAAQQA2AhwgACABNgIUIABBzZCAgAA2AhAgAEEJNgIMDBMLQQAhECAAQQA2AhwgACABNgIUIABB6YqAgAA2AhAgAEEJNgIMDBILQQAhECAAQQA2AhwgACABNgIUIABBt5CAgAA2AhAgAEEJNgIMDBELQQAhECAAQQA2AhwgACABNgIUIABBnJGAgAA2AhAgAEEJNgIMDBALQQAhECAAQQA2AhwgACABNgIUIABBl5WAgAA2AhAgAEEPNgIMDA8LQQAhECAAQQA2AhwgACABNgIUIABBl5WAgAA2AhAgAEEPNgIMDA4LQQAhECAAQQA2AhwgACABNgIUIABBwJKAgAA2AhAgAEELNgIMDA0LQQAhECAAQQA2AhwgACABNgIUIABBlYmAgAA2AhAgAEELNgIMDAwLQQAhECAAQQA2AhwgACABNgIUIABB4Y+AgAA2AhAgAEEKNgIMDAsLQQAhECAAQQA2AhwgACABNgIUIABB+4+AgAA2AhAgAEEKNgIMDAoLQQAhECAAQQA2AhwgACABNgIUIABB8ZmAgAA2AhAgAEECNgIMDAkLQQAhECAAQQA2AhwgACABNgIUIABBxJSAgAA2AhAgAEECNgIMDAgLQQAhECAAQQA2AhwgACABNgIUIABB8pWAgAA2AhAgAEECNgIMDAcLIABBAjYCHCAAIAE2AhQgAEGcmoCAADYCECAAQRY2AgxBACEQDAYLQQEhEAwFC0HUACEQIAEiBCACRg0EIANBCGogACAEIAJB2MKAgABBChDFgICAACADKAIMIQQgAygCCA4DAQQCAAsQyoCAgAAACyAAQQA2AhwgAEG1moCAADYCECAAQRc2AgwgACAEQQFqNgIUQQAhEAwCCyAAQQA2AhwgACAENgIUIABBypqAgAA2AhAgAEEJNgIMQQAhEAwBCwJAIAEiBCACRw0AQSIhEAwBCyAAQYmAgIAANgIIIAAgBDYCBEEhIRALIANBEGokgICAgAAgEAuvAQECfyABKAIAIQYCQAJAIAIgA0YNACAEIAZqIQQgBiADaiACayEHIAIgBkF/cyAFaiIGaiEFA0ACQCACLQAAIAQtAABGDQBBAiEEDAMLAkAgBg0AQQAhBCAFIQIMAwsgBkF/aiEGIARBAWohBCACQQFqIgIgA0cNAAsgByEGIAMhAgsgAEEBNgIAIAEgBjYCACAAIAI2AgQPCyABQQA2AgAgACAENgIAIAAgAjYCBAsKACAAEMeAgIAAC/I2AQt/I4CAgIAAQRBrIgEkgICAgAACQEEAKAKg0ICAAA0AQQAQy4CAgABBgNSEgABrIgJB2QBJDQBBACEDAkBBACgC4NOAgAAiBA0AQQBCfzcC7NOAgABBAEKAgISAgIDAADcC5NOAgABBACABQQhqQXBxQdiq1aoFcyIENgLg04CAAEEAQQA2AvTTgIAAQQBBADYCxNOAgAALQQAgAjYCzNOAgABBAEGA1ISAADYCyNOAgABBAEGA1ISAADYCmNCAgABBACAENgKs0ICAAEEAQX82AqjQgIAAA0AgA0HE0ICAAGogA0G40ICAAGoiBDYCACAEIANBsNCAgABqIgU2AgAgA0G80ICAAGogBTYCACADQczQgIAAaiADQcDQgIAAaiIFNgIAIAUgBDYCACADQdTQgIAAaiADQcjQgIAAaiIENgIAIAQgBTYCACADQdDQgIAAaiAENgIAIANBIGoiA0GAAkcNAAtBgNSEgABBeEGA1ISAAGtBD3FBAEGA1ISAAEEIakEPcRsiA2oiBEEEaiACQUhqIgUgA2siA0EBcjYCAEEAQQAoAvDTgIAANgKk0ICAAEEAIAM2ApTQgIAAQQAgBDYCoNCAgABBgNSEgAAgBWpBODYCBAsCQAJAAkACQAJAAkACQAJAAkACQAJAAkAgAEHsAUsNAAJAQQAoAojQgIAAIgZBECAAQRNqQXBxIABBC0kbIgJBA3YiBHYiA0EDcUUNAAJAAkAgA0EBcSAEckEBcyIFQQN0IgRBsNCAgABqIgMgBEG40ICAAGooAgAiBCgCCCICRw0AQQAgBkF+IAV3cTYCiNCAgAAMAQsgAyACNgIIIAIgAzYCDAsgBEEIaiEDIAQgBUEDdCIFQQNyNgIEIAQgBWoiBCAEKAIEQQFyNgIEDAwLIAJBACgCkNCAgAAiB00NAQJAIANFDQACQAJAIAMgBHRBAiAEdCIDQQAgA2tycSIDQQAgA2txQX9qIgMgA0EMdkEQcSIDdiIEQQV2QQhxIgUgA3IgBCAFdiIDQQJ2QQRxIgRyIAMgBHYiA0EBdkECcSIEciADIAR2IgNBAXZBAXEiBHIgAyAEdmoiBEEDdCIDQbDQgIAAaiIFIANBuNCAgABqKAIAIgMoAggiAEcNAEEAIAZBfiAEd3EiBjYCiNCAgAAMAQsgBSAANgIIIAAgBTYCDAsgAyACQQNyNgIEIAMgBEEDdCIEaiAEIAJrIgU2AgAgAyACaiIAIAVBAXI2AgQCQCAHRQ0AIAdBeHFBsNCAgABqIQJBACgCnNCAgAAhBAJAAkAgBkEBIAdBA3Z0IghxDQBBACAGIAhyNgKI0ICAACACIQgMAQsgAigCCCEICyAIIAQ2AgwgAiAENgIIIAQgAjYCDCAEIAg2AggLIANBCGohA0EAIAA2ApzQgIAAQQAgBTYCkNCAgAAMDAtBACgCjNCAgAAiCUUNASAJQQAgCWtxQX9qIgMgA0EMdkEQcSIDdiIEQQV2QQhxIgUgA3IgBCAFdiIDQQJ2QQRxIgRyIAMgBHYiA0EBdkECcSIEciADIAR2IgNBAXZBAXEiBHIgAyAEdmpBAnRBuNKAgABqKAIAIgAoAgRBeHEgAmshBCAAIQUCQANAAkAgBSgCECIDDQAgBUEUaigCACIDRQ0CCyADKAIEQXhxIAJrIgUgBCAFIARJIgUbIQQgAyAAIAUbIQAgAyEFDAALCyAAKAIYIQoCQCAAKAIMIgggAEYNACAAKAIIIgNBACgCmNCAgABJGiAIIAM2AgggAyAINgIMDAsLAkAgAEEUaiIFKAIAIgMNACAAKAIQIgNFDQMgAEEQaiEFCwNAIAUhCyADIghBFGoiBSgCACIDDQAgCEEQaiEFIAgoAhAiAw0ACyALQQA2AgAMCgtBfyECIABBv39LDQAgAEETaiIDQXBxIQJBACgCjNCAgAAiB0UNAEEAIQsCQCACQYACSQ0AQR8hCyACQf///wdLDQAgA0EIdiIDIANBgP4/akEQdkEIcSIDdCIEIARBgOAfakEQdkEEcSIEdCIFIAVBgIAPakEQdkECcSIFdEEPdiADIARyIAVyayIDQQF0IAIgA0EVanZBAXFyQRxqIQsLQQAgAmshBAJAAkACQAJAIAtBAnRBuNKAgABqKAIAIgUNAEEAIQNBACEIDAELQQAhAyACQQBBGSALQQF2ayALQR9GG3QhAEEAIQgDQAJAIAUoAgRBeHEgAmsiBiAETw0AIAYhBCAFIQggBg0AQQAhBCAFIQggBSEDDAMLIAMgBUEUaigCACIGIAYgBSAAQR12QQRxakEQaigCACIFRhsgAyAGGyEDIABBAXQhACAFDQALCwJAIAMgCHINAEEAIQhBAiALdCIDQQAgA2tyIAdxIgNFDQMgA0EAIANrcUF/aiIDIANBDHZBEHEiA3YiBUEFdkEIcSIAIANyIAUgAHYiA0ECdkEEcSIFciADIAV2IgNBAXZBAnEiBXIgAyAFdiIDQQF2QQFxIgVyIAMgBXZqQQJ0QbjSgIAAaigCACEDCyADRQ0BCwNAIAMoAgRBeHEgAmsiBiAESSEAAkAgAygCECIFDQAgA0EUaigCACEFCyAGIAQgABshBCADIAggABshCCAFIQMgBQ0ACwsgCEUNACAEQQAoApDQgIAAIAJrTw0AIAgoAhghCwJAIAgoAgwiACAIRg0AIAgoAggiA0EAKAKY0ICAAEkaIAAgAzYCCCADIAA2AgwMCQsCQCAIQRRqIgUoAgAiAw0AIAgoAhAiA0UNAyAIQRBqIQULA0AgBSEGIAMiAEEUaiIFKAIAIgMNACAAQRBqIQUgACgCECIDDQALIAZBADYCAAwICwJAQQAoApDQgIAAIgMgAkkNAEEAKAKc0ICAACEEAkACQCADIAJrIgVBEEkNACAEIAJqIgAgBUEBcjYCBEEAIAU2ApDQgIAAQQAgADYCnNCAgAAgBCADaiAFNgIAIAQgAkEDcjYCBAwBCyAEIANBA3I2AgQgBCADaiIDIAMoAgRBAXI2AgRBAEEANgKc0ICAAEEAQQA2ApDQgIAACyAEQQhqIQMMCgsCQEEAKAKU0ICAACIAIAJNDQBBACgCoNCAgAAiAyACaiIEIAAgAmsiBUEBcjYCBEEAIAU2ApTQgIAAQQAgBDYCoNCAgAAgAyACQQNyNgIEIANBCGohAwwKCwJAAkBBACgC4NOAgABFDQBBACgC6NOAgAAhBAwBC0EAQn83AuzTgIAAQQBCgICEgICAwAA3AuTTgIAAQQAgAUEMakFwcUHYqtWqBXM2AuDTgIAAQQBBADYC9NOAgABBAEEANgLE04CAAEGAgAQhBAtBACEDAkAgBCACQccAaiIHaiIGQQAgBGsiC3EiCCACSw0AQQBBMDYC+NOAgAAMCgsCQEEAKALA04CAACIDRQ0AAkBBACgCuNOAgAAiBCAIaiIFIARNDQAgBSADTQ0BC0EAIQNBAEEwNgL404CAAAwKC0EALQDE04CAAEEEcQ0EAkACQAJAQQAoAqDQgIAAIgRFDQBByNOAgAAhAwNAAkAgAygCACIFIARLDQAgBSADKAIEaiAESw0DCyADKAIIIgMNAAsLQQAQy4CAgAAiAEF/Rg0FIAghBgJAQQAoAuTTgIAAIgNBf2oiBCAAcUUNACAIIABrIAQgAGpBACADa3FqIQYLIAYgAk0NBSAGQf7///8HSw0FAkBBACgCwNOAgAAiA0UNAEEAKAK404CAACIEIAZqIgUgBE0NBiAFIANLDQYLIAYQy4CAgAAiAyAARw0BDAcLIAYgAGsgC3EiBkH+////B0sNBCAGEMuAgIAAIgAgAygCACADKAIEakYNAyAAIQMLAkAgA0F/Rg0AIAJByABqIAZNDQACQCAHIAZrQQAoAujTgIAAIgRqQQAgBGtxIgRB/v///wdNDQAgAyEADAcLAkAgBBDLgICAAEF/Rg0AIAQgBmohBiADIQAMBwtBACAGaxDLgICAABoMBAsgAyEAIANBf0cNBQwDC0EAIQgMBwtBACEADAULIABBf0cNAgtBAEEAKALE04CAAEEEcjYCxNOAgAALIAhB/v///wdLDQEgCBDLgICAACEAQQAQy4CAgAAhAyAAQX9GDQEgA0F/Rg0BIAAgA08NASADIABrIgYgAkE4ak0NAQtBAEEAKAK404CAACAGaiIDNgK404CAAAJAIANBACgCvNOAgABNDQBBACADNgK804CAAAsCQAJAAkACQEEAKAKg0ICAACIERQ0AQcjTgIAAIQMDQCAAIAMoAgAiBSADKAIEIghqRg0CIAMoAggiAw0ADAMLCwJAAkBBACgCmNCAgAAiA0UNACAAIANPDQELQQAgADYCmNCAgAALQQAhA0EAIAY2AszTgIAAQQAgADYCyNOAgABBAEF/NgKo0ICAAEEAQQAoAuDTgIAANgKs0ICAAEEAQQA2AtTTgIAAA0AgA0HE0ICAAGogA0G40ICAAGoiBDYCACAEIANBsNCAgABqIgU2AgAgA0G80ICAAGogBTYCACADQczQgIAAaiADQcDQgIAAaiIFNgIAIAUgBDYCACADQdTQgIAAaiADQcjQgIAAaiIENgIAIAQgBTYCACADQdDQgIAAaiAENgIAIANBIGoiA0GAAkcNAAsgAEF4IABrQQ9xQQAgAEEIakEPcRsiA2oiBCAGQUhqIgUgA2siA0EBcjYCBEEAQQAoAvDTgIAANgKk0ICAAEEAIAM2ApTQgIAAQQAgBDYCoNCAgAAgACAFakE4NgIEDAILIAMtAAxBCHENACAEIAVJDQAgBCAATw0AIARBeCAEa0EPcUEAIARBCGpBD3EbIgVqIgBBACgClNCAgAAgBmoiCyAFayIFQQFyNgIEIAMgCCAGajYCBEEAQQAoAvDTgIAANgKk0ICAAEEAIAU2ApTQgIAAQQAgADYCoNCAgAAgBCALakE4NgIEDAELAkAgAEEAKAKY0ICAACIITw0AQQAgADYCmNCAgAAgACEICyAAIAZqIQVByNOAgAAhAwJAAkACQAJAAkACQAJAA0AgAygCACAFRg0BIAMoAggiAw0ADAILCyADLQAMQQhxRQ0BC0HI04CAACEDA0ACQCADKAIAIgUgBEsNACAFIAMoAgRqIgUgBEsNAwsgAygCCCEDDAALCyADIAA2AgAgAyADKAIEIAZqNgIEIABBeCAAa0EPcUEAIABBCGpBD3EbaiILIAJBA3I2AgQgBUF4IAVrQQ9xQQAgBUEIakEPcRtqIgYgCyACaiICayEDAkAgBiAERw0AQQAgAjYCoNCAgABBAEEAKAKU0ICAACADaiIDNgKU0ICAACACIANBAXI2AgQMAwsCQCAGQQAoApzQgIAARw0AQQAgAjYCnNCAgABBAEEAKAKQ0ICAACADaiIDNgKQ0ICAACACIANBAXI2AgQgAiADaiADNgIADAMLAkAgBigCBCIEQQNxQQFHDQAgBEF4cSEHAkACQCAEQf8BSw0AIAYoAggiBSAEQQN2IghBA3RBsNCAgABqIgBGGgJAIAYoAgwiBCAFRw0AQQBBACgCiNCAgABBfiAId3E2AojQgIAADAILIAQgAEYaIAQgBTYCCCAFIAQ2AgwMAQsgBigCGCEJAkACQCAGKAIMIgAgBkYNACAGKAIIIgQgCEkaIAAgBDYCCCAEIAA2AgwMAQsCQCAGQRRqIgQoAgAiBQ0AIAZBEGoiBCgCACIFDQBBACEADAELA0AgBCEIIAUiAEEUaiIEKAIAIgUNACAAQRBqIQQgACgCECIFDQALIAhBADYCAAsgCUUNAAJAAkAgBiAGKAIcIgVBAnRBuNKAgABqIgQoAgBHDQAgBCAANgIAIAANAUEAQQAoAozQgIAAQX4gBXdxNgKM0ICAAAwCCyAJQRBBFCAJKAIQIAZGG2ogADYCACAARQ0BCyAAIAk2AhgCQCAGKAIQIgRFDQAgACAENgIQIAQgADYCGAsgBigCFCIERQ0AIABBFGogBDYCACAEIAA2AhgLIAcgA2ohAyAGIAdqIgYoAgQhBAsgBiAEQX5xNgIEIAIgA2ogAzYCACACIANBAXI2AgQCQCADQf8BSw0AIANBeHFBsNCAgABqIQQCQAJAQQAoAojQgIAAIgVBASADQQN2dCIDcQ0AQQAgBSADcjYCiNCAgAAgBCEDDAELIAQoAgghAwsgAyACNgIMIAQgAjYCCCACIAQ2AgwgAiADNgIIDAMLQR8hBAJAIANB////B0sNACADQQh2IgQgBEGA/j9qQRB2QQhxIgR0IgUgBUGA4B9qQRB2QQRxIgV0IgAgAEGAgA9qQRB2QQJxIgB0QQ92IAQgBXIgAHJrIgRBAXQgAyAEQRVqdkEBcXJBHGohBAsgAiAENgIcIAJCADcCECAEQQJ0QbjSgIAAaiEFAkBBACgCjNCAgAAiAEEBIAR0IghxDQAgBSACNgIAQQAgACAIcjYCjNCAgAAgAiAFNgIYIAIgAjYCCCACIAI2AgwMAwsgA0EAQRkgBEEBdmsgBEEfRht0IQQgBSgCACEAA0AgACIFKAIEQXhxIANGDQIgBEEddiEAIARBAXQhBCAFIABBBHFqQRBqIggoAgAiAA0ACyAIIAI2AgAgAiAFNgIYIAIgAjYCDCACIAI2AggMAgsgAEF4IABrQQ9xQQAgAEEIakEPcRsiA2oiCyAGQUhqIgggA2siA0EBcjYCBCAAIAhqQTg2AgQgBCAFQTcgBWtBD3FBACAFQUlqQQ9xG2pBQWoiCCAIIARBEGpJGyIIQSM2AgRBAEEAKALw04CAADYCpNCAgABBACADNgKU0ICAAEEAIAs2AqDQgIAAIAhBEGpBACkC0NOAgAA3AgAgCEEAKQLI04CAADcCCEEAIAhBCGo2AtDTgIAAQQAgBjYCzNOAgABBACAANgLI04CAAEEAQQA2AtTTgIAAIAhBJGohAwNAIANBBzYCACADQQRqIgMgBUkNAAsgCCAERg0DIAggCCgCBEF+cTYCBCAIIAggBGsiADYCACAEIABBAXI2AgQCQCAAQf8BSw0AIABBeHFBsNCAgABqIQMCQAJAQQAoAojQgIAAIgVBASAAQQN2dCIAcQ0AQQAgBSAAcjYCiNCAgAAgAyEFDAELIAMoAgghBQsgBSAENgIMIAMgBDYCCCAEIAM2AgwgBCAFNgIIDAQLQR8hAwJAIABB////B0sNACAAQQh2IgMgA0GA/j9qQRB2QQhxIgN0IgUgBUGA4B9qQRB2QQRxIgV0IgggCEGAgA9qQRB2QQJxIgh0QQ92IAMgBXIgCHJrIgNBAXQgACADQRVqdkEBcXJBHGohAwsgBCADNgIcIARCADcCECADQQJ0QbjSgIAAaiEFAkBBACgCjNCAgAAiCEEBIAN0IgZxDQAgBSAENgIAQQAgCCAGcjYCjNCAgAAgBCAFNgIYIAQgBDYCCCAEIAQ2AgwMBAsgAEEAQRkgA0EBdmsgA0EfRht0IQMgBSgCACEIA0AgCCIFKAIEQXhxIABGDQMgA0EddiEIIANBAXQhAyAFIAhBBHFqQRBqIgYoAgAiCA0ACyAGIAQ2AgAgBCAFNgIYIAQgBDYCDCAEIAQ2AggMAwsgBSgCCCIDIAI2AgwgBSACNgIIIAJBADYCGCACIAU2AgwgAiADNgIICyALQQhqIQMMBQsgBSgCCCIDIAQ2AgwgBSAENgIIIARBADYCGCAEIAU2AgwgBCADNgIIC0EAKAKU0ICAACIDIAJNDQBBACgCoNCAgAAiBCACaiIFIAMgAmsiA0EBcjYCBEEAIAM2ApTQgIAAQQAgBTYCoNCAgAAgBCACQQNyNgIEIARBCGohAwwDC0EAIQNBAEEwNgL404CAAAwCCwJAIAtFDQACQAJAIAggCCgCHCIFQQJ0QbjSgIAAaiIDKAIARw0AIAMgADYCACAADQFBACAHQX4gBXdxIgc2AozQgIAADAILIAtBEEEUIAsoAhAgCEYbaiAANgIAIABFDQELIAAgCzYCGAJAIAgoAhAiA0UNACAAIAM2AhAgAyAANgIYCyAIQRRqKAIAIgNFDQAgAEEUaiADNgIAIAMgADYCGAsCQAJAIARBD0sNACAIIAQgAmoiA0EDcjYCBCAIIANqIgMgAygCBEEBcjYCBAwBCyAIIAJqIgAgBEEBcjYCBCAIIAJBA3I2AgQgACAEaiAENgIAAkAgBEH/AUsNACAEQXhxQbDQgIAAaiEDAkACQEEAKAKI0ICAACIFQQEgBEEDdnQiBHENAEEAIAUgBHI2AojQgIAAIAMhBAwBCyADKAIIIQQLIAQgADYCDCADIAA2AgggACADNgIMIAAgBDYCCAwBC0EfIQMCQCAEQf///wdLDQAgBEEIdiIDIANBgP4/akEQdkEIcSIDdCIFIAVBgOAfakEQdkEEcSIFdCICIAJBgIAPakEQdkECcSICdEEPdiADIAVyIAJyayIDQQF0IAQgA0EVanZBAXFyQRxqIQMLIAAgAzYCHCAAQgA3AhAgA0ECdEG40oCAAGohBQJAIAdBASADdCICcQ0AIAUgADYCAEEAIAcgAnI2AozQgIAAIAAgBTYCGCAAIAA2AgggACAANgIMDAELIARBAEEZIANBAXZrIANBH0YbdCEDIAUoAgAhAgJAA0AgAiIFKAIEQXhxIARGDQEgA0EddiECIANBAXQhAyAFIAJBBHFqQRBqIgYoAgAiAg0ACyAGIAA2AgAgACAFNgIYIAAgADYCDCAAIAA2AggMAQsgBSgCCCIDIAA2AgwgBSAANgIIIABBADYCGCAAIAU2AgwgACADNgIICyAIQQhqIQMMAQsCQCAKRQ0AAkACQCAAIAAoAhwiBUECdEG40oCAAGoiAygCAEcNACADIAg2AgAgCA0BQQAgCUF+IAV3cTYCjNCAgAAMAgsgCkEQQRQgCigCECAARhtqIAg2AgAgCEUNAQsgCCAKNgIYAkAgACgCECIDRQ0AIAggAzYCECADIAg2AhgLIABBFGooAgAiA0UNACAIQRRqIAM2AgAgAyAINgIYCwJAAkAgBEEPSw0AIAAgBCACaiIDQQNyNgIEIAAgA2oiAyADKAIEQQFyNgIEDAELIAAgAmoiBSAEQQFyNgIEIAAgAkEDcjYCBCAFIARqIAQ2AgACQCAHRQ0AIAdBeHFBsNCAgABqIQJBACgCnNCAgAAhAwJAAkBBASAHQQN2dCIIIAZxDQBBACAIIAZyNgKI0ICAACACIQgMAQsgAigCCCEICyAIIAM2AgwgAiADNgIIIAMgAjYCDCADIAg2AggLQQAgBTYCnNCAgABBACAENgKQ0ICAAAsgAEEIaiEDCyABQRBqJICAgIAAIAMLCgAgABDJgICAAAviDQEHfwJAIABFDQAgAEF4aiIBIABBfGooAgAiAkF4cSIAaiEDAkAgAkEBcQ0AIAJBA3FFDQEgASABKAIAIgJrIgFBACgCmNCAgAAiBEkNASACIABqIQACQCABQQAoApzQgIAARg0AAkAgAkH/AUsNACABKAIIIgQgAkEDdiIFQQN0QbDQgIAAaiIGRhoCQCABKAIMIgIgBEcNAEEAQQAoAojQgIAAQX4gBXdxNgKI0ICAAAwDCyACIAZGGiACIAQ2AgggBCACNgIMDAILIAEoAhghBwJAAkAgASgCDCIGIAFGDQAgASgCCCICIARJGiAGIAI2AgggAiAGNgIMDAELAkAgAUEUaiICKAIAIgQNACABQRBqIgIoAgAiBA0AQQAhBgwBCwNAIAIhBSAEIgZBFGoiAigCACIEDQAgBkEQaiECIAYoAhAiBA0ACyAFQQA2AgALIAdFDQECQAJAIAEgASgCHCIEQQJ0QbjSgIAAaiICKAIARw0AIAIgBjYCACAGDQFBAEEAKAKM0ICAAEF+IAR3cTYCjNCAgAAMAwsgB0EQQRQgBygCECABRhtqIAY2AgAgBkUNAgsgBiAHNgIYAkAgASgCECICRQ0AIAYgAjYCECACIAY2AhgLIAEoAhQiAkUNASAGQRRqIAI2AgAgAiAGNgIYDAELIAMoAgQiAkEDcUEDRw0AIAMgAkF+cTYCBEEAIAA2ApDQgIAAIAEgAGogADYCACABIABBAXI2AgQPCyABIANPDQAgAygCBCICQQFxRQ0AAkACQCACQQJxDQACQCADQQAoAqDQgIAARw0AQQAgATYCoNCAgABBAEEAKAKU0ICAACAAaiIANgKU0ICAACABIABBAXI2AgQgAUEAKAKc0ICAAEcNA0EAQQA2ApDQgIAAQQBBADYCnNCAgAAPCwJAIANBACgCnNCAgABHDQBBACABNgKc0ICAAEEAQQAoApDQgIAAIABqIgA2ApDQgIAAIAEgAEEBcjYCBCABIABqIAA2AgAPCyACQXhxIABqIQACQAJAIAJB/wFLDQAgAygCCCIEIAJBA3YiBUEDdEGw0ICAAGoiBkYaAkAgAygCDCICIARHDQBBAEEAKAKI0ICAAEF+IAV3cTYCiNCAgAAMAgsgAiAGRhogAiAENgIIIAQgAjYCDAwBCyADKAIYIQcCQAJAIAMoAgwiBiADRg0AIAMoAggiAkEAKAKY0ICAAEkaIAYgAjYCCCACIAY2AgwMAQsCQCADQRRqIgIoAgAiBA0AIANBEGoiAigCACIEDQBBACEGDAELA0AgAiEFIAQiBkEUaiICKAIAIgQNACAGQRBqIQIgBigCECIEDQALIAVBADYCAAsgB0UNAAJAAkAgAyADKAIcIgRBAnRBuNKAgABqIgIoAgBHDQAgAiAGNgIAIAYNAUEAQQAoAozQgIAAQX4gBHdxNgKM0ICAAAwCCyAHQRBBFCAHKAIQIANGG2ogBjYCACAGRQ0BCyAGIAc2AhgCQCADKAIQIgJFDQAgBiACNgIQIAIgBjYCGAsgAygCFCICRQ0AIAZBFGogAjYCACACIAY2AhgLIAEgAGogADYCACABIABBAXI2AgQgAUEAKAKc0ICAAEcNAUEAIAA2ApDQgIAADwsgAyACQX5xNgIEIAEgAGogADYCACABIABBAXI2AgQLAkAgAEH/AUsNACAAQXhxQbDQgIAAaiECAkACQEEAKAKI0ICAACIEQQEgAEEDdnQiAHENAEEAIAQgAHI2AojQgIAAIAIhAAwBCyACKAIIIQALIAAgATYCDCACIAE2AgggASACNgIMIAEgADYCCA8LQR8hAgJAIABB////B0sNACAAQQh2IgIgAkGA/j9qQRB2QQhxIgJ0IgQgBEGA4B9qQRB2QQRxIgR0IgYgBkGAgA9qQRB2QQJxIgZ0QQ92IAIgBHIgBnJrIgJBAXQgACACQRVqdkEBcXJBHGohAgsgASACNgIcIAFCADcCECACQQJ0QbjSgIAAaiEEAkACQEEAKAKM0ICAACIGQQEgAnQiA3ENACAEIAE2AgBBACAGIANyNgKM0ICAACABIAQ2AhggASABNgIIIAEgATYCDAwBCyAAQQBBGSACQQF2ayACQR9GG3QhAiAEKAIAIQYCQANAIAYiBCgCBEF4cSAARg0BIAJBHXYhBiACQQF0IQIgBCAGQQRxakEQaiIDKAIAIgYNAAsgAyABNgIAIAEgBDYCGCABIAE2AgwgASABNgIIDAELIAQoAggiACABNgIMIAQgATYCCCABQQA2AhggASAENgIMIAEgADYCCAtBAEEAKAKo0ICAAEF/aiIBQX8gARs2AqjQgIAACwsEAAAAC04AAkAgAA0APwBBEHQPCwJAIABB//8DcQ0AIABBf0wNAAJAIABBEHZAACIAQX9HDQBBAEEwNgL404CAAEF/DwsgAEEQdA8LEMqAgIAAAAvyAgIDfwF+AkAgAkUNACAAIAE6AAAgAiAAaiIDQX9qIAE6AAAgAkEDSQ0AIAAgAToAAiAAIAE6AAEgA0F9aiABOgAAIANBfmogAToAACACQQdJDQAgACABOgADIANBfGogAToAACACQQlJDQAgAEEAIABrQQNxIgRqIgMgAUH/AXFBgYKECGwiATYCACADIAIgBGtBfHEiBGoiAkF8aiABNgIAIARBCUkNACADIAE2AgggAyABNgIEIAJBeGogATYCACACQXRqIAE2AgAgBEEZSQ0AIAMgATYCGCADIAE2AhQgAyABNgIQIAMgATYCDCACQXBqIAE2AgAgAkFsaiABNgIAIAJBaGogATYCACACQWRqIAE2AgAgBCADQQRxQRhyIgVrIgJBIEkNACABrUKBgICAEH4hBiADIAVqIQEDQCABIAY3AxggASAGNwMQIAEgBjcDCCABIAY3AwAgAUEgaiEBIAJBYGoiAkEfSw0ACwsgAAsLjkgBAEGACAuGSAEAAAACAAAAAwAAAAAAAAAAAAAABAAAAAUAAAAAAAAAAAAAAAYAAAAHAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASW52YWxpZCBjaGFyIGluIHVybCBxdWVyeQBTcGFuIGNhbGxiYWNrIGVycm9yIGluIG9uX2JvZHkAQ29udGVudC1MZW5ndGggb3ZlcmZsb3cAQ2h1bmsgc2l6ZSBvdmVyZmxvdwBSZXNwb25zZSBvdmVyZmxvdwBJbnZhbGlkIG1ldGhvZCBmb3IgSFRUUC94LnggcmVxdWVzdABJbnZhbGlkIG1ldGhvZCBmb3IgUlRTUC94LnggcmVxdWVzdABFeHBlY3RlZCBTT1VSQ0UgbWV0aG9kIGZvciBJQ0UveC54IHJlcXVlc3QASW52YWxpZCBjaGFyIGluIHVybCBmcmFnbWVudCBzdGFydABFeHBlY3RlZCBkb3QAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9zdGF0dXMASW52YWxpZCByZXNwb25zZSBzdGF0dXMASW52YWxpZCBjaGFyYWN0ZXIgaW4gY2h1bmsgZXh0ZW5zaW9ucwBVc2VyIGNhbGxiYWNrIGVycm9yAGBvbl9yZXNldGAgY2FsbGJhY2sgZXJyb3IAYG9uX2NodW5rX2hlYWRlcmAgY2FsbGJhY2sgZXJyb3IAYG9uX21lc3NhZ2VfYmVnaW5gIGNhbGxiYWNrIGVycm9yAGBvbl9jaHVua19leHRlbnNpb25fdmFsdWVgIGNhbGxiYWNrIGVycm9yAGBvbl9zdGF0dXNfY29tcGxldGVgIGNhbGxiYWNrIGVycm9yAGBvbl92ZXJzaW9uX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fdXJsX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fY2h1bmtfY29tcGxldGVgIGNhbGxiYWNrIGVycm9yAGBvbl9oZWFkZXJfdmFsdWVfY29tcGxldGVgIGNhbGxiYWNrIGVycm9yAGBvbl9tZXNzYWdlX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fbWV0aG9kX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25faGVhZGVyX2ZpZWxkX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fY2h1bmtfZXh0ZW5zaW9uX25hbWVgIGNhbGxiYWNrIGVycm9yAFVuZXhwZWN0ZWQgY2hhciBpbiB1cmwgc2VydmVyAEludmFsaWQgaGVhZGVyIHZhbHVlIGNoYXIASW52YWxpZCBoZWFkZXIgZmllbGQgY2hhcgBTcGFuIGNhbGxiYWNrIGVycm9yIGluIG9uX3ZlcnNpb24ASW52YWxpZCBtaW5vciB2ZXJzaW9uAEludmFsaWQgbWFqb3IgdmVyc2lvbgBFeHBlY3RlZCBzcGFjZSBhZnRlciB2ZXJzaW9uAEV4cGVjdGVkIENSTEYgYWZ0ZXIgdmVyc2lvbgBJbnZhbGlkIEhUVFAgdmVyc2lvbgBJbnZhbGlkIGhlYWRlciB0b2tlbgBTcGFuIGNhbGxiYWNrIGVycm9yIGluIG9uX3VybABJbnZhbGlkIGNoYXJhY3RlcnMgaW4gdXJsAFVuZXhwZWN0ZWQgc3RhcnQgY2hhciBpbiB1cmwARG91YmxlIEAgaW4gdXJsAEVtcHR5IENvbnRlbnQtTGVuZ3RoAEludmFsaWQgY2hhcmFjdGVyIGluIENvbnRlbnQtTGVuZ3RoAER1cGxpY2F0ZSBDb250ZW50LUxlbmd0aABJbnZhbGlkIGNoYXIgaW4gdXJsIHBhdGgAQ29udGVudC1MZW5ndGggY2FuJ3QgYmUgcHJlc2VudCB3aXRoIFRyYW5zZmVyLUVuY29kaW5nAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIHNpemUAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9oZWFkZXJfdmFsdWUAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9jaHVua19leHRlbnNpb25fdmFsdWUASW52YWxpZCBjaGFyYWN0ZXIgaW4gY2h1bmsgZXh0ZW5zaW9ucyB2YWx1ZQBNaXNzaW5nIGV4cGVjdGVkIExGIGFmdGVyIGhlYWRlciB2YWx1ZQBJbnZhbGlkIGBUcmFuc2Zlci1FbmNvZGluZ2AgaGVhZGVyIHZhbHVlAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIGV4dGVuc2lvbnMgcXVvdGUgdmFsdWUASW52YWxpZCBjaGFyYWN0ZXIgaW4gY2h1bmsgZXh0ZW5zaW9ucyBxdW90ZWQgdmFsdWUAUGF1c2VkIGJ5IG9uX2hlYWRlcnNfY29tcGxldGUASW52YWxpZCBFT0Ygc3RhdGUAb25fcmVzZXQgcGF1c2UAb25fY2h1bmtfaGVhZGVyIHBhdXNlAG9uX21lc3NhZ2VfYmVnaW4gcGF1c2UAb25fY2h1bmtfZXh0ZW5zaW9uX3ZhbHVlIHBhdXNlAG9uX3N0YXR1c19jb21wbGV0ZSBwYXVzZQBvbl92ZXJzaW9uX2NvbXBsZXRlIHBhdXNlAG9uX3VybF9jb21wbGV0ZSBwYXVzZQBvbl9jaHVua19jb21wbGV0ZSBwYXVzZQBvbl9oZWFkZXJfdmFsdWVfY29tcGxldGUgcGF1c2UAb25fbWVzc2FnZV9jb21wbGV0ZSBwYXVzZQBvbl9tZXRob2RfY29tcGxldGUgcGF1c2UAb25faGVhZGVyX2ZpZWxkX2NvbXBsZXRlIHBhdXNlAG9uX2NodW5rX2V4dGVuc2lvbl9uYW1lIHBhdXNlAFVuZXhwZWN0ZWQgc3BhY2UgYWZ0ZXIgc3RhcnQgbGluZQBTcGFuIGNhbGxiYWNrIGVycm9yIGluIG9uX2NodW5rX2V4dGVuc2lvbl9uYW1lAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIGV4dGVuc2lvbnMgbmFtZQBQYXVzZSBvbiBDT05ORUNUL1VwZ3JhZGUAUGF1c2Ugb24gUFJJL1VwZ3JhZGUARXhwZWN0ZWQgSFRUUC8yIENvbm5lY3Rpb24gUHJlZmFjZQBTcGFuIGNhbGxiYWNrIGVycm9yIGluIG9uX21ldGhvZABFeHBlY3RlZCBzcGFjZSBhZnRlciBtZXRob2QAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9oZWFkZXJfZmllbGQAUGF1c2VkAEludmFsaWQgd29yZCBlbmNvdW50ZXJlZABJbnZhbGlkIG1ldGhvZCBlbmNvdW50ZXJlZABVbmV4cGVjdGVkIGNoYXIgaW4gdXJsIHNjaGVtYQBSZXF1ZXN0IGhhcyBpbnZhbGlkIGBUcmFuc2Zlci1FbmNvZGluZ2AAU1dJVENIX1BST1hZAFVTRV9QUk9YWQBNS0FDVElWSVRZAFVOUFJPQ0VTU0FCTEVfRU5USVRZAENPUFkATU9WRURfUEVSTUFORU5UTFkAVE9PX0VBUkxZAE5PVElGWQBGQUlMRURfREVQRU5ERU5DWQBCQURfR0FURVdBWQBQTEFZAFBVVABDSEVDS09VVABHQVRFV0FZX1RJTUVPVVQAUkVRVUVTVF9USU1FT1VUAE5FVFdPUktfQ09OTkVDVF9USU1FT1VUAENPTk5FQ1RJT05fVElNRU9VVABMT0dJTl9USU1FT1VUAE5FVFdPUktfUkVBRF9USU1FT1VUAFBPU1QATUlTRElSRUNURURfUkVRVUVTVABDTElFTlRfQ0xPU0VEX1JFUVVFU1QAQ0xJRU5UX0NMT1NFRF9MT0FEX0JBTEFOQ0VEX1JFUVVFU1QAQkFEX1JFUVVFU1QASFRUUF9SRVFVRVNUX1NFTlRfVE9fSFRUUFNfUE9SVABSRVBPUlQASU1fQV9URUFQT1QAUkVTRVRfQ09OVEVOVABOT19DT05URU5UAFBBUlRJQUxfQ09OVEVOVABIUEVfSU5WQUxJRF9DT05TVEFOVABIUEVfQ0JfUkVTRVQAR0VUAEhQRV9TVFJJQ1QAQ09ORkxJQ1QAVEVNUE9SQVJZX1JFRElSRUNUAFBFUk1BTkVOVF9SRURJUkVDVABDT05ORUNUAE1VTFRJX1NUQVRVUwBIUEVfSU5WQUxJRF9TVEFUVVMAVE9PX01BTllfUkVRVUVTVFMARUFSTFlfSElOVFMAVU5BVkFJTEFCTEVfRk9SX0xFR0FMX1JFQVNPTlMAT1BUSU9OUwBTV0lUQ0hJTkdfUFJPVE9DT0xTAFZBUklBTlRfQUxTT19ORUdPVElBVEVTAE1VTFRJUExFX0NIT0lDRVMASU5URVJOQUxfU0VSVkVSX0VSUk9SAFdFQl9TRVJWRVJfVU5LTk9XTl9FUlJPUgBSQUlMR1VOX0VSUk9SAElERU5USVRZX1BST1ZJREVSX0FVVEhFTlRJQ0FUSU9OX0VSUk9SAFNTTF9DRVJUSUZJQ0FURV9FUlJPUgBJTlZBTElEX1hfRk9SV0FSREVEX0ZPUgBTRVRfUEFSQU1FVEVSAEdFVF9QQVJBTUVURVIASFBFX1VTRVIAU0VFX09USEVSAEhQRV9DQl9DSFVOS19IRUFERVIATUtDQUxFTkRBUgBTRVRVUABXRUJfU0VSVkVSX0lTX0RPV04AVEVBUkRPV04ASFBFX0NMT1NFRF9DT05ORUNUSU9OAEhFVVJJU1RJQ19FWFBJUkFUSU9OAERJU0NPTk5FQ1RFRF9PUEVSQVRJT04ATk9OX0FVVEhPUklUQVRJVkVfSU5GT1JNQVRJT04ASFBFX0lOVkFMSURfVkVSU0lPTgBIUEVfQ0JfTUVTU0FHRV9CRUdJTgBTSVRFX0lTX0ZST1pFTgBIUEVfSU5WQUxJRF9IRUFERVJfVE9LRU4ASU5WQUxJRF9UT0tFTgBGT1JCSURERU4ARU5IQU5DRV9ZT1VSX0NBTE0ASFBFX0lOVkFMSURfVVJMAEJMT0NLRURfQllfUEFSRU5UQUxfQ09OVFJPTABNS0NPTABBQ0wASFBFX0lOVEVSTkFMAFJFUVVFU1RfSEVBREVSX0ZJRUxEU19UT09fTEFSR0VfVU5PRkZJQ0lBTABIUEVfT0sAVU5MSU5LAFVOTE9DSwBQUkkAUkVUUllfV0lUSABIUEVfSU5WQUxJRF9DT05URU5UX0xFTkdUSABIUEVfVU5FWFBFQ1RFRF9DT05URU5UX0xFTkdUSABGTFVTSABQUk9QUEFUQ0gATS1TRUFSQ0gAVVJJX1RPT19MT05HAFBST0NFU1NJTkcATUlTQ0VMTEFORU9VU19QRVJTSVNURU5UX1dBUk5JTkcATUlTQ0VMTEFORU9VU19XQVJOSU5HAEhQRV9JTlZBTElEX1RSQU5TRkVSX0VOQ09ESU5HAEV4cGVjdGVkIENSTEYASFBFX0lOVkFMSURfQ0hVTktfU0laRQBNT1ZFAENPTlRJTlVFAEhQRV9DQl9TVEFUVVNfQ09NUExFVEUASFBFX0NCX0hFQURFUlNfQ09NUExFVEUASFBFX0NCX1ZFUlNJT05fQ09NUExFVEUASFBFX0NCX1VSTF9DT01QTEVURQBIUEVfQ0JfQ0hVTktfQ09NUExFVEUASFBFX0NCX0hFQURFUl9WQUxVRV9DT01QTEVURQBIUEVfQ0JfQ0hVTktfRVhURU5TSU9OX1ZBTFVFX0NPTVBMRVRFAEhQRV9DQl9DSFVOS19FWFRFTlNJT05fTkFNRV9DT01QTEVURQBIUEVfQ0JfTUVTU0FHRV9DT01QTEVURQBIUEVfQ0JfTUVUSE9EX0NPTVBMRVRFAEhQRV9DQl9IRUFERVJfRklFTERfQ09NUExFVEUAREVMRVRFAEhQRV9JTlZBTElEX0VPRl9TVEFURQBJTlZBTElEX1NTTF9DRVJUSUZJQ0FURQBQQVVTRQBOT19SRVNQT05TRQBVTlNVUFBPUlRFRF9NRURJQV9UWVBFAEdPTkUATk9UX0FDQ0VQVEFCTEUAU0VSVklDRV9VTkFWQUlMQUJMRQBSQU5HRV9OT1RfU0FUSVNGSUFCTEUAT1JJR0lOX0lTX1VOUkVBQ0hBQkxFAFJFU1BPTlNFX0lTX1NUQUxFAFBVUkdFAE1FUkdFAFJFUVVFU1RfSEVBREVSX0ZJRUxEU19UT09fTEFSR0UAUkVRVUVTVF9IRUFERVJfVE9PX0xBUkdFAFBBWUxPQURfVE9PX0xBUkdFAElOU1VGRklDSUVOVF9TVE9SQUdFAEhQRV9QQVVTRURfVVBHUkFERQBIUEVfUEFVU0VEX0gyX1VQR1JBREUAU09VUkNFAEFOTk9VTkNFAFRSQUNFAEhQRV9VTkVYUEVDVEVEX1NQQUNFAERFU0NSSUJFAFVOU1VCU0NSSUJFAFJFQ09SRABIUEVfSU5WQUxJRF9NRVRIT0QATk9UX0ZPVU5EAFBST1BGSU5EAFVOQklORABSRUJJTkQAVU5BVVRIT1JJWkVEAE1FVEhPRF9OT1RfQUxMT1dFRABIVFRQX1ZFUlNJT05fTk9UX1NVUFBPUlRFRABBTFJFQURZX1JFUE9SVEVEAEFDQ0VQVEVEAE5PVF9JTVBMRU1FTlRFRABMT09QX0RFVEVDVEVEAEhQRV9DUl9FWFBFQ1RFRABIUEVfTEZfRVhQRUNURUQAQ1JFQVRFRABJTV9VU0VEAEhQRV9QQVVTRUQAVElNRU9VVF9PQ0NVUkVEAFBBWU1FTlRfUkVRVUlSRUQAUFJFQ09ORElUSU9OX1JFUVVJUkVEAFBST1hZX0FVVEhFTlRJQ0FUSU9OX1JFUVVJUkVEAE5FVFdPUktfQVVUSEVOVElDQVRJT05fUkVRVUlSRUQATEVOR1RIX1JFUVVJUkVEAFNTTF9DRVJUSUZJQ0FURV9SRVFVSVJFRABVUEdSQURFX1JFUVVJUkVEAFBBR0VfRVhQSVJFRABQUkVDT05ESVRJT05fRkFJTEVEAEVYUEVDVEFUSU9OX0ZBSUxFRABSRVZBTElEQVRJT05fRkFJTEVEAFNTTF9IQU5EU0hBS0VfRkFJTEVEAExPQ0tFRABUUkFOU0ZPUk1BVElPTl9BUFBMSUVEAE5PVF9NT0RJRklFRABOT1RfRVhURU5ERUQAQkFORFdJRFRIX0xJTUlUX0VYQ0VFREVEAFNJVEVfSVNfT1ZFUkxPQURFRABIRUFEAEV4cGVjdGVkIEhUVFAvAABeEwAAJhMAADAQAADwFwAAnRMAABUSAAA5FwAA8BIAAAoQAAB1EgAArRIAAIITAABPFAAAfxAAAKAVAAAjFAAAiRIAAIsUAABNFQAA1BEAAM8UAAAQGAAAyRYAANwWAADBEQAA4BcAALsUAAB0FAAAfBUAAOUUAAAIFwAAHxAAAGUVAACjFAAAKBUAAAIVAACZFQAALBAAAIsZAABPDwAA1A4AAGoQAADOEAAAAhcAAIkOAABuEwAAHBMAAGYUAABWFwAAwRMAAM0TAABsEwAAaBcAAGYXAABfFwAAIhMAAM4PAABpDgAA2A4AAGMWAADLEwAAqg4AACgXAAAmFwAAxRMAAF0WAADoEQAAZxMAAGUTAADyFgAAcxMAAB0XAAD5FgAA8xEAAM8OAADOFQAADBIAALMRAAClEQAAYRAAADIXAAC7EwAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAgMCAgICAgAAAgIAAgIAAgICAgICAgICAgAEAAAAAAACAgICAgICAgICAgICAgICAgICAgICAgICAgAAAAICAgICAgICAgICAgICAgICAgICAgICAgICAgICAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAIAAgICAgIAAAICAAICAAICAgICAgICAgIAAwAEAAAAAgICAgICAgICAgICAgICAgICAgICAgICAgIAAAACAgICAgICAgICAgICAgICAgICAgICAgICAgICAgACAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsb3NlZWVwLWFsaXZlAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQFjaHVua2VkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQABAQEBAQAAAQEAAQEAAQEBAQEBAQEBAQAAAAAAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGVjdGlvbmVudC1sZW5ndGhvbnJveHktY29ubmVjdGlvbgAAAAAAAAAAAAAAAAAAAHJhbnNmZXItZW5jb2RpbmdwZ3JhZGUNCg0KDQpTTQ0KDQpUVFAvQ0UvVFNQLwAAAAAAAAAAAAAAAAECAAEDAAAAAAAAAAAAAAAAAAAAAAAABAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAABAgABAwAAAAAAAAAAAAAAAAAAAAAAAAQBAQUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAABAAACAAAAAAAAAAAAAAAAAAAAAAAAAwQAAAQEBAQEBAQEBAQEBQQEBAQEBAQEBAQEBAAEAAYHBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQABAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAAAAAAAAAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAgAAAAACAAAAAAAAAAAAAAAAAAAAAAADAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwAAAAAAAAMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE5PVU5DRUVDS09VVE5FQ1RFVEVDUklCRUxVU0hFVEVBRFNFQVJDSFJHRUNUSVZJVFlMRU5EQVJWRU9USUZZUFRJT05TQ0hTRUFZU1RBVENIR0VPUkRJUkVDVE9SVFJDSFBBUkFNRVRFUlVSQ0VCU0NSSUJFQVJET1dOQUNFSU5ETktDS1VCU0NSSUJFSFRUUC9BRFRQLw=='\n","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.enumToMap = void 0;\nfunction enumToMap(obj) {\n    const res = {};\n    Object.keys(obj).forEach((key) => {\n        const value = obj[key];\n        if (typeof value === 'number') {\n            res[key] = value;\n        }\n    });\n    return res;\n}\nexports.enumToMap = enumToMap;\n//# sourceMappingURL=utils.js.map","'use strict'\n\nconst { kClients } = require('../core/symbols')\nconst Agent = require('../agent')\nconst {\n  kAgent,\n  kMockAgentSet,\n  kMockAgentGet,\n  kDispatches,\n  kIsMockActive,\n  kNetConnect,\n  kGetNetConnect,\n  kOptions,\n  kFactory\n} = require('./mock-symbols')\nconst MockClient = require('./mock-client')\nconst MockPool = require('./mock-pool')\nconst { matchValue, buildMockOptions } = require('./mock-utils')\nconst { InvalidArgumentError, UndiciError } = require('../core/errors')\nconst Dispatcher = require('../dispatcher')\nconst Pluralizer = require('./pluralizer')\nconst PendingInterceptorsFormatter = require('./pending-interceptors-formatter')\n\nclass FakeWeakRef {\n  constructor (value) {\n    this.value = value\n  }\n\n  deref () {\n    return this.value\n  }\n}\n\nclass MockAgent extends Dispatcher {\n  constructor (opts) {\n    super(opts)\n\n    this[kNetConnect] = true\n    this[kIsMockActive] = true\n\n    // Instantiate Agent and encapsulate\n    if ((opts && opts.agent && typeof opts.agent.dispatch !== 'function')) {\n      throw new InvalidArgumentError('Argument opts.agent must implement Agent')\n    }\n    const agent = opts && opts.agent ? opts.agent : new Agent(opts)\n    this[kAgent] = agent\n\n    this[kClients] = agent[kClients]\n    this[kOptions] = buildMockOptions(opts)\n  }\n\n  get (origin) {\n    let dispatcher = this[kMockAgentGet](origin)\n\n    if (!dispatcher) {\n      dispatcher = this[kFactory](origin)\n      this[kMockAgentSet](origin, dispatcher)\n    }\n    return dispatcher\n  }\n\n  dispatch (opts, handler) {\n    // Call MockAgent.get to perform additional setup before dispatching as normal\n    this.get(opts.origin)\n    return this[kAgent].dispatch(opts, handler)\n  }\n\n  async close () {\n    await this[kAgent].close()\n    this[kClients].clear()\n  }\n\n  deactivate () {\n    this[kIsMockActive] = false\n  }\n\n  activate () {\n    this[kIsMockActive] = true\n  }\n\n  enableNetConnect (matcher) {\n    if (typeof matcher === 'string' || typeof matcher === 'function' || matcher instanceof RegExp) {\n      if (Array.isArray(this[kNetConnect])) {\n        this[kNetConnect].push(matcher)\n      } else {\n        this[kNetConnect] = [matcher]\n      }\n    } else if (typeof matcher === 'undefined') {\n      this[kNetConnect] = true\n    } else {\n      throw new InvalidArgumentError('Unsupported matcher. Must be one of String|Function|RegExp.')\n    }\n  }\n\n  disableNetConnect () {\n    this[kNetConnect] = false\n  }\n\n  // This is required to bypass issues caused by using global symbols - see:\n  // https://github.com/nodejs/undici/issues/1447\n  get isMockActive () {\n    return this[kIsMockActive]\n  }\n\n  [kMockAgentSet] (origin, dispatcher) {\n    this[kClients].set(origin, new FakeWeakRef(dispatcher))\n  }\n\n  [kFactory] (origin) {\n    const mockOptions = Object.assign({ agent: this }, this[kOptions])\n    return this[kOptions] && this[kOptions].connections === 1\n      ? new MockClient(origin, mockOptions)\n      : new MockPool(origin, mockOptions)\n  }\n\n  [kMockAgentGet] (origin) {\n    // First check if we can immediately find it\n    const ref = this[kClients].get(origin)\n    if (ref) {\n      return ref.deref()\n    }\n\n    // If the origin is not a string create a dummy parent pool and return to user\n    if (typeof origin !== 'string') {\n      const dispatcher = this[kFactory]('http://localhost:9999')\n      this[kMockAgentSet](origin, dispatcher)\n      return dispatcher\n    }\n\n    // If we match, create a pool and assign the same dispatches\n    for (const [keyMatcher, nonExplicitRef] of Array.from(this[kClients])) {\n      const nonExplicitDispatcher = nonExplicitRef.deref()\n      if (nonExplicitDispatcher && typeof keyMatcher !== 'string' && matchValue(keyMatcher, origin)) {\n        const dispatcher = this[kFactory](origin)\n        this[kMockAgentSet](origin, dispatcher)\n        dispatcher[kDispatches] = nonExplicitDispatcher[kDispatches]\n        return dispatcher\n      }\n    }\n  }\n\n  [kGetNetConnect] () {\n    return this[kNetConnect]\n  }\n\n  pendingInterceptors () {\n    const mockAgentClients = this[kClients]\n\n    return Array.from(mockAgentClients.entries())\n      .flatMap(([origin, scope]) => scope.deref()[kDispatches].map(dispatch => ({ ...dispatch, origin })))\n      .filter(({ pending }) => pending)\n  }\n\n  assertNoPendingInterceptors ({ pendingInterceptorsFormatter = new PendingInterceptorsFormatter() } = {}) {\n    const pending = this.pendingInterceptors()\n\n    if (pending.length === 0) {\n      return\n    }\n\n    const pluralizer = new Pluralizer('interceptor', 'interceptors').pluralize(pending.length)\n\n    throw new UndiciError(`\n${pluralizer.count} ${pluralizer.noun} ${pluralizer.is} pending:\n\n${pendingInterceptorsFormatter.format(pending)}\n`.trim())\n  }\n}\n\nmodule.exports = MockAgent\n","'use strict'\n\nconst { promisify } = require('util')\nconst Client = require('../client')\nconst { buildMockDispatch } = require('./mock-utils')\nconst {\n  kDispatches,\n  kMockAgent,\n  kClose,\n  kOriginalClose,\n  kOrigin,\n  kOriginalDispatch,\n  kConnected\n} = require('./mock-symbols')\nconst { MockInterceptor } = require('./mock-interceptor')\nconst Symbols = require('../core/symbols')\nconst { InvalidArgumentError } = require('../core/errors')\n\n/**\n * MockClient provides an API that extends the Client to influence the mockDispatches.\n */\nclass MockClient extends Client {\n  constructor (origin, opts) {\n    super(origin, opts)\n\n    if (!opts || !opts.agent || typeof opts.agent.dispatch !== 'function') {\n      throw new InvalidArgumentError('Argument opts.agent must implement Agent')\n    }\n\n    this[kMockAgent] = opts.agent\n    this[kOrigin] = origin\n    this[kDispatches] = []\n    this[kConnected] = 1\n    this[kOriginalDispatch] = this.dispatch\n    this[kOriginalClose] = this.close.bind(this)\n\n    this.dispatch = buildMockDispatch.call(this)\n    this.close = this[kClose]\n  }\n\n  get [Symbols.kConnected] () {\n    return this[kConnected]\n  }\n\n  /**\n   * Sets up the base interceptor for mocking replies from undici.\n   */\n  intercept (opts) {\n    return new MockInterceptor(opts, this[kDispatches])\n  }\n\n  async [kClose] () {\n    await promisify(this[kOriginalClose])()\n    this[kConnected] = 0\n    this[kMockAgent][Symbols.kClients].delete(this[kOrigin])\n  }\n}\n\nmodule.exports = MockClient\n","'use strict'\n\nconst { UndiciError } = require('../core/errors')\n\nclass MockNotMatchedError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, MockNotMatchedError)\n    this.name = 'MockNotMatchedError'\n    this.message = message || 'The request does not match any registered mock dispatches'\n    this.code = 'UND_MOCK_ERR_MOCK_NOT_MATCHED'\n  }\n}\n\nmodule.exports = {\n  MockNotMatchedError\n}\n","'use strict'\n\nconst { getResponseData, buildKey, addMockDispatch } = require('./mock-utils')\nconst {\n  kDispatches,\n  kDispatchKey,\n  kDefaultHeaders,\n  kDefaultTrailers,\n  kContentLength,\n  kMockDispatch\n} = require('./mock-symbols')\nconst { InvalidArgumentError } = require('../core/errors')\nconst { buildURL } = require('../core/util')\n\n/**\n * Defines the scope API for an interceptor reply\n */\nclass MockScope {\n  constructor (mockDispatch) {\n    this[kMockDispatch] = mockDispatch\n  }\n\n  /**\n   * Delay a reply by a set amount in ms.\n   */\n  delay (waitInMs) {\n    if (typeof waitInMs !== 'number' || !Number.isInteger(waitInMs) || waitInMs <= 0) {\n      throw new InvalidArgumentError('waitInMs must be a valid integer > 0')\n    }\n\n    this[kMockDispatch].delay = waitInMs\n    return this\n  }\n\n  /**\n   * For a defined reply, never mark as consumed.\n   */\n  persist () {\n    this[kMockDispatch].persist = true\n    return this\n  }\n\n  /**\n   * Allow one to define a reply for a set amount of matching requests.\n   */\n  times (repeatTimes) {\n    if (typeof repeatTimes !== 'number' || !Number.isInteger(repeatTimes) || repeatTimes <= 0) {\n      throw new InvalidArgumentError('repeatTimes must be a valid integer > 0')\n    }\n\n    this[kMockDispatch].times = repeatTimes\n    return this\n  }\n}\n\n/**\n * Defines an interceptor for a Mock\n */\nclass MockInterceptor {\n  constructor (opts, mockDispatches) {\n    if (typeof opts !== 'object') {\n      throw new InvalidArgumentError('opts must be an object')\n    }\n    if (typeof opts.path === 'undefined') {\n      throw new InvalidArgumentError('opts.path must be defined')\n    }\n    if (typeof opts.method === 'undefined') {\n      opts.method = 'GET'\n    }\n    // See https://github.com/nodejs/undici/issues/1245\n    // As per RFC 3986, clients are not supposed to send URI\n    // fragments to servers when they retrieve a document,\n    if (typeof opts.path === 'string') {\n      if (opts.query) {\n        opts.path = buildURL(opts.path, opts.query)\n      } else {\n        // Matches https://github.com/nodejs/undici/blob/main/lib/fetch/index.js#L1811\n        const parsedURL = new URL(opts.path, 'data://')\n        opts.path = parsedURL.pathname + parsedURL.search\n      }\n    }\n    if (typeof opts.method === 'string') {\n      opts.method = opts.method.toUpperCase()\n    }\n\n    this[kDispatchKey] = buildKey(opts)\n    this[kDispatches] = mockDispatches\n    this[kDefaultHeaders] = {}\n    this[kDefaultTrailers] = {}\n    this[kContentLength] = false\n  }\n\n  createMockScopeDispatchData (statusCode, data, responseOptions = {}) {\n    const responseData = getResponseData(data)\n    const contentLength = this[kContentLength] ? { 'content-length': responseData.length } : {}\n    const headers = { ...this[kDefaultHeaders], ...contentLength, ...responseOptions.headers }\n    const trailers = { ...this[kDefaultTrailers], ...responseOptions.trailers }\n\n    return { statusCode, data, headers, trailers }\n  }\n\n  validateReplyParameters (statusCode, data, responseOptions) {\n    if (typeof statusCode === 'undefined') {\n      throw new InvalidArgumentError('statusCode must be defined')\n    }\n    if (typeof data === 'undefined') {\n      throw new InvalidArgumentError('data must be defined')\n    }\n    if (typeof responseOptions !== 'object') {\n      throw new InvalidArgumentError('responseOptions must be an object')\n    }\n  }\n\n  /**\n   * Mock an undici request with a defined reply.\n   */\n  reply (replyData) {\n    // Values of reply aren't available right now as they\n    // can only be available when the reply callback is invoked.\n    if (typeof replyData === 'function') {\n      // We'll first wrap the provided callback in another function,\n      // this function will properly resolve the data from the callback\n      // when invoked.\n      const wrappedDefaultsCallback = (opts) => {\n        // Our reply options callback contains the parameter for statusCode, data and options.\n        const resolvedData = replyData(opts)\n\n        // Check if it is in the right format\n        if (typeof resolvedData !== 'object') {\n          throw new InvalidArgumentError('reply options callback must return an object')\n        }\n\n        const { statusCode, data = '', responseOptions = {} } = resolvedData\n        this.validateReplyParameters(statusCode, data, responseOptions)\n        // Since the values can be obtained immediately we return them\n        // from this higher order function that will be resolved later.\n        return {\n          ...this.createMockScopeDispatchData(statusCode, data, responseOptions)\n        }\n      }\n\n      // Add usual dispatch data, but this time set the data parameter to function that will eventually provide data.\n      const newMockDispatch = addMockDispatch(this[kDispatches], this[kDispatchKey], wrappedDefaultsCallback)\n      return new MockScope(newMockDispatch)\n    }\n\n    // We can have either one or three parameters, if we get here,\n    // we should have 1-3 parameters. So we spread the arguments of\n    // this function to obtain the parameters, since replyData will always\n    // just be the statusCode.\n    const [statusCode, data = '', responseOptions = {}] = [...arguments]\n    this.validateReplyParameters(statusCode, data, responseOptions)\n\n    // Send in-already provided data like usual\n    const dispatchData = this.createMockScopeDispatchData(statusCode, data, responseOptions)\n    const newMockDispatch = addMockDispatch(this[kDispatches], this[kDispatchKey], dispatchData)\n    return new MockScope(newMockDispatch)\n  }\n\n  /**\n   * Mock an undici request with a defined error.\n   */\n  replyWithError (error) {\n    if (typeof error === 'undefined') {\n      throw new InvalidArgumentError('error must be defined')\n    }\n\n    const newMockDispatch = addMockDispatch(this[kDispatches], this[kDispatchKey], { error })\n    return new MockScope(newMockDispatch)\n  }\n\n  /**\n   * Set default reply headers on the interceptor for subsequent replies\n   */\n  defaultReplyHeaders (headers) {\n    if (typeof headers === 'undefined') {\n      throw new InvalidArgumentError('headers must be defined')\n    }\n\n    this[kDefaultHeaders] = headers\n    return this\n  }\n\n  /**\n   * Set default reply trailers on the interceptor for subsequent replies\n   */\n  defaultReplyTrailers (trailers) {\n    if (typeof trailers === 'undefined') {\n      throw new InvalidArgumentError('trailers must be defined')\n    }\n\n    this[kDefaultTrailers] = trailers\n    return this\n  }\n\n  /**\n   * Set reply content length header for replies on the interceptor\n   */\n  replyContentLength () {\n    this[kContentLength] = true\n    return this\n  }\n}\n\nmodule.exports.MockInterceptor = MockInterceptor\nmodule.exports.MockScope = MockScope\n","'use strict'\n\nconst { promisify } = require('util')\nconst Pool = require('../pool')\nconst { buildMockDispatch } = require('./mock-utils')\nconst {\n  kDispatches,\n  kMockAgent,\n  kClose,\n  kOriginalClose,\n  kOrigin,\n  kOriginalDispatch,\n  kConnected\n} = require('./mock-symbols')\nconst { MockInterceptor } = require('./mock-interceptor')\nconst Symbols = require('../core/symbols')\nconst { InvalidArgumentError } = require('../core/errors')\n\n/**\n * MockPool provides an API that extends the Pool to influence the mockDispatches.\n */\nclass MockPool extends Pool {\n  constructor (origin, opts) {\n    super(origin, opts)\n\n    if (!opts || !opts.agent || typeof opts.agent.dispatch !== 'function') {\n      throw new InvalidArgumentError('Argument opts.agent must implement Agent')\n    }\n\n    this[kMockAgent] = opts.agent\n    this[kOrigin] = origin\n    this[kDispatches] = []\n    this[kConnected] = 1\n    this[kOriginalDispatch] = this.dispatch\n    this[kOriginalClose] = this.close.bind(this)\n\n    this.dispatch = buildMockDispatch.call(this)\n    this.close = this[kClose]\n  }\n\n  get [Symbols.kConnected] () {\n    return this[kConnected]\n  }\n\n  /**\n   * Sets up the base interceptor for mocking replies from undici.\n   */\n  intercept (opts) {\n    return new MockInterceptor(opts, this[kDispatches])\n  }\n\n  async [kClose] () {\n    await promisify(this[kOriginalClose])()\n    this[kConnected] = 0\n    this[kMockAgent][Symbols.kClients].delete(this[kOrigin])\n  }\n}\n\nmodule.exports = MockPool\n","'use strict'\n\nmodule.exports = {\n  kAgent: Symbol('agent'),\n  kOptions: Symbol('options'),\n  kFactory: Symbol('factory'),\n  kDispatches: Symbol('dispatches'),\n  kDispatchKey: Symbol('dispatch key'),\n  kDefaultHeaders: Symbol('default headers'),\n  kDefaultTrailers: Symbol('default trailers'),\n  kContentLength: Symbol('content length'),\n  kMockAgent: Symbol('mock agent'),\n  kMockAgentSet: Symbol('mock agent set'),\n  kMockAgentGet: Symbol('mock agent get'),\n  kMockDispatch: Symbol('mock dispatch'),\n  kClose: Symbol('close'),\n  kOriginalClose: Symbol('original agent close'),\n  kOrigin: Symbol('origin'),\n  kIsMockActive: Symbol('is mock active'),\n  kNetConnect: Symbol('net connect'),\n  kGetNetConnect: Symbol('get net connect'),\n  kConnected: Symbol('connected')\n}\n","'use strict'\n\nconst { MockNotMatchedError } = require('./mock-errors')\nconst {\n  kDispatches,\n  kMockAgent,\n  kOriginalDispatch,\n  kOrigin,\n  kGetNetConnect\n} = require('./mock-symbols')\nconst { buildURL, nop } = require('../core/util')\nconst { STATUS_CODES } = require('http')\nconst {\n  types: {\n    isPromise\n  }\n} = require('util')\n\nfunction matchValue (match, value) {\n  if (typeof match === 'string') {\n    return match === value\n  }\n  if (match instanceof RegExp) {\n    return match.test(value)\n  }\n  if (typeof match === 'function') {\n    return match(value) === true\n  }\n  return false\n}\n\nfunction lowerCaseEntries (headers) {\n  return Object.fromEntries(\n    Object.entries(headers).map(([headerName, headerValue]) => {\n      return [headerName.toLocaleLowerCase(), headerValue]\n    })\n  )\n}\n\n/**\n * @param {import('../../index').Headers|string[]|Record<string, string>} headers\n * @param {string} key\n */\nfunction getHeaderByName (headers, key) {\n  if (Array.isArray(headers)) {\n    for (let i = 0; i < headers.length; i += 2) {\n      if (headers[i].toLocaleLowerCase() === key.toLocaleLowerCase()) {\n        return headers[i + 1]\n      }\n    }\n\n    return undefined\n  } else if (typeof headers.get === 'function') {\n    return headers.get(key)\n  } else {\n    return lowerCaseEntries(headers)[key.toLocaleLowerCase()]\n  }\n}\n\n/** @param {string[]} headers */\nfunction buildHeadersFromArray (headers) { // fetch HeadersList\n  const clone = headers.slice()\n  const entries = []\n  for (let index = 0; index < clone.length; index += 2) {\n    entries.push([clone[index], clone[index + 1]])\n  }\n  return Object.fromEntries(entries)\n}\n\nfunction matchHeaders (mockDispatch, headers) {\n  if (typeof mockDispatch.headers === 'function') {\n    if (Array.isArray(headers)) { // fetch HeadersList\n      headers = buildHeadersFromArray(headers)\n    }\n    return mockDispatch.headers(headers ? lowerCaseEntries(headers) : {})\n  }\n  if (typeof mockDispatch.headers === 'undefined') {\n    return true\n  }\n  if (typeof headers !== 'object' || typeof mockDispatch.headers !== 'object') {\n    return false\n  }\n\n  for (const [matchHeaderName, matchHeaderValue] of Object.entries(mockDispatch.headers)) {\n    const headerValue = getHeaderByName(headers, matchHeaderName)\n\n    if (!matchValue(matchHeaderValue, headerValue)) {\n      return false\n    }\n  }\n  return true\n}\n\nfunction safeUrl (path) {\n  if (typeof path !== 'string') {\n    return path\n  }\n\n  const pathSegments = path.split('?')\n\n  if (pathSegments.length !== 2) {\n    return path\n  }\n\n  const qp = new URLSearchParams(pathSegments.pop())\n  qp.sort()\n  return [...pathSegments, qp.toString()].join('?')\n}\n\nfunction matchKey (mockDispatch, { path, method, body, headers }) {\n  const pathMatch = matchValue(mockDispatch.path, path)\n  const methodMatch = matchValue(mockDispatch.method, method)\n  const bodyMatch = typeof mockDispatch.body !== 'undefined' ? matchValue(mockDispatch.body, body) : true\n  const headersMatch = matchHeaders(mockDispatch, headers)\n  return pathMatch && methodMatch && bodyMatch && headersMatch\n}\n\nfunction getResponseData (data) {\n  if (Buffer.isBuffer(data)) {\n    return data\n  } else if (typeof data === 'object') {\n    return JSON.stringify(data)\n  } else {\n    return data.toString()\n  }\n}\n\nfunction getMockDispatch (mockDispatches, key) {\n  const basePath = key.query ? buildURL(key.path, key.query) : key.path\n  const resolvedPath = typeof basePath === 'string' ? safeUrl(basePath) : basePath\n\n  // Match path\n  let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path }) => matchValue(safeUrl(path), resolvedPath))\n  if (matchedMockDispatches.length === 0) {\n    throw new MockNotMatchedError(`Mock dispatch not matched for path '${resolvedPath}'`)\n  }\n\n  // Match method\n  matchedMockDispatches = matchedMockDispatches.filter(({ method }) => matchValue(method, key.method))\n  if (matchedMockDispatches.length === 0) {\n    throw new MockNotMatchedError(`Mock dispatch not matched for method '${key.method}'`)\n  }\n\n  // Match body\n  matchedMockDispatches = matchedMockDispatches.filter(({ body }) => typeof body !== 'undefined' ? matchValue(body, key.body) : true)\n  if (matchedMockDispatches.length === 0) {\n    throw new MockNotMatchedError(`Mock dispatch not matched for body '${key.body}'`)\n  }\n\n  // Match headers\n  matchedMockDispatches = matchedMockDispatches.filter((mockDispatch) => matchHeaders(mockDispatch, key.headers))\n  if (matchedMockDispatches.length === 0) {\n    throw new MockNotMatchedError(`Mock dispatch not matched for headers '${typeof key.headers === 'object' ? JSON.stringify(key.headers) : key.headers}'`)\n  }\n\n  return matchedMockDispatches[0]\n}\n\nfunction addMockDispatch (mockDispatches, key, data) {\n  const baseData = { timesInvoked: 0, times: 1, persist: false, consumed: false }\n  const replyData = typeof data === 'function' ? { callback: data } : { ...data }\n  const newMockDispatch = { ...baseData, ...key, pending: true, data: { error: null, ...replyData } }\n  mockDispatches.push(newMockDispatch)\n  return newMockDispatch\n}\n\nfunction deleteMockDispatch (mockDispatches, key) {\n  const index = mockDispatches.findIndex(dispatch => {\n    if (!dispatch.consumed) {\n      return false\n    }\n    return matchKey(dispatch, key)\n  })\n  if (index !== -1) {\n    mockDispatches.splice(index, 1)\n  }\n}\n\nfunction buildKey (opts) {\n  const { path, method, body, headers, query } = opts\n  return {\n    path,\n    method,\n    body,\n    headers,\n    query\n  }\n}\n\nfunction generateKeyValues (data) {\n  return Object.entries(data).reduce((keyValuePairs, [key, value]) => [\n    ...keyValuePairs,\n    Buffer.from(`${key}`),\n    Array.isArray(value) ? value.map(x => Buffer.from(`${x}`)) : Buffer.from(`${value}`)\n  ], [])\n}\n\n/**\n * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Status\n * @param {number} statusCode\n */\nfunction getStatusText (statusCode) {\n  return STATUS_CODES[statusCode] || 'unknown'\n}\n\nasync function getResponse (body) {\n  const buffers = []\n  for await (const data of body) {\n    buffers.push(data)\n  }\n  return Buffer.concat(buffers).toString('utf8')\n}\n\n/**\n * Mock dispatch function used to simulate undici dispatches\n */\nfunction mockDispatch (opts, handler) {\n  // Get mock dispatch from built key\n  const key = buildKey(opts)\n  const mockDispatch = getMockDispatch(this[kDispatches], key)\n\n  mockDispatch.timesInvoked++\n\n  // Here's where we resolve a callback if a callback is present for the dispatch data.\n  if (mockDispatch.data.callback) {\n    mockDispatch.data = { ...mockDispatch.data, ...mockDispatch.data.callback(opts) }\n  }\n\n  // Parse mockDispatch data\n  const { data: { statusCode, data, headers, trailers, error }, delay, persist } = mockDispatch\n  const { timesInvoked, times } = mockDispatch\n\n  // If it's used up and not persistent, mark as consumed\n  mockDispatch.consumed = !persist && timesInvoked >= times\n  mockDispatch.pending = timesInvoked < times\n\n  // If specified, trigger dispatch error\n  if (error !== null) {\n    deleteMockDispatch(this[kDispatches], key)\n    handler.onError(error)\n    return true\n  }\n\n  // Handle the request with a delay if necessary\n  if (typeof delay === 'number' && delay > 0) {\n    setTimeout(() => {\n      handleReply(this[kDispatches])\n    }, delay)\n  } else {\n    handleReply(this[kDispatches])\n  }\n\n  function handleReply (mockDispatches, _data = data) {\n    // fetch's HeadersList is a 1D string array\n    const optsHeaders = Array.isArray(opts.headers)\n      ? buildHeadersFromArray(opts.headers)\n      : opts.headers\n    const body = typeof _data === 'function'\n      ? _data({ ...opts, headers: optsHeaders })\n      : _data\n\n    // util.types.isPromise is likely needed for jest.\n    if (isPromise(body)) {\n      // If handleReply is asynchronous, throwing an error\n      // in the callback will reject the promise, rather than\n      // synchronously throw the error, which breaks some tests.\n      // Rather, we wait for the callback to resolve if it is a\n      // promise, and then re-run handleReply with the new body.\n      body.then((newData) => handleReply(mockDispatches, newData))\n      return\n    }\n\n    const responseData = getResponseData(body)\n    const responseHeaders = generateKeyValues(headers)\n    const responseTrailers = generateKeyValues(trailers)\n\n    handler.abort = nop\n    handler.onHeaders(statusCode, responseHeaders, resume, getStatusText(statusCode))\n    handler.onData(Buffer.from(responseData))\n    handler.onComplete(responseTrailers)\n    deleteMockDispatch(mockDispatches, key)\n  }\n\n  function resume () {}\n\n  return true\n}\n\nfunction buildMockDispatch () {\n  const agent = this[kMockAgent]\n  const origin = this[kOrigin]\n  const originalDispatch = this[kOriginalDispatch]\n\n  return function dispatch (opts, handler) {\n    if (agent.isMockActive) {\n      try {\n        mockDispatch.call(this, opts, handler)\n      } catch (error) {\n        if (error instanceof MockNotMatchedError) {\n          const netConnect = agent[kGetNetConnect]()\n          if (netConnect === false) {\n            throw new MockNotMatchedError(`${error.message}: subsequent request to origin ${origin} was not allowed (net.connect disabled)`)\n          }\n          if (checkNetConnect(netConnect, origin)) {\n            originalDispatch.call(this, opts, handler)\n          } else {\n            throw new MockNotMatchedError(`${error.message}: subsequent request to origin ${origin} was not allowed (net.connect is not enabled for this origin)`)\n          }\n        } else {\n          throw error\n        }\n      }\n    } else {\n      originalDispatch.call(this, opts, handler)\n    }\n  }\n}\n\nfunction checkNetConnect (netConnect, origin) {\n  const url = new URL(origin)\n  if (netConnect === true) {\n    return true\n  } else if (Array.isArray(netConnect) && netConnect.some((matcher) => matchValue(matcher, url.host))) {\n    return true\n  }\n  return false\n}\n\nfunction buildMockOptions (opts) {\n  if (opts) {\n    const { agent, ...mockOptions } = opts\n    return mockOptions\n  }\n}\n\nmodule.exports = {\n  getResponseData,\n  getMockDispatch,\n  addMockDispatch,\n  deleteMockDispatch,\n  buildKey,\n  generateKeyValues,\n  matchValue,\n  getResponse,\n  getStatusText,\n  mockDispatch,\n  buildMockDispatch,\n  checkNetConnect,\n  buildMockOptions,\n  getHeaderByName\n}\n","'use strict'\n\nconst { Transform } = require('stream')\nconst { Console } = require('console')\n\n/**\n * Gets the output of `console.table(…)` as a string.\n */\nmodule.exports = class PendingInterceptorsFormatter {\n  constructor ({ disableColors } = {}) {\n    this.transform = new Transform({\n      transform (chunk, _enc, cb) {\n        cb(null, chunk)\n      }\n    })\n\n    this.logger = new Console({\n      stdout: this.transform,\n      inspectOptions: {\n        colors: !disableColors && !process.env.CI\n      }\n    })\n  }\n\n  format (pendingInterceptors) {\n    const withPrettyHeaders = pendingInterceptors.map(\n      ({ method, path, data: { statusCode }, persist, times, timesInvoked, origin }) => ({\n        Method: method,\n        Origin: origin,\n        Path: path,\n        'Status code': statusCode,\n        Persistent: persist ? '✅' : '❌',\n        Invocations: timesInvoked,\n        Remaining: persist ? Infinity : times - timesInvoked\n      }))\n\n    this.logger.table(withPrettyHeaders)\n    return this.transform.read().toString()\n  }\n}\n","'use strict'\n\nconst singulars = {\n  pronoun: 'it',\n  is: 'is',\n  was: 'was',\n  this: 'this'\n}\n\nconst plurals = {\n  pronoun: 'they',\n  is: 'are',\n  was: 'were',\n  this: 'these'\n}\n\nmodule.exports = class Pluralizer {\n  constructor (singular, plural) {\n    this.singular = singular\n    this.plural = plural\n  }\n\n  pluralize (count) {\n    const one = count === 1\n    const keys = one ? singulars : plurals\n    const noun = one ? this.singular : this.plural\n    return { ...keys, count, noun }\n  }\n}\n","/* eslint-disable */\n\n'use strict'\n\n// Extracted from node/lib/internal/fixed_queue.js\n\n// Currently optimal queue size, tested on V8 6.0 - 6.6. Must be power of two.\nconst kSize = 2048;\nconst kMask = kSize - 1;\n\n// The FixedQueue is implemented as a singly-linked list of fixed-size\n// circular buffers. It looks something like this:\n//\n//  head                                                       tail\n//    |                                                          |\n//    v                                                          v\n// +-----------+ <-----\\       +-----------+ <------\\         +-----------+\n// |  [null]   |        \\----- |   next    |         \\------- |   next    |\n// +-----------+               +-----------+                  +-----------+\n// |   item    | <-- bottom    |   item    | <-- bottom       |  [empty]  |\n// |   item    |               |   item    |                  |  [empty]  |\n// |   item    |               |   item    |                  |  [empty]  |\n// |   item    |               |   item    |                  |  [empty]  |\n// |   item    |               |   item    |       bottom --> |   item    |\n// |   item    |               |   item    |                  |   item    |\n// |    ...    |               |    ...    |                  |    ...    |\n// |   item    |               |   item    |                  |   item    |\n// |   item    |               |   item    |                  |   item    |\n// |  [empty]  | <-- top       |   item    |                  |   item    |\n// |  [empty]  |               |   item    |                  |   item    |\n// |  [empty]  |               |  [empty]  | <-- top  top --> |  [empty]  |\n// +-----------+               +-----------+                  +-----------+\n//\n// Or, if there is only one circular buffer, it looks something\n// like either of these:\n//\n//  head   tail                                 head   tail\n//    |     |                                     |     |\n//    v     v                                     v     v\n// +-----------+                               +-----------+\n// |  [null]   |                               |  [null]   |\n// +-----------+                               +-----------+\n// |  [empty]  |                               |   item    |\n// |  [empty]  |                               |   item    |\n// |   item    | <-- bottom            top --> |  [empty]  |\n// |   item    |                               |  [empty]  |\n// |  [empty]  | <-- top            bottom --> |   item    |\n// |  [empty]  |                               |   item    |\n// +-----------+                               +-----------+\n//\n// Adding a value means moving `top` forward by one, removing means\n// moving `bottom` forward by one. After reaching the end, the queue\n// wraps around.\n//\n// When `top === bottom` the current queue is empty and when\n// `top + 1 === bottom` it's full. This wastes a single space of storage\n// but allows much quicker checks.\n\nclass FixedCircularBuffer {\n  constructor() {\n    this.bottom = 0;\n    this.top = 0;\n    this.list = new Array(kSize);\n    this.next = null;\n  }\n\n  isEmpty() {\n    return this.top === this.bottom;\n  }\n\n  isFull() {\n    return ((this.top + 1) & kMask) === this.bottom;\n  }\n\n  push(data) {\n    this.list[this.top] = data;\n    this.top = (this.top + 1) & kMask;\n  }\n\n  shift() {\n    const nextItem = this.list[this.bottom];\n    if (nextItem === undefined)\n      return null;\n    this.list[this.bottom] = undefined;\n    this.bottom = (this.bottom + 1) & kMask;\n    return nextItem;\n  }\n}\n\nmodule.exports = class FixedQueue {\n  constructor() {\n    this.head = this.tail = new FixedCircularBuffer();\n  }\n\n  isEmpty() {\n    return this.head.isEmpty();\n  }\n\n  push(data) {\n    if (this.head.isFull()) {\n      // Head is full: Creates a new queue, sets the old queue's `.next` to it,\n      // and sets it as the new main queue.\n      this.head = this.head.next = new FixedCircularBuffer();\n    }\n    this.head.push(data);\n  }\n\n  shift() {\n    const tail = this.tail;\n    const next = tail.shift();\n    if (tail.isEmpty() && tail.next !== null) {\n      // If there is another queue, it forms the new tail.\n      this.tail = tail.next;\n    }\n    return next;\n  }\n};\n","'use strict'\n\nconst DispatcherBase = require('./dispatcher-base')\nconst FixedQueue = require('./node/fixed-queue')\nconst { kConnected, kSize, kRunning, kPending, kQueued, kBusy, kFree, kUrl, kClose, kDestroy, kDispatch } = require('./core/symbols')\nconst PoolStats = require('./pool-stats')\n\nconst kClients = Symbol('clients')\nconst kNeedDrain = Symbol('needDrain')\nconst kQueue = Symbol('queue')\nconst kClosedResolve = Symbol('closed resolve')\nconst kOnDrain = Symbol('onDrain')\nconst kOnConnect = Symbol('onConnect')\nconst kOnDisconnect = Symbol('onDisconnect')\nconst kOnConnectionError = Symbol('onConnectionError')\nconst kGetDispatcher = Symbol('get dispatcher')\nconst kAddClient = Symbol('add client')\nconst kRemoveClient = Symbol('remove client')\nconst kStats = Symbol('stats')\n\nclass PoolBase extends DispatcherBase {\n  constructor () {\n    super()\n\n    this[kQueue] = new FixedQueue()\n    this[kClients] = []\n    this[kQueued] = 0\n\n    const pool = this\n\n    this[kOnDrain] = function onDrain (origin, targets) {\n      const queue = pool[kQueue]\n\n      let needDrain = false\n\n      while (!needDrain) {\n        const item = queue.shift()\n        if (!item) {\n          break\n        }\n        pool[kQueued]--\n        needDrain = !this.dispatch(item.opts, item.handler)\n      }\n\n      this[kNeedDrain] = needDrain\n\n      if (!this[kNeedDrain] && pool[kNeedDrain]) {\n        pool[kNeedDrain] = false\n        pool.emit('drain', origin, [pool, ...targets])\n      }\n\n      if (pool[kClosedResolve] && queue.isEmpty()) {\n        Promise\n          .all(pool[kClients].map(c => c.close()))\n          .then(pool[kClosedResolve])\n      }\n    }\n\n    this[kOnConnect] = (origin, targets) => {\n      pool.emit('connect', origin, [pool, ...targets])\n    }\n\n    this[kOnDisconnect] = (origin, targets, err) => {\n      pool.emit('disconnect', origin, [pool, ...targets], err)\n    }\n\n    this[kOnConnectionError] = (origin, targets, err) => {\n      pool.emit('connectionError', origin, [pool, ...targets], err)\n    }\n\n    this[kStats] = new PoolStats(this)\n  }\n\n  get [kBusy] () {\n    return this[kNeedDrain]\n  }\n\n  get [kConnected] () {\n    return this[kClients].filter(client => client[kConnected]).length\n  }\n\n  get [kFree] () {\n    return this[kClients].filter(client => client[kConnected] && !client[kNeedDrain]).length\n  }\n\n  get [kPending] () {\n    let ret = this[kQueued]\n    for (const { [kPending]: pending } of this[kClients]) {\n      ret += pending\n    }\n    return ret\n  }\n\n  get [kRunning] () {\n    let ret = 0\n    for (const { [kRunning]: running } of this[kClients]) {\n      ret += running\n    }\n    return ret\n  }\n\n  get [kSize] () {\n    let ret = this[kQueued]\n    for (const { [kSize]: size } of this[kClients]) {\n      ret += size\n    }\n    return ret\n  }\n\n  get stats () {\n    return this[kStats]\n  }\n\n  async [kClose] () {\n    if (this[kQueue].isEmpty()) {\n      return Promise.all(this[kClients].map(c => c.close()))\n    } else {\n      return new Promise((resolve) => {\n        this[kClosedResolve] = resolve\n      })\n    }\n  }\n\n  async [kDestroy] (err) {\n    while (true) {\n      const item = this[kQueue].shift()\n      if (!item) {\n        break\n      }\n      item.handler.onError(err)\n    }\n\n    return Promise.all(this[kClients].map(c => c.destroy(err)))\n  }\n\n  [kDispatch] (opts, handler) {\n    const dispatcher = this[kGetDispatcher]()\n\n    if (!dispatcher) {\n      this[kNeedDrain] = true\n      this[kQueue].push({ opts, handler })\n      this[kQueued]++\n    } else if (!dispatcher.dispatch(opts, handler)) {\n      dispatcher[kNeedDrain] = true\n      this[kNeedDrain] = !this[kGetDispatcher]()\n    }\n\n    return !this[kNeedDrain]\n  }\n\n  [kAddClient] (client) {\n    client\n      .on('drain', this[kOnDrain])\n      .on('connect', this[kOnConnect])\n      .on('disconnect', this[kOnDisconnect])\n      .on('connectionError', this[kOnConnectionError])\n\n    this[kClients].push(client)\n\n    if (this[kNeedDrain]) {\n      process.nextTick(() => {\n        if (this[kNeedDrain]) {\n          this[kOnDrain](client[kUrl], [this, client])\n        }\n      })\n    }\n\n    return this\n  }\n\n  [kRemoveClient] (client) {\n    client.close(() => {\n      const idx = this[kClients].indexOf(client)\n      if (idx !== -1) {\n        this[kClients].splice(idx, 1)\n      }\n    })\n\n    this[kNeedDrain] = this[kClients].some(dispatcher => (\n      !dispatcher[kNeedDrain] &&\n      dispatcher.closed !== true &&\n      dispatcher.destroyed !== true\n    ))\n  }\n}\n\nmodule.exports = {\n  PoolBase,\n  kClients,\n  kNeedDrain,\n  kAddClient,\n  kRemoveClient,\n  kGetDispatcher\n}\n","const { kFree, kConnected, kPending, kQueued, kRunning, kSize } = require('./core/symbols')\nconst kPool = Symbol('pool')\n\nclass PoolStats {\n  constructor (pool) {\n    this[kPool] = pool\n  }\n\n  get connected () {\n    return this[kPool][kConnected]\n  }\n\n  get free () {\n    return this[kPool][kFree]\n  }\n\n  get pending () {\n    return this[kPool][kPending]\n  }\n\n  get queued () {\n    return this[kPool][kQueued]\n  }\n\n  get running () {\n    return this[kPool][kRunning]\n  }\n\n  get size () {\n    return this[kPool][kSize]\n  }\n}\n\nmodule.exports = PoolStats\n","'use strict'\n\nconst {\n  PoolBase,\n  kClients,\n  kNeedDrain,\n  kAddClient,\n  kGetDispatcher\n} = require('./pool-base')\nconst Client = require('./client')\nconst {\n  InvalidArgumentError\n} = require('./core/errors')\nconst util = require('./core/util')\nconst { kUrl, kInterceptors } = require('./core/symbols')\nconst buildConnector = require('./core/connect')\n\nconst kOptions = Symbol('options')\nconst kConnections = Symbol('connections')\nconst kFactory = Symbol('factory')\n\nfunction defaultFactory (origin, opts) {\n  return new Client(origin, opts)\n}\n\nclass Pool extends PoolBase {\n  constructor (origin, {\n    connections,\n    factory = defaultFactory,\n    connect,\n    connectTimeout,\n    tls,\n    maxCachedSessions,\n    socketPath,\n    autoSelectFamily,\n    autoSelectFamilyAttemptTimeout,\n    allowH2,\n    ...options\n  } = {}) {\n    super()\n\n    if (connections != null && (!Number.isFinite(connections) || connections < 0)) {\n      throw new InvalidArgumentError('invalid connections')\n    }\n\n    if (typeof factory !== 'function') {\n      throw new InvalidArgumentError('factory must be a function.')\n    }\n\n    if (connect != null && typeof connect !== 'function' && typeof connect !== 'object') {\n      throw new InvalidArgumentError('connect must be a function or an object')\n    }\n\n    if (typeof connect !== 'function') {\n      connect = buildConnector({\n        ...tls,\n        maxCachedSessions,\n        allowH2,\n        socketPath,\n        timeout: connectTimeout,\n        ...(util.nodeHasAutoSelectFamily && autoSelectFamily ? { autoSelectFamily, autoSelectFamilyAttemptTimeout } : undefined),\n        ...connect\n      })\n    }\n\n    this[kInterceptors] = options.interceptors && options.interceptors.Pool && Array.isArray(options.interceptors.Pool)\n      ? options.interceptors.Pool\n      : []\n    this[kConnections] = connections || null\n    this[kUrl] = util.parseOrigin(origin)\n    this[kOptions] = { ...util.deepClone(options), connect, allowH2 }\n    this[kOptions].interceptors = options.interceptors\n      ? { ...options.interceptors }\n      : undefined\n    this[kFactory] = factory\n\n    this.on('connectionError', (origin, targets, error) => {\n      // If a connection error occurs, we remove the client from the pool,\n      // and emit a connectionError event. They will not be re-used.\n      // Fixes https://github.com/nodejs/undici/issues/3895\n      for (const target of targets) {\n        // Do not use kRemoveClient here, as it will close the client,\n        // but the client cannot be closed in this state.\n        const idx = this[kClients].indexOf(target)\n        if (idx !== -1) {\n          this[kClients].splice(idx, 1)\n        }\n      }\n    })\n  }\n\n  [kGetDispatcher] () {\n    let dispatcher = this[kClients].find(dispatcher => !dispatcher[kNeedDrain])\n\n    if (dispatcher) {\n      return dispatcher\n    }\n\n    if (!this[kConnections] || this[kClients].length < this[kConnections]) {\n      dispatcher = this[kFactory](this[kUrl], this[kOptions])\n      this[kAddClient](dispatcher)\n    }\n\n    return dispatcher\n  }\n}\n\nmodule.exports = Pool\n","'use strict'\n\nconst { kProxy, kClose, kDestroy, kInterceptors } = require('./core/symbols')\nconst { URL } = require('url')\nconst Agent = require('./agent')\nconst Pool = require('./pool')\nconst DispatcherBase = require('./dispatcher-base')\nconst { InvalidArgumentError, RequestAbortedError } = require('./core/errors')\nconst buildConnector = require('./core/connect')\n\nconst kAgent = Symbol('proxy agent')\nconst kClient = Symbol('proxy client')\nconst kProxyHeaders = Symbol('proxy headers')\nconst kRequestTls = Symbol('request tls settings')\nconst kProxyTls = Symbol('proxy tls settings')\nconst kConnectEndpoint = Symbol('connect endpoint function')\n\nfunction defaultProtocolPort (protocol) {\n  return protocol === 'https:' ? 443 : 80\n}\n\nfunction buildProxyOptions (opts) {\n  if (typeof opts === 'string') {\n    opts = { uri: opts }\n  }\n\n  if (!opts || !opts.uri) {\n    throw new InvalidArgumentError('Proxy opts.uri is mandatory')\n  }\n\n  return {\n    uri: opts.uri,\n    protocol: opts.protocol || 'https'\n  }\n}\n\nfunction defaultFactory (origin, opts) {\n  return new Pool(origin, opts)\n}\n\nclass ProxyAgent extends DispatcherBase {\n  constructor (opts) {\n    super(opts)\n    this[kProxy] = buildProxyOptions(opts)\n    this[kAgent] = new Agent(opts)\n    this[kInterceptors] = opts.interceptors && opts.interceptors.ProxyAgent && Array.isArray(opts.interceptors.ProxyAgent)\n      ? opts.interceptors.ProxyAgent\n      : []\n\n    if (typeof opts === 'string') {\n      opts = { uri: opts }\n    }\n\n    if (!opts || !opts.uri) {\n      throw new InvalidArgumentError('Proxy opts.uri is mandatory')\n    }\n\n    const { clientFactory = defaultFactory } = opts\n\n    if (typeof clientFactory !== 'function') {\n      throw new InvalidArgumentError('Proxy opts.clientFactory must be a function.')\n    }\n\n    this[kRequestTls] = opts.requestTls\n    this[kProxyTls] = opts.proxyTls\n    this[kProxyHeaders] = opts.headers || {}\n\n    const resolvedUrl = new URL(opts.uri)\n    const { origin, port, host, username, password } = resolvedUrl\n\n    if (opts.auth && opts.token) {\n      throw new InvalidArgumentError('opts.auth cannot be used in combination with opts.token')\n    } else if (opts.auth) {\n      /* @deprecated in favour of opts.token */\n      this[kProxyHeaders]['proxy-authorization'] = `Basic ${opts.auth}`\n    } else if (opts.token) {\n      this[kProxyHeaders]['proxy-authorization'] = opts.token\n    } else if (username && password) {\n      this[kProxyHeaders]['proxy-authorization'] = `Basic ${Buffer.from(`${decodeURIComponent(username)}:${decodeURIComponent(password)}`).toString('base64')}`\n    }\n\n    const connect = buildConnector({ ...opts.proxyTls })\n    this[kConnectEndpoint] = buildConnector({ ...opts.requestTls })\n    this[kClient] = clientFactory(resolvedUrl, { connect })\n    this[kAgent] = new Agent({\n      ...opts,\n      connect: async (opts, callback) => {\n        let requestedHost = opts.host\n        if (!opts.port) {\n          requestedHost += `:${defaultProtocolPort(opts.protocol)}`\n        }\n        try {\n          const { socket, statusCode } = await this[kClient].connect({\n            origin,\n            port,\n            path: requestedHost,\n            signal: opts.signal,\n            headers: {\n              ...this[kProxyHeaders],\n              host\n            }\n          })\n          if (statusCode !== 200) {\n            socket.on('error', () => {}).destroy()\n            callback(new RequestAbortedError(`Proxy response (${statusCode}) !== 200 when HTTP Tunneling`))\n          }\n          if (opts.protocol !== 'https:') {\n            callback(null, socket)\n            return\n          }\n          let servername\n          if (this[kRequestTls]) {\n            servername = this[kRequestTls].servername\n          } else {\n            servername = opts.servername\n          }\n          this[kConnectEndpoint]({ ...opts, servername, httpSocket: socket }, callback)\n        } catch (err) {\n          callback(err)\n        }\n      }\n    })\n  }\n\n  dispatch (opts, handler) {\n    const { host } = new URL(opts.origin)\n    const headers = buildHeaders(opts.headers)\n    throwIfProxyAuthIsSent(headers)\n    return this[kAgent].dispatch(\n      {\n        ...opts,\n        headers: {\n          ...headers,\n          host\n        }\n      },\n      handler\n    )\n  }\n\n  async [kClose] () {\n    await this[kAgent].close()\n    await this[kClient].close()\n  }\n\n  async [kDestroy] () {\n    await this[kAgent].destroy()\n    await this[kClient].destroy()\n  }\n}\n\n/**\n * @param {string[] | Record<string, string>} headers\n * @returns {Record<string, string>}\n */\nfunction buildHeaders (headers) {\n  // When using undici.fetch, the headers list is stored\n  // as an array.\n  if (Array.isArray(headers)) {\n    /** @type {Record<string, string>} */\n    const headersPair = {}\n\n    for (let i = 0; i < headers.length; i += 2) {\n      headersPair[headers[i]] = headers[i + 1]\n    }\n\n    return headersPair\n  }\n\n  return headers\n}\n\n/**\n * @param {Record<string, string>} headers\n *\n * Previous versions of ProxyAgent suggests the Proxy-Authorization in request headers\n * Nevertheless, it was changed and to avoid a security vulnerability by end users\n * this check was created.\n * It should be removed in the next major version for performance reasons\n */\nfunction throwIfProxyAuthIsSent (headers) {\n  const existProxyAuth = headers && Object.keys(headers)\n    .find((key) => key.toLowerCase() === 'proxy-authorization')\n  if (existProxyAuth) {\n    throw new InvalidArgumentError('Proxy-Authorization should be sent in ProxyAgent constructor')\n  }\n}\n\nmodule.exports = ProxyAgent\n","'use strict'\n\nlet fastNow = Date.now()\nlet fastNowTimeout\n\nconst fastTimers = []\n\nfunction onTimeout () {\n  fastNow = Date.now()\n\n  let len = fastTimers.length\n  let idx = 0\n  while (idx < len) {\n    const timer = fastTimers[idx]\n\n    if (timer.state === 0) {\n      timer.state = fastNow + timer.delay\n    } else if (timer.state > 0 && fastNow >= timer.state) {\n      timer.state = -1\n      timer.callback(timer.opaque)\n    }\n\n    if (timer.state === -1) {\n      timer.state = -2\n      if (idx !== len - 1) {\n        fastTimers[idx] = fastTimers.pop()\n      } else {\n        fastTimers.pop()\n      }\n      len -= 1\n    } else {\n      idx += 1\n    }\n  }\n\n  if (fastTimers.length > 0) {\n    refreshTimeout()\n  }\n}\n\nfunction refreshTimeout () {\n  if (fastNowTimeout && fastNowTimeout.refresh) {\n    fastNowTimeout.refresh()\n  } else {\n    clearTimeout(fastNowTimeout)\n    fastNowTimeout = setTimeout(onTimeout, 1e3)\n    if (fastNowTimeout.unref) {\n      fastNowTimeout.unref()\n    }\n  }\n}\n\nclass Timeout {\n  constructor (callback, delay, opaque) {\n    this.callback = callback\n    this.delay = delay\n    this.opaque = opaque\n\n    //  -2 not in timer list\n    //  -1 in timer list but inactive\n    //   0 in timer list waiting for time\n    // > 0 in timer list waiting for time to expire\n    this.state = -2\n\n    this.refresh()\n  }\n\n  refresh () {\n    if (this.state === -2) {\n      fastTimers.push(this)\n      if (!fastNowTimeout || fastTimers.length === 1) {\n        refreshTimeout()\n      }\n    }\n\n    this.state = 0\n  }\n\n  clear () {\n    this.state = -1\n  }\n}\n\nmodule.exports = {\n  setTimeout (callback, delay, opaque) {\n    return delay < 1e3\n      ? setTimeout(callback, delay, opaque)\n      : new Timeout(callback, delay, opaque)\n  },\n  clearTimeout (timeout) {\n    if (timeout instanceof Timeout) {\n      timeout.clear()\n    } else {\n      clearTimeout(timeout)\n    }\n  }\n}\n","'use strict'\n\nconst diagnosticsChannel = require('diagnostics_channel')\nconst { uid, states } = require('./constants')\nconst {\n  kReadyState,\n  kSentClose,\n  kByteParser,\n  kReceivedClose\n} = require('./symbols')\nconst { fireEvent, failWebsocketConnection } = require('./util')\nconst { CloseEvent } = require('./events')\nconst { makeRequest } = require('../fetch/request')\nconst { fetching } = require('../fetch/index')\nconst { Headers } = require('../fetch/headers')\nconst { getGlobalDispatcher } = require('../global')\nconst { kHeadersList } = require('../core/symbols')\n\nconst channels = {}\nchannels.open = diagnosticsChannel.channel('undici:websocket:open')\nchannels.close = diagnosticsChannel.channel('undici:websocket:close')\nchannels.socketError = diagnosticsChannel.channel('undici:websocket:socket_error')\n\n/** @type {import('crypto')} */\nlet crypto\ntry {\n  crypto = require('crypto')\n} catch {\n\n}\n\n/**\n * @see https://websockets.spec.whatwg.org/#concept-websocket-establish\n * @param {URL} url\n * @param {string|string[]} protocols\n * @param {import('./websocket').WebSocket} ws\n * @param {(response: any) => void} onEstablish\n * @param {Partial<import('../../types/websocket').WebSocketInit>} options\n */\nfunction establishWebSocketConnection (url, protocols, ws, onEstablish, options) {\n  // 1. Let requestURL be a copy of url, with its scheme set to \"http\", if url’s\n  //    scheme is \"ws\", and to \"https\" otherwise.\n  const requestURL = url\n\n  requestURL.protocol = url.protocol === 'ws:' ? 'http:' : 'https:'\n\n  // 2. Let request be a new request, whose URL is requestURL, client is client,\n  //    service-workers mode is \"none\", referrer is \"no-referrer\", mode is\n  //    \"websocket\", credentials mode is \"include\", cache mode is \"no-store\" ,\n  //    and redirect mode is \"error\".\n  const request = makeRequest({\n    urlList: [requestURL],\n    serviceWorkers: 'none',\n    referrer: 'no-referrer',\n    mode: 'websocket',\n    credentials: 'include',\n    cache: 'no-store',\n    redirect: 'error'\n  })\n\n  // Note: undici extension, allow setting custom headers.\n  if (options.headers) {\n    const headersList = new Headers(options.headers)[kHeadersList]\n\n    request.headersList = headersList\n  }\n\n  // 3. Append (`Upgrade`, `websocket`) to request’s header list.\n  // 4. Append (`Connection`, `Upgrade`) to request’s header list.\n  // Note: both of these are handled by undici currently.\n  // https://github.com/nodejs/undici/blob/68c269c4144c446f3f1220951338daef4a6b5ec4/lib/client.js#L1397\n\n  // 5. Let keyValue be a nonce consisting of a randomly selected\n  //    16-byte value that has been forgiving-base64-encoded and\n  //    isomorphic encoded.\n  const keyValue = crypto.randomBytes(16).toString('base64')\n\n  // 6. Append (`Sec-WebSocket-Key`, keyValue) to request’s\n  //    header list.\n  request.headersList.append('sec-websocket-key', keyValue)\n\n  // 7. Append (`Sec-WebSocket-Version`, `13`) to request’s\n  //    header list.\n  request.headersList.append('sec-websocket-version', '13')\n\n  // 8. For each protocol in protocols, combine\n  //    (`Sec-WebSocket-Protocol`, protocol) in request’s header\n  //    list.\n  for (const protocol of protocols) {\n    request.headersList.append('sec-websocket-protocol', protocol)\n  }\n\n  // 9. Let permessageDeflate be a user-agent defined\n  //    \"permessage-deflate\" extension header value.\n  // https://github.com/mozilla/gecko-dev/blob/ce78234f5e653a5d3916813ff990f053510227bc/netwerk/protocol/websocket/WebSocketChannel.cpp#L2673\n  // TODO: enable once permessage-deflate is supported\n  const permessageDeflate = '' // 'permessage-deflate; 15'\n\n  // 10. Append (`Sec-WebSocket-Extensions`, permessageDeflate) to\n  //     request’s header list.\n  // request.headersList.append('sec-websocket-extensions', permessageDeflate)\n\n  // 11. Fetch request with useParallelQueue set to true, and\n  //     processResponse given response being these steps:\n  const controller = fetching({\n    request,\n    useParallelQueue: true,\n    dispatcher: options.dispatcher ?? getGlobalDispatcher(),\n    processResponse (response) {\n      // 1. If response is a network error or its status is not 101,\n      //    fail the WebSocket connection.\n      if (response.type === 'error' || response.status !== 101) {\n        failWebsocketConnection(ws, 'Received network error or non-101 status code.')\n        return\n      }\n\n      // 2. If protocols is not the empty list and extracting header\n      //    list values given `Sec-WebSocket-Protocol` and response’s\n      //    header list results in null, failure, or the empty byte\n      //    sequence, then fail the WebSocket connection.\n      if (protocols.length !== 0 && !response.headersList.get('Sec-WebSocket-Protocol')) {\n        failWebsocketConnection(ws, 'Server did not respond with sent protocols.')\n        return\n      }\n\n      // 3. Follow the requirements stated step 2 to step 6, inclusive,\n      //    of the last set of steps in section 4.1 of The WebSocket\n      //    Protocol to validate response. This either results in fail\n      //    the WebSocket connection or the WebSocket connection is\n      //    established.\n\n      // 2. If the response lacks an |Upgrade| header field or the |Upgrade|\n      //    header field contains a value that is not an ASCII case-\n      //    insensitive match for the value \"websocket\", the client MUST\n      //    _Fail the WebSocket Connection_.\n      if (response.headersList.get('Upgrade')?.toLowerCase() !== 'websocket') {\n        failWebsocketConnection(ws, 'Server did not set Upgrade header to \"websocket\".')\n        return\n      }\n\n      // 3. If the response lacks a |Connection| header field or the\n      //    |Connection| header field doesn't contain a token that is an\n      //    ASCII case-insensitive match for the value \"Upgrade\", the client\n      //    MUST _Fail the WebSocket Connection_.\n      if (response.headersList.get('Connection')?.toLowerCase() !== 'upgrade') {\n        failWebsocketConnection(ws, 'Server did not set Connection header to \"upgrade\".')\n        return\n      }\n\n      // 4. If the response lacks a |Sec-WebSocket-Accept| header field or\n      //    the |Sec-WebSocket-Accept| contains a value other than the\n      //    base64-encoded SHA-1 of the concatenation of the |Sec-WebSocket-\n      //    Key| (as a string, not base64-decoded) with the string \"258EAFA5-\n      //    E914-47DA-95CA-C5AB0DC85B11\" but ignoring any leading and\n      //    trailing whitespace, the client MUST _Fail the WebSocket\n      //    Connection_.\n      const secWSAccept = response.headersList.get('Sec-WebSocket-Accept')\n      const digest = crypto.createHash('sha1').update(keyValue + uid).digest('base64')\n      if (secWSAccept !== digest) {\n        failWebsocketConnection(ws, 'Incorrect hash received in Sec-WebSocket-Accept header.')\n        return\n      }\n\n      // 5. If the response includes a |Sec-WebSocket-Extensions| header\n      //    field and this header field indicates the use of an extension\n      //    that was not present in the client's handshake (the server has\n      //    indicated an extension not requested by the client), the client\n      //    MUST _Fail the WebSocket Connection_.  (The parsing of this\n      //    header field to determine which extensions are requested is\n      //    discussed in Section 9.1.)\n      const secExtension = response.headersList.get('Sec-WebSocket-Extensions')\n\n      if (secExtension !== null && secExtension !== permessageDeflate) {\n        failWebsocketConnection(ws, 'Received different permessage-deflate than the one set.')\n        return\n      }\n\n      // 6. If the response includes a |Sec-WebSocket-Protocol| header field\n      //    and this header field indicates the use of a subprotocol that was\n      //    not present in the client's handshake (the server has indicated a\n      //    subprotocol not requested by the client), the client MUST _Fail\n      //    the WebSocket Connection_.\n      const secProtocol = response.headersList.get('Sec-WebSocket-Protocol')\n\n      if (secProtocol !== null && secProtocol !== request.headersList.get('Sec-WebSocket-Protocol')) {\n        failWebsocketConnection(ws, 'Protocol was not set in the opening handshake.')\n        return\n      }\n\n      response.socket.on('data', onSocketData)\n      response.socket.on('close', onSocketClose)\n      response.socket.on('error', onSocketError)\n\n      if (channels.open.hasSubscribers) {\n        channels.open.publish({\n          address: response.socket.address(),\n          protocol: secProtocol,\n          extensions: secExtension\n        })\n      }\n\n      onEstablish(response)\n    }\n  })\n\n  return controller\n}\n\n/**\n * @param {Buffer} chunk\n */\nfunction onSocketData (chunk) {\n  if (!this.ws[kByteParser].write(chunk)) {\n    this.pause()\n  }\n}\n\n/**\n * @see https://websockets.spec.whatwg.org/#feedback-from-the-protocol\n * @see https://datatracker.ietf.org/doc/html/rfc6455#section-7.1.4\n */\nfunction onSocketClose () {\n  const { ws } = this\n\n  // If the TCP connection was closed after the\n  // WebSocket closing handshake was completed, the WebSocket connection\n  // is said to have been closed _cleanly_.\n  const wasClean = ws[kSentClose] && ws[kReceivedClose]\n\n  let code = 1005\n  let reason = ''\n\n  const result = ws[kByteParser].closingInfo\n\n  if (result) {\n    code = result.code ?? 1005\n    reason = result.reason\n  } else if (!ws[kSentClose]) {\n    // If _The WebSocket\n    // Connection is Closed_ and no Close control frame was received by the\n    // endpoint (such as could occur if the underlying transport connection\n    // is lost), _The WebSocket Connection Close Code_ is considered to be\n    // 1006.\n    code = 1006\n  }\n\n  // 1. Change the ready state to CLOSED (3).\n  ws[kReadyState] = states.CLOSED\n\n  // 2. If the user agent was required to fail the WebSocket\n  //    connection, or if the WebSocket connection was closed\n  //    after being flagged as full, fire an event named error\n  //    at the WebSocket object.\n  // TODO\n\n  // 3. Fire an event named close at the WebSocket object,\n  //    using CloseEvent, with the wasClean attribute\n  //    initialized to true if the connection closed cleanly\n  //    and false otherwise, the code attribute initialized to\n  //    the WebSocket connection close code, and the reason\n  //    attribute initialized to the result of applying UTF-8\n  //    decode without BOM to the WebSocket connection close\n  //    reason.\n  fireEvent('close', ws, CloseEvent, {\n    wasClean, code, reason\n  })\n\n  if (channels.close.hasSubscribers) {\n    channels.close.publish({\n      websocket: ws,\n      code,\n      reason\n    })\n  }\n}\n\nfunction onSocketError (error) {\n  const { ws } = this\n\n  ws[kReadyState] = states.CLOSING\n\n  if (channels.socketError.hasSubscribers) {\n    channels.socketError.publish(error)\n  }\n\n  this.destroy()\n}\n\nmodule.exports = {\n  establishWebSocketConnection\n}\n","'use strict'\n\n// This is a Globally Unique Identifier unique used\n// to validate that the endpoint accepts websocket\n// connections.\n// See https://www.rfc-editor.org/rfc/rfc6455.html#section-1.3\nconst uid = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11'\n\n/** @type {PropertyDescriptor} */\nconst staticPropertyDescriptors = {\n  enumerable: true,\n  writable: false,\n  configurable: false\n}\n\nconst states = {\n  CONNECTING: 0,\n  OPEN: 1,\n  CLOSING: 2,\n  CLOSED: 3\n}\n\nconst opcodes = {\n  CONTINUATION: 0x0,\n  TEXT: 0x1,\n  BINARY: 0x2,\n  CLOSE: 0x8,\n  PING: 0x9,\n  PONG: 0xA\n}\n\nconst maxUnsigned16Bit = 2 ** 16 - 1 // 65535\n\nconst parserStates = {\n  INFO: 0,\n  PAYLOADLENGTH_16: 2,\n  PAYLOADLENGTH_64: 3,\n  READ_DATA: 4\n}\n\nconst emptyBuffer = Buffer.allocUnsafe(0)\n\nmodule.exports = {\n  uid,\n  staticPropertyDescriptors,\n  states,\n  opcodes,\n  maxUnsigned16Bit,\n  parserStates,\n  emptyBuffer\n}\n","'use strict'\n\nconst { webidl } = require('../fetch/webidl')\nconst { kEnumerableProperty } = require('../core/util')\nconst { MessagePort } = require('worker_threads')\n\n/**\n * @see https://html.spec.whatwg.org/multipage/comms.html#messageevent\n */\nclass MessageEvent extends Event {\n  #eventInit\n\n  constructor (type, eventInitDict = {}) {\n    webidl.argumentLengthCheck(arguments, 1, { header: 'MessageEvent constructor' })\n\n    type = webidl.converters.DOMString(type)\n    eventInitDict = webidl.converters.MessageEventInit(eventInitDict)\n\n    super(type, eventInitDict)\n\n    this.#eventInit = eventInitDict\n  }\n\n  get data () {\n    webidl.brandCheck(this, MessageEvent)\n\n    return this.#eventInit.data\n  }\n\n  get origin () {\n    webidl.brandCheck(this, MessageEvent)\n\n    return this.#eventInit.origin\n  }\n\n  get lastEventId () {\n    webidl.brandCheck(this, MessageEvent)\n\n    return this.#eventInit.lastEventId\n  }\n\n  get source () {\n    webidl.brandCheck(this, MessageEvent)\n\n    return this.#eventInit.source\n  }\n\n  get ports () {\n    webidl.brandCheck(this, MessageEvent)\n\n    if (!Object.isFrozen(this.#eventInit.ports)) {\n      Object.freeze(this.#eventInit.ports)\n    }\n\n    return this.#eventInit.ports\n  }\n\n  initMessageEvent (\n    type,\n    bubbles = false,\n    cancelable = false,\n    data = null,\n    origin = '',\n    lastEventId = '',\n    source = null,\n    ports = []\n  ) {\n    webidl.brandCheck(this, MessageEvent)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'MessageEvent.initMessageEvent' })\n\n    return new MessageEvent(type, {\n      bubbles, cancelable, data, origin, lastEventId, source, ports\n    })\n  }\n}\n\n/**\n * @see https://websockets.spec.whatwg.org/#the-closeevent-interface\n */\nclass CloseEvent extends Event {\n  #eventInit\n\n  constructor (type, eventInitDict = {}) {\n    webidl.argumentLengthCheck(arguments, 1, { header: 'CloseEvent constructor' })\n\n    type = webidl.converters.DOMString(type)\n    eventInitDict = webidl.converters.CloseEventInit(eventInitDict)\n\n    super(type, eventInitDict)\n\n    this.#eventInit = eventInitDict\n  }\n\n  get wasClean () {\n    webidl.brandCheck(this, CloseEvent)\n\n    return this.#eventInit.wasClean\n  }\n\n  get code () {\n    webidl.brandCheck(this, CloseEvent)\n\n    return this.#eventInit.code\n  }\n\n  get reason () {\n    webidl.brandCheck(this, CloseEvent)\n\n    return this.#eventInit.reason\n  }\n}\n\n// https://html.spec.whatwg.org/multipage/webappapis.html#the-errorevent-interface\nclass ErrorEvent extends Event {\n  #eventInit\n\n  constructor (type, eventInitDict) {\n    webidl.argumentLengthCheck(arguments, 1, { header: 'ErrorEvent constructor' })\n\n    super(type, eventInitDict)\n\n    type = webidl.converters.DOMString(type)\n    eventInitDict = webidl.converters.ErrorEventInit(eventInitDict ?? {})\n\n    this.#eventInit = eventInitDict\n  }\n\n  get message () {\n    webidl.brandCheck(this, ErrorEvent)\n\n    return this.#eventInit.message\n  }\n\n  get filename () {\n    webidl.brandCheck(this, ErrorEvent)\n\n    return this.#eventInit.filename\n  }\n\n  get lineno () {\n    webidl.brandCheck(this, ErrorEvent)\n\n    return this.#eventInit.lineno\n  }\n\n  get colno () {\n    webidl.brandCheck(this, ErrorEvent)\n\n    return this.#eventInit.colno\n  }\n\n  get error () {\n    webidl.brandCheck(this, ErrorEvent)\n\n    return this.#eventInit.error\n  }\n}\n\nObject.defineProperties(MessageEvent.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'MessageEvent',\n    configurable: true\n  },\n  data: kEnumerableProperty,\n  origin: kEnumerableProperty,\n  lastEventId: kEnumerableProperty,\n  source: kEnumerableProperty,\n  ports: kEnumerableProperty,\n  initMessageEvent: kEnumerableProperty\n})\n\nObject.defineProperties(CloseEvent.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'CloseEvent',\n    configurable: true\n  },\n  reason: kEnumerableProperty,\n  code: kEnumerableProperty,\n  wasClean: kEnumerableProperty\n})\n\nObject.defineProperties(ErrorEvent.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'ErrorEvent',\n    configurable: true\n  },\n  message: kEnumerableProperty,\n  filename: kEnumerableProperty,\n  lineno: kEnumerableProperty,\n  colno: kEnumerableProperty,\n  error: kEnumerableProperty\n})\n\nwebidl.converters.MessagePort = webidl.interfaceConverter(MessagePort)\n\nwebidl.converters['sequence<MessagePort>'] = webidl.sequenceConverter(\n  webidl.converters.MessagePort\n)\n\nconst eventInit = [\n  {\n    key: 'bubbles',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'cancelable',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'composed',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  }\n]\n\nwebidl.converters.MessageEventInit = webidl.dictionaryConverter([\n  ...eventInit,\n  {\n    key: 'data',\n    converter: webidl.converters.any,\n    defaultValue: null\n  },\n  {\n    key: 'origin',\n    converter: webidl.converters.USVString,\n    defaultValue: ''\n  },\n  {\n    key: 'lastEventId',\n    converter: webidl.converters.DOMString,\n    defaultValue: ''\n  },\n  {\n    key: 'source',\n    // Node doesn't implement WindowProxy or ServiceWorker, so the only\n    // valid value for source is a MessagePort.\n    converter: webidl.nullableConverter(webidl.converters.MessagePort),\n    defaultValue: null\n  },\n  {\n    key: 'ports',\n    converter: webidl.converters['sequence<MessagePort>'],\n    get defaultValue () {\n      return []\n    }\n  }\n])\n\nwebidl.converters.CloseEventInit = webidl.dictionaryConverter([\n  ...eventInit,\n  {\n    key: 'wasClean',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'code',\n    converter: webidl.converters['unsigned short'],\n    defaultValue: 0\n  },\n  {\n    key: 'reason',\n    converter: webidl.converters.USVString,\n    defaultValue: ''\n  }\n])\n\nwebidl.converters.ErrorEventInit = webidl.dictionaryConverter([\n  ...eventInit,\n  {\n    key: 'message',\n    converter: webidl.converters.DOMString,\n    defaultValue: ''\n  },\n  {\n    key: 'filename',\n    converter: webidl.converters.USVString,\n    defaultValue: ''\n  },\n  {\n    key: 'lineno',\n    converter: webidl.converters['unsigned long'],\n    defaultValue: 0\n  },\n  {\n    key: 'colno',\n    converter: webidl.converters['unsigned long'],\n    defaultValue: 0\n  },\n  {\n    key: 'error',\n    converter: webidl.converters.any\n  }\n])\n\nmodule.exports = {\n  MessageEvent,\n  CloseEvent,\n  ErrorEvent\n}\n","'use strict'\n\nconst { maxUnsigned16Bit } = require('./constants')\n\n/** @type {import('crypto')} */\nlet crypto\ntry {\n  crypto = require('crypto')\n} catch {\n\n}\n\nclass WebsocketFrameSend {\n  /**\n   * @param {Buffer|undefined} data\n   */\n  constructor (data) {\n    this.frameData = data\n    this.maskKey = crypto.randomBytes(4)\n  }\n\n  createFrame (opcode) {\n    const bodyLength = this.frameData?.byteLength ?? 0\n\n    /** @type {number} */\n    let payloadLength = bodyLength // 0-125\n    let offset = 6\n\n    if (bodyLength > maxUnsigned16Bit) {\n      offset += 8 // payload length is next 8 bytes\n      payloadLength = 127\n    } else if (bodyLength > 125) {\n      offset += 2 // payload length is next 2 bytes\n      payloadLength = 126\n    }\n\n    const buffer = Buffer.allocUnsafe(bodyLength + offset)\n\n    // Clear first 2 bytes, everything else is overwritten\n    buffer[0] = buffer[1] = 0\n    buffer[0] |= 0x80 // FIN\n    buffer[0] = (buffer[0] & 0xF0) + opcode // opcode\n\n    /*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> */\n    buffer[offset - 4] = this.maskKey[0]\n    buffer[offset - 3] = this.maskKey[1]\n    buffer[offset - 2] = this.maskKey[2]\n    buffer[offset - 1] = this.maskKey[3]\n\n    buffer[1] = payloadLength\n\n    if (payloadLength === 126) {\n      buffer.writeUInt16BE(bodyLength, 2)\n    } else if (payloadLength === 127) {\n      // Clear extended payload length\n      buffer[2] = buffer[3] = 0\n      buffer.writeUIntBE(bodyLength, 4, 6)\n    }\n\n    buffer[1] |= 0x80 // MASK\n\n    // mask body\n    for (let i = 0; i < bodyLength; i++) {\n      buffer[offset + i] = this.frameData[i] ^ this.maskKey[i % 4]\n    }\n\n    return buffer\n  }\n}\n\nmodule.exports = {\n  WebsocketFrameSend\n}\n","'use strict'\n\nconst { Writable } = require('stream')\nconst diagnosticsChannel = require('diagnostics_channel')\nconst { parserStates, opcodes, states, emptyBuffer } = require('./constants')\nconst { kReadyState, kSentClose, kResponse, kReceivedClose } = require('./symbols')\nconst { isValidStatusCode, failWebsocketConnection, websocketMessageReceived } = require('./util')\nconst { WebsocketFrameSend } = require('./frame')\n\n// This code was influenced by ws released under the MIT license.\n// Copyright (c) 2011 Einar Otto Stangvik <einaros@gmail.com>\n// Copyright (c) 2013 Arnout Kazemier and contributors\n// Copyright (c) 2016 Luigi Pinca and contributors\n\nconst channels = {}\nchannels.ping = diagnosticsChannel.channel('undici:websocket:ping')\nchannels.pong = diagnosticsChannel.channel('undici:websocket:pong')\n\nclass ByteParser extends Writable {\n  #buffers = []\n  #byteOffset = 0\n\n  #state = parserStates.INFO\n\n  #info = {}\n  #fragments = []\n\n  constructor (ws) {\n    super()\n\n    this.ws = ws\n  }\n\n  /**\n   * @param {Buffer} chunk\n   * @param {() => void} callback\n   */\n  _write (chunk, _, callback) {\n    this.#buffers.push(chunk)\n    this.#byteOffset += chunk.length\n\n    this.run(callback)\n  }\n\n  /**\n   * Runs whenever a new chunk is received.\n   * Callback is called whenever there are no more chunks buffering,\n   * or not enough bytes are buffered to parse.\n   */\n  run (callback) {\n    while (true) {\n      if (this.#state === parserStates.INFO) {\n        // If there aren't enough bytes to parse the payload length, etc.\n        if (this.#byteOffset < 2) {\n          return callback()\n        }\n\n        const buffer = this.consume(2)\n\n        this.#info.fin = (buffer[0] & 0x80) !== 0\n        this.#info.opcode = buffer[0] & 0x0F\n\n        // If we receive a fragmented message, we use the type of the first\n        // frame to parse the full message as binary/text, when it's terminated\n        this.#info.originalOpcode ??= this.#info.opcode\n\n        this.#info.fragmented = !this.#info.fin && this.#info.opcode !== opcodes.CONTINUATION\n\n        if (this.#info.fragmented && this.#info.opcode !== opcodes.BINARY && this.#info.opcode !== opcodes.TEXT) {\n          // Only text and binary frames can be fragmented\n          failWebsocketConnection(this.ws, 'Invalid frame type was fragmented.')\n          return\n        }\n\n        const payloadLength = buffer[1] & 0x7F\n\n        if (payloadLength <= 125) {\n          this.#info.payloadLength = payloadLength\n          this.#state = parserStates.READ_DATA\n        } else if (payloadLength === 126) {\n          this.#state = parserStates.PAYLOADLENGTH_16\n        } else if (payloadLength === 127) {\n          this.#state = parserStates.PAYLOADLENGTH_64\n        }\n\n        if (this.#info.fragmented && payloadLength > 125) {\n          // A fragmented frame can't be fragmented itself\n          failWebsocketConnection(this.ws, 'Fragmented frame exceeded 125 bytes.')\n          return\n        } else if (\n          (this.#info.opcode === opcodes.PING ||\n            this.#info.opcode === opcodes.PONG ||\n            this.#info.opcode === opcodes.CLOSE) &&\n          payloadLength > 125\n        ) {\n          // Control frames can have a payload length of 125 bytes MAX\n          failWebsocketConnection(this.ws, 'Payload length for control frame exceeded 125 bytes.')\n          return\n        } else if (this.#info.opcode === opcodes.CLOSE) {\n          if (payloadLength === 1) {\n            failWebsocketConnection(this.ws, 'Received close frame with a 1-byte body.')\n            return\n          }\n\n          const body = this.consume(payloadLength)\n\n          this.#info.closeInfo = this.parseCloseBody(false, body)\n\n          if (!this.ws[kSentClose]) {\n            // If an endpoint receives a Close frame and did not previously send a\n            // Close frame, the endpoint MUST send a Close frame in response.  (When\n            // sending a Close frame in response, the endpoint typically echos the\n            // status code it received.)\n            const body = Buffer.allocUnsafe(2)\n            body.writeUInt16BE(this.#info.closeInfo.code, 0)\n            const closeFrame = new WebsocketFrameSend(body)\n\n            this.ws[kResponse].socket.write(\n              closeFrame.createFrame(opcodes.CLOSE),\n              (err) => {\n                if (!err) {\n                  this.ws[kSentClose] = true\n                }\n              }\n            )\n          }\n\n          // Upon either sending or receiving a Close control frame, it is said\n          // that _The WebSocket Closing Handshake is Started_ and that the\n          // WebSocket connection is in the CLOSING state.\n          this.ws[kReadyState] = states.CLOSING\n          this.ws[kReceivedClose] = true\n\n          this.end()\n\n          return\n        } else if (this.#info.opcode === opcodes.PING) {\n          // Upon receipt of a Ping frame, an endpoint MUST send a Pong frame in\n          // response, unless it already received a Close frame.\n          // A Pong frame sent in response to a Ping frame must have identical\n          // \"Application data\"\n\n          const body = this.consume(payloadLength)\n\n          if (!this.ws[kReceivedClose]) {\n            const frame = new WebsocketFrameSend(body)\n\n            this.ws[kResponse].socket.write(frame.createFrame(opcodes.PONG))\n\n            if (channels.ping.hasSubscribers) {\n              channels.ping.publish({\n                payload: body\n              })\n            }\n          }\n\n          this.#state = parserStates.INFO\n\n          if (this.#byteOffset > 0) {\n            continue\n          } else {\n            callback()\n            return\n          }\n        } else if (this.#info.opcode === opcodes.PONG) {\n          // A Pong frame MAY be sent unsolicited.  This serves as a\n          // unidirectional heartbeat.  A response to an unsolicited Pong frame is\n          // not expected.\n\n          const body = this.consume(payloadLength)\n\n          if (channels.pong.hasSubscribers) {\n            channels.pong.publish({\n              payload: body\n            })\n          }\n\n          if (this.#byteOffset > 0) {\n            continue\n          } else {\n            callback()\n            return\n          }\n        }\n      } else if (this.#state === parserStates.PAYLOADLENGTH_16) {\n        if (this.#byteOffset < 2) {\n          return callback()\n        }\n\n        const buffer = this.consume(2)\n\n        this.#info.payloadLength = buffer.readUInt16BE(0)\n        this.#state = parserStates.READ_DATA\n      } else if (this.#state === parserStates.PAYLOADLENGTH_64) {\n        if (this.#byteOffset < 8) {\n          return callback()\n        }\n\n        const buffer = this.consume(8)\n        const upper = buffer.readUInt32BE(0)\n\n        // 2^31 is the maxinimum bytes an arraybuffer can contain\n        // on 32-bit systems. Although, on 64-bit systems, this is\n        // 2^53-1 bytes.\n        // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Invalid_array_length\n        // https://source.chromium.org/chromium/chromium/src/+/main:v8/src/common/globals.h;drc=1946212ac0100668f14eb9e2843bdd846e510a1e;bpv=1;bpt=1;l=1275\n        // https://source.chromium.org/chromium/chromium/src/+/main:v8/src/objects/js-array-buffer.h;l=34;drc=1946212ac0100668f14eb9e2843bdd846e510a1e\n        if (upper > 2 ** 31 - 1) {\n          failWebsocketConnection(this.ws, 'Received payload length > 2^31 bytes.')\n          return\n        }\n\n        const lower = buffer.readUInt32BE(4)\n\n        this.#info.payloadLength = (upper << 8) + lower\n        this.#state = parserStates.READ_DATA\n      } else if (this.#state === parserStates.READ_DATA) {\n        if (this.#byteOffset < this.#info.payloadLength) {\n          // If there is still more data in this chunk that needs to be read\n          return callback()\n        } else if (this.#byteOffset >= this.#info.payloadLength) {\n          // If the server sent multiple frames in a single chunk\n\n          const body = this.consume(this.#info.payloadLength)\n\n          this.#fragments.push(body)\n\n          // If the frame is unfragmented, or a fragmented frame was terminated,\n          // a message was received\n          if (!this.#info.fragmented || (this.#info.fin && this.#info.opcode === opcodes.CONTINUATION)) {\n            const fullMessage = Buffer.concat(this.#fragments)\n\n            websocketMessageReceived(this.ws, this.#info.originalOpcode, fullMessage)\n\n            this.#info = {}\n            this.#fragments.length = 0\n          }\n\n          this.#state = parserStates.INFO\n        }\n      }\n\n      if (this.#byteOffset > 0) {\n        continue\n      } else {\n        callback()\n        break\n      }\n    }\n  }\n\n  /**\n   * Take n bytes from the buffered Buffers\n   * @param {number} n\n   * @returns {Buffer|null}\n   */\n  consume (n) {\n    if (n > this.#byteOffset) {\n      return null\n    } else if (n === 0) {\n      return emptyBuffer\n    }\n\n    if (this.#buffers[0].length === n) {\n      this.#byteOffset -= this.#buffers[0].length\n      return this.#buffers.shift()\n    }\n\n    const buffer = Buffer.allocUnsafe(n)\n    let offset = 0\n\n    while (offset !== n) {\n      const next = this.#buffers[0]\n      const { length } = next\n\n      if (length + offset === n) {\n        buffer.set(this.#buffers.shift(), offset)\n        break\n      } else if (length + offset > n) {\n        buffer.set(next.subarray(0, n - offset), offset)\n        this.#buffers[0] = next.subarray(n - offset)\n        break\n      } else {\n        buffer.set(this.#buffers.shift(), offset)\n        offset += next.length\n      }\n    }\n\n    this.#byteOffset -= n\n\n    return buffer\n  }\n\n  parseCloseBody (onlyCode, data) {\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-7.1.5\n    /** @type {number|undefined} */\n    let code\n\n    if (data.length >= 2) {\n      // _The WebSocket Connection Close Code_ is\n      // defined as the status code (Section 7.4) contained in the first Close\n      // control frame received by the application\n      code = data.readUInt16BE(0)\n    }\n\n    if (onlyCode) {\n      if (!isValidStatusCode(code)) {\n        return null\n      }\n\n      return { code }\n    }\n\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-7.1.6\n    /** @type {Buffer} */\n    let reason = data.subarray(2)\n\n    // Remove BOM\n    if (reason[0] === 0xEF && reason[1] === 0xBB && reason[2] === 0xBF) {\n      reason = reason.subarray(3)\n    }\n\n    if (code !== undefined && !isValidStatusCode(code)) {\n      return null\n    }\n\n    try {\n      // TODO: optimize this\n      reason = new TextDecoder('utf-8', { fatal: true }).decode(reason)\n    } catch {\n      return null\n    }\n\n    return { code, reason }\n  }\n\n  get closingInfo () {\n    return this.#info.closeInfo\n  }\n}\n\nmodule.exports = {\n  ByteParser\n}\n","'use strict'\n\nmodule.exports = {\n  kWebSocketURL: Symbol('url'),\n  kReadyState: Symbol('ready state'),\n  kController: Symbol('controller'),\n  kResponse: Symbol('response'),\n  kBinaryType: Symbol('binary type'),\n  kSentClose: Symbol('sent close'),\n  kReceivedClose: Symbol('received close'),\n  kByteParser: Symbol('byte parser')\n}\n","'use strict'\n\nconst { kReadyState, kController, kResponse, kBinaryType, kWebSocketURL } = require('./symbols')\nconst { states, opcodes } = require('./constants')\nconst { MessageEvent, ErrorEvent } = require('./events')\n\n/* globals Blob */\n\n/**\n * @param {import('./websocket').WebSocket} ws\n */\nfunction isEstablished (ws) {\n  // If the server's response is validated as provided for above, it is\n  // said that _The WebSocket Connection is Established_ and that the\n  // WebSocket Connection is in the OPEN state.\n  return ws[kReadyState] === states.OPEN\n}\n\n/**\n * @param {import('./websocket').WebSocket} ws\n */\nfunction isClosing (ws) {\n  // Upon either sending or receiving a Close control frame, it is said\n  // that _The WebSocket Closing Handshake is Started_ and that the\n  // WebSocket connection is in the CLOSING state.\n  return ws[kReadyState] === states.CLOSING\n}\n\n/**\n * @param {import('./websocket').WebSocket} ws\n */\nfunction isClosed (ws) {\n  return ws[kReadyState] === states.CLOSED\n}\n\n/**\n * @see https://dom.spec.whatwg.org/#concept-event-fire\n * @param {string} e\n * @param {EventTarget} target\n * @param {EventInit | undefined} eventInitDict\n */\nfunction fireEvent (e, target, eventConstructor = Event, eventInitDict) {\n  // 1. If eventConstructor is not given, then let eventConstructor be Event.\n\n  // 2. Let event be the result of creating an event given eventConstructor,\n  //    in the relevant realm of target.\n  // 3. Initialize event’s type attribute to e.\n  const event = new eventConstructor(e, eventInitDict) // eslint-disable-line new-cap\n\n  // 4. Initialize any other IDL attributes of event as described in the\n  //    invocation of this algorithm.\n\n  // 5. Return the result of dispatching event at target, with legacy target\n  //    override flag set if set.\n  target.dispatchEvent(event)\n}\n\n/**\n * @see https://websockets.spec.whatwg.org/#feedback-from-the-protocol\n * @param {import('./websocket').WebSocket} ws\n * @param {number} type Opcode\n * @param {Buffer} data application data\n */\nfunction websocketMessageReceived (ws, type, data) {\n  // 1. If ready state is not OPEN (1), then return.\n  if (ws[kReadyState] !== states.OPEN) {\n    return\n  }\n\n  // 2. Let dataForEvent be determined by switching on type and binary type:\n  let dataForEvent\n\n  if (type === opcodes.TEXT) {\n    // -> type indicates that the data is Text\n    //      a new DOMString containing data\n    try {\n      dataForEvent = new TextDecoder('utf-8', { fatal: true }).decode(data)\n    } catch {\n      failWebsocketConnection(ws, 'Received invalid UTF-8 in text frame.')\n      return\n    }\n  } else if (type === opcodes.BINARY) {\n    if (ws[kBinaryType] === 'blob') {\n      // -> type indicates that the data is Binary and binary type is \"blob\"\n      //      a new Blob object, created in the relevant Realm of the WebSocket\n      //      object, that represents data as its raw data\n      dataForEvent = new Blob([data])\n    } else {\n      // -> type indicates that the data is Binary and binary type is \"arraybuffer\"\n      //      a new ArrayBuffer object, created in the relevant Realm of the\n      //      WebSocket object, whose contents are data\n      dataForEvent = new Uint8Array(data).buffer\n    }\n  }\n\n  // 3. Fire an event named message at the WebSocket object, using MessageEvent,\n  //    with the origin attribute initialized to the serialization of the WebSocket\n  //    object’s url's origin, and the data attribute initialized to dataForEvent.\n  fireEvent('message', ws, MessageEvent, {\n    origin: ws[kWebSocketURL].origin,\n    data: dataForEvent\n  })\n}\n\n/**\n * @see https://datatracker.ietf.org/doc/html/rfc6455\n * @see https://datatracker.ietf.org/doc/html/rfc2616\n * @see https://bugs.chromium.org/p/chromium/issues/detail?id=398407\n * @param {string} protocol\n */\nfunction isValidSubprotocol (protocol) {\n  // If present, this value indicates one\n  // or more comma-separated subprotocol the client wishes to speak,\n  // ordered by preference.  The elements that comprise this value\n  // MUST be non-empty strings with characters in the range U+0021 to\n  // U+007E not including separator characters as defined in\n  // [RFC2616] and MUST all be unique strings.\n  if (protocol.length === 0) {\n    return false\n  }\n\n  for (const char of protocol) {\n    const code = char.charCodeAt(0)\n\n    if (\n      code < 0x21 ||\n      code > 0x7E ||\n      char === '(' ||\n      char === ')' ||\n      char === '<' ||\n      char === '>' ||\n      char === '@' ||\n      char === ',' ||\n      char === ';' ||\n      char === ':' ||\n      char === '\\\\' ||\n      char === '\"' ||\n      char === '/' ||\n      char === '[' ||\n      char === ']' ||\n      char === '?' ||\n      char === '=' ||\n      char === '{' ||\n      char === '}' ||\n      code === 32 || // SP\n      code === 9 // HT\n    ) {\n      return false\n    }\n  }\n\n  return true\n}\n\n/**\n * @see https://datatracker.ietf.org/doc/html/rfc6455#section-7-4\n * @param {number} code\n */\nfunction isValidStatusCode (code) {\n  if (code >= 1000 && code < 1015) {\n    return (\n      code !== 1004 && // reserved\n      code !== 1005 && // \"MUST NOT be set as a status code\"\n      code !== 1006 // \"MUST NOT be set as a status code\"\n    )\n  }\n\n  return code >= 3000 && code <= 4999\n}\n\n/**\n * @param {import('./websocket').WebSocket} ws\n * @param {string|undefined} reason\n */\nfunction failWebsocketConnection (ws, reason) {\n  const { [kController]: controller, [kResponse]: response } = ws\n\n  controller.abort()\n\n  if (response?.socket && !response.socket.destroyed) {\n    response.socket.destroy()\n  }\n\n  if (reason) {\n    fireEvent('error', ws, ErrorEvent, {\n      error: new Error(reason)\n    })\n  }\n}\n\nmodule.exports = {\n  isEstablished,\n  isClosing,\n  isClosed,\n  fireEvent,\n  isValidSubprotocol,\n  isValidStatusCode,\n  failWebsocketConnection,\n  websocketMessageReceived\n}\n","'use strict'\n\nconst { webidl } = require('../fetch/webidl')\nconst { DOMException } = require('../fetch/constants')\nconst { URLSerializer } = require('../fetch/dataURL')\nconst { getGlobalOrigin } = require('../fetch/global')\nconst { staticPropertyDescriptors, states, opcodes, emptyBuffer } = require('./constants')\nconst {\n  kWebSocketURL,\n  kReadyState,\n  kController,\n  kBinaryType,\n  kResponse,\n  kSentClose,\n  kByteParser\n} = require('./symbols')\nconst { isEstablished, isClosing, isValidSubprotocol, failWebsocketConnection, fireEvent } = require('./util')\nconst { establishWebSocketConnection } = require('./connection')\nconst { WebsocketFrameSend } = require('./frame')\nconst { ByteParser } = require('./receiver')\nconst { kEnumerableProperty, isBlobLike } = require('../core/util')\nconst { getGlobalDispatcher } = require('../global')\nconst { types } = require('util')\n\nlet experimentalWarned = false\n\n// https://websockets.spec.whatwg.org/#interface-definition\nclass WebSocket extends EventTarget {\n  #events = {\n    open: null,\n    error: null,\n    close: null,\n    message: null\n  }\n\n  #bufferedAmount = 0\n  #protocol = ''\n  #extensions = ''\n\n  /**\n   * @param {string} url\n   * @param {string|string[]} protocols\n   */\n  constructor (url, protocols = []) {\n    super()\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'WebSocket constructor' })\n\n    if (!experimentalWarned) {\n      experimentalWarned = true\n      process.emitWarning('WebSockets are experimental, expect them to change at any time.', {\n        code: 'UNDICI-WS'\n      })\n    }\n\n    const options = webidl.converters['DOMString or sequence<DOMString> or WebSocketInit'](protocols)\n\n    url = webidl.converters.USVString(url)\n    protocols = options.protocols\n\n    // 1. Let baseURL be this's relevant settings object's API base URL.\n    const baseURL = getGlobalOrigin()\n\n    // 1. Let urlRecord be the result of applying the URL parser to url with baseURL.\n    let urlRecord\n\n    try {\n      urlRecord = new URL(url, baseURL)\n    } catch (e) {\n      // 3. If urlRecord is failure, then throw a \"SyntaxError\" DOMException.\n      throw new DOMException(e, 'SyntaxError')\n    }\n\n    // 4. If urlRecord’s scheme is \"http\", then set urlRecord’s scheme to \"ws\".\n    if (urlRecord.protocol === 'http:') {\n      urlRecord.protocol = 'ws:'\n    } else if (urlRecord.protocol === 'https:') {\n      // 5. Otherwise, if urlRecord’s scheme is \"https\", set urlRecord’s scheme to \"wss\".\n      urlRecord.protocol = 'wss:'\n    }\n\n    // 6. If urlRecord’s scheme is not \"ws\" or \"wss\", then throw a \"SyntaxError\" DOMException.\n    if (urlRecord.protocol !== 'ws:' && urlRecord.protocol !== 'wss:') {\n      throw new DOMException(\n        `Expected a ws: or wss: protocol, got ${urlRecord.protocol}`,\n        'SyntaxError'\n      )\n    }\n\n    // 7. If urlRecord’s fragment is non-null, then throw a \"SyntaxError\"\n    //    DOMException.\n    if (urlRecord.hash || urlRecord.href.endsWith('#')) {\n      throw new DOMException('Got fragment', 'SyntaxError')\n    }\n\n    // 8. If protocols is a string, set protocols to a sequence consisting\n    //    of just that string.\n    if (typeof protocols === 'string') {\n      protocols = [protocols]\n    }\n\n    // 9. If any of the values in protocols occur more than once or otherwise\n    //    fail to match the requirements for elements that comprise the value\n    //    of `Sec-WebSocket-Protocol` fields as defined by The WebSocket\n    //    protocol, then throw a \"SyntaxError\" DOMException.\n    if (protocols.length !== new Set(protocols.map(p => p.toLowerCase())).size) {\n      throw new DOMException('Invalid Sec-WebSocket-Protocol value', 'SyntaxError')\n    }\n\n    if (protocols.length > 0 && !protocols.every(p => isValidSubprotocol(p))) {\n      throw new DOMException('Invalid Sec-WebSocket-Protocol value', 'SyntaxError')\n    }\n\n    // 10. Set this's url to urlRecord.\n    this[kWebSocketURL] = new URL(urlRecord.href)\n\n    // 11. Let client be this's relevant settings object.\n\n    // 12. Run this step in parallel:\n\n    //    1. Establish a WebSocket connection given urlRecord, protocols,\n    //       and client.\n    this[kController] = establishWebSocketConnection(\n      urlRecord,\n      protocols,\n      this,\n      (response) => this.#onConnectionEstablished(response),\n      options\n    )\n\n    // Each WebSocket object has an associated ready state, which is a\n    // number representing the state of the connection. Initially it must\n    // be CONNECTING (0).\n    this[kReadyState] = WebSocket.CONNECTING\n\n    // The extensions attribute must initially return the empty string.\n\n    // The protocol attribute must initially return the empty string.\n\n    // Each WebSocket object has an associated binary type, which is a\n    // BinaryType. Initially it must be \"blob\".\n    this[kBinaryType] = 'blob'\n  }\n\n  /**\n   * @see https://websockets.spec.whatwg.org/#dom-websocket-close\n   * @param {number|undefined} code\n   * @param {string|undefined} reason\n   */\n  close (code = undefined, reason = undefined) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (code !== undefined) {\n      code = webidl.converters['unsigned short'](code, { clamp: true })\n    }\n\n    if (reason !== undefined) {\n      reason = webidl.converters.USVString(reason)\n    }\n\n    // 1. If code is present, but is neither an integer equal to 1000 nor an\n    //    integer in the range 3000 to 4999, inclusive, throw an\n    //    \"InvalidAccessError\" DOMException.\n    if (code !== undefined) {\n      if (code !== 1000 && (code < 3000 || code > 4999)) {\n        throw new DOMException('invalid code', 'InvalidAccessError')\n      }\n    }\n\n    let reasonByteLength = 0\n\n    // 2. If reason is present, then run these substeps:\n    if (reason !== undefined) {\n      // 1. Let reasonBytes be the result of encoding reason.\n      // 2. If reasonBytes is longer than 123 bytes, then throw a\n      //    \"SyntaxError\" DOMException.\n      reasonByteLength = Buffer.byteLength(reason)\n\n      if (reasonByteLength > 123) {\n        throw new DOMException(\n          `Reason must be less than 123 bytes; received ${reasonByteLength}`,\n          'SyntaxError'\n        )\n      }\n    }\n\n    // 3. Run the first matching steps from the following list:\n    if (this[kReadyState] === WebSocket.CLOSING || this[kReadyState] === WebSocket.CLOSED) {\n      // If this's ready state is CLOSING (2) or CLOSED (3)\n      // Do nothing.\n    } else if (!isEstablished(this)) {\n      // If the WebSocket connection is not yet established\n      // Fail the WebSocket connection and set this's ready state\n      // to CLOSING (2).\n      failWebsocketConnection(this, 'Connection was closed before it was established.')\n      this[kReadyState] = WebSocket.CLOSING\n    } else if (!isClosing(this)) {\n      // If the WebSocket closing handshake has not yet been started\n      // Start the WebSocket closing handshake and set this's ready\n      // state to CLOSING (2).\n      // - If neither code nor reason is present, the WebSocket Close\n      //   message must not have a body.\n      // - If code is present, then the status code to use in the\n      //   WebSocket Close message must be the integer given by code.\n      // - If reason is also present, then reasonBytes must be\n      //   provided in the Close message after the status code.\n\n      const frame = new WebsocketFrameSend()\n\n      // If neither code nor reason is present, the WebSocket Close\n      // message must not have a body.\n\n      // If code is present, then the status code to use in the\n      // WebSocket Close message must be the integer given by code.\n      if (code !== undefined && reason === undefined) {\n        frame.frameData = Buffer.allocUnsafe(2)\n        frame.frameData.writeUInt16BE(code, 0)\n      } else if (code !== undefined && reason !== undefined) {\n        // If reason is also present, then reasonBytes must be\n        // provided in the Close message after the status code.\n        frame.frameData = Buffer.allocUnsafe(2 + reasonByteLength)\n        frame.frameData.writeUInt16BE(code, 0)\n        // the body MAY contain UTF-8-encoded data with value /reason/\n        frame.frameData.write(reason, 2, 'utf-8')\n      } else {\n        frame.frameData = emptyBuffer\n      }\n\n      /** @type {import('stream').Duplex} */\n      const socket = this[kResponse].socket\n\n      socket.write(frame.createFrame(opcodes.CLOSE), (err) => {\n        if (!err) {\n          this[kSentClose] = true\n        }\n      })\n\n      // Upon either sending or receiving a Close control frame, it is said\n      // that _The WebSocket Closing Handshake is Started_ and that the\n      // WebSocket connection is in the CLOSING state.\n      this[kReadyState] = states.CLOSING\n    } else {\n      // Otherwise\n      // Set this's ready state to CLOSING (2).\n      this[kReadyState] = WebSocket.CLOSING\n    }\n  }\n\n  /**\n   * @see https://websockets.spec.whatwg.org/#dom-websocket-send\n   * @param {NodeJS.TypedArray|ArrayBuffer|Blob|string} data\n   */\n  send (data) {\n    webidl.brandCheck(this, WebSocket)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'WebSocket.send' })\n\n    data = webidl.converters.WebSocketSendData(data)\n\n    // 1. If this's ready state is CONNECTING, then throw an\n    //    \"InvalidStateError\" DOMException.\n    if (this[kReadyState] === WebSocket.CONNECTING) {\n      throw new DOMException('Sent before connected.', 'InvalidStateError')\n    }\n\n    // 2. Run the appropriate set of steps from the following list:\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-6.1\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-5.2\n\n    if (!isEstablished(this) || isClosing(this)) {\n      return\n    }\n\n    /** @type {import('stream').Duplex} */\n    const socket = this[kResponse].socket\n\n    // If data is a string\n    if (typeof data === 'string') {\n      // If the WebSocket connection is established and the WebSocket\n      // closing handshake has not yet started, then the user agent\n      // must send a WebSocket Message comprised of the data argument\n      // using a text frame opcode; if the data cannot be sent, e.g.\n      // because it would need to be buffered but the buffer is full,\n      // the user agent must flag the WebSocket as full and then close\n      // the WebSocket connection. Any invocation of this method with a\n      // string argument that does not throw an exception must increase\n      // the bufferedAmount attribute by the number of bytes needed to\n      // express the argument as UTF-8.\n\n      const value = Buffer.from(data)\n      const frame = new WebsocketFrameSend(value)\n      const buffer = frame.createFrame(opcodes.TEXT)\n\n      this.#bufferedAmount += value.byteLength\n      socket.write(buffer, () => {\n        this.#bufferedAmount -= value.byteLength\n      })\n    } else if (types.isArrayBuffer(data)) {\n      // If the WebSocket connection is established, and the WebSocket\n      // closing handshake has not yet started, then the user agent must\n      // send a WebSocket Message comprised of data using a binary frame\n      // opcode; if the data cannot be sent, e.g. because it would need\n      // to be buffered but the buffer is full, the user agent must flag\n      // the WebSocket as full and then close the WebSocket connection.\n      // The data to be sent is the data stored in the buffer described\n      // by the ArrayBuffer object. Any invocation of this method with an\n      // ArrayBuffer argument that does not throw an exception must\n      // increase the bufferedAmount attribute by the length of the\n      // ArrayBuffer in bytes.\n\n      const value = Buffer.from(data)\n      const frame = new WebsocketFrameSend(value)\n      const buffer = frame.createFrame(opcodes.BINARY)\n\n      this.#bufferedAmount += value.byteLength\n      socket.write(buffer, () => {\n        this.#bufferedAmount -= value.byteLength\n      })\n    } else if (ArrayBuffer.isView(data)) {\n      // If the WebSocket connection is established, and the WebSocket\n      // closing handshake has not yet started, then the user agent must\n      // send a WebSocket Message comprised of data using a binary frame\n      // opcode; if the data cannot be sent, e.g. because it would need to\n      // be buffered but the buffer is full, the user agent must flag the\n      // WebSocket as full and then close the WebSocket connection. The\n      // data to be sent is the data stored in the section of the buffer\n      // described by the ArrayBuffer object that data references. Any\n      // invocation of this method with this kind of argument that does\n      // not throw an exception must increase the bufferedAmount attribute\n      // by the length of data’s buffer in bytes.\n\n      const ab = Buffer.from(data, data.byteOffset, data.byteLength)\n\n      const frame = new WebsocketFrameSend(ab)\n      const buffer = frame.createFrame(opcodes.BINARY)\n\n      this.#bufferedAmount += ab.byteLength\n      socket.write(buffer, () => {\n        this.#bufferedAmount -= ab.byteLength\n      })\n    } else if (isBlobLike(data)) {\n      // If the WebSocket connection is established, and the WebSocket\n      // closing handshake has not yet started, then the user agent must\n      // send a WebSocket Message comprised of data using a binary frame\n      // opcode; if the data cannot be sent, e.g. because it would need to\n      // be buffered but the buffer is full, the user agent must flag the\n      // WebSocket as full and then close the WebSocket connection. The data\n      // to be sent is the raw data represented by the Blob object. Any\n      // invocation of this method with a Blob argument that does not throw\n      // an exception must increase the bufferedAmount attribute by the size\n      // of the Blob object’s raw data, in bytes.\n\n      const frame = new WebsocketFrameSend()\n\n      data.arrayBuffer().then((ab) => {\n        const value = Buffer.from(ab)\n        frame.frameData = value\n        const buffer = frame.createFrame(opcodes.BINARY)\n\n        this.#bufferedAmount += value.byteLength\n        socket.write(buffer, () => {\n          this.#bufferedAmount -= value.byteLength\n        })\n      })\n    }\n  }\n\n  get readyState () {\n    webidl.brandCheck(this, WebSocket)\n\n    // The readyState getter steps are to return this's ready state.\n    return this[kReadyState]\n  }\n\n  get bufferedAmount () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#bufferedAmount\n  }\n\n  get url () {\n    webidl.brandCheck(this, WebSocket)\n\n    // The url getter steps are to return this's url, serialized.\n    return URLSerializer(this[kWebSocketURL])\n  }\n\n  get extensions () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#extensions\n  }\n\n  get protocol () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#protocol\n  }\n\n  get onopen () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#events.open\n  }\n\n  set onopen (fn) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (this.#events.open) {\n      this.removeEventListener('open', this.#events.open)\n    }\n\n    if (typeof fn === 'function') {\n      this.#events.open = fn\n      this.addEventListener('open', fn)\n    } else {\n      this.#events.open = null\n    }\n  }\n\n  get onerror () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#events.error\n  }\n\n  set onerror (fn) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (this.#events.error) {\n      this.removeEventListener('error', this.#events.error)\n    }\n\n    if (typeof fn === 'function') {\n      this.#events.error = fn\n      this.addEventListener('error', fn)\n    } else {\n      this.#events.error = null\n    }\n  }\n\n  get onclose () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#events.close\n  }\n\n  set onclose (fn) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (this.#events.close) {\n      this.removeEventListener('close', this.#events.close)\n    }\n\n    if (typeof fn === 'function') {\n      this.#events.close = fn\n      this.addEventListener('close', fn)\n    } else {\n      this.#events.close = null\n    }\n  }\n\n  get onmessage () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#events.message\n  }\n\n  set onmessage (fn) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (this.#events.message) {\n      this.removeEventListener('message', this.#events.message)\n    }\n\n    if (typeof fn === 'function') {\n      this.#events.message = fn\n      this.addEventListener('message', fn)\n    } else {\n      this.#events.message = null\n    }\n  }\n\n  get binaryType () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this[kBinaryType]\n  }\n\n  set binaryType (type) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (type !== 'blob' && type !== 'arraybuffer') {\n      this[kBinaryType] = 'blob'\n    } else {\n      this[kBinaryType] = type\n    }\n  }\n\n  /**\n   * @see https://websockets.spec.whatwg.org/#feedback-from-the-protocol\n   */\n  #onConnectionEstablished (response) {\n    // processResponse is called when the \"response’s header list has been received and initialized.\"\n    // once this happens, the connection is open\n    this[kResponse] = response\n\n    const parser = new ByteParser(this)\n    parser.on('drain', function onParserDrain () {\n      this.ws[kResponse].socket.resume()\n    })\n\n    response.socket.ws = this\n    this[kByteParser] = parser\n\n    // 1. Change the ready state to OPEN (1).\n    this[kReadyState] = states.OPEN\n\n    // 2. Change the extensions attribute’s value to the extensions in use, if\n    //    it is not the null value.\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-9.1\n    const extensions = response.headersList.get('sec-websocket-extensions')\n\n    if (extensions !== null) {\n      this.#extensions = extensions\n    }\n\n    // 3. Change the protocol attribute’s value to the subprotocol in use, if\n    //    it is not the null value.\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-1.9\n    const protocol = response.headersList.get('sec-websocket-protocol')\n\n    if (protocol !== null) {\n      this.#protocol = protocol\n    }\n\n    // 4. Fire an event named open at the WebSocket object.\n    fireEvent('open', this)\n  }\n}\n\n// https://websockets.spec.whatwg.org/#dom-websocket-connecting\nWebSocket.CONNECTING = WebSocket.prototype.CONNECTING = states.CONNECTING\n// https://websockets.spec.whatwg.org/#dom-websocket-open\nWebSocket.OPEN = WebSocket.prototype.OPEN = states.OPEN\n// https://websockets.spec.whatwg.org/#dom-websocket-closing\nWebSocket.CLOSING = WebSocket.prototype.CLOSING = states.CLOSING\n// https://websockets.spec.whatwg.org/#dom-websocket-closed\nWebSocket.CLOSED = WebSocket.prototype.CLOSED = states.CLOSED\n\nObject.defineProperties(WebSocket.prototype, {\n  CONNECTING: staticPropertyDescriptors,\n  OPEN: staticPropertyDescriptors,\n  CLOSING: staticPropertyDescriptors,\n  CLOSED: staticPropertyDescriptors,\n  url: kEnumerableProperty,\n  readyState: kEnumerableProperty,\n  bufferedAmount: kEnumerableProperty,\n  onopen: kEnumerableProperty,\n  onerror: kEnumerableProperty,\n  onclose: kEnumerableProperty,\n  close: kEnumerableProperty,\n  onmessage: kEnumerableProperty,\n  binaryType: kEnumerableProperty,\n  send: kEnumerableProperty,\n  extensions: kEnumerableProperty,\n  protocol: kEnumerableProperty,\n  [Symbol.toStringTag]: {\n    value: 'WebSocket',\n    writable: false,\n    enumerable: false,\n    configurable: true\n  }\n})\n\nObject.defineProperties(WebSocket, {\n  CONNECTING: staticPropertyDescriptors,\n  OPEN: staticPropertyDescriptors,\n  CLOSING: staticPropertyDescriptors,\n  CLOSED: staticPropertyDescriptors\n})\n\nwebidl.converters['sequence<DOMString>'] = webidl.sequenceConverter(\n  webidl.converters.DOMString\n)\n\nwebidl.converters['DOMString or sequence<DOMString>'] = function (V) {\n  if (webidl.util.Type(V) === 'Object' && Symbol.iterator in V) {\n    return webidl.converters['sequence<DOMString>'](V)\n  }\n\n  return webidl.converters.DOMString(V)\n}\n\n// This implements the propsal made in https://github.com/whatwg/websockets/issues/42\nwebidl.converters.WebSocketInit = webidl.dictionaryConverter([\n  {\n    key: 'protocols',\n    converter: webidl.converters['DOMString or sequence<DOMString>'],\n    get defaultValue () {\n      return []\n    }\n  },\n  {\n    key: 'dispatcher',\n    converter: (V) => V,\n    get defaultValue () {\n      return getGlobalDispatcher()\n    }\n  },\n  {\n    key: 'headers',\n    converter: webidl.nullableConverter(webidl.converters.HeadersInit)\n  }\n])\n\nwebidl.converters['DOMString or sequence<DOMString> or WebSocketInit'] = function (V) {\n  if (webidl.util.Type(V) === 'Object' && !(Symbol.iterator in V)) {\n    return webidl.converters.WebSocketInit(V)\n  }\n\n  return { protocols: webidl.converters['DOMString or sequence<DOMString>'](V) }\n}\n\nwebidl.converters.WebSocketSendData = function (V) {\n  if (webidl.util.Type(V) === 'Object') {\n    if (isBlobLike(V)) {\n      return webidl.converters.Blob(V, { strict: false })\n    }\n\n    if (ArrayBuffer.isView(V) || types.isAnyArrayBuffer(V)) {\n      return webidl.converters.BufferSource(V)\n    }\n  }\n\n  return webidl.converters.USVString(V)\n}\n\nmodule.exports = {\n  WebSocket\n}\n","/*\r\n * xpath.js\r\n *\r\n * An XPath 1.0 library for JavaScript.\r\n *\r\n * Cameron McCormack <cam (at) mcc.id.au>\r\n *\r\n * This work is licensed under the MIT License.\r\n *\r\n * Revision 20: April 26, 2011\r\n *   Fixed a typo resulting in FIRST_ORDERED_NODE_TYPE results being wrong,\r\n *   thanks to <shi_a009 (at) hotmail.com>.\r\n *\r\n * Revision 19: November 29, 2005\r\n *   Nodesets now store their nodes in a height balanced tree, increasing\r\n *   performance for the common case of selecting nodes in document order,\r\n *   thanks to Sébastien Cramatte <contact (at) zeninteractif.com>.\r\n *   AVL tree code adapted from Raimund Neumann <rnova (at) gmx.net>.\r\n *\r\n * Revision 18: October 27, 2005\r\n *   DOM 3 XPath support.  Caveats:\r\n *     - namespace prefixes aren't resolved in XPathEvaluator.createExpression,\r\n *       but in XPathExpression.evaluate.\r\n *     - XPathResult.invalidIteratorState is not implemented.\r\n *\r\n * Revision 17: October 25, 2005\r\n *   Some core XPath function fixes and a patch to avoid crashing certain\r\n *   versions of MSXML in PathExpr.prototype.getOwnerElement, thanks to\r\n *   Sébastien Cramatte <contact (at) zeninteractif.com>.\r\n *\r\n * Revision 16: September 22, 2005\r\n *   Workarounds for some IE 5.5 deficiencies.\r\n *   Fixed problem with prefix node tests on attribute nodes.\r\n *\r\n * Revision 15: May 21, 2005\r\n *   Fixed problem with QName node tests on elements with an xmlns=\"...\".\r\n *\r\n * Revision 14: May 19, 2005\r\n *   Fixed QName node tests on attribute node regression.\r\n *\r\n * Revision 13: May 3, 2005\r\n *   Node tests are case insensitive now if working in an HTML DOM.\r\n *\r\n * Revision 12: April 26, 2005\r\n *   Updated licence.  Slight code changes to enable use of Dean\r\n *   Edwards' script compression, http://dean.edwards.name/packer/ .\r\n *\r\n * Revision 11: April 23, 2005\r\n *   Fixed bug with 'and' and 'or' operators, fix thanks to\r\n *   Sandy McArthur <sandy (at) mcarthur.org>.\r\n *\r\n * Revision 10: April 15, 2005\r\n *   Added support for a virtual root node, supposedly helpful for\r\n *   implementing XForms.  Fixed problem with QName node tests and\r\n *   the parent axis.\r\n *\r\n * Revision 9: March 17, 2005\r\n *   Namespace resolver tweaked so using the document node as the context\r\n *   for namespace lookups is equivalent to using the document element.\r\n *\r\n * Revision 8: February 13, 2005\r\n *   Handle implicit declaration of 'xmlns' namespace prefix.\r\n *   Fixed bug when comparing nodesets.\r\n *   Instance data can now be associated with a FunctionResolver, and\r\n *     workaround for MSXML not supporting 'localName' and 'getElementById',\r\n *     thanks to Grant Gongaware.\r\n *   Fix a few problems when the context node is the root node.\r\n *\r\n * Revision 7: February 11, 2005\r\n *   Default namespace resolver fix from Grant Gongaware\r\n *   <grant (at) gongaware.com>.\r\n *\r\n * Revision 6: February 10, 2005\r\n *   Fixed bug in 'number' function.\r\n *\r\n * Revision 5: February 9, 2005\r\n *   Fixed bug where text nodes not getting converted to string values.\r\n *\r\n * Revision 4: January 21, 2005\r\n *   Bug in 'name' function, fix thanks to Bill Edney.\r\n *   Fixed incorrect processing of namespace nodes.\r\n *   Fixed NamespaceResolver to resolve 'xml' namespace.\r\n *   Implemented union '|' operator.\r\n *\r\n * Revision 3: January 14, 2005\r\n *   Fixed bug with nodeset comparisons, bug lexing < and >.\r\n *\r\n * Revision 2: October 26, 2004\r\n *   QName node test namespace handling fixed.  Few other bug fixes.\r\n *\r\n * Revision 1: August 13, 2004\r\n *   Bug fixes from William J. Edney <bedney (at) technicalpursuit.com>.\r\n *   Added minimal licence.\r\n *\r\n * Initial version: June 14, 2004\r\n */\r\n\r\n// non-node wrapper\r\nvar xpath = (typeof exports === 'undefined') ? {} : exports;\r\n\r\n(function (exports) {\r\n    \"use strict\";\r\n\r\n    // namespace nodes are not part of the DOM spec, so we use a custom nodetype for them.\r\n    // should NOT be used externally\r\n    var NAMESPACE_NODE_NODETYPE = '__namespace';\r\n\r\n    var isNil = function (x) {\r\n        return x === null || x === undefined;\r\n    };\r\n\r\n    var isValidNodeType = function (nodeType) {\r\n        return nodeType === NAMESPACE_NODE_NODETYPE ||\r\n            (Number.isInteger(nodeType)\r\n                && nodeType >= 1\r\n                && nodeType <= 11\r\n            );\r\n    };\r\n\r\n    var isNodeLike = function (value) {\r\n        return value\r\n            && isValidNodeType(value.nodeType)\r\n            && typeof value.nodeName === \"string\";\r\n    };\r\n\r\n    // functional helpers\r\n    function curry(func) {\r\n        var slice = Array.prototype.slice,\r\n            totalargs = func.length,\r\n            partial = function (args, fn) {\r\n                return function () {\r\n                    return fn.apply(this, args.concat(slice.call(arguments)));\r\n                }\r\n            },\r\n            fn = function () {\r\n                var args = slice.call(arguments);\r\n                return (args.length < totalargs) ?\r\n                    partial(args, fn) :\r\n                    func.apply(this, slice.apply(arguments, [0, totalargs]));\r\n            };\r\n        return fn;\r\n    }\r\n\r\n    var forEach = function (f, xs) {\r\n        for (var i = 0; i < xs.length; i += 1) {\r\n            f(xs[i], i, xs);\r\n        }\r\n    };\r\n\r\n    var reduce = function (f, seed, xs) {\r\n        var acc = seed;\r\n\r\n        forEach(function (x, i) { acc = f(acc, x, i); }, xs);\r\n\r\n        return acc;\r\n    };\r\n\r\n    var map = function (f, xs) {\r\n        var mapped = new Array(xs.length);\r\n\r\n        forEach(function (x, i) { mapped[i] = f(x); }, xs);\r\n\r\n        return mapped;\r\n    };\r\n\r\n    var filter = function (f, xs) {\r\n        var filtered = [];\r\n\r\n        forEach(function (x, i) { if (f(x, i)) { filtered.push(x); } }, xs);\r\n\r\n        return filtered;\r\n    };\r\n\r\n    var includes = function (values, value) {\r\n        for (var i = 0; i < values.length; i += 1) {\r\n            if (values[i] === value) {\r\n                return true;\r\n            }\r\n        }\r\n\r\n        return false;\r\n    };\r\n\r\n    function always(value) { return function () { return value; } }\r\n\r\n    function toString(x) { return x.toString(); }\r\n    var join = function (s, xs) { return xs.join(s); };\r\n    var wrap = function (pref, suf, str) { return pref + str + suf; };\r\n\r\n    var prototypeConcat = Array.prototype.concat;\r\n\r\n    var sortNodes = function (nodes, reverse) {\r\n        var ns = new XNodeSet();\r\n\r\n        ns.addArray(nodes);\r\n\r\n        var sorted = ns.toArray();\r\n\r\n        return reverse ? sorted.reverse() : sorted;\r\n    }\r\n\r\n    // .apply() fails above a certain number of arguments - https://github.com/goto100/xpath/pull/98\r\n    var MAX_ARGUMENT_LENGTH = 32767;\r\n\r\n    function flatten(arr) {\r\n        var result = [];\r\n\r\n        for (var start = 0; start < arr.length; start += MAX_ARGUMENT_LENGTH) {\r\n            var chunk = arr.slice(start, start + MAX_ARGUMENT_LENGTH);\r\n\r\n            result = prototypeConcat.apply(result, chunk);\r\n        }\r\n\r\n        return result;\r\n    }\r\n\r\n    function assign(target, varArgs) { // .length of function is 2\r\n        var to = Object(target);\r\n\r\n        for (var index = 1; index < arguments.length; index++) {\r\n            var nextSource = arguments[index];\r\n\r\n            if (nextSource != null) { // Skip over if undefined or null\r\n                for (var nextKey in nextSource) {\r\n                    // Avoid bugs when hasOwnProperty is shadowed\r\n                    if (Object.prototype.hasOwnProperty.call(nextSource, nextKey)) {\r\n                        to[nextKey] = nextSource[nextKey];\r\n                    }\r\n                }\r\n            }\r\n        }\r\n\r\n        return to;\r\n    }\r\n\r\n    var NodeTypes = {\r\n        ELEMENT_NODE: 1,\r\n        ATTRIBUTE_NODE: 2,\r\n        TEXT_NODE: 3,\r\n        CDATA_SECTION_NODE: 4,\r\n        PROCESSING_INSTRUCTION_NODE: 7,\r\n        COMMENT_NODE: 8,\r\n        DOCUMENT_NODE: 9,\r\n        DOCUMENT_TYPE_NODE: 10,\r\n        DOCUMENT_FRAGMENT_NODE: 11,\r\n        NAMESPACE_NODE: NAMESPACE_NODE_NODETYPE,\r\n    };\r\n\r\n    // XPathParser ///////////////////////////////////////////////////////////////\r\n\r\n    XPathParser.prototype = new Object();\r\n    XPathParser.prototype.constructor = XPathParser;\r\n    XPathParser.superclass = Object.prototype;\r\n\r\n    function XPathParser() {\r\n        this.init();\r\n    }\r\n\r\n    XPathParser.prototype.init = function () {\r\n        this.reduceActions = [];\r\n\r\n        this.reduceActions[3] = function (rhs) {\r\n            return new OrOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[5] = function (rhs) {\r\n            return new AndOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[7] = function (rhs) {\r\n            return new EqualsOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[8] = function (rhs) {\r\n            return new NotEqualOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[10] = function (rhs) {\r\n            return new LessThanOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[11] = function (rhs) {\r\n            return new GreaterThanOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[12] = function (rhs) {\r\n            return new LessThanOrEqualOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[13] = function (rhs) {\r\n            return new GreaterThanOrEqualOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[15] = function (rhs) {\r\n            return new PlusOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[16] = function (rhs) {\r\n            return new MinusOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[18] = function (rhs) {\r\n            return new MultiplyOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[19] = function (rhs) {\r\n            return new DivOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[20] = function (rhs) {\r\n            return new ModOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[22] = function (rhs) {\r\n            return new UnaryMinusOperation(rhs[1]);\r\n        };\r\n        this.reduceActions[24] = function (rhs) {\r\n            return new BarOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[25] = function (rhs) {\r\n            return new PathExpr(undefined, undefined, rhs[0]);\r\n        };\r\n        this.reduceActions[27] = function (rhs) {\r\n            rhs[0].locationPath = rhs[2];\r\n            return rhs[0];\r\n        };\r\n        this.reduceActions[28] = function (rhs) {\r\n            rhs[0].locationPath = rhs[2];\r\n            rhs[0].locationPath.steps.unshift(new Step(Step.DESCENDANTORSELF, NodeTest.nodeTest, []));\r\n            return rhs[0];\r\n        };\r\n        this.reduceActions[29] = function (rhs) {\r\n            return new PathExpr(rhs[0], [], undefined);\r\n        };\r\n        this.reduceActions[30] = function (rhs) {\r\n            if (Utilities.instance_of(rhs[0], PathExpr)) {\r\n                if (rhs[0].filterPredicates == undefined) {\r\n                    rhs[0].filterPredicates = [];\r\n                }\r\n                rhs[0].filterPredicates.push(rhs[1]);\r\n                return rhs[0];\r\n            } else {\r\n                return new PathExpr(rhs[0], [rhs[1]], undefined);\r\n            }\r\n        };\r\n        this.reduceActions[32] = function (rhs) {\r\n            return rhs[1];\r\n        };\r\n        this.reduceActions[33] = function (rhs) {\r\n            return new XString(rhs[0]);\r\n        };\r\n        this.reduceActions[34] = function (rhs) {\r\n            return new XNumber(rhs[0]);\r\n        };\r\n        this.reduceActions[36] = function (rhs) {\r\n            return new FunctionCall(rhs[0], []);\r\n        };\r\n        this.reduceActions[37] = function (rhs) {\r\n            return new FunctionCall(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[38] = function (rhs) {\r\n            return [rhs[0]];\r\n        };\r\n        this.reduceActions[39] = function (rhs) {\r\n            rhs[2].unshift(rhs[0]);\r\n            return rhs[2];\r\n        };\r\n        this.reduceActions[43] = function (rhs) {\r\n            return new LocationPath(true, []);\r\n        };\r\n        this.reduceActions[44] = function (rhs) {\r\n            rhs[1].absolute = true;\r\n            return rhs[1];\r\n        };\r\n        this.reduceActions[46] = function (rhs) {\r\n            return new LocationPath(false, [rhs[0]]);\r\n        };\r\n        this.reduceActions[47] = function (rhs) {\r\n            rhs[0].steps.push(rhs[2]);\r\n            return rhs[0];\r\n        };\r\n        this.reduceActions[49] = function (rhs) {\r\n            return new Step(rhs[0], rhs[1], []);\r\n        };\r\n        this.reduceActions[50] = function (rhs) {\r\n            return new Step(Step.CHILD, rhs[0], []);\r\n        };\r\n        this.reduceActions[51] = function (rhs) {\r\n            return new Step(rhs[0], rhs[1], rhs[2]);\r\n        };\r\n        this.reduceActions[52] = function (rhs) {\r\n            return new Step(Step.CHILD, rhs[0], rhs[1]);\r\n        };\r\n        this.reduceActions[54] = function (rhs) {\r\n            return [rhs[0]];\r\n        };\r\n        this.reduceActions[55] = function (rhs) {\r\n            rhs[1].unshift(rhs[0]);\r\n            return rhs[1];\r\n        };\r\n        this.reduceActions[56] = function (rhs) {\r\n            if (rhs[0] == \"ancestor\") {\r\n                return Step.ANCESTOR;\r\n            } else if (rhs[0] == \"ancestor-or-self\") {\r\n                return Step.ANCESTORORSELF;\r\n            } else if (rhs[0] == \"attribute\") {\r\n                return Step.ATTRIBUTE;\r\n            } else if (rhs[0] == \"child\") {\r\n                return Step.CHILD;\r\n            } else if (rhs[0] == \"descendant\") {\r\n                return Step.DESCENDANT;\r\n            } else if (rhs[0] == \"descendant-or-self\") {\r\n                return Step.DESCENDANTORSELF;\r\n            } else if (rhs[0] == \"following\") {\r\n                return Step.FOLLOWING;\r\n            } else if (rhs[0] == \"following-sibling\") {\r\n                return Step.FOLLOWINGSIBLING;\r\n            } else if (rhs[0] == \"namespace\") {\r\n                return Step.NAMESPACE;\r\n            } else if (rhs[0] == \"parent\") {\r\n                return Step.PARENT;\r\n            } else if (rhs[0] == \"preceding\") {\r\n                return Step.PRECEDING;\r\n            } else if (rhs[0] == \"preceding-sibling\") {\r\n                return Step.PRECEDINGSIBLING;\r\n            } else if (rhs[0] == \"self\") {\r\n                return Step.SELF;\r\n            }\r\n            return -1;\r\n        };\r\n        this.reduceActions[57] = function (rhs) {\r\n            return Step.ATTRIBUTE;\r\n        };\r\n        this.reduceActions[59] = function (rhs) {\r\n            if (rhs[0] == \"comment\") {\r\n                return NodeTest.commentTest;\r\n            } else if (rhs[0] == \"text\") {\r\n                return NodeTest.textTest;\r\n            } else if (rhs[0] == \"processing-instruction\") {\r\n                return NodeTest.anyPiTest;\r\n            } else if (rhs[0] == \"node\") {\r\n                return NodeTest.nodeTest;\r\n            }\r\n            return new NodeTest(-1, undefined);\r\n        };\r\n        this.reduceActions[60] = function (rhs) {\r\n            return new NodeTest.PITest(rhs[2]);\r\n        };\r\n        this.reduceActions[61] = function (rhs) {\r\n            return rhs[1];\r\n        };\r\n        this.reduceActions[63] = function (rhs) {\r\n            rhs[1].absolute = true;\r\n            rhs[1].steps.unshift(new Step(Step.DESCENDANTORSELF, NodeTest.nodeTest, []));\r\n            return rhs[1];\r\n        };\r\n        this.reduceActions[64] = function (rhs) {\r\n            rhs[0].steps.push(new Step(Step.DESCENDANTORSELF, NodeTest.nodeTest, []));\r\n            rhs[0].steps.push(rhs[2]);\r\n            return rhs[0];\r\n        };\r\n        this.reduceActions[65] = function (rhs) {\r\n            return new Step(Step.SELF, NodeTest.nodeTest, []);\r\n        };\r\n        this.reduceActions[66] = function (rhs) {\r\n            return new Step(Step.PARENT, NodeTest.nodeTest, []);\r\n        };\r\n        this.reduceActions[67] = function (rhs) {\r\n            return new VariableReference(rhs[1]);\r\n        };\r\n        this.reduceActions[68] = function (rhs) {\r\n            return NodeTest.nameTestAny;\r\n        };\r\n        this.reduceActions[69] = function (rhs) {\r\n            return new NodeTest.NameTestPrefixAny(rhs[0].split(':')[0]);\r\n        };\r\n        this.reduceActions[70] = function (rhs) {\r\n            return new NodeTest.NameTestQName(rhs[0]);\r\n        };\r\n    };\r\n\r\n    XPathParser.actionTable = [\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \"                 s                  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"                rrrrr               \",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \"rs  rrrrrrrr s  sssssrrrrrr  rrs rs \",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \"                            s       \",\r\n        \"                            s       \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"  s                                 \",\r\n        \"                            s       \",\r\n        \" s           s  sssss          s  s \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"a                                   \",\r\n        \"r       s                    rr  r  \",\r\n        \"r      sr                    rr  r  \",\r\n        \"r   s  rr            s       rr  r  \",\r\n        \"r   rssrr            rss     rr  r  \",\r\n        \"r   rrrrr            rrrss   rr  r  \",\r\n        \"r   rrrrrsss         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrrs  rr  r  \",\r\n        \"r   rrrrrrrr         rrrrrr  rr  r  \",\r\n        \"r   rrrrrrrr         rrrrrr  rr  r  \",\r\n        \"r  srrrrrrrr         rrrrrrs rr sr  \",\r\n        \"r  srrrrrrrr         rrrrrrs rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r   rrrrrrrr         rrrrrr  rr  r  \",\r\n        \"r   rrrrrrrr         rrrrrr  rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"                sssss               \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr sr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"                             s      \",\r\n        \"r  srrrrrrrr         rrrrrrs rr  r  \",\r\n        \"r   rrrrrrrr         rrrrr   rr  r  \",\r\n        \"              s                     \",\r\n        \"                             s      \",\r\n        \"                rrrrr               \",\r\n        \" s s        sssssssss    s sss s  ss\",\r\n        \"r  srrrrrrrr         rrrrrrs rr  r  \",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss      ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s           s  sssss          s  s \",\r\n        \" s           s  sssss          s  s \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \" s           s  sssss          s  s \",\r\n        \" s           s  sssss          s  s \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr sr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr sr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"                             s      \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"                             rr     \",\r\n        \"                             s      \",\r\n        \"                             rs     \",\r\n        \"r      sr                    rr  r  \",\r\n        \"r   s  rr            s       rr  r  \",\r\n        \"r   rssrr            rss     rr  r  \",\r\n        \"r   rssrr            rss     rr  r  \",\r\n        \"r   rrrrr            rrrss   rr  r  \",\r\n        \"r   rrrrr            rrrss   rr  r  \",\r\n        \"r   rrrrr            rrrss   rr  r  \",\r\n        \"r   rrrrr            rrrss   rr  r  \",\r\n        \"r   rrrrrsss         rrrrr   rr  r  \",\r\n        \"r   rrrrrsss         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrrr  rr  r  \",\r\n        \"                                 r  \",\r\n        \"                                 s  \",\r\n        \"r  srrrrrrrr         rrrrrrs rr  r  \",\r\n        \"r  srrrrrrrr         rrrrrrs rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"                             r      \"\r\n    ];\r\n\r\n    XPathParser.actionTableNumber = [\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \"                 J                  \",\r\n        \"a  aaaaaaaaa         aaaaaaa aa  a  \",\r\n        \"                YYYYY               \",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \"K1  KKKKKKKK .  +*)('KKKKKK  KK# K\\\" \",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \"                            N       \",\r\n        \"                            O       \",\r\n        \"e  eeeeeeeee         eeeeeee ee ee  \",\r\n        \"f  fffffffff         fffffff ff ff  \",\r\n        \"d  ddddddddd         ddddddd dd dd  \",\r\n        \"B  BBBBBBBBB         BBBBBBB BB BB  \",\r\n        \"A  AAAAAAAAA         AAAAAAA AA AA  \",\r\n        \"  P                                 \",\r\n        \"                            Q       \",\r\n        \" 1           .  +*)('          #  \\\" \",\r\n        \"b  bbbbbbbbb         bbbbbbb bb  b  \",\r\n        \"                                    \",\r\n        \"!       S                    !!  !  \",\r\n        \"\\\"      T\\\"                    \\\"\\\"  \\\"  \",\r\n        \"$   V  $$            U       $$  $  \",\r\n        \"&   &ZY&&            &XW     &&  &  \",\r\n        \")   )))))            )))\\\\[   ))  )  \",\r\n        \".   ....._^]         .....   ..  .  \",\r\n        \"1   11111111         11111   11  1  \",\r\n        \"5   55555555         55555`  55  5  \",\r\n        \"7   77777777         777777  77  7  \",\r\n        \"9   99999999         999999  99  9  \",\r\n        \":  c::::::::         ::::::b :: a:  \",\r\n        \"I  fIIIIIIII         IIIIIIe II  I  \",\r\n        \"=  =========         ======= == ==  \",\r\n        \"?  ?????????         ??????? ?? ??  \",\r\n        \"C  CCCCCCCCC         CCCCCCC CC CC  \",\r\n        \"J   JJJJJJJJ         JJJJJJ  JJ  J  \",\r\n        \"M   MMMMMMMM         MMMMMM  MM  M  \",\r\n        \"N  NNNNNNNNN         NNNNNNN NN  N  \",\r\n        \"P  PPPPPPPPP         PPPPPPP PP  P  \",\r\n        \"                +*)('               \",\r\n        \"R  RRRRRRRRR         RRRRRRR RR aR  \",\r\n        \"U  UUUUUUUUU         UUUUUUU UU  U  \",\r\n        \"Z  ZZZZZZZZZ         ZZZZZZZ ZZ ZZ  \",\r\n        \"c  ccccccccc         ccccccc cc cc  \",\r\n        \"                             j      \",\r\n        \"L  fLLLLLLLL         LLLLLLe LL  L  \",\r\n        \"6   66666666         66666   66  6  \",\r\n        \"              k                     \",\r\n        \"                             l      \",\r\n        \"                XXXXX               \",\r\n        \" 1 0        /.-,+*)('    & %$m #  \\\"!\",\r\n        \"_  f________         ______e __  _  \",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('      %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1           .  +*)('          #  \\\" \",\r\n        \" 1           .  +*)('          #  \\\" \",\r\n        \">  >>>>>>>>>         >>>>>>> >> >>  \",\r\n        \" 1           .  +*)('          #  \\\" \",\r\n        \" 1           .  +*)('          #  \\\" \",\r\n        \"Q  QQQQQQQQQ         QQQQQQQ QQ aQ  \",\r\n        \"V  VVVVVVVVV         VVVVVVV VV aV  \",\r\n        \"T  TTTTTTTTT         TTTTTTT TT  T  \",\r\n        \"@  @@@@@@@@@         @@@@@@@ @@ @@  \",\r\n        \"                             \\x87      \",\r\n        \"[  [[[[[[[[[         [[[[[[[ [[ [[  \",\r\n        \"D  DDDDDDDDD         DDDDDDD DD DD  \",\r\n        \"                             HH     \",\r\n        \"                             \\x88      \",\r\n        \"                             F\\x89     \",\r\n        \"#      T#                    ##  #  \",\r\n        \"%   V  %%            U       %%  %  \",\r\n        \"'   'ZY''            'XW     ''  '  \",\r\n        \"(   (ZY((            (XW     ((  (  \",\r\n        \"+   +++++            +++\\\\[   ++  +  \",\r\n        \"*   *****            ***\\\\[   **  *  \",\r\n        \"-   -----            ---\\\\[   --  -  \",\r\n        \",   ,,,,,            ,,,\\\\[   ,,  ,  \",\r\n        \"0   00000_^]         00000   00  0  \",\r\n        \"/   /////_^]         /////   //  /  \",\r\n        \"2   22222222         22222   22  2  \",\r\n        \"3   33333333         33333   33  3  \",\r\n        \"4   44444444         44444   44  4  \",\r\n        \"8   88888888         888888  88  8  \",\r\n        \"                                 ^  \",\r\n        \"                                 \\x8a  \",\r\n        \";  f;;;;;;;;         ;;;;;;e ;;  ;  \",\r\n        \"<  f<<<<<<<<         <<<<<<e <<  <  \",\r\n        \"O  OOOOOOOOO         OOOOOOO OO  O  \",\r\n        \"`  `````````         ``````` ``  `  \",\r\n        \"S  SSSSSSSSS         SSSSSSS SS  S  \",\r\n        \"W  WWWWWWWWW         WWWWWWW WW  W  \",\r\n        \"\\\\  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\         \\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\ \\\\\\\\  \",\r\n        \"E  EEEEEEEEE         EEEEEEE EE EE  \",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \"]  ]]]]]]]]]         ]]]]]]] ]] ]]  \",\r\n        \"                             G      \"\r\n    ];\r\n\r\n    XPathParser.gotoTable = [\r\n        \"3456789:;<=>?@ AB  CDEFGH IJ \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"L456789:;<=>?@ AB  CDEFGH IJ \",\r\n        \"            M        EFGH IJ \",\r\n        \"       N;<=>?@ AB  CDEFGH IJ \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"            S        EFGH IJ \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"              e              \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                        h  J \",\r\n        \"              i          j   \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"o456789:;<=>?@ ABpqCDEFGH IJ \",\r\n        \"                             \",\r\n        \"  r6789:;<=>?@ AB  CDEFGH IJ \",\r\n        \"   s789:;<=>?@ AB  CDEFGH IJ \",\r\n        \"    t89:;<=>?@ AB  CDEFGH IJ \",\r\n        \"    u89:;<=>?@ AB  CDEFGH IJ \",\r\n        \"     v9:;<=>?@ AB  CDEFGH IJ \",\r\n        \"     w9:;<=>?@ AB  CDEFGH IJ \",\r\n        \"     x9:;<=>?@ AB  CDEFGH IJ \",\r\n        \"     y9:;<=>?@ AB  CDEFGH IJ \",\r\n        \"      z:;<=>?@ AB  CDEFGH IJ \",\r\n        \"      {:;<=>?@ AB  CDEFGH IJ \",\r\n        \"       |;<=>?@ AB  CDEFGH IJ \",\r\n        \"       };<=>?@ AB  CDEFGH IJ \",\r\n        \"       ~;<=>?@ AB  CDEFGH IJ \",\r\n        \"         \\x7f=>?@ AB  CDEFGH IJ \",\r\n        \"\\x80456789:;<=>?@ AB  CDEFGH IJ\\x81\",\r\n        \"            \\x82        EFGH IJ \",\r\n        \"            \\x83        EFGH IJ \",\r\n        \"                             \",\r\n        \"                     \\x84 GH IJ \",\r\n        \"                     \\x85 GH IJ \",\r\n        \"              i          \\x86   \",\r\n        \"              i          \\x87   \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"o456789:;<=>?@ AB\\x8cqCDEFGH IJ \",\r\n        \"                             \",\r\n        \"                             \"\r\n    ];\r\n\r\n    XPathParser.productions = [\r\n        [1, 1, 2],\r\n        [2, 1, 3],\r\n        [3, 1, 4],\r\n        [3, 3, 3, -9, 4],\r\n        [4, 1, 5],\r\n        [4, 3, 4, -8, 5],\r\n        [5, 1, 6],\r\n        [5, 3, 5, -22, 6],\r\n        [5, 3, 5, -5, 6],\r\n        [6, 1, 7],\r\n        [6, 3, 6, -23, 7],\r\n        [6, 3, 6, -24, 7],\r\n        [6, 3, 6, -6, 7],\r\n        [6, 3, 6, -7, 7],\r\n        [7, 1, 8],\r\n        [7, 3, 7, -25, 8],\r\n        [7, 3, 7, -26, 8],\r\n        [8, 1, 9],\r\n        [8, 3, 8, -12, 9],\r\n        [8, 3, 8, -11, 9],\r\n        [8, 3, 8, -10, 9],\r\n        [9, 1, 10],\r\n        [9, 2, -26, 9],\r\n        [10, 1, 11],\r\n        [10, 3, 10, -27, 11],\r\n        [11, 1, 12],\r\n        [11, 1, 13],\r\n        [11, 3, 13, -28, 14],\r\n        [11, 3, 13, -4, 14],\r\n        [13, 1, 15],\r\n        [13, 2, 13, 16],\r\n        [15, 1, 17],\r\n        [15, 3, -29, 2, -30],\r\n        [15, 1, -15],\r\n        [15, 1, -16],\r\n        [15, 1, 18],\r\n        [18, 3, -13, -29, -30],\r\n        [18, 4, -13, -29, 19, -30],\r\n        [19, 1, 20],\r\n        [19, 3, 20, -31, 19],\r\n        [20, 1, 2],\r\n        [12, 1, 14],\r\n        [12, 1, 21],\r\n        [21, 1, -28],\r\n        [21, 2, -28, 14],\r\n        [21, 1, 22],\r\n        [14, 1, 23],\r\n        [14, 3, 14, -28, 23],\r\n        [14, 1, 24],\r\n        [23, 2, 25, 26],\r\n        [23, 1, 26],\r\n        [23, 3, 25, 26, 27],\r\n        [23, 2, 26, 27],\r\n        [23, 1, 28],\r\n        [27, 1, 16],\r\n        [27, 2, 16, 27],\r\n        [25, 2, -14, -3],\r\n        [25, 1, -32],\r\n        [26, 1, 29],\r\n        [26, 3, -20, -29, -30],\r\n        [26, 4, -21, -29, -15, -30],\r\n        [16, 3, -33, 30, -34],\r\n        [30, 1, 2],\r\n        [22, 2, -4, 14],\r\n        [24, 3, 14, -4, 23],\r\n        [28, 1, -35],\r\n        [28, 1, -2],\r\n        [17, 2, -36, -18],\r\n        [29, 1, -17],\r\n        [29, 1, -19],\r\n        [29, 1, -18]\r\n    ];\r\n\r\n    XPathParser.DOUBLEDOT = 2;\r\n    XPathParser.DOUBLECOLON = 3;\r\n    XPathParser.DOUBLESLASH = 4;\r\n    XPathParser.NOTEQUAL = 5;\r\n    XPathParser.LESSTHANOREQUAL = 6;\r\n    XPathParser.GREATERTHANOREQUAL = 7;\r\n    XPathParser.AND = 8;\r\n    XPathParser.OR = 9;\r\n    XPathParser.MOD = 10;\r\n    XPathParser.DIV = 11;\r\n    XPathParser.MULTIPLYOPERATOR = 12;\r\n    XPathParser.FUNCTIONNAME = 13;\r\n    XPathParser.AXISNAME = 14;\r\n    XPathParser.LITERAL = 15;\r\n    XPathParser.NUMBER = 16;\r\n    XPathParser.ASTERISKNAMETEST = 17;\r\n    XPathParser.QNAME = 18;\r\n    XPathParser.NCNAMECOLONASTERISK = 19;\r\n    XPathParser.NODETYPE = 20;\r\n    XPathParser.PROCESSINGINSTRUCTIONWITHLITERAL = 21;\r\n    XPathParser.EQUALS = 22;\r\n    XPathParser.LESSTHAN = 23;\r\n    XPathParser.GREATERTHAN = 24;\r\n    XPathParser.PLUS = 25;\r\n    XPathParser.MINUS = 26;\r\n    XPathParser.BAR = 27;\r\n    XPathParser.SLASH = 28;\r\n    XPathParser.LEFTPARENTHESIS = 29;\r\n    XPathParser.RIGHTPARENTHESIS = 30;\r\n    XPathParser.COMMA = 31;\r\n    XPathParser.AT = 32;\r\n    XPathParser.LEFTBRACKET = 33;\r\n    XPathParser.RIGHTBRACKET = 34;\r\n    XPathParser.DOT = 35;\r\n    XPathParser.DOLLAR = 36;\r\n\r\n    XPathParser.prototype.tokenize = function (s1) {\r\n        var types = [];\r\n        var values = [];\r\n        var s = s1 + '\\0';\r\n\r\n        var pos = 0;\r\n        var c = s.charAt(pos++);\r\n        while (1) {\r\n            while (c == ' ' || c == '\\t' || c == '\\r' || c == '\\n') {\r\n                c = s.charAt(pos++);\r\n            }\r\n            if (c == '\\0' || pos >= s.length) {\r\n                break;\r\n            }\r\n\r\n            if (c == '(') {\r\n                types.push(XPathParser.LEFTPARENTHESIS);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == ')') {\r\n                types.push(XPathParser.RIGHTPARENTHESIS);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '[') {\r\n                types.push(XPathParser.LEFTBRACKET);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == ']') {\r\n                types.push(XPathParser.RIGHTBRACKET);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '@') {\r\n                types.push(XPathParser.AT);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == ',') {\r\n                types.push(XPathParser.COMMA);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '|') {\r\n                types.push(XPathParser.BAR);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '+') {\r\n                types.push(XPathParser.PLUS);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '-') {\r\n                types.push(XPathParser.MINUS);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '=') {\r\n                types.push(XPathParser.EQUALS);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '$') {\r\n                types.push(XPathParser.DOLLAR);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n\r\n            if (c == '.') {\r\n                c = s.charAt(pos++);\r\n                if (c == '.') {\r\n                    types.push(XPathParser.DOUBLEDOT);\r\n                    values.push(\"..\");\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n                if (c >= '0' && c <= '9') {\r\n                    var number = \".\" + c;\r\n                    c = s.charAt(pos++);\r\n                    while (c >= '0' && c <= '9') {\r\n                        number += c;\r\n                        c = s.charAt(pos++);\r\n                    }\r\n                    types.push(XPathParser.NUMBER);\r\n                    values.push(number);\r\n                    continue;\r\n                }\r\n                types.push(XPathParser.DOT);\r\n                values.push('.');\r\n                continue;\r\n            }\r\n\r\n            if (c == '\\'' || c == '\"') {\r\n                var delimiter = c;\r\n                var literal = \"\";\r\n                while (pos < s.length && (c = s.charAt(pos)) !== delimiter) {\r\n                    literal += c;\r\n                    pos += 1;\r\n                }\r\n                if (c !== delimiter) {\r\n                    throw XPathException.fromMessage(\"Unterminated string literal: \" + delimiter + literal);\r\n                }\r\n                pos += 1;\r\n                types.push(XPathParser.LITERAL);\r\n                values.push(literal);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n\r\n            if (c >= '0' && c <= '9') {\r\n                var number = c;\r\n                c = s.charAt(pos++);\r\n                while (c >= '0' && c <= '9') {\r\n                    number += c;\r\n                    c = s.charAt(pos++);\r\n                }\r\n                if (c == '.') {\r\n                    if (s.charAt(pos) >= '0' && s.charAt(pos) <= '9') {\r\n                        number += c;\r\n                        number += s.charAt(pos++);\r\n                        c = s.charAt(pos++);\r\n                        while (c >= '0' && c <= '9') {\r\n                            number += c;\r\n                            c = s.charAt(pos++);\r\n                        }\r\n                    }\r\n                }\r\n                types.push(XPathParser.NUMBER);\r\n                values.push(number);\r\n                continue;\r\n            }\r\n\r\n            if (c == '*') {\r\n                if (types.length > 0) {\r\n                    var last = types[types.length - 1];\r\n                    if (last != XPathParser.AT\r\n                        && last != XPathParser.DOUBLECOLON\r\n                        && last != XPathParser.LEFTPARENTHESIS\r\n                        && last != XPathParser.LEFTBRACKET\r\n                        && last != XPathParser.AND\r\n                        && last != XPathParser.OR\r\n                        && last != XPathParser.MOD\r\n                        && last != XPathParser.DIV\r\n                        && last != XPathParser.MULTIPLYOPERATOR\r\n                        && last != XPathParser.SLASH\r\n                        && last != XPathParser.DOUBLESLASH\r\n                        && last != XPathParser.BAR\r\n                        && last != XPathParser.PLUS\r\n                        && last != XPathParser.MINUS\r\n                        && last != XPathParser.EQUALS\r\n                        && last != XPathParser.NOTEQUAL\r\n                        && last != XPathParser.LESSTHAN\r\n                        && last != XPathParser.LESSTHANOREQUAL\r\n                        && last != XPathParser.GREATERTHAN\r\n                        && last != XPathParser.GREATERTHANOREQUAL) {\r\n                        types.push(XPathParser.MULTIPLYOPERATOR);\r\n                        values.push(c);\r\n                        c = s.charAt(pos++);\r\n                        continue;\r\n                    }\r\n                }\r\n                types.push(XPathParser.ASTERISKNAMETEST);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n\r\n            if (c == ':') {\r\n                if (s.charAt(pos) == ':') {\r\n                    types.push(XPathParser.DOUBLECOLON);\r\n                    values.push(\"::\");\r\n                    pos++;\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n            }\r\n\r\n            if (c == '/') {\r\n                c = s.charAt(pos++);\r\n                if (c == '/') {\r\n                    types.push(XPathParser.DOUBLESLASH);\r\n                    values.push(\"//\");\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n                types.push(XPathParser.SLASH);\r\n                values.push('/');\r\n                continue;\r\n            }\r\n\r\n            if (c == '!') {\r\n                if (s.charAt(pos) == '=') {\r\n                    types.push(XPathParser.NOTEQUAL);\r\n                    values.push(\"!=\");\r\n                    pos++;\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n            }\r\n\r\n            if (c == '<') {\r\n                if (s.charAt(pos) == '=') {\r\n                    types.push(XPathParser.LESSTHANOREQUAL);\r\n                    values.push(\"<=\");\r\n                    pos++;\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n                types.push(XPathParser.LESSTHAN);\r\n                values.push('<');\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n\r\n            if (c == '>') {\r\n                if (s.charAt(pos) == '=') {\r\n                    types.push(XPathParser.GREATERTHANOREQUAL);\r\n                    values.push(\">=\");\r\n                    pos++;\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n                types.push(XPathParser.GREATERTHAN);\r\n                values.push('>');\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n\r\n            if (c == '_' || Utilities.isLetter(c.charCodeAt(0))) {\r\n                var name = c;\r\n                c = s.charAt(pos++);\r\n                while (Utilities.isNCNameChar(c.charCodeAt(0))) {\r\n                    name += c;\r\n                    c = s.charAt(pos++);\r\n                }\r\n                if (types.length > 0) {\r\n                    var last = types[types.length - 1];\r\n                    if (last != XPathParser.AT\r\n                        && last != XPathParser.DOUBLECOLON\r\n                        && last != XPathParser.LEFTPARENTHESIS\r\n                        && last != XPathParser.LEFTBRACKET\r\n                        && last != XPathParser.AND\r\n                        && last != XPathParser.OR\r\n                        && last != XPathParser.MOD\r\n                        && last != XPathParser.DIV\r\n                        && last != XPathParser.MULTIPLYOPERATOR\r\n                        && last != XPathParser.SLASH\r\n                        && last != XPathParser.DOUBLESLASH\r\n                        && last != XPathParser.BAR\r\n                        && last != XPathParser.PLUS\r\n                        && last != XPathParser.MINUS\r\n                        && last != XPathParser.EQUALS\r\n                        && last != XPathParser.NOTEQUAL\r\n                        && last != XPathParser.LESSTHAN\r\n                        && last != XPathParser.LESSTHANOREQUAL\r\n                        && last != XPathParser.GREATERTHAN\r\n                        && last != XPathParser.GREATERTHANOREQUAL) {\r\n                        if (name == \"and\") {\r\n                            types.push(XPathParser.AND);\r\n                            values.push(name);\r\n                            continue;\r\n                        }\r\n                        if (name == \"or\") {\r\n                            types.push(XPathParser.OR);\r\n                            values.push(name);\r\n                            continue;\r\n                        }\r\n                        if (name == \"mod\") {\r\n                            types.push(XPathParser.MOD);\r\n                            values.push(name);\r\n                            continue;\r\n                        }\r\n                        if (name == \"div\") {\r\n                            types.push(XPathParser.DIV);\r\n                            values.push(name);\r\n                            continue;\r\n                        }\r\n                    }\r\n                }\r\n                if (c == ':') {\r\n                    if (s.charAt(pos) == '*') {\r\n                        types.push(XPathParser.NCNAMECOLONASTERISK);\r\n                        values.push(name + \":*\");\r\n                        pos++;\r\n                        c = s.charAt(pos++);\r\n                        continue;\r\n                    }\r\n                    if (s.charAt(pos) == '_' || Utilities.isLetter(s.charCodeAt(pos))) {\r\n                        name += ':';\r\n                        c = s.charAt(pos++);\r\n                        while (Utilities.isNCNameChar(c.charCodeAt(0))) {\r\n                            name += c;\r\n                            c = s.charAt(pos++);\r\n                        }\r\n                        if (c == '(') {\r\n                            types.push(XPathParser.FUNCTIONNAME);\r\n                            values.push(name);\r\n                            continue;\r\n                        }\r\n                        types.push(XPathParser.QNAME);\r\n                        values.push(name);\r\n                        continue;\r\n                    }\r\n                    if (s.charAt(pos) == ':') {\r\n                        types.push(XPathParser.AXISNAME);\r\n                        values.push(name);\r\n                        continue;\r\n                    }\r\n                }\r\n                if (c == '(') {\r\n                    if (name == \"comment\" || name == \"text\" || name == \"node\") {\r\n                        types.push(XPathParser.NODETYPE);\r\n                        values.push(name);\r\n                        continue;\r\n                    }\r\n                    if (name == \"processing-instruction\") {\r\n                        if (s.charAt(pos) == ')') {\r\n                            types.push(XPathParser.NODETYPE);\r\n                        } else {\r\n                            types.push(XPathParser.PROCESSINGINSTRUCTIONWITHLITERAL);\r\n                        }\r\n                        values.push(name);\r\n                        continue;\r\n                    }\r\n                    types.push(XPathParser.FUNCTIONNAME);\r\n                    values.push(name);\r\n                    continue;\r\n                }\r\n                types.push(XPathParser.QNAME);\r\n                values.push(name);\r\n                continue;\r\n            }\r\n\r\n            throw new Error(\"Unexpected character \" + c);\r\n        }\r\n        types.push(1);\r\n        values.push(\"[EOF]\");\r\n        return [types, values];\r\n    };\r\n\r\n    XPathParser.SHIFT = 's';\r\n    XPathParser.REDUCE = 'r';\r\n    XPathParser.ACCEPT = 'a';\r\n\r\n    XPathParser.prototype.parse = function (s) {\r\n        if (!s) {\r\n            throw new Error('XPath expression unspecified.');\r\n        }\r\n        if (typeof s !== 'string'){\r\n            throw new Error('XPath expression must be a string.');\r\n        }\r\n\r\n        var types;\r\n        var values;\r\n        var res = this.tokenize(s);\r\n        if (res == undefined) {\r\n            return undefined;\r\n        }\r\n        types = res[0];\r\n        values = res[1];\r\n        var tokenPos = 0;\r\n        var state = [];\r\n        var tokenType = [];\r\n        var tokenValue = [];\r\n        var s;\r\n        var a;\r\n        var t;\r\n\r\n        state.push(0);\r\n        tokenType.push(1);\r\n        tokenValue.push(\"_S\");\r\n\r\n        a = types[tokenPos];\r\n        t = values[tokenPos++];\r\n        while (1) {\r\n            s = state[state.length - 1];\r\n            switch (XPathParser.actionTable[s].charAt(a - 1)) {\r\n                case XPathParser.SHIFT:\r\n                    tokenType.push(-a);\r\n                    tokenValue.push(t);\r\n                    state.push(XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32);\r\n                    a = types[tokenPos];\r\n                    t = values[tokenPos++];\r\n                    break;\r\n                case XPathParser.REDUCE:\r\n                    var num = XPathParser.productions[XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32][1];\r\n                    var rhs = [];\r\n                    for (var i = 0; i < num; i++) {\r\n                        tokenType.pop();\r\n                        rhs.unshift(tokenValue.pop());\r\n                        state.pop();\r\n                    }\r\n                    var s_ = state[state.length - 1];\r\n                    tokenType.push(XPathParser.productions[XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32][0]);\r\n                    if (this.reduceActions[XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32] == undefined) {\r\n                        tokenValue.push(rhs[0]);\r\n                    } else {\r\n                        tokenValue.push(this.reduceActions[XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32](rhs));\r\n                    }\r\n                    state.push(XPathParser.gotoTable[s_].charCodeAt(XPathParser.productions[XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32][0] - 2) - 33);\r\n                    break;\r\n                case XPathParser.ACCEPT:\r\n                    return new XPath(tokenValue.pop());\r\n                default:\r\n                    throw new Error(\"XPath parse error\");\r\n            }\r\n        }\r\n    };\r\n\r\n    // XPath /////////////////////////////////////////////////////////////////////\r\n\r\n    XPath.prototype = new Object();\r\n    XPath.prototype.constructor = XPath;\r\n    XPath.superclass = Object.prototype;\r\n\r\n    function XPath(e) {\r\n        this.expression = e;\r\n    }\r\n\r\n    XPath.prototype.toString = function () {\r\n        return this.expression.toString();\r\n    };\r\n\r\n    function setIfUnset(obj, prop, value) {\r\n        if (!(prop in obj)) {\r\n            obj[prop] = value;\r\n        }\r\n    }\r\n\r\n    XPath.prototype.evaluate = function (c) {\r\n        var node = c.expressionContextNode;\r\n\r\n        if (!(isNil(node) || isNodeLike(node))) {\r\n            throw new Error(\"Context node does not appear to be a valid DOM node.\");\r\n        }\r\n\r\n        c.contextNode = c.expressionContextNode;\r\n        c.contextSize = 1;\r\n        c.contextPosition = 1;\r\n\r\n        // [2017-11-25] Removed usage of .implementation.hasFeature() since it does\r\n        //              not reliably detect HTML DOMs (always returns false in xmldom and true in browsers)\r\n        if (c.isHtml) {\r\n            setIfUnset(c, 'caseInsensitive', true);\r\n            setIfUnset(c, 'allowAnyNamespaceForNoPrefix', true);\r\n        }\r\n\r\n        setIfUnset(c, 'caseInsensitive', false);\r\n\r\n        return this.expression.evaluate(c);\r\n    };\r\n\r\n    XPath.XML_NAMESPACE_URI = \"http://www.w3.org/XML/1998/namespace\";\r\n    XPath.XMLNS_NAMESPACE_URI = \"http://www.w3.org/2000/xmlns/\";\r\n\r\n    // Expression ////////////////////////////////////////////////////////////////\r\n\r\n    Expression.prototype = new Object();\r\n    Expression.prototype.constructor = Expression;\r\n    Expression.superclass = Object.prototype;\r\n\r\n    function Expression() {\r\n    }\r\n\r\n    Expression.prototype.init = function () {\r\n    };\r\n\r\n    Expression.prototype.toString = function () {\r\n        return \"<Expression>\";\r\n    };\r\n\r\n    Expression.prototype.evaluate = function (c) {\r\n        throw new Error(\"Could not evaluate expression.\");\r\n    };\r\n\r\n    // UnaryOperation ////////////////////////////////////////////////////////////\r\n\r\n    UnaryOperation.prototype = new Expression();\r\n    UnaryOperation.prototype.constructor = UnaryOperation;\r\n    UnaryOperation.superclass = Expression.prototype;\r\n\r\n    function UnaryOperation(rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(rhs);\r\n        }\r\n    }\r\n\r\n    UnaryOperation.prototype.init = function (rhs) {\r\n        this.rhs = rhs;\r\n    };\r\n\r\n    // UnaryMinusOperation ///////////////////////////////////////////////////////\r\n\r\n    UnaryMinusOperation.prototype = new UnaryOperation();\r\n    UnaryMinusOperation.prototype.constructor = UnaryMinusOperation;\r\n    UnaryMinusOperation.superclass = UnaryOperation.prototype;\r\n\r\n    function UnaryMinusOperation(rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(rhs);\r\n        }\r\n    }\r\n\r\n    UnaryMinusOperation.prototype.init = function (rhs) {\r\n        UnaryMinusOperation.superclass.init.call(this, rhs);\r\n    };\r\n\r\n    UnaryMinusOperation.prototype.evaluate = function (c) {\r\n        return this.rhs.evaluate(c).number().negate();\r\n    };\r\n\r\n    UnaryMinusOperation.prototype.toString = function () {\r\n        return \"-\" + this.rhs.toString();\r\n    };\r\n\r\n    // BinaryOperation ///////////////////////////////////////////////////////////\r\n\r\n    BinaryOperation.prototype = new Expression();\r\n    BinaryOperation.prototype.constructor = BinaryOperation;\r\n    BinaryOperation.superclass = Expression.prototype;\r\n\r\n    function BinaryOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    BinaryOperation.prototype.init = function (lhs, rhs) {\r\n        this.lhs = lhs;\r\n        this.rhs = rhs;\r\n    };\r\n\r\n    // OrOperation ///////////////////////////////////////////////////////////////\r\n\r\n    OrOperation.prototype = new BinaryOperation();\r\n    OrOperation.prototype.constructor = OrOperation;\r\n    OrOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function OrOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    OrOperation.prototype.init = function (lhs, rhs) {\r\n        OrOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    OrOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" or \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    OrOperation.prototype.evaluate = function (c) {\r\n        var b = this.lhs.evaluate(c).bool();\r\n        if (b.booleanValue()) {\r\n            return b;\r\n        }\r\n        return this.rhs.evaluate(c).bool();\r\n    };\r\n\r\n    // AndOperation //////////////////////////////////////////////////////////////\r\n\r\n    AndOperation.prototype = new BinaryOperation();\r\n    AndOperation.prototype.constructor = AndOperation;\r\n    AndOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function AndOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    AndOperation.prototype.init = function (lhs, rhs) {\r\n        AndOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    AndOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" and \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    AndOperation.prototype.evaluate = function (c) {\r\n        var b = this.lhs.evaluate(c).bool();\r\n        if (!b.booleanValue()) {\r\n            return b;\r\n        }\r\n        return this.rhs.evaluate(c).bool();\r\n    };\r\n\r\n    // EqualsOperation ///////////////////////////////////////////////////////////\r\n\r\n    EqualsOperation.prototype = new BinaryOperation();\r\n    EqualsOperation.prototype.constructor = EqualsOperation;\r\n    EqualsOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function EqualsOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    EqualsOperation.prototype.init = function (lhs, rhs) {\r\n        EqualsOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    EqualsOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" = \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    EqualsOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).equals(this.rhs.evaluate(c));\r\n    };\r\n\r\n    // NotEqualOperation /////////////////////////////////////////////////////////\r\n\r\n    NotEqualOperation.prototype = new BinaryOperation();\r\n    NotEqualOperation.prototype.constructor = NotEqualOperation;\r\n    NotEqualOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function NotEqualOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    NotEqualOperation.prototype.init = function (lhs, rhs) {\r\n        NotEqualOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    NotEqualOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" != \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    NotEqualOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).notequal(this.rhs.evaluate(c));\r\n    };\r\n\r\n    // LessThanOperation /////////////////////////////////////////////////////////\r\n\r\n    LessThanOperation.prototype = new BinaryOperation();\r\n    LessThanOperation.prototype.constructor = LessThanOperation;\r\n    LessThanOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function LessThanOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    LessThanOperation.prototype.init = function (lhs, rhs) {\r\n        LessThanOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    LessThanOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).lessthan(this.rhs.evaluate(c));\r\n    };\r\n\r\n    LessThanOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" < \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // GreaterThanOperation //////////////////////////////////////////////////////\r\n\r\n    GreaterThanOperation.prototype = new BinaryOperation();\r\n    GreaterThanOperation.prototype.constructor = GreaterThanOperation;\r\n    GreaterThanOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function GreaterThanOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    GreaterThanOperation.prototype.init = function (lhs, rhs) {\r\n        GreaterThanOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    GreaterThanOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).greaterthan(this.rhs.evaluate(c));\r\n    };\r\n\r\n    GreaterThanOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" > \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // LessThanOrEqualOperation //////////////////////////////////////////////////\r\n\r\n    LessThanOrEqualOperation.prototype = new BinaryOperation();\r\n    LessThanOrEqualOperation.prototype.constructor = LessThanOrEqualOperation;\r\n    LessThanOrEqualOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function LessThanOrEqualOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    LessThanOrEqualOperation.prototype.init = function (lhs, rhs) {\r\n        LessThanOrEqualOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    LessThanOrEqualOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).lessthanorequal(this.rhs.evaluate(c));\r\n    };\r\n\r\n    LessThanOrEqualOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" <= \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // GreaterThanOrEqualOperation ///////////////////////////////////////////////\r\n\r\n    GreaterThanOrEqualOperation.prototype = new BinaryOperation();\r\n    GreaterThanOrEqualOperation.prototype.constructor = GreaterThanOrEqualOperation;\r\n    GreaterThanOrEqualOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function GreaterThanOrEqualOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    GreaterThanOrEqualOperation.prototype.init = function (lhs, rhs) {\r\n        GreaterThanOrEqualOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    GreaterThanOrEqualOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).greaterthanorequal(this.rhs.evaluate(c));\r\n    };\r\n\r\n    GreaterThanOrEqualOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" >= \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // PlusOperation /////////////////////////////////////////////////////////////\r\n\r\n    PlusOperation.prototype = new BinaryOperation();\r\n    PlusOperation.prototype.constructor = PlusOperation;\r\n    PlusOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function PlusOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    PlusOperation.prototype.init = function (lhs, rhs) {\r\n        PlusOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    PlusOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).number().plus(this.rhs.evaluate(c).number());\r\n    };\r\n\r\n    PlusOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" + \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // MinusOperation ////////////////////////////////////////////////////////////\r\n\r\n    MinusOperation.prototype = new BinaryOperation();\r\n    MinusOperation.prototype.constructor = MinusOperation;\r\n    MinusOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function MinusOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    MinusOperation.prototype.init = function (lhs, rhs) {\r\n        MinusOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    MinusOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).number().minus(this.rhs.evaluate(c).number());\r\n    };\r\n\r\n    MinusOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" - \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // MultiplyOperation /////////////////////////////////////////////////////////\r\n\r\n    MultiplyOperation.prototype = new BinaryOperation();\r\n    MultiplyOperation.prototype.constructor = MultiplyOperation;\r\n    MultiplyOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function MultiplyOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    MultiplyOperation.prototype.init = function (lhs, rhs) {\r\n        MultiplyOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    MultiplyOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).number().multiply(this.rhs.evaluate(c).number());\r\n    };\r\n\r\n    MultiplyOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" * \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // DivOperation //////////////////////////////////////////////////////////////\r\n\r\n    DivOperation.prototype = new BinaryOperation();\r\n    DivOperation.prototype.constructor = DivOperation;\r\n    DivOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function DivOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    DivOperation.prototype.init = function (lhs, rhs) {\r\n        DivOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    DivOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).number().div(this.rhs.evaluate(c).number());\r\n    };\r\n\r\n    DivOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" div \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // ModOperation //////////////////////////////////////////////////////////////\r\n\r\n    ModOperation.prototype = new BinaryOperation();\r\n    ModOperation.prototype.constructor = ModOperation;\r\n    ModOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function ModOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    ModOperation.prototype.init = function (lhs, rhs) {\r\n        ModOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    ModOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).number().mod(this.rhs.evaluate(c).number());\r\n    };\r\n\r\n    ModOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" mod \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // BarOperation //////////////////////////////////////////////////////////////\r\n\r\n    BarOperation.prototype = new BinaryOperation();\r\n    BarOperation.prototype.constructor = BarOperation;\r\n    BarOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function BarOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    BarOperation.prototype.init = function (lhs, rhs) {\r\n        BarOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    BarOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).nodeset().union(this.rhs.evaluate(c).nodeset());\r\n    };\r\n\r\n    BarOperation.prototype.toString = function () {\r\n        return map(toString, [this.lhs, this.rhs]).join(' | ');\r\n    };\r\n\r\n    // PathExpr //////////////////////////////////////////////////////////////////\r\n\r\n    PathExpr.prototype = new Expression();\r\n    PathExpr.prototype.constructor = PathExpr;\r\n    PathExpr.superclass = Expression.prototype;\r\n\r\n    function PathExpr(filter, filterPreds, locpath) {\r\n        if (arguments.length > 0) {\r\n            this.init(filter, filterPreds, locpath);\r\n        }\r\n    }\r\n\r\n    PathExpr.prototype.init = function (filter, filterPreds, locpath) {\r\n        PathExpr.superclass.init.call(this);\r\n        this.filter = filter;\r\n        this.filterPredicates = filterPreds;\r\n        this.locationPath = locpath;\r\n    };\r\n\r\n    /**\r\n     * Returns the topmost node of the tree containing node\r\n     */\r\n    function findRoot(node) {\r\n        while (node && node.parentNode) {\r\n            node = node.parentNode;\r\n        }\r\n\r\n        return node;\r\n    }\r\n\r\n    var applyPredicates = function (predicates, c, nodes, reverse) {\r\n        if (predicates.length === 0) {\r\n            return nodes;\r\n        }\r\n\r\n        var ctx = c.extend({});\r\n\r\n        return reduce(\r\n            function (inNodes, pred) {\r\n                ctx.contextSize = inNodes.length;\r\n\r\n                return filter(\r\n                    function (node, i) {\r\n                        ctx.contextNode = node;\r\n                        ctx.contextPosition = i + 1;\r\n\r\n                        return PathExpr.predicateMatches(pred, ctx);\r\n                    },\r\n                    inNodes\r\n                );\r\n            },\r\n            sortNodes(nodes, reverse),\r\n            predicates\r\n        );\r\n    };\r\n\r\n    PathExpr.getRoot = function (xpc, nodes) {\r\n        var firstNode = nodes[0];\r\n\r\n        // xpc.virtualRoot could possibly provide a root even if firstNode is null,\r\n        // so using a guard here instead of throwing.\r\n        if (firstNode && firstNode.nodeType === NodeTypes.DOCUMENT_NODE) {\r\n            return firstNode;\r\n        }\r\n\r\n        if (xpc.virtualRoot) {\r\n            return xpc.virtualRoot;\r\n        }\r\n\r\n        if (!firstNode) {\r\n            throw new Error('Context node not found when determining document root.');\r\n        }\r\n\r\n        var ownerDoc = firstNode.ownerDocument;\r\n\r\n        if (ownerDoc) {\r\n            return ownerDoc;\r\n        }\r\n\r\n        // IE 5.5 doesn't have ownerDocument?\r\n        var n = firstNode;\r\n        while (n.parentNode != null) {\r\n            n = n.parentNode;\r\n        }\r\n        return n;\r\n    }\r\n\r\n    var getPrefixForNamespaceNode = function (attrNode) {\r\n        var nm = String(attrNode.name);\r\n\r\n        if (nm === \"xmlns\") {\r\n            return \"\";\r\n        }\r\n\r\n        if (nm.substring(0, 6) === \"xmlns:\") {\r\n            return nm.substring(6, nm.length);\r\n        }\r\n\r\n        return null;\r\n    };\r\n\r\n    PathExpr.applyStep = function (step, xpc, node) {\r\n        if (!node) {\r\n            throw new Error('Context node not found when evaluating XPath step: ' + step);\r\n        }\r\n\r\n        var newNodes = [];\r\n        xpc.contextNode = node;\r\n\r\n        switch (step.axis) {\r\n            case Step.ANCESTOR:\r\n                // look at all the ancestor nodes\r\n                if (xpc.contextNode === xpc.virtualRoot) {\r\n                    break;\r\n                }\r\n                var m;\r\n                if (xpc.contextNode.nodeType == NodeTypes.ATTRIBUTE_NODE) {\r\n                    m = PathExpr.getOwnerElement(xpc.contextNode);\r\n                } else {\r\n                    m = xpc.contextNode.parentNode;\r\n                }\r\n                while (m != null) {\r\n                    if (step.nodeTest.matches(m, xpc)) {\r\n                        newNodes.push(m);\r\n                    }\r\n                    if (m === xpc.virtualRoot) {\r\n                        break;\r\n                    }\r\n                    m = m.parentNode;\r\n                }\r\n                break;\r\n\r\n            case Step.ANCESTORORSELF:\r\n                // look at all the ancestor nodes and the current node\r\n                for (var m = xpc.contextNode; m != null; m = m.nodeType == NodeTypes.ATTRIBUTE_NODE ? PathExpr.getOwnerElement(m) : m.parentNode) {\r\n                    if (step.nodeTest.matches(m, xpc)) {\r\n                        newNodes.push(m);\r\n                    }\r\n                    if (m === xpc.virtualRoot) {\r\n                        break;\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.ATTRIBUTE:\r\n                // look at the attributes\r\n                var nnm = xpc.contextNode.attributes;\r\n                if (nnm != null) {\r\n                    for (var k = 0; k < nnm.length; k++) {\r\n                        var m = nnm.item(k);\r\n                        if (step.nodeTest.matches(m, xpc)) {\r\n                            newNodes.push(m);\r\n                        }\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.CHILD:\r\n                // look at all child elements\r\n                for (var m = xpc.contextNode.firstChild; m != null; m = m.nextSibling) {\r\n                    if (step.nodeTest.matches(m, xpc)) {\r\n                        newNodes.push(m);\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.DESCENDANT:\r\n                // look at all descendant nodes\r\n                var st = [xpc.contextNode.firstChild];\r\n                while (st.length > 0) {\r\n                    for (var m = st.pop(); m != null;) {\r\n                        if (step.nodeTest.matches(m, xpc)) {\r\n                            newNodes.push(m);\r\n                        }\r\n                        if (m.firstChild != null) {\r\n                            st.push(m.nextSibling);\r\n                            m = m.firstChild;\r\n                        } else {\r\n                            m = m.nextSibling;\r\n                        }\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.DESCENDANTORSELF:\r\n                // look at self\r\n                if (step.nodeTest.matches(xpc.contextNode, xpc)) {\r\n                    newNodes.push(xpc.contextNode);\r\n                }\r\n                // look at all descendant nodes\r\n                var st = [xpc.contextNode.firstChild];\r\n                while (st.length > 0) {\r\n                    for (var m = st.pop(); m != null;) {\r\n                        if (step.nodeTest.matches(m, xpc)) {\r\n                            newNodes.push(m);\r\n                        }\r\n                        if (m.firstChild != null) {\r\n                            st.push(m.nextSibling);\r\n                            m = m.firstChild;\r\n                        } else {\r\n                            m = m.nextSibling;\r\n                        }\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.FOLLOWING:\r\n                if (xpc.contextNode === xpc.virtualRoot) {\r\n                    break;\r\n                }\r\n                var st = [];\r\n                if (xpc.contextNode.firstChild != null) {\r\n                    st.unshift(xpc.contextNode.firstChild);\r\n                } else {\r\n                    st.unshift(xpc.contextNode.nextSibling);\r\n                }\r\n                for (var m = xpc.contextNode.parentNode; m != null && m.nodeType != NodeTypes.DOCUMENT_NODE && m !== xpc.virtualRoot; m = m.parentNode) {\r\n                    st.unshift(m.nextSibling);\r\n                }\r\n                do {\r\n                    for (var m = st.pop(); m != null;) {\r\n                        if (step.nodeTest.matches(m, xpc)) {\r\n                            newNodes.push(m);\r\n                        }\r\n                        if (m.firstChild != null) {\r\n                            st.push(m.nextSibling);\r\n                            m = m.firstChild;\r\n                        } else {\r\n                            m = m.nextSibling;\r\n                        }\r\n                    }\r\n                } while (st.length > 0);\r\n                break;\r\n\r\n            case Step.FOLLOWINGSIBLING:\r\n                if (xpc.contextNode === xpc.virtualRoot) {\r\n                    break;\r\n                }\r\n                for (var m = xpc.contextNode.nextSibling; m != null; m = m.nextSibling) {\r\n                    if (step.nodeTest.matches(m, xpc)) {\r\n                        newNodes.push(m);\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.NAMESPACE:\r\n                var nodes = {};\r\n\r\n                if (xpc.contextNode.nodeType == NodeTypes.ELEMENT_NODE) {\r\n                    // BUG: This only collects the namespaces on the current node, but seemingly\r\n                    //      it should collect all those in scope\r\n                    nodes[\"xml\"] = new XPathNamespace(\"xml\", null, XPath.XML_NAMESPACE_URI, xpc.contextNode);\r\n\r\n                    for (var m = xpc.contextNode; m != null && m.nodeType == NodeTypes.ELEMENT_NODE; m = m.parentNode) {\r\n                        for (var k = 0; k < m.attributes.length; k++) {\r\n                            var attr = m.attributes.item(k);\r\n\r\n                            var pre = getPrefixForNamespaceNode(attr);\r\n\r\n                            if (pre != null && nodes[pre] == undefined) {\r\n                                nodes[pre] = new XPathNamespace(pre, attr, attr.value, xpc.contextNode);\r\n                            }\r\n                        }\r\n                    }\r\n\r\n                    for (var pre in nodes) {\r\n                        var node = nodes[pre];\r\n\r\n                        if (step.nodeTest.matches(node, xpc)) {\r\n                            newNodes.push(node);\r\n                        }\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.PARENT:\r\n                m = null;\r\n                if (xpc.contextNode !== xpc.virtualRoot) {\r\n                    if (xpc.contextNode.nodeType == NodeTypes.ATTRIBUTE_NODE) {\r\n                        m = PathExpr.getOwnerElement(xpc.contextNode);\r\n                    } else {\r\n                        m = xpc.contextNode.parentNode;\r\n                    }\r\n                }\r\n                if (m != null && step.nodeTest.matches(m, xpc)) {\r\n                    newNodes.push(m);\r\n                }\r\n                break;\r\n\r\n            case Step.PRECEDING:\r\n                var st;\r\n                if (xpc.virtualRoot != null) {\r\n                    st = [xpc.virtualRoot];\r\n                } else {\r\n                    // cannot rely on .ownerDocument because the node may be in a document fragment\r\n                    st = [findRoot(xpc.contextNode)];\r\n                }\r\n                outer: while (st.length > 0) {\r\n                    for (var m = st.pop(); m != null;) {\r\n                        if (m == xpc.contextNode) {\r\n                            break outer;\r\n                        }\r\n                        if (step.nodeTest.matches(m, xpc)) {\r\n                            newNodes.unshift(m);\r\n                        }\r\n                        if (m.firstChild != null) {\r\n                            st.push(m.nextSibling);\r\n                            m = m.firstChild;\r\n                        } else {\r\n                            m = m.nextSibling;\r\n                        }\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.PRECEDINGSIBLING:\r\n                if (xpc.contextNode === xpc.virtualRoot) {\r\n                    break;\r\n                }\r\n                for (var m = xpc.contextNode.previousSibling; m != null; m = m.previousSibling) {\r\n                    if (step.nodeTest.matches(m, xpc)) {\r\n                        newNodes.push(m);\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.SELF:\r\n                if (step.nodeTest.matches(xpc.contextNode, xpc)) {\r\n                    newNodes.push(xpc.contextNode);\r\n                }\r\n                break;\r\n\r\n            default:\r\n        }\r\n\r\n        return newNodes;\r\n    };\r\n\r\n    function applyStepWithPredicates(step, xpc, node) {\r\n        return applyPredicates(\r\n            step.predicates,\r\n            xpc,\r\n            PathExpr.applyStep(step, xpc, node),\r\n            includes(REVERSE_AXES, step.axis)\r\n        );\r\n    }\r\n\r\n    function applyStepToNodes(context, nodes, step) {\r\n        return flatten(\r\n            map(\r\n                applyStepWithPredicates.bind(null, step, context),\r\n                nodes\r\n            )\r\n        );\r\n    }\r\n\r\n    PathExpr.applySteps = function (steps, xpc, nodes) {\r\n        return reduce(\r\n            applyStepToNodes.bind(null, xpc),\r\n            nodes,\r\n            steps\r\n        );\r\n    }\r\n\r\n    PathExpr.prototype.applyFilter = function (c, xpc) {\r\n        if (!this.filter) {\r\n            return { nodes: [c.contextNode] };\r\n        }\r\n\r\n        var ns = this.filter.evaluate(c);\r\n\r\n        if (!Utilities.instance_of(ns, XNodeSet)) {\r\n            if (this.filterPredicates != null && this.filterPredicates.length > 0 || this.locationPath != null) {\r\n                throw new Error(\"Path expression filter must evaluate to a nodeset if predicates or location path are used\");\r\n            }\r\n\r\n            return { nonNodes: ns };\r\n        }\r\n\r\n        return {\r\n            nodes: applyPredicates(\r\n                this.filterPredicates || [],\r\n                xpc,\r\n                ns.toUnsortedArray(),\r\n                false // reverse\r\n            )\r\n        };\r\n    };\r\n\r\n    PathExpr.applyLocationPath = function (locationPath, xpc, nodes) {\r\n        if (!locationPath) {\r\n            return nodes;\r\n        }\r\n\r\n        var startNodes = locationPath.absolute ? [PathExpr.getRoot(xpc, nodes)] : nodes;\r\n\r\n        return PathExpr.applySteps(locationPath.steps, xpc, startNodes);\r\n    };\r\n\r\n    PathExpr.prototype.evaluate = function (c) {\r\n        var xpc = assign(new XPathContext(), c);\r\n\r\n        var filterResult = this.applyFilter(c, xpc);\r\n\r\n        if ('nonNodes' in filterResult) {\r\n            return filterResult.nonNodes;\r\n        }\r\n\r\n        var ns = new XNodeSet();\r\n        ns.addArray(PathExpr.applyLocationPath(this.locationPath, xpc, filterResult.nodes));\r\n        return ns;\r\n    };\r\n\r\n    PathExpr.predicateMatches = function (pred, c) {\r\n        var res = pred.evaluate(c);\r\n\r\n        return Utilities.instance_of(res, XNumber)\r\n            ? c.contextPosition === res.numberValue()\r\n            : res.booleanValue();\r\n    };\r\n\r\n    PathExpr.predicateString = function (predicate) {\r\n        return wrap('[', ']', predicate.toString());\r\n    }\r\n\r\n    PathExpr.predicatesString = function (predicates) {\r\n        return join(\r\n            '',\r\n            map(PathExpr.predicateString, predicates)\r\n        );\r\n    }\r\n\r\n    PathExpr.prototype.toString = function () {\r\n        if (this.filter != undefined) {\r\n            var filterStr = toString(this.filter);\r\n\r\n            if (Utilities.instance_of(this.filter, XString)) {\r\n                return wrap(\"'\", \"'\", filterStr);\r\n            }\r\n            if (this.filterPredicates != undefined && this.filterPredicates.length) {\r\n                return wrap('(', ')', filterStr) +\r\n                    PathExpr.predicatesString(this.filterPredicates);\r\n            }\r\n            if (this.locationPath != undefined) {\r\n                return filterStr +\r\n                    (this.locationPath.absolute ? '' : '/') +\r\n                    toString(this.locationPath);\r\n            }\r\n\r\n            return filterStr;\r\n        }\r\n\r\n        return toString(this.locationPath);\r\n    };\r\n\r\n    PathExpr.getOwnerElement = function (n) {\r\n        // DOM 2 has ownerElement\r\n        if (n.ownerElement) {\r\n            return n.ownerElement;\r\n        }\r\n        // DOM 1 Internet Explorer can use selectSingleNode (ironically)\r\n        try {\r\n            if (n.selectSingleNode) {\r\n                return n.selectSingleNode(\"..\");\r\n            }\r\n        } catch (e) {\r\n        }\r\n        // Other DOM 1 implementations must use this egregious search\r\n        var doc = n.nodeType == NodeTypes.DOCUMENT_NODE\r\n            ? n\r\n            : n.ownerDocument;\r\n        var elts = doc.getElementsByTagName(\"*\");\r\n        for (var i = 0; i < elts.length; i++) {\r\n            var elt = elts.item(i);\r\n            var nnm = elt.attributes;\r\n            for (var j = 0; j < nnm.length; j++) {\r\n                var an = nnm.item(j);\r\n                if (an === n) {\r\n                    return elt;\r\n                }\r\n            }\r\n        }\r\n        return null;\r\n    };\r\n\r\n    // LocationPath //////////////////////////////////////////////////////////////\r\n\r\n    LocationPath.prototype = new Object();\r\n    LocationPath.prototype.constructor = LocationPath;\r\n    LocationPath.superclass = Object.prototype;\r\n\r\n    function LocationPath(abs, steps) {\r\n        if (arguments.length > 0) {\r\n            this.init(abs, steps);\r\n        }\r\n    }\r\n\r\n    LocationPath.prototype.init = function (abs, steps) {\r\n        this.absolute = abs;\r\n        this.steps = steps;\r\n    };\r\n\r\n    LocationPath.prototype.toString = function () {\r\n        return (\r\n            (this.absolute ? '/' : '') +\r\n            map(toString, this.steps).join('/')\r\n        );\r\n    };\r\n\r\n    // Step //////////////////////////////////////////////////////////////////////\r\n\r\n    Step.prototype = new Object();\r\n    Step.prototype.constructor = Step;\r\n    Step.superclass = Object.prototype;\r\n\r\n    function Step(axis, nodetest, preds) {\r\n        if (arguments.length > 0) {\r\n            this.init(axis, nodetest, preds);\r\n        }\r\n    }\r\n\r\n    Step.prototype.init = function (axis, nodetest, preds) {\r\n        this.axis = axis;\r\n        this.nodeTest = nodetest;\r\n        this.predicates = preds;\r\n    };\r\n\r\n    Step.prototype.toString = function () {\r\n        return Step.STEPNAMES[this.axis] +\r\n            \"::\" +\r\n            this.nodeTest.toString() +\r\n            PathExpr.predicatesString(this.predicates);\r\n    };\r\n\r\n\r\n    Step.ANCESTOR = 0;\r\n    Step.ANCESTORORSELF = 1;\r\n    Step.ATTRIBUTE = 2;\r\n    Step.CHILD = 3;\r\n    Step.DESCENDANT = 4;\r\n    Step.DESCENDANTORSELF = 5;\r\n    Step.FOLLOWING = 6;\r\n    Step.FOLLOWINGSIBLING = 7;\r\n    Step.NAMESPACE = 8;\r\n    Step.PARENT = 9;\r\n    Step.PRECEDING = 10;\r\n    Step.PRECEDINGSIBLING = 11;\r\n    Step.SELF = 12;\r\n\r\n    Step.STEPNAMES = reduce(function (acc, x) { return acc[x[0]] = x[1], acc; }, {}, [\r\n        [Step.ANCESTOR, 'ancestor'],\r\n        [Step.ANCESTORORSELF, 'ancestor-or-self'],\r\n        [Step.ATTRIBUTE, 'attribute'],\r\n        [Step.CHILD, 'child'],\r\n        [Step.DESCENDANT, 'descendant'],\r\n        [Step.DESCENDANTORSELF, 'descendant-or-self'],\r\n        [Step.FOLLOWING, 'following'],\r\n        [Step.FOLLOWINGSIBLING, 'following-sibling'],\r\n        [Step.NAMESPACE, 'namespace'],\r\n        [Step.PARENT, 'parent'],\r\n        [Step.PRECEDING, 'preceding'],\r\n        [Step.PRECEDINGSIBLING, 'preceding-sibling'],\r\n        [Step.SELF, 'self']\r\n    ]);\r\n\r\n    var REVERSE_AXES = [\r\n        Step.ANCESTOR,\r\n        Step.ANCESTORORSELF,\r\n        Step.PARENT,\r\n        Step.PRECEDING,\r\n        Step.PRECEDINGSIBLING\r\n    ];\r\n\r\n    // NodeTest //////////////////////////////////////////////////////////////////\r\n\r\n    NodeTest.prototype = new Object();\r\n    NodeTest.prototype.constructor = NodeTest;\r\n    NodeTest.superclass = Object.prototype;\r\n\r\n    function NodeTest(type, value) {\r\n        if (arguments.length > 0) {\r\n            this.init(type, value);\r\n        }\r\n    }\r\n\r\n    NodeTest.prototype.init = function (type, value) {\r\n        this.type = type;\r\n        this.value = value;\r\n    };\r\n\r\n    NodeTest.prototype.toString = function () {\r\n        return \"<unknown nodetest type>\";\r\n    };\r\n\r\n    NodeTest.prototype.matches = function (n, xpc) {\r\n        console.warn('unknown node test type');\r\n    };\r\n\r\n    NodeTest.NAMETESTANY = 0;\r\n    NodeTest.NAMETESTPREFIXANY = 1;\r\n    NodeTest.NAMETESTQNAME = 2;\r\n    NodeTest.COMMENT = 3;\r\n    NodeTest.TEXT = 4;\r\n    NodeTest.PI = 5;\r\n    NodeTest.NODE = 6;\r\n\r\n    NodeTest.isNodeType = function (types) {\r\n        return function (node) {\r\n            return includes(types, node.nodeType);\r\n        };\r\n    };\r\n\r\n    NodeTest.makeNodeTestType = function (type, members, ctor) {\r\n        var newType = ctor || function () { };\r\n\r\n        newType.prototype = new NodeTest(type);\r\n        newType.prototype.constructor = newType;\r\n\r\n        assign(newType.prototype, members);\r\n\r\n        return newType;\r\n    };\r\n    // create invariant node test for certain node types\r\n    NodeTest.makeNodeTypeTest = function (type, nodeTypes, stringVal) {\r\n        return new (NodeTest.makeNodeTestType(type, {\r\n            matches: NodeTest.isNodeType(nodeTypes),\r\n            toString: always(stringVal)\r\n        }))();\r\n    };\r\n\r\n    NodeTest.hasPrefix = function (node) {\r\n        return node.prefix || (node.nodeName || node.tagName).indexOf(':') !== -1;\r\n    };\r\n\r\n    NodeTest.isElementOrAttribute = NodeTest.isNodeType([1, 2]);\r\n    NodeTest.nameSpaceMatches = function (prefix, xpc, n) {\r\n        var nNamespace = (n.namespaceURI || '');\r\n\r\n        if (!prefix) {\r\n            return !nNamespace || (xpc.allowAnyNamespaceForNoPrefix && !NodeTest.hasPrefix(n));\r\n        }\r\n\r\n        var ns = xpc.namespaceResolver.getNamespace(prefix, xpc.expressionContextNode);\r\n\r\n        if (ns == null) {\r\n            throw new Error(\"Cannot resolve QName \" + prefix);\r\n        }\r\n\r\n        return ns === nNamespace;\r\n    };\r\n    NodeTest.localNameMatches = function (localName, xpc, n) {\r\n        var nLocalName = (n.localName || n.nodeName);\r\n\r\n        return xpc.caseInsensitive\r\n            ? localName.toLowerCase() === nLocalName.toLowerCase()\r\n            : localName === nLocalName;\r\n    };\r\n\r\n    NodeTest.NameTestPrefixAny = NodeTest.makeNodeTestType(\r\n        NodeTest.NAMETESTPREFIXANY,\r\n        {\r\n            matches: function (n, xpc) {\r\n                return NodeTest.isElementOrAttribute(n) &&\r\n                    NodeTest.nameSpaceMatches(this.prefix, xpc, n);\r\n            },\r\n            toString: function () {\r\n                return this.prefix + \":*\";\r\n            }\r\n        },\r\n        function NameTestPrefixAny(prefix) { this.prefix = prefix; }\r\n    );\r\n\r\n    NodeTest.NameTestQName = NodeTest.makeNodeTestType(\r\n        NodeTest.NAMETESTQNAME,\r\n        {\r\n            matches: function (n, xpc) {\r\n                return NodeTest.isNodeType(\r\n                    [\r\n                        NodeTypes.ELEMENT_NODE,\r\n                        NodeTypes.ATTRIBUTE_NODE,\r\n                        NodeTypes.NAMESPACE_NODE,\r\n                    ]\r\n                )(n) &&\r\n                    NodeTest.nameSpaceMatches(this.prefix, xpc, n) &&\r\n                    NodeTest.localNameMatches(this.localName, xpc, n);\r\n            },\r\n            toString: function () {\r\n                return this.name;\r\n            }\r\n        },\r\n        function NameTestQName(name) {\r\n            var nameParts = name.split(':');\r\n\r\n            this.name = name;\r\n            this.prefix = nameParts.length > 1 ? nameParts[0] : null;\r\n            this.localName = nameParts[nameParts.length > 1 ? 1 : 0];\r\n        }\r\n    );\r\n\r\n    NodeTest.PITest = NodeTest.makeNodeTestType(NodeTest.PI, {\r\n        matches: function (n, xpc) {\r\n            return NodeTest.isNodeType(\r\n                [NodeTypes.PROCESSING_INSTRUCTION_NODE]\r\n            )(n) &&\r\n                (n.target || n.nodeName) === this.name;\r\n        },\r\n        toString: function () {\r\n            return wrap('processing-instruction(\"', '\")', this.name);\r\n        }\r\n    }, function (name) { this.name = name; })\r\n\r\n    // singletons\r\n\r\n    // elements, attributes, namespaces\r\n    NodeTest.nameTestAny = NodeTest.makeNodeTypeTest(\r\n        NodeTest.NAMETESTANY,\r\n        [\r\n            NodeTypes.ELEMENT_NODE,\r\n            NodeTypes.ATTRIBUTE_NODE,\r\n            NodeTypes.NAMESPACE_NODE,\r\n        ],\r\n        '*'\r\n    );\r\n    // text, cdata\r\n    NodeTest.textTest = NodeTest.makeNodeTypeTest(\r\n        NodeTest.TEXT,\r\n        [\r\n            NodeTypes.TEXT_NODE,\r\n            NodeTypes.CDATA_SECTION_NODE,\r\n        ],\r\n        'text()'\r\n    );\r\n    NodeTest.commentTest = NodeTest.makeNodeTypeTest(\r\n        NodeTest.COMMENT,\r\n        [NodeTypes.COMMENT_NODE],\r\n        'comment()'\r\n    );\r\n    // elements, attributes, text, cdata, PIs, comments, document nodes\r\n    NodeTest.nodeTest = NodeTest.makeNodeTypeTest(\r\n        NodeTest.NODE,\r\n        [\r\n            NodeTypes.ELEMENT_NODE,\r\n            NodeTypes.ATTRIBUTE_NODE,\r\n            NodeTypes.TEXT_NODE,\r\n            NodeTypes.CDATA_SECTION_NODE,\r\n            NodeTypes.PROCESSING_INSTRUCTION_NODE,\r\n            NodeTypes.COMMENT_NODE,\r\n            NodeTypes.DOCUMENT_NODE,\r\n        ],\r\n        'node()'\r\n    );\r\n    NodeTest.anyPiTest = NodeTest.makeNodeTypeTest(\r\n        NodeTest.PI,\r\n        [NodeTypes.PROCESSING_INSTRUCTION_NODE],\r\n        'processing-instruction()'\r\n    );\r\n\r\n    // VariableReference /////////////////////////////////////////////////////////\r\n\r\n    VariableReference.prototype = new Expression();\r\n    VariableReference.prototype.constructor = VariableReference;\r\n    VariableReference.superclass = Expression.prototype;\r\n\r\n    function VariableReference(v) {\r\n        if (arguments.length > 0) {\r\n            this.init(v);\r\n        }\r\n    }\r\n\r\n    VariableReference.prototype.init = function (v) {\r\n        this.variable = v;\r\n    };\r\n\r\n    VariableReference.prototype.toString = function () {\r\n        return \"$\" + this.variable;\r\n    };\r\n\r\n    VariableReference.prototype.evaluate = function (c) {\r\n        var parts = Utilities.resolveQName(this.variable, c.namespaceResolver, c.contextNode, false);\r\n\r\n        if (parts[0] == null) {\r\n            throw new Error(\"Cannot resolve QName \" + fn);\r\n        }\r\n        var result = c.variableResolver.getVariable(parts[1], parts[0]);\r\n        if (!result) {\r\n            throw XPathException.fromMessage(\"Undeclared variable: \" + this.toString());\r\n        }\r\n        return result;\r\n    };\r\n\r\n    // FunctionCall //////////////////////////////////////////////////////////////\r\n\r\n    FunctionCall.prototype = new Expression();\r\n    FunctionCall.prototype.constructor = FunctionCall;\r\n    FunctionCall.superclass = Expression.prototype;\r\n\r\n    function FunctionCall(fn, args) {\r\n        if (arguments.length > 0) {\r\n            this.init(fn, args);\r\n        }\r\n    }\r\n\r\n    FunctionCall.prototype.init = function (fn, args) {\r\n        this.functionName = fn;\r\n        this.arguments = args;\r\n    };\r\n\r\n    FunctionCall.prototype.toString = function () {\r\n        var s = this.functionName + \"(\";\r\n        for (var i = 0; i < this.arguments.length; i++) {\r\n            if (i > 0) {\r\n                s += \", \";\r\n            }\r\n            s += this.arguments[i].toString();\r\n        }\r\n        return s + \")\";\r\n    };\r\n\r\n    FunctionCall.prototype.evaluate = function (c) {\r\n        var f = FunctionResolver.getFunctionFromContext(this.functionName, c);\r\n\r\n        if (!f) {\r\n            throw new Error(\"Unknown function \" + this.functionName);\r\n        }\r\n\r\n        var a = [c].concat(this.arguments);\r\n        return f.apply(c.functionResolver.thisArg, a);\r\n    };\r\n\r\n    // Operators /////////////////////////////////////////////////////////////////\r\n\r\n    var Operators = new Object();\r\n\r\n    Operators.equals = function (l, r) {\r\n        return l.equals(r);\r\n    };\r\n\r\n    Operators.notequal = function (l, r) {\r\n        return l.notequal(r);\r\n    };\r\n\r\n    Operators.lessthan = function (l, r) {\r\n        return l.lessthan(r);\r\n    };\r\n\r\n    Operators.greaterthan = function (l, r) {\r\n        return l.greaterthan(r);\r\n    };\r\n\r\n    Operators.lessthanorequal = function (l, r) {\r\n        return l.lessthanorequal(r);\r\n    };\r\n\r\n    Operators.greaterthanorequal = function (l, r) {\r\n        return l.greaterthanorequal(r);\r\n    };\r\n\r\n    // XString ///////////////////////////////////////////////////////////////////\r\n\r\n    XString.prototype = new Expression();\r\n    XString.prototype.constructor = XString;\r\n    XString.superclass = Expression.prototype;\r\n\r\n    function XString(s) {\r\n        if (arguments.length > 0) {\r\n            this.init(s);\r\n        }\r\n    }\r\n\r\n    XString.prototype.init = function (s) {\r\n        this.str = String(s);\r\n    };\r\n\r\n    XString.prototype.toString = function () {\r\n        return this.str;\r\n    };\r\n\r\n    XString.prototype.evaluate = function (c) {\r\n        return this;\r\n    };\r\n\r\n    XString.prototype.string = function () {\r\n        return this;\r\n    };\r\n\r\n    XString.prototype.number = function () {\r\n        return new XNumber(this.str);\r\n    };\r\n\r\n    XString.prototype.bool = function () {\r\n        return new XBoolean(this.str);\r\n    };\r\n\r\n    XString.prototype.nodeset = function () {\r\n        throw new Error(\"Cannot convert string to nodeset\");\r\n    };\r\n\r\n    XString.prototype.stringValue = function () {\r\n        return this.str;\r\n    };\r\n\r\n    XString.prototype.numberValue = function () {\r\n        return this.number().numberValue();\r\n    };\r\n\r\n    XString.prototype.booleanValue = function () {\r\n        return this.bool().booleanValue();\r\n    };\r\n\r\n    XString.prototype.equals = function (r) {\r\n        if (Utilities.instance_of(r, XBoolean)) {\r\n            return this.bool().equals(r);\r\n        }\r\n        if (Utilities.instance_of(r, XNumber)) {\r\n            return this.number().equals(r);\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithString(this, Operators.equals);\r\n        }\r\n        return new XBoolean(this.str == r.str);\r\n    };\r\n\r\n    XString.prototype.notequal = function (r) {\r\n        if (Utilities.instance_of(r, XBoolean)) {\r\n            return this.bool().notequal(r);\r\n        }\r\n        if (Utilities.instance_of(r, XNumber)) {\r\n            return this.number().notequal(r);\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithString(this, Operators.notequal);\r\n        }\r\n        return new XBoolean(this.str != r.str);\r\n    };\r\n\r\n    XString.prototype.lessthan = function (r) {\r\n        return this.number().lessthan(r);\r\n    };\r\n\r\n    XString.prototype.greaterthan = function (r) {\r\n        return this.number().greaterthan(r);\r\n    };\r\n\r\n    XString.prototype.lessthanorequal = function (r) {\r\n        return this.number().lessthanorequal(r);\r\n    };\r\n\r\n    XString.prototype.greaterthanorequal = function (r) {\r\n        return this.number().greaterthanorequal(r);\r\n    };\r\n\r\n    // XNumber ///////////////////////////////////////////////////////////////////\r\n\r\n    XNumber.prototype = new Expression();\r\n    XNumber.prototype.constructor = XNumber;\r\n    XNumber.superclass = Expression.prototype;\r\n\r\n    function XNumber(n) {\r\n        if (arguments.length > 0) {\r\n            this.init(n);\r\n        }\r\n    }\r\n\r\n    XNumber.prototype.init = function (n) {\r\n        this.num = typeof n === \"string\" ? this.parse(n) : Number(n);\r\n    };\r\n\r\n    XNumber.prototype.numberFormat = /^\\s*-?[0-9]*\\.?[0-9]+\\s*$/;\r\n\r\n    XNumber.prototype.parse = function (s) {\r\n        // XPath representation of numbers is more restrictive than what Number() or parseFloat() allow\r\n        return this.numberFormat.test(s) ? parseFloat(s) : Number.NaN;\r\n    };\r\n\r\n    function padSmallNumber(numberStr) {\r\n        var parts = numberStr.split('e-');\r\n        var base = parts[0].replace('.', '');\r\n        var exponent = Number(parts[1]);\r\n\r\n        for (var i = 0; i < exponent - 1; i += 1) {\r\n            base = '0' + base;\r\n        }\r\n\r\n        return '0.' + base;\r\n    }\r\n\r\n    function padLargeNumber(numberStr) {\r\n        var parts = numberStr.split('e');\r\n        var base = parts[0].replace('.', '');\r\n        var exponent = Number(parts[1]);\r\n        var zerosToAppend = exponent + 1 - base.length;\r\n\r\n        for (var i = 0; i < zerosToAppend; i += 1) {\r\n            base += '0';\r\n        }\r\n\r\n        return base;\r\n    }\r\n\r\n    XNumber.prototype.toString = function () {\r\n        var strValue = this.num.toString();\r\n\r\n        if (strValue.indexOf('e-') !== -1) {\r\n            return padSmallNumber(strValue);\r\n        }\r\n\r\n        if (strValue.indexOf('e') !== -1) {\r\n            return padLargeNumber(strValue);\r\n        }\r\n\r\n        return strValue;\r\n    };\r\n\r\n    XNumber.prototype.evaluate = function (c) {\r\n        return this;\r\n    };\r\n\r\n    XNumber.prototype.string = function () {\r\n\r\n\r\n        return new XString(this.toString());\r\n    };\r\n\r\n    XNumber.prototype.number = function () {\r\n        return this;\r\n    };\r\n\r\n    XNumber.prototype.bool = function () {\r\n        return new XBoolean(this.num);\r\n    };\r\n\r\n    XNumber.prototype.nodeset = function () {\r\n        throw new Error(\"Cannot convert number to nodeset\");\r\n    };\r\n\r\n    XNumber.prototype.stringValue = function () {\r\n        return this.string().stringValue();\r\n    };\r\n\r\n    XNumber.prototype.numberValue = function () {\r\n        return this.num;\r\n    };\r\n\r\n    XNumber.prototype.booleanValue = function () {\r\n        return this.bool().booleanValue();\r\n    };\r\n\r\n    XNumber.prototype.negate = function () {\r\n        return new XNumber(-this.num);\r\n    };\r\n\r\n    XNumber.prototype.equals = function (r) {\r\n        if (Utilities.instance_of(r, XBoolean)) {\r\n            return this.bool().equals(r);\r\n        }\r\n        if (Utilities.instance_of(r, XString)) {\r\n            return this.equals(r.number());\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.equals);\r\n        }\r\n        return new XBoolean(this.num == r.num);\r\n    };\r\n\r\n    XNumber.prototype.notequal = function (r) {\r\n        if (Utilities.instance_of(r, XBoolean)) {\r\n            return this.bool().notequal(r);\r\n        }\r\n        if (Utilities.instance_of(r, XString)) {\r\n            return this.notequal(r.number());\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.notequal);\r\n        }\r\n        return new XBoolean(this.num != r.num);\r\n    };\r\n\r\n    XNumber.prototype.lessthan = function (r) {\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.greaterthan);\r\n        }\r\n        if (Utilities.instance_of(r, XBoolean) || Utilities.instance_of(r, XString)) {\r\n            return this.lessthan(r.number());\r\n        }\r\n        return new XBoolean(this.num < r.num);\r\n    };\r\n\r\n    XNumber.prototype.greaterthan = function (r) {\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.lessthan);\r\n        }\r\n        if (Utilities.instance_of(r, XBoolean) || Utilities.instance_of(r, XString)) {\r\n            return this.greaterthan(r.number());\r\n        }\r\n        return new XBoolean(this.num > r.num);\r\n    };\r\n\r\n    XNumber.prototype.lessthanorequal = function (r) {\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.greaterthanorequal);\r\n        }\r\n        if (Utilities.instance_of(r, XBoolean) || Utilities.instance_of(r, XString)) {\r\n            return this.lessthanorequal(r.number());\r\n        }\r\n        return new XBoolean(this.num <= r.num);\r\n    };\r\n\r\n    XNumber.prototype.greaterthanorequal = function (r) {\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.lessthanorequal);\r\n        }\r\n        if (Utilities.instance_of(r, XBoolean) || Utilities.instance_of(r, XString)) {\r\n            return this.greaterthanorequal(r.number());\r\n        }\r\n        return new XBoolean(this.num >= r.num);\r\n    };\r\n\r\n    XNumber.prototype.plus = function (r) {\r\n        return new XNumber(this.num + r.num);\r\n    };\r\n\r\n    XNumber.prototype.minus = function (r) {\r\n        return new XNumber(this.num - r.num);\r\n    };\r\n\r\n    XNumber.prototype.multiply = function (r) {\r\n        return new XNumber(this.num * r.num);\r\n    };\r\n\r\n    XNumber.prototype.div = function (r) {\r\n        return new XNumber(this.num / r.num);\r\n    };\r\n\r\n    XNumber.prototype.mod = function (r) {\r\n        return new XNumber(this.num % r.num);\r\n    };\r\n\r\n    // XBoolean //////////////////////////////////////////////////////////////////\r\n\r\n    XBoolean.prototype = new Expression();\r\n    XBoolean.prototype.constructor = XBoolean;\r\n    XBoolean.superclass = Expression.prototype;\r\n\r\n    function XBoolean(b) {\r\n        if (arguments.length > 0) {\r\n            this.init(b);\r\n        }\r\n    }\r\n\r\n    XBoolean.prototype.init = function (b) {\r\n        this.b = Boolean(b);\r\n    };\r\n\r\n    XBoolean.prototype.toString = function () {\r\n        return this.b.toString();\r\n    };\r\n\r\n    XBoolean.prototype.evaluate = function (c) {\r\n        return this;\r\n    };\r\n\r\n    XBoolean.prototype.string = function () {\r\n        return new XString(this.b);\r\n    };\r\n\r\n    XBoolean.prototype.number = function () {\r\n        return new XNumber(this.b);\r\n    };\r\n\r\n    XBoolean.prototype.bool = function () {\r\n        return this;\r\n    };\r\n\r\n    XBoolean.prototype.nodeset = function () {\r\n        throw new Error(\"Cannot convert boolean to nodeset\");\r\n    };\r\n\r\n    XBoolean.prototype.stringValue = function () {\r\n        return this.string().stringValue();\r\n    };\r\n\r\n    XBoolean.prototype.numberValue = function () {\r\n        return this.number().numberValue();\r\n    };\r\n\r\n    XBoolean.prototype.booleanValue = function () {\r\n        return this.b;\r\n    };\r\n\r\n    XBoolean.prototype.not = function () {\r\n        return new XBoolean(!this.b);\r\n    };\r\n\r\n    XBoolean.prototype.equals = function (r) {\r\n        if (Utilities.instance_of(r, XString) || Utilities.instance_of(r, XNumber)) {\r\n            return this.equals(r.bool());\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithBoolean(this, Operators.equals);\r\n        }\r\n        return new XBoolean(this.b == r.b);\r\n    };\r\n\r\n    XBoolean.prototype.notequal = function (r) {\r\n        if (Utilities.instance_of(r, XString) || Utilities.instance_of(r, XNumber)) {\r\n            return this.notequal(r.bool());\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithBoolean(this, Operators.notequal);\r\n        }\r\n        return new XBoolean(this.b != r.b);\r\n    };\r\n\r\n    XBoolean.prototype.lessthan = function (r) {\r\n        return this.number().lessthan(r);\r\n    };\r\n\r\n    XBoolean.prototype.greaterthan = function (r) {\r\n        return this.number().greaterthan(r);\r\n    };\r\n\r\n    XBoolean.prototype.lessthanorequal = function (r) {\r\n        return this.number().lessthanorequal(r);\r\n    };\r\n\r\n    XBoolean.prototype.greaterthanorequal = function (r) {\r\n        return this.number().greaterthanorequal(r);\r\n    };\r\n\r\n    XBoolean.true_ = new XBoolean(true);\r\n    XBoolean.false_ = new XBoolean(false);\r\n\r\n    // AVLTree ///////////////////////////////////////////////////////////////////\r\n\r\n    AVLTree.prototype = new Object();\r\n    AVLTree.prototype.constructor = AVLTree;\r\n    AVLTree.superclass = Object.prototype;\r\n\r\n    function AVLTree(n) {\r\n        this.init(n);\r\n    }\r\n\r\n    AVLTree.prototype.init = function (n) {\r\n        this.left = null;\r\n        this.right = null;\r\n        this.node = n;\r\n        this.depth = 1;\r\n    };\r\n\r\n    AVLTree.prototype.balance = function () {\r\n        var ldepth = this.left == null ? 0 : this.left.depth;\r\n        var rdepth = this.right == null ? 0 : this.right.depth;\r\n\r\n        if (ldepth > rdepth + 1) {\r\n            // LR or LL rotation\r\n            var lldepth = this.left.left == null ? 0 : this.left.left.depth;\r\n            var lrdepth = this.left.right == null ? 0 : this.left.right.depth;\r\n\r\n            if (lldepth < lrdepth) {\r\n                // LR rotation consists of a RR rotation of the left child\r\n                this.left.rotateRR();\r\n                // plus a LL rotation of this node, which happens anyway\r\n            }\r\n            this.rotateLL();\r\n        } else if (ldepth + 1 < rdepth) {\r\n            // RR or RL rorarion\r\n            var rrdepth = this.right.right == null ? 0 : this.right.right.depth;\r\n            var rldepth = this.right.left == null ? 0 : this.right.left.depth;\r\n\r\n            if (rldepth > rrdepth) {\r\n                // RR rotation consists of a LL rotation of the right child\r\n                this.right.rotateLL();\r\n                // plus a RR rotation of this node, which happens anyway\r\n            }\r\n            this.rotateRR();\r\n        }\r\n    };\r\n\r\n    AVLTree.prototype.rotateLL = function () {\r\n        // the left side is too long => rotate from the left (_not_ leftwards)\r\n        var nodeBefore = this.node;\r\n        var rightBefore = this.right;\r\n        this.node = this.left.node;\r\n        this.right = this.left;\r\n        this.left = this.left.left;\r\n        this.right.left = this.right.right;\r\n        this.right.right = rightBefore;\r\n        this.right.node = nodeBefore;\r\n        this.right.updateInNewLocation();\r\n        this.updateInNewLocation();\r\n    };\r\n\r\n    AVLTree.prototype.rotateRR = function () {\r\n        // the right side is too long => rotate from the right (_not_ rightwards)\r\n        var nodeBefore = this.node;\r\n        var leftBefore = this.left;\r\n        this.node = this.right.node;\r\n        this.left = this.right;\r\n        this.right = this.right.right;\r\n        this.left.right = this.left.left;\r\n        this.left.left = leftBefore;\r\n        this.left.node = nodeBefore;\r\n        this.left.updateInNewLocation();\r\n        this.updateInNewLocation();\r\n    };\r\n\r\n    AVLTree.prototype.updateInNewLocation = function () {\r\n        this.getDepthFromChildren();\r\n    };\r\n\r\n    AVLTree.prototype.getDepthFromChildren = function () {\r\n        this.depth = this.node == null ? 0 : 1;\r\n        if (this.left != null) {\r\n            this.depth = this.left.depth + 1;\r\n        }\r\n        if (this.right != null && this.depth <= this.right.depth) {\r\n            this.depth = this.right.depth + 1;\r\n        }\r\n    };\r\n\r\n    function nodeOrder(n1, n2) {\r\n        if (n1 === n2) {\r\n            return 0;\r\n        }\r\n\r\n        if (n1.compareDocumentPosition) {\r\n            var cpos = n1.compareDocumentPosition(n2);\r\n\r\n            if (cpos & 0x01) {\r\n                // not in the same document; return an arbitrary result (is there a better way to do this)\r\n                return 1;\r\n            }\r\n            if (cpos & 0x0A) {\r\n                // n2 precedes or contains n1\r\n                return 1;\r\n            }\r\n            if (cpos & 0x14) {\r\n                // n2 follows or is contained by n1\r\n                return -1;\r\n            }\r\n\r\n            return 0;\r\n        }\r\n\r\n        var d1 = 0,\r\n            d2 = 0;\r\n        for (var m1 = n1; m1 != null; m1 = m1.parentNode || m1.ownerElement) {\r\n            d1++;\r\n        }\r\n        for (var m2 = n2; m2 != null; m2 = m2.parentNode || m2.ownerElement) {\r\n            d2++;\r\n        }\r\n\r\n        // step up to same depth\r\n        if (d1 > d2) {\r\n            while (d1 > d2) {\r\n                n1 = n1.parentNode || n1.ownerElement;\r\n                d1--;\r\n            }\r\n            if (n1 === n2) {\r\n                return 1;\r\n            }\r\n        } else if (d2 > d1) {\r\n            while (d2 > d1) {\r\n                n2 = n2.parentNode || n2.ownerElement;\r\n                d2--;\r\n            }\r\n            if (n1 === n2) {\r\n                return -1;\r\n            }\r\n        }\r\n\r\n        var n1Par = n1.parentNode || n1.ownerElement,\r\n            n2Par = n2.parentNode || n2.ownerElement;\r\n\r\n        // find common parent\r\n        while (n1Par !== n2Par) {\r\n            n1 = n1Par;\r\n            n2 = n2Par;\r\n            n1Par = n1.parentNode || n1.ownerElement;\r\n            n2Par = n2.parentNode || n2.ownerElement;\r\n        }\r\n\r\n        var n1isAttr = isAttributeLike(n1);\r\n        var n2isAttr = isAttributeLike(n2);\r\n\r\n        if (n1isAttr && !n2isAttr) {\r\n            return -1;\r\n        }\r\n        if (!n1isAttr && n2isAttr) {\r\n            return 1;\r\n        }\r\n\r\n        // xml namespace node comes before others. namespace nodes before non-namespace nodes\r\n        if (n1.isXPathNamespace) {\r\n            if (n1.nodeValue === XPath.XML_NAMESPACE_URI) {\r\n                return -1;\r\n            }\r\n\r\n            if (!n2.isXPathNamespace) {\r\n                return -1;\r\n            }\r\n\r\n            if (n2.nodeValue === XPath.XML_NAMESPACE_URI) {\r\n                return 1;\r\n            }\r\n        } else if (n2.isXPathNamespace) {\r\n            return 1;\r\n        }\r\n\r\n        if (n1Par) {\r\n            var cn = n1isAttr ? n1Par.attributes : n1Par.childNodes;\r\n            var len = cn.length;\r\n            var n1Compare = n1.baseNode || n1;\r\n            var n2Compare = n2.baseNode || n2;\r\n\r\n            for (var i = 0; i < len; i += 1) {\r\n                var n = cn[i];\r\n                if (n === n1Compare) {\r\n                    return -1;\r\n                }\r\n                if (n === n2Compare) {\r\n                    return 1;\r\n                }\r\n            }\r\n        }\r\n\r\n        throw new Error('Unexpected: could not determine node order');\r\n    }\r\n\r\n    AVLTree.prototype.add = function (n) {\r\n        if (n === this.node) {\r\n            return false;\r\n        }\r\n\r\n        var o = nodeOrder(n, this.node);\r\n\r\n        var ret = false;\r\n        if (o == -1) {\r\n            if (this.left == null) {\r\n                this.left = new AVLTree(n);\r\n                ret = true;\r\n            } else {\r\n                ret = this.left.add(n);\r\n                if (ret) {\r\n                    this.balance();\r\n                }\r\n            }\r\n        } else if (o == 1) {\r\n            if (this.right == null) {\r\n                this.right = new AVLTree(n);\r\n                ret = true;\r\n            } else {\r\n                ret = this.right.add(n);\r\n                if (ret) {\r\n                    this.balance();\r\n                }\r\n            }\r\n        }\r\n\r\n        if (ret) {\r\n            this.getDepthFromChildren();\r\n        }\r\n        return ret;\r\n    };\r\n\r\n    // XNodeSet //////////////////////////////////////////////////////////////////\r\n\r\n    XNodeSet.prototype = new Expression();\r\n    XNodeSet.prototype.constructor = XNodeSet;\r\n    XNodeSet.superclass = Expression.prototype;\r\n\r\n    function XNodeSet() {\r\n        this.init();\r\n    }\r\n\r\n    XNodeSet.prototype.init = function () {\r\n        this.tree = null;\r\n        this.nodes = [];\r\n        this.size = 0;\r\n    };\r\n\r\n    XNodeSet.prototype.toString = function () {\r\n        var p = this.first();\r\n        if (p == null) {\r\n            return \"\";\r\n        }\r\n        return this.stringForNode(p);\r\n    };\r\n\r\n    XNodeSet.prototype.evaluate = function (c) {\r\n        return this;\r\n    };\r\n\r\n    XNodeSet.prototype.string = function () {\r\n        return new XString(this.toString());\r\n    };\r\n\r\n    XNodeSet.prototype.stringValue = function () {\r\n        return this.toString();\r\n    };\r\n\r\n    XNodeSet.prototype.number = function () {\r\n        return new XNumber(this.string());\r\n    };\r\n\r\n    XNodeSet.prototype.numberValue = function () {\r\n        return Number(this.string());\r\n    };\r\n\r\n    XNodeSet.prototype.bool = function () {\r\n        return new XBoolean(this.booleanValue());\r\n    };\r\n\r\n    XNodeSet.prototype.booleanValue = function () {\r\n        return !!this.size;\r\n    };\r\n\r\n    XNodeSet.prototype.nodeset = function () {\r\n        return this;\r\n    };\r\n\r\n    XNodeSet.prototype.stringForNode = function (n) {\r\n        if (n.nodeType == NodeTypes.DOCUMENT_NODE ||\r\n            n.nodeType == NodeTypes.ELEMENT_NODE ||\r\n            n.nodeType === NodeTypes.DOCUMENT_FRAGMENT_NODE) {\r\n            return this.stringForContainerNode(n);\r\n        }\r\n        if (n.nodeType === NodeTypes.ATTRIBUTE_NODE) {\r\n            return n.value || n.nodeValue;\r\n        }\r\n        if (n.isNamespaceNode) {\r\n            return n.namespace;\r\n        }\r\n        return n.nodeValue;\r\n    };\r\n\r\n    XNodeSet.prototype.stringForContainerNode = function (n) {\r\n        var s = \"\";\r\n        for (var n2 = n.firstChild; n2 != null; n2 = n2.nextSibling) {\r\n            var nt = n2.nodeType;\r\n            //  Element,    Text,       CDATA,      Document,   Document Fragment\r\n            if (nt === 1 || nt === 3 || nt === 4 || nt === 9 || nt === 11) {\r\n                s += this.stringForNode(n2);\r\n            }\r\n        }\r\n        return s;\r\n    };\r\n\r\n    XNodeSet.prototype.buildTree = function () {\r\n        if (!this.tree && this.nodes.length) {\r\n            this.tree = new AVLTree(this.nodes[0]);\r\n            for (var i = 1; i < this.nodes.length; i += 1) {\r\n                this.tree.add(this.nodes[i]);\r\n            }\r\n        }\r\n\r\n        return this.tree;\r\n    };\r\n\r\n    XNodeSet.prototype.first = function () {\r\n        var p = this.buildTree();\r\n        if (p == null) {\r\n            return null;\r\n        }\r\n        while (p.left != null) {\r\n            p = p.left;\r\n        }\r\n        return p.node;\r\n    };\r\n\r\n    XNodeSet.prototype.add = function (n) {\r\n        for (var i = 0; i < this.nodes.length; i += 1) {\r\n            if (n === this.nodes[i]) {\r\n                return;\r\n            }\r\n        }\r\n\r\n        this.tree = null;\r\n        this.nodes.push(n);\r\n        this.size += 1;\r\n    };\r\n\r\n    XNodeSet.prototype.addArray = function (ns) {\r\n        var self = this;\r\n\r\n        forEach(function (x) { self.add(x); }, ns);\r\n    };\r\n\r\n    /**\r\n     * Returns an array of the node set's contents in document order\r\n     */\r\n    XNodeSet.prototype.toArray = function () {\r\n        var a = [];\r\n        this.toArrayRec(this.buildTree(), a);\r\n        return a;\r\n    };\r\n\r\n    XNodeSet.prototype.toArrayRec = function (t, a) {\r\n        if (t != null) {\r\n            this.toArrayRec(t.left, a);\r\n            a.push(t.node);\r\n            this.toArrayRec(t.right, a);\r\n        }\r\n    };\r\n\r\n    /**\r\n     * Returns an array of the node set's contents in arbitrary order\r\n     */\r\n    XNodeSet.prototype.toUnsortedArray = function () {\r\n        return this.nodes.slice();\r\n    };\r\n\r\n    XNodeSet.prototype.compareWithString = function (r, o) {\r\n        var a = this.toUnsortedArray();\r\n        for (var i = 0; i < a.length; i++) {\r\n            var n = a[i];\r\n            var l = new XString(this.stringForNode(n));\r\n            var res = o(l, r);\r\n            if (res.booleanValue()) {\r\n                return res;\r\n            }\r\n        }\r\n        return new XBoolean(false);\r\n    };\r\n\r\n    XNodeSet.prototype.compareWithNumber = function (r, o) {\r\n        var a = this.toUnsortedArray();\r\n        for (var i = 0; i < a.length; i++) {\r\n            var n = a[i];\r\n            var l = new XNumber(this.stringForNode(n));\r\n            var res = o(l, r);\r\n            if (res.booleanValue()) {\r\n                return res;\r\n            }\r\n        }\r\n        return new XBoolean(false);\r\n    };\r\n\r\n    XNodeSet.prototype.compareWithBoolean = function (r, o) {\r\n        return o(this.bool(), r);\r\n    };\r\n\r\n    XNodeSet.prototype.compareWithNodeSet = function (r, o) {\r\n        var arr = this.toUnsortedArray();\r\n        var oInvert = function (lop, rop) { return o(rop, lop); };\r\n\r\n        for (var i = 0; i < arr.length; i++) {\r\n            var l = new XString(this.stringForNode(arr[i]));\r\n\r\n            var res = r.compareWithString(l, oInvert);\r\n            if (res.booleanValue()) {\r\n                return res;\r\n            }\r\n        }\r\n\r\n        return new XBoolean(false);\r\n    };\r\n\r\n    XNodeSet.compareWith = curry(function (o, r) {\r\n        if (Utilities.instance_of(r, XString)) {\r\n            return this.compareWithString(r, o);\r\n        }\r\n        if (Utilities.instance_of(r, XNumber)) {\r\n            return this.compareWithNumber(r, o);\r\n        }\r\n        if (Utilities.instance_of(r, XBoolean)) {\r\n            return this.compareWithBoolean(r, o);\r\n        }\r\n        return this.compareWithNodeSet(r, o);\r\n    });\r\n\r\n    XNodeSet.prototype.equals = XNodeSet.compareWith(Operators.equals);\r\n    XNodeSet.prototype.notequal = XNodeSet.compareWith(Operators.notequal);\r\n    XNodeSet.prototype.lessthan = XNodeSet.compareWith(Operators.lessthan);\r\n    XNodeSet.prototype.greaterthan = XNodeSet.compareWith(Operators.greaterthan);\r\n    XNodeSet.prototype.lessthanorequal = XNodeSet.compareWith(Operators.lessthanorequal);\r\n    XNodeSet.prototype.greaterthanorequal = XNodeSet.compareWith(Operators.greaterthanorequal);\r\n\r\n    XNodeSet.prototype.union = function (r) {\r\n        var ns = new XNodeSet();\r\n        ns.addArray(this.toUnsortedArray());\r\n        ns.addArray(r.toUnsortedArray());\r\n        return ns;\r\n    };\r\n\r\n    // XPathNamespace ////////////////////////////////////////////////////////////\r\n\r\n    XPathNamespace.prototype = new Object();\r\n    XPathNamespace.prototype.constructor = XPathNamespace;\r\n    XPathNamespace.superclass = Object.prototype;\r\n\r\n    function XPathNamespace(pre, node, uri, p) {\r\n        this.isXPathNamespace = true;\r\n        this.baseNode = node;\r\n        this.ownerDocument = p.ownerDocument;\r\n        this.nodeName = pre;\r\n        this.prefix = pre;\r\n        this.localName = pre;\r\n        this.namespaceURI = null;\r\n        this.nodeValue = uri;\r\n        this.ownerElement = p;\r\n        this.nodeType = NodeTypes.NAMESPACE_NODE;\r\n    }\r\n\r\n    XPathNamespace.prototype.toString = function () {\r\n        return \"{ \\\"\" + this.prefix + \"\\\", \\\"\" + this.namespaceURI + \"\\\" }\";\r\n    };\r\n\r\n    // XPathContext //////////////////////////////////////////////////////////////\r\n\r\n    XPathContext.prototype = new Object();\r\n    XPathContext.prototype.constructor = XPathContext;\r\n    XPathContext.superclass = Object.prototype;\r\n\r\n    function XPathContext(vr, nr, fr) {\r\n        this.variableResolver = vr != null ? vr : new VariableResolver();\r\n        this.namespaceResolver = nr != null ? nr : new NamespaceResolver();\r\n        this.functionResolver = fr != null ? fr : new FunctionResolver();\r\n    }\r\n\r\n    XPathContext.prototype.extend = function (newProps) {\r\n        return assign(new XPathContext(), this, newProps);\r\n    };\r\n\r\n    // VariableResolver //////////////////////////////////////////////////////////\r\n\r\n    VariableResolver.prototype = new Object();\r\n    VariableResolver.prototype.constructor = VariableResolver;\r\n    VariableResolver.superclass = Object.prototype;\r\n\r\n    function VariableResolver() {\r\n    }\r\n\r\n    VariableResolver.prototype.getVariable = function (ln, ns) {\r\n        return null;\r\n    };\r\n\r\n    // FunctionResolver //////////////////////////////////////////////////////////\r\n\r\n    FunctionResolver.prototype = new Object();\r\n    FunctionResolver.prototype.constructor = FunctionResolver;\r\n    FunctionResolver.superclass = Object.prototype;\r\n\r\n    function FunctionResolver(thisArg) {\r\n        this.thisArg = thisArg != null ? thisArg : Functions;\r\n        this.functions = new Object();\r\n        this.addStandardFunctions();\r\n    }\r\n\r\n    FunctionResolver.prototype.addStandardFunctions = function () {\r\n        this.functions[\"{}last\"] = Functions.last;\r\n        this.functions[\"{}position\"] = Functions.position;\r\n        this.functions[\"{}count\"] = Functions.count;\r\n        this.functions[\"{}id\"] = Functions.id;\r\n        this.functions[\"{}local-name\"] = Functions.localName;\r\n        this.functions[\"{}namespace-uri\"] = Functions.namespaceURI;\r\n        this.functions[\"{}name\"] = Functions.name;\r\n        this.functions[\"{}string\"] = Functions.string;\r\n        this.functions[\"{}concat\"] = Functions.concat;\r\n        this.functions[\"{}starts-with\"] = Functions.startsWith;\r\n        this.functions[\"{}contains\"] = Functions.contains;\r\n        this.functions[\"{}substring-before\"] = Functions.substringBefore;\r\n        this.functions[\"{}substring-after\"] = Functions.substringAfter;\r\n        this.functions[\"{}substring\"] = Functions.substring;\r\n        this.functions[\"{}string-length\"] = Functions.stringLength;\r\n        this.functions[\"{}normalize-space\"] = Functions.normalizeSpace;\r\n        this.functions[\"{}translate\"] = Functions.translate;\r\n        this.functions[\"{}boolean\"] = Functions.boolean_;\r\n        this.functions[\"{}not\"] = Functions.not;\r\n        this.functions[\"{}true\"] = Functions.true_;\r\n        this.functions[\"{}false\"] = Functions.false_;\r\n        this.functions[\"{}lang\"] = Functions.lang;\r\n        this.functions[\"{}number\"] = Functions.number;\r\n        this.functions[\"{}sum\"] = Functions.sum;\r\n        this.functions[\"{}floor\"] = Functions.floor;\r\n        this.functions[\"{}ceiling\"] = Functions.ceiling;\r\n        this.functions[\"{}round\"] = Functions.round;\r\n    };\r\n\r\n    FunctionResolver.prototype.addFunction = function (ns, ln, f) {\r\n        this.functions[\"{\" + ns + \"}\" + ln] = f;\r\n    };\r\n\r\n    FunctionResolver.getFunctionFromContext = function (qName, context) {\r\n        var parts = Utilities.resolveQName(qName, context.namespaceResolver, context.contextNode, false);\r\n\r\n        if (parts[0] === null) {\r\n            throw new Error(\"Cannot resolve QName \" + name);\r\n        }\r\n\r\n        return context.functionResolver.getFunction(parts[1], parts[0]);\r\n    };\r\n\r\n    FunctionResolver.prototype.getFunction = function (localName, namespace) {\r\n        return this.functions[\"{\" + namespace + \"}\" + localName];\r\n    };\r\n\r\n    // NamespaceResolver /////////////////////////////////////////////////////////\r\n\r\n    NamespaceResolver.prototype = new Object();\r\n    NamespaceResolver.prototype.constructor = NamespaceResolver;\r\n    NamespaceResolver.superclass = Object.prototype;\r\n\r\n    function NamespaceResolver() {\r\n    }\r\n\r\n    NamespaceResolver.prototype.getNamespace = function (prefix, n) {\r\n        if (prefix == \"xml\") {\r\n            return XPath.XML_NAMESPACE_URI;\r\n        } else if (prefix == \"xmlns\") {\r\n            return XPath.XMLNS_NAMESPACE_URI;\r\n        }\r\n        if (n.nodeType == NodeTypes.DOCUMENT_NODE) {\r\n            n = n.documentElement;\r\n        } else if (n.nodeType == NodeTypes.ATTRIBUTE_NODE) {\r\n            n = PathExpr.getOwnerElement(n);\r\n        } else if (n.nodeType != NodeTypes.ELEMENT_NODE) {\r\n            n = n.parentNode;\r\n        }\r\n        while (n != null && n.nodeType == NodeTypes.ELEMENT_NODE) {\r\n            var nnm = n.attributes;\r\n            for (var i = 0; i < nnm.length; i++) {\r\n                var a = nnm.item(i);\r\n                var aname = a.name || a.nodeName;\r\n                if ((aname === \"xmlns\" && prefix === \"\")\r\n                    || aname === \"xmlns:\" + prefix) {\r\n                    return String(a.value || a.nodeValue);\r\n                }\r\n            }\r\n            n = n.parentNode;\r\n        }\r\n        return null;\r\n    };\r\n\r\n    // Functions /////////////////////////////////////////////////////////////////\r\n\r\n    var Functions = new Object();\r\n\r\n    Functions.last = function (c) {\r\n        if (arguments.length != 1) {\r\n            throw new Error(\"Function last expects ()\");\r\n        }\r\n\r\n        return new XNumber(c.contextSize);\r\n    };\r\n\r\n    Functions.position = function (c) {\r\n        if (arguments.length != 1) {\r\n            throw new Error(\"Function position expects ()\");\r\n        }\r\n\r\n        return new XNumber(c.contextPosition);\r\n    };\r\n\r\n    Functions.count = function () {\r\n        var c = arguments[0];\r\n        var ns;\r\n        if (arguments.length != 2 || !Utilities.instance_of(ns = arguments[1].evaluate(c), XNodeSet)) {\r\n            throw new Error(\"Function count expects (node-set)\");\r\n        }\r\n        return new XNumber(ns.size);\r\n    };\r\n\r\n    Functions.id = function () {\r\n        var c = arguments[0];\r\n        var id;\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function id expects (object)\");\r\n        }\r\n        id = arguments[1].evaluate(c);\r\n        if (Utilities.instance_of(id, XNodeSet)) {\r\n            id = id.toArray().join(\" \");\r\n        } else {\r\n            id = id.stringValue();\r\n        }\r\n        var ids = id.split(/[\\x0d\\x0a\\x09\\x20]+/);\r\n        var count = 0;\r\n        var ns = new XNodeSet();\r\n        var doc = c.contextNode.nodeType == NodeTypes.DOCUMENT_NODE\r\n            ? c.contextNode\r\n            : c.contextNode.ownerDocument;\r\n        for (var i = 0; i < ids.length; i++) {\r\n            var n;\r\n            if (doc.getElementById) {\r\n                n = doc.getElementById(ids[i]);\r\n            } else {\r\n                n = Utilities.getElementById(doc, ids[i]);\r\n            }\r\n            if (n != null) {\r\n                ns.add(n);\r\n                count++;\r\n            }\r\n        }\r\n        return ns;\r\n    };\r\n\r\n    Functions.localName = function (c, eNode) {\r\n        var n;\r\n\r\n        if (arguments.length == 1) {\r\n            n = c.contextNode;\r\n        } else if (arguments.length == 2) {\r\n            n = eNode.evaluate(c).first();\r\n        } else {\r\n            throw new Error(\"Function local-name expects (node-set?)\");\r\n        }\r\n\r\n        if (n == null) {\r\n            return new XString(\"\");\r\n        }\r\n\r\n        return new XString(\r\n            n.localName ||     //  standard elements and attributes\r\n            n.baseName ||     //  IE\r\n            n.target ||     //  processing instructions\r\n            n.nodeName ||     //  DOM1 elements\r\n            \"\"                 //  fallback\r\n        );\r\n    };\r\n\r\n    Functions.namespaceURI = function () {\r\n        var c = arguments[0];\r\n        var n;\r\n\r\n        if (arguments.length == 1) {\r\n            n = c.contextNode;\r\n        } else if (arguments.length == 2) {\r\n            n = arguments[1].evaluate(c).first();\r\n        } else {\r\n            throw new Error(\"Function namespace-uri expects (node-set?)\");\r\n        }\r\n\r\n        if (n == null) {\r\n            return new XString(\"\");\r\n        }\r\n        return new XString(n.namespaceURI || '');\r\n    };\r\n\r\n    Functions.name = function () {\r\n        var c = arguments[0];\r\n        var n;\r\n        if (arguments.length == 1) {\r\n            n = c.contextNode;\r\n        } else if (arguments.length == 2) {\r\n            n = arguments[1].evaluate(c).first();\r\n        } else {\r\n            throw new Error(\"Function name expects (node-set?)\");\r\n        }\r\n        if (n == null) {\r\n            return new XString(\"\");\r\n        }\r\n        if (n.nodeType == NodeTypes.ELEMENT_NODE) {\r\n            return new XString(n.nodeName);\r\n        } else if (n.nodeType == NodeTypes.ATTRIBUTE_NODE) {\r\n            return new XString(n.name || n.nodeName);\r\n        } else if (n.nodeType === NodeTypes.PROCESSING_INSTRUCTION_NODE) {\r\n            return new XString(n.target || n.nodeName);\r\n        } else if (n.localName == null) {\r\n            return new XString(\"\");\r\n        } else {\r\n            return new XString(n.localName);\r\n        }\r\n    };\r\n\r\n    Functions.string = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length == 1) {\r\n            return new XString(XNodeSet.prototype.stringForNode(c.contextNode));\r\n        } else if (arguments.length == 2) {\r\n            return arguments[1].evaluate(c).string();\r\n        }\r\n        throw new Error(\"Function string expects (object?)\");\r\n    };\r\n\r\n    Functions.concat = function (c) {\r\n        if (arguments.length < 3) {\r\n            throw new Error(\"Function concat expects (string, string[, string]*)\");\r\n        }\r\n        var s = \"\";\r\n        for (var i = 1; i < arguments.length; i++) {\r\n            s += arguments[i].evaluate(c).stringValue();\r\n        }\r\n        return new XString(s);\r\n    };\r\n\r\n    Functions.startsWith = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 3) {\r\n            throw new Error(\"Function startsWith expects (string, string)\");\r\n        }\r\n        var s1 = arguments[1].evaluate(c).stringValue();\r\n        var s2 = arguments[2].evaluate(c).stringValue();\r\n        return new XBoolean(s1.substring(0, s2.length) == s2);\r\n    };\r\n\r\n    Functions.contains = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 3) {\r\n            throw new Error(\"Function contains expects (string, string)\");\r\n        }\r\n        var s1 = arguments[1].evaluate(c).stringValue();\r\n        var s2 = arguments[2].evaluate(c).stringValue();\r\n        return new XBoolean(s1.indexOf(s2) !== -1);\r\n    };\r\n\r\n    Functions.substringBefore = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 3) {\r\n            throw new Error(\"Function substring-before expects (string, string)\");\r\n        }\r\n        var s1 = arguments[1].evaluate(c).stringValue();\r\n        var s2 = arguments[2].evaluate(c).stringValue();\r\n        return new XString(s1.substring(0, s1.indexOf(s2)));\r\n    };\r\n\r\n    Functions.substringAfter = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 3) {\r\n            throw new Error(\"Function substring-after expects (string, string)\");\r\n        }\r\n        var s1 = arguments[1].evaluate(c).stringValue();\r\n        var s2 = arguments[2].evaluate(c).stringValue();\r\n        if (s2.length == 0) {\r\n            return new XString(s1);\r\n        }\r\n        var i = s1.indexOf(s2);\r\n        if (i == -1) {\r\n            return new XString(\"\");\r\n        }\r\n        return new XString(s1.substring(i + s2.length));\r\n    };\r\n\r\n    Functions.substring = function () {\r\n        var c = arguments[0];\r\n        if (!(arguments.length == 3 || arguments.length == 4)) {\r\n            throw new Error(\"Function substring expects (string, number, number?)\");\r\n        }\r\n        var s = arguments[1].evaluate(c).stringValue();\r\n        var n1 = Math.round(arguments[2].evaluate(c).numberValue()) - 1;\r\n        var n2 = arguments.length == 4 ? n1 + Math.round(arguments[3].evaluate(c).numberValue()) : undefined;\r\n        return new XString(s.substring(n1, n2));\r\n    };\r\n\r\n    Functions.stringLength = function () {\r\n        var c = arguments[0];\r\n        var s;\r\n        if (arguments.length == 1) {\r\n            s = XNodeSet.prototype.stringForNode(c.contextNode);\r\n        } else if (arguments.length == 2) {\r\n            s = arguments[1].evaluate(c).stringValue();\r\n        } else {\r\n            throw new Error(\"Function string-length expects (string?)\");\r\n        }\r\n        return new XNumber(s.length);\r\n    };\r\n\r\n    Functions.normalizeSpace = function () {\r\n        var c = arguments[0];\r\n        var s;\r\n        if (arguments.length == 1) {\r\n            s = XNodeSet.prototype.stringForNode(c.contextNode);\r\n        } else if (arguments.length == 2) {\r\n            s = arguments[1].evaluate(c).stringValue();\r\n        } else {\r\n            throw new Error(\"Function normalize-space expects (string?)\");\r\n        }\r\n        var i = 0;\r\n        var j = s.length - 1;\r\n        while (Utilities.isSpace(s.charCodeAt(j))) {\r\n            j--;\r\n        }\r\n        var t = \"\";\r\n        while (i <= j && Utilities.isSpace(s.charCodeAt(i))) {\r\n            i++;\r\n        }\r\n        while (i <= j) {\r\n            if (Utilities.isSpace(s.charCodeAt(i))) {\r\n                t += \" \";\r\n                while (i <= j && Utilities.isSpace(s.charCodeAt(i))) {\r\n                    i++;\r\n                }\r\n            } else {\r\n                t += s.charAt(i);\r\n                i++;\r\n            }\r\n        }\r\n        return new XString(t);\r\n    };\r\n\r\n    Functions.translate = function (c, eValue, eFrom, eTo) {\r\n        if (arguments.length != 4) {\r\n            throw new Error(\"Function translate expects (string, string, string)\");\r\n        }\r\n\r\n        var value = eValue.evaluate(c).stringValue();\r\n        var from = eFrom.evaluate(c).stringValue();\r\n        var to = eTo.evaluate(c).stringValue();\r\n\r\n        var cMap = reduce(function (acc, ch, i) {\r\n            if (!(ch in acc)) {\r\n                acc[ch] = i > to.length ? '' : to[i];\r\n            }\r\n            return acc;\r\n        }, {}, from);\r\n\r\n        var t = join(\r\n            '',\r\n            map(function (ch) {\r\n                return ch in cMap ? cMap[ch] : ch;\r\n            }, value)\r\n        );\r\n\r\n        return new XString(t);\r\n    };\r\n\r\n    Functions.boolean_ = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function boolean expects (object)\");\r\n        }\r\n        return arguments[1].evaluate(c).bool();\r\n    };\r\n\r\n    Functions.not = function (c, eValue) {\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function not expects (object)\");\r\n        }\r\n        return eValue.evaluate(c).bool().not();\r\n    };\r\n\r\n    Functions.true_ = function () {\r\n        if (arguments.length != 1) {\r\n            throw new Error(\"Function true expects ()\");\r\n        }\r\n        return XBoolean.true_;\r\n    };\r\n\r\n    Functions.false_ = function () {\r\n        if (arguments.length != 1) {\r\n            throw new Error(\"Function false expects ()\");\r\n        }\r\n        return XBoolean.false_;\r\n    };\r\n\r\n    Functions.lang = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function lang expects (string)\");\r\n        }\r\n        var lang;\r\n        for (var n = c.contextNode; n != null && n.nodeType != NodeTypes.DOCUMENT_NODE; n = n.parentNode) {\r\n            var a = n.getAttributeNS(XPath.XML_NAMESPACE_URI, \"lang\");\r\n            if (a != null) {\r\n                lang = String(a);\r\n                break;\r\n            }\r\n        }\r\n        if (lang == null) {\r\n            return XBoolean.false_;\r\n        }\r\n        var s = arguments[1].evaluate(c).stringValue();\r\n        return new XBoolean(lang.substring(0, s.length) == s\r\n            && (lang.length == s.length || lang.charAt(s.length) == '-'));\r\n    };\r\n\r\n    Functions.number = function () {\r\n        var c = arguments[0];\r\n        if (!(arguments.length == 1 || arguments.length == 2)) {\r\n            throw new Error(\"Function number expects (object?)\");\r\n        }\r\n        if (arguments.length == 1) {\r\n            return new XNumber(XNodeSet.prototype.stringForNode(c.contextNode));\r\n        }\r\n        return arguments[1].evaluate(c).number();\r\n    };\r\n\r\n    Functions.sum = function () {\r\n        var c = arguments[0];\r\n        var ns;\r\n        if (arguments.length != 2 || !Utilities.instance_of((ns = arguments[1].evaluate(c)), XNodeSet)) {\r\n            throw new Error(\"Function sum expects (node-set)\");\r\n        }\r\n        ns = ns.toUnsortedArray();\r\n        var n = 0;\r\n        for (var i = 0; i < ns.length; i++) {\r\n            n += new XNumber(XNodeSet.prototype.stringForNode(ns[i])).numberValue();\r\n        }\r\n        return new XNumber(n);\r\n    };\r\n\r\n    Functions.floor = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function floor expects (number)\");\r\n        }\r\n        return new XNumber(Math.floor(arguments[1].evaluate(c).numberValue()));\r\n    };\r\n\r\n    Functions.ceiling = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function ceiling expects (number)\");\r\n        }\r\n        return new XNumber(Math.ceil(arguments[1].evaluate(c).numberValue()));\r\n    };\r\n\r\n    Functions.round = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function round expects (number)\");\r\n        }\r\n        return new XNumber(Math.round(arguments[1].evaluate(c).numberValue()));\r\n    };\r\n\r\n    // Utilities /////////////////////////////////////////////////////////////////\r\n\r\n    var Utilities = new Object();\r\n\r\n    // Returns true if the node is an attribute node or namespace node\r\n    var isAttributeLike = function (val) {\r\n        return val && (\r\n            val.nodeType === NodeTypes.ATTRIBUTE_NODE ||\r\n            val.ownerElement ||\r\n            val.isXPathNamespace\r\n        );\r\n    }\r\n\r\n    Utilities.splitQName = function (qn) {\r\n        var i = qn.indexOf(\":\");\r\n        if (i == -1) {\r\n            return [null, qn];\r\n        }\r\n        return [qn.substring(0, i), qn.substring(i + 1)];\r\n    };\r\n\r\n    Utilities.resolveQName = function (qn, nr, n, useDefault) {\r\n        var parts = Utilities.splitQName(qn);\r\n        if (parts[0] != null) {\r\n            parts[0] = nr.getNamespace(parts[0], n);\r\n        } else {\r\n            if (useDefault) {\r\n                parts[0] = nr.getNamespace(\"\", n);\r\n                if (parts[0] == null) {\r\n                    parts[0] = \"\";\r\n                }\r\n            } else {\r\n                parts[0] = \"\";\r\n            }\r\n        }\r\n        return parts;\r\n    };\r\n\r\n    Utilities.isSpace = function (c) {\r\n        return c == 0x9 || c == 0xd || c == 0xa || c == 0x20;\r\n    };\r\n\r\n    Utilities.isLetter = function (c) {\r\n        return c >= 0x0041 && c <= 0x005A ||\r\n            c >= 0x0061 && c <= 0x007A ||\r\n            c >= 0x00C0 && c <= 0x00D6 ||\r\n            c >= 0x00D8 && c <= 0x00F6 ||\r\n            c >= 0x00F8 && c <= 0x00FF ||\r\n            c >= 0x0100 && c <= 0x0131 ||\r\n            c >= 0x0134 && c <= 0x013E ||\r\n            c >= 0x0141 && c <= 0x0148 ||\r\n            c >= 0x014A && c <= 0x017E ||\r\n            c >= 0x0180 && c <= 0x01C3 ||\r\n            c >= 0x01CD && c <= 0x01F0 ||\r\n            c >= 0x01F4 && c <= 0x01F5 ||\r\n            c >= 0x01FA && c <= 0x0217 ||\r\n            c >= 0x0250 && c <= 0x02A8 ||\r\n            c >= 0x02BB && c <= 0x02C1 ||\r\n            c == 0x0386 ||\r\n            c >= 0x0388 && c <= 0x038A ||\r\n            c == 0x038C ||\r\n            c >= 0x038E && c <= 0x03A1 ||\r\n            c >= 0x03A3 && c <= 0x03CE ||\r\n            c >= 0x03D0 && c <= 0x03D6 ||\r\n            c == 0x03DA ||\r\n            c == 0x03DC ||\r\n            c == 0x03DE ||\r\n            c == 0x03E0 ||\r\n            c >= 0x03E2 && c <= 0x03F3 ||\r\n            c >= 0x0401 && c <= 0x040C ||\r\n            c >= 0x040E && c <= 0x044F ||\r\n            c >= 0x0451 && c <= 0x045C ||\r\n            c >= 0x045E && c <= 0x0481 ||\r\n            c >= 0x0490 && c <= 0x04C4 ||\r\n            c >= 0x04C7 && c <= 0x04C8 ||\r\n            c >= 0x04CB && c <= 0x04CC ||\r\n            c >= 0x04D0 && c <= 0x04EB ||\r\n            c >= 0x04EE && c <= 0x04F5 ||\r\n            c >= 0x04F8 && c <= 0x04F9 ||\r\n            c >= 0x0531 && c <= 0x0556 ||\r\n            c == 0x0559 ||\r\n            c >= 0x0561 && c <= 0x0586 ||\r\n            c >= 0x05D0 && c <= 0x05EA ||\r\n            c >= 0x05F0 && c <= 0x05F2 ||\r\n            c >= 0x0621 && c <= 0x063A ||\r\n            c >= 0x0641 && c <= 0x064A ||\r\n            c >= 0x0671 && c <= 0x06B7 ||\r\n            c >= 0x06BA && c <= 0x06BE ||\r\n            c >= 0x06C0 && c <= 0x06CE ||\r\n            c >= 0x06D0 && c <= 0x06D3 ||\r\n            c == 0x06D5 ||\r\n            c >= 0x06E5 && c <= 0x06E6 ||\r\n            c >= 0x0905 && c <= 0x0939 ||\r\n            c == 0x093D ||\r\n            c >= 0x0958 && c <= 0x0961 ||\r\n            c >= 0x0985 && c <= 0x098C ||\r\n            c >= 0x098F && c <= 0x0990 ||\r\n            c >= 0x0993 && c <= 0x09A8 ||\r\n            c >= 0x09AA && c <= 0x09B0 ||\r\n            c == 0x09B2 ||\r\n            c >= 0x09B6 && c <= 0x09B9 ||\r\n            c >= 0x09DC && c <= 0x09DD ||\r\n            c >= 0x09DF && c <= 0x09E1 ||\r\n            c >= 0x09F0 && c <= 0x09F1 ||\r\n            c >= 0x0A05 && c <= 0x0A0A ||\r\n            c >= 0x0A0F && c <= 0x0A10 ||\r\n            c >= 0x0A13 && c <= 0x0A28 ||\r\n            c >= 0x0A2A && c <= 0x0A30 ||\r\n            c >= 0x0A32 && c <= 0x0A33 ||\r\n            c >= 0x0A35 && c <= 0x0A36 ||\r\n            c >= 0x0A38 && c <= 0x0A39 ||\r\n            c >= 0x0A59 && c <= 0x0A5C ||\r\n            c == 0x0A5E ||\r\n            c >= 0x0A72 && c <= 0x0A74 ||\r\n            c >= 0x0A85 && c <= 0x0A8B ||\r\n            c == 0x0A8D ||\r\n            c >= 0x0A8F && c <= 0x0A91 ||\r\n            c >= 0x0A93 && c <= 0x0AA8 ||\r\n            c >= 0x0AAA && c <= 0x0AB0 ||\r\n            c >= 0x0AB2 && c <= 0x0AB3 ||\r\n            c >= 0x0AB5 && c <= 0x0AB9 ||\r\n            c == 0x0ABD ||\r\n            c == 0x0AE0 ||\r\n            c >= 0x0B05 && c <= 0x0B0C ||\r\n            c >= 0x0B0F && c <= 0x0B10 ||\r\n            c >= 0x0B13 && c <= 0x0B28 ||\r\n            c >= 0x0B2A && c <= 0x0B30 ||\r\n            c >= 0x0B32 && c <= 0x0B33 ||\r\n            c >= 0x0B36 && c <= 0x0B39 ||\r\n            c == 0x0B3D ||\r\n            c >= 0x0B5C && c <= 0x0B5D ||\r\n            c >= 0x0B5F && c <= 0x0B61 ||\r\n            c >= 0x0B85 && c <= 0x0B8A ||\r\n            c >= 0x0B8E && c <= 0x0B90 ||\r\n            c >= 0x0B92 && c <= 0x0B95 ||\r\n            c >= 0x0B99 && c <= 0x0B9A ||\r\n            c == 0x0B9C ||\r\n            c >= 0x0B9E && c <= 0x0B9F ||\r\n            c >= 0x0BA3 && c <= 0x0BA4 ||\r\n            c >= 0x0BA8 && c <= 0x0BAA ||\r\n            c >= 0x0BAE && c <= 0x0BB5 ||\r\n            c >= 0x0BB7 && c <= 0x0BB9 ||\r\n            c >= 0x0C05 && c <= 0x0C0C ||\r\n            c >= 0x0C0E && c <= 0x0C10 ||\r\n            c >= 0x0C12 && c <= 0x0C28 ||\r\n            c >= 0x0C2A && c <= 0x0C33 ||\r\n            c >= 0x0C35 && c <= 0x0C39 ||\r\n            c >= 0x0C60 && c <= 0x0C61 ||\r\n            c >= 0x0C85 && c <= 0x0C8C ||\r\n            c >= 0x0C8E && c <= 0x0C90 ||\r\n            c >= 0x0C92 && c <= 0x0CA8 ||\r\n            c >= 0x0CAA && c <= 0x0CB3 ||\r\n            c >= 0x0CB5 && c <= 0x0CB9 ||\r\n            c == 0x0CDE ||\r\n            c >= 0x0CE0 && c <= 0x0CE1 ||\r\n            c >= 0x0D05 && c <= 0x0D0C ||\r\n            c >= 0x0D0E && c <= 0x0D10 ||\r\n            c >= 0x0D12 && c <= 0x0D28 ||\r\n            c >= 0x0D2A && c <= 0x0D39 ||\r\n            c >= 0x0D60 && c <= 0x0D61 ||\r\n            c >= 0x0E01 && c <= 0x0E2E ||\r\n            c == 0x0E30 ||\r\n            c >= 0x0E32 && c <= 0x0E33 ||\r\n            c >= 0x0E40 && c <= 0x0E45 ||\r\n            c >= 0x0E81 && c <= 0x0E82 ||\r\n            c == 0x0E84 ||\r\n            c >= 0x0E87 && c <= 0x0E88 ||\r\n            c == 0x0E8A ||\r\n            c == 0x0E8D ||\r\n            c >= 0x0E94 && c <= 0x0E97 ||\r\n            c >= 0x0E99 && c <= 0x0E9F ||\r\n            c >= 0x0EA1 && c <= 0x0EA3 ||\r\n            c == 0x0EA5 ||\r\n            c == 0x0EA7 ||\r\n            c >= 0x0EAA && c <= 0x0EAB ||\r\n            c >= 0x0EAD && c <= 0x0EAE ||\r\n            c == 0x0EB0 ||\r\n            c >= 0x0EB2 && c <= 0x0EB3 ||\r\n            c == 0x0EBD ||\r\n            c >= 0x0EC0 && c <= 0x0EC4 ||\r\n            c >= 0x0F40 && c <= 0x0F47 ||\r\n            c >= 0x0F49 && c <= 0x0F69 ||\r\n            c >= 0x10A0 && c <= 0x10C5 ||\r\n            c >= 0x10D0 && c <= 0x10F6 ||\r\n            c == 0x1100 ||\r\n            c >= 0x1102 && c <= 0x1103 ||\r\n            c >= 0x1105 && c <= 0x1107 ||\r\n            c == 0x1109 ||\r\n            c >= 0x110B && c <= 0x110C ||\r\n            c >= 0x110E && c <= 0x1112 ||\r\n            c == 0x113C ||\r\n            c == 0x113E ||\r\n            c == 0x1140 ||\r\n            c == 0x114C ||\r\n            c == 0x114E ||\r\n            c == 0x1150 ||\r\n            c >= 0x1154 && c <= 0x1155 ||\r\n            c == 0x1159 ||\r\n            c >= 0x115F && c <= 0x1161 ||\r\n            c == 0x1163 ||\r\n            c == 0x1165 ||\r\n            c == 0x1167 ||\r\n            c == 0x1169 ||\r\n            c >= 0x116D && c <= 0x116E ||\r\n            c >= 0x1172 && c <= 0x1173 ||\r\n            c == 0x1175 ||\r\n            c == 0x119E ||\r\n            c == 0x11A8 ||\r\n            c == 0x11AB ||\r\n            c >= 0x11AE && c <= 0x11AF ||\r\n            c >= 0x11B7 && c <= 0x11B8 ||\r\n            c == 0x11BA ||\r\n            c >= 0x11BC && c <= 0x11C2 ||\r\n            c == 0x11EB ||\r\n            c == 0x11F0 ||\r\n            c == 0x11F9 ||\r\n            c >= 0x1E00 && c <= 0x1E9B ||\r\n            c >= 0x1EA0 && c <= 0x1EF9 ||\r\n            c >= 0x1F00 && c <= 0x1F15 ||\r\n            c >= 0x1F18 && c <= 0x1F1D ||\r\n            c >= 0x1F20 && c <= 0x1F45 ||\r\n            c >= 0x1F48 && c <= 0x1F4D ||\r\n            c >= 0x1F50 && c <= 0x1F57 ||\r\n            c == 0x1F59 ||\r\n            c == 0x1F5B ||\r\n            c == 0x1F5D ||\r\n            c >= 0x1F5F && c <= 0x1F7D ||\r\n            c >= 0x1F80 && c <= 0x1FB4 ||\r\n            c >= 0x1FB6 && c <= 0x1FBC ||\r\n            c == 0x1FBE ||\r\n            c >= 0x1FC2 && c <= 0x1FC4 ||\r\n            c >= 0x1FC6 && c <= 0x1FCC ||\r\n            c >= 0x1FD0 && c <= 0x1FD3 ||\r\n            c >= 0x1FD6 && c <= 0x1FDB ||\r\n            c >= 0x1FE0 && c <= 0x1FEC ||\r\n            c >= 0x1FF2 && c <= 0x1FF4 ||\r\n            c >= 0x1FF6 && c <= 0x1FFC ||\r\n            c == 0x2126 ||\r\n            c >= 0x212A && c <= 0x212B ||\r\n            c == 0x212E ||\r\n            c >= 0x2180 && c <= 0x2182 ||\r\n            c >= 0x3041 && c <= 0x3094 ||\r\n            c >= 0x30A1 && c <= 0x30FA ||\r\n            c >= 0x3105 && c <= 0x312C ||\r\n            c >= 0xAC00 && c <= 0xD7A3 ||\r\n            c >= 0x4E00 && c <= 0x9FA5 ||\r\n            c == 0x3007 ||\r\n            c >= 0x3021 && c <= 0x3029;\r\n    };\r\n\r\n    Utilities.isNCNameChar = function (c) {\r\n        return c >= 0x0030 && c <= 0x0039\r\n            || c >= 0x0660 && c <= 0x0669\r\n            || c >= 0x06F0 && c <= 0x06F9\r\n            || c >= 0x0966 && c <= 0x096F\r\n            || c >= 0x09E6 && c <= 0x09EF\r\n            || c >= 0x0A66 && c <= 0x0A6F\r\n            || c >= 0x0AE6 && c <= 0x0AEF\r\n            || c >= 0x0B66 && c <= 0x0B6F\r\n            || c >= 0x0BE7 && c <= 0x0BEF\r\n            || c >= 0x0C66 && c <= 0x0C6F\r\n            || c >= 0x0CE6 && c <= 0x0CEF\r\n            || c >= 0x0D66 && c <= 0x0D6F\r\n            || c >= 0x0E50 && c <= 0x0E59\r\n            || c >= 0x0ED0 && c <= 0x0ED9\r\n            || c >= 0x0F20 && c <= 0x0F29\r\n            || c == 0x002E\r\n            || c == 0x002D\r\n            || c == 0x005F\r\n            || Utilities.isLetter(c)\r\n            || c >= 0x0300 && c <= 0x0345\r\n            || c >= 0x0360 && c <= 0x0361\r\n            || c >= 0x0483 && c <= 0x0486\r\n            || c >= 0x0591 && c <= 0x05A1\r\n            || c >= 0x05A3 && c <= 0x05B9\r\n            || c >= 0x05BB && c <= 0x05BD\r\n            || c == 0x05BF\r\n            || c >= 0x05C1 && c <= 0x05C2\r\n            || c == 0x05C4\r\n            || c >= 0x064B && c <= 0x0652\r\n            || c == 0x0670\r\n            || c >= 0x06D6 && c <= 0x06DC\r\n            || c >= 0x06DD && c <= 0x06DF\r\n            || c >= 0x06E0 && c <= 0x06E4\r\n            || c >= 0x06E7 && c <= 0x06E8\r\n            || c >= 0x06EA && c <= 0x06ED\r\n            || c >= 0x0901 && c <= 0x0903\r\n            || c == 0x093C\r\n            || c >= 0x093E && c <= 0x094C\r\n            || c == 0x094D\r\n            || c >= 0x0951 && c <= 0x0954\r\n            || c >= 0x0962 && c <= 0x0963\r\n            || c >= 0x0981 && c <= 0x0983\r\n            || c == 0x09BC\r\n            || c == 0x09BE\r\n            || c == 0x09BF\r\n            || c >= 0x09C0 && c <= 0x09C4\r\n            || c >= 0x09C7 && c <= 0x09C8\r\n            || c >= 0x09CB && c <= 0x09CD\r\n            || c == 0x09D7\r\n            || c >= 0x09E2 && c <= 0x09E3\r\n            || c == 0x0A02\r\n            || c == 0x0A3C\r\n            || c == 0x0A3E\r\n            || c == 0x0A3F\r\n            || c >= 0x0A40 && c <= 0x0A42\r\n            || c >= 0x0A47 && c <= 0x0A48\r\n            || c >= 0x0A4B && c <= 0x0A4D\r\n            || c >= 0x0A70 && c <= 0x0A71\r\n            || c >= 0x0A81 && c <= 0x0A83\r\n            || c == 0x0ABC\r\n            || c >= 0x0ABE && c <= 0x0AC5\r\n            || c >= 0x0AC7 && c <= 0x0AC9\r\n            || c >= 0x0ACB && c <= 0x0ACD\r\n            || c >= 0x0B01 && c <= 0x0B03\r\n            || c == 0x0B3C\r\n            || c >= 0x0B3E && c <= 0x0B43\r\n            || c >= 0x0B47 && c <= 0x0B48\r\n            || c >= 0x0B4B && c <= 0x0B4D\r\n            || c >= 0x0B56 && c <= 0x0B57\r\n            || c >= 0x0B82 && c <= 0x0B83\r\n            || c >= 0x0BBE && c <= 0x0BC2\r\n            || c >= 0x0BC6 && c <= 0x0BC8\r\n            || c >= 0x0BCA && c <= 0x0BCD\r\n            || c == 0x0BD7\r\n            || c >= 0x0C01 && c <= 0x0C03\r\n            || c >= 0x0C3E && c <= 0x0C44\r\n            || c >= 0x0C46 && c <= 0x0C48\r\n            || c >= 0x0C4A && c <= 0x0C4D\r\n            || c >= 0x0C55 && c <= 0x0C56\r\n            || c >= 0x0C82 && c <= 0x0C83\r\n            || c >= 0x0CBE && c <= 0x0CC4\r\n            || c >= 0x0CC6 && c <= 0x0CC8\r\n            || c >= 0x0CCA && c <= 0x0CCD\r\n            || c >= 0x0CD5 && c <= 0x0CD6\r\n            || c >= 0x0D02 && c <= 0x0D03\r\n            || c >= 0x0D3E && c <= 0x0D43\r\n            || c >= 0x0D46 && c <= 0x0D48\r\n            || c >= 0x0D4A && c <= 0x0D4D\r\n            || c == 0x0D57\r\n            || c == 0x0E31\r\n            || c >= 0x0E34 && c <= 0x0E3A\r\n            || c >= 0x0E47 && c <= 0x0E4E\r\n            || c == 0x0EB1\r\n            || c >= 0x0EB4 && c <= 0x0EB9\r\n            || c >= 0x0EBB && c <= 0x0EBC\r\n            || c >= 0x0EC8 && c <= 0x0ECD\r\n            || c >= 0x0F18 && c <= 0x0F19\r\n            || c == 0x0F35\r\n            || c == 0x0F37\r\n            || c == 0x0F39\r\n            || c == 0x0F3E\r\n            || c == 0x0F3F\r\n            || c >= 0x0F71 && c <= 0x0F84\r\n            || c >= 0x0F86 && c <= 0x0F8B\r\n            || c >= 0x0F90 && c <= 0x0F95\r\n            || c == 0x0F97\r\n            || c >= 0x0F99 && c <= 0x0FAD\r\n            || c >= 0x0FB1 && c <= 0x0FB7\r\n            || c == 0x0FB9\r\n            || c >= 0x20D0 && c <= 0x20DC\r\n            || c == 0x20E1\r\n            || c >= 0x302A && c <= 0x302F\r\n            || c == 0x3099\r\n            || c == 0x309A\r\n            || c == 0x00B7\r\n            || c == 0x02D0\r\n            || c == 0x02D1\r\n            || c == 0x0387\r\n            || c == 0x0640\r\n            || c == 0x0E46\r\n            || c == 0x0EC6\r\n            || c == 0x3005\r\n            || c >= 0x3031 && c <= 0x3035\r\n            || c >= 0x309D && c <= 0x309E\r\n            || c >= 0x30FC && c <= 0x30FE;\r\n    };\r\n\r\n    Utilities.coalesceText = function (n) {\r\n        for (var m = n.firstChild; m != null; m = m.nextSibling) {\r\n            if (m.nodeType == NodeTypes.TEXT_NODE || m.nodeType == NodeTypes.CDATA_SECTION_NODE) {\r\n                var s = m.nodeValue;\r\n                var first = m;\r\n                m = m.nextSibling;\r\n                while (m != null && (m.nodeType == NodeTypes.TEXT_NODE || m.nodeType == NodeTypes.CDATA_SECTION_NODE)) {\r\n                    s += m.nodeValue;\r\n                    var del = m;\r\n                    m = m.nextSibling;\r\n                    del.parentNode.removeChild(del);\r\n                }\r\n                if (first.nodeType == NodeTypes.CDATA_SECTION_NODE) {\r\n                    var p = first.parentNode;\r\n                    if (first.nextSibling == null) {\r\n                        p.removeChild(first);\r\n                        p.appendChild(p.ownerDocument.createTextNode(s));\r\n                    } else {\r\n                        var next = first.nextSibling;\r\n                        p.removeChild(first);\r\n                        p.insertBefore(p.ownerDocument.createTextNode(s), next);\r\n                    }\r\n                } else {\r\n                    first.nodeValue = s;\r\n                }\r\n                if (m == null) {\r\n                    break;\r\n                }\r\n            } else if (m.nodeType == NodeTypes.ELEMENT_NODE) {\r\n                Utilities.coalesceText(m);\r\n            }\r\n        }\r\n    };\r\n\r\n    Utilities.instance_of = function (o, c) {\r\n        while (o != null) {\r\n            if (o.constructor === c) {\r\n                return true;\r\n            }\r\n            if (o === Object) {\r\n                return false;\r\n            }\r\n            o = o.constructor.superclass;\r\n        }\r\n        return false;\r\n    };\r\n\r\n    Utilities.getElementById = function (n, id) {\r\n        // Note that this does not check the DTD to check for actual\r\n        // attributes of type ID, so this may be a bit wrong.\r\n        if (n.nodeType == NodeTypes.ELEMENT_NODE) {\r\n            if (n.getAttribute(\"id\") == id\r\n                || n.getAttributeNS(null, \"id\") == id) {\r\n                return n;\r\n            }\r\n        }\r\n        for (var m = n.firstChild; m != null; m = m.nextSibling) {\r\n            var res = Utilities.getElementById(m, id);\r\n            if (res != null) {\r\n                return res;\r\n            }\r\n        }\r\n        return null;\r\n    };\r\n\r\n    // XPathException ////////////////////////////////////////////////////////////\r\n\r\n    var XPathException = (function () {\r\n        function getMessage(code, exception) {\r\n            var msg = exception ? \": \" + exception.toString() : \"\";\r\n            switch (code) {\r\n                case XPathException.INVALID_EXPRESSION_ERR:\r\n                    return \"Invalid expression\" + msg;\r\n                case XPathException.TYPE_ERR:\r\n                    return \"Type error\" + msg;\r\n            }\r\n            return null;\r\n        }\r\n\r\n        function XPathException(code, error, message) {\r\n            var err = Error.call(this, getMessage(code, error) || message);\r\n\r\n            err.code = code;\r\n            err.exception = error;\r\n\r\n            return err;\r\n        }\r\n\r\n        XPathException.prototype = Object.create(Error.prototype);\r\n        XPathException.prototype.constructor = XPathException;\r\n        XPathException.superclass = Error;\r\n\r\n        XPathException.prototype.toString = function () {\r\n            return this.message;\r\n        };\r\n\r\n        XPathException.fromMessage = function (message, error) {\r\n            return new XPathException(null, error, message);\r\n        };\r\n\r\n        XPathException.INVALID_EXPRESSION_ERR = 51;\r\n        XPathException.TYPE_ERR = 52;\r\n\r\n        return XPathException;\r\n    })();\r\n\r\n    // XPathExpression ///////////////////////////////////////////////////////////\r\n\r\n    XPathExpression.prototype = {};\r\n    XPathExpression.prototype.constructor = XPathExpression;\r\n    XPathExpression.superclass = Object.prototype;\r\n\r\n    function XPathExpression(e, r, p) {\r\n        this.xpath = p.parse(e);\r\n        this.context = new XPathContext();\r\n        this.context.namespaceResolver = new XPathNSResolverWrapper(r);\r\n    }\r\n\r\n    XPathExpression.getOwnerDocument = function (n) {\r\n        return n.nodeType === NodeTypes.DOCUMENT_NODE ? n : n.ownerDocument;\r\n    }\r\n\r\n    XPathExpression.detectHtmlDom = function (n) {\r\n        if (!n) { return false; }\r\n\r\n        var doc = XPathExpression.getOwnerDocument(n);\r\n\r\n        try {\r\n            return doc.implementation.hasFeature(\"HTML\", \"2.0\");\r\n        } catch (e) {\r\n            return true;\r\n        }\r\n    }\r\n\r\n    XPathExpression.prototype.evaluate = function (n, t, res) {\r\n        this.context.expressionContextNode = n;\r\n        // backward compatibility - no reliable way to detect whether the DOM is HTML, but\r\n        // this library has been using this method up until now, so we will continue to use it\r\n        // ONLY when using an XPathExpression\r\n        this.context.caseInsensitive = XPathExpression.detectHtmlDom(n);\r\n\r\n        var result = this.xpath.evaluate(this.context);\r\n\r\n        return new XPathResult(result, t);\r\n    }\r\n\r\n    // XPathNSResolverWrapper ////////////////////////////////////////////////////\r\n\r\n    XPathNSResolverWrapper.prototype = {};\r\n    XPathNSResolverWrapper.prototype.constructor = XPathNSResolverWrapper;\r\n    XPathNSResolverWrapper.superclass = Object.prototype;\r\n\r\n    function XPathNSResolverWrapper(r) {\r\n        this.xpathNSResolver = r;\r\n    }\r\n\r\n    XPathNSResolverWrapper.prototype.getNamespace = function (prefix, n) {\r\n        if (this.xpathNSResolver == null) {\r\n            return null;\r\n        }\r\n        return this.xpathNSResolver.lookupNamespaceURI(prefix);\r\n    };\r\n\r\n    // NodeXPathNSResolver ///////////////////////////////////////////////////////\r\n\r\n    NodeXPathNSResolver.prototype = {};\r\n    NodeXPathNSResolver.prototype.constructor = NodeXPathNSResolver;\r\n    NodeXPathNSResolver.superclass = Object.prototype;\r\n\r\n    function NodeXPathNSResolver(n) {\r\n        this.node = n;\r\n        this.namespaceResolver = new NamespaceResolver();\r\n    }\r\n\r\n    NodeXPathNSResolver.prototype.lookupNamespaceURI = function (prefix) {\r\n        return this.namespaceResolver.getNamespace(prefix, this.node);\r\n    };\r\n\r\n    // XPathResult ///////////////////////////////////////////////////////////////\r\n\r\n    XPathResult.prototype = {};\r\n    XPathResult.prototype.constructor = XPathResult;\r\n    XPathResult.superclass = Object.prototype;\r\n\r\n    function XPathResult(v, t) {\r\n        if (t == XPathResult.ANY_TYPE) {\r\n            if (v.constructor === XString) {\r\n                t = XPathResult.STRING_TYPE;\r\n            } else if (v.constructor === XNumber) {\r\n                t = XPathResult.NUMBER_TYPE;\r\n            } else if (v.constructor === XBoolean) {\r\n                t = XPathResult.BOOLEAN_TYPE;\r\n            } else if (v.constructor === XNodeSet) {\r\n                t = XPathResult.UNORDERED_NODE_ITERATOR_TYPE;\r\n            }\r\n        }\r\n        this.resultType = t;\r\n        switch (t) {\r\n            case XPathResult.NUMBER_TYPE:\r\n                this.numberValue = v.numberValue();\r\n                return;\r\n            case XPathResult.STRING_TYPE:\r\n                this.stringValue = v.stringValue();\r\n                return;\r\n            case XPathResult.BOOLEAN_TYPE:\r\n                this.booleanValue = v.booleanValue();\r\n                return;\r\n            case XPathResult.ANY_UNORDERED_NODE_TYPE:\r\n            case XPathResult.FIRST_ORDERED_NODE_TYPE:\r\n                if (v.constructor === XNodeSet) {\r\n                    this.singleNodeValue = v.first();\r\n                    return;\r\n                }\r\n                break;\r\n            case XPathResult.UNORDERED_NODE_ITERATOR_TYPE:\r\n            case XPathResult.ORDERED_NODE_ITERATOR_TYPE:\r\n                if (v.constructor === XNodeSet) {\r\n                    this.invalidIteratorState = false;\r\n                    this.nodes = v.toArray();\r\n                    this.iteratorIndex = 0;\r\n                    return;\r\n                }\r\n                break;\r\n            case XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE:\r\n            case XPathResult.ORDERED_NODE_SNAPSHOT_TYPE:\r\n                if (v.constructor === XNodeSet) {\r\n                    this.nodes = v.toArray();\r\n                    this.snapshotLength = this.nodes.length;\r\n                    return;\r\n                }\r\n                break;\r\n        }\r\n        throw new XPathException(XPathException.TYPE_ERR);\r\n    };\r\n\r\n    XPathResult.prototype.iterateNext = function () {\r\n        if (this.resultType != XPathResult.UNORDERED_NODE_ITERATOR_TYPE\r\n            && this.resultType != XPathResult.ORDERED_NODE_ITERATOR_TYPE) {\r\n            throw new XPathException(XPathException.TYPE_ERR);\r\n        }\r\n        return this.nodes[this.iteratorIndex++];\r\n    };\r\n\r\n    XPathResult.prototype.snapshotItem = function (i) {\r\n        if (this.resultType != XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE\r\n            && this.resultType != XPathResult.ORDERED_NODE_SNAPSHOT_TYPE) {\r\n            throw new XPathException(XPathException.TYPE_ERR);\r\n        }\r\n        return this.nodes[i];\r\n    };\r\n\r\n    XPathResult.ANY_TYPE = 0;\r\n    XPathResult.NUMBER_TYPE = 1;\r\n    XPathResult.STRING_TYPE = 2;\r\n    XPathResult.BOOLEAN_TYPE = 3;\r\n    XPathResult.UNORDERED_NODE_ITERATOR_TYPE = 4;\r\n    XPathResult.ORDERED_NODE_ITERATOR_TYPE = 5;\r\n    XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE = 6;\r\n    XPathResult.ORDERED_NODE_SNAPSHOT_TYPE = 7;\r\n    XPathResult.ANY_UNORDERED_NODE_TYPE = 8;\r\n    XPathResult.FIRST_ORDERED_NODE_TYPE = 9;\r\n\r\n    // DOM 3 XPath support ///////////////////////////////////////////////////////\r\n\r\n    function installDOM3XPathSupport(doc, p) {\r\n        doc.createExpression = function (e, r) {\r\n            try {\r\n                return new XPathExpression(e, r, p);\r\n            } catch (e) {\r\n                throw new XPathException(XPathException.INVALID_EXPRESSION_ERR, e);\r\n            }\r\n        };\r\n        doc.createNSResolver = function (n) {\r\n            return new NodeXPathNSResolver(n);\r\n        };\r\n        doc.evaluate = function (e, cn, r, t, res) {\r\n            if (t < 0 || t > 9) {\r\n                throw { code: 0, toString: function () { return \"Request type not supported\"; } };\r\n            }\r\n            return doc.createExpression(e, r, p).evaluate(cn, t, res);\r\n        };\r\n    };\r\n\r\n    // ---------------------------------------------------------------------------\r\n\r\n    // Install DOM 3 XPath support for the current document.\r\n    try {\r\n        var shouldInstall = true;\r\n        try {\r\n            if (document.implementation\r\n                && document.implementation.hasFeature\r\n                && document.implementation.hasFeature(\"XPath\", null)) {\r\n                shouldInstall = false;\r\n            }\r\n        } catch (e) {\r\n        }\r\n        if (shouldInstall) {\r\n            installDOM3XPathSupport(document, new XPathParser());\r\n        }\r\n    } catch (e) {\r\n    }\r\n\r\n    // ---------------------------------------------------------------------------\r\n    // exports for node.js\r\n\r\n    installDOM3XPathSupport(exports, new XPathParser());\r\n\r\n    (function () {\r\n        var parser = new XPathParser();\r\n\r\n        var defaultNSResolver = new NamespaceResolver();\r\n        var defaultFunctionResolver = new FunctionResolver();\r\n        var defaultVariableResolver = new VariableResolver();\r\n\r\n        function makeNSResolverFromFunction(func) {\r\n            return {\r\n                getNamespace: function (prefix, node) {\r\n                    var ns = func(prefix, node);\r\n\r\n                    return ns || defaultNSResolver.getNamespace(prefix, node);\r\n                }\r\n            };\r\n        }\r\n\r\n        function makeNSResolverFromObject(obj) {\r\n            return makeNSResolverFromFunction(obj.getNamespace.bind(obj));\r\n        }\r\n\r\n        function makeNSResolverFromMap(map) {\r\n            return makeNSResolverFromFunction(function (prefix) {\r\n                return map[prefix];\r\n            });\r\n        }\r\n\r\n        function makeNSResolver(resolver) {\r\n            if (resolver && typeof resolver.getNamespace === \"function\") {\r\n                return makeNSResolverFromObject(resolver);\r\n            }\r\n\r\n            if (typeof resolver === \"function\") {\r\n                return makeNSResolverFromFunction(resolver);\r\n            }\r\n\r\n            // assume prefix -> uri mapping\r\n            if (typeof resolver === \"object\") {\r\n                return makeNSResolverFromMap(resolver);\r\n            }\r\n\r\n            return defaultNSResolver;\r\n        }\r\n\r\n        /** Converts native JavaScript types to their XPath library equivalent */\r\n        function convertValue(value) {\r\n            if (value === null ||\r\n                typeof value === \"undefined\" ||\r\n                value instanceof XString ||\r\n                value instanceof XBoolean ||\r\n                value instanceof XNumber ||\r\n                value instanceof XNodeSet) {\r\n                return value;\r\n            }\r\n\r\n            switch (typeof value) {\r\n                case \"string\": return new XString(value);\r\n                case \"boolean\": return new XBoolean(value);\r\n                case \"number\": return new XNumber(value);\r\n            }\r\n\r\n            // assume node(s)\r\n            var ns = new XNodeSet();\r\n            ns.addArray([].concat(value));\r\n            return ns;\r\n        }\r\n\r\n        function makeEvaluator(func) {\r\n            return function (context) {\r\n                var args = Array.prototype.slice.call(arguments, 1).map(function (arg) {\r\n                    return arg.evaluate(context);\r\n                });\r\n                var result = func.apply(this, [].concat(context, args));\r\n                return convertValue(result);\r\n            };\r\n        }\r\n\r\n        function makeFunctionResolverFromFunction(func) {\r\n            return {\r\n                getFunction: function (name, namespace) {\r\n                    var found = func(name, namespace);\r\n                    if (found) {\r\n                        return makeEvaluator(found);\r\n                    }\r\n                    return defaultFunctionResolver.getFunction(name, namespace);\r\n                }\r\n            };\r\n        }\r\n\r\n        function makeFunctionResolverFromObject(obj) {\r\n            return makeFunctionResolverFromFunction(obj.getFunction.bind(obj));\r\n        }\r\n\r\n        function makeFunctionResolverFromMap(map) {\r\n            return makeFunctionResolverFromFunction(function (name) {\r\n                return map[name];\r\n            });\r\n        }\r\n\r\n        function makeFunctionResolver(resolver) {\r\n            if (resolver && typeof resolver.getFunction === \"function\") {\r\n                return makeFunctionResolverFromObject(resolver);\r\n            }\r\n\r\n            if (typeof resolver === \"function\") {\r\n                return makeFunctionResolverFromFunction(resolver);\r\n            }\r\n\r\n            // assume map\r\n            if (typeof resolver === \"object\") {\r\n                return makeFunctionResolverFromMap(resolver);\r\n            }\r\n\r\n            return defaultFunctionResolver;\r\n        }\r\n\r\n        function makeVariableResolverFromFunction(func) {\r\n            return {\r\n                getVariable: function (name, namespace) {\r\n                    var value = func(name, namespace);\r\n                    return convertValue(value);\r\n                }\r\n            };\r\n        }\r\n\r\n        function makeVariableResolver(resolver) {\r\n            if (resolver) {\r\n                if (typeof resolver.getVariable === \"function\") {\r\n                    return makeVariableResolverFromFunction(resolver.getVariable.bind(resolver));\r\n                }\r\n\r\n                if (typeof resolver === \"function\") {\r\n                    return makeVariableResolverFromFunction(resolver);\r\n                }\r\n\r\n                // assume map\r\n                if (typeof resolver === \"object\") {\r\n                    return makeVariableResolverFromFunction(function (name) {\r\n                        return resolver[name];\r\n                    });\r\n                }\r\n            }\r\n\r\n            return defaultVariableResolver;\r\n        }\r\n\r\n        function copyIfPresent(prop, dest, source) {\r\n            if (prop in source) { dest[prop] = source[prop]; }\r\n        }\r\n\r\n        function makeContext(options) {\r\n            var context = new XPathContext();\r\n\r\n            if (options) {\r\n                context.namespaceResolver = makeNSResolver(options.namespaces);\r\n                context.functionResolver = makeFunctionResolver(options.functions);\r\n                context.variableResolver = makeVariableResolver(options.variables);\r\n                context.expressionContextNode = options.node;\r\n                copyIfPresent('allowAnyNamespaceForNoPrefix', context, options);\r\n                copyIfPresent('isHtml', context, options);\r\n            } else {\r\n                context.namespaceResolver = defaultNSResolver;\r\n            }\r\n\r\n            return context;\r\n        }\r\n\r\n        function evaluate(parsedExpression, options) {\r\n            var context = makeContext(options);\r\n\r\n            return parsedExpression.evaluate(context);\r\n        }\r\n\r\n        var evaluatorPrototype = {\r\n            evaluate: function (options) {\r\n                return evaluate(this.expression, options);\r\n            }\r\n\r\n            , evaluateNumber: function (options) {\r\n                return this.evaluate(options).numberValue();\r\n            }\r\n\r\n            , evaluateString: function (options) {\r\n                return this.evaluate(options).stringValue();\r\n            }\r\n\r\n            , evaluateBoolean: function (options) {\r\n                return this.evaluate(options).booleanValue();\r\n            }\r\n\r\n            , evaluateNodeSet: function (options) {\r\n                return this.evaluate(options).nodeset();\r\n            }\r\n\r\n            , select: function (options) {\r\n                return this.evaluateNodeSet(options).toArray()\r\n            }\r\n\r\n            , select1: function (options) {\r\n                return this.select(options)[0];\r\n            }\r\n        };\r\n\r\n        function parse(xpath) {\r\n            var parsed = parser.parse(xpath);\r\n\r\n            return Object.create(evaluatorPrototype, {\r\n                expression: {\r\n                    value: parsed\r\n                }\r\n            });\r\n        }\r\n\r\n        exports.parse = parse;\r\n    })();\r\n\r\n    assign(\r\n        exports,\r\n        {\r\n            XPath: XPath,\r\n            XPathParser: XPathParser,\r\n            XPathResult: XPathResult,\r\n\r\n            Step: Step,\r\n            PathExpr: PathExpr,\r\n            NodeTest: NodeTest,\r\n            LocationPath: LocationPath,\r\n\r\n            OrOperation: OrOperation,\r\n            AndOperation: AndOperation,\r\n\r\n            BarOperation: BarOperation,\r\n\r\n            EqualsOperation: EqualsOperation,\r\n            NotEqualOperation: NotEqualOperation,\r\n            LessThanOperation: LessThanOperation,\r\n            GreaterThanOperation: GreaterThanOperation,\r\n            LessThanOrEqualOperation: LessThanOrEqualOperation,\r\n            GreaterThanOrEqualOperation: GreaterThanOrEqualOperation,\r\n\r\n            PlusOperation: PlusOperation,\r\n            MinusOperation: MinusOperation,\r\n            MultiplyOperation: MultiplyOperation,\r\n            DivOperation: DivOperation,\r\n            ModOperation: ModOperation,\r\n            UnaryMinusOperation: UnaryMinusOperation,\r\n\r\n            FunctionCall: FunctionCall,\r\n            VariableReference: VariableReference,\r\n\r\n            XPathContext: XPathContext,\r\n\r\n            XNodeSet: XNodeSet,\r\n            XBoolean: XBoolean,\r\n            XString: XString,\r\n            XNumber: XNumber,\r\n\r\n            NamespaceResolver: NamespaceResolver,\r\n            FunctionResolver: FunctionResolver,\r\n            VariableResolver: VariableResolver,\r\n\r\n            Utilities: Utilities,\r\n        }\r\n    );\r\n\r\n    // helper\r\n    exports.select = function (e, doc, single) {\r\n        return exports.selectWithResolver(e, doc, null, single);\r\n    };\r\n\r\n    exports.useNamespaces = function (mappings) {\r\n        var resolver = {\r\n            mappings: mappings || {},\r\n            lookupNamespaceURI: function (prefix) {\r\n                return this.mappings[prefix];\r\n            }\r\n        };\r\n\r\n        return function (e, doc, single) {\r\n            return exports.selectWithResolver(e, doc, resolver, single);\r\n        };\r\n    };\r\n\r\n    exports.selectWithResolver = function (e, doc, resolver, single) {\r\n        var expression = new XPathExpression(e, resolver, new XPathParser());\r\n        var type = XPathResult.ANY_TYPE;\r\n\r\n        var result = expression.evaluate(doc, type, null);\r\n\r\n        if (result.resultType == XPathResult.STRING_TYPE) {\r\n            result = result.stringValue;\r\n        }\r\n        else if (result.resultType == XPathResult.NUMBER_TYPE) {\r\n            result = result.numberValue;\r\n        }\r\n        else if (result.resultType == XPathResult.BOOLEAN_TYPE) {\r\n            result = result.booleanValue;\r\n        }\r\n        else {\r\n            result = result.nodes;\r\n            if (single) {\r\n                result = result[0];\r\n            }\r\n        }\r\n\r\n        return result;\r\n    };\r\n\r\n    exports.select1 = function (e, doc) {\r\n        return exports.select(e, doc, true);\r\n    };\r\n\r\n    var isArrayOfNodes = function (value) {\r\n        return Array.isArray(value) && value.every(isNodeLike);\r\n    };\r\n\r\n    var isNodeOfType = function (type) {\r\n        return function (value) {\r\n            return isNodeLike(value) && value.nodeType === type;\r\n        };\r\n    };\r\n\r\n    assign(\r\n        exports,\r\n        {\r\n            isNodeLike: isNodeLike,\r\n            isArrayOfNodes: isArrayOfNodes,\r\n            isElement: isNodeOfType(NodeTypes.ELEMENT_NODE),\r\n            isAttribute: isNodeOfType(NodeTypes.ATTRIBUTE_NODE),\r\n            isTextNode: isNodeOfType(NodeTypes.TEXT_NODE),\r\n            isCDATASection: isNodeOfType(NodeTypes.CDATA_SECTION_NODE),\r\n            isProcessingInstruction: isNodeOfType(NodeTypes.PROCESSING_INSTRUCTION_NODE),\r\n            isComment: isNodeOfType(NodeTypes.COMMENT_NODE),\r\n            isDocumentNode: isNodeOfType(NodeTypes.DOCUMENT_NODE),\r\n            isDocumentTypeNode: isNodeOfType(NodeTypes.DOCUMENT_TYPE_NODE),\r\n            isDocumentFragment: isNodeOfType(NodeTypes.DOCUMENT_FRAGMENT_NODE),\r\n        }\r\n    );\r\n    // end non-node wrapper\r\n})(xpath);\r\n","module.exports = require(\"assert\");","module.exports = require(\"async_hooks\");","module.exports = require(\"buffer\");","module.exports = require(\"child_process\");","module.exports = require(\"console\");","module.exports = require(\"crypto\");","module.exports = require(\"diagnostics_channel\");","module.exports = require(\"events\");","module.exports = require(\"fs\");","module.exports = require(\"http\");","module.exports = require(\"http2\");","module.exports = require(\"https\");","module.exports = require(\"net\");","module.exports = require(\"node:crypto\");","module.exports = require(\"node:events\");","module.exports = require(\"node:stream\");","module.exports = require(\"node:util\");","module.exports = require(\"os\");","module.exports = require(\"path\");","module.exports = require(\"perf_hooks\");","module.exports = require(\"process\");","module.exports = require(\"querystring\");","module.exports = require(\"stream\");","module.exports = require(\"stream/web\");","module.exports = require(\"string_decoder\");","module.exports = require(\"timers\");","module.exports = require(\"tls\");","module.exports = require(\"url\");","module.exports = require(\"util\");","module.exports = require(\"util/types\");","module.exports = require(\"vm\");","module.exports = require(\"worker_threads\");","module.exports = require(\"zlib\");","'use strict'\n\nconst WritableStream = require('node:stream').Writable\nconst inherits = require('node:util').inherits\n\nconst StreamSearch = require('../../streamsearch/sbmh')\n\nconst PartStream = require('./PartStream')\nconst HeaderParser = require('./HeaderParser')\n\nconst DASH = 45\nconst B_ONEDASH = Buffer.from('-')\nconst B_CRLF = Buffer.from('\\r\\n')\nconst EMPTY_FN = function () {}\n\nfunction Dicer (cfg) {\n  if (!(this instanceof Dicer)) { return new Dicer(cfg) }\n  WritableStream.call(this, cfg)\n\n  if (!cfg || (!cfg.headerFirst && typeof cfg.boundary !== 'string')) { throw new TypeError('Boundary required') }\n\n  if (typeof cfg.boundary === 'string') { this.setBoundary(cfg.boundary) } else { this._bparser = undefined }\n\n  this._headerFirst = cfg.headerFirst\n\n  this._dashes = 0\n  this._parts = 0\n  this._finished = false\n  this._realFinish = false\n  this._isPreamble = true\n  this._justMatched = false\n  this._firstWrite = true\n  this._inHeader = true\n  this._part = undefined\n  this._cb = undefined\n  this._ignoreData = false\n  this._partOpts = { highWaterMark: cfg.partHwm }\n  this._pause = false\n\n  const self = this\n  this._hparser = new HeaderParser(cfg)\n  this._hparser.on('header', function (header) {\n    self._inHeader = false\n    self._part.emit('header', header)\n  })\n}\ninherits(Dicer, WritableStream)\n\nDicer.prototype.emit = function (ev) {\n  if (ev === 'finish' && !this._realFinish) {\n    if (!this._finished) {\n      const self = this\n      process.nextTick(function () {\n        self.emit('error', new Error('Unexpected end of multipart data'))\n        if (self._part && !self._ignoreData) {\n          const type = (self._isPreamble ? 'Preamble' : 'Part')\n          self._part.emit('error', new Error(type + ' terminated early due to unexpected end of multipart data'))\n          self._part.push(null)\n          process.nextTick(function () {\n            self._realFinish = true\n            self.emit('finish')\n            self._realFinish = false\n          })\n          return\n        }\n        self._realFinish = true\n        self.emit('finish')\n        self._realFinish = false\n      })\n    }\n  } else { WritableStream.prototype.emit.apply(this, arguments) }\n}\n\nDicer.prototype._write = function (data, encoding, cb) {\n  // ignore unexpected data (e.g. extra trailer data after finished)\n  if (!this._hparser && !this._bparser) { return cb() }\n\n  if (this._headerFirst && this._isPreamble) {\n    if (!this._part) {\n      this._part = new PartStream(this._partOpts)\n      if (this.listenerCount('preamble') !== 0) { this.emit('preamble', this._part) } else { this._ignore() }\n    }\n    const r = this._hparser.push(data)\n    if (!this._inHeader && r !== undefined && r < data.length) { data = data.slice(r) } else { return cb() }\n  }\n\n  // allows for \"easier\" testing\n  if (this._firstWrite) {\n    this._bparser.push(B_CRLF)\n    this._firstWrite = false\n  }\n\n  this._bparser.push(data)\n\n  if (this._pause) { this._cb = cb } else { cb() }\n}\n\nDicer.prototype.reset = function () {\n  this._part = undefined\n  this._bparser = undefined\n  this._hparser = undefined\n}\n\nDicer.prototype.setBoundary = function (boundary) {\n  const self = this\n  this._bparser = new StreamSearch('\\r\\n--' + boundary)\n  this._bparser.on('info', function (isMatch, data, start, end) {\n    self._oninfo(isMatch, data, start, end)\n  })\n}\n\nDicer.prototype._ignore = function () {\n  if (this._part && !this._ignoreData) {\n    this._ignoreData = true\n    this._part.on('error', EMPTY_FN)\n    // we must perform some kind of read on the stream even though we are\n    // ignoring the data, otherwise node's Readable stream will not emit 'end'\n    // after pushing null to the stream\n    this._part.resume()\n  }\n}\n\nDicer.prototype._oninfo = function (isMatch, data, start, end) {\n  let buf; const self = this; let i = 0; let r; let shouldWriteMore = true\n\n  if (!this._part && this._justMatched && data) {\n    while (this._dashes < 2 && (start + i) < end) {\n      if (data[start + i] === DASH) {\n        ++i\n        ++this._dashes\n      } else {\n        if (this._dashes) { buf = B_ONEDASH }\n        this._dashes = 0\n        break\n      }\n    }\n    if (this._dashes === 2) {\n      if ((start + i) < end && this.listenerCount('trailer') !== 0) { this.emit('trailer', data.slice(start + i, end)) }\n      this.reset()\n      this._finished = true\n      // no more parts will be added\n      if (self._parts === 0) {\n        self._realFinish = true\n        self.emit('finish')\n        self._realFinish = false\n      }\n    }\n    if (this._dashes) { return }\n  }\n  if (this._justMatched) { this._justMatched = false }\n  if (!this._part) {\n    this._part = new PartStream(this._partOpts)\n    this._part._read = function (n) {\n      self._unpause()\n    }\n    if (this._isPreamble && this.listenerCount('preamble') !== 0) {\n      this.emit('preamble', this._part)\n    } else if (this._isPreamble !== true && this.listenerCount('part') !== 0) {\n      this.emit('part', this._part)\n    } else {\n      this._ignore()\n    }\n    if (!this._isPreamble) { this._inHeader = true }\n  }\n  if (data && start < end && !this._ignoreData) {\n    if (this._isPreamble || !this._inHeader) {\n      if (buf) { shouldWriteMore = this._part.push(buf) }\n      shouldWriteMore = this._part.push(data.slice(start, end))\n      if (!shouldWriteMore) { this._pause = true }\n    } else if (!this._isPreamble && this._inHeader) {\n      if (buf) { this._hparser.push(buf) }\n      r = this._hparser.push(data.slice(start, end))\n      if (!this._inHeader && r !== undefined && r < end) { this._oninfo(false, data, start + r, end) }\n    }\n  }\n  if (isMatch) {\n    this._hparser.reset()\n    if (this._isPreamble) { this._isPreamble = false } else {\n      if (start !== end) {\n        ++this._parts\n        this._part.on('end', function () {\n          if (--self._parts === 0) {\n            if (self._finished) {\n              self._realFinish = true\n              self.emit('finish')\n              self._realFinish = false\n            } else {\n              self._unpause()\n            }\n          }\n        })\n      }\n    }\n    this._part.push(null)\n    this._part = undefined\n    this._ignoreData = false\n    this._justMatched = true\n    this._dashes = 0\n  }\n}\n\nDicer.prototype._unpause = function () {\n  if (!this._pause) { return }\n\n  this._pause = false\n  if (this._cb) {\n    const cb = this._cb\n    this._cb = undefined\n    cb()\n  }\n}\n\nmodule.exports = Dicer\n","'use strict'\n\nconst EventEmitter = require('node:events').EventEmitter\nconst inherits = require('node:util').inherits\nconst getLimit = require('../../../lib/utils/getLimit')\n\nconst StreamSearch = require('../../streamsearch/sbmh')\n\nconst B_DCRLF = Buffer.from('\\r\\n\\r\\n')\nconst RE_CRLF = /\\r\\n/g\nconst RE_HDR = /^([^:]+):[ \\t]?([\\x00-\\xFF]+)?$/ // eslint-disable-line no-control-regex\n\nfunction HeaderParser (cfg) {\n  EventEmitter.call(this)\n\n  cfg = cfg || {}\n  const self = this\n  this.nread = 0\n  this.maxed = false\n  this.npairs = 0\n  this.maxHeaderPairs = getLimit(cfg, 'maxHeaderPairs', 2000)\n  this.maxHeaderSize = getLimit(cfg, 'maxHeaderSize', 80 * 1024)\n  this.buffer = ''\n  this.header = {}\n  this.finished = false\n  this.ss = new StreamSearch(B_DCRLF)\n  this.ss.on('info', function (isMatch, data, start, end) {\n    if (data && !self.maxed) {\n      if (self.nread + end - start >= self.maxHeaderSize) {\n        end = self.maxHeaderSize - self.nread + start\n        self.nread = self.maxHeaderSize\n        self.maxed = true\n      } else { self.nread += (end - start) }\n\n      self.buffer += data.toString('binary', start, end)\n    }\n    if (isMatch) { self._finish() }\n  })\n}\ninherits(HeaderParser, EventEmitter)\n\nHeaderParser.prototype.push = function (data) {\n  const r = this.ss.push(data)\n  if (this.finished) { return r }\n}\n\nHeaderParser.prototype.reset = function () {\n  this.finished = false\n  this.buffer = ''\n  this.header = {}\n  this.ss.reset()\n}\n\nHeaderParser.prototype._finish = function () {\n  if (this.buffer) { this._parseHeader() }\n  this.ss.matches = this.ss.maxMatches\n  const header = this.header\n  this.header = {}\n  this.buffer = ''\n  this.finished = true\n  this.nread = this.npairs = 0\n  this.maxed = false\n  this.emit('header', header)\n}\n\nHeaderParser.prototype._parseHeader = function () {\n  if (this.npairs === this.maxHeaderPairs) { return }\n\n  const lines = this.buffer.split(RE_CRLF)\n  const len = lines.length\n  let m, h\n\n  for (var i = 0; i < len; ++i) { // eslint-disable-line no-var\n    if (lines[i].length === 0) { continue }\n    if (lines[i][0] === '\\t' || lines[i][0] === ' ') {\n      // folded header content\n      // RFC2822 says to just remove the CRLF and not the whitespace following\n      // it, so we follow the RFC and include the leading whitespace ...\n      if (h) {\n        this.header[h][this.header[h].length - 1] += lines[i]\n        continue\n      }\n    }\n\n    const posColon = lines[i].indexOf(':')\n    if (\n      posColon === -1 ||\n      posColon === 0\n    ) {\n      return\n    }\n    m = RE_HDR.exec(lines[i])\n    h = m[1].toLowerCase()\n    this.header[h] = this.header[h] || []\n    this.header[h].push((m[2] || ''))\n    if (++this.npairs === this.maxHeaderPairs) { break }\n  }\n}\n\nmodule.exports = HeaderParser\n","'use strict'\n\nconst inherits = require('node:util').inherits\nconst ReadableStream = require('node:stream').Readable\n\nfunction PartStream (opts) {\n  ReadableStream.call(this, opts)\n}\ninherits(PartStream, ReadableStream)\n\nPartStream.prototype._read = function (n) {}\n\nmodule.exports = PartStream\n","'use strict'\n\n/**\n * Copyright Brian White. All rights reserved.\n *\n * @see https://github.com/mscdex/streamsearch\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n *\n * Based heavily on the Streaming Boyer-Moore-Horspool C++ implementation\n * by Hongli Lai at: https://github.com/FooBarWidget/boyer-moore-horspool\n */\nconst EventEmitter = require('node:events').EventEmitter\nconst inherits = require('node:util').inherits\n\nfunction SBMH (needle) {\n  if (typeof needle === 'string') {\n    needle = Buffer.from(needle)\n  }\n\n  if (!Buffer.isBuffer(needle)) {\n    throw new TypeError('The needle has to be a String or a Buffer.')\n  }\n\n  const needleLength = needle.length\n\n  if (needleLength === 0) {\n    throw new Error('The needle cannot be an empty String/Buffer.')\n  }\n\n  if (needleLength > 256) {\n    throw new Error('The needle cannot have a length bigger than 256.')\n  }\n\n  this.maxMatches = Infinity\n  this.matches = 0\n\n  this._occ = new Array(256)\n    .fill(needleLength) // Initialize occurrence table.\n  this._lookbehind_size = 0\n  this._needle = needle\n  this._bufpos = 0\n\n  this._lookbehind = Buffer.alloc(needleLength)\n\n  // Populate occurrence table with analysis of the needle,\n  // ignoring last letter.\n  for (var i = 0; i < needleLength - 1; ++i) { // eslint-disable-line no-var\n    this._occ[needle[i]] = needleLength - 1 - i\n  }\n}\ninherits(SBMH, EventEmitter)\n\nSBMH.prototype.reset = function () {\n  this._lookbehind_size = 0\n  this.matches = 0\n  this._bufpos = 0\n}\n\nSBMH.prototype.push = function (chunk, pos) {\n  if (!Buffer.isBuffer(chunk)) {\n    chunk = Buffer.from(chunk, 'binary')\n  }\n  const chlen = chunk.length\n  this._bufpos = pos || 0\n  let r\n  while (r !== chlen && this.matches < this.maxMatches) { r = this._sbmh_feed(chunk) }\n  return r\n}\n\nSBMH.prototype._sbmh_feed = function (data) {\n  const len = data.length\n  const needle = this._needle\n  const needleLength = needle.length\n  const lastNeedleChar = needle[needleLength - 1]\n\n  // Positive: points to a position in `data`\n  //           pos == 3 points to data[3]\n  // Negative: points to a position in the lookbehind buffer\n  //           pos == -2 points to lookbehind[lookbehind_size - 2]\n  let pos = -this._lookbehind_size\n  let ch\n\n  if (pos < 0) {\n    // Lookbehind buffer is not empty. Perform Boyer-Moore-Horspool\n    // search with character lookup code that considers both the\n    // lookbehind buffer and the current round's haystack data.\n    //\n    // Loop until\n    //   there is a match.\n    // or until\n    //   we've moved past the position that requires the\n    //   lookbehind buffer. In this case we switch to the\n    //   optimized loop.\n    // or until\n    //   the character to look at lies outside the haystack.\n    while (pos < 0 && pos <= len - needleLength) {\n      ch = this._sbmh_lookup_char(data, pos + needleLength - 1)\n\n      if (\n        ch === lastNeedleChar &&\n        this._sbmh_memcmp(data, pos, needleLength - 1)\n      ) {\n        this._lookbehind_size = 0\n        ++this.matches\n        this.emit('info', true)\n\n        return (this._bufpos = pos + needleLength)\n      }\n      pos += this._occ[ch]\n    }\n\n    // No match.\n\n    if (pos < 0) {\n      // There's too few data for Boyer-Moore-Horspool to run,\n      // so let's use a different algorithm to skip as much as\n      // we can.\n      // Forward pos until\n      //   the trailing part of lookbehind + data\n      //   looks like the beginning of the needle\n      // or until\n      //   pos == 0\n      while (pos < 0 && !this._sbmh_memcmp(data, pos, len - pos)) { ++pos }\n    }\n\n    if (pos >= 0) {\n      // Discard lookbehind buffer.\n      this.emit('info', false, this._lookbehind, 0, this._lookbehind_size)\n      this._lookbehind_size = 0\n    } else {\n      // Cut off part of the lookbehind buffer that has\n      // been processed and append the entire haystack\n      // into it.\n      const bytesToCutOff = this._lookbehind_size + pos\n      if (bytesToCutOff > 0) {\n        // The cut off data is guaranteed not to contain the needle.\n        this.emit('info', false, this._lookbehind, 0, bytesToCutOff)\n      }\n\n      this._lookbehind.copy(this._lookbehind, 0, bytesToCutOff,\n        this._lookbehind_size - bytesToCutOff)\n      this._lookbehind_size -= bytesToCutOff\n\n      data.copy(this._lookbehind, this._lookbehind_size)\n      this._lookbehind_size += len\n\n      this._bufpos = len\n      return len\n    }\n  }\n\n  pos += (pos >= 0) * this._bufpos\n\n  // Lookbehind buffer is now empty. We only need to check if the\n  // needle is in the haystack.\n  if (data.indexOf(needle, pos) !== -1) {\n    pos = data.indexOf(needle, pos)\n    ++this.matches\n    if (pos > 0) { this.emit('info', true, data, this._bufpos, pos) } else { this.emit('info', true) }\n\n    return (this._bufpos = pos + needleLength)\n  } else {\n    pos = len - needleLength\n  }\n\n  // There was no match. If there's trailing haystack data that we cannot\n  // match yet using the Boyer-Moore-Horspool algorithm (because the trailing\n  // data is less than the needle size) then match using a modified\n  // algorithm that starts matching from the beginning instead of the end.\n  // Whatever trailing data is left after running this algorithm is added to\n  // the lookbehind buffer.\n  while (\n    pos < len &&\n    (\n      data[pos] !== needle[0] ||\n      (\n        (Buffer.compare(\n          data.subarray(pos, pos + len - pos),\n          needle.subarray(0, len - pos)\n        ) !== 0)\n      )\n    )\n  ) {\n    ++pos\n  }\n  if (pos < len) {\n    data.copy(this._lookbehind, 0, pos, pos + (len - pos))\n    this._lookbehind_size = len - pos\n  }\n\n  // Everything until pos is guaranteed not to contain needle data.\n  if (pos > 0) { this.emit('info', false, data, this._bufpos, pos < len ? pos : len) }\n\n  this._bufpos = len\n  return len\n}\n\nSBMH.prototype._sbmh_lookup_char = function (data, pos) {\n  return (pos < 0)\n    ? this._lookbehind[this._lookbehind_size + pos]\n    : data[pos]\n}\n\nSBMH.prototype._sbmh_memcmp = function (data, pos, len) {\n  for (var i = 0; i < len; ++i) { // eslint-disable-line no-var\n    if (this._sbmh_lookup_char(data, pos + i) !== this._needle[i]) { return false }\n  }\n  return true\n}\n\nmodule.exports = SBMH\n","'use strict'\n\nconst WritableStream = require('node:stream').Writable\nconst { inherits } = require('node:util')\nconst Dicer = require('../deps/dicer/lib/Dicer')\n\nconst MultipartParser = require('./types/multipart')\nconst UrlencodedParser = require('./types/urlencoded')\nconst parseParams = require('./utils/parseParams')\n\nfunction Busboy (opts) {\n  if (!(this instanceof Busboy)) { return new Busboy(opts) }\n\n  if (typeof opts !== 'object') {\n    throw new TypeError('Busboy expected an options-Object.')\n  }\n  if (typeof opts.headers !== 'object') {\n    throw new TypeError('Busboy expected an options-Object with headers-attribute.')\n  }\n  if (typeof opts.headers['content-type'] !== 'string') {\n    throw new TypeError('Missing Content-Type-header.')\n  }\n\n  const {\n    headers,\n    ...streamOptions\n  } = opts\n\n  this.opts = {\n    autoDestroy: false,\n    ...streamOptions\n  }\n  WritableStream.call(this, this.opts)\n\n  this._done = false\n  this._parser = this.getParserByHeaders(headers)\n  this._finished = false\n}\ninherits(Busboy, WritableStream)\n\nBusboy.prototype.emit = function (ev) {\n  if (ev === 'finish') {\n    if (!this._done) {\n      this._parser?.end()\n      return\n    } else if (this._finished) {\n      return\n    }\n    this._finished = true\n  }\n  WritableStream.prototype.emit.apply(this, arguments)\n}\n\nBusboy.prototype.getParserByHeaders = function (headers) {\n  const parsed = parseParams(headers['content-type'])\n\n  const cfg = {\n    defCharset: this.opts.defCharset,\n    fileHwm: this.opts.fileHwm,\n    headers,\n    highWaterMark: this.opts.highWaterMark,\n    isPartAFile: this.opts.isPartAFile,\n    limits: this.opts.limits,\n    parsedConType: parsed,\n    preservePath: this.opts.preservePath\n  }\n\n  if (MultipartParser.detect.test(parsed[0])) {\n    return new MultipartParser(this, cfg)\n  }\n  if (UrlencodedParser.detect.test(parsed[0])) {\n    return new UrlencodedParser(this, cfg)\n  }\n  throw new Error('Unsupported Content-Type.')\n}\n\nBusboy.prototype._write = function (chunk, encoding, cb) {\n  this._parser.write(chunk, cb)\n}\n\nmodule.exports = Busboy\nmodule.exports.default = Busboy\nmodule.exports.Busboy = Busboy\n\nmodule.exports.Dicer = Dicer\n","'use strict'\n\n// TODO:\n//  * support 1 nested multipart level\n//    (see second multipart example here:\n//     http://www.w3.org/TR/html401/interact/forms.html#didx-multipartform-data)\n//  * support limits.fieldNameSize\n//     -- this will require modifications to utils.parseParams\n\nconst { Readable } = require('node:stream')\nconst { inherits } = require('node:util')\n\nconst Dicer = require('../../deps/dicer/lib/Dicer')\n\nconst parseParams = require('../utils/parseParams')\nconst decodeText = require('../utils/decodeText')\nconst basename = require('../utils/basename')\nconst getLimit = require('../utils/getLimit')\n\nconst RE_BOUNDARY = /^boundary$/i\nconst RE_FIELD = /^form-data$/i\nconst RE_CHARSET = /^charset$/i\nconst RE_FILENAME = /^filename$/i\nconst RE_NAME = /^name$/i\n\nMultipart.detect = /^multipart\\/form-data/i\nfunction Multipart (boy, cfg) {\n  let i\n  let len\n  const self = this\n  let boundary\n  const limits = cfg.limits\n  const isPartAFile = cfg.isPartAFile || ((fieldName, contentType, fileName) => (contentType === 'application/octet-stream' || fileName !== undefined))\n  const parsedConType = cfg.parsedConType || []\n  const defCharset = cfg.defCharset || 'utf8'\n  const preservePath = cfg.preservePath\n  const fileOpts = { highWaterMark: cfg.fileHwm }\n\n  for (i = 0, len = parsedConType.length; i < len; ++i) {\n    if (Array.isArray(parsedConType[i]) &&\n      RE_BOUNDARY.test(parsedConType[i][0])) {\n      boundary = parsedConType[i][1]\n      break\n    }\n  }\n\n  function checkFinished () {\n    if (nends === 0 && finished && !boy._done) {\n      finished = false\n      self.end()\n    }\n  }\n\n  if (typeof boundary !== 'string') { throw new Error('Multipart: Boundary not found') }\n\n  const fieldSizeLimit = getLimit(limits, 'fieldSize', 1 * 1024 * 1024)\n  const fileSizeLimit = getLimit(limits, 'fileSize', Infinity)\n  const filesLimit = getLimit(limits, 'files', Infinity)\n  const fieldsLimit = getLimit(limits, 'fields', Infinity)\n  const partsLimit = getLimit(limits, 'parts', Infinity)\n  const headerPairsLimit = getLimit(limits, 'headerPairs', 2000)\n  const headerSizeLimit = getLimit(limits, 'headerSize', 80 * 1024)\n\n  let nfiles = 0\n  let nfields = 0\n  let nends = 0\n  let curFile\n  let curField\n  let finished = false\n\n  this._needDrain = false\n  this._pause = false\n  this._cb = undefined\n  this._nparts = 0\n  this._boy = boy\n\n  const parserCfg = {\n    boundary,\n    maxHeaderPairs: headerPairsLimit,\n    maxHeaderSize: headerSizeLimit,\n    partHwm: fileOpts.highWaterMark,\n    highWaterMark: cfg.highWaterMark\n  }\n\n  this.parser = new Dicer(parserCfg)\n  this.parser.on('drain', function () {\n    self._needDrain = false\n    if (self._cb && !self._pause) {\n      const cb = self._cb\n      self._cb = undefined\n      cb()\n    }\n  }).on('part', function onPart (part) {\n    if (++self._nparts > partsLimit) {\n      self.parser.removeListener('part', onPart)\n      self.parser.on('part', skipPart)\n      boy.hitPartsLimit = true\n      boy.emit('partsLimit')\n      return skipPart(part)\n    }\n\n    // hack because streams2 _always_ doesn't emit 'end' until nextTick, so let\n    // us emit 'end' early since we know the part has ended if we are already\n    // seeing the next part\n    if (curField) {\n      const field = curField\n      field.emit('end')\n      field.removeAllListeners('end')\n    }\n\n    part.on('header', function (header) {\n      let contype\n      let fieldname\n      let parsed\n      let charset\n      let encoding\n      let filename\n      let nsize = 0\n\n      if (header['content-type']) {\n        parsed = parseParams(header['content-type'][0])\n        if (parsed[0]) {\n          contype = parsed[0].toLowerCase()\n          for (i = 0, len = parsed.length; i < len; ++i) {\n            if (RE_CHARSET.test(parsed[i][0])) {\n              charset = parsed[i][1].toLowerCase()\n              break\n            }\n          }\n        }\n      }\n\n      if (contype === undefined) { contype = 'text/plain' }\n      if (charset === undefined) { charset = defCharset }\n\n      if (header['content-disposition']) {\n        parsed = parseParams(header['content-disposition'][0])\n        if (!RE_FIELD.test(parsed[0])) { return skipPart(part) }\n        for (i = 0, len = parsed.length; i < len; ++i) {\n          if (RE_NAME.test(parsed[i][0])) {\n            fieldname = parsed[i][1]\n          } else if (RE_FILENAME.test(parsed[i][0])) {\n            filename = parsed[i][1]\n            if (!preservePath) { filename = basename(filename) }\n          }\n        }\n      } else { return skipPart(part) }\n\n      if (header['content-transfer-encoding']) { encoding = header['content-transfer-encoding'][0].toLowerCase() } else { encoding = '7bit' }\n\n      let onData,\n        onEnd\n\n      if (isPartAFile(fieldname, contype, filename)) {\n        // file/binary field\n        if (nfiles === filesLimit) {\n          if (!boy.hitFilesLimit) {\n            boy.hitFilesLimit = true\n            boy.emit('filesLimit')\n          }\n          return skipPart(part)\n        }\n\n        ++nfiles\n\n        if (boy.listenerCount('file') === 0) {\n          self.parser._ignore()\n          return\n        }\n\n        ++nends\n        const file = new FileStream(fileOpts)\n        curFile = file\n        file.on('end', function () {\n          --nends\n          self._pause = false\n          checkFinished()\n          if (self._cb && !self._needDrain) {\n            const cb = self._cb\n            self._cb = undefined\n            cb()\n          }\n        })\n        file._read = function (n) {\n          if (!self._pause) { return }\n          self._pause = false\n          if (self._cb && !self._needDrain) {\n            const cb = self._cb\n            self._cb = undefined\n            cb()\n          }\n        }\n        boy.emit('file', fieldname, file, filename, encoding, contype)\n\n        onData = function (data) {\n          if ((nsize += data.length) > fileSizeLimit) {\n            const extralen = fileSizeLimit - nsize + data.length\n            if (extralen > 0) { file.push(data.slice(0, extralen)) }\n            file.truncated = true\n            file.bytesRead = fileSizeLimit\n            part.removeAllListeners('data')\n            file.emit('limit')\n            return\n          } else if (!file.push(data)) { self._pause = true }\n\n          file.bytesRead = nsize\n        }\n\n        onEnd = function () {\n          curFile = undefined\n          file.push(null)\n        }\n      } else {\n        // non-file field\n        if (nfields === fieldsLimit) {\n          if (!boy.hitFieldsLimit) {\n            boy.hitFieldsLimit = true\n            boy.emit('fieldsLimit')\n          }\n          return skipPart(part)\n        }\n\n        ++nfields\n        ++nends\n        let buffer = ''\n        let truncated = false\n        curField = part\n\n        onData = function (data) {\n          if ((nsize += data.length) > fieldSizeLimit) {\n            const extralen = (fieldSizeLimit - (nsize - data.length))\n            buffer += data.toString('binary', 0, extralen)\n            truncated = true\n            part.removeAllListeners('data')\n          } else { buffer += data.toString('binary') }\n        }\n\n        onEnd = function () {\n          curField = undefined\n          if (buffer.length) { buffer = decodeText(buffer, 'binary', charset) }\n          boy.emit('field', fieldname, buffer, false, truncated, encoding, contype)\n          --nends\n          checkFinished()\n        }\n      }\n\n      /* As of node@2efe4ab761666 (v0.10.29+/v0.11.14+), busboy had become\n         broken. Streams2/streams3 is a huge black box of confusion, but\n         somehow overriding the sync state seems to fix things again (and still\n         seems to work for previous node versions).\n      */\n      part._readableState.sync = false\n\n      part.on('data', onData)\n      part.on('end', onEnd)\n    }).on('error', function (err) {\n      if (curFile) { curFile.emit('error', err) }\n    })\n  }).on('error', function (err) {\n    boy.emit('error', err)\n  }).on('finish', function () {\n    finished = true\n    checkFinished()\n  })\n}\n\nMultipart.prototype.write = function (chunk, cb) {\n  const r = this.parser.write(chunk)\n  if (r && !this._pause) {\n    cb()\n  } else {\n    this._needDrain = !r\n    this._cb = cb\n  }\n}\n\nMultipart.prototype.end = function () {\n  const self = this\n\n  if (self.parser.writable) {\n    self.parser.end()\n  } else if (!self._boy._done) {\n    process.nextTick(function () {\n      self._boy._done = true\n      self._boy.emit('finish')\n    })\n  }\n}\n\nfunction skipPart (part) {\n  part.resume()\n}\n\nfunction FileStream (opts) {\n  Readable.call(this, opts)\n\n  this.bytesRead = 0\n\n  this.truncated = false\n}\n\ninherits(FileStream, Readable)\n\nFileStream.prototype._read = function (n) {}\n\nmodule.exports = Multipart\n","'use strict'\n\nconst Decoder = require('../utils/Decoder')\nconst decodeText = require('../utils/decodeText')\nconst getLimit = require('../utils/getLimit')\n\nconst RE_CHARSET = /^charset$/i\n\nUrlEncoded.detect = /^application\\/x-www-form-urlencoded/i\nfunction UrlEncoded (boy, cfg) {\n  const limits = cfg.limits\n  const parsedConType = cfg.parsedConType\n  this.boy = boy\n\n  this.fieldSizeLimit = getLimit(limits, 'fieldSize', 1 * 1024 * 1024)\n  this.fieldNameSizeLimit = getLimit(limits, 'fieldNameSize', 100)\n  this.fieldsLimit = getLimit(limits, 'fields', Infinity)\n\n  let charset\n  for (var i = 0, len = parsedConType.length; i < len; ++i) { // eslint-disable-line no-var\n    if (Array.isArray(parsedConType[i]) &&\n        RE_CHARSET.test(parsedConType[i][0])) {\n      charset = parsedConType[i][1].toLowerCase()\n      break\n    }\n  }\n\n  if (charset === undefined) { charset = cfg.defCharset || 'utf8' }\n\n  this.decoder = new Decoder()\n  this.charset = charset\n  this._fields = 0\n  this._state = 'key'\n  this._checkingBytes = true\n  this._bytesKey = 0\n  this._bytesVal = 0\n  this._key = ''\n  this._val = ''\n  this._keyTrunc = false\n  this._valTrunc = false\n  this._hitLimit = false\n}\n\nUrlEncoded.prototype.write = function (data, cb) {\n  if (this._fields === this.fieldsLimit) {\n    if (!this.boy.hitFieldsLimit) {\n      this.boy.hitFieldsLimit = true\n      this.boy.emit('fieldsLimit')\n    }\n    return cb()\n  }\n\n  let idxeq; let idxamp; let i; let p = 0; const len = data.length\n\n  while (p < len) {\n    if (this._state === 'key') {\n      idxeq = idxamp = undefined\n      for (i = p; i < len; ++i) {\n        if (!this._checkingBytes) { ++p }\n        if (data[i] === 0x3D/* = */) {\n          idxeq = i\n          break\n        } else if (data[i] === 0x26/* & */) {\n          idxamp = i\n          break\n        }\n        if (this._checkingBytes && this._bytesKey === this.fieldNameSizeLimit) {\n          this._hitLimit = true\n          break\n        } else if (this._checkingBytes) { ++this._bytesKey }\n      }\n\n      if (idxeq !== undefined) {\n        // key with assignment\n        if (idxeq > p) { this._key += this.decoder.write(data.toString('binary', p, idxeq)) }\n        this._state = 'val'\n\n        this._hitLimit = false\n        this._checkingBytes = true\n        this._val = ''\n        this._bytesVal = 0\n        this._valTrunc = false\n        this.decoder.reset()\n\n        p = idxeq + 1\n      } else if (idxamp !== undefined) {\n        // key with no assignment\n        ++this._fields\n        let key; const keyTrunc = this._keyTrunc\n        if (idxamp > p) { key = (this._key += this.decoder.write(data.toString('binary', p, idxamp))) } else { key = this._key }\n\n        this._hitLimit = false\n        this._checkingBytes = true\n        this._key = ''\n        this._bytesKey = 0\n        this._keyTrunc = false\n        this.decoder.reset()\n\n        if (key.length) {\n          this.boy.emit('field', decodeText(key, 'binary', this.charset),\n            '',\n            keyTrunc,\n            false)\n        }\n\n        p = idxamp + 1\n        if (this._fields === this.fieldsLimit) { return cb() }\n      } else if (this._hitLimit) {\n        // we may not have hit the actual limit if there are encoded bytes...\n        if (i > p) { this._key += this.decoder.write(data.toString('binary', p, i)) }\n        p = i\n        if ((this._bytesKey = this._key.length) === this.fieldNameSizeLimit) {\n          // yep, we actually did hit the limit\n          this._checkingBytes = false\n          this._keyTrunc = true\n        }\n      } else {\n        if (p < len) { this._key += this.decoder.write(data.toString('binary', p)) }\n        p = len\n      }\n    } else {\n      idxamp = undefined\n      for (i = p; i < len; ++i) {\n        if (!this._checkingBytes) { ++p }\n        if (data[i] === 0x26/* & */) {\n          idxamp = i\n          break\n        }\n        if (this._checkingBytes && this._bytesVal === this.fieldSizeLimit) {\n          this._hitLimit = true\n          break\n        } else if (this._checkingBytes) { ++this._bytesVal }\n      }\n\n      if (idxamp !== undefined) {\n        ++this._fields\n        if (idxamp > p) { this._val += this.decoder.write(data.toString('binary', p, idxamp)) }\n        this.boy.emit('field', decodeText(this._key, 'binary', this.charset),\n          decodeText(this._val, 'binary', this.charset),\n          this._keyTrunc,\n          this._valTrunc)\n        this._state = 'key'\n\n        this._hitLimit = false\n        this._checkingBytes = true\n        this._key = ''\n        this._bytesKey = 0\n        this._keyTrunc = false\n        this.decoder.reset()\n\n        p = idxamp + 1\n        if (this._fields === this.fieldsLimit) { return cb() }\n      } else if (this._hitLimit) {\n        // we may not have hit the actual limit if there are encoded bytes...\n        if (i > p) { this._val += this.decoder.write(data.toString('binary', p, i)) }\n        p = i\n        if ((this._val === '' && this.fieldSizeLimit === 0) ||\n            (this._bytesVal = this._val.length) === this.fieldSizeLimit) {\n          // yep, we actually did hit the limit\n          this._checkingBytes = false\n          this._valTrunc = true\n        }\n      } else {\n        if (p < len) { this._val += this.decoder.write(data.toString('binary', p)) }\n        p = len\n      }\n    }\n  }\n  cb()\n}\n\nUrlEncoded.prototype.end = function () {\n  if (this.boy._done) { return }\n\n  if (this._state === 'key' && this._key.length > 0) {\n    this.boy.emit('field', decodeText(this._key, 'binary', this.charset),\n      '',\n      this._keyTrunc,\n      false)\n  } else if (this._state === 'val') {\n    this.boy.emit('field', decodeText(this._key, 'binary', this.charset),\n      decodeText(this._val, 'binary', this.charset),\n      this._keyTrunc,\n      this._valTrunc)\n  }\n  this.boy._done = true\n  this.boy.emit('finish')\n}\n\nmodule.exports = UrlEncoded\n","'use strict'\n\nconst RE_PLUS = /\\+/g\n\nconst HEX = [\n  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,\n  0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0\n]\n\nfunction Decoder () {\n  this.buffer = undefined\n}\nDecoder.prototype.write = function (str) {\n  // Replace '+' with ' ' before decoding\n  str = str.replace(RE_PLUS, ' ')\n  let res = ''\n  let i = 0; let p = 0; const len = str.length\n  for (; i < len; ++i) {\n    if (this.buffer !== undefined) {\n      if (!HEX[str.charCodeAt(i)]) {\n        res += '%' + this.buffer\n        this.buffer = undefined\n        --i // retry character\n      } else {\n        this.buffer += str[i]\n        ++p\n        if (this.buffer.length === 2) {\n          res += String.fromCharCode(parseInt(this.buffer, 16))\n          this.buffer = undefined\n        }\n      }\n    } else if (str[i] === '%') {\n      if (i > p) {\n        res += str.substring(p, i)\n        p = i\n      }\n      this.buffer = ''\n      ++p\n    }\n  }\n  if (p < len && this.buffer === undefined) { res += str.substring(p) }\n  return res\n}\nDecoder.prototype.reset = function () {\n  this.buffer = undefined\n}\n\nmodule.exports = Decoder\n","'use strict'\n\nmodule.exports = function basename (path) {\n  if (typeof path !== 'string') { return '' }\n  for (var i = path.length - 1; i >= 0; --i) { // eslint-disable-line no-var\n    switch (path.charCodeAt(i)) {\n      case 0x2F: // '/'\n      case 0x5C: // '\\'\n        path = path.slice(i + 1)\n        return (path === '..' || path === '.' ? '' : path)\n    }\n  }\n  return (path === '..' || path === '.' ? '' : path)\n}\n","'use strict'\n\n// Node has always utf-8\nconst utf8Decoder = new TextDecoder('utf-8')\nconst textDecoders = new Map([\n  ['utf-8', utf8Decoder],\n  ['utf8', utf8Decoder]\n])\n\nfunction getDecoder (charset) {\n  let lc\n  while (true) {\n    switch (charset) {\n      case 'utf-8':\n      case 'utf8':\n        return decoders.utf8\n      case 'latin1':\n      case 'ascii': // TODO: Make these a separate, strict decoder?\n      case 'us-ascii':\n      case 'iso-8859-1':\n      case 'iso8859-1':\n      case 'iso88591':\n      case 'iso_8859-1':\n      case 'windows-1252':\n      case 'iso_8859-1:1987':\n      case 'cp1252':\n      case 'x-cp1252':\n        return decoders.latin1\n      case 'utf16le':\n      case 'utf-16le':\n      case 'ucs2':\n      case 'ucs-2':\n        return decoders.utf16le\n      case 'base64':\n        return decoders.base64\n      default:\n        if (lc === undefined) {\n          lc = true\n          charset = charset.toLowerCase()\n          continue\n        }\n        return decoders.other.bind(charset)\n    }\n  }\n}\n\nconst decoders = {\n  utf8: (data, sourceEncoding) => {\n    if (data.length === 0) {\n      return ''\n    }\n    if (typeof data === 'string') {\n      data = Buffer.from(data, sourceEncoding)\n    }\n    return data.utf8Slice(0, data.length)\n  },\n\n  latin1: (data, sourceEncoding) => {\n    if (data.length === 0) {\n      return ''\n    }\n    if (typeof data === 'string') {\n      return data\n    }\n    return data.latin1Slice(0, data.length)\n  },\n\n  utf16le: (data, sourceEncoding) => {\n    if (data.length === 0) {\n      return ''\n    }\n    if (typeof data === 'string') {\n      data = Buffer.from(data, sourceEncoding)\n    }\n    return data.ucs2Slice(0, data.length)\n  },\n\n  base64: (data, sourceEncoding) => {\n    if (data.length === 0) {\n      return ''\n    }\n    if (typeof data === 'string') {\n      data = Buffer.from(data, sourceEncoding)\n    }\n    return data.base64Slice(0, data.length)\n  },\n\n  other: (data, sourceEncoding) => {\n    if (data.length === 0) {\n      return ''\n    }\n    if (typeof data === 'string') {\n      data = Buffer.from(data, sourceEncoding)\n    }\n\n    if (textDecoders.has(this.toString())) {\n      try {\n        return textDecoders.get(this).decode(data)\n      } catch {}\n    }\n    return typeof data === 'string'\n      ? data\n      : data.toString()\n  }\n}\n\nfunction decodeText (text, sourceEncoding, destEncoding) {\n  if (text) {\n    return getDecoder(destEncoding)(text, sourceEncoding)\n  }\n  return text\n}\n\nmodule.exports = decodeText\n","'use strict'\n\nmodule.exports = function getLimit (limits, name, defaultLimit) {\n  if (\n    !limits ||\n    limits[name] === undefined ||\n    limits[name] === null\n  ) { return defaultLimit }\n\n  if (\n    typeof limits[name] !== 'number' ||\n    isNaN(limits[name])\n  ) { throw new TypeError('Limit ' + name + ' is not a valid number') }\n\n  return limits[name]\n}\n","/* eslint-disable object-property-newline */\n'use strict'\n\nconst decodeText = require('./decodeText')\n\nconst RE_ENCODED = /%[a-fA-F0-9][a-fA-F0-9]/g\n\nconst EncodedLookup = {\n  '%00': '\\x00', '%01': '\\x01', '%02': '\\x02', '%03': '\\x03', '%04': '\\x04',\n  '%05': '\\x05', '%06': '\\x06', '%07': '\\x07', '%08': '\\x08', '%09': '\\x09',\n  '%0a': '\\x0a', '%0A': '\\x0a', '%0b': '\\x0b', '%0B': '\\x0b', '%0c': '\\x0c',\n  '%0C': '\\x0c', '%0d': '\\x0d', '%0D': '\\x0d', '%0e': '\\x0e', '%0E': '\\x0e',\n  '%0f': '\\x0f', '%0F': '\\x0f', '%10': '\\x10', '%11': '\\x11', '%12': '\\x12',\n  '%13': '\\x13', '%14': '\\x14', '%15': '\\x15', '%16': '\\x16', '%17': '\\x17',\n  '%18': '\\x18', '%19': '\\x19', '%1a': '\\x1a', '%1A': '\\x1a', '%1b': '\\x1b',\n  '%1B': '\\x1b', '%1c': '\\x1c', '%1C': '\\x1c', '%1d': '\\x1d', '%1D': '\\x1d',\n  '%1e': '\\x1e', '%1E': '\\x1e', '%1f': '\\x1f', '%1F': '\\x1f', '%20': '\\x20',\n  '%21': '\\x21', '%22': '\\x22', '%23': '\\x23', '%24': '\\x24', '%25': '\\x25',\n  '%26': '\\x26', '%27': '\\x27', '%28': '\\x28', '%29': '\\x29', '%2a': '\\x2a',\n  '%2A': '\\x2a', '%2b': '\\x2b', '%2B': '\\x2b', '%2c': '\\x2c', '%2C': '\\x2c',\n  '%2d': '\\x2d', '%2D': '\\x2d', '%2e': '\\x2e', '%2E': '\\x2e', '%2f': '\\x2f',\n  '%2F': '\\x2f', '%30': '\\x30', '%31': '\\x31', '%32': '\\x32', '%33': '\\x33',\n  '%34': '\\x34', '%35': '\\x35', '%36': '\\x36', '%37': '\\x37', '%38': '\\x38',\n  '%39': '\\x39', '%3a': '\\x3a', '%3A': '\\x3a', '%3b': '\\x3b', '%3B': '\\x3b',\n  '%3c': '\\x3c', '%3C': '\\x3c', '%3d': '\\x3d', '%3D': '\\x3d', '%3e': '\\x3e',\n  '%3E': '\\x3e', '%3f': '\\x3f', '%3F': '\\x3f', '%40': '\\x40', '%41': '\\x41',\n  '%42': '\\x42', '%43': '\\x43', '%44': '\\x44', '%45': '\\x45', '%46': '\\x46',\n  '%47': '\\x47', '%48': '\\x48', '%49': '\\x49', '%4a': '\\x4a', '%4A': '\\x4a',\n  '%4b': '\\x4b', '%4B': '\\x4b', '%4c': '\\x4c', '%4C': '\\x4c', '%4d': '\\x4d',\n  '%4D': '\\x4d', '%4e': '\\x4e', '%4E': '\\x4e', '%4f': '\\x4f', '%4F': '\\x4f',\n  '%50': '\\x50', '%51': '\\x51', '%52': '\\x52', '%53': '\\x53', '%54': '\\x54',\n  '%55': '\\x55', '%56': '\\x56', '%57': '\\x57', '%58': '\\x58', '%59': '\\x59',\n  '%5a': '\\x5a', '%5A': '\\x5a', '%5b': '\\x5b', '%5B': '\\x5b', '%5c': '\\x5c',\n  '%5C': '\\x5c', '%5d': '\\x5d', '%5D': '\\x5d', '%5e': '\\x5e', '%5E': '\\x5e',\n  '%5f': '\\x5f', '%5F': '\\x5f', '%60': '\\x60', '%61': '\\x61', '%62': '\\x62',\n  '%63': '\\x63', '%64': '\\x64', '%65': '\\x65', '%66': '\\x66', '%67': '\\x67',\n  '%68': '\\x68', '%69': '\\x69', '%6a': '\\x6a', '%6A': '\\x6a', '%6b': '\\x6b',\n  '%6B': '\\x6b', '%6c': '\\x6c', '%6C': '\\x6c', '%6d': '\\x6d', '%6D': '\\x6d',\n  '%6e': '\\x6e', '%6E': '\\x6e', '%6f': '\\x6f', '%6F': '\\x6f', '%70': '\\x70',\n  '%71': '\\x71', '%72': '\\x72', '%73': '\\x73', '%74': '\\x74', '%75': '\\x75',\n  '%76': '\\x76', '%77': '\\x77', '%78': '\\x78', '%79': '\\x79', '%7a': '\\x7a',\n  '%7A': '\\x7a', '%7b': '\\x7b', '%7B': '\\x7b', '%7c': '\\x7c', '%7C': '\\x7c',\n  '%7d': '\\x7d', '%7D': '\\x7d', '%7e': '\\x7e', '%7E': '\\x7e', '%7f': '\\x7f',\n  '%7F': '\\x7f', '%80': '\\x80', '%81': '\\x81', '%82': '\\x82', '%83': '\\x83',\n  '%84': '\\x84', '%85': '\\x85', '%86': '\\x86', '%87': '\\x87', '%88': '\\x88',\n  '%89': '\\x89', '%8a': '\\x8a', '%8A': '\\x8a', '%8b': '\\x8b', '%8B': '\\x8b',\n  '%8c': '\\x8c', '%8C': '\\x8c', '%8d': '\\x8d', '%8D': '\\x8d', '%8e': '\\x8e',\n  '%8E': '\\x8e', '%8f': '\\x8f', '%8F': '\\x8f', '%90': '\\x90', '%91': '\\x91',\n  '%92': '\\x92', '%93': '\\x93', '%94': '\\x94', '%95': '\\x95', '%96': '\\x96',\n  '%97': '\\x97', '%98': '\\x98', '%99': '\\x99', '%9a': '\\x9a', '%9A': '\\x9a',\n  '%9b': '\\x9b', '%9B': '\\x9b', '%9c': '\\x9c', '%9C': '\\x9c', '%9d': '\\x9d',\n  '%9D': '\\x9d', '%9e': '\\x9e', '%9E': '\\x9e', '%9f': '\\x9f', '%9F': '\\x9f',\n  '%a0': '\\xa0', '%A0': '\\xa0', '%a1': '\\xa1', '%A1': '\\xa1', '%a2': '\\xa2',\n  '%A2': '\\xa2', '%a3': '\\xa3', '%A3': '\\xa3', '%a4': '\\xa4', '%A4': '\\xa4',\n  '%a5': '\\xa5', '%A5': '\\xa5', '%a6': '\\xa6', '%A6': '\\xa6', '%a7': '\\xa7',\n  '%A7': '\\xa7', '%a8': '\\xa8', '%A8': '\\xa8', '%a9': '\\xa9', '%A9': '\\xa9',\n  '%aa': '\\xaa', '%Aa': '\\xaa', '%aA': '\\xaa', '%AA': '\\xaa', '%ab': '\\xab',\n  '%Ab': '\\xab', '%aB': '\\xab', '%AB': '\\xab', '%ac': '\\xac', '%Ac': '\\xac',\n  '%aC': '\\xac', '%AC': '\\xac', '%ad': '\\xad', '%Ad': '\\xad', '%aD': '\\xad',\n  '%AD': '\\xad', '%ae': '\\xae', '%Ae': '\\xae', '%aE': '\\xae', '%AE': '\\xae',\n  '%af': '\\xaf', '%Af': '\\xaf', '%aF': '\\xaf', '%AF': '\\xaf', '%b0': '\\xb0',\n  '%B0': '\\xb0', '%b1': '\\xb1', '%B1': '\\xb1', '%b2': '\\xb2', '%B2': '\\xb2',\n  '%b3': '\\xb3', '%B3': '\\xb3', '%b4': '\\xb4', '%B4': '\\xb4', '%b5': '\\xb5',\n  '%B5': '\\xb5', '%b6': '\\xb6', '%B6': '\\xb6', '%b7': '\\xb7', '%B7': '\\xb7',\n  '%b8': '\\xb8', '%B8': '\\xb8', '%b9': '\\xb9', '%B9': '\\xb9', '%ba': '\\xba',\n  '%Ba': '\\xba', '%bA': '\\xba', '%BA': '\\xba', '%bb': '\\xbb', '%Bb': '\\xbb',\n  '%bB': '\\xbb', '%BB': '\\xbb', '%bc': '\\xbc', '%Bc': '\\xbc', '%bC': '\\xbc',\n  '%BC': '\\xbc', '%bd': '\\xbd', '%Bd': '\\xbd', '%bD': '\\xbd', '%BD': '\\xbd',\n  '%be': '\\xbe', '%Be': '\\xbe', '%bE': '\\xbe', '%BE': '\\xbe', '%bf': '\\xbf',\n  '%Bf': '\\xbf', '%bF': '\\xbf', '%BF': '\\xbf', '%c0': '\\xc0', '%C0': '\\xc0',\n  '%c1': '\\xc1', '%C1': '\\xc1', '%c2': '\\xc2', '%C2': '\\xc2', '%c3': '\\xc3',\n  '%C3': '\\xc3', '%c4': '\\xc4', '%C4': '\\xc4', '%c5': '\\xc5', '%C5': '\\xc5',\n  '%c6': '\\xc6', '%C6': '\\xc6', '%c7': '\\xc7', '%C7': '\\xc7', '%c8': '\\xc8',\n  '%C8': '\\xc8', '%c9': '\\xc9', '%C9': '\\xc9', '%ca': '\\xca', '%Ca': '\\xca',\n  '%cA': '\\xca', '%CA': '\\xca', '%cb': '\\xcb', '%Cb': '\\xcb', '%cB': '\\xcb',\n  '%CB': '\\xcb', '%cc': '\\xcc', '%Cc': '\\xcc', '%cC': '\\xcc', '%CC': '\\xcc',\n  '%cd': '\\xcd', '%Cd': '\\xcd', '%cD': '\\xcd', '%CD': '\\xcd', '%ce': '\\xce',\n  '%Ce': '\\xce', '%cE': '\\xce', '%CE': '\\xce', '%cf': '\\xcf', '%Cf': '\\xcf',\n  '%cF': '\\xcf', '%CF': '\\xcf', '%d0': '\\xd0', '%D0': '\\xd0', '%d1': '\\xd1',\n  '%D1': '\\xd1', '%d2': '\\xd2', '%D2': '\\xd2', '%d3': '\\xd3', '%D3': '\\xd3',\n  '%d4': '\\xd4', '%D4': '\\xd4', '%d5': '\\xd5', '%D5': '\\xd5', '%d6': '\\xd6',\n  '%D6': '\\xd6', '%d7': '\\xd7', '%D7': '\\xd7', '%d8': '\\xd8', '%D8': '\\xd8',\n  '%d9': '\\xd9', '%D9': '\\xd9', '%da': '\\xda', '%Da': '\\xda', '%dA': '\\xda',\n  '%DA': '\\xda', '%db': '\\xdb', '%Db': '\\xdb', '%dB': '\\xdb', '%DB': '\\xdb',\n  '%dc': '\\xdc', '%Dc': '\\xdc', '%dC': '\\xdc', '%DC': '\\xdc', '%dd': '\\xdd',\n  '%Dd': '\\xdd', '%dD': '\\xdd', '%DD': '\\xdd', '%de': '\\xde', '%De': '\\xde',\n  '%dE': '\\xde', '%DE': '\\xde', '%df': '\\xdf', '%Df': '\\xdf', '%dF': '\\xdf',\n  '%DF': '\\xdf', '%e0': '\\xe0', '%E0': '\\xe0', '%e1': '\\xe1', '%E1': '\\xe1',\n  '%e2': '\\xe2', '%E2': '\\xe2', '%e3': '\\xe3', '%E3': '\\xe3', '%e4': '\\xe4',\n  '%E4': '\\xe4', '%e5': '\\xe5', '%E5': '\\xe5', '%e6': '\\xe6', '%E6': '\\xe6',\n  '%e7': '\\xe7', '%E7': '\\xe7', '%e8': '\\xe8', '%E8': '\\xe8', '%e9': '\\xe9',\n  '%E9': '\\xe9', '%ea': '\\xea', '%Ea': '\\xea', '%eA': '\\xea', '%EA': '\\xea',\n  '%eb': '\\xeb', '%Eb': '\\xeb', '%eB': '\\xeb', '%EB': '\\xeb', '%ec': '\\xec',\n  '%Ec': '\\xec', '%eC': '\\xec', '%EC': '\\xec', '%ed': '\\xed', '%Ed': '\\xed',\n  '%eD': '\\xed', '%ED': '\\xed', '%ee': '\\xee', '%Ee': '\\xee', '%eE': '\\xee',\n  '%EE': '\\xee', '%ef': '\\xef', '%Ef': '\\xef', '%eF': '\\xef', '%EF': '\\xef',\n  '%f0': '\\xf0', '%F0': '\\xf0', '%f1': '\\xf1', '%F1': '\\xf1', '%f2': '\\xf2',\n  '%F2': '\\xf2', '%f3': '\\xf3', '%F3': '\\xf3', '%f4': '\\xf4', '%F4': '\\xf4',\n  '%f5': '\\xf5', '%F5': '\\xf5', '%f6': '\\xf6', '%F6': '\\xf6', '%f7': '\\xf7',\n  '%F7': '\\xf7', '%f8': '\\xf8', '%F8': '\\xf8', '%f9': '\\xf9', '%F9': '\\xf9',\n  '%fa': '\\xfa', '%Fa': '\\xfa', '%fA': '\\xfa', '%FA': '\\xfa', '%fb': '\\xfb',\n  '%Fb': '\\xfb', '%fB': '\\xfb', '%FB': '\\xfb', '%fc': '\\xfc', '%Fc': '\\xfc',\n  '%fC': '\\xfc', '%FC': '\\xfc', '%fd': '\\xfd', '%Fd': '\\xfd', '%fD': '\\xfd',\n  '%FD': '\\xfd', '%fe': '\\xfe', '%Fe': '\\xfe', '%fE': '\\xfe', '%FE': '\\xfe',\n  '%ff': '\\xff', '%Ff': '\\xff', '%fF': '\\xff', '%FF': '\\xff'\n}\n\nfunction encodedReplacer (match) {\n  return EncodedLookup[match]\n}\n\nconst STATE_KEY = 0\nconst STATE_VALUE = 1\nconst STATE_CHARSET = 2\nconst STATE_LANG = 3\n\nfunction parseParams (str) {\n  const res = []\n  let state = STATE_KEY\n  let charset = ''\n  let inquote = false\n  let escaping = false\n  let p = 0\n  let tmp = ''\n  const len = str.length\n\n  for (var i = 0; i < len; ++i) { // eslint-disable-line no-var\n    const char = str[i]\n    if (char === '\\\\' && inquote) {\n      if (escaping) { escaping = false } else {\n        escaping = true\n        continue\n      }\n    } else if (char === '\"') {\n      if (!escaping) {\n        if (inquote) {\n          inquote = false\n          state = STATE_KEY\n        } else { inquote = true }\n        continue\n      } else { escaping = false }\n    } else {\n      if (escaping && inquote) { tmp += '\\\\' }\n      escaping = false\n      if ((state === STATE_CHARSET || state === STATE_LANG) && char === \"'\") {\n        if (state === STATE_CHARSET) {\n          state = STATE_LANG\n          charset = tmp.substring(1)\n        } else { state = STATE_VALUE }\n        tmp = ''\n        continue\n      } else if (state === STATE_KEY &&\n        (char === '*' || char === '=') &&\n        res.length) {\n        state = char === '*'\n          ? STATE_CHARSET\n          : STATE_VALUE\n        res[p] = [tmp, undefined]\n        tmp = ''\n        continue\n      } else if (!inquote && char === ';') {\n        state = STATE_KEY\n        if (charset) {\n          if (tmp.length) {\n            tmp = decodeText(tmp.replace(RE_ENCODED, encodedReplacer),\n              'binary',\n              charset)\n          }\n          charset = ''\n        } else if (tmp.length) {\n          tmp = decodeText(tmp, 'binary', 'utf8')\n        }\n        if (res[p] === undefined) { res[p] = tmp } else { res[p][1] = tmp }\n        tmp = ''\n        ++p\n        continue\n      } else if (!inquote && (char === ' ' || char === '\\t')) { continue }\n    }\n    tmp += char\n  }\n  if (charset && tmp.length) {\n    tmp = decodeText(tmp.replace(RE_ENCODED, encodedReplacer),\n      'binary',\n      charset)\n  } else if (tmp) {\n    tmp = decodeText(tmp, 'binary', 'utf8')\n  }\n\n  if (res[p] === undefined) {\n    if (tmp) { res[p] = tmp }\n  } else { res[p][1] = tmp }\n\n  return res\n}\n\nmodule.exports = parseParams\n","'use strict';\n\nvar vm = require('vm');\n\n/**\n * @implements {IHooks}\n */\nclass Hooks {\n  /**\n   * @callback HookCallback\n   * @this {*|Jsep} this\n   * @param {Jsep} env\n   * @returns: void\n   */\n  /**\n   * Adds the given callback to the list of callbacks for the given hook.\n   *\n   * The callback will be invoked when the hook it is registered for is run.\n   *\n   * One callback function can be registered to multiple hooks and the same hook multiple times.\n   *\n   * @param {string|object} name The name of the hook, or an object of callbacks keyed by name\n   * @param {HookCallback|boolean} callback The callback function which is given environment variables.\n   * @param {?boolean} [first=false] Will add the hook to the top of the list (defaults to the bottom)\n   * @public\n   */\n  add(name, callback, first) {\n    if (typeof arguments[0] != 'string') {\n      // Multiple hook callbacks, keyed by name\n      for (let name in arguments[0]) {\n        this.add(name, arguments[0][name], arguments[1]);\n      }\n    } else {\n      (Array.isArray(name) ? name : [name]).forEach(function (name) {\n        this[name] = this[name] || [];\n        if (callback) {\n          this[name][first ? 'unshift' : 'push'](callback);\n        }\n      }, this);\n    }\n  }\n\n  /**\n   * Runs a hook invoking all registered callbacks with the given environment variables.\n   *\n   * Callbacks will be invoked synchronously and in the order in which they were registered.\n   *\n   * @param {string} name The name of the hook.\n   * @param {Object<string, any>} env The environment variables of the hook passed to all callbacks registered.\n   * @public\n   */\n  run(name, env) {\n    this[name] = this[name] || [];\n    this[name].forEach(function (callback) {\n      callback.call(env && env.context ? env.context : env, env);\n    });\n  }\n}\n\n/**\n * @implements {IPlugins}\n */\nclass Plugins {\n  constructor(jsep) {\n    this.jsep = jsep;\n    this.registered = {};\n  }\n\n  /**\n   * @callback PluginSetup\n   * @this {Jsep} jsep\n   * @returns: void\n   */\n  /**\n   * Adds the given plugin(s) to the registry\n   *\n   * @param {object} plugins\n   * @param {string} plugins.name The name of the plugin\n   * @param {PluginSetup} plugins.init The init function\n   * @public\n   */\n  register(...plugins) {\n    plugins.forEach(plugin => {\n      if (typeof plugin !== 'object' || !plugin.name || !plugin.init) {\n        throw new Error('Invalid JSEP plugin format');\n      }\n      if (this.registered[plugin.name]) {\n        // already registered. Ignore.\n        return;\n      }\n      plugin.init(this.jsep);\n      this.registered[plugin.name] = plugin;\n    });\n  }\n}\n\n//     JavaScript Expression Parser (JSEP) 1.4.0\n\nclass Jsep {\n  /**\n   * @returns {string}\n   */\n  static get version() {\n    // To be filled in by the template\n    return '1.4.0';\n  }\n\n  /**\n   * @returns {string}\n   */\n  static toString() {\n    return 'JavaScript Expression Parser (JSEP) v' + Jsep.version;\n  }\n  // ==================== CONFIG ================================\n  /**\n   * @method addUnaryOp\n   * @param {string} op_name The name of the unary op to add\n   * @returns {Jsep}\n   */\n  static addUnaryOp(op_name) {\n    Jsep.max_unop_len = Math.max(op_name.length, Jsep.max_unop_len);\n    Jsep.unary_ops[op_name] = 1;\n    return Jsep;\n  }\n\n  /**\n   * @method jsep.addBinaryOp\n   * @param {string} op_name The name of the binary op to add\n   * @param {number} precedence The precedence of the binary op (can be a float). Higher number = higher precedence\n   * @param {boolean} [isRightAssociative=false] whether operator is right-associative\n   * @returns {Jsep}\n   */\n  static addBinaryOp(op_name, precedence, isRightAssociative) {\n    Jsep.max_binop_len = Math.max(op_name.length, Jsep.max_binop_len);\n    Jsep.binary_ops[op_name] = precedence;\n    if (isRightAssociative) {\n      Jsep.right_associative.add(op_name);\n    } else {\n      Jsep.right_associative.delete(op_name);\n    }\n    return Jsep;\n  }\n\n  /**\n   * @method addIdentifierChar\n   * @param {string} char The additional character to treat as a valid part of an identifier\n   * @returns {Jsep}\n   */\n  static addIdentifierChar(char) {\n    Jsep.additional_identifier_chars.add(char);\n    return Jsep;\n  }\n\n  /**\n   * @method addLiteral\n   * @param {string} literal_name The name of the literal to add\n   * @param {*} literal_value The value of the literal\n   * @returns {Jsep}\n   */\n  static addLiteral(literal_name, literal_value) {\n    Jsep.literals[literal_name] = literal_value;\n    return Jsep;\n  }\n\n  /**\n   * @method removeUnaryOp\n   * @param {string} op_name The name of the unary op to remove\n   * @returns {Jsep}\n   */\n  static removeUnaryOp(op_name) {\n    delete Jsep.unary_ops[op_name];\n    if (op_name.length === Jsep.max_unop_len) {\n      Jsep.max_unop_len = Jsep.getMaxKeyLen(Jsep.unary_ops);\n    }\n    return Jsep;\n  }\n\n  /**\n   * @method removeAllUnaryOps\n   * @returns {Jsep}\n   */\n  static removeAllUnaryOps() {\n    Jsep.unary_ops = {};\n    Jsep.max_unop_len = 0;\n    return Jsep;\n  }\n\n  /**\n   * @method removeIdentifierChar\n   * @param {string} char The additional character to stop treating as a valid part of an identifier\n   * @returns {Jsep}\n   */\n  static removeIdentifierChar(char) {\n    Jsep.additional_identifier_chars.delete(char);\n    return Jsep;\n  }\n\n  /**\n   * @method removeBinaryOp\n   * @param {string} op_name The name of the binary op to remove\n   * @returns {Jsep}\n   */\n  static removeBinaryOp(op_name) {\n    delete Jsep.binary_ops[op_name];\n    if (op_name.length === Jsep.max_binop_len) {\n      Jsep.max_binop_len = Jsep.getMaxKeyLen(Jsep.binary_ops);\n    }\n    Jsep.right_associative.delete(op_name);\n    return Jsep;\n  }\n\n  /**\n   * @method removeAllBinaryOps\n   * @returns {Jsep}\n   */\n  static removeAllBinaryOps() {\n    Jsep.binary_ops = {};\n    Jsep.max_binop_len = 0;\n    return Jsep;\n  }\n\n  /**\n   * @method removeLiteral\n   * @param {string} literal_name The name of the literal to remove\n   * @returns {Jsep}\n   */\n  static removeLiteral(literal_name) {\n    delete Jsep.literals[literal_name];\n    return Jsep;\n  }\n\n  /**\n   * @method removeAllLiterals\n   * @returns {Jsep}\n   */\n  static removeAllLiterals() {\n    Jsep.literals = {};\n    return Jsep;\n  }\n  // ==================== END CONFIG ============================\n\n  /**\n   * @returns {string}\n   */\n  get char() {\n    return this.expr.charAt(this.index);\n  }\n\n  /**\n   * @returns {number}\n   */\n  get code() {\n    return this.expr.charCodeAt(this.index);\n  }\n  /**\n   * @param {string} expr a string with the passed in express\n   * @returns Jsep\n   */\n  constructor(expr) {\n    // `index` stores the character number we are currently at\n    // All of the gobbles below will modify `index` as we move along\n    this.expr = expr;\n    this.index = 0;\n  }\n\n  /**\n   * static top-level parser\n   * @returns {jsep.Expression}\n   */\n  static parse(expr) {\n    return new Jsep(expr).parse();\n  }\n\n  /**\n   * Get the longest key length of any object\n   * @param {object} obj\n   * @returns {number}\n   */\n  static getMaxKeyLen(obj) {\n    return Math.max(0, ...Object.keys(obj).map(k => k.length));\n  }\n\n  /**\n   * `ch` is a character code in the next three functions\n   * @param {number} ch\n   * @returns {boolean}\n   */\n  static isDecimalDigit(ch) {\n    return ch >= 48 && ch <= 57; // 0...9\n  }\n\n  /**\n   * Returns the precedence of a binary operator or `0` if it isn't a binary operator. Can be float.\n   * @param {string} op_val\n   * @returns {number}\n   */\n  static binaryPrecedence(op_val) {\n    return Jsep.binary_ops[op_val] || 0;\n  }\n\n  /**\n   * Looks for start of identifier\n   * @param {number} ch\n   * @returns {boolean}\n   */\n  static isIdentifierStart(ch) {\n    return ch >= 65 && ch <= 90 ||\n    // A...Z\n    ch >= 97 && ch <= 122 ||\n    // a...z\n    ch >= 128 && !Jsep.binary_ops[String.fromCharCode(ch)] ||\n    // any non-ASCII that is not an operator\n    Jsep.additional_identifier_chars.has(String.fromCharCode(ch)); // additional characters\n  }\n\n  /**\n   * @param {number} ch\n   * @returns {boolean}\n   */\n  static isIdentifierPart(ch) {\n    return Jsep.isIdentifierStart(ch) || Jsep.isDecimalDigit(ch);\n  }\n\n  /**\n   * throw error at index of the expression\n   * @param {string} message\n   * @throws\n   */\n  throwError(message) {\n    const error = new Error(message + ' at character ' + this.index);\n    error.index = this.index;\n    error.description = message;\n    throw error;\n  }\n\n  /**\n   * Run a given hook\n   * @param {string} name\n   * @param {jsep.Expression|false} [node]\n   * @returns {?jsep.Expression}\n   */\n  runHook(name, node) {\n    if (Jsep.hooks[name]) {\n      const env = {\n        context: this,\n        node\n      };\n      Jsep.hooks.run(name, env);\n      return env.node;\n    }\n    return node;\n  }\n\n  /**\n   * Runs a given hook until one returns a node\n   * @param {string} name\n   * @returns {?jsep.Expression}\n   */\n  searchHook(name) {\n    if (Jsep.hooks[name]) {\n      const env = {\n        context: this\n      };\n      Jsep.hooks[name].find(function (callback) {\n        callback.call(env.context, env);\n        return env.node;\n      });\n      return env.node;\n    }\n  }\n\n  /**\n   * Push `index` up to the next non-space character\n   */\n  gobbleSpaces() {\n    let ch = this.code;\n    // Whitespace\n    while (ch === Jsep.SPACE_CODE || ch === Jsep.TAB_CODE || ch === Jsep.LF_CODE || ch === Jsep.CR_CODE) {\n      ch = this.expr.charCodeAt(++this.index);\n    }\n    this.runHook('gobble-spaces');\n  }\n\n  /**\n   * Top-level method to parse all expressions and returns compound or single node\n   * @returns {jsep.Expression}\n   */\n  parse() {\n    this.runHook('before-all');\n    const nodes = this.gobbleExpressions();\n\n    // If there's only one expression just try returning the expression\n    const node = nodes.length === 1 ? nodes[0] : {\n      type: Jsep.COMPOUND,\n      body: nodes\n    };\n    return this.runHook('after-all', node);\n  }\n\n  /**\n   * top-level parser (but can be reused within as well)\n   * @param {number} [untilICode]\n   * @returns {jsep.Expression[]}\n   */\n  gobbleExpressions(untilICode) {\n    let nodes = [],\n      ch_i,\n      node;\n    while (this.index < this.expr.length) {\n      ch_i = this.code;\n\n      // Expressions can be separated by semicolons, commas, or just inferred without any\n      // separators\n      if (ch_i === Jsep.SEMCOL_CODE || ch_i === Jsep.COMMA_CODE) {\n        this.index++; // ignore separators\n      } else {\n        // Try to gobble each expression individually\n        if (node = this.gobbleExpression()) {\n          nodes.push(node);\n          // If we weren't able to find a binary expression and are out of room, then\n          // the expression passed in probably has too much\n        } else if (this.index < this.expr.length) {\n          if (ch_i === untilICode) {\n            break;\n          }\n          this.throwError('Unexpected \"' + this.char + '\"');\n        }\n      }\n    }\n    return nodes;\n  }\n\n  /**\n   * The main parsing function.\n   * @returns {?jsep.Expression}\n   */\n  gobbleExpression() {\n    const node = this.searchHook('gobble-expression') || this.gobbleBinaryExpression();\n    this.gobbleSpaces();\n    return this.runHook('after-expression', node);\n  }\n\n  /**\n   * Search for the operation portion of the string (e.g. `+`, `===`)\n   * Start by taking the longest possible binary operations (3 characters: `===`, `!==`, `>>>`)\n   * and move down from 3 to 2 to 1 character until a matching binary operation is found\n   * then, return that binary operation\n   * @returns {string|boolean}\n   */\n  gobbleBinaryOp() {\n    this.gobbleSpaces();\n    let to_check = this.expr.substr(this.index, Jsep.max_binop_len);\n    let tc_len = to_check.length;\n    while (tc_len > 0) {\n      // Don't accept a binary op when it is an identifier.\n      // Binary ops that start with a identifier-valid character must be followed\n      // by a non identifier-part valid character\n      if (Jsep.binary_ops.hasOwnProperty(to_check) && (!Jsep.isIdentifierStart(this.code) || this.index + to_check.length < this.expr.length && !Jsep.isIdentifierPart(this.expr.charCodeAt(this.index + to_check.length)))) {\n        this.index += tc_len;\n        return to_check;\n      }\n      to_check = to_check.substr(0, --tc_len);\n    }\n    return false;\n  }\n\n  /**\n   * This function is responsible for gobbling an individual expression,\n   * e.g. `1`, `1+2`, `a+(b*2)-Math.sqrt(2)`\n   * @returns {?jsep.BinaryExpression}\n   */\n  gobbleBinaryExpression() {\n    let node, biop, prec, stack, biop_info, left, right, i, cur_biop;\n\n    // First, try to get the leftmost thing\n    // Then, check to see if there's a binary operator operating on that leftmost thing\n    // Don't gobbleBinaryOp without a left-hand-side\n    left = this.gobbleToken();\n    if (!left) {\n      return left;\n    }\n    biop = this.gobbleBinaryOp();\n\n    // If there wasn't a binary operator, just return the leftmost node\n    if (!biop) {\n      return left;\n    }\n\n    // Otherwise, we need to start a stack to properly place the binary operations in their\n    // precedence structure\n    biop_info = {\n      value: biop,\n      prec: Jsep.binaryPrecedence(biop),\n      right_a: Jsep.right_associative.has(biop)\n    };\n    right = this.gobbleToken();\n    if (!right) {\n      this.throwError(\"Expected expression after \" + biop);\n    }\n    stack = [left, biop_info, right];\n\n    // Properly deal with precedence using [recursive descent](http://www.engr.mun.ca/~theo/Misc/exp_parsing.htm)\n    while (biop = this.gobbleBinaryOp()) {\n      prec = Jsep.binaryPrecedence(biop);\n      if (prec === 0) {\n        this.index -= biop.length;\n        break;\n      }\n      biop_info = {\n        value: biop,\n        prec,\n        right_a: Jsep.right_associative.has(biop)\n      };\n      cur_biop = biop;\n\n      // Reduce: make a binary expression from the three topmost entries.\n      const comparePrev = prev => biop_info.right_a && prev.right_a ? prec > prev.prec : prec <= prev.prec;\n      while (stack.length > 2 && comparePrev(stack[stack.length - 2])) {\n        right = stack.pop();\n        biop = stack.pop().value;\n        left = stack.pop();\n        node = {\n          type: Jsep.BINARY_EXP,\n          operator: biop,\n          left,\n          right\n        };\n        stack.push(node);\n      }\n      node = this.gobbleToken();\n      if (!node) {\n        this.throwError(\"Expected expression after \" + cur_biop);\n      }\n      stack.push(biop_info, node);\n    }\n    i = stack.length - 1;\n    node = stack[i];\n    while (i > 1) {\n      node = {\n        type: Jsep.BINARY_EXP,\n        operator: stack[i - 1].value,\n        left: stack[i - 2],\n        right: node\n      };\n      i -= 2;\n    }\n    return node;\n  }\n\n  /**\n   * An individual part of a binary expression:\n   * e.g. `foo.bar(baz)`, `1`, `\"abc\"`, `(a % 2)` (because it's in parenthesis)\n   * @returns {boolean|jsep.Expression}\n   */\n  gobbleToken() {\n    let ch, to_check, tc_len, node;\n    this.gobbleSpaces();\n    node = this.searchHook('gobble-token');\n    if (node) {\n      return this.runHook('after-token', node);\n    }\n    ch = this.code;\n    if (Jsep.isDecimalDigit(ch) || ch === Jsep.PERIOD_CODE) {\n      // Char code 46 is a dot `.` which can start off a numeric literal\n      return this.gobbleNumericLiteral();\n    }\n    if (ch === Jsep.SQUOTE_CODE || ch === Jsep.DQUOTE_CODE) {\n      // Single or double quotes\n      node = this.gobbleStringLiteral();\n    } else if (ch === Jsep.OBRACK_CODE) {\n      node = this.gobbleArray();\n    } else {\n      to_check = this.expr.substr(this.index, Jsep.max_unop_len);\n      tc_len = to_check.length;\n      while (tc_len > 0) {\n        // Don't accept an unary op when it is an identifier.\n        // Unary ops that start with a identifier-valid character must be followed\n        // by a non identifier-part valid character\n        if (Jsep.unary_ops.hasOwnProperty(to_check) && (!Jsep.isIdentifierStart(this.code) || this.index + to_check.length < this.expr.length && !Jsep.isIdentifierPart(this.expr.charCodeAt(this.index + to_check.length)))) {\n          this.index += tc_len;\n          const argument = this.gobbleToken();\n          if (!argument) {\n            this.throwError('missing unaryOp argument');\n          }\n          return this.runHook('after-token', {\n            type: Jsep.UNARY_EXP,\n            operator: to_check,\n            argument,\n            prefix: true\n          });\n        }\n        to_check = to_check.substr(0, --tc_len);\n      }\n      if (Jsep.isIdentifierStart(ch)) {\n        node = this.gobbleIdentifier();\n        if (Jsep.literals.hasOwnProperty(node.name)) {\n          node = {\n            type: Jsep.LITERAL,\n            value: Jsep.literals[node.name],\n            raw: node.name\n          };\n        } else if (node.name === Jsep.this_str) {\n          node = {\n            type: Jsep.THIS_EXP\n          };\n        }\n      } else if (ch === Jsep.OPAREN_CODE) {\n        // open parenthesis\n        node = this.gobbleGroup();\n      }\n    }\n    if (!node) {\n      return this.runHook('after-token', false);\n    }\n    node = this.gobbleTokenProperty(node);\n    return this.runHook('after-token', node);\n  }\n\n  /**\n   * Gobble properties of of identifiers/strings/arrays/groups.\n   * e.g. `foo`, `bar.baz`, `foo['bar'].baz`\n   * It also gobbles function calls:\n   * e.g. `Math.acos(obj.angle)`\n   * @param {jsep.Expression} node\n   * @returns {jsep.Expression}\n   */\n  gobbleTokenProperty(node) {\n    this.gobbleSpaces();\n    let ch = this.code;\n    while (ch === Jsep.PERIOD_CODE || ch === Jsep.OBRACK_CODE || ch === Jsep.OPAREN_CODE || ch === Jsep.QUMARK_CODE) {\n      let optional;\n      if (ch === Jsep.QUMARK_CODE) {\n        if (this.expr.charCodeAt(this.index + 1) !== Jsep.PERIOD_CODE) {\n          break;\n        }\n        optional = true;\n        this.index += 2;\n        this.gobbleSpaces();\n        ch = this.code;\n      }\n      this.index++;\n      if (ch === Jsep.OBRACK_CODE) {\n        node = {\n          type: Jsep.MEMBER_EXP,\n          computed: true,\n          object: node,\n          property: this.gobbleExpression()\n        };\n        if (!node.property) {\n          this.throwError('Unexpected \"' + this.char + '\"');\n        }\n        this.gobbleSpaces();\n        ch = this.code;\n        if (ch !== Jsep.CBRACK_CODE) {\n          this.throwError('Unclosed [');\n        }\n        this.index++;\n      } else if (ch === Jsep.OPAREN_CODE) {\n        // A function call is being made; gobble all the arguments\n        node = {\n          type: Jsep.CALL_EXP,\n          'arguments': this.gobbleArguments(Jsep.CPAREN_CODE),\n          callee: node\n        };\n      } else if (ch === Jsep.PERIOD_CODE || optional) {\n        if (optional) {\n          this.index--;\n        }\n        this.gobbleSpaces();\n        node = {\n          type: Jsep.MEMBER_EXP,\n          computed: false,\n          object: node,\n          property: this.gobbleIdentifier()\n        };\n      }\n      if (optional) {\n        node.optional = true;\n      } // else leave undefined for compatibility with esprima\n\n      this.gobbleSpaces();\n      ch = this.code;\n    }\n    return node;\n  }\n\n  /**\n   * Parse simple numeric literals: `12`, `3.4`, `.5`. Do this by using a string to\n   * keep track of everything in the numeric literal and then calling `parseFloat` on that string\n   * @returns {jsep.Literal}\n   */\n  gobbleNumericLiteral() {\n    let number = '',\n      ch,\n      chCode;\n    while (Jsep.isDecimalDigit(this.code)) {\n      number += this.expr.charAt(this.index++);\n    }\n    if (this.code === Jsep.PERIOD_CODE) {\n      // can start with a decimal marker\n      number += this.expr.charAt(this.index++);\n      while (Jsep.isDecimalDigit(this.code)) {\n        number += this.expr.charAt(this.index++);\n      }\n    }\n    ch = this.char;\n    if (ch === 'e' || ch === 'E') {\n      // exponent marker\n      number += this.expr.charAt(this.index++);\n      ch = this.char;\n      if (ch === '+' || ch === '-') {\n        // exponent sign\n        number += this.expr.charAt(this.index++);\n      }\n      while (Jsep.isDecimalDigit(this.code)) {\n        // exponent itself\n        number += this.expr.charAt(this.index++);\n      }\n      if (!Jsep.isDecimalDigit(this.expr.charCodeAt(this.index - 1))) {\n        this.throwError('Expected exponent (' + number + this.char + ')');\n      }\n    }\n    chCode = this.code;\n\n    // Check to make sure this isn't a variable name that start with a number (123abc)\n    if (Jsep.isIdentifierStart(chCode)) {\n      this.throwError('Variable names cannot start with a number (' + number + this.char + ')');\n    } else if (chCode === Jsep.PERIOD_CODE || number.length === 1 && number.charCodeAt(0) === Jsep.PERIOD_CODE) {\n      this.throwError('Unexpected period');\n    }\n    return {\n      type: Jsep.LITERAL,\n      value: parseFloat(number),\n      raw: number\n    };\n  }\n\n  /**\n   * Parses a string literal, staring with single or double quotes with basic support for escape codes\n   * e.g. `\"hello world\"`, `'this is\\nJSEP'`\n   * @returns {jsep.Literal}\n   */\n  gobbleStringLiteral() {\n    let str = '';\n    const startIndex = this.index;\n    const quote = this.expr.charAt(this.index++);\n    let closed = false;\n    while (this.index < this.expr.length) {\n      let ch = this.expr.charAt(this.index++);\n      if (ch === quote) {\n        closed = true;\n        break;\n      } else if (ch === '\\\\') {\n        // Check for all of the common escape codes\n        ch = this.expr.charAt(this.index++);\n        switch (ch) {\n          case 'n':\n            str += '\\n';\n            break;\n          case 'r':\n            str += '\\r';\n            break;\n          case 't':\n            str += '\\t';\n            break;\n          case 'b':\n            str += '\\b';\n            break;\n          case 'f':\n            str += '\\f';\n            break;\n          case 'v':\n            str += '\\x0B';\n            break;\n          default:\n            str += ch;\n        }\n      } else {\n        str += ch;\n      }\n    }\n    if (!closed) {\n      this.throwError('Unclosed quote after \"' + str + '\"');\n    }\n    return {\n      type: Jsep.LITERAL,\n      value: str,\n      raw: this.expr.substring(startIndex, this.index)\n    };\n  }\n\n  /**\n   * Gobbles only identifiers\n   * e.g.: `foo`, `_value`, `$x1`\n   * Also, this function checks if that identifier is a literal:\n   * (e.g. `true`, `false`, `null`) or `this`\n   * @returns {jsep.Identifier}\n   */\n  gobbleIdentifier() {\n    let ch = this.code,\n      start = this.index;\n    if (Jsep.isIdentifierStart(ch)) {\n      this.index++;\n    } else {\n      this.throwError('Unexpected ' + this.char);\n    }\n    while (this.index < this.expr.length) {\n      ch = this.code;\n      if (Jsep.isIdentifierPart(ch)) {\n        this.index++;\n      } else {\n        break;\n      }\n    }\n    return {\n      type: Jsep.IDENTIFIER,\n      name: this.expr.slice(start, this.index)\n    };\n  }\n\n  /**\n   * Gobbles a list of arguments within the context of a function call\n   * or array literal. This function also assumes that the opening character\n   * `(` or `[` has already been gobbled, and gobbles expressions and commas\n   * until the terminator character `)` or `]` is encountered.\n   * e.g. `foo(bar, baz)`, `my_func()`, or `[bar, baz]`\n   * @param {number} termination\n   * @returns {jsep.Expression[]}\n   */\n  gobbleArguments(termination) {\n    const args = [];\n    let closed = false;\n    let separator_count = 0;\n    while (this.index < this.expr.length) {\n      this.gobbleSpaces();\n      let ch_i = this.code;\n      if (ch_i === termination) {\n        // done parsing\n        closed = true;\n        this.index++;\n        if (termination === Jsep.CPAREN_CODE && separator_count && separator_count >= args.length) {\n          this.throwError('Unexpected token ' + String.fromCharCode(termination));\n        }\n        break;\n      } else if (ch_i === Jsep.COMMA_CODE) {\n        // between expressions\n        this.index++;\n        separator_count++;\n        if (separator_count !== args.length) {\n          // missing argument\n          if (termination === Jsep.CPAREN_CODE) {\n            this.throwError('Unexpected token ,');\n          } else if (termination === Jsep.CBRACK_CODE) {\n            for (let arg = args.length; arg < separator_count; arg++) {\n              args.push(null);\n            }\n          }\n        }\n      } else if (args.length !== separator_count && separator_count !== 0) {\n        // NOTE: `&& separator_count !== 0` allows for either all commas, or all spaces as arguments\n        this.throwError('Expected comma');\n      } else {\n        const node = this.gobbleExpression();\n        if (!node || node.type === Jsep.COMPOUND) {\n          this.throwError('Expected comma');\n        }\n        args.push(node);\n      }\n    }\n    if (!closed) {\n      this.throwError('Expected ' + String.fromCharCode(termination));\n    }\n    return args;\n  }\n\n  /**\n   * Responsible for parsing a group of things within parentheses `()`\n   * that have no identifier in front (so not a function call)\n   * This function assumes that it needs to gobble the opening parenthesis\n   * and then tries to gobble everything within that parenthesis, assuming\n   * that the next thing it should see is the close parenthesis. If not,\n   * then the expression probably doesn't have a `)`\n   * @returns {boolean|jsep.Expression}\n   */\n  gobbleGroup() {\n    this.index++;\n    let nodes = this.gobbleExpressions(Jsep.CPAREN_CODE);\n    if (this.code === Jsep.CPAREN_CODE) {\n      this.index++;\n      if (nodes.length === 1) {\n        return nodes[0];\n      } else if (!nodes.length) {\n        return false;\n      } else {\n        return {\n          type: Jsep.SEQUENCE_EXP,\n          expressions: nodes\n        };\n      }\n    } else {\n      this.throwError('Unclosed (');\n    }\n  }\n\n  /**\n   * Responsible for parsing Array literals `[1, 2, 3]`\n   * This function assumes that it needs to gobble the opening bracket\n   * and then tries to gobble the expressions as arguments.\n   * @returns {jsep.ArrayExpression}\n   */\n  gobbleArray() {\n    this.index++;\n    return {\n      type: Jsep.ARRAY_EXP,\n      elements: this.gobbleArguments(Jsep.CBRACK_CODE)\n    };\n  }\n}\n\n// Static fields:\nconst hooks = new Hooks();\nObject.assign(Jsep, {\n  hooks,\n  plugins: new Plugins(Jsep),\n  // Node Types\n  // ----------\n  // This is the full set of types that any JSEP node can be.\n  // Store them here to save space when minified\n  COMPOUND: 'Compound',\n  SEQUENCE_EXP: 'SequenceExpression',\n  IDENTIFIER: 'Identifier',\n  MEMBER_EXP: 'MemberExpression',\n  LITERAL: 'Literal',\n  THIS_EXP: 'ThisExpression',\n  CALL_EXP: 'CallExpression',\n  UNARY_EXP: 'UnaryExpression',\n  BINARY_EXP: 'BinaryExpression',\n  ARRAY_EXP: 'ArrayExpression',\n  TAB_CODE: 9,\n  LF_CODE: 10,\n  CR_CODE: 13,\n  SPACE_CODE: 32,\n  PERIOD_CODE: 46,\n  // '.'\n  COMMA_CODE: 44,\n  // ','\n  SQUOTE_CODE: 39,\n  // single quote\n  DQUOTE_CODE: 34,\n  // double quotes\n  OPAREN_CODE: 40,\n  // (\n  CPAREN_CODE: 41,\n  // )\n  OBRACK_CODE: 91,\n  // [\n  CBRACK_CODE: 93,\n  // ]\n  QUMARK_CODE: 63,\n  // ?\n  SEMCOL_CODE: 59,\n  // ;\n  COLON_CODE: 58,\n  // :\n\n  // Operations\n  // ----------\n  // Use a quickly-accessible map to store all of the unary operators\n  // Values are set to `1` (it really doesn't matter)\n  unary_ops: {\n    '-': 1,\n    '!': 1,\n    '~': 1,\n    '+': 1\n  },\n  // Also use a map for the binary operations but set their values to their\n  // binary precedence for quick reference (higher number = higher precedence)\n  // see [Order of operations](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Operator_Precedence)\n  binary_ops: {\n    '||': 1,\n    '??': 1,\n    '&&': 2,\n    '|': 3,\n    '^': 4,\n    '&': 5,\n    '==': 6,\n    '!=': 6,\n    '===': 6,\n    '!==': 6,\n    '<': 7,\n    '>': 7,\n    '<=': 7,\n    '>=': 7,\n    '<<': 8,\n    '>>': 8,\n    '>>>': 8,\n    '+': 9,\n    '-': 9,\n    '*': 10,\n    '/': 10,\n    '%': 10,\n    '**': 11\n  },\n  // sets specific binary_ops as right-associative\n  right_associative: new Set(['**']),\n  // Additional valid identifier chars, apart from a-z, A-Z and 0-9 (except on the starting char)\n  additional_identifier_chars: new Set(['$', '_']),\n  // Literals\n  // ----------\n  // Store the values to return for the various literals we may encounter\n  literals: {\n    'true': true,\n    'false': false,\n    'null': null\n  },\n  // Except for `this`, which is special. This could be changed to something like `'self'` as well\n  this_str: 'this'\n});\nJsep.max_unop_len = Jsep.getMaxKeyLen(Jsep.unary_ops);\nJsep.max_binop_len = Jsep.getMaxKeyLen(Jsep.binary_ops);\n\n// Backward Compatibility:\nconst jsep = expr => new Jsep(expr).parse();\nconst stdClassProps = Object.getOwnPropertyNames(class Test {});\nObject.getOwnPropertyNames(Jsep).filter(prop => !stdClassProps.includes(prop) && jsep[prop] === undefined).forEach(m => {\n  jsep[m] = Jsep[m];\n});\njsep.Jsep = Jsep; // allows for const { Jsep } = require('jsep');\n\nconst CONDITIONAL_EXP = 'ConditionalExpression';\nvar ternary = {\n  name: 'ternary',\n  init(jsep) {\n    // Ternary expression: test ? consequent : alternate\n    jsep.hooks.add('after-expression', function gobbleTernary(env) {\n      if (env.node && this.code === jsep.QUMARK_CODE) {\n        this.index++;\n        const test = env.node;\n        const consequent = this.gobbleExpression();\n        if (!consequent) {\n          this.throwError('Expected expression');\n        }\n        this.gobbleSpaces();\n        if (this.code === jsep.COLON_CODE) {\n          this.index++;\n          const alternate = this.gobbleExpression();\n          if (!alternate) {\n            this.throwError('Expected expression');\n          }\n          env.node = {\n            type: CONDITIONAL_EXP,\n            test,\n            consequent,\n            alternate\n          };\n\n          // check for operators of higher priority than ternary (i.e. assignment)\n          // jsep sets || at 1, and assignment at 0.9, and conditional should be between them\n          if (test.operator && jsep.binary_ops[test.operator] <= 0.9) {\n            let newTest = test;\n            while (newTest.right.operator && jsep.binary_ops[newTest.right.operator] <= 0.9) {\n              newTest = newTest.right;\n            }\n            env.node.test = newTest.right;\n            newTest.right = env.node;\n            env.node = test;\n          }\n        } else {\n          this.throwError('Expected :');\n        }\n      }\n    });\n  }\n};\n\n// Add default plugins:\n\njsep.plugins.register(ternary);\n\nconst FSLASH_CODE = 47; // '/'\nconst BSLASH_CODE = 92; // '\\\\'\n\nvar index = {\n  name: 'regex',\n  init(jsep) {\n    // Regex literal: /abc123/ig\n    jsep.hooks.add('gobble-token', function gobbleRegexLiteral(env) {\n      if (this.code === FSLASH_CODE) {\n        const patternIndex = ++this.index;\n        let inCharSet = false;\n        while (this.index < this.expr.length) {\n          if (this.code === FSLASH_CODE && !inCharSet) {\n            const pattern = this.expr.slice(patternIndex, this.index);\n            let flags = '';\n            while (++this.index < this.expr.length) {\n              const code = this.code;\n              if (code >= 97 && code <= 122 // a...z\n              || code >= 65 && code <= 90 // A...Z\n              || code >= 48 && code <= 57) {\n                // 0-9\n                flags += this.char;\n              } else {\n                break;\n              }\n            }\n            let value;\n            try {\n              value = new RegExp(pattern, flags);\n            } catch (e) {\n              this.throwError(e.message);\n            }\n            env.node = {\n              type: jsep.LITERAL,\n              value,\n              raw: this.expr.slice(patternIndex - 1, this.index)\n            };\n\n            // allow . [] and () after regex: /regex/.test(a)\n            env.node = this.gobbleTokenProperty(env.node);\n            return env.node;\n          }\n          if (this.code === jsep.OBRACK_CODE) {\n            inCharSet = true;\n          } else if (inCharSet && this.code === jsep.CBRACK_CODE) {\n            inCharSet = false;\n          }\n          this.index += this.code === BSLASH_CODE ? 2 : 1;\n        }\n        this.throwError('Unclosed Regex');\n      }\n    });\n  }\n};\n\nconst PLUS_CODE = 43; // +\nconst MINUS_CODE = 45; // -\n\nconst plugin = {\n  name: 'assignment',\n  assignmentOperators: new Set(['=', '*=', '**=', '/=', '%=', '+=', '-=', '<<=', '>>=', '>>>=', '&=', '^=', '|=', '||=', '&&=', '??=']),\n  updateOperators: [PLUS_CODE, MINUS_CODE],\n  assignmentPrecedence: 0.9,\n  init(jsep) {\n    const updateNodeTypes = [jsep.IDENTIFIER, jsep.MEMBER_EXP];\n    plugin.assignmentOperators.forEach(op => jsep.addBinaryOp(op, plugin.assignmentPrecedence, true));\n    jsep.hooks.add('gobble-token', function gobbleUpdatePrefix(env) {\n      const code = this.code;\n      if (plugin.updateOperators.some(c => c === code && c === this.expr.charCodeAt(this.index + 1))) {\n        this.index += 2;\n        env.node = {\n          type: 'UpdateExpression',\n          operator: code === PLUS_CODE ? '++' : '--',\n          argument: this.gobbleTokenProperty(this.gobbleIdentifier()),\n          prefix: true\n        };\n        if (!env.node.argument || !updateNodeTypes.includes(env.node.argument.type)) {\n          this.throwError(`Unexpected ${env.node.operator}`);\n        }\n      }\n    });\n    jsep.hooks.add('after-token', function gobbleUpdatePostfix(env) {\n      if (env.node) {\n        const code = this.code;\n        if (plugin.updateOperators.some(c => c === code && c === this.expr.charCodeAt(this.index + 1))) {\n          if (!updateNodeTypes.includes(env.node.type)) {\n            this.throwError(`Unexpected ${env.node.operator}`);\n          }\n          this.index += 2;\n          env.node = {\n            type: 'UpdateExpression',\n            operator: code === PLUS_CODE ? '++' : '--',\n            argument: env.node,\n            prefix: false\n          };\n        }\n      }\n    });\n    jsep.hooks.add('after-expression', function gobbleAssignment(env) {\n      if (env.node) {\n        // Note: Binaries can be chained in a single expression to respect\n        // operator precedence (i.e. a = b = 1 + 2 + 3)\n        // Update all binary assignment nodes in the tree\n        updateBinariesToAssignments(env.node);\n      }\n    });\n    function updateBinariesToAssignments(node) {\n      if (plugin.assignmentOperators.has(node.operator)) {\n        node.type = 'AssignmentExpression';\n        updateBinariesToAssignments(node.left);\n        updateBinariesToAssignments(node.right);\n      } else if (!node.operator) {\n        Object.values(node).forEach(val => {\n          if (val && typeof val === 'object') {\n            updateBinariesToAssignments(val);\n          }\n        });\n      }\n    }\n  }\n};\n\n/* eslint-disable no-bitwise -- Convenient */\n\n// register plugins\njsep.plugins.register(index, plugin);\njsep.addUnaryOp('typeof');\njsep.addLiteral('null', null);\njsep.addLiteral('undefined', undefined);\nconst BLOCKED_PROTO_PROPERTIES = new Set(['constructor', '__proto__', '__defineGetter__', '__defineSetter__']);\nconst SafeEval = {\n  /**\n   * @param {jsep.Expression} ast\n   * @param {Record<string, any>} subs\n   */\n  evalAst(ast, subs) {\n    switch (ast.type) {\n      case 'BinaryExpression':\n      case 'LogicalExpression':\n        return SafeEval.evalBinaryExpression(ast, subs);\n      case 'Compound':\n        return SafeEval.evalCompound(ast, subs);\n      case 'ConditionalExpression':\n        return SafeEval.evalConditionalExpression(ast, subs);\n      case 'Identifier':\n        return SafeEval.evalIdentifier(ast, subs);\n      case 'Literal':\n        return SafeEval.evalLiteral(ast, subs);\n      case 'MemberExpression':\n        return SafeEval.evalMemberExpression(ast, subs);\n      case 'UnaryExpression':\n        return SafeEval.evalUnaryExpression(ast, subs);\n      case 'ArrayExpression':\n        return SafeEval.evalArrayExpression(ast, subs);\n      case 'CallExpression':\n        return SafeEval.evalCallExpression(ast, subs);\n      case 'AssignmentExpression':\n        return SafeEval.evalAssignmentExpression(ast, subs);\n      default:\n        throw SyntaxError('Unexpected expression', ast);\n    }\n  },\n  evalBinaryExpression(ast, subs) {\n    const result = {\n      '||': (a, b) => a || b(),\n      '&&': (a, b) => a && b(),\n      '|': (a, b) => a | b(),\n      '^': (a, b) => a ^ b(),\n      '&': (a, b) => a & b(),\n      // eslint-disable-next-line eqeqeq -- API\n      '==': (a, b) => a == b(),\n      // eslint-disable-next-line eqeqeq -- API\n      '!=': (a, b) => a != b(),\n      '===': (a, b) => a === b(),\n      '!==': (a, b) => a !== b(),\n      '<': (a, b) => a < b(),\n      '>': (a, b) => a > b(),\n      '<=': (a, b) => a <= b(),\n      '>=': (a, b) => a >= b(),\n      '<<': (a, b) => a << b(),\n      '>>': (a, b) => a >> b(),\n      '>>>': (a, b) => a >>> b(),\n      '+': (a, b) => a + b(),\n      '-': (a, b) => a - b(),\n      '*': (a, b) => a * b(),\n      '/': (a, b) => a / b(),\n      '%': (a, b) => a % b()\n    }[ast.operator](SafeEval.evalAst(ast.left, subs), () => SafeEval.evalAst(ast.right, subs));\n    return result;\n  },\n  evalCompound(ast, subs) {\n    let last;\n    for (let i = 0; i < ast.body.length; i++) {\n      if (ast.body[i].type === 'Identifier' && ['var', 'let', 'const'].includes(ast.body[i].name) && ast.body[i + 1] && ast.body[i + 1].type === 'AssignmentExpression') {\n        // var x=2; is detected as\n        // [{Identifier var}, {AssignmentExpression x=2}]\n        // eslint-disable-next-line @stylistic/max-len -- Long\n        // eslint-disable-next-line sonarjs/updated-loop-counter -- Convenient\n        i += 1;\n      }\n      const expr = ast.body[i];\n      last = SafeEval.evalAst(expr, subs);\n    }\n    return last;\n  },\n  evalConditionalExpression(ast, subs) {\n    if (SafeEval.evalAst(ast.test, subs)) {\n      return SafeEval.evalAst(ast.consequent, subs);\n    }\n    return SafeEval.evalAst(ast.alternate, subs);\n  },\n  evalIdentifier(ast, subs) {\n    if (Object.hasOwn(subs, ast.name)) {\n      return subs[ast.name];\n    }\n    throw ReferenceError(`${ast.name} is not defined`);\n  },\n  evalLiteral(ast) {\n    return ast.value;\n  },\n  evalMemberExpression(ast, subs) {\n    const prop = String(\n    // NOTE: `String(value)` throws error when\n    // value has overwritten the toString method to return non-string\n    // i.e. `value = {toString: () => []}`\n    ast.computed ? SafeEval.evalAst(ast.property) // `object[property]`\n    : ast.property.name // `object.property` property is Identifier\n    );\n    const obj = SafeEval.evalAst(ast.object, subs);\n    if (obj === undefined || obj === null) {\n      throw TypeError(`Cannot read properties of ${obj} (reading '${prop}')`);\n    }\n    if (!Object.hasOwn(obj, prop) && BLOCKED_PROTO_PROPERTIES.has(prop)) {\n      throw TypeError(`Cannot read properties of ${obj} (reading '${prop}')`);\n    }\n    const result = obj[prop];\n    if (typeof result === 'function') {\n      return result.bind(obj); // arrow functions aren't affected by bind.\n    }\n    return result;\n  },\n  evalUnaryExpression(ast, subs) {\n    const result = {\n      '-': a => -SafeEval.evalAst(a, subs),\n      '!': a => !SafeEval.evalAst(a, subs),\n      '~': a => ~SafeEval.evalAst(a, subs),\n      // eslint-disable-next-line no-implicit-coercion -- API\n      '+': a => +SafeEval.evalAst(a, subs),\n      typeof: a => typeof SafeEval.evalAst(a, subs)\n    }[ast.operator](ast.argument);\n    return result;\n  },\n  evalArrayExpression(ast, subs) {\n    return ast.elements.map(el => SafeEval.evalAst(el, subs));\n  },\n  evalCallExpression(ast, subs) {\n    const args = ast.arguments.map(arg => SafeEval.evalAst(arg, subs));\n    const func = SafeEval.evalAst(ast.callee, subs);\n    // if (func === Function) {\n    //     throw new Error('Function constructor is disabled');\n    // }\n    return func(...args);\n  },\n  evalAssignmentExpression(ast, subs) {\n    if (ast.left.type !== 'Identifier') {\n      throw SyntaxError('Invalid left-hand side in assignment');\n    }\n    const id = ast.left.name;\n    const value = SafeEval.evalAst(ast.right, subs);\n    subs[id] = value;\n    return subs[id];\n  }\n};\n\n/**\n * A replacement for NodeJS' VM.Script which is also {@link https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP | Content Security Policy} friendly.\n */\nclass SafeScript {\n  /**\n   * @param {string} expr Expression to evaluate\n   */\n  constructor(expr) {\n    this.code = expr;\n    this.ast = jsep(this.code);\n  }\n\n  /**\n   * @param {object} context Object whose items will be added\n   *   to evaluation\n   * @returns {EvaluatedResult} Result of evaluated code\n   */\n  runInNewContext(context) {\n    // `Object.create(null)` creates a prototypeless object\n    const keyMap = Object.assign(Object.create(null), context);\n    return SafeEval.evalAst(this.ast, keyMap);\n  }\n}\n\n/* eslint-disable camelcase -- Convenient for escaping */\n\n\n/**\n * @typedef {null|boolean|number|string|object|GenericArray} JSONObject\n */\n\n/**\n * @typedef {any} AnyItem\n */\n\n/**\n * @typedef {any} AnyResult\n */\n\n/**\n * Copies array and then pushes item into it.\n * @param {GenericArray} arr Array to copy and into which to push\n * @param {AnyItem} item Array item to add (to end)\n * @returns {GenericArray} Copy of the original array\n */\nfunction push(arr, item) {\n  arr = arr.slice();\n  arr.push(item);\n  return arr;\n}\n/**\n * Copies array and then unshifts item into it.\n * @param {AnyItem} item Array item to add (to beginning)\n * @param {GenericArray} arr Array to copy and into which to unshift\n * @returns {GenericArray} Copy of the original array\n */\nfunction unshift(item, arr) {\n  arr = arr.slice();\n  arr.unshift(item);\n  return arr;\n}\n\n/**\n * Caught when JSONPath is used without `new` but rethrown if with `new`\n * @extends Error\n */\nclass NewError extends Error {\n  /**\n   * @param {AnyResult} value The evaluated scalar value\n   */\n  constructor(value) {\n    super('JSONPath should not be called with \"new\" (it prevents return ' + 'of (unwrapped) scalar values)');\n    this.avoidNew = true;\n    this.value = value;\n    this.name = 'NewError';\n  }\n}\n\n/**\n* @typedef {object} ReturnObject\n* @property {string} path\n* @property {JSONObject} value\n* @property {object|GenericArray} parent\n* @property {string} parentProperty\n*/\n\n/**\n* @callback JSONPathCallback\n* @param {string|object} preferredOutput\n* @param {\"value\"|\"property\"} type\n* @param {ReturnObject} fullRetObj\n* @returns {void}\n*/\n\n/**\n* @callback OtherTypeCallback\n* @param {JSONObject} val\n* @param {string} path\n* @param {object|GenericArray} parent\n* @param {string} parentPropName\n* @returns {boolean}\n*/\n\n/**\n * @typedef {any} ContextItem\n */\n\n/**\n * @typedef {any} EvaluatedResult\n */\n\n/**\n* @callback EvalCallback\n* @param {string} code\n* @param {ContextItem} context\n* @returns {EvaluatedResult}\n*/\n\n/**\n * @typedef {typeof SafeScript} EvalClass\n */\n\n/**\n * @typedef {object} JSONPathOptions\n * @property {JSON} json\n * @property {string|string[]} path\n * @property {\"value\"|\"path\"|\"pointer\"|\"parent\"|\"parentProperty\"|\n *   \"all\"} [resultType=\"value\"]\n * @property {boolean} [flatten=false]\n * @property {boolean} [wrap=true]\n * @property {object} [sandbox={}]\n * @property {EvalCallback|EvalClass|'safe'|'native'|\n *   boolean} [eval = 'safe']\n * @property {object|GenericArray|null} [parent=null]\n * @property {string|null} [parentProperty=null]\n * @property {JSONPathCallback} [callback]\n * @property {OtherTypeCallback} [otherTypeCallback] Defaults to\n *   function which throws on encountering `@other`\n * @property {boolean} [autostart=true]\n */\n\n/**\n * @param {string|JSONPathOptions} opts If a string, will be treated as `expr`\n * @param {string} [expr] JSON path to evaluate\n * @param {JSON} [obj] JSON object to evaluate against\n * @param {JSONPathCallback} [callback] Passed 3 arguments: 1) desired payload\n *     per `resultType`, 2) `\"value\"|\"property\"`, 3) Full returned object with\n *     all payloads\n * @param {OtherTypeCallback} [otherTypeCallback] If `@other()` is at the end\n *   of one's query, this will be invoked with the value of the item, its\n *   path, its parent, and its parent's property name, and it should return\n *   a boolean indicating whether the supplied value belongs to the \"other\"\n *   type or not (or it may handle transformations and return `false`).\n * @returns {JSONPath}\n * @class\n */\nfunction JSONPath(opts, expr, obj, callback, otherTypeCallback) {\n  // eslint-disable-next-line no-restricted-syntax -- Allow for pseudo-class\n  if (!(this instanceof JSONPath)) {\n    try {\n      return new JSONPath(opts, expr, obj, callback, otherTypeCallback);\n    } catch (e) {\n      if (!e.avoidNew) {\n        throw e;\n      }\n      return e.value;\n    }\n  }\n  if (typeof opts === 'string') {\n    otherTypeCallback = callback;\n    callback = obj;\n    obj = expr;\n    expr = opts;\n    opts = null;\n  }\n  const optObj = opts && typeof opts === 'object';\n  opts = opts || {};\n  this.json = opts.json || obj;\n  this.path = opts.path || expr;\n  this.resultType = opts.resultType || 'value';\n  this.flatten = opts.flatten || false;\n  this.wrap = Object.hasOwn(opts, 'wrap') ? opts.wrap : true;\n  this.sandbox = opts.sandbox || {};\n  this.eval = opts.eval === undefined ? 'safe' : opts.eval;\n  this.ignoreEvalErrors = typeof opts.ignoreEvalErrors === 'undefined' ? false : opts.ignoreEvalErrors;\n  this.parent = opts.parent || null;\n  this.parentProperty = opts.parentProperty || null;\n  this.callback = opts.callback || callback || null;\n  this.otherTypeCallback = opts.otherTypeCallback || otherTypeCallback || function () {\n    throw new TypeError('You must supply an otherTypeCallback callback option ' + 'with the @other() operator.');\n  };\n  if (opts.autostart !== false) {\n    const args = {\n      path: optObj ? opts.path : expr\n    };\n    if (!optObj) {\n      args.json = obj;\n    } else if ('json' in opts) {\n      args.json = opts.json;\n    }\n    const ret = this.evaluate(args);\n    if (!ret || typeof ret !== 'object') {\n      throw new NewError(ret);\n    }\n    return ret;\n  }\n}\n\n// PUBLIC METHODS\nJSONPath.prototype.evaluate = function (expr, json, callback, otherTypeCallback) {\n  let currParent = this.parent,\n    currParentProperty = this.parentProperty;\n  let {\n    flatten,\n    wrap\n  } = this;\n  this.currResultType = this.resultType;\n  this.currEval = this.eval;\n  this.currSandbox = this.sandbox;\n  callback = callback || this.callback;\n  this.currOtherTypeCallback = otherTypeCallback || this.otherTypeCallback;\n  json = json || this.json;\n  expr = expr || this.path;\n  if (expr && typeof expr === 'object' && !Array.isArray(expr)) {\n    if (!expr.path && expr.path !== '') {\n      throw new TypeError('You must supply a \"path\" property when providing an object ' + 'argument to JSONPath.evaluate().');\n    }\n    if (!Object.hasOwn(expr, 'json')) {\n      throw new TypeError('You must supply a \"json\" property when providing an object ' + 'argument to JSONPath.evaluate().');\n    }\n    ({\n      json\n    } = expr);\n    flatten = Object.hasOwn(expr, 'flatten') ? expr.flatten : flatten;\n    this.currResultType = Object.hasOwn(expr, 'resultType') ? expr.resultType : this.currResultType;\n    this.currSandbox = Object.hasOwn(expr, 'sandbox') ? expr.sandbox : this.currSandbox;\n    wrap = Object.hasOwn(expr, 'wrap') ? expr.wrap : wrap;\n    this.currEval = Object.hasOwn(expr, 'eval') ? expr.eval : this.currEval;\n    callback = Object.hasOwn(expr, 'callback') ? expr.callback : callback;\n    this.currOtherTypeCallback = Object.hasOwn(expr, 'otherTypeCallback') ? expr.otherTypeCallback : this.currOtherTypeCallback;\n    currParent = Object.hasOwn(expr, 'parent') ? expr.parent : currParent;\n    currParentProperty = Object.hasOwn(expr, 'parentProperty') ? expr.parentProperty : currParentProperty;\n    expr = expr.path;\n  }\n  currParent = currParent || null;\n  currParentProperty = currParentProperty || null;\n  if (Array.isArray(expr)) {\n    expr = JSONPath.toPathString(expr);\n  }\n  if (!expr && expr !== '' || !json) {\n    return undefined;\n  }\n  const exprList = JSONPath.toPathArray(expr);\n  if (exprList[0] === '$' && exprList.length > 1) {\n    exprList.shift();\n  }\n  this._hasParentSelector = null;\n  const result = this._trace(exprList, json, ['$'], currParent, currParentProperty, callback).filter(function (ea) {\n    return ea && !ea.isParentSelector;\n  });\n  if (!result.length) {\n    return wrap ? [] : undefined;\n  }\n  if (!wrap && result.length === 1 && !result[0].hasArrExpr) {\n    return this._getPreferredOutput(result[0]);\n  }\n  return result.reduce((rslt, ea) => {\n    const valOrPath = this._getPreferredOutput(ea);\n    if (flatten && Array.isArray(valOrPath)) {\n      rslt = rslt.concat(valOrPath);\n    } else {\n      rslt.push(valOrPath);\n    }\n    return rslt;\n  }, []);\n};\n\n// PRIVATE METHODS\n\nJSONPath.prototype._getPreferredOutput = function (ea) {\n  const resultType = this.currResultType;\n  switch (resultType) {\n    case 'all':\n      {\n        const path = Array.isArray(ea.path) ? ea.path : JSONPath.toPathArray(ea.path);\n        ea.pointer = JSONPath.toPointer(path);\n        ea.path = typeof ea.path === 'string' ? ea.path : JSONPath.toPathString(ea.path);\n        return ea;\n      }\n    case 'value':\n    case 'parent':\n    case 'parentProperty':\n      return ea[resultType];\n    case 'path':\n      return JSONPath.toPathString(ea[resultType]);\n    case 'pointer':\n      return JSONPath.toPointer(ea.path);\n    default:\n      throw new TypeError('Unknown result type');\n  }\n};\nJSONPath.prototype._handleCallback = function (fullRetObj, callback, type) {\n  if (callback) {\n    const preferredOutput = this._getPreferredOutput(fullRetObj);\n    fullRetObj.path = typeof fullRetObj.path === 'string' ? fullRetObj.path : JSONPath.toPathString(fullRetObj.path);\n    // eslint-disable-next-line n/callback-return -- No need to return\n    callback(preferredOutput, type, fullRetObj);\n  }\n};\n\n/**\n *\n * @param {string} expr\n * @param {JSONObject} val\n * @param {string} path\n * @param {object|GenericArray} parent\n * @param {string} parentPropName\n * @param {JSONPathCallback} callback\n * @param {boolean} hasArrExpr\n * @param {boolean} literalPriority\n * @returns {ReturnObject|ReturnObject[]}\n */\nJSONPath.prototype._trace = function (expr, val, path, parent, parentPropName, callback, hasArrExpr, literalPriority) {\n  // No expr to follow? return path and value as the result of\n  //  this trace branch\n  let retObj;\n  if (!expr.length) {\n    retObj = {\n      path,\n      value: val,\n      parent,\n      parentProperty: parentPropName,\n      hasArrExpr\n    };\n    this._handleCallback(retObj, callback, 'value');\n    return retObj;\n  }\n  const loc = expr[0],\n    x = expr.slice(1);\n\n  // We need to gather the return value of recursive trace calls in order to\n  // do the parent sel computation.\n  const ret = [];\n  /**\n   *\n   * @param {ReturnObject|ReturnObject[]} elems\n   * @returns {void}\n   */\n  function addRet(elems) {\n    if (Array.isArray(elems)) {\n      // This was causing excessive stack size in Node (with or\n      //  without Babel) against our performance test:\n      //  `ret.push(...elems);`\n      elems.forEach(t => {\n        ret.push(t);\n      });\n    } else {\n      ret.push(elems);\n    }\n  }\n  if ((typeof loc !== 'string' || literalPriority) && val && Object.hasOwn(val, loc)) {\n    // simple case--directly follow property\n    addRet(this._trace(x, val[loc], push(path, loc), val, loc, callback, hasArrExpr));\n    // eslint-disable-next-line unicorn/prefer-switch -- Part of larger `if`\n  } else if (loc === '*') {\n    // all child properties\n    this._walk(val, m => {\n      addRet(this._trace(x, val[m], push(path, m), val, m, callback, true, true));\n    });\n  } else if (loc === '..') {\n    // all descendent parent properties\n    // Check remaining expression with val's immediate children\n    addRet(this._trace(x, val, path, parent, parentPropName, callback, hasArrExpr));\n    this._walk(val, m => {\n      // We don't join m and x here because we only want parents,\n      //   not scalar values\n      if (typeof val[m] === 'object') {\n        // Keep going with recursive descent on val's\n        //   object children\n        addRet(this._trace(expr.slice(), val[m], push(path, m), val, m, callback, true));\n      }\n    });\n    // The parent sel computation is handled in the frame above using the\n    // ancestor object of val\n  } else if (loc === '^') {\n    // This is not a final endpoint, so we do not invoke the callback here\n    this._hasParentSelector = true;\n    return {\n      path: path.slice(0, -1),\n      expr: x,\n      isParentSelector: true\n    };\n  } else if (loc === '~') {\n    // property name\n    retObj = {\n      path: push(path, loc),\n      value: parentPropName,\n      parent,\n      parentProperty: null\n    };\n    this._handleCallback(retObj, callback, 'property');\n    return retObj;\n  } else if (loc === '$') {\n    // root only\n    addRet(this._trace(x, val, path, null, null, callback, hasArrExpr));\n  } else if (/^(-?\\d*):(-?\\d*):?(\\d*)$/u.test(loc)) {\n    // [start:end:step]  Python slice syntax\n    addRet(this._slice(loc, x, val, path, parent, parentPropName, callback));\n  } else if (loc.indexOf('?(') === 0) {\n    // [?(expr)] (filtering)\n    if (this.currEval === false) {\n      throw new Error('Eval [?(expr)] prevented in JSONPath expression.');\n    }\n    const safeLoc = loc.replace(/^\\?\\((.*?)\\)$/u, '$1');\n    // check for a nested filter expression\n    const nested = /@.?([^?]*)[['](\\??\\(.*?\\))(?!.\\)\\])[\\]']/gu.exec(safeLoc);\n    if (nested) {\n      // find if there are matches in the nested expression\n      // add them to the result set if there is at least one match\n      this._walk(val, m => {\n        const npath = [nested[2]];\n        const nvalue = nested[1] ? val[m][nested[1]] : val[m];\n        const filterResults = this._trace(npath, nvalue, path, parent, parentPropName, callback, true);\n        if (filterResults.length > 0) {\n          addRet(this._trace(x, val[m], push(path, m), val, m, callback, true));\n        }\n      });\n    } else {\n      this._walk(val, m => {\n        if (this._eval(safeLoc, val[m], m, path, parent, parentPropName)) {\n          addRet(this._trace(x, val[m], push(path, m), val, m, callback, true));\n        }\n      });\n    }\n  } else if (loc[0] === '(') {\n    // [(expr)] (dynamic property/index)\n    if (this.currEval === false) {\n      throw new Error('Eval [(expr)] prevented in JSONPath expression.');\n    }\n    // As this will resolve to a property name (but we don't know it\n    //  yet), property and parent information is relative to the\n    //  parent of the property to which this expression will resolve\n    addRet(this._trace(unshift(this._eval(loc, val, path.at(-1), path.slice(0, -1), parent, parentPropName), x), val, path, parent, parentPropName, callback, hasArrExpr));\n  } else if (loc[0] === '@') {\n    // value type: @boolean(), etc.\n    let addType = false;\n    const valueType = loc.slice(1, -2);\n    switch (valueType) {\n      case 'scalar':\n        if (!val || !['object', 'function'].includes(typeof val)) {\n          addType = true;\n        }\n        break;\n      case 'boolean':\n      case 'string':\n      case 'undefined':\n      case 'function':\n        if (typeof val === valueType) {\n          addType = true;\n        }\n        break;\n      case 'integer':\n        if (Number.isFinite(val) && !(val % 1)) {\n          addType = true;\n        }\n        break;\n      case 'number':\n        if (Number.isFinite(val)) {\n          addType = true;\n        }\n        break;\n      case 'nonFinite':\n        if (typeof val === 'number' && !Number.isFinite(val)) {\n          addType = true;\n        }\n        break;\n      case 'object':\n        if (val && typeof val === valueType) {\n          addType = true;\n        }\n        break;\n      case 'array':\n        if (Array.isArray(val)) {\n          addType = true;\n        }\n        break;\n      case 'other':\n        addType = this.currOtherTypeCallback(val, path, parent, parentPropName);\n        break;\n      case 'null':\n        if (val === null) {\n          addType = true;\n        }\n        break;\n      /* c8 ignore next 2 */\n      default:\n        throw new TypeError('Unknown value type ' + valueType);\n    }\n    if (addType) {\n      retObj = {\n        path,\n        value: val,\n        parent,\n        parentProperty: parentPropName\n      };\n      this._handleCallback(retObj, callback, 'value');\n      return retObj;\n    }\n    // `-escaped property\n  } else if (loc[0] === '`' && val && Object.hasOwn(val, loc.slice(1))) {\n    const locProp = loc.slice(1);\n    addRet(this._trace(x, val[locProp], push(path, locProp), val, locProp, callback, hasArrExpr, true));\n  } else if (loc.includes(',')) {\n    // [name1,name2,...]\n    const parts = loc.split(',');\n    for (const part of parts) {\n      addRet(this._trace(unshift(part, x), val, path, parent, parentPropName, callback, true));\n    }\n    // simple case--directly follow property\n  } else if (!literalPriority && val && Object.hasOwn(val, loc)) {\n    addRet(this._trace(x, val[loc], push(path, loc), val, loc, callback, hasArrExpr, true));\n  }\n\n  // We check the resulting values for parent selections. For parent\n  // selections we discard the value object and continue the trace with the\n  // current val object\n  if (this._hasParentSelector) {\n    for (let t = 0; t < ret.length; t++) {\n      const rett = ret[t];\n      if (rett && rett.isParentSelector) {\n        const tmp = this._trace(rett.expr, val, rett.path, parent, parentPropName, callback, hasArrExpr);\n        if (Array.isArray(tmp)) {\n          ret[t] = tmp[0];\n          const tl = tmp.length;\n          for (let tt = 1; tt < tl; tt++) {\n            // eslint-disable-next-line @stylistic/max-len -- Long\n            // eslint-disable-next-line sonarjs/updated-loop-counter -- Convenient\n            t++;\n            ret.splice(t, 0, tmp[tt]);\n          }\n        } else {\n          ret[t] = tmp;\n        }\n      }\n    }\n  }\n  return ret;\n};\nJSONPath.prototype._walk = function (val, f) {\n  if (Array.isArray(val)) {\n    const n = val.length;\n    for (let i = 0; i < n; i++) {\n      f(i);\n    }\n  } else if (val && typeof val === 'object') {\n    Object.keys(val).forEach(m => {\n      f(m);\n    });\n  }\n};\nJSONPath.prototype._slice = function (loc, expr, val, path, parent, parentPropName, callback) {\n  if (!Array.isArray(val)) {\n    return undefined;\n  }\n  const len = val.length,\n    parts = loc.split(':'),\n    step = parts[2] && Number.parseInt(parts[2]) || 1;\n  let start = parts[0] && Number.parseInt(parts[0]) || 0,\n    end = parts[1] && Number.parseInt(parts[1]) || len;\n  start = start < 0 ? Math.max(0, start + len) : Math.min(len, start);\n  end = end < 0 ? Math.max(0, end + len) : Math.min(len, end);\n  const ret = [];\n  for (let i = start; i < end; i += step) {\n    const tmp = this._trace(unshift(i, expr), val, path, parent, parentPropName, callback, true);\n    // Should only be possible to be an array here since first part of\n    //   ``unshift(i, expr)` passed in above would not be empty, nor `~`,\n    //     nor begin with `@` (as could return objects)\n    // This was causing excessive stack size in Node (with or\n    //  without Babel) against our performance test: `ret.push(...tmp);`\n    tmp.forEach(t => {\n      ret.push(t);\n    });\n  }\n  return ret;\n};\nJSONPath.prototype._eval = function (code, _v, _vname, path, parent, parentPropName) {\n  this.currSandbox._$_parentProperty = parentPropName;\n  this.currSandbox._$_parent = parent;\n  this.currSandbox._$_property = _vname;\n  this.currSandbox._$_root = this.json;\n  this.currSandbox._$_v = _v;\n  const containsPath = code.includes('@path');\n  if (containsPath) {\n    this.currSandbox._$_path = JSONPath.toPathString(path.concat([_vname]));\n  }\n  const scriptCacheKey = this.currEval + 'Script:' + code;\n  if (!JSONPath.cache[scriptCacheKey]) {\n    let script = code.replaceAll('@parentProperty', '_$_parentProperty').replaceAll('@parent', '_$_parent').replaceAll('@property', '_$_property').replaceAll('@root', '_$_root').replaceAll(/@([.\\s)[])/gu, '_$_v$1');\n    if (containsPath) {\n      script = script.replaceAll('@path', '_$_path');\n    }\n    if (this.currEval === 'safe' || this.currEval === true || this.currEval === undefined) {\n      JSONPath.cache[scriptCacheKey] = new this.safeVm.Script(script);\n    } else if (this.currEval === 'native') {\n      JSONPath.cache[scriptCacheKey] = new this.vm.Script(script);\n    } else if (typeof this.currEval === 'function' && this.currEval.prototype && Object.hasOwn(this.currEval.prototype, 'runInNewContext')) {\n      const CurrEval = this.currEval;\n      JSONPath.cache[scriptCacheKey] = new CurrEval(script);\n    } else if (typeof this.currEval === 'function') {\n      JSONPath.cache[scriptCacheKey] = {\n        runInNewContext: context => this.currEval(script, context)\n      };\n    } else {\n      throw new TypeError(`Unknown \"eval\" property \"${this.currEval}\"`);\n    }\n  }\n  try {\n    return JSONPath.cache[scriptCacheKey].runInNewContext(this.currSandbox);\n  } catch (e) {\n    if (this.ignoreEvalErrors) {\n      return false;\n    }\n    throw new Error('jsonPath: ' + e.message + ': ' + code);\n  }\n};\n\n// PUBLIC CLASS PROPERTIES AND METHODS\n\n// Could store the cache object itself\nJSONPath.cache = {};\n\n/**\n * @param {string[]} pathArr Array to convert\n * @returns {string} The path string\n */\nJSONPath.toPathString = function (pathArr) {\n  const x = pathArr,\n    n = x.length;\n  let p = '$';\n  for (let i = 1; i < n; i++) {\n    if (!/^(~|\\^|@.*?\\(\\))$/u.test(x[i])) {\n      p += /^[0-9*]+$/u.test(x[i]) ? '[' + x[i] + ']' : \"['\" + x[i] + \"']\";\n    }\n  }\n  return p;\n};\n\n/**\n * @param {string} pointer JSON Path\n * @returns {string} JSON Pointer\n */\nJSONPath.toPointer = function (pointer) {\n  const x = pointer,\n    n = x.length;\n  let p = '';\n  for (let i = 1; i < n; i++) {\n    if (!/^(~|\\^|@.*?\\(\\))$/u.test(x[i])) {\n      p += '/' + x[i].toString().replaceAll('~', '~0').replaceAll('/', '~1');\n    }\n  }\n  return p;\n};\n\n/**\n * @param {string} expr Expression to convert\n * @returns {string[]}\n */\nJSONPath.toPathArray = function (expr) {\n  const {\n    cache\n  } = JSONPath;\n  if (cache[expr]) {\n    return cache[expr].concat();\n  }\n  const subx = [];\n  const normalized = expr\n  // Properties\n  .replaceAll(/@(?:null|boolean|number|string|integer|undefined|nonFinite|scalar|array|object|function|other)\\(\\)/gu, ';$&;')\n  // Parenthetical evaluations (filtering and otherwise), directly\n  //   within brackets or single quotes\n  .replaceAll(/[['](\\??\\(.*?\\))[\\]'](?!.\\])/gu, function ($0, $1) {\n    return '[#' + (subx.push($1) - 1) + ']';\n  })\n  // Escape periods and tildes within properties\n  .replaceAll(/\\[['\"]([^'\\]]*)['\"]\\]/gu, function ($0, prop) {\n    return \"['\" + prop.replaceAll('.', '%@%').replaceAll('~', '%%@@%%') + \"']\";\n  })\n  // Properties operator\n  .replaceAll('~', ';~;')\n  // Split by property boundaries\n  .replaceAll(/['\"]?\\.['\"]?(?![^[]*\\])|\\[['\"]?/gu, ';')\n  // Reinsert periods within properties\n  .replaceAll('%@%', '.')\n  // Reinsert tildes within properties\n  .replaceAll('%%@@%%', '~')\n  // Parent\n  .replaceAll(/(?:;)?(\\^+)(?:;)?/gu, function ($0, ups) {\n    return ';' + ups.split('').join(';') + ';';\n  })\n  // Descendents\n  .replaceAll(/;;;|;;/gu, ';..;')\n  // Remove trailing\n  .replaceAll(/;$|'?\\]|'$/gu, '');\n  const exprList = normalized.split(';').map(function (exp) {\n    const match = exp.match(/#(\\d+)/u);\n    return !match || !match[1] ? exp : subx[match[1]];\n  });\n  cache[expr] = exprList;\n  return cache[expr].concat();\n};\nJSONPath.prototype.safeVm = {\n  Script: SafeScript\n};\n\nJSONPath.prototype.vm = vm;\n\nexports.JSONPath = JSONPath;\n","// The module cache\nvar __webpack_module_cache__ = {};\n\n// The require function\nfunction __webpack_require__(moduleId) {\n\t// Check if module is in cache\n\tvar cachedModule = __webpack_module_cache__[moduleId];\n\tif (cachedModule !== undefined) {\n\t\treturn cachedModule.exports;\n\t}\n\t// Create a new module (and put it into the cache)\n\tvar module = __webpack_module_cache__[moduleId] = {\n\t\t// no module.id needed\n\t\t// no module.loaded needed\n\t\texports: {}\n\t};\n\n\t// Execute the module function\n\tvar threw = true;\n\ttry {\n\t\t__webpack_modules__[moduleId].call(module.exports, module, module.exports, __webpack_require__);\n\t\tthrew = false;\n\t} finally {\n\t\tif(threw) delete __webpack_module_cache__[moduleId];\n\t}\n\n\t// Return the exports of the module\n\treturn module.exports;\n}\n\n","\nif (typeof __webpack_require__ !== 'undefined') __webpack_require__.ab = __dirname + \"/\";","","// startup\n// Load entry module and return exports\n// This entry module is referenced by other modules so it can't be inlined\nvar __webpack_exports__ = __webpack_require__(5915);\n",""],"names":[],"sourceRoot":""}
\ No newline at end of file
+{"version":3,"file":"index.js","mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC/JA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC7FA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC/HA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1XA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACvGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC1RA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACnHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChuBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC7FA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC/NA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACvTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1MA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACjUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACt1DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACrnEA;AACA;AACA;AACA;;;;;;;;ACHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACrpBA;;;;;;;;;ACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvQA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACtKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACnJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACxPA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnLA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC3NA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACxGA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACNA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACjUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC7CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC7LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACr0BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/IA;AACA;AACA;AACA;AACA;;;;;;;;;ACJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AChDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1uEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACXA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACtLA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5TA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjRA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AClfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC9DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACzgBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACpmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACtJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACxQA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AChlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnmEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACj7BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1jBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvnCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACroBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjSA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC7EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AC5NA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC/UA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACpBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;ACrRA;;;;;;;;ACAA;;;;;;;;;ACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1KA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AChBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC7MA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC1DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACtBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC9VA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACpHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;ACjMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC3GA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC5LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AChGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClSA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AClDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC9SA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACxEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACXA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACvMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;AChoBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACh7JA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;;;;;;;;ACAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACpNA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACpFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjTA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;AC7LA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACrDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACjHA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;ACnMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;ACrhEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AC7BA;AACA;;;;AEDA;AACA;AACA;AACA","sources":[".././lib/main.js",".././lib/utils.js",".././node_modules/@actions/core/lib/command.js",".././node_modules/@actions/core/lib/core.js",".././node_modules/@actions/core/lib/file-command.js",".././node_modules/@actions/core/lib/oidc-utils.js",".././node_modules/@actions/core/lib/path-utils.js",".././node_modules/@actions/core/lib/platform.js",".././node_modules/@actions/core/lib/summary.js",".././node_modules/@actions/core/lib/utils.js",".././node_modules/@actions/exec/lib/exec.js",".././node_modules/@actions/exec/lib/toolrunner.js",".././node_modules/@actions/http-client/lib/auth.js",".././node_modules/@actions/http-client/lib/index.js",".././node_modules/@actions/http-client/lib/proxy.js",".././node_modules/@actions/io/lib/io-util.js",".././node_modules/@actions/io/lib/io.js",".././node_modules/@xmldom/xmldom/lib/conventions.js",".././node_modules/@xmldom/xmldom/lib/dom-parser.js",".././node_modules/@xmldom/xmldom/lib/dom.js",".././node_modules/@xmldom/xmldom/lib/entities.js",".././node_modules/@xmldom/xmldom/lib/index.js",".././node_modules/@xmldom/xmldom/lib/sax.js",".././node_modules/tunnel/index.js",".././node_modules/tunnel/lib/tunnel.js",".././node_modules/undici/index.js",".././node_modules/undici/lib/agent.js",".././node_modules/undici/lib/api/abort-signal.js",".././node_modules/undici/lib/api/api-connect.js",".././node_modules/undici/lib/api/api-pipeline.js",".././node_modules/undici/lib/api/api-request.js",".././node_modules/undici/lib/api/api-stream.js",".././node_modules/undici/lib/api/api-upgrade.js",".././node_modules/undici/lib/api/index.js",".././node_modules/undici/lib/api/readable.js",".././node_modules/undici/lib/api/util.js",".././node_modules/undici/lib/balanced-pool.js",".././node_modules/undici/lib/cache/cache.js",".././node_modules/undici/lib/cache/cachestorage.js",".././node_modules/undici/lib/cache/symbols.js",".././node_modules/undici/lib/cache/util.js",".././node_modules/undici/lib/client.js",".././node_modules/undici/lib/compat/dispatcher-weakref.js",".././node_modules/undici/lib/cookies/constants.js",".././node_modules/undici/lib/cookies/index.js",".././node_modules/undici/lib/cookies/parse.js",".././node_modules/undici/lib/cookies/util.js",".././node_modules/undici/lib/core/connect.js",".././node_modules/undici/lib/core/constants.js",".././node_modules/undici/lib/core/errors.js",".././node_modules/undici/lib/core/request.js",".././node_modules/undici/lib/core/symbols.js",".././node_modules/undici/lib/core/util.js",".././node_modules/undici/lib/dispatcher-base.js",".././node_modules/undici/lib/dispatcher.js",".././node_modules/undici/lib/fetch/body.js",".././node_modules/undici/lib/fetch/constants.js",".././node_modules/undici/lib/fetch/dataURL.js",".././node_modules/undici/lib/fetch/file.js",".././node_modules/undici/lib/fetch/formdata.js",".././node_modules/undici/lib/fetch/global.js",".././node_modules/undici/lib/fetch/headers.js",".././node_modules/undici/lib/fetch/index.js",".././node_modules/undici/lib/fetch/request.js",".././node_modules/undici/lib/fetch/response.js",".././node_modules/undici/lib/fetch/symbols.js",".././node_modules/undici/lib/fetch/util.js",".././node_modules/undici/lib/fetch/webidl.js",".././node_modules/undici/lib/fileapi/encoding.js",".././node_modules/undici/lib/fileapi/filereader.js",".././node_modules/undici/lib/fileapi/progressevent.js",".././node_modules/undici/lib/fileapi/symbols.js",".././node_modules/undici/lib/fileapi/util.js",".././node_modules/undici/lib/global.js",".././node_modules/undici/lib/handler/DecoratorHandler.js",".././node_modules/undici/lib/handler/RedirectHandler.js",".././node_modules/undici/lib/handler/RetryHandler.js",".././node_modules/undici/lib/interceptor/redirectInterceptor.js",".././node_modules/undici/lib/llhttp/constants.js",".././node_modules/undici/lib/llhttp/llhttp-wasm.js",".././node_modules/undici/lib/llhttp/llhttp_simd-wasm.js",".././node_modules/undici/lib/llhttp/utils.js",".././node_modules/undici/lib/mock/mock-agent.js",".././node_modules/undici/lib/mock/mock-client.js",".././node_modules/undici/lib/mock/mock-errors.js",".././node_modules/undici/lib/mock/mock-interceptor.js",".././node_modules/undici/lib/mock/mock-pool.js",".././node_modules/undici/lib/mock/mock-symbols.js",".././node_modules/undici/lib/mock/mock-utils.js",".././node_modules/undici/lib/mock/pending-interceptors-formatter.js",".././node_modules/undici/lib/mock/pluralizer.js",".././node_modules/undici/lib/node/fixed-queue.js",".././node_modules/undici/lib/pool-base.js",".././node_modules/undici/lib/pool-stats.js",".././node_modules/undici/lib/pool.js",".././node_modules/undici/lib/proxy-agent.js",".././node_modules/undici/lib/timers.js",".././node_modules/undici/lib/websocket/connection.js",".././node_modules/undici/lib/websocket/constants.js",".././node_modules/undici/lib/websocket/events.js",".././node_modules/undici/lib/websocket/frame.js",".././node_modules/undici/lib/websocket/receiver.js",".././node_modules/undici/lib/websocket/symbols.js",".././node_modules/undici/lib/websocket/util.js",".././node_modules/undici/lib/websocket/websocket.js",".././node_modules/xpath/xpath.js","../external node-commonjs \"assert\"","../external node-commonjs \"async_hooks\"","../external node-commonjs \"buffer\"","../external node-commonjs \"child_process\"","../external node-commonjs \"console\"","../external node-commonjs \"crypto\"","../external node-commonjs \"diagnostics_channel\"","../external node-commonjs \"events\"","../external node-commonjs \"fs\"","../external node-commonjs \"http\"","../external node-commonjs \"http2\"","../external node-commonjs \"https\"","../external node-commonjs \"net\"","../external node-commonjs \"node:crypto\"","../external node-commonjs \"node:events\"","../external node-commonjs \"node:stream\"","../external node-commonjs \"node:util\"","../external node-commonjs \"os\"","../external node-commonjs \"path\"","../external node-commonjs \"perf_hooks\"","../external node-commonjs \"process\"","../external node-commonjs \"querystring\"","../external node-commonjs \"stream\"","../external node-commonjs \"stream/web\"","../external node-commonjs \"string_decoder\"","../external node-commonjs \"timers\"","../external node-commonjs \"tls\"","../external node-commonjs \"url\"","../external node-commonjs \"util\"","../external node-commonjs \"util/types\"","../external node-commonjs \"vm\"","../external node-commonjs \"worker_threads\"","../external node-commonjs \"zlib\"",".././node_modules/@fastify/busboy/deps/dicer/lib/Dicer.js",".././node_modules/@fastify/busboy/deps/dicer/lib/HeaderParser.js",".././node_modules/@fastify/busboy/deps/dicer/lib/PartStream.js",".././node_modules/@fastify/busboy/deps/streamsearch/sbmh.js",".././node_modules/@fastify/busboy/lib/main.js",".././node_modules/@fastify/busboy/lib/types/multipart.js",".././node_modules/@fastify/busboy/lib/types/urlencoded.js",".././node_modules/@fastify/busboy/lib/utils/Decoder.js",".././node_modules/@fastify/busboy/lib/utils/basename.js",".././node_modules/@fastify/busboy/lib/utils/decodeText.js",".././node_modules/@fastify/busboy/lib/utils/getLimit.js",".././node_modules/@fastify/busboy/lib/utils/parseParams.js",".././node_modules/jsonpath-plus/dist/index-node-cjs.cjs","../webpack/bootstrap","../webpack/runtime/compat","../webpack/before-startup","../webpack/startup","../webpack/after-startup"],"sourcesContent":["\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nObject.defineProperty(exports, \"__esModule\", { value: true });\nconst path_1 = require(\"path\");\nconst process_1 = require(\"process\");\nconst fs_1 = require(\"fs\");\nconst core = __importStar(require(\"@actions/core\"));\nconst xmldom_1 = require(\"@xmldom/xmldom\");\nconst xpath = __importStar(require(\"xpath\"));\nconst jsonpath_plus_1 = require(\"jsonpath-plus\");\nconst utils_1 = require(\"./utils\");\nlet sarifFilePath;\nlet outputFilePath;\nlet sarifResults;\nlet cweXml;\nlet cweFilePath = (0, path_1.resolve)((0, path_1.dirname)(process.argv[1]), '..//security-standards/owasp-top10-2021.xml');\nconst cweFileXmlNs = { cwe: 'http://cwe.mitre.org/cwe-6' };\nlet cweIdXpath = '/cwe:Weakness_Catalog/cwe:Weaknesses/cwe:Weakness/@ID';\nlet categoryXpath = '/cwe:Weakness_Catalog/cwe:Categories/cwe:Category[contains(@Name, \"OWASP Top Ten 2021\")]';\nconst categoryMembersXpath = 'cwe:Relationships/cwe:Has_Member/@CWE_ID';\nconst categoryNameAttr = '@Name';\nconst categoryNameReplaceSearch = 'OWASP Top Ten 2021 Category ';\nconst codeQlCweTagPrefix = 'external/cwe/cwe-';\nlet securityStandardTag = 'owasp-top10-2021';\nconst codeQlTagsJsonPath = '$.runs[*].tool.extensions[*].rules[*].properties.tags';\n// Simple CLI argument parser for non-GitHub Actions use\nfunction parseCliArgs() {\n    const args = {};\n    for (let i = 2; i < process.argv.length; i++) {\n        const arg = process.argv[i];\n        if (arg.startsWith('--')) {\n            const key = arg.substring(2);\n            const value = process.argv[i + 1];\n            if (value && !value.startsWith('--')) {\n                args[key] = value;\n                i++;\n            }\n        }\n    }\n    return args;\n}\n// Parse Actions or CLI inputs\nif (process_1.env.GITHUB_ACTIONS === 'true') {\n    sarifFilePath = (0, path_1.resolve)(core.getInput('sarifFile'));\n    cweFilePath = (0, path_1.resolve)(core.getInput('cweFile') || cweFilePath);\n    cweIdXpath = core.getInput('cweIdXpath') || cweIdXpath;\n    categoryXpath = core.getInput('cweCategoryXpath') || categoryXpath;\n    securityStandardTag = core.getInput('securityStandardTag') || securityStandardTag;\n    outputFilePath = (0, path_1.resolve)(core.getInput('outputFile') || sarifFilePath);\n}\nelse {\n    const argv = parseCliArgs();\n    if (!argv.sarifFile) {\n        (0, utils_1.log)('Error: --sarifFile is required', utils_1.LogLevel.Error);\n        process.exit(1);\n    }\n    sarifFilePath = (0, path_1.resolve)(argv.sarifFile);\n    cweFilePath = (0, path_1.resolve)(argv.cweFile || cweFilePath);\n    cweIdXpath = argv.cweIdXpath || cweIdXpath;\n    categoryXpath = argv.cweCategoryXpath || categoryXpath;\n    securityStandardTag = argv.securityStandardTag || securityStandardTag;\n    outputFilePath = (0, path_1.resolve)(argv.outputFile || sarifFilePath);\n}\n(0, utils_1.log)(`Using ${sarifFilePath} for SARIF file`);\n(0, utils_1.log)(`Using ${cweFilePath} for CWE file`);\n(0, utils_1.log)(`Using ${outputFilePath} for output file`);\n// Load SARIF file\ntry {\n    sarifResults = JSON.parse((0, fs_1.readFileSync)(sarifFilePath, 'utf8'));\n}\ncatch (err) {\n    (0, utils_1.log)(`Unable to load SARIF file`, utils_1.LogLevel.Error);\n    core.setFailed(err);\n    throw err;\n}\n// Load security standard CWE XML file\ntry {\n    cweXml = new xmldom_1.DOMParser().parseFromString((0, fs_1.readFileSync)(cweFilePath, 'utf8'));\n}\ncatch (err) {\n    (0, utils_1.log)(`Unable to load CWE file`, utils_1.LogLevel.Error);\n    core.setFailed(err);\n    throw err;\n}\nconst select = xpath.useNamespaces(cweFileXmlNs);\nconst cweIds = select(cweIdXpath, cweXml).map(attribute => attribute.value);\nconst cweCategoryNodes = select(categoryXpath, cweXml);\nconst cweCategories = {};\nfor (const cweCategoryNode of cweCategoryNodes) {\n    const memberCweIds = select(categoryMembersXpath, cweCategoryNode).map(attr => attr.value);\n    const categoryName = select(categoryNameAttr, cweCategoryNode, true).value.replace(categoryNameReplaceSearch, '');\n    for (const cweId of memberCweIds) {\n        cweCategories[cweId] = [...(cweCategories[cweId] || []), categoryName];\n    }\n}\n// Add tag to SARIF file\n(0, jsonpath_plus_1.JSONPath)({\n    path: codeQlTagsJsonPath,\n    json: sarifResults,\n    callback: (tags) => {\n        for (const tag of tags) {\n            if (tag.startsWith(codeQlCweTagPrefix)) {\n                const cweId = tag.replace(codeQlCweTagPrefix, '');\n                // Normalize CWE ID by converting to integer to remove leading zeros\n                const normalizedCweId = (0, utils_1.normalizeCweId)(cweId);\n                // Skip if the CWE ID is not a valid number\n                if (normalizedCweId === null) {\n                    continue;\n                }\n                if (cweIds.includes(normalizedCweId)) {\n                    tags.push(securityStandardTag);\n                    tags.push(...cweCategories[normalizedCweId]);\n                    return;\n                }\n            }\n        }\n    }\n});\n// Output SARIF file with tag added\ntry {\n    (0, fs_1.writeFileSync)(outputFilePath, JSON.stringify(sarifResults));\n}\ncatch (err) {\n    (0, utils_1.log)(`Unable to write SARIF file`, utils_1.LogLevel.Error);\n    core.setFailed(err);\n    throw err;\n}\n//# sourceMappingURL=main.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.LogLevel = void 0;\nexports.log = log;\nexports.normalizeCweId = normalizeCweId;\n/* eslint-disable no-console */\nconst process_1 = require(\"process\");\nconst core = __importStar(require(\"@actions/core\"));\nvar LogLevel;\n(function (LogLevel) {\n    LogLevel[\"Info\"] = \"Info\";\n    LogLevel[\"Warn\"] = \"Warn\";\n    LogLevel[\"Error\"] = \"Error\";\n})(LogLevel || (exports.LogLevel = LogLevel = {}));\nfunction log(message, level = LogLevel.Info) {\n    if (process_1.env.GITHUB_ACTIONS === 'true') {\n        switch (level) {\n            case LogLevel.Info: {\n                core.info(message);\n                break;\n            }\n            case LogLevel.Warn: {\n                core.warning(message);\n                break;\n            }\n            case LogLevel.Error: {\n                core.error(message);\n                break;\n            }\n        }\n    }\n    else {\n        switch (level) {\n            case LogLevel.Info: {\n                console.info(message);\n                break;\n            }\n            case LogLevel.Warn: {\n                console.warn(message);\n                break;\n            }\n            case LogLevel.Error: {\n                console.error(message);\n                break;\n            }\n        }\n    }\n}\n/**\n * Normalize a CWE ID by removing leading zeros\n * @param cweId - The CWE ID string (e.g., \"099\", \"020\", \"89\")\n * @returns The normalized CWE ID string (e.g., \"99\", \"20\", \"89\") or null if invalid\n */\nfunction normalizeCweId(cweId) {\n    const parsedCweId = parseInt(cweId, 10);\n    if (Number.isNaN(parsedCweId) || parsedCweId < 0) {\n        return null;\n    }\n    return String(parsedCweId);\n}\n//# sourceMappingURL=utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.issueCommand = issueCommand;\nexports.issue = issue;\nconst os = __importStar(require(\"os\"));\nconst utils_1 = require(\"./utils\");\n/**\n * Issues a command to the GitHub Actions runner\n *\n * @param command - The command name to issue\n * @param properties - Additional properties for the command (key-value pairs)\n * @param message - The message to include with the command\n * @remarks\n * This function outputs a specially formatted string to stdout that the Actions\n * runner interprets as a command. These commands can control workflow behavior,\n * set outputs, create annotations, mask values, and more.\n *\n * Command Format:\n *   ::name key=value,key=value::message\n *\n * @example\n * ```typescript\n * // Issue a warning annotation\n * issueCommand('warning', {}, 'This is a warning message');\n * // Output: ::warning::This is a warning message\n *\n * // Set an environment variable\n * issueCommand('set-env', { name: 'MY_VAR' }, 'some value');\n * // Output: ::set-env name=MY_VAR::some value\n *\n * // Add a secret mask\n * issueCommand('add-mask', {}, 'secretValue123');\n * // Output: ::add-mask::secretValue123\n * ```\n *\n * @internal\n * This is an internal utility function that powers the public API functions\n * such as setSecret, warning, error, and exportVariable.\n */\nfunction issueCommand(command, properties, message) {\n    const cmd = new Command(command, properties, message);\n    process.stdout.write(cmd.toString() + os.EOL);\n}\nfunction issue(name, message = '') {\n    issueCommand(name, {}, message);\n}\nconst CMD_STRING = '::';\nclass Command {\n    constructor(command, properties, message) {\n        if (!command) {\n            command = 'missing.command';\n        }\n        this.command = command;\n        this.properties = properties;\n        this.message = message;\n    }\n    toString() {\n        let cmdStr = CMD_STRING + this.command;\n        if (this.properties && Object.keys(this.properties).length > 0) {\n            cmdStr += ' ';\n            let first = true;\n            for (const key in this.properties) {\n                if (this.properties.hasOwnProperty(key)) {\n                    const val = this.properties[key];\n                    if (val) {\n                        if (first) {\n                            first = false;\n                        }\n                        else {\n                            cmdStr += ',';\n                        }\n                        cmdStr += `${key}=${escapeProperty(val)}`;\n                    }\n                }\n            }\n        }\n        cmdStr += `${CMD_STRING}${escapeData(this.message)}`;\n        return cmdStr;\n    }\n}\nfunction escapeData(s) {\n    return (0, utils_1.toCommandValue)(s)\n        .replace(/%/g, '%25')\n        .replace(/\\r/g, '%0D')\n        .replace(/\\n/g, '%0A');\n}\nfunction escapeProperty(s) {\n    return (0, utils_1.toCommandValue)(s)\n        .replace(/%/g, '%25')\n        .replace(/\\r/g, '%0D')\n        .replace(/\\n/g, '%0A')\n        .replace(/:/g, '%3A')\n        .replace(/,/g, '%2C');\n}\n//# sourceMappingURL=command.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.platform = exports.toPlatformPath = exports.toWin32Path = exports.toPosixPath = exports.markdownSummary = exports.summary = exports.ExitCode = void 0;\nexports.exportVariable = exportVariable;\nexports.setSecret = setSecret;\nexports.addPath = addPath;\nexports.getInput = getInput;\nexports.getMultilineInput = getMultilineInput;\nexports.getBooleanInput = getBooleanInput;\nexports.setOutput = setOutput;\nexports.setCommandEcho = setCommandEcho;\nexports.setFailed = setFailed;\nexports.isDebug = isDebug;\nexports.debug = debug;\nexports.error = error;\nexports.warning = warning;\nexports.notice = notice;\nexports.info = info;\nexports.startGroup = startGroup;\nexports.endGroup = endGroup;\nexports.group = group;\nexports.saveState = saveState;\nexports.getState = getState;\nexports.getIDToken = getIDToken;\nconst command_1 = require(\"./command\");\nconst file_command_1 = require(\"./file-command\");\nconst utils_1 = require(\"./utils\");\nconst os = __importStar(require(\"os\"));\nconst path = __importStar(require(\"path\"));\nconst oidc_utils_1 = require(\"./oidc-utils\");\n/**\n * The code to exit an action\n */\nvar ExitCode;\n(function (ExitCode) {\n    /**\n     * A code indicating that the action was successful\n     */\n    ExitCode[ExitCode[\"Success\"] = 0] = \"Success\";\n    /**\n     * A code indicating that the action was a failure\n     */\n    ExitCode[ExitCode[\"Failure\"] = 1] = \"Failure\";\n})(ExitCode || (exports.ExitCode = ExitCode = {}));\n//-----------------------------------------------------------------------\n// Variables\n//-----------------------------------------------------------------------\n/**\n * Sets env variable for this action and future actions in the job\n * @param name the name of the variable to set\n * @param val the value of the variable. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction exportVariable(name, val) {\n    const convertedVal = (0, utils_1.toCommandValue)(val);\n    process.env[name] = convertedVal;\n    const filePath = process.env['GITHUB_ENV'] || '';\n    if (filePath) {\n        return (0, file_command_1.issueFileCommand)('ENV', (0, file_command_1.prepareKeyValueMessage)(name, val));\n    }\n    (0, command_1.issueCommand)('set-env', { name }, convertedVal);\n}\n/**\n * Registers a secret which will get masked from logs\n *\n * @param secret - Value of the secret to be masked\n * @remarks\n * This function instructs the Actions runner to mask the specified value in any\n * logs produced during the workflow run. Once registered, the secret value will\n * be replaced with asterisks (***) whenever it appears in console output, logs,\n * or error messages.\n *\n * This is useful for protecting sensitive information such as:\n * - API keys\n * - Access tokens\n * - Authentication credentials\n * - URL parameters containing signatures (SAS tokens)\n *\n * Note that masking only affects future logs; any previous appearances of the\n * secret in logs before calling this function will remain unmasked.\n *\n * @example\n * ```typescript\n * // Register an API token as a secret\n * const apiToken = \"abc123xyz456\";\n * setSecret(apiToken);\n *\n * // Now any logs containing this value will show *** instead\n * console.log(`Using token: ${apiToken}`); // Outputs: \"Using token: ***\"\n * ```\n */\nfunction setSecret(secret) {\n    (0, command_1.issueCommand)('add-mask', {}, secret);\n}\n/**\n * Prepends inputPath to the PATH (for this action and future actions)\n * @param inputPath\n */\nfunction addPath(inputPath) {\n    const filePath = process.env['GITHUB_PATH'] || '';\n    if (filePath) {\n        (0, file_command_1.issueFileCommand)('PATH', inputPath);\n    }\n    else {\n        (0, command_1.issueCommand)('add-path', {}, inputPath);\n    }\n    process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;\n}\n/**\n * Gets the value of an input.\n * Unless trimWhitespace is set to false in InputOptions, the value is also trimmed.\n * Returns an empty string if the value is not defined.\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   string\n */\nfunction getInput(name, options) {\n    const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';\n    if (options && options.required && !val) {\n        throw new Error(`Input required and not supplied: ${name}`);\n    }\n    if (options && options.trimWhitespace === false) {\n        return val;\n    }\n    return val.trim();\n}\n/**\n * Gets the values of an multiline input.  Each value is also trimmed.\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   string[]\n *\n */\nfunction getMultilineInput(name, options) {\n    const inputs = getInput(name, options)\n        .split('\\n')\n        .filter(x => x !== '');\n    if (options && options.trimWhitespace === false) {\n        return inputs;\n    }\n    return inputs.map(input => input.trim());\n}\n/**\n * Gets the input value of the boolean type in the YAML 1.2 \"core schema\" specification.\n * Support boolean input list: `true | True | TRUE | false | False | FALSE` .\n * The return value is also in boolean type.\n * ref: https://yaml.org/spec/1.2/spec.html#id2804923\n *\n * @param     name     name of the input to get\n * @param     options  optional. See InputOptions.\n * @returns   boolean\n */\nfunction getBooleanInput(name, options) {\n    const trueValue = ['true', 'True', 'TRUE'];\n    const falseValue = ['false', 'False', 'FALSE'];\n    const val = getInput(name, options);\n    if (trueValue.includes(val))\n        return true;\n    if (falseValue.includes(val))\n        return false;\n    throw new TypeError(`Input does not meet YAML 1.2 \"Core Schema\" specification: ${name}\\n` +\n        `Support boolean input list: \\`true | True | TRUE | false | False | FALSE\\``);\n}\n/**\n * Sets the value of an output.\n *\n * @param     name     name of the output to set\n * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction setOutput(name, value) {\n    const filePath = process.env['GITHUB_OUTPUT'] || '';\n    if (filePath) {\n        return (0, file_command_1.issueFileCommand)('OUTPUT', (0, file_command_1.prepareKeyValueMessage)(name, value));\n    }\n    process.stdout.write(os.EOL);\n    (0, command_1.issueCommand)('set-output', { name }, (0, utils_1.toCommandValue)(value));\n}\n/**\n * Enables or disables the echoing of commands into stdout for the rest of the step.\n * Echoing is disabled by default if ACTIONS_STEP_DEBUG is not set.\n *\n */\nfunction setCommandEcho(enabled) {\n    (0, command_1.issue)('echo', enabled ? 'on' : 'off');\n}\n//-----------------------------------------------------------------------\n// Results\n//-----------------------------------------------------------------------\n/**\n * Sets the action status to failed.\n * When the action exits it will be with an exit code of 1\n * @param message add error issue message\n */\nfunction setFailed(message) {\n    process.exitCode = ExitCode.Failure;\n    error(message);\n}\n//-----------------------------------------------------------------------\n// Logging Commands\n//-----------------------------------------------------------------------\n/**\n * Gets whether Actions Step Debug is on or not\n */\nfunction isDebug() {\n    return process.env['RUNNER_DEBUG'] === '1';\n}\n/**\n * Writes debug message to user log\n * @param message debug message\n */\nfunction debug(message) {\n    (0, command_1.issueCommand)('debug', {}, message);\n}\n/**\n * Adds an error issue\n * @param message error issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction error(message, properties = {}) {\n    (0, command_1.issueCommand)('error', (0, utils_1.toCommandProperties)(properties), message instanceof Error ? message.toString() : message);\n}\n/**\n * Adds a warning issue\n * @param message warning issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction warning(message, properties = {}) {\n    (0, command_1.issueCommand)('warning', (0, utils_1.toCommandProperties)(properties), message instanceof Error ? message.toString() : message);\n}\n/**\n * Adds a notice issue\n * @param message notice issue message. Errors will be converted to string via toString()\n * @param properties optional properties to add to the annotation.\n */\nfunction notice(message, properties = {}) {\n    (0, command_1.issueCommand)('notice', (0, utils_1.toCommandProperties)(properties), message instanceof Error ? message.toString() : message);\n}\n/**\n * Writes info to log with console.log.\n * @param message info message\n */\nfunction info(message) {\n    process.stdout.write(message + os.EOL);\n}\n/**\n * Begin an output group.\n *\n * Output until the next `groupEnd` will be foldable in this group\n *\n * @param name The name of the output group\n */\nfunction startGroup(name) {\n    (0, command_1.issue)('group', name);\n}\n/**\n * End an output group.\n */\nfunction endGroup() {\n    (0, command_1.issue)('endgroup');\n}\n/**\n * Wrap an asynchronous function call in a group.\n *\n * Returns the same type as the function itself.\n *\n * @param name The name of the group\n * @param fn The function to wrap in the group\n */\nfunction group(name, fn) {\n    return __awaiter(this, void 0, void 0, function* () {\n        startGroup(name);\n        let result;\n        try {\n            result = yield fn();\n        }\n        finally {\n            endGroup();\n        }\n        return result;\n    });\n}\n//-----------------------------------------------------------------------\n// Wrapper action state\n//-----------------------------------------------------------------------\n/**\n * Saves state for current action, the state can only be retrieved by this action's post job execution.\n *\n * @param     name     name of the state to store\n * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nfunction saveState(name, value) {\n    const filePath = process.env['GITHUB_STATE'] || '';\n    if (filePath) {\n        return (0, file_command_1.issueFileCommand)('STATE', (0, file_command_1.prepareKeyValueMessage)(name, value));\n    }\n    (0, command_1.issueCommand)('save-state', { name }, (0, utils_1.toCommandValue)(value));\n}\n/**\n * Gets the value of an state set by this action's main execution.\n *\n * @param     name     name of the state to get\n * @returns   string\n */\nfunction getState(name) {\n    return process.env[`STATE_${name}`] || '';\n}\nfunction getIDToken(aud) {\n    return __awaiter(this, void 0, void 0, function* () {\n        return yield oidc_utils_1.OidcClient.getIDToken(aud);\n    });\n}\n/**\n * Summary exports\n */\nvar summary_1 = require(\"./summary\");\nObject.defineProperty(exports, \"summary\", { enumerable: true, get: function () { return summary_1.summary; } });\n/**\n * @deprecated use core.summary\n */\nvar summary_2 = require(\"./summary\");\nObject.defineProperty(exports, \"markdownSummary\", { enumerable: true, get: function () { return summary_2.markdownSummary; } });\n/**\n * Path exports\n */\nvar path_utils_1 = require(\"./path-utils\");\nObject.defineProperty(exports, \"toPosixPath\", { enumerable: true, get: function () { return path_utils_1.toPosixPath; } });\nObject.defineProperty(exports, \"toWin32Path\", { enumerable: true, get: function () { return path_utils_1.toWin32Path; } });\nObject.defineProperty(exports, \"toPlatformPath\", { enumerable: true, get: function () { return path_utils_1.toPlatformPath; } });\n/**\n * Platform utilities exports\n */\nexports.platform = __importStar(require(\"./platform\"));\n//# sourceMappingURL=core.js.map","\"use strict\";\n// For internal use, subject to change.\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.issueFileCommand = issueFileCommand;\nexports.prepareKeyValueMessage = prepareKeyValueMessage;\n// We use any as a valid input type\n/* eslint-disable @typescript-eslint/no-explicit-any */\nconst crypto = __importStar(require(\"crypto\"));\nconst fs = __importStar(require(\"fs\"));\nconst os = __importStar(require(\"os\"));\nconst utils_1 = require(\"./utils\");\nfunction issueFileCommand(command, message) {\n    const filePath = process.env[`GITHUB_${command}`];\n    if (!filePath) {\n        throw new Error(`Unable to find environment variable for file command ${command}`);\n    }\n    if (!fs.existsSync(filePath)) {\n        throw new Error(`Missing file at path: ${filePath}`);\n    }\n    fs.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os.EOL}`, {\n        encoding: 'utf8'\n    });\n}\nfunction prepareKeyValueMessage(key, value) {\n    const delimiter = `ghadelimiter_${crypto.randomUUID()}`;\n    const convertedValue = (0, utils_1.toCommandValue)(value);\n    // These should realistically never happen, but just in case someone finds a\n    // way to exploit uuid generation let's not allow keys or values that contain\n    // the delimiter.\n    if (key.includes(delimiter)) {\n        throw new Error(`Unexpected input: name should not contain the delimiter \"${delimiter}\"`);\n    }\n    if (convertedValue.includes(delimiter)) {\n        throw new Error(`Unexpected input: value should not contain the delimiter \"${delimiter}\"`);\n    }\n    return `${key}<<${delimiter}${os.EOL}${convertedValue}${os.EOL}${delimiter}`;\n}\n//# sourceMappingURL=file-command.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.OidcClient = void 0;\nconst http_client_1 = require(\"@actions/http-client\");\nconst auth_1 = require(\"@actions/http-client/lib/auth\");\nconst core_1 = require(\"./core\");\nclass OidcClient {\n    static createHttpClient(allowRetry = true, maxRetry = 10) {\n        const requestOptions = {\n            allowRetries: allowRetry,\n            maxRetries: maxRetry\n        };\n        return new http_client_1.HttpClient('actions/oidc-client', [new auth_1.BearerCredentialHandler(OidcClient.getRequestToken())], requestOptions);\n    }\n    static getRequestToken() {\n        const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];\n        if (!token) {\n            throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_TOKEN env variable');\n        }\n        return token;\n    }\n    static getIDTokenUrl() {\n        const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];\n        if (!runtimeUrl) {\n            throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable');\n        }\n        return runtimeUrl;\n    }\n    static getCall(id_token_url) {\n        return __awaiter(this, void 0, void 0, function* () {\n            var _a;\n            const httpclient = OidcClient.createHttpClient();\n            const res = yield httpclient\n                .getJson(id_token_url)\n                .catch(error => {\n                throw new Error(`Failed to get ID Token. \\n \n        Error Code : ${error.statusCode}\\n \n        Error Message: ${error.message}`);\n            });\n            const id_token = (_a = res.result) === null || _a === void 0 ? void 0 : _a.value;\n            if (!id_token) {\n                throw new Error('Response json body do not have ID Token field');\n            }\n            return id_token;\n        });\n    }\n    static getIDToken(audience) {\n        return __awaiter(this, void 0, void 0, function* () {\n            try {\n                // New ID Token is requested from action service\n                let id_token_url = OidcClient.getIDTokenUrl();\n                if (audience) {\n                    const encodedAudience = encodeURIComponent(audience);\n                    id_token_url = `${id_token_url}&audience=${encodedAudience}`;\n                }\n                (0, core_1.debug)(`ID token url is ${id_token_url}`);\n                const id_token = yield OidcClient.getCall(id_token_url);\n                (0, core_1.setSecret)(id_token);\n                return id_token;\n            }\n            catch (error) {\n                throw new Error(`Error message: ${error.message}`);\n            }\n        });\n    }\n}\nexports.OidcClient = OidcClient;\n//# sourceMappingURL=oidc-utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.toPosixPath = toPosixPath;\nexports.toWin32Path = toWin32Path;\nexports.toPlatformPath = toPlatformPath;\nconst path = __importStar(require(\"path\"));\n/**\n * toPosixPath converts the given path to the posix form. On Windows, \\\\ will be\n * replaced with /.\n *\n * @param pth. Path to transform.\n * @return string Posix path.\n */\nfunction toPosixPath(pth) {\n    return pth.replace(/[\\\\]/g, '/');\n}\n/**\n * toWin32Path converts the given path to the win32 form. On Linux, / will be\n * replaced with \\\\.\n *\n * @param pth. Path to transform.\n * @return string Win32 path.\n */\nfunction toWin32Path(pth) {\n    return pth.replace(/[/]/g, '\\\\');\n}\n/**\n * toPlatformPath converts the given path to a platform-specific path. It does\n * this by replacing instances of / and \\ with the platform-specific path\n * separator.\n *\n * @param pth The path to platformize.\n * @return string The platform-specific path.\n */\nfunction toPlatformPath(pth) {\n    return pth.replace(/[/\\\\]/g, path.sep);\n}\n//# sourceMappingURL=path-utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nvar __importDefault = (this && this.__importDefault) || function (mod) {\n    return (mod && mod.__esModule) ? mod : { \"default\": mod };\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.isLinux = exports.isMacOS = exports.isWindows = exports.arch = exports.platform = void 0;\nexports.getDetails = getDetails;\nconst os_1 = __importDefault(require(\"os\"));\nconst exec = __importStar(require(\"@actions/exec\"));\nconst getWindowsInfo = () => __awaiter(void 0, void 0, void 0, function* () {\n    const { stdout: version } = yield exec.getExecOutput('powershell -command \"(Get-CimInstance -ClassName Win32_OperatingSystem).Version\"', undefined, {\n        silent: true\n    });\n    const { stdout: name } = yield exec.getExecOutput('powershell -command \"(Get-CimInstance -ClassName Win32_OperatingSystem).Caption\"', undefined, {\n        silent: true\n    });\n    return {\n        name: name.trim(),\n        version: version.trim()\n    };\n});\nconst getMacOsInfo = () => __awaiter(void 0, void 0, void 0, function* () {\n    var _a, _b, _c, _d;\n    const { stdout } = yield exec.getExecOutput('sw_vers', undefined, {\n        silent: true\n    });\n    const version = (_b = (_a = stdout.match(/ProductVersion:\\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : '';\n    const name = (_d = (_c = stdout.match(/ProductName:\\s*(.+)/)) === null || _c === void 0 ? void 0 : _c[1]) !== null && _d !== void 0 ? _d : '';\n    return {\n        name,\n        version\n    };\n});\nconst getLinuxInfo = () => __awaiter(void 0, void 0, void 0, function* () {\n    const { stdout } = yield exec.getExecOutput('lsb_release', ['-i', '-r', '-s'], {\n        silent: true\n    });\n    const [name, version] = stdout.trim().split('\\n');\n    return {\n        name,\n        version\n    };\n});\nexports.platform = os_1.default.platform();\nexports.arch = os_1.default.arch();\nexports.isWindows = exports.platform === 'win32';\nexports.isMacOS = exports.platform === 'darwin';\nexports.isLinux = exports.platform === 'linux';\nfunction getDetails() {\n    return __awaiter(this, void 0, void 0, function* () {\n        return Object.assign(Object.assign({}, (yield (exports.isWindows\n            ? getWindowsInfo()\n            : exports.isMacOS\n                ? getMacOsInfo()\n                : getLinuxInfo()))), { platform: exports.platform,\n            arch: exports.arch,\n            isWindows: exports.isWindows,\n            isMacOS: exports.isMacOS,\n            isLinux: exports.isLinux });\n    });\n}\n//# sourceMappingURL=platform.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.summary = exports.markdownSummary = exports.SUMMARY_DOCS_URL = exports.SUMMARY_ENV_VAR = void 0;\nconst os_1 = require(\"os\");\nconst fs_1 = require(\"fs\");\nconst { access, appendFile, writeFile } = fs_1.promises;\nexports.SUMMARY_ENV_VAR = 'GITHUB_STEP_SUMMARY';\nexports.SUMMARY_DOCS_URL = 'https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary';\nclass Summary {\n    constructor() {\n        this._buffer = '';\n    }\n    /**\n     * Finds the summary file path from the environment, rejects if env var is not found or file does not exist\n     * Also checks r/w permissions.\n     *\n     * @returns step summary file path\n     */\n    filePath() {\n        return __awaiter(this, void 0, void 0, function* () {\n            if (this._filePath) {\n                return this._filePath;\n            }\n            const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];\n            if (!pathFromEnv) {\n                throw new Error(`Unable to find environment variable for $${exports.SUMMARY_ENV_VAR}. Check if your runtime environment supports job summaries.`);\n            }\n            try {\n                yield access(pathFromEnv, fs_1.constants.R_OK | fs_1.constants.W_OK);\n            }\n            catch (_a) {\n                throw new Error(`Unable to access summary file: '${pathFromEnv}'. Check if the file has correct read/write permissions.`);\n            }\n            this._filePath = pathFromEnv;\n            return this._filePath;\n        });\n    }\n    /**\n     * Wraps content in an HTML tag, adding any HTML attributes\n     *\n     * @param {string} tag HTML tag to wrap\n     * @param {string | null} content content within the tag\n     * @param {[attribute: string]: string} attrs key-value list of HTML attributes to add\n     *\n     * @returns {string} content wrapped in HTML element\n     */\n    wrap(tag, content, attrs = {}) {\n        const htmlAttrs = Object.entries(attrs)\n            .map(([key, value]) => ` ${key}=\"${value}\"`)\n            .join('');\n        if (!content) {\n            return `<${tag}${htmlAttrs}>`;\n        }\n        return `<${tag}${htmlAttrs}>${content}</${tag}>`;\n    }\n    /**\n     * Writes text in the buffer to the summary buffer file and empties buffer. Will append by default.\n     *\n     * @param {SummaryWriteOptions} [options] (optional) options for write operation\n     *\n     * @returns {Promise<Summary>} summary instance\n     */\n    write(options) {\n        return __awaiter(this, void 0, void 0, function* () {\n            const overwrite = !!(options === null || options === void 0 ? void 0 : options.overwrite);\n            const filePath = yield this.filePath();\n            const writeFunc = overwrite ? writeFile : appendFile;\n            yield writeFunc(filePath, this._buffer, { encoding: 'utf8' });\n            return this.emptyBuffer();\n        });\n    }\n    /**\n     * Clears the summary buffer and wipes the summary file\n     *\n     * @returns {Summary} summary instance\n     */\n    clear() {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.emptyBuffer().write({ overwrite: true });\n        });\n    }\n    /**\n     * Returns the current summary buffer as a string\n     *\n     * @returns {string} string of summary buffer\n     */\n    stringify() {\n        return this._buffer;\n    }\n    /**\n     * If the summary buffer is empty\n     *\n     * @returns {boolen} true if the buffer is empty\n     */\n    isEmptyBuffer() {\n        return this._buffer.length === 0;\n    }\n    /**\n     * Resets the summary buffer without writing to summary file\n     *\n     * @returns {Summary} summary instance\n     */\n    emptyBuffer() {\n        this._buffer = '';\n        return this;\n    }\n    /**\n     * Adds raw text to the summary buffer\n     *\n     * @param {string} text content to add\n     * @param {boolean} [addEOL=false] (optional) append an EOL to the raw text (default: false)\n     *\n     * @returns {Summary} summary instance\n     */\n    addRaw(text, addEOL = false) {\n        this._buffer += text;\n        return addEOL ? this.addEOL() : this;\n    }\n    /**\n     * Adds the operating system-specific end-of-line marker to the buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addEOL() {\n        return this.addRaw(os_1.EOL);\n    }\n    /**\n     * Adds an HTML codeblock to the summary buffer\n     *\n     * @param {string} code content to render within fenced code block\n     * @param {string} lang (optional) language to syntax highlight code\n     *\n     * @returns {Summary} summary instance\n     */\n    addCodeBlock(code, lang) {\n        const attrs = Object.assign({}, (lang && { lang }));\n        const element = this.wrap('pre', this.wrap('code', code), attrs);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML list to the summary buffer\n     *\n     * @param {string[]} items list of items to render\n     * @param {boolean} [ordered=false] (optional) if the rendered list should be ordered or not (default: false)\n     *\n     * @returns {Summary} summary instance\n     */\n    addList(items, ordered = false) {\n        const tag = ordered ? 'ol' : 'ul';\n        const listItems = items.map(item => this.wrap('li', item)).join('');\n        const element = this.wrap(tag, listItems);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML table to the summary buffer\n     *\n     * @param {SummaryTableCell[]} rows table rows\n     *\n     * @returns {Summary} summary instance\n     */\n    addTable(rows) {\n        const tableBody = rows\n            .map(row => {\n            const cells = row\n                .map(cell => {\n                if (typeof cell === 'string') {\n                    return this.wrap('td', cell);\n                }\n                const { header, data, colspan, rowspan } = cell;\n                const tag = header ? 'th' : 'td';\n                const attrs = Object.assign(Object.assign({}, (colspan && { colspan })), (rowspan && { rowspan }));\n                return this.wrap(tag, data, attrs);\n            })\n                .join('');\n            return this.wrap('tr', cells);\n        })\n            .join('');\n        const element = this.wrap('table', tableBody);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds a collapsable HTML details element to the summary buffer\n     *\n     * @param {string} label text for the closed state\n     * @param {string} content collapsable content\n     *\n     * @returns {Summary} summary instance\n     */\n    addDetails(label, content) {\n        const element = this.wrap('details', this.wrap('summary', label) + content);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML image tag to the summary buffer\n     *\n     * @param {string} src path to the image you to embed\n     * @param {string} alt text description of the image\n     * @param {SummaryImageOptions} options (optional) addition image attributes\n     *\n     * @returns {Summary} summary instance\n     */\n    addImage(src, alt, options) {\n        const { width, height } = options || {};\n        const attrs = Object.assign(Object.assign({}, (width && { width })), (height && { height }));\n        const element = this.wrap('img', null, Object.assign({ src, alt }, attrs));\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML section heading element\n     *\n     * @param {string} text heading text\n     * @param {number | string} [level=1] (optional) the heading level, default: 1\n     *\n     * @returns {Summary} summary instance\n     */\n    addHeading(text, level) {\n        const tag = `h${level}`;\n        const allowedTag = ['h1', 'h2', 'h3', 'h4', 'h5', 'h6'].includes(tag)\n            ? tag\n            : 'h1';\n        const element = this.wrap(allowedTag, text);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML thematic break (<hr>) to the summary buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addSeparator() {\n        const element = this.wrap('hr', null);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML line break (<br>) to the summary buffer\n     *\n     * @returns {Summary} summary instance\n     */\n    addBreak() {\n        const element = this.wrap('br', null);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML blockquote to the summary buffer\n     *\n     * @param {string} text quote text\n     * @param {string} cite (optional) citation url\n     *\n     * @returns {Summary} summary instance\n     */\n    addQuote(text, cite) {\n        const attrs = Object.assign({}, (cite && { cite }));\n        const element = this.wrap('blockquote', text, attrs);\n        return this.addRaw(element).addEOL();\n    }\n    /**\n     * Adds an HTML anchor tag to the summary buffer\n     *\n     * @param {string} text link text/content\n     * @param {string} href hyperlink\n     *\n     * @returns {Summary} summary instance\n     */\n    addLink(text, href) {\n        const element = this.wrap('a', text, { href });\n        return this.addRaw(element).addEOL();\n    }\n}\nconst _summary = new Summary();\n/**\n * @deprecated use `core.summary`\n */\nexports.markdownSummary = _summary;\nexports.summary = _summary;\n//# sourceMappingURL=summary.js.map","\"use strict\";\n// We use any as a valid input type\n/* eslint-disable @typescript-eslint/no-explicit-any */\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.toCommandValue = toCommandValue;\nexports.toCommandProperties = toCommandProperties;\n/**\n * Sanitizes an input into a string so it can be passed into issueCommand safely\n * @param input input to sanitize into a string\n */\nfunction toCommandValue(input) {\n    if (input === null || input === undefined) {\n        return '';\n    }\n    else if (typeof input === 'string' || input instanceof String) {\n        return input;\n    }\n    return JSON.stringify(input);\n}\n/**\n *\n * @param annotationProperties\n * @returns The command properties to send with the actual annotation command\n * See IssueCommandProperties: https://github.com/actions/runner/blob/main/src/Runner.Worker/ActionCommandManager.cs#L646\n */\nfunction toCommandProperties(annotationProperties) {\n    if (!Object.keys(annotationProperties).length) {\n        return {};\n    }\n    return {\n        title: annotationProperties.title,\n        file: annotationProperties.file,\n        line: annotationProperties.startLine,\n        endLine: annotationProperties.endLine,\n        col: annotationProperties.startColumn,\n        endColumn: annotationProperties.endColumn\n    };\n}\n//# sourceMappingURL=utils.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.exec = exec;\nexports.getExecOutput = getExecOutput;\nconst string_decoder_1 = require(\"string_decoder\");\nconst tr = __importStar(require(\"./toolrunner\"));\n/**\n * Exec a command.\n * Output will be streamed to the live console.\n * Returns promise with return code\n *\n * @param     commandLine        command to execute (can include additional args). Must be correctly escaped.\n * @param     args               optional arguments for tool. Escaping is handled by the lib.\n * @param     options            optional exec options.  See ExecOptions\n * @returns   Promise<number>    exit code\n */\nfunction exec(commandLine, args, options) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const commandArgs = tr.argStringToArray(commandLine);\n        if (commandArgs.length === 0) {\n            throw new Error(`Parameter 'commandLine' cannot be null or empty.`);\n        }\n        // Path to tool to execute should be first arg\n        const toolPath = commandArgs[0];\n        args = commandArgs.slice(1).concat(args || []);\n        const runner = new tr.ToolRunner(toolPath, args, options);\n        return runner.exec();\n    });\n}\n/**\n * Exec a command and get the output.\n * Output will be streamed to the live console.\n * Returns promise with the exit code and collected stdout and stderr\n *\n * @param     commandLine           command to execute (can include additional args). Must be correctly escaped.\n * @param     args                  optional arguments for tool. Escaping is handled by the lib.\n * @param     options               optional exec options.  See ExecOptions\n * @returns   Promise<ExecOutput>   exit code, stdout, and stderr\n */\nfunction getExecOutput(commandLine, args, options) {\n    return __awaiter(this, void 0, void 0, function* () {\n        var _a, _b;\n        let stdout = '';\n        let stderr = '';\n        //Using string decoder covers the case where a mult-byte character is split\n        const stdoutDecoder = new string_decoder_1.StringDecoder('utf8');\n        const stderrDecoder = new string_decoder_1.StringDecoder('utf8');\n        const originalStdoutListener = (_a = options === null || options === void 0 ? void 0 : options.listeners) === null || _a === void 0 ? void 0 : _a.stdout;\n        const originalStdErrListener = (_b = options === null || options === void 0 ? void 0 : options.listeners) === null || _b === void 0 ? void 0 : _b.stderr;\n        const stdErrListener = (data) => {\n            stderr += stderrDecoder.write(data);\n            if (originalStdErrListener) {\n                originalStdErrListener(data);\n            }\n        };\n        const stdOutListener = (data) => {\n            stdout += stdoutDecoder.write(data);\n            if (originalStdoutListener) {\n                originalStdoutListener(data);\n            }\n        };\n        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });\n        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));\n        //flush any remaining characters\n        stdout += stdoutDecoder.end();\n        stderr += stderrDecoder.end();\n        return {\n            exitCode,\n            stdout,\n            stderr\n        };\n    });\n}\n//# sourceMappingURL=exec.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.ToolRunner = void 0;\nexports.argStringToArray = argStringToArray;\nconst os = __importStar(require(\"os\"));\nconst events = __importStar(require(\"events\"));\nconst child = __importStar(require(\"child_process\"));\nconst path = __importStar(require(\"path\"));\nconst io = __importStar(require(\"@actions/io\"));\nconst ioUtil = __importStar(require(\"@actions/io/lib/io-util\"));\nconst timers_1 = require(\"timers\");\n/* eslint-disable @typescript-eslint/unbound-method */\nconst IS_WINDOWS = process.platform === 'win32';\n/*\n * Class for running command line tools. Handles quoting and arg parsing in a platform agnostic way.\n */\nclass ToolRunner extends events.EventEmitter {\n    constructor(toolPath, args, options) {\n        super();\n        if (!toolPath) {\n            throw new Error(\"Parameter 'toolPath' cannot be null or empty.\");\n        }\n        this.toolPath = toolPath;\n        this.args = args || [];\n        this.options = options || {};\n    }\n    _debug(message) {\n        if (this.options.listeners && this.options.listeners.debug) {\n            this.options.listeners.debug(message);\n        }\n    }\n    _getCommandString(options, noPrefix) {\n        const toolPath = this._getSpawnFileName();\n        const args = this._getSpawnArgs(options);\n        let cmd = noPrefix ? '' : '[command]'; // omit prefix when piped to a second tool\n        if (IS_WINDOWS) {\n            // Windows + cmd file\n            if (this._isCmdFile()) {\n                cmd += toolPath;\n                for (const a of args) {\n                    cmd += ` ${a}`;\n                }\n            }\n            // Windows + verbatim\n            else if (options.windowsVerbatimArguments) {\n                cmd += `\"${toolPath}\"`;\n                for (const a of args) {\n                    cmd += ` ${a}`;\n                }\n            }\n            // Windows (regular)\n            else {\n                cmd += this._windowsQuoteCmdArg(toolPath);\n                for (const a of args) {\n                    cmd += ` ${this._windowsQuoteCmdArg(a)}`;\n                }\n            }\n        }\n        else {\n            // OSX/Linux - this can likely be improved with some form of quoting.\n            // creating processes on Unix is fundamentally different than Windows.\n            // on Unix, execvp() takes an arg array.\n            cmd += toolPath;\n            for (const a of args) {\n                cmd += ` ${a}`;\n            }\n        }\n        return cmd;\n    }\n    _processLineBuffer(data, strBuffer, onLine) {\n        try {\n            let s = strBuffer + data.toString();\n            let n = s.indexOf(os.EOL);\n            while (n > -1) {\n                const line = s.substring(0, n);\n                onLine(line);\n                // the rest of the string ...\n                s = s.substring(n + os.EOL.length);\n                n = s.indexOf(os.EOL);\n            }\n            return s;\n        }\n        catch (err) {\n            // streaming lines to console is best effort.  Don't fail a build.\n            this._debug(`error processing line. Failed with error ${err}`);\n            return '';\n        }\n    }\n    _getSpawnFileName() {\n        if (IS_WINDOWS) {\n            if (this._isCmdFile()) {\n                return process.env['COMSPEC'] || 'cmd.exe';\n            }\n        }\n        return this.toolPath;\n    }\n    _getSpawnArgs(options) {\n        if (IS_WINDOWS) {\n            if (this._isCmdFile()) {\n                let argline = `/D /S /C \"${this._windowsQuoteCmdArg(this.toolPath)}`;\n                for (const a of this.args) {\n                    argline += ' ';\n                    argline += options.windowsVerbatimArguments\n                        ? a\n                        : this._windowsQuoteCmdArg(a);\n                }\n                argline += '\"';\n                return [argline];\n            }\n        }\n        return this.args;\n    }\n    _endsWith(str, end) {\n        return str.endsWith(end);\n    }\n    _isCmdFile() {\n        const upperToolPath = this.toolPath.toUpperCase();\n        return (this._endsWith(upperToolPath, '.CMD') ||\n            this._endsWith(upperToolPath, '.BAT'));\n    }\n    _windowsQuoteCmdArg(arg) {\n        // for .exe, apply the normal quoting rules that libuv applies\n        if (!this._isCmdFile()) {\n            return this._uvQuoteCmdArg(arg);\n        }\n        // otherwise apply quoting rules specific to the cmd.exe command line parser.\n        // the libuv rules are generic and are not designed specifically for cmd.exe\n        // command line parser.\n        //\n        // for a detailed description of the cmd.exe command line parser, refer to\n        // http://stackoverflow.com/questions/4094699/how-does-the-windows-command-interpreter-cmd-exe-parse-scripts/7970912#7970912\n        // need quotes for empty arg\n        if (!arg) {\n            return '\"\"';\n        }\n        // determine whether the arg needs to be quoted\n        const cmdSpecialChars = [\n            ' ',\n            '\\t',\n            '&',\n            '(',\n            ')',\n            '[',\n            ']',\n            '{',\n            '}',\n            '^',\n            '=',\n            ';',\n            '!',\n            \"'\",\n            '+',\n            ',',\n            '`',\n            '~',\n            '|',\n            '<',\n            '>',\n            '\"'\n        ];\n        let needsQuotes = false;\n        for (const char of arg) {\n            if (cmdSpecialChars.some(x => x === char)) {\n                needsQuotes = true;\n                break;\n            }\n        }\n        // short-circuit if quotes not needed\n        if (!needsQuotes) {\n            return arg;\n        }\n        // the following quoting rules are very similar to the rules that by libuv applies.\n        //\n        // 1) wrap the string in quotes\n        //\n        // 2) double-up quotes - i.e. \" => \"\"\n        //\n        //    this is different from the libuv quoting rules. libuv replaces \" with \\\", which unfortunately\n        //    doesn't work well with a cmd.exe command line.\n        //\n        //    note, replacing \" with \"\" also works well if the arg is passed to a downstream .NET console app.\n        //    for example, the command line:\n        //          foo.exe \"myarg:\"\"my val\"\"\"\n        //    is parsed by a .NET console app into an arg array:\n        //          [ \"myarg:\\\"my val\\\"\" ]\n        //    which is the same end result when applying libuv quoting rules. although the actual\n        //    command line from libuv quoting rules would look like:\n        //          foo.exe \"myarg:\\\"my val\\\"\"\n        //\n        // 3) double-up slashes that precede a quote,\n        //    e.g.  hello \\world    => \"hello \\world\"\n        //          hello\\\"world    => \"hello\\\\\"\"world\"\n        //          hello\\\\\"world   => \"hello\\\\\\\\\"\"world\"\n        //          hello world\\    => \"hello world\\\\\"\n        //\n        //    technically this is not required for a cmd.exe command line, or the batch argument parser.\n        //    the reasons for including this as a .cmd quoting rule are:\n        //\n        //    a) this is optimized for the scenario where the argument is passed from the .cmd file to an\n        //       external program. many programs (e.g. .NET console apps) rely on the slash-doubling rule.\n        //\n        //    b) it's what we've been doing previously (by deferring to node default behavior) and we\n        //       haven't heard any complaints about that aspect.\n        //\n        // note, a weakness of the quoting rules chosen here, is that % is not escaped. in fact, % cannot be\n        // escaped when used on the command line directly - even though within a .cmd file % can be escaped\n        // by using %%.\n        //\n        // the saving grace is, on the command line, %var% is left as-is if var is not defined. this contrasts\n        // the line parsing rules within a .cmd file, where if var is not defined it is replaced with nothing.\n        //\n        // one option that was explored was replacing % with ^% - i.e. %var% => ^%var^%. this hack would\n        // often work, since it is unlikely that var^ would exist, and the ^ character is removed when the\n        // variable is used. the problem, however, is that ^ is not removed when %* is used to pass the args\n        // to an external program.\n        //\n        // an unexplored potential solution for the % escaping problem, is to create a wrapper .cmd file.\n        // % can be escaped within a .cmd file.\n        let reverse = '\"';\n        let quoteHit = true;\n        for (let i = arg.length; i > 0; i--) {\n            // walk the string in reverse\n            reverse += arg[i - 1];\n            if (quoteHit && arg[i - 1] === '\\\\') {\n                reverse += '\\\\'; // double the slash\n            }\n            else if (arg[i - 1] === '\"') {\n                quoteHit = true;\n                reverse += '\"'; // double the quote\n            }\n            else {\n                quoteHit = false;\n            }\n        }\n        reverse += '\"';\n        return reverse.split('').reverse().join('');\n    }\n    _uvQuoteCmdArg(arg) {\n        // Tool runner wraps child_process.spawn() and needs to apply the same quoting as\n        // Node in certain cases where the undocumented spawn option windowsVerbatimArguments\n        // is used.\n        //\n        // Since this function is a port of quote_cmd_arg from Node 4.x (technically, lib UV,\n        // see https://github.com/nodejs/node/blob/v4.x/deps/uv/src/win/process.c for details),\n        // pasting copyright notice from Node within this function:\n        //\n        //      Copyright Joyent, Inc. and other Node contributors. All rights reserved.\n        //\n        //      Permission is hereby granted, free of charge, to any person obtaining a copy\n        //      of this software and associated documentation files (the \"Software\"), to\n        //      deal in the Software without restriction, including without limitation the\n        //      rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n        //      sell copies of the Software, and to permit persons to whom the Software is\n        //      furnished to do so, subject to the following conditions:\n        //\n        //      The above copyright notice and this permission notice shall be included in\n        //      all copies or substantial portions of the Software.\n        //\n        //      THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n        //      IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n        //      FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n        //      AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n        //      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n        //      FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n        //      IN THE SOFTWARE.\n        if (!arg) {\n            // Need double quotation for empty argument\n            return '\"\"';\n        }\n        if (!arg.includes(' ') && !arg.includes('\\t') && !arg.includes('\"')) {\n            // No quotation needed\n            return arg;\n        }\n        if (!arg.includes('\"') && !arg.includes('\\\\')) {\n            // No embedded double quotes or backslashes, so I can just wrap\n            // quote marks around the whole thing.\n            return `\"${arg}\"`;\n        }\n        // Expected input/output:\n        //   input : hello\"world\n        //   output: \"hello\\\"world\"\n        //   input : hello\"\"world\n        //   output: \"hello\\\"\\\"world\"\n        //   input : hello\\world\n        //   output: hello\\world\n        //   input : hello\\\\world\n        //   output: hello\\\\world\n        //   input : hello\\\"world\n        //   output: \"hello\\\\\\\"world\"\n        //   input : hello\\\\\"world\n        //   output: \"hello\\\\\\\\\\\"world\"\n        //   input : hello world\\\n        //   output: \"hello world\\\\\" - note the comment in libuv actually reads \"hello world\\\"\n        //                             but it appears the comment is wrong, it should be \"hello world\\\\\"\n        let reverse = '\"';\n        let quoteHit = true;\n        for (let i = arg.length; i > 0; i--) {\n            // walk the string in reverse\n            reverse += arg[i - 1];\n            if (quoteHit && arg[i - 1] === '\\\\') {\n                reverse += '\\\\';\n            }\n            else if (arg[i - 1] === '\"') {\n                quoteHit = true;\n                reverse += '\\\\';\n            }\n            else {\n                quoteHit = false;\n            }\n        }\n        reverse += '\"';\n        return reverse.split('').reverse().join('');\n    }\n    _cloneExecOptions(options) {\n        options = options || {};\n        const result = {\n            cwd: options.cwd || process.cwd(),\n            env: options.env || process.env,\n            silent: options.silent || false,\n            windowsVerbatimArguments: options.windowsVerbatimArguments || false,\n            failOnStdErr: options.failOnStdErr || false,\n            ignoreReturnCode: options.ignoreReturnCode || false,\n            delay: options.delay || 10000\n        };\n        result.outStream = options.outStream || process.stdout;\n        result.errStream = options.errStream || process.stderr;\n        return result;\n    }\n    _getSpawnOptions(options, toolPath) {\n        options = options || {};\n        const result = {};\n        result.cwd = options.cwd;\n        result.env = options.env;\n        result['windowsVerbatimArguments'] =\n            options.windowsVerbatimArguments || this._isCmdFile();\n        if (options.windowsVerbatimArguments) {\n            result.argv0 = `\"${toolPath}\"`;\n        }\n        return result;\n    }\n    /**\n     * Exec a tool.\n     * Output will be streamed to the live console.\n     * Returns promise with return code\n     *\n     * @param     tool     path to tool to exec\n     * @param     options  optional exec options.  See ExecOptions\n     * @returns   number\n     */\n    exec() {\n        return __awaiter(this, void 0, void 0, function* () {\n            // root the tool path if it is unrooted and contains relative pathing\n            if (!ioUtil.isRooted(this.toolPath) &&\n                (this.toolPath.includes('/') ||\n                    (IS_WINDOWS && this.toolPath.includes('\\\\')))) {\n                // prefer options.cwd if it is specified, however options.cwd may also need to be rooted\n                this.toolPath = path.resolve(process.cwd(), this.options.cwd || process.cwd(), this.toolPath);\n            }\n            // if the tool is only a file name, then resolve it from the PATH\n            // otherwise verify it exists (add extension on Windows if necessary)\n            this.toolPath = yield io.which(this.toolPath, true);\n            return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {\n                this._debug(`exec tool: ${this.toolPath}`);\n                this._debug('arguments:');\n                for (const arg of this.args) {\n                    this._debug(`   ${arg}`);\n                }\n                const optionsNonNull = this._cloneExecOptions(this.options);\n                if (!optionsNonNull.silent && optionsNonNull.outStream) {\n                    optionsNonNull.outStream.write(this._getCommandString(optionsNonNull) + os.EOL);\n                }\n                const state = new ExecState(optionsNonNull, this.toolPath);\n                state.on('debug', (message) => {\n                    this._debug(message);\n                });\n                if (this.options.cwd && !(yield ioUtil.exists(this.options.cwd))) {\n                    return reject(new Error(`The cwd: ${this.options.cwd} does not exist!`));\n                }\n                const fileName = this._getSpawnFileName();\n                const cp = child.spawn(fileName, this._getSpawnArgs(optionsNonNull), this._getSpawnOptions(this.options, fileName));\n                let stdbuffer = '';\n                if (cp.stdout) {\n                    cp.stdout.on('data', (data) => {\n                        if (this.options.listeners && this.options.listeners.stdout) {\n                            this.options.listeners.stdout(data);\n                        }\n                        if (!optionsNonNull.silent && optionsNonNull.outStream) {\n                            optionsNonNull.outStream.write(data);\n                        }\n                        stdbuffer = this._processLineBuffer(data, stdbuffer, (line) => {\n                            if (this.options.listeners && this.options.listeners.stdline) {\n                                this.options.listeners.stdline(line);\n                            }\n                        });\n                    });\n                }\n                let errbuffer = '';\n                if (cp.stderr) {\n                    cp.stderr.on('data', (data) => {\n                        state.processStderr = true;\n                        if (this.options.listeners && this.options.listeners.stderr) {\n                            this.options.listeners.stderr(data);\n                        }\n                        if (!optionsNonNull.silent &&\n                            optionsNonNull.errStream &&\n                            optionsNonNull.outStream) {\n                            const s = optionsNonNull.failOnStdErr\n                                ? optionsNonNull.errStream\n                                : optionsNonNull.outStream;\n                            s.write(data);\n                        }\n                        errbuffer = this._processLineBuffer(data, errbuffer, (line) => {\n                            if (this.options.listeners && this.options.listeners.errline) {\n                                this.options.listeners.errline(line);\n                            }\n                        });\n                    });\n                }\n                cp.on('error', (err) => {\n                    state.processError = err.message;\n                    state.processExited = true;\n                    state.processClosed = true;\n                    state.CheckComplete();\n                });\n                cp.on('exit', (code) => {\n                    state.processExitCode = code;\n                    state.processExited = true;\n                    this._debug(`Exit code ${code} received from tool '${this.toolPath}'`);\n                    state.CheckComplete();\n                });\n                cp.on('close', (code) => {\n                    state.processExitCode = code;\n                    state.processExited = true;\n                    state.processClosed = true;\n                    this._debug(`STDIO streams have closed for tool '${this.toolPath}'`);\n                    state.CheckComplete();\n                });\n                state.on('done', (error, exitCode) => {\n                    if (stdbuffer.length > 0) {\n                        this.emit('stdline', stdbuffer);\n                    }\n                    if (errbuffer.length > 0) {\n                        this.emit('errline', errbuffer);\n                    }\n                    cp.removeAllListeners();\n                    if (error) {\n                        reject(error);\n                    }\n                    else {\n                        resolve(exitCode);\n                    }\n                });\n                if (this.options.input) {\n                    if (!cp.stdin) {\n                        throw new Error('child process missing stdin');\n                    }\n                    cp.stdin.end(this.options.input);\n                }\n            }));\n        });\n    }\n}\nexports.ToolRunner = ToolRunner;\n/**\n * Convert an arg string to an array of args. Handles escaping\n *\n * @param    argString   string of arguments\n * @returns  string[]    array of arguments\n */\nfunction argStringToArray(argString) {\n    const args = [];\n    let inQuotes = false;\n    let escaped = false;\n    let arg = '';\n    function append(c) {\n        // we only escape double quotes.\n        if (escaped && c !== '\"') {\n            arg += '\\\\';\n        }\n        arg += c;\n        escaped = false;\n    }\n    for (let i = 0; i < argString.length; i++) {\n        const c = argString.charAt(i);\n        if (c === '\"') {\n            if (!escaped) {\n                inQuotes = !inQuotes;\n            }\n            else {\n                append(c);\n            }\n            continue;\n        }\n        if (c === '\\\\' && escaped) {\n            append(c);\n            continue;\n        }\n        if (c === '\\\\' && inQuotes) {\n            escaped = true;\n            continue;\n        }\n        if (c === ' ' && !inQuotes) {\n            if (arg.length > 0) {\n                args.push(arg);\n                arg = '';\n            }\n            continue;\n        }\n        append(c);\n    }\n    if (arg.length > 0) {\n        args.push(arg.trim());\n    }\n    return args;\n}\nclass ExecState extends events.EventEmitter {\n    constructor(options, toolPath) {\n        super();\n        this.processClosed = false; // tracks whether the process has exited and stdio is closed\n        this.processError = '';\n        this.processExitCode = 0;\n        this.processExited = false; // tracks whether the process has exited\n        this.processStderr = false; // tracks whether stderr was written to\n        this.delay = 10000; // 10 seconds\n        this.done = false;\n        this.timeout = null;\n        if (!toolPath) {\n            throw new Error('toolPath must not be empty');\n        }\n        this.options = options;\n        this.toolPath = toolPath;\n        if (options.delay) {\n            this.delay = options.delay;\n        }\n    }\n    CheckComplete() {\n        if (this.done) {\n            return;\n        }\n        if (this.processClosed) {\n            this._setResult();\n        }\n        else if (this.processExited) {\n            this.timeout = (0, timers_1.setTimeout)(ExecState.HandleTimeout, this.delay, this);\n        }\n    }\n    _debug(message) {\n        this.emit('debug', message);\n    }\n    _setResult() {\n        // determine whether there is an error\n        let error;\n        if (this.processExited) {\n            if (this.processError) {\n                error = new Error(`There was an error when attempting to execute the process '${this.toolPath}'. This may indicate the process failed to start. Error: ${this.processError}`);\n            }\n            else if (this.processExitCode !== 0 && !this.options.ignoreReturnCode) {\n                error = new Error(`The process '${this.toolPath}' failed with exit code ${this.processExitCode}`);\n            }\n            else if (this.processStderr && this.options.failOnStdErr) {\n                error = new Error(`The process '${this.toolPath}' failed because one or more lines were written to the STDERR stream`);\n            }\n        }\n        // clear the timeout\n        if (this.timeout) {\n            clearTimeout(this.timeout);\n            this.timeout = null;\n        }\n        this.done = true;\n        this.emit('done', error, this.processExitCode);\n    }\n    static HandleTimeout(state) {\n        if (state.done) {\n            return;\n        }\n        if (!state.processClosed && state.processExited) {\n            const message = `The STDIO streams did not close within ${state.delay / 1000} seconds of the exit event from process '${state.toolPath}'. This may indicate a child process inherited the STDIO streams and has not yet exited.`;\n            state._debug(message);\n        }\n        state._setResult();\n    }\n}\n//# sourceMappingURL=toolrunner.js.map","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.PersonalAccessTokenCredentialHandler = exports.BearerCredentialHandler = exports.BasicCredentialHandler = void 0;\nclass BasicCredentialHandler {\n    constructor(username, password) {\n        this.username = username;\n        this.password = password;\n    }\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Basic ${Buffer.from(`${this.username}:${this.password}`).toString('base64')}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.BasicCredentialHandler = BasicCredentialHandler;\nclass BearerCredentialHandler {\n    constructor(token) {\n        this.token = token;\n    }\n    // currently implements pre-authorization\n    // TODO: support preAuth = false where it hooks on 401\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Bearer ${this.token}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.BearerCredentialHandler = BearerCredentialHandler;\nclass PersonalAccessTokenCredentialHandler {\n    constructor(token) {\n        this.token = token;\n    }\n    // currently implements pre-authorization\n    // TODO: support preAuth = false where it hooks on 401\n    prepareRequest(options) {\n        if (!options.headers) {\n            throw Error('The request has no headers');\n        }\n        options.headers['Authorization'] = `Basic ${Buffer.from(`PAT:${this.token}`).toString('base64')}`;\n    }\n    // This handler cannot handle 401\n    canHandleAuthentication() {\n        return false;\n    }\n    handleAuthentication() {\n        return __awaiter(this, void 0, void 0, function* () {\n            throw new Error('not implemented');\n        });\n    }\n}\nexports.PersonalAccessTokenCredentialHandler = PersonalAccessTokenCredentialHandler;\n//# sourceMappingURL=auth.js.map","\"use strict\";\n/* eslint-disable @typescript-eslint/no-explicit-any */\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.HttpClient = exports.HttpClientResponse = exports.HttpClientError = exports.MediaTypes = exports.Headers = exports.HttpCodes = void 0;\nexports.getProxyUrl = getProxyUrl;\nexports.isHttps = isHttps;\nconst http = __importStar(require(\"http\"));\nconst https = __importStar(require(\"https\"));\nconst pm = __importStar(require(\"./proxy\"));\nconst tunnel = __importStar(require(\"tunnel\"));\nconst undici_1 = require(\"undici\");\nvar HttpCodes;\n(function (HttpCodes) {\n    HttpCodes[HttpCodes[\"OK\"] = 200] = \"OK\";\n    HttpCodes[HttpCodes[\"MultipleChoices\"] = 300] = \"MultipleChoices\";\n    HttpCodes[HttpCodes[\"MovedPermanently\"] = 301] = \"MovedPermanently\";\n    HttpCodes[HttpCodes[\"ResourceMoved\"] = 302] = \"ResourceMoved\";\n    HttpCodes[HttpCodes[\"SeeOther\"] = 303] = \"SeeOther\";\n    HttpCodes[HttpCodes[\"NotModified\"] = 304] = \"NotModified\";\n    HttpCodes[HttpCodes[\"UseProxy\"] = 305] = \"UseProxy\";\n    HttpCodes[HttpCodes[\"SwitchProxy\"] = 306] = \"SwitchProxy\";\n    HttpCodes[HttpCodes[\"TemporaryRedirect\"] = 307] = \"TemporaryRedirect\";\n    HttpCodes[HttpCodes[\"PermanentRedirect\"] = 308] = \"PermanentRedirect\";\n    HttpCodes[HttpCodes[\"BadRequest\"] = 400] = \"BadRequest\";\n    HttpCodes[HttpCodes[\"Unauthorized\"] = 401] = \"Unauthorized\";\n    HttpCodes[HttpCodes[\"PaymentRequired\"] = 402] = \"PaymentRequired\";\n    HttpCodes[HttpCodes[\"Forbidden\"] = 403] = \"Forbidden\";\n    HttpCodes[HttpCodes[\"NotFound\"] = 404] = \"NotFound\";\n    HttpCodes[HttpCodes[\"MethodNotAllowed\"] = 405] = \"MethodNotAllowed\";\n    HttpCodes[HttpCodes[\"NotAcceptable\"] = 406] = \"NotAcceptable\";\n    HttpCodes[HttpCodes[\"ProxyAuthenticationRequired\"] = 407] = \"ProxyAuthenticationRequired\";\n    HttpCodes[HttpCodes[\"RequestTimeout\"] = 408] = \"RequestTimeout\";\n    HttpCodes[HttpCodes[\"Conflict\"] = 409] = \"Conflict\";\n    HttpCodes[HttpCodes[\"Gone\"] = 410] = \"Gone\";\n    HttpCodes[HttpCodes[\"TooManyRequests\"] = 429] = \"TooManyRequests\";\n    HttpCodes[HttpCodes[\"InternalServerError\"] = 500] = \"InternalServerError\";\n    HttpCodes[HttpCodes[\"NotImplemented\"] = 501] = \"NotImplemented\";\n    HttpCodes[HttpCodes[\"BadGateway\"] = 502] = \"BadGateway\";\n    HttpCodes[HttpCodes[\"ServiceUnavailable\"] = 503] = \"ServiceUnavailable\";\n    HttpCodes[HttpCodes[\"GatewayTimeout\"] = 504] = \"GatewayTimeout\";\n})(HttpCodes || (exports.HttpCodes = HttpCodes = {}));\nvar Headers;\n(function (Headers) {\n    Headers[\"Accept\"] = \"accept\";\n    Headers[\"ContentType\"] = \"content-type\";\n})(Headers || (exports.Headers = Headers = {}));\nvar MediaTypes;\n(function (MediaTypes) {\n    MediaTypes[\"ApplicationJson\"] = \"application/json\";\n})(MediaTypes || (exports.MediaTypes = MediaTypes = {}));\n/**\n * Returns the proxy URL, depending upon the supplied url and proxy environment variables.\n * @param serverUrl  The server URL where the request will be sent. For example, https://api.github.com\n */\nfunction getProxyUrl(serverUrl) {\n    const proxyUrl = pm.getProxyUrl(new URL(serverUrl));\n    return proxyUrl ? proxyUrl.href : '';\n}\nconst HttpRedirectCodes = [\n    HttpCodes.MovedPermanently,\n    HttpCodes.ResourceMoved,\n    HttpCodes.SeeOther,\n    HttpCodes.TemporaryRedirect,\n    HttpCodes.PermanentRedirect\n];\nconst HttpResponseRetryCodes = [\n    HttpCodes.BadGateway,\n    HttpCodes.ServiceUnavailable,\n    HttpCodes.GatewayTimeout\n];\nconst RetryableHttpVerbs = ['OPTIONS', 'GET', 'DELETE', 'HEAD'];\nconst ExponentialBackoffCeiling = 10;\nconst ExponentialBackoffTimeSlice = 5;\nclass HttpClientError extends Error {\n    constructor(message, statusCode) {\n        super(message);\n        this.name = 'HttpClientError';\n        this.statusCode = statusCode;\n        Object.setPrototypeOf(this, HttpClientError.prototype);\n    }\n}\nexports.HttpClientError = HttpClientError;\nclass HttpClientResponse {\n    constructor(message) {\n        this.message = message;\n    }\n    readBody() {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve) => __awaiter(this, void 0, void 0, function* () {\n                let output = Buffer.alloc(0);\n                this.message.on('data', (chunk) => {\n                    output = Buffer.concat([output, chunk]);\n                });\n                this.message.on('end', () => {\n                    resolve(output.toString());\n                });\n            }));\n        });\n    }\n    readBodyBuffer() {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve) => __awaiter(this, void 0, void 0, function* () {\n                const chunks = [];\n                this.message.on('data', (chunk) => {\n                    chunks.push(chunk);\n                });\n                this.message.on('end', () => {\n                    resolve(Buffer.concat(chunks));\n                });\n            }));\n        });\n    }\n}\nexports.HttpClientResponse = HttpClientResponse;\nfunction isHttps(requestUrl) {\n    const parsedUrl = new URL(requestUrl);\n    return parsedUrl.protocol === 'https:';\n}\nclass HttpClient {\n    constructor(userAgent, handlers, requestOptions) {\n        this._ignoreSslError = false;\n        this._allowRedirects = true;\n        this._allowRedirectDowngrade = false;\n        this._maxRedirects = 50;\n        this._allowRetries = false;\n        this._maxRetries = 1;\n        this._keepAlive = false;\n        this._disposed = false;\n        this.userAgent = this._getUserAgentWithOrchestrationId(userAgent);\n        this.handlers = handlers || [];\n        this.requestOptions = requestOptions;\n        if (requestOptions) {\n            if (requestOptions.ignoreSslError != null) {\n                this._ignoreSslError = requestOptions.ignoreSslError;\n            }\n            this._socketTimeout = requestOptions.socketTimeout;\n            if (requestOptions.allowRedirects != null) {\n                this._allowRedirects = requestOptions.allowRedirects;\n            }\n            if (requestOptions.allowRedirectDowngrade != null) {\n                this._allowRedirectDowngrade = requestOptions.allowRedirectDowngrade;\n            }\n            if (requestOptions.maxRedirects != null) {\n                this._maxRedirects = Math.max(requestOptions.maxRedirects, 0);\n            }\n            if (requestOptions.keepAlive != null) {\n                this._keepAlive = requestOptions.keepAlive;\n            }\n            if (requestOptions.allowRetries != null) {\n                this._allowRetries = requestOptions.allowRetries;\n            }\n            if (requestOptions.maxRetries != null) {\n                this._maxRetries = requestOptions.maxRetries;\n            }\n        }\n    }\n    options(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('OPTIONS', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    get(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('GET', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    del(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('DELETE', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    post(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('POST', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    patch(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('PATCH', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    put(requestUrl, data, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('PUT', requestUrl, data, additionalHeaders || {});\n        });\n    }\n    head(requestUrl, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request('HEAD', requestUrl, null, additionalHeaders || {});\n        });\n    }\n    sendStream(verb, requestUrl, stream, additionalHeaders) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return this.request(verb, requestUrl, stream, additionalHeaders);\n        });\n    }\n    /**\n     * Gets a typed object from an endpoint\n     * Be aware that not found returns a null.  Other errors (4xx, 5xx) reject the promise\n     */\n    getJson(requestUrl_1) {\n        return __awaiter(this, arguments, void 0, function* (requestUrl, additionalHeaders = {}) {\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            const res = yield this.get(requestUrl, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    postJson(requestUrl_1, obj_1) {\n        return __awaiter(this, arguments, void 0, function* (requestUrl, obj, additionalHeaders = {}) {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] =\n                this._getExistingOrDefaultContentTypeHeader(additionalHeaders, MediaTypes.ApplicationJson);\n            const res = yield this.post(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    putJson(requestUrl_1, obj_1) {\n        return __awaiter(this, arguments, void 0, function* (requestUrl, obj, additionalHeaders = {}) {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] =\n                this._getExistingOrDefaultContentTypeHeader(additionalHeaders, MediaTypes.ApplicationJson);\n            const res = yield this.put(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    patchJson(requestUrl_1, obj_1) {\n        return __awaiter(this, arguments, void 0, function* (requestUrl, obj, additionalHeaders = {}) {\n            const data = JSON.stringify(obj, null, 2);\n            additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson);\n            additionalHeaders[Headers.ContentType] =\n                this._getExistingOrDefaultContentTypeHeader(additionalHeaders, MediaTypes.ApplicationJson);\n            const res = yield this.patch(requestUrl, data, additionalHeaders);\n            return this._processResponse(res, this.requestOptions);\n        });\n    }\n    /**\n     * Makes a raw http request.\n     * All other methods such as get, post, patch, and request ultimately call this.\n     * Prefer get, del, post and patch\n     */\n    request(verb, requestUrl, data, headers) {\n        return __awaiter(this, void 0, void 0, function* () {\n            if (this._disposed) {\n                throw new Error('Client has already been disposed.');\n            }\n            const parsedUrl = new URL(requestUrl);\n            let info = this._prepareRequest(verb, parsedUrl, headers);\n            // Only perform retries on reads since writes may not be idempotent.\n            const maxTries = this._allowRetries && RetryableHttpVerbs.includes(verb)\n                ? this._maxRetries + 1\n                : 1;\n            let numTries = 0;\n            let response;\n            do {\n                response = yield this.requestRaw(info, data);\n                // Check if it's an authentication challenge\n                if (response &&\n                    response.message &&\n                    response.message.statusCode === HttpCodes.Unauthorized) {\n                    let authenticationHandler;\n                    for (const handler of this.handlers) {\n                        if (handler.canHandleAuthentication(response)) {\n                            authenticationHandler = handler;\n                            break;\n                        }\n                    }\n                    if (authenticationHandler) {\n                        return authenticationHandler.handleAuthentication(this, info, data);\n                    }\n                    else {\n                        // We have received an unauthorized response but have no handlers to handle it.\n                        // Let the response return to the caller.\n                        return response;\n                    }\n                }\n                let redirectsRemaining = this._maxRedirects;\n                while (response.message.statusCode &&\n                    HttpRedirectCodes.includes(response.message.statusCode) &&\n                    this._allowRedirects &&\n                    redirectsRemaining > 0) {\n                    const redirectUrl = response.message.headers['location'];\n                    if (!redirectUrl) {\n                        // if there's no location to redirect to, we won't\n                        break;\n                    }\n                    const parsedRedirectUrl = new URL(redirectUrl);\n                    if (parsedUrl.protocol === 'https:' &&\n                        parsedUrl.protocol !== parsedRedirectUrl.protocol &&\n                        !this._allowRedirectDowngrade) {\n                        throw new Error('Redirect from HTTPS to HTTP protocol. This downgrade is not allowed for security reasons. If you want to allow this behavior, set the allowRedirectDowngrade option to true.');\n                    }\n                    // we need to finish reading the response before reassigning response\n                    // which will leak the open socket.\n                    yield response.readBody();\n                    // strip authorization header if redirected to a different hostname\n                    if (parsedRedirectUrl.hostname !== parsedUrl.hostname) {\n                        for (const header in headers) {\n                            // header names are case insensitive\n                            if (header.toLowerCase() === 'authorization') {\n                                delete headers[header];\n                            }\n                        }\n                    }\n                    // let's make the request with the new redirectUrl\n                    info = this._prepareRequest(verb, parsedRedirectUrl, headers);\n                    response = yield this.requestRaw(info, data);\n                    redirectsRemaining--;\n                }\n                if (!response.message.statusCode ||\n                    !HttpResponseRetryCodes.includes(response.message.statusCode)) {\n                    // If not a retry code, return immediately instead of retrying\n                    return response;\n                }\n                numTries += 1;\n                if (numTries < maxTries) {\n                    yield response.readBody();\n                    yield this._performExponentialBackoff(numTries);\n                }\n            } while (numTries < maxTries);\n            return response;\n        });\n    }\n    /**\n     * Needs to be called if keepAlive is set to true in request options.\n     */\n    dispose() {\n        if (this._agent) {\n            this._agent.destroy();\n        }\n        this._disposed = true;\n    }\n    /**\n     * Raw request.\n     * @param info\n     * @param data\n     */\n    requestRaw(info, data) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve, reject) => {\n                function callbackForResult(err, res) {\n                    if (err) {\n                        reject(err);\n                    }\n                    else if (!res) {\n                        // If `err` is not passed, then `res` must be passed.\n                        reject(new Error('Unknown error'));\n                    }\n                    else {\n                        resolve(res);\n                    }\n                }\n                this.requestRawWithCallback(info, data, callbackForResult);\n            });\n        });\n    }\n    /**\n     * Raw request with callback.\n     * @param info\n     * @param data\n     * @param onResult\n     */\n    requestRawWithCallback(info, data, onResult) {\n        if (typeof data === 'string') {\n            if (!info.options.headers) {\n                info.options.headers = {};\n            }\n            info.options.headers['Content-Length'] = Buffer.byteLength(data, 'utf8');\n        }\n        let callbackCalled = false;\n        function handleResult(err, res) {\n            if (!callbackCalled) {\n                callbackCalled = true;\n                onResult(err, res);\n            }\n        }\n        const req = info.httpModule.request(info.options, (msg) => {\n            const res = new HttpClientResponse(msg);\n            handleResult(undefined, res);\n        });\n        let socket;\n        req.on('socket', sock => {\n            socket = sock;\n        });\n        // If we ever get disconnected, we want the socket to timeout eventually\n        req.setTimeout(this._socketTimeout || 3 * 60000, () => {\n            if (socket) {\n                socket.end();\n            }\n            handleResult(new Error(`Request timeout: ${info.options.path}`));\n        });\n        req.on('error', function (err) {\n            // err has statusCode property\n            // res should have headers\n            handleResult(err);\n        });\n        if (data && typeof data === 'string') {\n            req.write(data, 'utf8');\n        }\n        if (data && typeof data !== 'string') {\n            data.on('close', function () {\n                req.end();\n            });\n            data.pipe(req);\n        }\n        else {\n            req.end();\n        }\n    }\n    /**\n     * Gets an http agent. This function is useful when you need an http agent that handles\n     * routing through a proxy server - depending upon the url and proxy environment variables.\n     * @param serverUrl  The server URL where the request will be sent. For example, https://api.github.com\n     */\n    getAgent(serverUrl) {\n        const parsedUrl = new URL(serverUrl);\n        return this._getAgent(parsedUrl);\n    }\n    getAgentDispatcher(serverUrl) {\n        const parsedUrl = new URL(serverUrl);\n        const proxyUrl = pm.getProxyUrl(parsedUrl);\n        const useProxy = proxyUrl && proxyUrl.hostname;\n        if (!useProxy) {\n            return;\n        }\n        return this._getProxyAgentDispatcher(parsedUrl, proxyUrl);\n    }\n    _prepareRequest(method, requestUrl, headers) {\n        const info = {};\n        info.parsedUrl = requestUrl;\n        const usingSsl = info.parsedUrl.protocol === 'https:';\n        info.httpModule = usingSsl ? https : http;\n        const defaultPort = usingSsl ? 443 : 80;\n        info.options = {};\n        info.options.host = info.parsedUrl.hostname;\n        info.options.port = info.parsedUrl.port\n            ? parseInt(info.parsedUrl.port)\n            : defaultPort;\n        info.options.path =\n            (info.parsedUrl.pathname || '') + (info.parsedUrl.search || '');\n        info.options.method = method;\n        info.options.headers = this._mergeHeaders(headers);\n        if (this.userAgent != null) {\n            info.options.headers['user-agent'] = this.userAgent;\n        }\n        info.options.agent = this._getAgent(info.parsedUrl);\n        // gives handlers an opportunity to participate\n        if (this.handlers) {\n            for (const handler of this.handlers) {\n                handler.prepareRequest(info.options);\n            }\n        }\n        return info;\n    }\n    _mergeHeaders(headers) {\n        if (this.requestOptions && this.requestOptions.headers) {\n            return Object.assign({}, lowercaseKeys(this.requestOptions.headers), lowercaseKeys(headers || {}));\n        }\n        return lowercaseKeys(headers || {});\n    }\n    /**\n     * Gets an existing header value or returns a default.\n     * Handles converting number header values to strings since HTTP headers must be strings.\n     * Note: This returns string | string[] since some headers can have multiple values.\n     * For headers that must always be a single string (like Content-Type), use the\n     * specialized _getExistingOrDefaultContentTypeHeader method instead.\n     */\n    _getExistingOrDefaultHeader(additionalHeaders, header, _default) {\n        let clientHeader;\n        if (this.requestOptions && this.requestOptions.headers) {\n            const headerValue = lowercaseKeys(this.requestOptions.headers)[header];\n            if (headerValue) {\n                clientHeader =\n                    typeof headerValue === 'number' ? headerValue.toString() : headerValue;\n            }\n        }\n        const additionalValue = additionalHeaders[header];\n        if (additionalValue !== undefined) {\n            return typeof additionalValue === 'number'\n                ? additionalValue.toString()\n                : additionalValue;\n        }\n        if (clientHeader !== undefined) {\n            return clientHeader;\n        }\n        return _default;\n    }\n    /**\n     * Specialized version of _getExistingOrDefaultHeader for Content-Type header.\n     * Always returns a single string (not an array) since Content-Type should be a single value.\n     * Converts arrays to comma-separated strings and numbers to strings to ensure type safety.\n     * This was split from _getExistingOrDefaultHeader to provide stricter typing for callers\n     * that assign the result to places expecting a string (e.g., additionalHeaders[Headers.ContentType]).\n     */\n    _getExistingOrDefaultContentTypeHeader(additionalHeaders, _default) {\n        let clientHeader;\n        if (this.requestOptions && this.requestOptions.headers) {\n            const headerValue = lowercaseKeys(this.requestOptions.headers)[Headers.ContentType];\n            if (headerValue) {\n                if (typeof headerValue === 'number') {\n                    clientHeader = String(headerValue);\n                }\n                else if (Array.isArray(headerValue)) {\n                    clientHeader = headerValue.join(', ');\n                }\n                else {\n                    clientHeader = headerValue;\n                }\n            }\n        }\n        const additionalValue = additionalHeaders[Headers.ContentType];\n        // Return the first non-undefined value, converting numbers or arrays to strings if necessary\n        if (additionalValue !== undefined) {\n            if (typeof additionalValue === 'number') {\n                return String(additionalValue);\n            }\n            else if (Array.isArray(additionalValue)) {\n                return additionalValue.join(', ');\n            }\n            else {\n                return additionalValue;\n            }\n        }\n        if (clientHeader !== undefined) {\n            return clientHeader;\n        }\n        return _default;\n    }\n    _getAgent(parsedUrl) {\n        let agent;\n        const proxyUrl = pm.getProxyUrl(parsedUrl);\n        const useProxy = proxyUrl && proxyUrl.hostname;\n        if (this._keepAlive && useProxy) {\n            agent = this._proxyAgent;\n        }\n        if (!useProxy) {\n            agent = this._agent;\n        }\n        // if agent is already assigned use that agent.\n        if (agent) {\n            return agent;\n        }\n        const usingSsl = parsedUrl.protocol === 'https:';\n        let maxSockets = 100;\n        if (this.requestOptions) {\n            maxSockets = this.requestOptions.maxSockets || http.globalAgent.maxSockets;\n        }\n        // This is `useProxy` again, but we need to check `proxyURl` directly for TypeScripts's flow analysis.\n        if (proxyUrl && proxyUrl.hostname) {\n            const agentOptions = {\n                maxSockets,\n                keepAlive: this._keepAlive,\n                proxy: Object.assign(Object.assign({}, ((proxyUrl.username || proxyUrl.password) && {\n                    proxyAuth: `${proxyUrl.username}:${proxyUrl.password}`\n                })), { host: proxyUrl.hostname, port: proxyUrl.port })\n            };\n            let tunnelAgent;\n            const overHttps = proxyUrl.protocol === 'https:';\n            if (usingSsl) {\n                tunnelAgent = overHttps ? tunnel.httpsOverHttps : tunnel.httpsOverHttp;\n            }\n            else {\n                tunnelAgent = overHttps ? tunnel.httpOverHttps : tunnel.httpOverHttp;\n            }\n            agent = tunnelAgent(agentOptions);\n            this._proxyAgent = agent;\n        }\n        // if tunneling agent isn't assigned create a new agent\n        if (!agent) {\n            const options = { keepAlive: this._keepAlive, maxSockets };\n            agent = usingSsl ? new https.Agent(options) : new http.Agent(options);\n            this._agent = agent;\n        }\n        if (usingSsl && this._ignoreSslError) {\n            // we don't want to set NODE_TLS_REJECT_UNAUTHORIZED=0 since that will affect request for entire process\n            // http.RequestOptions doesn't expose a way to modify RequestOptions.agent.options\n            // we have to cast it to any and change it directly\n            agent.options = Object.assign(agent.options || {}, {\n                rejectUnauthorized: false\n            });\n        }\n        return agent;\n    }\n    _getProxyAgentDispatcher(parsedUrl, proxyUrl) {\n        let proxyAgent;\n        if (this._keepAlive) {\n            proxyAgent = this._proxyAgentDispatcher;\n        }\n        // if agent is already assigned use that agent.\n        if (proxyAgent) {\n            return proxyAgent;\n        }\n        const usingSsl = parsedUrl.protocol === 'https:';\n        proxyAgent = new undici_1.ProxyAgent(Object.assign({ uri: proxyUrl.href, pipelining: !this._keepAlive ? 0 : 1 }, ((proxyUrl.username || proxyUrl.password) && {\n            token: `Basic ${Buffer.from(`${proxyUrl.username}:${proxyUrl.password}`).toString('base64')}`\n        })));\n        this._proxyAgentDispatcher = proxyAgent;\n        if (usingSsl && this._ignoreSslError) {\n            // we don't want to set NODE_TLS_REJECT_UNAUTHORIZED=0 since that will affect request for entire process\n            // http.RequestOptions doesn't expose a way to modify RequestOptions.agent.options\n            // we have to cast it to any and change it directly\n            proxyAgent.options = Object.assign(proxyAgent.options.requestTls || {}, {\n                rejectUnauthorized: false\n            });\n        }\n        return proxyAgent;\n    }\n    _getUserAgentWithOrchestrationId(userAgent) {\n        const baseUserAgent = userAgent || 'actions/http-client';\n        const orchId = process.env['ACTIONS_ORCHESTRATION_ID'];\n        if (orchId) {\n            // Sanitize the orchestration ID to ensure it contains only valid characters\n            // Valid characters: 0-9, a-z, _, -, .\n            const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_');\n            return `${baseUserAgent} actions_orchestration_id/${sanitizedId}`;\n        }\n        return baseUserAgent;\n    }\n    _performExponentialBackoff(retryNumber) {\n        return __awaiter(this, void 0, void 0, function* () {\n            retryNumber = Math.min(ExponentialBackoffCeiling, retryNumber);\n            const ms = ExponentialBackoffTimeSlice * Math.pow(2, retryNumber);\n            return new Promise(resolve => setTimeout(() => resolve(), ms));\n        });\n    }\n    _processResponse(res, options) {\n        return __awaiter(this, void 0, void 0, function* () {\n            return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {\n                const statusCode = res.message.statusCode || 0;\n                const response = {\n                    statusCode,\n                    result: null,\n                    headers: {}\n                };\n                // not found leads to null obj returned\n                if (statusCode === HttpCodes.NotFound) {\n                    resolve(response);\n                }\n                // get the result from the body\n                function dateTimeDeserializer(key, value) {\n                    if (typeof value === 'string') {\n                        const a = new Date(value);\n                        if (!isNaN(a.valueOf())) {\n                            return a;\n                        }\n                    }\n                    return value;\n                }\n                let obj;\n                let contents;\n                try {\n                    contents = yield res.readBody();\n                    if (contents && contents.length > 0) {\n                        if (options && options.deserializeDates) {\n                            obj = JSON.parse(contents, dateTimeDeserializer);\n                        }\n                        else {\n                            obj = JSON.parse(contents);\n                        }\n                        response.result = obj;\n                    }\n                    response.headers = res.message.headers;\n                }\n                catch (err) {\n                    // Invalid resource (contents not json);  leaving result obj null\n                }\n                // note that 3xx redirects are handled by the http layer.\n                if (statusCode > 299) {\n                    let msg;\n                    // if exception/error in body, attempt to get better error\n                    if (obj && obj.message) {\n                        msg = obj.message;\n                    }\n                    else if (contents && contents.length > 0) {\n                        // it may be the case that the exception is in the body message as string\n                        msg = contents;\n                    }\n                    else {\n                        msg = `Failed request: (${statusCode})`;\n                    }\n                    const err = new HttpClientError(msg, statusCode);\n                    err.result = response.result;\n                    reject(err);\n                }\n                else {\n                    resolve(response);\n                }\n            }));\n        });\n    }\n}\nexports.HttpClient = HttpClient;\nconst lowercaseKeys = (obj) => Object.keys(obj).reduce((c, k) => ((c[k.toLowerCase()] = obj[k]), c), {});\n//# sourceMappingURL=index.js.map","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.getProxyUrl = getProxyUrl;\nexports.checkBypass = checkBypass;\nfunction getProxyUrl(reqUrl) {\n    const usingSsl = reqUrl.protocol === 'https:';\n    if (checkBypass(reqUrl)) {\n        return undefined;\n    }\n    const proxyVar = (() => {\n        if (usingSsl) {\n            return process.env['https_proxy'] || process.env['HTTPS_PROXY'];\n        }\n        else {\n            return process.env['http_proxy'] || process.env['HTTP_PROXY'];\n        }\n    })();\n    if (proxyVar) {\n        try {\n            return new DecodedURL(proxyVar);\n        }\n        catch (_a) {\n            if (!proxyVar.startsWith('http://') && !proxyVar.startsWith('https://'))\n                return new DecodedURL(`http://${proxyVar}`);\n        }\n    }\n    else {\n        return undefined;\n    }\n}\nfunction checkBypass(reqUrl) {\n    if (!reqUrl.hostname) {\n        return false;\n    }\n    const reqHost = reqUrl.hostname;\n    if (isLoopbackAddress(reqHost)) {\n        return true;\n    }\n    const noProxy = process.env['no_proxy'] || process.env['NO_PROXY'] || '';\n    if (!noProxy) {\n        return false;\n    }\n    // Determine the request port\n    let reqPort;\n    if (reqUrl.port) {\n        reqPort = Number(reqUrl.port);\n    }\n    else if (reqUrl.protocol === 'http:') {\n        reqPort = 80;\n    }\n    else if (reqUrl.protocol === 'https:') {\n        reqPort = 443;\n    }\n    // Format the request hostname and hostname with port\n    const upperReqHosts = [reqUrl.hostname.toUpperCase()];\n    if (typeof reqPort === 'number') {\n        upperReqHosts.push(`${upperReqHosts[0]}:${reqPort}`);\n    }\n    // Compare request host against noproxy\n    for (const upperNoProxyItem of noProxy\n        .split(',')\n        .map(x => x.trim().toUpperCase())\n        .filter(x => x)) {\n        if (upperNoProxyItem === '*' ||\n            upperReqHosts.some(x => x === upperNoProxyItem ||\n                x.endsWith(`.${upperNoProxyItem}`) ||\n                (upperNoProxyItem.startsWith('.') &&\n                    x.endsWith(`${upperNoProxyItem}`)))) {\n            return true;\n        }\n    }\n    return false;\n}\nfunction isLoopbackAddress(host) {\n    const hostLower = host.toLowerCase();\n    return (hostLower === 'localhost' ||\n        hostLower.startsWith('127.') ||\n        hostLower.startsWith('[::1]') ||\n        hostLower.startsWith('[0:0:0:0:0:0:0:1]'));\n}\nclass DecodedURL extends URL {\n    constructor(url, base) {\n        super(url, base);\n        this._decodedUsername = decodeURIComponent(super.username);\n        this._decodedPassword = decodeURIComponent(super.password);\n    }\n    get username() {\n        return this._decodedUsername;\n    }\n    get password() {\n        return this._decodedPassword;\n    }\n}\n//# sourceMappingURL=proxy.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nvar _a;\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.READONLY = exports.UV_FS_O_EXLOCK = exports.IS_WINDOWS = exports.unlink = exports.symlink = exports.stat = exports.rmdir = exports.rm = exports.rename = exports.readdir = exports.open = exports.mkdir = exports.lstat = exports.copyFile = exports.chmod = void 0;\nexports.readlink = readlink;\nexports.exists = exists;\nexports.isDirectory = isDirectory;\nexports.isRooted = isRooted;\nexports.tryGetExecutablePath = tryGetExecutablePath;\nexports.getCmdPath = getCmdPath;\nconst fs = __importStar(require(\"fs\"));\nconst path = __importStar(require(\"path\"));\n_a = fs.promises\n// export const {open} = 'fs'\n, exports.chmod = _a.chmod, exports.copyFile = _a.copyFile, exports.lstat = _a.lstat, exports.mkdir = _a.mkdir, exports.open = _a.open, exports.readdir = _a.readdir, exports.rename = _a.rename, exports.rm = _a.rm, exports.rmdir = _a.rmdir, exports.stat = _a.stat, exports.symlink = _a.symlink, exports.unlink = _a.unlink;\n// export const {open} = 'fs'\nexports.IS_WINDOWS = process.platform === 'win32';\n/**\n * Custom implementation of readlink to ensure Windows junctions\n * maintain trailing backslash for backward compatibility with Node.js < 24\n *\n * In Node.js 20, Windows junctions (directory symlinks) always returned paths\n * with trailing backslashes. Node.js 24 removed this behavior, which breaks\n * code that relied on this format for path operations.\n *\n * This implementation restores the Node 20 behavior by adding a trailing\n * backslash to all junction results on Windows.\n */\nfunction readlink(fsPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        const result = yield fs.promises.readlink(fsPath);\n        // On Windows, restore Node 20 behavior: add trailing backslash to all results\n        // since junctions on Windows are always directory links\n        if (exports.IS_WINDOWS && !result.endsWith('\\\\')) {\n            return `${result}\\\\`;\n        }\n        return result;\n    });\n}\n// See https://github.com/nodejs/node/blob/d0153aee367422d0858105abec186da4dff0a0c5/deps/uv/include/uv/win.h#L691\nexports.UV_FS_O_EXLOCK = 0x10000000;\nexports.READONLY = fs.constants.O_RDONLY;\nfunction exists(fsPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        try {\n            yield (0, exports.stat)(fsPath);\n        }\n        catch (err) {\n            if (err.code === 'ENOENT') {\n                return false;\n            }\n            throw err;\n        }\n        return true;\n    });\n}\nfunction isDirectory(fsPath_1) {\n    return __awaiter(this, arguments, void 0, function* (fsPath, useStat = false) {\n        const stats = useStat ? yield (0, exports.stat)(fsPath) : yield (0, exports.lstat)(fsPath);\n        return stats.isDirectory();\n    });\n}\n/**\n * On OSX/Linux, true if path starts with '/'. On Windows, true for paths like:\n * \\, \\hello, \\\\hello\\share, C:, and C:\\hello (and corresponding alternate separator cases).\n */\nfunction isRooted(p) {\n    p = normalizeSeparators(p);\n    if (!p) {\n        throw new Error('isRooted() parameter \"p\" cannot be empty');\n    }\n    if (exports.IS_WINDOWS) {\n        return (p.startsWith('\\\\') || /^[A-Z]:/i.test(p) // e.g. \\ or \\hello or \\\\hello\n        ); // e.g. C: or C:\\hello\n    }\n    return p.startsWith('/');\n}\n/**\n * Best effort attempt to determine whether a file exists and is executable.\n * @param filePath    file path to check\n * @param extensions  additional file extensions to try\n * @return if file exists and is executable, returns the file path. otherwise empty string.\n */\nfunction tryGetExecutablePath(filePath, extensions) {\n    return __awaiter(this, void 0, void 0, function* () {\n        let stats = undefined;\n        try {\n            // test file exists\n            stats = yield (0, exports.stat)(filePath);\n        }\n        catch (err) {\n            if (err.code !== 'ENOENT') {\n                // eslint-disable-next-line no-console\n                console.log(`Unexpected error attempting to determine if executable file exists '${filePath}': ${err}`);\n            }\n        }\n        if (stats && stats.isFile()) {\n            if (exports.IS_WINDOWS) {\n                // on Windows, test for valid extension\n                const upperExt = path.extname(filePath).toUpperCase();\n                if (extensions.some(validExt => validExt.toUpperCase() === upperExt)) {\n                    return filePath;\n                }\n            }\n            else {\n                if (isUnixExecutable(stats)) {\n                    return filePath;\n                }\n            }\n        }\n        // try each extension\n        const originalFilePath = filePath;\n        for (const extension of extensions) {\n            filePath = originalFilePath + extension;\n            stats = undefined;\n            try {\n                stats = yield (0, exports.stat)(filePath);\n            }\n            catch (err) {\n                if (err.code !== 'ENOENT') {\n                    // eslint-disable-next-line no-console\n                    console.log(`Unexpected error attempting to determine if executable file exists '${filePath}': ${err}`);\n                }\n            }\n            if (stats && stats.isFile()) {\n                if (exports.IS_WINDOWS) {\n                    // preserve the case of the actual file (since an extension was appended)\n                    try {\n                        const directory = path.dirname(filePath);\n                        const upperName = path.basename(filePath).toUpperCase();\n                        for (const actualName of yield (0, exports.readdir)(directory)) {\n                            if (upperName === actualName.toUpperCase()) {\n                                filePath = path.join(directory, actualName);\n                                break;\n                            }\n                        }\n                    }\n                    catch (err) {\n                        // eslint-disable-next-line no-console\n                        console.log(`Unexpected error attempting to determine the actual case of the file '${filePath}': ${err}`);\n                    }\n                    return filePath;\n                }\n                else {\n                    if (isUnixExecutable(stats)) {\n                        return filePath;\n                    }\n                }\n            }\n        }\n        return '';\n    });\n}\nfunction normalizeSeparators(p) {\n    p = p || '';\n    if (exports.IS_WINDOWS) {\n        // convert slashes on Windows\n        p = p.replace(/\\//g, '\\\\');\n        // remove redundant slashes\n        return p.replace(/\\\\\\\\+/g, '\\\\');\n    }\n    // remove redundant slashes\n    return p.replace(/\\/\\/+/g, '/');\n}\n// on Mac/Linux, test the execute bit\n//     R   W  X  R  W X R W X\n//   256 128 64 32 16 8 4 2 1\nfunction isUnixExecutable(stats) {\n    return ((stats.mode & 1) > 0 ||\n        ((stats.mode & 8) > 0 &&\n            process.getgid !== undefined &&\n            stats.gid === process.getgid()) ||\n        ((stats.mode & 64) > 0 &&\n            process.getuid !== undefined &&\n            stats.uid === process.getuid()));\n}\n// Get the path of cmd.exe in windows\nfunction getCmdPath() {\n    var _a;\n    return (_a = process.env['COMSPEC']) !== null && _a !== void 0 ? _a : `cmd.exe`;\n}\n//# sourceMappingURL=io-util.js.map","\"use strict\";\nvar __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    var desc = Object.getOwnPropertyDescriptor(m, k);\n    if (!desc || (\"get\" in desc ? !m.__esModule : desc.writable || desc.configurable)) {\n      desc = { enumerable: true, get: function() { return m[k]; } };\n    }\n    Object.defineProperty(o, k2, desc);\n}) : (function(o, m, k, k2) {\n    if (k2 === undefined) k2 = k;\n    o[k2] = m[k];\n}));\nvar __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {\n    Object.defineProperty(o, \"default\", { enumerable: true, value: v });\n}) : function(o, v) {\n    o[\"default\"] = v;\n});\nvar __importStar = (this && this.__importStar) || (function () {\n    var ownKeys = function(o) {\n        ownKeys = Object.getOwnPropertyNames || function (o) {\n            var ar = [];\n            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;\n            return ar;\n        };\n        return ownKeys(o);\n    };\n    return function (mod) {\n        if (mod && mod.__esModule) return mod;\n        var result = {};\n        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== \"default\") __createBinding(result, mod, k[i]);\n        __setModuleDefault(result, mod);\n        return result;\n    };\n})();\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n    return new (P || (P = Promise))(function (resolve, reject) {\n        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n        function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n        step((generator = generator.apply(thisArg, _arguments || [])).next());\n    });\n};\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.cp = cp;\nexports.mv = mv;\nexports.rmRF = rmRF;\nexports.mkdirP = mkdirP;\nexports.which = which;\nexports.findInPath = findInPath;\nconst assert_1 = require(\"assert\");\nconst path = __importStar(require(\"path\"));\nconst ioUtil = __importStar(require(\"./io-util\"));\n/**\n * Copies a file or folder.\n * Based off of shelljs - https://github.com/shelljs/shelljs/blob/9237f66c52e5daa40458f94f9565e18e8132f5a6/src/cp.js\n *\n * @param     source    source path\n * @param     dest      destination path\n * @param     options   optional. See CopyOptions.\n */\nfunction cp(source_1, dest_1) {\n    return __awaiter(this, arguments, void 0, function* (source, dest, options = {}) {\n        const { force, recursive, copySourceDirectory } = readCopyOptions(options);\n        const destStat = (yield ioUtil.exists(dest)) ? yield ioUtil.stat(dest) : null;\n        // Dest is an existing file, but not forcing\n        if (destStat && destStat.isFile() && !force) {\n            return;\n        }\n        // If dest is an existing directory, should copy inside.\n        const newDest = destStat && destStat.isDirectory() && copySourceDirectory\n            ? path.join(dest, path.basename(source))\n            : dest;\n        if (!(yield ioUtil.exists(source))) {\n            throw new Error(`no such file or directory: ${source}`);\n        }\n        const sourceStat = yield ioUtil.stat(source);\n        if (sourceStat.isDirectory()) {\n            if (!recursive) {\n                throw new Error(`Failed to copy. ${source} is a directory, but tried to copy without recursive flag.`);\n            }\n            else {\n                yield cpDirRecursive(source, newDest, 0, force);\n            }\n        }\n        else {\n            if (path.relative(source, newDest) === '') {\n                // a file cannot be copied to itself\n                throw new Error(`'${newDest}' and '${source}' are the same file`);\n            }\n            yield copyFile(source, newDest, force);\n        }\n    });\n}\n/**\n * Moves a path.\n *\n * @param     source    source path\n * @param     dest      destination path\n * @param     options   optional. See MoveOptions.\n */\nfunction mv(source_1, dest_1) {\n    return __awaiter(this, arguments, void 0, function* (source, dest, options = {}) {\n        if (yield ioUtil.exists(dest)) {\n            let destExists = true;\n            if (yield ioUtil.isDirectory(dest)) {\n                // If dest is directory copy src into dest\n                dest = path.join(dest, path.basename(source));\n                destExists = yield ioUtil.exists(dest);\n            }\n            if (destExists) {\n                if (options.force == null || options.force) {\n                    yield rmRF(dest);\n                }\n                else {\n                    throw new Error('Destination already exists');\n                }\n            }\n        }\n        yield mkdirP(path.dirname(dest));\n        yield ioUtil.rename(source, dest);\n    });\n}\n/**\n * Remove a path recursively with force\n *\n * @param inputPath path to remove\n */\nfunction rmRF(inputPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (ioUtil.IS_WINDOWS) {\n            // Check for invalid characters\n            // https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file\n            if (/[*\"<>|]/.test(inputPath)) {\n                throw new Error('File path must not contain `*`, `\"`, `<`, `>` or `|` on Windows');\n            }\n        }\n        try {\n            // note if path does not exist, error is silent\n            yield ioUtil.rm(inputPath, {\n                force: true,\n                maxRetries: 3,\n                recursive: true,\n                retryDelay: 300\n            });\n        }\n        catch (err) {\n            throw new Error(`File was unable to be removed ${err}`);\n        }\n    });\n}\n/**\n * Make a directory.  Creates the full path with folders in between\n * Will throw if it fails\n *\n * @param   fsPath        path to create\n * @returns Promise<void>\n */\nfunction mkdirP(fsPath) {\n    return __awaiter(this, void 0, void 0, function* () {\n        (0, assert_1.ok)(fsPath, 'a path argument must be provided');\n        yield ioUtil.mkdir(fsPath, { recursive: true });\n    });\n}\n/**\n * Returns path of a tool had the tool actually been invoked.  Resolves via paths.\n * If you check and the tool does not exist, it will throw.\n *\n * @param     tool              name of the tool\n * @param     check             whether to check if tool exists\n * @returns   Promise<string>   path to tool\n */\nfunction which(tool, check) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!tool) {\n            throw new Error(\"parameter 'tool' is required\");\n        }\n        // recursive when check=true\n        if (check) {\n            const result = yield which(tool, false);\n            if (!result) {\n                if (ioUtil.IS_WINDOWS) {\n                    throw new Error(`Unable to locate executable file: ${tool}. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also verify the file has a valid extension for an executable file.`);\n                }\n                else {\n                    throw new Error(`Unable to locate executable file: ${tool}. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.`);\n                }\n            }\n            return result;\n        }\n        const matches = yield findInPath(tool);\n        if (matches && matches.length > 0) {\n            return matches[0];\n        }\n        return '';\n    });\n}\n/**\n * Returns a list of all occurrences of the given tool on the system path.\n *\n * @returns   Promise<string[]>  the paths of the tool\n */\nfunction findInPath(tool) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if (!tool) {\n            throw new Error(\"parameter 'tool' is required\");\n        }\n        // build the list of extensions to try\n        const extensions = [];\n        if (ioUtil.IS_WINDOWS && process.env['PATHEXT']) {\n            for (const extension of process.env['PATHEXT'].split(path.delimiter)) {\n                if (extension) {\n                    extensions.push(extension);\n                }\n            }\n        }\n        // if it's rooted, return it if exists. otherwise return empty.\n        if (ioUtil.isRooted(tool)) {\n            const filePath = yield ioUtil.tryGetExecutablePath(tool, extensions);\n            if (filePath) {\n                return [filePath];\n            }\n            return [];\n        }\n        // if any path separators, return empty\n        if (tool.includes(path.sep)) {\n            return [];\n        }\n        // build the list of directories\n        //\n        // Note, technically \"where\" checks the current directory on Windows. From a toolkit perspective,\n        // it feels like we should not do this. Checking the current directory seems like more of a use\n        // case of a shell, and the which() function exposed by the toolkit should strive for consistency\n        // across platforms.\n        const directories = [];\n        if (process.env.PATH) {\n            for (const p of process.env.PATH.split(path.delimiter)) {\n                if (p) {\n                    directories.push(p);\n                }\n            }\n        }\n        // find all matches\n        const matches = [];\n        for (const directory of directories) {\n            const filePath = yield ioUtil.tryGetExecutablePath(path.join(directory, tool), extensions);\n            if (filePath) {\n                matches.push(filePath);\n            }\n        }\n        return matches;\n    });\n}\nfunction readCopyOptions(options) {\n    const force = options.force == null ? true : options.force;\n    const recursive = Boolean(options.recursive);\n    const copySourceDirectory = options.copySourceDirectory == null\n        ? true\n        : Boolean(options.copySourceDirectory);\n    return { force, recursive, copySourceDirectory };\n}\nfunction cpDirRecursive(sourceDir, destDir, currentDepth, force) {\n    return __awaiter(this, void 0, void 0, function* () {\n        // Ensure there is not a run away recursive copy\n        if (currentDepth >= 255)\n            return;\n        currentDepth++;\n        yield mkdirP(destDir);\n        const files = yield ioUtil.readdir(sourceDir);\n        for (const fileName of files) {\n            const srcFile = `${sourceDir}/${fileName}`;\n            const destFile = `${destDir}/${fileName}`;\n            const srcFileStat = yield ioUtil.lstat(srcFile);\n            if (srcFileStat.isDirectory()) {\n                // Recurse\n                yield cpDirRecursive(srcFile, destFile, currentDepth, force);\n            }\n            else {\n                yield copyFile(srcFile, destFile, force);\n            }\n        }\n        // Change the mode for the newly created directory\n        yield ioUtil.chmod(destDir, (yield ioUtil.stat(sourceDir)).mode);\n    });\n}\n// Buffered file copy\nfunction copyFile(srcFile, destFile, force) {\n    return __awaiter(this, void 0, void 0, function* () {\n        if ((yield ioUtil.lstat(srcFile)).isSymbolicLink()) {\n            // unlink/re-link it\n            try {\n                yield ioUtil.lstat(destFile);\n                yield ioUtil.unlink(destFile);\n            }\n            catch (e) {\n                // Try to override file permission\n                if (e.code === 'EPERM') {\n                    yield ioUtil.chmod(destFile, '0666');\n                    yield ioUtil.unlink(destFile);\n                }\n                // other errors = it doesn't exist, no work to do\n            }\n            // Copy over symlink\n            const symlinkFull = yield ioUtil.readlink(srcFile);\n            yield ioUtil.symlink(symlinkFull, destFile, ioUtil.IS_WINDOWS ? 'junction' : null);\n        }\n        else if (!(yield ioUtil.exists(destFile)) || force) {\n            yield ioUtil.copyFile(srcFile, destFile);\n        }\n    });\n}\n//# sourceMappingURL=io.js.map","'use strict'\n\n/**\n * Ponyfill for `Array.prototype.find` which is only available in ES6 runtimes.\n *\n * Works with anything that has a `length` property and index access properties, including NodeList.\n *\n * @template {unknown} T\n * @param {Array<T> | ({length:number, [number]: T})} list\n * @param {function (item: T, index: number, list:Array<T> | ({length:number, [number]: T})):boolean} predicate\n * @param {Partial<Pick<ArrayConstructor['prototype'], 'find'>>?} ac `Array.prototype` by default,\n * \t\t\t\tallows injecting a custom implementation in tests\n * @returns {T | undefined}\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/find\n * @see https://tc39.es/ecma262/multipage/indexed-collections.html#sec-array.prototype.find\n */\nfunction find(list, predicate, ac) {\n\tif (ac === undefined) {\n\t\tac = Array.prototype;\n\t}\n\tif (list && typeof ac.find === 'function') {\n\t\treturn ac.find.call(list, predicate);\n\t}\n\tfor (var i = 0; i < list.length; i++) {\n\t\tif (Object.prototype.hasOwnProperty.call(list, i)) {\n\t\t\tvar item = list[i];\n\t\t\tif (predicate.call(undefined, item, i, list)) {\n\t\t\t\treturn item;\n\t\t\t}\n\t\t}\n\t}\n}\n\n/**\n * \"Shallow freezes\" an object to render it immutable.\n * Uses `Object.freeze` if available,\n * otherwise the immutability is only in the type.\n *\n * Is used to create \"enum like\" objects.\n *\n * @template T\n * @param {T} object the object to freeze\n * @param {Pick<ObjectConstructor, 'freeze'> = Object} oc `Object` by default,\n * \t\t\t\tallows to inject custom object constructor for tests\n * @returns {Readonly<T>}\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/freeze\n */\nfunction freeze(object, oc) {\n\tif (oc === undefined) {\n\t\toc = Object\n\t}\n\treturn oc && typeof oc.freeze === 'function' ? oc.freeze(object) : object\n}\n\n/**\n * Since we can not rely on `Object.assign` we provide a simplified version\n * that is sufficient for our needs.\n *\n * @param {Object} target\n * @param {Object | null | undefined} source\n *\n * @returns {Object} target\n * @throws TypeError if target is not an object\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/assign\n * @see https://tc39.es/ecma262/multipage/fundamental-objects.html#sec-object.assign\n */\nfunction assign(target, source) {\n\tif (target === null || typeof target !== 'object') {\n\t\tthrow new TypeError('target is not an object')\n\t}\n\tfor (var key in source) {\n\t\tif (Object.prototype.hasOwnProperty.call(source, key)) {\n\t\t\ttarget[key] = source[key]\n\t\t}\n\t}\n\treturn target\n}\n\n/**\n * All mime types that are allowed as input to `DOMParser.parseFromString`\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMParser/parseFromString#Argument02 MDN\n * @see https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#domparsersupportedtype WHATWG HTML Spec\n * @see DOMParser.prototype.parseFromString\n */\nvar MIME_TYPE = freeze({\n\t/**\n\t * `text/html`, the only mime type that triggers treating an XML document as HTML.\n\t *\n\t * @see DOMParser.SupportedType.isHTML\n\t * @see https://www.iana.org/assignments/media-types/text/html IANA MimeType registration\n\t * @see https://en.wikipedia.org/wiki/HTML Wikipedia\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMParser/parseFromString MDN\n\t * @see https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-domparser-parsefromstring WHATWG HTML Spec\n\t */\n\tHTML: 'text/html',\n\n\t/**\n\t * Helper method to check a mime type if it indicates an HTML document\n\t *\n\t * @param {string} [value]\n\t * @returns {boolean}\n\t *\n\t * @see https://www.iana.org/assignments/media-types/text/html IANA MimeType registration\n\t * @see https://en.wikipedia.org/wiki/HTML Wikipedia\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMParser/parseFromString MDN\n\t * @see https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-domparser-parsefromstring \t */\n\tisHTML: function (value) {\n\t\treturn value === MIME_TYPE.HTML\n\t},\n\n\t/**\n\t * `application/xml`, the standard mime type for XML documents.\n\t *\n\t * @see https://www.iana.org/assignments/media-types/application/xml IANA MimeType registration\n\t * @see https://tools.ietf.org/html/rfc7303#section-9.1 RFC 7303\n\t * @see https://en.wikipedia.org/wiki/XML_and_MIME Wikipedia\n\t */\n\tXML_APPLICATION: 'application/xml',\n\n\t/**\n\t * `text/html`, an alias for `application/xml`.\n\t *\n\t * @see https://tools.ietf.org/html/rfc7303#section-9.2 RFC 7303\n\t * @see https://www.iana.org/assignments/media-types/text/xml IANA MimeType registration\n\t * @see https://en.wikipedia.org/wiki/XML_and_MIME Wikipedia\n\t */\n\tXML_TEXT: 'text/xml',\n\n\t/**\n\t * `application/xhtml+xml`, indicates an XML document that has the default HTML namespace,\n\t * but is parsed as an XML document.\n\t *\n\t * @see https://www.iana.org/assignments/media-types/application/xhtml+xml IANA MimeType registration\n\t * @see https://dom.spec.whatwg.org/#dom-domimplementation-createdocument WHATWG DOM Spec\n\t * @see https://en.wikipedia.org/wiki/XHTML Wikipedia\n\t */\n\tXML_XHTML_APPLICATION: 'application/xhtml+xml',\n\n\t/**\n\t * `image/svg+xml`,\n\t *\n\t * @see https://www.iana.org/assignments/media-types/image/svg+xml IANA MimeType registration\n\t * @see https://www.w3.org/TR/SVG11/ W3C SVG 1.1\n\t * @see https://en.wikipedia.org/wiki/Scalable_Vector_Graphics Wikipedia\n\t */\n\tXML_SVG_IMAGE: 'image/svg+xml',\n})\n\n/**\n * Namespaces that are used in this code base.\n *\n * @see http://www.w3.org/TR/REC-xml-names\n */\nvar NAMESPACE = freeze({\n\t/**\n\t * The XHTML namespace.\n\t *\n\t * @see http://www.w3.org/1999/xhtml\n\t */\n\tHTML: 'http://www.w3.org/1999/xhtml',\n\n\t/**\n\t * Checks if `uri` equals `NAMESPACE.HTML`.\n\t *\n\t * @param {string} [uri]\n\t *\n\t * @see NAMESPACE.HTML\n\t */\n\tisHTML: function (uri) {\n\t\treturn uri === NAMESPACE.HTML\n\t},\n\n\t/**\n\t * The SVG namespace.\n\t *\n\t * @see http://www.w3.org/2000/svg\n\t */\n\tSVG: 'http://www.w3.org/2000/svg',\n\n\t/**\n\t * The `xml:` namespace.\n\t *\n\t * @see http://www.w3.org/XML/1998/namespace\n\t */\n\tXML: 'http://www.w3.org/XML/1998/namespace',\n\n\t/**\n\t * The `xmlns:` namespace\n\t *\n\t * @see https://www.w3.org/2000/xmlns/\n\t */\n\tXMLNS: 'http://www.w3.org/2000/xmlns/',\n})\n\nexports.assign = assign;\nexports.find = find;\nexports.freeze = freeze;\nexports.MIME_TYPE = MIME_TYPE;\nexports.NAMESPACE = NAMESPACE;\n","var conventions = require(\"./conventions\");\nvar dom = require('./dom')\nvar entities = require('./entities');\nvar sax = require('./sax');\n\nvar DOMImplementation = dom.DOMImplementation;\n\nvar NAMESPACE = conventions.NAMESPACE;\n\nvar ParseError = sax.ParseError;\nvar XMLReader = sax.XMLReader;\n\n/**\n * Normalizes line ending according to https://www.w3.org/TR/xml11/#sec-line-ends:\n *\n * > XML parsed entities are often stored in computer files which,\n * > for editing convenience, are organized into lines.\n * > These lines are typically separated by some combination\n * > of the characters CARRIAGE RETURN (#xD) and LINE FEED (#xA).\n * >\n * > To simplify the tasks of applications, the XML processor must behave\n * > as if it normalized all line breaks in external parsed entities (including the document entity)\n * > on input, before parsing, by translating all of the following to a single #xA character:\n * >\n * > 1. the two-character sequence #xD #xA\n * > 2. the two-character sequence #xD #x85\n * > 3. the single character #x85\n * > 4. the single character #x2028\n * > 5. any #xD character that is not immediately followed by #xA or #x85.\n *\n * @param {string} input\n * @returns {string}\n */\nfunction normalizeLineEndings(input) {\n\treturn input\n\t\t.replace(/\\r[\\n\\u0085]/g, '\\n')\n\t\t.replace(/[\\r\\u0085\\u2028]/g, '\\n')\n}\n\n/**\n * @typedef Locator\n * @property {number} [columnNumber]\n * @property {number} [lineNumber]\n */\n\n/**\n * @typedef DOMParserOptions\n * @property {DOMHandler} [domBuilder]\n * @property {Function} [errorHandler]\n * @property {(string) => string} [normalizeLineEndings] used to replace line endings before parsing\n * \t\t\t\t\t\tdefaults to `normalizeLineEndings`\n * @property {Locator} [locator]\n * @property {Record<string, string>} [xmlns]\n *\n * @see normalizeLineEndings\n */\n\n/**\n * The DOMParser interface provides the ability to parse XML or HTML source code\n * from a string into a DOM `Document`.\n *\n * _xmldom is different from the spec in that it allows an `options` parameter,\n * to override the default behavior._\n *\n * @param {DOMParserOptions} [options]\n * @constructor\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMParser\n * @see https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-parsing-and-serialization\n */\nfunction DOMParser(options){\n\tthis.options = options ||{locator:{}};\n}\n\nDOMParser.prototype.parseFromString = function(source,mimeType){\n\tvar options = this.options;\n\tvar sax =  new XMLReader();\n\tvar domBuilder = options.domBuilder || new DOMHandler();//contentHandler and LexicalHandler\n\tvar errorHandler = options.errorHandler;\n\tvar locator = options.locator;\n\tvar defaultNSMap = options.xmlns||{};\n\tvar isHTML = /\\/x?html?$/.test(mimeType);//mimeType.toLowerCase().indexOf('html') > -1;\n  \tvar entityMap = isHTML ? entities.HTML_ENTITIES : entities.XML_ENTITIES;\n\tif(locator){\n\t\tdomBuilder.setDocumentLocator(locator)\n\t}\n\n\tsax.errorHandler = buildErrorHandler(errorHandler,domBuilder,locator);\n\tsax.domBuilder = options.domBuilder || domBuilder;\n\tif(isHTML){\n\t\tdefaultNSMap[''] = NAMESPACE.HTML;\n\t}\n\tdefaultNSMap.xml = defaultNSMap.xml || NAMESPACE.XML;\n\tvar normalize = options.normalizeLineEndings || normalizeLineEndings;\n\tif (source && typeof source === 'string') {\n\t\tsax.parse(\n\t\t\tnormalize(source),\n\t\t\tdefaultNSMap,\n\t\t\tentityMap\n\t\t)\n\t} else {\n\t\tsax.errorHandler.error('invalid doc source')\n\t}\n\treturn domBuilder.doc;\n}\nfunction buildErrorHandler(errorImpl,domBuilder,locator){\n\tif(!errorImpl){\n\t\tif(domBuilder instanceof DOMHandler){\n\t\t\treturn domBuilder;\n\t\t}\n\t\terrorImpl = domBuilder ;\n\t}\n\tvar errorHandler = {}\n\tvar isCallback = errorImpl instanceof Function;\n\tlocator = locator||{}\n\tfunction build(key){\n\t\tvar fn = errorImpl[key];\n\t\tif(!fn && isCallback){\n\t\t\tfn = errorImpl.length == 2?function(msg){errorImpl(key,msg)}:errorImpl;\n\t\t}\n\t\terrorHandler[key] = fn && function(msg){\n\t\t\tfn('[xmldom '+key+']\\t'+msg+_locator(locator));\n\t\t}||function(){};\n\t}\n\tbuild('warning');\n\tbuild('error');\n\tbuild('fatalError');\n\treturn errorHandler;\n}\n\n//console.log('#\\n\\n\\n\\n\\n\\n\\n####')\n/**\n * +ContentHandler+ErrorHandler\n * +LexicalHandler+EntityResolver2\n * -DeclHandler-DTDHandler\n *\n * DefaultHandler:EntityResolver, DTDHandler, ContentHandler, ErrorHandler\n * DefaultHandler2:DefaultHandler,LexicalHandler, DeclHandler, EntityResolver2\n * @link http://www.saxproject.org/apidoc/org/xml/sax/helpers/DefaultHandler.html\n */\nfunction DOMHandler() {\n    this.cdata = false;\n}\nfunction position(locator,node){\n\tnode.lineNumber = locator.lineNumber;\n\tnode.columnNumber = locator.columnNumber;\n}\n/**\n * @see org.xml.sax.ContentHandler#startDocument\n * @link http://www.saxproject.org/apidoc/org/xml/sax/ContentHandler.html\n */\nDOMHandler.prototype = {\n\tstartDocument : function() {\n    \tthis.doc = new DOMImplementation().createDocument(null, null, null);\n    \tif (this.locator) {\n        \tthis.doc.documentURI = this.locator.systemId;\n    \t}\n\t},\n\tstartElement:function(namespaceURI, localName, qName, attrs) {\n\t\tvar doc = this.doc;\n\t    var el = doc.createElementNS(namespaceURI, qName||localName);\n\t    var len = attrs.length;\n\t    appendElement(this, el);\n\t    this.currentElement = el;\n\n\t\tthis.locator && position(this.locator,el)\n\t    for (var i = 0 ; i < len; i++) {\n\t        var namespaceURI = attrs.getURI(i);\n\t        var value = attrs.getValue(i);\n\t        var qName = attrs.getQName(i);\n\t\t\tvar attr = doc.createAttributeNS(namespaceURI, qName);\n\t\t\tthis.locator &&position(attrs.getLocator(i),attr);\n\t\t\tattr.value = attr.nodeValue = value;\n\t\t\tel.setAttributeNode(attr)\n\t    }\n\t},\n\tendElement:function(namespaceURI, localName, qName) {\n\t\tvar current = this.currentElement\n\t\tvar tagName = current.tagName;\n\t\tthis.currentElement = current.parentNode;\n\t},\n\tstartPrefixMapping:function(prefix, uri) {\n\t},\n\tendPrefixMapping:function(prefix) {\n\t},\n\tprocessingInstruction:function(target, data) {\n\t    var ins = this.doc.createProcessingInstruction(target, data);\n\t    this.locator && position(this.locator,ins)\n\t    appendElement(this, ins);\n\t},\n\tignorableWhitespace:function(ch, start, length) {\n\t},\n\tcharacters:function(chars, start, length) {\n\t\tchars = _toString.apply(this,arguments)\n\t\t//console.log(chars)\n\t\tif(chars){\n\t\t\tif (this.cdata) {\n\t\t\t\tvar charNode = this.doc.createCDATASection(chars);\n\t\t\t} else {\n\t\t\t\tvar charNode = this.doc.createTextNode(chars);\n\t\t\t}\n\t\t\tif(this.currentElement){\n\t\t\t\tthis.currentElement.appendChild(charNode);\n\t\t\t}else if(/^\\s*$/.test(chars)){\n\t\t\t\tthis.doc.appendChild(charNode);\n\t\t\t\t//process xml\n\t\t\t}\n\t\t\tthis.locator && position(this.locator,charNode)\n\t\t}\n\t},\n\tskippedEntity:function(name) {\n\t},\n\tendDocument:function() {\n\t\tthis.doc.normalize();\n\t},\n\tsetDocumentLocator:function (locator) {\n\t    if(this.locator = locator){// && !('lineNumber' in locator)){\n\t    \tlocator.lineNumber = 0;\n\t    }\n\t},\n\t//LexicalHandler\n\tcomment:function(chars, start, length) {\n\t\tchars = _toString.apply(this,arguments)\n\t    var comm = this.doc.createComment(chars);\n\t    this.locator && position(this.locator,comm)\n\t    appendElement(this, comm);\n\t},\n\n\tstartCDATA:function() {\n\t    //used in characters() methods\n\t    this.cdata = true;\n\t},\n\tendCDATA:function() {\n\t    this.cdata = false;\n\t},\n\n\tstartDTD:function(name, publicId, systemId) {\n\t\tvar impl = this.doc.implementation;\n\t    if (impl && impl.createDocumentType) {\n\t        var dt = impl.createDocumentType(name, publicId, systemId);\n\t        this.locator && position(this.locator,dt)\n\t        appendElement(this, dt);\n\t\t\t\t\tthis.doc.doctype = dt;\n\t    }\n\t},\n\t/**\n\t * @see org.xml.sax.ErrorHandler\n\t * @link http://www.saxproject.org/apidoc/org/xml/sax/ErrorHandler.html\n\t */\n\twarning:function(error) {\n\t\tconsole.warn('[xmldom warning]\\t'+error,_locator(this.locator));\n\t},\n\terror:function(error) {\n\t\tconsole.error('[xmldom error]\\t'+error,_locator(this.locator));\n\t},\n\tfatalError:function(error) {\n\t\tthrow new ParseError(error, this.locator);\n\t}\n}\nfunction _locator(l){\n\tif(l){\n\t\treturn '\\n@'+(l.systemId ||'')+'#[line:'+l.lineNumber+',col:'+l.columnNumber+']'\n\t}\n}\nfunction _toString(chars,start,length){\n\tif(typeof chars == 'string'){\n\t\treturn chars.substr(start,length)\n\t}else{//java sax connect width xmldom on rhino(what about: \"? && !(chars instanceof String)\")\n\t\tif(chars.length >= start+length || start){\n\t\t\treturn new java.lang.String(chars,start,length)+'';\n\t\t}\n\t\treturn chars;\n\t}\n}\n\n/*\n * @link http://www.saxproject.org/apidoc/org/xml/sax/ext/LexicalHandler.html\n * used method of org.xml.sax.ext.LexicalHandler:\n *  #comment(chars, start, length)\n *  #startCDATA()\n *  #endCDATA()\n *  #startDTD(name, publicId, systemId)\n *\n *\n * IGNORED method of org.xml.sax.ext.LexicalHandler:\n *  #endDTD()\n *  #startEntity(name)\n *  #endEntity(name)\n *\n *\n * @link http://www.saxproject.org/apidoc/org/xml/sax/ext/DeclHandler.html\n * IGNORED method of org.xml.sax.ext.DeclHandler\n * \t#attributeDecl(eName, aName, type, mode, value)\n *  #elementDecl(name, model)\n *  #externalEntityDecl(name, publicId, systemId)\n *  #internalEntityDecl(name, value)\n * @link http://www.saxproject.org/apidoc/org/xml/sax/ext/EntityResolver2.html\n * IGNORED method of org.xml.sax.EntityResolver2\n *  #resolveEntity(String name,String publicId,String baseURI,String systemId)\n *  #resolveEntity(publicId, systemId)\n *  #getExternalSubset(name, baseURI)\n * @link http://www.saxproject.org/apidoc/org/xml/sax/DTDHandler.html\n * IGNORED method of org.xml.sax.DTDHandler\n *  #notationDecl(name, publicId, systemId) {};\n *  #unparsedEntityDecl(name, publicId, systemId, notationName) {};\n */\n\"endDTD,startEntity,endEntity,attributeDecl,elementDecl,externalEntityDecl,internalEntityDecl,resolveEntity,getExternalSubset,notationDecl,unparsedEntityDecl\".replace(/\\w+/g,function(key){\n\tDOMHandler.prototype[key] = function(){return null}\n})\n\n/* Private static helpers treated below as private instance methods, so don't need to add these to the public API; we might use a Relator to also get rid of non-standard public properties */\nfunction appendElement (hander,node) {\n    if (!hander.currentElement) {\n        hander.doc.appendChild(node);\n    } else {\n        hander.currentElement.appendChild(node);\n    }\n}//appendChild and setAttributeNS are preformance key\n\nexports.__DOMHandler = DOMHandler;\nexports.normalizeLineEndings = normalizeLineEndings;\nexports.DOMParser = DOMParser;\n","var conventions = require(\"./conventions\");\n\nvar find = conventions.find;\nvar NAMESPACE = conventions.NAMESPACE;\n\n/**\n * A prerequisite for `[].filter`, to drop elements that are empty\n * @param {string} input\n * @returns {boolean}\n */\nfunction notEmptyString (input) {\n\treturn input !== ''\n}\n/**\n * @see https://infra.spec.whatwg.org/#split-on-ascii-whitespace\n * @see https://infra.spec.whatwg.org/#ascii-whitespace\n *\n * @param {string} input\n * @returns {string[]} (can be empty)\n */\nfunction splitOnASCIIWhitespace(input) {\n\t// U+0009 TAB, U+000A LF, U+000C FF, U+000D CR, U+0020 SPACE\n\treturn input ? input.split(/[\\t\\n\\f\\r ]+/).filter(notEmptyString) : []\n}\n\n/**\n * Adds element as a key to current if it is not already present.\n *\n * @param {Record<string, boolean | undefined>} current\n * @param {string} element\n * @returns {Record<string, boolean | undefined>}\n */\nfunction orderedSetReducer (current, element) {\n\tif (!current.hasOwnProperty(element)) {\n\t\tcurrent[element] = true;\n\t}\n\treturn current;\n}\n\n/**\n * @see https://infra.spec.whatwg.org/#ordered-set\n * @param {string} input\n * @returns {string[]}\n */\nfunction toOrderedSet(input) {\n\tif (!input) return [];\n\tvar list = splitOnASCIIWhitespace(input);\n\treturn Object.keys(list.reduce(orderedSetReducer, {}))\n}\n\n/**\n * Uses `list.indexOf` to implement something like `Array.prototype.includes`,\n * which we can not rely on being available.\n *\n * @param {any[]} list\n * @returns {function(any): boolean}\n */\nfunction arrayIncludes (list) {\n\treturn function(element) {\n\t\treturn list && list.indexOf(element) !== -1;\n\t}\n}\n\nfunction copy(src,dest){\n\tfor(var p in src){\n\t\tif (Object.prototype.hasOwnProperty.call(src, p)) {\n\t\t\tdest[p] = src[p];\n\t\t}\n\t}\n}\n\n/**\n^\\w+\\.prototype\\.([_\\w]+)\\s*=\\s*((?:.*\\{\\s*?[\\r\\n][\\s\\S]*?^})|\\S.*?(?=[;\\r\\n]));?\n^\\w+\\.prototype\\.([_\\w]+)\\s*=\\s*(\\S.*?(?=[;\\r\\n]));?\n */\nfunction _extends(Class,Super){\n\tvar pt = Class.prototype;\n\tif(!(pt instanceof Super)){\n\t\tfunction t(){};\n\t\tt.prototype = Super.prototype;\n\t\tt = new t();\n\t\tcopy(pt,t);\n\t\tClass.prototype = pt = t;\n\t}\n\tif(pt.constructor != Class){\n\t\tif(typeof Class != 'function'){\n\t\t\tconsole.error(\"unknown Class:\"+Class)\n\t\t}\n\t\tpt.constructor = Class\n\t}\n}\n\n// Node Types\nvar NodeType = {}\nvar ELEMENT_NODE                = NodeType.ELEMENT_NODE                = 1;\nvar ATTRIBUTE_NODE              = NodeType.ATTRIBUTE_NODE              = 2;\nvar TEXT_NODE                   = NodeType.TEXT_NODE                   = 3;\nvar CDATA_SECTION_NODE          = NodeType.CDATA_SECTION_NODE          = 4;\nvar ENTITY_REFERENCE_NODE       = NodeType.ENTITY_REFERENCE_NODE       = 5;\nvar ENTITY_NODE                 = NodeType.ENTITY_NODE                 = 6;\nvar PROCESSING_INSTRUCTION_NODE = NodeType.PROCESSING_INSTRUCTION_NODE = 7;\nvar COMMENT_NODE                = NodeType.COMMENT_NODE                = 8;\nvar DOCUMENT_NODE               = NodeType.DOCUMENT_NODE               = 9;\nvar DOCUMENT_TYPE_NODE          = NodeType.DOCUMENT_TYPE_NODE          = 10;\nvar DOCUMENT_FRAGMENT_NODE      = NodeType.DOCUMENT_FRAGMENT_NODE      = 11;\nvar NOTATION_NODE               = NodeType.NOTATION_NODE               = 12;\n\n// ExceptionCode\nvar ExceptionCode = {}\nvar ExceptionMessage = {};\nvar INDEX_SIZE_ERR              = ExceptionCode.INDEX_SIZE_ERR              = ((ExceptionMessage[1]=\"Index size error\"),1);\nvar DOMSTRING_SIZE_ERR          = ExceptionCode.DOMSTRING_SIZE_ERR          = ((ExceptionMessage[2]=\"DOMString size error\"),2);\nvar HIERARCHY_REQUEST_ERR       = ExceptionCode.HIERARCHY_REQUEST_ERR       = ((ExceptionMessage[3]=\"Hierarchy request error\"),3);\nvar WRONG_DOCUMENT_ERR          = ExceptionCode.WRONG_DOCUMENT_ERR          = ((ExceptionMessage[4]=\"Wrong document\"),4);\nvar INVALID_CHARACTER_ERR       = ExceptionCode.INVALID_CHARACTER_ERR       = ((ExceptionMessage[5]=\"Invalid character\"),5);\nvar NO_DATA_ALLOWED_ERR         = ExceptionCode.NO_DATA_ALLOWED_ERR         = ((ExceptionMessage[6]=\"No data allowed\"),6);\nvar NO_MODIFICATION_ALLOWED_ERR = ExceptionCode.NO_MODIFICATION_ALLOWED_ERR = ((ExceptionMessage[7]=\"No modification allowed\"),7);\nvar NOT_FOUND_ERR               = ExceptionCode.NOT_FOUND_ERR               = ((ExceptionMessage[8]=\"Not found\"),8);\nvar NOT_SUPPORTED_ERR           = ExceptionCode.NOT_SUPPORTED_ERR           = ((ExceptionMessage[9]=\"Not supported\"),9);\nvar INUSE_ATTRIBUTE_ERR         = ExceptionCode.INUSE_ATTRIBUTE_ERR         = ((ExceptionMessage[10]=\"Attribute in use\"),10);\n//level2\nvar INVALID_STATE_ERR        \t= ExceptionCode.INVALID_STATE_ERR        \t= ((ExceptionMessage[11]=\"Invalid state\"),11);\nvar SYNTAX_ERR               \t= ExceptionCode.SYNTAX_ERR               \t= ((ExceptionMessage[12]=\"Syntax error\"),12);\nvar INVALID_MODIFICATION_ERR \t= ExceptionCode.INVALID_MODIFICATION_ERR \t= ((ExceptionMessage[13]=\"Invalid modification\"),13);\nvar NAMESPACE_ERR            \t= ExceptionCode.NAMESPACE_ERR           \t= ((ExceptionMessage[14]=\"Invalid namespace\"),14);\nvar INVALID_ACCESS_ERR       \t= ExceptionCode.INVALID_ACCESS_ERR      \t= ((ExceptionMessage[15]=\"Invalid access\"),15);\n\n/**\n * DOM Level 2\n * Object DOMException\n * @see http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/ecma-script-binding.html\n * @see http://www.w3.org/TR/REC-DOM-Level-1/ecma-script-language-binding.html\n */\nfunction DOMException(code, message) {\n\tif(message instanceof Error){\n\t\tvar error = message;\n\t}else{\n\t\terror = this;\n\t\tError.call(this, ExceptionMessage[code]);\n\t\tthis.message = ExceptionMessage[code];\n\t\tif(Error.captureStackTrace) Error.captureStackTrace(this, DOMException);\n\t}\n\terror.code = code;\n\tif(message) this.message = this.message + \": \" + message;\n\treturn error;\n};\nDOMException.prototype = Error.prototype;\ncopy(ExceptionCode,DOMException)\n\n/**\n * @see http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/core.html#ID-536297177\n * The NodeList interface provides the abstraction of an ordered collection of nodes, without defining or constraining how this collection is implemented. NodeList objects in the DOM are live.\n * The items in the NodeList are accessible via an integral index, starting from 0.\n */\nfunction NodeList() {\n};\nNodeList.prototype = {\n\t/**\n\t * The number of nodes in the list. The range of valid child node indices is 0 to length-1 inclusive.\n\t * @standard level1\n\t */\n\tlength:0,\n\t/**\n\t * Returns the indexth item in the collection. If index is greater than or equal to the number of nodes in the list, this returns null.\n\t * @standard level1\n\t * @param index  unsigned long\n\t *   Index into the collection.\n\t * @return Node\n\t * \tThe node at the indexth position in the NodeList, or null if that is not a valid index.\n\t */\n\titem: function(index) {\n\t\treturn index >= 0 && index < this.length ? this[index] : null;\n\t},\n\ttoString:function(isHTML,nodeFilter){\n\t\tfor(var buf = [], i = 0;i<this.length;i++){\n\t\t\tserializeToString(this[i],buf,isHTML,nodeFilter);\n\t\t}\n\t\treturn buf.join('');\n\t},\n\t/**\n\t * @private\n\t * @param {function (Node):boolean} predicate\n\t * @returns {Node[]}\n\t */\n\tfilter: function (predicate) {\n\t\treturn Array.prototype.filter.call(this, predicate);\n\t},\n\t/**\n\t * @private\n\t * @param {Node} item\n\t * @returns {number}\n\t */\n\tindexOf: function (item) {\n\t\treturn Array.prototype.indexOf.call(this, item);\n\t},\n};\n\nfunction LiveNodeList(node,refresh){\n\tthis._node = node;\n\tthis._refresh = refresh\n\t_updateLiveList(this);\n}\nfunction _updateLiveList(list){\n\tvar inc = list._node._inc || list._node.ownerDocument._inc;\n\tif (list._inc !== inc) {\n\t\tvar ls = list._refresh(list._node);\n\t\t__set__(list,'length',ls.length);\n\t\tif (!list.$$length || ls.length < list.$$length) {\n\t\t\tfor (var i = ls.length; i in list; i++) {\n\t\t\t\tif (Object.prototype.hasOwnProperty.call(list, i)) {\n\t\t\t\t\tdelete list[i];\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tcopy(ls,list);\n\t\tlist._inc = inc;\n\t}\n}\nLiveNodeList.prototype.item = function(i){\n\t_updateLiveList(this);\n\treturn this[i] || null;\n}\n\n_extends(LiveNodeList,NodeList);\n\n/**\n * Objects implementing the NamedNodeMap interface are used\n * to represent collections of nodes that can be accessed by name.\n * Note that NamedNodeMap does not inherit from NodeList;\n * NamedNodeMaps are not maintained in any particular order.\n * Objects contained in an object implementing NamedNodeMap may also be accessed by an ordinal index,\n * but this is simply to allow convenient enumeration of the contents of a NamedNodeMap,\n * and does not imply that the DOM specifies an order to these Nodes.\n * NamedNodeMap objects in the DOM are live.\n * used for attributes or DocumentType entities\n */\nfunction NamedNodeMap() {\n};\n\nfunction _findNodeIndex(list,node){\n\tvar i = list.length;\n\twhile(i--){\n\t\tif(list[i] === node){return i}\n\t}\n}\n\nfunction _addNamedNode(el,list,newAttr,oldAttr){\n\tif(oldAttr){\n\t\tlist[_findNodeIndex(list,oldAttr)] = newAttr;\n\t}else{\n\t\tlist[list.length++] = newAttr;\n\t}\n\tif(el){\n\t\tnewAttr.ownerElement = el;\n\t\tvar doc = el.ownerDocument;\n\t\tif(doc){\n\t\t\toldAttr && _onRemoveAttribute(doc,el,oldAttr);\n\t\t\t_onAddAttribute(doc,el,newAttr);\n\t\t}\n\t}\n}\nfunction _removeNamedNode(el,list,attr){\n\t//console.log('remove attr:'+attr)\n\tvar i = _findNodeIndex(list,attr);\n\tif(i>=0){\n\t\tvar lastIndex = list.length-1\n\t\twhile(i<lastIndex){\n\t\t\tlist[i] = list[++i]\n\t\t}\n\t\tlist.length = lastIndex;\n\t\tif(el){\n\t\t\tvar doc = el.ownerDocument;\n\t\t\tif(doc){\n\t\t\t\t_onRemoveAttribute(doc,el,attr);\n\t\t\t\tattr.ownerElement = null;\n\t\t\t}\n\t\t}\n\t}else{\n\t\tthrow new DOMException(NOT_FOUND_ERR,new Error(el.tagName+'@'+attr))\n\t}\n}\nNamedNodeMap.prototype = {\n\tlength:0,\n\titem:NodeList.prototype.item,\n\tgetNamedItem: function(key) {\n//\t\tif(key.indexOf(':')>0 || key == 'xmlns'){\n//\t\t\treturn null;\n//\t\t}\n\t\t//console.log()\n\t\tvar i = this.length;\n\t\twhile(i--){\n\t\t\tvar attr = this[i];\n\t\t\t//console.log(attr.nodeName,key)\n\t\t\tif(attr.nodeName == key){\n\t\t\t\treturn attr;\n\t\t\t}\n\t\t}\n\t},\n\tsetNamedItem: function(attr) {\n\t\tvar el = attr.ownerElement;\n\t\tif(el && el!=this._ownerElement){\n\t\t\tthrow new DOMException(INUSE_ATTRIBUTE_ERR);\n\t\t}\n\t\tvar oldAttr = this.getNamedItem(attr.nodeName);\n\t\t_addNamedNode(this._ownerElement,this,attr,oldAttr);\n\t\treturn oldAttr;\n\t},\n\t/* returns Node */\n\tsetNamedItemNS: function(attr) {// raises: WRONG_DOCUMENT_ERR,NO_MODIFICATION_ALLOWED_ERR,INUSE_ATTRIBUTE_ERR\n\t\tvar el = attr.ownerElement, oldAttr;\n\t\tif(el && el!=this._ownerElement){\n\t\t\tthrow new DOMException(INUSE_ATTRIBUTE_ERR);\n\t\t}\n\t\toldAttr = this.getNamedItemNS(attr.namespaceURI,attr.localName);\n\t\t_addNamedNode(this._ownerElement,this,attr,oldAttr);\n\t\treturn oldAttr;\n\t},\n\n\t/* returns Node */\n\tremoveNamedItem: function(key) {\n\t\tvar attr = this.getNamedItem(key);\n\t\t_removeNamedNode(this._ownerElement,this,attr);\n\t\treturn attr;\n\n\n\t},// raises: NOT_FOUND_ERR,NO_MODIFICATION_ALLOWED_ERR\n\n\t//for level2\n\tremoveNamedItemNS:function(namespaceURI,localName){\n\t\tvar attr = this.getNamedItemNS(namespaceURI,localName);\n\t\t_removeNamedNode(this._ownerElement,this,attr);\n\t\treturn attr;\n\t},\n\tgetNamedItemNS: function(namespaceURI, localName) {\n\t\tvar i = this.length;\n\t\twhile(i--){\n\t\t\tvar node = this[i];\n\t\t\tif(node.localName == localName && node.namespaceURI == namespaceURI){\n\t\t\t\treturn node;\n\t\t\t}\n\t\t}\n\t\treturn null;\n\t}\n};\n\n/**\n * The DOMImplementation interface represents an object providing methods\n * which are not dependent on any particular document.\n * Such an object is returned by the `Document.implementation` property.\n *\n * __The individual methods describe the differences compared to the specs.__\n *\n * @constructor\n *\n * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMImplementation MDN\n * @see https://www.w3.org/TR/REC-DOM-Level-1/level-one-core.html#ID-102161490 DOM Level 1 Core (Initial)\n * @see https://www.w3.org/TR/DOM-Level-2-Core/core.html#ID-102161490 DOM Level 2 Core\n * @see https://www.w3.org/TR/DOM-Level-3-Core/core.html#ID-102161490 DOM Level 3 Core\n * @see https://dom.spec.whatwg.org/#domimplementation DOM Living Standard\n */\nfunction DOMImplementation() {\n}\n\nDOMImplementation.prototype = {\n\t/**\n\t * The DOMImplementation.hasFeature() method returns a Boolean flag indicating if a given feature is supported.\n\t * The different implementations fairly diverged in what kind of features were reported.\n\t * The latest version of the spec settled to force this method to always return true, where the functionality was accurate and in use.\n\t *\n\t * @deprecated It is deprecated and modern browsers return true in all cases.\n\t *\n\t * @param {string} feature\n\t * @param {string} [version]\n\t * @returns {boolean} always true\n\t *\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMImplementation/hasFeature MDN\n\t * @see https://www.w3.org/TR/REC-DOM-Level-1/level-one-core.html#ID-5CED94D7 DOM Level 1 Core\n\t * @see https://dom.spec.whatwg.org/#dom-domimplementation-hasfeature DOM Living Standard\n\t */\n\thasFeature: function(feature, version) {\n\t\t\treturn true;\n\t},\n\t/**\n\t * Creates an XML Document object of the specified type with its document element.\n\t *\n\t * __It behaves slightly different from the description in the living standard__:\n\t * - There is no interface/class `XMLDocument`, it returns a `Document` instance.\n\t * - `contentType`, `encoding`, `mode`, `origin`, `url` fields are currently not declared.\n\t * - this implementation is not validating names or qualified names\n\t *   (when parsing XML strings, the SAX parser takes care of that)\n\t *\n\t * @param {string|null} namespaceURI\n\t * @param {string} qualifiedName\n\t * @param {DocumentType=null} doctype\n\t * @returns {Document}\n\t *\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMImplementation/createDocument MDN\n\t * @see https://www.w3.org/TR/DOM-Level-2-Core/core.html#Level-2-Core-DOM-createDocument DOM Level 2 Core (initial)\n\t * @see https://dom.spec.whatwg.org/#dom-domimplementation-createdocument  DOM Level 2 Core\n\t *\n\t * @see https://dom.spec.whatwg.org/#validate-and-extract DOM: Validate and extract\n\t * @see https://www.w3.org/TR/xml/#NT-NameStartChar XML Spec: Names\n\t * @see https://www.w3.org/TR/xml-names/#ns-qualnames XML Namespaces: Qualified names\n\t */\n\tcreateDocument: function(namespaceURI,  qualifiedName, doctype){\n\t\tvar doc = new Document();\n\t\tdoc.implementation = this;\n\t\tdoc.childNodes = new NodeList();\n\t\tdoc.doctype = doctype || null;\n\t\tif (doctype){\n\t\t\tdoc.appendChild(doctype);\n\t\t}\n\t\tif (qualifiedName){\n\t\t\tvar root = doc.createElementNS(namespaceURI, qualifiedName);\n\t\t\tdoc.appendChild(root);\n\t\t}\n\t\treturn doc;\n\t},\n\t/**\n\t * Returns a doctype, with the given `qualifiedName`, `publicId`, and `systemId`.\n\t *\n\t * __This behavior is slightly different from the in the specs__:\n\t * - this implementation is not validating names or qualified names\n\t *   (when parsing XML strings, the SAX parser takes care of that)\n\t *\n\t * @param {string} qualifiedName\n\t * @param {string} [publicId]\n\t * @param {string} [systemId]\n\t * @returns {DocumentType} which can either be used with `DOMImplementation.createDocument` upon document creation\n\t * \t\t\t\t  or can be put into the document via methods like `Node.insertBefore()` or `Node.replaceChild()`\n\t *\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/DOMImplementation/createDocumentType MDN\n\t * @see https://www.w3.org/TR/DOM-Level-2-Core/core.html#Level-2-Core-DOM-createDocType DOM Level 2 Core\n\t * @see https://dom.spec.whatwg.org/#dom-domimplementation-createdocumenttype DOM Living Standard\n\t *\n\t * @see https://dom.spec.whatwg.org/#validate-and-extract DOM: Validate and extract\n\t * @see https://www.w3.org/TR/xml/#NT-NameStartChar XML Spec: Names\n\t * @see https://www.w3.org/TR/xml-names/#ns-qualnames XML Namespaces: Qualified names\n\t */\n\tcreateDocumentType: function(qualifiedName, publicId, systemId){\n\t\tvar node = new DocumentType();\n\t\tnode.name = qualifiedName;\n\t\tnode.nodeName = qualifiedName;\n\t\tnode.publicId = publicId || '';\n\t\tnode.systemId = systemId || '';\n\n\t\treturn node;\n\t}\n};\n\n\n/**\n * @see http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/core.html#ID-1950641247\n */\n\nfunction Node() {\n};\n\nNode.prototype = {\n\tfirstChild : null,\n\tlastChild : null,\n\tpreviousSibling : null,\n\tnextSibling : null,\n\tattributes : null,\n\tparentNode : null,\n\tchildNodes : null,\n\townerDocument : null,\n\tnodeValue : null,\n\tnamespaceURI : null,\n\tprefix : null,\n\tlocalName : null,\n\t// Modified in DOM Level 2:\n\tinsertBefore:function(newChild, refChild){//raises\n\t\treturn _insertBefore(this,newChild,refChild);\n\t},\n\treplaceChild:function(newChild, oldChild){//raises\n\t\t_insertBefore(this, newChild,oldChild, assertPreReplacementValidityInDocument);\n\t\tif(oldChild){\n\t\t\tthis.removeChild(oldChild);\n\t\t}\n\t},\n\tremoveChild:function(oldChild){\n\t\treturn _removeChild(this,oldChild);\n\t},\n\tappendChild:function(newChild){\n\t\treturn this.insertBefore(newChild,null);\n\t},\n\thasChildNodes:function(){\n\t\treturn this.firstChild != null;\n\t},\n\tcloneNode:function(deep){\n\t\treturn cloneNode(this.ownerDocument||this,this,deep);\n\t},\n\t// Modified in DOM Level 2:\n\tnormalize:function(){\n\t\tvar child = this.firstChild;\n\t\twhile(child){\n\t\t\tvar next = child.nextSibling;\n\t\t\tif(next && next.nodeType == TEXT_NODE && child.nodeType == TEXT_NODE){\n\t\t\t\tthis.removeChild(next);\n\t\t\t\tchild.appendData(next.data);\n\t\t\t}else{\n\t\t\t\tchild.normalize();\n\t\t\t\tchild = next;\n\t\t\t}\n\t\t}\n\t},\n  \t// Introduced in DOM Level 2:\n\tisSupported:function(feature, version){\n\t\treturn this.ownerDocument.implementation.hasFeature(feature,version);\n\t},\n    // Introduced in DOM Level 2:\n    hasAttributes:function(){\n    \treturn this.attributes.length>0;\n    },\n\t/**\n\t * Look up the prefix associated to the given namespace URI, starting from this node.\n\t * **The default namespace declarations are ignored by this method.**\n\t * See Namespace Prefix Lookup for details on the algorithm used by this method.\n\t *\n\t * _Note: The implementation seems to be incomplete when compared to the algorithm described in the specs._\n\t *\n\t * @param {string | null} namespaceURI\n\t * @returns {string | null}\n\t * @see https://www.w3.org/TR/DOM-Level-3-Core/core.html#Node3-lookupNamespacePrefix\n\t * @see https://www.w3.org/TR/DOM-Level-3-Core/namespaces-algorithms.html#lookupNamespacePrefixAlgo\n\t * @see https://dom.spec.whatwg.org/#dom-node-lookupprefix\n\t * @see https://github.com/xmldom/xmldom/issues/322\n\t */\n    lookupPrefix:function(namespaceURI){\n    \tvar el = this;\n    \twhile(el){\n    \t\tvar map = el._nsMap;\n    \t\t//console.dir(map)\n    \t\tif(map){\n    \t\t\tfor(var n in map){\n\t\t\t\t\t\tif (Object.prototype.hasOwnProperty.call(map, n) && map[n] === namespaceURI) {\n\t\t\t\t\t\t\treturn n;\n\t\t\t\t\t\t}\n    \t\t\t}\n    \t\t}\n    \t\tel = el.nodeType == ATTRIBUTE_NODE?el.ownerDocument : el.parentNode;\n    \t}\n    \treturn null;\n    },\n    // Introduced in DOM Level 3:\n    lookupNamespaceURI:function(prefix){\n    \tvar el = this;\n    \twhile(el){\n    \t\tvar map = el._nsMap;\n    \t\t//console.dir(map)\n    \t\tif(map){\n    \t\t\tif(Object.prototype.hasOwnProperty.call(map, prefix)){\n    \t\t\t\treturn map[prefix] ;\n    \t\t\t}\n    \t\t}\n    \t\tel = el.nodeType == ATTRIBUTE_NODE?el.ownerDocument : el.parentNode;\n    \t}\n    \treturn null;\n    },\n    // Introduced in DOM Level 3:\n    isDefaultNamespace:function(namespaceURI){\n    \tvar prefix = this.lookupPrefix(namespaceURI);\n    \treturn prefix == null;\n    }\n};\n\n\nfunction _xmlEncoder(c){\n\treturn c == '<' && '&lt;' ||\n         c == '>' && '&gt;' ||\n         c == '&' && '&amp;' ||\n         c == '\"' && '&quot;' ||\n         '&#'+c.charCodeAt()+';'\n}\n\n\ncopy(NodeType,Node);\ncopy(NodeType,Node.prototype);\n\n/**\n * @param callback return true for continue,false for break\n * @return boolean true: break visit;\n */\nfunction _visitNode(node,callback){\n\tif(callback(node)){\n\t\treturn true;\n\t}\n\tif(node = node.firstChild){\n\t\tdo{\n\t\t\tif(_visitNode(node,callback)){return true}\n        }while(node=node.nextSibling)\n    }\n}\n\n\n\nfunction Document(){\n\tthis.ownerDocument = this;\n}\n\nfunction _onAddAttribute(doc,el,newAttr){\n\tdoc && doc._inc++;\n\tvar ns = newAttr.namespaceURI ;\n\tif(ns === NAMESPACE.XMLNS){\n\t\t//update namespace\n\t\tel._nsMap[newAttr.prefix?newAttr.localName:''] = newAttr.value\n\t}\n}\n\nfunction _onRemoveAttribute(doc,el,newAttr,remove){\n\tdoc && doc._inc++;\n\tvar ns = newAttr.namespaceURI ;\n\tif(ns === NAMESPACE.XMLNS){\n\t\t//update namespace\n\t\tdelete el._nsMap[newAttr.prefix?newAttr.localName:'']\n\t}\n}\n\n/**\n * Updates `el.childNodes`, updating the indexed items and it's `length`.\n * Passing `newChild` means it will be appended.\n * Otherwise it's assumed that an item has been removed,\n * and `el.firstNode` and it's `.nextSibling` are used\n * to walk the current list of child nodes.\n *\n * @param {Document} doc\n * @param {Node} el\n * @param {Node} [newChild]\n * @private\n */\nfunction _onUpdateChild (doc, el, newChild) {\n\tif(doc && doc._inc){\n\t\tdoc._inc++;\n\t\t//update childNodes\n\t\tvar cs = el.childNodes;\n\t\tif (newChild) {\n\t\t\tcs[cs.length++] = newChild;\n\t\t} else {\n\t\t\tvar child = el.firstChild;\n\t\t\tvar i = 0;\n\t\t\twhile (child) {\n\t\t\t\tcs[i++] = child;\n\t\t\t\tchild = child.nextSibling;\n\t\t\t}\n\t\t\tcs.length = i;\n\t\t\tdelete cs[cs.length];\n\t\t}\n\t}\n}\n\n/**\n * Removes the connections between `parentNode` and `child`\n * and any existing `child.previousSibling` or `child.nextSibling`.\n *\n * @see https://github.com/xmldom/xmldom/issues/135\n * @see https://github.com/xmldom/xmldom/issues/145\n *\n * @param {Node} parentNode\n * @param {Node} child\n * @returns {Node} the child that was removed.\n * @private\n */\nfunction _removeChild (parentNode, child) {\n\tvar previous = child.previousSibling;\n\tvar next = child.nextSibling;\n\tif (previous) {\n\t\tprevious.nextSibling = next;\n\t} else {\n\t\tparentNode.firstChild = next;\n\t}\n\tif (next) {\n\t\tnext.previousSibling = previous;\n\t} else {\n\t\tparentNode.lastChild = previous;\n\t}\n\tchild.parentNode = null;\n\tchild.previousSibling = null;\n\tchild.nextSibling = null;\n\t_onUpdateChild(parentNode.ownerDocument, parentNode);\n\treturn child;\n}\n\n/**\n * Returns `true` if `node` can be a parent for insertion.\n * @param {Node} node\n * @returns {boolean}\n */\nfunction hasValidParentNodeType(node) {\n\treturn (\n\t\tnode &&\n\t\t(node.nodeType === Node.DOCUMENT_NODE || node.nodeType === Node.DOCUMENT_FRAGMENT_NODE || node.nodeType === Node.ELEMENT_NODE)\n\t);\n}\n\n/**\n * Returns `true` if `node` can be inserted according to it's `nodeType`.\n * @param {Node} node\n * @returns {boolean}\n */\nfunction hasInsertableNodeType(node) {\n\treturn (\n\t\tnode &&\n\t\t(isElementNode(node) ||\n\t\t\tisTextNode(node) ||\n\t\t\tisDocTypeNode(node) ||\n\t\t\tnode.nodeType === Node.DOCUMENT_FRAGMENT_NODE ||\n\t\t\tnode.nodeType === Node.COMMENT_NODE ||\n\t\t\tnode.nodeType === Node.PROCESSING_INSTRUCTION_NODE)\n\t);\n}\n\n/**\n * Returns true if `node` is a DOCTYPE node\n * @param {Node} node\n * @returns {boolean}\n */\nfunction isDocTypeNode(node) {\n\treturn node && node.nodeType === Node.DOCUMENT_TYPE_NODE;\n}\n\n/**\n * Returns true if the node is an element\n * @param {Node} node\n * @returns {boolean}\n */\nfunction isElementNode(node) {\n\treturn node && node.nodeType === Node.ELEMENT_NODE;\n}\n/**\n * Returns true if `node` is a text node\n * @param {Node} node\n * @returns {boolean}\n */\nfunction isTextNode(node) {\n\treturn node && node.nodeType === Node.TEXT_NODE;\n}\n\n/**\n * Check if en element node can be inserted before `child`, or at the end if child is falsy,\n * according to the presence and position of a doctype node on the same level.\n *\n * @param {Document} doc The document node\n * @param {Node} child the node that would become the nextSibling if the element would be inserted\n * @returns {boolean} `true` if an element can be inserted before child\n * @private\n * https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n */\nfunction isElementInsertionPossible(doc, child) {\n\tvar parentChildNodes = doc.childNodes || [];\n\tif (find(parentChildNodes, isElementNode) || isDocTypeNode(child)) {\n\t\treturn false;\n\t}\n\tvar docTypeNode = find(parentChildNodes, isDocTypeNode);\n\treturn !(child && docTypeNode && parentChildNodes.indexOf(docTypeNode) > parentChildNodes.indexOf(child));\n}\n\n/**\n * Check if en element node can be inserted before `child`, or at the end if child is falsy,\n * according to the presence and position of a doctype node on the same level.\n *\n * @param {Node} doc The document node\n * @param {Node} child the node that would become the nextSibling if the element would be inserted\n * @returns {boolean} `true` if an element can be inserted before child\n * @private\n * https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n */\nfunction isElementReplacementPossible(doc, child) {\n\tvar parentChildNodes = doc.childNodes || [];\n\n\tfunction hasElementChildThatIsNotChild(node) {\n\t\treturn isElementNode(node) && node !== child;\n\t}\n\n\tif (find(parentChildNodes, hasElementChildThatIsNotChild)) {\n\t\treturn false;\n\t}\n\tvar docTypeNode = find(parentChildNodes, isDocTypeNode);\n\treturn !(child && docTypeNode && parentChildNodes.indexOf(docTypeNode) > parentChildNodes.indexOf(child));\n}\n\n/**\n * @private\n * Steps 1-5 of the checks before inserting and before replacing a child are the same.\n *\n * @param {Node} parent the parent node to insert `node` into\n * @param {Node} node the node to insert\n * @param {Node=} child the node that should become the `nextSibling` of `node`\n * @returns {Node}\n * @throws DOMException for several node combinations that would create a DOM that is not well-formed.\n * @throws DOMException if `child` is provided but is not a child of `parent`.\n * @see https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n * @see https://dom.spec.whatwg.org/#concept-node-replace\n */\nfunction assertPreInsertionValidity1to5(parent, node, child) {\n\t// 1. If `parent` is not a Document, DocumentFragment, or Element node, then throw a \"HierarchyRequestError\" DOMException.\n\tif (!hasValidParentNodeType(parent)) {\n\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Unexpected parent node type ' + parent.nodeType);\n\t}\n\t// 2. If `node` is a host-including inclusive ancestor of `parent`, then throw a \"HierarchyRequestError\" DOMException.\n\t// not implemented!\n\t// 3. If `child` is non-null and its parent is not `parent`, then throw a \"NotFoundError\" DOMException.\n\tif (child && child.parentNode !== parent) {\n\t\tthrow new DOMException(NOT_FOUND_ERR, 'child not in parent');\n\t}\n\tif (\n\t\t// 4. If `node` is not a DocumentFragment, DocumentType, Element, or CharacterData node, then throw a \"HierarchyRequestError\" DOMException.\n\t\t!hasInsertableNodeType(node) ||\n\t\t// 5. If either `node` is a Text node and `parent` is a document,\n\t\t// the sax parser currently adds top level text nodes, this will be fixed in 0.9.0\n\t\t// || (node.nodeType === Node.TEXT_NODE && parent.nodeType === Node.DOCUMENT_NODE)\n\t\t// or `node` is a doctype and `parent` is not a document, then throw a \"HierarchyRequestError\" DOMException.\n\t\t(isDocTypeNode(node) && parent.nodeType !== Node.DOCUMENT_NODE)\n\t) {\n\t\tthrow new DOMException(\n\t\t\tHIERARCHY_REQUEST_ERR,\n\t\t\t'Unexpected node type ' + node.nodeType + ' for parent node type ' + parent.nodeType\n\t\t);\n\t}\n}\n\n/**\n * @private\n * Step 6 of the checks before inserting and before replacing a child are different.\n *\n * @param {Document} parent the parent node to insert `node` into\n * @param {Node} node the node to insert\n * @param {Node | undefined} child the node that should become the `nextSibling` of `node`\n * @returns {Node}\n * @throws DOMException for several node combinations that would create a DOM that is not well-formed.\n * @throws DOMException if `child` is provided but is not a child of `parent`.\n * @see https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n * @see https://dom.spec.whatwg.org/#concept-node-replace\n */\nfunction assertPreInsertionValidityInDocument(parent, node, child) {\n\tvar parentChildNodes = parent.childNodes || [];\n\tvar nodeChildNodes = node.childNodes || [];\n\n\t// DocumentFragment\n\tif (node.nodeType === Node.DOCUMENT_FRAGMENT_NODE) {\n\t\tvar nodeChildElements = nodeChildNodes.filter(isElementNode);\n\t\t// If node has more than one element child or has a Text node child.\n\t\tif (nodeChildElements.length > 1 || find(nodeChildNodes, isTextNode)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'More than one element or text in fragment');\n\t\t}\n\t\t// Otherwise, if `node` has one element child and either `parent` has an element child,\n\t\t// `child` is a doctype, or `child` is non-null and a doctype is following `child`.\n\t\tif (nodeChildElements.length === 1 && !isElementInsertionPossible(parent, child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Element in fragment can not be inserted before doctype');\n\t\t}\n\t}\n\t// Element\n\tif (isElementNode(node)) {\n\t\t// `parent` has an element child, `child` is a doctype,\n\t\t// or `child` is non-null and a doctype is following `child`.\n\t\tif (!isElementInsertionPossible(parent, child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Only one element can be added and only after doctype');\n\t\t}\n\t}\n\t// DocumentType\n\tif (isDocTypeNode(node)) {\n\t\t// `parent` has a doctype child,\n\t\tif (find(parentChildNodes, isDocTypeNode)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Only one doctype is allowed');\n\t\t}\n\t\tvar parentElementChild = find(parentChildNodes, isElementNode);\n\t\t// `child` is non-null and an element is preceding `child`,\n\t\tif (child && parentChildNodes.indexOf(parentElementChild) < parentChildNodes.indexOf(child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Doctype can only be inserted before an element');\n\t\t}\n\t\t// or `child` is null and `parent` has an element child.\n\t\tif (!child && parentElementChild) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Doctype can not be appended since element is present');\n\t\t}\n\t}\n}\n\n/**\n * @private\n * Step 6 of the checks before inserting and before replacing a child are different.\n *\n * @param {Document} parent the parent node to insert `node` into\n * @param {Node} node the node to insert\n * @param {Node | undefined} child the node that should become the `nextSibling` of `node`\n * @returns {Node}\n * @throws DOMException for several node combinations that would create a DOM that is not well-formed.\n * @throws DOMException if `child` is provided but is not a child of `parent`.\n * @see https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n * @see https://dom.spec.whatwg.org/#concept-node-replace\n */\nfunction assertPreReplacementValidityInDocument(parent, node, child) {\n\tvar parentChildNodes = parent.childNodes || [];\n\tvar nodeChildNodes = node.childNodes || [];\n\n\t// DocumentFragment\n\tif (node.nodeType === Node.DOCUMENT_FRAGMENT_NODE) {\n\t\tvar nodeChildElements = nodeChildNodes.filter(isElementNode);\n\t\t// If `node` has more than one element child or has a Text node child.\n\t\tif (nodeChildElements.length > 1 || find(nodeChildNodes, isTextNode)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'More than one element or text in fragment');\n\t\t}\n\t\t// Otherwise, if `node` has one element child and either `parent` has an element child that is not `child` or a doctype is following `child`.\n\t\tif (nodeChildElements.length === 1 && !isElementReplacementPossible(parent, child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Element in fragment can not be inserted before doctype');\n\t\t}\n\t}\n\t// Element\n\tif (isElementNode(node)) {\n\t\t// `parent` has an element child that is not `child` or a doctype is following `child`.\n\t\tif (!isElementReplacementPossible(parent, child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Only one element can be added and only after doctype');\n\t\t}\n\t}\n\t// DocumentType\n\tif (isDocTypeNode(node)) {\n\t\tfunction hasDoctypeChildThatIsNotChild(node) {\n\t\t\treturn isDocTypeNode(node) && node !== child;\n\t\t}\n\n\t\t// `parent` has a doctype child that is not `child`,\n\t\tif (find(parentChildNodes, hasDoctypeChildThatIsNotChild)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Only one doctype is allowed');\n\t\t}\n\t\tvar parentElementChild = find(parentChildNodes, isElementNode);\n\t\t// or an element is preceding `child`.\n\t\tif (child && parentChildNodes.indexOf(parentElementChild) < parentChildNodes.indexOf(child)) {\n\t\t\tthrow new DOMException(HIERARCHY_REQUEST_ERR, 'Doctype can only be inserted before an element');\n\t\t}\n\t}\n}\n\n/**\n * @private\n * @param {Node} parent the parent node to insert `node` into\n * @param {Node} node the node to insert\n * @param {Node=} child the node that should become the `nextSibling` of `node`\n * @returns {Node}\n * @throws DOMException for several node combinations that would create a DOM that is not well-formed.\n * @throws DOMException if `child` is provided but is not a child of `parent`.\n * @see https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity\n */\nfunction _insertBefore(parent, node, child, _inDocumentAssertion) {\n\t// To ensure pre-insertion validity of a node into a parent before a child, run these steps:\n\tassertPreInsertionValidity1to5(parent, node, child);\n\n\t// If parent is a document, and any of the statements below, switched on the interface node implements,\n\t// are true, then throw a \"HierarchyRequestError\" DOMException.\n\tif (parent.nodeType === Node.DOCUMENT_NODE) {\n\t\t(_inDocumentAssertion || assertPreInsertionValidityInDocument)(parent, node, child);\n\t}\n\n\tvar cp = node.parentNode;\n\tif(cp){\n\t\tcp.removeChild(node);//remove and update\n\t}\n\tif(node.nodeType === DOCUMENT_FRAGMENT_NODE){\n\t\tvar newFirst = node.firstChild;\n\t\tif (newFirst == null) {\n\t\t\treturn node;\n\t\t}\n\t\tvar newLast = node.lastChild;\n\t}else{\n\t\tnewFirst = newLast = node;\n\t}\n\tvar pre = child ? child.previousSibling : parent.lastChild;\n\n\tnewFirst.previousSibling = pre;\n\tnewLast.nextSibling = child;\n\n\n\tif(pre){\n\t\tpre.nextSibling = newFirst;\n\t}else{\n\t\tparent.firstChild = newFirst;\n\t}\n\tif(child == null){\n\t\tparent.lastChild = newLast;\n\t}else{\n\t\tchild.previousSibling = newLast;\n\t}\n\tdo{\n\t\tnewFirst.parentNode = parent;\n\t\t// Update ownerDocument for each node being inserted\n\t\tvar targetDoc = parent.ownerDocument || parent;\n\t\t_updateOwnerDocument(newFirst, targetDoc);\n\t}while(newFirst !== newLast && (newFirst= newFirst.nextSibling))\n\t_onUpdateChild(parent.ownerDocument||parent, parent);\n\t//console.log(parent.lastChild.nextSibling == null)\n\tif (node.nodeType == DOCUMENT_FRAGMENT_NODE) {\n\t\tnode.firstChild = node.lastChild = null;\n\t}\n\treturn node;\n}\n\n/**\n * Recursively updates the ownerDocument property for a node and all its descendants\n * @param {Node} node\n * @param {Document} newOwnerDocument\n * @private\n */\nfunction _updateOwnerDocument(node, newOwnerDocument) {\n\tif (node.ownerDocument === newOwnerDocument) {\n\t\treturn;\n\t}\n\t\n\tnode.ownerDocument = newOwnerDocument;\n\t\n\t// Update attributes if this is an element\n\tif (node.nodeType === ELEMENT_NODE && node.attributes) {\n\t\tfor (var i = 0; i < node.attributes.length; i++) {\n\t\t\tvar attr = node.attributes.item(i);\n\t\t\tif (attr) {\n\t\t\t\tattr.ownerDocument = newOwnerDocument;\n\t\t\t}\n\t\t}\n\t}\n\t\n\t// Recursively update child nodes\n\tvar child = node.firstChild;\n\twhile (child) {\n\t\t_updateOwnerDocument(child, newOwnerDocument);\n\t\tchild = child.nextSibling;\n\t}\n}\n\n/**\n * Appends `newChild` to `parentNode`.\n * If `newChild` is already connected to a `parentNode` it is first removed from it.\n *\n * @see https://github.com/xmldom/xmldom/issues/135\n * @see https://github.com/xmldom/xmldom/issues/145\n * @param {Node} parentNode\n * @param {Node} newChild\n * @returns {Node}\n * @private\n */\nfunction _appendSingleChild (parentNode, newChild) {\n\tif (newChild.parentNode) {\n\t\tnewChild.parentNode.removeChild(newChild);\n\t}\n\tnewChild.parentNode = parentNode;\n\tnewChild.previousSibling = parentNode.lastChild;\n\tnewChild.nextSibling = null;\n\tif (newChild.previousSibling) {\n\t\tnewChild.previousSibling.nextSibling = newChild;\n\t} else {\n\t\tparentNode.firstChild = newChild;\n\t}\n\tparentNode.lastChild = newChild;\n\t_onUpdateChild(parentNode.ownerDocument, parentNode, newChild);\n\t\n\t// Update ownerDocument for the new child and all its descendants\n\tvar targetDoc = parentNode.ownerDocument || parentNode;\n\t_updateOwnerDocument(newChild, targetDoc);\n\t\n\treturn newChild;\n}\n\nDocument.prototype = {\n\t//implementation : null,\n\tnodeName :  '#document',\n\tnodeType :  DOCUMENT_NODE,\n\t/**\n\t * The DocumentType node of the document.\n\t *\n\t * @readonly\n\t * @type DocumentType\n\t */\n\tdoctype :  null,\n\tdocumentElement :  null,\n\t_inc : 1,\n\n\tinsertBefore :  function(newChild, refChild){//raises\n\t\tif(newChild.nodeType == DOCUMENT_FRAGMENT_NODE){\n\t\t\tvar child = newChild.firstChild;\n\t\t\twhile(child){\n\t\t\t\tvar next = child.nextSibling;\n\t\t\t\tthis.insertBefore(child,refChild);\n\t\t\t\tchild = next;\n\t\t\t}\n\t\t\treturn newChild;\n\t\t}\n\t\t_insertBefore(this, newChild, refChild);\n\t\t_updateOwnerDocument(newChild, this);\n\t\tif (this.documentElement === null && newChild.nodeType === ELEMENT_NODE) {\n\t\t\tthis.documentElement = newChild;\n\t\t}\n\n\t\treturn newChild;\n\t},\n\tremoveChild :  function(oldChild){\n\t\tif(this.documentElement == oldChild){\n\t\t\tthis.documentElement = null;\n\t\t}\n\t\treturn _removeChild(this,oldChild);\n\t},\n\treplaceChild: function (newChild, oldChild) {\n\t\t//raises\n\t\t_insertBefore(this, newChild, oldChild, assertPreReplacementValidityInDocument);\n\t\t_updateOwnerDocument(newChild, this);\n\t\tif (oldChild) {\n\t\t\tthis.removeChild(oldChild);\n\t\t}\n\t\tif (isElementNode(newChild)) {\n\t\t\tthis.documentElement = newChild;\n\t\t}\n\t},\n\t// Introduced in DOM Level 2:\n\timportNode : function(importedNode,deep){\n\t\treturn importNode(this,importedNode,deep);\n\t},\n\t// Introduced in DOM Level 2:\n\tgetElementById :\tfunction(id){\n\t\tvar rtv = null;\n\t\t_visitNode(this.documentElement,function(node){\n\t\t\tif(node.nodeType == ELEMENT_NODE){\n\t\t\t\tif(node.getAttribute('id') == id){\n\t\t\t\t\trtv = node;\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\t\treturn rtv;\n\t},\n\n\t/**\n\t * The `getElementsByClassName` method of `Document` interface returns an array-like object\n\t * of all child elements which have **all** of the given class name(s).\n\t *\n\t * Returns an empty list if `classeNames` is an empty string or only contains HTML white space characters.\n\t *\n\t *\n\t * Warning: This is a live LiveNodeList.\n\t * Changes in the DOM will reflect in the array as the changes occur.\n\t * If an element selected by this array no longer qualifies for the selector,\n\t * it will automatically be removed. Be aware of this for iteration purposes.\n\t *\n\t * @param {string} classNames is a string representing the class name(s) to match; multiple class names are separated by (ASCII-)whitespace\n\t *\n\t * @see https://developer.mozilla.org/en-US/docs/Web/API/Document/getElementsByClassName\n\t * @see https://dom.spec.whatwg.org/#concept-getelementsbyclassname\n\t */\n\tgetElementsByClassName: function(classNames) {\n\t\tvar classNamesSet = toOrderedSet(classNames)\n\t\treturn new LiveNodeList(this, function(base) {\n\t\t\tvar ls = [];\n\t\t\tif (classNamesSet.length > 0) {\n\t\t\t\t_visitNode(base.documentElement, function(node) {\n\t\t\t\t\tif(node !== base && node.nodeType === ELEMENT_NODE) {\n\t\t\t\t\t\tvar nodeClassNames = node.getAttribute('class')\n\t\t\t\t\t\t// can be null if the attribute does not exist\n\t\t\t\t\t\tif (nodeClassNames) {\n\t\t\t\t\t\t\t// before splitting and iterating just compare them for the most common case\n\t\t\t\t\t\t\tvar matches = classNames === nodeClassNames;\n\t\t\t\t\t\t\tif (!matches) {\n\t\t\t\t\t\t\t\tvar nodeClassNamesSet = toOrderedSet(nodeClassNames)\n\t\t\t\t\t\t\t\tmatches = classNamesSet.every(arrayIncludes(nodeClassNamesSet))\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif(matches) {\n\t\t\t\t\t\t\t\tls.push(node);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn ls;\n\t\t});\n\t},\n\n\t//document factory method:\n\tcreateElement :\tfunction(tagName){\n\t\tvar node = new Element();\n\t\tnode.ownerDocument = this;\n\t\tnode.nodeName = tagName;\n\t\tnode.tagName = tagName;\n\t\tnode.localName = tagName;\n\t\tnode.childNodes = new NodeList();\n\t\tvar attrs\t= node.attributes = new NamedNodeMap();\n\t\tattrs._ownerElement = node;\n\t\treturn node;\n\t},\n\tcreateDocumentFragment :\tfunction(){\n\t\tvar node = new DocumentFragment();\n\t\tnode.ownerDocument = this;\n\t\tnode.childNodes = new NodeList();\n\t\treturn node;\n\t},\n\tcreateTextNode :\tfunction(data){\n\t\tvar node = new Text();\n\t\tnode.ownerDocument = this;\n\t\tnode.appendData(data)\n\t\treturn node;\n\t},\n\tcreateComment :\tfunction(data){\n\t\tvar node = new Comment();\n\t\tnode.ownerDocument = this;\n\t\tnode.appendData(data)\n\t\treturn node;\n\t},\n\tcreateCDATASection :\tfunction(data){\n\t\tvar node = new CDATASection();\n\t\tnode.ownerDocument = this;\n\t\tnode.appendData(data)\n\t\treturn node;\n\t},\n\tcreateProcessingInstruction :\tfunction(target,data){\n\t\tvar node = new ProcessingInstruction();\n\t\tnode.ownerDocument = this;\n\t\tnode.tagName = node.nodeName = node.target = target;\n\t\tnode.nodeValue = node.data = data;\n\t\treturn node;\n\t},\n\tcreateAttribute :\tfunction(name){\n\t\tvar node = new Attr();\n\t\tnode.ownerDocument\t= this;\n\t\tnode.name = name;\n\t\tnode.nodeName\t= name;\n\t\tnode.localName = name;\n\t\tnode.specified = true;\n\t\treturn node;\n\t},\n\tcreateEntityReference :\tfunction(name){\n\t\tvar node = new EntityReference();\n\t\tnode.ownerDocument\t= this;\n\t\tnode.nodeName\t= name;\n\t\treturn node;\n\t},\n\t// Introduced in DOM Level 2:\n\tcreateElementNS :\tfunction(namespaceURI,qualifiedName){\n\t\tvar node = new Element();\n\t\tvar pl = qualifiedName.split(':');\n\t\tvar attrs\t= node.attributes = new NamedNodeMap();\n\t\tnode.childNodes = new NodeList();\n\t\tnode.ownerDocument = this;\n\t\tnode.nodeName = qualifiedName;\n\t\tnode.tagName = qualifiedName;\n\t\tnode.namespaceURI = namespaceURI;\n\t\tif(pl.length == 2){\n\t\t\tnode.prefix = pl[0];\n\t\t\tnode.localName = pl[1];\n\t\t}else{\n\t\t\t//el.prefix = null;\n\t\t\tnode.localName = qualifiedName;\n\t\t}\n\t\tattrs._ownerElement = node;\n\t\treturn node;\n\t},\n\t// Introduced in DOM Level 2:\n\tcreateAttributeNS :\tfunction(namespaceURI,qualifiedName){\n\t\tvar node = new Attr();\n\t\tvar pl = qualifiedName.split(':');\n\t\tnode.ownerDocument = this;\n\t\tnode.nodeName = qualifiedName;\n\t\tnode.name = qualifiedName;\n\t\tnode.namespaceURI = namespaceURI;\n\t\tnode.specified = true;\n\t\tif(pl.length == 2){\n\t\t\tnode.prefix = pl[0];\n\t\t\tnode.localName = pl[1];\n\t\t}else{\n\t\t\t//el.prefix = null;\n\t\t\tnode.localName = qualifiedName;\n\t\t}\n\t\treturn node;\n\t}\n};\n_extends(Document,Node);\n\n\nfunction Element() {\n\tthis._nsMap = {};\n};\nElement.prototype = {\n\tnodeType : ELEMENT_NODE,\n\thasAttribute : function(name){\n\t\treturn this.getAttributeNode(name)!=null;\n\t},\n\tgetAttribute : function(name){\n\t\tvar attr = this.getAttributeNode(name);\n\t\treturn attr && attr.value || '';\n\t},\n\tgetAttributeNode : function(name){\n\t\treturn this.attributes.getNamedItem(name);\n\t},\n\tsetAttribute : function(name, value){\n\t\tvar attr = this.ownerDocument.createAttribute(name);\n\t\tattr.value = attr.nodeValue = \"\" + value;\n\t\tthis.setAttributeNode(attr)\n\t},\n\tremoveAttribute : function(name){\n\t\tvar attr = this.getAttributeNode(name)\n\t\tattr && this.removeAttributeNode(attr);\n\t},\n\n\t//four real opeartion method\n\tappendChild:function(newChild){\n\t\tif(newChild.nodeType === DOCUMENT_FRAGMENT_NODE){\n\t\t\treturn this.insertBefore(newChild,null);\n\t\t}else{\n\t\t\treturn _appendSingleChild(this,newChild);\n\t\t}\n\t},\n\tsetAttributeNode : function(newAttr){\n\t\treturn this.attributes.setNamedItem(newAttr);\n\t},\n\tsetAttributeNodeNS : function(newAttr){\n\t\treturn this.attributes.setNamedItemNS(newAttr);\n\t},\n\tremoveAttributeNode : function(oldAttr){\n\t\t//console.log(this == oldAttr.ownerElement)\n\t\treturn this.attributes.removeNamedItem(oldAttr.nodeName);\n\t},\n\t//get real attribute name,and remove it by removeAttributeNode\n\tremoveAttributeNS : function(namespaceURI, localName){\n\t\tvar old = this.getAttributeNodeNS(namespaceURI, localName);\n\t\told && this.removeAttributeNode(old);\n\t},\n\n\thasAttributeNS : function(namespaceURI, localName){\n\t\treturn this.getAttributeNodeNS(namespaceURI, localName)!=null;\n\t},\n\tgetAttributeNS : function(namespaceURI, localName){\n\t\tvar attr = this.getAttributeNodeNS(namespaceURI, localName);\n\t\treturn attr && attr.value || '';\n\t},\n\tsetAttributeNS : function(namespaceURI, qualifiedName, value){\n\t\tvar attr = this.ownerDocument.createAttributeNS(namespaceURI, qualifiedName);\n\t\tattr.value = attr.nodeValue = \"\" + value;\n\t\tthis.setAttributeNode(attr)\n\t},\n\tgetAttributeNodeNS : function(namespaceURI, localName){\n\t\treturn this.attributes.getNamedItemNS(namespaceURI, localName);\n\t},\n\n\tgetElementsByTagName : function(tagName){\n\t\treturn new LiveNodeList(this,function(base){\n\t\t\tvar ls = [];\n\t\t\t_visitNode(base,function(node){\n\t\t\t\tif(node !== base && node.nodeType == ELEMENT_NODE && (tagName === '*' || node.tagName == tagName)){\n\t\t\t\t\tls.push(node);\n\t\t\t\t}\n\t\t\t});\n\t\t\treturn ls;\n\t\t});\n\t},\n\tgetElementsByTagNameNS : function(namespaceURI, localName){\n\t\treturn new LiveNodeList(this,function(base){\n\t\t\tvar ls = [];\n\t\t\t_visitNode(base,function(node){\n\t\t\t\tif(node !== base && node.nodeType === ELEMENT_NODE && (namespaceURI === '*' || node.namespaceURI === namespaceURI) && (localName === '*' || node.localName == localName)){\n\t\t\t\t\tls.push(node);\n\t\t\t\t}\n\t\t\t});\n\t\t\treturn ls;\n\n\t\t});\n\t}\n};\nDocument.prototype.getElementsByTagName = Element.prototype.getElementsByTagName;\nDocument.prototype.getElementsByTagNameNS = Element.prototype.getElementsByTagNameNS;\n\n\n_extends(Element,Node);\nfunction Attr() {\n};\nAttr.prototype.nodeType = ATTRIBUTE_NODE;\n_extends(Attr,Node);\n\n\nfunction CharacterData() {\n};\nCharacterData.prototype = {\n\tdata : '',\n\tsubstringData : function(offset, count) {\n\t\treturn this.data.substring(offset, offset+count);\n\t},\n\tappendData: function(text) {\n\t\ttext = this.data+text;\n\t\tthis.nodeValue = this.data = text;\n\t\tthis.length = text.length;\n\t},\n\tinsertData: function(offset,text) {\n\t\tthis.replaceData(offset,0,text);\n\n\t},\n\tappendChild:function(newChild){\n\t\tthrow new Error(ExceptionMessage[HIERARCHY_REQUEST_ERR])\n\t},\n\tdeleteData: function(offset, count) {\n\t\tthis.replaceData(offset,count,\"\");\n\t},\n\treplaceData: function(offset, count, text) {\n\t\tvar start = this.data.substring(0,offset);\n\t\tvar end = this.data.substring(offset+count);\n\t\ttext = start + text + end;\n\t\tthis.nodeValue = this.data = text;\n\t\tthis.length = text.length;\n\t}\n}\n_extends(CharacterData,Node);\nfunction Text() {\n};\nText.prototype = {\n\tnodeName : \"#text\",\n\tnodeType : TEXT_NODE,\n\tsplitText : function(offset) {\n\t\tvar text = this.data;\n\t\tvar newText = text.substring(offset);\n\t\ttext = text.substring(0, offset);\n\t\tthis.data = this.nodeValue = text;\n\t\tthis.length = text.length;\n\t\tvar newNode = this.ownerDocument.createTextNode(newText);\n\t\tif(this.parentNode){\n\t\t\tthis.parentNode.insertBefore(newNode, this.nextSibling);\n\t\t}\n\t\treturn newNode;\n\t}\n}\n_extends(Text,CharacterData);\nfunction Comment() {\n};\nComment.prototype = {\n\tnodeName : \"#comment\",\n\tnodeType : COMMENT_NODE\n}\n_extends(Comment,CharacterData);\n\nfunction CDATASection() {\n};\nCDATASection.prototype = {\n\tnodeName : \"#cdata-section\",\n\tnodeType : CDATA_SECTION_NODE\n}\n_extends(CDATASection,CharacterData);\n\n\nfunction DocumentType() {\n};\nDocumentType.prototype.nodeType = DOCUMENT_TYPE_NODE;\n_extends(DocumentType,Node);\n\nfunction Notation() {\n};\nNotation.prototype.nodeType = NOTATION_NODE;\n_extends(Notation,Node);\n\nfunction Entity() {\n};\nEntity.prototype.nodeType = ENTITY_NODE;\n_extends(Entity,Node);\n\nfunction EntityReference() {\n};\nEntityReference.prototype.nodeType = ENTITY_REFERENCE_NODE;\n_extends(EntityReference,Node);\n\nfunction DocumentFragment() {\n};\nDocumentFragment.prototype.nodeName =\t\"#document-fragment\";\nDocumentFragment.prototype.nodeType =\tDOCUMENT_FRAGMENT_NODE;\n_extends(DocumentFragment,Node);\n\n\nfunction ProcessingInstruction() {\n}\nProcessingInstruction.prototype.nodeType = PROCESSING_INSTRUCTION_NODE;\n_extends(ProcessingInstruction,Node);\nfunction XMLSerializer(){}\nXMLSerializer.prototype.serializeToString = function(node,isHtml,nodeFilter){\n\treturn nodeSerializeToString.call(node,isHtml,nodeFilter);\n}\nNode.prototype.toString = nodeSerializeToString;\nfunction nodeSerializeToString(isHtml,nodeFilter){\n\tvar buf = [];\n\tvar refNode = this.nodeType == 9 && this.documentElement || this;\n\tvar prefix = refNode.prefix;\n\tvar uri = refNode.namespaceURI;\n\n\tif(uri && prefix == null){\n\t\t//console.log(prefix)\n\t\tvar prefix = refNode.lookupPrefix(uri);\n\t\tif(prefix == null){\n\t\t\t//isHTML = true;\n\t\t\tvar visibleNamespaces=[\n\t\t\t{namespace:uri,prefix:null}\n\t\t\t//{namespace:uri,prefix:''}\n\t\t\t]\n\t\t}\n\t}\n\tserializeToString(this,buf,isHtml,nodeFilter,visibleNamespaces);\n\t//console.log('###',this.nodeType,uri,prefix,buf.join(''))\n\treturn buf.join('');\n}\n\nfunction needNamespaceDefine(node, isHTML, visibleNamespaces) {\n\tvar prefix = node.prefix || '';\n\tvar uri = node.namespaceURI;\n\t// According to [Namespaces in XML 1.0](https://www.w3.org/TR/REC-xml-names/#ns-using) ,\n\t// and more specifically https://www.w3.org/TR/REC-xml-names/#nsc-NoPrefixUndecl :\n\t// > In a namespace declaration for a prefix [...], the attribute value MUST NOT be empty.\n\t// in a similar manner [Namespaces in XML 1.1](https://www.w3.org/TR/xml-names11/#ns-using)\n\t// and more specifically https://www.w3.org/TR/xml-names11/#nsc-NSDeclared :\n\t// > [...] Furthermore, the attribute value [...] must not be an empty string.\n\t// so serializing empty namespace value like xmlns:ds=\"\" would produce an invalid XML document.\n\tif (!uri) {\n\t\treturn false;\n\t}\n\tif (prefix === \"xml\" && uri === NAMESPACE.XML || uri === NAMESPACE.XMLNS) {\n\t\treturn false;\n\t}\n\n\tvar i = visibleNamespaces.length\n\twhile (i--) {\n\t\tvar ns = visibleNamespaces[i];\n\t\t// get namespace prefix\n\t\tif (ns.prefix === prefix) {\n\t\t\treturn ns.namespace !== uri;\n\t\t}\n\t}\n\treturn true;\n}\n/**\n * Well-formed constraint: No < in Attribute Values\n * > The replacement text of any entity referred to directly or indirectly\n * > in an attribute value must not contain a <.\n * @see https://www.w3.org/TR/xml11/#CleanAttrVals\n * @see https://www.w3.org/TR/xml11/#NT-AttValue\n *\n * Literal whitespace other than space that appear in attribute values\n * are serialized as their entity references, so they will be preserved.\n * (In contrast to whitespace literals in the input which are normalized to spaces)\n * @see https://www.w3.org/TR/xml11/#AVNormalize\n * @see https://w3c.github.io/DOM-Parsing/#serializing-an-element-s-attributes\n */\nfunction addSerializedAttribute(buf, qualifiedName, value) {\n\tbuf.push(' ', qualifiedName, '=\"', value.replace(/[<>&\"\\t\\n\\r]/g, _xmlEncoder), '\"')\n}\n\nfunction serializeToString(node,buf,isHTML,nodeFilter,visibleNamespaces){\n\tif (!visibleNamespaces) {\n\t\tvisibleNamespaces = [];\n\t}\n\n\tif(nodeFilter){\n\t\tnode = nodeFilter(node);\n\t\tif(node){\n\t\t\tif(typeof node == 'string'){\n\t\t\t\tbuf.push(node);\n\t\t\t\treturn;\n\t\t\t}\n\t\t}else{\n\t\t\treturn;\n\t\t}\n\t\t//buf.sort.apply(attrs, attributeSorter);\n\t}\n\n\tswitch(node.nodeType){\n\tcase ELEMENT_NODE:\n\t\tvar attrs = node.attributes;\n\t\tvar len = attrs.length;\n\t\tvar child = node.firstChild;\n\t\tvar nodeName = node.tagName;\n\n\t\tisHTML = NAMESPACE.isHTML(node.namespaceURI) || isHTML\n\n\t\tvar prefixedNodeName = nodeName\n\t\tif (!isHTML && !node.prefix && node.namespaceURI) {\n\t\t\tvar defaultNS\n\t\t\t// lookup current default ns from `xmlns` attribute\n\t\t\tfor (var ai = 0; ai < attrs.length; ai++) {\n\t\t\t\tif (attrs.item(ai).name === 'xmlns') {\n\t\t\t\t\tdefaultNS = attrs.item(ai).value\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (!defaultNS) {\n\t\t\t\t// lookup current default ns in visibleNamespaces\n\t\t\t\tfor (var nsi = visibleNamespaces.length - 1; nsi >= 0; nsi--) {\n\t\t\t\t\tvar namespace = visibleNamespaces[nsi]\n\t\t\t\t\tif (namespace.prefix === '' && namespace.namespace === node.namespaceURI) {\n\t\t\t\t\t\tdefaultNS = namespace.namespace\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (defaultNS !== node.namespaceURI) {\n\t\t\t\tfor (var nsi = visibleNamespaces.length - 1; nsi >= 0; nsi--) {\n\t\t\t\t\tvar namespace = visibleNamespaces[nsi]\n\t\t\t\t\tif (namespace.namespace === node.namespaceURI) {\n\t\t\t\t\t\tif (namespace.prefix) {\n\t\t\t\t\t\t\tprefixedNodeName = namespace.prefix + ':' + nodeName\n\t\t\t\t\t\t}\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tbuf.push('<', prefixedNodeName);\n\n\t\tfor(var i=0;i<len;i++){\n\t\t\t// add namespaces for attributes\n\t\t\tvar attr = attrs.item(i);\n\t\t\tif (attr.prefix == 'xmlns') {\n\t\t\t\tvisibleNamespaces.push({ prefix: attr.localName, namespace: attr.value });\n\t\t\t}else if(attr.nodeName == 'xmlns'){\n\t\t\t\tvisibleNamespaces.push({ prefix: '', namespace: attr.value });\n\t\t\t}\n\t\t}\n\n\t\tfor(var i=0;i<len;i++){\n\t\t\tvar attr = attrs.item(i);\n\t\t\tif (needNamespaceDefine(attr,isHTML, visibleNamespaces)) {\n\t\t\t\tvar prefix = attr.prefix||'';\n\t\t\t\tvar uri = attr.namespaceURI;\n\t\t\t\taddSerializedAttribute(buf, prefix ? 'xmlns:' + prefix : \"xmlns\", uri);\n\t\t\t\tvisibleNamespaces.push({ prefix: prefix, namespace:uri });\n\t\t\t}\n\t\t\tserializeToString(attr,buf,isHTML,nodeFilter,visibleNamespaces);\n\t\t}\n\n\t\t// add namespace for current node\n\t\tif (nodeName === prefixedNodeName && needNamespaceDefine(node, isHTML, visibleNamespaces)) {\n\t\t\tvar prefix = node.prefix||'';\n\t\t\tvar uri = node.namespaceURI;\n\t\t\taddSerializedAttribute(buf, prefix ? 'xmlns:' + prefix : \"xmlns\", uri);\n\t\t\tvisibleNamespaces.push({ prefix: prefix, namespace:uri });\n\t\t}\n\n\t\tif(child || isHTML && !/^(?:meta|link|img|br|hr|input)$/i.test(nodeName)){\n\t\t\tbuf.push('>');\n\t\t\t//if is cdata child node\n\t\t\tif(isHTML && /^script$/i.test(nodeName)){\n\t\t\t\twhile(child){\n\t\t\t\t\tif(child.data){\n\t\t\t\t\t\tbuf.push(child.data);\n\t\t\t\t\t}else{\n\t\t\t\t\t\tserializeToString(child, buf, isHTML, nodeFilter, visibleNamespaces.slice());\n\t\t\t\t\t}\n\t\t\t\t\tchild = child.nextSibling;\n\t\t\t\t}\n\t\t\t}else\n\t\t\t{\n\t\t\t\twhile(child){\n\t\t\t\t\tserializeToString(child, buf, isHTML, nodeFilter, visibleNamespaces.slice());\n\t\t\t\t\tchild = child.nextSibling;\n\t\t\t\t}\n\t\t\t}\n\t\t\tbuf.push('</',prefixedNodeName,'>');\n\t\t}else{\n\t\t\tbuf.push('/>');\n\t\t}\n\t\t// remove added visible namespaces\n\t\t//visibleNamespaces.length = startVisibleNamespaces;\n\t\treturn;\n\tcase DOCUMENT_NODE:\n\tcase DOCUMENT_FRAGMENT_NODE:\n\t\tvar child = node.firstChild;\n\t\twhile(child){\n\t\t\tserializeToString(child, buf, isHTML, nodeFilter, visibleNamespaces.slice());\n\t\t\tchild = child.nextSibling;\n\t\t}\n\t\treturn;\n\tcase ATTRIBUTE_NODE:\n\t\treturn addSerializedAttribute(buf, node.name, node.value);\n\tcase TEXT_NODE:\n\t\t/**\n\t\t * The ampersand character (&) and the left angle bracket (<) must not appear in their literal form,\n\t\t * except when used as markup delimiters, or within a comment, a processing instruction, or a CDATA section.\n\t\t * If they are needed elsewhere, they must be escaped using either numeric character references or the strings\n\t\t * `&amp;` and `&lt;` respectively.\n\t\t * The right angle bracket (>) may be represented using the string \" &gt; \", and must, for compatibility,\n\t\t * be escaped using either `&gt;` or a character reference when it appears in the string `]]>` in content,\n\t\t * when that string is not marking the end of a CDATA section.\n\t\t *\n\t\t * In the content of elements, character data is any string of characters\n\t\t * which does not contain the start-delimiter of any markup\n\t\t * and does not include the CDATA-section-close delimiter, `]]>`.\n\t\t *\n\t\t * @see https://www.w3.org/TR/xml/#NT-CharData\n\t\t * @see https://w3c.github.io/DOM-Parsing/#xml-serializing-a-text-node\n\t\t */\n\t\treturn buf.push(node.data\n\t\t\t.replace(/[<&>]/g,_xmlEncoder)\n\t\t);\n\tcase CDATA_SECTION_NODE:\n\t\treturn buf.push( '<![CDATA[',node.data,']]>');\n\tcase COMMENT_NODE:\n\t\treturn buf.push( \"<!--\",node.data,\"-->\");\n\tcase DOCUMENT_TYPE_NODE:\n\t\tvar pubid = node.publicId;\n\t\tvar sysid = node.systemId;\n\t\tbuf.push('<!DOCTYPE ',node.name);\n\t\tif(pubid){\n\t\t\tbuf.push(' PUBLIC ', pubid);\n\t\t\tif (sysid && sysid!='.') {\n\t\t\t\tbuf.push(' ', sysid);\n\t\t\t}\n\t\t\tbuf.push('>');\n\t\t}else if(sysid && sysid!='.'){\n\t\t\tbuf.push(' SYSTEM ', sysid, '>');\n\t\t}else{\n\t\t\tvar sub = node.internalSubset;\n\t\t\tif(sub){\n\t\t\t\tbuf.push(\" [\",sub,\"]\");\n\t\t\t}\n\t\t\tbuf.push(\">\");\n\t\t}\n\t\treturn;\n\tcase PROCESSING_INSTRUCTION_NODE:\n\t\treturn buf.push( \"<?\",node.target,\" \",node.data,\"?>\");\n\tcase ENTITY_REFERENCE_NODE:\n\t\treturn buf.push( '&',node.nodeName,';');\n\t//case ENTITY_NODE:\n\t//case NOTATION_NODE:\n\tdefault:\n\t\tbuf.push('??',node.nodeName);\n\t}\n}\nfunction importNode(doc,node,deep){\n\tvar node2;\n\tswitch (node.nodeType) {\n\tcase ELEMENT_NODE:\n\t\tnode2 = node.cloneNode(false);\n\t\tnode2.ownerDocument = doc;\n\t\t//var attrs = node2.attributes;\n\t\t//var len = attrs.length;\n\t\t//for(var i=0;i<len;i++){\n\t\t\t//node2.setAttributeNodeNS(importNode(doc,attrs.item(i),deep));\n\t\t//}\n\tcase DOCUMENT_FRAGMENT_NODE:\n\t\tbreak;\n\tcase ATTRIBUTE_NODE:\n\t\tdeep = true;\n\t\tbreak;\n\t//case ENTITY_REFERENCE_NODE:\n\t//case PROCESSING_INSTRUCTION_NODE:\n\t////case TEXT_NODE:\n\t//case CDATA_SECTION_NODE:\n\t//case COMMENT_NODE:\n\t//\tdeep = false;\n\t//\tbreak;\n\t//case DOCUMENT_NODE:\n\t//case DOCUMENT_TYPE_NODE:\n\t//cannot be imported.\n\t//case ENTITY_NODE:\n\t//case NOTATION_NODE：\n\t//can not hit in level3\n\t//default:throw e;\n\t}\n\tif(!node2){\n\t\tnode2 = node.cloneNode(false);//false\n\t}\n\tnode2.ownerDocument = doc;\n\tnode2.parentNode = null;\n\tif(deep){\n\t\tvar child = node.firstChild;\n\t\twhile(child){\n\t\t\tnode2.appendChild(importNode(doc,child,deep));\n\t\t\tchild = child.nextSibling;\n\t\t}\n\t}\n\treturn node2;\n}\n//\n//var _relationMap = {firstChild:1,lastChild:1,previousSibling:1,nextSibling:1,\n//\t\t\t\t\tattributes:1,childNodes:1,parentNode:1,documentElement:1,doctype,};\nfunction cloneNode(doc,node,deep){\n\tvar node2 = new node.constructor();\n\tfor (var n in node) {\n\t\tif (Object.prototype.hasOwnProperty.call(node, n)) {\n\t\t\tvar v = node[n];\n\t\t\tif (typeof v != \"object\") {\n\t\t\t\tif (v != node2[n]) {\n\t\t\t\t\tnode2[n] = v;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\tif(node.childNodes){\n\t\tnode2.childNodes = new NodeList();\n\t}\n\tnode2.ownerDocument = doc;\n\tswitch (node2.nodeType) {\n\tcase ELEMENT_NODE:\n\t\tvar attrs\t= node.attributes;\n\t\tvar attrs2\t= node2.attributes = new NamedNodeMap();\n\t\tvar len = attrs.length\n\t\tattrs2._ownerElement = node2;\n\t\tfor(var i=0;i<len;i++){\n\t\t\tnode2.setAttributeNode(cloneNode(doc,attrs.item(i),true));\n\t\t}\n\t\tbreak;;\n\tcase ATTRIBUTE_NODE:\n\t\tdeep = true;\n\t}\n\tif(deep){\n\t\tvar child = node.firstChild;\n\t\twhile(child){\n\t\t\tnode2.appendChild(cloneNode(doc,child,deep));\n\t\t\tchild = child.nextSibling;\n\t\t}\n\t}\n\treturn node2;\n}\n\nfunction __set__(object,key,value){\n\tobject[key] = value\n}\n//do dynamic\ntry{\n\tif(Object.defineProperty){\n\t\tObject.defineProperty(LiveNodeList.prototype,'length',{\n\t\t\tget:function(){\n\t\t\t\t_updateLiveList(this);\n\t\t\t\treturn this.$$length;\n\t\t\t}\n\t\t});\n\n\t\tObject.defineProperty(Node.prototype,'textContent',{\n\t\t\tget:function(){\n\t\t\t\treturn getTextContent(this);\n\t\t\t},\n\n\t\t\tset:function(data){\n\t\t\t\tswitch(this.nodeType){\n\t\t\t\tcase ELEMENT_NODE:\n\t\t\t\tcase DOCUMENT_FRAGMENT_NODE:\n\t\t\t\t\twhile(this.firstChild){\n\t\t\t\t\t\tthis.removeChild(this.firstChild);\n\t\t\t\t\t}\n\t\t\t\t\tif(data || String(data)){\n\t\t\t\t\t\tthis.appendChild(this.ownerDocument.createTextNode(data));\n\t\t\t\t\t}\n\t\t\t\t\tbreak;\n\n\t\t\t\tdefault:\n\t\t\t\t\tthis.data = data;\n\t\t\t\t\tthis.value = data;\n\t\t\t\t\tthis.nodeValue = data;\n\t\t\t\t}\n\t\t\t}\n\t\t})\n\n\t\tfunction getTextContent(node){\n\t\t\tswitch(node.nodeType){\n\t\t\tcase ELEMENT_NODE:\n\t\t\tcase DOCUMENT_FRAGMENT_NODE:\n\t\t\t\tvar buf = [];\n\t\t\t\tnode = node.firstChild;\n\t\t\t\twhile(node){\n\t\t\t\t\tif(node.nodeType!==7 && node.nodeType !==8){\n\t\t\t\t\t\tbuf.push(getTextContent(node));\n\t\t\t\t\t}\n\t\t\t\t\tnode = node.nextSibling;\n\t\t\t\t}\n\t\t\t\treturn buf.join('');\n\t\t\tdefault:\n\t\t\t\treturn node.nodeValue;\n\t\t\t}\n\t\t}\n\n\t\t__set__ = function(object,key,value){\n\t\t\t//console.log(value)\n\t\t\tobject['$$'+key] = value\n\t\t}\n\t}\n}catch(e){//ie8\n}\n\n//if(typeof require == 'function'){\n\texports.DocumentType = DocumentType;\n\texports.DOMException = DOMException;\n\texports.DOMImplementation = DOMImplementation;\n\texports.Element = Element;\n\texports.Node = Node;\n\texports.NodeList = NodeList;\n\texports.XMLSerializer = XMLSerializer;\n//}\n","'use strict';\n\nvar freeze = require('./conventions').freeze;\n\n/**\n * The entities that are predefined in every XML document.\n *\n * @see https://www.w3.org/TR/2006/REC-xml11-20060816/#sec-predefined-ent W3C XML 1.1\n * @see https://www.w3.org/TR/2008/REC-xml-20081126/#sec-predefined-ent W3C XML 1.0\n * @see https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Predefined_entities_in_XML Wikipedia\n */\nexports.XML_ENTITIES = freeze({\n\tamp: '&',\n\tapos: \"'\",\n\tgt: '>',\n\tlt: '<',\n\tquot: '\"',\n});\n\n/**\n * A map of all entities that are detected in an HTML document.\n * They contain all entries from `XML_ENTITIES`.\n *\n * @see XML_ENTITIES\n * @see DOMParser.parseFromString\n * @see DOMImplementation.prototype.createHTMLDocument\n * @see https://html.spec.whatwg.org/#named-character-references WHATWG HTML(5) Spec\n * @see https://html.spec.whatwg.org/entities.json JSON\n * @see https://www.w3.org/TR/xml-entity-names/ W3C XML Entity Names\n * @see https://www.w3.org/TR/html4/sgml/entities.html W3C HTML4/SGML\n * @see https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Character_entity_references_in_HTML Wikipedia (HTML)\n * @see https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Entities_representing_special_characters_in_XHTML Wikpedia (XHTML)\n */\nexports.HTML_ENTITIES = freeze({\n\tAacute: '\\u00C1',\n\taacute: '\\u00E1',\n\tAbreve: '\\u0102',\n\tabreve: '\\u0103',\n\tac: '\\u223E',\n\tacd: '\\u223F',\n\tacE: '\\u223E\\u0333',\n\tAcirc: '\\u00C2',\n\tacirc: '\\u00E2',\n\tacute: '\\u00B4',\n\tAcy: '\\u0410',\n\tacy: '\\u0430',\n\tAElig: '\\u00C6',\n\taelig: '\\u00E6',\n\taf: '\\u2061',\n\tAfr: '\\uD835\\uDD04',\n\tafr: '\\uD835\\uDD1E',\n\tAgrave: '\\u00C0',\n\tagrave: '\\u00E0',\n\talefsym: '\\u2135',\n\taleph: '\\u2135',\n\tAlpha: '\\u0391',\n\talpha: '\\u03B1',\n\tAmacr: '\\u0100',\n\tamacr: '\\u0101',\n\tamalg: '\\u2A3F',\n\tAMP: '\\u0026',\n\tamp: '\\u0026',\n\tAnd: '\\u2A53',\n\tand: '\\u2227',\n\tandand: '\\u2A55',\n\tandd: '\\u2A5C',\n\tandslope: '\\u2A58',\n\tandv: '\\u2A5A',\n\tang: '\\u2220',\n\tange: '\\u29A4',\n\tangle: '\\u2220',\n\tangmsd: '\\u2221',\n\tangmsdaa: '\\u29A8',\n\tangmsdab: '\\u29A9',\n\tangmsdac: '\\u29AA',\n\tangmsdad: '\\u29AB',\n\tangmsdae: '\\u29AC',\n\tangmsdaf: '\\u29AD',\n\tangmsdag: '\\u29AE',\n\tangmsdah: '\\u29AF',\n\tangrt: '\\u221F',\n\tangrtvb: '\\u22BE',\n\tangrtvbd: '\\u299D',\n\tangsph: '\\u2222',\n\tangst: '\\u00C5',\n\tangzarr: '\\u237C',\n\tAogon: '\\u0104',\n\taogon: '\\u0105',\n\tAopf: '\\uD835\\uDD38',\n\taopf: '\\uD835\\uDD52',\n\tap: '\\u2248',\n\tapacir: '\\u2A6F',\n\tapE: '\\u2A70',\n\tape: '\\u224A',\n\tapid: '\\u224B',\n\tapos: '\\u0027',\n\tApplyFunction: '\\u2061',\n\tapprox: '\\u2248',\n\tapproxeq: '\\u224A',\n\tAring: '\\u00C5',\n\taring: '\\u00E5',\n\tAscr: '\\uD835\\uDC9C',\n\tascr: '\\uD835\\uDCB6',\n\tAssign: '\\u2254',\n\tast: '\\u002A',\n\tasymp: '\\u2248',\n\tasympeq: '\\u224D',\n\tAtilde: '\\u00C3',\n\tatilde: '\\u00E3',\n\tAuml: '\\u00C4',\n\tauml: '\\u00E4',\n\tawconint: '\\u2233',\n\tawint: '\\u2A11',\n\tbackcong: '\\u224C',\n\tbackepsilon: '\\u03F6',\n\tbackprime: '\\u2035',\n\tbacksim: '\\u223D',\n\tbacksimeq: '\\u22CD',\n\tBackslash: '\\u2216',\n\tBarv: '\\u2AE7',\n\tbarvee: '\\u22BD',\n\tBarwed: '\\u2306',\n\tbarwed: '\\u2305',\n\tbarwedge: '\\u2305',\n\tbbrk: '\\u23B5',\n\tbbrktbrk: '\\u23B6',\n\tbcong: '\\u224C',\n\tBcy: '\\u0411',\n\tbcy: '\\u0431',\n\tbdquo: '\\u201E',\n\tbecaus: '\\u2235',\n\tBecause: '\\u2235',\n\tbecause: '\\u2235',\n\tbemptyv: '\\u29B0',\n\tbepsi: '\\u03F6',\n\tbernou: '\\u212C',\n\tBernoullis: '\\u212C',\n\tBeta: '\\u0392',\n\tbeta: '\\u03B2',\n\tbeth: '\\u2136',\n\tbetween: '\\u226C',\n\tBfr: '\\uD835\\uDD05',\n\tbfr: '\\uD835\\uDD1F',\n\tbigcap: '\\u22C2',\n\tbigcirc: '\\u25EF',\n\tbigcup: '\\u22C3',\n\tbigodot: '\\u2A00',\n\tbigoplus: '\\u2A01',\n\tbigotimes: '\\u2A02',\n\tbigsqcup: '\\u2A06',\n\tbigstar: '\\u2605',\n\tbigtriangledown: '\\u25BD',\n\tbigtriangleup: '\\u25B3',\n\tbiguplus: '\\u2A04',\n\tbigvee: '\\u22C1',\n\tbigwedge: '\\u22C0',\n\tbkarow: '\\u290D',\n\tblacklozenge: '\\u29EB',\n\tblacksquare: '\\u25AA',\n\tblacktriangle: '\\u25B4',\n\tblacktriangledown: '\\u25BE',\n\tblacktriangleleft: '\\u25C2',\n\tblacktriangleright: '\\u25B8',\n\tblank: '\\u2423',\n\tblk12: '\\u2592',\n\tblk14: '\\u2591',\n\tblk34: '\\u2593',\n\tblock: '\\u2588',\n\tbne: '\\u003D\\u20E5',\n\tbnequiv: '\\u2261\\u20E5',\n\tbNot: '\\u2AED',\n\tbnot: '\\u2310',\n\tBopf: '\\uD835\\uDD39',\n\tbopf: '\\uD835\\uDD53',\n\tbot: '\\u22A5',\n\tbottom: '\\u22A5',\n\tbowtie: '\\u22C8',\n\tboxbox: '\\u29C9',\n\tboxDL: '\\u2557',\n\tboxDl: '\\u2556',\n\tboxdL: '\\u2555',\n\tboxdl: '\\u2510',\n\tboxDR: '\\u2554',\n\tboxDr: '\\u2553',\n\tboxdR: '\\u2552',\n\tboxdr: '\\u250C',\n\tboxH: '\\u2550',\n\tboxh: '\\u2500',\n\tboxHD: '\\u2566',\n\tboxHd: '\\u2564',\n\tboxhD: '\\u2565',\n\tboxhd: '\\u252C',\n\tboxHU: '\\u2569',\n\tboxHu: '\\u2567',\n\tboxhU: '\\u2568',\n\tboxhu: '\\u2534',\n\tboxminus: '\\u229F',\n\tboxplus: '\\u229E',\n\tboxtimes: '\\u22A0',\n\tboxUL: '\\u255D',\n\tboxUl: '\\u255C',\n\tboxuL: '\\u255B',\n\tboxul: '\\u2518',\n\tboxUR: '\\u255A',\n\tboxUr: '\\u2559',\n\tboxuR: '\\u2558',\n\tboxur: '\\u2514',\n\tboxV: '\\u2551',\n\tboxv: '\\u2502',\n\tboxVH: '\\u256C',\n\tboxVh: '\\u256B',\n\tboxvH: '\\u256A',\n\tboxvh: '\\u253C',\n\tboxVL: '\\u2563',\n\tboxVl: '\\u2562',\n\tboxvL: '\\u2561',\n\tboxvl: '\\u2524',\n\tboxVR: '\\u2560',\n\tboxVr: '\\u255F',\n\tboxvR: '\\u255E',\n\tboxvr: '\\u251C',\n\tbprime: '\\u2035',\n\tBreve: '\\u02D8',\n\tbreve: '\\u02D8',\n\tbrvbar: '\\u00A6',\n\tBscr: '\\u212C',\n\tbscr: '\\uD835\\uDCB7',\n\tbsemi: '\\u204F',\n\tbsim: '\\u223D',\n\tbsime: '\\u22CD',\n\tbsol: '\\u005C',\n\tbsolb: '\\u29C5',\n\tbsolhsub: '\\u27C8',\n\tbull: '\\u2022',\n\tbullet: '\\u2022',\n\tbump: '\\u224E',\n\tbumpE: '\\u2AAE',\n\tbumpe: '\\u224F',\n\tBumpeq: '\\u224E',\n\tbumpeq: '\\u224F',\n\tCacute: '\\u0106',\n\tcacute: '\\u0107',\n\tCap: '\\u22D2',\n\tcap: '\\u2229',\n\tcapand: '\\u2A44',\n\tcapbrcup: '\\u2A49',\n\tcapcap: '\\u2A4B',\n\tcapcup: '\\u2A47',\n\tcapdot: '\\u2A40',\n\tCapitalDifferentialD: '\\u2145',\n\tcaps: '\\u2229\\uFE00',\n\tcaret: '\\u2041',\n\tcaron: '\\u02C7',\n\tCayleys: '\\u212D',\n\tccaps: '\\u2A4D',\n\tCcaron: '\\u010C',\n\tccaron: '\\u010D',\n\tCcedil: '\\u00C7',\n\tccedil: '\\u00E7',\n\tCcirc: '\\u0108',\n\tccirc: '\\u0109',\n\tCconint: '\\u2230',\n\tccups: '\\u2A4C',\n\tccupssm: '\\u2A50',\n\tCdot: '\\u010A',\n\tcdot: '\\u010B',\n\tcedil: '\\u00B8',\n\tCedilla: '\\u00B8',\n\tcemptyv: '\\u29B2',\n\tcent: '\\u00A2',\n\tCenterDot: '\\u00B7',\n\tcenterdot: '\\u00B7',\n\tCfr: '\\u212D',\n\tcfr: '\\uD835\\uDD20',\n\tCHcy: '\\u0427',\n\tchcy: '\\u0447',\n\tcheck: '\\u2713',\n\tcheckmark: '\\u2713',\n\tChi: '\\u03A7',\n\tchi: '\\u03C7',\n\tcir: '\\u25CB',\n\tcirc: '\\u02C6',\n\tcirceq: '\\u2257',\n\tcirclearrowleft: '\\u21BA',\n\tcirclearrowright: '\\u21BB',\n\tcircledast: '\\u229B',\n\tcircledcirc: '\\u229A',\n\tcircleddash: '\\u229D',\n\tCircleDot: '\\u2299',\n\tcircledR: '\\u00AE',\n\tcircledS: '\\u24C8',\n\tCircleMinus: '\\u2296',\n\tCirclePlus: '\\u2295',\n\tCircleTimes: '\\u2297',\n\tcirE: '\\u29C3',\n\tcire: '\\u2257',\n\tcirfnint: '\\u2A10',\n\tcirmid: '\\u2AEF',\n\tcirscir: '\\u29C2',\n\tClockwiseContourIntegral: '\\u2232',\n\tCloseCurlyDoubleQuote: '\\u201D',\n\tCloseCurlyQuote: '\\u2019',\n\tclubs: '\\u2663',\n\tclubsuit: '\\u2663',\n\tColon: '\\u2237',\n\tcolon: '\\u003A',\n\tColone: '\\u2A74',\n\tcolone: '\\u2254',\n\tcoloneq: '\\u2254',\n\tcomma: '\\u002C',\n\tcommat: '\\u0040',\n\tcomp: '\\u2201',\n\tcompfn: '\\u2218',\n\tcomplement: '\\u2201',\n\tcomplexes: '\\u2102',\n\tcong: '\\u2245',\n\tcongdot: '\\u2A6D',\n\tCongruent: '\\u2261',\n\tConint: '\\u222F',\n\tconint: '\\u222E',\n\tContourIntegral: '\\u222E',\n\tCopf: '\\u2102',\n\tcopf: '\\uD835\\uDD54',\n\tcoprod: '\\u2210',\n\tCoproduct: '\\u2210',\n\tCOPY: '\\u00A9',\n\tcopy: '\\u00A9',\n\tcopysr: '\\u2117',\n\tCounterClockwiseContourIntegral: '\\u2233',\n\tcrarr: '\\u21B5',\n\tCross: '\\u2A2F',\n\tcross: '\\u2717',\n\tCscr: '\\uD835\\uDC9E',\n\tcscr: '\\uD835\\uDCB8',\n\tcsub: '\\u2ACF',\n\tcsube: '\\u2AD1',\n\tcsup: '\\u2AD0',\n\tcsupe: '\\u2AD2',\n\tctdot: '\\u22EF',\n\tcudarrl: '\\u2938',\n\tcudarrr: '\\u2935',\n\tcuepr: '\\u22DE',\n\tcuesc: '\\u22DF',\n\tcularr: '\\u21B6',\n\tcularrp: '\\u293D',\n\tCup: '\\u22D3',\n\tcup: '\\u222A',\n\tcupbrcap: '\\u2A48',\n\tCupCap: '\\u224D',\n\tcupcap: '\\u2A46',\n\tcupcup: '\\u2A4A',\n\tcupdot: '\\u228D',\n\tcupor: '\\u2A45',\n\tcups: '\\u222A\\uFE00',\n\tcurarr: '\\u21B7',\n\tcurarrm: '\\u293C',\n\tcurlyeqprec: '\\u22DE',\n\tcurlyeqsucc: '\\u22DF',\n\tcurlyvee: '\\u22CE',\n\tcurlywedge: '\\u22CF',\n\tcurren: '\\u00A4',\n\tcurvearrowleft: '\\u21B6',\n\tcurvearrowright: '\\u21B7',\n\tcuvee: '\\u22CE',\n\tcuwed: '\\u22CF',\n\tcwconint: '\\u2232',\n\tcwint: '\\u2231',\n\tcylcty: '\\u232D',\n\tDagger: '\\u2021',\n\tdagger: '\\u2020',\n\tdaleth: '\\u2138',\n\tDarr: '\\u21A1',\n\tdArr: '\\u21D3',\n\tdarr: '\\u2193',\n\tdash: '\\u2010',\n\tDashv: '\\u2AE4',\n\tdashv: '\\u22A3',\n\tdbkarow: '\\u290F',\n\tdblac: '\\u02DD',\n\tDcaron: '\\u010E',\n\tdcaron: '\\u010F',\n\tDcy: '\\u0414',\n\tdcy: '\\u0434',\n\tDD: '\\u2145',\n\tdd: '\\u2146',\n\tddagger: '\\u2021',\n\tddarr: '\\u21CA',\n\tDDotrahd: '\\u2911',\n\tddotseq: '\\u2A77',\n\tdeg: '\\u00B0',\n\tDel: '\\u2207',\n\tDelta: '\\u0394',\n\tdelta: '\\u03B4',\n\tdemptyv: '\\u29B1',\n\tdfisht: '\\u297F',\n\tDfr: '\\uD835\\uDD07',\n\tdfr: '\\uD835\\uDD21',\n\tdHar: '\\u2965',\n\tdharl: '\\u21C3',\n\tdharr: '\\u21C2',\n\tDiacriticalAcute: '\\u00B4',\n\tDiacriticalDot: '\\u02D9',\n\tDiacriticalDoubleAcute: '\\u02DD',\n\tDiacriticalGrave: '\\u0060',\n\tDiacriticalTilde: '\\u02DC',\n\tdiam: '\\u22C4',\n\tDiamond: '\\u22C4',\n\tdiamond: '\\u22C4',\n\tdiamondsuit: '\\u2666',\n\tdiams: '\\u2666',\n\tdie: '\\u00A8',\n\tDifferentialD: '\\u2146',\n\tdigamma: '\\u03DD',\n\tdisin: '\\u22F2',\n\tdiv: '\\u00F7',\n\tdivide: '\\u00F7',\n\tdivideontimes: '\\u22C7',\n\tdivonx: '\\u22C7',\n\tDJcy: '\\u0402',\n\tdjcy: '\\u0452',\n\tdlcorn: '\\u231E',\n\tdlcrop: '\\u230D',\n\tdollar: '\\u0024',\n\tDopf: '\\uD835\\uDD3B',\n\tdopf: '\\uD835\\uDD55',\n\tDot: '\\u00A8',\n\tdot: '\\u02D9',\n\tDotDot: '\\u20DC',\n\tdoteq: '\\u2250',\n\tdoteqdot: '\\u2251',\n\tDotEqual: '\\u2250',\n\tdotminus: '\\u2238',\n\tdotplus: '\\u2214',\n\tdotsquare: '\\u22A1',\n\tdoublebarwedge: '\\u2306',\n\tDoubleContourIntegral: '\\u222F',\n\tDoubleDot: '\\u00A8',\n\tDoubleDownArrow: '\\u21D3',\n\tDoubleLeftArrow: '\\u21D0',\n\tDoubleLeftRightArrow: '\\u21D4',\n\tDoubleLeftTee: '\\u2AE4',\n\tDoubleLongLeftArrow: '\\u27F8',\n\tDoubleLongLeftRightArrow: '\\u27FA',\n\tDoubleLongRightArrow: '\\u27F9',\n\tDoubleRightArrow: '\\u21D2',\n\tDoubleRightTee: '\\u22A8',\n\tDoubleUpArrow: '\\u21D1',\n\tDoubleUpDownArrow: '\\u21D5',\n\tDoubleVerticalBar: '\\u2225',\n\tDownArrow: '\\u2193',\n\tDownarrow: '\\u21D3',\n\tdownarrow: '\\u2193',\n\tDownArrowBar: '\\u2913',\n\tDownArrowUpArrow: '\\u21F5',\n\tDownBreve: '\\u0311',\n\tdowndownarrows: '\\u21CA',\n\tdownharpoonleft: '\\u21C3',\n\tdownharpoonright: '\\u21C2',\n\tDownLeftRightVector: '\\u2950',\n\tDownLeftTeeVector: '\\u295E',\n\tDownLeftVector: '\\u21BD',\n\tDownLeftVectorBar: '\\u2956',\n\tDownRightTeeVector: '\\u295F',\n\tDownRightVector: '\\u21C1',\n\tDownRightVectorBar: '\\u2957',\n\tDownTee: '\\u22A4',\n\tDownTeeArrow: '\\u21A7',\n\tdrbkarow: '\\u2910',\n\tdrcorn: '\\u231F',\n\tdrcrop: '\\u230C',\n\tDscr: '\\uD835\\uDC9F',\n\tdscr: '\\uD835\\uDCB9',\n\tDScy: '\\u0405',\n\tdscy: '\\u0455',\n\tdsol: '\\u29F6',\n\tDstrok: '\\u0110',\n\tdstrok: '\\u0111',\n\tdtdot: '\\u22F1',\n\tdtri: '\\u25BF',\n\tdtrif: '\\u25BE',\n\tduarr: '\\u21F5',\n\tduhar: '\\u296F',\n\tdwangle: '\\u29A6',\n\tDZcy: '\\u040F',\n\tdzcy: '\\u045F',\n\tdzigrarr: '\\u27FF',\n\tEacute: '\\u00C9',\n\teacute: '\\u00E9',\n\teaster: '\\u2A6E',\n\tEcaron: '\\u011A',\n\tecaron: '\\u011B',\n\tecir: '\\u2256',\n\tEcirc: '\\u00CA',\n\tecirc: '\\u00EA',\n\tecolon: '\\u2255',\n\tEcy: '\\u042D',\n\tecy: '\\u044D',\n\teDDot: '\\u2A77',\n\tEdot: '\\u0116',\n\teDot: '\\u2251',\n\tedot: '\\u0117',\n\tee: '\\u2147',\n\tefDot: '\\u2252',\n\tEfr: '\\uD835\\uDD08',\n\tefr: '\\uD835\\uDD22',\n\teg: '\\u2A9A',\n\tEgrave: '\\u00C8',\n\tegrave: '\\u00E8',\n\tegs: '\\u2A96',\n\tegsdot: '\\u2A98',\n\tel: '\\u2A99',\n\tElement: '\\u2208',\n\telinters: '\\u23E7',\n\tell: '\\u2113',\n\tels: '\\u2A95',\n\telsdot: '\\u2A97',\n\tEmacr: '\\u0112',\n\temacr: '\\u0113',\n\tempty: '\\u2205',\n\temptyset: '\\u2205',\n\tEmptySmallSquare: '\\u25FB',\n\temptyv: '\\u2205',\n\tEmptyVerySmallSquare: '\\u25AB',\n\temsp: '\\u2003',\n\temsp13: '\\u2004',\n\temsp14: '\\u2005',\n\tENG: '\\u014A',\n\teng: '\\u014B',\n\tensp: '\\u2002',\n\tEogon: '\\u0118',\n\teogon: '\\u0119',\n\tEopf: '\\uD835\\uDD3C',\n\teopf: '\\uD835\\uDD56',\n\tepar: '\\u22D5',\n\teparsl: '\\u29E3',\n\teplus: '\\u2A71',\n\tepsi: '\\u03B5',\n\tEpsilon: '\\u0395',\n\tepsilon: '\\u03B5',\n\tepsiv: '\\u03F5',\n\teqcirc: '\\u2256',\n\teqcolon: '\\u2255',\n\teqsim: '\\u2242',\n\teqslantgtr: '\\u2A96',\n\teqslantless: '\\u2A95',\n\tEqual: '\\u2A75',\n\tequals: '\\u003D',\n\tEqualTilde: '\\u2242',\n\tequest: '\\u225F',\n\tEquilibrium: '\\u21CC',\n\tequiv: '\\u2261',\n\tequivDD: '\\u2A78',\n\teqvparsl: '\\u29E5',\n\terarr: '\\u2971',\n\terDot: '\\u2253',\n\tEscr: '\\u2130',\n\tescr: '\\u212F',\n\tesdot: '\\u2250',\n\tEsim: '\\u2A73',\n\tesim: '\\u2242',\n\tEta: '\\u0397',\n\teta: '\\u03B7',\n\tETH: '\\u00D0',\n\teth: '\\u00F0',\n\tEuml: '\\u00CB',\n\teuml: '\\u00EB',\n\teuro: '\\u20AC',\n\texcl: '\\u0021',\n\texist: '\\u2203',\n\tExists: '\\u2203',\n\texpectation: '\\u2130',\n\tExponentialE: '\\u2147',\n\texponentiale: '\\u2147',\n\tfallingdotseq: '\\u2252',\n\tFcy: '\\u0424',\n\tfcy: '\\u0444',\n\tfemale: '\\u2640',\n\tffilig: '\\uFB03',\n\tfflig: '\\uFB00',\n\tffllig: '\\uFB04',\n\tFfr: '\\uD835\\uDD09',\n\tffr: '\\uD835\\uDD23',\n\tfilig: '\\uFB01',\n\tFilledSmallSquare: '\\u25FC',\n\tFilledVerySmallSquare: '\\u25AA',\n\tfjlig: '\\u0066\\u006A',\n\tflat: '\\u266D',\n\tfllig: '\\uFB02',\n\tfltns: '\\u25B1',\n\tfnof: '\\u0192',\n\tFopf: '\\uD835\\uDD3D',\n\tfopf: '\\uD835\\uDD57',\n\tForAll: '\\u2200',\n\tforall: '\\u2200',\n\tfork: '\\u22D4',\n\tforkv: '\\u2AD9',\n\tFouriertrf: '\\u2131',\n\tfpartint: '\\u2A0D',\n\tfrac12: '\\u00BD',\n\tfrac13: '\\u2153',\n\tfrac14: '\\u00BC',\n\tfrac15: '\\u2155',\n\tfrac16: '\\u2159',\n\tfrac18: '\\u215B',\n\tfrac23: '\\u2154',\n\tfrac25: '\\u2156',\n\tfrac34: '\\u00BE',\n\tfrac35: '\\u2157',\n\tfrac38: '\\u215C',\n\tfrac45: '\\u2158',\n\tfrac56: '\\u215A',\n\tfrac58: '\\u215D',\n\tfrac78: '\\u215E',\n\tfrasl: '\\u2044',\n\tfrown: '\\u2322',\n\tFscr: '\\u2131',\n\tfscr: '\\uD835\\uDCBB',\n\tgacute: '\\u01F5',\n\tGamma: '\\u0393',\n\tgamma: '\\u03B3',\n\tGammad: '\\u03DC',\n\tgammad: '\\u03DD',\n\tgap: '\\u2A86',\n\tGbreve: '\\u011E',\n\tgbreve: '\\u011F',\n\tGcedil: '\\u0122',\n\tGcirc: '\\u011C',\n\tgcirc: '\\u011D',\n\tGcy: '\\u0413',\n\tgcy: '\\u0433',\n\tGdot: '\\u0120',\n\tgdot: '\\u0121',\n\tgE: '\\u2267',\n\tge: '\\u2265',\n\tgEl: '\\u2A8C',\n\tgel: '\\u22DB',\n\tgeq: '\\u2265',\n\tgeqq: '\\u2267',\n\tgeqslant: '\\u2A7E',\n\tges: '\\u2A7E',\n\tgescc: '\\u2AA9',\n\tgesdot: '\\u2A80',\n\tgesdoto: '\\u2A82',\n\tgesdotol: '\\u2A84',\n\tgesl: '\\u22DB\\uFE00',\n\tgesles: '\\u2A94',\n\tGfr: '\\uD835\\uDD0A',\n\tgfr: '\\uD835\\uDD24',\n\tGg: '\\u22D9',\n\tgg: '\\u226B',\n\tggg: '\\u22D9',\n\tgimel: '\\u2137',\n\tGJcy: '\\u0403',\n\tgjcy: '\\u0453',\n\tgl: '\\u2277',\n\tgla: '\\u2AA5',\n\tglE: '\\u2A92',\n\tglj: '\\u2AA4',\n\tgnap: '\\u2A8A',\n\tgnapprox: '\\u2A8A',\n\tgnE: '\\u2269',\n\tgne: '\\u2A88',\n\tgneq: '\\u2A88',\n\tgneqq: '\\u2269',\n\tgnsim: '\\u22E7',\n\tGopf: '\\uD835\\uDD3E',\n\tgopf: '\\uD835\\uDD58',\n\tgrave: '\\u0060',\n\tGreaterEqual: '\\u2265',\n\tGreaterEqualLess: '\\u22DB',\n\tGreaterFullEqual: '\\u2267',\n\tGreaterGreater: '\\u2AA2',\n\tGreaterLess: '\\u2277',\n\tGreaterSlantEqual: '\\u2A7E',\n\tGreaterTilde: '\\u2273',\n\tGscr: '\\uD835\\uDCA2',\n\tgscr: '\\u210A',\n\tgsim: '\\u2273',\n\tgsime: '\\u2A8E',\n\tgsiml: '\\u2A90',\n\tGt: '\\u226B',\n\tGT: '\\u003E',\n\tgt: '\\u003E',\n\tgtcc: '\\u2AA7',\n\tgtcir: '\\u2A7A',\n\tgtdot: '\\u22D7',\n\tgtlPar: '\\u2995',\n\tgtquest: '\\u2A7C',\n\tgtrapprox: '\\u2A86',\n\tgtrarr: '\\u2978',\n\tgtrdot: '\\u22D7',\n\tgtreqless: '\\u22DB',\n\tgtreqqless: '\\u2A8C',\n\tgtrless: '\\u2277',\n\tgtrsim: '\\u2273',\n\tgvertneqq: '\\u2269\\uFE00',\n\tgvnE: '\\u2269\\uFE00',\n\tHacek: '\\u02C7',\n\thairsp: '\\u200A',\n\thalf: '\\u00BD',\n\thamilt: '\\u210B',\n\tHARDcy: '\\u042A',\n\thardcy: '\\u044A',\n\thArr: '\\u21D4',\n\tharr: '\\u2194',\n\tharrcir: '\\u2948',\n\tharrw: '\\u21AD',\n\tHat: '\\u005E',\n\thbar: '\\u210F',\n\tHcirc: '\\u0124',\n\thcirc: '\\u0125',\n\thearts: '\\u2665',\n\theartsuit: '\\u2665',\n\thellip: '\\u2026',\n\thercon: '\\u22B9',\n\tHfr: '\\u210C',\n\thfr: '\\uD835\\uDD25',\n\tHilbertSpace: '\\u210B',\n\thksearow: '\\u2925',\n\thkswarow: '\\u2926',\n\thoarr: '\\u21FF',\n\thomtht: '\\u223B',\n\thookleftarrow: '\\u21A9',\n\thookrightarrow: '\\u21AA',\n\tHopf: '\\u210D',\n\thopf: '\\uD835\\uDD59',\n\thorbar: '\\u2015',\n\tHorizontalLine: '\\u2500',\n\tHscr: '\\u210B',\n\thscr: '\\uD835\\uDCBD',\n\thslash: '\\u210F',\n\tHstrok: '\\u0126',\n\thstrok: '\\u0127',\n\tHumpDownHump: '\\u224E',\n\tHumpEqual: '\\u224F',\n\thybull: '\\u2043',\n\thyphen: '\\u2010',\n\tIacute: '\\u00CD',\n\tiacute: '\\u00ED',\n\tic: '\\u2063',\n\tIcirc: '\\u00CE',\n\ticirc: '\\u00EE',\n\tIcy: '\\u0418',\n\ticy: '\\u0438',\n\tIdot: '\\u0130',\n\tIEcy: '\\u0415',\n\tiecy: '\\u0435',\n\tiexcl: '\\u00A1',\n\tiff: '\\u21D4',\n\tIfr: '\\u2111',\n\tifr: '\\uD835\\uDD26',\n\tIgrave: '\\u00CC',\n\tigrave: '\\u00EC',\n\tii: '\\u2148',\n\tiiiint: '\\u2A0C',\n\tiiint: '\\u222D',\n\tiinfin: '\\u29DC',\n\tiiota: '\\u2129',\n\tIJlig: '\\u0132',\n\tijlig: '\\u0133',\n\tIm: '\\u2111',\n\tImacr: '\\u012A',\n\timacr: '\\u012B',\n\timage: '\\u2111',\n\tImaginaryI: '\\u2148',\n\timagline: '\\u2110',\n\timagpart: '\\u2111',\n\timath: '\\u0131',\n\timof: '\\u22B7',\n\timped: '\\u01B5',\n\tImplies: '\\u21D2',\n\tin: '\\u2208',\n\tincare: '\\u2105',\n\tinfin: '\\u221E',\n\tinfintie: '\\u29DD',\n\tinodot: '\\u0131',\n\tInt: '\\u222C',\n\tint: '\\u222B',\n\tintcal: '\\u22BA',\n\tintegers: '\\u2124',\n\tIntegral: '\\u222B',\n\tintercal: '\\u22BA',\n\tIntersection: '\\u22C2',\n\tintlarhk: '\\u2A17',\n\tintprod: '\\u2A3C',\n\tInvisibleComma: '\\u2063',\n\tInvisibleTimes: '\\u2062',\n\tIOcy: '\\u0401',\n\tiocy: '\\u0451',\n\tIogon: '\\u012E',\n\tiogon: '\\u012F',\n\tIopf: '\\uD835\\uDD40',\n\tiopf: '\\uD835\\uDD5A',\n\tIota: '\\u0399',\n\tiota: '\\u03B9',\n\tiprod: '\\u2A3C',\n\tiquest: '\\u00BF',\n\tIscr: '\\u2110',\n\tiscr: '\\uD835\\uDCBE',\n\tisin: '\\u2208',\n\tisindot: '\\u22F5',\n\tisinE: '\\u22F9',\n\tisins: '\\u22F4',\n\tisinsv: '\\u22F3',\n\tisinv: '\\u2208',\n\tit: '\\u2062',\n\tItilde: '\\u0128',\n\titilde: '\\u0129',\n\tIukcy: '\\u0406',\n\tiukcy: '\\u0456',\n\tIuml: '\\u00CF',\n\tiuml: '\\u00EF',\n\tJcirc: '\\u0134',\n\tjcirc: '\\u0135',\n\tJcy: '\\u0419',\n\tjcy: '\\u0439',\n\tJfr: '\\uD835\\uDD0D',\n\tjfr: '\\uD835\\uDD27',\n\tjmath: '\\u0237',\n\tJopf: '\\uD835\\uDD41',\n\tjopf: '\\uD835\\uDD5B',\n\tJscr: '\\uD835\\uDCA5',\n\tjscr: '\\uD835\\uDCBF',\n\tJsercy: '\\u0408',\n\tjsercy: '\\u0458',\n\tJukcy: '\\u0404',\n\tjukcy: '\\u0454',\n\tKappa: '\\u039A',\n\tkappa: '\\u03BA',\n\tkappav: '\\u03F0',\n\tKcedil: '\\u0136',\n\tkcedil: '\\u0137',\n\tKcy: '\\u041A',\n\tkcy: '\\u043A',\n\tKfr: '\\uD835\\uDD0E',\n\tkfr: '\\uD835\\uDD28',\n\tkgreen: '\\u0138',\n\tKHcy: '\\u0425',\n\tkhcy: '\\u0445',\n\tKJcy: '\\u040C',\n\tkjcy: '\\u045C',\n\tKopf: '\\uD835\\uDD42',\n\tkopf: '\\uD835\\uDD5C',\n\tKscr: '\\uD835\\uDCA6',\n\tkscr: '\\uD835\\uDCC0',\n\tlAarr: '\\u21DA',\n\tLacute: '\\u0139',\n\tlacute: '\\u013A',\n\tlaemptyv: '\\u29B4',\n\tlagran: '\\u2112',\n\tLambda: '\\u039B',\n\tlambda: '\\u03BB',\n\tLang: '\\u27EA',\n\tlang: '\\u27E8',\n\tlangd: '\\u2991',\n\tlangle: '\\u27E8',\n\tlap: '\\u2A85',\n\tLaplacetrf: '\\u2112',\n\tlaquo: '\\u00AB',\n\tLarr: '\\u219E',\n\tlArr: '\\u21D0',\n\tlarr: '\\u2190',\n\tlarrb: '\\u21E4',\n\tlarrbfs: '\\u291F',\n\tlarrfs: '\\u291D',\n\tlarrhk: '\\u21A9',\n\tlarrlp: '\\u21AB',\n\tlarrpl: '\\u2939',\n\tlarrsim: '\\u2973',\n\tlarrtl: '\\u21A2',\n\tlat: '\\u2AAB',\n\tlAtail: '\\u291B',\n\tlatail: '\\u2919',\n\tlate: '\\u2AAD',\n\tlates: '\\u2AAD\\uFE00',\n\tlBarr: '\\u290E',\n\tlbarr: '\\u290C',\n\tlbbrk: '\\u2772',\n\tlbrace: '\\u007B',\n\tlbrack: '\\u005B',\n\tlbrke: '\\u298B',\n\tlbrksld: '\\u298F',\n\tlbrkslu: '\\u298D',\n\tLcaron: '\\u013D',\n\tlcaron: '\\u013E',\n\tLcedil: '\\u013B',\n\tlcedil: '\\u013C',\n\tlceil: '\\u2308',\n\tlcub: '\\u007B',\n\tLcy: '\\u041B',\n\tlcy: '\\u043B',\n\tldca: '\\u2936',\n\tldquo: '\\u201C',\n\tldquor: '\\u201E',\n\tldrdhar: '\\u2967',\n\tldrushar: '\\u294B',\n\tldsh: '\\u21B2',\n\tlE: '\\u2266',\n\tle: '\\u2264',\n\tLeftAngleBracket: '\\u27E8',\n\tLeftArrow: '\\u2190',\n\tLeftarrow: '\\u21D0',\n\tleftarrow: '\\u2190',\n\tLeftArrowBar: '\\u21E4',\n\tLeftArrowRightArrow: '\\u21C6',\n\tleftarrowtail: '\\u21A2',\n\tLeftCeiling: '\\u2308',\n\tLeftDoubleBracket: '\\u27E6',\n\tLeftDownTeeVector: '\\u2961',\n\tLeftDownVector: '\\u21C3',\n\tLeftDownVectorBar: '\\u2959',\n\tLeftFloor: '\\u230A',\n\tleftharpoondown: '\\u21BD',\n\tleftharpoonup: '\\u21BC',\n\tleftleftarrows: '\\u21C7',\n\tLeftRightArrow: '\\u2194',\n\tLeftrightarrow: '\\u21D4',\n\tleftrightarrow: '\\u2194',\n\tleftrightarrows: '\\u21C6',\n\tleftrightharpoons: '\\u21CB',\n\tleftrightsquigarrow: '\\u21AD',\n\tLeftRightVector: '\\u294E',\n\tLeftTee: '\\u22A3',\n\tLeftTeeArrow: '\\u21A4',\n\tLeftTeeVector: '\\u295A',\n\tleftthreetimes: '\\u22CB',\n\tLeftTriangle: '\\u22B2',\n\tLeftTriangleBar: '\\u29CF',\n\tLeftTriangleEqual: '\\u22B4',\n\tLeftUpDownVector: '\\u2951',\n\tLeftUpTeeVector: '\\u2960',\n\tLeftUpVector: '\\u21BF',\n\tLeftUpVectorBar: '\\u2958',\n\tLeftVector: '\\u21BC',\n\tLeftVectorBar: '\\u2952',\n\tlEg: '\\u2A8B',\n\tleg: '\\u22DA',\n\tleq: '\\u2264',\n\tleqq: '\\u2266',\n\tleqslant: '\\u2A7D',\n\tles: '\\u2A7D',\n\tlescc: '\\u2AA8',\n\tlesdot: '\\u2A7F',\n\tlesdoto: '\\u2A81',\n\tlesdotor: '\\u2A83',\n\tlesg: '\\u22DA\\uFE00',\n\tlesges: '\\u2A93',\n\tlessapprox: '\\u2A85',\n\tlessdot: '\\u22D6',\n\tlesseqgtr: '\\u22DA',\n\tlesseqqgtr: '\\u2A8B',\n\tLessEqualGreater: '\\u22DA',\n\tLessFullEqual: '\\u2266',\n\tLessGreater: '\\u2276',\n\tlessgtr: '\\u2276',\n\tLessLess: '\\u2AA1',\n\tlesssim: '\\u2272',\n\tLessSlantEqual: '\\u2A7D',\n\tLessTilde: '\\u2272',\n\tlfisht: '\\u297C',\n\tlfloor: '\\u230A',\n\tLfr: '\\uD835\\uDD0F',\n\tlfr: '\\uD835\\uDD29',\n\tlg: '\\u2276',\n\tlgE: '\\u2A91',\n\tlHar: '\\u2962',\n\tlhard: '\\u21BD',\n\tlharu: '\\u21BC',\n\tlharul: '\\u296A',\n\tlhblk: '\\u2584',\n\tLJcy: '\\u0409',\n\tljcy: '\\u0459',\n\tLl: '\\u22D8',\n\tll: '\\u226A',\n\tllarr: '\\u21C7',\n\tllcorner: '\\u231E',\n\tLleftarrow: '\\u21DA',\n\tllhard: '\\u296B',\n\tlltri: '\\u25FA',\n\tLmidot: '\\u013F',\n\tlmidot: '\\u0140',\n\tlmoust: '\\u23B0',\n\tlmoustache: '\\u23B0',\n\tlnap: '\\u2A89',\n\tlnapprox: '\\u2A89',\n\tlnE: '\\u2268',\n\tlne: '\\u2A87',\n\tlneq: '\\u2A87',\n\tlneqq: '\\u2268',\n\tlnsim: '\\u22E6',\n\tloang: '\\u27EC',\n\tloarr: '\\u21FD',\n\tlobrk: '\\u27E6',\n\tLongLeftArrow: '\\u27F5',\n\tLongleftarrow: '\\u27F8',\n\tlongleftarrow: '\\u27F5',\n\tLongLeftRightArrow: '\\u27F7',\n\tLongleftrightarrow: '\\u27FA',\n\tlongleftrightarrow: '\\u27F7',\n\tlongmapsto: '\\u27FC',\n\tLongRightArrow: '\\u27F6',\n\tLongrightarrow: '\\u27F9',\n\tlongrightarrow: '\\u27F6',\n\tlooparrowleft: '\\u21AB',\n\tlooparrowright: '\\u21AC',\n\tlopar: '\\u2985',\n\tLopf: '\\uD835\\uDD43',\n\tlopf: '\\uD835\\uDD5D',\n\tloplus: '\\u2A2D',\n\tlotimes: '\\u2A34',\n\tlowast: '\\u2217',\n\tlowbar: '\\u005F',\n\tLowerLeftArrow: '\\u2199',\n\tLowerRightArrow: '\\u2198',\n\tloz: '\\u25CA',\n\tlozenge: '\\u25CA',\n\tlozf: '\\u29EB',\n\tlpar: '\\u0028',\n\tlparlt: '\\u2993',\n\tlrarr: '\\u21C6',\n\tlrcorner: '\\u231F',\n\tlrhar: '\\u21CB',\n\tlrhard: '\\u296D',\n\tlrm: '\\u200E',\n\tlrtri: '\\u22BF',\n\tlsaquo: '\\u2039',\n\tLscr: '\\u2112',\n\tlscr: '\\uD835\\uDCC1',\n\tLsh: '\\u21B0',\n\tlsh: '\\u21B0',\n\tlsim: '\\u2272',\n\tlsime: '\\u2A8D',\n\tlsimg: '\\u2A8F',\n\tlsqb: '\\u005B',\n\tlsquo: '\\u2018',\n\tlsquor: '\\u201A',\n\tLstrok: '\\u0141',\n\tlstrok: '\\u0142',\n\tLt: '\\u226A',\n\tLT: '\\u003C',\n\tlt: '\\u003C',\n\tltcc: '\\u2AA6',\n\tltcir: '\\u2A79',\n\tltdot: '\\u22D6',\n\tlthree: '\\u22CB',\n\tltimes: '\\u22C9',\n\tltlarr: '\\u2976',\n\tltquest: '\\u2A7B',\n\tltri: '\\u25C3',\n\tltrie: '\\u22B4',\n\tltrif: '\\u25C2',\n\tltrPar: '\\u2996',\n\tlurdshar: '\\u294A',\n\tluruhar: '\\u2966',\n\tlvertneqq: '\\u2268\\uFE00',\n\tlvnE: '\\u2268\\uFE00',\n\tmacr: '\\u00AF',\n\tmale: '\\u2642',\n\tmalt: '\\u2720',\n\tmaltese: '\\u2720',\n\tMap: '\\u2905',\n\tmap: '\\u21A6',\n\tmapsto: '\\u21A6',\n\tmapstodown: '\\u21A7',\n\tmapstoleft: '\\u21A4',\n\tmapstoup: '\\u21A5',\n\tmarker: '\\u25AE',\n\tmcomma: '\\u2A29',\n\tMcy: '\\u041C',\n\tmcy: '\\u043C',\n\tmdash: '\\u2014',\n\tmDDot: '\\u223A',\n\tmeasuredangle: '\\u2221',\n\tMediumSpace: '\\u205F',\n\tMellintrf: '\\u2133',\n\tMfr: '\\uD835\\uDD10',\n\tmfr: '\\uD835\\uDD2A',\n\tmho: '\\u2127',\n\tmicro: '\\u00B5',\n\tmid: '\\u2223',\n\tmidast: '\\u002A',\n\tmidcir: '\\u2AF0',\n\tmiddot: '\\u00B7',\n\tminus: '\\u2212',\n\tminusb: '\\u229F',\n\tminusd: '\\u2238',\n\tminusdu: '\\u2A2A',\n\tMinusPlus: '\\u2213',\n\tmlcp: '\\u2ADB',\n\tmldr: '\\u2026',\n\tmnplus: '\\u2213',\n\tmodels: '\\u22A7',\n\tMopf: '\\uD835\\uDD44',\n\tmopf: '\\uD835\\uDD5E',\n\tmp: '\\u2213',\n\tMscr: '\\u2133',\n\tmscr: '\\uD835\\uDCC2',\n\tmstpos: '\\u223E',\n\tMu: '\\u039C',\n\tmu: '\\u03BC',\n\tmultimap: '\\u22B8',\n\tmumap: '\\u22B8',\n\tnabla: '\\u2207',\n\tNacute: '\\u0143',\n\tnacute: '\\u0144',\n\tnang: '\\u2220\\u20D2',\n\tnap: '\\u2249',\n\tnapE: '\\u2A70\\u0338',\n\tnapid: '\\u224B\\u0338',\n\tnapos: '\\u0149',\n\tnapprox: '\\u2249',\n\tnatur: '\\u266E',\n\tnatural: '\\u266E',\n\tnaturals: '\\u2115',\n\tnbsp: '\\u00A0',\n\tnbump: '\\u224E\\u0338',\n\tnbumpe: '\\u224F\\u0338',\n\tncap: '\\u2A43',\n\tNcaron: '\\u0147',\n\tncaron: '\\u0148',\n\tNcedil: '\\u0145',\n\tncedil: '\\u0146',\n\tncong: '\\u2247',\n\tncongdot: '\\u2A6D\\u0338',\n\tncup: '\\u2A42',\n\tNcy: '\\u041D',\n\tncy: '\\u043D',\n\tndash: '\\u2013',\n\tne: '\\u2260',\n\tnearhk: '\\u2924',\n\tneArr: '\\u21D7',\n\tnearr: '\\u2197',\n\tnearrow: '\\u2197',\n\tnedot: '\\u2250\\u0338',\n\tNegativeMediumSpace: '\\u200B',\n\tNegativeThickSpace: '\\u200B',\n\tNegativeThinSpace: '\\u200B',\n\tNegativeVeryThinSpace: '\\u200B',\n\tnequiv: '\\u2262',\n\tnesear: '\\u2928',\n\tnesim: '\\u2242\\u0338',\n\tNestedGreaterGreater: '\\u226B',\n\tNestedLessLess: '\\u226A',\n\tNewLine: '\\u000A',\n\tnexist: '\\u2204',\n\tnexists: '\\u2204',\n\tNfr: '\\uD835\\uDD11',\n\tnfr: '\\uD835\\uDD2B',\n\tngE: '\\u2267\\u0338',\n\tnge: '\\u2271',\n\tngeq: '\\u2271',\n\tngeqq: '\\u2267\\u0338',\n\tngeqslant: '\\u2A7E\\u0338',\n\tnges: '\\u2A7E\\u0338',\n\tnGg: '\\u22D9\\u0338',\n\tngsim: '\\u2275',\n\tnGt: '\\u226B\\u20D2',\n\tngt: '\\u226F',\n\tngtr: '\\u226F',\n\tnGtv: '\\u226B\\u0338',\n\tnhArr: '\\u21CE',\n\tnharr: '\\u21AE',\n\tnhpar: '\\u2AF2',\n\tni: '\\u220B',\n\tnis: '\\u22FC',\n\tnisd: '\\u22FA',\n\tniv: '\\u220B',\n\tNJcy: '\\u040A',\n\tnjcy: '\\u045A',\n\tnlArr: '\\u21CD',\n\tnlarr: '\\u219A',\n\tnldr: '\\u2025',\n\tnlE: '\\u2266\\u0338',\n\tnle: '\\u2270',\n\tnLeftarrow: '\\u21CD',\n\tnleftarrow: '\\u219A',\n\tnLeftrightarrow: '\\u21CE',\n\tnleftrightarrow: '\\u21AE',\n\tnleq: '\\u2270',\n\tnleqq: '\\u2266\\u0338',\n\tnleqslant: '\\u2A7D\\u0338',\n\tnles: '\\u2A7D\\u0338',\n\tnless: '\\u226E',\n\tnLl: '\\u22D8\\u0338',\n\tnlsim: '\\u2274',\n\tnLt: '\\u226A\\u20D2',\n\tnlt: '\\u226E',\n\tnltri: '\\u22EA',\n\tnltrie: '\\u22EC',\n\tnLtv: '\\u226A\\u0338',\n\tnmid: '\\u2224',\n\tNoBreak: '\\u2060',\n\tNonBreakingSpace: '\\u00A0',\n\tNopf: '\\u2115',\n\tnopf: '\\uD835\\uDD5F',\n\tNot: '\\u2AEC',\n\tnot: '\\u00AC',\n\tNotCongruent: '\\u2262',\n\tNotCupCap: '\\u226D',\n\tNotDoubleVerticalBar: '\\u2226',\n\tNotElement: '\\u2209',\n\tNotEqual: '\\u2260',\n\tNotEqualTilde: '\\u2242\\u0338',\n\tNotExists: '\\u2204',\n\tNotGreater: '\\u226F',\n\tNotGreaterEqual: '\\u2271',\n\tNotGreaterFullEqual: '\\u2267\\u0338',\n\tNotGreaterGreater: '\\u226B\\u0338',\n\tNotGreaterLess: '\\u2279',\n\tNotGreaterSlantEqual: '\\u2A7E\\u0338',\n\tNotGreaterTilde: '\\u2275',\n\tNotHumpDownHump: '\\u224E\\u0338',\n\tNotHumpEqual: '\\u224F\\u0338',\n\tnotin: '\\u2209',\n\tnotindot: '\\u22F5\\u0338',\n\tnotinE: '\\u22F9\\u0338',\n\tnotinva: '\\u2209',\n\tnotinvb: '\\u22F7',\n\tnotinvc: '\\u22F6',\n\tNotLeftTriangle: '\\u22EA',\n\tNotLeftTriangleBar: '\\u29CF\\u0338',\n\tNotLeftTriangleEqual: '\\u22EC',\n\tNotLess: '\\u226E',\n\tNotLessEqual: '\\u2270',\n\tNotLessGreater: '\\u2278',\n\tNotLessLess: '\\u226A\\u0338',\n\tNotLessSlantEqual: '\\u2A7D\\u0338',\n\tNotLessTilde: '\\u2274',\n\tNotNestedGreaterGreater: '\\u2AA2\\u0338',\n\tNotNestedLessLess: '\\u2AA1\\u0338',\n\tnotni: '\\u220C',\n\tnotniva: '\\u220C',\n\tnotnivb: '\\u22FE',\n\tnotnivc: '\\u22FD',\n\tNotPrecedes: '\\u2280',\n\tNotPrecedesEqual: '\\u2AAF\\u0338',\n\tNotPrecedesSlantEqual: '\\u22E0',\n\tNotReverseElement: '\\u220C',\n\tNotRightTriangle: '\\u22EB',\n\tNotRightTriangleBar: '\\u29D0\\u0338',\n\tNotRightTriangleEqual: '\\u22ED',\n\tNotSquareSubset: '\\u228F\\u0338',\n\tNotSquareSubsetEqual: '\\u22E2',\n\tNotSquareSuperset: '\\u2290\\u0338',\n\tNotSquareSupersetEqual: '\\u22E3',\n\tNotSubset: '\\u2282\\u20D2',\n\tNotSubsetEqual: '\\u2288',\n\tNotSucceeds: '\\u2281',\n\tNotSucceedsEqual: '\\u2AB0\\u0338',\n\tNotSucceedsSlantEqual: '\\u22E1',\n\tNotSucceedsTilde: '\\u227F\\u0338',\n\tNotSuperset: '\\u2283\\u20D2',\n\tNotSupersetEqual: '\\u2289',\n\tNotTilde: '\\u2241',\n\tNotTildeEqual: '\\u2244',\n\tNotTildeFullEqual: '\\u2247',\n\tNotTildeTilde: '\\u2249',\n\tNotVerticalBar: '\\u2224',\n\tnpar: '\\u2226',\n\tnparallel: '\\u2226',\n\tnparsl: '\\u2AFD\\u20E5',\n\tnpart: '\\u2202\\u0338',\n\tnpolint: '\\u2A14',\n\tnpr: '\\u2280',\n\tnprcue: '\\u22E0',\n\tnpre: '\\u2AAF\\u0338',\n\tnprec: '\\u2280',\n\tnpreceq: '\\u2AAF\\u0338',\n\tnrArr: '\\u21CF',\n\tnrarr: '\\u219B',\n\tnrarrc: '\\u2933\\u0338',\n\tnrarrw: '\\u219D\\u0338',\n\tnRightarrow: '\\u21CF',\n\tnrightarrow: '\\u219B',\n\tnrtri: '\\u22EB',\n\tnrtrie: '\\u22ED',\n\tnsc: '\\u2281',\n\tnsccue: '\\u22E1',\n\tnsce: '\\u2AB0\\u0338',\n\tNscr: '\\uD835\\uDCA9',\n\tnscr: '\\uD835\\uDCC3',\n\tnshortmid: '\\u2224',\n\tnshortparallel: '\\u2226',\n\tnsim: '\\u2241',\n\tnsime: '\\u2244',\n\tnsimeq: '\\u2244',\n\tnsmid: '\\u2224',\n\tnspar: '\\u2226',\n\tnsqsube: '\\u22E2',\n\tnsqsupe: '\\u22E3',\n\tnsub: '\\u2284',\n\tnsubE: '\\u2AC5\\u0338',\n\tnsube: '\\u2288',\n\tnsubset: '\\u2282\\u20D2',\n\tnsubseteq: '\\u2288',\n\tnsubseteqq: '\\u2AC5\\u0338',\n\tnsucc: '\\u2281',\n\tnsucceq: '\\u2AB0\\u0338',\n\tnsup: '\\u2285',\n\tnsupE: '\\u2AC6\\u0338',\n\tnsupe: '\\u2289',\n\tnsupset: '\\u2283\\u20D2',\n\tnsupseteq: '\\u2289',\n\tnsupseteqq: '\\u2AC6\\u0338',\n\tntgl: '\\u2279',\n\tNtilde: '\\u00D1',\n\tntilde: '\\u00F1',\n\tntlg: '\\u2278',\n\tntriangleleft: '\\u22EA',\n\tntrianglelefteq: '\\u22EC',\n\tntriangleright: '\\u22EB',\n\tntrianglerighteq: '\\u22ED',\n\tNu: '\\u039D',\n\tnu: '\\u03BD',\n\tnum: '\\u0023',\n\tnumero: '\\u2116',\n\tnumsp: '\\u2007',\n\tnvap: '\\u224D\\u20D2',\n\tnVDash: '\\u22AF',\n\tnVdash: '\\u22AE',\n\tnvDash: '\\u22AD',\n\tnvdash: '\\u22AC',\n\tnvge: '\\u2265\\u20D2',\n\tnvgt: '\\u003E\\u20D2',\n\tnvHarr: '\\u2904',\n\tnvinfin: '\\u29DE',\n\tnvlArr: '\\u2902',\n\tnvle: '\\u2264\\u20D2',\n\tnvlt: '\\u003C\\u20D2',\n\tnvltrie: '\\u22B4\\u20D2',\n\tnvrArr: '\\u2903',\n\tnvrtrie: '\\u22B5\\u20D2',\n\tnvsim: '\\u223C\\u20D2',\n\tnwarhk: '\\u2923',\n\tnwArr: '\\u21D6',\n\tnwarr: '\\u2196',\n\tnwarrow: '\\u2196',\n\tnwnear: '\\u2927',\n\tOacute: '\\u00D3',\n\toacute: '\\u00F3',\n\toast: '\\u229B',\n\tocir: '\\u229A',\n\tOcirc: '\\u00D4',\n\tocirc: '\\u00F4',\n\tOcy: '\\u041E',\n\tocy: '\\u043E',\n\todash: '\\u229D',\n\tOdblac: '\\u0150',\n\todblac: '\\u0151',\n\todiv: '\\u2A38',\n\todot: '\\u2299',\n\todsold: '\\u29BC',\n\tOElig: '\\u0152',\n\toelig: '\\u0153',\n\tofcir: '\\u29BF',\n\tOfr: '\\uD835\\uDD12',\n\tofr: '\\uD835\\uDD2C',\n\togon: '\\u02DB',\n\tOgrave: '\\u00D2',\n\tograve: '\\u00F2',\n\togt: '\\u29C1',\n\tohbar: '\\u29B5',\n\tohm: '\\u03A9',\n\toint: '\\u222E',\n\tolarr: '\\u21BA',\n\tolcir: '\\u29BE',\n\tolcross: '\\u29BB',\n\toline: '\\u203E',\n\tolt: '\\u29C0',\n\tOmacr: '\\u014C',\n\tomacr: '\\u014D',\n\tOmega: '\\u03A9',\n\tomega: '\\u03C9',\n\tOmicron: '\\u039F',\n\tomicron: '\\u03BF',\n\tomid: '\\u29B6',\n\tominus: '\\u2296',\n\tOopf: '\\uD835\\uDD46',\n\toopf: '\\uD835\\uDD60',\n\topar: '\\u29B7',\n\tOpenCurlyDoubleQuote: '\\u201C',\n\tOpenCurlyQuote: '\\u2018',\n\toperp: '\\u29B9',\n\toplus: '\\u2295',\n\tOr: '\\u2A54',\n\tor: '\\u2228',\n\torarr: '\\u21BB',\n\tord: '\\u2A5D',\n\torder: '\\u2134',\n\torderof: '\\u2134',\n\tordf: '\\u00AA',\n\tordm: '\\u00BA',\n\torigof: '\\u22B6',\n\toror: '\\u2A56',\n\torslope: '\\u2A57',\n\torv: '\\u2A5B',\n\toS: '\\u24C8',\n\tOscr: '\\uD835\\uDCAA',\n\toscr: '\\u2134',\n\tOslash: '\\u00D8',\n\toslash: '\\u00F8',\n\tosol: '\\u2298',\n\tOtilde: '\\u00D5',\n\totilde: '\\u00F5',\n\tOtimes: '\\u2A37',\n\totimes: '\\u2297',\n\totimesas: '\\u2A36',\n\tOuml: '\\u00D6',\n\touml: '\\u00F6',\n\tovbar: '\\u233D',\n\tOverBar: '\\u203E',\n\tOverBrace: '\\u23DE',\n\tOverBracket: '\\u23B4',\n\tOverParenthesis: '\\u23DC',\n\tpar: '\\u2225',\n\tpara: '\\u00B6',\n\tparallel: '\\u2225',\n\tparsim: '\\u2AF3',\n\tparsl: '\\u2AFD',\n\tpart: '\\u2202',\n\tPartialD: '\\u2202',\n\tPcy: '\\u041F',\n\tpcy: '\\u043F',\n\tpercnt: '\\u0025',\n\tperiod: '\\u002E',\n\tpermil: '\\u2030',\n\tperp: '\\u22A5',\n\tpertenk: '\\u2031',\n\tPfr: '\\uD835\\uDD13',\n\tpfr: '\\uD835\\uDD2D',\n\tPhi: '\\u03A6',\n\tphi: '\\u03C6',\n\tphiv: '\\u03D5',\n\tphmmat: '\\u2133',\n\tphone: '\\u260E',\n\tPi: '\\u03A0',\n\tpi: '\\u03C0',\n\tpitchfork: '\\u22D4',\n\tpiv: '\\u03D6',\n\tplanck: '\\u210F',\n\tplanckh: '\\u210E',\n\tplankv: '\\u210F',\n\tplus: '\\u002B',\n\tplusacir: '\\u2A23',\n\tplusb: '\\u229E',\n\tpluscir: '\\u2A22',\n\tplusdo: '\\u2214',\n\tplusdu: '\\u2A25',\n\tpluse: '\\u2A72',\n\tPlusMinus: '\\u00B1',\n\tplusmn: '\\u00B1',\n\tplussim: '\\u2A26',\n\tplustwo: '\\u2A27',\n\tpm: '\\u00B1',\n\tPoincareplane: '\\u210C',\n\tpointint: '\\u2A15',\n\tPopf: '\\u2119',\n\tpopf: '\\uD835\\uDD61',\n\tpound: '\\u00A3',\n\tPr: '\\u2ABB',\n\tpr: '\\u227A',\n\tprap: '\\u2AB7',\n\tprcue: '\\u227C',\n\tprE: '\\u2AB3',\n\tpre: '\\u2AAF',\n\tprec: '\\u227A',\n\tprecapprox: '\\u2AB7',\n\tpreccurlyeq: '\\u227C',\n\tPrecedes: '\\u227A',\n\tPrecedesEqual: '\\u2AAF',\n\tPrecedesSlantEqual: '\\u227C',\n\tPrecedesTilde: '\\u227E',\n\tpreceq: '\\u2AAF',\n\tprecnapprox: '\\u2AB9',\n\tprecneqq: '\\u2AB5',\n\tprecnsim: '\\u22E8',\n\tprecsim: '\\u227E',\n\tPrime: '\\u2033',\n\tprime: '\\u2032',\n\tprimes: '\\u2119',\n\tprnap: '\\u2AB9',\n\tprnE: '\\u2AB5',\n\tprnsim: '\\u22E8',\n\tprod: '\\u220F',\n\tProduct: '\\u220F',\n\tprofalar: '\\u232E',\n\tprofline: '\\u2312',\n\tprofsurf: '\\u2313',\n\tprop: '\\u221D',\n\tProportion: '\\u2237',\n\tProportional: '\\u221D',\n\tpropto: '\\u221D',\n\tprsim: '\\u227E',\n\tprurel: '\\u22B0',\n\tPscr: '\\uD835\\uDCAB',\n\tpscr: '\\uD835\\uDCC5',\n\tPsi: '\\u03A8',\n\tpsi: '\\u03C8',\n\tpuncsp: '\\u2008',\n\tQfr: '\\uD835\\uDD14',\n\tqfr: '\\uD835\\uDD2E',\n\tqint: '\\u2A0C',\n\tQopf: '\\u211A',\n\tqopf: '\\uD835\\uDD62',\n\tqprime: '\\u2057',\n\tQscr: '\\uD835\\uDCAC',\n\tqscr: '\\uD835\\uDCC6',\n\tquaternions: '\\u210D',\n\tquatint: '\\u2A16',\n\tquest: '\\u003F',\n\tquesteq: '\\u225F',\n\tQUOT: '\\u0022',\n\tquot: '\\u0022',\n\trAarr: '\\u21DB',\n\trace: '\\u223D\\u0331',\n\tRacute: '\\u0154',\n\tracute: '\\u0155',\n\tradic: '\\u221A',\n\traemptyv: '\\u29B3',\n\tRang: '\\u27EB',\n\trang: '\\u27E9',\n\trangd: '\\u2992',\n\trange: '\\u29A5',\n\trangle: '\\u27E9',\n\traquo: '\\u00BB',\n\tRarr: '\\u21A0',\n\trArr: '\\u21D2',\n\trarr: '\\u2192',\n\trarrap: '\\u2975',\n\trarrb: '\\u21E5',\n\trarrbfs: '\\u2920',\n\trarrc: '\\u2933',\n\trarrfs: '\\u291E',\n\trarrhk: '\\u21AA',\n\trarrlp: '\\u21AC',\n\trarrpl: '\\u2945',\n\trarrsim: '\\u2974',\n\tRarrtl: '\\u2916',\n\trarrtl: '\\u21A3',\n\trarrw: '\\u219D',\n\trAtail: '\\u291C',\n\tratail: '\\u291A',\n\tratio: '\\u2236',\n\trationals: '\\u211A',\n\tRBarr: '\\u2910',\n\trBarr: '\\u290F',\n\trbarr: '\\u290D',\n\trbbrk: '\\u2773',\n\trbrace: '\\u007D',\n\trbrack: '\\u005D',\n\trbrke: '\\u298C',\n\trbrksld: '\\u298E',\n\trbrkslu: '\\u2990',\n\tRcaron: '\\u0158',\n\trcaron: '\\u0159',\n\tRcedil: '\\u0156',\n\trcedil: '\\u0157',\n\trceil: '\\u2309',\n\trcub: '\\u007D',\n\tRcy: '\\u0420',\n\trcy: '\\u0440',\n\trdca: '\\u2937',\n\trdldhar: '\\u2969',\n\trdquo: '\\u201D',\n\trdquor: '\\u201D',\n\trdsh: '\\u21B3',\n\tRe: '\\u211C',\n\treal: '\\u211C',\n\trealine: '\\u211B',\n\trealpart: '\\u211C',\n\treals: '\\u211D',\n\trect: '\\u25AD',\n\tREG: '\\u00AE',\n\treg: '\\u00AE',\n\tReverseElement: '\\u220B',\n\tReverseEquilibrium: '\\u21CB',\n\tReverseUpEquilibrium: '\\u296F',\n\trfisht: '\\u297D',\n\trfloor: '\\u230B',\n\tRfr: '\\u211C',\n\trfr: '\\uD835\\uDD2F',\n\trHar: '\\u2964',\n\trhard: '\\u21C1',\n\trharu: '\\u21C0',\n\trharul: '\\u296C',\n\tRho: '\\u03A1',\n\trho: '\\u03C1',\n\trhov: '\\u03F1',\n\tRightAngleBracket: '\\u27E9',\n\tRightArrow: '\\u2192',\n\tRightarrow: '\\u21D2',\n\trightarrow: '\\u2192',\n\tRightArrowBar: '\\u21E5',\n\tRightArrowLeftArrow: '\\u21C4',\n\trightarrowtail: '\\u21A3',\n\tRightCeiling: '\\u2309',\n\tRightDoubleBracket: '\\u27E7',\n\tRightDownTeeVector: '\\u295D',\n\tRightDownVector: '\\u21C2',\n\tRightDownVectorBar: '\\u2955',\n\tRightFloor: '\\u230B',\n\trightharpoondown: '\\u21C1',\n\trightharpoonup: '\\u21C0',\n\trightleftarrows: '\\u21C4',\n\trightleftharpoons: '\\u21CC',\n\trightrightarrows: '\\u21C9',\n\trightsquigarrow: '\\u219D',\n\tRightTee: '\\u22A2',\n\tRightTeeArrow: '\\u21A6',\n\tRightTeeVector: '\\u295B',\n\trightthreetimes: '\\u22CC',\n\tRightTriangle: '\\u22B3',\n\tRightTriangleBar: '\\u29D0',\n\tRightTriangleEqual: '\\u22B5',\n\tRightUpDownVector: '\\u294F',\n\tRightUpTeeVector: '\\u295C',\n\tRightUpVector: '\\u21BE',\n\tRightUpVectorBar: '\\u2954',\n\tRightVector: '\\u21C0',\n\tRightVectorBar: '\\u2953',\n\tring: '\\u02DA',\n\trisingdotseq: '\\u2253',\n\trlarr: '\\u21C4',\n\trlhar: '\\u21CC',\n\trlm: '\\u200F',\n\trmoust: '\\u23B1',\n\trmoustache: '\\u23B1',\n\trnmid: '\\u2AEE',\n\troang: '\\u27ED',\n\troarr: '\\u21FE',\n\trobrk: '\\u27E7',\n\tropar: '\\u2986',\n\tRopf: '\\u211D',\n\tropf: '\\uD835\\uDD63',\n\troplus: '\\u2A2E',\n\trotimes: '\\u2A35',\n\tRoundImplies: '\\u2970',\n\trpar: '\\u0029',\n\trpargt: '\\u2994',\n\trppolint: '\\u2A12',\n\trrarr: '\\u21C9',\n\tRrightarrow: '\\u21DB',\n\trsaquo: '\\u203A',\n\tRscr: '\\u211B',\n\trscr: '\\uD835\\uDCC7',\n\tRsh: '\\u21B1',\n\trsh: '\\u21B1',\n\trsqb: '\\u005D',\n\trsquo: '\\u2019',\n\trsquor: '\\u2019',\n\trthree: '\\u22CC',\n\trtimes: '\\u22CA',\n\trtri: '\\u25B9',\n\trtrie: '\\u22B5',\n\trtrif: '\\u25B8',\n\trtriltri: '\\u29CE',\n\tRuleDelayed: '\\u29F4',\n\truluhar: '\\u2968',\n\trx: '\\u211E',\n\tSacute: '\\u015A',\n\tsacute: '\\u015B',\n\tsbquo: '\\u201A',\n\tSc: '\\u2ABC',\n\tsc: '\\u227B',\n\tscap: '\\u2AB8',\n\tScaron: '\\u0160',\n\tscaron: '\\u0161',\n\tsccue: '\\u227D',\n\tscE: '\\u2AB4',\n\tsce: '\\u2AB0',\n\tScedil: '\\u015E',\n\tscedil: '\\u015F',\n\tScirc: '\\u015C',\n\tscirc: '\\u015D',\n\tscnap: '\\u2ABA',\n\tscnE: '\\u2AB6',\n\tscnsim: '\\u22E9',\n\tscpolint: '\\u2A13',\n\tscsim: '\\u227F',\n\tScy: '\\u0421',\n\tscy: '\\u0441',\n\tsdot: '\\u22C5',\n\tsdotb: '\\u22A1',\n\tsdote: '\\u2A66',\n\tsearhk: '\\u2925',\n\tseArr: '\\u21D8',\n\tsearr: '\\u2198',\n\tsearrow: '\\u2198',\n\tsect: '\\u00A7',\n\tsemi: '\\u003B',\n\tseswar: '\\u2929',\n\tsetminus: '\\u2216',\n\tsetmn: '\\u2216',\n\tsext: '\\u2736',\n\tSfr: '\\uD835\\uDD16',\n\tsfr: '\\uD835\\uDD30',\n\tsfrown: '\\u2322',\n\tsharp: '\\u266F',\n\tSHCHcy: '\\u0429',\n\tshchcy: '\\u0449',\n\tSHcy: '\\u0428',\n\tshcy: '\\u0448',\n\tShortDownArrow: '\\u2193',\n\tShortLeftArrow: '\\u2190',\n\tshortmid: '\\u2223',\n\tshortparallel: '\\u2225',\n\tShortRightArrow: '\\u2192',\n\tShortUpArrow: '\\u2191',\n\tshy: '\\u00AD',\n\tSigma: '\\u03A3',\n\tsigma: '\\u03C3',\n\tsigmaf: '\\u03C2',\n\tsigmav: '\\u03C2',\n\tsim: '\\u223C',\n\tsimdot: '\\u2A6A',\n\tsime: '\\u2243',\n\tsimeq: '\\u2243',\n\tsimg: '\\u2A9E',\n\tsimgE: '\\u2AA0',\n\tsiml: '\\u2A9D',\n\tsimlE: '\\u2A9F',\n\tsimne: '\\u2246',\n\tsimplus: '\\u2A24',\n\tsimrarr: '\\u2972',\n\tslarr: '\\u2190',\n\tSmallCircle: '\\u2218',\n\tsmallsetminus: '\\u2216',\n\tsmashp: '\\u2A33',\n\tsmeparsl: '\\u29E4',\n\tsmid: '\\u2223',\n\tsmile: '\\u2323',\n\tsmt: '\\u2AAA',\n\tsmte: '\\u2AAC',\n\tsmtes: '\\u2AAC\\uFE00',\n\tSOFTcy: '\\u042C',\n\tsoftcy: '\\u044C',\n\tsol: '\\u002F',\n\tsolb: '\\u29C4',\n\tsolbar: '\\u233F',\n\tSopf: '\\uD835\\uDD4A',\n\tsopf: '\\uD835\\uDD64',\n\tspades: '\\u2660',\n\tspadesuit: '\\u2660',\n\tspar: '\\u2225',\n\tsqcap: '\\u2293',\n\tsqcaps: '\\u2293\\uFE00',\n\tsqcup: '\\u2294',\n\tsqcups: '\\u2294\\uFE00',\n\tSqrt: '\\u221A',\n\tsqsub: '\\u228F',\n\tsqsube: '\\u2291',\n\tsqsubset: '\\u228F',\n\tsqsubseteq: '\\u2291',\n\tsqsup: '\\u2290',\n\tsqsupe: '\\u2292',\n\tsqsupset: '\\u2290',\n\tsqsupseteq: '\\u2292',\n\tsqu: '\\u25A1',\n\tSquare: '\\u25A1',\n\tsquare: '\\u25A1',\n\tSquareIntersection: '\\u2293',\n\tSquareSubset: '\\u228F',\n\tSquareSubsetEqual: '\\u2291',\n\tSquareSuperset: '\\u2290',\n\tSquareSupersetEqual: '\\u2292',\n\tSquareUnion: '\\u2294',\n\tsquarf: '\\u25AA',\n\tsquf: '\\u25AA',\n\tsrarr: '\\u2192',\n\tSscr: '\\uD835\\uDCAE',\n\tsscr: '\\uD835\\uDCC8',\n\tssetmn: '\\u2216',\n\tssmile: '\\u2323',\n\tsstarf: '\\u22C6',\n\tStar: '\\u22C6',\n\tstar: '\\u2606',\n\tstarf: '\\u2605',\n\tstraightepsilon: '\\u03F5',\n\tstraightphi: '\\u03D5',\n\tstrns: '\\u00AF',\n\tSub: '\\u22D0',\n\tsub: '\\u2282',\n\tsubdot: '\\u2ABD',\n\tsubE: '\\u2AC5',\n\tsube: '\\u2286',\n\tsubedot: '\\u2AC3',\n\tsubmult: '\\u2AC1',\n\tsubnE: '\\u2ACB',\n\tsubne: '\\u228A',\n\tsubplus: '\\u2ABF',\n\tsubrarr: '\\u2979',\n\tSubset: '\\u22D0',\n\tsubset: '\\u2282',\n\tsubseteq: '\\u2286',\n\tsubseteqq: '\\u2AC5',\n\tSubsetEqual: '\\u2286',\n\tsubsetneq: '\\u228A',\n\tsubsetneqq: '\\u2ACB',\n\tsubsim: '\\u2AC7',\n\tsubsub: '\\u2AD5',\n\tsubsup: '\\u2AD3',\n\tsucc: '\\u227B',\n\tsuccapprox: '\\u2AB8',\n\tsucccurlyeq: '\\u227D',\n\tSucceeds: '\\u227B',\n\tSucceedsEqual: '\\u2AB0',\n\tSucceedsSlantEqual: '\\u227D',\n\tSucceedsTilde: '\\u227F',\n\tsucceq: '\\u2AB0',\n\tsuccnapprox: '\\u2ABA',\n\tsuccneqq: '\\u2AB6',\n\tsuccnsim: '\\u22E9',\n\tsuccsim: '\\u227F',\n\tSuchThat: '\\u220B',\n\tSum: '\\u2211',\n\tsum: '\\u2211',\n\tsung: '\\u266A',\n\tSup: '\\u22D1',\n\tsup: '\\u2283',\n\tsup1: '\\u00B9',\n\tsup2: '\\u00B2',\n\tsup3: '\\u00B3',\n\tsupdot: '\\u2ABE',\n\tsupdsub: '\\u2AD8',\n\tsupE: '\\u2AC6',\n\tsupe: '\\u2287',\n\tsupedot: '\\u2AC4',\n\tSuperset: '\\u2283',\n\tSupersetEqual: '\\u2287',\n\tsuphsol: '\\u27C9',\n\tsuphsub: '\\u2AD7',\n\tsuplarr: '\\u297B',\n\tsupmult: '\\u2AC2',\n\tsupnE: '\\u2ACC',\n\tsupne: '\\u228B',\n\tsupplus: '\\u2AC0',\n\tSupset: '\\u22D1',\n\tsupset: '\\u2283',\n\tsupseteq: '\\u2287',\n\tsupseteqq: '\\u2AC6',\n\tsupsetneq: '\\u228B',\n\tsupsetneqq: '\\u2ACC',\n\tsupsim: '\\u2AC8',\n\tsupsub: '\\u2AD4',\n\tsupsup: '\\u2AD6',\n\tswarhk: '\\u2926',\n\tswArr: '\\u21D9',\n\tswarr: '\\u2199',\n\tswarrow: '\\u2199',\n\tswnwar: '\\u292A',\n\tszlig: '\\u00DF',\n\tTab: '\\u0009',\n\ttarget: '\\u2316',\n\tTau: '\\u03A4',\n\ttau: '\\u03C4',\n\ttbrk: '\\u23B4',\n\tTcaron: '\\u0164',\n\ttcaron: '\\u0165',\n\tTcedil: '\\u0162',\n\ttcedil: '\\u0163',\n\tTcy: '\\u0422',\n\ttcy: '\\u0442',\n\ttdot: '\\u20DB',\n\ttelrec: '\\u2315',\n\tTfr: '\\uD835\\uDD17',\n\ttfr: '\\uD835\\uDD31',\n\tthere4: '\\u2234',\n\tTherefore: '\\u2234',\n\ttherefore: '\\u2234',\n\tTheta: '\\u0398',\n\ttheta: '\\u03B8',\n\tthetasym: '\\u03D1',\n\tthetav: '\\u03D1',\n\tthickapprox: '\\u2248',\n\tthicksim: '\\u223C',\n\tThickSpace: '\\u205F\\u200A',\n\tthinsp: '\\u2009',\n\tThinSpace: '\\u2009',\n\tthkap: '\\u2248',\n\tthksim: '\\u223C',\n\tTHORN: '\\u00DE',\n\tthorn: '\\u00FE',\n\tTilde: '\\u223C',\n\ttilde: '\\u02DC',\n\tTildeEqual: '\\u2243',\n\tTildeFullEqual: '\\u2245',\n\tTildeTilde: '\\u2248',\n\ttimes: '\\u00D7',\n\ttimesb: '\\u22A0',\n\ttimesbar: '\\u2A31',\n\ttimesd: '\\u2A30',\n\ttint: '\\u222D',\n\ttoea: '\\u2928',\n\ttop: '\\u22A4',\n\ttopbot: '\\u2336',\n\ttopcir: '\\u2AF1',\n\tTopf: '\\uD835\\uDD4B',\n\ttopf: '\\uD835\\uDD65',\n\ttopfork: '\\u2ADA',\n\ttosa: '\\u2929',\n\ttprime: '\\u2034',\n\tTRADE: '\\u2122',\n\ttrade: '\\u2122',\n\ttriangle: '\\u25B5',\n\ttriangledown: '\\u25BF',\n\ttriangleleft: '\\u25C3',\n\ttrianglelefteq: '\\u22B4',\n\ttriangleq: '\\u225C',\n\ttriangleright: '\\u25B9',\n\ttrianglerighteq: '\\u22B5',\n\ttridot: '\\u25EC',\n\ttrie: '\\u225C',\n\ttriminus: '\\u2A3A',\n\tTripleDot: '\\u20DB',\n\ttriplus: '\\u2A39',\n\ttrisb: '\\u29CD',\n\ttritime: '\\u2A3B',\n\ttrpezium: '\\u23E2',\n\tTscr: '\\uD835\\uDCAF',\n\ttscr: '\\uD835\\uDCC9',\n\tTScy: '\\u0426',\n\ttscy: '\\u0446',\n\tTSHcy: '\\u040B',\n\ttshcy: '\\u045B',\n\tTstrok: '\\u0166',\n\ttstrok: '\\u0167',\n\ttwixt: '\\u226C',\n\ttwoheadleftarrow: '\\u219E',\n\ttwoheadrightarrow: '\\u21A0',\n\tUacute: '\\u00DA',\n\tuacute: '\\u00FA',\n\tUarr: '\\u219F',\n\tuArr: '\\u21D1',\n\tuarr: '\\u2191',\n\tUarrocir: '\\u2949',\n\tUbrcy: '\\u040E',\n\tubrcy: '\\u045E',\n\tUbreve: '\\u016C',\n\tubreve: '\\u016D',\n\tUcirc: '\\u00DB',\n\tucirc: '\\u00FB',\n\tUcy: '\\u0423',\n\tucy: '\\u0443',\n\tudarr: '\\u21C5',\n\tUdblac: '\\u0170',\n\tudblac: '\\u0171',\n\tudhar: '\\u296E',\n\tufisht: '\\u297E',\n\tUfr: '\\uD835\\uDD18',\n\tufr: '\\uD835\\uDD32',\n\tUgrave: '\\u00D9',\n\tugrave: '\\u00F9',\n\tuHar: '\\u2963',\n\tuharl: '\\u21BF',\n\tuharr: '\\u21BE',\n\tuhblk: '\\u2580',\n\tulcorn: '\\u231C',\n\tulcorner: '\\u231C',\n\tulcrop: '\\u230F',\n\tultri: '\\u25F8',\n\tUmacr: '\\u016A',\n\tumacr: '\\u016B',\n\tuml: '\\u00A8',\n\tUnderBar: '\\u005F',\n\tUnderBrace: '\\u23DF',\n\tUnderBracket: '\\u23B5',\n\tUnderParenthesis: '\\u23DD',\n\tUnion: '\\u22C3',\n\tUnionPlus: '\\u228E',\n\tUogon: '\\u0172',\n\tuogon: '\\u0173',\n\tUopf: '\\uD835\\uDD4C',\n\tuopf: '\\uD835\\uDD66',\n\tUpArrow: '\\u2191',\n\tUparrow: '\\u21D1',\n\tuparrow: '\\u2191',\n\tUpArrowBar: '\\u2912',\n\tUpArrowDownArrow: '\\u21C5',\n\tUpDownArrow: '\\u2195',\n\tUpdownarrow: '\\u21D5',\n\tupdownarrow: '\\u2195',\n\tUpEquilibrium: '\\u296E',\n\tupharpoonleft: '\\u21BF',\n\tupharpoonright: '\\u21BE',\n\tuplus: '\\u228E',\n\tUpperLeftArrow: '\\u2196',\n\tUpperRightArrow: '\\u2197',\n\tUpsi: '\\u03D2',\n\tupsi: '\\u03C5',\n\tupsih: '\\u03D2',\n\tUpsilon: '\\u03A5',\n\tupsilon: '\\u03C5',\n\tUpTee: '\\u22A5',\n\tUpTeeArrow: '\\u21A5',\n\tupuparrows: '\\u21C8',\n\turcorn: '\\u231D',\n\turcorner: '\\u231D',\n\turcrop: '\\u230E',\n\tUring: '\\u016E',\n\turing: '\\u016F',\n\turtri: '\\u25F9',\n\tUscr: '\\uD835\\uDCB0',\n\tuscr: '\\uD835\\uDCCA',\n\tutdot: '\\u22F0',\n\tUtilde: '\\u0168',\n\tutilde: '\\u0169',\n\tutri: '\\u25B5',\n\tutrif: '\\u25B4',\n\tuuarr: '\\u21C8',\n\tUuml: '\\u00DC',\n\tuuml: '\\u00FC',\n\tuwangle: '\\u29A7',\n\tvangrt: '\\u299C',\n\tvarepsilon: '\\u03F5',\n\tvarkappa: '\\u03F0',\n\tvarnothing: '\\u2205',\n\tvarphi: '\\u03D5',\n\tvarpi: '\\u03D6',\n\tvarpropto: '\\u221D',\n\tvArr: '\\u21D5',\n\tvarr: '\\u2195',\n\tvarrho: '\\u03F1',\n\tvarsigma: '\\u03C2',\n\tvarsubsetneq: '\\u228A\\uFE00',\n\tvarsubsetneqq: '\\u2ACB\\uFE00',\n\tvarsupsetneq: '\\u228B\\uFE00',\n\tvarsupsetneqq: '\\u2ACC\\uFE00',\n\tvartheta: '\\u03D1',\n\tvartriangleleft: '\\u22B2',\n\tvartriangleright: '\\u22B3',\n\tVbar: '\\u2AEB',\n\tvBar: '\\u2AE8',\n\tvBarv: '\\u2AE9',\n\tVcy: '\\u0412',\n\tvcy: '\\u0432',\n\tVDash: '\\u22AB',\n\tVdash: '\\u22A9',\n\tvDash: '\\u22A8',\n\tvdash: '\\u22A2',\n\tVdashl: '\\u2AE6',\n\tVee: '\\u22C1',\n\tvee: '\\u2228',\n\tveebar: '\\u22BB',\n\tveeeq: '\\u225A',\n\tvellip: '\\u22EE',\n\tVerbar: '\\u2016',\n\tverbar: '\\u007C',\n\tVert: '\\u2016',\n\tvert: '\\u007C',\n\tVerticalBar: '\\u2223',\n\tVerticalLine: '\\u007C',\n\tVerticalSeparator: '\\u2758',\n\tVerticalTilde: '\\u2240',\n\tVeryThinSpace: '\\u200A',\n\tVfr: '\\uD835\\uDD19',\n\tvfr: '\\uD835\\uDD33',\n\tvltri: '\\u22B2',\n\tvnsub: '\\u2282\\u20D2',\n\tvnsup: '\\u2283\\u20D2',\n\tVopf: '\\uD835\\uDD4D',\n\tvopf: '\\uD835\\uDD67',\n\tvprop: '\\u221D',\n\tvrtri: '\\u22B3',\n\tVscr: '\\uD835\\uDCB1',\n\tvscr: '\\uD835\\uDCCB',\n\tvsubnE: '\\u2ACB\\uFE00',\n\tvsubne: '\\u228A\\uFE00',\n\tvsupnE: '\\u2ACC\\uFE00',\n\tvsupne: '\\u228B\\uFE00',\n\tVvdash: '\\u22AA',\n\tvzigzag: '\\u299A',\n\tWcirc: '\\u0174',\n\twcirc: '\\u0175',\n\twedbar: '\\u2A5F',\n\tWedge: '\\u22C0',\n\twedge: '\\u2227',\n\twedgeq: '\\u2259',\n\tweierp: '\\u2118',\n\tWfr: '\\uD835\\uDD1A',\n\twfr: '\\uD835\\uDD34',\n\tWopf: '\\uD835\\uDD4E',\n\twopf: '\\uD835\\uDD68',\n\twp: '\\u2118',\n\twr: '\\u2240',\n\twreath: '\\u2240',\n\tWscr: '\\uD835\\uDCB2',\n\twscr: '\\uD835\\uDCCC',\n\txcap: '\\u22C2',\n\txcirc: '\\u25EF',\n\txcup: '\\u22C3',\n\txdtri: '\\u25BD',\n\tXfr: '\\uD835\\uDD1B',\n\txfr: '\\uD835\\uDD35',\n\txhArr: '\\u27FA',\n\txharr: '\\u27F7',\n\tXi: '\\u039E',\n\txi: '\\u03BE',\n\txlArr: '\\u27F8',\n\txlarr: '\\u27F5',\n\txmap: '\\u27FC',\n\txnis: '\\u22FB',\n\txodot: '\\u2A00',\n\tXopf: '\\uD835\\uDD4F',\n\txopf: '\\uD835\\uDD69',\n\txoplus: '\\u2A01',\n\txotime: '\\u2A02',\n\txrArr: '\\u27F9',\n\txrarr: '\\u27F6',\n\tXscr: '\\uD835\\uDCB3',\n\txscr: '\\uD835\\uDCCD',\n\txsqcup: '\\u2A06',\n\txuplus: '\\u2A04',\n\txutri: '\\u25B3',\n\txvee: '\\u22C1',\n\txwedge: '\\u22C0',\n\tYacute: '\\u00DD',\n\tyacute: '\\u00FD',\n\tYAcy: '\\u042F',\n\tyacy: '\\u044F',\n\tYcirc: '\\u0176',\n\tycirc: '\\u0177',\n\tYcy: '\\u042B',\n\tycy: '\\u044B',\n\tyen: '\\u00A5',\n\tYfr: '\\uD835\\uDD1C',\n\tyfr: '\\uD835\\uDD36',\n\tYIcy: '\\u0407',\n\tyicy: '\\u0457',\n\tYopf: '\\uD835\\uDD50',\n\tyopf: '\\uD835\\uDD6A',\n\tYscr: '\\uD835\\uDCB4',\n\tyscr: '\\uD835\\uDCCE',\n\tYUcy: '\\u042E',\n\tyucy: '\\u044E',\n\tYuml: '\\u0178',\n\tyuml: '\\u00FF',\n\tZacute: '\\u0179',\n\tzacute: '\\u017A',\n\tZcaron: '\\u017D',\n\tzcaron: '\\u017E',\n\tZcy: '\\u0417',\n\tzcy: '\\u0437',\n\tZdot: '\\u017B',\n\tzdot: '\\u017C',\n\tzeetrf: '\\u2128',\n\tZeroWidthSpace: '\\u200B',\n\tZeta: '\\u0396',\n\tzeta: '\\u03B6',\n\tZfr: '\\u2128',\n\tzfr: '\\uD835\\uDD37',\n\tZHcy: '\\u0416',\n\tzhcy: '\\u0436',\n\tzigrarr: '\\u21DD',\n\tZopf: '\\u2124',\n\tzopf: '\\uD835\\uDD6B',\n\tZscr: '\\uD835\\uDCB5',\n\tzscr: '\\uD835\\uDCCF',\n\tzwj: '\\u200D',\n\tzwnj: '\\u200C',\n});\n\n/**\n * @deprecated use `HTML_ENTITIES` instead\n * @see HTML_ENTITIES\n */\nexports.entityMap = exports.HTML_ENTITIES;\n","var dom = require('./dom')\nexports.DOMImplementation = dom.DOMImplementation\nexports.XMLSerializer = dom.XMLSerializer\nexports.DOMParser = require('./dom-parser').DOMParser\n","var NAMESPACE = require(\"./conventions\").NAMESPACE;\n\n//[4]   \tNameStartChar\t   ::=   \t\":\" | [A-Z] | \"_\" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]\n//[4a]   \tNameChar\t   ::=   \tNameStartChar | \"-\" | \".\" | [0-9] | #xB7 | [#x0300-#x036F] | [#x203F-#x2040]\n//[5]   \tName\t   ::=   \tNameStartChar (NameChar)*\nvar nameStartChar = /[A-Z_a-z\\xC0-\\xD6\\xD8-\\xF6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD]///\\u10000-\\uEFFFF\nvar nameChar = new RegExp(\"[\\\\-\\\\.0-9\"+nameStartChar.source.slice(1,-1)+\"\\\\u00B7\\\\u0300-\\\\u036F\\\\u203F-\\\\u2040]\");\nvar tagNamePattern = new RegExp('^'+nameStartChar.source+nameChar.source+'*(?:\\:'+nameStartChar.source+nameChar.source+'*)?$');\n//var tagNamePattern = /^[a-zA-Z_][\\w\\-\\.]*(?:\\:[a-zA-Z_][\\w\\-\\.]*)?$/\n//var handlers = 'resolveEntity,getExternalSubset,characters,endDocument,endElement,endPrefixMapping,ignorableWhitespace,processingInstruction,setDocumentLocator,skippedEntity,startDocument,startElement,startPrefixMapping,notationDecl,unparsedEntityDecl,error,fatalError,warning,attributeDecl,elementDecl,externalEntityDecl,internalEntityDecl,comment,endCDATA,endDTD,endEntity,startCDATA,startDTD,startEntity'.split(',')\n\n//S_TAG,\tS_ATTR,\tS_EQ,\tS_ATTR_NOQUOT_VALUE\n//S_ATTR_SPACE,\tS_ATTR_END,\tS_TAG_SPACE, S_TAG_CLOSE\nvar S_TAG = 0;//tag name offerring\nvar S_ATTR = 1;//attr name offerring\nvar S_ATTR_SPACE=2;//attr name end and space offer\nvar S_EQ = 3;//=space?\nvar S_ATTR_NOQUOT_VALUE = 4;//attr value(no quot value only)\nvar S_ATTR_END = 5;//attr value end and no space(quot end)\nvar S_TAG_SPACE = 6;//(attr value end || tag end ) && (space offer)\nvar S_TAG_CLOSE = 7;//closed el<el />\n\n/**\n * Creates an error that will not be caught by XMLReader aka the SAX parser.\n *\n * @param {string} message\n * @param {any?} locator Optional, can provide details about the location in the source\n * @constructor\n */\nfunction ParseError(message, locator) {\n\tthis.message = message\n\tthis.locator = locator\n\tif(Error.captureStackTrace) Error.captureStackTrace(this, ParseError);\n}\nParseError.prototype = new Error();\nParseError.prototype.name = ParseError.name\n\nfunction XMLReader(){\n\n}\n\nXMLReader.prototype = {\n\tparse:function(source,defaultNSMap,entityMap){\n\t\tvar domBuilder = this.domBuilder;\n\t\tdomBuilder.startDocument();\n\t\t_copy(defaultNSMap ,defaultNSMap = {})\n\t\tparse(source,defaultNSMap,entityMap,\n\t\t\t\tdomBuilder,this.errorHandler);\n\t\tdomBuilder.endDocument();\n\t}\n}\nfunction parse(source,defaultNSMapCopy,entityMap,domBuilder,errorHandler){\n\tfunction fixedFromCharCode(code) {\n\t\t// String.prototype.fromCharCode does not supports\n\t\t// > 2 bytes unicode chars directly\n\t\tif (code > 0xffff) {\n\t\t\tcode -= 0x10000;\n\t\t\tvar surrogate1 = 0xd800 + (code >> 10)\n\t\t\t\t, surrogate2 = 0xdc00 + (code & 0x3ff);\n\n\t\t\treturn String.fromCharCode(surrogate1, surrogate2);\n\t\t} else {\n\t\t\treturn String.fromCharCode(code);\n\t\t}\n\t}\n\tfunction entityReplacer(a){\n\t\tvar k = a.slice(1,-1);\n\t\tif (Object.hasOwnProperty.call(entityMap, k)) {\n\t\t\treturn entityMap[k];\n\t\t}else if(k.charAt(0) === '#'){\n\t\t\treturn fixedFromCharCode(parseInt(k.substr(1).replace('x','0x')))\n\t\t}else{\n\t\t\terrorHandler.error('entity not found:'+a);\n\t\t\treturn a;\n\t\t}\n\t}\n\tfunction appendText(end){//has some bugs\n\t\tif(end>start){\n\t\t\tvar xt = source.substring(start,end).replace(/&#?\\w+;/g,entityReplacer);\n\t\t\tlocator&&position(start);\n\t\t\tdomBuilder.characters(xt,0,end-start);\n\t\t\tstart = end\n\t\t}\n\t}\n\tfunction position(p,m){\n\t\twhile(p>=lineEnd && (m = linePattern.exec(source))){\n\t\t\tlineStart = m.index;\n\t\t\tlineEnd = lineStart + m[0].length;\n\t\t\tlocator.lineNumber++;\n\t\t\t//console.log('line++:',locator,startPos,endPos)\n\t\t}\n\t\tlocator.columnNumber = p-lineStart+1;\n\t}\n\tvar lineStart = 0;\n\tvar lineEnd = 0;\n\tvar linePattern = /.*(?:\\r\\n?|\\n)|.*$/g\n\tvar locator = domBuilder.locator;\n\n\tvar parseStack = [{currentNSMap:defaultNSMapCopy}]\n\tvar closeMap = {};\n\tvar start = 0;\n\twhile(true){\n\t\ttry{\n\t\t\tvar tagStart = source.indexOf('<',start);\n\t\t\tif(tagStart<0){\n\t\t\t\tif(!source.substr(start).match(/^\\s*$/)){\n\t\t\t\t\tvar doc = domBuilder.doc;\n\t    \t\t\tvar text = doc.createTextNode(source.substr(start));\n\t    \t\t\tdoc.appendChild(text);\n\t    \t\t\tdomBuilder.currentElement = text;\n\t\t\t\t}\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tif(tagStart>start){\n\t\t\t\tappendText(tagStart);\n\t\t\t}\n\t\t\tswitch(source.charAt(tagStart+1)){\n\t\t\tcase '/':\n\t\t\t\tvar end = source.indexOf('>',tagStart+3);\n\t\t\t\tvar tagName = source.substring(tagStart + 2, end).replace(/[ \\t\\n\\r]+$/g, '');\n\t\t\t\tvar config = parseStack.pop();\n\t\t\t\tif(end<0){\n\n\t        \t\ttagName = source.substring(tagStart+2).replace(/[\\s<].*/,'');\n\t        \t\terrorHandler.error(\"end tag name: \"+tagName+' is not complete:'+config.tagName);\n\t        \t\tend = tagStart+1+tagName.length;\n\t        \t}else if(tagName.match(/\\s</)){\n\t        \t\ttagName = tagName.replace(/[\\s<].*/,'');\n\t        \t\terrorHandler.error(\"end tag name: \"+tagName+' maybe not complete');\n\t        \t\tend = tagStart+1+tagName.length;\n\t\t\t\t}\n\t\t\t\tvar localNSMap = config.localNSMap;\n\t\t\t\tvar endMatch = config.tagName == tagName;\n\t\t\t\tvar endIgnoreCaseMach = endMatch || config.tagName&&config.tagName.toLowerCase() == tagName.toLowerCase()\n\t\t        if(endIgnoreCaseMach){\n\t\t        \tdomBuilder.endElement(config.uri,config.localName,tagName);\n\t\t\t\t\tif(localNSMap){\n\t\t\t\t\t\tfor (var prefix in localNSMap) {\n\t\t\t\t\t\t\tif (Object.prototype.hasOwnProperty.call(localNSMap, prefix)) {\n\t\t\t\t\t\t\t\tdomBuilder.endPrefixMapping(prefix);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif(!endMatch){\n\t\t            \terrorHandler.fatalError(\"end tag name: \"+tagName+' is not match the current start tagName:'+config.tagName ); // No known test case\n\t\t\t\t\t}\n\t\t        }else{\n\t\t        \tparseStack.push(config)\n\t\t        }\n\n\t\t\t\tend++;\n\t\t\t\tbreak;\n\t\t\t\t// end elment\n\t\t\tcase '?':// <?...?>\n\t\t\t\tlocator&&position(tagStart);\n\t\t\t\tend = parseInstruction(source,tagStart,domBuilder);\n\t\t\t\tbreak;\n\t\t\tcase '!':// <!doctype,<![CDATA,<!--\n\t\t\t\tlocator&&position(tagStart);\n\t\t\t\tend = parseDCC(source,tagStart,domBuilder,errorHandler);\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\tlocator&&position(tagStart);\n\t\t\t\tvar el = new ElementAttributes();\n\t\t\t\tvar currentNSMap = parseStack[parseStack.length-1].currentNSMap;\n\t\t\t\t//elStartEnd\n\t\t\t\tvar end = parseElementStartPart(source,tagStart,el,currentNSMap,entityReplacer,errorHandler);\n\t\t\t\tvar len = el.length;\n\n\n\t\t\t\tif(!el.closed && fixSelfClosed(source,end,el.tagName,closeMap)){\n\t\t\t\t\tel.closed = true;\n\t\t\t\t\tif(!entityMap.nbsp){\n\t\t\t\t\t\terrorHandler.warning('unclosed xml attribute');\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif(locator && len){\n\t\t\t\t\tvar locator2 = copyLocator(locator,{});\n\t\t\t\t\t//try{//attribute position fixed\n\t\t\t\t\tfor(var i = 0;i<len;i++){\n\t\t\t\t\t\tvar a = el[i];\n\t\t\t\t\t\tposition(a.offset);\n\t\t\t\t\t\ta.locator = copyLocator(locator,{});\n\t\t\t\t\t}\n\t\t\t\t\tdomBuilder.locator = locator2\n\t\t\t\t\tif(appendElement(el,domBuilder,currentNSMap)){\n\t\t\t\t\t\tparseStack.push(el)\n\t\t\t\t\t}\n\t\t\t\t\tdomBuilder.locator = locator;\n\t\t\t\t}else{\n\t\t\t\t\tif(appendElement(el,domBuilder,currentNSMap)){\n\t\t\t\t\t\tparseStack.push(el)\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (NAMESPACE.isHTML(el.uri) && !el.closed) {\n\t\t\t\t\tend = parseHtmlSpecialContent(source,end,el.tagName,entityReplacer,domBuilder)\n\t\t\t\t} else {\n\t\t\t\t\tend++;\n\t\t\t\t}\n\t\t\t}\n\t\t}catch(e){\n\t\t\tif (e instanceof ParseError) {\n\t\t\t\tthrow e;\n\t\t\t}\n\t\t\terrorHandler.error('element parse error: '+e)\n\t\t\tend = -1;\n\t\t}\n\t\tif(end>start){\n\t\t\tstart = end;\n\t\t}else{\n\t\t\t//TODO: 这里有可能sax回退，有位置错误风险\n\t\t\tappendText(Math.max(tagStart,start)+1);\n\t\t}\n\t}\n}\nfunction copyLocator(f,t){\n\tt.lineNumber = f.lineNumber;\n\tt.columnNumber = f.columnNumber;\n\treturn t;\n}\n\n/**\n * @see #appendElement(source,elStartEnd,el,selfClosed,entityReplacer,domBuilder,parseStack);\n * @return end of the elementStartPart(end of elementEndPart for selfClosed el)\n */\nfunction parseElementStartPart(source,start,el,currentNSMap,entityReplacer,errorHandler){\n\n\t/**\n\t * @param {string} qname\n\t * @param {string} value\n\t * @param {number} startIndex\n\t */\n\tfunction addAttribute(qname, value, startIndex) {\n\t\tif (el.attributeNames.hasOwnProperty(qname)) {\n\t\t\terrorHandler.fatalError('Attribute ' + qname + ' redefined')\n\t\t}\n\t\tel.addValue(\n\t\t\tqname,\n\t\t\t// @see https://www.w3.org/TR/xml/#AVNormalize\n\t\t\t// since the xmldom sax parser does not \"interpret\" DTD the following is not implemented:\n\t\t\t// - recursive replacement of (DTD) entity references\n\t\t\t// - trimming and collapsing multiple spaces into a single one for attributes that are not of type CDATA\n\t\t\tvalue.replace(/[\\t\\n\\r]/g, ' ').replace(/&#?\\w+;/g, entityReplacer),\n\t\t\tstartIndex\n\t\t)\n\t}\n\tvar attrName;\n\tvar value;\n\tvar p = ++start;\n\tvar s = S_TAG;//status\n\twhile(true){\n\t\tvar c = source.charAt(p);\n\t\tswitch(c){\n\t\tcase '=':\n\t\t\tif(s === S_ATTR){//attrName\n\t\t\t\tattrName = source.slice(start,p);\n\t\t\t\ts = S_EQ;\n\t\t\t}else if(s === S_ATTR_SPACE){\n\t\t\t\ts = S_EQ;\n\t\t\t}else{\n\t\t\t\t//fatalError: equal must after attrName or space after attrName\n\t\t\t\tthrow new Error('attribute equal must after attrName'); // No known test case\n\t\t\t}\n\t\t\tbreak;\n\t\tcase '\\'':\n\t\tcase '\"':\n\t\t\tif(s === S_EQ || s === S_ATTR //|| s == S_ATTR_SPACE\n\t\t\t\t){//equal\n\t\t\t\tif(s === S_ATTR){\n\t\t\t\t\terrorHandler.warning('attribute value must after \"=\"')\n\t\t\t\t\tattrName = source.slice(start,p)\n\t\t\t\t}\n\t\t\t\tstart = p+1;\n\t\t\t\tp = source.indexOf(c,start)\n\t\t\t\tif(p>0){\n\t\t\t\t\tvalue = source.slice(start, p);\n\t\t\t\t\taddAttribute(attrName, value, start-1);\n\t\t\t\t\ts = S_ATTR_END;\n\t\t\t\t}else{\n\t\t\t\t\t//fatalError: no end quot match\n\t\t\t\t\tthrow new Error('attribute value no end \\''+c+'\\' match');\n\t\t\t\t}\n\t\t\t}else if(s == S_ATTR_NOQUOT_VALUE){\n\t\t\t\tvalue = source.slice(start, p);\n\t\t\t\taddAttribute(attrName, value, start);\n\t\t\t\terrorHandler.warning('attribute \"'+attrName+'\" missed start quot('+c+')!!');\n\t\t\t\tstart = p+1;\n\t\t\t\ts = S_ATTR_END\n\t\t\t}else{\n\t\t\t\t//fatalError: no equal before\n\t\t\t\tthrow new Error('attribute value must after \"=\"'); // No known test case\n\t\t\t}\n\t\t\tbreak;\n\t\tcase '/':\n\t\t\tswitch(s){\n\t\t\tcase S_TAG:\n\t\t\t\tel.setTagName(source.slice(start,p));\n\t\t\tcase S_ATTR_END:\n\t\t\tcase S_TAG_SPACE:\n\t\t\tcase S_TAG_CLOSE:\n\t\t\t\ts =S_TAG_CLOSE;\n\t\t\t\tel.closed = true;\n\t\t\tcase S_ATTR_NOQUOT_VALUE:\n\t\t\tcase S_ATTR:\n\t\t\t\tbreak;\n\t\t\t\tcase S_ATTR_SPACE:\n\t\t\t\t\tel.closed = true;\n\t\t\t\tbreak;\n\t\t\t//case S_EQ:\n\t\t\tdefault:\n\t\t\t\tthrow new Error(\"attribute invalid close char('/')\") // No known test case\n\t\t\t}\n\t\t\tbreak;\n\t\tcase ''://end document\n\t\t\terrorHandler.error('unexpected end of input');\n\t\t\tif(s == S_TAG){\n\t\t\t\tel.setTagName(source.slice(start,p));\n\t\t\t}\n\t\t\treturn p;\n\t\tcase '>':\n\t\t\tswitch(s){\n\t\t\tcase S_TAG:\n\t\t\t\tel.setTagName(source.slice(start,p));\n\t\t\tcase S_ATTR_END:\n\t\t\tcase S_TAG_SPACE:\n\t\t\tcase S_TAG_CLOSE:\n\t\t\t\tbreak;//normal\n\t\t\tcase S_ATTR_NOQUOT_VALUE://Compatible state\n\t\t\tcase S_ATTR:\n\t\t\t\tvalue = source.slice(start,p);\n\t\t\t\tif(value.slice(-1) === '/'){\n\t\t\t\t\tel.closed  = true;\n\t\t\t\t\tvalue = value.slice(0,-1)\n\t\t\t\t}\n\t\t\tcase S_ATTR_SPACE:\n\t\t\t\tif(s === S_ATTR_SPACE){\n\t\t\t\t\tvalue = attrName;\n\t\t\t\t}\n\t\t\t\tif(s == S_ATTR_NOQUOT_VALUE){\n\t\t\t\t\terrorHandler.warning('attribute \"'+value+'\" missed quot(\")!');\n\t\t\t\t\taddAttribute(attrName, value, start)\n\t\t\t\t}else{\n\t\t\t\t\tif(!NAMESPACE.isHTML(currentNSMap['']) || !value.match(/^(?:disabled|checked|selected)$/i)){\n\t\t\t\t\t\terrorHandler.warning('attribute \"'+value+'\" missed value!! \"'+value+'\" instead!!')\n\t\t\t\t\t}\n\t\t\t\t\taddAttribute(value, value, start)\n\t\t\t\t}\n\t\t\t\tbreak;\n\t\t\tcase S_EQ:\n\t\t\t\tthrow new Error('attribute value missed!!');\n\t\t\t}\n//\t\t\tconsole.log(tagName,tagNamePattern,tagNamePattern.test(tagName))\n\t\t\treturn p;\n\t\t/*xml space '\\x20' | #x9 | #xD | #xA; */\n\t\tcase '\\u0080':\n\t\t\tc = ' ';\n\t\tdefault:\n\t\t\tif(c<= ' '){//space\n\t\t\t\tswitch(s){\n\t\t\t\tcase S_TAG:\n\t\t\t\t\tel.setTagName(source.slice(start,p));//tagName\n\t\t\t\t\ts = S_TAG_SPACE;\n\t\t\t\t\tbreak;\n\t\t\t\tcase S_ATTR:\n\t\t\t\t\tattrName = source.slice(start,p)\n\t\t\t\t\ts = S_ATTR_SPACE;\n\t\t\t\t\tbreak;\n\t\t\t\tcase S_ATTR_NOQUOT_VALUE:\n\t\t\t\t\tvar value = source.slice(start, p);\n\t\t\t\t\terrorHandler.warning('attribute \"'+value+'\" missed quot(\")!!');\n\t\t\t\t\taddAttribute(attrName, value, start)\n\t\t\t\tcase S_ATTR_END:\n\t\t\t\t\ts = S_TAG_SPACE;\n\t\t\t\t\tbreak;\n\t\t\t\t//case S_TAG_SPACE:\n\t\t\t\t//case S_EQ:\n\t\t\t\t//case S_ATTR_SPACE:\n\t\t\t\t//\tvoid();break;\n\t\t\t\t//case S_TAG_CLOSE:\n\t\t\t\t\t//ignore warning\n\t\t\t\t}\n\t\t\t}else{//not space\n//S_TAG,\tS_ATTR,\tS_EQ,\tS_ATTR_NOQUOT_VALUE\n//S_ATTR_SPACE,\tS_ATTR_END,\tS_TAG_SPACE, S_TAG_CLOSE\n\t\t\t\tswitch(s){\n\t\t\t\t//case S_TAG:void();break;\n\t\t\t\t//case S_ATTR:void();break;\n\t\t\t\t//case S_ATTR_NOQUOT_VALUE:void();break;\n\t\t\t\tcase S_ATTR_SPACE:\n\t\t\t\t\tvar tagName =  el.tagName;\n\t\t\t\t\tif (!NAMESPACE.isHTML(currentNSMap['']) || !attrName.match(/^(?:disabled|checked|selected)$/i)) {\n\t\t\t\t\t\terrorHandler.warning('attribute \"'+attrName+'\" missed value!! \"'+attrName+'\" instead2!!')\n\t\t\t\t\t}\n\t\t\t\t\taddAttribute(attrName, attrName, start);\n\t\t\t\t\tstart = p;\n\t\t\t\t\ts = S_ATTR;\n\t\t\t\t\tbreak;\n\t\t\t\tcase S_ATTR_END:\n\t\t\t\t\terrorHandler.warning('attribute space is required\"'+attrName+'\"!!')\n\t\t\t\tcase S_TAG_SPACE:\n\t\t\t\t\ts = S_ATTR;\n\t\t\t\t\tstart = p;\n\t\t\t\t\tbreak;\n\t\t\t\tcase S_EQ:\n\t\t\t\t\ts = S_ATTR_NOQUOT_VALUE;\n\t\t\t\t\tstart = p;\n\t\t\t\t\tbreak;\n\t\t\t\tcase S_TAG_CLOSE:\n\t\t\t\t\tthrow new Error(\"elements closed character '/' and '>' must be connected to\");\n\t\t\t\t}\n\t\t\t}\n\t\t}//end outer switch\n\t\t//console.log('p++',p)\n\t\tp++;\n\t}\n}\n/**\n * @return true if has new namespace define\n */\nfunction appendElement(el,domBuilder,currentNSMap){\n\tvar tagName = el.tagName;\n\tvar localNSMap = null;\n\t//var currentNSMap = parseStack[parseStack.length-1].currentNSMap;\n\tvar i = el.length;\n\twhile(i--){\n\t\tvar a = el[i];\n\t\tvar qName = a.qName;\n\t\tvar value = a.value;\n\t\tvar nsp = qName.indexOf(':');\n\t\tif(nsp>0){\n\t\t\tvar prefix = a.prefix = qName.slice(0,nsp);\n\t\t\tvar localName = qName.slice(nsp+1);\n\t\t\tvar nsPrefix = prefix === 'xmlns' && localName\n\t\t}else{\n\t\t\tlocalName = qName;\n\t\t\tprefix = null\n\t\t\tnsPrefix = qName === 'xmlns' && ''\n\t\t}\n\t\t//can not set prefix,because prefix !== ''\n\t\ta.localName = localName ;\n\t\t//prefix == null for no ns prefix attribute\n\t\tif(nsPrefix !== false){//hack!!\n\t\t\tif(localNSMap == null){\n\t\t\t\tlocalNSMap = {}\n\t\t\t\t//console.log(currentNSMap,0)\n\t\t\t\t_copy(currentNSMap,currentNSMap={})\n\t\t\t\t//console.log(currentNSMap,1)\n\t\t\t}\n\t\t\tcurrentNSMap[nsPrefix] = localNSMap[nsPrefix] = value;\n\t\t\ta.uri = NAMESPACE.XMLNS\n\t\t\tdomBuilder.startPrefixMapping(nsPrefix, value)\n\t\t}\n\t}\n\tvar i = el.length;\n\twhile(i--){\n\t\ta = el[i];\n\t\tvar prefix = a.prefix;\n\t\tif(prefix){//no prefix attribute has no namespace\n\t\t\tif(prefix === 'xml'){\n\t\t\t\ta.uri = NAMESPACE.XML;\n\t\t\t}if(prefix !== 'xmlns'){\n\t\t\t\ta.uri = currentNSMap[prefix || '']\n\n\t\t\t\t//{console.log('###'+a.qName,domBuilder.locator.systemId+'',currentNSMap,a.uri)}\n\t\t\t}\n\t\t}\n\t}\n\tvar nsp = tagName.indexOf(':');\n\tif(nsp>0){\n\t\tprefix = el.prefix = tagName.slice(0,nsp);\n\t\tlocalName = el.localName = tagName.slice(nsp+1);\n\t}else{\n\t\tprefix = null;//important!!\n\t\tlocalName = el.localName = tagName;\n\t}\n\t//no prefix element has default namespace\n\tvar ns = el.uri = currentNSMap[prefix || ''];\n\tdomBuilder.startElement(ns,localName,tagName,el);\n\t//endPrefixMapping and startPrefixMapping have not any help for dom builder\n\t//localNSMap = null\n\tif(el.closed){\n\t\tdomBuilder.endElement(ns,localName,tagName);\n\t\tif(localNSMap){\n\t\t\tfor (prefix in localNSMap) {\n\t\t\t\tif (Object.prototype.hasOwnProperty.call(localNSMap, prefix)) {\n\t\t\t\t\tdomBuilder.endPrefixMapping(prefix);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}else{\n\t\tel.currentNSMap = currentNSMap;\n\t\tel.localNSMap = localNSMap;\n\t\t//parseStack.push(el);\n\t\treturn true;\n\t}\n}\nfunction parseHtmlSpecialContent(source,elStartEnd,tagName,entityReplacer,domBuilder){\n\tif(/^(?:script|textarea)$/i.test(tagName)){\n\t\tvar elEndStart =  source.indexOf('</'+tagName+'>',elStartEnd);\n\t\tvar text = source.substring(elStartEnd+1,elEndStart);\n\t\tif(/[&<]/.test(text)){\n\t\t\tif(/^script$/i.test(tagName)){\n\t\t\t\t//if(!/\\]\\]>/.test(text)){\n\t\t\t\t\t//lexHandler.startCDATA();\n\t\t\t\t\tdomBuilder.characters(text,0,text.length);\n\t\t\t\t\t//lexHandler.endCDATA();\n\t\t\t\t\treturn elEndStart;\n\t\t\t\t//}\n\t\t\t}//}else{//text area\n\t\t\t\ttext = text.replace(/&#?\\w+;/g,entityReplacer);\n\t\t\t\tdomBuilder.characters(text,0,text.length);\n\t\t\t\treturn elEndStart;\n\t\t\t//}\n\n\t\t}\n\t}\n\treturn elStartEnd+1;\n}\nfunction fixSelfClosed(source,elStartEnd,tagName,closeMap){\n\t//if(tagName in closeMap){\n\tvar pos = closeMap[tagName];\n\tif(pos == null){\n\t\t//console.log(tagName)\n\t\tpos =  source.lastIndexOf('</'+tagName+'>')\n\t\tif(pos<elStartEnd){//忘记闭合\n\t\t\tpos = source.lastIndexOf('</'+tagName)\n\t\t}\n\t\tcloseMap[tagName] =pos\n\t}\n\treturn pos<elStartEnd;\n\t//}\n}\n\nfunction _copy (source, target) {\n\tfor (var n in source) {\n\t\tif (Object.prototype.hasOwnProperty.call(source, n)) {\n\t\t\ttarget[n] = source[n];\n\t\t}\n\t}\n}\n\nfunction parseDCC(source,start,domBuilder,errorHandler){//sure start with '<!'\n\tvar next= source.charAt(start+2)\n\tswitch(next){\n\tcase '-':\n\t\tif(source.charAt(start + 3) === '-'){\n\t\t\tvar end = source.indexOf('-->',start+4);\n\t\t\t//append comment source.substring(4,end)//<!--\n\t\t\tif(end>start){\n\t\t\t\tdomBuilder.comment(source,start+4,end-start-4);\n\t\t\t\treturn end+3;\n\t\t\t}else{\n\t\t\t\terrorHandler.error(\"Unclosed comment\");\n\t\t\t\treturn -1;\n\t\t\t}\n\t\t}else{\n\t\t\t//error\n\t\t\treturn -1;\n\t\t}\n\tdefault:\n\t\tif(source.substr(start+3,6) == 'CDATA['){\n\t\t\tvar end = source.indexOf(']]>',start+9);\n\t\t\tdomBuilder.startCDATA();\n\t\t\tdomBuilder.characters(source,start+9,end-start-9);\n\t\t\tdomBuilder.endCDATA()\n\t\t\treturn end+3;\n\t\t}\n\t\t//<!DOCTYPE\n\t\t//startDTD(java.lang.String name, java.lang.String publicId, java.lang.String systemId)\n\t\tvar matchs = split(source,start);\n\t\tvar len = matchs.length;\n\t\tif(len>1 && /!doctype/i.test(matchs[0][0])){\n\t\t\tvar name = matchs[1][0];\n\t\t\tvar pubid = false;\n\t\t\tvar sysid = false;\n\t\t\tif(len>3){\n\t\t\t\tif(/^public$/i.test(matchs[2][0])){\n\t\t\t\t\tpubid = matchs[3][0];\n\t\t\t\t\tsysid = len>4 && matchs[4][0];\n\t\t\t\t}else if(/^system$/i.test(matchs[2][0])){\n\t\t\t\t\tsysid = matchs[3][0];\n\t\t\t\t}\n\t\t\t}\n\t\t\tvar lastMatch = matchs[len-1]\n\t\t\tdomBuilder.startDTD(name, pubid, sysid);\n\t\t\tdomBuilder.endDTD();\n\n\t\t\treturn lastMatch.index+lastMatch[0].length\n\t\t}\n\t}\n\treturn -1;\n}\n\n\n\nfunction parseInstruction(source,start,domBuilder){\n\tvar end = source.indexOf('?>',start);\n\tif(end){\n\t\tvar match = source.substring(start,end).match(/^<\\?(\\S*)\\s*([\\s\\S]*?)\\s*$/);\n\t\tif(match){\n\t\t\tvar len = match[0].length;\n\t\t\tdomBuilder.processingInstruction(match[1], match[2]) ;\n\t\t\treturn end+2;\n\t\t}else{//error\n\t\t\treturn -1;\n\t\t}\n\t}\n\treturn -1;\n}\n\nfunction ElementAttributes(){\n\tthis.attributeNames = {}\n}\nElementAttributes.prototype = {\n\tsetTagName:function(tagName){\n\t\tif(!tagNamePattern.test(tagName)){\n\t\t\tthrow new Error('invalid tagName:'+tagName)\n\t\t}\n\t\tthis.tagName = tagName\n\t},\n\taddValue:function(qName, value, offset) {\n\t\tif(!tagNamePattern.test(qName)){\n\t\t\tthrow new Error('invalid attribute:'+qName)\n\t\t}\n\t\tthis.attributeNames[qName] = this.length;\n\t\tthis[this.length++] = {qName:qName,value:value,offset:offset}\n\t},\n\tlength:0,\n\tgetLocalName:function(i){return this[i].localName},\n\tgetLocator:function(i){return this[i].locator},\n\tgetQName:function(i){return this[i].qName},\n\tgetURI:function(i){return this[i].uri},\n\tgetValue:function(i){return this[i].value}\n//\t,getIndex:function(uri, localName)){\n//\t\tif(localName){\n//\n//\t\t}else{\n//\t\t\tvar qName = uri\n//\t\t}\n//\t},\n//\tgetValue:function(){return this.getValue(this.getIndex.apply(this,arguments))},\n//\tgetType:function(uri,localName){}\n//\tgetType:function(i){},\n}\n\n\n\nfunction split(source,start){\n\tvar match;\n\tvar buf = [];\n\tvar reg = /'[^']+'|\"[^\"]+\"|[^\\s<>\\/=]+=?|(\\/?\\s*>|<)/g;\n\treg.lastIndex = start;\n\treg.exec(source);//skip <\n\twhile(match = reg.exec(source)){\n\t\tbuf.push(match);\n\t\tif(match[1])return buf;\n\t}\n}\n\nexports.XMLReader = XMLReader;\nexports.ParseError = ParseError;\n","module.exports = require('./lib/tunnel');\n","'use strict';\n\nvar net = require('net');\nvar tls = require('tls');\nvar http = require('http');\nvar https = require('https');\nvar events = require('events');\nvar assert = require('assert');\nvar util = require('util');\n\n\nexports.httpOverHttp = httpOverHttp;\nexports.httpsOverHttp = httpsOverHttp;\nexports.httpOverHttps = httpOverHttps;\nexports.httpsOverHttps = httpsOverHttps;\n\n\nfunction httpOverHttp(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = http.request;\n  return agent;\n}\n\nfunction httpsOverHttp(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = http.request;\n  agent.createSocket = createSecureSocket;\n  agent.defaultPort = 443;\n  return agent;\n}\n\nfunction httpOverHttps(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = https.request;\n  return agent;\n}\n\nfunction httpsOverHttps(options) {\n  var agent = new TunnelingAgent(options);\n  agent.request = https.request;\n  agent.createSocket = createSecureSocket;\n  agent.defaultPort = 443;\n  return agent;\n}\n\n\nfunction TunnelingAgent(options) {\n  var self = this;\n  self.options = options || {};\n  self.proxyOptions = self.options.proxy || {};\n  self.maxSockets = self.options.maxSockets || http.Agent.defaultMaxSockets;\n  self.requests = [];\n  self.sockets = [];\n\n  self.on('free', function onFree(socket, host, port, localAddress) {\n    var options = toOptions(host, port, localAddress);\n    for (var i = 0, len = self.requests.length; i < len; ++i) {\n      var pending = self.requests[i];\n      if (pending.host === options.host && pending.port === options.port) {\n        // Detect the request to connect same origin server,\n        // reuse the connection.\n        self.requests.splice(i, 1);\n        pending.request.onSocket(socket);\n        return;\n      }\n    }\n    socket.destroy();\n    self.removeSocket(socket);\n  });\n}\nutil.inherits(TunnelingAgent, events.EventEmitter);\n\nTunnelingAgent.prototype.addRequest = function addRequest(req, host, port, localAddress) {\n  var self = this;\n  var options = mergeOptions({request: req}, self.options, toOptions(host, port, localAddress));\n\n  if (self.sockets.length >= this.maxSockets) {\n    // We are over limit so we'll add it to the queue.\n    self.requests.push(options);\n    return;\n  }\n\n  // If we are under maxSockets create a new one.\n  self.createSocket(options, function(socket) {\n    socket.on('free', onFree);\n    socket.on('close', onCloseOrRemove);\n    socket.on('agentRemove', onCloseOrRemove);\n    req.onSocket(socket);\n\n    function onFree() {\n      self.emit('free', socket, options);\n    }\n\n    function onCloseOrRemove(err) {\n      self.removeSocket(socket);\n      socket.removeListener('free', onFree);\n      socket.removeListener('close', onCloseOrRemove);\n      socket.removeListener('agentRemove', onCloseOrRemove);\n    }\n  });\n};\n\nTunnelingAgent.prototype.createSocket = function createSocket(options, cb) {\n  var self = this;\n  var placeholder = {};\n  self.sockets.push(placeholder);\n\n  var connectOptions = mergeOptions({}, self.proxyOptions, {\n    method: 'CONNECT',\n    path: options.host + ':' + options.port,\n    agent: false,\n    headers: {\n      host: options.host + ':' + options.port\n    }\n  });\n  if (options.localAddress) {\n    connectOptions.localAddress = options.localAddress;\n  }\n  if (connectOptions.proxyAuth) {\n    connectOptions.headers = connectOptions.headers || {};\n    connectOptions.headers['Proxy-Authorization'] = 'Basic ' +\n        new Buffer(connectOptions.proxyAuth).toString('base64');\n  }\n\n  debug('making CONNECT request');\n  var connectReq = self.request(connectOptions);\n  connectReq.useChunkedEncodingByDefault = false; // for v0.6\n  connectReq.once('response', onResponse); // for v0.6\n  connectReq.once('upgrade', onUpgrade);   // for v0.6\n  connectReq.once('connect', onConnect);   // for v0.7 or later\n  connectReq.once('error', onError);\n  connectReq.end();\n\n  function onResponse(res) {\n    // Very hacky. This is necessary to avoid http-parser leaks.\n    res.upgrade = true;\n  }\n\n  function onUpgrade(res, socket, head) {\n    // Hacky.\n    process.nextTick(function() {\n      onConnect(res, socket, head);\n    });\n  }\n\n  function onConnect(res, socket, head) {\n    connectReq.removeAllListeners();\n    socket.removeAllListeners();\n\n    if (res.statusCode !== 200) {\n      debug('tunneling socket could not be established, statusCode=%d',\n        res.statusCode);\n      socket.destroy();\n      var error = new Error('tunneling socket could not be established, ' +\n        'statusCode=' + res.statusCode);\n      error.code = 'ECONNRESET';\n      options.request.emit('error', error);\n      self.removeSocket(placeholder);\n      return;\n    }\n    if (head.length > 0) {\n      debug('got illegal response body from proxy');\n      socket.destroy();\n      var error = new Error('got illegal response body from proxy');\n      error.code = 'ECONNRESET';\n      options.request.emit('error', error);\n      self.removeSocket(placeholder);\n      return;\n    }\n    debug('tunneling connection has established');\n    self.sockets[self.sockets.indexOf(placeholder)] = socket;\n    return cb(socket);\n  }\n\n  function onError(cause) {\n    connectReq.removeAllListeners();\n\n    debug('tunneling socket could not be established, cause=%s\\n',\n          cause.message, cause.stack);\n    var error = new Error('tunneling socket could not be established, ' +\n                          'cause=' + cause.message);\n    error.code = 'ECONNRESET';\n    options.request.emit('error', error);\n    self.removeSocket(placeholder);\n  }\n};\n\nTunnelingAgent.prototype.removeSocket = function removeSocket(socket) {\n  var pos = this.sockets.indexOf(socket)\n  if (pos === -1) {\n    return;\n  }\n  this.sockets.splice(pos, 1);\n\n  var pending = this.requests.shift();\n  if (pending) {\n    // If we have pending requests and a socket gets closed a new one\n    // needs to be created to take over in the pool for the one that closed.\n    this.createSocket(pending, function(socket) {\n      pending.request.onSocket(socket);\n    });\n  }\n};\n\nfunction createSecureSocket(options, cb) {\n  var self = this;\n  TunnelingAgent.prototype.createSocket.call(self, options, function(socket) {\n    var hostHeader = options.request.getHeader('host');\n    var tlsOptions = mergeOptions({}, self.options, {\n      socket: socket,\n      servername: hostHeader ? hostHeader.replace(/:.*$/, '') : options.host\n    });\n\n    // 0 is dummy port for v0.6\n    var secureSocket = tls.connect(0, tlsOptions);\n    self.sockets[self.sockets.indexOf(socket)] = secureSocket;\n    cb(secureSocket);\n  });\n}\n\n\nfunction toOptions(host, port, localAddress) {\n  if (typeof host === 'string') { // since v0.10\n    return {\n      host: host,\n      port: port,\n      localAddress: localAddress\n    };\n  }\n  return host; // for v0.11 or later\n}\n\nfunction mergeOptions(target) {\n  for (var i = 1, len = arguments.length; i < len; ++i) {\n    var overrides = arguments[i];\n    if (typeof overrides === 'object') {\n      var keys = Object.keys(overrides);\n      for (var j = 0, keyLen = keys.length; j < keyLen; ++j) {\n        var k = keys[j];\n        if (overrides[k] !== undefined) {\n          target[k] = overrides[k];\n        }\n      }\n    }\n  }\n  return target;\n}\n\n\nvar debug;\nif (process.env.NODE_DEBUG && /\\btunnel\\b/.test(process.env.NODE_DEBUG)) {\n  debug = function() {\n    var args = Array.prototype.slice.call(arguments);\n    if (typeof args[0] === 'string') {\n      args[0] = 'TUNNEL: ' + args[0];\n    } else {\n      args.unshift('TUNNEL:');\n    }\n    console.error.apply(console, args);\n  }\n} else {\n  debug = function() {};\n}\nexports.debug = debug; // for test\n","'use strict'\n\nconst Client = require('./lib/client')\nconst Dispatcher = require('./lib/dispatcher')\nconst errors = require('./lib/core/errors')\nconst Pool = require('./lib/pool')\nconst BalancedPool = require('./lib/balanced-pool')\nconst Agent = require('./lib/agent')\nconst util = require('./lib/core/util')\nconst { InvalidArgumentError } = errors\nconst api = require('./lib/api')\nconst buildConnector = require('./lib/core/connect')\nconst MockClient = require('./lib/mock/mock-client')\nconst MockAgent = require('./lib/mock/mock-agent')\nconst MockPool = require('./lib/mock/mock-pool')\nconst mockErrors = require('./lib/mock/mock-errors')\nconst ProxyAgent = require('./lib/proxy-agent')\nconst RetryHandler = require('./lib/handler/RetryHandler')\nconst { getGlobalDispatcher, setGlobalDispatcher } = require('./lib/global')\nconst DecoratorHandler = require('./lib/handler/DecoratorHandler')\nconst RedirectHandler = require('./lib/handler/RedirectHandler')\nconst createRedirectInterceptor = require('./lib/interceptor/redirectInterceptor')\n\nlet hasCrypto\ntry {\n  require('crypto')\n  hasCrypto = true\n} catch {\n  hasCrypto = false\n}\n\nObject.assign(Dispatcher.prototype, api)\n\nmodule.exports.Dispatcher = Dispatcher\nmodule.exports.Client = Client\nmodule.exports.Pool = Pool\nmodule.exports.BalancedPool = BalancedPool\nmodule.exports.Agent = Agent\nmodule.exports.ProxyAgent = ProxyAgent\nmodule.exports.RetryHandler = RetryHandler\n\nmodule.exports.DecoratorHandler = DecoratorHandler\nmodule.exports.RedirectHandler = RedirectHandler\nmodule.exports.createRedirectInterceptor = createRedirectInterceptor\n\nmodule.exports.buildConnector = buildConnector\nmodule.exports.errors = errors\n\nfunction makeDispatcher (fn) {\n  return (url, opts, handler) => {\n    if (typeof opts === 'function') {\n      handler = opts\n      opts = null\n    }\n\n    if (!url || (typeof url !== 'string' && typeof url !== 'object' && !(url instanceof URL))) {\n      throw new InvalidArgumentError('invalid url')\n    }\n\n    if (opts != null && typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    if (opts && opts.path != null) {\n      if (typeof opts.path !== 'string') {\n        throw new InvalidArgumentError('invalid opts.path')\n      }\n\n      let path = opts.path\n      if (!opts.path.startsWith('/')) {\n        path = `/${path}`\n      }\n\n      url = new URL(util.parseOrigin(url).origin + path)\n    } else {\n      if (!opts) {\n        opts = typeof url === 'object' ? url : {}\n      }\n\n      url = util.parseURL(url)\n    }\n\n    const { agent, dispatcher = getGlobalDispatcher() } = opts\n\n    if (agent) {\n      throw new InvalidArgumentError('unsupported opts.agent. Did you mean opts.client?')\n    }\n\n    return fn.call(dispatcher, {\n      ...opts,\n      origin: url.origin,\n      path: url.search ? `${url.pathname}${url.search}` : url.pathname,\n      method: opts.method || (opts.body ? 'PUT' : 'GET')\n    }, handler)\n  }\n}\n\nmodule.exports.setGlobalDispatcher = setGlobalDispatcher\nmodule.exports.getGlobalDispatcher = getGlobalDispatcher\n\nif (util.nodeMajor > 16 || (util.nodeMajor === 16 && util.nodeMinor >= 8)) {\n  let fetchImpl = null\n  module.exports.fetch = async function fetch (resource) {\n    if (!fetchImpl) {\n      fetchImpl = require('./lib/fetch').fetch\n    }\n\n    try {\n      return await fetchImpl(...arguments)\n    } catch (err) {\n      if (typeof err === 'object') {\n        Error.captureStackTrace(err, this)\n      }\n\n      throw err\n    }\n  }\n  module.exports.Headers = require('./lib/fetch/headers').Headers\n  module.exports.Response = require('./lib/fetch/response').Response\n  module.exports.Request = require('./lib/fetch/request').Request\n  module.exports.FormData = require('./lib/fetch/formdata').FormData\n  module.exports.File = require('./lib/fetch/file').File\n  module.exports.FileReader = require('./lib/fileapi/filereader').FileReader\n\n  const { setGlobalOrigin, getGlobalOrigin } = require('./lib/fetch/global')\n\n  module.exports.setGlobalOrigin = setGlobalOrigin\n  module.exports.getGlobalOrigin = getGlobalOrigin\n\n  const { CacheStorage } = require('./lib/cache/cachestorage')\n  const { kConstruct } = require('./lib/cache/symbols')\n\n  // Cache & CacheStorage are tightly coupled with fetch. Even if it may run\n  // in an older version of Node, it doesn't have any use without fetch.\n  module.exports.caches = new CacheStorage(kConstruct)\n}\n\nif (util.nodeMajor >= 16) {\n  const { deleteCookie, getCookies, getSetCookies, setCookie } = require('./lib/cookies')\n\n  module.exports.deleteCookie = deleteCookie\n  module.exports.getCookies = getCookies\n  module.exports.getSetCookies = getSetCookies\n  module.exports.setCookie = setCookie\n\n  const { parseMIMEType, serializeAMimeType } = require('./lib/fetch/dataURL')\n\n  module.exports.parseMIMEType = parseMIMEType\n  module.exports.serializeAMimeType = serializeAMimeType\n}\n\nif (util.nodeMajor >= 18 && hasCrypto) {\n  const { WebSocket } = require('./lib/websocket/websocket')\n\n  module.exports.WebSocket = WebSocket\n}\n\nmodule.exports.request = makeDispatcher(api.request)\nmodule.exports.stream = makeDispatcher(api.stream)\nmodule.exports.pipeline = makeDispatcher(api.pipeline)\nmodule.exports.connect = makeDispatcher(api.connect)\nmodule.exports.upgrade = makeDispatcher(api.upgrade)\n\nmodule.exports.MockClient = MockClient\nmodule.exports.MockPool = MockPool\nmodule.exports.MockAgent = MockAgent\nmodule.exports.mockErrors = mockErrors\n","'use strict'\n\nconst { InvalidArgumentError } = require('./core/errors')\nconst { kClients, kRunning, kClose, kDestroy, kDispatch, kInterceptors } = require('./core/symbols')\nconst DispatcherBase = require('./dispatcher-base')\nconst Pool = require('./pool')\nconst Client = require('./client')\nconst util = require('./core/util')\nconst createRedirectInterceptor = require('./interceptor/redirectInterceptor')\nconst { WeakRef, FinalizationRegistry } = require('./compat/dispatcher-weakref')()\n\nconst kOnConnect = Symbol('onConnect')\nconst kOnDisconnect = Symbol('onDisconnect')\nconst kOnConnectionError = Symbol('onConnectionError')\nconst kMaxRedirections = Symbol('maxRedirections')\nconst kOnDrain = Symbol('onDrain')\nconst kFactory = Symbol('factory')\nconst kFinalizer = Symbol('finalizer')\nconst kOptions = Symbol('options')\n\nfunction defaultFactory (origin, opts) {\n  return opts && opts.connections === 1\n    ? new Client(origin, opts)\n    : new Pool(origin, opts)\n}\n\nclass Agent extends DispatcherBase {\n  constructor ({ factory = defaultFactory, maxRedirections = 0, connect, ...options } = {}) {\n    super()\n\n    if (typeof factory !== 'function') {\n      throw new InvalidArgumentError('factory must be a function.')\n    }\n\n    if (connect != null && typeof connect !== 'function' && typeof connect !== 'object') {\n      throw new InvalidArgumentError('connect must be a function or an object')\n    }\n\n    if (!Number.isInteger(maxRedirections) || maxRedirections < 0) {\n      throw new InvalidArgumentError('maxRedirections must be a positive number')\n    }\n\n    if (connect && typeof connect !== 'function') {\n      connect = { ...connect }\n    }\n\n    this[kInterceptors] = options.interceptors && options.interceptors.Agent && Array.isArray(options.interceptors.Agent)\n      ? options.interceptors.Agent\n      : [createRedirectInterceptor({ maxRedirections })]\n\n    this[kOptions] = { ...util.deepClone(options), connect }\n    this[kOptions].interceptors = options.interceptors\n      ? { ...options.interceptors }\n      : undefined\n    this[kMaxRedirections] = maxRedirections\n    this[kFactory] = factory\n    this[kClients] = new Map()\n    this[kFinalizer] = new FinalizationRegistry(/* istanbul ignore next: gc is undeterministic */ key => {\n      const ref = this[kClients].get(key)\n      if (ref !== undefined && ref.deref() === undefined) {\n        this[kClients].delete(key)\n      }\n    })\n\n    const agent = this\n\n    this[kOnDrain] = (origin, targets) => {\n      agent.emit('drain', origin, [agent, ...targets])\n    }\n\n    this[kOnConnect] = (origin, targets) => {\n      agent.emit('connect', origin, [agent, ...targets])\n    }\n\n    this[kOnDisconnect] = (origin, targets, err) => {\n      agent.emit('disconnect', origin, [agent, ...targets], err)\n    }\n\n    this[kOnConnectionError] = (origin, targets, err) => {\n      agent.emit('connectionError', origin, [agent, ...targets], err)\n    }\n  }\n\n  get [kRunning] () {\n    let ret = 0\n    for (const ref of this[kClients].values()) {\n      const client = ref.deref()\n      /* istanbul ignore next: gc is undeterministic */\n      if (client) {\n        ret += client[kRunning]\n      }\n    }\n    return ret\n  }\n\n  [kDispatch] (opts, handler) {\n    let key\n    if (opts.origin && (typeof opts.origin === 'string' || opts.origin instanceof URL)) {\n      key = String(opts.origin)\n    } else {\n      throw new InvalidArgumentError('opts.origin must be a non-empty string or URL.')\n    }\n\n    const ref = this[kClients].get(key)\n\n    let dispatcher = ref ? ref.deref() : null\n    if (!dispatcher) {\n      dispatcher = this[kFactory](opts.origin, this[kOptions])\n        .on('drain', this[kOnDrain])\n        .on('connect', this[kOnConnect])\n        .on('disconnect', this[kOnDisconnect])\n        .on('connectionError', this[kOnConnectionError])\n\n      this[kClients].set(key, new WeakRef(dispatcher))\n      this[kFinalizer].register(dispatcher, key)\n    }\n\n    return dispatcher.dispatch(opts, handler)\n  }\n\n  async [kClose] () {\n    const closePromises = []\n    for (const ref of this[kClients].values()) {\n      const client = ref.deref()\n      /* istanbul ignore else: gc is undeterministic */\n      if (client) {\n        closePromises.push(client.close())\n      }\n    }\n\n    await Promise.all(closePromises)\n  }\n\n  async [kDestroy] (err) {\n    const destroyPromises = []\n    for (const ref of this[kClients].values()) {\n      const client = ref.deref()\n      /* istanbul ignore else: gc is undeterministic */\n      if (client) {\n        destroyPromises.push(client.destroy(err))\n      }\n    }\n\n    await Promise.all(destroyPromises)\n  }\n}\n\nmodule.exports = Agent\n","const { addAbortListener } = require('../core/util')\nconst { RequestAbortedError } = require('../core/errors')\n\nconst kListener = Symbol('kListener')\nconst kSignal = Symbol('kSignal')\n\nfunction abort (self) {\n  if (self.abort) {\n    self.abort()\n  } else {\n    self.onError(new RequestAbortedError())\n  }\n}\n\nfunction addSignal (self, signal) {\n  self[kSignal] = null\n  self[kListener] = null\n\n  if (!signal) {\n    return\n  }\n\n  if (signal.aborted) {\n    abort(self)\n    return\n  }\n\n  self[kSignal] = signal\n  self[kListener] = () => {\n    abort(self)\n  }\n\n  addAbortListener(self[kSignal], self[kListener])\n}\n\nfunction removeSignal (self) {\n  if (!self[kSignal]) {\n    return\n  }\n\n  if ('removeEventListener' in self[kSignal]) {\n    self[kSignal].removeEventListener('abort', self[kListener])\n  } else {\n    self[kSignal].removeListener('abort', self[kListener])\n  }\n\n  self[kSignal] = null\n  self[kListener] = null\n}\n\nmodule.exports = {\n  addSignal,\n  removeSignal\n}\n","'use strict'\n\nconst { AsyncResource } = require('async_hooks')\nconst { InvalidArgumentError, RequestAbortedError, SocketError } = require('../core/errors')\nconst util = require('../core/util')\nconst { addSignal, removeSignal } = require('./abort-signal')\n\nclass ConnectHandler extends AsyncResource {\n  constructor (opts, callback) {\n    if (!opts || typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    if (typeof callback !== 'function') {\n      throw new InvalidArgumentError('invalid callback')\n    }\n\n    const { signal, opaque, responseHeaders } = opts\n\n    if (signal && typeof signal.on !== 'function' && typeof signal.addEventListener !== 'function') {\n      throw new InvalidArgumentError('signal must be an EventEmitter or EventTarget')\n    }\n\n    super('UNDICI_CONNECT')\n\n    this.opaque = opaque || null\n    this.responseHeaders = responseHeaders || null\n    this.callback = callback\n    this.abort = null\n\n    addSignal(this, signal)\n  }\n\n  onConnect (abort, context) {\n    if (!this.callback) {\n      throw new RequestAbortedError()\n    }\n\n    this.abort = abort\n    this.context = context\n  }\n\n  onHeaders () {\n    throw new SocketError('bad connect', null)\n  }\n\n  onUpgrade (statusCode, rawHeaders, socket) {\n    const { callback, opaque, context } = this\n\n    removeSignal(this)\n\n    this.callback = null\n\n    let headers = rawHeaders\n    // Indicates is an HTTP2Session\n    if (headers != null) {\n      headers = this.responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n    }\n\n    this.runInAsyncScope(callback, null, null, {\n      statusCode,\n      headers,\n      socket,\n      opaque,\n      context\n    })\n  }\n\n  onError (err) {\n    const { callback, opaque } = this\n\n    removeSignal(this)\n\n    if (callback) {\n      this.callback = null\n      queueMicrotask(() => {\n        this.runInAsyncScope(callback, null, err, { opaque })\n      })\n    }\n  }\n}\n\nfunction connect (opts, callback) {\n  if (callback === undefined) {\n    return new Promise((resolve, reject) => {\n      connect.call(this, opts, (err, data) => {\n        return err ? reject(err) : resolve(data)\n      })\n    })\n  }\n\n  try {\n    const connectHandler = new ConnectHandler(opts, callback)\n    this.dispatch({ ...opts, method: 'CONNECT' }, connectHandler)\n  } catch (err) {\n    if (typeof callback !== 'function') {\n      throw err\n    }\n    const opaque = opts && opts.opaque\n    queueMicrotask(() => callback(err, { opaque }))\n  }\n}\n\nmodule.exports = connect\n","'use strict'\n\nconst {\n  Readable,\n  Duplex,\n  PassThrough\n} = require('stream')\nconst {\n  InvalidArgumentError,\n  InvalidReturnValueError,\n  RequestAbortedError\n} = require('../core/errors')\nconst util = require('../core/util')\nconst { AsyncResource } = require('async_hooks')\nconst { addSignal, removeSignal } = require('./abort-signal')\nconst assert = require('assert')\n\nconst kResume = Symbol('resume')\n\nclass PipelineRequest extends Readable {\n  constructor () {\n    super({ autoDestroy: true })\n\n    this[kResume] = null\n  }\n\n  _read () {\n    const { [kResume]: resume } = this\n\n    if (resume) {\n      this[kResume] = null\n      resume()\n    }\n  }\n\n  _destroy (err, callback) {\n    this._read()\n\n    callback(err)\n  }\n}\n\nclass PipelineResponse extends Readable {\n  constructor (resume) {\n    super({ autoDestroy: true })\n    this[kResume] = resume\n  }\n\n  _read () {\n    this[kResume]()\n  }\n\n  _destroy (err, callback) {\n    if (!err && !this._readableState.endEmitted) {\n      err = new RequestAbortedError()\n    }\n\n    callback(err)\n  }\n}\n\nclass PipelineHandler extends AsyncResource {\n  constructor (opts, handler) {\n    if (!opts || typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    if (typeof handler !== 'function') {\n      throw new InvalidArgumentError('invalid handler')\n    }\n\n    const { signal, method, opaque, onInfo, responseHeaders } = opts\n\n    if (signal && typeof signal.on !== 'function' && typeof signal.addEventListener !== 'function') {\n      throw new InvalidArgumentError('signal must be an EventEmitter or EventTarget')\n    }\n\n    if (method === 'CONNECT') {\n      throw new InvalidArgumentError('invalid method')\n    }\n\n    if (onInfo && typeof onInfo !== 'function') {\n      throw new InvalidArgumentError('invalid onInfo callback')\n    }\n\n    super('UNDICI_PIPELINE')\n\n    this.opaque = opaque || null\n    this.responseHeaders = responseHeaders || null\n    this.handler = handler\n    this.abort = null\n    this.context = null\n    this.onInfo = onInfo || null\n\n    this.req = new PipelineRequest().on('error', util.nop)\n\n    this.ret = new Duplex({\n      readableObjectMode: opts.objectMode,\n      autoDestroy: true,\n      read: () => {\n        const { body } = this\n\n        if (body && body.resume) {\n          body.resume()\n        }\n      },\n      write: (chunk, encoding, callback) => {\n        const { req } = this\n\n        if (req.push(chunk, encoding) || req._readableState.destroyed) {\n          callback()\n        } else {\n          req[kResume] = callback\n        }\n      },\n      destroy: (err, callback) => {\n        const { body, req, res, ret, abort } = this\n\n        if (!err && !ret._readableState.endEmitted) {\n          err = new RequestAbortedError()\n        }\n\n        if (abort && err) {\n          abort()\n        }\n\n        util.destroy(body, err)\n        util.destroy(req, err)\n        util.destroy(res, err)\n\n        removeSignal(this)\n\n        callback(err)\n      }\n    }).on('prefinish', () => {\n      const { req } = this\n\n      // Node < 15 does not call _final in same tick.\n      req.push(null)\n    })\n\n    this.res = null\n\n    addSignal(this, signal)\n  }\n\n  onConnect (abort, context) {\n    const { ret, res } = this\n\n    assert(!res, 'pipeline cannot be retried')\n\n    if (ret.destroyed) {\n      throw new RequestAbortedError()\n    }\n\n    this.abort = abort\n    this.context = context\n  }\n\n  onHeaders (statusCode, rawHeaders, resume) {\n    const { opaque, handler, context } = this\n\n    if (statusCode < 200) {\n      if (this.onInfo) {\n        const headers = this.responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n        this.onInfo({ statusCode, headers })\n      }\n      return\n    }\n\n    this.res = new PipelineResponse(resume)\n\n    let body\n    try {\n      this.handler = null\n      const headers = this.responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n      body = this.runInAsyncScope(handler, null, {\n        statusCode,\n        headers,\n        opaque,\n        body: this.res,\n        context\n      })\n    } catch (err) {\n      this.res.on('error', util.nop)\n      throw err\n    }\n\n    if (!body || typeof body.on !== 'function') {\n      throw new InvalidReturnValueError('expected Readable')\n    }\n\n    body\n      .on('data', (chunk) => {\n        const { ret, body } = this\n\n        if (!ret.push(chunk) && body.pause) {\n          body.pause()\n        }\n      })\n      .on('error', (err) => {\n        const { ret } = this\n\n        util.destroy(ret, err)\n      })\n      .on('end', () => {\n        const { ret } = this\n\n        ret.push(null)\n      })\n      .on('close', () => {\n        const { ret } = this\n\n        if (!ret._readableState.ended) {\n          util.destroy(ret, new RequestAbortedError())\n        }\n      })\n\n    this.body = body\n  }\n\n  onData (chunk) {\n    const { res } = this\n    return res.push(chunk)\n  }\n\n  onComplete (trailers) {\n    const { res } = this\n    res.push(null)\n  }\n\n  onError (err) {\n    const { ret } = this\n    this.handler = null\n    util.destroy(ret, err)\n  }\n}\n\nfunction pipeline (opts, handler) {\n  try {\n    const pipelineHandler = new PipelineHandler(opts, handler)\n    this.dispatch({ ...opts, body: pipelineHandler.req }, pipelineHandler)\n    return pipelineHandler.ret\n  } catch (err) {\n    return new PassThrough().destroy(err)\n  }\n}\n\nmodule.exports = pipeline\n","'use strict'\n\nconst Readable = require('./readable')\nconst {\n  InvalidArgumentError,\n  RequestAbortedError\n} = require('../core/errors')\nconst util = require('../core/util')\nconst { getResolveErrorBodyCallback } = require('./util')\nconst { AsyncResource } = require('async_hooks')\nconst { addSignal, removeSignal } = require('./abort-signal')\n\nclass RequestHandler extends AsyncResource {\n  constructor (opts, callback) {\n    if (!opts || typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    const { signal, method, opaque, body, onInfo, responseHeaders, throwOnError, highWaterMark } = opts\n\n    try {\n      if (typeof callback !== 'function') {\n        throw new InvalidArgumentError('invalid callback')\n      }\n\n      if (highWaterMark && (typeof highWaterMark !== 'number' || highWaterMark < 0)) {\n        throw new InvalidArgumentError('invalid highWaterMark')\n      }\n\n      if (signal && typeof signal.on !== 'function' && typeof signal.addEventListener !== 'function') {\n        throw new InvalidArgumentError('signal must be an EventEmitter or EventTarget')\n      }\n\n      if (method === 'CONNECT') {\n        throw new InvalidArgumentError('invalid method')\n      }\n\n      if (onInfo && typeof onInfo !== 'function') {\n        throw new InvalidArgumentError('invalid onInfo callback')\n      }\n\n      super('UNDICI_REQUEST')\n    } catch (err) {\n      if (util.isStream(body)) {\n        util.destroy(body.on('error', util.nop), err)\n      }\n      throw err\n    }\n\n    this.responseHeaders = responseHeaders || null\n    this.opaque = opaque || null\n    this.callback = callback\n    this.res = null\n    this.abort = null\n    this.body = body\n    this.trailers = {}\n    this.context = null\n    this.onInfo = onInfo || null\n    this.throwOnError = throwOnError\n    this.highWaterMark = highWaterMark\n\n    if (util.isStream(body)) {\n      body.on('error', (err) => {\n        this.onError(err)\n      })\n    }\n\n    addSignal(this, signal)\n  }\n\n  onConnect (abort, context) {\n    if (!this.callback) {\n      throw new RequestAbortedError()\n    }\n\n    this.abort = abort\n    this.context = context\n  }\n\n  onHeaders (statusCode, rawHeaders, resume, statusMessage) {\n    const { callback, opaque, abort, context, responseHeaders, highWaterMark } = this\n\n    const headers = responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n\n    if (statusCode < 200) {\n      if (this.onInfo) {\n        this.onInfo({ statusCode, headers })\n      }\n      return\n    }\n\n    const parsedHeaders = responseHeaders === 'raw' ? util.parseHeaders(rawHeaders) : headers\n    const contentType = parsedHeaders['content-type']\n    const body = new Readable({ resume, abort, contentType, highWaterMark })\n\n    this.callback = null\n    this.res = body\n    if (callback !== null) {\n      if (this.throwOnError && statusCode >= 400) {\n        this.runInAsyncScope(getResolveErrorBodyCallback, null,\n          { callback, body, contentType, statusCode, statusMessage, headers }\n        )\n      } else {\n        this.runInAsyncScope(callback, null, null, {\n          statusCode,\n          headers,\n          trailers: this.trailers,\n          opaque,\n          body,\n          context\n        })\n      }\n    }\n  }\n\n  onData (chunk) {\n    const { res } = this\n    return res.push(chunk)\n  }\n\n  onComplete (trailers) {\n    const { res } = this\n\n    removeSignal(this)\n\n    util.parseHeaders(trailers, this.trailers)\n\n    res.push(null)\n  }\n\n  onError (err) {\n    const { res, callback, body, opaque } = this\n\n    removeSignal(this)\n\n    if (callback) {\n      // TODO: Does this need queueMicrotask?\n      this.callback = null\n      queueMicrotask(() => {\n        this.runInAsyncScope(callback, null, err, { opaque })\n      })\n    }\n\n    if (res) {\n      this.res = null\n      // Ensure all queued handlers are invoked before destroying res.\n      queueMicrotask(() => {\n        util.destroy(res, err)\n      })\n    }\n\n    if (body) {\n      this.body = null\n      util.destroy(body, err)\n    }\n  }\n}\n\nfunction request (opts, callback) {\n  if (callback === undefined) {\n    return new Promise((resolve, reject) => {\n      request.call(this, opts, (err, data) => {\n        return err ? reject(err) : resolve(data)\n      })\n    })\n  }\n\n  try {\n    this.dispatch(opts, new RequestHandler(opts, callback))\n  } catch (err) {\n    if (typeof callback !== 'function') {\n      throw err\n    }\n    const opaque = opts && opts.opaque\n    queueMicrotask(() => callback(err, { opaque }))\n  }\n}\n\nmodule.exports = request\nmodule.exports.RequestHandler = RequestHandler\n","'use strict'\n\nconst { finished, PassThrough } = require('stream')\nconst {\n  InvalidArgumentError,\n  InvalidReturnValueError,\n  RequestAbortedError\n} = require('../core/errors')\nconst util = require('../core/util')\nconst { getResolveErrorBodyCallback } = require('./util')\nconst { AsyncResource } = require('async_hooks')\nconst { addSignal, removeSignal } = require('./abort-signal')\n\nclass StreamHandler extends AsyncResource {\n  constructor (opts, factory, callback) {\n    if (!opts || typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    const { signal, method, opaque, body, onInfo, responseHeaders, throwOnError } = opts\n\n    try {\n      if (typeof callback !== 'function') {\n        throw new InvalidArgumentError('invalid callback')\n      }\n\n      if (typeof factory !== 'function') {\n        throw new InvalidArgumentError('invalid factory')\n      }\n\n      if (signal && typeof signal.on !== 'function' && typeof signal.addEventListener !== 'function') {\n        throw new InvalidArgumentError('signal must be an EventEmitter or EventTarget')\n      }\n\n      if (method === 'CONNECT') {\n        throw new InvalidArgumentError('invalid method')\n      }\n\n      if (onInfo && typeof onInfo !== 'function') {\n        throw new InvalidArgumentError('invalid onInfo callback')\n      }\n\n      super('UNDICI_STREAM')\n    } catch (err) {\n      if (util.isStream(body)) {\n        util.destroy(body.on('error', util.nop), err)\n      }\n      throw err\n    }\n\n    this.responseHeaders = responseHeaders || null\n    this.opaque = opaque || null\n    this.factory = factory\n    this.callback = callback\n    this.res = null\n    this.abort = null\n    this.context = null\n    this.trailers = null\n    this.body = body\n    this.onInfo = onInfo || null\n    this.throwOnError = throwOnError || false\n\n    if (util.isStream(body)) {\n      body.on('error', (err) => {\n        this.onError(err)\n      })\n    }\n\n    addSignal(this, signal)\n  }\n\n  onConnect (abort, context) {\n    if (!this.callback) {\n      throw new RequestAbortedError()\n    }\n\n    this.abort = abort\n    this.context = context\n  }\n\n  onHeaders (statusCode, rawHeaders, resume, statusMessage) {\n    const { factory, opaque, context, callback, responseHeaders } = this\n\n    const headers = responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n\n    if (statusCode < 200) {\n      if (this.onInfo) {\n        this.onInfo({ statusCode, headers })\n      }\n      return\n    }\n\n    this.factory = null\n\n    let res\n\n    if (this.throwOnError && statusCode >= 400) {\n      const parsedHeaders = responseHeaders === 'raw' ? util.parseHeaders(rawHeaders) : headers\n      const contentType = parsedHeaders['content-type']\n      res = new PassThrough()\n\n      this.callback = null\n      this.runInAsyncScope(getResolveErrorBodyCallback, null,\n        { callback, body: res, contentType, statusCode, statusMessage, headers }\n      )\n    } else {\n      if (factory === null) {\n        return\n      }\n\n      res = this.runInAsyncScope(factory, null, {\n        statusCode,\n        headers,\n        opaque,\n        context\n      })\n\n      if (\n        !res ||\n        typeof res.write !== 'function' ||\n        typeof res.end !== 'function' ||\n        typeof res.on !== 'function'\n      ) {\n        throw new InvalidReturnValueError('expected Writable')\n      }\n\n      // TODO: Avoid finished. It registers an unnecessary amount of listeners.\n      finished(res, { readable: false }, (err) => {\n        const { callback, res, opaque, trailers, abort } = this\n\n        this.res = null\n        if (err || !res.readable) {\n          util.destroy(res, err)\n        }\n\n        this.callback = null\n        this.runInAsyncScope(callback, null, err || null, { opaque, trailers })\n\n        if (err) {\n          abort()\n        }\n      })\n    }\n\n    res.on('drain', resume)\n\n    this.res = res\n\n    const needDrain = res.writableNeedDrain !== undefined\n      ? res.writableNeedDrain\n      : res._writableState && res._writableState.needDrain\n\n    return needDrain !== true\n  }\n\n  onData (chunk) {\n    const { res } = this\n\n    return res ? res.write(chunk) : true\n  }\n\n  onComplete (trailers) {\n    const { res } = this\n\n    removeSignal(this)\n\n    if (!res) {\n      return\n    }\n\n    this.trailers = util.parseHeaders(trailers)\n\n    res.end()\n  }\n\n  onError (err) {\n    const { res, callback, opaque, body } = this\n\n    removeSignal(this)\n\n    this.factory = null\n\n    if (res) {\n      this.res = null\n      util.destroy(res, err)\n    } else if (callback) {\n      this.callback = null\n      queueMicrotask(() => {\n        this.runInAsyncScope(callback, null, err, { opaque })\n      })\n    }\n\n    if (body) {\n      this.body = null\n      util.destroy(body, err)\n    }\n  }\n}\n\nfunction stream (opts, factory, callback) {\n  if (callback === undefined) {\n    return new Promise((resolve, reject) => {\n      stream.call(this, opts, factory, (err, data) => {\n        return err ? reject(err) : resolve(data)\n      })\n    })\n  }\n\n  try {\n    this.dispatch(opts, new StreamHandler(opts, factory, callback))\n  } catch (err) {\n    if (typeof callback !== 'function') {\n      throw err\n    }\n    const opaque = opts && opts.opaque\n    queueMicrotask(() => callback(err, { opaque }))\n  }\n}\n\nmodule.exports = stream\n","'use strict'\n\nconst { InvalidArgumentError, RequestAbortedError, SocketError } = require('../core/errors')\nconst { AsyncResource } = require('async_hooks')\nconst util = require('../core/util')\nconst { addSignal, removeSignal } = require('./abort-signal')\nconst assert = require('assert')\n\nclass UpgradeHandler extends AsyncResource {\n  constructor (opts, callback) {\n    if (!opts || typeof opts !== 'object') {\n      throw new InvalidArgumentError('invalid opts')\n    }\n\n    if (typeof callback !== 'function') {\n      throw new InvalidArgumentError('invalid callback')\n    }\n\n    const { signal, opaque, responseHeaders } = opts\n\n    if (signal && typeof signal.on !== 'function' && typeof signal.addEventListener !== 'function') {\n      throw new InvalidArgumentError('signal must be an EventEmitter or EventTarget')\n    }\n\n    super('UNDICI_UPGRADE')\n\n    this.responseHeaders = responseHeaders || null\n    this.opaque = opaque || null\n    this.callback = callback\n    this.abort = null\n    this.context = null\n\n    addSignal(this, signal)\n  }\n\n  onConnect (abort, context) {\n    if (!this.callback) {\n      throw new RequestAbortedError()\n    }\n\n    this.abort = abort\n    this.context = null\n  }\n\n  onHeaders () {\n    throw new SocketError('bad upgrade', null)\n  }\n\n  onUpgrade (statusCode, rawHeaders, socket) {\n    const { callback, opaque, context } = this\n\n    assert.strictEqual(statusCode, 101)\n\n    removeSignal(this)\n\n    this.callback = null\n    const headers = this.responseHeaders === 'raw' ? util.parseRawHeaders(rawHeaders) : util.parseHeaders(rawHeaders)\n    this.runInAsyncScope(callback, null, null, {\n      headers,\n      socket,\n      opaque,\n      context\n    })\n  }\n\n  onError (err) {\n    const { callback, opaque } = this\n\n    removeSignal(this)\n\n    if (callback) {\n      this.callback = null\n      queueMicrotask(() => {\n        this.runInAsyncScope(callback, null, err, { opaque })\n      })\n    }\n  }\n}\n\nfunction upgrade (opts, callback) {\n  if (callback === undefined) {\n    return new Promise((resolve, reject) => {\n      upgrade.call(this, opts, (err, data) => {\n        return err ? reject(err) : resolve(data)\n      })\n    })\n  }\n\n  try {\n    const upgradeHandler = new UpgradeHandler(opts, callback)\n    this.dispatch({\n      ...opts,\n      method: opts.method || 'GET',\n      upgrade: opts.protocol || 'Websocket'\n    }, upgradeHandler)\n  } catch (err) {\n    if (typeof callback !== 'function') {\n      throw err\n    }\n    const opaque = opts && opts.opaque\n    queueMicrotask(() => callback(err, { opaque }))\n  }\n}\n\nmodule.exports = upgrade\n","'use strict'\n\nmodule.exports.request = require('./api-request')\nmodule.exports.stream = require('./api-stream')\nmodule.exports.pipeline = require('./api-pipeline')\nmodule.exports.upgrade = require('./api-upgrade')\nmodule.exports.connect = require('./api-connect')\n","// Ported from https://github.com/nodejs/undici/pull/907\n\n'use strict'\n\nconst assert = require('assert')\nconst { Readable } = require('stream')\nconst { RequestAbortedError, NotSupportedError, InvalidArgumentError } = require('../core/errors')\nconst util = require('../core/util')\nconst { ReadableStreamFrom, toUSVString } = require('../core/util')\n\nlet Blob\n\nconst kConsume = Symbol('kConsume')\nconst kReading = Symbol('kReading')\nconst kBody = Symbol('kBody')\nconst kAbort = Symbol('abort')\nconst kContentType = Symbol('kContentType')\n\nconst noop = () => {}\n\nmodule.exports = class BodyReadable extends Readable {\n  constructor ({\n    resume,\n    abort,\n    contentType = '',\n    highWaterMark = 64 * 1024 // Same as nodejs fs streams.\n  }) {\n    super({\n      autoDestroy: true,\n      read: resume,\n      highWaterMark\n    })\n\n    this._readableState.dataEmitted = false\n\n    this[kAbort] = abort\n    this[kConsume] = null\n    this[kBody] = null\n    this[kContentType] = contentType\n\n    // Is stream being consumed through Readable API?\n    // This is an optimization so that we avoid checking\n    // for 'data' and 'readable' listeners in the hot path\n    // inside push().\n    this[kReading] = false\n  }\n\n  destroy (err) {\n    if (this.destroyed) {\n      // Node < 16\n      return this\n    }\n\n    if (!err && !this._readableState.endEmitted) {\n      err = new RequestAbortedError()\n    }\n\n    if (err) {\n      this[kAbort]()\n    }\n\n    return super.destroy(err)\n  }\n\n  emit (ev, ...args) {\n    if (ev === 'data') {\n      // Node < 16.7\n      this._readableState.dataEmitted = true\n    } else if (ev === 'error') {\n      // Node < 16\n      this._readableState.errorEmitted = true\n    }\n    return super.emit(ev, ...args)\n  }\n\n  on (ev, ...args) {\n    if (ev === 'data' || ev === 'readable') {\n      this[kReading] = true\n    }\n    return super.on(ev, ...args)\n  }\n\n  addListener (ev, ...args) {\n    return this.on(ev, ...args)\n  }\n\n  off (ev, ...args) {\n    const ret = super.off(ev, ...args)\n    if (ev === 'data' || ev === 'readable') {\n      this[kReading] = (\n        this.listenerCount('data') > 0 ||\n        this.listenerCount('readable') > 0\n      )\n    }\n    return ret\n  }\n\n  removeListener (ev, ...args) {\n    return this.off(ev, ...args)\n  }\n\n  push (chunk) {\n    if (this[kConsume] && chunk !== null && this.readableLength === 0) {\n      consumePush(this[kConsume], chunk)\n      return this[kReading] ? super.push(chunk) : true\n    }\n    return super.push(chunk)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-text\n  async text () {\n    return consume(this, 'text')\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-json\n  async json () {\n    return consume(this, 'json')\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-blob\n  async blob () {\n    return consume(this, 'blob')\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-arraybuffer\n  async arrayBuffer () {\n    return consume(this, 'arrayBuffer')\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-formdata\n  async formData () {\n    // TODO: Implement.\n    throw new NotSupportedError()\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-bodyused\n  get bodyUsed () {\n    return util.isDisturbed(this)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-body-body\n  get body () {\n    if (!this[kBody]) {\n      this[kBody] = ReadableStreamFrom(this)\n      if (this[kConsume]) {\n        // TODO: Is this the best way to force a lock?\n        this[kBody].getReader() // Ensure stream is locked.\n        assert(this[kBody].locked)\n      }\n    }\n    return this[kBody]\n  }\n\n  dump (opts) {\n    let limit = opts && Number.isFinite(opts.limit) ? opts.limit : 262144\n    const signal = opts && opts.signal\n\n    if (signal) {\n      try {\n        if (typeof signal !== 'object' || !('aborted' in signal)) {\n          throw new InvalidArgumentError('signal must be an AbortSignal')\n        }\n        util.throwIfAborted(signal)\n      } catch (err) {\n        return Promise.reject(err)\n      }\n    }\n\n    if (this.closed) {\n      return Promise.resolve(null)\n    }\n\n    return new Promise((resolve, reject) => {\n      const signalListenerCleanup = signal\n        ? util.addAbortListener(signal, () => {\n          this.destroy()\n        })\n        : noop\n\n      this\n        .on('close', function () {\n          signalListenerCleanup()\n          if (signal && signal.aborted) {\n            reject(signal.reason || Object.assign(new Error('The operation was aborted'), { name: 'AbortError' }))\n          } else {\n            resolve(null)\n          }\n        })\n        .on('error', noop)\n        .on('data', function (chunk) {\n          limit -= chunk.length\n          if (limit <= 0) {\n            this.destroy()\n          }\n        })\n        .resume()\n    })\n  }\n}\n\n// https://streams.spec.whatwg.org/#readablestream-locked\nfunction isLocked (self) {\n  // Consume is an implicit lock.\n  return (self[kBody] && self[kBody].locked === true) || self[kConsume]\n}\n\n// https://fetch.spec.whatwg.org/#body-unusable\nfunction isUnusable (self) {\n  return util.isDisturbed(self) || isLocked(self)\n}\n\nasync function consume (stream, type) {\n  if (isUnusable(stream)) {\n    throw new TypeError('unusable')\n  }\n\n  assert(!stream[kConsume])\n\n  return new Promise((resolve, reject) => {\n    stream[kConsume] = {\n      type,\n      stream,\n      resolve,\n      reject,\n      length: 0,\n      body: []\n    }\n\n    stream\n      .on('error', function (err) {\n        consumeFinish(this[kConsume], err)\n      })\n      .on('close', function () {\n        if (this[kConsume].body !== null) {\n          consumeFinish(this[kConsume], new RequestAbortedError())\n        }\n      })\n\n    process.nextTick(consumeStart, stream[kConsume])\n  })\n}\n\nfunction consumeStart (consume) {\n  if (consume.body === null) {\n    return\n  }\n\n  const { _readableState: state } = consume.stream\n\n  for (const chunk of state.buffer) {\n    consumePush(consume, chunk)\n  }\n\n  if (state.endEmitted) {\n    consumeEnd(this[kConsume])\n  } else {\n    consume.stream.on('end', function () {\n      consumeEnd(this[kConsume])\n    })\n  }\n\n  consume.stream.resume()\n\n  while (consume.stream.read() != null) {\n    // Loop\n  }\n}\n\nfunction consumeEnd (consume) {\n  const { type, body, resolve, stream, length } = consume\n\n  try {\n    if (type === 'text') {\n      resolve(toUSVString(Buffer.concat(body)))\n    } else if (type === 'json') {\n      resolve(JSON.parse(Buffer.concat(body)))\n    } else if (type === 'arrayBuffer') {\n      const dst = new Uint8Array(length)\n\n      let pos = 0\n      for (const buf of body) {\n        dst.set(buf, pos)\n        pos += buf.byteLength\n      }\n\n      resolve(dst.buffer)\n    } else if (type === 'blob') {\n      if (!Blob) {\n        Blob = require('buffer').Blob\n      }\n      resolve(new Blob(body, { type: stream[kContentType] }))\n    }\n\n    consumeFinish(consume)\n  } catch (err) {\n    stream.destroy(err)\n  }\n}\n\nfunction consumePush (consume, chunk) {\n  consume.length += chunk.length\n  consume.body.push(chunk)\n}\n\nfunction consumeFinish (consume, err) {\n  if (consume.body === null) {\n    return\n  }\n\n  if (err) {\n    consume.reject(err)\n  } else {\n    consume.resolve()\n  }\n\n  consume.type = null\n  consume.stream = null\n  consume.resolve = null\n  consume.reject = null\n  consume.length = 0\n  consume.body = null\n}\n","const assert = require('assert')\nconst {\n  ResponseStatusCodeError\n} = require('../core/errors')\nconst { toUSVString } = require('../core/util')\n\nasync function getResolveErrorBodyCallback ({ callback, body, contentType, statusCode, statusMessage, headers }) {\n  assert(body)\n\n  let chunks = []\n  let limit = 0\n\n  for await (const chunk of body) {\n    chunks.push(chunk)\n    limit += chunk.length\n    if (limit > 128 * 1024) {\n      chunks = null\n      break\n    }\n  }\n\n  if (statusCode === 204 || !contentType || !chunks) {\n    process.nextTick(callback, new ResponseStatusCodeError(`Response status code ${statusCode}${statusMessage ? `: ${statusMessage}` : ''}`, statusCode, headers))\n    return\n  }\n\n  try {\n    if (contentType.startsWith('application/json')) {\n      const payload = JSON.parse(toUSVString(Buffer.concat(chunks)))\n      process.nextTick(callback, new ResponseStatusCodeError(`Response status code ${statusCode}${statusMessage ? `: ${statusMessage}` : ''}`, statusCode, headers, payload))\n      return\n    }\n\n    if (contentType.startsWith('text/')) {\n      const payload = toUSVString(Buffer.concat(chunks))\n      process.nextTick(callback, new ResponseStatusCodeError(`Response status code ${statusCode}${statusMessage ? `: ${statusMessage}` : ''}`, statusCode, headers, payload))\n      return\n    }\n  } catch (err) {\n    // Process in a fallback if error\n  }\n\n  process.nextTick(callback, new ResponseStatusCodeError(`Response status code ${statusCode}${statusMessage ? `: ${statusMessage}` : ''}`, statusCode, headers))\n}\n\nmodule.exports = { getResolveErrorBodyCallback }\n","'use strict'\n\nconst {\n  BalancedPoolMissingUpstreamError,\n  InvalidArgumentError\n} = require('./core/errors')\nconst {\n  PoolBase,\n  kClients,\n  kNeedDrain,\n  kAddClient,\n  kRemoveClient,\n  kGetDispatcher\n} = require('./pool-base')\nconst Pool = require('./pool')\nconst { kUrl, kInterceptors } = require('./core/symbols')\nconst { parseOrigin } = require('./core/util')\nconst kFactory = Symbol('factory')\n\nconst kOptions = Symbol('options')\nconst kGreatestCommonDivisor = Symbol('kGreatestCommonDivisor')\nconst kCurrentWeight = Symbol('kCurrentWeight')\nconst kIndex = Symbol('kIndex')\nconst kWeight = Symbol('kWeight')\nconst kMaxWeightPerServer = Symbol('kMaxWeightPerServer')\nconst kErrorPenalty = Symbol('kErrorPenalty')\n\nfunction getGreatestCommonDivisor (a, b) {\n  if (b === 0) return a\n  return getGreatestCommonDivisor(b, a % b)\n}\n\nfunction defaultFactory (origin, opts) {\n  return new Pool(origin, opts)\n}\n\nclass BalancedPool extends PoolBase {\n  constructor (upstreams = [], { factory = defaultFactory, ...opts } = {}) {\n    super()\n\n    this[kOptions] = opts\n    this[kIndex] = -1\n    this[kCurrentWeight] = 0\n\n    this[kMaxWeightPerServer] = this[kOptions].maxWeightPerServer || 100\n    this[kErrorPenalty] = this[kOptions].errorPenalty || 15\n\n    if (!Array.isArray(upstreams)) {\n      upstreams = [upstreams]\n    }\n\n    if (typeof factory !== 'function') {\n      throw new InvalidArgumentError('factory must be a function.')\n    }\n\n    this[kInterceptors] = opts.interceptors && opts.interceptors.BalancedPool && Array.isArray(opts.interceptors.BalancedPool)\n      ? opts.interceptors.BalancedPool\n      : []\n    this[kFactory] = factory\n\n    for (const upstream of upstreams) {\n      this.addUpstream(upstream)\n    }\n    this._updateBalancedPoolStats()\n  }\n\n  addUpstream (upstream) {\n    const upstreamOrigin = parseOrigin(upstream).origin\n\n    if (this[kClients].find((pool) => (\n      pool[kUrl].origin === upstreamOrigin &&\n      pool.closed !== true &&\n      pool.destroyed !== true\n    ))) {\n      return this\n    }\n    const pool = this[kFactory](upstreamOrigin, Object.assign({}, this[kOptions]))\n\n    this[kAddClient](pool)\n    pool.on('connect', () => {\n      pool[kWeight] = Math.min(this[kMaxWeightPerServer], pool[kWeight] + this[kErrorPenalty])\n    })\n\n    pool.on('connectionError', () => {\n      pool[kWeight] = Math.max(1, pool[kWeight] - this[kErrorPenalty])\n      this._updateBalancedPoolStats()\n    })\n\n    pool.on('disconnect', (...args) => {\n      const err = args[2]\n      if (err && err.code === 'UND_ERR_SOCKET') {\n        // decrease the weight of the pool.\n        pool[kWeight] = Math.max(1, pool[kWeight] - this[kErrorPenalty])\n        this._updateBalancedPoolStats()\n      }\n    })\n\n    for (const client of this[kClients]) {\n      client[kWeight] = this[kMaxWeightPerServer]\n    }\n\n    this._updateBalancedPoolStats()\n\n    return this\n  }\n\n  _updateBalancedPoolStats () {\n    this[kGreatestCommonDivisor] = this[kClients].map(p => p[kWeight]).reduce(getGreatestCommonDivisor, 0)\n  }\n\n  removeUpstream (upstream) {\n    const upstreamOrigin = parseOrigin(upstream).origin\n\n    const pool = this[kClients].find((pool) => (\n      pool[kUrl].origin === upstreamOrigin &&\n      pool.closed !== true &&\n      pool.destroyed !== true\n    ))\n\n    if (pool) {\n      this[kRemoveClient](pool)\n    }\n\n    return this\n  }\n\n  get upstreams () {\n    return this[kClients]\n      .filter(dispatcher => dispatcher.closed !== true && dispatcher.destroyed !== true)\n      .map((p) => p[kUrl].origin)\n  }\n\n  [kGetDispatcher] () {\n    // We validate that pools is greater than 0,\n    // otherwise we would have to wait until an upstream\n    // is added, which might never happen.\n    if (this[kClients].length === 0) {\n      throw new BalancedPoolMissingUpstreamError()\n    }\n\n    const dispatcher = this[kClients].find(dispatcher => (\n      !dispatcher[kNeedDrain] &&\n      dispatcher.closed !== true &&\n      dispatcher.destroyed !== true\n    ))\n\n    if (!dispatcher) {\n      return\n    }\n\n    const allClientsBusy = this[kClients].map(pool => pool[kNeedDrain]).reduce((a, b) => a && b, true)\n\n    if (allClientsBusy) {\n      return\n    }\n\n    let counter = 0\n\n    let maxWeightIndex = this[kClients].findIndex(pool => !pool[kNeedDrain])\n\n    while (counter++ < this[kClients].length) {\n      this[kIndex] = (this[kIndex] + 1) % this[kClients].length\n      const pool = this[kClients][this[kIndex]]\n\n      // find pool index with the largest weight\n      if (pool[kWeight] > this[kClients][maxWeightIndex][kWeight] && !pool[kNeedDrain]) {\n        maxWeightIndex = this[kIndex]\n      }\n\n      // decrease the current weight every `this[kClients].length`.\n      if (this[kIndex] === 0) {\n        // Set the current weight to the next lower weight.\n        this[kCurrentWeight] = this[kCurrentWeight] - this[kGreatestCommonDivisor]\n\n        if (this[kCurrentWeight] <= 0) {\n          this[kCurrentWeight] = this[kMaxWeightPerServer]\n        }\n      }\n      if (pool[kWeight] >= this[kCurrentWeight] && (!pool[kNeedDrain])) {\n        return pool\n      }\n    }\n\n    this[kCurrentWeight] = this[kClients][maxWeightIndex][kWeight]\n    this[kIndex] = maxWeightIndex\n    return this[kClients][maxWeightIndex]\n  }\n}\n\nmodule.exports = BalancedPool\n","'use strict'\n\nconst { kConstruct } = require('./symbols')\nconst { urlEquals, fieldValues: getFieldValues } = require('./util')\nconst { kEnumerableProperty, isDisturbed } = require('../core/util')\nconst { kHeadersList } = require('../core/symbols')\nconst { webidl } = require('../fetch/webidl')\nconst { Response, cloneResponse } = require('../fetch/response')\nconst { Request } = require('../fetch/request')\nconst { kState, kHeaders, kGuard, kRealm } = require('../fetch/symbols')\nconst { fetching } = require('../fetch/index')\nconst { urlIsHttpHttpsScheme, createDeferredPromise, readAllBytes } = require('../fetch/util')\nconst assert = require('assert')\nconst { getGlobalDispatcher } = require('../global')\n\n/**\n * @see https://w3c.github.io/ServiceWorker/#dfn-cache-batch-operation\n * @typedef {Object} CacheBatchOperation\n * @property {'delete' | 'put'} type\n * @property {any} request\n * @property {any} response\n * @property {import('../../types/cache').CacheQueryOptions} options\n */\n\n/**\n * @see https://w3c.github.io/ServiceWorker/#dfn-request-response-list\n * @typedef {[any, any][]} requestResponseList\n */\n\nclass Cache {\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#dfn-relevant-request-response-list\n   * @type {requestResponseList}\n   */\n  #relevantRequestResponseList\n\n  constructor () {\n    if (arguments[0] !== kConstruct) {\n      webidl.illegalConstructor()\n    }\n\n    this.#relevantRequestResponseList = arguments[1]\n  }\n\n  async match (request, options = {}) {\n    webidl.brandCheck(this, Cache)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Cache.match' })\n\n    request = webidl.converters.RequestInfo(request)\n    options = webidl.converters.CacheQueryOptions(options)\n\n    const p = await this.matchAll(request, options)\n\n    if (p.length === 0) {\n      return\n    }\n\n    return p[0]\n  }\n\n  async matchAll (request = undefined, options = {}) {\n    webidl.brandCheck(this, Cache)\n\n    if (request !== undefined) request = webidl.converters.RequestInfo(request)\n    options = webidl.converters.CacheQueryOptions(options)\n\n    // 1.\n    let r = null\n\n    // 2.\n    if (request !== undefined) {\n      if (request instanceof Request) {\n        // 2.1.1\n        r = request[kState]\n\n        // 2.1.2\n        if (r.method !== 'GET' && !options.ignoreMethod) {\n          return []\n        }\n      } else if (typeof request === 'string') {\n        // 2.2.1\n        r = new Request(request)[kState]\n      }\n    }\n\n    // 5.\n    // 5.1\n    const responses = []\n\n    // 5.2\n    if (request === undefined) {\n      // 5.2.1\n      for (const requestResponse of this.#relevantRequestResponseList) {\n        responses.push(requestResponse[1])\n      }\n    } else { // 5.3\n      // 5.3.1\n      const requestResponses = this.#queryCache(r, options)\n\n      // 5.3.2\n      for (const requestResponse of requestResponses) {\n        responses.push(requestResponse[1])\n      }\n    }\n\n    // 5.4\n    // We don't implement CORs so we don't need to loop over the responses, yay!\n\n    // 5.5.1\n    const responseList = []\n\n    // 5.5.2\n    for (const response of responses) {\n      // 5.5.2.1\n      const responseObject = new Response(response.body?.source ?? null)\n      const body = responseObject[kState].body\n      responseObject[kState] = response\n      responseObject[kState].body = body\n      responseObject[kHeaders][kHeadersList] = response.headersList\n      responseObject[kHeaders][kGuard] = 'immutable'\n\n      responseList.push(responseObject)\n    }\n\n    // 6.\n    return Object.freeze(responseList)\n  }\n\n  async add (request) {\n    webidl.brandCheck(this, Cache)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Cache.add' })\n\n    request = webidl.converters.RequestInfo(request)\n\n    // 1.\n    const requests = [request]\n\n    // 2.\n    const responseArrayPromise = this.addAll(requests)\n\n    // 3.\n    return await responseArrayPromise\n  }\n\n  async addAll (requests) {\n    webidl.brandCheck(this, Cache)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Cache.addAll' })\n\n    requests = webidl.converters['sequence<RequestInfo>'](requests)\n\n    // 1.\n    const responsePromises = []\n\n    // 2.\n    const requestList = []\n\n    // 3.\n    for (const request of requests) {\n      if (typeof request === 'string') {\n        continue\n      }\n\n      // 3.1\n      const r = request[kState]\n\n      // 3.2\n      if (!urlIsHttpHttpsScheme(r.url) || r.method !== 'GET') {\n        throw webidl.errors.exception({\n          header: 'Cache.addAll',\n          message: 'Expected http/s scheme when method is not GET.'\n        })\n      }\n    }\n\n    // 4.\n    /** @type {ReturnType<typeof fetching>[]} */\n    const fetchControllers = []\n\n    // 5.\n    for (const request of requests) {\n      // 5.1\n      const r = new Request(request)[kState]\n\n      // 5.2\n      if (!urlIsHttpHttpsScheme(r.url)) {\n        throw webidl.errors.exception({\n          header: 'Cache.addAll',\n          message: 'Expected http/s scheme.'\n        })\n      }\n\n      // 5.4\n      r.initiator = 'fetch'\n      r.destination = 'subresource'\n\n      // 5.5\n      requestList.push(r)\n\n      // 5.6\n      const responsePromise = createDeferredPromise()\n\n      // 5.7\n      fetchControllers.push(fetching({\n        request: r,\n        dispatcher: getGlobalDispatcher(),\n        processResponse (response) {\n          // 1.\n          if (response.type === 'error' || response.status === 206 || response.status < 200 || response.status > 299) {\n            responsePromise.reject(webidl.errors.exception({\n              header: 'Cache.addAll',\n              message: 'Received an invalid status code or the request failed.'\n            }))\n          } else if (response.headersList.contains('vary')) { // 2.\n            // 2.1\n            const fieldValues = getFieldValues(response.headersList.get('vary'))\n\n            // 2.2\n            for (const fieldValue of fieldValues) {\n              // 2.2.1\n              if (fieldValue === '*') {\n                responsePromise.reject(webidl.errors.exception({\n                  header: 'Cache.addAll',\n                  message: 'invalid vary field value'\n                }))\n\n                for (const controller of fetchControllers) {\n                  controller.abort()\n                }\n\n                return\n              }\n            }\n          }\n        },\n        processResponseEndOfBody (response) {\n          // 1.\n          if (response.aborted) {\n            responsePromise.reject(new DOMException('aborted', 'AbortError'))\n            return\n          }\n\n          // 2.\n          responsePromise.resolve(response)\n        }\n      }))\n\n      // 5.8\n      responsePromises.push(responsePromise.promise)\n    }\n\n    // 6.\n    const p = Promise.all(responsePromises)\n\n    // 7.\n    const responses = await p\n\n    // 7.1\n    const operations = []\n\n    // 7.2\n    let index = 0\n\n    // 7.3\n    for (const response of responses) {\n      // 7.3.1\n      /** @type {CacheBatchOperation} */\n      const operation = {\n        type: 'put', // 7.3.2\n        request: requestList[index], // 7.3.3\n        response // 7.3.4\n      }\n\n      operations.push(operation) // 7.3.5\n\n      index++ // 7.3.6\n    }\n\n    // 7.5\n    const cacheJobPromise = createDeferredPromise()\n\n    // 7.6.1\n    let errorData = null\n\n    // 7.6.2\n    try {\n      this.#batchCacheOperations(operations)\n    } catch (e) {\n      errorData = e\n    }\n\n    // 7.6.3\n    queueMicrotask(() => {\n      // 7.6.3.1\n      if (errorData === null) {\n        cacheJobPromise.resolve(undefined)\n      } else {\n        // 7.6.3.2\n        cacheJobPromise.reject(errorData)\n      }\n    })\n\n    // 7.7\n    return cacheJobPromise.promise\n  }\n\n  async put (request, response) {\n    webidl.brandCheck(this, Cache)\n    webidl.argumentLengthCheck(arguments, 2, { header: 'Cache.put' })\n\n    request = webidl.converters.RequestInfo(request)\n    response = webidl.converters.Response(response)\n\n    // 1.\n    let innerRequest = null\n\n    // 2.\n    if (request instanceof Request) {\n      innerRequest = request[kState]\n    } else { // 3.\n      innerRequest = new Request(request)[kState]\n    }\n\n    // 4.\n    if (!urlIsHttpHttpsScheme(innerRequest.url) || innerRequest.method !== 'GET') {\n      throw webidl.errors.exception({\n        header: 'Cache.put',\n        message: 'Expected an http/s scheme when method is not GET'\n      })\n    }\n\n    // 5.\n    const innerResponse = response[kState]\n\n    // 6.\n    if (innerResponse.status === 206) {\n      throw webidl.errors.exception({\n        header: 'Cache.put',\n        message: 'Got 206 status'\n      })\n    }\n\n    // 7.\n    if (innerResponse.headersList.contains('vary')) {\n      // 7.1.\n      const fieldValues = getFieldValues(innerResponse.headersList.get('vary'))\n\n      // 7.2.\n      for (const fieldValue of fieldValues) {\n        // 7.2.1\n        if (fieldValue === '*') {\n          throw webidl.errors.exception({\n            header: 'Cache.put',\n            message: 'Got * vary field value'\n          })\n        }\n      }\n    }\n\n    // 8.\n    if (innerResponse.body && (isDisturbed(innerResponse.body.stream) || innerResponse.body.stream.locked)) {\n      throw webidl.errors.exception({\n        header: 'Cache.put',\n        message: 'Response body is locked or disturbed'\n      })\n    }\n\n    // 9.\n    const clonedResponse = cloneResponse(innerResponse)\n\n    // 10.\n    const bodyReadPromise = createDeferredPromise()\n\n    // 11.\n    if (innerResponse.body != null) {\n      // 11.1\n      const stream = innerResponse.body.stream\n\n      // 11.2\n      const reader = stream.getReader()\n\n      // 11.3\n      readAllBytes(reader).then(bodyReadPromise.resolve, bodyReadPromise.reject)\n    } else {\n      bodyReadPromise.resolve(undefined)\n    }\n\n    // 12.\n    /** @type {CacheBatchOperation[]} */\n    const operations = []\n\n    // 13.\n    /** @type {CacheBatchOperation} */\n    const operation = {\n      type: 'put', // 14.\n      request: innerRequest, // 15.\n      response: clonedResponse // 16.\n    }\n\n    // 17.\n    operations.push(operation)\n\n    // 19.\n    const bytes = await bodyReadPromise.promise\n\n    if (clonedResponse.body != null) {\n      clonedResponse.body.source = bytes\n    }\n\n    // 19.1\n    const cacheJobPromise = createDeferredPromise()\n\n    // 19.2.1\n    let errorData = null\n\n    // 19.2.2\n    try {\n      this.#batchCacheOperations(operations)\n    } catch (e) {\n      errorData = e\n    }\n\n    // 19.2.3\n    queueMicrotask(() => {\n      // 19.2.3.1\n      if (errorData === null) {\n        cacheJobPromise.resolve()\n      } else { // 19.2.3.2\n        cacheJobPromise.reject(errorData)\n      }\n    })\n\n    return cacheJobPromise.promise\n  }\n\n  async delete (request, options = {}) {\n    webidl.brandCheck(this, Cache)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Cache.delete' })\n\n    request = webidl.converters.RequestInfo(request)\n    options = webidl.converters.CacheQueryOptions(options)\n\n    /**\n     * @type {Request}\n     */\n    let r = null\n\n    if (request instanceof Request) {\n      r = request[kState]\n\n      if (r.method !== 'GET' && !options.ignoreMethod) {\n        return false\n      }\n    } else {\n      assert(typeof request === 'string')\n\n      r = new Request(request)[kState]\n    }\n\n    /** @type {CacheBatchOperation[]} */\n    const operations = []\n\n    /** @type {CacheBatchOperation} */\n    const operation = {\n      type: 'delete',\n      request: r,\n      options\n    }\n\n    operations.push(operation)\n\n    const cacheJobPromise = createDeferredPromise()\n\n    let errorData = null\n    let requestResponses\n\n    try {\n      requestResponses = this.#batchCacheOperations(operations)\n    } catch (e) {\n      errorData = e\n    }\n\n    queueMicrotask(() => {\n      if (errorData === null) {\n        cacheJobPromise.resolve(!!requestResponses?.length)\n      } else {\n        cacheJobPromise.reject(errorData)\n      }\n    })\n\n    return cacheJobPromise.promise\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#dom-cache-keys\n   * @param {any} request\n   * @param {import('../../types/cache').CacheQueryOptions} options\n   * @returns {readonly Request[]}\n   */\n  async keys (request = undefined, options = {}) {\n    webidl.brandCheck(this, Cache)\n\n    if (request !== undefined) request = webidl.converters.RequestInfo(request)\n    options = webidl.converters.CacheQueryOptions(options)\n\n    // 1.\n    let r = null\n\n    // 2.\n    if (request !== undefined) {\n      // 2.1\n      if (request instanceof Request) {\n        // 2.1.1\n        r = request[kState]\n\n        // 2.1.2\n        if (r.method !== 'GET' && !options.ignoreMethod) {\n          return []\n        }\n      } else if (typeof request === 'string') { // 2.2\n        r = new Request(request)[kState]\n      }\n    }\n\n    // 4.\n    const promise = createDeferredPromise()\n\n    // 5.\n    // 5.1\n    const requests = []\n\n    // 5.2\n    if (request === undefined) {\n      // 5.2.1\n      for (const requestResponse of this.#relevantRequestResponseList) {\n        // 5.2.1.1\n        requests.push(requestResponse[0])\n      }\n    } else { // 5.3\n      // 5.3.1\n      const requestResponses = this.#queryCache(r, options)\n\n      // 5.3.2\n      for (const requestResponse of requestResponses) {\n        // 5.3.2.1\n        requests.push(requestResponse[0])\n      }\n    }\n\n    // 5.4\n    queueMicrotask(() => {\n      // 5.4.1\n      const requestList = []\n\n      // 5.4.2\n      for (const request of requests) {\n        const requestObject = new Request('https://a')\n        requestObject[kState] = request\n        requestObject[kHeaders][kHeadersList] = request.headersList\n        requestObject[kHeaders][kGuard] = 'immutable'\n        requestObject[kRealm] = request.client\n\n        // 5.4.2.1\n        requestList.push(requestObject)\n      }\n\n      // 5.4.3\n      promise.resolve(Object.freeze(requestList))\n    })\n\n    return promise.promise\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#batch-cache-operations-algorithm\n   * @param {CacheBatchOperation[]} operations\n   * @returns {requestResponseList}\n   */\n  #batchCacheOperations (operations) {\n    // 1.\n    const cache = this.#relevantRequestResponseList\n\n    // 2.\n    const backupCache = [...cache]\n\n    // 3.\n    const addedItems = []\n\n    // 4.1\n    const resultList = []\n\n    try {\n      // 4.2\n      for (const operation of operations) {\n        // 4.2.1\n        if (operation.type !== 'delete' && operation.type !== 'put') {\n          throw webidl.errors.exception({\n            header: 'Cache.#batchCacheOperations',\n            message: 'operation type does not match \"delete\" or \"put\"'\n          })\n        }\n\n        // 4.2.2\n        if (operation.type === 'delete' && operation.response != null) {\n          throw webidl.errors.exception({\n            header: 'Cache.#batchCacheOperations',\n            message: 'delete operation should not have an associated response'\n          })\n        }\n\n        // 4.2.3\n        if (this.#queryCache(operation.request, operation.options, addedItems).length) {\n          throw new DOMException('???', 'InvalidStateError')\n        }\n\n        // 4.2.4\n        let requestResponses\n\n        // 4.2.5\n        if (operation.type === 'delete') {\n          // 4.2.5.1\n          requestResponses = this.#queryCache(operation.request, operation.options)\n\n          // TODO: the spec is wrong, this is needed to pass WPTs\n          if (requestResponses.length === 0) {\n            return []\n          }\n\n          // 4.2.5.2\n          for (const requestResponse of requestResponses) {\n            const idx = cache.indexOf(requestResponse)\n            assert(idx !== -1)\n\n            // 4.2.5.2.1\n            cache.splice(idx, 1)\n          }\n        } else if (operation.type === 'put') { // 4.2.6\n          // 4.2.6.1\n          if (operation.response == null) {\n            throw webidl.errors.exception({\n              header: 'Cache.#batchCacheOperations',\n              message: 'put operation should have an associated response'\n            })\n          }\n\n          // 4.2.6.2\n          const r = operation.request\n\n          // 4.2.6.3\n          if (!urlIsHttpHttpsScheme(r.url)) {\n            throw webidl.errors.exception({\n              header: 'Cache.#batchCacheOperations',\n              message: 'expected http or https scheme'\n            })\n          }\n\n          // 4.2.6.4\n          if (r.method !== 'GET') {\n            throw webidl.errors.exception({\n              header: 'Cache.#batchCacheOperations',\n              message: 'not get method'\n            })\n          }\n\n          // 4.2.6.5\n          if (operation.options != null) {\n            throw webidl.errors.exception({\n              header: 'Cache.#batchCacheOperations',\n              message: 'options must not be defined'\n            })\n          }\n\n          // 4.2.6.6\n          requestResponses = this.#queryCache(operation.request)\n\n          // 4.2.6.7\n          for (const requestResponse of requestResponses) {\n            const idx = cache.indexOf(requestResponse)\n            assert(idx !== -1)\n\n            // 4.2.6.7.1\n            cache.splice(idx, 1)\n          }\n\n          // 4.2.6.8\n          cache.push([operation.request, operation.response])\n\n          // 4.2.6.10\n          addedItems.push([operation.request, operation.response])\n        }\n\n        // 4.2.7\n        resultList.push([operation.request, operation.response])\n      }\n\n      // 4.3\n      return resultList\n    } catch (e) { // 5.\n      // 5.1\n      this.#relevantRequestResponseList.length = 0\n\n      // 5.2\n      this.#relevantRequestResponseList = backupCache\n\n      // 5.3\n      throw e\n    }\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#query-cache\n   * @param {any} requestQuery\n   * @param {import('../../types/cache').CacheQueryOptions} options\n   * @param {requestResponseList} targetStorage\n   * @returns {requestResponseList}\n   */\n  #queryCache (requestQuery, options, targetStorage) {\n    /** @type {requestResponseList} */\n    const resultList = []\n\n    const storage = targetStorage ?? this.#relevantRequestResponseList\n\n    for (const requestResponse of storage) {\n      const [cachedRequest, cachedResponse] = requestResponse\n      if (this.#requestMatchesCachedItem(requestQuery, cachedRequest, cachedResponse, options)) {\n        resultList.push(requestResponse)\n      }\n    }\n\n    return resultList\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#request-matches-cached-item-algorithm\n   * @param {any} requestQuery\n   * @param {any} request\n   * @param {any | null} response\n   * @param {import('../../types/cache').CacheQueryOptions | undefined} options\n   * @returns {boolean}\n   */\n  #requestMatchesCachedItem (requestQuery, request, response = null, options) {\n    // if (options?.ignoreMethod === false && request.method === 'GET') {\n    //   return false\n    // }\n\n    const queryURL = new URL(requestQuery.url)\n\n    const cachedURL = new URL(request.url)\n\n    if (options?.ignoreSearch) {\n      cachedURL.search = ''\n\n      queryURL.search = ''\n    }\n\n    if (!urlEquals(queryURL, cachedURL, true)) {\n      return false\n    }\n\n    if (\n      response == null ||\n      options?.ignoreVary ||\n      !response.headersList.contains('vary')\n    ) {\n      return true\n    }\n\n    const fieldValues = getFieldValues(response.headersList.get('vary'))\n\n    for (const fieldValue of fieldValues) {\n      if (fieldValue === '*') {\n        return false\n      }\n\n      const requestValue = request.headersList.get(fieldValue)\n      const queryValue = requestQuery.headersList.get(fieldValue)\n\n      // If one has the header and the other doesn't, or one has\n      // a different value than the other, return false\n      if (requestValue !== queryValue) {\n        return false\n      }\n    }\n\n    return true\n  }\n}\n\nObject.defineProperties(Cache.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'Cache',\n    configurable: true\n  },\n  match: kEnumerableProperty,\n  matchAll: kEnumerableProperty,\n  add: kEnumerableProperty,\n  addAll: kEnumerableProperty,\n  put: kEnumerableProperty,\n  delete: kEnumerableProperty,\n  keys: kEnumerableProperty\n})\n\nconst cacheQueryOptionConverters = [\n  {\n    key: 'ignoreSearch',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'ignoreMethod',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'ignoreVary',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  }\n]\n\nwebidl.converters.CacheQueryOptions = webidl.dictionaryConverter(cacheQueryOptionConverters)\n\nwebidl.converters.MultiCacheQueryOptions = webidl.dictionaryConverter([\n  ...cacheQueryOptionConverters,\n  {\n    key: 'cacheName',\n    converter: webidl.converters.DOMString\n  }\n])\n\nwebidl.converters.Response = webidl.interfaceConverter(Response)\n\nwebidl.converters['sequence<RequestInfo>'] = webidl.sequenceConverter(\n  webidl.converters.RequestInfo\n)\n\nmodule.exports = {\n  Cache\n}\n","'use strict'\n\nconst { kConstruct } = require('./symbols')\nconst { Cache } = require('./cache')\nconst { webidl } = require('../fetch/webidl')\nconst { kEnumerableProperty } = require('../core/util')\n\nclass CacheStorage {\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#dfn-relevant-name-to-cache-map\n   * @type {Map<string, import('./cache').requestResponseList}\n   */\n  #caches = new Map()\n\n  constructor () {\n    if (arguments[0] !== kConstruct) {\n      webidl.illegalConstructor()\n    }\n  }\n\n  async match (request, options = {}) {\n    webidl.brandCheck(this, CacheStorage)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'CacheStorage.match' })\n\n    request = webidl.converters.RequestInfo(request)\n    options = webidl.converters.MultiCacheQueryOptions(options)\n\n    // 1.\n    if (options.cacheName != null) {\n      // 1.1.1.1\n      if (this.#caches.has(options.cacheName)) {\n        // 1.1.1.1.1\n        const cacheList = this.#caches.get(options.cacheName)\n        const cache = new Cache(kConstruct, cacheList)\n\n        return await cache.match(request, options)\n      }\n    } else { // 2.\n      // 2.2\n      for (const cacheList of this.#caches.values()) {\n        const cache = new Cache(kConstruct, cacheList)\n\n        // 2.2.1.2\n        const response = await cache.match(request, options)\n\n        if (response !== undefined) {\n          return response\n        }\n      }\n    }\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#cache-storage-has\n   * @param {string} cacheName\n   * @returns {Promise<boolean>}\n   */\n  async has (cacheName) {\n    webidl.brandCheck(this, CacheStorage)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'CacheStorage.has' })\n\n    cacheName = webidl.converters.DOMString(cacheName)\n\n    // 2.1.1\n    // 2.2\n    return this.#caches.has(cacheName)\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#dom-cachestorage-open\n   * @param {string} cacheName\n   * @returns {Promise<Cache>}\n   */\n  async open (cacheName) {\n    webidl.brandCheck(this, CacheStorage)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'CacheStorage.open' })\n\n    cacheName = webidl.converters.DOMString(cacheName)\n\n    // 2.1\n    if (this.#caches.has(cacheName)) {\n      // await caches.open('v1') !== await caches.open('v1')\n\n      // 2.1.1\n      const cache = this.#caches.get(cacheName)\n\n      // 2.1.1.1\n      return new Cache(kConstruct, cache)\n    }\n\n    // 2.2\n    const cache = []\n\n    // 2.3\n    this.#caches.set(cacheName, cache)\n\n    // 2.4\n    return new Cache(kConstruct, cache)\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#cache-storage-delete\n   * @param {string} cacheName\n   * @returns {Promise<boolean>}\n   */\n  async delete (cacheName) {\n    webidl.brandCheck(this, CacheStorage)\n    webidl.argumentLengthCheck(arguments, 1, { header: 'CacheStorage.delete' })\n\n    cacheName = webidl.converters.DOMString(cacheName)\n\n    return this.#caches.delete(cacheName)\n  }\n\n  /**\n   * @see https://w3c.github.io/ServiceWorker/#cache-storage-keys\n   * @returns {string[]}\n   */\n  async keys () {\n    webidl.brandCheck(this, CacheStorage)\n\n    // 2.1\n    const keys = this.#caches.keys()\n\n    // 2.2\n    return [...keys]\n  }\n}\n\nObject.defineProperties(CacheStorage.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'CacheStorage',\n    configurable: true\n  },\n  match: kEnumerableProperty,\n  has: kEnumerableProperty,\n  open: kEnumerableProperty,\n  delete: kEnumerableProperty,\n  keys: kEnumerableProperty\n})\n\nmodule.exports = {\n  CacheStorage\n}\n","'use strict'\n\nmodule.exports = {\n  kConstruct: require('../core/symbols').kConstruct\n}\n","'use strict'\n\nconst assert = require('assert')\nconst { URLSerializer } = require('../fetch/dataURL')\nconst { isValidHeaderName } = require('../fetch/util')\n\n/**\n * @see https://url.spec.whatwg.org/#concept-url-equals\n * @param {URL} A\n * @param {URL} B\n * @param {boolean | undefined} excludeFragment\n * @returns {boolean}\n */\nfunction urlEquals (A, B, excludeFragment = false) {\n  const serializedA = URLSerializer(A, excludeFragment)\n\n  const serializedB = URLSerializer(B, excludeFragment)\n\n  return serializedA === serializedB\n}\n\n/**\n * @see https://github.com/chromium/chromium/blob/694d20d134cb553d8d89e5500b9148012b1ba299/content/browser/cache_storage/cache_storage_cache.cc#L260-L262\n * @param {string} header\n */\nfunction fieldValues (header) {\n  assert(header !== null)\n\n  const values = []\n\n  for (let value of header.split(',')) {\n    value = value.trim()\n\n    if (!value.length) {\n      continue\n    } else if (!isValidHeaderName(value)) {\n      continue\n    }\n\n    values.push(value)\n  }\n\n  return values\n}\n\nmodule.exports = {\n  urlEquals,\n  fieldValues\n}\n","// @ts-check\n\n'use strict'\n\n/* global WebAssembly */\n\nconst assert = require('assert')\nconst net = require('net')\nconst http = require('http')\nconst { pipeline } = require('stream')\nconst util = require('./core/util')\nconst timers = require('./timers')\nconst Request = require('./core/request')\nconst DispatcherBase = require('./dispatcher-base')\nconst {\n  RequestContentLengthMismatchError,\n  ResponseContentLengthMismatchError,\n  InvalidArgumentError,\n  RequestAbortedError,\n  HeadersTimeoutError,\n  HeadersOverflowError,\n  SocketError,\n  InformationalError,\n  BodyTimeoutError,\n  HTTPParserError,\n  ResponseExceededMaxSizeError,\n  ClientDestroyedError\n} = require('./core/errors')\nconst buildConnector = require('./core/connect')\nconst {\n  kUrl,\n  kReset,\n  kServerName,\n  kClient,\n  kBusy,\n  kParser,\n  kConnect,\n  kBlocking,\n  kResuming,\n  kRunning,\n  kPending,\n  kSize,\n  kWriting,\n  kQueue,\n  kConnected,\n  kConnecting,\n  kNeedDrain,\n  kNoRef,\n  kKeepAliveDefaultTimeout,\n  kHostHeader,\n  kPendingIdx,\n  kRunningIdx,\n  kError,\n  kPipelining,\n  kSocket,\n  kKeepAliveTimeoutValue,\n  kMaxHeadersSize,\n  kKeepAliveMaxTimeout,\n  kKeepAliveTimeoutThreshold,\n  kHeadersTimeout,\n  kBodyTimeout,\n  kStrictContentLength,\n  kConnector,\n  kMaxRedirections,\n  kMaxRequests,\n  kCounter,\n  kClose,\n  kDestroy,\n  kDispatch,\n  kInterceptors,\n  kLocalAddress,\n  kMaxResponseSize,\n  kHTTPConnVersion,\n  // HTTP2\n  kHost,\n  kHTTP2Session,\n  kHTTP2SessionState,\n  kHTTP2BuildRequest,\n  kHTTP2CopyHeaders,\n  kHTTP1BuildRequest\n} = require('./core/symbols')\n\n/** @type {import('http2')} */\nlet http2\ntry {\n  http2 = require('http2')\n} catch {\n  // @ts-ignore\n  http2 = { constants: {} }\n}\n\nconst {\n  constants: {\n    HTTP2_HEADER_AUTHORITY,\n    HTTP2_HEADER_METHOD,\n    HTTP2_HEADER_PATH,\n    HTTP2_HEADER_SCHEME,\n    HTTP2_HEADER_CONTENT_LENGTH,\n    HTTP2_HEADER_EXPECT,\n    HTTP2_HEADER_STATUS\n  }\n} = http2\n\n// Experimental\nlet h2ExperimentalWarned = false\n\nconst FastBuffer = Buffer[Symbol.species]\n\nconst kClosedResolve = Symbol('kClosedResolve')\n\nconst channels = {}\n\ntry {\n  const diagnosticsChannel = require('diagnostics_channel')\n  channels.sendHeaders = diagnosticsChannel.channel('undici:client:sendHeaders')\n  channels.beforeConnect = diagnosticsChannel.channel('undici:client:beforeConnect')\n  channels.connectError = diagnosticsChannel.channel('undici:client:connectError')\n  channels.connected = diagnosticsChannel.channel('undici:client:connected')\n} catch {\n  channels.sendHeaders = { hasSubscribers: false }\n  channels.beforeConnect = { hasSubscribers: false }\n  channels.connectError = { hasSubscribers: false }\n  channels.connected = { hasSubscribers: false }\n}\n\n/**\n * @type {import('../types/client').default}\n */\nclass Client extends DispatcherBase {\n  /**\n   *\n   * @param {string|URL} url\n   * @param {import('../types/client').Client.Options} options\n   */\n  constructor (url, {\n    interceptors,\n    maxHeaderSize,\n    headersTimeout,\n    socketTimeout,\n    requestTimeout,\n    connectTimeout,\n    bodyTimeout,\n    idleTimeout,\n    keepAlive,\n    keepAliveTimeout,\n    maxKeepAliveTimeout,\n    keepAliveMaxTimeout,\n    keepAliveTimeoutThreshold,\n    socketPath,\n    pipelining,\n    tls,\n    strictContentLength,\n    maxCachedSessions,\n    maxRedirections,\n    connect,\n    maxRequestsPerClient,\n    localAddress,\n    maxResponseSize,\n    autoSelectFamily,\n    autoSelectFamilyAttemptTimeout,\n    // h2\n    allowH2,\n    maxConcurrentStreams\n  } = {}) {\n    super()\n\n    if (keepAlive !== undefined) {\n      throw new InvalidArgumentError('unsupported keepAlive, use pipelining=0 instead')\n    }\n\n    if (socketTimeout !== undefined) {\n      throw new InvalidArgumentError('unsupported socketTimeout, use headersTimeout & bodyTimeout instead')\n    }\n\n    if (requestTimeout !== undefined) {\n      throw new InvalidArgumentError('unsupported requestTimeout, use headersTimeout & bodyTimeout instead')\n    }\n\n    if (idleTimeout !== undefined) {\n      throw new InvalidArgumentError('unsupported idleTimeout, use keepAliveTimeout instead')\n    }\n\n    if (maxKeepAliveTimeout !== undefined) {\n      throw new InvalidArgumentError('unsupported maxKeepAliveTimeout, use keepAliveMaxTimeout instead')\n    }\n\n    if (maxHeaderSize != null && !Number.isFinite(maxHeaderSize)) {\n      throw new InvalidArgumentError('invalid maxHeaderSize')\n    }\n\n    if (socketPath != null && typeof socketPath !== 'string') {\n      throw new InvalidArgumentError('invalid socketPath')\n    }\n\n    if (connectTimeout != null && (!Number.isFinite(connectTimeout) || connectTimeout < 0)) {\n      throw new InvalidArgumentError('invalid connectTimeout')\n    }\n\n    if (keepAliveTimeout != null && (!Number.isFinite(keepAliveTimeout) || keepAliveTimeout <= 0)) {\n      throw new InvalidArgumentError('invalid keepAliveTimeout')\n    }\n\n    if (keepAliveMaxTimeout != null && (!Number.isFinite(keepAliveMaxTimeout) || keepAliveMaxTimeout <= 0)) {\n      throw new InvalidArgumentError('invalid keepAliveMaxTimeout')\n    }\n\n    if (keepAliveTimeoutThreshold != null && !Number.isFinite(keepAliveTimeoutThreshold)) {\n      throw new InvalidArgumentError('invalid keepAliveTimeoutThreshold')\n    }\n\n    if (headersTimeout != null && (!Number.isInteger(headersTimeout) || headersTimeout < 0)) {\n      throw new InvalidArgumentError('headersTimeout must be a positive integer or zero')\n    }\n\n    if (bodyTimeout != null && (!Number.isInteger(bodyTimeout) || bodyTimeout < 0)) {\n      throw new InvalidArgumentError('bodyTimeout must be a positive integer or zero')\n    }\n\n    if (connect != null && typeof connect !== 'function' && typeof connect !== 'object') {\n      throw new InvalidArgumentError('connect must be a function or an object')\n    }\n\n    if (maxRedirections != null && (!Number.isInteger(maxRedirections) || maxRedirections < 0)) {\n      throw new InvalidArgumentError('maxRedirections must be a positive number')\n    }\n\n    if (maxRequestsPerClient != null && (!Number.isInteger(maxRequestsPerClient) || maxRequestsPerClient < 0)) {\n      throw new InvalidArgumentError('maxRequestsPerClient must be a positive number')\n    }\n\n    if (localAddress != null && (typeof localAddress !== 'string' || net.isIP(localAddress) === 0)) {\n      throw new InvalidArgumentError('localAddress must be valid string IP address')\n    }\n\n    if (maxResponseSize != null && (!Number.isInteger(maxResponseSize) || maxResponseSize < -1)) {\n      throw new InvalidArgumentError('maxResponseSize must be a positive number')\n    }\n\n    if (\n      autoSelectFamilyAttemptTimeout != null &&\n      (!Number.isInteger(autoSelectFamilyAttemptTimeout) || autoSelectFamilyAttemptTimeout < -1)\n    ) {\n      throw new InvalidArgumentError('autoSelectFamilyAttemptTimeout must be a positive number')\n    }\n\n    // h2\n    if (allowH2 != null && typeof allowH2 !== 'boolean') {\n      throw new InvalidArgumentError('allowH2 must be a valid boolean value')\n    }\n\n    if (maxConcurrentStreams != null && (typeof maxConcurrentStreams !== 'number' || maxConcurrentStreams < 1)) {\n      throw new InvalidArgumentError('maxConcurrentStreams must be a possitive integer, greater than 0')\n    }\n\n    if (typeof connect !== 'function') {\n      connect = buildConnector({\n        ...tls,\n        maxCachedSessions,\n        allowH2,\n        socketPath,\n        timeout: connectTimeout,\n        ...(util.nodeHasAutoSelectFamily && autoSelectFamily ? { autoSelectFamily, autoSelectFamilyAttemptTimeout } : undefined),\n        ...connect\n      })\n    }\n\n    this[kInterceptors] = interceptors && interceptors.Client && Array.isArray(interceptors.Client)\n      ? interceptors.Client\n      : [createRedirectInterceptor({ maxRedirections })]\n    this[kUrl] = util.parseOrigin(url)\n    this[kConnector] = connect\n    this[kSocket] = null\n    this[kPipelining] = pipelining != null ? pipelining : 1\n    this[kMaxHeadersSize] = maxHeaderSize || http.maxHeaderSize\n    this[kKeepAliveDefaultTimeout] = keepAliveTimeout == null ? 4e3 : keepAliveTimeout\n    this[kKeepAliveMaxTimeout] = keepAliveMaxTimeout == null ? 600e3 : keepAliveMaxTimeout\n    this[kKeepAliveTimeoutThreshold] = keepAliveTimeoutThreshold == null ? 1e3 : keepAliveTimeoutThreshold\n    this[kKeepAliveTimeoutValue] = this[kKeepAliveDefaultTimeout]\n    this[kServerName] = null\n    this[kLocalAddress] = localAddress != null ? localAddress : null\n    this[kResuming] = 0 // 0, idle, 1, scheduled, 2 resuming\n    this[kNeedDrain] = 0 // 0, idle, 1, scheduled, 2 resuming\n    this[kHostHeader] = `host: ${this[kUrl].hostname}${this[kUrl].port ? `:${this[kUrl].port}` : ''}\\r\\n`\n    this[kBodyTimeout] = bodyTimeout != null ? bodyTimeout : 300e3\n    this[kHeadersTimeout] = headersTimeout != null ? headersTimeout : 300e3\n    this[kStrictContentLength] = strictContentLength == null ? true : strictContentLength\n    this[kMaxRedirections] = maxRedirections\n    this[kMaxRequests] = maxRequestsPerClient\n    this[kClosedResolve] = null\n    this[kMaxResponseSize] = maxResponseSize > -1 ? maxResponseSize : -1\n    this[kHTTPConnVersion] = 'h1'\n\n    // HTTP/2\n    this[kHTTP2Session] = null\n    this[kHTTP2SessionState] = !allowH2\n      ? null\n      : {\n        // streams: null, // Fixed queue of streams - For future support of `push`\n          openStreams: 0, // Keep track of them to decide wether or not unref the session\n          maxConcurrentStreams: maxConcurrentStreams != null ? maxConcurrentStreams : 100 // Max peerConcurrentStreams for a Node h2 server\n        }\n    this[kHost] = `${this[kUrl].hostname}${this[kUrl].port ? `:${this[kUrl].port}` : ''}`\n\n    // kQueue is built up of 3 sections separated by\n    // the kRunningIdx and kPendingIdx indices.\n    // |   complete   |   running   |   pending   |\n    //                ^ kRunningIdx ^ kPendingIdx ^ kQueue.length\n    // kRunningIdx points to the first running element.\n    // kPendingIdx points to the first pending element.\n    // This implements a fast queue with an amortized\n    // time of O(1).\n\n    this[kQueue] = []\n    this[kRunningIdx] = 0\n    this[kPendingIdx] = 0\n  }\n\n  get pipelining () {\n    return this[kPipelining]\n  }\n\n  set pipelining (value) {\n    this[kPipelining] = value\n    resume(this, true)\n  }\n\n  get [kPending] () {\n    return this[kQueue].length - this[kPendingIdx]\n  }\n\n  get [kRunning] () {\n    return this[kPendingIdx] - this[kRunningIdx]\n  }\n\n  get [kSize] () {\n    return this[kQueue].length - this[kRunningIdx]\n  }\n\n  get [kConnected] () {\n    return !!this[kSocket] && !this[kConnecting] && !this[kSocket].destroyed\n  }\n\n  get [kBusy] () {\n    const socket = this[kSocket]\n    return (\n      (socket && (socket[kReset] || socket[kWriting] || socket[kBlocking])) ||\n      (this[kSize] >= (this[kPipelining] || 1)) ||\n      this[kPending] > 0\n    )\n  }\n\n  /* istanbul ignore: only used for test */\n  [kConnect] (cb) {\n    connect(this)\n    this.once('connect', cb)\n  }\n\n  [kDispatch] (opts, handler) {\n    const origin = opts.origin || this[kUrl].origin\n\n    const request = this[kHTTPConnVersion] === 'h2'\n      ? Request[kHTTP2BuildRequest](origin, opts, handler)\n      : Request[kHTTP1BuildRequest](origin, opts, handler)\n\n    this[kQueue].push(request)\n    if (this[kResuming]) {\n      // Do nothing.\n    } else if (util.bodyLength(request.body) == null && util.isIterable(request.body)) {\n      // Wait a tick in case stream/iterator is ended in the same tick.\n      this[kResuming] = 1\n      process.nextTick(resume, this)\n    } else {\n      resume(this, true)\n    }\n\n    if (this[kResuming] && this[kNeedDrain] !== 2 && this[kBusy]) {\n      this[kNeedDrain] = 2\n    }\n\n    return this[kNeedDrain] < 2\n  }\n\n  async [kClose] () {\n    // TODO: for H2 we need to gracefully flush the remaining enqueued\n    // request and close each stream.\n    return new Promise((resolve) => {\n      if (!this[kSize]) {\n        resolve(null)\n      } else {\n        this[kClosedResolve] = resolve\n      }\n    })\n  }\n\n  async [kDestroy] (err) {\n    return new Promise((resolve) => {\n      const requests = this[kQueue].splice(this[kPendingIdx])\n      for (let i = 0; i < requests.length; i++) {\n        const request = requests[i]\n        errorRequest(this, request, err)\n      }\n\n      const callback = () => {\n        if (this[kClosedResolve]) {\n          // TODO (fix): Should we error here with ClientDestroyedError?\n          this[kClosedResolve]()\n          this[kClosedResolve] = null\n        }\n        resolve()\n      }\n\n      if (this[kHTTP2Session] != null) {\n        util.destroy(this[kHTTP2Session], err)\n        this[kHTTP2Session] = null\n        this[kHTTP2SessionState] = null\n      }\n\n      if (!this[kSocket]) {\n        queueMicrotask(callback)\n      } else {\n        util.destroy(this[kSocket].on('close', callback), err)\n      }\n\n      resume(this)\n    })\n  }\n}\n\nfunction onHttp2SessionError (err) {\n  assert(err.code !== 'ERR_TLS_CERT_ALTNAME_INVALID')\n\n  this[kSocket][kError] = err\n\n  onError(this[kClient], err)\n}\n\nfunction onHttp2FrameError (type, code, id) {\n  const err = new InformationalError(`HTTP/2: \"frameError\" received - type ${type}, code ${code}`)\n\n  if (id === 0) {\n    this[kSocket][kError] = err\n    onError(this[kClient], err)\n  }\n}\n\nfunction onHttp2SessionEnd () {\n  util.destroy(this, new SocketError('other side closed'))\n  util.destroy(this[kSocket], new SocketError('other side closed'))\n}\n\nfunction onHTTP2GoAway (code) {\n  const client = this[kClient]\n  const err = new InformationalError(`HTTP/2: \"GOAWAY\" frame received with code ${code}`)\n  client[kSocket] = null\n  client[kHTTP2Session] = null\n\n  if (client.destroyed) {\n    assert(this[kPending] === 0)\n\n    // Fail entire queue.\n    const requests = client[kQueue].splice(client[kRunningIdx])\n    for (let i = 0; i < requests.length; i++) {\n      const request = requests[i]\n      errorRequest(this, request, err)\n    }\n  } else if (client[kRunning] > 0) {\n    // Fail head of pipeline.\n    const request = client[kQueue][client[kRunningIdx]]\n    client[kQueue][client[kRunningIdx]++] = null\n\n    errorRequest(client, request, err)\n  }\n\n  client[kPendingIdx] = client[kRunningIdx]\n\n  assert(client[kRunning] === 0)\n\n  client.emit('disconnect',\n    client[kUrl],\n    [client],\n    err\n  )\n\n  resume(client)\n}\n\nconst constants = require('./llhttp/constants')\nconst createRedirectInterceptor = require('./interceptor/redirectInterceptor')\nconst EMPTY_BUF = Buffer.alloc(0)\n\nasync function lazyllhttp () {\n  const llhttpWasmData = process.env.JEST_WORKER_ID ? require('./llhttp/llhttp-wasm.js') : undefined\n\n  let mod\n  try {\n    mod = await WebAssembly.compile(Buffer.from(require('./llhttp/llhttp_simd-wasm.js'), 'base64'))\n  } catch (e) {\n    /* istanbul ignore next */\n\n    // We could check if the error was caused by the simd option not\n    // being enabled, but the occurring of this other error\n    // * https://github.com/emscripten-core/emscripten/issues/11495\n    // got me to remove that check to avoid breaking Node 12.\n    mod = await WebAssembly.compile(Buffer.from(llhttpWasmData || require('./llhttp/llhttp-wasm.js'), 'base64'))\n  }\n\n  return await WebAssembly.instantiate(mod, {\n    env: {\n      /* eslint-disable camelcase */\n\n      wasm_on_url: (p, at, len) => {\n        /* istanbul ignore next */\n        return 0\n      },\n      wasm_on_status: (p, at, len) => {\n        assert.strictEqual(currentParser.ptr, p)\n        const start = at - currentBufferPtr + currentBufferRef.byteOffset\n        return currentParser.onStatus(new FastBuffer(currentBufferRef.buffer, start, len)) || 0\n      },\n      wasm_on_message_begin: (p) => {\n        assert.strictEqual(currentParser.ptr, p)\n        return currentParser.onMessageBegin() || 0\n      },\n      wasm_on_header_field: (p, at, len) => {\n        assert.strictEqual(currentParser.ptr, p)\n        const start = at - currentBufferPtr + currentBufferRef.byteOffset\n        return currentParser.onHeaderField(new FastBuffer(currentBufferRef.buffer, start, len)) || 0\n      },\n      wasm_on_header_value: (p, at, len) => {\n        assert.strictEqual(currentParser.ptr, p)\n        const start = at - currentBufferPtr + currentBufferRef.byteOffset\n        return currentParser.onHeaderValue(new FastBuffer(currentBufferRef.buffer, start, len)) || 0\n      },\n      wasm_on_headers_complete: (p, statusCode, upgrade, shouldKeepAlive) => {\n        assert.strictEqual(currentParser.ptr, p)\n        return currentParser.onHeadersComplete(statusCode, Boolean(upgrade), Boolean(shouldKeepAlive)) || 0\n      },\n      wasm_on_body: (p, at, len) => {\n        assert.strictEqual(currentParser.ptr, p)\n        const start = at - currentBufferPtr + currentBufferRef.byteOffset\n        return currentParser.onBody(new FastBuffer(currentBufferRef.buffer, start, len)) || 0\n      },\n      wasm_on_message_complete: (p) => {\n        assert.strictEqual(currentParser.ptr, p)\n        return currentParser.onMessageComplete() || 0\n      }\n\n      /* eslint-enable camelcase */\n    }\n  })\n}\n\nlet llhttpInstance = null\nlet llhttpPromise = lazyllhttp()\nllhttpPromise.catch()\n\nlet currentParser = null\nlet currentBufferRef = null\nlet currentBufferSize = 0\nlet currentBufferPtr = null\n\nconst TIMEOUT_HEADERS = 1\nconst TIMEOUT_BODY = 2\nconst TIMEOUT_IDLE = 3\n\nclass Parser {\n  constructor (client, socket, { exports }) {\n    assert(Number.isFinite(client[kMaxHeadersSize]) && client[kMaxHeadersSize] > 0)\n\n    this.llhttp = exports\n    this.ptr = this.llhttp.llhttp_alloc(constants.TYPE.RESPONSE)\n    this.client = client\n    this.socket = socket\n    this.timeout = null\n    this.timeoutValue = null\n    this.timeoutType = null\n    this.statusCode = null\n    this.statusText = ''\n    this.upgrade = false\n    this.headers = []\n    this.headersSize = 0\n    this.headersMaxSize = client[kMaxHeadersSize]\n    this.shouldKeepAlive = false\n    this.paused = false\n    this.resume = this.resume.bind(this)\n\n    this.bytesRead = 0\n\n    this.keepAlive = ''\n    this.contentLength = ''\n    this.connection = ''\n    this.maxResponseSize = client[kMaxResponseSize]\n  }\n\n  setTimeout (value, type) {\n    this.timeoutType = type\n    if (value !== this.timeoutValue) {\n      timers.clearTimeout(this.timeout)\n      if (value) {\n        this.timeout = timers.setTimeout(onParserTimeout, value, this)\n        // istanbul ignore else: only for jest\n        if (this.timeout.unref) {\n          this.timeout.unref()\n        }\n      } else {\n        this.timeout = null\n      }\n      this.timeoutValue = value\n    } else if (this.timeout) {\n      // istanbul ignore else: only for jest\n      if (this.timeout.refresh) {\n        this.timeout.refresh()\n      }\n    }\n  }\n\n  resume () {\n    if (this.socket.destroyed || !this.paused) {\n      return\n    }\n\n    assert(this.ptr != null)\n    assert(currentParser == null)\n\n    this.llhttp.llhttp_resume(this.ptr)\n\n    assert(this.timeoutType === TIMEOUT_BODY)\n    if (this.timeout) {\n      // istanbul ignore else: only for jest\n      if (this.timeout.refresh) {\n        this.timeout.refresh()\n      }\n    }\n\n    this.paused = false\n    this.execute(this.socket.read() || EMPTY_BUF) // Flush parser.\n    this.readMore()\n  }\n\n  readMore () {\n    while (!this.paused && this.ptr) {\n      const chunk = this.socket.read()\n      if (chunk === null) {\n        break\n      }\n      this.execute(chunk)\n    }\n  }\n\n  execute (data) {\n    assert(this.ptr != null)\n    assert(currentParser == null)\n    assert(!this.paused)\n\n    const { socket, llhttp } = this\n\n    if (data.length > currentBufferSize) {\n      if (currentBufferPtr) {\n        llhttp.free(currentBufferPtr)\n      }\n      currentBufferSize = Math.ceil(data.length / 4096) * 4096\n      currentBufferPtr = llhttp.malloc(currentBufferSize)\n    }\n\n    new Uint8Array(llhttp.memory.buffer, currentBufferPtr, currentBufferSize).set(data)\n\n    // Call `execute` on the wasm parser.\n    // We pass the `llhttp_parser` pointer address, the pointer address of buffer view data,\n    // and finally the length of bytes to parse.\n    // The return value is an error code or `constants.ERROR.OK`.\n    try {\n      let ret\n\n      try {\n        currentBufferRef = data\n        currentParser = this\n        ret = llhttp.llhttp_execute(this.ptr, currentBufferPtr, data.length)\n        /* eslint-disable-next-line no-useless-catch */\n      } catch (err) {\n        /* istanbul ignore next: difficult to make a test case for */\n        throw err\n      } finally {\n        currentParser = null\n        currentBufferRef = null\n      }\n\n      const offset = llhttp.llhttp_get_error_pos(this.ptr) - currentBufferPtr\n\n      if (ret === constants.ERROR.PAUSED_UPGRADE) {\n        this.onUpgrade(data.slice(offset))\n      } else if (ret === constants.ERROR.PAUSED) {\n        this.paused = true\n        socket.unshift(data.slice(offset))\n      } else if (ret !== constants.ERROR.OK) {\n        const ptr = llhttp.llhttp_get_error_reason(this.ptr)\n        let message = ''\n        /* istanbul ignore else: difficult to make a test case for */\n        if (ptr) {\n          const len = new Uint8Array(llhttp.memory.buffer, ptr).indexOf(0)\n          message =\n            'Response does not match the HTTP/1.1 protocol (' +\n            Buffer.from(llhttp.memory.buffer, ptr, len).toString() +\n            ')'\n        }\n        throw new HTTPParserError(message, constants.ERROR[ret], data.slice(offset))\n      }\n    } catch (err) {\n      util.destroy(socket, err)\n    }\n  }\n\n  destroy () {\n    assert(this.ptr != null)\n    assert(currentParser == null)\n\n    this.llhttp.llhttp_free(this.ptr)\n    this.ptr = null\n\n    timers.clearTimeout(this.timeout)\n    this.timeout = null\n    this.timeoutValue = null\n    this.timeoutType = null\n\n    this.paused = false\n  }\n\n  onStatus (buf) {\n    this.statusText = buf.toString()\n  }\n\n  onMessageBegin () {\n    const { socket, client } = this\n\n    /* istanbul ignore next: difficult to make a test case for */\n    if (socket.destroyed) {\n      return -1\n    }\n\n    const request = client[kQueue][client[kRunningIdx]]\n    if (!request) {\n      return -1\n    }\n  }\n\n  onHeaderField (buf) {\n    const len = this.headers.length\n\n    if ((len & 1) === 0) {\n      this.headers.push(buf)\n    } else {\n      this.headers[len - 1] = Buffer.concat([this.headers[len - 1], buf])\n    }\n\n    this.trackHeader(buf.length)\n  }\n\n  onHeaderValue (buf) {\n    let len = this.headers.length\n\n    if ((len & 1) === 1) {\n      this.headers.push(buf)\n      len += 1\n    } else {\n      this.headers[len - 1] = Buffer.concat([this.headers[len - 1], buf])\n    }\n\n    const key = this.headers[len - 2]\n    if (key.length === 10 && key.toString().toLowerCase() === 'keep-alive') {\n      this.keepAlive += buf.toString()\n    } else if (key.length === 10 && key.toString().toLowerCase() === 'connection') {\n      this.connection += buf.toString()\n    } else if (key.length === 14 && key.toString().toLowerCase() === 'content-length') {\n      this.contentLength += buf.toString()\n    }\n\n    this.trackHeader(buf.length)\n  }\n\n  trackHeader (len) {\n    this.headersSize += len\n    if (this.headersSize >= this.headersMaxSize) {\n      util.destroy(this.socket, new HeadersOverflowError())\n    }\n  }\n\n  onUpgrade (head) {\n    const { upgrade, client, socket, headers, statusCode } = this\n\n    assert(upgrade)\n\n    const request = client[kQueue][client[kRunningIdx]]\n    assert(request)\n\n    assert(!socket.destroyed)\n    assert(socket === client[kSocket])\n    assert(!this.paused)\n    assert(request.upgrade || request.method === 'CONNECT')\n\n    this.statusCode = null\n    this.statusText = ''\n    this.shouldKeepAlive = null\n\n    assert(this.headers.length % 2 === 0)\n    this.headers = []\n    this.headersSize = 0\n\n    socket.unshift(head)\n\n    socket[kParser].destroy()\n    socket[kParser] = null\n\n    socket[kClient] = null\n    socket[kError] = null\n    socket\n      .removeListener('error', onSocketError)\n      .removeListener('readable', onSocketReadable)\n      .removeListener('end', onSocketEnd)\n      .removeListener('close', onSocketClose)\n\n    client[kSocket] = null\n    client[kQueue][client[kRunningIdx]++] = null\n    client.emit('disconnect', client[kUrl], [client], new InformationalError('upgrade'))\n\n    try {\n      request.onUpgrade(statusCode, headers, socket)\n    } catch (err) {\n      util.destroy(socket, err)\n    }\n\n    resume(client)\n  }\n\n  onHeadersComplete (statusCode, upgrade, shouldKeepAlive) {\n    const { client, socket, headers, statusText } = this\n\n    /* istanbul ignore next: difficult to make a test case for */\n    if (socket.destroyed) {\n      return -1\n    }\n\n    const request = client[kQueue][client[kRunningIdx]]\n\n    /* istanbul ignore next: difficult to make a test case for */\n    if (!request) {\n      return -1\n    }\n\n    assert(!this.upgrade)\n    assert(this.statusCode < 200)\n\n    if (statusCode === 100) {\n      util.destroy(socket, new SocketError('bad response', util.getSocketInfo(socket)))\n      return -1\n    }\n\n    /* this can only happen if server is misbehaving */\n    if (upgrade && !request.upgrade) {\n      util.destroy(socket, new SocketError('bad upgrade', util.getSocketInfo(socket)))\n      return -1\n    }\n\n    assert.strictEqual(this.timeoutType, TIMEOUT_HEADERS)\n\n    this.statusCode = statusCode\n    this.shouldKeepAlive = (\n      shouldKeepAlive ||\n      // Override llhttp value which does not allow keepAlive for HEAD.\n      (request.method === 'HEAD' && !socket[kReset] && this.connection.toLowerCase() === 'keep-alive')\n    )\n\n    if (this.statusCode >= 200) {\n      const bodyTimeout = request.bodyTimeout != null\n        ? request.bodyTimeout\n        : client[kBodyTimeout]\n      this.setTimeout(bodyTimeout, TIMEOUT_BODY)\n    } else if (this.timeout) {\n      // istanbul ignore else: only for jest\n      if (this.timeout.refresh) {\n        this.timeout.refresh()\n      }\n    }\n\n    if (request.method === 'CONNECT') {\n      assert(client[kRunning] === 1)\n      this.upgrade = true\n      return 2\n    }\n\n    if (upgrade) {\n      assert(client[kRunning] === 1)\n      this.upgrade = true\n      return 2\n    }\n\n    assert(this.headers.length % 2 === 0)\n    this.headers = []\n    this.headersSize = 0\n\n    if (this.shouldKeepAlive && client[kPipelining]) {\n      const keepAliveTimeout = this.keepAlive ? util.parseKeepAliveTimeout(this.keepAlive) : null\n\n      if (keepAliveTimeout != null) {\n        const timeout = Math.min(\n          keepAliveTimeout - client[kKeepAliveTimeoutThreshold],\n          client[kKeepAliveMaxTimeout]\n        )\n        if (timeout <= 0) {\n          socket[kReset] = true\n        } else {\n          client[kKeepAliveTimeoutValue] = timeout\n        }\n      } else {\n        client[kKeepAliveTimeoutValue] = client[kKeepAliveDefaultTimeout]\n      }\n    } else {\n      // Stop more requests from being dispatched.\n      socket[kReset] = true\n    }\n\n    const pause = request.onHeaders(statusCode, headers, this.resume, statusText) === false\n\n    if (request.aborted) {\n      return -1\n    }\n\n    if (request.method === 'HEAD') {\n      return 1\n    }\n\n    if (statusCode < 200) {\n      return 1\n    }\n\n    if (socket[kBlocking]) {\n      socket[kBlocking] = false\n      resume(client)\n    }\n\n    return pause ? constants.ERROR.PAUSED : 0\n  }\n\n  onBody (buf) {\n    const { client, socket, statusCode, maxResponseSize } = this\n\n    if (socket.destroyed) {\n      return -1\n    }\n\n    const request = client[kQueue][client[kRunningIdx]]\n    assert(request)\n\n    assert.strictEqual(this.timeoutType, TIMEOUT_BODY)\n    if (this.timeout) {\n      // istanbul ignore else: only for jest\n      if (this.timeout.refresh) {\n        this.timeout.refresh()\n      }\n    }\n\n    assert(statusCode >= 200)\n\n    if (maxResponseSize > -1 && this.bytesRead + buf.length > maxResponseSize) {\n      util.destroy(socket, new ResponseExceededMaxSizeError())\n      return -1\n    }\n\n    this.bytesRead += buf.length\n\n    if (request.onData(buf) === false) {\n      return constants.ERROR.PAUSED\n    }\n  }\n\n  onMessageComplete () {\n    const { client, socket, statusCode, upgrade, headers, contentLength, bytesRead, shouldKeepAlive } = this\n\n    if (socket.destroyed && (!statusCode || shouldKeepAlive)) {\n      return -1\n    }\n\n    if (upgrade) {\n      return\n    }\n\n    const request = client[kQueue][client[kRunningIdx]]\n    assert(request)\n\n    assert(statusCode >= 100)\n\n    this.statusCode = null\n    this.statusText = ''\n    this.bytesRead = 0\n    this.contentLength = ''\n    this.keepAlive = ''\n    this.connection = ''\n\n    assert(this.headers.length % 2 === 0)\n    this.headers = []\n    this.headersSize = 0\n\n    if (statusCode < 200) {\n      return\n    }\n\n    /* istanbul ignore next: should be handled by llhttp? */\n    if (request.method !== 'HEAD' && contentLength && bytesRead !== parseInt(contentLength, 10)) {\n      util.destroy(socket, new ResponseContentLengthMismatchError())\n      return -1\n    }\n\n    request.onComplete(headers)\n\n    client[kQueue][client[kRunningIdx]++] = null\n\n    if (socket[kWriting]) {\n      assert.strictEqual(client[kRunning], 0)\n      // Response completed before request.\n      util.destroy(socket, new InformationalError('reset'))\n      return constants.ERROR.PAUSED\n    } else if (!shouldKeepAlive) {\n      util.destroy(socket, new InformationalError('reset'))\n      return constants.ERROR.PAUSED\n    } else if (socket[kReset] && client[kRunning] === 0) {\n      // Destroy socket once all requests have completed.\n      // The request at the tail of the pipeline is the one\n      // that requested reset and no further requests should\n      // have been queued since then.\n      util.destroy(socket, new InformationalError('reset'))\n      return constants.ERROR.PAUSED\n    } else if (client[kPipelining] === 1) {\n      // We must wait a full event loop cycle to reuse this socket to make sure\n      // that non-spec compliant servers are not closing the connection even if they\n      // said they won't.\n      setImmediate(resume, client)\n    } else {\n      resume(client)\n    }\n  }\n}\n\nfunction onParserTimeout (parser) {\n  const { socket, timeoutType, client } = parser\n\n  /* istanbul ignore else */\n  if (timeoutType === TIMEOUT_HEADERS) {\n    if (!socket[kWriting] || socket.writableNeedDrain || client[kRunning] > 1) {\n      assert(!parser.paused, 'cannot be paused while waiting for headers')\n      util.destroy(socket, new HeadersTimeoutError())\n    }\n  } else if (timeoutType === TIMEOUT_BODY) {\n    if (!parser.paused) {\n      util.destroy(socket, new BodyTimeoutError())\n    }\n  } else if (timeoutType === TIMEOUT_IDLE) {\n    assert(client[kRunning] === 0 && client[kKeepAliveTimeoutValue])\n    util.destroy(socket, new InformationalError('socket idle timeout'))\n  }\n}\n\nfunction onSocketReadable () {\n  const { [kParser]: parser } = this\n  if (parser) {\n    parser.readMore()\n  }\n}\n\nfunction onSocketError (err) {\n  const { [kClient]: client, [kParser]: parser } = this\n\n  assert(err.code !== 'ERR_TLS_CERT_ALTNAME_INVALID')\n\n  if (client[kHTTPConnVersion] !== 'h2') {\n    // On Mac OS, we get an ECONNRESET even if there is a full body to be forwarded\n    // to the user.\n    if (err.code === 'ECONNRESET' && parser.statusCode && !parser.shouldKeepAlive) {\n      // We treat all incoming data so for as a valid response.\n      parser.onMessageComplete()\n      return\n    }\n  }\n\n  this[kError] = err\n\n  onError(this[kClient], err)\n}\n\nfunction onError (client, err) {\n  if (\n    client[kRunning] === 0 &&\n    err.code !== 'UND_ERR_INFO' &&\n    err.code !== 'UND_ERR_SOCKET'\n  ) {\n    // Error is not caused by running request and not a recoverable\n    // socket error.\n\n    assert(client[kPendingIdx] === client[kRunningIdx])\n\n    const requests = client[kQueue].splice(client[kRunningIdx])\n    for (let i = 0; i < requests.length; i++) {\n      const request = requests[i]\n      errorRequest(client, request, err)\n    }\n    assert(client[kSize] === 0)\n  }\n}\n\nfunction onSocketEnd () {\n  const { [kParser]: parser, [kClient]: client } = this\n\n  if (client[kHTTPConnVersion] !== 'h2') {\n    if (parser.statusCode && !parser.shouldKeepAlive) {\n      // We treat all incoming data so far as a valid response.\n      parser.onMessageComplete()\n      return\n    }\n  }\n\n  util.destroy(this, new SocketError('other side closed', util.getSocketInfo(this)))\n}\n\nfunction onSocketClose () {\n  const { [kClient]: client, [kParser]: parser } = this\n\n  if (client[kHTTPConnVersion] === 'h1' && parser) {\n    if (!this[kError] && parser.statusCode && !parser.shouldKeepAlive) {\n      // We treat all incoming data so far as a valid response.\n      parser.onMessageComplete()\n    }\n\n    this[kParser].destroy()\n    this[kParser] = null\n  }\n\n  const err = this[kError] || new SocketError('closed', util.getSocketInfo(this))\n\n  client[kSocket] = null\n\n  if (client.destroyed) {\n    assert(client[kPending] === 0)\n\n    // Fail entire queue.\n    const requests = client[kQueue].splice(client[kRunningIdx])\n    for (let i = 0; i < requests.length; i++) {\n      const request = requests[i]\n      errorRequest(client, request, err)\n    }\n  } else if (client[kRunning] > 0 && err.code !== 'UND_ERR_INFO') {\n    // Fail head of pipeline.\n    const request = client[kQueue][client[kRunningIdx]]\n    client[kQueue][client[kRunningIdx]++] = null\n\n    errorRequest(client, request, err)\n  }\n\n  client[kPendingIdx] = client[kRunningIdx]\n\n  assert(client[kRunning] === 0)\n\n  client.emit('disconnect', client[kUrl], [client], err)\n\n  resume(client)\n}\n\nasync function connect (client) {\n  assert(!client[kConnecting])\n  assert(!client[kSocket])\n\n  let { host, hostname, protocol, port } = client[kUrl]\n\n  // Resolve ipv6\n  if (hostname[0] === '[') {\n    const idx = hostname.indexOf(']')\n\n    assert(idx !== -1)\n    const ip = hostname.substring(1, idx)\n\n    assert(net.isIP(ip))\n    hostname = ip\n  }\n\n  client[kConnecting] = true\n\n  if (channels.beforeConnect.hasSubscribers) {\n    channels.beforeConnect.publish({\n      connectParams: {\n        host,\n        hostname,\n        protocol,\n        port,\n        servername: client[kServerName],\n        localAddress: client[kLocalAddress]\n      },\n      connector: client[kConnector]\n    })\n  }\n\n  try {\n    const socket = await new Promise((resolve, reject) => {\n      client[kConnector]({\n        host,\n        hostname,\n        protocol,\n        port,\n        servername: client[kServerName],\n        localAddress: client[kLocalAddress]\n      }, (err, socket) => {\n        if (err) {\n          reject(err)\n        } else {\n          resolve(socket)\n        }\n      })\n    })\n\n    if (client.destroyed) {\n      util.destroy(socket.on('error', () => {}), new ClientDestroyedError())\n      return\n    }\n\n    client[kConnecting] = false\n\n    assert(socket)\n\n    const isH2 = socket.alpnProtocol === 'h2'\n    if (isH2) {\n      if (!h2ExperimentalWarned) {\n        h2ExperimentalWarned = true\n        process.emitWarning('H2 support is experimental, expect them to change at any time.', {\n          code: 'UNDICI-H2'\n        })\n      }\n\n      const session = http2.connect(client[kUrl], {\n        createConnection: () => socket,\n        peerMaxConcurrentStreams: client[kHTTP2SessionState].maxConcurrentStreams\n      })\n\n      client[kHTTPConnVersion] = 'h2'\n      session[kClient] = client\n      session[kSocket] = socket\n      session.on('error', onHttp2SessionError)\n      session.on('frameError', onHttp2FrameError)\n      session.on('end', onHttp2SessionEnd)\n      session.on('goaway', onHTTP2GoAway)\n      session.on('close', onSocketClose)\n      session.unref()\n\n      client[kHTTP2Session] = session\n      socket[kHTTP2Session] = session\n    } else {\n      if (!llhttpInstance) {\n        llhttpInstance = await llhttpPromise\n        llhttpPromise = null\n      }\n\n      socket[kNoRef] = false\n      socket[kWriting] = false\n      socket[kReset] = false\n      socket[kBlocking] = false\n      socket[kParser] = new Parser(client, socket, llhttpInstance)\n    }\n\n    socket[kCounter] = 0\n    socket[kMaxRequests] = client[kMaxRequests]\n    socket[kClient] = client\n    socket[kError] = null\n\n    socket\n      .on('error', onSocketError)\n      .on('readable', onSocketReadable)\n      .on('end', onSocketEnd)\n      .on('close', onSocketClose)\n\n    client[kSocket] = socket\n\n    if (channels.connected.hasSubscribers) {\n      channels.connected.publish({\n        connectParams: {\n          host,\n          hostname,\n          protocol,\n          port,\n          servername: client[kServerName],\n          localAddress: client[kLocalAddress]\n        },\n        connector: client[kConnector],\n        socket\n      })\n    }\n    client.emit('connect', client[kUrl], [client])\n  } catch (err) {\n    if (client.destroyed) {\n      return\n    }\n\n    client[kConnecting] = false\n\n    if (channels.connectError.hasSubscribers) {\n      channels.connectError.publish({\n        connectParams: {\n          host,\n          hostname,\n          protocol,\n          port,\n          servername: client[kServerName],\n          localAddress: client[kLocalAddress]\n        },\n        connector: client[kConnector],\n        error: err\n      })\n    }\n\n    if (err.code === 'ERR_TLS_CERT_ALTNAME_INVALID') {\n      assert(client[kRunning] === 0)\n      while (client[kPending] > 0 && client[kQueue][client[kPendingIdx]].servername === client[kServerName]) {\n        const request = client[kQueue][client[kPendingIdx]++]\n        errorRequest(client, request, err)\n      }\n    } else {\n      onError(client, err)\n    }\n\n    client.emit('connectionError', client[kUrl], [client], err)\n  }\n\n  resume(client)\n}\n\nfunction emitDrain (client) {\n  client[kNeedDrain] = 0\n  client.emit('drain', client[kUrl], [client])\n}\n\nfunction resume (client, sync) {\n  if (client[kResuming] === 2) {\n    return\n  }\n\n  client[kResuming] = 2\n\n  _resume(client, sync)\n  client[kResuming] = 0\n\n  if (client[kRunningIdx] > 256) {\n    client[kQueue].splice(0, client[kRunningIdx])\n    client[kPendingIdx] -= client[kRunningIdx]\n    client[kRunningIdx] = 0\n  }\n}\n\nfunction _resume (client, sync) {\n  while (true) {\n    if (client.destroyed) {\n      assert(client[kPending] === 0)\n      return\n    }\n\n    if (client[kClosedResolve] && !client[kSize]) {\n      client[kClosedResolve]()\n      client[kClosedResolve] = null\n      return\n    }\n\n    const socket = client[kSocket]\n\n    if (socket && !socket.destroyed && socket.alpnProtocol !== 'h2') {\n      if (client[kSize] === 0) {\n        if (!socket[kNoRef] && socket.unref) {\n          socket.unref()\n          socket[kNoRef] = true\n        }\n      } else if (socket[kNoRef] && socket.ref) {\n        socket.ref()\n        socket[kNoRef] = false\n      }\n\n      if (client[kSize] === 0) {\n        if (socket[kParser].timeoutType !== TIMEOUT_IDLE) {\n          socket[kParser].setTimeout(client[kKeepAliveTimeoutValue], TIMEOUT_IDLE)\n        }\n      } else if (client[kRunning] > 0 && socket[kParser].statusCode < 200) {\n        if (socket[kParser].timeoutType !== TIMEOUT_HEADERS) {\n          const request = client[kQueue][client[kRunningIdx]]\n          const headersTimeout = request.headersTimeout != null\n            ? request.headersTimeout\n            : client[kHeadersTimeout]\n          socket[kParser].setTimeout(headersTimeout, TIMEOUT_HEADERS)\n        }\n      }\n    }\n\n    if (client[kBusy]) {\n      client[kNeedDrain] = 2\n    } else if (client[kNeedDrain] === 2) {\n      if (sync) {\n        client[kNeedDrain] = 1\n        process.nextTick(emitDrain, client)\n      } else {\n        emitDrain(client)\n      }\n      continue\n    }\n\n    if (client[kPending] === 0) {\n      return\n    }\n\n    if (client[kRunning] >= (client[kPipelining] || 1)) {\n      return\n    }\n\n    const request = client[kQueue][client[kPendingIdx]]\n\n    if (client[kUrl].protocol === 'https:' && client[kServerName] !== request.servername) {\n      if (client[kRunning] > 0) {\n        return\n      }\n\n      client[kServerName] = request.servername\n\n      if (socket && socket.servername !== request.servername) {\n        util.destroy(socket, new InformationalError('servername changed'))\n        return\n      }\n    }\n\n    if (client[kConnecting]) {\n      return\n    }\n\n    if (!socket && !client[kHTTP2Session]) {\n      connect(client)\n      return\n    }\n\n    if (socket.destroyed || socket[kWriting] || socket[kReset] || socket[kBlocking]) {\n      return\n    }\n\n    if (client[kRunning] > 0 && !request.idempotent) {\n      // Non-idempotent request cannot be retried.\n      // Ensure that no other requests are inflight and\n      // could cause failure.\n      return\n    }\n\n    if (client[kRunning] > 0 && (request.upgrade || request.method === 'CONNECT')) {\n      // Don't dispatch an upgrade until all preceding requests have completed.\n      // A misbehaving server might upgrade the connection before all pipelined\n      // request has completed.\n      return\n    }\n\n    if (client[kRunning] > 0 && util.bodyLength(request.body) !== 0 &&\n      (util.isStream(request.body) || util.isAsyncIterable(request.body))) {\n      // Request with stream or iterator body can error while other requests\n      // are inflight and indirectly error those as well.\n      // Ensure this doesn't happen by waiting for inflight\n      // to complete before dispatching.\n\n      // Request with stream or iterator body cannot be retried.\n      // Ensure that no other requests are inflight and\n      // could cause failure.\n      return\n    }\n\n    if (!request.aborted && write(client, request)) {\n      client[kPendingIdx]++\n    } else {\n      client[kQueue].splice(client[kPendingIdx], 1)\n    }\n  }\n}\n\n// https://www.rfc-editor.org/rfc/rfc7230#section-3.3.2\nfunction shouldSendContentLength (method) {\n  return method !== 'GET' && method !== 'HEAD' && method !== 'OPTIONS' && method !== 'TRACE' && method !== 'CONNECT'\n}\n\nfunction write (client, request) {\n  if (client[kHTTPConnVersion] === 'h2') {\n    writeH2(client, client[kHTTP2Session], request)\n    return\n  }\n\n  const { body, method, path, host, upgrade, headers, blocking, reset } = request\n\n  // https://tools.ietf.org/html/rfc7231#section-4.3.1\n  // https://tools.ietf.org/html/rfc7231#section-4.3.2\n  // https://tools.ietf.org/html/rfc7231#section-4.3.5\n\n  // Sending a payload body on a request that does not\n  // expect it can cause undefined behavior on some\n  // servers and corrupt connection state. Do not\n  // re-use the connection for further requests.\n\n  const expectsPayload = (\n    method === 'PUT' ||\n    method === 'POST' ||\n    method === 'PATCH'\n  )\n\n  if (body && typeof body.read === 'function') {\n    // Try to read EOF in order to get length.\n    body.read(0)\n  }\n\n  const bodyLength = util.bodyLength(body)\n\n  let contentLength = bodyLength\n\n  if (contentLength === null) {\n    contentLength = request.contentLength\n  }\n\n  if (contentLength === 0 && !expectsPayload) {\n    // https://tools.ietf.org/html/rfc7230#section-3.3.2\n    // A user agent SHOULD NOT send a Content-Length header field when\n    // the request message does not contain a payload body and the method\n    // semantics do not anticipate such a body.\n\n    contentLength = null\n  }\n\n  // https://github.com/nodejs/undici/issues/2046\n  // A user agent may send a Content-Length header with 0 value, this should be allowed.\n  if (shouldSendContentLength(method) && contentLength > 0 && request.contentLength !== null && request.contentLength !== contentLength) {\n    if (client[kStrictContentLength]) {\n      errorRequest(client, request, new RequestContentLengthMismatchError())\n      return false\n    }\n\n    process.emitWarning(new RequestContentLengthMismatchError())\n  }\n\n  const socket = client[kSocket]\n\n  try {\n    request.onConnect((err) => {\n      if (request.aborted || request.completed) {\n        return\n      }\n\n      errorRequest(client, request, err || new RequestAbortedError())\n\n      util.destroy(socket, new InformationalError('aborted'))\n    })\n  } catch (err) {\n    errorRequest(client, request, err)\n  }\n\n  if (request.aborted) {\n    return false\n  }\n\n  if (method === 'HEAD') {\n    // https://github.com/mcollina/undici/issues/258\n    // Close after a HEAD request to interop with misbehaving servers\n    // that may send a body in the response.\n\n    socket[kReset] = true\n  }\n\n  if (upgrade || method === 'CONNECT') {\n    // On CONNECT or upgrade, block pipeline from dispatching further\n    // requests on this connection.\n\n    socket[kReset] = true\n  }\n\n  if (reset != null) {\n    socket[kReset] = reset\n  }\n\n  if (client[kMaxRequests] && socket[kCounter]++ >= client[kMaxRequests]) {\n    socket[kReset] = true\n  }\n\n  if (blocking) {\n    socket[kBlocking] = true\n  }\n\n  let header = `${method} ${path} HTTP/1.1\\r\\n`\n\n  if (typeof host === 'string') {\n    header += `host: ${host}\\r\\n`\n  } else {\n    header += client[kHostHeader]\n  }\n\n  if (upgrade) {\n    header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n  } else if (client[kPipelining] && !socket[kReset]) {\n    header += 'connection: keep-alive\\r\\n'\n  } else {\n    header += 'connection: close\\r\\n'\n  }\n\n  if (headers) {\n    header += headers\n  }\n\n  if (channels.sendHeaders.hasSubscribers) {\n    channels.sendHeaders.publish({ request, headers: header, socket })\n  }\n\n  /* istanbul ignore else: assertion */\n  if (!body || bodyLength === 0) {\n    if (contentLength === 0) {\n      socket.write(`${header}content-length: 0\\r\\n\\r\\n`, 'latin1')\n    } else {\n      assert(contentLength === null, 'no body must not have content length')\n      socket.write(`${header}\\r\\n`, 'latin1')\n    }\n    request.onRequestSent()\n  } else if (util.isBuffer(body)) {\n    assert(contentLength === body.byteLength, 'buffer body must have content length')\n\n    socket.cork()\n    socket.write(`${header}content-length: ${contentLength}\\r\\n\\r\\n`, 'latin1')\n    socket.write(body)\n    socket.uncork()\n    request.onBodySent(body)\n    request.onRequestSent()\n    if (!expectsPayload) {\n      socket[kReset] = true\n    }\n  } else if (util.isBlobLike(body)) {\n    if (typeof body.stream === 'function') {\n      writeIterable({ body: body.stream(), client, request, socket, contentLength, header, expectsPayload })\n    } else {\n      writeBlob({ body, client, request, socket, contentLength, header, expectsPayload })\n    }\n  } else if (util.isStream(body)) {\n    writeStream({ body, client, request, socket, contentLength, header, expectsPayload })\n  } else if (util.isIterable(body)) {\n    writeIterable({ body, client, request, socket, contentLength, header, expectsPayload })\n  } else {\n    assert(false)\n  }\n\n  return true\n}\n\nfunction writeH2 (client, session, request) {\n  const { body, method, path, host, upgrade, expectContinue, signal, headers: reqHeaders } = request\n\n  let headers\n  if (typeof reqHeaders === 'string') headers = Request[kHTTP2CopyHeaders](reqHeaders.trim())\n  else headers = reqHeaders\n\n  if (upgrade) {\n    errorRequest(client, request, new Error('Upgrade not supported for H2'))\n    return false\n  }\n\n  try {\n    // TODO(HTTP/2): Should we call onConnect immediately or on stream ready event?\n    request.onConnect((err) => {\n      if (request.aborted || request.completed) {\n        return\n      }\n\n      errorRequest(client, request, err || new RequestAbortedError())\n    })\n  } catch (err) {\n    errorRequest(client, request, err)\n  }\n\n  if (request.aborted) {\n    return false\n  }\n\n  /** @type {import('node:http2').ClientHttp2Stream} */\n  let stream\n  const h2State = client[kHTTP2SessionState]\n\n  headers[HTTP2_HEADER_AUTHORITY] = host || client[kHost]\n  headers[HTTP2_HEADER_METHOD] = method\n\n  if (method === 'CONNECT') {\n    session.ref()\n    // we are already connected, streams are pending, first request\n    // will create a new stream. We trigger a request to create the stream and wait until\n    // `ready` event is triggered\n    // We disabled endStream to allow the user to write to the stream\n    stream = session.request(headers, { endStream: false, signal })\n\n    if (stream.id && !stream.pending) {\n      request.onUpgrade(null, null, stream)\n      ++h2State.openStreams\n    } else {\n      stream.once('ready', () => {\n        request.onUpgrade(null, null, stream)\n        ++h2State.openStreams\n      })\n    }\n\n    stream.once('close', () => {\n      h2State.openStreams -= 1\n      // TODO(HTTP/2): unref only if current streams count is 0\n      if (h2State.openStreams === 0) session.unref()\n    })\n\n    return true\n  }\n\n  // https://tools.ietf.org/html/rfc7540#section-8.3\n  // :path and :scheme headers must be omited when sending CONNECT\n\n  headers[HTTP2_HEADER_PATH] = path\n  headers[HTTP2_HEADER_SCHEME] = 'https'\n\n  // https://tools.ietf.org/html/rfc7231#section-4.3.1\n  // https://tools.ietf.org/html/rfc7231#section-4.3.2\n  // https://tools.ietf.org/html/rfc7231#section-4.3.5\n\n  // Sending a payload body on a request that does not\n  // expect it can cause undefined behavior on some\n  // servers and corrupt connection state. Do not\n  // re-use the connection for further requests.\n\n  const expectsPayload = (\n    method === 'PUT' ||\n    method === 'POST' ||\n    method === 'PATCH'\n  )\n\n  if (body && typeof body.read === 'function') {\n    // Try to read EOF in order to get length.\n    body.read(0)\n  }\n\n  let contentLength = util.bodyLength(body)\n\n  if (contentLength == null) {\n    contentLength = request.contentLength\n  }\n\n  if (contentLength === 0 || !expectsPayload) {\n    // https://tools.ietf.org/html/rfc7230#section-3.3.2\n    // A user agent SHOULD NOT send a Content-Length header field when\n    // the request message does not contain a payload body and the method\n    // semantics do not anticipate such a body.\n\n    contentLength = null\n  }\n\n  // https://github.com/nodejs/undici/issues/2046\n  // A user agent may send a Content-Length header with 0 value, this should be allowed.\n  if (shouldSendContentLength(method) && contentLength > 0 && request.contentLength != null && request.contentLength !== contentLength) {\n    if (client[kStrictContentLength]) {\n      errorRequest(client, request, new RequestContentLengthMismatchError())\n      return false\n    }\n\n    process.emitWarning(new RequestContentLengthMismatchError())\n  }\n\n  if (contentLength != null) {\n    assert(body, 'no body must not have content length')\n    headers[HTTP2_HEADER_CONTENT_LENGTH] = `${contentLength}`\n  }\n\n  session.ref()\n\n  const shouldEndStream = method === 'GET' || method === 'HEAD'\n  if (expectContinue) {\n    headers[HTTP2_HEADER_EXPECT] = '100-continue'\n    stream = session.request(headers, { endStream: shouldEndStream, signal })\n\n    stream.once('continue', writeBodyH2)\n  } else {\n    stream = session.request(headers, {\n      endStream: shouldEndStream,\n      signal\n    })\n    writeBodyH2()\n  }\n\n  // Increment counter as we have new several streams open\n  ++h2State.openStreams\n\n  stream.once('response', headers => {\n    const { [HTTP2_HEADER_STATUS]: statusCode, ...realHeaders } = headers\n\n    if (request.onHeaders(Number(statusCode), realHeaders, stream.resume.bind(stream), '') === false) {\n      stream.pause()\n    }\n  })\n\n  stream.once('end', () => {\n    request.onComplete([])\n  })\n\n  stream.on('data', (chunk) => {\n    if (request.onData(chunk) === false) {\n      stream.pause()\n    }\n  })\n\n  stream.once('close', () => {\n    h2State.openStreams -= 1\n    // TODO(HTTP/2): unref only if current streams count is 0\n    if (h2State.openStreams === 0) {\n      session.unref()\n    }\n  })\n\n  stream.once('error', function (err) {\n    if (client[kHTTP2Session] && !client[kHTTP2Session].destroyed && !this.closed && !this.destroyed) {\n      h2State.streams -= 1\n      util.destroy(stream, err)\n    }\n  })\n\n  stream.once('frameError', (type, code) => {\n    const err = new InformationalError(`HTTP/2: \"frameError\" received - type ${type}, code ${code}`)\n    errorRequest(client, request, err)\n\n    if (client[kHTTP2Session] && !client[kHTTP2Session].destroyed && !this.closed && !this.destroyed) {\n      h2State.streams -= 1\n      util.destroy(stream, err)\n    }\n  })\n\n  // stream.on('aborted', () => {\n  //   // TODO(HTTP/2): Support aborted\n  // })\n\n  // stream.on('timeout', () => {\n  //   // TODO(HTTP/2): Support timeout\n  // })\n\n  // stream.on('push', headers => {\n  //   // TODO(HTTP/2): Suppor push\n  // })\n\n  // stream.on('trailers', headers => {\n  //   // TODO(HTTP/2): Support trailers\n  // })\n\n  return true\n\n  function writeBodyH2 () {\n    /* istanbul ignore else: assertion */\n    if (!body) {\n      request.onRequestSent()\n    } else if (util.isBuffer(body)) {\n      assert(contentLength === body.byteLength, 'buffer body must have content length')\n      stream.cork()\n      stream.write(body)\n      stream.uncork()\n      stream.end()\n      request.onBodySent(body)\n      request.onRequestSent()\n    } else if (util.isBlobLike(body)) {\n      if (typeof body.stream === 'function') {\n        writeIterable({\n          client,\n          request,\n          contentLength,\n          h2stream: stream,\n          expectsPayload,\n          body: body.stream(),\n          socket: client[kSocket],\n          header: ''\n        })\n      } else {\n        writeBlob({\n          body,\n          client,\n          request,\n          contentLength,\n          expectsPayload,\n          h2stream: stream,\n          header: '',\n          socket: client[kSocket]\n        })\n      }\n    } else if (util.isStream(body)) {\n      writeStream({\n        body,\n        client,\n        request,\n        contentLength,\n        expectsPayload,\n        socket: client[kSocket],\n        h2stream: stream,\n        header: ''\n      })\n    } else if (util.isIterable(body)) {\n      writeIterable({\n        body,\n        client,\n        request,\n        contentLength,\n        expectsPayload,\n        header: '',\n        h2stream: stream,\n        socket: client[kSocket]\n      })\n    } else {\n      assert(false)\n    }\n  }\n}\n\nfunction writeStream ({ h2stream, body, client, request, socket, contentLength, header, expectsPayload }) {\n  assert(contentLength !== 0 || client[kRunning] === 0, 'stream body cannot be pipelined')\n\n  if (client[kHTTPConnVersion] === 'h2') {\n    // For HTTP/2, is enough to pipe the stream\n    const pipe = pipeline(\n      body,\n      h2stream,\n      (err) => {\n        if (err) {\n          util.destroy(body, err)\n          util.destroy(h2stream, err)\n        } else {\n          request.onRequestSent()\n        }\n      }\n    )\n\n    pipe.on('data', onPipeData)\n    pipe.once('end', () => {\n      pipe.removeListener('data', onPipeData)\n      util.destroy(pipe)\n    })\n\n    function onPipeData (chunk) {\n      request.onBodySent(chunk)\n    }\n\n    return\n  }\n\n  let finished = false\n\n  const writer = new AsyncWriter({ socket, request, contentLength, client, expectsPayload, header })\n\n  const onData = function (chunk) {\n    if (finished) {\n      return\n    }\n\n    try {\n      if (!writer.write(chunk) && this.pause) {\n        this.pause()\n      }\n    } catch (err) {\n      util.destroy(this, err)\n    }\n  }\n  const onDrain = function () {\n    if (finished) {\n      return\n    }\n\n    if (body.resume) {\n      body.resume()\n    }\n  }\n  const onAbort = function () {\n    if (finished) {\n      return\n    }\n    const err = new RequestAbortedError()\n    queueMicrotask(() => onFinished(err))\n  }\n  const onFinished = function (err) {\n    if (finished) {\n      return\n    }\n\n    finished = true\n\n    assert(socket.destroyed || (socket[kWriting] && client[kRunning] <= 1))\n\n    socket\n      .off('drain', onDrain)\n      .off('error', onFinished)\n\n    body\n      .removeListener('data', onData)\n      .removeListener('end', onFinished)\n      .removeListener('error', onFinished)\n      .removeListener('close', onAbort)\n\n    if (!err) {\n      try {\n        writer.end()\n      } catch (er) {\n        err = er\n      }\n    }\n\n    writer.destroy(err)\n\n    if (err && (err.code !== 'UND_ERR_INFO' || err.message !== 'reset')) {\n      util.destroy(body, err)\n    } else {\n      util.destroy(body)\n    }\n  }\n\n  body\n    .on('data', onData)\n    .on('end', onFinished)\n    .on('error', onFinished)\n    .on('close', onAbort)\n\n  if (body.resume) {\n    body.resume()\n  }\n\n  socket\n    .on('drain', onDrain)\n    .on('error', onFinished)\n}\n\nasync function writeBlob ({ h2stream, body, client, request, socket, contentLength, header, expectsPayload }) {\n  assert(contentLength === body.size, 'blob body must have content length')\n\n  const isH2 = client[kHTTPConnVersion] === 'h2'\n  try {\n    if (contentLength != null && contentLength !== body.size) {\n      throw new RequestContentLengthMismatchError()\n    }\n\n    const buffer = Buffer.from(await body.arrayBuffer())\n\n    if (isH2) {\n      h2stream.cork()\n      h2stream.write(buffer)\n      h2stream.uncork()\n    } else {\n      socket.cork()\n      socket.write(`${header}content-length: ${contentLength}\\r\\n\\r\\n`, 'latin1')\n      socket.write(buffer)\n      socket.uncork()\n    }\n\n    request.onBodySent(buffer)\n    request.onRequestSent()\n\n    if (!expectsPayload) {\n      socket[kReset] = true\n    }\n\n    resume(client)\n  } catch (err) {\n    util.destroy(isH2 ? h2stream : socket, err)\n  }\n}\n\nasync function writeIterable ({ h2stream, body, client, request, socket, contentLength, header, expectsPayload }) {\n  assert(contentLength !== 0 || client[kRunning] === 0, 'iterator body cannot be pipelined')\n\n  let callback = null\n  function onDrain () {\n    if (callback) {\n      const cb = callback\n      callback = null\n      cb()\n    }\n  }\n\n  const waitForDrain = () => new Promise((resolve, reject) => {\n    assert(callback === null)\n\n    if (socket[kError]) {\n      reject(socket[kError])\n    } else {\n      callback = resolve\n    }\n  })\n\n  if (client[kHTTPConnVersion] === 'h2') {\n    h2stream\n      .on('close', onDrain)\n      .on('drain', onDrain)\n\n    try {\n      // It's up to the user to somehow abort the async iterable.\n      for await (const chunk of body) {\n        if (socket[kError]) {\n          throw socket[kError]\n        }\n\n        const res = h2stream.write(chunk)\n        request.onBodySent(chunk)\n        if (!res) {\n          await waitForDrain()\n        }\n      }\n    } catch (err) {\n      h2stream.destroy(err)\n    } finally {\n      request.onRequestSent()\n      h2stream.end()\n      h2stream\n        .off('close', onDrain)\n        .off('drain', onDrain)\n    }\n\n    return\n  }\n\n  socket\n    .on('close', onDrain)\n    .on('drain', onDrain)\n\n  const writer = new AsyncWriter({ socket, request, contentLength, client, expectsPayload, header })\n  try {\n    // It's up to the user to somehow abort the async iterable.\n    for await (const chunk of body) {\n      if (socket[kError]) {\n        throw socket[kError]\n      }\n\n      if (!writer.write(chunk)) {\n        await waitForDrain()\n      }\n    }\n\n    writer.end()\n  } catch (err) {\n    writer.destroy(err)\n  } finally {\n    socket\n      .off('close', onDrain)\n      .off('drain', onDrain)\n  }\n}\n\nclass AsyncWriter {\n  constructor ({ socket, request, contentLength, client, expectsPayload, header }) {\n    this.socket = socket\n    this.request = request\n    this.contentLength = contentLength\n    this.client = client\n    this.bytesWritten = 0\n    this.expectsPayload = expectsPayload\n    this.header = header\n\n    socket[kWriting] = true\n  }\n\n  write (chunk) {\n    const { socket, request, contentLength, client, bytesWritten, expectsPayload, header } = this\n\n    if (socket[kError]) {\n      throw socket[kError]\n    }\n\n    if (socket.destroyed) {\n      return false\n    }\n\n    const len = Buffer.byteLength(chunk)\n    if (!len) {\n      return true\n    }\n\n    // We should defer writing chunks.\n    if (contentLength !== null && bytesWritten + len > contentLength) {\n      if (client[kStrictContentLength]) {\n        throw new RequestContentLengthMismatchError()\n      }\n\n      process.emitWarning(new RequestContentLengthMismatchError())\n    }\n\n    socket.cork()\n\n    if (bytesWritten === 0) {\n      if (!expectsPayload) {\n        socket[kReset] = true\n      }\n\n      if (contentLength === null) {\n        socket.write(`${header}transfer-encoding: chunked\\r\\n`, 'latin1')\n      } else {\n        socket.write(`${header}content-length: ${contentLength}\\r\\n\\r\\n`, 'latin1')\n      }\n    }\n\n    if (contentLength === null) {\n      socket.write(`\\r\\n${len.toString(16)}\\r\\n`, 'latin1')\n    }\n\n    this.bytesWritten += len\n\n    const ret = socket.write(chunk)\n\n    socket.uncork()\n\n    request.onBodySent(chunk)\n\n    if (!ret) {\n      if (socket[kParser].timeout && socket[kParser].timeoutType === TIMEOUT_HEADERS) {\n        // istanbul ignore else: only for jest\n        if (socket[kParser].timeout.refresh) {\n          socket[kParser].timeout.refresh()\n        }\n      }\n    }\n\n    return ret\n  }\n\n  end () {\n    const { socket, contentLength, client, bytesWritten, expectsPayload, header, request } = this\n    request.onRequestSent()\n\n    socket[kWriting] = false\n\n    if (socket[kError]) {\n      throw socket[kError]\n    }\n\n    if (socket.destroyed) {\n      return\n    }\n\n    if (bytesWritten === 0) {\n      if (expectsPayload) {\n        // https://tools.ietf.org/html/rfc7230#section-3.3.2\n        // A user agent SHOULD send a Content-Length in a request message when\n        // no Transfer-Encoding is sent and the request method defines a meaning\n        // for an enclosed payload body.\n\n        socket.write(`${header}content-length: 0\\r\\n\\r\\n`, 'latin1')\n      } else {\n        socket.write(`${header}\\r\\n`, 'latin1')\n      }\n    } else if (contentLength === null) {\n      socket.write('\\r\\n0\\r\\n\\r\\n', 'latin1')\n    }\n\n    if (contentLength !== null && bytesWritten !== contentLength) {\n      if (client[kStrictContentLength]) {\n        throw new RequestContentLengthMismatchError()\n      } else {\n        process.emitWarning(new RequestContentLengthMismatchError())\n      }\n    }\n\n    if (socket[kParser].timeout && socket[kParser].timeoutType === TIMEOUT_HEADERS) {\n      // istanbul ignore else: only for jest\n      if (socket[kParser].timeout.refresh) {\n        socket[kParser].timeout.refresh()\n      }\n    }\n\n    resume(client)\n  }\n\n  destroy (err) {\n    const { socket, client } = this\n\n    socket[kWriting] = false\n\n    if (err) {\n      assert(client[kRunning] <= 1, 'pipeline should only contain this request')\n      util.destroy(socket, err)\n    }\n  }\n}\n\nfunction errorRequest (client, request, err) {\n  try {\n    request.onError(err)\n    assert(request.aborted)\n  } catch (err) {\n    client.emit('error', err)\n  }\n}\n\nmodule.exports = Client\n","'use strict'\n\n/* istanbul ignore file: only for Node 12 */\n\nconst { kConnected, kSize } = require('../core/symbols')\n\nclass CompatWeakRef {\n  constructor (value) {\n    this.value = value\n  }\n\n  deref () {\n    return this.value[kConnected] === 0 && this.value[kSize] === 0\n      ? undefined\n      : this.value\n  }\n}\n\nclass CompatFinalizer {\n  constructor (finalizer) {\n    this.finalizer = finalizer\n  }\n\n  register (dispatcher, key) {\n    if (dispatcher.on) {\n      dispatcher.on('disconnect', () => {\n        if (dispatcher[kConnected] === 0 && dispatcher[kSize] === 0) {\n          this.finalizer(key)\n        }\n      })\n    }\n  }\n}\n\nmodule.exports = function () {\n  // FIXME: remove workaround when the Node bug is fixed\n  // https://github.com/nodejs/node/issues/49344#issuecomment-1741776308\n  if (process.env.NODE_V8_COVERAGE) {\n    return {\n      WeakRef: CompatWeakRef,\n      FinalizationRegistry: CompatFinalizer\n    }\n  }\n  return {\n    WeakRef: global.WeakRef || CompatWeakRef,\n    FinalizationRegistry: global.FinalizationRegistry || CompatFinalizer\n  }\n}\n","'use strict'\n\n// https://wicg.github.io/cookie-store/#cookie-maximum-attribute-value-size\nconst maxAttributeValueSize = 1024\n\n// https://wicg.github.io/cookie-store/#cookie-maximum-name-value-pair-size\nconst maxNameValuePairSize = 4096\n\nmodule.exports = {\n  maxAttributeValueSize,\n  maxNameValuePairSize\n}\n","'use strict'\n\nconst { parseSetCookie } = require('./parse')\nconst { stringify } = require('./util')\nconst { webidl } = require('../fetch/webidl')\nconst { Headers } = require('../fetch/headers')\n\n/**\n * @typedef {Object} Cookie\n * @property {string} name\n * @property {string} value\n * @property {Date|number|undefined} expires\n * @property {number|undefined} maxAge\n * @property {string|undefined} domain\n * @property {string|undefined} path\n * @property {boolean|undefined} secure\n * @property {boolean|undefined} httpOnly\n * @property {'Strict'|'Lax'|'None'} sameSite\n * @property {string[]} unparsed\n */\n\n/**\n * @param {Headers} headers\n * @returns {Record<string, string>}\n */\nfunction getCookies (headers) {\n  webidl.argumentLengthCheck(arguments, 1, { header: 'getCookies' })\n\n  webidl.brandCheck(headers, Headers, { strict: false })\n\n  const cookie = headers.get('cookie')\n  const out = {}\n\n  if (!cookie) {\n    return out\n  }\n\n  for (const piece of cookie.split(';')) {\n    const [name, ...value] = piece.split('=')\n\n    out[name.trim()] = value.join('=')\n  }\n\n  return out\n}\n\n/**\n * @param {Headers} headers\n * @param {string} name\n * @param {{ path?: string, domain?: string }|undefined} attributes\n * @returns {void}\n */\nfunction deleteCookie (headers, name, attributes) {\n  webidl.argumentLengthCheck(arguments, 2, { header: 'deleteCookie' })\n\n  webidl.brandCheck(headers, Headers, { strict: false })\n\n  name = webidl.converters.DOMString(name)\n  attributes = webidl.converters.DeleteCookieAttributes(attributes)\n\n  // Matches behavior of\n  // https://github.com/denoland/deno_std/blob/63827b16330b82489a04614027c33b7904e08be5/http/cookie.ts#L278\n  setCookie(headers, {\n    name,\n    value: '',\n    expires: new Date(0),\n    ...attributes\n  })\n}\n\n/**\n * @param {Headers} headers\n * @returns {Cookie[]}\n */\nfunction getSetCookies (headers) {\n  webidl.argumentLengthCheck(arguments, 1, { header: 'getSetCookies' })\n\n  webidl.brandCheck(headers, Headers, { strict: false })\n\n  const cookies = headers.getSetCookie()\n\n  if (!cookies) {\n    return []\n  }\n\n  return cookies.map((pair) => parseSetCookie(pair))\n}\n\n/**\n * @param {Headers} headers\n * @param {Cookie} cookie\n * @returns {void}\n */\nfunction setCookie (headers, cookie) {\n  webidl.argumentLengthCheck(arguments, 2, { header: 'setCookie' })\n\n  webidl.brandCheck(headers, Headers, { strict: false })\n\n  cookie = webidl.converters.Cookie(cookie)\n\n  const str = stringify(cookie)\n\n  if (str) {\n    headers.append('Set-Cookie', stringify(cookie))\n  }\n}\n\nwebidl.converters.DeleteCookieAttributes = webidl.dictionaryConverter([\n  {\n    converter: webidl.nullableConverter(webidl.converters.DOMString),\n    key: 'path',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters.DOMString),\n    key: 'domain',\n    defaultValue: null\n  }\n])\n\nwebidl.converters.Cookie = webidl.dictionaryConverter([\n  {\n    converter: webidl.converters.DOMString,\n    key: 'name'\n  },\n  {\n    converter: webidl.converters.DOMString,\n    key: 'value'\n  },\n  {\n    converter: webidl.nullableConverter((value) => {\n      if (typeof value === 'number') {\n        return webidl.converters['unsigned long long'](value)\n      }\n\n      return new Date(value)\n    }),\n    key: 'expires',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters['long long']),\n    key: 'maxAge',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters.DOMString),\n    key: 'domain',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters.DOMString),\n    key: 'path',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters.boolean),\n    key: 'secure',\n    defaultValue: null\n  },\n  {\n    converter: webidl.nullableConverter(webidl.converters.boolean),\n    key: 'httpOnly',\n    defaultValue: null\n  },\n  {\n    converter: webidl.converters.USVString,\n    key: 'sameSite',\n    allowedValues: ['Strict', 'Lax', 'None']\n  },\n  {\n    converter: webidl.sequenceConverter(webidl.converters.DOMString),\n    key: 'unparsed',\n    defaultValue: []\n  }\n])\n\nmodule.exports = {\n  getCookies,\n  deleteCookie,\n  getSetCookies,\n  setCookie\n}\n","'use strict'\n\nconst { maxNameValuePairSize, maxAttributeValueSize } = require('./constants')\nconst { isCTLExcludingHtab } = require('./util')\nconst { collectASequenceOfCodePointsFast } = require('../fetch/dataURL')\nconst assert = require('assert')\n\n/**\n * @description Parses the field-value attributes of a set-cookie header string.\n * @see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4\n * @param {string} header\n * @returns if the header is invalid, null will be returned\n */\nfunction parseSetCookie (header) {\n  // 1. If the set-cookie-string contains a %x00-08 / %x0A-1F / %x7F\n  //    character (CTL characters excluding HTAB): Abort these steps and\n  //    ignore the set-cookie-string entirely.\n  if (isCTLExcludingHtab(header)) {\n    return null\n  }\n\n  let nameValuePair = ''\n  let unparsedAttributes = ''\n  let name = ''\n  let value = ''\n\n  // 2. If the set-cookie-string contains a %x3B (\";\") character:\n  if (header.includes(';')) {\n    // 1. The name-value-pair string consists of the characters up to,\n    //    but not including, the first %x3B (\";\"), and the unparsed-\n    //    attributes consist of the remainder of the set-cookie-string\n    //    (including the %x3B (\";\") in question).\n    const position = { position: 0 }\n\n    nameValuePair = collectASequenceOfCodePointsFast(';', header, position)\n    unparsedAttributes = header.slice(position.position)\n  } else {\n    // Otherwise:\n\n    // 1. The name-value-pair string consists of all the characters\n    //    contained in the set-cookie-string, and the unparsed-\n    //    attributes is the empty string.\n    nameValuePair = header\n  }\n\n  // 3. If the name-value-pair string lacks a %x3D (\"=\") character, then\n  //    the name string is empty, and the value string is the value of\n  //    name-value-pair.\n  if (!nameValuePair.includes('=')) {\n    value = nameValuePair\n  } else {\n    //    Otherwise, the name string consists of the characters up to, but\n    //    not including, the first %x3D (\"=\") character, and the (possibly\n    //    empty) value string consists of the characters after the first\n    //    %x3D (\"=\") character.\n    const position = { position: 0 }\n    name = collectASequenceOfCodePointsFast(\n      '=',\n      nameValuePair,\n      position\n    )\n    value = nameValuePair.slice(position.position + 1)\n  }\n\n  // 4. Remove any leading or trailing WSP characters from the name\n  //    string and the value string.\n  name = name.trim()\n  value = value.trim()\n\n  // 5. If the sum of the lengths of the name string and the value string\n  //    is more than 4096 octets, abort these steps and ignore the set-\n  //    cookie-string entirely.\n  if (name.length + value.length > maxNameValuePairSize) {\n    return null\n  }\n\n  // 6. The cookie-name is the name string, and the cookie-value is the\n  //    value string.\n  return {\n    name, value, ...parseUnparsedAttributes(unparsedAttributes)\n  }\n}\n\n/**\n * Parses the remaining attributes of a set-cookie header\n * @see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4\n * @param {string} unparsedAttributes\n * @param {[Object.<string, unknown>]={}} cookieAttributeList\n */\nfunction parseUnparsedAttributes (unparsedAttributes, cookieAttributeList = {}) {\n  // 1. If the unparsed-attributes string is empty, skip the rest of\n  //    these steps.\n  if (unparsedAttributes.length === 0) {\n    return cookieAttributeList\n  }\n\n  // 2. Discard the first character of the unparsed-attributes (which\n  //    will be a %x3B (\";\") character).\n  assert(unparsedAttributes[0] === ';')\n  unparsedAttributes = unparsedAttributes.slice(1)\n\n  let cookieAv = ''\n\n  // 3. If the remaining unparsed-attributes contains a %x3B (\";\")\n  //    character:\n  if (unparsedAttributes.includes(';')) {\n    // 1. Consume the characters of the unparsed-attributes up to, but\n    //    not including, the first %x3B (\";\") character.\n    cookieAv = collectASequenceOfCodePointsFast(\n      ';',\n      unparsedAttributes,\n      { position: 0 }\n    )\n    unparsedAttributes = unparsedAttributes.slice(cookieAv.length)\n  } else {\n    // Otherwise:\n\n    // 1. Consume the remainder of the unparsed-attributes.\n    cookieAv = unparsedAttributes\n    unparsedAttributes = ''\n  }\n\n  // Let the cookie-av string be the characters consumed in this step.\n\n  let attributeName = ''\n  let attributeValue = ''\n\n  // 4. If the cookie-av string contains a %x3D (\"=\") character:\n  if (cookieAv.includes('=')) {\n    // 1. The (possibly empty) attribute-name string consists of the\n    //    characters up to, but not including, the first %x3D (\"=\")\n    //    character, and the (possibly empty) attribute-value string\n    //    consists of the characters after the first %x3D (\"=\")\n    //    character.\n    const position = { position: 0 }\n\n    attributeName = collectASequenceOfCodePointsFast(\n      '=',\n      cookieAv,\n      position\n    )\n    attributeValue = cookieAv.slice(position.position + 1)\n  } else {\n    // Otherwise:\n\n    // 1. The attribute-name string consists of the entire cookie-av\n    //    string, and the attribute-value string is empty.\n    attributeName = cookieAv\n  }\n\n  // 5. Remove any leading or trailing WSP characters from the attribute-\n  //    name string and the attribute-value string.\n  attributeName = attributeName.trim()\n  attributeValue = attributeValue.trim()\n\n  // 6. If the attribute-value is longer than 1024 octets, ignore the\n  //    cookie-av string and return to Step 1 of this algorithm.\n  if (attributeValue.length > maxAttributeValueSize) {\n    return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)\n  }\n\n  // 7. Process the attribute-name and attribute-value according to the\n  //    requirements in the following subsections.  (Notice that\n  //    attributes with unrecognized attribute-names are ignored.)\n  const attributeNameLowercase = attributeName.toLowerCase()\n\n  // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.1\n  // If the attribute-name case-insensitively matches the string\n  // \"Expires\", the user agent MUST process the cookie-av as follows.\n  if (attributeNameLowercase === 'expires') {\n    // 1. Let the expiry-time be the result of parsing the attribute-value\n    //    as cookie-date (see Section 5.1.1).\n    const expiryTime = new Date(attributeValue)\n\n    // 2. If the attribute-value failed to parse as a cookie date, ignore\n    //    the cookie-av.\n\n    cookieAttributeList.expires = expiryTime\n  } else if (attributeNameLowercase === 'max-age') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.2\n    // If the attribute-name case-insensitively matches the string \"Max-\n    // Age\", the user agent MUST process the cookie-av as follows.\n\n    // 1. If the first character of the attribute-value is not a DIGIT or a\n    //    \"-\" character, ignore the cookie-av.\n    const charCode = attributeValue.charCodeAt(0)\n\n    if ((charCode < 48 || charCode > 57) && attributeValue[0] !== '-') {\n      return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)\n    }\n\n    // 2. If the remainder of attribute-value contains a non-DIGIT\n    //    character, ignore the cookie-av.\n    if (!/^\\d+$/.test(attributeValue)) {\n      return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)\n    }\n\n    // 3. Let delta-seconds be the attribute-value converted to an integer.\n    const deltaSeconds = Number(attributeValue)\n\n    // 4. Let cookie-age-limit be the maximum age of the cookie (which\n    //    SHOULD be 400 days or less, see Section 4.1.2.2).\n\n    // 5. Set delta-seconds to the smaller of its present value and cookie-\n    //    age-limit.\n    // deltaSeconds = Math.min(deltaSeconds * 1000, maxExpiresMs)\n\n    // 6. If delta-seconds is less than or equal to zero (0), let expiry-\n    //    time be the earliest representable date and time.  Otherwise, let\n    //    the expiry-time be the current date and time plus delta-seconds\n    //    seconds.\n    // const expiryTime = deltaSeconds <= 0 ? Date.now() : Date.now() + deltaSeconds\n\n    // 7. Append an attribute to the cookie-attribute-list with an\n    //    attribute-name of Max-Age and an attribute-value of expiry-time.\n    cookieAttributeList.maxAge = deltaSeconds\n  } else if (attributeNameLowercase === 'domain') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.3\n    // If the attribute-name case-insensitively matches the string \"Domain\",\n    // the user agent MUST process the cookie-av as follows.\n\n    // 1. Let cookie-domain be the attribute-value.\n    let cookieDomain = attributeValue\n\n    // 2. If cookie-domain starts with %x2E (\".\"), let cookie-domain be\n    //    cookie-domain without its leading %x2E (\".\").\n    if (cookieDomain[0] === '.') {\n      cookieDomain = cookieDomain.slice(1)\n    }\n\n    // 3. Convert the cookie-domain to lower case.\n    cookieDomain = cookieDomain.toLowerCase()\n\n    // 4. Append an attribute to the cookie-attribute-list with an\n    //    attribute-name of Domain and an attribute-value of cookie-domain.\n    cookieAttributeList.domain = cookieDomain\n  } else if (attributeNameLowercase === 'path') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.4\n    // If the attribute-name case-insensitively matches the string \"Path\",\n    // the user agent MUST process the cookie-av as follows.\n\n    // 1. If the attribute-value is empty or if the first character of the\n    //    attribute-value is not %x2F (\"/\"):\n    let cookiePath = ''\n    if (attributeValue.length === 0 || attributeValue[0] !== '/') {\n      // 1. Let cookie-path be the default-path.\n      cookiePath = '/'\n    } else {\n      // Otherwise:\n\n      // 1. Let cookie-path be the attribute-value.\n      cookiePath = attributeValue\n    }\n\n    // 2. Append an attribute to the cookie-attribute-list with an\n    //    attribute-name of Path and an attribute-value of cookie-path.\n    cookieAttributeList.path = cookiePath\n  } else if (attributeNameLowercase === 'secure') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.5\n    // If the attribute-name case-insensitively matches the string \"Secure\",\n    // the user agent MUST append an attribute to the cookie-attribute-list\n    // with an attribute-name of Secure and an empty attribute-value.\n\n    cookieAttributeList.secure = true\n  } else if (attributeNameLowercase === 'httponly') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.6\n    // If the attribute-name case-insensitively matches the string\n    // \"HttpOnly\", the user agent MUST append an attribute to the cookie-\n    // attribute-list with an attribute-name of HttpOnly and an empty\n    // attribute-value.\n\n    cookieAttributeList.httpOnly = true\n  } else if (attributeNameLowercase === 'samesite') {\n    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4.7\n    // If the attribute-name case-insensitively matches the string\n    // \"SameSite\", the user agent MUST process the cookie-av as follows:\n\n    // 1. Let enforcement be \"Default\".\n    let enforcement = 'Default'\n\n    const attributeValueLowercase = attributeValue.toLowerCase()\n    // 2. If cookie-av's attribute-value is a case-insensitive match for\n    //    \"None\", set enforcement to \"None\".\n    if (attributeValueLowercase.includes('none')) {\n      enforcement = 'None'\n    }\n\n    // 3. If cookie-av's attribute-value is a case-insensitive match for\n    //    \"Strict\", set enforcement to \"Strict\".\n    if (attributeValueLowercase.includes('strict')) {\n      enforcement = 'Strict'\n    }\n\n    // 4. If cookie-av's attribute-value is a case-insensitive match for\n    //    \"Lax\", set enforcement to \"Lax\".\n    if (attributeValueLowercase.includes('lax')) {\n      enforcement = 'Lax'\n    }\n\n    // 5. Append an attribute to the cookie-attribute-list with an\n    //    attribute-name of \"SameSite\" and an attribute-value of\n    //    enforcement.\n    cookieAttributeList.sameSite = enforcement\n  } else {\n    cookieAttributeList.unparsed ??= []\n\n    cookieAttributeList.unparsed.push(`${attributeName}=${attributeValue}`)\n  }\n\n  // 8. Return to Step 1 of this algorithm.\n  return parseUnparsedAttributes(unparsedAttributes, cookieAttributeList)\n}\n\nmodule.exports = {\n  parseSetCookie,\n  parseUnparsedAttributes\n}\n","'use strict'\n\n/**\n * @param {string} value\n * @returns {boolean}\n */\nfunction isCTLExcludingHtab (value) {\n  if (value.length === 0) {\n    return false\n  }\n\n  for (const char of value) {\n    const code = char.charCodeAt(0)\n\n    if (\n      (code >= 0x00 || code <= 0x08) ||\n      (code >= 0x0A || code <= 0x1F) ||\n      code === 0x7F\n    ) {\n      return false\n    }\n  }\n}\n\n/**\n CHAR           = <any US-ASCII character (octets 0 - 127)>\n token          = 1*<any CHAR except CTLs or separators>\n separators     = \"(\" | \")\" | \"<\" | \">\" | \"@\"\n                | \",\" | \";\" | \":\" | \"\\\" | <\">\n                | \"/\" | \"[\" | \"]\" | \"?\" | \"=\"\n                | \"{\" | \"}\" | SP | HT\n * @param {string} name\n */\nfunction validateCookieName (name) {\n  for (const char of name) {\n    const code = char.charCodeAt(0)\n\n    if (\n      (code <= 0x20 || code > 0x7F) ||\n      char === '(' ||\n      char === ')' ||\n      char === '>' ||\n      char === '<' ||\n      char === '@' ||\n      char === ',' ||\n      char === ';' ||\n      char === ':' ||\n      char === '\\\\' ||\n      char === '\"' ||\n      char === '/' ||\n      char === '[' ||\n      char === ']' ||\n      char === '?' ||\n      char === '=' ||\n      char === '{' ||\n      char === '}'\n    ) {\n      throw new Error('Invalid cookie name')\n    }\n  }\n}\n\n/**\n cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )\n cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E\n                       ; US-ASCII characters excluding CTLs,\n                       ; whitespace DQUOTE, comma, semicolon,\n                       ; and backslash\n * @param {string} value\n */\nfunction validateCookieValue (value) {\n  for (const char of value) {\n    const code = char.charCodeAt(0)\n\n    if (\n      code < 0x21 || // exclude CTLs (0-31)\n      code === 0x22 ||\n      code === 0x2C ||\n      code === 0x3B ||\n      code === 0x5C ||\n      code > 0x7E // non-ascii\n    ) {\n      throw new Error('Invalid header value')\n    }\n  }\n}\n\n/**\n * path-value        = <any CHAR except CTLs or \";\">\n * @param {string} path\n */\nfunction validateCookiePath (path) {\n  for (const char of path) {\n    const code = char.charCodeAt(0)\n\n    if (code < 0x21 || char === ';') {\n      throw new Error('Invalid cookie path')\n    }\n  }\n}\n\n/**\n * I have no idea why these values aren't allowed to be honest,\n * but Deno tests these. - Khafra\n * @param {string} domain\n */\nfunction validateCookieDomain (domain) {\n  if (\n    domain.startsWith('-') ||\n    domain.endsWith('.') ||\n    domain.endsWith('-')\n  ) {\n    throw new Error('Invalid cookie domain')\n  }\n}\n\n/**\n * @see https://www.rfc-editor.org/rfc/rfc7231#section-7.1.1.1\n * @param {number|Date} date\n  IMF-fixdate  = day-name \",\" SP date1 SP time-of-day SP GMT\n  ; fixed length/zone/capitalization subset of the format\n  ; see Section 3.3 of [RFC5322]\n\n  day-name     = %x4D.6F.6E ; \"Mon\", case-sensitive\n              / %x54.75.65 ; \"Tue\", case-sensitive\n              / %x57.65.64 ; \"Wed\", case-sensitive\n              / %x54.68.75 ; \"Thu\", case-sensitive\n              / %x46.72.69 ; \"Fri\", case-sensitive\n              / %x53.61.74 ; \"Sat\", case-sensitive\n              / %x53.75.6E ; \"Sun\", case-sensitive\n  date1        = day SP month SP year\n                  ; e.g., 02 Jun 1982\n\n  day          = 2DIGIT\n  month        = %x4A.61.6E ; \"Jan\", case-sensitive\n              / %x46.65.62 ; \"Feb\", case-sensitive\n              / %x4D.61.72 ; \"Mar\", case-sensitive\n              / %x41.70.72 ; \"Apr\", case-sensitive\n              / %x4D.61.79 ; \"May\", case-sensitive\n              / %x4A.75.6E ; \"Jun\", case-sensitive\n              / %x4A.75.6C ; \"Jul\", case-sensitive\n              / %x41.75.67 ; \"Aug\", case-sensitive\n              / %x53.65.70 ; \"Sep\", case-sensitive\n              / %x4F.63.74 ; \"Oct\", case-sensitive\n              / %x4E.6F.76 ; \"Nov\", case-sensitive\n              / %x44.65.63 ; \"Dec\", case-sensitive\n  year         = 4DIGIT\n\n  GMT          = %x47.4D.54 ; \"GMT\", case-sensitive\n\n  time-of-day  = hour \":\" minute \":\" second\n              ; 00:00:00 - 23:59:60 (leap second)\n\n  hour         = 2DIGIT\n  minute       = 2DIGIT\n  second       = 2DIGIT\n */\nfunction toIMFDate (date) {\n  if (typeof date === 'number') {\n    date = new Date(date)\n  }\n\n  const days = [\n    'Sun', 'Mon', 'Tue', 'Wed',\n    'Thu', 'Fri', 'Sat'\n  ]\n\n  const months = [\n    'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',\n    'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'\n  ]\n\n  const dayName = days[date.getUTCDay()]\n  const day = date.getUTCDate().toString().padStart(2, '0')\n  const month = months[date.getUTCMonth()]\n  const year = date.getUTCFullYear()\n  const hour = date.getUTCHours().toString().padStart(2, '0')\n  const minute = date.getUTCMinutes().toString().padStart(2, '0')\n  const second = date.getUTCSeconds().toString().padStart(2, '0')\n\n  return `${dayName}, ${day} ${month} ${year} ${hour}:${minute}:${second} GMT`\n}\n\n/**\n max-age-av        = \"Max-Age=\" non-zero-digit *DIGIT\n                       ; In practice, both expires-av and max-age-av\n                       ; are limited to dates representable by the\n                       ; user agent.\n * @param {number} maxAge\n */\nfunction validateCookieMaxAge (maxAge) {\n  if (maxAge < 0) {\n    throw new Error('Invalid cookie max-age')\n  }\n}\n\n/**\n * @see https://www.rfc-editor.org/rfc/rfc6265#section-4.1.1\n * @param {import('./index').Cookie} cookie\n */\nfunction stringify (cookie) {\n  if (cookie.name.length === 0) {\n    return null\n  }\n\n  validateCookieName(cookie.name)\n  validateCookieValue(cookie.value)\n\n  const out = [`${cookie.name}=${cookie.value}`]\n\n  // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.1\n  // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.2\n  if (cookie.name.startsWith('__Secure-')) {\n    cookie.secure = true\n  }\n\n  if (cookie.name.startsWith('__Host-')) {\n    cookie.secure = true\n    cookie.domain = null\n    cookie.path = '/'\n  }\n\n  if (cookie.secure) {\n    out.push('Secure')\n  }\n\n  if (cookie.httpOnly) {\n    out.push('HttpOnly')\n  }\n\n  if (typeof cookie.maxAge === 'number') {\n    validateCookieMaxAge(cookie.maxAge)\n    out.push(`Max-Age=${cookie.maxAge}`)\n  }\n\n  if (cookie.domain) {\n    validateCookieDomain(cookie.domain)\n    out.push(`Domain=${cookie.domain}`)\n  }\n\n  if (cookie.path) {\n    validateCookiePath(cookie.path)\n    out.push(`Path=${cookie.path}`)\n  }\n\n  if (cookie.expires && cookie.expires.toString() !== 'Invalid Date') {\n    out.push(`Expires=${toIMFDate(cookie.expires)}`)\n  }\n\n  if (cookie.sameSite) {\n    out.push(`SameSite=${cookie.sameSite}`)\n  }\n\n  for (const part of cookie.unparsed) {\n    if (!part.includes('=')) {\n      throw new Error('Invalid unparsed')\n    }\n\n    const [key, ...value] = part.split('=')\n\n    out.push(`${key.trim()}=${value.join('=')}`)\n  }\n\n  return out.join('; ')\n}\n\nmodule.exports = {\n  isCTLExcludingHtab,\n  validateCookieName,\n  validateCookiePath,\n  validateCookieValue,\n  toIMFDate,\n  stringify\n}\n","'use strict'\n\nconst net = require('net')\nconst assert = require('assert')\nconst util = require('./util')\nconst { InvalidArgumentError, ConnectTimeoutError } = require('./errors')\n\nlet tls // include tls conditionally since it is not always available\n\n// TODO: session re-use does not wait for the first\n// connection to resolve the session and might therefore\n// resolve the same servername multiple times even when\n// re-use is enabled.\n\nlet SessionCache\n// FIXME: remove workaround when the Node bug is fixed\n// https://github.com/nodejs/node/issues/49344#issuecomment-1741776308\nif (global.FinalizationRegistry && !process.env.NODE_V8_COVERAGE) {\n  SessionCache = class WeakSessionCache {\n    constructor (maxCachedSessions) {\n      this._maxCachedSessions = maxCachedSessions\n      this._sessionCache = new Map()\n      this._sessionRegistry = new global.FinalizationRegistry((key) => {\n        if (this._sessionCache.size < this._maxCachedSessions) {\n          return\n        }\n\n        const ref = this._sessionCache.get(key)\n        if (ref !== undefined && ref.deref() === undefined) {\n          this._sessionCache.delete(key)\n        }\n      })\n    }\n\n    get (sessionKey) {\n      const ref = this._sessionCache.get(sessionKey)\n      return ref ? ref.deref() : null\n    }\n\n    set (sessionKey, session) {\n      if (this._maxCachedSessions === 0) {\n        return\n      }\n\n      this._sessionCache.set(sessionKey, new WeakRef(session))\n      this._sessionRegistry.register(session, sessionKey)\n    }\n  }\n} else {\n  SessionCache = class SimpleSessionCache {\n    constructor (maxCachedSessions) {\n      this._maxCachedSessions = maxCachedSessions\n      this._sessionCache = new Map()\n    }\n\n    get (sessionKey) {\n      return this._sessionCache.get(sessionKey)\n    }\n\n    set (sessionKey, session) {\n      if (this._maxCachedSessions === 0) {\n        return\n      }\n\n      if (this._sessionCache.size >= this._maxCachedSessions) {\n        // remove the oldest session\n        const { value: oldestKey } = this._sessionCache.keys().next()\n        this._sessionCache.delete(oldestKey)\n      }\n\n      this._sessionCache.set(sessionKey, session)\n    }\n  }\n}\n\nfunction buildConnector ({ allowH2, maxCachedSessions, socketPath, timeout, ...opts }) {\n  if (maxCachedSessions != null && (!Number.isInteger(maxCachedSessions) || maxCachedSessions < 0)) {\n    throw new InvalidArgumentError('maxCachedSessions must be a positive integer or zero')\n  }\n\n  const options = { path: socketPath, ...opts }\n  const sessionCache = new SessionCache(maxCachedSessions == null ? 100 : maxCachedSessions)\n  timeout = timeout == null ? 10e3 : timeout\n  allowH2 = allowH2 != null ? allowH2 : false\n  return function connect ({ hostname, host, protocol, port, servername, localAddress, httpSocket }, callback) {\n    let socket\n    if (protocol === 'https:') {\n      if (!tls) {\n        tls = require('tls')\n      }\n      servername = servername || options.servername || util.getServerName(host) || null\n\n      const sessionKey = servername || hostname\n      const session = sessionCache.get(sessionKey) || null\n\n      assert(sessionKey)\n\n      socket = tls.connect({\n        highWaterMark: 16384, // TLS in node can't have bigger HWM anyway...\n        ...options,\n        servername,\n        session,\n        localAddress,\n        // TODO(HTTP/2): Add support for h2c\n        ALPNProtocols: allowH2 ? ['http/1.1', 'h2'] : ['http/1.1'],\n        socket: httpSocket, // upgrade socket connection\n        port: port || 443,\n        host: hostname\n      })\n\n      socket\n        .on('session', function (session) {\n          // TODO (fix): Can a session become invalid once established? Don't think so?\n          sessionCache.set(sessionKey, session)\n        })\n    } else {\n      assert(!httpSocket, 'httpSocket can only be sent on TLS update')\n      socket = net.connect({\n        highWaterMark: 64 * 1024, // Same as nodejs fs streams.\n        ...options,\n        localAddress,\n        port: port || 80,\n        host: hostname\n      })\n    }\n\n    // Set TCP keep alive options on the socket here instead of in connect() for the case of assigning the socket\n    if (options.keepAlive == null || options.keepAlive) {\n      const keepAliveInitialDelay = options.keepAliveInitialDelay === undefined ? 60e3 : options.keepAliveInitialDelay\n      socket.setKeepAlive(true, keepAliveInitialDelay)\n    }\n\n    const cancelTimeout = setupTimeout(() => onConnectTimeout(socket), timeout)\n\n    socket\n      .setNoDelay(true)\n      .once(protocol === 'https:' ? 'secureConnect' : 'connect', function () {\n        cancelTimeout()\n\n        if (callback) {\n          const cb = callback\n          callback = null\n          cb(null, this)\n        }\n      })\n      .on('error', function (err) {\n        cancelTimeout()\n\n        if (callback) {\n          const cb = callback\n          callback = null\n          cb(err)\n        }\n      })\n\n    return socket\n  }\n}\n\nfunction setupTimeout (onConnectTimeout, timeout) {\n  if (!timeout) {\n    return () => {}\n  }\n\n  let s1 = null\n  let s2 = null\n  const timeoutId = setTimeout(() => {\n    // setImmediate is added to make sure that we priotorise socket error events over timeouts\n    s1 = setImmediate(() => {\n      if (process.platform === 'win32') {\n        // Windows needs an extra setImmediate probably due to implementation differences in the socket logic\n        s2 = setImmediate(() => onConnectTimeout())\n      } else {\n        onConnectTimeout()\n      }\n    })\n  }, timeout)\n  return () => {\n    clearTimeout(timeoutId)\n    clearImmediate(s1)\n    clearImmediate(s2)\n  }\n}\n\nfunction onConnectTimeout (socket) {\n  util.destroy(socket, new ConnectTimeoutError())\n}\n\nmodule.exports = buildConnector\n","'use strict'\n\n/** @type {Record<string, string | undefined>} */\nconst headerNameLowerCasedRecord = {}\n\n// https://developer.mozilla.org/docs/Web/HTTP/Headers\nconst wellknownHeaderNames = [\n  'Accept',\n  'Accept-Encoding',\n  'Accept-Language',\n  'Accept-Ranges',\n  'Access-Control-Allow-Credentials',\n  'Access-Control-Allow-Headers',\n  'Access-Control-Allow-Methods',\n  'Access-Control-Allow-Origin',\n  'Access-Control-Expose-Headers',\n  'Access-Control-Max-Age',\n  'Access-Control-Request-Headers',\n  'Access-Control-Request-Method',\n  'Age',\n  'Allow',\n  'Alt-Svc',\n  'Alt-Used',\n  'Authorization',\n  'Cache-Control',\n  'Clear-Site-Data',\n  'Connection',\n  'Content-Disposition',\n  'Content-Encoding',\n  'Content-Language',\n  'Content-Length',\n  'Content-Location',\n  'Content-Range',\n  'Content-Security-Policy',\n  'Content-Security-Policy-Report-Only',\n  'Content-Type',\n  'Cookie',\n  'Cross-Origin-Embedder-Policy',\n  'Cross-Origin-Opener-Policy',\n  'Cross-Origin-Resource-Policy',\n  'Date',\n  'Device-Memory',\n  'Downlink',\n  'ECT',\n  'ETag',\n  'Expect',\n  'Expect-CT',\n  'Expires',\n  'Forwarded',\n  'From',\n  'Host',\n  'If-Match',\n  'If-Modified-Since',\n  'If-None-Match',\n  'If-Range',\n  'If-Unmodified-Since',\n  'Keep-Alive',\n  'Last-Modified',\n  'Link',\n  'Location',\n  'Max-Forwards',\n  'Origin',\n  'Permissions-Policy',\n  'Pragma',\n  'Proxy-Authenticate',\n  'Proxy-Authorization',\n  'RTT',\n  'Range',\n  'Referer',\n  'Referrer-Policy',\n  'Refresh',\n  'Retry-After',\n  'Sec-WebSocket-Accept',\n  'Sec-WebSocket-Extensions',\n  'Sec-WebSocket-Key',\n  'Sec-WebSocket-Protocol',\n  'Sec-WebSocket-Version',\n  'Server',\n  'Server-Timing',\n  'Service-Worker-Allowed',\n  'Service-Worker-Navigation-Preload',\n  'Set-Cookie',\n  'SourceMap',\n  'Strict-Transport-Security',\n  'Supports-Loading-Mode',\n  'TE',\n  'Timing-Allow-Origin',\n  'Trailer',\n  'Transfer-Encoding',\n  'Upgrade',\n  'Upgrade-Insecure-Requests',\n  'User-Agent',\n  'Vary',\n  'Via',\n  'WWW-Authenticate',\n  'X-Content-Type-Options',\n  'X-DNS-Prefetch-Control',\n  'X-Frame-Options',\n  'X-Permitted-Cross-Domain-Policies',\n  'X-Powered-By',\n  'X-Requested-With',\n  'X-XSS-Protection'\n]\n\nfor (let i = 0; i < wellknownHeaderNames.length; ++i) {\n  const key = wellknownHeaderNames[i]\n  const lowerCasedKey = key.toLowerCase()\n  headerNameLowerCasedRecord[key] = headerNameLowerCasedRecord[lowerCasedKey] =\n    lowerCasedKey\n}\n\n// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.\nObject.setPrototypeOf(headerNameLowerCasedRecord, null)\n\nmodule.exports = {\n  wellknownHeaderNames,\n  headerNameLowerCasedRecord\n}\n","'use strict'\n\nclass UndiciError extends Error {\n  constructor (message) {\n    super(message)\n    this.name = 'UndiciError'\n    this.code = 'UND_ERR'\n  }\n}\n\nclass ConnectTimeoutError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, ConnectTimeoutError)\n    this.name = 'ConnectTimeoutError'\n    this.message = message || 'Connect Timeout Error'\n    this.code = 'UND_ERR_CONNECT_TIMEOUT'\n  }\n}\n\nclass HeadersTimeoutError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, HeadersTimeoutError)\n    this.name = 'HeadersTimeoutError'\n    this.message = message || 'Headers Timeout Error'\n    this.code = 'UND_ERR_HEADERS_TIMEOUT'\n  }\n}\n\nclass HeadersOverflowError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, HeadersOverflowError)\n    this.name = 'HeadersOverflowError'\n    this.message = message || 'Headers Overflow Error'\n    this.code = 'UND_ERR_HEADERS_OVERFLOW'\n  }\n}\n\nclass BodyTimeoutError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, BodyTimeoutError)\n    this.name = 'BodyTimeoutError'\n    this.message = message || 'Body Timeout Error'\n    this.code = 'UND_ERR_BODY_TIMEOUT'\n  }\n}\n\nclass ResponseStatusCodeError extends UndiciError {\n  constructor (message, statusCode, headers, body) {\n    super(message)\n    Error.captureStackTrace(this, ResponseStatusCodeError)\n    this.name = 'ResponseStatusCodeError'\n    this.message = message || 'Response Status Code Error'\n    this.code = 'UND_ERR_RESPONSE_STATUS_CODE'\n    this.body = body\n    this.status = statusCode\n    this.statusCode = statusCode\n    this.headers = headers\n  }\n}\n\nclass InvalidArgumentError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, InvalidArgumentError)\n    this.name = 'InvalidArgumentError'\n    this.message = message || 'Invalid Argument Error'\n    this.code = 'UND_ERR_INVALID_ARG'\n  }\n}\n\nclass InvalidReturnValueError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, InvalidReturnValueError)\n    this.name = 'InvalidReturnValueError'\n    this.message = message || 'Invalid Return Value Error'\n    this.code = 'UND_ERR_INVALID_RETURN_VALUE'\n  }\n}\n\nclass RequestAbortedError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, RequestAbortedError)\n    this.name = 'AbortError'\n    this.message = message || 'Request aborted'\n    this.code = 'UND_ERR_ABORTED'\n  }\n}\n\nclass InformationalError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, InformationalError)\n    this.name = 'InformationalError'\n    this.message = message || 'Request information'\n    this.code = 'UND_ERR_INFO'\n  }\n}\n\nclass RequestContentLengthMismatchError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, RequestContentLengthMismatchError)\n    this.name = 'RequestContentLengthMismatchError'\n    this.message = message || 'Request body length does not match content-length header'\n    this.code = 'UND_ERR_REQ_CONTENT_LENGTH_MISMATCH'\n  }\n}\n\nclass ResponseContentLengthMismatchError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, ResponseContentLengthMismatchError)\n    this.name = 'ResponseContentLengthMismatchError'\n    this.message = message || 'Response body length does not match content-length header'\n    this.code = 'UND_ERR_RES_CONTENT_LENGTH_MISMATCH'\n  }\n}\n\nclass ClientDestroyedError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, ClientDestroyedError)\n    this.name = 'ClientDestroyedError'\n    this.message = message || 'The client is destroyed'\n    this.code = 'UND_ERR_DESTROYED'\n  }\n}\n\nclass ClientClosedError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, ClientClosedError)\n    this.name = 'ClientClosedError'\n    this.message = message || 'The client is closed'\n    this.code = 'UND_ERR_CLOSED'\n  }\n}\n\nclass SocketError extends UndiciError {\n  constructor (message, socket) {\n    super(message)\n    Error.captureStackTrace(this, SocketError)\n    this.name = 'SocketError'\n    this.message = message || 'Socket error'\n    this.code = 'UND_ERR_SOCKET'\n    this.socket = socket\n  }\n}\n\nclass NotSupportedError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, NotSupportedError)\n    this.name = 'NotSupportedError'\n    this.message = message || 'Not supported error'\n    this.code = 'UND_ERR_NOT_SUPPORTED'\n  }\n}\n\nclass BalancedPoolMissingUpstreamError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, NotSupportedError)\n    this.name = 'MissingUpstreamError'\n    this.message = message || 'No upstream has been added to the BalancedPool'\n    this.code = 'UND_ERR_BPL_MISSING_UPSTREAM'\n  }\n}\n\nclass HTTPParserError extends Error {\n  constructor (message, code, data) {\n    super(message)\n    Error.captureStackTrace(this, HTTPParserError)\n    this.name = 'HTTPParserError'\n    this.code = code ? `HPE_${code}` : undefined\n    this.data = data ? data.toString() : undefined\n  }\n}\n\nclass ResponseExceededMaxSizeError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, ResponseExceededMaxSizeError)\n    this.name = 'ResponseExceededMaxSizeError'\n    this.message = message || 'Response content exceeded max size'\n    this.code = 'UND_ERR_RES_EXCEEDED_MAX_SIZE'\n  }\n}\n\nclass RequestRetryError extends UndiciError {\n  constructor (message, code, { headers, data }) {\n    super(message)\n    Error.captureStackTrace(this, RequestRetryError)\n    this.name = 'RequestRetryError'\n    this.message = message || 'Request retry error'\n    this.code = 'UND_ERR_REQ_RETRY'\n    this.statusCode = code\n    this.data = data\n    this.headers = headers\n  }\n}\n\nmodule.exports = {\n  HTTPParserError,\n  UndiciError,\n  HeadersTimeoutError,\n  HeadersOverflowError,\n  BodyTimeoutError,\n  RequestContentLengthMismatchError,\n  ConnectTimeoutError,\n  ResponseStatusCodeError,\n  InvalidArgumentError,\n  InvalidReturnValueError,\n  RequestAbortedError,\n  ClientDestroyedError,\n  ClientClosedError,\n  InformationalError,\n  SocketError,\n  NotSupportedError,\n  ResponseContentLengthMismatchError,\n  BalancedPoolMissingUpstreamError,\n  ResponseExceededMaxSizeError,\n  RequestRetryError\n}\n","'use strict'\n\nconst {\n  InvalidArgumentError,\n  NotSupportedError\n} = require('./errors')\nconst assert = require('assert')\nconst { kHTTP2BuildRequest, kHTTP2CopyHeaders, kHTTP1BuildRequest } = require('./symbols')\nconst util = require('./util')\n\n// tokenRegExp and headerCharRegex have been lifted from\n// https://github.com/nodejs/node/blob/main/lib/_http_common.js\n\n/**\n * Verifies that the given val is a valid HTTP token\n * per the rules defined in RFC 7230\n * See https://tools.ietf.org/html/rfc7230#section-3.2.6\n */\nconst tokenRegExp = /^[\\^_`a-zA-Z\\-0-9!#$%&'*+.|~]+$/\n\n/**\n * Matches if val contains an invalid field-vchar\n *  field-value    = *( field-content / obs-fold )\n *  field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]\n *  field-vchar    = VCHAR / obs-text\n */\nconst headerCharRegex = /[^\\t\\x20-\\x7e\\x80-\\xff]/\n\n// Verifies that a given path is valid does not contain control chars \\x00 to \\x20\nconst invalidPathRegex = /[^\\u0021-\\u00ff]/\n\nconst kHandler = Symbol('handler')\n\nconst channels = {}\n\nlet extractBody\n\ntry {\n  const diagnosticsChannel = require('diagnostics_channel')\n  channels.create = diagnosticsChannel.channel('undici:request:create')\n  channels.bodySent = diagnosticsChannel.channel('undici:request:bodySent')\n  channels.headers = diagnosticsChannel.channel('undici:request:headers')\n  channels.trailers = diagnosticsChannel.channel('undici:request:trailers')\n  channels.error = diagnosticsChannel.channel('undici:request:error')\n} catch {\n  channels.create = { hasSubscribers: false }\n  channels.bodySent = { hasSubscribers: false }\n  channels.headers = { hasSubscribers: false }\n  channels.trailers = { hasSubscribers: false }\n  channels.error = { hasSubscribers: false }\n}\n\nclass Request {\n  constructor (origin, {\n    path,\n    method,\n    body,\n    headers,\n    query,\n    idempotent,\n    blocking,\n    upgrade,\n    headersTimeout,\n    bodyTimeout,\n    reset,\n    throwOnError,\n    expectContinue\n  }, handler) {\n    if (typeof path !== 'string') {\n      throw new InvalidArgumentError('path must be a string')\n    } else if (\n      path[0] !== '/' &&\n      !(path.startsWith('http://') || path.startsWith('https://')) &&\n      method !== 'CONNECT'\n    ) {\n      throw new InvalidArgumentError('path must be an absolute URL or start with a slash')\n    } else if (invalidPathRegex.exec(path) !== null) {\n      throw new InvalidArgumentError('invalid request path')\n    }\n\n    if (typeof method !== 'string') {\n      throw new InvalidArgumentError('method must be a string')\n    } else if (tokenRegExp.exec(method) === null) {\n      throw new InvalidArgumentError('invalid request method')\n    }\n\n    if (upgrade && typeof upgrade !== 'string') {\n      throw new InvalidArgumentError('upgrade must be a string')\n    }\n\n    if (headersTimeout != null && (!Number.isFinite(headersTimeout) || headersTimeout < 0)) {\n      throw new InvalidArgumentError('invalid headersTimeout')\n    }\n\n    if (bodyTimeout != null && (!Number.isFinite(bodyTimeout) || bodyTimeout < 0)) {\n      throw new InvalidArgumentError('invalid bodyTimeout')\n    }\n\n    if (reset != null && typeof reset !== 'boolean') {\n      throw new InvalidArgumentError('invalid reset')\n    }\n\n    if (expectContinue != null && typeof expectContinue !== 'boolean') {\n      throw new InvalidArgumentError('invalid expectContinue')\n    }\n\n    this.headersTimeout = headersTimeout\n\n    this.bodyTimeout = bodyTimeout\n\n    this.throwOnError = throwOnError === true\n\n    this.method = method\n\n    this.abort = null\n\n    if (body == null) {\n      this.body = null\n    } else if (util.isStream(body)) {\n      this.body = body\n\n      const rState = this.body._readableState\n      if (!rState || !rState.autoDestroy) {\n        this.endHandler = function autoDestroy () {\n          util.destroy(this)\n        }\n        this.body.on('end', this.endHandler)\n      }\n\n      this.errorHandler = err => {\n        if (this.abort) {\n          this.abort(err)\n        } else {\n          this.error = err\n        }\n      }\n      this.body.on('error', this.errorHandler)\n    } else if (util.isBuffer(body)) {\n      this.body = body.byteLength ? body : null\n    } else if (ArrayBuffer.isView(body)) {\n      this.body = body.buffer.byteLength ? Buffer.from(body.buffer, body.byteOffset, body.byteLength) : null\n    } else if (body instanceof ArrayBuffer) {\n      this.body = body.byteLength ? Buffer.from(body) : null\n    } else if (typeof body === 'string') {\n      this.body = body.length ? Buffer.from(body) : null\n    } else if (util.isFormDataLike(body) || util.isIterable(body) || util.isBlobLike(body)) {\n      this.body = body\n    } else {\n      throw new InvalidArgumentError('body must be a string, a Buffer, a Readable stream, an iterable, or an async iterable')\n    }\n\n    this.completed = false\n\n    this.aborted = false\n\n    this.upgrade = upgrade || null\n\n    this.path = query ? util.buildURL(path, query) : path\n\n    this.origin = origin\n\n    this.idempotent = idempotent == null\n      ? method === 'HEAD' || method === 'GET'\n      : idempotent\n\n    this.blocking = blocking == null ? false : blocking\n\n    this.reset = reset == null ? null : reset\n\n    this.host = null\n\n    this.contentLength = null\n\n    this.contentType = null\n\n    this.headers = ''\n\n    // Only for H2\n    this.expectContinue = expectContinue != null ? expectContinue : false\n\n    if (Array.isArray(headers)) {\n      if (headers.length % 2 !== 0) {\n        throw new InvalidArgumentError('headers array must be even')\n      }\n      for (let i = 0; i < headers.length; i += 2) {\n        processHeader(this, headers[i], headers[i + 1])\n      }\n    } else if (headers && typeof headers === 'object') {\n      const keys = Object.keys(headers)\n      for (let i = 0; i < keys.length; i++) {\n        const key = keys[i]\n        processHeader(this, key, headers[key])\n      }\n    } else if (headers != null) {\n      throw new InvalidArgumentError('headers must be an object or an array')\n    }\n\n    if (util.isFormDataLike(this.body)) {\n      if (util.nodeMajor < 16 || (util.nodeMajor === 16 && util.nodeMinor < 8)) {\n        throw new InvalidArgumentError('Form-Data bodies are only supported in node v16.8 and newer.')\n      }\n\n      if (!extractBody) {\n        extractBody = require('../fetch/body.js').extractBody\n      }\n\n      const [bodyStream, contentType] = extractBody(body)\n      if (this.contentType == null) {\n        this.contentType = contentType\n        this.headers += `content-type: ${contentType}\\r\\n`\n      }\n      this.body = bodyStream.stream\n      this.contentLength = bodyStream.length\n    } else if (util.isBlobLike(body) && this.contentType == null && body.type) {\n      this.contentType = body.type\n      this.headers += `content-type: ${body.type}\\r\\n`\n    }\n\n    util.validateHandler(handler, method, upgrade)\n\n    this.servername = util.getServerName(this.host)\n\n    this[kHandler] = handler\n\n    if (channels.create.hasSubscribers) {\n      channels.create.publish({ request: this })\n    }\n  }\n\n  onBodySent (chunk) {\n    if (this[kHandler].onBodySent) {\n      try {\n        return this[kHandler].onBodySent(chunk)\n      } catch (err) {\n        this.abort(err)\n      }\n    }\n  }\n\n  onRequestSent () {\n    if (channels.bodySent.hasSubscribers) {\n      channels.bodySent.publish({ request: this })\n    }\n\n    if (this[kHandler].onRequestSent) {\n      try {\n        return this[kHandler].onRequestSent()\n      } catch (err) {\n        this.abort(err)\n      }\n    }\n  }\n\n  onConnect (abort) {\n    assert(!this.aborted)\n    assert(!this.completed)\n\n    if (this.error) {\n      abort(this.error)\n    } else {\n      this.abort = abort\n      return this[kHandler].onConnect(abort)\n    }\n  }\n\n  onHeaders (statusCode, headers, resume, statusText) {\n    assert(!this.aborted)\n    assert(!this.completed)\n\n    if (channels.headers.hasSubscribers) {\n      channels.headers.publish({ request: this, response: { statusCode, headers, statusText } })\n    }\n\n    try {\n      return this[kHandler].onHeaders(statusCode, headers, resume, statusText)\n    } catch (err) {\n      this.abort(err)\n    }\n  }\n\n  onData (chunk) {\n    assert(!this.aborted)\n    assert(!this.completed)\n\n    try {\n      return this[kHandler].onData(chunk)\n    } catch (err) {\n      this.abort(err)\n      return false\n    }\n  }\n\n  onUpgrade (statusCode, headers, socket) {\n    assert(!this.aborted)\n    assert(!this.completed)\n\n    return this[kHandler].onUpgrade(statusCode, headers, socket)\n  }\n\n  onComplete (trailers) {\n    this.onFinally()\n\n    assert(!this.aborted)\n\n    this.completed = true\n    if (channels.trailers.hasSubscribers) {\n      channels.trailers.publish({ request: this, trailers })\n    }\n\n    try {\n      return this[kHandler].onComplete(trailers)\n    } catch (err) {\n      // TODO (fix): This might be a bad idea?\n      this.onError(err)\n    }\n  }\n\n  onError (error) {\n    this.onFinally()\n\n    if (channels.error.hasSubscribers) {\n      channels.error.publish({ request: this, error })\n    }\n\n    if (this.aborted) {\n      return\n    }\n    this.aborted = true\n\n    return this[kHandler].onError(error)\n  }\n\n  onFinally () {\n    if (this.errorHandler) {\n      this.body.off('error', this.errorHandler)\n      this.errorHandler = null\n    }\n\n    if (this.endHandler) {\n      this.body.off('end', this.endHandler)\n      this.endHandler = null\n    }\n  }\n\n  // TODO: adjust to support H2\n  addHeader (key, value) {\n    processHeader(this, key, value)\n    return this\n  }\n\n  static [kHTTP1BuildRequest] (origin, opts, handler) {\n    // TODO: Migrate header parsing here, to make Requests\n    // HTTP agnostic\n    return new Request(origin, opts, handler)\n  }\n\n  static [kHTTP2BuildRequest] (origin, opts, handler) {\n    const headers = opts.headers\n    opts = { ...opts, headers: null }\n\n    const request = new Request(origin, opts, handler)\n\n    request.headers = {}\n\n    if (Array.isArray(headers)) {\n      if (headers.length % 2 !== 0) {\n        throw new InvalidArgumentError('headers array must be even')\n      }\n      for (let i = 0; i < headers.length; i += 2) {\n        processHeader(request, headers[i], headers[i + 1], true)\n      }\n    } else if (headers && typeof headers === 'object') {\n      const keys = Object.keys(headers)\n      for (let i = 0; i < keys.length; i++) {\n        const key = keys[i]\n        processHeader(request, key, headers[key], true)\n      }\n    } else if (headers != null) {\n      throw new InvalidArgumentError('headers must be an object or an array')\n    }\n\n    return request\n  }\n\n  static [kHTTP2CopyHeaders] (raw) {\n    const rawHeaders = raw.split('\\r\\n')\n    const headers = {}\n\n    for (const header of rawHeaders) {\n      const [key, value] = header.split(': ')\n\n      if (value == null || value.length === 0) continue\n\n      if (headers[key]) headers[key] += `,${value}`\n      else headers[key] = value\n    }\n\n    return headers\n  }\n}\n\nfunction processHeaderValue (key, val, skipAppend) {\n  if (val && typeof val === 'object') {\n    throw new InvalidArgumentError(`invalid ${key} header`)\n  }\n\n  val = val != null ? `${val}` : ''\n\n  if (headerCharRegex.exec(val) !== null) {\n    throw new InvalidArgumentError(`invalid ${key} header`)\n  }\n\n  return skipAppend ? val : `${key}: ${val}\\r\\n`\n}\n\nfunction processHeader (request, key, val, skipAppend = false) {\n  if (val && (typeof val === 'object' && !Array.isArray(val))) {\n    throw new InvalidArgumentError(`invalid ${key} header`)\n  } else if (val === undefined) {\n    return\n  }\n\n  if (\n    request.host === null &&\n    key.length === 4 &&\n    key.toLowerCase() === 'host'\n  ) {\n    if (headerCharRegex.exec(val) !== null) {\n      throw new InvalidArgumentError(`invalid ${key} header`)\n    }\n    // Consumed by Client\n    request.host = val\n  } else if (\n    request.contentLength === null &&\n    key.length === 14 &&\n    key.toLowerCase() === 'content-length'\n  ) {\n    request.contentLength = parseInt(val, 10)\n    if (!Number.isFinite(request.contentLength)) {\n      throw new InvalidArgumentError('invalid content-length header')\n    }\n  } else if (\n    request.contentType === null &&\n    key.length === 12 &&\n    key.toLowerCase() === 'content-type'\n  ) {\n    request.contentType = val\n    if (skipAppend) request.headers[key] = processHeaderValue(key, val, skipAppend)\n    else request.headers += processHeaderValue(key, val)\n  } else if (\n    key.length === 17 &&\n    key.toLowerCase() === 'transfer-encoding'\n  ) {\n    throw new InvalidArgumentError('invalid transfer-encoding header')\n  } else if (\n    key.length === 10 &&\n    key.toLowerCase() === 'connection'\n  ) {\n    const value = typeof val === 'string' ? val.toLowerCase() : null\n    if (value !== 'close' && value !== 'keep-alive') {\n      throw new InvalidArgumentError('invalid connection header')\n    } else if (value === 'close') {\n      request.reset = true\n    }\n  } else if (\n    key.length === 10 &&\n    key.toLowerCase() === 'keep-alive'\n  ) {\n    throw new InvalidArgumentError('invalid keep-alive header')\n  } else if (\n    key.length === 7 &&\n    key.toLowerCase() === 'upgrade'\n  ) {\n    throw new InvalidArgumentError('invalid upgrade header')\n  } else if (\n    key.length === 6 &&\n    key.toLowerCase() === 'expect'\n  ) {\n    throw new NotSupportedError('expect header not supported')\n  } else if (tokenRegExp.exec(key) === null) {\n    throw new InvalidArgumentError('invalid header key')\n  } else {\n    if (Array.isArray(val)) {\n      for (let i = 0; i < val.length; i++) {\n        if (skipAppend) {\n          if (request.headers[key]) request.headers[key] += `,${processHeaderValue(key, val[i], skipAppend)}`\n          else request.headers[key] = processHeaderValue(key, val[i], skipAppend)\n        } else {\n          request.headers += processHeaderValue(key, val[i])\n        }\n      }\n    } else {\n      if (skipAppend) request.headers[key] = processHeaderValue(key, val, skipAppend)\n      else request.headers += processHeaderValue(key, val)\n    }\n  }\n}\n\nmodule.exports = Request\n","module.exports = {\n  kClose: Symbol('close'),\n  kDestroy: Symbol('destroy'),\n  kDispatch: Symbol('dispatch'),\n  kUrl: Symbol('url'),\n  kWriting: Symbol('writing'),\n  kResuming: Symbol('resuming'),\n  kQueue: Symbol('queue'),\n  kConnect: Symbol('connect'),\n  kConnecting: Symbol('connecting'),\n  kHeadersList: Symbol('headers list'),\n  kKeepAliveDefaultTimeout: Symbol('default keep alive timeout'),\n  kKeepAliveMaxTimeout: Symbol('max keep alive timeout'),\n  kKeepAliveTimeoutThreshold: Symbol('keep alive timeout threshold'),\n  kKeepAliveTimeoutValue: Symbol('keep alive timeout'),\n  kKeepAlive: Symbol('keep alive'),\n  kHeadersTimeout: Symbol('headers timeout'),\n  kBodyTimeout: Symbol('body timeout'),\n  kServerName: Symbol('server name'),\n  kLocalAddress: Symbol('local address'),\n  kHost: Symbol('host'),\n  kNoRef: Symbol('no ref'),\n  kBodyUsed: Symbol('used'),\n  kRunning: Symbol('running'),\n  kBlocking: Symbol('blocking'),\n  kPending: Symbol('pending'),\n  kSize: Symbol('size'),\n  kBusy: Symbol('busy'),\n  kQueued: Symbol('queued'),\n  kFree: Symbol('free'),\n  kConnected: Symbol('connected'),\n  kClosed: Symbol('closed'),\n  kNeedDrain: Symbol('need drain'),\n  kReset: Symbol('reset'),\n  kDestroyed: Symbol.for('nodejs.stream.destroyed'),\n  kMaxHeadersSize: Symbol('max headers size'),\n  kRunningIdx: Symbol('running index'),\n  kPendingIdx: Symbol('pending index'),\n  kError: Symbol('error'),\n  kClients: Symbol('clients'),\n  kClient: Symbol('client'),\n  kParser: Symbol('parser'),\n  kOnDestroyed: Symbol('destroy callbacks'),\n  kPipelining: Symbol('pipelining'),\n  kSocket: Symbol('socket'),\n  kHostHeader: Symbol('host header'),\n  kConnector: Symbol('connector'),\n  kStrictContentLength: Symbol('strict content length'),\n  kMaxRedirections: Symbol('maxRedirections'),\n  kMaxRequests: Symbol('maxRequestsPerClient'),\n  kProxy: Symbol('proxy agent options'),\n  kCounter: Symbol('socket request counter'),\n  kInterceptors: Symbol('dispatch interceptors'),\n  kMaxResponseSize: Symbol('max response size'),\n  kHTTP2Session: Symbol('http2Session'),\n  kHTTP2SessionState: Symbol('http2Session state'),\n  kHTTP2BuildRequest: Symbol('http2 build request'),\n  kHTTP1BuildRequest: Symbol('http1 build request'),\n  kHTTP2CopyHeaders: Symbol('http2 copy headers'),\n  kHTTPConnVersion: Symbol('http connection version'),\n  kRetryHandlerDefaultRetry: Symbol('retry agent default retry'),\n  kConstruct: Symbol('constructable')\n}\n","'use strict'\n\nconst assert = require('assert')\nconst { kDestroyed, kBodyUsed } = require('./symbols')\nconst { IncomingMessage } = require('http')\nconst stream = require('stream')\nconst net = require('net')\nconst { InvalidArgumentError } = require('./errors')\nconst { Blob } = require('buffer')\nconst nodeUtil = require('util')\nconst { stringify } = require('querystring')\nconst { headerNameLowerCasedRecord } = require('./constants')\n\nconst [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))\n\nfunction nop () {}\n\nfunction isStream (obj) {\n  return obj && typeof obj === 'object' && typeof obj.pipe === 'function' && typeof obj.on === 'function'\n}\n\n// based on https://github.com/node-fetch/fetch-blob/blob/8ab587d34080de94140b54f07168451e7d0b655e/index.js#L229-L241 (MIT License)\nfunction isBlobLike (object) {\n  return (Blob && object instanceof Blob) || (\n    object &&\n    typeof object === 'object' &&\n    (typeof object.stream === 'function' ||\n      typeof object.arrayBuffer === 'function') &&\n    /^(Blob|File)$/.test(object[Symbol.toStringTag])\n  )\n}\n\nfunction buildURL (url, queryParams) {\n  if (url.includes('?') || url.includes('#')) {\n    throw new Error('Query params cannot be passed when url already contains \"?\" or \"#\".')\n  }\n\n  const stringified = stringify(queryParams)\n\n  if (stringified) {\n    url += '?' + stringified\n  }\n\n  return url\n}\n\nfunction parseURL (url) {\n  if (typeof url === 'string') {\n    url = new URL(url)\n\n    if (!/^https?:/.test(url.origin || url.protocol)) {\n      throw new InvalidArgumentError('Invalid URL protocol: the URL must start with `http:` or `https:`.')\n    }\n\n    return url\n  }\n\n  if (!url || typeof url !== 'object') {\n    throw new InvalidArgumentError('Invalid URL: The URL argument must be a non-null object.')\n  }\n\n  if (!/^https?:/.test(url.origin || url.protocol)) {\n    throw new InvalidArgumentError('Invalid URL protocol: the URL must start with `http:` or `https:`.')\n  }\n\n  if (!(url instanceof URL)) {\n    if (url.port != null && url.port !== '' && !Number.isFinite(parseInt(url.port))) {\n      throw new InvalidArgumentError('Invalid URL: port must be a valid integer or a string representation of an integer.')\n    }\n\n    if (url.path != null && typeof url.path !== 'string') {\n      throw new InvalidArgumentError('Invalid URL path: the path must be a string or null/undefined.')\n    }\n\n    if (url.pathname != null && typeof url.pathname !== 'string') {\n      throw new InvalidArgumentError('Invalid URL pathname: the pathname must be a string or null/undefined.')\n    }\n\n    if (url.hostname != null && typeof url.hostname !== 'string') {\n      throw new InvalidArgumentError('Invalid URL hostname: the hostname must be a string or null/undefined.')\n    }\n\n    if (url.origin != null && typeof url.origin !== 'string') {\n      throw new InvalidArgumentError('Invalid URL origin: the origin must be a string or null/undefined.')\n    }\n\n    const port = url.port != null\n      ? url.port\n      : (url.protocol === 'https:' ? 443 : 80)\n    let origin = url.origin != null\n      ? url.origin\n      : `${url.protocol}//${url.hostname}:${port}`\n    let path = url.path != null\n      ? url.path\n      : `${url.pathname || ''}${url.search || ''}`\n\n    if (origin.endsWith('/')) {\n      origin = origin.substring(0, origin.length - 1)\n    }\n\n    if (path && !path.startsWith('/')) {\n      path = `/${path}`\n    }\n    // new URL(path, origin) is unsafe when `path` contains an absolute URL\n    // From https://developer.mozilla.org/en-US/docs/Web/API/URL/URL:\n    // If first parameter is a relative URL, second param is required, and will be used as the base URL.\n    // If first parameter is an absolute URL, a given second param will be ignored.\n    url = new URL(origin + path)\n  }\n\n  return url\n}\n\nfunction parseOrigin (url) {\n  url = parseURL(url)\n\n  if (url.pathname !== '/' || url.search || url.hash) {\n    throw new InvalidArgumentError('invalid url')\n  }\n\n  return url\n}\n\nfunction getHostname (host) {\n  if (host[0] === '[') {\n    const idx = host.indexOf(']')\n\n    assert(idx !== -1)\n    return host.substring(1, idx)\n  }\n\n  const idx = host.indexOf(':')\n  if (idx === -1) return host\n\n  return host.substring(0, idx)\n}\n\n// IP addresses are not valid server names per RFC6066\n// > Currently, the only server names supported are DNS hostnames\nfunction getServerName (host) {\n  if (!host) {\n    return null\n  }\n\n  assert.strictEqual(typeof host, 'string')\n\n  const servername = getHostname(host)\n  if (net.isIP(servername)) {\n    return ''\n  }\n\n  return servername\n}\n\nfunction deepClone (obj) {\n  return JSON.parse(JSON.stringify(obj))\n}\n\nfunction isAsyncIterable (obj) {\n  return !!(obj != null && typeof obj[Symbol.asyncIterator] === 'function')\n}\n\nfunction isIterable (obj) {\n  return !!(obj != null && (typeof obj[Symbol.iterator] === 'function' || typeof obj[Symbol.asyncIterator] === 'function'))\n}\n\nfunction bodyLength (body) {\n  if (body == null) {\n    return 0\n  } else if (isStream(body)) {\n    const state = body._readableState\n    return state && state.objectMode === false && state.ended === true && Number.isFinite(state.length)\n      ? state.length\n      : null\n  } else if (isBlobLike(body)) {\n    return body.size != null ? body.size : null\n  } else if (isBuffer(body)) {\n    return body.byteLength\n  }\n\n  return null\n}\n\nfunction isDestroyed (stream) {\n  return !stream || !!(stream.destroyed || stream[kDestroyed])\n}\n\nfunction isReadableAborted (stream) {\n  const state = stream && stream._readableState\n  return isDestroyed(stream) && state && !state.endEmitted\n}\n\nfunction destroy (stream, err) {\n  if (stream == null || !isStream(stream) || isDestroyed(stream)) {\n    return\n  }\n\n  if (typeof stream.destroy === 'function') {\n    if (Object.getPrototypeOf(stream).constructor === IncomingMessage) {\n      // See: https://github.com/nodejs/node/pull/38505/files\n      stream.socket = null\n    }\n\n    stream.destroy(err)\n  } else if (err) {\n    process.nextTick((stream, err) => {\n      stream.emit('error', err)\n    }, stream, err)\n  }\n\n  if (stream.destroyed !== true) {\n    stream[kDestroyed] = true\n  }\n}\n\nconst KEEPALIVE_TIMEOUT_EXPR = /timeout=(\\d+)/\nfunction parseKeepAliveTimeout (val) {\n  const m = val.toString().match(KEEPALIVE_TIMEOUT_EXPR)\n  return m ? parseInt(m[1], 10) * 1000 : null\n}\n\n/**\n * Retrieves a header name and returns its lowercase value.\n * @param {string | Buffer} value Header name\n * @returns {string}\n */\nfunction headerNameToString (value) {\n  return headerNameLowerCasedRecord[value] || value.toLowerCase()\n}\n\nfunction parseHeaders (headers, obj = {}) {\n  // For H2 support\n  if (!Array.isArray(headers)) return headers\n\n  for (let i = 0; i < headers.length; i += 2) {\n    const key = headers[i].toString().toLowerCase()\n    let val = obj[key]\n\n    if (!val) {\n      if (Array.isArray(headers[i + 1])) {\n        obj[key] = headers[i + 1].map(x => x.toString('utf8'))\n      } else {\n        obj[key] = headers[i + 1].toString('utf8')\n      }\n    } else {\n      if (!Array.isArray(val)) {\n        val = [val]\n        obj[key] = val\n      }\n      val.push(headers[i + 1].toString('utf8'))\n    }\n  }\n\n  // See https://github.com/nodejs/node/pull/46528\n  if ('content-length' in obj && 'content-disposition' in obj) {\n    obj['content-disposition'] = Buffer.from(obj['content-disposition']).toString('latin1')\n  }\n\n  return obj\n}\n\nfunction parseRawHeaders (headers) {\n  const ret = []\n  let hasContentLength = false\n  let contentDispositionIdx = -1\n\n  for (let n = 0; n < headers.length; n += 2) {\n    const key = headers[n + 0].toString()\n    const val = headers[n + 1].toString('utf8')\n\n    if (key.length === 14 && (key === 'content-length' || key.toLowerCase() === 'content-length')) {\n      ret.push(key, val)\n      hasContentLength = true\n    } else if (key.length === 19 && (key === 'content-disposition' || key.toLowerCase() === 'content-disposition')) {\n      contentDispositionIdx = ret.push(key, val) - 1\n    } else {\n      ret.push(key, val)\n    }\n  }\n\n  // See https://github.com/nodejs/node/pull/46528\n  if (hasContentLength && contentDispositionIdx !== -1) {\n    ret[contentDispositionIdx] = Buffer.from(ret[contentDispositionIdx]).toString('latin1')\n  }\n\n  return ret\n}\n\nfunction isBuffer (buffer) {\n  // See, https://github.com/mcollina/undici/pull/319\n  return buffer instanceof Uint8Array || Buffer.isBuffer(buffer)\n}\n\nfunction validateHandler (handler, method, upgrade) {\n  if (!handler || typeof handler !== 'object') {\n    throw new InvalidArgumentError('handler must be an object')\n  }\n\n  if (typeof handler.onConnect !== 'function') {\n    throw new InvalidArgumentError('invalid onConnect method')\n  }\n\n  if (typeof handler.onError !== 'function') {\n    throw new InvalidArgumentError('invalid onError method')\n  }\n\n  if (typeof handler.onBodySent !== 'function' && handler.onBodySent !== undefined) {\n    throw new InvalidArgumentError('invalid onBodySent method')\n  }\n\n  if (upgrade || method === 'CONNECT') {\n    if (typeof handler.onUpgrade !== 'function') {\n      throw new InvalidArgumentError('invalid onUpgrade method')\n    }\n  } else {\n    if (typeof handler.onHeaders !== 'function') {\n      throw new InvalidArgumentError('invalid onHeaders method')\n    }\n\n    if (typeof handler.onData !== 'function') {\n      throw new InvalidArgumentError('invalid onData method')\n    }\n\n    if (typeof handler.onComplete !== 'function') {\n      throw new InvalidArgumentError('invalid onComplete method')\n    }\n  }\n}\n\n// A body is disturbed if it has been read from and it cannot\n// be re-used without losing state or data.\nfunction isDisturbed (body) {\n  return !!(body && (\n    stream.isDisturbed\n      ? stream.isDisturbed(body) || body[kBodyUsed] // TODO (fix): Why is body[kBodyUsed] needed?\n      : body[kBodyUsed] ||\n        body.readableDidRead ||\n        (body._readableState && body._readableState.dataEmitted) ||\n        isReadableAborted(body)\n  ))\n}\n\nfunction isErrored (body) {\n  return !!(body && (\n    stream.isErrored\n      ? stream.isErrored(body)\n      : /state: 'errored'/.test(nodeUtil.inspect(body)\n      )))\n}\n\nfunction isReadable (body) {\n  return !!(body && (\n    stream.isReadable\n      ? stream.isReadable(body)\n      : /state: 'readable'/.test(nodeUtil.inspect(body)\n      )))\n}\n\nfunction getSocketInfo (socket) {\n  return {\n    localAddress: socket.localAddress,\n    localPort: socket.localPort,\n    remoteAddress: socket.remoteAddress,\n    remotePort: socket.remotePort,\n    remoteFamily: socket.remoteFamily,\n    timeout: socket.timeout,\n    bytesWritten: socket.bytesWritten,\n    bytesRead: socket.bytesRead\n  }\n}\n\nasync function * convertIterableToBuffer (iterable) {\n  for await (const chunk of iterable) {\n    yield Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)\n  }\n}\n\nlet ReadableStream\nfunction ReadableStreamFrom (iterable) {\n  if (!ReadableStream) {\n    ReadableStream = require('stream/web').ReadableStream\n  }\n\n  if (ReadableStream.from) {\n    return ReadableStream.from(convertIterableToBuffer(iterable))\n  }\n\n  let iterator\n  return new ReadableStream(\n    {\n      async start () {\n        iterator = iterable[Symbol.asyncIterator]()\n      },\n      async pull (controller) {\n        const { done, value } = await iterator.next()\n        if (done) {\n          queueMicrotask(() => {\n            controller.close()\n          })\n        } else {\n          const buf = Buffer.isBuffer(value) ? value : Buffer.from(value)\n          controller.enqueue(new Uint8Array(buf))\n        }\n        return controller.desiredSize > 0\n      },\n      async cancel (reason) {\n        await iterator.return()\n      }\n    },\n    0\n  )\n}\n\n// The chunk should be a FormData instance and contains\n// all the required methods.\nfunction isFormDataLike (object) {\n  return (\n    object &&\n    typeof object === 'object' &&\n    typeof object.append === 'function' &&\n    typeof object.delete === 'function' &&\n    typeof object.get === 'function' &&\n    typeof object.getAll === 'function' &&\n    typeof object.has === 'function' &&\n    typeof object.set === 'function' &&\n    object[Symbol.toStringTag] === 'FormData'\n  )\n}\n\nfunction throwIfAborted (signal) {\n  if (!signal) { return }\n  if (typeof signal.throwIfAborted === 'function') {\n    signal.throwIfAborted()\n  } else {\n    if (signal.aborted) {\n      // DOMException not available < v17.0.0\n      const err = new Error('The operation was aborted')\n      err.name = 'AbortError'\n      throw err\n    }\n  }\n}\n\nfunction addAbortListener (signal, listener) {\n  if ('addEventListener' in signal) {\n    signal.addEventListener('abort', listener, { once: true })\n    return () => signal.removeEventListener('abort', listener)\n  }\n  signal.addListener('abort', listener)\n  return () => signal.removeListener('abort', listener)\n}\n\nconst hasToWellFormed = !!String.prototype.toWellFormed\n\n/**\n * @param {string} val\n */\nfunction toUSVString (val) {\n  if (hasToWellFormed) {\n    return `${val}`.toWellFormed()\n  } else if (nodeUtil.toUSVString) {\n    return nodeUtil.toUSVString(val)\n  }\n\n  return `${val}`\n}\n\n// Parsed accordingly to RFC 9110\n// https://www.rfc-editor.org/rfc/rfc9110#field.content-range\nfunction parseRangeHeader (range) {\n  if (range == null || range === '') return { start: 0, end: null, size: null }\n\n  const m = range ? range.match(/^bytes (\\d+)-(\\d+)\\/(\\d+)?$/) : null\n  return m\n    ? {\n        start: parseInt(m[1]),\n        end: m[2] ? parseInt(m[2]) : null,\n        size: m[3] ? parseInt(m[3]) : null\n      }\n    : null\n}\n\nconst kEnumerableProperty = Object.create(null)\nkEnumerableProperty.enumerable = true\n\nmodule.exports = {\n  kEnumerableProperty,\n  nop,\n  isDisturbed,\n  isErrored,\n  isReadable,\n  toUSVString,\n  isReadableAborted,\n  isBlobLike,\n  parseOrigin,\n  parseURL,\n  getServerName,\n  isStream,\n  isIterable,\n  isAsyncIterable,\n  isDestroyed,\n  headerNameToString,\n  parseRawHeaders,\n  parseHeaders,\n  parseKeepAliveTimeout,\n  destroy,\n  bodyLength,\n  deepClone,\n  ReadableStreamFrom,\n  isBuffer,\n  validateHandler,\n  getSocketInfo,\n  isFormDataLike,\n  buildURL,\n  throwIfAborted,\n  addAbortListener,\n  parseRangeHeader,\n  nodeMajor,\n  nodeMinor,\n  nodeHasAutoSelectFamily: nodeMajor > 18 || (nodeMajor === 18 && nodeMinor >= 13),\n  safeHTTPMethods: ['GET', 'HEAD', 'OPTIONS', 'TRACE']\n}\n","'use strict'\n\nconst Dispatcher = require('./dispatcher')\nconst {\n  ClientDestroyedError,\n  ClientClosedError,\n  InvalidArgumentError\n} = require('./core/errors')\nconst { kDestroy, kClose, kDispatch, kInterceptors } = require('./core/symbols')\n\nconst kDestroyed = Symbol('destroyed')\nconst kClosed = Symbol('closed')\nconst kOnDestroyed = Symbol('onDestroyed')\nconst kOnClosed = Symbol('onClosed')\nconst kInterceptedDispatch = Symbol('Intercepted Dispatch')\n\nclass DispatcherBase extends Dispatcher {\n  constructor () {\n    super()\n\n    this[kDestroyed] = false\n    this[kOnDestroyed] = null\n    this[kClosed] = false\n    this[kOnClosed] = []\n  }\n\n  get destroyed () {\n    return this[kDestroyed]\n  }\n\n  get closed () {\n    return this[kClosed]\n  }\n\n  get interceptors () {\n    return this[kInterceptors]\n  }\n\n  set interceptors (newInterceptors) {\n    if (newInterceptors) {\n      for (let i = newInterceptors.length - 1; i >= 0; i--) {\n        const interceptor = this[kInterceptors][i]\n        if (typeof interceptor !== 'function') {\n          throw new InvalidArgumentError('interceptor must be an function')\n        }\n      }\n    }\n\n    this[kInterceptors] = newInterceptors\n  }\n\n  close (callback) {\n    if (callback === undefined) {\n      return new Promise((resolve, reject) => {\n        this.close((err, data) => {\n          return err ? reject(err) : resolve(data)\n        })\n      })\n    }\n\n    if (typeof callback !== 'function') {\n      throw new InvalidArgumentError('invalid callback')\n    }\n\n    if (this[kDestroyed]) {\n      queueMicrotask(() => callback(new ClientDestroyedError(), null))\n      return\n    }\n\n    if (this[kClosed]) {\n      if (this[kOnClosed]) {\n        this[kOnClosed].push(callback)\n      } else {\n        queueMicrotask(() => callback(null, null))\n      }\n      return\n    }\n\n    this[kClosed] = true\n    this[kOnClosed].push(callback)\n\n    const onClosed = () => {\n      const callbacks = this[kOnClosed]\n      this[kOnClosed] = null\n      for (let i = 0; i < callbacks.length; i++) {\n        callbacks[i](null, null)\n      }\n    }\n\n    // Should not error.\n    this[kClose]()\n      .then(() => this.destroy())\n      .then(() => {\n        queueMicrotask(onClosed)\n      })\n  }\n\n  destroy (err, callback) {\n    if (typeof err === 'function') {\n      callback = err\n      err = null\n    }\n\n    if (callback === undefined) {\n      return new Promise((resolve, reject) => {\n        this.destroy(err, (err, data) => {\n          return err ? /* istanbul ignore next: should never error */ reject(err) : resolve(data)\n        })\n      })\n    }\n\n    if (typeof callback !== 'function') {\n      throw new InvalidArgumentError('invalid callback')\n    }\n\n    if (this[kDestroyed]) {\n      if (this[kOnDestroyed]) {\n        this[kOnDestroyed].push(callback)\n      } else {\n        queueMicrotask(() => callback(null, null))\n      }\n      return\n    }\n\n    if (!err) {\n      err = new ClientDestroyedError()\n    }\n\n    this[kDestroyed] = true\n    this[kOnDestroyed] = this[kOnDestroyed] || []\n    this[kOnDestroyed].push(callback)\n\n    const onDestroyed = () => {\n      const callbacks = this[kOnDestroyed]\n      this[kOnDestroyed] = null\n      for (let i = 0; i < callbacks.length; i++) {\n        callbacks[i](null, null)\n      }\n    }\n\n    // Should not error.\n    this[kDestroy](err).then(() => {\n      queueMicrotask(onDestroyed)\n    })\n  }\n\n  [kInterceptedDispatch] (opts, handler) {\n    if (!this[kInterceptors] || this[kInterceptors].length === 0) {\n      this[kInterceptedDispatch] = this[kDispatch]\n      return this[kDispatch](opts, handler)\n    }\n\n    let dispatch = this[kDispatch].bind(this)\n    for (let i = this[kInterceptors].length - 1; i >= 0; i--) {\n      dispatch = this[kInterceptors][i](dispatch)\n    }\n    this[kInterceptedDispatch] = dispatch\n    return dispatch(opts, handler)\n  }\n\n  dispatch (opts, handler) {\n    if (!handler || typeof handler !== 'object') {\n      throw new InvalidArgumentError('handler must be an object')\n    }\n\n    try {\n      if (!opts || typeof opts !== 'object') {\n        throw new InvalidArgumentError('opts must be an object.')\n      }\n\n      if (this[kDestroyed] || this[kOnDestroyed]) {\n        throw new ClientDestroyedError()\n      }\n\n      if (this[kClosed]) {\n        throw new ClientClosedError()\n      }\n\n      return this[kInterceptedDispatch](opts, handler)\n    } catch (err) {\n      if (typeof handler.onError !== 'function') {\n        throw new InvalidArgumentError('invalid onError method')\n      }\n\n      handler.onError(err)\n\n      return false\n    }\n  }\n}\n\nmodule.exports = DispatcherBase\n","'use strict'\n\nconst EventEmitter = require('events')\n\nclass Dispatcher extends EventEmitter {\n  dispatch () {\n    throw new Error('not implemented')\n  }\n\n  close () {\n    throw new Error('not implemented')\n  }\n\n  destroy () {\n    throw new Error('not implemented')\n  }\n}\n\nmodule.exports = Dispatcher\n","'use strict'\n\nconst Busboy = require('@fastify/busboy')\nconst util = require('../core/util')\nconst {\n  ReadableStreamFrom,\n  isBlobLike,\n  isReadableStreamLike,\n  readableStreamClose,\n  createDeferredPromise,\n  fullyReadBody\n} = require('./util')\nconst { FormData } = require('./formdata')\nconst { kState } = require('./symbols')\nconst { webidl } = require('./webidl')\nconst { DOMException, structuredClone } = require('./constants')\nconst { Blob, File: NativeFile } = require('buffer')\nconst { kBodyUsed } = require('../core/symbols')\nconst assert = require('assert')\nconst { isErrored } = require('../core/util')\nconst { isUint8Array, isArrayBuffer } = require('util/types')\nconst { File: UndiciFile } = require('./file')\nconst { parseMIMEType, serializeAMimeType } = require('./dataURL')\n\nlet random\ntry {\n  const crypto = require('node:crypto')\n  random = (max) => crypto.randomInt(0, max)\n} catch {\n  random = (max) => Math.floor(Math.random(max))\n}\n\nlet ReadableStream = globalThis.ReadableStream\n\n/** @type {globalThis['File']} */\nconst File = NativeFile ?? UndiciFile\nconst textEncoder = new TextEncoder()\nconst textDecoder = new TextDecoder()\n\n// https://fetch.spec.whatwg.org/#concept-bodyinit-extract\nfunction extractBody (object, keepalive = false) {\n  if (!ReadableStream) {\n    ReadableStream = require('stream/web').ReadableStream\n  }\n\n  // 1. Let stream be null.\n  let stream = null\n\n  // 2. If object is a ReadableStream object, then set stream to object.\n  if (object instanceof ReadableStream) {\n    stream = object\n  } else if (isBlobLike(object)) {\n    // 3. Otherwise, if object is a Blob object, set stream to the\n    //    result of running object’s get stream.\n    stream = object.stream()\n  } else {\n    // 4. Otherwise, set stream to a new ReadableStream object, and set\n    //    up stream.\n    stream = new ReadableStream({\n      async pull (controller) {\n        controller.enqueue(\n          typeof source === 'string' ? textEncoder.encode(source) : source\n        )\n        queueMicrotask(() => readableStreamClose(controller))\n      },\n      start () {},\n      type: undefined\n    })\n  }\n\n  // 5. Assert: stream is a ReadableStream object.\n  assert(isReadableStreamLike(stream))\n\n  // 6. Let action be null.\n  let action = null\n\n  // 7. Let source be null.\n  let source = null\n\n  // 8. Let length be null.\n  let length = null\n\n  // 9. Let type be null.\n  let type = null\n\n  // 10. Switch on object:\n  if (typeof object === 'string') {\n    // Set source to the UTF-8 encoding of object.\n    // Note: setting source to a Uint8Array here breaks some mocking assumptions.\n    source = object\n\n    // Set type to `text/plain;charset=UTF-8`.\n    type = 'text/plain;charset=UTF-8'\n  } else if (object instanceof URLSearchParams) {\n    // URLSearchParams\n\n    // spec says to run application/x-www-form-urlencoded on body.list\n    // this is implemented in Node.js as apart of an URLSearchParams instance toString method\n    // See: https://github.com/nodejs/node/blob/e46c680bf2b211bbd52cf959ca17ee98c7f657f5/lib/internal/url.js#L490\n    // and https://github.com/nodejs/node/blob/e46c680bf2b211bbd52cf959ca17ee98c7f657f5/lib/internal/url.js#L1100\n\n    // Set source to the result of running the application/x-www-form-urlencoded serializer with object’s list.\n    source = object.toString()\n\n    // Set type to `application/x-www-form-urlencoded;charset=UTF-8`.\n    type = 'application/x-www-form-urlencoded;charset=UTF-8'\n  } else if (isArrayBuffer(object)) {\n    // BufferSource/ArrayBuffer\n\n    // Set source to a copy of the bytes held by object.\n    source = new Uint8Array(object.slice())\n  } else if (ArrayBuffer.isView(object)) {\n    // BufferSource/ArrayBufferView\n\n    // Set source to a copy of the bytes held by object.\n    source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength))\n  } else if (util.isFormDataLike(object)) {\n    const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}`\n    const prefix = `--${boundary}\\r\\nContent-Disposition: form-data`\n\n    /*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */\n    const escape = (str) =>\n      str.replace(/\\n/g, '%0A').replace(/\\r/g, '%0D').replace(/\"/g, '%22')\n    const normalizeLinefeeds = (value) => value.replace(/\\r?\\n|\\r/g, '\\r\\n')\n\n    // Set action to this step: run the multipart/form-data\n    // encoding algorithm, with object’s entry list and UTF-8.\n    // - This ensures that the body is immutable and can't be changed afterwords\n    // - That the content-length is calculated in advance.\n    // - And that all parts are pre-encoded and ready to be sent.\n\n    const blobParts = []\n    const rn = new Uint8Array([13, 10]) // '\\r\\n'\n    length = 0\n    let hasUnknownSizeValue = false\n\n    for (const [name, value] of object) {\n      if (typeof value === 'string') {\n        const chunk = textEncoder.encode(prefix +\n          `; name=\"${escape(normalizeLinefeeds(name))}\"` +\n          `\\r\\n\\r\\n${normalizeLinefeeds(value)}\\r\\n`)\n        blobParts.push(chunk)\n        length += chunk.byteLength\n      } else {\n        const chunk = textEncoder.encode(`${prefix}; name=\"${escape(normalizeLinefeeds(name))}\"` +\n          (value.name ? `; filename=\"${escape(value.name)}\"` : '') + '\\r\\n' +\n          `Content-Type: ${\n            value.type || 'application/octet-stream'\n          }\\r\\n\\r\\n`)\n        blobParts.push(chunk, value, rn)\n        if (typeof value.size === 'number') {\n          length += chunk.byteLength + value.size + rn.byteLength\n        } else {\n          hasUnknownSizeValue = true\n        }\n      }\n    }\n\n    const chunk = textEncoder.encode(`--${boundary}--`)\n    blobParts.push(chunk)\n    length += chunk.byteLength\n    if (hasUnknownSizeValue) {\n      length = null\n    }\n\n    // Set source to object.\n    source = object\n\n    action = async function * () {\n      for (const part of blobParts) {\n        if (part.stream) {\n          yield * part.stream()\n        } else {\n          yield part\n        }\n      }\n    }\n\n    // Set type to `multipart/form-data; boundary=`,\n    // followed by the multipart/form-data boundary string generated\n    // by the multipart/form-data encoding algorithm.\n    type = 'multipart/form-data; boundary=' + boundary\n  } else if (isBlobLike(object)) {\n    // Blob\n\n    // Set source to object.\n    source = object\n\n    // Set length to object’s size.\n    length = object.size\n\n    // If object’s type attribute is not the empty byte sequence, set\n    // type to its value.\n    if (object.type) {\n      type = object.type\n    }\n  } else if (typeof object[Symbol.asyncIterator] === 'function') {\n    // If keepalive is true, then throw a TypeError.\n    if (keepalive) {\n      throw new TypeError('keepalive')\n    }\n\n    // If object is disturbed or locked, then throw a TypeError.\n    if (util.isDisturbed(object) || object.locked) {\n      throw new TypeError(\n        'Response body object should not be disturbed or locked'\n      )\n    }\n\n    stream =\n      object instanceof ReadableStream ? object : ReadableStreamFrom(object)\n  }\n\n  // 11. If source is a byte sequence, then set action to a\n  // step that returns source and length to source’s length.\n  if (typeof source === 'string' || util.isBuffer(source)) {\n    length = Buffer.byteLength(source)\n  }\n\n  // 12. If action is non-null, then run these steps in in parallel:\n  if (action != null) {\n    // Run action.\n    let iterator\n    stream = new ReadableStream({\n      async start () {\n        iterator = action(object)[Symbol.asyncIterator]()\n      },\n      async pull (controller) {\n        const { value, done } = await iterator.next()\n        if (done) {\n          // When running action is done, close stream.\n          queueMicrotask(() => {\n            controller.close()\n          })\n        } else {\n          // Whenever one or more bytes are available and stream is not errored,\n          // enqueue a Uint8Array wrapping an ArrayBuffer containing the available\n          // bytes into stream.\n          if (!isErrored(stream)) {\n            controller.enqueue(new Uint8Array(value))\n          }\n        }\n        return controller.desiredSize > 0\n      },\n      async cancel (reason) {\n        await iterator.return()\n      },\n      type: undefined\n    })\n  }\n\n  // 13. Let body be a body whose stream is stream, source is source,\n  // and length is length.\n  const body = { stream, source, length }\n\n  // 14. Return (body, type).\n  return [body, type]\n}\n\n// https://fetch.spec.whatwg.org/#bodyinit-safely-extract\nfunction safelyExtractBody (object, keepalive = false) {\n  if (!ReadableStream) {\n    // istanbul ignore next\n    ReadableStream = require('stream/web').ReadableStream\n  }\n\n  // To safely extract a body and a `Content-Type` value from\n  // a byte sequence or BodyInit object object, run these steps:\n\n  // 1. If object is a ReadableStream object, then:\n  if (object instanceof ReadableStream) {\n    // Assert: object is neither disturbed nor locked.\n    // istanbul ignore next\n    assert(!util.isDisturbed(object), 'The body has already been consumed.')\n    // istanbul ignore next\n    assert(!object.locked, 'The stream is locked.')\n  }\n\n  // 2. Return the results of extracting object.\n  return extractBody(object, keepalive)\n}\n\nfunction cloneBody (body) {\n  // To clone a body body, run these steps:\n\n  // https://fetch.spec.whatwg.org/#concept-body-clone\n\n  // 1. Let « out1, out2 » be the result of teeing body’s stream.\n  const [out1, out2] = body.stream.tee()\n  const out2Clone = structuredClone(out2, { transfer: [out2] })\n  // This, for whatever reasons, unrefs out2Clone which allows\n  // the process to exit by itself.\n  const [, finalClone] = out2Clone.tee()\n\n  // 2. Set body’s stream to out1.\n  body.stream = out1\n\n  // 3. Return a body whose stream is out2 and other members are copied from body.\n  return {\n    stream: finalClone,\n    length: body.length,\n    source: body.source\n  }\n}\n\nasync function * consumeBody (body) {\n  if (body) {\n    if (isUint8Array(body)) {\n      yield body\n    } else {\n      const stream = body.stream\n\n      if (util.isDisturbed(stream)) {\n        throw new TypeError('The body has already been consumed.')\n      }\n\n      if (stream.locked) {\n        throw new TypeError('The stream is locked.')\n      }\n\n      // Compat.\n      stream[kBodyUsed] = true\n\n      yield * stream\n    }\n  }\n}\n\nfunction throwIfAborted (state) {\n  if (state.aborted) {\n    throw new DOMException('The operation was aborted.', 'AbortError')\n  }\n}\n\nfunction bodyMixinMethods (instance) {\n  const methods = {\n    blob () {\n      // The blob() method steps are to return the result of\n      // running consume body with this and the following step\n      // given a byte sequence bytes: return a Blob whose\n      // contents are bytes and whose type attribute is this’s\n      // MIME type.\n      return specConsumeBody(this, (bytes) => {\n        let mimeType = bodyMimeType(this)\n\n        if (mimeType === 'failure') {\n          mimeType = ''\n        } else if (mimeType) {\n          mimeType = serializeAMimeType(mimeType)\n        }\n\n        // Return a Blob whose contents are bytes and type attribute\n        // is mimeType.\n        return new Blob([bytes], { type: mimeType })\n      }, instance)\n    },\n\n    arrayBuffer () {\n      // The arrayBuffer() method steps are to return the result\n      // of running consume body with this and the following step\n      // given a byte sequence bytes: return a new ArrayBuffer\n      // whose contents are bytes.\n      return specConsumeBody(this, (bytes) => {\n        return new Uint8Array(bytes).buffer\n      }, instance)\n    },\n\n    text () {\n      // The text() method steps are to return the result of running\n      // consume body with this and UTF-8 decode.\n      return specConsumeBody(this, utf8DecodeBytes, instance)\n    },\n\n    json () {\n      // The json() method steps are to return the result of running\n      // consume body with this and parse JSON from bytes.\n      return specConsumeBody(this, parseJSONFromBytes, instance)\n    },\n\n    async formData () {\n      webidl.brandCheck(this, instance)\n\n      throwIfAborted(this[kState])\n\n      const contentType = this.headers.get('Content-Type')\n\n      // If mimeType’s essence is \"multipart/form-data\", then:\n      if (/multipart\\/form-data/.test(contentType)) {\n        const headers = {}\n        for (const [key, value] of this.headers) headers[key.toLowerCase()] = value\n\n        const responseFormData = new FormData()\n\n        let busboy\n\n        try {\n          busboy = new Busboy({\n            headers,\n            preservePath: true\n          })\n        } catch (err) {\n          throw new DOMException(`${err}`, 'AbortError')\n        }\n\n        busboy.on('field', (name, value) => {\n          responseFormData.append(name, value)\n        })\n        busboy.on('file', (name, value, filename, encoding, mimeType) => {\n          const chunks = []\n\n          if (encoding === 'base64' || encoding.toLowerCase() === 'base64') {\n            let base64chunk = ''\n\n            value.on('data', (chunk) => {\n              base64chunk += chunk.toString().replace(/[\\r\\n]/gm, '')\n\n              const end = base64chunk.length - base64chunk.length % 4\n              chunks.push(Buffer.from(base64chunk.slice(0, end), 'base64'))\n\n              base64chunk = base64chunk.slice(end)\n            })\n            value.on('end', () => {\n              chunks.push(Buffer.from(base64chunk, 'base64'))\n              responseFormData.append(name, new File(chunks, filename, { type: mimeType }))\n            })\n          } else {\n            value.on('data', (chunk) => {\n              chunks.push(chunk)\n            })\n            value.on('end', () => {\n              responseFormData.append(name, new File(chunks, filename, { type: mimeType }))\n            })\n          }\n        })\n\n        const busboyResolve = new Promise((resolve, reject) => {\n          busboy.on('finish', resolve)\n          busboy.on('error', (err) => reject(new TypeError(err)))\n        })\n\n        if (this.body !== null) for await (const chunk of consumeBody(this[kState].body)) busboy.write(chunk)\n        busboy.end()\n        await busboyResolve\n\n        return responseFormData\n      } else if (/application\\/x-www-form-urlencoded/.test(contentType)) {\n        // Otherwise, if mimeType’s essence is \"application/x-www-form-urlencoded\", then:\n\n        // 1. Let entries be the result of parsing bytes.\n        let entries\n        try {\n          let text = ''\n          // application/x-www-form-urlencoded parser will keep the BOM.\n          // https://url.spec.whatwg.org/#concept-urlencoded-parser\n          // Note that streaming decoder is stateful and cannot be reused\n          const streamingDecoder = new TextDecoder('utf-8', { ignoreBOM: true })\n\n          for await (const chunk of consumeBody(this[kState].body)) {\n            if (!isUint8Array(chunk)) {\n              throw new TypeError('Expected Uint8Array chunk')\n            }\n            text += streamingDecoder.decode(chunk, { stream: true })\n          }\n          text += streamingDecoder.decode()\n          entries = new URLSearchParams(text)\n        } catch (err) {\n          // istanbul ignore next: Unclear when new URLSearchParams can fail on a string.\n          // 2. If entries is failure, then throw a TypeError.\n          throw Object.assign(new TypeError(), { cause: err })\n        }\n\n        // 3. Return a new FormData object whose entries are entries.\n        const formData = new FormData()\n        for (const [name, value] of entries) {\n          formData.append(name, value)\n        }\n        return formData\n      } else {\n        // Wait a tick before checking if the request has been aborted.\n        // Otherwise, a TypeError can be thrown when an AbortError should.\n        await Promise.resolve()\n\n        throwIfAborted(this[kState])\n\n        // Otherwise, throw a TypeError.\n        throw webidl.errors.exception({\n          header: `${instance.name}.formData`,\n          message: 'Could not parse content as FormData.'\n        })\n      }\n    }\n  }\n\n  return methods\n}\n\nfunction mixinBody (prototype) {\n  Object.assign(prototype.prototype, bodyMixinMethods(prototype))\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#concept-body-consume-body\n * @param {Response|Request} object\n * @param {(value: unknown) => unknown} convertBytesToJSValue\n * @param {Response|Request} instance\n */\nasync function specConsumeBody (object, convertBytesToJSValue, instance) {\n  webidl.brandCheck(object, instance)\n\n  throwIfAborted(object[kState])\n\n  // 1. If object is unusable, then return a promise rejected\n  //    with a TypeError.\n  if (bodyUnusable(object[kState].body)) {\n    throw new TypeError('Body is unusable')\n  }\n\n  // 2. Let promise be a new promise.\n  const promise = createDeferredPromise()\n\n  // 3. Let errorSteps given error be to reject promise with error.\n  const errorSteps = (error) => promise.reject(error)\n\n  // 4. Let successSteps given a byte sequence data be to resolve\n  //    promise with the result of running convertBytesToJSValue\n  //    with data. If that threw an exception, then run errorSteps\n  //    with that exception.\n  const successSteps = (data) => {\n    try {\n      promise.resolve(convertBytesToJSValue(data))\n    } catch (e) {\n      errorSteps(e)\n    }\n  }\n\n  // 5. If object’s body is null, then run successSteps with an\n  //    empty byte sequence.\n  if (object[kState].body == null) {\n    successSteps(new Uint8Array())\n    return promise.promise\n  }\n\n  // 6. Otherwise, fully read object’s body given successSteps,\n  //    errorSteps, and object’s relevant global object.\n  await fullyReadBody(object[kState].body, successSteps, errorSteps)\n\n  // 7. Return promise.\n  return promise.promise\n}\n\n// https://fetch.spec.whatwg.org/#body-unusable\nfunction bodyUnusable (body) {\n  // An object including the Body interface mixin is\n  // said to be unusable if its body is non-null and\n  // its body’s stream is disturbed or locked.\n  return body != null && (body.stream.locked || util.isDisturbed(body.stream))\n}\n\n/**\n * @see https://encoding.spec.whatwg.org/#utf-8-decode\n * @param {Buffer} buffer\n */\nfunction utf8DecodeBytes (buffer) {\n  if (buffer.length === 0) {\n    return ''\n  }\n\n  // 1. Let buffer be the result of peeking three bytes from\n  //    ioQueue, converted to a byte sequence.\n\n  // 2. If buffer is 0xEF 0xBB 0xBF, then read three\n  //    bytes from ioQueue. (Do nothing with those bytes.)\n  if (buffer[0] === 0xEF && buffer[1] === 0xBB && buffer[2] === 0xBF) {\n    buffer = buffer.subarray(3)\n  }\n\n  // 3. Process a queue with an instance of UTF-8’s\n  //    decoder, ioQueue, output, and \"replacement\".\n  const output = textDecoder.decode(buffer)\n\n  // 4. Return output.\n  return output\n}\n\n/**\n * @see https://infra.spec.whatwg.org/#parse-json-bytes-to-a-javascript-value\n * @param {Uint8Array} bytes\n */\nfunction parseJSONFromBytes (bytes) {\n  return JSON.parse(utf8DecodeBytes(bytes))\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#concept-body-mime-type\n * @param {import('./response').Response|import('./request').Request} object\n */\nfunction bodyMimeType (object) {\n  const { headersList } = object[kState]\n  const contentType = headersList.get('content-type')\n\n  if (contentType === null) {\n    return 'failure'\n  }\n\n  return parseMIMEType(contentType)\n}\n\nmodule.exports = {\n  extractBody,\n  safelyExtractBody,\n  cloneBody,\n  mixinBody\n}\n","'use strict'\n\nconst { MessageChannel, receiveMessageOnPort } = require('worker_threads')\n\nconst corsSafeListedMethods = ['GET', 'HEAD', 'POST']\nconst corsSafeListedMethodsSet = new Set(corsSafeListedMethods)\n\nconst nullBodyStatus = [101, 204, 205, 304]\n\nconst redirectStatus = [301, 302, 303, 307, 308]\nconst redirectStatusSet = new Set(redirectStatus)\n\n// https://fetch.spec.whatwg.org/#block-bad-port\nconst badPorts = [\n  '1', '7', '9', '11', '13', '15', '17', '19', '20', '21', '22', '23', '25', '37', '42', '43', '53', '69', '77', '79',\n  '87', '95', '101', '102', '103', '104', '109', '110', '111', '113', '115', '117', '119', '123', '135', '137',\n  '139', '143', '161', '179', '389', '427', '465', '512', '513', '514', '515', '526', '530', '531', '532',\n  '540', '548', '554', '556', '563', '587', '601', '636', '989', '990', '993', '995', '1719', '1720', '1723',\n  '2049', '3659', '4045', '5060', '5061', '6000', '6566', '6665', '6666', '6667', '6668', '6669', '6697',\n  '10080'\n]\n\nconst badPortsSet = new Set(badPorts)\n\n// https://w3c.github.io/webappsec-referrer-policy/#referrer-policies\nconst referrerPolicy = [\n  '',\n  'no-referrer',\n  'no-referrer-when-downgrade',\n  'same-origin',\n  'origin',\n  'strict-origin',\n  'origin-when-cross-origin',\n  'strict-origin-when-cross-origin',\n  'unsafe-url'\n]\nconst referrerPolicySet = new Set(referrerPolicy)\n\nconst requestRedirect = ['follow', 'manual', 'error']\n\nconst safeMethods = ['GET', 'HEAD', 'OPTIONS', 'TRACE']\nconst safeMethodsSet = new Set(safeMethods)\n\nconst requestMode = ['navigate', 'same-origin', 'no-cors', 'cors']\n\nconst requestCredentials = ['omit', 'same-origin', 'include']\n\nconst requestCache = [\n  'default',\n  'no-store',\n  'reload',\n  'no-cache',\n  'force-cache',\n  'only-if-cached'\n]\n\n// https://fetch.spec.whatwg.org/#request-body-header-name\nconst requestBodyHeader = [\n  'content-encoding',\n  'content-language',\n  'content-location',\n  'content-type',\n  // See https://github.com/nodejs/undici/issues/2021\n  // 'Content-Length' is a forbidden header name, which is typically\n  // removed in the Headers implementation. However, undici doesn't\n  // filter out headers, so we add it here.\n  'content-length'\n]\n\n// https://fetch.spec.whatwg.org/#enumdef-requestduplex\nconst requestDuplex = [\n  'half'\n]\n\n// http://fetch.spec.whatwg.org/#forbidden-method\nconst forbiddenMethods = ['CONNECT', 'TRACE', 'TRACK']\nconst forbiddenMethodsSet = new Set(forbiddenMethods)\n\nconst subresource = [\n  'audio',\n  'audioworklet',\n  'font',\n  'image',\n  'manifest',\n  'paintworklet',\n  'script',\n  'style',\n  'track',\n  'video',\n  'xslt',\n  ''\n]\nconst subresourceSet = new Set(subresource)\n\n/** @type {globalThis['DOMException']} */\nconst DOMException = globalThis.DOMException ?? (() => {\n  // DOMException was only made a global in Node v17.0.0,\n  // but fetch supports >= v16.8.\n  try {\n    atob('~')\n  } catch (err) {\n    return Object.getPrototypeOf(err).constructor\n  }\n})()\n\nlet channel\n\n/** @type {globalThis['structuredClone']} */\nconst structuredClone =\n  globalThis.structuredClone ??\n  // https://github.com/nodejs/node/blob/b27ae24dcc4251bad726d9d84baf678d1f707fed/lib/internal/structured_clone.js\n  // structuredClone was added in v17.0.0, but fetch supports v16.8\n  function structuredClone (value, options = undefined) {\n    if (arguments.length === 0) {\n      throw new TypeError('missing argument')\n    }\n\n    if (!channel) {\n      channel = new MessageChannel()\n    }\n    channel.port1.unref()\n    channel.port2.unref()\n    channel.port1.postMessage(value, options?.transfer)\n    return receiveMessageOnPort(channel.port2).message\n  }\n\nmodule.exports = {\n  DOMException,\n  structuredClone,\n  subresource,\n  forbiddenMethods,\n  requestBodyHeader,\n  referrerPolicy,\n  requestRedirect,\n  requestMode,\n  requestCredentials,\n  requestCache,\n  redirectStatus,\n  corsSafeListedMethods,\n  nullBodyStatus,\n  safeMethods,\n  badPorts,\n  requestDuplex,\n  subresourceSet,\n  badPortsSet,\n  redirectStatusSet,\n  corsSafeListedMethodsSet,\n  safeMethodsSet,\n  forbiddenMethodsSet,\n  referrerPolicySet\n}\n","const assert = require('assert')\nconst { atob } = require('buffer')\nconst { isomorphicDecode } = require('./util')\n\nconst encoder = new TextEncoder()\n\n/**\n * @see https://mimesniff.spec.whatwg.org/#http-token-code-point\n */\nconst HTTP_TOKEN_CODEPOINTS = /^[!#$%&'*+-.^_|~A-Za-z0-9]+$/\nconst HTTP_WHITESPACE_REGEX = /(\\u000A|\\u000D|\\u0009|\\u0020)/ // eslint-disable-line\n/**\n * @see https://mimesniff.spec.whatwg.org/#http-quoted-string-token-code-point\n */\nconst HTTP_QUOTED_STRING_TOKENS = /[\\u0009|\\u0020-\\u007E|\\u0080-\\u00FF]/ // eslint-disable-line\n\n// https://fetch.spec.whatwg.org/#data-url-processor\n/** @param {URL} dataURL */\nfunction dataURLProcessor (dataURL) {\n  // 1. Assert: dataURL’s scheme is \"data\".\n  assert(dataURL.protocol === 'data:')\n\n  // 2. Let input be the result of running the URL\n  // serializer on dataURL with exclude fragment\n  // set to true.\n  let input = URLSerializer(dataURL, true)\n\n  // 3. Remove the leading \"data:\" string from input.\n  input = input.slice(5)\n\n  // 4. Let position point at the start of input.\n  const position = { position: 0 }\n\n  // 5. Let mimeType be the result of collecting a\n  // sequence of code points that are not equal\n  // to U+002C (,), given position.\n  let mimeType = collectASequenceOfCodePointsFast(\n    ',',\n    input,\n    position\n  )\n\n  // 6. Strip leading and trailing ASCII whitespace\n  // from mimeType.\n  // Undici implementation note: we need to store the\n  // length because if the mimetype has spaces removed,\n  // the wrong amount will be sliced from the input in\n  // step #9\n  const mimeTypeLength = mimeType.length\n  mimeType = removeASCIIWhitespace(mimeType, true, true)\n\n  // 7. If position is past the end of input, then\n  // return failure\n  if (position.position >= input.length) {\n    return 'failure'\n  }\n\n  // 8. Advance position by 1.\n  position.position++\n\n  // 9. Let encodedBody be the remainder of input.\n  const encodedBody = input.slice(mimeTypeLength + 1)\n\n  // 10. Let body be the percent-decoding of encodedBody.\n  let body = stringPercentDecode(encodedBody)\n\n  // 11. If mimeType ends with U+003B (;), followed by\n  // zero or more U+0020 SPACE, followed by an ASCII\n  // case-insensitive match for \"base64\", then:\n  if (/;(\\u0020){0,}base64$/i.test(mimeType)) {\n    // 1. Let stringBody be the isomorphic decode of body.\n    const stringBody = isomorphicDecode(body)\n\n    // 2. Set body to the forgiving-base64 decode of\n    // stringBody.\n    body = forgivingBase64(stringBody)\n\n    // 3. If body is failure, then return failure.\n    if (body === 'failure') {\n      return 'failure'\n    }\n\n    // 4. Remove the last 6 code points from mimeType.\n    mimeType = mimeType.slice(0, -6)\n\n    // 5. Remove trailing U+0020 SPACE code points from mimeType,\n    // if any.\n    mimeType = mimeType.replace(/(\\u0020)+$/, '')\n\n    // 6. Remove the last U+003B (;) code point from mimeType.\n    mimeType = mimeType.slice(0, -1)\n  }\n\n  // 12. If mimeType starts with U+003B (;), then prepend\n  // \"text/plain\" to mimeType.\n  if (mimeType.startsWith(';')) {\n    mimeType = 'text/plain' + mimeType\n  }\n\n  // 13. Let mimeTypeRecord be the result of parsing\n  // mimeType.\n  let mimeTypeRecord = parseMIMEType(mimeType)\n\n  // 14. If mimeTypeRecord is failure, then set\n  // mimeTypeRecord to text/plain;charset=US-ASCII.\n  if (mimeTypeRecord === 'failure') {\n    mimeTypeRecord = parseMIMEType('text/plain;charset=US-ASCII')\n  }\n\n  // 15. Return a new data: URL struct whose MIME\n  // type is mimeTypeRecord and body is body.\n  // https://fetch.spec.whatwg.org/#data-url-struct\n  return { mimeType: mimeTypeRecord, body }\n}\n\n// https://url.spec.whatwg.org/#concept-url-serializer\n/**\n * @param {URL} url\n * @param {boolean} excludeFragment\n */\nfunction URLSerializer (url, excludeFragment = false) {\n  if (!excludeFragment) {\n    return url.href\n  }\n\n  const href = url.href\n  const hashLength = url.hash.length\n\n  return hashLength === 0 ? href : href.substring(0, href.length - hashLength)\n}\n\n// https://infra.spec.whatwg.org/#collect-a-sequence-of-code-points\n/**\n * @param {(char: string) => boolean} condition\n * @param {string} input\n * @param {{ position: number }} position\n */\nfunction collectASequenceOfCodePoints (condition, input, position) {\n  // 1. Let result be the empty string.\n  let result = ''\n\n  // 2. While position doesn’t point past the end of input and the\n  // code point at position within input meets the condition condition:\n  while (position.position < input.length && condition(input[position.position])) {\n    // 1. Append that code point to the end of result.\n    result += input[position.position]\n\n    // 2. Advance position by 1.\n    position.position++\n  }\n\n  // 3. Return result.\n  return result\n}\n\n/**\n * A faster collectASequenceOfCodePoints that only works when comparing a single character.\n * @param {string} char\n * @param {string} input\n * @param {{ position: number }} position\n */\nfunction collectASequenceOfCodePointsFast (char, input, position) {\n  const idx = input.indexOf(char, position.position)\n  const start = position.position\n\n  if (idx === -1) {\n    position.position = input.length\n    return input.slice(start)\n  }\n\n  position.position = idx\n  return input.slice(start, position.position)\n}\n\n// https://url.spec.whatwg.org/#string-percent-decode\n/** @param {string} input */\nfunction stringPercentDecode (input) {\n  // 1. Let bytes be the UTF-8 encoding of input.\n  const bytes = encoder.encode(input)\n\n  // 2. Return the percent-decoding of bytes.\n  return percentDecode(bytes)\n}\n\n// https://url.spec.whatwg.org/#percent-decode\n/** @param {Uint8Array} input */\nfunction percentDecode (input) {\n  // 1. Let output be an empty byte sequence.\n  /** @type {number[]} */\n  const output = []\n\n  // 2. For each byte byte in input:\n  for (let i = 0; i < input.length; i++) {\n    const byte = input[i]\n\n    // 1. If byte is not 0x25 (%), then append byte to output.\n    if (byte !== 0x25) {\n      output.push(byte)\n\n    // 2. Otherwise, if byte is 0x25 (%) and the next two bytes\n    // after byte in input are not in the ranges\n    // 0x30 (0) to 0x39 (9), 0x41 (A) to 0x46 (F),\n    // and 0x61 (a) to 0x66 (f), all inclusive, append byte\n    // to output.\n    } else if (\n      byte === 0x25 &&\n      !/^[0-9A-Fa-f]{2}$/i.test(String.fromCharCode(input[i + 1], input[i + 2]))\n    ) {\n      output.push(0x25)\n\n    // 3. Otherwise:\n    } else {\n      // 1. Let bytePoint be the two bytes after byte in input,\n      // decoded, and then interpreted as hexadecimal number.\n      const nextTwoBytes = String.fromCharCode(input[i + 1], input[i + 2])\n      const bytePoint = Number.parseInt(nextTwoBytes, 16)\n\n      // 2. Append a byte whose value is bytePoint to output.\n      output.push(bytePoint)\n\n      // 3. Skip the next two bytes in input.\n      i += 2\n    }\n  }\n\n  // 3. Return output.\n  return Uint8Array.from(output)\n}\n\n// https://mimesniff.spec.whatwg.org/#parse-a-mime-type\n/** @param {string} input */\nfunction parseMIMEType (input) {\n  // 1. Remove any leading and trailing HTTP whitespace\n  // from input.\n  input = removeHTTPWhitespace(input, true, true)\n\n  // 2. Let position be a position variable for input,\n  // initially pointing at the start of input.\n  const position = { position: 0 }\n\n  // 3. Let type be the result of collecting a sequence\n  // of code points that are not U+002F (/) from\n  // input, given position.\n  const type = collectASequenceOfCodePointsFast(\n    '/',\n    input,\n    position\n  )\n\n  // 4. If type is the empty string or does not solely\n  // contain HTTP token code points, then return failure.\n  // https://mimesniff.spec.whatwg.org/#http-token-code-point\n  if (type.length === 0 || !HTTP_TOKEN_CODEPOINTS.test(type)) {\n    return 'failure'\n  }\n\n  // 5. If position is past the end of input, then return\n  // failure\n  if (position.position > input.length) {\n    return 'failure'\n  }\n\n  // 6. Advance position by 1. (This skips past U+002F (/).)\n  position.position++\n\n  // 7. Let subtype be the result of collecting a sequence of\n  // code points that are not U+003B (;) from input, given\n  // position.\n  let subtype = collectASequenceOfCodePointsFast(\n    ';',\n    input,\n    position\n  )\n\n  // 8. Remove any trailing HTTP whitespace from subtype.\n  subtype = removeHTTPWhitespace(subtype, false, true)\n\n  // 9. If subtype is the empty string or does not solely\n  // contain HTTP token code points, then return failure.\n  if (subtype.length === 0 || !HTTP_TOKEN_CODEPOINTS.test(subtype)) {\n    return 'failure'\n  }\n\n  const typeLowercase = type.toLowerCase()\n  const subtypeLowercase = subtype.toLowerCase()\n\n  // 10. Let mimeType be a new MIME type record whose type\n  // is type, in ASCII lowercase, and subtype is subtype,\n  // in ASCII lowercase.\n  // https://mimesniff.spec.whatwg.org/#mime-type\n  const mimeType = {\n    type: typeLowercase,\n    subtype: subtypeLowercase,\n    /** @type {Map<string, string>} */\n    parameters: new Map(),\n    // https://mimesniff.spec.whatwg.org/#mime-type-essence\n    essence: `${typeLowercase}/${subtypeLowercase}`\n  }\n\n  // 11. While position is not past the end of input:\n  while (position.position < input.length) {\n    // 1. Advance position by 1. (This skips past U+003B (;).)\n    position.position++\n\n    // 2. Collect a sequence of code points that are HTTP\n    // whitespace from input given position.\n    collectASequenceOfCodePoints(\n      // https://fetch.spec.whatwg.org/#http-whitespace\n      char => HTTP_WHITESPACE_REGEX.test(char),\n      input,\n      position\n    )\n\n    // 3. Let parameterName be the result of collecting a\n    // sequence of code points that are not U+003B (;)\n    // or U+003D (=) from input, given position.\n    let parameterName = collectASequenceOfCodePoints(\n      (char) => char !== ';' && char !== '=',\n      input,\n      position\n    )\n\n    // 4. Set parameterName to parameterName, in ASCII\n    // lowercase.\n    parameterName = parameterName.toLowerCase()\n\n    // 5. If position is not past the end of input, then:\n    if (position.position < input.length) {\n      // 1. If the code point at position within input is\n      // U+003B (;), then continue.\n      if (input[position.position] === ';') {\n        continue\n      }\n\n      // 2. Advance position by 1. (This skips past U+003D (=).)\n      position.position++\n    }\n\n    // 6. If position is past the end of input, then break.\n    if (position.position > input.length) {\n      break\n    }\n\n    // 7. Let parameterValue be null.\n    let parameterValue = null\n\n    // 8. If the code point at position within input is\n    // U+0022 (\"), then:\n    if (input[position.position] === '\"') {\n      // 1. Set parameterValue to the result of collecting\n      // an HTTP quoted string from input, given position\n      // and the extract-value flag.\n      parameterValue = collectAnHTTPQuotedString(input, position, true)\n\n      // 2. Collect a sequence of code points that are not\n      // U+003B (;) from input, given position.\n      collectASequenceOfCodePointsFast(\n        ';',\n        input,\n        position\n      )\n\n    // 9. Otherwise:\n    } else {\n      // 1. Set parameterValue to the result of collecting\n      // a sequence of code points that are not U+003B (;)\n      // from input, given position.\n      parameterValue = collectASequenceOfCodePointsFast(\n        ';',\n        input,\n        position\n      )\n\n      // 2. Remove any trailing HTTP whitespace from parameterValue.\n      parameterValue = removeHTTPWhitespace(parameterValue, false, true)\n\n      // 3. If parameterValue is the empty string, then continue.\n      if (parameterValue.length === 0) {\n        continue\n      }\n    }\n\n    // 10. If all of the following are true\n    // - parameterName is not the empty string\n    // - parameterName solely contains HTTP token code points\n    // - parameterValue solely contains HTTP quoted-string token code points\n    // - mimeType’s parameters[parameterName] does not exist\n    // then set mimeType’s parameters[parameterName] to parameterValue.\n    if (\n      parameterName.length !== 0 &&\n      HTTP_TOKEN_CODEPOINTS.test(parameterName) &&\n      (parameterValue.length === 0 || HTTP_QUOTED_STRING_TOKENS.test(parameterValue)) &&\n      !mimeType.parameters.has(parameterName)\n    ) {\n      mimeType.parameters.set(parameterName, parameterValue)\n    }\n  }\n\n  // 12. Return mimeType.\n  return mimeType\n}\n\n// https://infra.spec.whatwg.org/#forgiving-base64-decode\n/** @param {string} data */\nfunction forgivingBase64 (data) {\n  // 1. Remove all ASCII whitespace from data.\n  data = data.replace(/[\\u0009\\u000A\\u000C\\u000D\\u0020]/g, '')  // eslint-disable-line\n\n  // 2. If data’s code point length divides by 4 leaving\n  // no remainder, then:\n  if (data.length % 4 === 0) {\n    // 1. If data ends with one or two U+003D (=) code points,\n    // then remove them from data.\n    data = data.replace(/=?=$/, '')\n  }\n\n  // 3. If data’s code point length divides by 4 leaving\n  // a remainder of 1, then return failure.\n  if (data.length % 4 === 1) {\n    return 'failure'\n  }\n\n  // 4. If data contains a code point that is not one of\n  //  U+002B (+)\n  //  U+002F (/)\n  //  ASCII alphanumeric\n  // then return failure.\n  if (/[^+/0-9A-Za-z]/.test(data)) {\n    return 'failure'\n  }\n\n  const binary = atob(data)\n  const bytes = new Uint8Array(binary.length)\n\n  for (let byte = 0; byte < binary.length; byte++) {\n    bytes[byte] = binary.charCodeAt(byte)\n  }\n\n  return bytes\n}\n\n// https://fetch.spec.whatwg.org/#collect-an-http-quoted-string\n// tests: https://fetch.spec.whatwg.org/#example-http-quoted-string\n/**\n * @param {string} input\n * @param {{ position: number }} position\n * @param {boolean?} extractValue\n */\nfunction collectAnHTTPQuotedString (input, position, extractValue) {\n  // 1. Let positionStart be position.\n  const positionStart = position.position\n\n  // 2. Let value be the empty string.\n  let value = ''\n\n  // 3. Assert: the code point at position within input\n  // is U+0022 (\").\n  assert(input[position.position] === '\"')\n\n  // 4. Advance position by 1.\n  position.position++\n\n  // 5. While true:\n  while (true) {\n    // 1. Append the result of collecting a sequence of code points\n    // that are not U+0022 (\") or U+005C (\\) from input, given\n    // position, to value.\n    value += collectASequenceOfCodePoints(\n      (char) => char !== '\"' && char !== '\\\\',\n      input,\n      position\n    )\n\n    // 2. If position is past the end of input, then break.\n    if (position.position >= input.length) {\n      break\n    }\n\n    // 3. Let quoteOrBackslash be the code point at position within\n    // input.\n    const quoteOrBackslash = input[position.position]\n\n    // 4. Advance position by 1.\n    position.position++\n\n    // 5. If quoteOrBackslash is U+005C (\\), then:\n    if (quoteOrBackslash === '\\\\') {\n      // 1. If position is past the end of input, then append\n      // U+005C (\\) to value and break.\n      if (position.position >= input.length) {\n        value += '\\\\'\n        break\n      }\n\n      // 2. Append the code point at position within input to value.\n      value += input[position.position]\n\n      // 3. Advance position by 1.\n      position.position++\n\n    // 6. Otherwise:\n    } else {\n      // 1. Assert: quoteOrBackslash is U+0022 (\").\n      assert(quoteOrBackslash === '\"')\n\n      // 2. Break.\n      break\n    }\n  }\n\n  // 6. If the extract-value flag is set, then return value.\n  if (extractValue) {\n    return value\n  }\n\n  // 7. Return the code points from positionStart to position,\n  // inclusive, within input.\n  return input.slice(positionStart, position.position)\n}\n\n/**\n * @see https://mimesniff.spec.whatwg.org/#serialize-a-mime-type\n */\nfunction serializeAMimeType (mimeType) {\n  assert(mimeType !== 'failure')\n  const { parameters, essence } = mimeType\n\n  // 1. Let serialization be the concatenation of mimeType’s\n  //    type, U+002F (/), and mimeType’s subtype.\n  let serialization = essence\n\n  // 2. For each name → value of mimeType’s parameters:\n  for (let [name, value] of parameters.entries()) {\n    // 1. Append U+003B (;) to serialization.\n    serialization += ';'\n\n    // 2. Append name to serialization.\n    serialization += name\n\n    // 3. Append U+003D (=) to serialization.\n    serialization += '='\n\n    // 4. If value does not solely contain HTTP token code\n    //    points or value is the empty string, then:\n    if (!HTTP_TOKEN_CODEPOINTS.test(value)) {\n      // 1. Precede each occurence of U+0022 (\") or\n      //    U+005C (\\) in value with U+005C (\\).\n      value = value.replace(/(\\\\|\")/g, '\\\\$1')\n\n      // 2. Prepend U+0022 (\") to value.\n      value = '\"' + value\n\n      // 3. Append U+0022 (\") to value.\n      value += '\"'\n    }\n\n    // 5. Append value to serialization.\n    serialization += value\n  }\n\n  // 3. Return serialization.\n  return serialization\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#http-whitespace\n * @param {string} char\n */\nfunction isHTTPWhiteSpace (char) {\n  return char === '\\r' || char === '\\n' || char === '\\t' || char === ' '\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#http-whitespace\n * @param {string} str\n */\nfunction removeHTTPWhitespace (str, leading = true, trailing = true) {\n  let lead = 0\n  let trail = str.length - 1\n\n  if (leading) {\n    for (; lead < str.length && isHTTPWhiteSpace(str[lead]); lead++);\n  }\n\n  if (trailing) {\n    for (; trail > 0 && isHTTPWhiteSpace(str[trail]); trail--);\n  }\n\n  return str.slice(lead, trail + 1)\n}\n\n/**\n * @see https://infra.spec.whatwg.org/#ascii-whitespace\n * @param {string} char\n */\nfunction isASCIIWhitespace (char) {\n  return char === '\\r' || char === '\\n' || char === '\\t' || char === '\\f' || char === ' '\n}\n\n/**\n * @see https://infra.spec.whatwg.org/#strip-leading-and-trailing-ascii-whitespace\n */\nfunction removeASCIIWhitespace (str, leading = true, trailing = true) {\n  let lead = 0\n  let trail = str.length - 1\n\n  if (leading) {\n    for (; lead < str.length && isASCIIWhitespace(str[lead]); lead++);\n  }\n\n  if (trailing) {\n    for (; trail > 0 && isASCIIWhitespace(str[trail]); trail--);\n  }\n\n  return str.slice(lead, trail + 1)\n}\n\nmodule.exports = {\n  dataURLProcessor,\n  URLSerializer,\n  collectASequenceOfCodePoints,\n  collectASequenceOfCodePointsFast,\n  stringPercentDecode,\n  parseMIMEType,\n  collectAnHTTPQuotedString,\n  serializeAMimeType\n}\n","'use strict'\n\nconst { Blob, File: NativeFile } = require('buffer')\nconst { types } = require('util')\nconst { kState } = require('./symbols')\nconst { isBlobLike } = require('./util')\nconst { webidl } = require('./webidl')\nconst { parseMIMEType, serializeAMimeType } = require('./dataURL')\nconst { kEnumerableProperty } = require('../core/util')\nconst encoder = new TextEncoder()\n\nclass File extends Blob {\n  constructor (fileBits, fileName, options = {}) {\n    // The File constructor is invoked with two or three parameters, depending\n    // on whether the optional dictionary parameter is used. When the File()\n    // constructor is invoked, user agents must run the following steps:\n    webidl.argumentLengthCheck(arguments, 2, { header: 'File constructor' })\n\n    fileBits = webidl.converters['sequence<BlobPart>'](fileBits)\n    fileName = webidl.converters.USVString(fileName)\n    options = webidl.converters.FilePropertyBag(options)\n\n    // 1. Let bytes be the result of processing blob parts given fileBits and\n    // options.\n    // Note: Blob handles this for us\n\n    // 2. Let n be the fileName argument to the constructor.\n    const n = fileName\n\n    // 3. Process FilePropertyBag dictionary argument by running the following\n    // substeps:\n\n    //    1. If the type member is provided and is not the empty string, let t\n    //    be set to the type dictionary member. If t contains any characters\n    //    outside the range U+0020 to U+007E, then set t to the empty string\n    //    and return from these substeps.\n    //    2. Convert every character in t to ASCII lowercase.\n    let t = options.type\n    let d\n\n    // eslint-disable-next-line no-labels\n    substep: {\n      if (t) {\n        t = parseMIMEType(t)\n\n        if (t === 'failure') {\n          t = ''\n          // eslint-disable-next-line no-labels\n          break substep\n        }\n\n        t = serializeAMimeType(t).toLowerCase()\n      }\n\n      //    3. If the lastModified member is provided, let d be set to the\n      //    lastModified dictionary member. If it is not provided, set d to the\n      //    current date and time represented as the number of milliseconds since\n      //    the Unix Epoch (which is the equivalent of Date.now() [ECMA-262]).\n      d = options.lastModified\n    }\n\n    // 4. Return a new File object F such that:\n    // F refers to the bytes byte sequence.\n    // F.size is set to the number of total bytes in bytes.\n    // F.name is set to n.\n    // F.type is set to t.\n    // F.lastModified is set to d.\n\n    super(processBlobParts(fileBits, options), { type: t })\n    this[kState] = {\n      name: n,\n      lastModified: d,\n      type: t\n    }\n  }\n\n  get name () {\n    webidl.brandCheck(this, File)\n\n    return this[kState].name\n  }\n\n  get lastModified () {\n    webidl.brandCheck(this, File)\n\n    return this[kState].lastModified\n  }\n\n  get type () {\n    webidl.brandCheck(this, File)\n\n    return this[kState].type\n  }\n}\n\nclass FileLike {\n  constructor (blobLike, fileName, options = {}) {\n    // TODO: argument idl type check\n\n    // The File constructor is invoked with two or three parameters, depending\n    // on whether the optional dictionary parameter is used. When the File()\n    // constructor is invoked, user agents must run the following steps:\n\n    // 1. Let bytes be the result of processing blob parts given fileBits and\n    // options.\n\n    // 2. Let n be the fileName argument to the constructor.\n    const n = fileName\n\n    // 3. Process FilePropertyBag dictionary argument by running the following\n    // substeps:\n\n    //    1. If the type member is provided and is not the empty string, let t\n    //    be set to the type dictionary member. If t contains any characters\n    //    outside the range U+0020 to U+007E, then set t to the empty string\n    //    and return from these substeps.\n    //    TODO\n    const t = options.type\n\n    //    2. Convert every character in t to ASCII lowercase.\n    //    TODO\n\n    //    3. If the lastModified member is provided, let d be set to the\n    //    lastModified dictionary member. If it is not provided, set d to the\n    //    current date and time represented as the number of milliseconds since\n    //    the Unix Epoch (which is the equivalent of Date.now() [ECMA-262]).\n    const d = options.lastModified ?? Date.now()\n\n    // 4. Return a new File object F such that:\n    // F refers to the bytes byte sequence.\n    // F.size is set to the number of total bytes in bytes.\n    // F.name is set to n.\n    // F.type is set to t.\n    // F.lastModified is set to d.\n\n    this[kState] = {\n      blobLike,\n      name: n,\n      type: t,\n      lastModified: d\n    }\n  }\n\n  stream (...args) {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.stream(...args)\n  }\n\n  arrayBuffer (...args) {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.arrayBuffer(...args)\n  }\n\n  slice (...args) {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.slice(...args)\n  }\n\n  text (...args) {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.text(...args)\n  }\n\n  get size () {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.size\n  }\n\n  get type () {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].blobLike.type\n  }\n\n  get name () {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].name\n  }\n\n  get lastModified () {\n    webidl.brandCheck(this, FileLike)\n\n    return this[kState].lastModified\n  }\n\n  get [Symbol.toStringTag] () {\n    return 'File'\n  }\n}\n\nObject.defineProperties(File.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'File',\n    configurable: true\n  },\n  name: kEnumerableProperty,\n  lastModified: kEnumerableProperty\n})\n\nwebidl.converters.Blob = webidl.interfaceConverter(Blob)\n\nwebidl.converters.BlobPart = function (V, opts) {\n  if (webidl.util.Type(V) === 'Object') {\n    if (isBlobLike(V)) {\n      return webidl.converters.Blob(V, { strict: false })\n    }\n\n    if (\n      ArrayBuffer.isView(V) ||\n      types.isAnyArrayBuffer(V)\n    ) {\n      return webidl.converters.BufferSource(V, opts)\n    }\n  }\n\n  return webidl.converters.USVString(V, opts)\n}\n\nwebidl.converters['sequence<BlobPart>'] = webidl.sequenceConverter(\n  webidl.converters.BlobPart\n)\n\n// https://www.w3.org/TR/FileAPI/#dfn-FilePropertyBag\nwebidl.converters.FilePropertyBag = webidl.dictionaryConverter([\n  {\n    key: 'lastModified',\n    converter: webidl.converters['long long'],\n    get defaultValue () {\n      return Date.now()\n    }\n  },\n  {\n    key: 'type',\n    converter: webidl.converters.DOMString,\n    defaultValue: ''\n  },\n  {\n    key: 'endings',\n    converter: (value) => {\n      value = webidl.converters.DOMString(value)\n      value = value.toLowerCase()\n\n      if (value !== 'native') {\n        value = 'transparent'\n      }\n\n      return value\n    },\n    defaultValue: 'transparent'\n  }\n])\n\n/**\n * @see https://www.w3.org/TR/FileAPI/#process-blob-parts\n * @param {(NodeJS.TypedArray|Blob|string)[]} parts\n * @param {{ type: string, endings: string }} options\n */\nfunction processBlobParts (parts, options) {\n  // 1. Let bytes be an empty sequence of bytes.\n  /** @type {NodeJS.TypedArray[]} */\n  const bytes = []\n\n  // 2. For each element in parts:\n  for (const element of parts) {\n    // 1. If element is a USVString, run the following substeps:\n    if (typeof element === 'string') {\n      // 1. Let s be element.\n      let s = element\n\n      // 2. If the endings member of options is \"native\", set s\n      //    to the result of converting line endings to native\n      //    of element.\n      if (options.endings === 'native') {\n        s = convertLineEndingsNative(s)\n      }\n\n      // 3. Append the result of UTF-8 encoding s to bytes.\n      bytes.push(encoder.encode(s))\n    } else if (\n      types.isAnyArrayBuffer(element) ||\n      types.isTypedArray(element)\n    ) {\n      // 2. If element is a BufferSource, get a copy of the\n      //    bytes held by the buffer source, and append those\n      //    bytes to bytes.\n      if (!element.buffer) { // ArrayBuffer\n        bytes.push(new Uint8Array(element))\n      } else {\n        bytes.push(\n          new Uint8Array(element.buffer, element.byteOffset, element.byteLength)\n        )\n      }\n    } else if (isBlobLike(element)) {\n      // 3. If element is a Blob, append the bytes it represents\n      //    to bytes.\n      bytes.push(element)\n    }\n  }\n\n  // 3. Return bytes.\n  return bytes\n}\n\n/**\n * @see https://www.w3.org/TR/FileAPI/#convert-line-endings-to-native\n * @param {string} s\n */\nfunction convertLineEndingsNative (s) {\n  // 1. Let native line ending be be the code point U+000A LF.\n  let nativeLineEnding = '\\n'\n\n  // 2. If the underlying platform’s conventions are to\n  //    represent newlines as a carriage return and line feed\n  //    sequence, set native line ending to the code point\n  //    U+000D CR followed by the code point U+000A LF.\n  if (process.platform === 'win32') {\n    nativeLineEnding = '\\r\\n'\n  }\n\n  return s.replace(/\\r?\\n/g, nativeLineEnding)\n}\n\n// If this function is moved to ./util.js, some tools (such as\n// rollup) will warn about circular dependencies. See:\n// https://github.com/nodejs/undici/issues/1629\nfunction isFileLike (object) {\n  return (\n    (NativeFile && object instanceof NativeFile) ||\n    object instanceof File || (\n      object &&\n      (typeof object.stream === 'function' ||\n      typeof object.arrayBuffer === 'function') &&\n      object[Symbol.toStringTag] === 'File'\n    )\n  )\n}\n\nmodule.exports = { File, FileLike, isFileLike }\n","'use strict'\n\nconst { isBlobLike, toUSVString, makeIterator } = require('./util')\nconst { kState } = require('./symbols')\nconst { File: UndiciFile, FileLike, isFileLike } = require('./file')\nconst { webidl } = require('./webidl')\nconst { Blob, File: NativeFile } = require('buffer')\n\n/** @type {globalThis['File']} */\nconst File = NativeFile ?? UndiciFile\n\n// https://xhr.spec.whatwg.org/#formdata\nclass FormData {\n  constructor (form) {\n    if (form !== undefined) {\n      throw webidl.errors.conversionFailed({\n        prefix: 'FormData constructor',\n        argument: 'Argument 1',\n        types: ['undefined']\n      })\n    }\n\n    this[kState] = []\n  }\n\n  append (name, value, filename = undefined) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 2, { header: 'FormData.append' })\n\n    if (arguments.length === 3 && !isBlobLike(value)) {\n      throw new TypeError(\n        \"Failed to execute 'append' on 'FormData': parameter 2 is not of type 'Blob'\"\n      )\n    }\n\n    // 1. Let value be value if given; otherwise blobValue.\n\n    name = webidl.converters.USVString(name)\n    value = isBlobLike(value)\n      ? webidl.converters.Blob(value, { strict: false })\n      : webidl.converters.USVString(value)\n    filename = arguments.length === 3\n      ? webidl.converters.USVString(filename)\n      : undefined\n\n    // 2. Let entry be the result of creating an entry with\n    // name, value, and filename if given.\n    const entry = makeEntry(name, value, filename)\n\n    // 3. Append entry to this’s entry list.\n    this[kState].push(entry)\n  }\n\n  delete (name) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FormData.delete' })\n\n    name = webidl.converters.USVString(name)\n\n    // The delete(name) method steps are to remove all entries whose name\n    // is name from this’s entry list.\n    this[kState] = this[kState].filter(entry => entry.name !== name)\n  }\n\n  get (name) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FormData.get' })\n\n    name = webidl.converters.USVString(name)\n\n    // 1. If there is no entry whose name is name in this’s entry list,\n    // then return null.\n    const idx = this[kState].findIndex((entry) => entry.name === name)\n    if (idx === -1) {\n      return null\n    }\n\n    // 2. Return the value of the first entry whose name is name from\n    // this’s entry list.\n    return this[kState][idx].value\n  }\n\n  getAll (name) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FormData.getAll' })\n\n    name = webidl.converters.USVString(name)\n\n    // 1. If there is no entry whose name is name in this’s entry list,\n    // then return the empty list.\n    // 2. Return the values of all entries whose name is name, in order,\n    // from this’s entry list.\n    return this[kState]\n      .filter((entry) => entry.name === name)\n      .map((entry) => entry.value)\n  }\n\n  has (name) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FormData.has' })\n\n    name = webidl.converters.USVString(name)\n\n    // The has(name) method steps are to return true if there is an entry\n    // whose name is name in this’s entry list; otherwise false.\n    return this[kState].findIndex((entry) => entry.name === name) !== -1\n  }\n\n  set (name, value, filename = undefined) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 2, { header: 'FormData.set' })\n\n    if (arguments.length === 3 && !isBlobLike(value)) {\n      throw new TypeError(\n        \"Failed to execute 'set' on 'FormData': parameter 2 is not of type 'Blob'\"\n      )\n    }\n\n    // The set(name, value) and set(name, blobValue, filename) method steps\n    // are:\n\n    // 1. Let value be value if given; otherwise blobValue.\n\n    name = webidl.converters.USVString(name)\n    value = isBlobLike(value)\n      ? webidl.converters.Blob(value, { strict: false })\n      : webidl.converters.USVString(value)\n    filename = arguments.length === 3\n      ? toUSVString(filename)\n      : undefined\n\n    // 2. Let entry be the result of creating an entry with name, value, and\n    // filename if given.\n    const entry = makeEntry(name, value, filename)\n\n    // 3. If there are entries in this’s entry list whose name is name, then\n    // replace the first such entry with entry and remove the others.\n    const idx = this[kState].findIndex((entry) => entry.name === name)\n    if (idx !== -1) {\n      this[kState] = [\n        ...this[kState].slice(0, idx),\n        entry,\n        ...this[kState].slice(idx + 1).filter((entry) => entry.name !== name)\n      ]\n    } else {\n      // 4. Otherwise, append entry to this’s entry list.\n      this[kState].push(entry)\n    }\n  }\n\n  entries () {\n    webidl.brandCheck(this, FormData)\n\n    return makeIterator(\n      () => this[kState].map(pair => [pair.name, pair.value]),\n      'FormData',\n      'key+value'\n    )\n  }\n\n  keys () {\n    webidl.brandCheck(this, FormData)\n\n    return makeIterator(\n      () => this[kState].map(pair => [pair.name, pair.value]),\n      'FormData',\n      'key'\n    )\n  }\n\n  values () {\n    webidl.brandCheck(this, FormData)\n\n    return makeIterator(\n      () => this[kState].map(pair => [pair.name, pair.value]),\n      'FormData',\n      'value'\n    )\n  }\n\n  /**\n   * @param {(value: string, key: string, self: FormData) => void} callbackFn\n   * @param {unknown} thisArg\n   */\n  forEach (callbackFn, thisArg = globalThis) {\n    webidl.brandCheck(this, FormData)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FormData.forEach' })\n\n    if (typeof callbackFn !== 'function') {\n      throw new TypeError(\n        \"Failed to execute 'forEach' on 'FormData': parameter 1 is not of type 'Function'.\"\n      )\n    }\n\n    for (const [key, value] of this) {\n      callbackFn.apply(thisArg, [value, key, this])\n    }\n  }\n}\n\nFormData.prototype[Symbol.iterator] = FormData.prototype.entries\n\nObject.defineProperties(FormData.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'FormData',\n    configurable: true\n  }\n})\n\n/**\n * @see https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#create-an-entry\n * @param {string} name\n * @param {string|Blob} value\n * @param {?string} filename\n * @returns\n */\nfunction makeEntry (name, value, filename) {\n  // 1. Set name to the result of converting name into a scalar value string.\n  // \"To convert a string into a scalar value string, replace any surrogates\n  //  with U+FFFD.\"\n  // see: https://nodejs.org/dist/latest-v18.x/docs/api/buffer.html#buftostringencoding-start-end\n  name = Buffer.from(name).toString('utf8')\n\n  // 2. If value is a string, then set value to the result of converting\n  //    value into a scalar value string.\n  if (typeof value === 'string') {\n    value = Buffer.from(value).toString('utf8')\n  } else {\n    // 3. Otherwise:\n\n    // 1. If value is not a File object, then set value to a new File object,\n    //    representing the same bytes, whose name attribute value is \"blob\"\n    if (!isFileLike(value)) {\n      value = value instanceof Blob\n        ? new File([value], 'blob', { type: value.type })\n        : new FileLike(value, 'blob', { type: value.type })\n    }\n\n    // 2. If filename is given, then set value to a new File object,\n    //    representing the same bytes, whose name attribute is filename.\n    if (filename !== undefined) {\n      /** @type {FilePropertyBag} */\n      const options = {\n        type: value.type,\n        lastModified: value.lastModified\n      }\n\n      value = (NativeFile && value instanceof NativeFile) || value instanceof UndiciFile\n        ? new File([value], filename, options)\n        : new FileLike(value, filename, options)\n    }\n  }\n\n  // 4. Return an entry whose name is name and whose value is value.\n  return { name, value }\n}\n\nmodule.exports = { FormData }\n","'use strict'\n\n// In case of breaking changes, increase the version\n// number to avoid conflicts.\nconst globalOrigin = Symbol.for('undici.globalOrigin.1')\n\nfunction getGlobalOrigin () {\n  return globalThis[globalOrigin]\n}\n\nfunction setGlobalOrigin (newOrigin) {\n  if (newOrigin === undefined) {\n    Object.defineProperty(globalThis, globalOrigin, {\n      value: undefined,\n      writable: true,\n      enumerable: false,\n      configurable: false\n    })\n\n    return\n  }\n\n  const parsedURL = new URL(newOrigin)\n\n  if (parsedURL.protocol !== 'http:' && parsedURL.protocol !== 'https:') {\n    throw new TypeError(`Only http & https urls are allowed, received ${parsedURL.protocol}`)\n  }\n\n  Object.defineProperty(globalThis, globalOrigin, {\n    value: parsedURL,\n    writable: true,\n    enumerable: false,\n    configurable: false\n  })\n}\n\nmodule.exports = {\n  getGlobalOrigin,\n  setGlobalOrigin\n}\n","// https://github.com/Ethan-Arrowood/undici-fetch\n\n'use strict'\n\nconst { kHeadersList, kConstruct } = require('../core/symbols')\nconst { kGuard } = require('./symbols')\nconst { kEnumerableProperty } = require('../core/util')\nconst {\n  makeIterator,\n  isValidHeaderName,\n  isValidHeaderValue\n} = require('./util')\nconst util = require('util')\nconst { webidl } = require('./webidl')\nconst assert = require('assert')\n\nconst kHeadersMap = Symbol('headers map')\nconst kHeadersSortedMap = Symbol('headers map sorted')\n\n/**\n * @param {number} code\n */\nfunction isHTTPWhiteSpaceCharCode (code) {\n  return code === 0x00a || code === 0x00d || code === 0x009 || code === 0x020\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#concept-header-value-normalize\n * @param {string} potentialValue\n */\nfunction headerValueNormalize (potentialValue) {\n  //  To normalize a byte sequence potentialValue, remove\n  //  any leading and trailing HTTP whitespace bytes from\n  //  potentialValue.\n  let i = 0; let j = potentialValue.length\n\n  while (j > i && isHTTPWhiteSpaceCharCode(potentialValue.charCodeAt(j - 1))) --j\n  while (j > i && isHTTPWhiteSpaceCharCode(potentialValue.charCodeAt(i))) ++i\n\n  return i === 0 && j === potentialValue.length ? potentialValue : potentialValue.substring(i, j)\n}\n\nfunction fill (headers, object) {\n  // To fill a Headers object headers with a given object object, run these steps:\n\n  // 1. If object is a sequence, then for each header in object:\n  // Note: webidl conversion to array has already been done.\n  if (Array.isArray(object)) {\n    for (let i = 0; i < object.length; ++i) {\n      const header = object[i]\n      // 1. If header does not contain exactly two items, then throw a TypeError.\n      if (header.length !== 2) {\n        throw webidl.errors.exception({\n          header: 'Headers constructor',\n          message: `expected name/value pair to be length 2, found ${header.length}.`\n        })\n      }\n\n      // 2. Append (header’s first item, header’s second item) to headers.\n      appendHeader(headers, header[0], header[1])\n    }\n  } else if (typeof object === 'object' && object !== null) {\n    // Note: null should throw\n\n    // 2. Otherwise, object is a record, then for each key → value in object,\n    //    append (key, value) to headers\n    const keys = Object.keys(object)\n    for (let i = 0; i < keys.length; ++i) {\n      appendHeader(headers, keys[i], object[keys[i]])\n    }\n  } else {\n    throw webidl.errors.conversionFailed({\n      prefix: 'Headers constructor',\n      argument: 'Argument 1',\n      types: ['sequence<sequence<ByteString>>', 'record<ByteString, ByteString>']\n    })\n  }\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#concept-headers-append\n */\nfunction appendHeader (headers, name, value) {\n  // 1. Normalize value.\n  value = headerValueNormalize(value)\n\n  // 2. If name is not a header name or value is not a\n  //    header value, then throw a TypeError.\n  if (!isValidHeaderName(name)) {\n    throw webidl.errors.invalidArgument({\n      prefix: 'Headers.append',\n      value: name,\n      type: 'header name'\n    })\n  } else if (!isValidHeaderValue(value)) {\n    throw webidl.errors.invalidArgument({\n      prefix: 'Headers.append',\n      value,\n      type: 'header value'\n    })\n  }\n\n  // 3. If headers’s guard is \"immutable\", then throw a TypeError.\n  // 4. Otherwise, if headers’s guard is \"request\" and name is a\n  //    forbidden header name, return.\n  // Note: undici does not implement forbidden header names\n  if (headers[kGuard] === 'immutable') {\n    throw new TypeError('immutable')\n  } else if (headers[kGuard] === 'request-no-cors') {\n    // 5. Otherwise, if headers’s guard is \"request-no-cors\":\n    // TODO\n  }\n\n  // 6. Otherwise, if headers’s guard is \"response\" and name is a\n  //    forbidden response-header name, return.\n\n  // 7. Append (name, value) to headers’s header list.\n  return headers[kHeadersList].append(name, value)\n\n  // 8. If headers’s guard is \"request-no-cors\", then remove\n  //    privileged no-CORS request headers from headers\n}\n\nclass HeadersList {\n  /** @type {[string, string][]|null} */\n  cookies = null\n\n  constructor (init) {\n    if (init instanceof HeadersList) {\n      this[kHeadersMap] = new Map(init[kHeadersMap])\n      this[kHeadersSortedMap] = init[kHeadersSortedMap]\n      this.cookies = init.cookies === null ? null : [...init.cookies]\n    } else {\n      this[kHeadersMap] = new Map(init)\n      this[kHeadersSortedMap] = null\n    }\n  }\n\n  // https://fetch.spec.whatwg.org/#header-list-contains\n  contains (name) {\n    // A header list list contains a header name name if list\n    // contains a header whose name is a byte-case-insensitive\n    // match for name.\n    name = name.toLowerCase()\n\n    return this[kHeadersMap].has(name)\n  }\n\n  clear () {\n    this[kHeadersMap].clear()\n    this[kHeadersSortedMap] = null\n    this.cookies = null\n  }\n\n  // https://fetch.spec.whatwg.org/#concept-header-list-append\n  append (name, value) {\n    this[kHeadersSortedMap] = null\n\n    // 1. If list contains name, then set name to the first such\n    //    header’s name.\n    const lowercaseName = name.toLowerCase()\n    const exists = this[kHeadersMap].get(lowercaseName)\n\n    // 2. Append (name, value) to list.\n    if (exists) {\n      const delimiter = lowercaseName === 'cookie' ? '; ' : ', '\n      this[kHeadersMap].set(lowercaseName, {\n        name: exists.name,\n        value: `${exists.value}${delimiter}${value}`\n      })\n    } else {\n      this[kHeadersMap].set(lowercaseName, { name, value })\n    }\n\n    if (lowercaseName === 'set-cookie') {\n      this.cookies ??= []\n      this.cookies.push(value)\n    }\n  }\n\n  // https://fetch.spec.whatwg.org/#concept-header-list-set\n  set (name, value) {\n    this[kHeadersSortedMap] = null\n    const lowercaseName = name.toLowerCase()\n\n    if (lowercaseName === 'set-cookie') {\n      this.cookies = [value]\n    }\n\n    // 1. If list contains name, then set the value of\n    //    the first such header to value and remove the\n    //    others.\n    // 2. Otherwise, append header (name, value) to list.\n    this[kHeadersMap].set(lowercaseName, { name, value })\n  }\n\n  // https://fetch.spec.whatwg.org/#concept-header-list-delete\n  delete (name) {\n    this[kHeadersSortedMap] = null\n\n    name = name.toLowerCase()\n\n    if (name === 'set-cookie') {\n      this.cookies = null\n    }\n\n    this[kHeadersMap].delete(name)\n  }\n\n  // https://fetch.spec.whatwg.org/#concept-header-list-get\n  get (name) {\n    const value = this[kHeadersMap].get(name.toLowerCase())\n\n    // 1. If list does not contain name, then return null.\n    // 2. Return the values of all headers in list whose name\n    //    is a byte-case-insensitive match for name,\n    //    separated from each other by 0x2C 0x20, in order.\n    return value === undefined ? null : value.value\n  }\n\n  * [Symbol.iterator] () {\n    // use the lowercased name\n    for (const [name, { value }] of this[kHeadersMap]) {\n      yield [name, value]\n    }\n  }\n\n  get entries () {\n    const headers = {}\n\n    if (this[kHeadersMap].size) {\n      for (const { name, value } of this[kHeadersMap].values()) {\n        headers[name] = value\n      }\n    }\n\n    return headers\n  }\n}\n\n// https://fetch.spec.whatwg.org/#headers-class\nclass Headers {\n  constructor (init = undefined) {\n    if (init === kConstruct) {\n      return\n    }\n    this[kHeadersList] = new HeadersList()\n\n    // The new Headers(init) constructor steps are:\n\n    // 1. Set this’s guard to \"none\".\n    this[kGuard] = 'none'\n\n    // 2. If init is given, then fill this with init.\n    if (init !== undefined) {\n      init = webidl.converters.HeadersInit(init)\n      fill(this, init)\n    }\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-append\n  append (name, value) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 2, { header: 'Headers.append' })\n\n    name = webidl.converters.ByteString(name)\n    value = webidl.converters.ByteString(value)\n\n    return appendHeader(this, name, value)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-delete\n  delete (name) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Headers.delete' })\n\n    name = webidl.converters.ByteString(name)\n\n    // 1. If name is not a header name, then throw a TypeError.\n    if (!isValidHeaderName(name)) {\n      throw webidl.errors.invalidArgument({\n        prefix: 'Headers.delete',\n        value: name,\n        type: 'header name'\n      })\n    }\n\n    // 2. If this’s guard is \"immutable\", then throw a TypeError.\n    // 3. Otherwise, if this’s guard is \"request\" and name is a\n    //    forbidden header name, return.\n    // 4. Otherwise, if this’s guard is \"request-no-cors\", name\n    //    is not a no-CORS-safelisted request-header name, and\n    //    name is not a privileged no-CORS request-header name,\n    //    return.\n    // 5. Otherwise, if this’s guard is \"response\" and name is\n    //    a forbidden response-header name, return.\n    // Note: undici does not implement forbidden header names\n    if (this[kGuard] === 'immutable') {\n      throw new TypeError('immutable')\n    } else if (this[kGuard] === 'request-no-cors') {\n      // TODO\n    }\n\n    // 6. If this’s header list does not contain name, then\n    //    return.\n    if (!this[kHeadersList].contains(name)) {\n      return\n    }\n\n    // 7. Delete name from this’s header list.\n    // 8. If this’s guard is \"request-no-cors\", then remove\n    //    privileged no-CORS request headers from this.\n    this[kHeadersList].delete(name)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-get\n  get (name) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Headers.get' })\n\n    name = webidl.converters.ByteString(name)\n\n    // 1. If name is not a header name, then throw a TypeError.\n    if (!isValidHeaderName(name)) {\n      throw webidl.errors.invalidArgument({\n        prefix: 'Headers.get',\n        value: name,\n        type: 'header name'\n      })\n    }\n\n    // 2. Return the result of getting name from this’s header\n    //    list.\n    return this[kHeadersList].get(name)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-has\n  has (name) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Headers.has' })\n\n    name = webidl.converters.ByteString(name)\n\n    // 1. If name is not a header name, then throw a TypeError.\n    if (!isValidHeaderName(name)) {\n      throw webidl.errors.invalidArgument({\n        prefix: 'Headers.has',\n        value: name,\n        type: 'header name'\n      })\n    }\n\n    // 2. Return true if this’s header list contains name;\n    //    otherwise false.\n    return this[kHeadersList].contains(name)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-set\n  set (name, value) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 2, { header: 'Headers.set' })\n\n    name = webidl.converters.ByteString(name)\n    value = webidl.converters.ByteString(value)\n\n    // 1. Normalize value.\n    value = headerValueNormalize(value)\n\n    // 2. If name is not a header name or value is not a\n    //    header value, then throw a TypeError.\n    if (!isValidHeaderName(name)) {\n      throw webidl.errors.invalidArgument({\n        prefix: 'Headers.set',\n        value: name,\n        type: 'header name'\n      })\n    } else if (!isValidHeaderValue(value)) {\n      throw webidl.errors.invalidArgument({\n        prefix: 'Headers.set',\n        value,\n        type: 'header value'\n      })\n    }\n\n    // 3. If this’s guard is \"immutable\", then throw a TypeError.\n    // 4. Otherwise, if this’s guard is \"request\" and name is a\n    //    forbidden header name, return.\n    // 5. Otherwise, if this’s guard is \"request-no-cors\" and\n    //    name/value is not a no-CORS-safelisted request-header,\n    //    return.\n    // 6. Otherwise, if this’s guard is \"response\" and name is a\n    //    forbidden response-header name, return.\n    // Note: undici does not implement forbidden header names\n    if (this[kGuard] === 'immutable') {\n      throw new TypeError('immutable')\n    } else if (this[kGuard] === 'request-no-cors') {\n      // TODO\n    }\n\n    // 7. Set (name, value) in this’s header list.\n    // 8. If this’s guard is \"request-no-cors\", then remove\n    //    privileged no-CORS request headers from this\n    this[kHeadersList].set(name, value)\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-headers-getsetcookie\n  getSetCookie () {\n    webidl.brandCheck(this, Headers)\n\n    // 1. If this’s header list does not contain `Set-Cookie`, then return « ».\n    // 2. Return the values of all headers in this’s header list whose name is\n    //    a byte-case-insensitive match for `Set-Cookie`, in order.\n\n    const list = this[kHeadersList].cookies\n\n    if (list) {\n      return [...list]\n    }\n\n    return []\n  }\n\n  // https://fetch.spec.whatwg.org/#concept-header-list-sort-and-combine\n  get [kHeadersSortedMap] () {\n    if (this[kHeadersList][kHeadersSortedMap]) {\n      return this[kHeadersList][kHeadersSortedMap]\n    }\n\n    // 1. Let headers be an empty list of headers with the key being the name\n    //    and value the value.\n    const headers = []\n\n    // 2. Let names be the result of convert header names to a sorted-lowercase\n    //    set with all the names of the headers in list.\n    const names = [...this[kHeadersList]].sort((a, b) => a[0] < b[0] ? -1 : 1)\n    const cookies = this[kHeadersList].cookies\n\n    // 3. For each name of names:\n    for (let i = 0; i < names.length; ++i) {\n      const [name, value] = names[i]\n      // 1. If name is `set-cookie`, then:\n      if (name === 'set-cookie') {\n        // 1. Let values be a list of all values of headers in list whose name\n        //    is a byte-case-insensitive match for name, in order.\n\n        // 2. For each value of values:\n        // 1. Append (name, value) to headers.\n        for (let j = 0; j < cookies.length; ++j) {\n          headers.push([name, cookies[j]])\n        }\n      } else {\n        // 2. Otherwise:\n\n        // 1. Let value be the result of getting name from list.\n\n        // 2. Assert: value is non-null.\n        assert(value !== null)\n\n        // 3. Append (name, value) to headers.\n        headers.push([name, value])\n      }\n    }\n\n    this[kHeadersList][kHeadersSortedMap] = headers\n\n    // 4. Return headers.\n    return headers\n  }\n\n  keys () {\n    webidl.brandCheck(this, Headers)\n\n    if (this[kGuard] === 'immutable') {\n      const value = this[kHeadersSortedMap]\n      return makeIterator(() => value, 'Headers',\n        'key')\n    }\n\n    return makeIterator(\n      () => [...this[kHeadersSortedMap].values()],\n      'Headers',\n      'key'\n    )\n  }\n\n  values () {\n    webidl.brandCheck(this, Headers)\n\n    if (this[kGuard] === 'immutable') {\n      const value = this[kHeadersSortedMap]\n      return makeIterator(() => value, 'Headers',\n        'value')\n    }\n\n    return makeIterator(\n      () => [...this[kHeadersSortedMap].values()],\n      'Headers',\n      'value'\n    )\n  }\n\n  entries () {\n    webidl.brandCheck(this, Headers)\n\n    if (this[kGuard] === 'immutable') {\n      const value = this[kHeadersSortedMap]\n      return makeIterator(() => value, 'Headers',\n        'key+value')\n    }\n\n    return makeIterator(\n      () => [...this[kHeadersSortedMap].values()],\n      'Headers',\n      'key+value'\n    )\n  }\n\n  /**\n   * @param {(value: string, key: string, self: Headers) => void} callbackFn\n   * @param {unknown} thisArg\n   */\n  forEach (callbackFn, thisArg = globalThis) {\n    webidl.brandCheck(this, Headers)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Headers.forEach' })\n\n    if (typeof callbackFn !== 'function') {\n      throw new TypeError(\n        \"Failed to execute 'forEach' on 'Headers': parameter 1 is not of type 'Function'.\"\n      )\n    }\n\n    for (const [key, value] of this) {\n      callbackFn.apply(thisArg, [value, key, this])\n    }\n  }\n\n  [Symbol.for('nodejs.util.inspect.custom')] () {\n    webidl.brandCheck(this, Headers)\n\n    return this[kHeadersList]\n  }\n}\n\nHeaders.prototype[Symbol.iterator] = Headers.prototype.entries\n\nObject.defineProperties(Headers.prototype, {\n  append: kEnumerableProperty,\n  delete: kEnumerableProperty,\n  get: kEnumerableProperty,\n  has: kEnumerableProperty,\n  set: kEnumerableProperty,\n  getSetCookie: kEnumerableProperty,\n  keys: kEnumerableProperty,\n  values: kEnumerableProperty,\n  entries: kEnumerableProperty,\n  forEach: kEnumerableProperty,\n  [Symbol.iterator]: { enumerable: false },\n  [Symbol.toStringTag]: {\n    value: 'Headers',\n    configurable: true\n  },\n  [util.inspect.custom]: {\n    enumerable: false\n  }\n})\n\nwebidl.converters.HeadersInit = function (V) {\n  if (webidl.util.Type(V) === 'Object') {\n    if (V[Symbol.iterator]) {\n      return webidl.converters['sequence<sequence<ByteString>>'](V)\n    }\n\n    return webidl.converters['record<ByteString, ByteString>'](V)\n  }\n\n  throw webidl.errors.conversionFailed({\n    prefix: 'Headers constructor',\n    argument: 'Argument 1',\n    types: ['sequence<sequence<ByteString>>', 'record<ByteString, ByteString>']\n  })\n}\n\nmodule.exports = {\n  fill,\n  Headers,\n  HeadersList\n}\n","// https://github.com/Ethan-Arrowood/undici-fetch\n\n'use strict'\n\nconst {\n  Response,\n  makeNetworkError,\n  makeAppropriateNetworkError,\n  filterResponse,\n  makeResponse\n} = require('./response')\nconst { Headers } = require('./headers')\nconst { Request, makeRequest } = require('./request')\nconst zlib = require('zlib')\nconst {\n  bytesMatch,\n  makePolicyContainer,\n  clonePolicyContainer,\n  requestBadPort,\n  TAOCheck,\n  appendRequestOriginHeader,\n  responseLocationURL,\n  requestCurrentURL,\n  setRequestReferrerPolicyOnRedirect,\n  tryUpgradeRequestToAPotentiallyTrustworthyURL,\n  createOpaqueTimingInfo,\n  appendFetchMetadata,\n  corsCheck,\n  crossOriginResourcePolicyCheck,\n  determineRequestsReferrer,\n  coarsenedSharedCurrentTime,\n  createDeferredPromise,\n  isBlobLike,\n  sameOrigin,\n  isCancelled,\n  isAborted,\n  isErrorLike,\n  fullyReadBody,\n  readableStreamClose,\n  isomorphicEncode,\n  urlIsLocal,\n  urlIsHttpHttpsScheme,\n  urlHasHttpsScheme\n} = require('./util')\nconst { kState, kHeaders, kGuard, kRealm } = require('./symbols')\nconst assert = require('assert')\nconst { safelyExtractBody } = require('./body')\nconst {\n  redirectStatusSet,\n  nullBodyStatus,\n  safeMethodsSet,\n  requestBodyHeader,\n  subresourceSet,\n  DOMException\n} = require('./constants')\nconst { kHeadersList } = require('../core/symbols')\nconst EE = require('events')\nconst { Readable, pipeline } = require('stream')\nconst { addAbortListener, isErrored, isReadable, nodeMajor, nodeMinor } = require('../core/util')\nconst { dataURLProcessor, serializeAMimeType } = require('./dataURL')\nconst { TransformStream } = require('stream/web')\nconst { getGlobalDispatcher } = require('../global')\nconst { webidl } = require('./webidl')\nconst { STATUS_CODES } = require('http')\nconst GET_OR_HEAD = ['GET', 'HEAD']\n\n/** @type {import('buffer').resolveObjectURL} */\nlet resolveObjectURL\nlet ReadableStream = globalThis.ReadableStream\n\nclass Fetch extends EE {\n  constructor (dispatcher) {\n    super()\n\n    this.dispatcher = dispatcher\n    this.connection = null\n    this.dump = false\n    this.state = 'ongoing'\n    // 2 terminated listeners get added per request,\n    // but only 1 gets removed. If there are 20 redirects,\n    // 21 listeners will be added.\n    // See https://github.com/nodejs/undici/issues/1711\n    // TODO (fix): Find and fix root cause for leaked listener.\n    this.setMaxListeners(21)\n  }\n\n  terminate (reason) {\n    if (this.state !== 'ongoing') {\n      return\n    }\n\n    this.state = 'terminated'\n    this.connection?.destroy(reason)\n    this.emit('terminated', reason)\n  }\n\n  // https://fetch.spec.whatwg.org/#fetch-controller-abort\n  abort (error) {\n    if (this.state !== 'ongoing') {\n      return\n    }\n\n    // 1. Set controller’s state to \"aborted\".\n    this.state = 'aborted'\n\n    // 2. Let fallbackError be an \"AbortError\" DOMException.\n    // 3. Set error to fallbackError if it is not given.\n    if (!error) {\n      error = new DOMException('The operation was aborted.', 'AbortError')\n    }\n\n    // 4. Let serializedError be StructuredSerialize(error).\n    //    If that threw an exception, catch it, and let\n    //    serializedError be StructuredSerialize(fallbackError).\n\n    // 5. Set controller’s serialized abort reason to serializedError.\n    this.serializedAbortReason = error\n\n    this.connection?.destroy(error)\n    this.emit('terminated', error)\n  }\n}\n\n// https://fetch.spec.whatwg.org/#fetch-method\nfunction fetch (input, init = {}) {\n  webidl.argumentLengthCheck(arguments, 1, { header: 'globalThis.fetch' })\n\n  // 1. Let p be a new promise.\n  const p = createDeferredPromise()\n\n  // 2. Let requestObject be the result of invoking the initial value of\n  // Request as constructor with input and init as arguments. If this throws\n  // an exception, reject p with it and return p.\n  let requestObject\n\n  try {\n    requestObject = new Request(input, init)\n  } catch (e) {\n    p.reject(e)\n    return p.promise\n  }\n\n  // 3. Let request be requestObject’s request.\n  const request = requestObject[kState]\n\n  // 4. If requestObject’s signal’s aborted flag is set, then:\n  if (requestObject.signal.aborted) {\n    // 1. Abort the fetch() call with p, request, null, and\n    //    requestObject’s signal’s abort reason.\n    abortFetch(p, request, null, requestObject.signal.reason)\n\n    // 2. Return p.\n    return p.promise\n  }\n\n  // 5. Let globalObject be request’s client’s global object.\n  const globalObject = request.client.globalObject\n\n  // 6. If globalObject is a ServiceWorkerGlobalScope object, then set\n  // request’s service-workers mode to \"none\".\n  if (globalObject?.constructor?.name === 'ServiceWorkerGlobalScope') {\n    request.serviceWorkers = 'none'\n  }\n\n  // 7. Let responseObject be null.\n  let responseObject = null\n\n  // 8. Let relevantRealm be this’s relevant Realm.\n  const relevantRealm = null\n\n  // 9. Let locallyAborted be false.\n  let locallyAborted = false\n\n  // 10. Let controller be null.\n  let controller = null\n\n  // 11. Add the following abort steps to requestObject’s signal:\n  addAbortListener(\n    requestObject.signal,\n    () => {\n      // 1. Set locallyAborted to true.\n      locallyAborted = true\n\n      // 2. Assert: controller is non-null.\n      assert(controller != null)\n\n      // 3. Abort controller with requestObject’s signal’s abort reason.\n      controller.abort(requestObject.signal.reason)\n\n      // 4. Abort the fetch() call with p, request, responseObject,\n      //    and requestObject’s signal’s abort reason.\n      abortFetch(p, request, responseObject, requestObject.signal.reason)\n    }\n  )\n\n  // 12. Let handleFetchDone given response response be to finalize and\n  // report timing with response, globalObject, and \"fetch\".\n  const handleFetchDone = (response) =>\n    finalizeAndReportTiming(response, 'fetch')\n\n  // 13. Set controller to the result of calling fetch given request,\n  // with processResponseEndOfBody set to handleFetchDone, and processResponse\n  // given response being these substeps:\n\n  const processResponse = (response) => {\n    // 1. If locallyAborted is true, terminate these substeps.\n    if (locallyAborted) {\n      return Promise.resolve()\n    }\n\n    // 2. If response’s aborted flag is set, then:\n    if (response.aborted) {\n      // 1. Let deserializedError be the result of deserialize a serialized\n      //    abort reason given controller’s serialized abort reason and\n      //    relevantRealm.\n\n      // 2. Abort the fetch() call with p, request, responseObject, and\n      //    deserializedError.\n\n      abortFetch(p, request, responseObject, controller.serializedAbortReason)\n      return Promise.resolve()\n    }\n\n    // 3. If response is a network error, then reject p with a TypeError\n    // and terminate these substeps.\n    if (response.type === 'error') {\n      p.reject(\n        Object.assign(new TypeError('fetch failed'), { cause: response.error })\n      )\n      return Promise.resolve()\n    }\n\n    // 4. Set responseObject to the result of creating a Response object,\n    // given response, \"immutable\", and relevantRealm.\n    responseObject = new Response()\n    responseObject[kState] = response\n    responseObject[kRealm] = relevantRealm\n    responseObject[kHeaders][kHeadersList] = response.headersList\n    responseObject[kHeaders][kGuard] = 'immutable'\n    responseObject[kHeaders][kRealm] = relevantRealm\n\n    // 5. Resolve p with responseObject.\n    p.resolve(responseObject)\n  }\n\n  controller = fetching({\n    request,\n    processResponseEndOfBody: handleFetchDone,\n    processResponse,\n    dispatcher: init.dispatcher ?? getGlobalDispatcher() // undici\n  })\n\n  // 14. Return p.\n  return p.promise\n}\n\n// https://fetch.spec.whatwg.org/#finalize-and-report-timing\nfunction finalizeAndReportTiming (response, initiatorType = 'other') {\n  // 1. If response is an aborted network error, then return.\n  if (response.type === 'error' && response.aborted) {\n    return\n  }\n\n  // 2. If response’s URL list is null or empty, then return.\n  if (!response.urlList?.length) {\n    return\n  }\n\n  // 3. Let originalURL be response’s URL list[0].\n  const originalURL = response.urlList[0]\n\n  // 4. Let timingInfo be response’s timing info.\n  let timingInfo = response.timingInfo\n\n  // 5. Let cacheState be response’s cache state.\n  let cacheState = response.cacheState\n\n  // 6. If originalURL’s scheme is not an HTTP(S) scheme, then return.\n  if (!urlIsHttpHttpsScheme(originalURL)) {\n    return\n  }\n\n  // 7. If timingInfo is null, then return.\n  if (timingInfo === null) {\n    return\n  }\n\n  // 8. If response’s timing allow passed flag is not set, then:\n  if (!response.timingAllowPassed) {\n    //  1. Set timingInfo to a the result of creating an opaque timing info for timingInfo.\n    timingInfo = createOpaqueTimingInfo({\n      startTime: timingInfo.startTime\n    })\n\n    //  2. Set cacheState to the empty string.\n    cacheState = ''\n  }\n\n  // 9. Set timingInfo’s end time to the coarsened shared current time\n  // given global’s relevant settings object’s cross-origin isolated\n  // capability.\n  // TODO: given global’s relevant settings object’s cross-origin isolated\n  // capability?\n  timingInfo.endTime = coarsenedSharedCurrentTime()\n\n  // 10. Set response’s timing info to timingInfo.\n  response.timingInfo = timingInfo\n\n  // 11. Mark resource timing for timingInfo, originalURL, initiatorType,\n  // global, and cacheState.\n  markResourceTiming(\n    timingInfo,\n    originalURL,\n    initiatorType,\n    globalThis,\n    cacheState\n  )\n}\n\n// https://w3c.github.io/resource-timing/#dfn-mark-resource-timing\nfunction markResourceTiming (timingInfo, originalURL, initiatorType, globalThis, cacheState) {\n  if (nodeMajor > 18 || (nodeMajor === 18 && nodeMinor >= 2)) {\n    performance.markResourceTiming(timingInfo, originalURL.href, initiatorType, globalThis, cacheState)\n  }\n}\n\n// https://fetch.spec.whatwg.org/#abort-fetch\nfunction abortFetch (p, request, responseObject, error) {\n  // Note: AbortSignal.reason was added in node v17.2.0\n  // which would give us an undefined error to reject with.\n  // Remove this once node v16 is no longer supported.\n  if (!error) {\n    error = new DOMException('The operation was aborted.', 'AbortError')\n  }\n\n  // 1. Reject promise with error.\n  p.reject(error)\n\n  // 2. If request’s body is not null and is readable, then cancel request’s\n  // body with error.\n  if (request.body != null && isReadable(request.body?.stream)) {\n    request.body.stream.cancel(error).catch((err) => {\n      if (err.code === 'ERR_INVALID_STATE') {\n        // Node bug?\n        return\n      }\n      throw err\n    })\n  }\n\n  // 3. If responseObject is null, then return.\n  if (responseObject == null) {\n    return\n  }\n\n  // 4. Let response be responseObject’s response.\n  const response = responseObject[kState]\n\n  // 5. If response’s body is not null and is readable, then error response’s\n  // body with error.\n  if (response.body != null && isReadable(response.body?.stream)) {\n    response.body.stream.cancel(error).catch((err) => {\n      if (err.code === 'ERR_INVALID_STATE') {\n        // Node bug?\n        return\n      }\n      throw err\n    })\n  }\n}\n\n// https://fetch.spec.whatwg.org/#fetching\nfunction fetching ({\n  request,\n  processRequestBodyChunkLength,\n  processRequestEndOfBody,\n  processResponse,\n  processResponseEndOfBody,\n  processResponseConsumeBody,\n  useParallelQueue = false,\n  dispatcher // undici\n}) {\n  // 1. Let taskDestination be null.\n  let taskDestination = null\n\n  // 2. Let crossOriginIsolatedCapability be false.\n  let crossOriginIsolatedCapability = false\n\n  // 3. If request’s client is non-null, then:\n  if (request.client != null) {\n    // 1. Set taskDestination to request’s client’s global object.\n    taskDestination = request.client.globalObject\n\n    // 2. Set crossOriginIsolatedCapability to request’s client’s cross-origin\n    // isolated capability.\n    crossOriginIsolatedCapability =\n      request.client.crossOriginIsolatedCapability\n  }\n\n  // 4. If useParallelQueue is true, then set taskDestination to the result of\n  // starting a new parallel queue.\n  // TODO\n\n  // 5. Let timingInfo be a new fetch timing info whose start time and\n  // post-redirect start time are the coarsened shared current time given\n  // crossOriginIsolatedCapability.\n  const currenTime = coarsenedSharedCurrentTime(crossOriginIsolatedCapability)\n  const timingInfo = createOpaqueTimingInfo({\n    startTime: currenTime\n  })\n\n  // 6. Let fetchParams be a new fetch params whose\n  // request is request,\n  // timing info is timingInfo,\n  // process request body chunk length is processRequestBodyChunkLength,\n  // process request end-of-body is processRequestEndOfBody,\n  // process response is processResponse,\n  // process response consume body is processResponseConsumeBody,\n  // process response end-of-body is processResponseEndOfBody,\n  // task destination is taskDestination,\n  // and cross-origin isolated capability is crossOriginIsolatedCapability.\n  const fetchParams = {\n    controller: new Fetch(dispatcher),\n    request,\n    timingInfo,\n    processRequestBodyChunkLength,\n    processRequestEndOfBody,\n    processResponse,\n    processResponseConsumeBody,\n    processResponseEndOfBody,\n    taskDestination,\n    crossOriginIsolatedCapability\n  }\n\n  // 7. If request’s body is a byte sequence, then set request’s body to\n  //    request’s body as a body.\n  // NOTE: Since fetching is only called from fetch, body should already be\n  // extracted.\n  assert(!request.body || request.body.stream)\n\n  // 8. If request’s window is \"client\", then set request’s window to request’s\n  // client, if request’s client’s global object is a Window object; otherwise\n  // \"no-window\".\n  if (request.window === 'client') {\n    // TODO: What if request.client is null?\n    request.window =\n      request.client?.globalObject?.constructor?.name === 'Window'\n        ? request.client\n        : 'no-window'\n  }\n\n  // 9. If request’s origin is \"client\", then set request’s origin to request’s\n  // client’s origin.\n  if (request.origin === 'client') {\n    // TODO: What if request.client is null?\n    request.origin = request.client?.origin\n  }\n\n  // 10. If all of the following conditions are true:\n  // TODO\n\n  // 11. If request’s policy container is \"client\", then:\n  if (request.policyContainer === 'client') {\n    // 1. If request’s client is non-null, then set request’s policy\n    // container to a clone of request’s client’s policy container. [HTML]\n    if (request.client != null) {\n      request.policyContainer = clonePolicyContainer(\n        request.client.policyContainer\n      )\n    } else {\n      // 2. Otherwise, set request’s policy container to a new policy\n      // container.\n      request.policyContainer = makePolicyContainer()\n    }\n  }\n\n  // 12. If request’s header list does not contain `Accept`, then:\n  if (!request.headersList.contains('accept')) {\n    // 1. Let value be `*/*`.\n    const value = '*/*'\n\n    // 2. A user agent should set value to the first matching statement, if\n    // any, switching on request’s destination:\n    // \"document\"\n    // \"frame\"\n    // \"iframe\"\n    // `text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8`\n    // \"image\"\n    // `image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5`\n    // \"style\"\n    // `text/css,*/*;q=0.1`\n    // TODO\n\n    // 3. Append `Accept`/value to request’s header list.\n    request.headersList.append('accept', value)\n  }\n\n  // 13. If request’s header list does not contain `Accept-Language`, then\n  // user agents should append `Accept-Language`/an appropriate value to\n  // request’s header list.\n  if (!request.headersList.contains('accept-language')) {\n    request.headersList.append('accept-language', '*')\n  }\n\n  // 14. If request’s priority is null, then use request’s initiator and\n  // destination appropriately in setting request’s priority to a\n  // user-agent-defined object.\n  if (request.priority === null) {\n    // TODO\n  }\n\n  // 15. If request is a subresource request, then:\n  if (subresourceSet.has(request.destination)) {\n    // TODO\n  }\n\n  // 16. Run main fetch given fetchParams.\n  mainFetch(fetchParams)\n    .catch(err => {\n      fetchParams.controller.terminate(err)\n    })\n\n  // 17. Return fetchParam's controller\n  return fetchParams.controller\n}\n\n// https://fetch.spec.whatwg.org/#concept-main-fetch\nasync function mainFetch (fetchParams, recursive = false) {\n  // 1. Let request be fetchParams’s request.\n  const request = fetchParams.request\n\n  // 2. Let response be null.\n  let response = null\n\n  // 3. If request’s local-URLs-only flag is set and request’s current URL is\n  // not local, then set response to a network error.\n  if (request.localURLsOnly && !urlIsLocal(requestCurrentURL(request))) {\n    response = makeNetworkError('local URLs only')\n  }\n\n  // 4. Run report Content Security Policy violations for request.\n  // TODO\n\n  // 5. Upgrade request to a potentially trustworthy URL, if appropriate.\n  tryUpgradeRequestToAPotentiallyTrustworthyURL(request)\n\n  // 6. If should request be blocked due to a bad port, should fetching request\n  // be blocked as mixed content, or should request be blocked by Content\n  // Security Policy returns blocked, then set response to a network error.\n  if (requestBadPort(request) === 'blocked') {\n    response = makeNetworkError('bad port')\n  }\n  // TODO: should fetching request be blocked as mixed content?\n  // TODO: should request be blocked by Content Security Policy?\n\n  // 7. If request’s referrer policy is the empty string, then set request’s\n  // referrer policy to request’s policy container’s referrer policy.\n  if (request.referrerPolicy === '') {\n    request.referrerPolicy = request.policyContainer.referrerPolicy\n  }\n\n  // 8. If request’s referrer is not \"no-referrer\", then set request’s\n  // referrer to the result of invoking determine request’s referrer.\n  if (request.referrer !== 'no-referrer') {\n    request.referrer = determineRequestsReferrer(request)\n  }\n\n  // 9. Set request’s current URL’s scheme to \"https\" if all of the following\n  // conditions are true:\n  // - request’s current URL’s scheme is \"http\"\n  // - request’s current URL’s host is a domain\n  // - Matching request’s current URL’s host per Known HSTS Host Domain Name\n  //   Matching results in either a superdomain match with an asserted\n  //   includeSubDomains directive or a congruent match (with or without an\n  //   asserted includeSubDomains directive). [HSTS]\n  // TODO\n\n  // 10. If recursive is false, then run the remaining steps in parallel.\n  // TODO\n\n  // 11. If response is null, then set response to the result of running\n  // the steps corresponding to the first matching statement:\n  if (response === null) {\n    response = await (async () => {\n      const currentURL = requestCurrentURL(request)\n\n      if (\n        // - request’s current URL’s origin is same origin with request’s origin,\n        //   and request’s response tainting is \"basic\"\n        (sameOrigin(currentURL, request.url) && request.responseTainting === 'basic') ||\n        // request’s current URL’s scheme is \"data\"\n        (currentURL.protocol === 'data:') ||\n        // - request’s mode is \"navigate\" or \"websocket\"\n        (request.mode === 'navigate' || request.mode === 'websocket')\n      ) {\n        // 1. Set request’s response tainting to \"basic\".\n        request.responseTainting = 'basic'\n\n        // 2. Return the result of running scheme fetch given fetchParams.\n        return await schemeFetch(fetchParams)\n      }\n\n      // request’s mode is \"same-origin\"\n      if (request.mode === 'same-origin') {\n        // 1. Return a network error.\n        return makeNetworkError('request mode cannot be \"same-origin\"')\n      }\n\n      // request’s mode is \"no-cors\"\n      if (request.mode === 'no-cors') {\n        // 1. If request’s redirect mode is not \"follow\", then return a network\n        // error.\n        if (request.redirect !== 'follow') {\n          return makeNetworkError(\n            'redirect mode cannot be \"follow\" for \"no-cors\" request'\n          )\n        }\n\n        // 2. Set request’s response tainting to \"opaque\".\n        request.responseTainting = 'opaque'\n\n        // 3. Return the result of running scheme fetch given fetchParams.\n        return await schemeFetch(fetchParams)\n      }\n\n      // request’s current URL’s scheme is not an HTTP(S) scheme\n      if (!urlIsHttpHttpsScheme(requestCurrentURL(request))) {\n        // Return a network error.\n        return makeNetworkError('URL scheme must be a HTTP(S) scheme')\n      }\n\n      // - request’s use-CORS-preflight flag is set\n      // - request’s unsafe-request flag is set and either request’s method is\n      //   not a CORS-safelisted method or CORS-unsafe request-header names with\n      //   request’s header list is not empty\n      //    1. Set request’s response tainting to \"cors\".\n      //    2. Let corsWithPreflightResponse be the result of running HTTP fetch\n      //    given fetchParams and true.\n      //    3. If corsWithPreflightResponse is a network error, then clear cache\n      //    entries using request.\n      //    4. Return corsWithPreflightResponse.\n      // TODO\n\n      // Otherwise\n      //    1. Set request’s response tainting to \"cors\".\n      request.responseTainting = 'cors'\n\n      //    2. Return the result of running HTTP fetch given fetchParams.\n      return await httpFetch(fetchParams)\n    })()\n  }\n\n  // 12. If recursive is true, then return response.\n  if (recursive) {\n    return response\n  }\n\n  // 13. If response is not a network error and response is not a filtered\n  // response, then:\n  if (response.status !== 0 && !response.internalResponse) {\n    // If request’s response tainting is \"cors\", then:\n    if (request.responseTainting === 'cors') {\n      // 1. Let headerNames be the result of extracting header list values\n      // given `Access-Control-Expose-Headers` and response’s header list.\n      // TODO\n      // 2. If request’s credentials mode is not \"include\" and headerNames\n      // contains `*`, then set response’s CORS-exposed header-name list to\n      // all unique header names in response’s header list.\n      // TODO\n      // 3. Otherwise, if headerNames is not null or failure, then set\n      // response’s CORS-exposed header-name list to headerNames.\n      // TODO\n    }\n\n    // Set response to the following filtered response with response as its\n    // internal response, depending on request’s response tainting:\n    if (request.responseTainting === 'basic') {\n      response = filterResponse(response, 'basic')\n    } else if (request.responseTainting === 'cors') {\n      response = filterResponse(response, 'cors')\n    } else if (request.responseTainting === 'opaque') {\n      response = filterResponse(response, 'opaque')\n    } else {\n      assert(false)\n    }\n  }\n\n  // 14. Let internalResponse be response, if response is a network error,\n  // and response’s internal response otherwise.\n  let internalResponse =\n    response.status === 0 ? response : response.internalResponse\n\n  // 15. If internalResponse’s URL list is empty, then set it to a clone of\n  // request’s URL list.\n  if (internalResponse.urlList.length === 0) {\n    internalResponse.urlList.push(...request.urlList)\n  }\n\n  // 16. If request’s timing allow failed flag is unset, then set\n  // internalResponse’s timing allow passed flag.\n  if (!request.timingAllowFailed) {\n    response.timingAllowPassed = true\n  }\n\n  // 17. If response is not a network error and any of the following returns\n  // blocked\n  // - should internalResponse to request be blocked as mixed content\n  // - should internalResponse to request be blocked by Content Security Policy\n  // - should internalResponse to request be blocked due to its MIME type\n  // - should internalResponse to request be blocked due to nosniff\n  // TODO\n\n  // 18. If response’s type is \"opaque\", internalResponse’s status is 206,\n  // internalResponse’s range-requested flag is set, and request’s header\n  // list does not contain `Range`, then set response and internalResponse\n  // to a network error.\n  if (\n    response.type === 'opaque' &&\n    internalResponse.status === 206 &&\n    internalResponse.rangeRequested &&\n    !request.headers.contains('range')\n  ) {\n    response = internalResponse = makeNetworkError()\n  }\n\n  // 19. If response is not a network error and either request’s method is\n  // `HEAD` or `CONNECT`, or internalResponse’s status is a null body status,\n  // set internalResponse’s body to null and disregard any enqueuing toward\n  // it (if any).\n  if (\n    response.status !== 0 &&\n    (request.method === 'HEAD' ||\n      request.method === 'CONNECT' ||\n      nullBodyStatus.includes(internalResponse.status))\n  ) {\n    internalResponse.body = null\n    fetchParams.controller.dump = true\n  }\n\n  // 20. If request’s integrity metadata is not the empty string, then:\n  if (request.integrity) {\n    // 1. Let processBodyError be this step: run fetch finale given fetchParams\n    // and a network error.\n    const processBodyError = (reason) =>\n      fetchFinale(fetchParams, makeNetworkError(reason))\n\n    // 2. If request’s response tainting is \"opaque\", or response’s body is null,\n    // then run processBodyError and abort these steps.\n    if (request.responseTainting === 'opaque' || response.body == null) {\n      processBodyError(response.error)\n      return\n    }\n\n    // 3. Let processBody given bytes be these steps:\n    const processBody = (bytes) => {\n      // 1. If bytes do not match request’s integrity metadata,\n      // then run processBodyError and abort these steps. [SRI]\n      if (!bytesMatch(bytes, request.integrity)) {\n        processBodyError('integrity mismatch')\n        return\n      }\n\n      // 2. Set response’s body to bytes as a body.\n      response.body = safelyExtractBody(bytes)[0]\n\n      // 3. Run fetch finale given fetchParams and response.\n      fetchFinale(fetchParams, response)\n    }\n\n    // 4. Fully read response’s body given processBody and processBodyError.\n    await fullyReadBody(response.body, processBody, processBodyError)\n  } else {\n    // 21. Otherwise, run fetch finale given fetchParams and response.\n    fetchFinale(fetchParams, response)\n  }\n}\n\n// https://fetch.spec.whatwg.org/#concept-scheme-fetch\n// given a fetch params fetchParams\nfunction schemeFetch (fetchParams) {\n  // Note: since the connection is destroyed on redirect, which sets fetchParams to a\n  // cancelled state, we do not want this condition to trigger *unless* there have been\n  // no redirects. See https://github.com/nodejs/undici/issues/1776\n  // 1. If fetchParams is canceled, then return the appropriate network error for fetchParams.\n  if (isCancelled(fetchParams) && fetchParams.request.redirectCount === 0) {\n    return Promise.resolve(makeAppropriateNetworkError(fetchParams))\n  }\n\n  // 2. Let request be fetchParams’s request.\n  const { request } = fetchParams\n\n  const { protocol: scheme } = requestCurrentURL(request)\n\n  // 3. Switch on request’s current URL’s scheme and run the associated steps:\n  switch (scheme) {\n    case 'about:': {\n      // If request’s current URL’s path is the string \"blank\", then return a new response\n      // whose status message is `OK`, header list is « (`Content-Type`, `text/html;charset=utf-8`) »,\n      // and body is the empty byte sequence as a body.\n\n      // Otherwise, return a network error.\n      return Promise.resolve(makeNetworkError('about scheme is not supported'))\n    }\n    case 'blob:': {\n      if (!resolveObjectURL) {\n        resolveObjectURL = require('buffer').resolveObjectURL\n      }\n\n      // 1. Let blobURLEntry be request’s current URL’s blob URL entry.\n      const blobURLEntry = requestCurrentURL(request)\n\n      // https://github.com/web-platform-tests/wpt/blob/7b0ebaccc62b566a1965396e5be7bb2bc06f841f/FileAPI/url/resources/fetch-tests.js#L52-L56\n      // Buffer.resolveObjectURL does not ignore URL queries.\n      if (blobURLEntry.search.length !== 0) {\n        return Promise.resolve(makeNetworkError('NetworkError when attempting to fetch resource.'))\n      }\n\n      const blobURLEntryObject = resolveObjectURL(blobURLEntry.toString())\n\n      // 2. If request’s method is not `GET`, blobURLEntry is null, or blobURLEntry’s\n      //    object is not a Blob object, then return a network error.\n      if (request.method !== 'GET' || !isBlobLike(blobURLEntryObject)) {\n        return Promise.resolve(makeNetworkError('invalid method'))\n      }\n\n      // 3. Let bodyWithType be the result of safely extracting blobURLEntry’s object.\n      const bodyWithType = safelyExtractBody(blobURLEntryObject)\n\n      // 4. Let body be bodyWithType’s body.\n      const body = bodyWithType[0]\n\n      // 5. Let length be body’s length, serialized and isomorphic encoded.\n      const length = isomorphicEncode(`${body.length}`)\n\n      // 6. Let type be bodyWithType’s type if it is non-null; otherwise the empty byte sequence.\n      const type = bodyWithType[1] ?? ''\n\n      // 7. Return a new response whose status message is `OK`, header list is\n      //    « (`Content-Length`, length), (`Content-Type`, type) », and body is body.\n      const response = makeResponse({\n        statusText: 'OK',\n        headersList: [\n          ['content-length', { name: 'Content-Length', value: length }],\n          ['content-type', { name: 'Content-Type', value: type }]\n        ]\n      })\n\n      response.body = body\n\n      return Promise.resolve(response)\n    }\n    case 'data:': {\n      // 1. Let dataURLStruct be the result of running the\n      //    data: URL processor on request’s current URL.\n      const currentURL = requestCurrentURL(request)\n      const dataURLStruct = dataURLProcessor(currentURL)\n\n      // 2. If dataURLStruct is failure, then return a\n      //    network error.\n      if (dataURLStruct === 'failure') {\n        return Promise.resolve(makeNetworkError('failed to fetch the data URL'))\n      }\n\n      // 3. Let mimeType be dataURLStruct’s MIME type, serialized.\n      const mimeType = serializeAMimeType(dataURLStruct.mimeType)\n\n      // 4. Return a response whose status message is `OK`,\n      //    header list is « (`Content-Type`, mimeType) »,\n      //    and body is dataURLStruct’s body as a body.\n      return Promise.resolve(makeResponse({\n        statusText: 'OK',\n        headersList: [\n          ['content-type', { name: 'Content-Type', value: mimeType }]\n        ],\n        body: safelyExtractBody(dataURLStruct.body)[0]\n      }))\n    }\n    case 'file:': {\n      // For now, unfortunate as it is, file URLs are left as an exercise for the reader.\n      // When in doubt, return a network error.\n      return Promise.resolve(makeNetworkError('not implemented... yet...'))\n    }\n    case 'http:':\n    case 'https:': {\n      // Return the result of running HTTP fetch given fetchParams.\n\n      return httpFetch(fetchParams)\n        .catch((err) => makeNetworkError(err))\n    }\n    default: {\n      return Promise.resolve(makeNetworkError('unknown scheme'))\n    }\n  }\n}\n\n// https://fetch.spec.whatwg.org/#finalize-response\nfunction finalizeResponse (fetchParams, response) {\n  // 1. Set fetchParams’s request’s done flag.\n  fetchParams.request.done = true\n\n  // 2, If fetchParams’s process response done is not null, then queue a fetch\n  // task to run fetchParams’s process response done given response, with\n  // fetchParams’s task destination.\n  if (fetchParams.processResponseDone != null) {\n    queueMicrotask(() => fetchParams.processResponseDone(response))\n  }\n}\n\n// https://fetch.spec.whatwg.org/#fetch-finale\nfunction fetchFinale (fetchParams, response) {\n  // 1. If response is a network error, then:\n  if (response.type === 'error') {\n    // 1. Set response’s URL list to « fetchParams’s request’s URL list[0] ».\n    response.urlList = [fetchParams.request.urlList[0]]\n\n    // 2. Set response’s timing info to the result of creating an opaque timing\n    // info for fetchParams’s timing info.\n    response.timingInfo = createOpaqueTimingInfo({\n      startTime: fetchParams.timingInfo.startTime\n    })\n  }\n\n  // 2. Let processResponseEndOfBody be the following steps:\n  const processResponseEndOfBody = () => {\n    // 1. Set fetchParams’s request’s done flag.\n    fetchParams.request.done = true\n\n    // If fetchParams’s process response end-of-body is not null,\n    // then queue a fetch task to run fetchParams’s process response\n    // end-of-body given response with fetchParams’s task destination.\n    if (fetchParams.processResponseEndOfBody != null) {\n      queueMicrotask(() => fetchParams.processResponseEndOfBody(response))\n    }\n  }\n\n  // 3. If fetchParams’s process response is non-null, then queue a fetch task\n  // to run fetchParams’s process response given response, with fetchParams’s\n  // task destination.\n  if (fetchParams.processResponse != null) {\n    queueMicrotask(() => fetchParams.processResponse(response))\n  }\n\n  // 4. If response’s body is null, then run processResponseEndOfBody.\n  if (response.body == null) {\n    processResponseEndOfBody()\n  } else {\n  // 5. Otherwise:\n\n    // 1. Let transformStream be a new a TransformStream.\n\n    // 2. Let identityTransformAlgorithm be an algorithm which, given chunk,\n    // enqueues chunk in transformStream.\n    const identityTransformAlgorithm = (chunk, controller) => {\n      controller.enqueue(chunk)\n    }\n\n    // 3. Set up transformStream with transformAlgorithm set to identityTransformAlgorithm\n    // and flushAlgorithm set to processResponseEndOfBody.\n    const transformStream = new TransformStream({\n      start () {},\n      transform: identityTransformAlgorithm,\n      flush: processResponseEndOfBody\n    }, {\n      size () {\n        return 1\n      }\n    }, {\n      size () {\n        return 1\n      }\n    })\n\n    // 4. Set response’s body to the result of piping response’s body through transformStream.\n    response.body = { stream: response.body.stream.pipeThrough(transformStream) }\n  }\n\n  // 6. If fetchParams’s process response consume body is non-null, then:\n  if (fetchParams.processResponseConsumeBody != null) {\n    // 1. Let processBody given nullOrBytes be this step: run fetchParams’s\n    // process response consume body given response and nullOrBytes.\n    const processBody = (nullOrBytes) => fetchParams.processResponseConsumeBody(response, nullOrBytes)\n\n    // 2. Let processBodyError be this step: run fetchParams’s process\n    // response consume body given response and failure.\n    const processBodyError = (failure) => fetchParams.processResponseConsumeBody(response, failure)\n\n    // 3. If response’s body is null, then queue a fetch task to run processBody\n    // given null, with fetchParams’s task destination.\n    if (response.body == null) {\n      queueMicrotask(() => processBody(null))\n    } else {\n      // 4. Otherwise, fully read response’s body given processBody, processBodyError,\n      // and fetchParams’s task destination.\n      return fullyReadBody(response.body, processBody, processBodyError)\n    }\n    return Promise.resolve()\n  }\n}\n\n// https://fetch.spec.whatwg.org/#http-fetch\nasync function httpFetch (fetchParams) {\n  // 1. Let request be fetchParams’s request.\n  const request = fetchParams.request\n\n  // 2. Let response be null.\n  let response = null\n\n  // 3. Let actualResponse be null.\n  let actualResponse = null\n\n  // 4. Let timingInfo be fetchParams’s timing info.\n  const timingInfo = fetchParams.timingInfo\n\n  // 5. If request’s service-workers mode is \"all\", then:\n  if (request.serviceWorkers === 'all') {\n    // TODO\n  }\n\n  // 6. If response is null, then:\n  if (response === null) {\n    // 1. If makeCORSPreflight is true and one of these conditions is true:\n    // TODO\n\n    // 2. If request’s redirect mode is \"follow\", then set request’s\n    // service-workers mode to \"none\".\n    if (request.redirect === 'follow') {\n      request.serviceWorkers = 'none'\n    }\n\n    // 3. Set response and actualResponse to the result of running\n    // HTTP-network-or-cache fetch given fetchParams.\n    actualResponse = response = await httpNetworkOrCacheFetch(fetchParams)\n\n    // 4. If request’s response tainting is \"cors\" and a CORS check\n    // for request and response returns failure, then return a network error.\n    if (\n      request.responseTainting === 'cors' &&\n      corsCheck(request, response) === 'failure'\n    ) {\n      return makeNetworkError('cors failure')\n    }\n\n    // 5. If the TAO check for request and response returns failure, then set\n    // request’s timing allow failed flag.\n    if (TAOCheck(request, response) === 'failure') {\n      request.timingAllowFailed = true\n    }\n  }\n\n  // 7. If either request’s response tainting or response’s type\n  // is \"opaque\", and the cross-origin resource policy check with\n  // request’s origin, request’s client, request’s destination,\n  // and actualResponse returns blocked, then return a network error.\n  if (\n    (request.responseTainting === 'opaque' || response.type === 'opaque') &&\n    crossOriginResourcePolicyCheck(\n      request.origin,\n      request.client,\n      request.destination,\n      actualResponse\n    ) === 'blocked'\n  ) {\n    return makeNetworkError('blocked')\n  }\n\n  // 8. If actualResponse’s status is a redirect status, then:\n  if (redirectStatusSet.has(actualResponse.status)) {\n    // 1. If actualResponse’s status is not 303, request’s body is not null,\n    // and the connection uses HTTP/2, then user agents may, and are even\n    // encouraged to, transmit an RST_STREAM frame.\n    // See, https://github.com/whatwg/fetch/issues/1288\n    if (request.redirect !== 'manual') {\n      fetchParams.controller.connection.destroy()\n    }\n\n    // 2. Switch on request’s redirect mode:\n    if (request.redirect === 'error') {\n      // Set response to a network error.\n      response = makeNetworkError('unexpected redirect')\n    } else if (request.redirect === 'manual') {\n      // Set response to an opaque-redirect filtered response whose internal\n      // response is actualResponse.\n      // NOTE(spec): On the web this would return an `opaqueredirect` response,\n      // but that doesn't make sense server side.\n      // See https://github.com/nodejs/undici/issues/1193.\n      response = actualResponse\n    } else if (request.redirect === 'follow') {\n      // Set response to the result of running HTTP-redirect fetch given\n      // fetchParams and response.\n      response = await httpRedirectFetch(fetchParams, response)\n    } else {\n      assert(false)\n    }\n  }\n\n  // 9. Set response’s timing info to timingInfo.\n  response.timingInfo = timingInfo\n\n  // 10. Return response.\n  return response\n}\n\n// https://fetch.spec.whatwg.org/#http-redirect-fetch\nfunction httpRedirectFetch (fetchParams, response) {\n  // 1. Let request be fetchParams’s request.\n  const request = fetchParams.request\n\n  // 2. Let actualResponse be response, if response is not a filtered response,\n  // and response’s internal response otherwise.\n  const actualResponse = response.internalResponse\n    ? response.internalResponse\n    : response\n\n  // 3. Let locationURL be actualResponse’s location URL given request’s current\n  // URL’s fragment.\n  let locationURL\n\n  try {\n    locationURL = responseLocationURL(\n      actualResponse,\n      requestCurrentURL(request).hash\n    )\n\n    // 4. If locationURL is null, then return response.\n    if (locationURL == null) {\n      return response\n    }\n  } catch (err) {\n    // 5. If locationURL is failure, then return a network error.\n    return Promise.resolve(makeNetworkError(err))\n  }\n\n  // 6. If locationURL’s scheme is not an HTTP(S) scheme, then return a network\n  // error.\n  if (!urlIsHttpHttpsScheme(locationURL)) {\n    return Promise.resolve(makeNetworkError('URL scheme must be a HTTP(S) scheme'))\n  }\n\n  // 7. If request’s redirect count is 20, then return a network error.\n  if (request.redirectCount === 20) {\n    return Promise.resolve(makeNetworkError('redirect count exceeded'))\n  }\n\n  // 8. Increase request’s redirect count by 1.\n  request.redirectCount += 1\n\n  // 9. If request’s mode is \"cors\", locationURL includes credentials, and\n  // request’s origin is not same origin with locationURL’s origin, then return\n  //  a network error.\n  if (\n    request.mode === 'cors' &&\n    (locationURL.username || locationURL.password) &&\n    !sameOrigin(request, locationURL)\n  ) {\n    return Promise.resolve(makeNetworkError('cross origin not allowed for request mode \"cors\"'))\n  }\n\n  // 10. If request’s response tainting is \"cors\" and locationURL includes\n  // credentials, then return a network error.\n  if (\n    request.responseTainting === 'cors' &&\n    (locationURL.username || locationURL.password)\n  ) {\n    return Promise.resolve(makeNetworkError(\n      'URL cannot contain credentials for request mode \"cors\"'\n    ))\n  }\n\n  // 11. If actualResponse’s status is not 303, request’s body is non-null,\n  // and request’s body’s source is null, then return a network error.\n  if (\n    actualResponse.status !== 303 &&\n    request.body != null &&\n    request.body.source == null\n  ) {\n    return Promise.resolve(makeNetworkError())\n  }\n\n  // 12. If one of the following is true\n  // - actualResponse’s status is 301 or 302 and request’s method is `POST`\n  // - actualResponse’s status is 303 and request’s method is not `GET` or `HEAD`\n  if (\n    ([301, 302].includes(actualResponse.status) && request.method === 'POST') ||\n    (actualResponse.status === 303 &&\n      !GET_OR_HEAD.includes(request.method))\n  ) {\n    // then:\n    // 1. Set request’s method to `GET` and request’s body to null.\n    request.method = 'GET'\n    request.body = null\n\n    // 2. For each headerName of request-body-header name, delete headerName from\n    // request’s header list.\n    for (const headerName of requestBodyHeader) {\n      request.headersList.delete(headerName)\n    }\n  }\n\n  // 13. If request’s current URL’s origin is not same origin with locationURL’s\n  //     origin, then for each headerName of CORS non-wildcard request-header name,\n  //     delete headerName from request’s header list.\n  if (!sameOrigin(requestCurrentURL(request), locationURL)) {\n    // https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name\n    request.headersList.delete('authorization')\n\n    // https://fetch.spec.whatwg.org/#authentication-entries\n    request.headersList.delete('proxy-authorization', true)\n\n    // \"Cookie\" and \"Host\" are forbidden request-headers, which undici doesn't implement.\n    request.headersList.delete('cookie')\n    request.headersList.delete('host')\n  }\n\n  // 14. If request’s body is non-null, then set request’s body to the first return\n  // value of safely extracting request’s body’s source.\n  if (request.body != null) {\n    assert(request.body.source != null)\n    request.body = safelyExtractBody(request.body.source)[0]\n  }\n\n  // 15. Let timingInfo be fetchParams’s timing info.\n  const timingInfo = fetchParams.timingInfo\n\n  // 16. Set timingInfo’s redirect end time and post-redirect start time to the\n  // coarsened shared current time given fetchParams’s cross-origin isolated\n  // capability.\n  timingInfo.redirectEndTime = timingInfo.postRedirectStartTime =\n    coarsenedSharedCurrentTime(fetchParams.crossOriginIsolatedCapability)\n\n  // 17. If timingInfo’s redirect start time is 0, then set timingInfo’s\n  //  redirect start time to timingInfo’s start time.\n  if (timingInfo.redirectStartTime === 0) {\n    timingInfo.redirectStartTime = timingInfo.startTime\n  }\n\n  // 18. Append locationURL to request’s URL list.\n  request.urlList.push(locationURL)\n\n  // 19. Invoke set request’s referrer policy on redirect on request and\n  // actualResponse.\n  setRequestReferrerPolicyOnRedirect(request, actualResponse)\n\n  // 20. Return the result of running main fetch given fetchParams and true.\n  return mainFetch(fetchParams, true)\n}\n\n// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch\nasync function httpNetworkOrCacheFetch (\n  fetchParams,\n  isAuthenticationFetch = false,\n  isNewConnectionFetch = false\n) {\n  // 1. Let request be fetchParams’s request.\n  const request = fetchParams.request\n\n  // 2. Let httpFetchParams be null.\n  let httpFetchParams = null\n\n  // 3. Let httpRequest be null.\n  let httpRequest = null\n\n  // 4. Let response be null.\n  let response = null\n\n  // 5. Let storedResponse be null.\n  // TODO: cache\n\n  // 6. Let httpCache be null.\n  const httpCache = null\n\n  // 7. Let the revalidatingFlag be unset.\n  const revalidatingFlag = false\n\n  // 8. Run these steps, but abort when the ongoing fetch is terminated:\n\n  //    1. If request’s window is \"no-window\" and request’s redirect mode is\n  //    \"error\", then set httpFetchParams to fetchParams and httpRequest to\n  //    request.\n  if (request.window === 'no-window' && request.redirect === 'error') {\n    httpFetchParams = fetchParams\n    httpRequest = request\n  } else {\n    // Otherwise:\n\n    // 1. Set httpRequest to a clone of request.\n    httpRequest = makeRequest(request)\n\n    // 2. Set httpFetchParams to a copy of fetchParams.\n    httpFetchParams = { ...fetchParams }\n\n    // 3. Set httpFetchParams’s request to httpRequest.\n    httpFetchParams.request = httpRequest\n  }\n\n  //    3. Let includeCredentials be true if one of\n  const includeCredentials =\n    request.credentials === 'include' ||\n    (request.credentials === 'same-origin' &&\n      request.responseTainting === 'basic')\n\n  //    4. Let contentLength be httpRequest’s body’s length, if httpRequest’s\n  //    body is non-null; otherwise null.\n  const contentLength = httpRequest.body ? httpRequest.body.length : null\n\n  //    5. Let contentLengthHeaderValue be null.\n  let contentLengthHeaderValue = null\n\n  //    6. If httpRequest’s body is null and httpRequest’s method is `POST` or\n  //    `PUT`, then set contentLengthHeaderValue to `0`.\n  if (\n    httpRequest.body == null &&\n    ['POST', 'PUT'].includes(httpRequest.method)\n  ) {\n    contentLengthHeaderValue = '0'\n  }\n\n  //    7. If contentLength is non-null, then set contentLengthHeaderValue to\n  //    contentLength, serialized and isomorphic encoded.\n  if (contentLength != null) {\n    contentLengthHeaderValue = isomorphicEncode(`${contentLength}`)\n  }\n\n  //    8. If contentLengthHeaderValue is non-null, then append\n  //    `Content-Length`/contentLengthHeaderValue to httpRequest’s header\n  //    list.\n  if (contentLengthHeaderValue != null) {\n    httpRequest.headersList.append('content-length', contentLengthHeaderValue)\n  }\n\n  //    9. If contentLengthHeaderValue is non-null, then append (`Content-Length`,\n  //    contentLengthHeaderValue) to httpRequest’s header list.\n\n  //    10. If contentLength is non-null and httpRequest’s keepalive is true,\n  //    then:\n  if (contentLength != null && httpRequest.keepalive) {\n    // NOTE: keepalive is a noop outside of browser context.\n  }\n\n  //    11. If httpRequest’s referrer is a URL, then append\n  //    `Referer`/httpRequest’s referrer, serialized and isomorphic encoded,\n  //     to httpRequest’s header list.\n  if (httpRequest.referrer instanceof URL) {\n    httpRequest.headersList.append('referer', isomorphicEncode(httpRequest.referrer.href))\n  }\n\n  //    12. Append a request `Origin` header for httpRequest.\n  appendRequestOriginHeader(httpRequest)\n\n  //    13. Append the Fetch metadata headers for httpRequest. [FETCH-METADATA]\n  appendFetchMetadata(httpRequest)\n\n  //    14. If httpRequest’s header list does not contain `User-Agent`, then\n  //    user agents should append `User-Agent`/default `User-Agent` value to\n  //    httpRequest’s header list.\n  if (!httpRequest.headersList.contains('user-agent')) {\n    httpRequest.headersList.append('user-agent', typeof esbuildDetection === 'undefined' ? 'undici' : 'node')\n  }\n\n  //    15. If httpRequest’s cache mode is \"default\" and httpRequest’s header\n  //    list contains `If-Modified-Since`, `If-None-Match`,\n  //    `If-Unmodified-Since`, `If-Match`, or `If-Range`, then set\n  //    httpRequest’s cache mode to \"no-store\".\n  if (\n    httpRequest.cache === 'default' &&\n    (httpRequest.headersList.contains('if-modified-since') ||\n      httpRequest.headersList.contains('if-none-match') ||\n      httpRequest.headersList.contains('if-unmodified-since') ||\n      httpRequest.headersList.contains('if-match') ||\n      httpRequest.headersList.contains('if-range'))\n  ) {\n    httpRequest.cache = 'no-store'\n  }\n\n  //    16. If httpRequest’s cache mode is \"no-cache\", httpRequest’s prevent\n  //    no-cache cache-control header modification flag is unset, and\n  //    httpRequest’s header list does not contain `Cache-Control`, then append\n  //    `Cache-Control`/`max-age=0` to httpRequest’s header list.\n  if (\n    httpRequest.cache === 'no-cache' &&\n    !httpRequest.preventNoCacheCacheControlHeaderModification &&\n    !httpRequest.headersList.contains('cache-control')\n  ) {\n    httpRequest.headersList.append('cache-control', 'max-age=0')\n  }\n\n  //    17. If httpRequest’s cache mode is \"no-store\" or \"reload\", then:\n  if (httpRequest.cache === 'no-store' || httpRequest.cache === 'reload') {\n    // 1. If httpRequest’s header list does not contain `Pragma`, then append\n    // `Pragma`/`no-cache` to httpRequest’s header list.\n    if (!httpRequest.headersList.contains('pragma')) {\n      httpRequest.headersList.append('pragma', 'no-cache')\n    }\n\n    // 2. If httpRequest’s header list does not contain `Cache-Control`,\n    // then append `Cache-Control`/`no-cache` to httpRequest’s header list.\n    if (!httpRequest.headersList.contains('cache-control')) {\n      httpRequest.headersList.append('cache-control', 'no-cache')\n    }\n  }\n\n  //    18. If httpRequest’s header list contains `Range`, then append\n  //    `Accept-Encoding`/`identity` to httpRequest’s header list.\n  if (httpRequest.headersList.contains('range')) {\n    httpRequest.headersList.append('accept-encoding', 'identity')\n  }\n\n  //    19. Modify httpRequest’s header list per HTTP. Do not append a given\n  //    header if httpRequest’s header list contains that header’s name.\n  //    TODO: https://github.com/whatwg/fetch/issues/1285#issuecomment-896560129\n  if (!httpRequest.headersList.contains('accept-encoding')) {\n    if (urlHasHttpsScheme(requestCurrentURL(httpRequest))) {\n      httpRequest.headersList.append('accept-encoding', 'br, gzip, deflate')\n    } else {\n      httpRequest.headersList.append('accept-encoding', 'gzip, deflate')\n    }\n  }\n\n  httpRequest.headersList.delete('host')\n\n  //    20. If includeCredentials is true, then:\n  if (includeCredentials) {\n    // 1. If the user agent is not configured to block cookies for httpRequest\n    // (see section 7 of [COOKIES]), then:\n    // TODO: credentials\n    // 2. If httpRequest’s header list does not contain `Authorization`, then:\n    // TODO: credentials\n  }\n\n  //    21. If there’s a proxy-authentication entry, use it as appropriate.\n  //    TODO: proxy-authentication\n\n  //    22. Set httpCache to the result of determining the HTTP cache\n  //    partition, given httpRequest.\n  //    TODO: cache\n\n  //    23. If httpCache is null, then set httpRequest’s cache mode to\n  //    \"no-store\".\n  if (httpCache == null) {\n    httpRequest.cache = 'no-store'\n  }\n\n  //    24. If httpRequest’s cache mode is neither \"no-store\" nor \"reload\",\n  //    then:\n  if (httpRequest.mode !== 'no-store' && httpRequest.mode !== 'reload') {\n    // TODO: cache\n  }\n\n  // 9. If aborted, then return the appropriate network error for fetchParams.\n  // TODO\n\n  // 10. If response is null, then:\n  if (response == null) {\n    // 1. If httpRequest’s cache mode is \"only-if-cached\", then return a\n    // network error.\n    if (httpRequest.mode === 'only-if-cached') {\n      return makeNetworkError('only if cached')\n    }\n\n    // 2. Let forwardResponse be the result of running HTTP-network fetch\n    // given httpFetchParams, includeCredentials, and isNewConnectionFetch.\n    const forwardResponse = await httpNetworkFetch(\n      httpFetchParams,\n      includeCredentials,\n      isNewConnectionFetch\n    )\n\n    // 3. If httpRequest’s method is unsafe and forwardResponse’s status is\n    // in the range 200 to 399, inclusive, invalidate appropriate stored\n    // responses in httpCache, as per the \"Invalidation\" chapter of HTTP\n    // Caching, and set storedResponse to null. [HTTP-CACHING]\n    if (\n      !safeMethodsSet.has(httpRequest.method) &&\n      forwardResponse.status >= 200 &&\n      forwardResponse.status <= 399\n    ) {\n      // TODO: cache\n    }\n\n    // 4. If the revalidatingFlag is set and forwardResponse’s status is 304,\n    // then:\n    if (revalidatingFlag && forwardResponse.status === 304) {\n      // TODO: cache\n    }\n\n    // 5. If response is null, then:\n    if (response == null) {\n      // 1. Set response to forwardResponse.\n      response = forwardResponse\n\n      // 2. Store httpRequest and forwardResponse in httpCache, as per the\n      // \"Storing Responses in Caches\" chapter of HTTP Caching. [HTTP-CACHING]\n      // TODO: cache\n    }\n  }\n\n  // 11. Set response’s URL list to a clone of httpRequest’s URL list.\n  response.urlList = [...httpRequest.urlList]\n\n  // 12. If httpRequest’s header list contains `Range`, then set response’s\n  // range-requested flag.\n  if (httpRequest.headersList.contains('range')) {\n    response.rangeRequested = true\n  }\n\n  // 13. Set response’s request-includes-credentials to includeCredentials.\n  response.requestIncludesCredentials = includeCredentials\n\n  // 14. If response’s status is 401, httpRequest’s response tainting is not\n  // \"cors\", includeCredentials is true, and request’s window is an environment\n  // settings object, then:\n  // TODO\n\n  // 15. If response’s status is 407, then:\n  if (response.status === 407) {\n    // 1. If request’s window is \"no-window\", then return a network error.\n    if (request.window === 'no-window') {\n      return makeNetworkError()\n    }\n\n    // 2. ???\n\n    // 3. If fetchParams is canceled, then return the appropriate network error for fetchParams.\n    if (isCancelled(fetchParams)) {\n      return makeAppropriateNetworkError(fetchParams)\n    }\n\n    // 4. Prompt the end user as appropriate in request’s window and store\n    // the result as a proxy-authentication entry. [HTTP-AUTH]\n    // TODO: Invoke some kind of callback?\n\n    // 5. Set response to the result of running HTTP-network-or-cache fetch given\n    // fetchParams.\n    // TODO\n    return makeNetworkError('proxy authentication required')\n  }\n\n  // 16. If all of the following are true\n  if (\n    // response’s status is 421\n    response.status === 421 &&\n    // isNewConnectionFetch is false\n    !isNewConnectionFetch &&\n    // request’s body is null, or request’s body is non-null and request’s body’s source is non-null\n    (request.body == null || request.body.source != null)\n  ) {\n    // then:\n\n    // 1. If fetchParams is canceled, then return the appropriate network error for fetchParams.\n    if (isCancelled(fetchParams)) {\n      return makeAppropriateNetworkError(fetchParams)\n    }\n\n    // 2. Set response to the result of running HTTP-network-or-cache\n    // fetch given fetchParams, isAuthenticationFetch, and true.\n\n    // TODO (spec): The spec doesn't specify this but we need to cancel\n    // the active response before we can start a new one.\n    // https://github.com/whatwg/fetch/issues/1293\n    fetchParams.controller.connection.destroy()\n\n    response = await httpNetworkOrCacheFetch(\n      fetchParams,\n      isAuthenticationFetch,\n      true\n    )\n  }\n\n  // 17. If isAuthenticationFetch is true, then create an authentication entry\n  if (isAuthenticationFetch) {\n    // TODO\n  }\n\n  // 18. Return response.\n  return response\n}\n\n// https://fetch.spec.whatwg.org/#http-network-fetch\nasync function httpNetworkFetch (\n  fetchParams,\n  includeCredentials = false,\n  forceNewConnection = false\n) {\n  assert(!fetchParams.controller.connection || fetchParams.controller.connection.destroyed)\n\n  fetchParams.controller.connection = {\n    abort: null,\n    destroyed: false,\n    destroy (err) {\n      if (!this.destroyed) {\n        this.destroyed = true\n        this.abort?.(err ?? new DOMException('The operation was aborted.', 'AbortError'))\n      }\n    }\n  }\n\n  // 1. Let request be fetchParams’s request.\n  const request = fetchParams.request\n\n  // 2. Let response be null.\n  let response = null\n\n  // 3. Let timingInfo be fetchParams’s timing info.\n  const timingInfo = fetchParams.timingInfo\n\n  // 4. Let httpCache be the result of determining the HTTP cache partition,\n  // given request.\n  // TODO: cache\n  const httpCache = null\n\n  // 5. If httpCache is null, then set request’s cache mode to \"no-store\".\n  if (httpCache == null) {\n    request.cache = 'no-store'\n  }\n\n  // 6. Let networkPartitionKey be the result of determining the network\n  // partition key given request.\n  // TODO\n\n  // 7. Let newConnection be \"yes\" if forceNewConnection is true; otherwise\n  // \"no\".\n  const newConnection = forceNewConnection ? 'yes' : 'no' // eslint-disable-line no-unused-vars\n\n  // 8. Switch on request’s mode:\n  if (request.mode === 'websocket') {\n    // Let connection be the result of obtaining a WebSocket connection,\n    // given request’s current URL.\n    // TODO\n  } else {\n    // Let connection be the result of obtaining a connection, given\n    // networkPartitionKey, request’s current URL’s origin,\n    // includeCredentials, and forceNewConnection.\n    // TODO\n  }\n\n  // 9. Run these steps, but abort when the ongoing fetch is terminated:\n\n  //    1. If connection is failure, then return a network error.\n\n  //    2. Set timingInfo’s final connection timing info to the result of\n  //    calling clamp and coarsen connection timing info with connection’s\n  //    timing info, timingInfo’s post-redirect start time, and fetchParams’s\n  //    cross-origin isolated capability.\n\n  //    3. If connection is not an HTTP/2 connection, request’s body is non-null,\n  //    and request’s body’s source is null, then append (`Transfer-Encoding`,\n  //    `chunked`) to request’s header list.\n\n  //    4. Set timingInfo’s final network-request start time to the coarsened\n  //    shared current time given fetchParams’s cross-origin isolated\n  //    capability.\n\n  //    5. Set response to the result of making an HTTP request over connection\n  //    using request with the following caveats:\n\n  //        - Follow the relevant requirements from HTTP. [HTTP] [HTTP-SEMANTICS]\n  //        [HTTP-COND] [HTTP-CACHING] [HTTP-AUTH]\n\n  //        - If request’s body is non-null, and request’s body’s source is null,\n  //        then the user agent may have a buffer of up to 64 kibibytes and store\n  //        a part of request’s body in that buffer. If the user agent reads from\n  //        request’s body beyond that buffer’s size and the user agent needs to\n  //        resend request, then instead return a network error.\n\n  //        - Set timingInfo’s final network-response start time to the coarsened\n  //        shared current time given fetchParams’s cross-origin isolated capability,\n  //        immediately after the user agent’s HTTP parser receives the first byte\n  //        of the response (e.g., frame header bytes for HTTP/2 or response status\n  //        line for HTTP/1.x).\n\n  //        - Wait until all the headers are transmitted.\n\n  //        - Any responses whose status is in the range 100 to 199, inclusive,\n  //        and is not 101, are to be ignored, except for the purposes of setting\n  //        timingInfo’s final network-response start time above.\n\n  //    - If request’s header list contains `Transfer-Encoding`/`chunked` and\n  //    response is transferred via HTTP/1.0 or older, then return a network\n  //    error.\n\n  //    - If the HTTP request results in a TLS client certificate dialog, then:\n\n  //        1. If request’s window is an environment settings object, make the\n  //        dialog available in request’s window.\n\n  //        2. Otherwise, return a network error.\n\n  // To transmit request’s body body, run these steps:\n  let requestBody = null\n  // 1. If body is null and fetchParams’s process request end-of-body is\n  // non-null, then queue a fetch task given fetchParams’s process request\n  // end-of-body and fetchParams’s task destination.\n  if (request.body == null && fetchParams.processRequestEndOfBody) {\n    queueMicrotask(() => fetchParams.processRequestEndOfBody())\n  } else if (request.body != null) {\n    // 2. Otherwise, if body is non-null:\n\n    //    1. Let processBodyChunk given bytes be these steps:\n    const processBodyChunk = async function * (bytes) {\n      // 1. If the ongoing fetch is terminated, then abort these steps.\n      if (isCancelled(fetchParams)) {\n        return\n      }\n\n      // 2. Run this step in parallel: transmit bytes.\n      yield bytes\n\n      // 3. If fetchParams’s process request body is non-null, then run\n      // fetchParams’s process request body given bytes’s length.\n      fetchParams.processRequestBodyChunkLength?.(bytes.byteLength)\n    }\n\n    // 2. Let processEndOfBody be these steps:\n    const processEndOfBody = () => {\n      // 1. If fetchParams is canceled, then abort these steps.\n      if (isCancelled(fetchParams)) {\n        return\n      }\n\n      // 2. If fetchParams’s process request end-of-body is non-null,\n      // then run fetchParams’s process request end-of-body.\n      if (fetchParams.processRequestEndOfBody) {\n        fetchParams.processRequestEndOfBody()\n      }\n    }\n\n    // 3. Let processBodyError given e be these steps:\n    const processBodyError = (e) => {\n      // 1. If fetchParams is canceled, then abort these steps.\n      if (isCancelled(fetchParams)) {\n        return\n      }\n\n      // 2. If e is an \"AbortError\" DOMException, then abort fetchParams’s controller.\n      if (e.name === 'AbortError') {\n        fetchParams.controller.abort()\n      } else {\n        fetchParams.controller.terminate(e)\n      }\n    }\n\n    // 4. Incrementally read request’s body given processBodyChunk, processEndOfBody,\n    // processBodyError, and fetchParams’s task destination.\n    requestBody = (async function * () {\n      try {\n        for await (const bytes of request.body.stream) {\n          yield * processBodyChunk(bytes)\n        }\n        processEndOfBody()\n      } catch (err) {\n        processBodyError(err)\n      }\n    })()\n  }\n\n  try {\n    // socket is only provided for websockets\n    const { body, status, statusText, headersList, socket } = await dispatch({ body: requestBody })\n\n    if (socket) {\n      response = makeResponse({ status, statusText, headersList, socket })\n    } else {\n      const iterator = body[Symbol.asyncIterator]()\n      fetchParams.controller.next = () => iterator.next()\n\n      response = makeResponse({ status, statusText, headersList })\n    }\n  } catch (err) {\n    // 10. If aborted, then:\n    if (err.name === 'AbortError') {\n      // 1. If connection uses HTTP/2, then transmit an RST_STREAM frame.\n      fetchParams.controller.connection.destroy()\n\n      // 2. Return the appropriate network error for fetchParams.\n      return makeAppropriateNetworkError(fetchParams, err)\n    }\n\n    return makeNetworkError(err)\n  }\n\n  // 11. Let pullAlgorithm be an action that resumes the ongoing fetch\n  // if it is suspended.\n  const pullAlgorithm = () => {\n    fetchParams.controller.resume()\n  }\n\n  // 12. Let cancelAlgorithm be an algorithm that aborts fetchParams’s\n  // controller with reason, given reason.\n  const cancelAlgorithm = (reason) => {\n    fetchParams.controller.abort(reason)\n  }\n\n  // 13. Let highWaterMark be a non-negative, non-NaN number, chosen by\n  // the user agent.\n  // TODO\n\n  // 14. Let sizeAlgorithm be an algorithm that accepts a chunk object\n  // and returns a non-negative, non-NaN, non-infinite number, chosen by the user agent.\n  // TODO\n\n  // 15. Let stream be a new ReadableStream.\n  // 16. Set up stream with pullAlgorithm set to pullAlgorithm,\n  // cancelAlgorithm set to cancelAlgorithm, highWaterMark set to\n  // highWaterMark, and sizeAlgorithm set to sizeAlgorithm.\n  if (!ReadableStream) {\n    ReadableStream = require('stream/web').ReadableStream\n  }\n\n  const stream = new ReadableStream(\n    {\n      async start (controller) {\n        fetchParams.controller.controller = controller\n      },\n      async pull (controller) {\n        await pullAlgorithm(controller)\n      },\n      async cancel (reason) {\n        await cancelAlgorithm(reason)\n      }\n    },\n    {\n      highWaterMark: 0,\n      size () {\n        return 1\n      }\n    }\n  )\n\n  // 17. Run these steps, but abort when the ongoing fetch is terminated:\n\n  //    1. Set response’s body to a new body whose stream is stream.\n  response.body = { stream }\n\n  //    2. If response is not a network error and request’s cache mode is\n  //    not \"no-store\", then update response in httpCache for request.\n  //    TODO\n\n  //    3. If includeCredentials is true and the user agent is not configured\n  //    to block cookies for request (see section 7 of [COOKIES]), then run the\n  //    \"set-cookie-string\" parsing algorithm (see section 5.2 of [COOKIES]) on\n  //    the value of each header whose name is a byte-case-insensitive match for\n  //    `Set-Cookie` in response’s header list, if any, and request’s current URL.\n  //    TODO\n\n  // 18. If aborted, then:\n  // TODO\n\n  // 19. Run these steps in parallel:\n\n  //    1. Run these steps, but abort when fetchParams is canceled:\n  fetchParams.controller.on('terminated', onAborted)\n  fetchParams.controller.resume = async () => {\n    // 1. While true\n    while (true) {\n      // 1-3. See onData...\n\n      // 4. Set bytes to the result of handling content codings given\n      // codings and bytes.\n      let bytes\n      let isFailure\n      try {\n        const { done, value } = await fetchParams.controller.next()\n\n        if (isAborted(fetchParams)) {\n          break\n        }\n\n        bytes = done ? undefined : value\n      } catch (err) {\n        if (fetchParams.controller.ended && !timingInfo.encodedBodySize) {\n          // zlib doesn't like empty streams.\n          bytes = undefined\n        } else {\n          bytes = err\n\n          // err may be propagated from the result of calling readablestream.cancel,\n          // which might not be an error. https://github.com/nodejs/undici/issues/2009\n          isFailure = true\n        }\n      }\n\n      if (bytes === undefined) {\n        // 2. Otherwise, if the bytes transmission for response’s message\n        // body is done normally and stream is readable, then close\n        // stream, finalize response for fetchParams and response, and\n        // abort these in-parallel steps.\n        readableStreamClose(fetchParams.controller.controller)\n\n        finalizeResponse(fetchParams, response)\n\n        return\n      }\n\n      // 5. Increase timingInfo’s decoded body size by bytes’s length.\n      timingInfo.decodedBodySize += bytes?.byteLength ?? 0\n\n      // 6. If bytes is failure, then terminate fetchParams’s controller.\n      if (isFailure) {\n        fetchParams.controller.terminate(bytes)\n        return\n      }\n\n      // 7. Enqueue a Uint8Array wrapping an ArrayBuffer containing bytes\n      // into stream.\n      fetchParams.controller.controller.enqueue(new Uint8Array(bytes))\n\n      // 8. If stream is errored, then terminate the ongoing fetch.\n      if (isErrored(stream)) {\n        fetchParams.controller.terminate()\n        return\n      }\n\n      // 9. If stream doesn’t need more data ask the user agent to suspend\n      // the ongoing fetch.\n      if (!fetchParams.controller.controller.desiredSize) {\n        return\n      }\n    }\n  }\n\n  //    2. If aborted, then:\n  function onAborted (reason) {\n    // 2. If fetchParams is aborted, then:\n    if (isAborted(fetchParams)) {\n      // 1. Set response’s aborted flag.\n      response.aborted = true\n\n      // 2. If stream is readable, then error stream with the result of\n      //    deserialize a serialized abort reason given fetchParams’s\n      //    controller’s serialized abort reason and an\n      //    implementation-defined realm.\n      if (isReadable(stream)) {\n        fetchParams.controller.controller.error(\n          fetchParams.controller.serializedAbortReason\n        )\n      }\n    } else {\n      // 3. Otherwise, if stream is readable, error stream with a TypeError.\n      if (isReadable(stream)) {\n        fetchParams.controller.controller.error(new TypeError('terminated', {\n          cause: isErrorLike(reason) ? reason : undefined\n        }))\n      }\n    }\n\n    // 4. If connection uses HTTP/2, then transmit an RST_STREAM frame.\n    // 5. Otherwise, the user agent should close connection unless it would be bad for performance to do so.\n    fetchParams.controller.connection.destroy()\n  }\n\n  // 20. Return response.\n  return response\n\n  async function dispatch ({ body }) {\n    const url = requestCurrentURL(request)\n    /** @type {import('../..').Agent} */\n    const agent = fetchParams.controller.dispatcher\n\n    return new Promise((resolve, reject) => agent.dispatch(\n      {\n        path: url.pathname + url.search,\n        origin: url.origin,\n        method: request.method,\n        body: fetchParams.controller.dispatcher.isMockActive ? request.body && (request.body.source || request.body.stream) : body,\n        headers: request.headersList.entries,\n        maxRedirections: 0,\n        upgrade: request.mode === 'websocket' ? 'websocket' : undefined\n      },\n      {\n        body: null,\n        abort: null,\n\n        onConnect (abort) {\n          // TODO (fix): Do we need connection here?\n          const { connection } = fetchParams.controller\n\n          if (connection.destroyed) {\n            abort(new DOMException('The operation was aborted.', 'AbortError'))\n          } else {\n            fetchParams.controller.on('terminated', abort)\n            this.abort = connection.abort = abort\n          }\n        },\n\n        onHeaders (status, headersList, resume, statusText) {\n          if (status < 200) {\n            return\n          }\n\n          let codings = []\n          let location = ''\n\n          const headers = new Headers()\n\n          // For H2, the headers are a plain JS object\n          // We distinguish between them and iterate accordingly\n          if (Array.isArray(headersList)) {\n            for (let n = 0; n < headersList.length; n += 2) {\n              const key = headersList[n + 0].toString('latin1')\n              const val = headersList[n + 1].toString('latin1')\n              if (key.toLowerCase() === 'content-encoding') {\n                // https://www.rfc-editor.org/rfc/rfc7231#section-3.1.2.1\n                // \"All content-coding values are case-insensitive...\"\n                codings = val.toLowerCase().split(',').map((x) => x.trim())\n              } else if (key.toLowerCase() === 'location') {\n                location = val\n              }\n\n              headers[kHeadersList].append(key, val)\n            }\n          } else {\n            const keys = Object.keys(headersList)\n            for (const key of keys) {\n              const val = headersList[key]\n              if (key.toLowerCase() === 'content-encoding') {\n                // https://www.rfc-editor.org/rfc/rfc7231#section-3.1.2.1\n                // \"All content-coding values are case-insensitive...\"\n                codings = val.toLowerCase().split(',').map((x) => x.trim()).reverse()\n              } else if (key.toLowerCase() === 'location') {\n                location = val\n              }\n\n              headers[kHeadersList].append(key, val)\n            }\n          }\n\n          this.body = new Readable({ read: resume })\n\n          const decoders = []\n\n          const willFollow = request.redirect === 'follow' &&\n            location &&\n            redirectStatusSet.has(status)\n\n          // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding\n          if (request.method !== 'HEAD' && request.method !== 'CONNECT' && !nullBodyStatus.includes(status) && !willFollow) {\n            for (const coding of codings) {\n              // https://www.rfc-editor.org/rfc/rfc9112.html#section-7.2\n              if (coding === 'x-gzip' || coding === 'gzip') {\n                decoders.push(zlib.createGunzip({\n                  // Be less strict when decoding compressed responses, since sometimes\n                  // servers send slightly invalid responses that are still accepted\n                  // by common browsers.\n                  // Always using Z_SYNC_FLUSH is what cURL does.\n                  flush: zlib.constants.Z_SYNC_FLUSH,\n                  finishFlush: zlib.constants.Z_SYNC_FLUSH\n                }))\n              } else if (coding === 'deflate') {\n                decoders.push(zlib.createInflate())\n              } else if (coding === 'br') {\n                decoders.push(zlib.createBrotliDecompress())\n              } else {\n                decoders.length = 0\n                break\n              }\n            }\n          }\n\n          resolve({\n            status,\n            statusText,\n            headersList: headers[kHeadersList],\n            body: decoders.length\n              ? pipeline(this.body, ...decoders, () => { })\n              : this.body.on('error', () => {})\n          })\n\n          return true\n        },\n\n        onData (chunk) {\n          if (fetchParams.controller.dump) {\n            return\n          }\n\n          // 1. If one or more bytes have been transmitted from response’s\n          // message body, then:\n\n          //  1. Let bytes be the transmitted bytes.\n          const bytes = chunk\n\n          //  2. Let codings be the result of extracting header list values\n          //  given `Content-Encoding` and response’s header list.\n          //  See pullAlgorithm.\n\n          //  3. Increase timingInfo’s encoded body size by bytes’s length.\n          timingInfo.encodedBodySize += bytes.byteLength\n\n          //  4. See pullAlgorithm...\n\n          return this.body.push(bytes)\n        },\n\n        onComplete () {\n          if (this.abort) {\n            fetchParams.controller.off('terminated', this.abort)\n          }\n\n          fetchParams.controller.ended = true\n\n          this.body.push(null)\n        },\n\n        onError (error) {\n          if (this.abort) {\n            fetchParams.controller.off('terminated', this.abort)\n          }\n\n          this.body?.destroy(error)\n\n          fetchParams.controller.terminate(error)\n\n          reject(error)\n        },\n\n        onUpgrade (status, headersList, socket) {\n          if (status !== 101) {\n            return\n          }\n\n          const headers = new Headers()\n\n          for (let n = 0; n < headersList.length; n += 2) {\n            const key = headersList[n + 0].toString('latin1')\n            const val = headersList[n + 1].toString('latin1')\n\n            headers[kHeadersList].append(key, val)\n          }\n\n          resolve({\n            status,\n            statusText: STATUS_CODES[status],\n            headersList: headers[kHeadersList],\n            socket\n          })\n\n          return true\n        }\n      }\n    ))\n  }\n}\n\nmodule.exports = {\n  fetch,\n  Fetch,\n  fetching,\n  finalizeAndReportTiming\n}\n","/* globals AbortController */\n\n'use strict'\n\nconst { extractBody, mixinBody, cloneBody } = require('./body')\nconst { Headers, fill: fillHeaders, HeadersList } = require('./headers')\nconst { FinalizationRegistry } = require('../compat/dispatcher-weakref')()\nconst util = require('../core/util')\nconst {\n  isValidHTTPToken,\n  sameOrigin,\n  normalizeMethod,\n  makePolicyContainer,\n  normalizeMethodRecord\n} = require('./util')\nconst {\n  forbiddenMethodsSet,\n  corsSafeListedMethodsSet,\n  referrerPolicy,\n  requestRedirect,\n  requestMode,\n  requestCredentials,\n  requestCache,\n  requestDuplex\n} = require('./constants')\nconst { kEnumerableProperty } = util\nconst { kHeaders, kSignal, kState, kGuard, kRealm } = require('./symbols')\nconst { webidl } = require('./webidl')\nconst { getGlobalOrigin } = require('./global')\nconst { URLSerializer } = require('./dataURL')\nconst { kHeadersList, kConstruct } = require('../core/symbols')\nconst assert = require('assert')\nconst { getMaxListeners, setMaxListeners, getEventListeners, defaultMaxListeners } = require('events')\n\nlet TransformStream = globalThis.TransformStream\n\nconst kAbortController = Symbol('abortController')\n\nconst requestFinalizer = new FinalizationRegistry(({ signal, abort }) => {\n  signal.removeEventListener('abort', abort)\n})\n\n// https://fetch.spec.whatwg.org/#request-class\nclass Request {\n  // https://fetch.spec.whatwg.org/#dom-request\n  constructor (input, init = {}) {\n    if (input === kConstruct) {\n      return\n    }\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Request constructor' })\n\n    input = webidl.converters.RequestInfo(input)\n    init = webidl.converters.RequestInit(init)\n\n    // https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object\n    this[kRealm] = {\n      settingsObject: {\n        baseUrl: getGlobalOrigin(),\n        get origin () {\n          return this.baseUrl?.origin\n        },\n        policyContainer: makePolicyContainer()\n      }\n    }\n\n    // 1. Let request be null.\n    let request = null\n\n    // 2. Let fallbackMode be null.\n    let fallbackMode = null\n\n    // 3. Let baseURL be this’s relevant settings object’s API base URL.\n    const baseUrl = this[kRealm].settingsObject.baseUrl\n\n    // 4. Let signal be null.\n    let signal = null\n\n    // 5. If input is a string, then:\n    if (typeof input === 'string') {\n      // 1. Let parsedURL be the result of parsing input with baseURL.\n      // 2. If parsedURL is failure, then throw a TypeError.\n      let parsedURL\n      try {\n        parsedURL = new URL(input, baseUrl)\n      } catch (err) {\n        throw new TypeError('Failed to parse URL from ' + input, { cause: err })\n      }\n\n      // 3. If parsedURL includes credentials, then throw a TypeError.\n      if (parsedURL.username || parsedURL.password) {\n        throw new TypeError(\n          'Request cannot be constructed from a URL that includes credentials: ' +\n            input\n        )\n      }\n\n      // 4. Set request to a new request whose URL is parsedURL.\n      request = makeRequest({ urlList: [parsedURL] })\n\n      // 5. Set fallbackMode to \"cors\".\n      fallbackMode = 'cors'\n    } else {\n      // 6. Otherwise:\n\n      // 7. Assert: input is a Request object.\n      assert(input instanceof Request)\n\n      // 8. Set request to input’s request.\n      request = input[kState]\n\n      // 9. Set signal to input’s signal.\n      signal = input[kSignal]\n    }\n\n    // 7. Let origin be this’s relevant settings object’s origin.\n    const origin = this[kRealm].settingsObject.origin\n\n    // 8. Let window be \"client\".\n    let window = 'client'\n\n    // 9. If request’s window is an environment settings object and its origin\n    // is same origin with origin, then set window to request’s window.\n    if (\n      request.window?.constructor?.name === 'EnvironmentSettingsObject' &&\n      sameOrigin(request.window, origin)\n    ) {\n      window = request.window\n    }\n\n    // 10. If init[\"window\"] exists and is non-null, then throw a TypeError.\n    if (init.window != null) {\n      throw new TypeError(`'window' option '${window}' must be null`)\n    }\n\n    // 11. If init[\"window\"] exists, then set window to \"no-window\".\n    if ('window' in init) {\n      window = 'no-window'\n    }\n\n    // 12. Set request to a new request with the following properties:\n    request = makeRequest({\n      // URL request’s URL.\n      // undici implementation note: this is set as the first item in request's urlList in makeRequest\n      // method request’s method.\n      method: request.method,\n      // header list A copy of request’s header list.\n      // undici implementation note: headersList is cloned in makeRequest\n      headersList: request.headersList,\n      // unsafe-request flag Set.\n      unsafeRequest: request.unsafeRequest,\n      // client This’s relevant settings object.\n      client: this[kRealm].settingsObject,\n      // window window.\n      window,\n      // priority request’s priority.\n      priority: request.priority,\n      // origin request’s origin. The propagation of the origin is only significant for navigation requests\n      // being handled by a service worker. In this scenario a request can have an origin that is different\n      // from the current client.\n      origin: request.origin,\n      // referrer request’s referrer.\n      referrer: request.referrer,\n      // referrer policy request’s referrer policy.\n      referrerPolicy: request.referrerPolicy,\n      // mode request’s mode.\n      mode: request.mode,\n      // credentials mode request’s credentials mode.\n      credentials: request.credentials,\n      // cache mode request’s cache mode.\n      cache: request.cache,\n      // redirect mode request’s redirect mode.\n      redirect: request.redirect,\n      // integrity metadata request’s integrity metadata.\n      integrity: request.integrity,\n      // keepalive request’s keepalive.\n      keepalive: request.keepalive,\n      // reload-navigation flag request’s reload-navigation flag.\n      reloadNavigation: request.reloadNavigation,\n      // history-navigation flag request’s history-navigation flag.\n      historyNavigation: request.historyNavigation,\n      // URL list A clone of request’s URL list.\n      urlList: [...request.urlList]\n    })\n\n    const initHasKey = Object.keys(init).length !== 0\n\n    // 13. If init is not empty, then:\n    if (initHasKey) {\n      // 1. If request’s mode is \"navigate\", then set it to \"same-origin\".\n      if (request.mode === 'navigate') {\n        request.mode = 'same-origin'\n      }\n\n      // 2. Unset request’s reload-navigation flag.\n      request.reloadNavigation = false\n\n      // 3. Unset request’s history-navigation flag.\n      request.historyNavigation = false\n\n      // 4. Set request’s origin to \"client\".\n      request.origin = 'client'\n\n      // 5. Set request’s referrer to \"client\"\n      request.referrer = 'client'\n\n      // 6. Set request’s referrer policy to the empty string.\n      request.referrerPolicy = ''\n\n      // 7. Set request’s URL to request’s current URL.\n      request.url = request.urlList[request.urlList.length - 1]\n\n      // 8. Set request’s URL list to « request’s URL ».\n      request.urlList = [request.url]\n    }\n\n    // 14. If init[\"referrer\"] exists, then:\n    if (init.referrer !== undefined) {\n      // 1. Let referrer be init[\"referrer\"].\n      const referrer = init.referrer\n\n      // 2. If referrer is the empty string, then set request’s referrer to \"no-referrer\".\n      if (referrer === '') {\n        request.referrer = 'no-referrer'\n      } else {\n        // 1. Let parsedReferrer be the result of parsing referrer with\n        // baseURL.\n        // 2. If parsedReferrer is failure, then throw a TypeError.\n        let parsedReferrer\n        try {\n          parsedReferrer = new URL(referrer, baseUrl)\n        } catch (err) {\n          throw new TypeError(`Referrer \"${referrer}\" is not a valid URL.`, { cause: err })\n        }\n\n        // 3. If one of the following is true\n        // - parsedReferrer’s scheme is \"about\" and path is the string \"client\"\n        // - parsedReferrer’s origin is not same origin with origin\n        // then set request’s referrer to \"client\".\n        if (\n          (parsedReferrer.protocol === 'about:' && parsedReferrer.hostname === 'client') ||\n          (origin && !sameOrigin(parsedReferrer, this[kRealm].settingsObject.baseUrl))\n        ) {\n          request.referrer = 'client'\n        } else {\n          // 4. Otherwise, set request’s referrer to parsedReferrer.\n          request.referrer = parsedReferrer\n        }\n      }\n    }\n\n    // 15. If init[\"referrerPolicy\"] exists, then set request’s referrer policy\n    // to it.\n    if (init.referrerPolicy !== undefined) {\n      request.referrerPolicy = init.referrerPolicy\n    }\n\n    // 16. Let mode be init[\"mode\"] if it exists, and fallbackMode otherwise.\n    let mode\n    if (init.mode !== undefined) {\n      mode = init.mode\n    } else {\n      mode = fallbackMode\n    }\n\n    // 17. If mode is \"navigate\", then throw a TypeError.\n    if (mode === 'navigate') {\n      throw webidl.errors.exception({\n        header: 'Request constructor',\n        message: 'invalid request mode navigate.'\n      })\n    }\n\n    // 18. If mode is non-null, set request’s mode to mode.\n    if (mode != null) {\n      request.mode = mode\n    }\n\n    // 19. If init[\"credentials\"] exists, then set request’s credentials mode\n    // to it.\n    if (init.credentials !== undefined) {\n      request.credentials = init.credentials\n    }\n\n    // 18. If init[\"cache\"] exists, then set request’s cache mode to it.\n    if (init.cache !== undefined) {\n      request.cache = init.cache\n    }\n\n    // 21. If request’s cache mode is \"only-if-cached\" and request’s mode is\n    // not \"same-origin\", then throw a TypeError.\n    if (request.cache === 'only-if-cached' && request.mode !== 'same-origin') {\n      throw new TypeError(\n        \"'only-if-cached' can be set only with 'same-origin' mode\"\n      )\n    }\n\n    // 22. If init[\"redirect\"] exists, then set request’s redirect mode to it.\n    if (init.redirect !== undefined) {\n      request.redirect = init.redirect\n    }\n\n    // 23. If init[\"integrity\"] exists, then set request’s integrity metadata to it.\n    if (init.integrity != null) {\n      request.integrity = String(init.integrity)\n    }\n\n    // 24. If init[\"keepalive\"] exists, then set request’s keepalive to it.\n    if (init.keepalive !== undefined) {\n      request.keepalive = Boolean(init.keepalive)\n    }\n\n    // 25. If init[\"method\"] exists, then:\n    if (init.method !== undefined) {\n      // 1. Let method be init[\"method\"].\n      let method = init.method\n\n      // 2. If method is not a method or method is a forbidden method, then\n      // throw a TypeError.\n      if (!isValidHTTPToken(method)) {\n        throw new TypeError(`'${method}' is not a valid HTTP method.`)\n      }\n\n      if (forbiddenMethodsSet.has(method.toUpperCase())) {\n        throw new TypeError(`'${method}' HTTP method is unsupported.`)\n      }\n\n      // 3. Normalize method.\n      method = normalizeMethodRecord[method] ?? normalizeMethod(method)\n\n      // 4. Set request’s method to method.\n      request.method = method\n    }\n\n    // 26. If init[\"signal\"] exists, then set signal to it.\n    if (init.signal !== undefined) {\n      signal = init.signal\n    }\n\n    // 27. Set this’s request to request.\n    this[kState] = request\n\n    // 28. Set this’s signal to a new AbortSignal object with this’s relevant\n    // Realm.\n    // TODO: could this be simplified with AbortSignal.any\n    // (https://dom.spec.whatwg.org/#dom-abortsignal-any)\n    const ac = new AbortController()\n    this[kSignal] = ac.signal\n    this[kSignal][kRealm] = this[kRealm]\n\n    // 29. If signal is not null, then make this’s signal follow signal.\n    if (signal != null) {\n      if (\n        !signal ||\n        typeof signal.aborted !== 'boolean' ||\n        typeof signal.addEventListener !== 'function'\n      ) {\n        throw new TypeError(\n          \"Failed to construct 'Request': member signal is not of type AbortSignal.\"\n        )\n      }\n\n      if (signal.aborted) {\n        ac.abort(signal.reason)\n      } else {\n        // Keep a strong ref to ac while request object\n        // is alive. This is needed to prevent AbortController\n        // from being prematurely garbage collected.\n        // See, https://github.com/nodejs/undici/issues/1926.\n        this[kAbortController] = ac\n\n        const acRef = new WeakRef(ac)\n        const abort = function () {\n          const ac = acRef.deref()\n          if (ac !== undefined) {\n            ac.abort(this.reason)\n          }\n        }\n\n        // Third-party AbortControllers may not work with these.\n        // See, https://github.com/nodejs/undici/pull/1910#issuecomment-1464495619.\n        try {\n          // If the max amount of listeners is equal to the default, increase it\n          // This is only available in node >= v19.9.0\n          if (typeof getMaxListeners === 'function' && getMaxListeners(signal) === defaultMaxListeners) {\n            setMaxListeners(100, signal)\n          } else if (getEventListeners(signal, 'abort').length >= defaultMaxListeners) {\n            setMaxListeners(100, signal)\n          }\n        } catch {}\n\n        util.addAbortListener(signal, abort)\n        requestFinalizer.register(ac, { signal, abort })\n      }\n    }\n\n    // 30. Set this’s headers to a new Headers object with this’s relevant\n    // Realm, whose header list is request’s header list and guard is\n    // \"request\".\n    this[kHeaders] = new Headers(kConstruct)\n    this[kHeaders][kHeadersList] = request.headersList\n    this[kHeaders][kGuard] = 'request'\n    this[kHeaders][kRealm] = this[kRealm]\n\n    // 31. If this’s request’s mode is \"no-cors\", then:\n    if (mode === 'no-cors') {\n      // 1. If this’s request’s method is not a CORS-safelisted method,\n      // then throw a TypeError.\n      if (!corsSafeListedMethodsSet.has(request.method)) {\n        throw new TypeError(\n          `'${request.method} is unsupported in no-cors mode.`\n        )\n      }\n\n      // 2. Set this’s headers’s guard to \"request-no-cors\".\n      this[kHeaders][kGuard] = 'request-no-cors'\n    }\n\n    // 32. If init is not empty, then:\n    if (initHasKey) {\n      /** @type {HeadersList} */\n      const headersList = this[kHeaders][kHeadersList]\n      // 1. Let headers be a copy of this’s headers and its associated header\n      // list.\n      // 2. If init[\"headers\"] exists, then set headers to init[\"headers\"].\n      const headers = init.headers !== undefined ? init.headers : new HeadersList(headersList)\n\n      // 3. Empty this’s headers’s header list.\n      headersList.clear()\n\n      // 4. If headers is a Headers object, then for each header in its header\n      // list, append header’s name/header’s value to this’s headers.\n      if (headers instanceof HeadersList) {\n        for (const [key, val] of headers) {\n          headersList.append(key, val)\n        }\n        // Note: Copy the `set-cookie` meta-data.\n        headersList.cookies = headers.cookies\n      } else {\n        // 5. Otherwise, fill this’s headers with headers.\n        fillHeaders(this[kHeaders], headers)\n      }\n    }\n\n    // 33. Let inputBody be input’s request’s body if input is a Request\n    // object; otherwise null.\n    const inputBody = input instanceof Request ? input[kState].body : null\n\n    // 34. If either init[\"body\"] exists and is non-null or inputBody is\n    // non-null, and request’s method is `GET` or `HEAD`, then throw a\n    // TypeError.\n    if (\n      (init.body != null || inputBody != null) &&\n      (request.method === 'GET' || request.method === 'HEAD')\n    ) {\n      throw new TypeError('Request with GET/HEAD method cannot have body.')\n    }\n\n    // 35. Let initBody be null.\n    let initBody = null\n\n    // 36. If init[\"body\"] exists and is non-null, then:\n    if (init.body != null) {\n      // 1. Let Content-Type be null.\n      // 2. Set initBody and Content-Type to the result of extracting\n      // init[\"body\"], with keepalive set to request’s keepalive.\n      const [extractedBody, contentType] = extractBody(\n        init.body,\n        request.keepalive\n      )\n      initBody = extractedBody\n\n      // 3, If Content-Type is non-null and this’s headers’s header list does\n      // not contain `Content-Type`, then append `Content-Type`/Content-Type to\n      // this’s headers.\n      if (contentType && !this[kHeaders][kHeadersList].contains('content-type')) {\n        this[kHeaders].append('content-type', contentType)\n      }\n    }\n\n    // 37. Let inputOrInitBody be initBody if it is non-null; otherwise\n    // inputBody.\n    const inputOrInitBody = initBody ?? inputBody\n\n    // 38. If inputOrInitBody is non-null and inputOrInitBody’s source is\n    // null, then:\n    if (inputOrInitBody != null && inputOrInitBody.source == null) {\n      // 1. If initBody is non-null and init[\"duplex\"] does not exist,\n      //    then throw a TypeError.\n      if (initBody != null && init.duplex == null) {\n        throw new TypeError('RequestInit: duplex option is required when sending a body.')\n      }\n\n      // 2. If this’s request’s mode is neither \"same-origin\" nor \"cors\",\n      // then throw a TypeError.\n      if (request.mode !== 'same-origin' && request.mode !== 'cors') {\n        throw new TypeError(\n          'If request is made from ReadableStream, mode should be \"same-origin\" or \"cors\"'\n        )\n      }\n\n      // 3. Set this’s request’s use-CORS-preflight flag.\n      request.useCORSPreflightFlag = true\n    }\n\n    // 39. Let finalBody be inputOrInitBody.\n    let finalBody = inputOrInitBody\n\n    // 40. If initBody is null and inputBody is non-null, then:\n    if (initBody == null && inputBody != null) {\n      // 1. If input is unusable, then throw a TypeError.\n      if (util.isDisturbed(inputBody.stream) || inputBody.stream.locked) {\n        throw new TypeError(\n          'Cannot construct a Request with a Request object that has already been used.'\n        )\n      }\n\n      // 2. Set finalBody to the result of creating a proxy for inputBody.\n      if (!TransformStream) {\n        TransformStream = require('stream/web').TransformStream\n      }\n\n      // https://streams.spec.whatwg.org/#readablestream-create-a-proxy\n      const identityTransform = new TransformStream()\n      inputBody.stream.pipeThrough(identityTransform)\n      finalBody = {\n        source: inputBody.source,\n        length: inputBody.length,\n        stream: identityTransform.readable\n      }\n    }\n\n    // 41. Set this’s request’s body to finalBody.\n    this[kState].body = finalBody\n  }\n\n  // Returns request’s HTTP method, which is \"GET\" by default.\n  get method () {\n    webidl.brandCheck(this, Request)\n\n    // The method getter steps are to return this’s request’s method.\n    return this[kState].method\n  }\n\n  // Returns the URL of request as a string.\n  get url () {\n    webidl.brandCheck(this, Request)\n\n    // The url getter steps are to return this’s request’s URL, serialized.\n    return URLSerializer(this[kState].url)\n  }\n\n  // Returns a Headers object consisting of the headers associated with request.\n  // Note that headers added in the network layer by the user agent will not\n  // be accounted for in this object, e.g., the \"Host\" header.\n  get headers () {\n    webidl.brandCheck(this, Request)\n\n    // The headers getter steps are to return this’s headers.\n    return this[kHeaders]\n  }\n\n  // Returns the kind of resource requested by request, e.g., \"document\"\n  // or \"script\".\n  get destination () {\n    webidl.brandCheck(this, Request)\n\n    // The destination getter are to return this’s request’s destination.\n    return this[kState].destination\n  }\n\n  // Returns the referrer of request. Its value can be a same-origin URL if\n  // explicitly set in init, the empty string to indicate no referrer, and\n  // \"about:client\" when defaulting to the global’s default. This is used\n  // during fetching to determine the value of the `Referer` header of the\n  // request being made.\n  get referrer () {\n    webidl.brandCheck(this, Request)\n\n    // 1. If this’s request’s referrer is \"no-referrer\", then return the\n    // empty string.\n    if (this[kState].referrer === 'no-referrer') {\n      return ''\n    }\n\n    // 2. If this’s request’s referrer is \"client\", then return\n    // \"about:client\".\n    if (this[kState].referrer === 'client') {\n      return 'about:client'\n    }\n\n    // Return this’s request’s referrer, serialized.\n    return this[kState].referrer.toString()\n  }\n\n  // Returns the referrer policy associated with request.\n  // This is used during fetching to compute the value of the request’s\n  // referrer.\n  get referrerPolicy () {\n    webidl.brandCheck(this, Request)\n\n    // The referrerPolicy getter steps are to return this’s request’s referrer policy.\n    return this[kState].referrerPolicy\n  }\n\n  // Returns the mode associated with request, which is a string indicating\n  // whether the request will use CORS, or will be restricted to same-origin\n  // URLs.\n  get mode () {\n    webidl.brandCheck(this, Request)\n\n    // The mode getter steps are to return this’s request’s mode.\n    return this[kState].mode\n  }\n\n  // Returns the credentials mode associated with request,\n  // which is a string indicating whether credentials will be sent with the\n  // request always, never, or only when sent to a same-origin URL.\n  get credentials () {\n    // The credentials getter steps are to return this’s request’s credentials mode.\n    return this[kState].credentials\n  }\n\n  // Returns the cache mode associated with request,\n  // which is a string indicating how the request will\n  // interact with the browser’s cache when fetching.\n  get cache () {\n    webidl.brandCheck(this, Request)\n\n    // The cache getter steps are to return this’s request’s cache mode.\n    return this[kState].cache\n  }\n\n  // Returns the redirect mode associated with request,\n  // which is a string indicating how redirects for the\n  // request will be handled during fetching. A request\n  // will follow redirects by default.\n  get redirect () {\n    webidl.brandCheck(this, Request)\n\n    // The redirect getter steps are to return this’s request’s redirect mode.\n    return this[kState].redirect\n  }\n\n  // Returns request’s subresource integrity metadata, which is a\n  // cryptographic hash of the resource being fetched. Its value\n  // consists of multiple hashes separated by whitespace. [SRI]\n  get integrity () {\n    webidl.brandCheck(this, Request)\n\n    // The integrity getter steps are to return this’s request’s integrity\n    // metadata.\n    return this[kState].integrity\n  }\n\n  // Returns a boolean indicating whether or not request can outlive the\n  // global in which it was created.\n  get keepalive () {\n    webidl.brandCheck(this, Request)\n\n    // The keepalive getter steps are to return this’s request’s keepalive.\n    return this[kState].keepalive\n  }\n\n  // Returns a boolean indicating whether or not request is for a reload\n  // navigation.\n  get isReloadNavigation () {\n    webidl.brandCheck(this, Request)\n\n    // The isReloadNavigation getter steps are to return true if this’s\n    // request’s reload-navigation flag is set; otherwise false.\n    return this[kState].reloadNavigation\n  }\n\n  // Returns a boolean indicating whether or not request is for a history\n  // navigation (a.k.a. back-foward navigation).\n  get isHistoryNavigation () {\n    webidl.brandCheck(this, Request)\n\n    // The isHistoryNavigation getter steps are to return true if this’s request’s\n    // history-navigation flag is set; otherwise false.\n    return this[kState].historyNavigation\n  }\n\n  // Returns the signal associated with request, which is an AbortSignal\n  // object indicating whether or not request has been aborted, and its\n  // abort event handler.\n  get signal () {\n    webidl.brandCheck(this, Request)\n\n    // The signal getter steps are to return this’s signal.\n    return this[kSignal]\n  }\n\n  get body () {\n    webidl.brandCheck(this, Request)\n\n    return this[kState].body ? this[kState].body.stream : null\n  }\n\n  get bodyUsed () {\n    webidl.brandCheck(this, Request)\n\n    return !!this[kState].body && util.isDisturbed(this[kState].body.stream)\n  }\n\n  get duplex () {\n    webidl.brandCheck(this, Request)\n\n    return 'half'\n  }\n\n  // Returns a clone of request.\n  clone () {\n    webidl.brandCheck(this, Request)\n\n    // 1. If this is unusable, then throw a TypeError.\n    if (this.bodyUsed || this.body?.locked) {\n      throw new TypeError('unusable')\n    }\n\n    // 2. Let clonedRequest be the result of cloning this’s request.\n    const clonedRequest = cloneRequest(this[kState])\n\n    // 3. Let clonedRequestObject be the result of creating a Request object,\n    // given clonedRequest, this’s headers’s guard, and this’s relevant Realm.\n    const clonedRequestObject = new Request(kConstruct)\n    clonedRequestObject[kState] = clonedRequest\n    clonedRequestObject[kRealm] = this[kRealm]\n    clonedRequestObject[kHeaders] = new Headers(kConstruct)\n    clonedRequestObject[kHeaders][kHeadersList] = clonedRequest.headersList\n    clonedRequestObject[kHeaders][kGuard] = this[kHeaders][kGuard]\n    clonedRequestObject[kHeaders][kRealm] = this[kHeaders][kRealm]\n\n    // 4. Make clonedRequestObject’s signal follow this’s signal.\n    const ac = new AbortController()\n    if (this.signal.aborted) {\n      ac.abort(this.signal.reason)\n    } else {\n      util.addAbortListener(\n        this.signal,\n        () => {\n          ac.abort(this.signal.reason)\n        }\n      )\n    }\n    clonedRequestObject[kSignal] = ac.signal\n\n    // 4. Return clonedRequestObject.\n    return clonedRequestObject\n  }\n}\n\nmixinBody(Request)\n\nfunction makeRequest (init) {\n  // https://fetch.spec.whatwg.org/#requests\n  const request = {\n    method: 'GET',\n    localURLsOnly: false,\n    unsafeRequest: false,\n    body: null,\n    client: null,\n    reservedClient: null,\n    replacesClientId: '',\n    window: 'client',\n    keepalive: false,\n    serviceWorkers: 'all',\n    initiator: '',\n    destination: '',\n    priority: null,\n    origin: 'client',\n    policyContainer: 'client',\n    referrer: 'client',\n    referrerPolicy: '',\n    mode: 'no-cors',\n    useCORSPreflightFlag: false,\n    credentials: 'same-origin',\n    useCredentials: false,\n    cache: 'default',\n    redirect: 'follow',\n    integrity: '',\n    cryptoGraphicsNonceMetadata: '',\n    parserMetadata: '',\n    reloadNavigation: false,\n    historyNavigation: false,\n    userActivation: false,\n    taintedOrigin: false,\n    redirectCount: 0,\n    responseTainting: 'basic',\n    preventNoCacheCacheControlHeaderModification: false,\n    done: false,\n    timingAllowFailed: false,\n    ...init,\n    headersList: init.headersList\n      ? new HeadersList(init.headersList)\n      : new HeadersList()\n  }\n  request.url = request.urlList[0]\n  return request\n}\n\n// https://fetch.spec.whatwg.org/#concept-request-clone\nfunction cloneRequest (request) {\n  // To clone a request request, run these steps:\n\n  // 1. Let newRequest be a copy of request, except for its body.\n  const newRequest = makeRequest({ ...request, body: null })\n\n  // 2. If request’s body is non-null, set newRequest’s body to the\n  // result of cloning request’s body.\n  if (request.body != null) {\n    newRequest.body = cloneBody(request.body)\n  }\n\n  // 3. Return newRequest.\n  return newRequest\n}\n\nObject.defineProperties(Request.prototype, {\n  method: kEnumerableProperty,\n  url: kEnumerableProperty,\n  headers: kEnumerableProperty,\n  redirect: kEnumerableProperty,\n  clone: kEnumerableProperty,\n  signal: kEnumerableProperty,\n  duplex: kEnumerableProperty,\n  destination: kEnumerableProperty,\n  body: kEnumerableProperty,\n  bodyUsed: kEnumerableProperty,\n  isHistoryNavigation: kEnumerableProperty,\n  isReloadNavigation: kEnumerableProperty,\n  keepalive: kEnumerableProperty,\n  integrity: kEnumerableProperty,\n  cache: kEnumerableProperty,\n  credentials: kEnumerableProperty,\n  attribute: kEnumerableProperty,\n  referrerPolicy: kEnumerableProperty,\n  referrer: kEnumerableProperty,\n  mode: kEnumerableProperty,\n  [Symbol.toStringTag]: {\n    value: 'Request',\n    configurable: true\n  }\n})\n\nwebidl.converters.Request = webidl.interfaceConverter(\n  Request\n)\n\n// https://fetch.spec.whatwg.org/#requestinfo\nwebidl.converters.RequestInfo = function (V) {\n  if (typeof V === 'string') {\n    return webidl.converters.USVString(V)\n  }\n\n  if (V instanceof Request) {\n    return webidl.converters.Request(V)\n  }\n\n  return webidl.converters.USVString(V)\n}\n\nwebidl.converters.AbortSignal = webidl.interfaceConverter(\n  AbortSignal\n)\n\n// https://fetch.spec.whatwg.org/#requestinit\nwebidl.converters.RequestInit = webidl.dictionaryConverter([\n  {\n    key: 'method',\n    converter: webidl.converters.ByteString\n  },\n  {\n    key: 'headers',\n    converter: webidl.converters.HeadersInit\n  },\n  {\n    key: 'body',\n    converter: webidl.nullableConverter(\n      webidl.converters.BodyInit\n    )\n  },\n  {\n    key: 'referrer',\n    converter: webidl.converters.USVString\n  },\n  {\n    key: 'referrerPolicy',\n    converter: webidl.converters.DOMString,\n    // https://w3c.github.io/webappsec-referrer-policy/#referrer-policy\n    allowedValues: referrerPolicy\n  },\n  {\n    key: 'mode',\n    converter: webidl.converters.DOMString,\n    // https://fetch.spec.whatwg.org/#concept-request-mode\n    allowedValues: requestMode\n  },\n  {\n    key: 'credentials',\n    converter: webidl.converters.DOMString,\n    // https://fetch.spec.whatwg.org/#requestcredentials\n    allowedValues: requestCredentials\n  },\n  {\n    key: 'cache',\n    converter: webidl.converters.DOMString,\n    // https://fetch.spec.whatwg.org/#requestcache\n    allowedValues: requestCache\n  },\n  {\n    key: 'redirect',\n    converter: webidl.converters.DOMString,\n    // https://fetch.spec.whatwg.org/#requestredirect\n    allowedValues: requestRedirect\n  },\n  {\n    key: 'integrity',\n    converter: webidl.converters.DOMString\n  },\n  {\n    key: 'keepalive',\n    converter: webidl.converters.boolean\n  },\n  {\n    key: 'signal',\n    converter: webidl.nullableConverter(\n      (signal) => webidl.converters.AbortSignal(\n        signal,\n        { strict: false }\n      )\n    )\n  },\n  {\n    key: 'window',\n    converter: webidl.converters.any\n  },\n  {\n    key: 'duplex',\n    converter: webidl.converters.DOMString,\n    allowedValues: requestDuplex\n  }\n])\n\nmodule.exports = { Request, makeRequest }\n","'use strict'\n\nconst { Headers, HeadersList, fill } = require('./headers')\nconst { extractBody, cloneBody, mixinBody } = require('./body')\nconst util = require('../core/util')\nconst { kEnumerableProperty } = util\nconst {\n  isValidReasonPhrase,\n  isCancelled,\n  isAborted,\n  isBlobLike,\n  serializeJavascriptValueToJSONString,\n  isErrorLike,\n  isomorphicEncode\n} = require('./util')\nconst {\n  redirectStatusSet,\n  nullBodyStatus,\n  DOMException\n} = require('./constants')\nconst { kState, kHeaders, kGuard, kRealm } = require('./symbols')\nconst { webidl } = require('./webidl')\nconst { FormData } = require('./formdata')\nconst { getGlobalOrigin } = require('./global')\nconst { URLSerializer } = require('./dataURL')\nconst { kHeadersList, kConstruct } = require('../core/symbols')\nconst assert = require('assert')\nconst { types } = require('util')\n\nconst ReadableStream = globalThis.ReadableStream || require('stream/web').ReadableStream\nconst textEncoder = new TextEncoder('utf-8')\n\n// https://fetch.spec.whatwg.org/#response-class\nclass Response {\n  // Creates network error Response.\n  static error () {\n    // TODO\n    const relevantRealm = { settingsObject: {} }\n\n    // The static error() method steps are to return the result of creating a\n    // Response object, given a new network error, \"immutable\", and this’s\n    // relevant Realm.\n    const responseObject = new Response()\n    responseObject[kState] = makeNetworkError()\n    responseObject[kRealm] = relevantRealm\n    responseObject[kHeaders][kHeadersList] = responseObject[kState].headersList\n    responseObject[kHeaders][kGuard] = 'immutable'\n    responseObject[kHeaders][kRealm] = relevantRealm\n    return responseObject\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-response-json\n  static json (data, init = {}) {\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Response.json' })\n\n    if (init !== null) {\n      init = webidl.converters.ResponseInit(init)\n    }\n\n    // 1. Let bytes the result of running serialize a JavaScript value to JSON bytes on data.\n    const bytes = textEncoder.encode(\n      serializeJavascriptValueToJSONString(data)\n    )\n\n    // 2. Let body be the result of extracting bytes.\n    const body = extractBody(bytes)\n\n    // 3. Let responseObject be the result of creating a Response object, given a new response,\n    //    \"response\", and this’s relevant Realm.\n    const relevantRealm = { settingsObject: {} }\n    const responseObject = new Response()\n    responseObject[kRealm] = relevantRealm\n    responseObject[kHeaders][kGuard] = 'response'\n    responseObject[kHeaders][kRealm] = relevantRealm\n\n    // 4. Perform initialize a response given responseObject, init, and (body, \"application/json\").\n    initializeResponse(responseObject, init, { body: body[0], type: 'application/json' })\n\n    // 5. Return responseObject.\n    return responseObject\n  }\n\n  // Creates a redirect Response that redirects to url with status status.\n  static redirect (url, status = 302) {\n    const relevantRealm = { settingsObject: {} }\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'Response.redirect' })\n\n    url = webidl.converters.USVString(url)\n    status = webidl.converters['unsigned short'](status)\n\n    // 1. Let parsedURL be the result of parsing url with current settings\n    // object’s API base URL.\n    // 2. If parsedURL is failure, then throw a TypeError.\n    // TODO: base-URL?\n    let parsedURL\n    try {\n      parsedURL = new URL(url, getGlobalOrigin())\n    } catch (err) {\n      throw Object.assign(new TypeError('Failed to parse URL from ' + url), {\n        cause: err\n      })\n    }\n\n    // 3. If status is not a redirect status, then throw a RangeError.\n    if (!redirectStatusSet.has(status)) {\n      throw new RangeError('Invalid status code ' + status)\n    }\n\n    // 4. Let responseObject be the result of creating a Response object,\n    // given a new response, \"immutable\", and this’s relevant Realm.\n    const responseObject = new Response()\n    responseObject[kRealm] = relevantRealm\n    responseObject[kHeaders][kGuard] = 'immutable'\n    responseObject[kHeaders][kRealm] = relevantRealm\n\n    // 5. Set responseObject’s response’s status to status.\n    responseObject[kState].status = status\n\n    // 6. Let value be parsedURL, serialized and isomorphic encoded.\n    const value = isomorphicEncode(URLSerializer(parsedURL))\n\n    // 7. Append `Location`/value to responseObject’s response’s header list.\n    responseObject[kState].headersList.append('location', value)\n\n    // 8. Return responseObject.\n    return responseObject\n  }\n\n  // https://fetch.spec.whatwg.org/#dom-response\n  constructor (body = null, init = {}) {\n    if (body !== null) {\n      body = webidl.converters.BodyInit(body)\n    }\n\n    init = webidl.converters.ResponseInit(init)\n\n    // TODO\n    this[kRealm] = { settingsObject: {} }\n\n    // 1. Set this’s response to a new response.\n    this[kState] = makeResponse({})\n\n    // 2. Set this’s headers to a new Headers object with this’s relevant\n    // Realm, whose header list is this’s response’s header list and guard\n    // is \"response\".\n    this[kHeaders] = new Headers(kConstruct)\n    this[kHeaders][kGuard] = 'response'\n    this[kHeaders][kHeadersList] = this[kState].headersList\n    this[kHeaders][kRealm] = this[kRealm]\n\n    // 3. Let bodyWithType be null.\n    let bodyWithType = null\n\n    // 4. If body is non-null, then set bodyWithType to the result of extracting body.\n    if (body != null) {\n      const [extractedBody, type] = extractBody(body)\n      bodyWithType = { body: extractedBody, type }\n    }\n\n    // 5. Perform initialize a response given this, init, and bodyWithType.\n    initializeResponse(this, init, bodyWithType)\n  }\n\n  // Returns response’s type, e.g., \"cors\".\n  get type () {\n    webidl.brandCheck(this, Response)\n\n    // The type getter steps are to return this’s response’s type.\n    return this[kState].type\n  }\n\n  // Returns response’s URL, if it has one; otherwise the empty string.\n  get url () {\n    webidl.brandCheck(this, Response)\n\n    const urlList = this[kState].urlList\n\n    // The url getter steps are to return the empty string if this’s\n    // response’s URL is null; otherwise this’s response’s URL,\n    // serialized with exclude fragment set to true.\n    const url = urlList[urlList.length - 1] ?? null\n\n    if (url === null) {\n      return ''\n    }\n\n    return URLSerializer(url, true)\n  }\n\n  // Returns whether response was obtained through a redirect.\n  get redirected () {\n    webidl.brandCheck(this, Response)\n\n    // The redirected getter steps are to return true if this’s response’s URL\n    // list has more than one item; otherwise false.\n    return this[kState].urlList.length > 1\n  }\n\n  // Returns response’s status.\n  get status () {\n    webidl.brandCheck(this, Response)\n\n    // The status getter steps are to return this’s response’s status.\n    return this[kState].status\n  }\n\n  // Returns whether response’s status is an ok status.\n  get ok () {\n    webidl.brandCheck(this, Response)\n\n    // The ok getter steps are to return true if this’s response’s status is an\n    // ok status; otherwise false.\n    return this[kState].status >= 200 && this[kState].status <= 299\n  }\n\n  // Returns response’s status message.\n  get statusText () {\n    webidl.brandCheck(this, Response)\n\n    // The statusText getter steps are to return this’s response’s status\n    // message.\n    return this[kState].statusText\n  }\n\n  // Returns response’s headers as Headers.\n  get headers () {\n    webidl.brandCheck(this, Response)\n\n    // The headers getter steps are to return this’s headers.\n    return this[kHeaders]\n  }\n\n  get body () {\n    webidl.brandCheck(this, Response)\n\n    return this[kState].body ? this[kState].body.stream : null\n  }\n\n  get bodyUsed () {\n    webidl.brandCheck(this, Response)\n\n    return !!this[kState].body && util.isDisturbed(this[kState].body.stream)\n  }\n\n  // Returns a clone of response.\n  clone () {\n    webidl.brandCheck(this, Response)\n\n    // 1. If this is unusable, then throw a TypeError.\n    if (this.bodyUsed || (this.body && this.body.locked)) {\n      throw webidl.errors.exception({\n        header: 'Response.clone',\n        message: 'Body has already been consumed.'\n      })\n    }\n\n    // 2. Let clonedResponse be the result of cloning this’s response.\n    const clonedResponse = cloneResponse(this[kState])\n\n    // 3. Return the result of creating a Response object, given\n    // clonedResponse, this’s headers’s guard, and this’s relevant Realm.\n    const clonedResponseObject = new Response()\n    clonedResponseObject[kState] = clonedResponse\n    clonedResponseObject[kRealm] = this[kRealm]\n    clonedResponseObject[kHeaders][kHeadersList] = clonedResponse.headersList\n    clonedResponseObject[kHeaders][kGuard] = this[kHeaders][kGuard]\n    clonedResponseObject[kHeaders][kRealm] = this[kHeaders][kRealm]\n\n    return clonedResponseObject\n  }\n}\n\nmixinBody(Response)\n\nObject.defineProperties(Response.prototype, {\n  type: kEnumerableProperty,\n  url: kEnumerableProperty,\n  status: kEnumerableProperty,\n  ok: kEnumerableProperty,\n  redirected: kEnumerableProperty,\n  statusText: kEnumerableProperty,\n  headers: kEnumerableProperty,\n  clone: kEnumerableProperty,\n  body: kEnumerableProperty,\n  bodyUsed: kEnumerableProperty,\n  [Symbol.toStringTag]: {\n    value: 'Response',\n    configurable: true\n  }\n})\n\nObject.defineProperties(Response, {\n  json: kEnumerableProperty,\n  redirect: kEnumerableProperty,\n  error: kEnumerableProperty\n})\n\n// https://fetch.spec.whatwg.org/#concept-response-clone\nfunction cloneResponse (response) {\n  // To clone a response response, run these steps:\n\n  // 1. If response is a filtered response, then return a new identical\n  // filtered response whose internal response is a clone of response’s\n  // internal response.\n  if (response.internalResponse) {\n    return filterResponse(\n      cloneResponse(response.internalResponse),\n      response.type\n    )\n  }\n\n  // 2. Let newResponse be a copy of response, except for its body.\n  const newResponse = makeResponse({ ...response, body: null })\n\n  // 3. If response’s body is non-null, then set newResponse’s body to the\n  // result of cloning response’s body.\n  if (response.body != null) {\n    newResponse.body = cloneBody(response.body)\n  }\n\n  // 4. Return newResponse.\n  return newResponse\n}\n\nfunction makeResponse (init) {\n  return {\n    aborted: false,\n    rangeRequested: false,\n    timingAllowPassed: false,\n    requestIncludesCredentials: false,\n    type: 'default',\n    status: 200,\n    timingInfo: null,\n    cacheState: '',\n    statusText: '',\n    ...init,\n    headersList: init.headersList\n      ? new HeadersList(init.headersList)\n      : new HeadersList(),\n    urlList: init.urlList ? [...init.urlList] : []\n  }\n}\n\nfunction makeNetworkError (reason) {\n  const isError = isErrorLike(reason)\n  return makeResponse({\n    type: 'error',\n    status: 0,\n    error: isError\n      ? reason\n      : new Error(reason ? String(reason) : reason),\n    aborted: reason && reason.name === 'AbortError'\n  })\n}\n\nfunction makeFilteredResponse (response, state) {\n  state = {\n    internalResponse: response,\n    ...state\n  }\n\n  return new Proxy(response, {\n    get (target, p) {\n      return p in state ? state[p] : target[p]\n    },\n    set (target, p, value) {\n      assert(!(p in state))\n      target[p] = value\n      return true\n    }\n  })\n}\n\n// https://fetch.spec.whatwg.org/#concept-filtered-response\nfunction filterResponse (response, type) {\n  // Set response to the following filtered response with response as its\n  // internal response, depending on request’s response tainting:\n  if (type === 'basic') {\n    // A basic filtered response is a filtered response whose type is \"basic\"\n    // and header list excludes any headers in internal response’s header list\n    // whose name is a forbidden response-header name.\n\n    // Note: undici does not implement forbidden response-header names\n    return makeFilteredResponse(response, {\n      type: 'basic',\n      headersList: response.headersList\n    })\n  } else if (type === 'cors') {\n    // A CORS filtered response is a filtered response whose type is \"cors\"\n    // and header list excludes any headers in internal response’s header\n    // list whose name is not a CORS-safelisted response-header name, given\n    // internal response’s CORS-exposed header-name list.\n\n    // Note: undici does not implement CORS-safelisted response-header names\n    return makeFilteredResponse(response, {\n      type: 'cors',\n      headersList: response.headersList\n    })\n  } else if (type === 'opaque') {\n    // An opaque filtered response is a filtered response whose type is\n    // \"opaque\", URL list is the empty list, status is 0, status message\n    // is the empty byte sequence, header list is empty, and body is null.\n\n    return makeFilteredResponse(response, {\n      type: 'opaque',\n      urlList: Object.freeze([]),\n      status: 0,\n      statusText: '',\n      body: null\n    })\n  } else if (type === 'opaqueredirect') {\n    // An opaque-redirect filtered response is a filtered response whose type\n    // is \"opaqueredirect\", status is 0, status message is the empty byte\n    // sequence, header list is empty, and body is null.\n\n    return makeFilteredResponse(response, {\n      type: 'opaqueredirect',\n      status: 0,\n      statusText: '',\n      headersList: [],\n      body: null\n    })\n  } else {\n    assert(false)\n  }\n}\n\n// https://fetch.spec.whatwg.org/#appropriate-network-error\nfunction makeAppropriateNetworkError (fetchParams, err = null) {\n  // 1. Assert: fetchParams is canceled.\n  assert(isCancelled(fetchParams))\n\n  // 2. Return an aborted network error if fetchParams is aborted;\n  // otherwise return a network error.\n  return isAborted(fetchParams)\n    ? makeNetworkError(Object.assign(new DOMException('The operation was aborted.', 'AbortError'), { cause: err }))\n    : makeNetworkError(Object.assign(new DOMException('Request was cancelled.'), { cause: err }))\n}\n\n// https://whatpr.org/fetch/1392.html#initialize-a-response\nfunction initializeResponse (response, init, body) {\n  // 1. If init[\"status\"] is not in the range 200 to 599, inclusive, then\n  //    throw a RangeError.\n  if (init.status !== null && (init.status < 200 || init.status > 599)) {\n    throw new RangeError('init[\"status\"] must be in the range of 200 to 599, inclusive.')\n  }\n\n  // 2. If init[\"statusText\"] does not match the reason-phrase token production,\n  //    then throw a TypeError.\n  if ('statusText' in init && init.statusText != null) {\n    // See, https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.2:\n    //   reason-phrase  = *( HTAB / SP / VCHAR / obs-text )\n    if (!isValidReasonPhrase(String(init.statusText))) {\n      throw new TypeError('Invalid statusText')\n    }\n  }\n\n  // 3. Set response’s response’s status to init[\"status\"].\n  if ('status' in init && init.status != null) {\n    response[kState].status = init.status\n  }\n\n  // 4. Set response’s response’s status message to init[\"statusText\"].\n  if ('statusText' in init && init.statusText != null) {\n    response[kState].statusText = init.statusText\n  }\n\n  // 5. If init[\"headers\"] exists, then fill response’s headers with init[\"headers\"].\n  if ('headers' in init && init.headers != null) {\n    fill(response[kHeaders], init.headers)\n  }\n\n  // 6. If body was given, then:\n  if (body) {\n    // 1. If response's status is a null body status, then throw a TypeError.\n    if (nullBodyStatus.includes(response.status)) {\n      throw webidl.errors.exception({\n        header: 'Response constructor',\n        message: 'Invalid response status code ' + response.status\n      })\n    }\n\n    // 2. Set response's body to body's body.\n    response[kState].body = body.body\n\n    // 3. If body's type is non-null and response's header list does not contain\n    //    `Content-Type`, then append (`Content-Type`, body's type) to response's header list.\n    if (body.type != null && !response[kState].headersList.contains('Content-Type')) {\n      response[kState].headersList.append('content-type', body.type)\n    }\n  }\n}\n\nwebidl.converters.ReadableStream = webidl.interfaceConverter(\n  ReadableStream\n)\n\nwebidl.converters.FormData = webidl.interfaceConverter(\n  FormData\n)\n\nwebidl.converters.URLSearchParams = webidl.interfaceConverter(\n  URLSearchParams\n)\n\n// https://fetch.spec.whatwg.org/#typedefdef-xmlhttprequestbodyinit\nwebidl.converters.XMLHttpRequestBodyInit = function (V) {\n  if (typeof V === 'string') {\n    return webidl.converters.USVString(V)\n  }\n\n  if (isBlobLike(V)) {\n    return webidl.converters.Blob(V, { strict: false })\n  }\n\n  if (types.isArrayBuffer(V) || types.isTypedArray(V) || types.isDataView(V)) {\n    return webidl.converters.BufferSource(V)\n  }\n\n  if (util.isFormDataLike(V)) {\n    return webidl.converters.FormData(V, { strict: false })\n  }\n\n  if (V instanceof URLSearchParams) {\n    return webidl.converters.URLSearchParams(V)\n  }\n\n  return webidl.converters.DOMString(V)\n}\n\n// https://fetch.spec.whatwg.org/#bodyinit\nwebidl.converters.BodyInit = function (V) {\n  if (V instanceof ReadableStream) {\n    return webidl.converters.ReadableStream(V)\n  }\n\n  // Note: the spec doesn't include async iterables,\n  // this is an undici extension.\n  if (V?.[Symbol.asyncIterator]) {\n    return V\n  }\n\n  return webidl.converters.XMLHttpRequestBodyInit(V)\n}\n\nwebidl.converters.ResponseInit = webidl.dictionaryConverter([\n  {\n    key: 'status',\n    converter: webidl.converters['unsigned short'],\n    defaultValue: 200\n  },\n  {\n    key: 'statusText',\n    converter: webidl.converters.ByteString,\n    defaultValue: ''\n  },\n  {\n    key: 'headers',\n    converter: webidl.converters.HeadersInit\n  }\n])\n\nmodule.exports = {\n  makeNetworkError,\n  makeResponse,\n  makeAppropriateNetworkError,\n  filterResponse,\n  Response,\n  cloneResponse\n}\n","'use strict'\n\nmodule.exports = {\n  kUrl: Symbol('url'),\n  kHeaders: Symbol('headers'),\n  kSignal: Symbol('signal'),\n  kState: Symbol('state'),\n  kGuard: Symbol('guard'),\n  kRealm: Symbol('realm')\n}\n","'use strict'\n\nconst { redirectStatusSet, referrerPolicySet: referrerPolicyTokens, badPortsSet } = require('./constants')\nconst { getGlobalOrigin } = require('./global')\nconst { performance } = require('perf_hooks')\nconst { isBlobLike, toUSVString, ReadableStreamFrom } = require('../core/util')\nconst assert = require('assert')\nconst { isUint8Array } = require('util/types')\n\nlet supportedHashes = []\n\n// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable\n/** @type {import('crypto')|undefined} */\nlet crypto\n\ntry {\n  crypto = require('crypto')\n  const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']\n  supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))\n/* c8 ignore next 3 */\n} catch {\n}\n\nfunction responseURL (response) {\n  // https://fetch.spec.whatwg.org/#responses\n  // A response has an associated URL. It is a pointer to the last URL\n  // in response’s URL list and null if response’s URL list is empty.\n  const urlList = response.urlList\n  const length = urlList.length\n  return length === 0 ? null : urlList[length - 1].toString()\n}\n\n// https://fetch.spec.whatwg.org/#concept-response-location-url\nfunction responseLocationURL (response, requestFragment) {\n  // 1. If response’s status is not a redirect status, then return null.\n  if (!redirectStatusSet.has(response.status)) {\n    return null\n  }\n\n  // 2. Let location be the result of extracting header list values given\n  // `Location` and response’s header list.\n  let location = response.headersList.get('location')\n\n  // 3. If location is a header value, then set location to the result of\n  //    parsing location with response’s URL.\n  if (location !== null && isValidHeaderValue(location)) {\n    location = new URL(location, responseURL(response))\n  }\n\n  // 4. If location is a URL whose fragment is null, then set location’s\n  // fragment to requestFragment.\n  if (location && !location.hash) {\n    location.hash = requestFragment\n  }\n\n  // 5. Return location.\n  return location\n}\n\n/** @returns {URL} */\nfunction requestCurrentURL (request) {\n  return request.urlList[request.urlList.length - 1]\n}\n\nfunction requestBadPort (request) {\n  // 1. Let url be request’s current URL.\n  const url = requestCurrentURL(request)\n\n  // 2. If url’s scheme is an HTTP(S) scheme and url’s port is a bad port,\n  // then return blocked.\n  if (urlIsHttpHttpsScheme(url) && badPortsSet.has(url.port)) {\n    return 'blocked'\n  }\n\n  // 3. Return allowed.\n  return 'allowed'\n}\n\nfunction isErrorLike (object) {\n  return object instanceof Error || (\n    object?.constructor?.name === 'Error' ||\n    object?.constructor?.name === 'DOMException'\n  )\n}\n\n// Check whether |statusText| is a ByteString and\n// matches the Reason-Phrase token production.\n// RFC 2616: https://tools.ietf.org/html/rfc2616\n// RFC 7230: https://tools.ietf.org/html/rfc7230\n// \"reason-phrase = *( HTAB / SP / VCHAR / obs-text )\"\n// https://github.com/chromium/chromium/blob/94.0.4604.1/third_party/blink/renderer/core/fetch/response.cc#L116\nfunction isValidReasonPhrase (statusText) {\n  for (let i = 0; i < statusText.length; ++i) {\n    const c = statusText.charCodeAt(i)\n    if (\n      !(\n        (\n          c === 0x09 || // HTAB\n          (c >= 0x20 && c <= 0x7e) || // SP / VCHAR\n          (c >= 0x80 && c <= 0xff)\n        ) // obs-text\n      )\n    ) {\n      return false\n    }\n  }\n  return true\n}\n\n/**\n * @see https://tools.ietf.org/html/rfc7230#section-3.2.6\n * @param {number} c\n */\nfunction isTokenCharCode (c) {\n  switch (c) {\n    case 0x22:\n    case 0x28:\n    case 0x29:\n    case 0x2c:\n    case 0x2f:\n    case 0x3a:\n    case 0x3b:\n    case 0x3c:\n    case 0x3d:\n    case 0x3e:\n    case 0x3f:\n    case 0x40:\n    case 0x5b:\n    case 0x5c:\n    case 0x5d:\n    case 0x7b:\n    case 0x7d:\n      // DQUOTE and \"(),/:;<=>?@[\\]{}\"\n      return false\n    default:\n      // VCHAR %x21-7E\n      return c >= 0x21 && c <= 0x7e\n  }\n}\n\n/**\n * @param {string} characters\n */\nfunction isValidHTTPToken (characters) {\n  if (characters.length === 0) {\n    return false\n  }\n  for (let i = 0; i < characters.length; ++i) {\n    if (!isTokenCharCode(characters.charCodeAt(i))) {\n      return false\n    }\n  }\n  return true\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#header-name\n * @param {string} potentialValue\n */\nfunction isValidHeaderName (potentialValue) {\n  return isValidHTTPToken(potentialValue)\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#header-value\n * @param {string} potentialValue\n */\nfunction isValidHeaderValue (potentialValue) {\n  // - Has no leading or trailing HTTP tab or space bytes.\n  // - Contains no 0x00 (NUL) or HTTP newline bytes.\n  if (\n    potentialValue.startsWith('\\t') ||\n    potentialValue.startsWith(' ') ||\n    potentialValue.endsWith('\\t') ||\n    potentialValue.endsWith(' ')\n  ) {\n    return false\n  }\n\n  if (\n    potentialValue.includes('\\0') ||\n    potentialValue.includes('\\r') ||\n    potentialValue.includes('\\n')\n  ) {\n    return false\n  }\n\n  return true\n}\n\n// https://w3c.github.io/webappsec-referrer-policy/#set-requests-referrer-policy-on-redirect\nfunction setRequestReferrerPolicyOnRedirect (request, actualResponse) {\n  //  Given a request request and a response actualResponse, this algorithm\n  //  updates request’s referrer policy according to the Referrer-Policy\n  //  header (if any) in actualResponse.\n\n  // 1. Let policy be the result of executing § 8.1 Parse a referrer policy\n  // from a Referrer-Policy header on actualResponse.\n\n  // 8.1 Parse a referrer policy from a Referrer-Policy header\n  // 1. Let policy-tokens be the result of extracting header list values given `Referrer-Policy` and response’s header list.\n  const { headersList } = actualResponse\n  // 2. Let policy be the empty string.\n  // 3. For each token in policy-tokens, if token is a referrer policy and token is not the empty string, then set policy to token.\n  // 4. Return policy.\n  const policyHeader = (headersList.get('referrer-policy') ?? '').split(',')\n\n  // Note: As the referrer-policy can contain multiple policies\n  // separated by comma, we need to loop through all of them\n  // and pick the first valid one.\n  // Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#specify_a_fallback_policy\n  let policy = ''\n  if (policyHeader.length > 0) {\n    // The right-most policy takes precedence.\n    // The left-most policy is the fallback.\n    for (let i = policyHeader.length; i !== 0; i--) {\n      const token = policyHeader[i - 1].trim()\n      if (referrerPolicyTokens.has(token)) {\n        policy = token\n        break\n      }\n    }\n  }\n\n  // 2. If policy is not the empty string, then set request’s referrer policy to policy.\n  if (policy !== '') {\n    request.referrerPolicy = policy\n  }\n}\n\n// https://fetch.spec.whatwg.org/#cross-origin-resource-policy-check\nfunction crossOriginResourcePolicyCheck () {\n  // TODO\n  return 'allowed'\n}\n\n// https://fetch.spec.whatwg.org/#concept-cors-check\nfunction corsCheck () {\n  // TODO\n  return 'success'\n}\n\n// https://fetch.spec.whatwg.org/#concept-tao-check\nfunction TAOCheck () {\n  // TODO\n  return 'success'\n}\n\nfunction appendFetchMetadata (httpRequest) {\n  //  https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-dest-header\n  //  TODO\n\n  //  https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-mode-header\n\n  //  1. Assert: r’s url is a potentially trustworthy URL.\n  //  TODO\n\n  //  2. Let header be a Structured Header whose value is a token.\n  let header = null\n\n  //  3. Set header’s value to r’s mode.\n  header = httpRequest.mode\n\n  //  4. Set a structured field value `Sec-Fetch-Mode`/header in r’s header list.\n  httpRequest.headersList.set('sec-fetch-mode', header)\n\n  //  https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-site-header\n  //  TODO\n\n  //  https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-user-header\n  //  TODO\n}\n\n// https://fetch.spec.whatwg.org/#append-a-request-origin-header\nfunction appendRequestOriginHeader (request) {\n  // 1. Let serializedOrigin be the result of byte-serializing a request origin with request.\n  let serializedOrigin = request.origin\n\n  // 2. If request’s response tainting is \"cors\" or request’s mode is \"websocket\", then append (`Origin`, serializedOrigin) to request’s header list.\n  if (request.responseTainting === 'cors' || request.mode === 'websocket') {\n    if (serializedOrigin) {\n      request.headersList.append('origin', serializedOrigin)\n    }\n\n  // 3. Otherwise, if request’s method is neither `GET` nor `HEAD`, then:\n  } else if (request.method !== 'GET' && request.method !== 'HEAD') {\n    // 1. Switch on request’s referrer policy:\n    switch (request.referrerPolicy) {\n      case 'no-referrer':\n        // Set serializedOrigin to `null`.\n        serializedOrigin = null\n        break\n      case 'no-referrer-when-downgrade':\n      case 'strict-origin':\n      case 'strict-origin-when-cross-origin':\n        // If request’s origin is a tuple origin, its scheme is \"https\", and request’s current URL’s scheme is not \"https\", then set serializedOrigin to `null`.\n        if (request.origin && urlHasHttpsScheme(request.origin) && !urlHasHttpsScheme(requestCurrentURL(request))) {\n          serializedOrigin = null\n        }\n        break\n      case 'same-origin':\n        // If request’s origin is not same origin with request’s current URL’s origin, then set serializedOrigin to `null`.\n        if (!sameOrigin(request, requestCurrentURL(request))) {\n          serializedOrigin = null\n        }\n        break\n      default:\n        // Do nothing.\n    }\n\n    if (serializedOrigin) {\n      // 2. Append (`Origin`, serializedOrigin) to request’s header list.\n      request.headersList.append('origin', serializedOrigin)\n    }\n  }\n}\n\nfunction coarsenedSharedCurrentTime (crossOriginIsolatedCapability) {\n  // TODO\n  return performance.now()\n}\n\n// https://fetch.spec.whatwg.org/#create-an-opaque-timing-info\nfunction createOpaqueTimingInfo (timingInfo) {\n  return {\n    startTime: timingInfo.startTime ?? 0,\n    redirectStartTime: 0,\n    redirectEndTime: 0,\n    postRedirectStartTime: timingInfo.startTime ?? 0,\n    finalServiceWorkerStartTime: 0,\n    finalNetworkResponseStartTime: 0,\n    finalNetworkRequestStartTime: 0,\n    endTime: 0,\n    encodedBodySize: 0,\n    decodedBodySize: 0,\n    finalConnectionTimingInfo: null\n  }\n}\n\n// https://html.spec.whatwg.org/multipage/origin.html#policy-container\nfunction makePolicyContainer () {\n  // Note: the fetch spec doesn't make use of embedder policy or CSP list\n  return {\n    referrerPolicy: 'strict-origin-when-cross-origin'\n  }\n}\n\n// https://html.spec.whatwg.org/multipage/origin.html#clone-a-policy-container\nfunction clonePolicyContainer (policyContainer) {\n  return {\n    referrerPolicy: policyContainer.referrerPolicy\n  }\n}\n\n// https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer\nfunction determineRequestsReferrer (request) {\n  // 1. Let policy be request's referrer policy.\n  const policy = request.referrerPolicy\n\n  // Note: policy cannot (shouldn't) be null or an empty string.\n  assert(policy)\n\n  // 2. Let environment be request’s client.\n\n  let referrerSource = null\n\n  // 3. Switch on request’s referrer:\n  if (request.referrer === 'client') {\n    // Note: node isn't a browser and doesn't implement document/iframes,\n    // so we bypass this step and replace it with our own.\n\n    const globalOrigin = getGlobalOrigin()\n\n    if (!globalOrigin || globalOrigin.origin === 'null') {\n      return 'no-referrer'\n    }\n\n    // note: we need to clone it as it's mutated\n    referrerSource = new URL(globalOrigin)\n  } else if (request.referrer instanceof URL) {\n    // Let referrerSource be request’s referrer.\n    referrerSource = request.referrer\n  }\n\n  // 4. Let request’s referrerURL be the result of stripping referrerSource for\n  //    use as a referrer.\n  let referrerURL = stripURLForReferrer(referrerSource)\n\n  // 5. Let referrerOrigin be the result of stripping referrerSource for use as\n  //    a referrer, with the origin-only flag set to true.\n  const referrerOrigin = stripURLForReferrer(referrerSource, true)\n\n  // 6. If the result of serializing referrerURL is a string whose length is\n  //    greater than 4096, set referrerURL to referrerOrigin.\n  if (referrerURL.toString().length > 4096) {\n    referrerURL = referrerOrigin\n  }\n\n  const areSameOrigin = sameOrigin(request, referrerURL)\n  const isNonPotentiallyTrustWorthy = isURLPotentiallyTrustworthy(referrerURL) &&\n    !isURLPotentiallyTrustworthy(request.url)\n\n  // 8. Execute the switch statements corresponding to the value of policy:\n  switch (policy) {\n    case 'origin': return referrerOrigin != null ? referrerOrigin : stripURLForReferrer(referrerSource, true)\n    case 'unsafe-url': return referrerURL\n    case 'same-origin':\n      return areSameOrigin ? referrerOrigin : 'no-referrer'\n    case 'origin-when-cross-origin':\n      return areSameOrigin ? referrerURL : referrerOrigin\n    case 'strict-origin-when-cross-origin': {\n      const currentURL = requestCurrentURL(request)\n\n      // 1. If the origin of referrerURL and the origin of request’s current\n      //    URL are the same, then return referrerURL.\n      if (sameOrigin(referrerURL, currentURL)) {\n        return referrerURL\n      }\n\n      // 2. If referrerURL is a potentially trustworthy URL and request’s\n      //    current URL is not a potentially trustworthy URL, then return no\n      //    referrer.\n      if (isURLPotentiallyTrustworthy(referrerURL) && !isURLPotentiallyTrustworthy(currentURL)) {\n        return 'no-referrer'\n      }\n\n      // 3. Return referrerOrigin.\n      return referrerOrigin\n    }\n    case 'strict-origin': // eslint-disable-line\n      /**\n         * 1. If referrerURL is a potentially trustworthy URL and\n         * request’s current URL is not a potentially trustworthy URL,\n         * then return no referrer.\n         * 2. Return referrerOrigin\n        */\n    case 'no-referrer-when-downgrade': // eslint-disable-line\n      /**\n       * 1. If referrerURL is a potentially trustworthy URL and\n       * request’s current URL is not a potentially trustworthy URL,\n       * then return no referrer.\n       * 2. Return referrerOrigin\n      */\n\n    default: // eslint-disable-line\n      return isNonPotentiallyTrustWorthy ? 'no-referrer' : referrerOrigin\n  }\n}\n\n/**\n * @see https://w3c.github.io/webappsec-referrer-policy/#strip-url\n * @param {URL} url\n * @param {boolean|undefined} originOnly\n */\nfunction stripURLForReferrer (url, originOnly) {\n  // 1. Assert: url is a URL.\n  assert(url instanceof URL)\n\n  // 2. If url’s scheme is a local scheme, then return no referrer.\n  if (url.protocol === 'file:' || url.protocol === 'about:' || url.protocol === 'blank:') {\n    return 'no-referrer'\n  }\n\n  // 3. Set url’s username to the empty string.\n  url.username = ''\n\n  // 4. Set url’s password to the empty string.\n  url.password = ''\n\n  // 5. Set url’s fragment to null.\n  url.hash = ''\n\n  // 6. If the origin-only flag is true, then:\n  if (originOnly) {\n    // 1. Set url’s path to « the empty string ».\n    url.pathname = ''\n\n    // 2. Set url’s query to null.\n    url.search = ''\n  }\n\n  // 7. Return url.\n  return url\n}\n\nfunction isURLPotentiallyTrustworthy (url) {\n  if (!(url instanceof URL)) {\n    return false\n  }\n\n  // If child of about, return true\n  if (url.href === 'about:blank' || url.href === 'about:srcdoc') {\n    return true\n  }\n\n  // If scheme is data, return true\n  if (url.protocol === 'data:') return true\n\n  // If file, return true\n  if (url.protocol === 'file:') return true\n\n  return isOriginPotentiallyTrustworthy(url.origin)\n\n  function isOriginPotentiallyTrustworthy (origin) {\n    // If origin is explicitly null, return false\n    if (origin == null || origin === 'null') return false\n\n    const originAsURL = new URL(origin)\n\n    // If secure, return true\n    if (originAsURL.protocol === 'https:' || originAsURL.protocol === 'wss:') {\n      return true\n    }\n\n    // If localhost or variants, return true\n    if (/^127(?:\\.[0-9]+){0,2}\\.[0-9]+$|^\\[(?:0*:)*?:?0*1\\]$/.test(originAsURL.hostname) ||\n     (originAsURL.hostname === 'localhost' || originAsURL.hostname.includes('localhost.')) ||\n     (originAsURL.hostname.endsWith('.localhost'))) {\n      return true\n    }\n\n    // If any other, return false\n    return false\n  }\n}\n\n/**\n * @see https://w3c.github.io/webappsec-subresource-integrity/#does-response-match-metadatalist\n * @param {Uint8Array} bytes\n * @param {string} metadataList\n */\nfunction bytesMatch (bytes, metadataList) {\n  // If node is not built with OpenSSL support, we cannot check\n  // a request's integrity, so allow it by default (the spec will\n  // allow requests if an invalid hash is given, as precedence).\n  /* istanbul ignore if: only if node is built with --without-ssl */\n  if (crypto === undefined) {\n    return true\n  }\n\n  // 1. Let parsedMetadata be the result of parsing metadataList.\n  const parsedMetadata = parseMetadata(metadataList)\n\n  // 2. If parsedMetadata is no metadata, return true.\n  if (parsedMetadata === 'no metadata') {\n    return true\n  }\n\n  // 3. If response is not eligible for integrity validation, return false.\n  // TODO\n\n  // 4. If parsedMetadata is the empty set, return true.\n  if (parsedMetadata.length === 0) {\n    return true\n  }\n\n  // 5. Let metadata be the result of getting the strongest\n  //    metadata from parsedMetadata.\n  const strongest = getStrongestMetadata(parsedMetadata)\n  const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest)\n\n  // 6. For each item in metadata:\n  for (const item of metadata) {\n    // 1. Let algorithm be the alg component of item.\n    const algorithm = item.algo\n\n    // 2. Let expectedValue be the val component of item.\n    const expectedValue = item.hash\n\n    // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e\n    // \"be liberal with padding\". This is annoying, and it's not even in the spec.\n\n    // 3. Let actualValue be the result of applying algorithm to bytes.\n    let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')\n\n    if (actualValue[actualValue.length - 1] === '=') {\n      if (actualValue[actualValue.length - 2] === '=') {\n        actualValue = actualValue.slice(0, -2)\n      } else {\n        actualValue = actualValue.slice(0, -1)\n      }\n    }\n\n    // 4. If actualValue is a case-sensitive match for expectedValue,\n    //    return true.\n    if (compareBase64Mixed(actualValue, expectedValue)) {\n      return true\n    }\n  }\n\n  // 7. Return false.\n  return false\n}\n\n// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options\n// https://www.w3.org/TR/CSP2/#source-list-syntax\n// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1\nconst parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\\s|$)( +[!-~]*)?)?/i\n\n/**\n * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata\n * @param {string} metadata\n */\nfunction parseMetadata (metadata) {\n  // 1. Let result be the empty set.\n  /** @type {{ algo: string, hash: string }[]} */\n  const result = []\n\n  // 2. Let empty be equal to true.\n  let empty = true\n\n  // 3. For each token returned by splitting metadata on spaces:\n  for (const token of metadata.split(' ')) {\n    // 1. Set empty to false.\n    empty = false\n\n    // 2. Parse token as a hash-with-options.\n    const parsedToken = parseHashWithOptions.exec(token)\n\n    // 3. If token does not parse, continue to the next token.\n    if (\n      parsedToken === null ||\n      parsedToken.groups === undefined ||\n      parsedToken.groups.algo === undefined\n    ) {\n      // Note: Chromium blocks the request at this point, but Firefox\n      // gives a warning that an invalid integrity was given. The\n      // correct behavior is to ignore these, and subsequently not\n      // check the integrity of the resource.\n      continue\n    }\n\n    // 4. Let algorithm be the hash-algo component of token.\n    const algorithm = parsedToken.groups.algo.toLowerCase()\n\n    // 5. If algorithm is a hash function recognized by the user\n    //    agent, add the parsed token to result.\n    if (supportedHashes.includes(algorithm)) {\n      result.push(parsedToken.groups)\n    }\n  }\n\n  // 4. Return no metadata if empty is true, otherwise return result.\n  if (empty === true) {\n    return 'no metadata'\n  }\n\n  return result\n}\n\n/**\n * @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList\n */\nfunction getStrongestMetadata (metadataList) {\n  // Let algorithm be the algo component of the first item in metadataList.\n  // Can be sha256\n  let algorithm = metadataList[0].algo\n  // If the algorithm is sha512, then it is the strongest\n  // and we can return immediately\n  if (algorithm[3] === '5') {\n    return algorithm\n  }\n\n  for (let i = 1; i < metadataList.length; ++i) {\n    const metadata = metadataList[i]\n    // If the algorithm is sha512, then it is the strongest\n    // and we can break the loop immediately\n    if (metadata.algo[3] === '5') {\n      algorithm = 'sha512'\n      break\n    // If the algorithm is sha384, then a potential sha256 or sha384 is ignored\n    } else if (algorithm[3] === '3') {\n      continue\n    // algorithm is sha256, check if algorithm is sha384 and if so, set it as\n    // the strongest\n    } else if (metadata.algo[3] === '3') {\n      algorithm = 'sha384'\n    }\n  }\n  return algorithm\n}\n\nfunction filterMetadataListByAlgorithm (metadataList, algorithm) {\n  if (metadataList.length === 1) {\n    return metadataList\n  }\n\n  let pos = 0\n  for (let i = 0; i < metadataList.length; ++i) {\n    if (metadataList[i].algo === algorithm) {\n      metadataList[pos++] = metadataList[i]\n    }\n  }\n\n  metadataList.length = pos\n\n  return metadataList\n}\n\n/**\n * Compares two base64 strings, allowing for base64url\n * in the second string.\n *\n* @param {string} actualValue always base64\n * @param {string} expectedValue base64 or base64url\n * @returns {boolean}\n */\nfunction compareBase64Mixed (actualValue, expectedValue) {\n  if (actualValue.length !== expectedValue.length) {\n    return false\n  }\n  for (let i = 0; i < actualValue.length; ++i) {\n    if (actualValue[i] !== expectedValue[i]) {\n      if (\n        (actualValue[i] === '+' && expectedValue[i] === '-') ||\n        (actualValue[i] === '/' && expectedValue[i] === '_')\n      ) {\n        continue\n      }\n      return false\n    }\n  }\n\n  return true\n}\n\n// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request\nfunction tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {\n  // TODO\n}\n\n/**\n * @link {https://html.spec.whatwg.org/multipage/origin.html#same-origin}\n * @param {URL} A\n * @param {URL} B\n */\nfunction sameOrigin (A, B) {\n  // 1. If A and B are the same opaque origin, then return true.\n  if (A.origin === B.origin && A.origin === 'null') {\n    return true\n  }\n\n  // 2. If A and B are both tuple origins and their schemes,\n  //    hosts, and port are identical, then return true.\n  if (A.protocol === B.protocol && A.hostname === B.hostname && A.port === B.port) {\n    return true\n  }\n\n  // 3. Return false.\n  return false\n}\n\nfunction createDeferredPromise () {\n  let res\n  let rej\n  const promise = new Promise((resolve, reject) => {\n    res = resolve\n    rej = reject\n  })\n\n  return { promise, resolve: res, reject: rej }\n}\n\nfunction isAborted (fetchParams) {\n  return fetchParams.controller.state === 'aborted'\n}\n\nfunction isCancelled (fetchParams) {\n  return fetchParams.controller.state === 'aborted' ||\n    fetchParams.controller.state === 'terminated'\n}\n\nconst normalizeMethodRecord = {\n  delete: 'DELETE',\n  DELETE: 'DELETE',\n  get: 'GET',\n  GET: 'GET',\n  head: 'HEAD',\n  HEAD: 'HEAD',\n  options: 'OPTIONS',\n  OPTIONS: 'OPTIONS',\n  post: 'POST',\n  POST: 'POST',\n  put: 'PUT',\n  PUT: 'PUT'\n}\n\n// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.\nObject.setPrototypeOf(normalizeMethodRecord, null)\n\n/**\n * @see https://fetch.spec.whatwg.org/#concept-method-normalize\n * @param {string} method\n */\nfunction normalizeMethod (method) {\n  return normalizeMethodRecord[method.toLowerCase()] ?? method\n}\n\n// https://infra.spec.whatwg.org/#serialize-a-javascript-value-to-a-json-string\nfunction serializeJavascriptValueToJSONString (value) {\n  // 1. Let result be ? Call(%JSON.stringify%, undefined, « value »).\n  const result = JSON.stringify(value)\n\n  // 2. If result is undefined, then throw a TypeError.\n  if (result === undefined) {\n    throw new TypeError('Value is not JSON serializable')\n  }\n\n  // 3. Assert: result is a string.\n  assert(typeof result === 'string')\n\n  // 4. Return result.\n  return result\n}\n\n// https://tc39.es/ecma262/#sec-%25iteratorprototype%25-object\nconst esIteratorPrototype = Object.getPrototypeOf(Object.getPrototypeOf([][Symbol.iterator]()))\n\n/**\n * @see https://webidl.spec.whatwg.org/#dfn-iterator-prototype-object\n * @param {() => unknown[]} iterator\n * @param {string} name name of the instance\n * @param {'key'|'value'|'key+value'} kind\n */\nfunction makeIterator (iterator, name, kind) {\n  const object = {\n    index: 0,\n    kind,\n    target: iterator\n  }\n\n  const i = {\n    next () {\n      // 1. Let interface be the interface for which the iterator prototype object exists.\n\n      // 2. Let thisValue be the this value.\n\n      // 3. Let object be ? ToObject(thisValue).\n\n      // 4. If object is a platform object, then perform a security\n      //    check, passing:\n\n      // 5. If object is not a default iterator object for interface,\n      //    then throw a TypeError.\n      if (Object.getPrototypeOf(this) !== i) {\n        throw new TypeError(\n          `'next' called on an object that does not implement interface ${name} Iterator.`\n        )\n      }\n\n      // 6. Let index be object’s index.\n      // 7. Let kind be object’s kind.\n      // 8. Let values be object’s target's value pairs to iterate over.\n      const { index, kind, target } = object\n      const values = target()\n\n      // 9. Let len be the length of values.\n      const len = values.length\n\n      // 10. If index is greater than or equal to len, then return\n      //     CreateIterResultObject(undefined, true).\n      if (index >= len) {\n        return { value: undefined, done: true }\n      }\n\n      // 11. Let pair be the entry in values at index index.\n      const pair = values[index]\n\n      // 12. Set object’s index to index + 1.\n      object.index = index + 1\n\n      // 13. Return the iterator result for pair and kind.\n      return iteratorResult(pair, kind)\n    },\n    // The class string of an iterator prototype object for a given interface is the\n    // result of concatenating the identifier of the interface and the string \" Iterator\".\n    [Symbol.toStringTag]: `${name} Iterator`\n  }\n\n  // The [[Prototype]] internal slot of an iterator prototype object must be %IteratorPrototype%.\n  Object.setPrototypeOf(i, esIteratorPrototype)\n  // esIteratorPrototype needs to be the prototype of i\n  // which is the prototype of an empty object. Yes, it's confusing.\n  return Object.setPrototypeOf({}, i)\n}\n\n// https://webidl.spec.whatwg.org/#iterator-result\nfunction iteratorResult (pair, kind) {\n  let result\n\n  // 1. Let result be a value determined by the value of kind:\n  switch (kind) {\n    case 'key': {\n      // 1. Let idlKey be pair’s key.\n      // 2. Let key be the result of converting idlKey to an\n      //    ECMAScript value.\n      // 3. result is key.\n      result = pair[0]\n      break\n    }\n    case 'value': {\n      // 1. Let idlValue be pair’s value.\n      // 2. Let value be the result of converting idlValue to\n      //    an ECMAScript value.\n      // 3. result is value.\n      result = pair[1]\n      break\n    }\n    case 'key+value': {\n      // 1. Let idlKey be pair’s key.\n      // 2. Let idlValue be pair’s value.\n      // 3. Let key be the result of converting idlKey to an\n      //    ECMAScript value.\n      // 4. Let value be the result of converting idlValue to\n      //    an ECMAScript value.\n      // 5. Let array be ! ArrayCreate(2).\n      // 6. Call ! CreateDataProperty(array, \"0\", key).\n      // 7. Call ! CreateDataProperty(array, \"1\", value).\n      // 8. result is array.\n      result = pair\n      break\n    }\n  }\n\n  // 2. Return CreateIterResultObject(result, false).\n  return { value: result, done: false }\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#body-fully-read\n */\nasync function fullyReadBody (body, processBody, processBodyError) {\n  // 1. If taskDestination is null, then set taskDestination to\n  //    the result of starting a new parallel queue.\n\n  // 2. Let successSteps given a byte sequence bytes be to queue a\n  //    fetch task to run processBody given bytes, with taskDestination.\n  const successSteps = processBody\n\n  // 3. Let errorSteps be to queue a fetch task to run processBodyError,\n  //    with taskDestination.\n  const errorSteps = processBodyError\n\n  // 4. Let reader be the result of getting a reader for body’s stream.\n  //    If that threw an exception, then run errorSteps with that\n  //    exception and return.\n  let reader\n\n  try {\n    reader = body.stream.getReader()\n  } catch (e) {\n    errorSteps(e)\n    return\n  }\n\n  // 5. Read all bytes from reader, given successSteps and errorSteps.\n  try {\n    const result = await readAllBytes(reader)\n    successSteps(result)\n  } catch (e) {\n    errorSteps(e)\n  }\n}\n\n/** @type {ReadableStream} */\nlet ReadableStream = globalThis.ReadableStream\n\nfunction isReadableStreamLike (stream) {\n  if (!ReadableStream) {\n    ReadableStream = require('stream/web').ReadableStream\n  }\n\n  return stream instanceof ReadableStream || (\n    stream[Symbol.toStringTag] === 'ReadableStream' &&\n    typeof stream.tee === 'function'\n  )\n}\n\nconst MAXIMUM_ARGUMENT_LENGTH = 65535\n\n/**\n * @see https://infra.spec.whatwg.org/#isomorphic-decode\n * @param {number[]|Uint8Array} input\n */\nfunction isomorphicDecode (input) {\n  // 1. To isomorphic decode a byte sequence input, return a string whose code point\n  //    length is equal to input’s length and whose code points have the same values\n  //    as the values of input’s bytes, in the same order.\n\n  if (input.length < MAXIMUM_ARGUMENT_LENGTH) {\n    return String.fromCharCode(...input)\n  }\n\n  return input.reduce((previous, current) => previous + String.fromCharCode(current), '')\n}\n\n/**\n * @param {ReadableStreamController<Uint8Array>} controller\n */\nfunction readableStreamClose (controller) {\n  try {\n    controller.close()\n  } catch (err) {\n    // TODO: add comment explaining why this error occurs.\n    if (!err.message.includes('Controller is already closed')) {\n      throw err\n    }\n  }\n}\n\n/**\n * @see https://infra.spec.whatwg.org/#isomorphic-encode\n * @param {string} input\n */\nfunction isomorphicEncode (input) {\n  // 1. Assert: input contains no code points greater than U+00FF.\n  for (let i = 0; i < input.length; i++) {\n    assert(input.charCodeAt(i) <= 0xFF)\n  }\n\n  // 2. Return a byte sequence whose length is equal to input’s code\n  //    point length and whose bytes have the same values as the\n  //    values of input’s code points, in the same order\n  return input\n}\n\n/**\n * @see https://streams.spec.whatwg.org/#readablestreamdefaultreader-read-all-bytes\n * @see https://streams.spec.whatwg.org/#read-loop\n * @param {ReadableStreamDefaultReader} reader\n */\nasync function readAllBytes (reader) {\n  const bytes = []\n  let byteLength = 0\n\n  while (true) {\n    const { done, value: chunk } = await reader.read()\n\n    if (done) {\n      // 1. Call successSteps with bytes.\n      return Buffer.concat(bytes, byteLength)\n    }\n\n    // 1. If chunk is not a Uint8Array object, call failureSteps\n    //    with a TypeError and abort these steps.\n    if (!isUint8Array(chunk)) {\n      throw new TypeError('Received non-Uint8Array chunk')\n    }\n\n    // 2. Append the bytes represented by chunk to bytes.\n    bytes.push(chunk)\n    byteLength += chunk.length\n\n    // 3. Read-loop given reader, bytes, successSteps, and failureSteps.\n  }\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#is-local\n * @param {URL} url\n */\nfunction urlIsLocal (url) {\n  assert('protocol' in url) // ensure it's a url object\n\n  const protocol = url.protocol\n\n  return protocol === 'about:' || protocol === 'blob:' || protocol === 'data:'\n}\n\n/**\n * @param {string|URL} url\n */\nfunction urlHasHttpsScheme (url) {\n  if (typeof url === 'string') {\n    return url.startsWith('https:')\n  }\n\n  return url.protocol === 'https:'\n}\n\n/**\n * @see https://fetch.spec.whatwg.org/#http-scheme\n * @param {URL} url\n */\nfunction urlIsHttpHttpsScheme (url) {\n  assert('protocol' in url) // ensure it's a url object\n\n  const protocol = url.protocol\n\n  return protocol === 'http:' || protocol === 'https:'\n}\n\n/**\n * Fetch supports node >= 16.8.0, but Object.hasOwn was added in v16.9.0.\n */\nconst hasOwn = Object.hasOwn || ((dict, key) => Object.prototype.hasOwnProperty.call(dict, key))\n\nmodule.exports = {\n  isAborted,\n  isCancelled,\n  createDeferredPromise,\n  ReadableStreamFrom,\n  toUSVString,\n  tryUpgradeRequestToAPotentiallyTrustworthyURL,\n  coarsenedSharedCurrentTime,\n  determineRequestsReferrer,\n  makePolicyContainer,\n  clonePolicyContainer,\n  appendFetchMetadata,\n  appendRequestOriginHeader,\n  TAOCheck,\n  corsCheck,\n  crossOriginResourcePolicyCheck,\n  createOpaqueTimingInfo,\n  setRequestReferrerPolicyOnRedirect,\n  isValidHTTPToken,\n  requestBadPort,\n  requestCurrentURL,\n  responseURL,\n  responseLocationURL,\n  isBlobLike,\n  isURLPotentiallyTrustworthy,\n  isValidReasonPhrase,\n  sameOrigin,\n  normalizeMethod,\n  serializeJavascriptValueToJSONString,\n  makeIterator,\n  isValidHeaderName,\n  isValidHeaderValue,\n  hasOwn,\n  isErrorLike,\n  fullyReadBody,\n  bytesMatch,\n  isReadableStreamLike,\n  readableStreamClose,\n  isomorphicEncode,\n  isomorphicDecode,\n  urlIsLocal,\n  urlHasHttpsScheme,\n  urlIsHttpHttpsScheme,\n  readAllBytes,\n  normalizeMethodRecord,\n  parseMetadata\n}\n","'use strict'\n\nconst { types } = require('util')\nconst { hasOwn, toUSVString } = require('./util')\n\n/** @type {import('../../types/webidl').Webidl} */\nconst webidl = {}\nwebidl.converters = {}\nwebidl.util = {}\nwebidl.errors = {}\n\nwebidl.errors.exception = function (message) {\n  return new TypeError(`${message.header}: ${message.message}`)\n}\n\nwebidl.errors.conversionFailed = function (context) {\n  const plural = context.types.length === 1 ? '' : ' one of'\n  const message =\n    `${context.argument} could not be converted to` +\n    `${plural}: ${context.types.join(', ')}.`\n\n  return webidl.errors.exception({\n    header: context.prefix,\n    message\n  })\n}\n\nwebidl.errors.invalidArgument = function (context) {\n  return webidl.errors.exception({\n    header: context.prefix,\n    message: `\"${context.value}\" is an invalid ${context.type}.`\n  })\n}\n\n// https://webidl.spec.whatwg.org/#implements\nwebidl.brandCheck = function (V, I, opts = undefined) {\n  if (opts?.strict !== false && !(V instanceof I)) {\n    throw new TypeError('Illegal invocation')\n  } else {\n    return V?.[Symbol.toStringTag] === I.prototype[Symbol.toStringTag]\n  }\n}\n\nwebidl.argumentLengthCheck = function ({ length }, min, ctx) {\n  if (length < min) {\n    throw webidl.errors.exception({\n      message: `${min} argument${min !== 1 ? 's' : ''} required, ` +\n               `but${length ? ' only' : ''} ${length} found.`,\n      ...ctx\n    })\n  }\n}\n\nwebidl.illegalConstructor = function () {\n  throw webidl.errors.exception({\n    header: 'TypeError',\n    message: 'Illegal constructor'\n  })\n}\n\n// https://tc39.es/ecma262/#sec-ecmascript-data-types-and-values\nwebidl.util.Type = function (V) {\n  switch (typeof V) {\n    case 'undefined': return 'Undefined'\n    case 'boolean': return 'Boolean'\n    case 'string': return 'String'\n    case 'symbol': return 'Symbol'\n    case 'number': return 'Number'\n    case 'bigint': return 'BigInt'\n    case 'function':\n    case 'object': {\n      if (V === null) {\n        return 'Null'\n      }\n\n      return 'Object'\n    }\n  }\n}\n\n// https://webidl.spec.whatwg.org/#abstract-opdef-converttoint\nwebidl.util.ConvertToInt = function (V, bitLength, signedness, opts = {}) {\n  let upperBound\n  let lowerBound\n\n  // 1. If bitLength is 64, then:\n  if (bitLength === 64) {\n    // 1. Let upperBound be 2^53 − 1.\n    upperBound = Math.pow(2, 53) - 1\n\n    // 2. If signedness is \"unsigned\", then let lowerBound be 0.\n    if (signedness === 'unsigned') {\n      lowerBound = 0\n    } else {\n      // 3. Otherwise let lowerBound be −2^53 + 1.\n      lowerBound = Math.pow(-2, 53) + 1\n    }\n  } else if (signedness === 'unsigned') {\n    // 2. Otherwise, if signedness is \"unsigned\", then:\n\n    // 1. Let lowerBound be 0.\n    lowerBound = 0\n\n    // 2. Let upperBound be 2^bitLength − 1.\n    upperBound = Math.pow(2, bitLength) - 1\n  } else {\n    // 3. Otherwise:\n\n    // 1. Let lowerBound be -2^bitLength − 1.\n    lowerBound = Math.pow(-2, bitLength) - 1\n\n    // 2. Let upperBound be 2^bitLength − 1 − 1.\n    upperBound = Math.pow(2, bitLength - 1) - 1\n  }\n\n  // 4. Let x be ? ToNumber(V).\n  let x = Number(V)\n\n  // 5. If x is −0, then set x to +0.\n  if (x === 0) {\n    x = 0\n  }\n\n  // 6. If the conversion is to an IDL type associated\n  //    with the [EnforceRange] extended attribute, then:\n  if (opts.enforceRange === true) {\n    // 1. If x is NaN, +∞, or −∞, then throw a TypeError.\n    if (\n      Number.isNaN(x) ||\n      x === Number.POSITIVE_INFINITY ||\n      x === Number.NEGATIVE_INFINITY\n    ) {\n      throw webidl.errors.exception({\n        header: 'Integer conversion',\n        message: `Could not convert ${V} to an integer.`\n      })\n    }\n\n    // 2. Set x to IntegerPart(x).\n    x = webidl.util.IntegerPart(x)\n\n    // 3. If x < lowerBound or x > upperBound, then\n    //    throw a TypeError.\n    if (x < lowerBound || x > upperBound) {\n      throw webidl.errors.exception({\n        header: 'Integer conversion',\n        message: `Value must be between ${lowerBound}-${upperBound}, got ${x}.`\n      })\n    }\n\n    // 4. Return x.\n    return x\n  }\n\n  // 7. If x is not NaN and the conversion is to an IDL\n  //    type associated with the [Clamp] extended\n  //    attribute, then:\n  if (!Number.isNaN(x) && opts.clamp === true) {\n    // 1. Set x to min(max(x, lowerBound), upperBound).\n    x = Math.min(Math.max(x, lowerBound), upperBound)\n\n    // 2. Round x to the nearest integer, choosing the\n    //    even integer if it lies halfway between two,\n    //    and choosing +0 rather than −0.\n    if (Math.floor(x) % 2 === 0) {\n      x = Math.floor(x)\n    } else {\n      x = Math.ceil(x)\n    }\n\n    // 3. Return x.\n    return x\n  }\n\n  // 8. If x is NaN, +0, +∞, or −∞, then return +0.\n  if (\n    Number.isNaN(x) ||\n    (x === 0 && Object.is(0, x)) ||\n    x === Number.POSITIVE_INFINITY ||\n    x === Number.NEGATIVE_INFINITY\n  ) {\n    return 0\n  }\n\n  // 9. Set x to IntegerPart(x).\n  x = webidl.util.IntegerPart(x)\n\n  // 10. Set x to x modulo 2^bitLength.\n  x = x % Math.pow(2, bitLength)\n\n  // 11. If signedness is \"signed\" and x ≥ 2^bitLength − 1,\n  //    then return x − 2^bitLength.\n  if (signedness === 'signed' && x >= Math.pow(2, bitLength) - 1) {\n    return x - Math.pow(2, bitLength)\n  }\n\n  // 12. Otherwise, return x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#abstract-opdef-integerpart\nwebidl.util.IntegerPart = function (n) {\n  // 1. Let r be floor(abs(n)).\n  const r = Math.floor(Math.abs(n))\n\n  // 2. If n < 0, then return -1 × r.\n  if (n < 0) {\n    return -1 * r\n  }\n\n  // 3. Otherwise, return r.\n  return r\n}\n\n// https://webidl.spec.whatwg.org/#es-sequence\nwebidl.sequenceConverter = function (converter) {\n  return (V) => {\n    // 1. If Type(V) is not Object, throw a TypeError.\n    if (webidl.util.Type(V) !== 'Object') {\n      throw webidl.errors.exception({\n        header: 'Sequence',\n        message: `Value of type ${webidl.util.Type(V)} is not an Object.`\n      })\n    }\n\n    // 2. Let method be ? GetMethod(V, @@iterator).\n    /** @type {Generator} */\n    const method = V?.[Symbol.iterator]?.()\n    const seq = []\n\n    // 3. If method is undefined, throw a TypeError.\n    if (\n      method === undefined ||\n      typeof method.next !== 'function'\n    ) {\n      throw webidl.errors.exception({\n        header: 'Sequence',\n        message: 'Object is not an iterator.'\n      })\n    }\n\n    // https://webidl.spec.whatwg.org/#create-sequence-from-iterable\n    while (true) {\n      const { done, value } = method.next()\n\n      if (done) {\n        break\n      }\n\n      seq.push(converter(value))\n    }\n\n    return seq\n  }\n}\n\n// https://webidl.spec.whatwg.org/#es-to-record\nwebidl.recordConverter = function (keyConverter, valueConverter) {\n  return (O) => {\n    // 1. If Type(O) is not Object, throw a TypeError.\n    if (webidl.util.Type(O) !== 'Object') {\n      throw webidl.errors.exception({\n        header: 'Record',\n        message: `Value of type ${webidl.util.Type(O)} is not an Object.`\n      })\n    }\n\n    // 2. Let result be a new empty instance of record<K, V>.\n    const result = {}\n\n    if (!types.isProxy(O)) {\n      // Object.keys only returns enumerable properties\n      const keys = Object.keys(O)\n\n      for (const key of keys) {\n        // 1. Let typedKey be key converted to an IDL value of type K.\n        const typedKey = keyConverter(key)\n\n        // 2. Let value be ? Get(O, key).\n        // 3. Let typedValue be value converted to an IDL value of type V.\n        const typedValue = valueConverter(O[key])\n\n        // 4. Set result[typedKey] to typedValue.\n        result[typedKey] = typedValue\n      }\n\n      // 5. Return result.\n      return result\n    }\n\n    // 3. Let keys be ? O.[[OwnPropertyKeys]]().\n    const keys = Reflect.ownKeys(O)\n\n    // 4. For each key of keys.\n    for (const key of keys) {\n      // 1. Let desc be ? O.[[GetOwnProperty]](key).\n      const desc = Reflect.getOwnPropertyDescriptor(O, key)\n\n      // 2. If desc is not undefined and desc.[[Enumerable]] is true:\n      if (desc?.enumerable) {\n        // 1. Let typedKey be key converted to an IDL value of type K.\n        const typedKey = keyConverter(key)\n\n        // 2. Let value be ? Get(O, key).\n        // 3. Let typedValue be value converted to an IDL value of type V.\n        const typedValue = valueConverter(O[key])\n\n        // 4. Set result[typedKey] to typedValue.\n        result[typedKey] = typedValue\n      }\n    }\n\n    // 5. Return result.\n    return result\n  }\n}\n\nwebidl.interfaceConverter = function (i) {\n  return (V, opts = {}) => {\n    if (opts.strict !== false && !(V instanceof i)) {\n      throw webidl.errors.exception({\n        header: i.name,\n        message: `Expected ${V} to be an instance of ${i.name}.`\n      })\n    }\n\n    return V\n  }\n}\n\nwebidl.dictionaryConverter = function (converters) {\n  return (dictionary) => {\n    const type = webidl.util.Type(dictionary)\n    const dict = {}\n\n    if (type === 'Null' || type === 'Undefined') {\n      return dict\n    } else if (type !== 'Object') {\n      throw webidl.errors.exception({\n        header: 'Dictionary',\n        message: `Expected ${dictionary} to be one of: Null, Undefined, Object.`\n      })\n    }\n\n    for (const options of converters) {\n      const { key, defaultValue, required, converter } = options\n\n      if (required === true) {\n        if (!hasOwn(dictionary, key)) {\n          throw webidl.errors.exception({\n            header: 'Dictionary',\n            message: `Missing required key \"${key}\".`\n          })\n        }\n      }\n\n      let value = dictionary[key]\n      const hasDefault = hasOwn(options, 'defaultValue')\n\n      // Only use defaultValue if value is undefined and\n      // a defaultValue options was provided.\n      if (hasDefault && value !== null) {\n        value = value ?? defaultValue\n      }\n\n      // A key can be optional and have no default value.\n      // When this happens, do not perform a conversion,\n      // and do not assign the key a value.\n      if (required || hasDefault || value !== undefined) {\n        value = converter(value)\n\n        if (\n          options.allowedValues &&\n          !options.allowedValues.includes(value)\n        ) {\n          throw webidl.errors.exception({\n            header: 'Dictionary',\n            message: `${value} is not an accepted type. Expected one of ${options.allowedValues.join(', ')}.`\n          })\n        }\n\n        dict[key] = value\n      }\n    }\n\n    return dict\n  }\n}\n\nwebidl.nullableConverter = function (converter) {\n  return (V) => {\n    if (V === null) {\n      return V\n    }\n\n    return converter(V)\n  }\n}\n\n// https://webidl.spec.whatwg.org/#es-DOMString\nwebidl.converters.DOMString = function (V, opts = {}) {\n  // 1. If V is null and the conversion is to an IDL type\n  //    associated with the [LegacyNullToEmptyString]\n  //    extended attribute, then return the DOMString value\n  //    that represents the empty string.\n  if (V === null && opts.legacyNullToEmptyString) {\n    return ''\n  }\n\n  // 2. Let x be ? ToString(V).\n  if (typeof V === 'symbol') {\n    throw new TypeError('Could not convert argument of type symbol to string.')\n  }\n\n  // 3. Return the IDL DOMString value that represents the\n  //    same sequence of code units as the one the\n  //    ECMAScript String value x represents.\n  return String(V)\n}\n\n// https://webidl.spec.whatwg.org/#es-ByteString\nwebidl.converters.ByteString = function (V) {\n  // 1. Let x be ? ToString(V).\n  // Note: DOMString converter perform ? ToString(V)\n  const x = webidl.converters.DOMString(V)\n\n  // 2. If the value of any element of x is greater than\n  //    255, then throw a TypeError.\n  for (let index = 0; index < x.length; index++) {\n    if (x.charCodeAt(index) > 255) {\n      throw new TypeError(\n        'Cannot convert argument to a ByteString because the character at ' +\n        `index ${index} has a value of ${x.charCodeAt(index)} which is greater than 255.`\n      )\n    }\n  }\n\n  // 3. Return an IDL ByteString value whose length is the\n  //    length of x, and where the value of each element is\n  //    the value of the corresponding element of x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#es-USVString\nwebidl.converters.USVString = toUSVString\n\n// https://webidl.spec.whatwg.org/#es-boolean\nwebidl.converters.boolean = function (V) {\n  // 1. Let x be the result of computing ToBoolean(V).\n  const x = Boolean(V)\n\n  // 2. Return the IDL boolean value that is the one that represents\n  //    the same truth value as the ECMAScript Boolean value x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#es-any\nwebidl.converters.any = function (V) {\n  return V\n}\n\n// https://webidl.spec.whatwg.org/#es-long-long\nwebidl.converters['long long'] = function (V) {\n  // 1. Let x be ? ConvertToInt(V, 64, \"signed\").\n  const x = webidl.util.ConvertToInt(V, 64, 'signed')\n\n  // 2. Return the IDL long long value that represents\n  //    the same numeric value as x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#es-unsigned-long-long\nwebidl.converters['unsigned long long'] = function (V) {\n  // 1. Let x be ? ConvertToInt(V, 64, \"unsigned\").\n  const x = webidl.util.ConvertToInt(V, 64, 'unsigned')\n\n  // 2. Return the IDL unsigned long long value that\n  //    represents the same numeric value as x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#es-unsigned-long\nwebidl.converters['unsigned long'] = function (V) {\n  // 1. Let x be ? ConvertToInt(V, 32, \"unsigned\").\n  const x = webidl.util.ConvertToInt(V, 32, 'unsigned')\n\n  // 2. Return the IDL unsigned long value that\n  //    represents the same numeric value as x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#es-unsigned-short\nwebidl.converters['unsigned short'] = function (V, opts) {\n  // 1. Let x be ? ConvertToInt(V, 16, \"unsigned\").\n  const x = webidl.util.ConvertToInt(V, 16, 'unsigned', opts)\n\n  // 2. Return the IDL unsigned short value that represents\n  //    the same numeric value as x.\n  return x\n}\n\n// https://webidl.spec.whatwg.org/#idl-ArrayBuffer\nwebidl.converters.ArrayBuffer = function (V, opts = {}) {\n  // 1. If Type(V) is not Object, or V does not have an\n  //    [[ArrayBufferData]] internal slot, then throw a\n  //    TypeError.\n  // see: https://tc39.es/ecma262/#sec-properties-of-the-arraybuffer-instances\n  // see: https://tc39.es/ecma262/#sec-properties-of-the-sharedarraybuffer-instances\n  if (\n    webidl.util.Type(V) !== 'Object' ||\n    !types.isAnyArrayBuffer(V)\n  ) {\n    throw webidl.errors.conversionFailed({\n      prefix: `${V}`,\n      argument: `${V}`,\n      types: ['ArrayBuffer']\n    })\n  }\n\n  // 2. If the conversion is not to an IDL type associated\n  //    with the [AllowShared] extended attribute, and\n  //    IsSharedArrayBuffer(V) is true, then throw a\n  //    TypeError.\n  if (opts.allowShared === false && types.isSharedArrayBuffer(V)) {\n    throw webidl.errors.exception({\n      header: 'ArrayBuffer',\n      message: 'SharedArrayBuffer is not allowed.'\n    })\n  }\n\n  // 3. If the conversion is not to an IDL type associated\n  //    with the [AllowResizable] extended attribute, and\n  //    IsResizableArrayBuffer(V) is true, then throw a\n  //    TypeError.\n  // Note: resizable ArrayBuffers are currently a proposal.\n\n  // 4. Return the IDL ArrayBuffer value that is a\n  //    reference to the same object as V.\n  return V\n}\n\nwebidl.converters.TypedArray = function (V, T, opts = {}) {\n  // 1. Let T be the IDL type V is being converted to.\n\n  // 2. If Type(V) is not Object, or V does not have a\n  //    [[TypedArrayName]] internal slot with a value\n  //    equal to T’s name, then throw a TypeError.\n  if (\n    webidl.util.Type(V) !== 'Object' ||\n    !types.isTypedArray(V) ||\n    V.constructor.name !== T.name\n  ) {\n    throw webidl.errors.conversionFailed({\n      prefix: `${T.name}`,\n      argument: `${V}`,\n      types: [T.name]\n    })\n  }\n\n  // 3. If the conversion is not to an IDL type associated\n  //    with the [AllowShared] extended attribute, and\n  //    IsSharedArrayBuffer(V.[[ViewedArrayBuffer]]) is\n  //    true, then throw a TypeError.\n  if (opts.allowShared === false && types.isSharedArrayBuffer(V.buffer)) {\n    throw webidl.errors.exception({\n      header: 'ArrayBuffer',\n      message: 'SharedArrayBuffer is not allowed.'\n    })\n  }\n\n  // 4. If the conversion is not to an IDL type associated\n  //    with the [AllowResizable] extended attribute, and\n  //    IsResizableArrayBuffer(V.[[ViewedArrayBuffer]]) is\n  //    true, then throw a TypeError.\n  // Note: resizable array buffers are currently a proposal\n\n  // 5. Return the IDL value of type T that is a reference\n  //    to the same object as V.\n  return V\n}\n\nwebidl.converters.DataView = function (V, opts = {}) {\n  // 1. If Type(V) is not Object, or V does not have a\n  //    [[DataView]] internal slot, then throw a TypeError.\n  if (webidl.util.Type(V) !== 'Object' || !types.isDataView(V)) {\n    throw webidl.errors.exception({\n      header: 'DataView',\n      message: 'Object is not a DataView.'\n    })\n  }\n\n  // 2. If the conversion is not to an IDL type associated\n  //    with the [AllowShared] extended attribute, and\n  //    IsSharedArrayBuffer(V.[[ViewedArrayBuffer]]) is true,\n  //    then throw a TypeError.\n  if (opts.allowShared === false && types.isSharedArrayBuffer(V.buffer)) {\n    throw webidl.errors.exception({\n      header: 'ArrayBuffer',\n      message: 'SharedArrayBuffer is not allowed.'\n    })\n  }\n\n  // 3. If the conversion is not to an IDL type associated\n  //    with the [AllowResizable] extended attribute, and\n  //    IsResizableArrayBuffer(V.[[ViewedArrayBuffer]]) is\n  //    true, then throw a TypeError.\n  // Note: resizable ArrayBuffers are currently a proposal\n\n  // 4. Return the IDL DataView value that is a reference\n  //    to the same object as V.\n  return V\n}\n\n// https://webidl.spec.whatwg.org/#BufferSource\nwebidl.converters.BufferSource = function (V, opts = {}) {\n  if (types.isAnyArrayBuffer(V)) {\n    return webidl.converters.ArrayBuffer(V, opts)\n  }\n\n  if (types.isTypedArray(V)) {\n    return webidl.converters.TypedArray(V, V.constructor)\n  }\n\n  if (types.isDataView(V)) {\n    return webidl.converters.DataView(V, opts)\n  }\n\n  throw new TypeError(`Could not convert ${V} to a BufferSource.`)\n}\n\nwebidl.converters['sequence<ByteString>'] = webidl.sequenceConverter(\n  webidl.converters.ByteString\n)\n\nwebidl.converters['sequence<sequence<ByteString>>'] = webidl.sequenceConverter(\n  webidl.converters['sequence<ByteString>']\n)\n\nwebidl.converters['record<ByteString, ByteString>'] = webidl.recordConverter(\n  webidl.converters.ByteString,\n  webidl.converters.ByteString\n)\n\nmodule.exports = {\n  webidl\n}\n","'use strict'\n\n/**\n * @see https://encoding.spec.whatwg.org/#concept-encoding-get\n * @param {string|undefined} label\n */\nfunction getEncoding (label) {\n  if (!label) {\n    return 'failure'\n  }\n\n  // 1. Remove any leading and trailing ASCII whitespace from label.\n  // 2. If label is an ASCII case-insensitive match for any of the\n  //    labels listed in the table below, then return the\n  //    corresponding encoding; otherwise return failure.\n  switch (label.trim().toLowerCase()) {\n    case 'unicode-1-1-utf-8':\n    case 'unicode11utf8':\n    case 'unicode20utf8':\n    case 'utf-8':\n    case 'utf8':\n    case 'x-unicode20utf8':\n      return 'UTF-8'\n    case '866':\n    case 'cp866':\n    case 'csibm866':\n    case 'ibm866':\n      return 'IBM866'\n    case 'csisolatin2':\n    case 'iso-8859-2':\n    case 'iso-ir-101':\n    case 'iso8859-2':\n    case 'iso88592':\n    case 'iso_8859-2':\n    case 'iso_8859-2:1987':\n    case 'l2':\n    case 'latin2':\n      return 'ISO-8859-2'\n    case 'csisolatin3':\n    case 'iso-8859-3':\n    case 'iso-ir-109':\n    case 'iso8859-3':\n    case 'iso88593':\n    case 'iso_8859-3':\n    case 'iso_8859-3:1988':\n    case 'l3':\n    case 'latin3':\n      return 'ISO-8859-3'\n    case 'csisolatin4':\n    case 'iso-8859-4':\n    case 'iso-ir-110':\n    case 'iso8859-4':\n    case 'iso88594':\n    case 'iso_8859-4':\n    case 'iso_8859-4:1988':\n    case 'l4':\n    case 'latin4':\n      return 'ISO-8859-4'\n    case 'csisolatincyrillic':\n    case 'cyrillic':\n    case 'iso-8859-5':\n    case 'iso-ir-144':\n    case 'iso8859-5':\n    case 'iso88595':\n    case 'iso_8859-5':\n    case 'iso_8859-5:1988':\n      return 'ISO-8859-5'\n    case 'arabic':\n    case 'asmo-708':\n    case 'csiso88596e':\n    case 'csiso88596i':\n    case 'csisolatinarabic':\n    case 'ecma-114':\n    case 'iso-8859-6':\n    case 'iso-8859-6-e':\n    case 'iso-8859-6-i':\n    case 'iso-ir-127':\n    case 'iso8859-6':\n    case 'iso88596':\n    case 'iso_8859-6':\n    case 'iso_8859-6:1987':\n      return 'ISO-8859-6'\n    case 'csisolatingreek':\n    case 'ecma-118':\n    case 'elot_928':\n    case 'greek':\n    case 'greek8':\n    case 'iso-8859-7':\n    case 'iso-ir-126':\n    case 'iso8859-7':\n    case 'iso88597':\n    case 'iso_8859-7':\n    case 'iso_8859-7:1987':\n    case 'sun_eu_greek':\n      return 'ISO-8859-7'\n    case 'csiso88598e':\n    case 'csisolatinhebrew':\n    case 'hebrew':\n    case 'iso-8859-8':\n    case 'iso-8859-8-e':\n    case 'iso-ir-138':\n    case 'iso8859-8':\n    case 'iso88598':\n    case 'iso_8859-8':\n    case 'iso_8859-8:1988':\n    case 'visual':\n      return 'ISO-8859-8'\n    case 'csiso88598i':\n    case 'iso-8859-8-i':\n    case 'logical':\n      return 'ISO-8859-8-I'\n    case 'csisolatin6':\n    case 'iso-8859-10':\n    case 'iso-ir-157':\n    case 'iso8859-10':\n    case 'iso885910':\n    case 'l6':\n    case 'latin6':\n      return 'ISO-8859-10'\n    case 'iso-8859-13':\n    case 'iso8859-13':\n    case 'iso885913':\n      return 'ISO-8859-13'\n    case 'iso-8859-14':\n    case 'iso8859-14':\n    case 'iso885914':\n      return 'ISO-8859-14'\n    case 'csisolatin9':\n    case 'iso-8859-15':\n    case 'iso8859-15':\n    case 'iso885915':\n    case 'iso_8859-15':\n    case 'l9':\n      return 'ISO-8859-15'\n    case 'iso-8859-16':\n      return 'ISO-8859-16'\n    case 'cskoi8r':\n    case 'koi':\n    case 'koi8':\n    case 'koi8-r':\n    case 'koi8_r':\n      return 'KOI8-R'\n    case 'koi8-ru':\n    case 'koi8-u':\n      return 'KOI8-U'\n    case 'csmacintosh':\n    case 'mac':\n    case 'macintosh':\n    case 'x-mac-roman':\n      return 'macintosh'\n    case 'iso-8859-11':\n    case 'iso8859-11':\n    case 'iso885911':\n    case 'tis-620':\n    case 'windows-874':\n      return 'windows-874'\n    case 'cp1250':\n    case 'windows-1250':\n    case 'x-cp1250':\n      return 'windows-1250'\n    case 'cp1251':\n    case 'windows-1251':\n    case 'x-cp1251':\n      return 'windows-1251'\n    case 'ansi_x3.4-1968':\n    case 'ascii':\n    case 'cp1252':\n    case 'cp819':\n    case 'csisolatin1':\n    case 'ibm819':\n    case 'iso-8859-1':\n    case 'iso-ir-100':\n    case 'iso8859-1':\n    case 'iso88591':\n    case 'iso_8859-1':\n    case 'iso_8859-1:1987':\n    case 'l1':\n    case 'latin1':\n    case 'us-ascii':\n    case 'windows-1252':\n    case 'x-cp1252':\n      return 'windows-1252'\n    case 'cp1253':\n    case 'windows-1253':\n    case 'x-cp1253':\n      return 'windows-1253'\n    case 'cp1254':\n    case 'csisolatin5':\n    case 'iso-8859-9':\n    case 'iso-ir-148':\n    case 'iso8859-9':\n    case 'iso88599':\n    case 'iso_8859-9':\n    case 'iso_8859-9:1989':\n    case 'l5':\n    case 'latin5':\n    case 'windows-1254':\n    case 'x-cp1254':\n      return 'windows-1254'\n    case 'cp1255':\n    case 'windows-1255':\n    case 'x-cp1255':\n      return 'windows-1255'\n    case 'cp1256':\n    case 'windows-1256':\n    case 'x-cp1256':\n      return 'windows-1256'\n    case 'cp1257':\n    case 'windows-1257':\n    case 'x-cp1257':\n      return 'windows-1257'\n    case 'cp1258':\n    case 'windows-1258':\n    case 'x-cp1258':\n      return 'windows-1258'\n    case 'x-mac-cyrillic':\n    case 'x-mac-ukrainian':\n      return 'x-mac-cyrillic'\n    case 'chinese':\n    case 'csgb2312':\n    case 'csiso58gb231280':\n    case 'gb2312':\n    case 'gb_2312':\n    case 'gb_2312-80':\n    case 'gbk':\n    case 'iso-ir-58':\n    case 'x-gbk':\n      return 'GBK'\n    case 'gb18030':\n      return 'gb18030'\n    case 'big5':\n    case 'big5-hkscs':\n    case 'cn-big5':\n    case 'csbig5':\n    case 'x-x-big5':\n      return 'Big5'\n    case 'cseucpkdfmtjapanese':\n    case 'euc-jp':\n    case 'x-euc-jp':\n      return 'EUC-JP'\n    case 'csiso2022jp':\n    case 'iso-2022-jp':\n      return 'ISO-2022-JP'\n    case 'csshiftjis':\n    case 'ms932':\n    case 'ms_kanji':\n    case 'shift-jis':\n    case 'shift_jis':\n    case 'sjis':\n    case 'windows-31j':\n    case 'x-sjis':\n      return 'Shift_JIS'\n    case 'cseuckr':\n    case 'csksc56011987':\n    case 'euc-kr':\n    case 'iso-ir-149':\n    case 'korean':\n    case 'ks_c_5601-1987':\n    case 'ks_c_5601-1989':\n    case 'ksc5601':\n    case 'ksc_5601':\n    case 'windows-949':\n      return 'EUC-KR'\n    case 'csiso2022kr':\n    case 'hz-gb-2312':\n    case 'iso-2022-cn':\n    case 'iso-2022-cn-ext':\n    case 'iso-2022-kr':\n    case 'replacement':\n      return 'replacement'\n    case 'unicodefffe':\n    case 'utf-16be':\n      return 'UTF-16BE'\n    case 'csunicode':\n    case 'iso-10646-ucs-2':\n    case 'ucs-2':\n    case 'unicode':\n    case 'unicodefeff':\n    case 'utf-16':\n    case 'utf-16le':\n      return 'UTF-16LE'\n    case 'x-user-defined':\n      return 'x-user-defined'\n    default: return 'failure'\n  }\n}\n\nmodule.exports = {\n  getEncoding\n}\n","'use strict'\n\nconst {\n  staticPropertyDescriptors,\n  readOperation,\n  fireAProgressEvent\n} = require('./util')\nconst {\n  kState,\n  kError,\n  kResult,\n  kEvents,\n  kAborted\n} = require('./symbols')\nconst { webidl } = require('../fetch/webidl')\nconst { kEnumerableProperty } = require('../core/util')\n\nclass FileReader extends EventTarget {\n  constructor () {\n    super()\n\n    this[kState] = 'empty'\n    this[kResult] = null\n    this[kError] = null\n    this[kEvents] = {\n      loadend: null,\n      error: null,\n      abort: null,\n      load: null,\n      progress: null,\n      loadstart: null\n    }\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dfn-readAsArrayBuffer\n   * @param {import('buffer').Blob} blob\n   */\n  readAsArrayBuffer (blob) {\n    webidl.brandCheck(this, FileReader)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FileReader.readAsArrayBuffer' })\n\n    blob = webidl.converters.Blob(blob, { strict: false })\n\n    // The readAsArrayBuffer(blob) method, when invoked,\n    // must initiate a read operation for blob with ArrayBuffer.\n    readOperation(this, blob, 'ArrayBuffer')\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#readAsBinaryString\n   * @param {import('buffer').Blob} blob\n   */\n  readAsBinaryString (blob) {\n    webidl.brandCheck(this, FileReader)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FileReader.readAsBinaryString' })\n\n    blob = webidl.converters.Blob(blob, { strict: false })\n\n    // The readAsBinaryString(blob) method, when invoked,\n    // must initiate a read operation for blob with BinaryString.\n    readOperation(this, blob, 'BinaryString')\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#readAsDataText\n   * @param {import('buffer').Blob} blob\n   * @param {string?} encoding\n   */\n  readAsText (blob, encoding = undefined) {\n    webidl.brandCheck(this, FileReader)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FileReader.readAsText' })\n\n    blob = webidl.converters.Blob(blob, { strict: false })\n\n    if (encoding !== undefined) {\n      encoding = webidl.converters.DOMString(encoding)\n    }\n\n    // The readAsText(blob, encoding) method, when invoked,\n    // must initiate a read operation for blob with Text and encoding.\n    readOperation(this, blob, 'Text', encoding)\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dfn-readAsDataURL\n   * @param {import('buffer').Blob} blob\n   */\n  readAsDataURL (blob) {\n    webidl.brandCheck(this, FileReader)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'FileReader.readAsDataURL' })\n\n    blob = webidl.converters.Blob(blob, { strict: false })\n\n    // The readAsDataURL(blob) method, when invoked, must\n    // initiate a read operation for blob with DataURL.\n    readOperation(this, blob, 'DataURL')\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dfn-abort\n   */\n  abort () {\n    // 1. If this's state is \"empty\" or if this's state is\n    //    \"done\" set this's result to null and terminate\n    //    this algorithm.\n    if (this[kState] === 'empty' || this[kState] === 'done') {\n      this[kResult] = null\n      return\n    }\n\n    // 2. If this's state is \"loading\" set this's state to\n    //    \"done\" and set this's result to null.\n    if (this[kState] === 'loading') {\n      this[kState] = 'done'\n      this[kResult] = null\n    }\n\n    // 3. If there are any tasks from this on the file reading\n    //    task source in an affiliated task queue, then remove\n    //    those tasks from that task queue.\n    this[kAborted] = true\n\n    // 4. Terminate the algorithm for the read method being processed.\n    // TODO\n\n    // 5. Fire a progress event called abort at this.\n    fireAProgressEvent('abort', this)\n\n    // 6. If this's state is not \"loading\", fire a progress\n    //    event called loadend at this.\n    if (this[kState] !== 'loading') {\n      fireAProgressEvent('loadend', this)\n    }\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dom-filereader-readystate\n   */\n  get readyState () {\n    webidl.brandCheck(this, FileReader)\n\n    switch (this[kState]) {\n      case 'empty': return this.EMPTY\n      case 'loading': return this.LOADING\n      case 'done': return this.DONE\n    }\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dom-filereader-result\n   */\n  get result () {\n    webidl.brandCheck(this, FileReader)\n\n    // The result attribute’s getter, when invoked, must return\n    // this's result.\n    return this[kResult]\n  }\n\n  /**\n   * @see https://w3c.github.io/FileAPI/#dom-filereader-error\n   */\n  get error () {\n    webidl.brandCheck(this, FileReader)\n\n    // The error attribute’s getter, when invoked, must return\n    // this's error.\n    return this[kError]\n  }\n\n  get onloadend () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].loadend\n  }\n\n  set onloadend (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].loadend) {\n      this.removeEventListener('loadend', this[kEvents].loadend)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].loadend = fn\n      this.addEventListener('loadend', fn)\n    } else {\n      this[kEvents].loadend = null\n    }\n  }\n\n  get onerror () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].error\n  }\n\n  set onerror (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].error) {\n      this.removeEventListener('error', this[kEvents].error)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].error = fn\n      this.addEventListener('error', fn)\n    } else {\n      this[kEvents].error = null\n    }\n  }\n\n  get onloadstart () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].loadstart\n  }\n\n  set onloadstart (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].loadstart) {\n      this.removeEventListener('loadstart', this[kEvents].loadstart)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].loadstart = fn\n      this.addEventListener('loadstart', fn)\n    } else {\n      this[kEvents].loadstart = null\n    }\n  }\n\n  get onprogress () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].progress\n  }\n\n  set onprogress (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].progress) {\n      this.removeEventListener('progress', this[kEvents].progress)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].progress = fn\n      this.addEventListener('progress', fn)\n    } else {\n      this[kEvents].progress = null\n    }\n  }\n\n  get onload () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].load\n  }\n\n  set onload (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].load) {\n      this.removeEventListener('load', this[kEvents].load)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].load = fn\n      this.addEventListener('load', fn)\n    } else {\n      this[kEvents].load = null\n    }\n  }\n\n  get onabort () {\n    webidl.brandCheck(this, FileReader)\n\n    return this[kEvents].abort\n  }\n\n  set onabort (fn) {\n    webidl.brandCheck(this, FileReader)\n\n    if (this[kEvents].abort) {\n      this.removeEventListener('abort', this[kEvents].abort)\n    }\n\n    if (typeof fn === 'function') {\n      this[kEvents].abort = fn\n      this.addEventListener('abort', fn)\n    } else {\n      this[kEvents].abort = null\n    }\n  }\n}\n\n// https://w3c.github.io/FileAPI/#dom-filereader-empty\nFileReader.EMPTY = FileReader.prototype.EMPTY = 0\n// https://w3c.github.io/FileAPI/#dom-filereader-loading\nFileReader.LOADING = FileReader.prototype.LOADING = 1\n// https://w3c.github.io/FileAPI/#dom-filereader-done\nFileReader.DONE = FileReader.prototype.DONE = 2\n\nObject.defineProperties(FileReader.prototype, {\n  EMPTY: staticPropertyDescriptors,\n  LOADING: staticPropertyDescriptors,\n  DONE: staticPropertyDescriptors,\n  readAsArrayBuffer: kEnumerableProperty,\n  readAsBinaryString: kEnumerableProperty,\n  readAsText: kEnumerableProperty,\n  readAsDataURL: kEnumerableProperty,\n  abort: kEnumerableProperty,\n  readyState: kEnumerableProperty,\n  result: kEnumerableProperty,\n  error: kEnumerableProperty,\n  onloadstart: kEnumerableProperty,\n  onprogress: kEnumerableProperty,\n  onload: kEnumerableProperty,\n  onabort: kEnumerableProperty,\n  onerror: kEnumerableProperty,\n  onloadend: kEnumerableProperty,\n  [Symbol.toStringTag]: {\n    value: 'FileReader',\n    writable: false,\n    enumerable: false,\n    configurable: true\n  }\n})\n\nObject.defineProperties(FileReader, {\n  EMPTY: staticPropertyDescriptors,\n  LOADING: staticPropertyDescriptors,\n  DONE: staticPropertyDescriptors\n})\n\nmodule.exports = {\n  FileReader\n}\n","'use strict'\n\nconst { webidl } = require('../fetch/webidl')\n\nconst kState = Symbol('ProgressEvent state')\n\n/**\n * @see https://xhr.spec.whatwg.org/#progressevent\n */\nclass ProgressEvent extends Event {\n  constructor (type, eventInitDict = {}) {\n    type = webidl.converters.DOMString(type)\n    eventInitDict = webidl.converters.ProgressEventInit(eventInitDict ?? {})\n\n    super(type, eventInitDict)\n\n    this[kState] = {\n      lengthComputable: eventInitDict.lengthComputable,\n      loaded: eventInitDict.loaded,\n      total: eventInitDict.total\n    }\n  }\n\n  get lengthComputable () {\n    webidl.brandCheck(this, ProgressEvent)\n\n    return this[kState].lengthComputable\n  }\n\n  get loaded () {\n    webidl.brandCheck(this, ProgressEvent)\n\n    return this[kState].loaded\n  }\n\n  get total () {\n    webidl.brandCheck(this, ProgressEvent)\n\n    return this[kState].total\n  }\n}\n\nwebidl.converters.ProgressEventInit = webidl.dictionaryConverter([\n  {\n    key: 'lengthComputable',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'loaded',\n    converter: webidl.converters['unsigned long long'],\n    defaultValue: 0\n  },\n  {\n    key: 'total',\n    converter: webidl.converters['unsigned long long'],\n    defaultValue: 0\n  },\n  {\n    key: 'bubbles',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'cancelable',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'composed',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  }\n])\n\nmodule.exports = {\n  ProgressEvent\n}\n","'use strict'\n\nmodule.exports = {\n  kState: Symbol('FileReader state'),\n  kResult: Symbol('FileReader result'),\n  kError: Symbol('FileReader error'),\n  kLastProgressEventFired: Symbol('FileReader last progress event fired timestamp'),\n  kEvents: Symbol('FileReader events'),\n  kAborted: Symbol('FileReader aborted')\n}\n","'use strict'\n\nconst {\n  kState,\n  kError,\n  kResult,\n  kAborted,\n  kLastProgressEventFired\n} = require('./symbols')\nconst { ProgressEvent } = require('./progressevent')\nconst { getEncoding } = require('./encoding')\nconst { DOMException } = require('../fetch/constants')\nconst { serializeAMimeType, parseMIMEType } = require('../fetch/dataURL')\nconst { types } = require('util')\nconst { StringDecoder } = require('string_decoder')\nconst { btoa } = require('buffer')\n\n/** @type {PropertyDescriptor} */\nconst staticPropertyDescriptors = {\n  enumerable: true,\n  writable: false,\n  configurable: false\n}\n\n/**\n * @see https://w3c.github.io/FileAPI/#readOperation\n * @param {import('./filereader').FileReader} fr\n * @param {import('buffer').Blob} blob\n * @param {string} type\n * @param {string?} encodingName\n */\nfunction readOperation (fr, blob, type, encodingName) {\n  // 1. If fr’s state is \"loading\", throw an InvalidStateError\n  //    DOMException.\n  if (fr[kState] === 'loading') {\n    throw new DOMException('Invalid state', 'InvalidStateError')\n  }\n\n  // 2. Set fr’s state to \"loading\".\n  fr[kState] = 'loading'\n\n  // 3. Set fr’s result to null.\n  fr[kResult] = null\n\n  // 4. Set fr’s error to null.\n  fr[kError] = null\n\n  // 5. Let stream be the result of calling get stream on blob.\n  /** @type {import('stream/web').ReadableStream} */\n  const stream = blob.stream()\n\n  // 6. Let reader be the result of getting a reader from stream.\n  const reader = stream.getReader()\n\n  // 7. Let bytes be an empty byte sequence.\n  /** @type {Uint8Array[]} */\n  const bytes = []\n\n  // 8. Let chunkPromise be the result of reading a chunk from\n  //    stream with reader.\n  let chunkPromise = reader.read()\n\n  // 9. Let isFirstChunk be true.\n  let isFirstChunk = true\n\n  // 10. In parallel, while true:\n  // Note: \"In parallel\" just means non-blocking\n  // Note 2: readOperation itself cannot be async as double\n  // reading the body would then reject the promise, instead\n  // of throwing an error.\n  ;(async () => {\n    while (!fr[kAborted]) {\n      // 1. Wait for chunkPromise to be fulfilled or rejected.\n      try {\n        const { done, value } = await chunkPromise\n\n        // 2. If chunkPromise is fulfilled, and isFirstChunk is\n        //    true, queue a task to fire a progress event called\n        //    loadstart at fr.\n        if (isFirstChunk && !fr[kAborted]) {\n          queueMicrotask(() => {\n            fireAProgressEvent('loadstart', fr)\n          })\n        }\n\n        // 3. Set isFirstChunk to false.\n        isFirstChunk = false\n\n        // 4. If chunkPromise is fulfilled with an object whose\n        //    done property is false and whose value property is\n        //    a Uint8Array object, run these steps:\n        if (!done && types.isUint8Array(value)) {\n          // 1. Let bs be the byte sequence represented by the\n          //    Uint8Array object.\n\n          // 2. Append bs to bytes.\n          bytes.push(value)\n\n          // 3. If roughly 50ms have passed since these steps\n          //    were last invoked, queue a task to fire a\n          //    progress event called progress at fr.\n          if (\n            (\n              fr[kLastProgressEventFired] === undefined ||\n              Date.now() - fr[kLastProgressEventFired] >= 50\n            ) &&\n            !fr[kAborted]\n          ) {\n            fr[kLastProgressEventFired] = Date.now()\n            queueMicrotask(() => {\n              fireAProgressEvent('progress', fr)\n            })\n          }\n\n          // 4. Set chunkPromise to the result of reading a\n          //    chunk from stream with reader.\n          chunkPromise = reader.read()\n        } else if (done) {\n          // 5. Otherwise, if chunkPromise is fulfilled with an\n          //    object whose done property is true, queue a task\n          //    to run the following steps and abort this algorithm:\n          queueMicrotask(() => {\n            // 1. Set fr’s state to \"done\".\n            fr[kState] = 'done'\n\n            // 2. Let result be the result of package data given\n            //    bytes, type, blob’s type, and encodingName.\n            try {\n              const result = packageData(bytes, type, blob.type, encodingName)\n\n              // 4. Else:\n\n              if (fr[kAborted]) {\n                return\n              }\n\n              // 1. Set fr’s result to result.\n              fr[kResult] = result\n\n              // 2. Fire a progress event called load at the fr.\n              fireAProgressEvent('load', fr)\n            } catch (error) {\n              // 3. If package data threw an exception error:\n\n              // 1. Set fr’s error to error.\n              fr[kError] = error\n\n              // 2. Fire a progress event called error at fr.\n              fireAProgressEvent('error', fr)\n            }\n\n            // 5. If fr’s state is not \"loading\", fire a progress\n            //    event called loadend at the fr.\n            if (fr[kState] !== 'loading') {\n              fireAProgressEvent('loadend', fr)\n            }\n          })\n\n          break\n        }\n      } catch (error) {\n        if (fr[kAborted]) {\n          return\n        }\n\n        // 6. Otherwise, if chunkPromise is rejected with an\n        //    error error, queue a task to run the following\n        //    steps and abort this algorithm:\n        queueMicrotask(() => {\n          // 1. Set fr’s state to \"done\".\n          fr[kState] = 'done'\n\n          // 2. Set fr’s error to error.\n          fr[kError] = error\n\n          // 3. Fire a progress event called error at fr.\n          fireAProgressEvent('error', fr)\n\n          // 4. If fr’s state is not \"loading\", fire a progress\n          //    event called loadend at fr.\n          if (fr[kState] !== 'loading') {\n            fireAProgressEvent('loadend', fr)\n          }\n        })\n\n        break\n      }\n    }\n  })()\n}\n\n/**\n * @see https://w3c.github.io/FileAPI/#fire-a-progress-event\n * @see https://dom.spec.whatwg.org/#concept-event-fire\n * @param {string} e The name of the event\n * @param {import('./filereader').FileReader} reader\n */\nfunction fireAProgressEvent (e, reader) {\n  // The progress event e does not bubble. e.bubbles must be false\n  // The progress event e is NOT cancelable. e.cancelable must be false\n  const event = new ProgressEvent(e, {\n    bubbles: false,\n    cancelable: false\n  })\n\n  reader.dispatchEvent(event)\n}\n\n/**\n * @see https://w3c.github.io/FileAPI/#blob-package-data\n * @param {Uint8Array[]} bytes\n * @param {string} type\n * @param {string?} mimeType\n * @param {string?} encodingName\n */\nfunction packageData (bytes, type, mimeType, encodingName) {\n  // 1. A Blob has an associated package data algorithm, given\n  //    bytes, a type, a optional mimeType, and a optional\n  //    encodingName, which switches on type and runs the\n  //    associated steps:\n\n  switch (type) {\n    case 'DataURL': {\n      // 1. Return bytes as a DataURL [RFC2397] subject to\n      //    the considerations below:\n      //  * Use mimeType as part of the Data URL if it is\n      //    available in keeping with the Data URL\n      //    specification [RFC2397].\n      //  * If mimeType is not available return a Data URL\n      //    without a media-type. [RFC2397].\n\n      // https://datatracker.ietf.org/doc/html/rfc2397#section-3\n      // dataurl    := \"data:\" [ mediatype ] [ \";base64\" ] \",\" data\n      // mediatype  := [ type \"/\" subtype ] *( \";\" parameter )\n      // data       := *urlchar\n      // parameter  := attribute \"=\" value\n      let dataURL = 'data:'\n\n      const parsed = parseMIMEType(mimeType || 'application/octet-stream')\n\n      if (parsed !== 'failure') {\n        dataURL += serializeAMimeType(parsed)\n      }\n\n      dataURL += ';base64,'\n\n      const decoder = new StringDecoder('latin1')\n\n      for (const chunk of bytes) {\n        dataURL += btoa(decoder.write(chunk))\n      }\n\n      dataURL += btoa(decoder.end())\n\n      return dataURL\n    }\n    case 'Text': {\n      // 1. Let encoding be failure\n      let encoding = 'failure'\n\n      // 2. If the encodingName is present, set encoding to the\n      //    result of getting an encoding from encodingName.\n      if (encodingName) {\n        encoding = getEncoding(encodingName)\n      }\n\n      // 3. If encoding is failure, and mimeType is present:\n      if (encoding === 'failure' && mimeType) {\n        // 1. Let type be the result of parse a MIME type\n        //    given mimeType.\n        const type = parseMIMEType(mimeType)\n\n        // 2. If type is not failure, set encoding to the result\n        //    of getting an encoding from type’s parameters[\"charset\"].\n        if (type !== 'failure') {\n          encoding = getEncoding(type.parameters.get('charset'))\n        }\n      }\n\n      // 4. If encoding is failure, then set encoding to UTF-8.\n      if (encoding === 'failure') {\n        encoding = 'UTF-8'\n      }\n\n      // 5. Decode bytes using fallback encoding encoding, and\n      //    return the result.\n      return decode(bytes, encoding)\n    }\n    case 'ArrayBuffer': {\n      // Return a new ArrayBuffer whose contents are bytes.\n      const sequence = combineByteSequences(bytes)\n\n      return sequence.buffer\n    }\n    case 'BinaryString': {\n      // Return bytes as a binary string, in which every byte\n      //  is represented by a code unit of equal value [0..255].\n      let binaryString = ''\n\n      const decoder = new StringDecoder('latin1')\n\n      for (const chunk of bytes) {\n        binaryString += decoder.write(chunk)\n      }\n\n      binaryString += decoder.end()\n\n      return binaryString\n    }\n  }\n}\n\n/**\n * @see https://encoding.spec.whatwg.org/#decode\n * @param {Uint8Array[]} ioQueue\n * @param {string} encoding\n */\nfunction decode (ioQueue, encoding) {\n  const bytes = combineByteSequences(ioQueue)\n\n  // 1. Let BOMEncoding be the result of BOM sniffing ioQueue.\n  const BOMEncoding = BOMSniffing(bytes)\n\n  let slice = 0\n\n  // 2. If BOMEncoding is non-null:\n  if (BOMEncoding !== null) {\n    // 1. Set encoding to BOMEncoding.\n    encoding = BOMEncoding\n\n    // 2. Read three bytes from ioQueue, if BOMEncoding is\n    //    UTF-8; otherwise read two bytes.\n    //    (Do nothing with those bytes.)\n    slice = BOMEncoding === 'UTF-8' ? 3 : 2\n  }\n\n  // 3. Process a queue with an instance of encoding’s\n  //    decoder, ioQueue, output, and \"replacement\".\n\n  // 4. Return output.\n\n  const sliced = bytes.slice(slice)\n  return new TextDecoder(encoding).decode(sliced)\n}\n\n/**\n * @see https://encoding.spec.whatwg.org/#bom-sniff\n * @param {Uint8Array} ioQueue\n */\nfunction BOMSniffing (ioQueue) {\n  // 1. Let BOM be the result of peeking 3 bytes from ioQueue,\n  //    converted to a byte sequence.\n  const [a, b, c] = ioQueue\n\n  // 2. For each of the rows in the table below, starting with\n  //    the first one and going down, if BOM starts with the\n  //    bytes given in the first column, then return the\n  //    encoding given in the cell in the second column of that\n  //    row. Otherwise, return null.\n  if (a === 0xEF && b === 0xBB && c === 0xBF) {\n    return 'UTF-8'\n  } else if (a === 0xFE && b === 0xFF) {\n    return 'UTF-16BE'\n  } else if (a === 0xFF && b === 0xFE) {\n    return 'UTF-16LE'\n  }\n\n  return null\n}\n\n/**\n * @param {Uint8Array[]} sequences\n */\nfunction combineByteSequences (sequences) {\n  const size = sequences.reduce((a, b) => {\n    return a + b.byteLength\n  }, 0)\n\n  let offset = 0\n\n  return sequences.reduce((a, b) => {\n    a.set(b, offset)\n    offset += b.byteLength\n    return a\n  }, new Uint8Array(size))\n}\n\nmodule.exports = {\n  staticPropertyDescriptors,\n  readOperation,\n  fireAProgressEvent\n}\n","'use strict'\n\n// We include a version number for the Dispatcher API. In case of breaking changes,\n// this version number must be increased to avoid conflicts.\nconst globalDispatcher = Symbol.for('undici.globalDispatcher.1')\nconst { InvalidArgumentError } = require('./core/errors')\nconst Agent = require('./agent')\n\nif (getGlobalDispatcher() === undefined) {\n  setGlobalDispatcher(new Agent())\n}\n\nfunction setGlobalDispatcher (agent) {\n  if (!agent || typeof agent.dispatch !== 'function') {\n    throw new InvalidArgumentError('Argument agent must implement Agent')\n  }\n  Object.defineProperty(globalThis, globalDispatcher, {\n    value: agent,\n    writable: true,\n    enumerable: false,\n    configurable: false\n  })\n}\n\nfunction getGlobalDispatcher () {\n  return globalThis[globalDispatcher]\n}\n\nmodule.exports = {\n  setGlobalDispatcher,\n  getGlobalDispatcher\n}\n","'use strict'\n\nmodule.exports = class DecoratorHandler {\n  constructor (handler) {\n    this.handler = handler\n  }\n\n  onConnect (...args) {\n    return this.handler.onConnect(...args)\n  }\n\n  onError (...args) {\n    return this.handler.onError(...args)\n  }\n\n  onUpgrade (...args) {\n    return this.handler.onUpgrade(...args)\n  }\n\n  onHeaders (...args) {\n    return this.handler.onHeaders(...args)\n  }\n\n  onData (...args) {\n    return this.handler.onData(...args)\n  }\n\n  onComplete (...args) {\n    return this.handler.onComplete(...args)\n  }\n\n  onBodySent (...args) {\n    return this.handler.onBodySent(...args)\n  }\n}\n","'use strict'\n\nconst util = require('../core/util')\nconst { kBodyUsed } = require('../core/symbols')\nconst assert = require('assert')\nconst { InvalidArgumentError } = require('../core/errors')\nconst EE = require('events')\n\nconst redirectableStatusCodes = [300, 301, 302, 303, 307, 308]\n\nconst kBody = Symbol('body')\n\nclass BodyAsyncIterable {\n  constructor (body) {\n    this[kBody] = body\n    this[kBodyUsed] = false\n  }\n\n  async * [Symbol.asyncIterator] () {\n    assert(!this[kBodyUsed], 'disturbed')\n    this[kBodyUsed] = true\n    yield * this[kBody]\n  }\n}\n\nclass RedirectHandler {\n  constructor (dispatch, maxRedirections, opts, handler) {\n    if (maxRedirections != null && (!Number.isInteger(maxRedirections) || maxRedirections < 0)) {\n      throw new InvalidArgumentError('maxRedirections must be a positive number')\n    }\n\n    util.validateHandler(handler, opts.method, opts.upgrade)\n\n    this.dispatch = dispatch\n    this.location = null\n    this.abort = null\n    this.opts = { ...opts, maxRedirections: 0 } // opts must be a copy\n    this.maxRedirections = maxRedirections\n    this.handler = handler\n    this.history = []\n\n    if (util.isStream(this.opts.body)) {\n      // TODO (fix): Provide some way for the user to cache the file to e.g. /tmp\n      // so that it can be dispatched again?\n      // TODO (fix): Do we need 100-expect support to provide a way to do this properly?\n      if (util.bodyLength(this.opts.body) === 0) {\n        this.opts.body\n          .on('data', function () {\n            assert(false)\n          })\n      }\n\n      if (typeof this.opts.body.readableDidRead !== 'boolean') {\n        this.opts.body[kBodyUsed] = false\n        EE.prototype.on.call(this.opts.body, 'data', function () {\n          this[kBodyUsed] = true\n        })\n      }\n    } else if (this.opts.body && typeof this.opts.body.pipeTo === 'function') {\n      // TODO (fix): We can't access ReadableStream internal state\n      // to determine whether or not it has been disturbed. This is just\n      // a workaround.\n      this.opts.body = new BodyAsyncIterable(this.opts.body)\n    } else if (\n      this.opts.body &&\n      typeof this.opts.body !== 'string' &&\n      !ArrayBuffer.isView(this.opts.body) &&\n      util.isIterable(this.opts.body)\n    ) {\n      // TODO: Should we allow re-using iterable if !this.opts.idempotent\n      // or through some other flag?\n      this.opts.body = new BodyAsyncIterable(this.opts.body)\n    }\n  }\n\n  onConnect (abort) {\n    this.abort = abort\n    this.handler.onConnect(abort, { history: this.history })\n  }\n\n  onUpgrade (statusCode, headers, socket) {\n    this.handler.onUpgrade(statusCode, headers, socket)\n  }\n\n  onError (error) {\n    this.handler.onError(error)\n  }\n\n  onHeaders (statusCode, headers, resume, statusText) {\n    this.location = this.history.length >= this.maxRedirections || util.isDisturbed(this.opts.body)\n      ? null\n      : parseLocation(statusCode, headers)\n\n    if (this.opts.origin) {\n      this.history.push(new URL(this.opts.path, this.opts.origin))\n    }\n\n    if (!this.location) {\n      return this.handler.onHeaders(statusCode, headers, resume, statusText)\n    }\n\n    const { origin, pathname, search } = util.parseURL(new URL(this.location, this.opts.origin && new URL(this.opts.path, this.opts.origin)))\n    const path = search ? `${pathname}${search}` : pathname\n\n    // Remove headers referring to the original URL.\n    // By default it is Host only, unless it's a 303 (see below), which removes also all Content-* headers.\n    // https://tools.ietf.org/html/rfc7231#section-6.4\n    this.opts.headers = cleanRequestHeaders(this.opts.headers, statusCode === 303, this.opts.origin !== origin)\n    this.opts.path = path\n    this.opts.origin = origin\n    this.opts.maxRedirections = 0\n    this.opts.query = null\n\n    // https://tools.ietf.org/html/rfc7231#section-6.4.4\n    // In case of HTTP 303, always replace method to be either HEAD or GET\n    if (statusCode === 303 && this.opts.method !== 'HEAD') {\n      this.opts.method = 'GET'\n      this.opts.body = null\n    }\n  }\n\n  onData (chunk) {\n    if (this.location) {\n      /*\n        https://tools.ietf.org/html/rfc7231#section-6.4\n\n        TLDR: undici always ignores 3xx response bodies.\n\n        Redirection is used to serve the requested resource from another URL, so it is assumes that\n        no body is generated (and thus can be ignored). Even though generating a body is not prohibited.\n\n        For status 301, 302, 303, 307 and 308 (the latter from RFC 7238), the specs mention that the body usually\n        (which means it's optional and not mandated) contain just an hyperlink to the value of\n        the Location response header, so the body can be ignored safely.\n\n        For status 300, which is \"Multiple Choices\", the spec mentions both generating a Location\n        response header AND a response body with the other possible location to follow.\n        Since the spec explicitily chooses not to specify a format for such body and leave it to\n        servers and browsers implementors, we ignore the body as there is no specified way to eventually parse it.\n      */\n    } else {\n      return this.handler.onData(chunk)\n    }\n  }\n\n  onComplete (trailers) {\n    if (this.location) {\n      /*\n        https://tools.ietf.org/html/rfc7231#section-6.4\n\n        TLDR: undici always ignores 3xx response trailers as they are not expected in case of redirections\n        and neither are useful if present.\n\n        See comment on onData method above for more detailed informations.\n      */\n\n      this.location = null\n      this.abort = null\n\n      this.dispatch(this.opts, this)\n    } else {\n      this.handler.onComplete(trailers)\n    }\n  }\n\n  onBodySent (chunk) {\n    if (this.handler.onBodySent) {\n      this.handler.onBodySent(chunk)\n    }\n  }\n}\n\nfunction parseLocation (statusCode, headers) {\n  if (redirectableStatusCodes.indexOf(statusCode) === -1) {\n    return null\n  }\n\n  for (let i = 0; i < headers.length; i += 2) {\n    if (headers[i].toString().toLowerCase() === 'location') {\n      return headers[i + 1]\n    }\n  }\n}\n\n// https://tools.ietf.org/html/rfc7231#section-6.4.4\nfunction shouldRemoveHeader (header, removeContent, unknownOrigin) {\n  if (header.length === 4) {\n    return util.headerNameToString(header) === 'host'\n  }\n  if (removeContent && util.headerNameToString(header).startsWith('content-')) {\n    return true\n  }\n  if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {\n    const name = util.headerNameToString(header)\n    return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'\n  }\n  return false\n}\n\n// https://tools.ietf.org/html/rfc7231#section-6.4\nfunction cleanRequestHeaders (headers, removeContent, unknownOrigin) {\n  const ret = []\n  if (Array.isArray(headers)) {\n    for (let i = 0; i < headers.length; i += 2) {\n      if (!shouldRemoveHeader(headers[i], removeContent, unknownOrigin)) {\n        ret.push(headers[i], headers[i + 1])\n      }\n    }\n  } else if (headers && typeof headers === 'object') {\n    for (const key of Object.keys(headers)) {\n      if (!shouldRemoveHeader(key, removeContent, unknownOrigin)) {\n        ret.push(key, headers[key])\n      }\n    }\n  } else {\n    assert(headers == null, 'headers must be an object or an array')\n  }\n  return ret\n}\n\nmodule.exports = RedirectHandler\n","const assert = require('assert')\n\nconst { kRetryHandlerDefaultRetry } = require('../core/symbols')\nconst { RequestRetryError } = require('../core/errors')\nconst { isDisturbed, parseHeaders, parseRangeHeader } = require('../core/util')\n\nfunction calculateRetryAfterHeader (retryAfter) {\n  const current = Date.now()\n  const diff = new Date(retryAfter).getTime() - current\n\n  return diff\n}\n\nclass RetryHandler {\n  constructor (opts, handlers) {\n    const { retryOptions, ...dispatchOpts } = opts\n    const {\n      // Retry scoped\n      retry: retryFn,\n      maxRetries,\n      maxTimeout,\n      minTimeout,\n      timeoutFactor,\n      // Response scoped\n      methods,\n      errorCodes,\n      retryAfter,\n      statusCodes\n    } = retryOptions ?? {}\n\n    this.dispatch = handlers.dispatch\n    this.handler = handlers.handler\n    this.opts = dispatchOpts\n    this.abort = null\n    this.aborted = false\n    this.retryOpts = {\n      retry: retryFn ?? RetryHandler[kRetryHandlerDefaultRetry],\n      retryAfter: retryAfter ?? true,\n      maxTimeout: maxTimeout ?? 30 * 1000, // 30s,\n      timeout: minTimeout ?? 500, // .5s\n      timeoutFactor: timeoutFactor ?? 2,\n      maxRetries: maxRetries ?? 5,\n      // What errors we should retry\n      methods: methods ?? ['GET', 'HEAD', 'OPTIONS', 'PUT', 'DELETE', 'TRACE'],\n      // Indicates which errors to retry\n      statusCodes: statusCodes ?? [500, 502, 503, 504, 429],\n      // List of errors to retry\n      errorCodes: errorCodes ?? [\n        'ECONNRESET',\n        'ECONNREFUSED',\n        'ENOTFOUND',\n        'ENETDOWN',\n        'ENETUNREACH',\n        'EHOSTDOWN',\n        'EHOSTUNREACH',\n        'EPIPE'\n      ]\n    }\n\n    this.retryCount = 0\n    this.start = 0\n    this.end = null\n    this.etag = null\n    this.resume = null\n\n    // Handle possible onConnect duplication\n    this.handler.onConnect(reason => {\n      this.aborted = true\n      if (this.abort) {\n        this.abort(reason)\n      } else {\n        this.reason = reason\n      }\n    })\n  }\n\n  onRequestSent () {\n    if (this.handler.onRequestSent) {\n      this.handler.onRequestSent()\n    }\n  }\n\n  onUpgrade (statusCode, headers, socket) {\n    if (this.handler.onUpgrade) {\n      this.handler.onUpgrade(statusCode, headers, socket)\n    }\n  }\n\n  onConnect (abort) {\n    if (this.aborted) {\n      abort(this.reason)\n    } else {\n      this.abort = abort\n    }\n  }\n\n  onBodySent (chunk) {\n    if (this.handler.onBodySent) return this.handler.onBodySent(chunk)\n  }\n\n  static [kRetryHandlerDefaultRetry] (err, { state, opts }, cb) {\n    const { statusCode, code, headers } = err\n    const { method, retryOptions } = opts\n    const {\n      maxRetries,\n      timeout,\n      maxTimeout,\n      timeoutFactor,\n      statusCodes,\n      errorCodes,\n      methods\n    } = retryOptions\n    let { counter, currentTimeout } = state\n\n    currentTimeout =\n      currentTimeout != null && currentTimeout > 0 ? currentTimeout : timeout\n\n    // Any code that is not a Undici's originated and allowed to retry\n    if (\n      code &&\n      code !== 'UND_ERR_REQ_RETRY' &&\n      code !== 'UND_ERR_SOCKET' &&\n      !errorCodes.includes(code)\n    ) {\n      cb(err)\n      return\n    }\n\n    // If a set of method are provided and the current method is not in the list\n    if (Array.isArray(methods) && !methods.includes(method)) {\n      cb(err)\n      return\n    }\n\n    // If a set of status code are provided and the current status code is not in the list\n    if (\n      statusCode != null &&\n      Array.isArray(statusCodes) &&\n      !statusCodes.includes(statusCode)\n    ) {\n      cb(err)\n      return\n    }\n\n    // If we reached the max number of retries\n    if (counter > maxRetries) {\n      cb(err)\n      return\n    }\n\n    let retryAfterHeader = headers != null && headers['retry-after']\n    if (retryAfterHeader) {\n      retryAfterHeader = Number(retryAfterHeader)\n      retryAfterHeader = isNaN(retryAfterHeader)\n        ? calculateRetryAfterHeader(retryAfterHeader)\n        : retryAfterHeader * 1e3 // Retry-After is in seconds\n    }\n\n    const retryTimeout =\n      retryAfterHeader > 0\n        ? Math.min(retryAfterHeader, maxTimeout)\n        : Math.min(currentTimeout * timeoutFactor ** counter, maxTimeout)\n\n    state.currentTimeout = retryTimeout\n\n    setTimeout(() => cb(null), retryTimeout)\n  }\n\n  onHeaders (statusCode, rawHeaders, resume, statusMessage) {\n    const headers = parseHeaders(rawHeaders)\n\n    this.retryCount += 1\n\n    if (statusCode >= 300) {\n      this.abort(\n        new RequestRetryError('Request failed', statusCode, {\n          headers,\n          count: this.retryCount\n        })\n      )\n      return false\n    }\n\n    // Checkpoint for resume from where we left it\n    if (this.resume != null) {\n      this.resume = null\n\n      if (statusCode !== 206) {\n        return true\n      }\n\n      const contentRange = parseRangeHeader(headers['content-range'])\n      // If no content range\n      if (!contentRange) {\n        this.abort(\n          new RequestRetryError('Content-Range mismatch', statusCode, {\n            headers,\n            count: this.retryCount\n          })\n        )\n        return false\n      }\n\n      // Let's start with a weak etag check\n      if (this.etag != null && this.etag !== headers.etag) {\n        this.abort(\n          new RequestRetryError('ETag mismatch', statusCode, {\n            headers,\n            count: this.retryCount\n          })\n        )\n        return false\n      }\n\n      const { start, size, end = size } = contentRange\n\n      assert(this.start === start, 'content-range mismatch')\n      assert(this.end == null || this.end === end, 'content-range mismatch')\n\n      this.resume = resume\n      return true\n    }\n\n    if (this.end == null) {\n      if (statusCode === 206) {\n        // First time we receive 206\n        const range = parseRangeHeader(headers['content-range'])\n\n        if (range == null) {\n          return this.handler.onHeaders(\n            statusCode,\n            rawHeaders,\n            resume,\n            statusMessage\n          )\n        }\n\n        const { start, size, end = size } = range\n\n        assert(\n          start != null && Number.isFinite(start) && this.start !== start,\n          'content-range mismatch'\n        )\n        assert(Number.isFinite(start))\n        assert(\n          end != null && Number.isFinite(end) && this.end !== end,\n          'invalid content-length'\n        )\n\n        this.start = start\n        this.end = end\n      }\n\n      // We make our best to checkpoint the body for further range headers\n      if (this.end == null) {\n        const contentLength = headers['content-length']\n        this.end = contentLength != null ? Number(contentLength) : null\n      }\n\n      assert(Number.isFinite(this.start))\n      assert(\n        this.end == null || Number.isFinite(this.end),\n        'invalid content-length'\n      )\n\n      this.resume = resume\n      this.etag = headers.etag != null ? headers.etag : null\n\n      return this.handler.onHeaders(\n        statusCode,\n        rawHeaders,\n        resume,\n        statusMessage\n      )\n    }\n\n    const err = new RequestRetryError('Request failed', statusCode, {\n      headers,\n      count: this.retryCount\n    })\n\n    this.abort(err)\n\n    return false\n  }\n\n  onData (chunk) {\n    this.start += chunk.length\n\n    return this.handler.onData(chunk)\n  }\n\n  onComplete (rawTrailers) {\n    this.retryCount = 0\n    return this.handler.onComplete(rawTrailers)\n  }\n\n  onError (err) {\n    if (this.aborted || isDisturbed(this.opts.body)) {\n      return this.handler.onError(err)\n    }\n\n    this.retryOpts.retry(\n      err,\n      {\n        state: { counter: this.retryCount++, currentTimeout: this.retryAfter },\n        opts: { retryOptions: this.retryOpts, ...this.opts }\n      },\n      onRetry.bind(this)\n    )\n\n    function onRetry (err) {\n      if (err != null || this.aborted || isDisturbed(this.opts.body)) {\n        return this.handler.onError(err)\n      }\n\n      if (this.start !== 0) {\n        this.opts = {\n          ...this.opts,\n          headers: {\n            ...this.opts.headers,\n            range: `bytes=${this.start}-${this.end ?? ''}`\n          }\n        }\n      }\n\n      try {\n        this.dispatch(this.opts, this)\n      } catch (err) {\n        this.handler.onError(err)\n      }\n    }\n  }\n}\n\nmodule.exports = RetryHandler\n","'use strict'\n\nconst RedirectHandler = require('../handler/RedirectHandler')\n\nfunction createRedirectInterceptor ({ maxRedirections: defaultMaxRedirections }) {\n  return (dispatch) => {\n    return function Intercept (opts, handler) {\n      const { maxRedirections = defaultMaxRedirections } = opts\n\n      if (!maxRedirections) {\n        return dispatch(opts, handler)\n      }\n\n      const redirectHandler = new RedirectHandler(dispatch, maxRedirections, opts, handler)\n      opts = { ...opts, maxRedirections: 0 } // Stop sub dispatcher from also redirecting.\n      return dispatch(opts, redirectHandler)\n    }\n  }\n}\n\nmodule.exports = createRedirectInterceptor\n","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.SPECIAL_HEADERS = exports.HEADER_STATE = exports.MINOR = exports.MAJOR = exports.CONNECTION_TOKEN_CHARS = exports.HEADER_CHARS = exports.TOKEN = exports.STRICT_TOKEN = exports.HEX = exports.URL_CHAR = exports.STRICT_URL_CHAR = exports.USERINFO_CHARS = exports.MARK = exports.ALPHANUM = exports.NUM = exports.HEX_MAP = exports.NUM_MAP = exports.ALPHA = exports.FINISH = exports.H_METHOD_MAP = exports.METHOD_MAP = exports.METHODS_RTSP = exports.METHODS_ICE = exports.METHODS_HTTP = exports.METHODS = exports.LENIENT_FLAGS = exports.FLAGS = exports.TYPE = exports.ERROR = void 0;\nconst utils_1 = require(\"./utils\");\n// C headers\nvar ERROR;\n(function (ERROR) {\n    ERROR[ERROR[\"OK\"] = 0] = \"OK\";\n    ERROR[ERROR[\"INTERNAL\"] = 1] = \"INTERNAL\";\n    ERROR[ERROR[\"STRICT\"] = 2] = \"STRICT\";\n    ERROR[ERROR[\"LF_EXPECTED\"] = 3] = \"LF_EXPECTED\";\n    ERROR[ERROR[\"UNEXPECTED_CONTENT_LENGTH\"] = 4] = \"UNEXPECTED_CONTENT_LENGTH\";\n    ERROR[ERROR[\"CLOSED_CONNECTION\"] = 5] = \"CLOSED_CONNECTION\";\n    ERROR[ERROR[\"INVALID_METHOD\"] = 6] = \"INVALID_METHOD\";\n    ERROR[ERROR[\"INVALID_URL\"] = 7] = \"INVALID_URL\";\n    ERROR[ERROR[\"INVALID_CONSTANT\"] = 8] = \"INVALID_CONSTANT\";\n    ERROR[ERROR[\"INVALID_VERSION\"] = 9] = \"INVALID_VERSION\";\n    ERROR[ERROR[\"INVALID_HEADER_TOKEN\"] = 10] = \"INVALID_HEADER_TOKEN\";\n    ERROR[ERROR[\"INVALID_CONTENT_LENGTH\"] = 11] = \"INVALID_CONTENT_LENGTH\";\n    ERROR[ERROR[\"INVALID_CHUNK_SIZE\"] = 12] = \"INVALID_CHUNK_SIZE\";\n    ERROR[ERROR[\"INVALID_STATUS\"] = 13] = \"INVALID_STATUS\";\n    ERROR[ERROR[\"INVALID_EOF_STATE\"] = 14] = \"INVALID_EOF_STATE\";\n    ERROR[ERROR[\"INVALID_TRANSFER_ENCODING\"] = 15] = \"INVALID_TRANSFER_ENCODING\";\n    ERROR[ERROR[\"CB_MESSAGE_BEGIN\"] = 16] = \"CB_MESSAGE_BEGIN\";\n    ERROR[ERROR[\"CB_HEADERS_COMPLETE\"] = 17] = \"CB_HEADERS_COMPLETE\";\n    ERROR[ERROR[\"CB_MESSAGE_COMPLETE\"] = 18] = \"CB_MESSAGE_COMPLETE\";\n    ERROR[ERROR[\"CB_CHUNK_HEADER\"] = 19] = \"CB_CHUNK_HEADER\";\n    ERROR[ERROR[\"CB_CHUNK_COMPLETE\"] = 20] = \"CB_CHUNK_COMPLETE\";\n    ERROR[ERROR[\"PAUSED\"] = 21] = \"PAUSED\";\n    ERROR[ERROR[\"PAUSED_UPGRADE\"] = 22] = \"PAUSED_UPGRADE\";\n    ERROR[ERROR[\"PAUSED_H2_UPGRADE\"] = 23] = \"PAUSED_H2_UPGRADE\";\n    ERROR[ERROR[\"USER\"] = 24] = \"USER\";\n})(ERROR = exports.ERROR || (exports.ERROR = {}));\nvar TYPE;\n(function (TYPE) {\n    TYPE[TYPE[\"BOTH\"] = 0] = \"BOTH\";\n    TYPE[TYPE[\"REQUEST\"] = 1] = \"REQUEST\";\n    TYPE[TYPE[\"RESPONSE\"] = 2] = \"RESPONSE\";\n})(TYPE = exports.TYPE || (exports.TYPE = {}));\nvar FLAGS;\n(function (FLAGS) {\n    FLAGS[FLAGS[\"CONNECTION_KEEP_ALIVE\"] = 1] = \"CONNECTION_KEEP_ALIVE\";\n    FLAGS[FLAGS[\"CONNECTION_CLOSE\"] = 2] = \"CONNECTION_CLOSE\";\n    FLAGS[FLAGS[\"CONNECTION_UPGRADE\"] = 4] = \"CONNECTION_UPGRADE\";\n    FLAGS[FLAGS[\"CHUNKED\"] = 8] = \"CHUNKED\";\n    FLAGS[FLAGS[\"UPGRADE\"] = 16] = \"UPGRADE\";\n    FLAGS[FLAGS[\"CONTENT_LENGTH\"] = 32] = \"CONTENT_LENGTH\";\n    FLAGS[FLAGS[\"SKIPBODY\"] = 64] = \"SKIPBODY\";\n    FLAGS[FLAGS[\"TRAILING\"] = 128] = \"TRAILING\";\n    // 1 << 8 is unused\n    FLAGS[FLAGS[\"TRANSFER_ENCODING\"] = 512] = \"TRANSFER_ENCODING\";\n})(FLAGS = exports.FLAGS || (exports.FLAGS = {}));\nvar LENIENT_FLAGS;\n(function (LENIENT_FLAGS) {\n    LENIENT_FLAGS[LENIENT_FLAGS[\"HEADERS\"] = 1] = \"HEADERS\";\n    LENIENT_FLAGS[LENIENT_FLAGS[\"CHUNKED_LENGTH\"] = 2] = \"CHUNKED_LENGTH\";\n    LENIENT_FLAGS[LENIENT_FLAGS[\"KEEP_ALIVE\"] = 4] = \"KEEP_ALIVE\";\n})(LENIENT_FLAGS = exports.LENIENT_FLAGS || (exports.LENIENT_FLAGS = {}));\nvar METHODS;\n(function (METHODS) {\n    METHODS[METHODS[\"DELETE\"] = 0] = \"DELETE\";\n    METHODS[METHODS[\"GET\"] = 1] = \"GET\";\n    METHODS[METHODS[\"HEAD\"] = 2] = \"HEAD\";\n    METHODS[METHODS[\"POST\"] = 3] = \"POST\";\n    METHODS[METHODS[\"PUT\"] = 4] = \"PUT\";\n    /* pathological */\n    METHODS[METHODS[\"CONNECT\"] = 5] = \"CONNECT\";\n    METHODS[METHODS[\"OPTIONS\"] = 6] = \"OPTIONS\";\n    METHODS[METHODS[\"TRACE\"] = 7] = \"TRACE\";\n    /* WebDAV */\n    METHODS[METHODS[\"COPY\"] = 8] = \"COPY\";\n    METHODS[METHODS[\"LOCK\"] = 9] = \"LOCK\";\n    METHODS[METHODS[\"MKCOL\"] = 10] = \"MKCOL\";\n    METHODS[METHODS[\"MOVE\"] = 11] = \"MOVE\";\n    METHODS[METHODS[\"PROPFIND\"] = 12] = \"PROPFIND\";\n    METHODS[METHODS[\"PROPPATCH\"] = 13] = \"PROPPATCH\";\n    METHODS[METHODS[\"SEARCH\"] = 14] = \"SEARCH\";\n    METHODS[METHODS[\"UNLOCK\"] = 15] = \"UNLOCK\";\n    METHODS[METHODS[\"BIND\"] = 16] = \"BIND\";\n    METHODS[METHODS[\"REBIND\"] = 17] = \"REBIND\";\n    METHODS[METHODS[\"UNBIND\"] = 18] = \"UNBIND\";\n    METHODS[METHODS[\"ACL\"] = 19] = \"ACL\";\n    /* subversion */\n    METHODS[METHODS[\"REPORT\"] = 20] = \"REPORT\";\n    METHODS[METHODS[\"MKACTIVITY\"] = 21] = \"MKACTIVITY\";\n    METHODS[METHODS[\"CHECKOUT\"] = 22] = \"CHECKOUT\";\n    METHODS[METHODS[\"MERGE\"] = 23] = \"MERGE\";\n    /* upnp */\n    METHODS[METHODS[\"M-SEARCH\"] = 24] = \"M-SEARCH\";\n    METHODS[METHODS[\"NOTIFY\"] = 25] = \"NOTIFY\";\n    METHODS[METHODS[\"SUBSCRIBE\"] = 26] = \"SUBSCRIBE\";\n    METHODS[METHODS[\"UNSUBSCRIBE\"] = 27] = \"UNSUBSCRIBE\";\n    /* RFC-5789 */\n    METHODS[METHODS[\"PATCH\"] = 28] = \"PATCH\";\n    METHODS[METHODS[\"PURGE\"] = 29] = \"PURGE\";\n    /* CalDAV */\n    METHODS[METHODS[\"MKCALENDAR\"] = 30] = \"MKCALENDAR\";\n    /* RFC-2068, section 19.6.1.2 */\n    METHODS[METHODS[\"LINK\"] = 31] = \"LINK\";\n    METHODS[METHODS[\"UNLINK\"] = 32] = \"UNLINK\";\n    /* icecast */\n    METHODS[METHODS[\"SOURCE\"] = 33] = \"SOURCE\";\n    /* RFC-7540, section 11.6 */\n    METHODS[METHODS[\"PRI\"] = 34] = \"PRI\";\n    /* RFC-2326 RTSP */\n    METHODS[METHODS[\"DESCRIBE\"] = 35] = \"DESCRIBE\";\n    METHODS[METHODS[\"ANNOUNCE\"] = 36] = \"ANNOUNCE\";\n    METHODS[METHODS[\"SETUP\"] = 37] = \"SETUP\";\n    METHODS[METHODS[\"PLAY\"] = 38] = \"PLAY\";\n    METHODS[METHODS[\"PAUSE\"] = 39] = \"PAUSE\";\n    METHODS[METHODS[\"TEARDOWN\"] = 40] = \"TEARDOWN\";\n    METHODS[METHODS[\"GET_PARAMETER\"] = 41] = \"GET_PARAMETER\";\n    METHODS[METHODS[\"SET_PARAMETER\"] = 42] = \"SET_PARAMETER\";\n    METHODS[METHODS[\"REDIRECT\"] = 43] = \"REDIRECT\";\n    METHODS[METHODS[\"RECORD\"] = 44] = \"RECORD\";\n    /* RAOP */\n    METHODS[METHODS[\"FLUSH\"] = 45] = \"FLUSH\";\n})(METHODS = exports.METHODS || (exports.METHODS = {}));\nexports.METHODS_HTTP = [\n    METHODS.DELETE,\n    METHODS.GET,\n    METHODS.HEAD,\n    METHODS.POST,\n    METHODS.PUT,\n    METHODS.CONNECT,\n    METHODS.OPTIONS,\n    METHODS.TRACE,\n    METHODS.COPY,\n    METHODS.LOCK,\n    METHODS.MKCOL,\n    METHODS.MOVE,\n    METHODS.PROPFIND,\n    METHODS.PROPPATCH,\n    METHODS.SEARCH,\n    METHODS.UNLOCK,\n    METHODS.BIND,\n    METHODS.REBIND,\n    METHODS.UNBIND,\n    METHODS.ACL,\n    METHODS.REPORT,\n    METHODS.MKACTIVITY,\n    METHODS.CHECKOUT,\n    METHODS.MERGE,\n    METHODS['M-SEARCH'],\n    METHODS.NOTIFY,\n    METHODS.SUBSCRIBE,\n    METHODS.UNSUBSCRIBE,\n    METHODS.PATCH,\n    METHODS.PURGE,\n    METHODS.MKCALENDAR,\n    METHODS.LINK,\n    METHODS.UNLINK,\n    METHODS.PRI,\n    // TODO(indutny): should we allow it with HTTP?\n    METHODS.SOURCE,\n];\nexports.METHODS_ICE = [\n    METHODS.SOURCE,\n];\nexports.METHODS_RTSP = [\n    METHODS.OPTIONS,\n    METHODS.DESCRIBE,\n    METHODS.ANNOUNCE,\n    METHODS.SETUP,\n    METHODS.PLAY,\n    METHODS.PAUSE,\n    METHODS.TEARDOWN,\n    METHODS.GET_PARAMETER,\n    METHODS.SET_PARAMETER,\n    METHODS.REDIRECT,\n    METHODS.RECORD,\n    METHODS.FLUSH,\n    // For AirPlay\n    METHODS.GET,\n    METHODS.POST,\n];\nexports.METHOD_MAP = utils_1.enumToMap(METHODS);\nexports.H_METHOD_MAP = {};\nObject.keys(exports.METHOD_MAP).forEach((key) => {\n    if (/^H/.test(key)) {\n        exports.H_METHOD_MAP[key] = exports.METHOD_MAP[key];\n    }\n});\nvar FINISH;\n(function (FINISH) {\n    FINISH[FINISH[\"SAFE\"] = 0] = \"SAFE\";\n    FINISH[FINISH[\"SAFE_WITH_CB\"] = 1] = \"SAFE_WITH_CB\";\n    FINISH[FINISH[\"UNSAFE\"] = 2] = \"UNSAFE\";\n})(FINISH = exports.FINISH || (exports.FINISH = {}));\nexports.ALPHA = [];\nfor (let i = 'A'.charCodeAt(0); i <= 'Z'.charCodeAt(0); i++) {\n    // Upper case\n    exports.ALPHA.push(String.fromCharCode(i));\n    // Lower case\n    exports.ALPHA.push(String.fromCharCode(i + 0x20));\n}\nexports.NUM_MAP = {\n    0: 0, 1: 1, 2: 2, 3: 3, 4: 4,\n    5: 5, 6: 6, 7: 7, 8: 8, 9: 9,\n};\nexports.HEX_MAP = {\n    0: 0, 1: 1, 2: 2, 3: 3, 4: 4,\n    5: 5, 6: 6, 7: 7, 8: 8, 9: 9,\n    A: 0XA, B: 0XB, C: 0XC, D: 0XD, E: 0XE, F: 0XF,\n    a: 0xa, b: 0xb, c: 0xc, d: 0xd, e: 0xe, f: 0xf,\n};\nexports.NUM = [\n    '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',\n];\nexports.ALPHANUM = exports.ALPHA.concat(exports.NUM);\nexports.MARK = ['-', '_', '.', '!', '~', '*', '\\'', '(', ')'];\nexports.USERINFO_CHARS = exports.ALPHANUM\n    .concat(exports.MARK)\n    .concat(['%', ';', ':', '&', '=', '+', '$', ',']);\n// TODO(indutny): use RFC\nexports.STRICT_URL_CHAR = [\n    '!', '\"', '$', '%', '&', '\\'',\n    '(', ')', '*', '+', ',', '-', '.', '/',\n    ':', ';', '<', '=', '>',\n    '@', '[', '\\\\', ']', '^', '_',\n    '`',\n    '{', '|', '}', '~',\n].concat(exports.ALPHANUM);\nexports.URL_CHAR = exports.STRICT_URL_CHAR\n    .concat(['\\t', '\\f']);\n// All characters with 0x80 bit set to 1\nfor (let i = 0x80; i <= 0xff; i++) {\n    exports.URL_CHAR.push(i);\n}\nexports.HEX = exports.NUM.concat(['a', 'b', 'c', 'd', 'e', 'f', 'A', 'B', 'C', 'D', 'E', 'F']);\n/* Tokens as defined by rfc 2616. Also lowercases them.\n *        token       = 1*<any CHAR except CTLs or separators>\n *     separators     = \"(\" | \")\" | \"<\" | \">\" | \"@\"\n *                    | \",\" | \";\" | \":\" | \"\\\" | <\">\n *                    | \"/\" | \"[\" | \"]\" | \"?\" | \"=\"\n *                    | \"{\" | \"}\" | SP | HT\n */\nexports.STRICT_TOKEN = [\n    '!', '#', '$', '%', '&', '\\'',\n    '*', '+', '-', '.',\n    '^', '_', '`',\n    '|', '~',\n].concat(exports.ALPHANUM);\nexports.TOKEN = exports.STRICT_TOKEN.concat([' ']);\n/*\n * Verify that a char is a valid visible (printable) US-ASCII\n * character or %x80-FF\n */\nexports.HEADER_CHARS = ['\\t'];\nfor (let i = 32; i <= 255; i++) {\n    if (i !== 127) {\n        exports.HEADER_CHARS.push(i);\n    }\n}\n// ',' = \\x44\nexports.CONNECTION_TOKEN_CHARS = exports.HEADER_CHARS.filter((c) => c !== 44);\nexports.MAJOR = exports.NUM_MAP;\nexports.MINOR = exports.MAJOR;\nvar HEADER_STATE;\n(function (HEADER_STATE) {\n    HEADER_STATE[HEADER_STATE[\"GENERAL\"] = 0] = \"GENERAL\";\n    HEADER_STATE[HEADER_STATE[\"CONNECTION\"] = 1] = \"CONNECTION\";\n    HEADER_STATE[HEADER_STATE[\"CONTENT_LENGTH\"] = 2] = \"CONTENT_LENGTH\";\n    HEADER_STATE[HEADER_STATE[\"TRANSFER_ENCODING\"] = 3] = \"TRANSFER_ENCODING\";\n    HEADER_STATE[HEADER_STATE[\"UPGRADE\"] = 4] = \"UPGRADE\";\n    HEADER_STATE[HEADER_STATE[\"CONNECTION_KEEP_ALIVE\"] = 5] = \"CONNECTION_KEEP_ALIVE\";\n    HEADER_STATE[HEADER_STATE[\"CONNECTION_CLOSE\"] = 6] = \"CONNECTION_CLOSE\";\n    HEADER_STATE[HEADER_STATE[\"CONNECTION_UPGRADE\"] = 7] = \"CONNECTION_UPGRADE\";\n    HEADER_STATE[HEADER_STATE[\"TRANSFER_ENCODING_CHUNKED\"] = 8] = \"TRANSFER_ENCODING_CHUNKED\";\n})(HEADER_STATE = exports.HEADER_STATE || (exports.HEADER_STATE = {}));\nexports.SPECIAL_HEADERS = {\n    'connection': HEADER_STATE.CONNECTION,\n    'content-length': HEADER_STATE.CONTENT_LENGTH,\n    'proxy-connection': HEADER_STATE.CONNECTION,\n    'transfer-encoding': HEADER_STATE.TRANSFER_ENCODING,\n    'upgrade': HEADER_STATE.UPGRADE,\n};\n//# sourceMappingURL=constants.js.map","module.exports = 'AGFzbQEAAAABMAhgAX8Bf2ADf39/AX9gBH9/f38Bf2AAAGADf39/AGABfwBgAn9/AGAGf39/f39/AALLAQgDZW52GHdhc21fb25faGVhZGVyc19jb21wbGV0ZQACA2VudhV3YXNtX29uX21lc3NhZ2VfYmVnaW4AAANlbnYLd2FzbV9vbl91cmwAAQNlbnYOd2FzbV9vbl9zdGF0dXMAAQNlbnYUd2FzbV9vbl9oZWFkZXJfZmllbGQAAQNlbnYUd2FzbV9vbl9oZWFkZXJfdmFsdWUAAQNlbnYMd2FzbV9vbl9ib2R5AAEDZW52GHdhc21fb25fbWVzc2FnZV9jb21wbGV0ZQAAA0ZFAwMEAAAFAAAAAAAABQEFAAUFBQAABgAAAAAGBgYGAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAAABAQcAAAUFAwABBAUBcAESEgUDAQACBggBfwFBgNQECwfRBSIGbWVtb3J5AgALX2luaXRpYWxpemUACRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALbGxodHRwX2luaXQAChhsbGh0dHBfc2hvdWxkX2tlZXBfYWxpdmUAQQxsbGh0dHBfYWxsb2MADAZtYWxsb2MARgtsbGh0dHBfZnJlZQANBGZyZWUASA9sbGh0dHBfZ2V0X3R5cGUADhVsbGh0dHBfZ2V0X2h0dHBfbWFqb3IADxVsbGh0dHBfZ2V0X2h0dHBfbWlub3IAEBFsbGh0dHBfZ2V0X21ldGhvZAARFmxsaHR0cF9nZXRfc3RhdHVzX2NvZGUAEhJsbGh0dHBfZ2V0X3VwZ3JhZGUAEwxsbGh0dHBfcmVzZXQAFA5sbGh0dHBfZXhlY3V0ZQAVFGxsaHR0cF9zZXR0aW5nc19pbml0ABYNbGxodHRwX2ZpbmlzaAAXDGxsaHR0cF9wYXVzZQAYDWxsaHR0cF9yZXN1bWUAGRtsbGh0dHBfcmVzdW1lX2FmdGVyX3VwZ3JhZGUAGhBsbGh0dHBfZ2V0X2Vycm5vABsXbGxodHRwX2dldF9lcnJvcl9yZWFzb24AHBdsbGh0dHBfc2V0X2Vycm9yX3JlYXNvbgAdFGxsaHR0cF9nZXRfZXJyb3JfcG9zAB4RbGxodHRwX2Vycm5vX25hbWUAHxJsbGh0dHBfbWV0aG9kX25hbWUAIBJsbGh0dHBfc3RhdHVzX25hbWUAIRpsbGh0dHBfc2V0X2xlbmllbnRfaGVhZGVycwAiIWxsaHR0cF9zZXRfbGVuaWVudF9jaHVua2VkX2xlbmd0aAAjHWxsaHR0cF9zZXRfbGVuaWVudF9rZWVwX2FsaXZlACQkbGxodHRwX3NldF9sZW5pZW50X3RyYW5zZmVyX2VuY29kaW5nACUYbGxodHRwX21lc3NhZ2VfbmVlZHNfZW9mAD8JFwEAQQELEQECAwQFCwYHNTk3MS8tJyspCsLgAkUCAAsIABCIgICAAAsZACAAEMKAgIAAGiAAIAI2AjggACABOgAoCxwAIAAgAC8BMiAALQAuIAAQwYCAgAAQgICAgAALKgEBf0HAABDGgICAACIBEMKAgIAAGiABQYCIgIAANgI4IAEgADoAKCABCwoAIAAQyICAgAALBwAgAC0AKAsHACAALQAqCwcAIAAtACsLBwAgAC0AKQsHACAALwEyCwcAIAAtAC4LRQEEfyAAKAIYIQEgAC0ALSECIAAtACghAyAAKAI4IQQgABDCgICAABogACAENgI4IAAgAzoAKCAAIAI6AC0gACABNgIYCxEAIAAgASABIAJqEMOAgIAACxAAIABBAEHcABDMgICAABoLZwEBf0EAIQECQCAAKAIMDQACQAJAAkACQCAALQAvDgMBAAMCCyAAKAI4IgFFDQAgASgCLCIBRQ0AIAAgARGAgICAAAAiAQ0DC0EADwsQyoCAgAAACyAAQcOWgIAANgIQQQ4hAQsgAQseAAJAIAAoAgwNACAAQdGbgIAANgIQIABBFTYCDAsLFgACQCAAKAIMQRVHDQAgAEEANgIMCwsWAAJAIAAoAgxBFkcNACAAQQA2AgwLCwcAIAAoAgwLBwAgACgCEAsJACAAIAE2AhALBwAgACgCFAsiAAJAIABBJEkNABDKgICAAAALIABBAnRBoLOAgABqKAIACyIAAkAgAEEuSQ0AEMqAgIAAAAsgAEECdEGwtICAAGooAgAL7gsBAX9B66iAgAAhAQJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAIABBnH9qDvQDY2IAAWFhYWFhYQIDBAVhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhBgcICQoLDA0OD2FhYWFhEGFhYWFhYWFhYWFhEWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYRITFBUWFxgZGhthYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2YTc4OTphYWFhYWFhYTthYWE8YWFhYT0+P2FhYWFhYWFhQGFhQWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYUJDREVGR0hJSktMTU5PUFFSU2FhYWFhYWFhVFVWV1hZWlthXF1hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFeYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhX2BhC0Hhp4CAAA8LQaShgIAADwtBy6yAgAAPC0H+sYCAAA8LQcCkgIAADwtBq6SAgAAPC0GNqICAAA8LQeKmgIAADwtBgLCAgAAPC0G5r4CAAA8LQdekgIAADwtB75+AgAAPC0Hhn4CAAA8LQfqfgIAADwtB8qCAgAAPC0Gor4CAAA8LQa6ygIAADwtBiLCAgAAPC0Hsp4CAAA8LQYKigIAADwtBjp2AgAAPC0HQroCAAA8LQcqjgIAADwtBxbKAgAAPC0HfnICAAA8LQdKcgIAADwtBxKCAgAAPC0HXoICAAA8LQaKfgIAADwtB7a6AgAAPC0GrsICAAA8LQdSlgIAADwtBzK6AgAAPC0H6roCAAA8LQfyrgIAADwtB0rCAgAAPC0HxnYCAAA8LQbuggIAADwtB96uAgAAPC0GQsYCAAA8LQdexgIAADwtBoq2AgAAPC0HUp4CAAA8LQeCrgIAADwtBn6yAgAAPC0HrsYCAAA8LQdWfgIAADwtByrGAgAAPC0HepYCAAA8LQdSegIAADwtB9JyAgAAPC0GnsoCAAA8LQbGdgIAADwtBoJ2AgAAPC0G5sYCAAA8LQbywgIAADwtBkqGAgAAPC0GzpoCAAA8LQemsgIAADwtBrJ6AgAAPC0HUq4CAAA8LQfemgIAADwtBgKaAgAAPC0GwoYCAAA8LQf6egIAADwtBjaOAgAAPC0GJrYCAAA8LQfeigIAADwtBoLGAgAAPC0Gun4CAAA8LQcalgIAADwtB6J6AgAAPC0GTooCAAA8LQcKvgIAADwtBw52AgAAPC0GLrICAAA8LQeGdgIAADwtBja+AgAAPC0HqoYCAAA8LQbStgIAADwtB0q+AgAAPC0HfsoCAAA8LQdKygIAADwtB8LCAgAAPC0GpooCAAA8LQfmjgIAADwtBmZ6AgAAPC0G1rICAAA8LQZuwgIAADwtBkrKAgAAPC0G2q4CAAA8LQcKigIAADwtB+LKAgAAPC0GepYCAAA8LQdCigIAADwtBup6AgAAPC0GBnoCAAA8LEMqAgIAAAAtB1qGAgAAhAQsgAQsWACAAIAAtAC1B/gFxIAFBAEdyOgAtCxkAIAAgAC0ALUH9AXEgAUEAR0EBdHI6AC0LGQAgACAALQAtQfsBcSABQQBHQQJ0cjoALQsZACAAIAAtAC1B9wFxIAFBAEdBA3RyOgAtCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAgAiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCBCIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQcaRgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIwIgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAggiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEH2ioCAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCNCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIMIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABB7ZqAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAjgiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCECIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQZWQgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAI8IgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAhQiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEGqm4CAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCQCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIYIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABB7ZOAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAkQiBEUNACAAIAQRgICAgAAAIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCJCIERQ0AIAAgBBGAgICAAAAhAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIsIgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAigiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEH2iICAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCUCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIcIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABBwpmAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAkgiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCICIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQZSUgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAJMIgRFDQAgACAEEYCAgIAAACEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAlQiBEUNACAAIAQRgICAgAAAIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCWCIERQ0AIAAgBBGAgICAAAAhAwsgAwtFAQF/AkACQCAALwEwQRRxQRRHDQBBASEDIAAtAChBAUYNASAALwEyQeUARiEDDAELIAAtAClBBUYhAwsgACADOgAuQQAL/gEBA39BASEDAkAgAC8BMCIEQQhxDQAgACkDIEIAUiEDCwJAAkAgAC0ALkUNAEEBIQUgAC0AKUEFRg0BQQEhBSAEQcAAcUUgA3FBAUcNAQtBACEFIARBwABxDQBBAiEFIARB//8DcSIDQQhxDQACQCADQYAEcUUNAAJAIAAtAChBAUcNACAALQAtQQpxDQBBBQ8LQQQPCwJAIANBIHENAAJAIAAtAChBAUYNACAALwEyQf//A3EiAEGcf2pB5ABJDQAgAEHMAUYNACAAQbACRg0AQQQhBSAEQShxRQ0CIANBiARxQYAERg0CC0EADwtBAEEDIAApAyBQGyEFCyAFC2IBAn9BACEBAkAgAC0AKEEBRg0AIAAvATJB//8DcSICQZx/akHkAEkNACACQcwBRg0AIAJBsAJGDQAgAC8BMCIAQcAAcQ0AQQEhASAAQYgEcUGABEYNACAAQShxRSEBCyABC6cBAQN/AkACQAJAIAAtACpFDQAgAC0AK0UNAEEAIQMgAC8BMCIEQQJxRQ0BDAILQQAhAyAALwEwIgRBAXFFDQELQQEhAyAALQAoQQFGDQAgAC8BMkH//wNxIgVBnH9qQeQASQ0AIAVBzAFGDQAgBUGwAkYNACAEQcAAcQ0AQQAhAyAEQYgEcUGABEYNACAEQShxQQBHIQMLIABBADsBMCAAQQA6AC8gAwuZAQECfwJAAkACQCAALQAqRQ0AIAAtACtFDQBBACEBIAAvATAiAkECcUUNAQwCC0EAIQEgAC8BMCICQQFxRQ0BC0EBIQEgAC0AKEEBRg0AIAAvATJB//8DcSIAQZx/akHkAEkNACAAQcwBRg0AIABBsAJGDQAgAkHAAHENAEEAIQEgAkGIBHFBgARGDQAgAkEocUEARyEBCyABC1kAIABBGGpCADcDACAAQgA3AwAgAEE4akIANwMAIABBMGpCADcDACAAQShqQgA3AwAgAEEgakIANwMAIABBEGpCADcDACAAQQhqQgA3AwAgAEHdATYCHEEAC3sBAX8CQCAAKAIMIgMNAAJAIAAoAgRFDQAgACABNgIECwJAIAAgASACEMSAgIAAIgMNACAAKAIMDwsgACADNgIcQQAhAyAAKAIEIgFFDQAgACABIAIgACgCCBGBgICAAAAiAUUNACAAIAI2AhQgACABNgIMIAEhAwsgAwvk8wEDDn8DfgR/I4CAgIAAQRBrIgMkgICAgAAgASEEIAEhBSABIQYgASEHIAEhCCABIQkgASEKIAEhCyABIQwgASENIAEhDiABIQ8CQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkAgACgCHCIQQX9qDt0B2gEB2QECAwQFBgcICQoLDA0O2AEPENcBERLWARMUFRYXGBkaG+AB3wEcHR7VAR8gISIjJCXUASYnKCkqKyzTAdIBLS7RAdABLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVG2wFHSElKzwHOAUvNAUzMAU1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4ABgQGCAYMBhAGFAYYBhwGIAYkBigGLAYwBjQGOAY8BkAGRAZIBkwGUAZUBlgGXAZgBmQGaAZsBnAGdAZ4BnwGgAaEBogGjAaQBpQGmAacBqAGpAaoBqwGsAa0BrgGvAbABsQGyAbMBtAG1AbYBtwHLAcoBuAHJAbkByAG6AbsBvAG9Ab4BvwHAAcEBwgHDAcQBxQHGAQDcAQtBACEQDMYBC0EOIRAMxQELQQ0hEAzEAQtBDyEQDMMBC0EQIRAMwgELQRMhEAzBAQtBFCEQDMABC0EVIRAMvwELQRYhEAy+AQtBFyEQDL0BC0EYIRAMvAELQRkhEAy7AQtBGiEQDLoBC0EbIRAMuQELQRwhEAy4AQtBCCEQDLcBC0EdIRAMtgELQSAhEAy1AQtBHyEQDLQBC0EHIRAMswELQSEhEAyyAQtBIiEQDLEBC0EeIRAMsAELQSMhEAyvAQtBEiEQDK4BC0ERIRAMrQELQSQhEAysAQtBJSEQDKsBC0EmIRAMqgELQSchEAypAQtBwwEhEAyoAQtBKSEQDKcBC0ErIRAMpgELQSwhEAylAQtBLSEQDKQBC0EuIRAMowELQS8hEAyiAQtBxAEhEAyhAQtBMCEQDKABC0E0IRAMnwELQQwhEAyeAQtBMSEQDJ0BC0EyIRAMnAELQTMhEAybAQtBOSEQDJoBC0E1IRAMmQELQcUBIRAMmAELQQshEAyXAQtBOiEQDJYBC0E2IRAMlQELQQohEAyUAQtBNyEQDJMBC0E4IRAMkgELQTwhEAyRAQtBOyEQDJABC0E9IRAMjwELQQkhEAyOAQtBKCEQDI0BC0E+IRAMjAELQT8hEAyLAQtBwAAhEAyKAQtBwQAhEAyJAQtBwgAhEAyIAQtBwwAhEAyHAQtBxAAhEAyGAQtBxQAhEAyFAQtBxgAhEAyEAQtBKiEQDIMBC0HHACEQDIIBC0HIACEQDIEBC0HJACEQDIABC0HKACEQDH8LQcsAIRAMfgtBzQAhEAx9C0HMACEQDHwLQc4AIRAMewtBzwAhEAx6C0HQACEQDHkLQdEAIRAMeAtB0gAhEAx3C0HTACEQDHYLQdQAIRAMdQtB1gAhEAx0C0HVACEQDHMLQQYhEAxyC0HXACEQDHELQQUhEAxwC0HYACEQDG8LQQQhEAxuC0HZACEQDG0LQdoAIRAMbAtB2wAhEAxrC0HcACEQDGoLQQMhEAxpC0HdACEQDGgLQd4AIRAMZwtB3wAhEAxmC0HhACEQDGULQeAAIRAMZAtB4gAhEAxjC0HjACEQDGILQQIhEAxhC0HkACEQDGALQeUAIRAMXwtB5gAhEAxeC0HnACEQDF0LQegAIRAMXAtB6QAhEAxbC0HqACEQDFoLQesAIRAMWQtB7AAhEAxYC0HtACEQDFcLQe4AIRAMVgtB7wAhEAxVC0HwACEQDFQLQfEAIRAMUwtB8gAhEAxSC0HzACEQDFELQfQAIRAMUAtB9QAhEAxPC0H2ACEQDE4LQfcAIRAMTQtB+AAhEAxMC0H5ACEQDEsLQfoAIRAMSgtB+wAhEAxJC0H8ACEQDEgLQf0AIRAMRwtB/gAhEAxGC0H/ACEQDEULQYABIRAMRAtBgQEhEAxDC0GCASEQDEILQYMBIRAMQQtBhAEhEAxAC0GFASEQDD8LQYYBIRAMPgtBhwEhEAw9C0GIASEQDDwLQYkBIRAMOwtBigEhEAw6C0GLASEQDDkLQYwBIRAMOAtBjQEhEAw3C0GOASEQDDYLQY8BIRAMNQtBkAEhEAw0C0GRASEQDDMLQZIBIRAMMgtBkwEhEAwxC0GUASEQDDALQZUBIRAMLwtBlgEhEAwuC0GXASEQDC0LQZgBIRAMLAtBmQEhEAwrC0GaASEQDCoLQZsBIRAMKQtBnAEhEAwoC0GdASEQDCcLQZ4BIRAMJgtBnwEhEAwlC0GgASEQDCQLQaEBIRAMIwtBogEhEAwiC0GjASEQDCELQaQBIRAMIAtBpQEhEAwfC0GmASEQDB4LQacBIRAMHQtBqAEhEAwcC0GpASEQDBsLQaoBIRAMGgtBqwEhEAwZC0GsASEQDBgLQa0BIRAMFwtBrgEhEAwWC0EBIRAMFQtBrwEhEAwUC0GwASEQDBMLQbEBIRAMEgtBswEhEAwRC0GyASEQDBALQbQBIRAMDwtBtQEhEAwOC0G2ASEQDA0LQbcBIRAMDAtBuAEhEAwLC0G5ASEQDAoLQboBIRAMCQtBuwEhEAwIC0HGASEQDAcLQbwBIRAMBgtBvQEhEAwFC0G+ASEQDAQLQb8BIRAMAwtBwAEhEAwCC0HCASEQDAELQcEBIRALA0ACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQCAQDscBAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxweHyAhIyUoP0BBREVGR0hJSktMTU9QUVJT3gNXWVtcXWBiZWZnaGlqa2xtb3BxcnN0dXZ3eHl6e3x9foABggGFAYYBhwGJAYsBjAGNAY4BjwGQAZEBlAGVAZYBlwGYAZkBmgGbAZwBnQGeAZ8BoAGhAaIBowGkAaUBpgGnAagBqQGqAasBrAGtAa4BrwGwAbEBsgGzAbQBtQG2AbcBuAG5AboBuwG8Ab0BvgG/AcABwQHCAcMBxAHFAcYBxwHIAckBygHLAcwBzQHOAc8B0AHRAdIB0wHUAdUB1gHXAdgB2QHaAdsB3AHdAd4B4AHhAeIB4wHkAeUB5gHnAegB6QHqAesB7AHtAe4B7wHwAfEB8gHzAZkCpAKwAv4C/gILIAEiBCACRw3zAUHdASEQDP8DCyABIhAgAkcN3QFBwwEhEAz+AwsgASIBIAJHDZABQfcAIRAM/QMLIAEiASACRw2GAUHvACEQDPwDCyABIgEgAkcNf0HqACEQDPsDCyABIgEgAkcNe0HoACEQDPoDCyABIgEgAkcNeEHmACEQDPkDCyABIgEgAkcNGkEYIRAM+AMLIAEiASACRw0UQRIhEAz3AwsgASIBIAJHDVlBxQAhEAz2AwsgASIBIAJHDUpBPyEQDPUDCyABIgEgAkcNSEE8IRAM9AMLIAEiASACRw1BQTEhEAzzAwsgAC0ALkEBRg3rAwyHAgsgACABIgEgAhDAgICAAEEBRw3mASAAQgA3AyAM5wELIAAgASIBIAIQtICAgAAiEA3nASABIQEM9QILAkAgASIBIAJHDQBBBiEQDPADCyAAIAFBAWoiASACELuAgIAAIhAN6AEgASEBDDELIABCADcDIEESIRAM1QMLIAEiECACRw0rQR0hEAztAwsCQCABIgEgAkYNACABQQFqIQFBECEQDNQDC0EHIRAM7AMLIABCACAAKQMgIhEgAiABIhBrrSISfSITIBMgEVYbNwMgIBEgElYiFEUN5QFBCCEQDOsDCwJAIAEiASACRg0AIABBiYCAgAA2AgggACABNgIEIAEhAUEUIRAM0gMLQQkhEAzqAwsgASEBIAApAyBQDeQBIAEhAQzyAgsCQCABIgEgAkcNAEELIRAM6QMLIAAgAUEBaiIBIAIQtoCAgAAiEA3lASABIQEM8gILIAAgASIBIAIQuICAgAAiEA3lASABIQEM8gILIAAgASIBIAIQuICAgAAiEA3mASABIQEMDQsgACABIgEgAhC6gICAACIQDecBIAEhAQzwAgsCQCABIgEgAkcNAEEPIRAM5QMLIAEtAAAiEEE7Rg0IIBBBDUcN6AEgAUEBaiEBDO8CCyAAIAEiASACELqAgIAAIhAN6AEgASEBDPICCwNAAkAgAS0AAEHwtYCAAGotAAAiEEEBRg0AIBBBAkcN6wEgACgCBCEQIABBADYCBCAAIBAgAUEBaiIBELmAgIAAIhAN6gEgASEBDPQCCyABQQFqIgEgAkcNAAtBEiEQDOIDCyAAIAEiASACELqAgIAAIhAN6QEgASEBDAoLIAEiASACRw0GQRshEAzgAwsCQCABIgEgAkcNAEEWIRAM4AMLIABBioCAgAA2AgggACABNgIEIAAgASACELiAgIAAIhAN6gEgASEBQSAhEAzGAwsCQCABIgEgAkYNAANAAkAgAS0AAEHwt4CAAGotAAAiEEECRg0AAkAgEEF/ag4E5QHsAQDrAewBCyABQQFqIQFBCCEQDMgDCyABQQFqIgEgAkcNAAtBFSEQDN8DC0EVIRAM3gMLA0ACQCABLQAAQfC5gIAAai0AACIQQQJGDQAgEEF/ag4E3gHsAeAB6wHsAQsgAUEBaiIBIAJHDQALQRghEAzdAwsCQCABIgEgAkYNACAAQYuAgIAANgIIIAAgATYCBCABIQFBByEQDMQDC0EZIRAM3AMLIAFBAWohAQwCCwJAIAEiFCACRw0AQRohEAzbAwsgFCEBAkAgFC0AAEFzag4U3QLuAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gIA7gILQQAhECAAQQA2AhwgAEGvi4CAADYCECAAQQI2AgwgACAUQQFqNgIUDNoDCwJAIAEtAAAiEEE7Rg0AIBBBDUcN6AEgAUEBaiEBDOUCCyABQQFqIQELQSIhEAy/AwsCQCABIhAgAkcNAEEcIRAM2AMLQgAhESAQIQEgEC0AAEFQag435wHmAQECAwQFBgcIAAAAAAAAAAkKCwwNDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxAREhMUAAtBHiEQDL0DC0ICIREM5QELQgMhEQzkAQtCBCERDOMBC0IFIREM4gELQgYhEQzhAQtCByERDOABC0IIIREM3wELQgkhEQzeAQtCCiERDN0BC0ILIREM3AELQgwhEQzbAQtCDSERDNoBC0IOIREM2QELQg8hEQzYAQtCCiERDNcBC0ILIREM1gELQgwhEQzVAQtCDSERDNQBC0IOIREM0wELQg8hEQzSAQtCACERAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQCAQLQAAQVBqDjflAeQBAAECAwQFBgfmAeYB5gHmAeYB5gHmAQgJCgsMDeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gEODxAREhPmAQtCAiERDOQBC0IDIREM4wELQgQhEQziAQtCBSERDOEBC0IGIREM4AELQgchEQzfAQtCCCERDN4BC0IJIREM3QELQgohEQzcAQtCCyERDNsBC0IMIREM2gELQg0hEQzZAQtCDiERDNgBC0IPIREM1wELQgohEQzWAQtCCyERDNUBC0IMIREM1AELQg0hEQzTAQtCDiERDNIBC0IPIREM0QELIABCACAAKQMgIhEgAiABIhBrrSISfSITIBMgEVYbNwMgIBEgElYiFEUN0gFBHyEQDMADCwJAIAEiASACRg0AIABBiYCAgAA2AgggACABNgIEIAEhAUEkIRAMpwMLQSAhEAy/AwsgACABIhAgAhC+gICAAEF/ag4FtgEAxQIB0QHSAQtBESEQDKQDCyAAQQE6AC8gECEBDLsDCyABIgEgAkcN0gFBJCEQDLsDCyABIg0gAkcNHkHGACEQDLoDCyAAIAEiASACELKAgIAAIhAN1AEgASEBDLUBCyABIhAgAkcNJkHQACEQDLgDCwJAIAEiASACRw0AQSghEAy4AwsgAEEANgIEIABBjICAgAA2AgggACABIAEQsYCAgAAiEA3TASABIQEM2AELAkAgASIQIAJHDQBBKSEQDLcDCyAQLQAAIgFBIEYNFCABQQlHDdMBIBBBAWohAQwVCwJAIAEiASACRg0AIAFBAWohAQwXC0EqIRAMtQMLAkAgASIQIAJHDQBBKyEQDLUDCwJAIBAtAAAiAUEJRg0AIAFBIEcN1QELIAAtACxBCEYN0wEgECEBDJEDCwJAIAEiASACRw0AQSwhEAy0AwsgAS0AAEEKRw3VASABQQFqIQEMyQILIAEiDiACRw3VAUEvIRAMsgMLA0ACQCABLQAAIhBBIEYNAAJAIBBBdmoOBADcAdwBANoBCyABIQEM4AELIAFBAWoiASACRw0AC0ExIRAMsQMLQTIhECABIhQgAkYNsAMgAiAUayAAKAIAIgFqIRUgFCABa0EDaiEWAkADQCAULQAAIhdBIHIgFyAXQb9/akH/AXFBGkkbQf8BcSABQfC7gIAAai0AAEcNAQJAIAFBA0cNAEEGIQEMlgMLIAFBAWohASAUQQFqIhQgAkcNAAsgACAVNgIADLEDCyAAQQA2AgAgFCEBDNkBC0EzIRAgASIUIAJGDa8DIAIgFGsgACgCACIBaiEVIBQgAWtBCGohFgJAA0AgFC0AACIXQSByIBcgF0G/f2pB/wFxQRpJG0H/AXEgAUH0u4CAAGotAABHDQECQCABQQhHDQBBBSEBDJUDCyABQQFqIQEgFEEBaiIUIAJHDQALIAAgFTYCAAywAwsgAEEANgIAIBQhAQzYAQtBNCEQIAEiFCACRg2uAyACIBRrIAAoAgAiAWohFSAUIAFrQQVqIRYCQANAIBQtAAAiF0EgciAXIBdBv39qQf8BcUEaSRtB/wFxIAFB0MKAgABqLQAARw0BAkAgAUEFRw0AQQchAQyUAwsgAUEBaiEBIBRBAWoiFCACRw0ACyAAIBU2AgAMrwMLIABBADYCACAUIQEM1wELAkAgASIBIAJGDQADQAJAIAEtAABBgL6AgABqLQAAIhBBAUYNACAQQQJGDQogASEBDN0BCyABQQFqIgEgAkcNAAtBMCEQDK4DC0EwIRAMrQMLAkAgASIBIAJGDQADQAJAIAEtAAAiEEEgRg0AIBBBdmoOBNkB2gHaAdkB2gELIAFBAWoiASACRw0AC0E4IRAMrQMLQTghEAysAwsDQAJAIAEtAAAiEEEgRg0AIBBBCUcNAwsgAUEBaiIBIAJHDQALQTwhEAyrAwsDQAJAIAEtAAAiEEEgRg0AAkACQCAQQXZqDgTaAQEB2gEACyAQQSxGDdsBCyABIQEMBAsgAUEBaiIBIAJHDQALQT8hEAyqAwsgASEBDNsBC0HAACEQIAEiFCACRg2oAyACIBRrIAAoAgAiAWohFiAUIAFrQQZqIRcCQANAIBQtAABBIHIgAUGAwICAAGotAABHDQEgAUEGRg2OAyABQQFqIQEgFEEBaiIUIAJHDQALIAAgFjYCAAypAwsgAEEANgIAIBQhAQtBNiEQDI4DCwJAIAEiDyACRw0AQcEAIRAMpwMLIABBjICAgAA2AgggACAPNgIEIA8hASAALQAsQX9qDgTNAdUB1wHZAYcDCyABQQFqIQEMzAELAkAgASIBIAJGDQADQAJAIAEtAAAiEEEgciAQIBBBv39qQf8BcUEaSRtB/wFxIhBBCUYNACAQQSBGDQACQAJAAkACQCAQQZ1/ag4TAAMDAwMDAwMBAwMDAwMDAwMDAgMLIAFBAWohAUExIRAMkQMLIAFBAWohAUEyIRAMkAMLIAFBAWohAUEzIRAMjwMLIAEhAQzQAQsgAUEBaiIBIAJHDQALQTUhEAylAwtBNSEQDKQDCwJAIAEiASACRg0AA0ACQCABLQAAQYC8gIAAai0AAEEBRg0AIAEhAQzTAQsgAUEBaiIBIAJHDQALQT0hEAykAwtBPSEQDKMDCyAAIAEiASACELCAgIAAIhAN1gEgASEBDAELIBBBAWohAQtBPCEQDIcDCwJAIAEiASACRw0AQcIAIRAMoAMLAkADQAJAIAEtAABBd2oOGAAC/gL+AoQD/gL+Av4C/gL+Av4C/gL+Av4C/gL+Av4C/gL+Av4C/gL+Av4CAP4CCyABQQFqIgEgAkcNAAtBwgAhEAygAwsgAUEBaiEBIAAtAC1BAXFFDb0BIAEhAQtBLCEQDIUDCyABIgEgAkcN0wFBxAAhEAydAwsDQAJAIAEtAABBkMCAgABqLQAAQQFGDQAgASEBDLcCCyABQQFqIgEgAkcNAAtBxQAhEAycAwsgDS0AACIQQSBGDbMBIBBBOkcNgQMgACgCBCEBIABBADYCBCAAIAEgDRCvgICAACIBDdABIA1BAWohAQyzAgtBxwAhECABIg0gAkYNmgMgAiANayAAKAIAIgFqIRYgDSABa0EFaiEXA0AgDS0AACIUQSByIBQgFEG/f2pB/wFxQRpJG0H/AXEgAUGQwoCAAGotAABHDYADIAFBBUYN9AIgAUEBaiEBIA1BAWoiDSACRw0ACyAAIBY2AgAMmgMLQcgAIRAgASINIAJGDZkDIAIgDWsgACgCACIBaiEWIA0gAWtBCWohFwNAIA0tAAAiFEEgciAUIBRBv39qQf8BcUEaSRtB/wFxIAFBlsKAgABqLQAARw3/AgJAIAFBCUcNAEECIQEM9QILIAFBAWohASANQQFqIg0gAkcNAAsgACAWNgIADJkDCwJAIAEiDSACRw0AQckAIRAMmQMLAkACQCANLQAAIgFBIHIgASABQb9/akH/AXFBGkkbQf8BcUGSf2oOBwCAA4ADgAOAA4ADAYADCyANQQFqIQFBPiEQDIADCyANQQFqIQFBPyEQDP8CC0HKACEQIAEiDSACRg2XAyACIA1rIAAoAgAiAWohFiANIAFrQQFqIRcDQCANLQAAIhRBIHIgFCAUQb9/akH/AXFBGkkbQf8BcSABQaDCgIAAai0AAEcN/QIgAUEBRg3wAiABQQFqIQEgDUEBaiINIAJHDQALIAAgFjYCAAyXAwtBywAhECABIg0gAkYNlgMgAiANayAAKAIAIgFqIRYgDSABa0EOaiEXA0AgDS0AACIUQSByIBQgFEG/f2pB/wFxQRpJG0H/AXEgAUGiwoCAAGotAABHDfwCIAFBDkYN8AIgAUEBaiEBIA1BAWoiDSACRw0ACyAAIBY2AgAMlgMLQcwAIRAgASINIAJGDZUDIAIgDWsgACgCACIBaiEWIA0gAWtBD2ohFwNAIA0tAAAiFEEgciAUIBRBv39qQf8BcUEaSRtB/wFxIAFBwMKAgABqLQAARw37AgJAIAFBD0cNAEEDIQEM8QILIAFBAWohASANQQFqIg0gAkcNAAsgACAWNgIADJUDC0HNACEQIAEiDSACRg2UAyACIA1rIAAoAgAiAWohFiANIAFrQQVqIRcDQCANLQAAIhRBIHIgFCAUQb9/akH/AXFBGkkbQf8BcSABQdDCgIAAai0AAEcN+gICQCABQQVHDQBBBCEBDPACCyABQQFqIQEgDUEBaiINIAJHDQALIAAgFjYCAAyUAwsCQCABIg0gAkcNAEHOACEQDJQDCwJAAkACQAJAIA0tAAAiAUEgciABIAFBv39qQf8BcUEaSRtB/wFxQZ1/ag4TAP0C/QL9Av0C/QL9Av0C/QL9Av0C/QL9AgH9Av0C/QICA/0CCyANQQFqIQFBwQAhEAz9AgsgDUEBaiEBQcIAIRAM/AILIA1BAWohAUHDACEQDPsCCyANQQFqIQFBxAAhEAz6AgsCQCABIgEgAkYNACAAQY2AgIAANgIIIAAgATYCBCABIQFBxQAhEAz6AgtBzwAhEAySAwsgECEBAkACQCAQLQAAQXZqDgQBqAKoAgCoAgsgEEEBaiEBC0EnIRAM+AILAkAgASIBIAJHDQBB0QAhEAyRAwsCQCABLQAAQSBGDQAgASEBDI0BCyABQQFqIQEgAC0ALUEBcUUNxwEgASEBDIwBCyABIhcgAkcNyAFB0gAhEAyPAwtB0wAhECABIhQgAkYNjgMgAiAUayAAKAIAIgFqIRYgFCABa0EBaiEXA0AgFC0AACABQdbCgIAAai0AAEcNzAEgAUEBRg3HASABQQFqIQEgFEEBaiIUIAJHDQALIAAgFjYCAAyOAwsCQCABIgEgAkcNAEHVACEQDI4DCyABLQAAQQpHDcwBIAFBAWohAQzHAQsCQCABIgEgAkcNAEHWACEQDI0DCwJAAkAgAS0AAEF2ag4EAM0BzQEBzQELIAFBAWohAQzHAQsgAUEBaiEBQcoAIRAM8wILIAAgASIBIAIQroCAgAAiEA3LASABIQFBzQAhEAzyAgsgAC0AKUEiRg2FAwymAgsCQCABIgEgAkcNAEHbACEQDIoDC0EAIRRBASEXQQEhFkEAIRACQAJAAkACQAJAAkACQAJAAkAgAS0AAEFQag4K1AHTAQABAgMEBQYI1QELQQIhEAwGC0EDIRAMBQtBBCEQDAQLQQUhEAwDC0EGIRAMAgtBByEQDAELQQghEAtBACEXQQAhFkEAIRQMzAELQQkhEEEBIRRBACEXQQAhFgzLAQsCQCABIgEgAkcNAEHdACEQDIkDCyABLQAAQS5HDcwBIAFBAWohAQymAgsgASIBIAJHDcwBQd8AIRAMhwMLAkAgASIBIAJGDQAgAEGOgICAADYCCCAAIAE2AgQgASEBQdAAIRAM7gILQeAAIRAMhgMLQeEAIRAgASIBIAJGDYUDIAIgAWsgACgCACIUaiEWIAEgFGtBA2ohFwNAIAEtAAAgFEHiwoCAAGotAABHDc0BIBRBA0YNzAEgFEEBaiEUIAFBAWoiASACRw0ACyAAIBY2AgAMhQMLQeIAIRAgASIBIAJGDYQDIAIgAWsgACgCACIUaiEWIAEgFGtBAmohFwNAIAEtAAAgFEHmwoCAAGotAABHDcwBIBRBAkYNzgEgFEEBaiEUIAFBAWoiASACRw0ACyAAIBY2AgAMhAMLQeMAIRAgASIBIAJGDYMDIAIgAWsgACgCACIUaiEWIAEgFGtBA2ohFwNAIAEtAAAgFEHpwoCAAGotAABHDcsBIBRBA0YNzgEgFEEBaiEUIAFBAWoiASACRw0ACyAAIBY2AgAMgwMLAkAgASIBIAJHDQBB5QAhEAyDAwsgACABQQFqIgEgAhCogICAACIQDc0BIAEhAUHWACEQDOkCCwJAIAEiASACRg0AA0ACQCABLQAAIhBBIEYNAAJAAkACQCAQQbh/ag4LAAHPAc8BzwHPAc8BzwHPAc8BAs8BCyABQQFqIQFB0gAhEAztAgsgAUEBaiEBQdMAIRAM7AILIAFBAWohAUHUACEQDOsCCyABQQFqIgEgAkcNAAtB5AAhEAyCAwtB5AAhEAyBAwsDQAJAIAEtAABB8MKAgABqLQAAIhBBAUYNACAQQX5qDgPPAdAB0QHSAQsgAUEBaiIBIAJHDQALQeYAIRAMgAMLAkAgASIBIAJGDQAgAUEBaiEBDAMLQecAIRAM/wILA0ACQCABLQAAQfDEgIAAai0AACIQQQFGDQACQCAQQX5qDgTSAdMB1AEA1QELIAEhAUHXACEQDOcCCyABQQFqIgEgAkcNAAtB6AAhEAz+AgsCQCABIgEgAkcNAEHpACEQDP4CCwJAIAEtAAAiEEF2ag4augHVAdUBvAHVAdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHKAdUB1QEA0wELIAFBAWohAQtBBiEQDOMCCwNAAkAgAS0AAEHwxoCAAGotAABBAUYNACABIQEMngILIAFBAWoiASACRw0AC0HqACEQDPsCCwJAIAEiASACRg0AIAFBAWohAQwDC0HrACEQDPoCCwJAIAEiASACRw0AQewAIRAM+gILIAFBAWohAQwBCwJAIAEiASACRw0AQe0AIRAM+QILIAFBAWohAQtBBCEQDN4CCwJAIAEiFCACRw0AQe4AIRAM9wILIBQhAQJAAkACQCAULQAAQfDIgIAAai0AAEF/ag4H1AHVAdYBAJwCAQLXAQsgFEEBaiEBDAoLIBRBAWohAQzNAQtBACEQIABBADYCHCAAQZuSgIAANgIQIABBBzYCDCAAIBRBAWo2AhQM9gILAkADQAJAIAEtAABB8MiAgABqLQAAIhBBBEYNAAJAAkAgEEF/ag4H0gHTAdQB2QEABAHZAQsgASEBQdoAIRAM4AILIAFBAWohAUHcACEQDN8CCyABQQFqIgEgAkcNAAtB7wAhEAz2AgsgAUEBaiEBDMsBCwJAIAEiFCACRw0AQfAAIRAM9QILIBQtAABBL0cN1AEgFEEBaiEBDAYLAkAgASIUIAJHDQBB8QAhEAz0AgsCQCAULQAAIgFBL0cNACAUQQFqIQFB3QAhEAzbAgsgAUF2aiIEQRZLDdMBQQEgBHRBiYCAAnFFDdMBDMoCCwJAIAEiASACRg0AIAFBAWohAUHeACEQDNoCC0HyACEQDPICCwJAIAEiFCACRw0AQfQAIRAM8gILIBQhAQJAIBQtAABB8MyAgABqLQAAQX9qDgPJApQCANQBC0HhACEQDNgCCwJAIAEiFCACRg0AA0ACQCAULQAAQfDKgIAAai0AACIBQQNGDQACQCABQX9qDgLLAgDVAQsgFCEBQd8AIRAM2gILIBRBAWoiFCACRw0AC0HzACEQDPECC0HzACEQDPACCwJAIAEiASACRg0AIABBj4CAgAA2AgggACABNgIEIAEhAUHgACEQDNcCC0H1ACEQDO8CCwJAIAEiASACRw0AQfYAIRAM7wILIABBj4CAgAA2AgggACABNgIEIAEhAQtBAyEQDNQCCwNAIAEtAABBIEcNwwIgAUEBaiIBIAJHDQALQfcAIRAM7AILAkAgASIBIAJHDQBB+AAhEAzsAgsgAS0AAEEgRw3OASABQQFqIQEM7wELIAAgASIBIAIQrICAgAAiEA3OASABIQEMjgILAkAgASIEIAJHDQBB+gAhEAzqAgsgBC0AAEHMAEcN0QEgBEEBaiEBQRMhEAzPAQsCQCABIgQgAkcNAEH7ACEQDOkCCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRADQCAELQAAIAFB8M6AgABqLQAARw3QASABQQVGDc4BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQfsAIRAM6AILAkAgASIEIAJHDQBB/AAhEAzoAgsCQAJAIAQtAABBvX9qDgwA0QHRAdEB0QHRAdEB0QHRAdEB0QEB0QELIARBAWohAUHmACEQDM8CCyAEQQFqIQFB5wAhEAzOAgsCQCABIgQgAkcNAEH9ACEQDOcCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHtz4CAAGotAABHDc8BIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEH9ACEQDOcCCyAAQQA2AgAgEEEBaiEBQRAhEAzMAQsCQCABIgQgAkcNAEH+ACEQDOYCCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRACQANAIAQtAAAgAUH2zoCAAGotAABHDc4BIAFBBUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEH+ACEQDOYCCyAAQQA2AgAgEEEBaiEBQRYhEAzLAQsCQCABIgQgAkcNAEH/ACEQDOUCCyACIARrIAAoAgAiAWohFCAEIAFrQQNqIRACQANAIAQtAAAgAUH8zoCAAGotAABHDc0BIAFBA0YNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEH/ACEQDOUCCyAAQQA2AgAgEEEBaiEBQQUhEAzKAQsCQCABIgQgAkcNAEGAASEQDOQCCyAELQAAQdkARw3LASAEQQFqIQFBCCEQDMkBCwJAIAEiBCACRw0AQYEBIRAM4wILAkACQCAELQAAQbJ/ag4DAMwBAcwBCyAEQQFqIQFB6wAhEAzKAgsgBEEBaiEBQewAIRAMyQILAkAgASIEIAJHDQBBggEhEAziAgsCQAJAIAQtAABBuH9qDggAywHLAcsBywHLAcsBAcsBCyAEQQFqIQFB6gAhEAzJAgsgBEEBaiEBQe0AIRAMyAILAkAgASIEIAJHDQBBgwEhEAzhAgsgAiAEayAAKAIAIgFqIRAgBCABa0ECaiEUAkADQCAELQAAIAFBgM+AgABqLQAARw3JASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBA2AgBBgwEhEAzhAgtBACEQIABBADYCACAUQQFqIQEMxgELAkAgASIEIAJHDQBBhAEhEAzgAgsgAiAEayAAKAIAIgFqIRQgBCABa0EEaiEQAkADQCAELQAAIAFBg8+AgABqLQAARw3IASABQQRGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBhAEhEAzgAgsgAEEANgIAIBBBAWohAUEjIRAMxQELAkAgASIEIAJHDQBBhQEhEAzfAgsCQAJAIAQtAABBtH9qDggAyAHIAcgByAHIAcgBAcgBCyAEQQFqIQFB7wAhEAzGAgsgBEEBaiEBQfAAIRAMxQILAkAgASIEIAJHDQBBhgEhEAzeAgsgBC0AAEHFAEcNxQEgBEEBaiEBDIMCCwJAIAEiBCACRw0AQYcBIRAM3QILIAIgBGsgACgCACIBaiEUIAQgAWtBA2ohEAJAA0AgBC0AACABQYjPgIAAai0AAEcNxQEgAUEDRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQYcBIRAM3QILIABBADYCACAQQQFqIQFBLSEQDMIBCwJAIAEiBCACRw0AQYgBIRAM3AILIAIgBGsgACgCACIBaiEUIAQgAWtBCGohEAJAA0AgBC0AACABQdDPgIAAai0AAEcNxAEgAUEIRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQYgBIRAM3AILIABBADYCACAQQQFqIQFBKSEQDMEBCwJAIAEiASACRw0AQYkBIRAM2wILQQEhECABLQAAQd8ARw3AASABQQFqIQEMgQILAkAgASIEIAJHDQBBigEhEAzaAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQA0AgBC0AACABQYzPgIAAai0AAEcNwQEgAUEBRg2vAiABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGKASEQDNkCCwJAIAEiBCACRw0AQYsBIRAM2QILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQY7PgIAAai0AAEcNwQEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQYsBIRAM2QILIABBADYCACAQQQFqIQFBAiEQDL4BCwJAIAEiBCACRw0AQYwBIRAM2AILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQfDPgIAAai0AAEcNwAEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQYwBIRAM2AILIABBADYCACAQQQFqIQFBHyEQDL0BCwJAIAEiBCACRw0AQY0BIRAM1wILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQfLPgIAAai0AAEcNvwEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQY0BIRAM1wILIABBADYCACAQQQFqIQFBCSEQDLwBCwJAIAEiBCACRw0AQY4BIRAM1gILAkACQCAELQAAQbd/ag4HAL8BvwG/Ab8BvwEBvwELIARBAWohAUH4ACEQDL0CCyAEQQFqIQFB+QAhEAy8AgsCQCABIgQgAkcNAEGPASEQDNUCCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRACQANAIAQtAAAgAUGRz4CAAGotAABHDb0BIAFBBUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGPASEQDNUCCyAAQQA2AgAgEEEBaiEBQRghEAy6AQsCQCABIgQgAkcNAEGQASEQDNQCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUGXz4CAAGotAABHDbwBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGQASEQDNQCCyAAQQA2AgAgEEEBaiEBQRchEAy5AQsCQCABIgQgAkcNAEGRASEQDNMCCyACIARrIAAoAgAiAWohFCAEIAFrQQZqIRACQANAIAQtAAAgAUGaz4CAAGotAABHDbsBIAFBBkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGRASEQDNMCCyAAQQA2AgAgEEEBaiEBQRUhEAy4AQsCQCABIgQgAkcNAEGSASEQDNICCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRACQANAIAQtAAAgAUGhz4CAAGotAABHDboBIAFBBUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGSASEQDNICCyAAQQA2AgAgEEEBaiEBQR4hEAy3AQsCQCABIgQgAkcNAEGTASEQDNECCyAELQAAQcwARw24ASAEQQFqIQFBCiEQDLYBCwJAIAQgAkcNAEGUASEQDNACCwJAAkAgBC0AAEG/f2oODwC5AbkBuQG5AbkBuQG5AbkBuQG5AbkBuQG5AQG5AQsgBEEBaiEBQf4AIRAMtwILIARBAWohAUH/ACEQDLYCCwJAIAQgAkcNAEGVASEQDM8CCwJAAkAgBC0AAEG/f2oOAwC4AQG4AQsgBEEBaiEBQf0AIRAMtgILIARBAWohBEGAASEQDLUCCwJAIAQgAkcNAEGWASEQDM4CCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRACQANAIAQtAAAgAUGnz4CAAGotAABHDbYBIAFBAUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGWASEQDM4CCyAAQQA2AgAgEEEBaiEBQQshEAyzAQsCQCAEIAJHDQBBlwEhEAzNAgsCQAJAAkACQCAELQAAQVNqDiMAuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AQG4AbgBuAG4AbgBArgBuAG4AQO4AQsgBEEBaiEBQfsAIRAMtgILIARBAWohAUH8ACEQDLUCCyAEQQFqIQRBgQEhEAy0AgsgBEEBaiEEQYIBIRAMswILAkAgBCACRw0AQZgBIRAMzAILIAIgBGsgACgCACIBaiEUIAQgAWtBBGohEAJAA0AgBC0AACABQanPgIAAai0AAEcNtAEgAUEERg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZgBIRAMzAILIABBADYCACAQQQFqIQFBGSEQDLEBCwJAIAQgAkcNAEGZASEQDMsCCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRACQANAIAQtAAAgAUGuz4CAAGotAABHDbMBIAFBBUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGZASEQDMsCCyAAQQA2AgAgEEEBaiEBQQYhEAywAQsCQCAEIAJHDQBBmgEhEAzKAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFBtM+AgABqLQAARw2yASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBmgEhEAzKAgsgAEEANgIAIBBBAWohAUEcIRAMrwELAkAgBCACRw0AQZsBIRAMyQILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQbbPgIAAai0AAEcNsQEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZsBIRAMyQILIABBADYCACAQQQFqIQFBJyEQDK4BCwJAIAQgAkcNAEGcASEQDMgCCwJAAkAgBC0AAEGsf2oOAgABsQELIARBAWohBEGGASEQDK8CCyAEQQFqIQRBhwEhEAyuAgsCQCAEIAJHDQBBnQEhEAzHAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFBuM+AgABqLQAARw2vASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBnQEhEAzHAgsgAEEANgIAIBBBAWohAUEmIRAMrAELAkAgBCACRw0AQZ4BIRAMxgILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQbrPgIAAai0AAEcNrgEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZ4BIRAMxgILIABBADYCACAQQQFqIQFBAyEQDKsBCwJAIAQgAkcNAEGfASEQDMUCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHtz4CAAGotAABHDa0BIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGfASEQDMUCCyAAQQA2AgAgEEEBaiEBQQwhEAyqAQsCQCAEIAJHDQBBoAEhEAzEAgsgAiAEayAAKAIAIgFqIRQgBCABa0EDaiEQAkADQCAELQAAIAFBvM+AgABqLQAARw2sASABQQNGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBoAEhEAzEAgsgAEEANgIAIBBBAWohAUENIRAMqQELAkAgBCACRw0AQaEBIRAMwwILAkACQCAELQAAQbp/ag4LAKwBrAGsAawBrAGsAawBrAGsAQGsAQsgBEEBaiEEQYsBIRAMqgILIARBAWohBEGMASEQDKkCCwJAIAQgAkcNAEGiASEQDMICCyAELQAAQdAARw2pASAEQQFqIQQM6QELAkAgBCACRw0AQaMBIRAMwQILAkACQCAELQAAQbd/ag4HAaoBqgGqAaoBqgEAqgELIARBAWohBEGOASEQDKgCCyAEQQFqIQFBIiEQDKYBCwJAIAQgAkcNAEGkASEQDMACCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRACQANAIAQtAAAgAUHAz4CAAGotAABHDagBIAFBAUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGkASEQDMACCyAAQQA2AgAgEEEBaiEBQR0hEAylAQsCQCAEIAJHDQBBpQEhEAy/AgsCQAJAIAQtAABBrn9qDgMAqAEBqAELIARBAWohBEGQASEQDKYCCyAEQQFqIQFBBCEQDKQBCwJAIAQgAkcNAEGmASEQDL4CCwJAAkACQAJAAkAgBC0AAEG/f2oOFQCqAaoBqgGqAaoBqgGqAaoBqgGqAQGqAaoBAqoBqgEDqgGqAQSqAQsgBEEBaiEEQYgBIRAMqAILIARBAWohBEGJASEQDKcCCyAEQQFqIQRBigEhEAymAgsgBEEBaiEEQY8BIRAMpQILIARBAWohBEGRASEQDKQCCwJAIAQgAkcNAEGnASEQDL0CCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHtz4CAAGotAABHDaUBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGnASEQDL0CCyAAQQA2AgAgEEEBaiEBQREhEAyiAQsCQCAEIAJHDQBBqAEhEAy8AgsgAiAEayAAKAIAIgFqIRQgBCABa0ECaiEQAkADQCAELQAAIAFBws+AgABqLQAARw2kASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBqAEhEAy8AgsgAEEANgIAIBBBAWohAUEsIRAMoQELAkAgBCACRw0AQakBIRAMuwILIAIgBGsgACgCACIBaiEUIAQgAWtBBGohEAJAA0AgBC0AACABQcXPgIAAai0AAEcNowEgAUEERg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQakBIRAMuwILIABBADYCACAQQQFqIQFBKyEQDKABCwJAIAQgAkcNAEGqASEQDLoCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHKz4CAAGotAABHDaIBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGqASEQDLoCCyAAQQA2AgAgEEEBaiEBQRQhEAyfAQsCQCAEIAJHDQBBqwEhEAy5AgsCQAJAAkACQCAELQAAQb5/ag4PAAECpAGkAaQBpAGkAaQBpAGkAaQBpAGkAQOkAQsgBEEBaiEEQZMBIRAMogILIARBAWohBEGUASEQDKECCyAEQQFqIQRBlQEhEAygAgsgBEEBaiEEQZYBIRAMnwILAkAgBCACRw0AQawBIRAMuAILIAQtAABBxQBHDZ8BIARBAWohBAzgAQsCQCAEIAJHDQBBrQEhEAy3AgsgAiAEayAAKAIAIgFqIRQgBCABa0ECaiEQAkADQCAELQAAIAFBzc+AgABqLQAARw2fASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBrQEhEAy3AgsgAEEANgIAIBBBAWohAUEOIRAMnAELAkAgBCACRw0AQa4BIRAMtgILIAQtAABB0ABHDZ0BIARBAWohAUElIRAMmwELAkAgBCACRw0AQa8BIRAMtQILIAIgBGsgACgCACIBaiEUIAQgAWtBCGohEAJAA0AgBC0AACABQdDPgIAAai0AAEcNnQEgAUEIRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQa8BIRAMtQILIABBADYCACAQQQFqIQFBKiEQDJoBCwJAIAQgAkcNAEGwASEQDLQCCwJAAkAgBC0AAEGrf2oOCwCdAZ0BnQGdAZ0BnQGdAZ0BnQEBnQELIARBAWohBEGaASEQDJsCCyAEQQFqIQRBmwEhEAyaAgsCQCAEIAJHDQBBsQEhEAyzAgsCQAJAIAQtAABBv39qDhQAnAGcAZwBnAGcAZwBnAGcAZwBnAGcAZwBnAGcAZwBnAGcAZwBAZwBCyAEQQFqIQRBmQEhEAyaAgsgBEEBaiEEQZwBIRAMmQILAkAgBCACRw0AQbIBIRAMsgILIAIgBGsgACgCACIBaiEUIAQgAWtBA2ohEAJAA0AgBC0AACABQdnPgIAAai0AAEcNmgEgAUEDRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQbIBIRAMsgILIABBADYCACAQQQFqIQFBISEQDJcBCwJAIAQgAkcNAEGzASEQDLECCyACIARrIAAoAgAiAWohFCAEIAFrQQZqIRACQANAIAQtAAAgAUHdz4CAAGotAABHDZkBIAFBBkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGzASEQDLECCyAAQQA2AgAgEEEBaiEBQRohEAyWAQsCQCAEIAJHDQBBtAEhEAywAgsCQAJAAkAgBC0AAEG7f2oOEQCaAZoBmgGaAZoBmgGaAZoBmgEBmgGaAZoBmgGaAQKaAQsgBEEBaiEEQZ0BIRAMmAILIARBAWohBEGeASEQDJcCCyAEQQFqIQRBnwEhEAyWAgsCQCAEIAJHDQBBtQEhEAyvAgsgAiAEayAAKAIAIgFqIRQgBCABa0EFaiEQAkADQCAELQAAIAFB5M+AgABqLQAARw2XASABQQVGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBtQEhEAyvAgsgAEEANgIAIBBBAWohAUEoIRAMlAELAkAgBCACRw0AQbYBIRAMrgILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQerPgIAAai0AAEcNlgEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQbYBIRAMrgILIABBADYCACAQQQFqIQFBByEQDJMBCwJAIAQgAkcNAEG3ASEQDK0CCwJAAkAgBC0AAEG7f2oODgCWAZYBlgGWAZYBlgGWAZYBlgGWAZYBlgEBlgELIARBAWohBEGhASEQDJQCCyAEQQFqIQRBogEhEAyTAgsCQCAEIAJHDQBBuAEhEAysAgsgAiAEayAAKAIAIgFqIRQgBCABa0ECaiEQAkADQCAELQAAIAFB7c+AgABqLQAARw2UASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBuAEhEAysAgsgAEEANgIAIBBBAWohAUESIRAMkQELAkAgBCACRw0AQbkBIRAMqwILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQfDPgIAAai0AAEcNkwEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQbkBIRAMqwILIABBADYCACAQQQFqIQFBICEQDJABCwJAIAQgAkcNAEG6ASEQDKoCCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRACQANAIAQtAAAgAUHyz4CAAGotAABHDZIBIAFBAUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEG6ASEQDKoCCyAAQQA2AgAgEEEBaiEBQQ8hEAyPAQsCQCAEIAJHDQBBuwEhEAypAgsCQAJAIAQtAABBt39qDgcAkgGSAZIBkgGSAQGSAQsgBEEBaiEEQaUBIRAMkAILIARBAWohBEGmASEQDI8CCwJAIAQgAkcNAEG8ASEQDKgCCyACIARrIAAoAgAiAWohFCAEIAFrQQdqIRACQANAIAQtAAAgAUH0z4CAAGotAABHDZABIAFBB0YNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEG8ASEQDKgCCyAAQQA2AgAgEEEBaiEBQRshEAyNAQsCQCAEIAJHDQBBvQEhEAynAgsCQAJAAkAgBC0AAEG+f2oOEgCRAZEBkQGRAZEBkQGRAZEBkQEBkQGRAZEBkQGRAZEBApEBCyAEQQFqIQRBpAEhEAyPAgsgBEEBaiEEQacBIRAMjgILIARBAWohBEGoASEQDI0CCwJAIAQgAkcNAEG+ASEQDKYCCyAELQAAQc4ARw2NASAEQQFqIQQMzwELAkAgBCACRw0AQb8BIRAMpQILAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkAgBC0AAEG/f2oOFQABAgOcAQQFBpwBnAGcAQcICQoLnAEMDQ4PnAELIARBAWohAUHoACEQDJoCCyAEQQFqIQFB6QAhEAyZAgsgBEEBaiEBQe4AIRAMmAILIARBAWohAUHyACEQDJcCCyAEQQFqIQFB8wAhEAyWAgsgBEEBaiEBQfYAIRAMlQILIARBAWohAUH3ACEQDJQCCyAEQQFqIQFB+gAhEAyTAgsgBEEBaiEEQYMBIRAMkgILIARBAWohBEGEASEQDJECCyAEQQFqIQRBhQEhEAyQAgsgBEEBaiEEQZIBIRAMjwILIARBAWohBEGYASEQDI4CCyAEQQFqIQRBoAEhEAyNAgsgBEEBaiEEQaMBIRAMjAILIARBAWohBEGqASEQDIsCCwJAIAQgAkYNACAAQZCAgIAANgIIIAAgBDYCBEGrASEQDIsCC0HAASEQDKMCCyAAIAUgAhCqgICAACIBDYsBIAUhAQxcCwJAIAYgAkYNACAGQQFqIQUMjQELQcIBIRAMoQILA0ACQCAQLQAAQXZqDgSMAQAAjwEACyAQQQFqIhAgAkcNAAtBwwEhEAygAgsCQCAHIAJGDQAgAEGRgICAADYCCCAAIAc2AgQgByEBQQEhEAyHAgtBxAEhEAyfAgsCQCAHIAJHDQBBxQEhEAyfAgsCQAJAIActAABBdmoOBAHOAc4BAM4BCyAHQQFqIQYMjQELIAdBAWohBQyJAQsCQCAHIAJHDQBBxgEhEAyeAgsCQAJAIActAABBdmoOFwGPAY8BAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAQCPAQsgB0EBaiEHC0GwASEQDIQCCwJAIAggAkcNAEHIASEQDJ0CCyAILQAAQSBHDY0BIABBADsBMiAIQQFqIQFBswEhEAyDAgsgASEXAkADQCAXIgcgAkYNASAHLQAAQVBqQf8BcSIQQQpPDcwBAkAgAC8BMiIUQZkzSw0AIAAgFEEKbCIUOwEyIBBB//8DcyAUQf7/A3FJDQAgB0EBaiEXIAAgFCAQaiIQOwEyIBBB//8DcUHoB0kNAQsLQQAhECAAQQA2AhwgAEHBiYCAADYCECAAQQ02AgwgACAHQQFqNgIUDJwCC0HHASEQDJsCCyAAIAggAhCugICAACIQRQ3KASAQQRVHDYwBIABByAE2AhwgACAINgIUIABByZeAgAA2AhAgAEEVNgIMQQAhEAyaAgsCQCAJIAJHDQBBzAEhEAyaAgtBACEUQQEhF0EBIRZBACEQAkACQAJAAkACQAJAAkACQAJAIAktAABBUGoOCpYBlQEAAQIDBAUGCJcBC0ECIRAMBgtBAyEQDAULQQQhEAwEC0EFIRAMAwtBBiEQDAILQQchEAwBC0EIIRALQQAhF0EAIRZBACEUDI4BC0EJIRBBASEUQQAhF0EAIRYMjQELAkAgCiACRw0AQc4BIRAMmQILIAotAABBLkcNjgEgCkEBaiEJDMoBCyALIAJHDY4BQdABIRAMlwILAkAgCyACRg0AIABBjoCAgAA2AgggACALNgIEQbcBIRAM/gELQdEBIRAMlgILAkAgBCACRw0AQdIBIRAMlgILIAIgBGsgACgCACIQaiEUIAQgEGtBBGohCwNAIAQtAAAgEEH8z4CAAGotAABHDY4BIBBBBEYN6QEgEEEBaiEQIARBAWoiBCACRw0ACyAAIBQ2AgBB0gEhEAyVAgsgACAMIAIQrICAgAAiAQ2NASAMIQEMuAELAkAgBCACRw0AQdQBIRAMlAILIAIgBGsgACgCACIQaiEUIAQgEGtBAWohDANAIAQtAAAgEEGB0ICAAGotAABHDY8BIBBBAUYNjgEgEEEBaiEQIARBAWoiBCACRw0ACyAAIBQ2AgBB1AEhEAyTAgsCQCAEIAJHDQBB1gEhEAyTAgsgAiAEayAAKAIAIhBqIRQgBCAQa0ECaiELA0AgBC0AACAQQYPQgIAAai0AAEcNjgEgEEECRg2QASAQQQFqIRAgBEEBaiIEIAJHDQALIAAgFDYCAEHWASEQDJICCwJAIAQgAkcNAEHXASEQDJICCwJAAkAgBC0AAEG7f2oOEACPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BAY8BCyAEQQFqIQRBuwEhEAz5AQsgBEEBaiEEQbwBIRAM+AELAkAgBCACRw0AQdgBIRAMkQILIAQtAABByABHDYwBIARBAWohBAzEAQsCQCAEIAJGDQAgAEGQgICAADYCCCAAIAQ2AgRBvgEhEAz3AQtB2QEhEAyPAgsCQCAEIAJHDQBB2gEhEAyPAgsgBC0AAEHIAEYNwwEgAEEBOgAoDLkBCyAAQQI6AC8gACAEIAIQpoCAgAAiEA2NAUHCASEQDPQBCyAALQAoQX9qDgK3AbkBuAELA0ACQCAELQAAQXZqDgQAjgGOAQCOAQsgBEEBaiIEIAJHDQALQd0BIRAMiwILIABBADoALyAALQAtQQRxRQ2EAgsgAEEAOgAvIABBAToANCABIQEMjAELIBBBFUYN2gEgAEEANgIcIAAgATYCFCAAQaeOgIAANgIQIABBEjYCDEEAIRAMiAILAkAgACAQIAIQtICAgAAiBA0AIBAhAQyBAgsCQCAEQRVHDQAgAEEDNgIcIAAgEDYCFCAAQbCYgIAANgIQIABBFTYCDEEAIRAMiAILIABBADYCHCAAIBA2AhQgAEGnjoCAADYCECAAQRI2AgxBACEQDIcCCyAQQRVGDdYBIABBADYCHCAAIAE2AhQgAEHajYCAADYCECAAQRQ2AgxBACEQDIYCCyAAKAIEIRcgAEEANgIEIBAgEadqIhYhASAAIBcgECAWIBQbIhAQtYCAgAAiFEUNjQEgAEEHNgIcIAAgEDYCFCAAIBQ2AgxBACEQDIUCCyAAIAAvATBBgAFyOwEwIAEhAQtBKiEQDOoBCyAQQRVGDdEBIABBADYCHCAAIAE2AhQgAEGDjICAADYCECAAQRM2AgxBACEQDIICCyAQQRVGDc8BIABBADYCHCAAIAE2AhQgAEGaj4CAADYCECAAQSI2AgxBACEQDIECCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQt4CAgAAiEA0AIAFBAWohAQyNAQsgAEEMNgIcIAAgEDYCDCAAIAFBAWo2AhRBACEQDIACCyAQQRVGDcwBIABBADYCHCAAIAE2AhQgAEGaj4CAADYCECAAQSI2AgxBACEQDP8BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQt4CAgAAiEA0AIAFBAWohAQyMAQsgAEENNgIcIAAgEDYCDCAAIAFBAWo2AhRBACEQDP4BCyAQQRVGDckBIABBADYCHCAAIAE2AhQgAEHGjICAADYCECAAQSM2AgxBACEQDP0BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQuYCAgAAiEA0AIAFBAWohAQyLAQsgAEEONgIcIAAgEDYCDCAAIAFBAWo2AhRBACEQDPwBCyAAQQA2AhwgACABNgIUIABBwJWAgAA2AhAgAEECNgIMQQAhEAz7AQsgEEEVRg3FASAAQQA2AhwgACABNgIUIABBxoyAgAA2AhAgAEEjNgIMQQAhEAz6AQsgAEEQNgIcIAAgATYCFCAAIBA2AgxBACEQDPkBCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQuYCAgAAiBA0AIAFBAWohAQzxAQsgAEERNgIcIAAgBDYCDCAAIAFBAWo2AhRBACEQDPgBCyAQQRVGDcEBIABBADYCHCAAIAE2AhQgAEHGjICAADYCECAAQSM2AgxBACEQDPcBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQuYCAgAAiEA0AIAFBAWohAQyIAQsgAEETNgIcIAAgEDYCDCAAIAFBAWo2AhRBACEQDPYBCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQuYCAgAAiBA0AIAFBAWohAQztAQsgAEEUNgIcIAAgBDYCDCAAIAFBAWo2AhRBACEQDPUBCyAQQRVGDb0BIABBADYCHCAAIAE2AhQgAEGaj4CAADYCECAAQSI2AgxBACEQDPQBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQt4CAgAAiEA0AIAFBAWohAQyGAQsgAEEWNgIcIAAgEDYCDCAAIAFBAWo2AhRBACEQDPMBCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQt4CAgAAiBA0AIAFBAWohAQzpAQsgAEEXNgIcIAAgBDYCDCAAIAFBAWo2AhRBACEQDPIBCyAAQQA2AhwgACABNgIUIABBzZOAgAA2AhAgAEEMNgIMQQAhEAzxAQtCASERCyAQQQFqIQECQCAAKQMgIhJC//////////8PVg0AIAAgEkIEhiARhDcDICABIQEMhAELIABBADYCHCAAIAE2AhQgAEGtiYCAADYCECAAQQw2AgxBACEQDO8BCyAAQQA2AhwgACAQNgIUIABBzZOAgAA2AhAgAEEMNgIMQQAhEAzuAQsgACgCBCEXIABBADYCBCAQIBGnaiIWIQEgACAXIBAgFiAUGyIQELWAgIAAIhRFDXMgAEEFNgIcIAAgEDYCFCAAIBQ2AgxBACEQDO0BCyAAQQA2AhwgACAQNgIUIABBqpyAgAA2AhAgAEEPNgIMQQAhEAzsAQsgACAQIAIQtICAgAAiAQ0BIBAhAQtBDiEQDNEBCwJAIAFBFUcNACAAQQI2AhwgACAQNgIUIABBsJiAgAA2AhAgAEEVNgIMQQAhEAzqAQsgAEEANgIcIAAgEDYCFCAAQaeOgIAANgIQIABBEjYCDEEAIRAM6QELIAFBAWohEAJAIAAvATAiAUGAAXFFDQACQCAAIBAgAhC7gICAACIBDQAgECEBDHALIAFBFUcNugEgAEEFNgIcIAAgEDYCFCAAQfmXgIAANgIQIABBFTYCDEEAIRAM6QELAkAgAUGgBHFBoARHDQAgAC0ALUECcQ0AIABBADYCHCAAIBA2AhQgAEGWk4CAADYCECAAQQQ2AgxBACEQDOkBCyAAIBAgAhC9gICAABogECEBAkACQAJAAkACQCAAIBAgAhCzgICAAA4WAgEABAQEBAQEBAQEBAQEBAQEBAQEAwQLIABBAToALgsgACAALwEwQcAAcjsBMCAQIQELQSYhEAzRAQsgAEEjNgIcIAAgEDYCFCAAQaWWgIAANgIQIABBFTYCDEEAIRAM6QELIABBADYCHCAAIBA2AhQgAEHVi4CAADYCECAAQRE2AgxBACEQDOgBCyAALQAtQQFxRQ0BQcMBIRAMzgELAkAgDSACRg0AA0ACQCANLQAAQSBGDQAgDSEBDMQBCyANQQFqIg0gAkcNAAtBJSEQDOcBC0ElIRAM5gELIAAoAgQhBCAAQQA2AgQgACAEIA0Qr4CAgAAiBEUNrQEgAEEmNgIcIAAgBDYCDCAAIA1BAWo2AhRBACEQDOUBCyAQQRVGDasBIABBADYCHCAAIAE2AhQgAEH9jYCAADYCECAAQR02AgxBACEQDOQBCyAAQSc2AhwgACABNgIUIAAgEDYCDEEAIRAM4wELIBAhAUEBIRQCQAJAAkACQAJAAkACQCAALQAsQX5qDgcGBQUDAQIABQsgACAALwEwQQhyOwEwDAMLQQIhFAwBC0EEIRQLIABBAToALCAAIAAvATAgFHI7ATALIBAhAQtBKyEQDMoBCyAAQQA2AhwgACAQNgIUIABBq5KAgAA2AhAgAEELNgIMQQAhEAziAQsgAEEANgIcIAAgATYCFCAAQeGPgIAANgIQIABBCjYCDEEAIRAM4QELIABBADoALCAQIQEMvQELIBAhAUEBIRQCQAJAAkACQAJAIAAtACxBe2oOBAMBAgAFCyAAIAAvATBBCHI7ATAMAwtBAiEUDAELQQQhFAsgAEEBOgAsIAAgAC8BMCAUcjsBMAsgECEBC0EpIRAMxQELIABBADYCHCAAIAE2AhQgAEHwlICAADYCECAAQQM2AgxBACEQDN0BCwJAIA4tAABBDUcNACAAKAIEIQEgAEEANgIEAkAgACABIA4QsYCAgAAiAQ0AIA5BAWohAQx1CyAAQSw2AhwgACABNgIMIAAgDkEBajYCFEEAIRAM3QELIAAtAC1BAXFFDQFBxAEhEAzDAQsCQCAOIAJHDQBBLSEQDNwBCwJAAkADQAJAIA4tAABBdmoOBAIAAAMACyAOQQFqIg4gAkcNAAtBLSEQDN0BCyAAKAIEIQEgAEEANgIEAkAgACABIA4QsYCAgAAiAQ0AIA4hAQx0CyAAQSw2AhwgACAONgIUIAAgATYCDEEAIRAM3AELIAAoAgQhASAAQQA2AgQCQCAAIAEgDhCxgICAACIBDQAgDkEBaiEBDHMLIABBLDYCHCAAIAE2AgwgACAOQQFqNgIUQQAhEAzbAQsgACgCBCEEIABBADYCBCAAIAQgDhCxgICAACIEDaABIA4hAQzOAQsgEEEsRw0BIAFBAWohEEEBIQECQAJAAkACQAJAIAAtACxBe2oOBAMBAgQACyAQIQEMBAtBAiEBDAELQQQhAQsgAEEBOgAsIAAgAC8BMCABcjsBMCAQIQEMAQsgACAALwEwQQhyOwEwIBAhAQtBOSEQDL8BCyAAQQA6ACwgASEBC0E0IRAMvQELIAAgAC8BMEEgcjsBMCABIQEMAgsgACgCBCEEIABBADYCBAJAIAAgBCABELGAgIAAIgQNACABIQEMxwELIABBNzYCHCAAIAE2AhQgACAENgIMQQAhEAzUAQsgAEEIOgAsIAEhAQtBMCEQDLkBCwJAIAAtAChBAUYNACABIQEMBAsgAC0ALUEIcUUNkwEgASEBDAMLIAAtADBBIHENlAFBxQEhEAy3AQsCQCAPIAJGDQACQANAAkAgDy0AAEFQaiIBQf8BcUEKSQ0AIA8hAUE1IRAMugELIAApAyAiEUKZs+bMmbPmzBlWDQEgACARQgp+IhE3AyAgESABrUL/AYMiEkJ/hVYNASAAIBEgEnw3AyAgD0EBaiIPIAJHDQALQTkhEAzRAQsgACgCBCECIABBADYCBCAAIAIgD0EBaiIEELGAgIAAIgINlQEgBCEBDMMBC0E5IRAMzwELAkAgAC8BMCIBQQhxRQ0AIAAtAChBAUcNACAALQAtQQhxRQ2QAQsgACABQff7A3FBgARyOwEwIA8hAQtBNyEQDLQBCyAAIAAvATBBEHI7ATAMqwELIBBBFUYNiwEgAEEANgIcIAAgATYCFCAAQfCOgIAANgIQIABBHDYCDEEAIRAMywELIABBwwA2AhwgACABNgIMIAAgDUEBajYCFEEAIRAMygELAkAgAS0AAEE6Rw0AIAAoAgQhECAAQQA2AgQCQCAAIBAgARCvgICAACIQDQAgAUEBaiEBDGMLIABBwwA2AhwgACAQNgIMIAAgAUEBajYCFEEAIRAMygELIABBADYCHCAAIAE2AhQgAEGxkYCAADYCECAAQQo2AgxBACEQDMkBCyAAQQA2AhwgACABNgIUIABBoJmAgAA2AhAgAEEeNgIMQQAhEAzIAQsgAEEANgIACyAAQYASOwEqIAAgF0EBaiIBIAIQqICAgAAiEA0BIAEhAQtBxwAhEAysAQsgEEEVRw2DASAAQdEANgIcIAAgATYCFCAAQeOXgIAANgIQIABBFTYCDEEAIRAMxAELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDF4LIABB0gA2AhwgACABNgIUIAAgEDYCDEEAIRAMwwELIABBADYCHCAAIBQ2AhQgAEHBqICAADYCECAAQQc2AgwgAEEANgIAQQAhEAzCAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMXQsgAEHTADYCHCAAIAE2AhQgACAQNgIMQQAhEAzBAQtBACEQIABBADYCHCAAIAE2AhQgAEGAkYCAADYCECAAQQk2AgwMwAELIBBBFUYNfSAAQQA2AhwgACABNgIUIABBlI2AgAA2AhAgAEEhNgIMQQAhEAy/AQtBASEWQQAhF0EAIRRBASEQCyAAIBA6ACsgAUEBaiEBAkACQCAALQAtQRBxDQACQAJAAkAgAC0AKg4DAQACBAsgFkUNAwwCCyAUDQEMAgsgF0UNAQsgACgCBCEQIABBADYCBAJAIAAgECABEK2AgIAAIhANACABIQEMXAsgAEHYADYCHCAAIAE2AhQgACAQNgIMQQAhEAy+AQsgACgCBCEEIABBADYCBAJAIAAgBCABEK2AgIAAIgQNACABIQEMrQELIABB2QA2AhwgACABNgIUIAAgBDYCDEEAIRAMvQELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARCtgICAACIEDQAgASEBDKsBCyAAQdoANgIcIAAgATYCFCAAIAQ2AgxBACEQDLwBCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQrYCAgAAiBA0AIAEhAQypAQsgAEHcADYCHCAAIAE2AhQgACAENgIMQQAhEAy7AQsCQCABLQAAQVBqIhBB/wFxQQpPDQAgACAQOgAqIAFBAWohAUHPACEQDKIBCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQrYCAgAAiBA0AIAEhAQynAQsgAEHeADYCHCAAIAE2AhQgACAENgIMQQAhEAy6AQsgAEEANgIAIBdBAWohAQJAIAAtAClBI08NACABIQEMWQsgAEEANgIcIAAgATYCFCAAQdOJgIAANgIQIABBCDYCDEEAIRAMuQELIABBADYCAAtBACEQIABBADYCHCAAIAE2AhQgAEGQs4CAADYCECAAQQg2AgwMtwELIABBADYCACAXQQFqIQECQCAALQApQSFHDQAgASEBDFYLIABBADYCHCAAIAE2AhQgAEGbioCAADYCECAAQQg2AgxBACEQDLYBCyAAQQA2AgAgF0EBaiEBAkAgAC0AKSIQQV1qQQtPDQAgASEBDFULAkAgEEEGSw0AQQEgEHRBygBxRQ0AIAEhAQxVC0EAIRAgAEEANgIcIAAgATYCFCAAQfeJgIAANgIQIABBCDYCDAy1AQsgEEEVRg1xIABBADYCHCAAIAE2AhQgAEG5jYCAADYCECAAQRo2AgxBACEQDLQBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxUCyAAQeUANgIcIAAgATYCFCAAIBA2AgxBACEQDLMBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxNCyAAQdIANgIcIAAgATYCFCAAIBA2AgxBACEQDLIBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxNCyAAQdMANgIcIAAgATYCFCAAIBA2AgxBACEQDLEBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxRCyAAQeUANgIcIAAgATYCFCAAIBA2AgxBACEQDLABCyAAQQA2AhwgACABNgIUIABBxoqAgAA2AhAgAEEHNgIMQQAhEAyvAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMSQsgAEHSADYCHCAAIAE2AhQgACAQNgIMQQAhEAyuAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMSQsgAEHTADYCHCAAIAE2AhQgACAQNgIMQQAhEAytAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMTQsgAEHlADYCHCAAIAE2AhQgACAQNgIMQQAhEAysAQsgAEEANgIcIAAgATYCFCAAQdyIgIAANgIQIABBBzYCDEEAIRAMqwELIBBBP0cNASABQQFqIQELQQUhEAyQAQtBACEQIABBADYCHCAAIAE2AhQgAEH9koCAADYCECAAQQc2AgwMqAELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDEILIABB0gA2AhwgACABNgIUIAAgEDYCDEEAIRAMpwELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDEILIABB0wA2AhwgACABNgIUIAAgEDYCDEEAIRAMpgELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDEYLIABB5QA2AhwgACABNgIUIAAgEDYCDEEAIRAMpQELIAAoAgQhASAAQQA2AgQCQCAAIAEgFBCngICAACIBDQAgFCEBDD8LIABB0gA2AhwgACAUNgIUIAAgATYCDEEAIRAMpAELIAAoAgQhASAAQQA2AgQCQCAAIAEgFBCngICAACIBDQAgFCEBDD8LIABB0wA2AhwgACAUNgIUIAAgATYCDEEAIRAMowELIAAoAgQhASAAQQA2AgQCQCAAIAEgFBCngICAACIBDQAgFCEBDEMLIABB5QA2AhwgACAUNgIUIAAgATYCDEEAIRAMogELIABBADYCHCAAIBQ2AhQgAEHDj4CAADYCECAAQQc2AgxBACEQDKEBCyAAQQA2AhwgACABNgIUIABBw4+AgAA2AhAgAEEHNgIMQQAhEAygAQtBACEQIABBADYCHCAAIBQ2AhQgAEGMnICAADYCECAAQQc2AgwMnwELIABBADYCHCAAIBQ2AhQgAEGMnICAADYCECAAQQc2AgxBACEQDJ4BCyAAQQA2AhwgACAUNgIUIABB/pGAgAA2AhAgAEEHNgIMQQAhEAydAQsgAEEANgIcIAAgATYCFCAAQY6bgIAANgIQIABBBjYCDEEAIRAMnAELIBBBFUYNVyAAQQA2AhwgACABNgIUIABBzI6AgAA2AhAgAEEgNgIMQQAhEAybAQsgAEEANgIAIBBBAWohAUEkIRALIAAgEDoAKSAAKAIEIRAgAEEANgIEIAAgECABEKuAgIAAIhANVCABIQEMPgsgAEEANgIAC0EAIRAgAEEANgIcIAAgBDYCFCAAQfGbgIAANgIQIABBBjYCDAyXAQsgAUEVRg1QIABBADYCHCAAIAU2AhQgAEHwjICAADYCECAAQRs2AgxBACEQDJYBCyAAKAIEIQUgAEEANgIEIAAgBSAQEKmAgIAAIgUNASAQQQFqIQULQa0BIRAMewsgAEHBATYCHCAAIAU2AgwgACAQQQFqNgIUQQAhEAyTAQsgACgCBCEGIABBADYCBCAAIAYgEBCpgICAACIGDQEgEEEBaiEGC0GuASEQDHgLIABBwgE2AhwgACAGNgIMIAAgEEEBajYCFEEAIRAMkAELIABBADYCHCAAIAc2AhQgAEGXi4CAADYCECAAQQ02AgxBACEQDI8BCyAAQQA2AhwgACAINgIUIABB45CAgAA2AhAgAEEJNgIMQQAhEAyOAQsgAEEANgIcIAAgCDYCFCAAQZSNgIAANgIQIABBITYCDEEAIRAMjQELQQEhFkEAIRdBACEUQQEhEAsgACAQOgArIAlBAWohCAJAAkAgAC0ALUEQcQ0AAkACQAJAIAAtACoOAwEAAgQLIBZFDQMMAgsgFA0BDAILIBdFDQELIAAoAgQhECAAQQA2AgQgACAQIAgQrYCAgAAiEEUNPSAAQckBNgIcIAAgCDYCFCAAIBA2AgxBACEQDIwBCyAAKAIEIQQgAEEANgIEIAAgBCAIEK2AgIAAIgRFDXYgAEHKATYCHCAAIAg2AhQgACAENgIMQQAhEAyLAQsgACgCBCEEIABBADYCBCAAIAQgCRCtgICAACIERQ10IABBywE2AhwgACAJNgIUIAAgBDYCDEEAIRAMigELIAAoAgQhBCAAQQA2AgQgACAEIAoQrYCAgAAiBEUNciAAQc0BNgIcIAAgCjYCFCAAIAQ2AgxBACEQDIkBCwJAIAstAABBUGoiEEH/AXFBCk8NACAAIBA6ACogC0EBaiEKQbYBIRAMcAsgACgCBCEEIABBADYCBCAAIAQgCxCtgICAACIERQ1wIABBzwE2AhwgACALNgIUIAAgBDYCDEEAIRAMiAELIABBADYCHCAAIAQ2AhQgAEGQs4CAADYCECAAQQg2AgwgAEEANgIAQQAhEAyHAQsgAUEVRg0/IABBADYCHCAAIAw2AhQgAEHMjoCAADYCECAAQSA2AgxBACEQDIYBCyAAQYEEOwEoIAAoAgQhECAAQgA3AwAgACAQIAxBAWoiDBCrgICAACIQRQ04IABB0wE2AhwgACAMNgIUIAAgEDYCDEEAIRAMhQELIABBADYCAAtBACEQIABBADYCHCAAIAQ2AhQgAEHYm4CAADYCECAAQQg2AgwMgwELIAAoAgQhECAAQgA3AwAgACAQIAtBAWoiCxCrgICAACIQDQFBxgEhEAxpCyAAQQI6ACgMVQsgAEHVATYCHCAAIAs2AhQgACAQNgIMQQAhEAyAAQsgEEEVRg03IABBADYCHCAAIAQ2AhQgAEGkjICAADYCECAAQRA2AgxBACEQDH8LIAAtADRBAUcNNCAAIAQgAhC8gICAACIQRQ00IBBBFUcNNSAAQdwBNgIcIAAgBDYCFCAAQdWWgIAANgIQIABBFTYCDEEAIRAMfgtBACEQIABBADYCHCAAQa+LgIAANgIQIABBAjYCDCAAIBRBAWo2AhQMfQtBACEQDGMLQQIhEAxiC0ENIRAMYQtBDyEQDGALQSUhEAxfC0ETIRAMXgtBFSEQDF0LQRYhEAxcC0EXIRAMWwtBGCEQDFoLQRkhEAxZC0EaIRAMWAtBGyEQDFcLQRwhEAxWC0EdIRAMVQtBHyEQDFQLQSEhEAxTC0EjIRAMUgtBxgAhEAxRC0EuIRAMUAtBLyEQDE8LQTshEAxOC0E9IRAMTQtByAAhEAxMC0HJACEQDEsLQcsAIRAMSgtBzAAhEAxJC0HOACEQDEgLQdEAIRAMRwtB1QAhEAxGC0HYACEQDEULQdkAIRAMRAtB2wAhEAxDC0HkACEQDEILQeUAIRAMQQtB8QAhEAxAC0H0ACEQDD8LQY0BIRAMPgtBlwEhEAw9C0GpASEQDDwLQawBIRAMOwtBwAEhEAw6C0G5ASEQDDkLQa8BIRAMOAtBsQEhEAw3C0GyASEQDDYLQbQBIRAMNQtBtQEhEAw0C0G6ASEQDDMLQb0BIRAMMgtBvwEhEAwxC0HBASEQDDALIABBADYCHCAAIAQ2AhQgAEHpi4CAADYCECAAQR82AgxBACEQDEgLIABB2wE2AhwgACAENgIUIABB+paAgAA2AhAgAEEVNgIMQQAhEAxHCyAAQfgANgIcIAAgDDYCFCAAQcqYgIAANgIQIABBFTYCDEEAIRAMRgsgAEHRADYCHCAAIAU2AhQgAEGwl4CAADYCECAAQRU2AgxBACEQDEULIABB+QA2AhwgACABNgIUIAAgEDYCDEEAIRAMRAsgAEH4ADYCHCAAIAE2AhQgAEHKmICAADYCECAAQRU2AgxBACEQDEMLIABB5AA2AhwgACABNgIUIABB45eAgAA2AhAgAEEVNgIMQQAhEAxCCyAAQdcANgIcIAAgATYCFCAAQcmXgIAANgIQIABBFTYCDEEAIRAMQQsgAEEANgIcIAAgATYCFCAAQbmNgIAANgIQIABBGjYCDEEAIRAMQAsgAEHCADYCHCAAIAE2AhQgAEHjmICAADYCECAAQRU2AgxBACEQDD8LIABBADYCBCAAIA8gDxCxgICAACIERQ0BIABBOjYCHCAAIAQ2AgwgACAPQQFqNgIUQQAhEAw+CyAAKAIEIQQgAEEANgIEAkAgACAEIAEQsYCAgAAiBEUNACAAQTs2AhwgACAENgIMIAAgAUEBajYCFEEAIRAMPgsgAUEBaiEBDC0LIA9BAWohAQwtCyAAQQA2AhwgACAPNgIUIABB5JKAgAA2AhAgAEEENgIMQQAhEAw7CyAAQTY2AhwgACAENgIUIAAgAjYCDEEAIRAMOgsgAEEuNgIcIAAgDjYCFCAAIAQ2AgxBACEQDDkLIABB0AA2AhwgACABNgIUIABBkZiAgAA2AhAgAEEVNgIMQQAhEAw4CyANQQFqIQEMLAsgAEEVNgIcIAAgATYCFCAAQYKZgIAANgIQIABBFTYCDEEAIRAMNgsgAEEbNgIcIAAgATYCFCAAQZGXgIAANgIQIABBFTYCDEEAIRAMNQsgAEEPNgIcIAAgATYCFCAAQZGXgIAANgIQIABBFTYCDEEAIRAMNAsgAEELNgIcIAAgATYCFCAAQZGXgIAANgIQIABBFTYCDEEAIRAMMwsgAEEaNgIcIAAgATYCFCAAQYKZgIAANgIQIABBFTYCDEEAIRAMMgsgAEELNgIcIAAgATYCFCAAQYKZgIAANgIQIABBFTYCDEEAIRAMMQsgAEEKNgIcIAAgATYCFCAAQeSWgIAANgIQIABBFTYCDEEAIRAMMAsgAEEeNgIcIAAgATYCFCAAQfmXgIAANgIQIABBFTYCDEEAIRAMLwsgAEEANgIcIAAgEDYCFCAAQdqNgIAANgIQIABBFDYCDEEAIRAMLgsgAEEENgIcIAAgATYCFCAAQbCYgIAANgIQIABBFTYCDEEAIRAMLQsgAEEANgIAIAtBAWohCwtBuAEhEAwSCyAAQQA2AgAgEEEBaiEBQfUAIRAMEQsgASEBAkAgAC0AKUEFRw0AQeMAIRAMEQtB4gAhEAwQC0EAIRAgAEEANgIcIABB5JGAgAA2AhAgAEEHNgIMIAAgFEEBajYCFAwoCyAAQQA2AgAgF0EBaiEBQcAAIRAMDgtBASEBCyAAIAE6ACwgAEEANgIAIBdBAWohAQtBKCEQDAsLIAEhAQtBOCEQDAkLAkAgASIPIAJGDQADQAJAIA8tAABBgL6AgABqLQAAIgFBAUYNACABQQJHDQMgD0EBaiEBDAQLIA9BAWoiDyACRw0AC0E+IRAMIgtBPiEQDCELIABBADoALCAPIQEMAQtBCyEQDAYLQTohEAwFCyABQQFqIQFBLSEQDAQLIAAgAToALCAAQQA2AgAgFkEBaiEBQQwhEAwDCyAAQQA2AgAgF0EBaiEBQQohEAwCCyAAQQA2AgALIABBADoALCANIQFBCSEQDAALC0EAIRAgAEEANgIcIAAgCzYCFCAAQc2QgIAANgIQIABBCTYCDAwXC0EAIRAgAEEANgIcIAAgCjYCFCAAQemKgIAANgIQIABBCTYCDAwWC0EAIRAgAEEANgIcIAAgCTYCFCAAQbeQgIAANgIQIABBCTYCDAwVC0EAIRAgAEEANgIcIAAgCDYCFCAAQZyRgIAANgIQIABBCTYCDAwUC0EAIRAgAEEANgIcIAAgATYCFCAAQc2QgIAANgIQIABBCTYCDAwTC0EAIRAgAEEANgIcIAAgATYCFCAAQemKgIAANgIQIABBCTYCDAwSC0EAIRAgAEEANgIcIAAgATYCFCAAQbeQgIAANgIQIABBCTYCDAwRC0EAIRAgAEEANgIcIAAgATYCFCAAQZyRgIAANgIQIABBCTYCDAwQC0EAIRAgAEEANgIcIAAgATYCFCAAQZeVgIAANgIQIABBDzYCDAwPC0EAIRAgAEEANgIcIAAgATYCFCAAQZeVgIAANgIQIABBDzYCDAwOC0EAIRAgAEEANgIcIAAgATYCFCAAQcCSgIAANgIQIABBCzYCDAwNC0EAIRAgAEEANgIcIAAgATYCFCAAQZWJgIAANgIQIABBCzYCDAwMC0EAIRAgAEEANgIcIAAgATYCFCAAQeGPgIAANgIQIABBCjYCDAwLC0EAIRAgAEEANgIcIAAgATYCFCAAQfuPgIAANgIQIABBCjYCDAwKC0EAIRAgAEEANgIcIAAgATYCFCAAQfGZgIAANgIQIABBAjYCDAwJC0EAIRAgAEEANgIcIAAgATYCFCAAQcSUgIAANgIQIABBAjYCDAwIC0EAIRAgAEEANgIcIAAgATYCFCAAQfKVgIAANgIQIABBAjYCDAwHCyAAQQI2AhwgACABNgIUIABBnJqAgAA2AhAgAEEWNgIMQQAhEAwGC0EBIRAMBQtB1AAhECABIgQgAkYNBCADQQhqIAAgBCACQdjCgIAAQQoQxYCAgAAgAygCDCEEIAMoAggOAwEEAgALEMqAgIAAAAsgAEEANgIcIABBtZqAgAA2AhAgAEEXNgIMIAAgBEEBajYCFEEAIRAMAgsgAEEANgIcIAAgBDYCFCAAQcqagIAANgIQIABBCTYCDEEAIRAMAQsCQCABIgQgAkcNAEEiIRAMAQsgAEGJgICAADYCCCAAIAQ2AgRBISEQCyADQRBqJICAgIAAIBALrwEBAn8gASgCACEGAkACQCACIANGDQAgBCAGaiEEIAYgA2ogAmshByACIAZBf3MgBWoiBmohBQNAAkAgAi0AACAELQAARg0AQQIhBAwDCwJAIAYNAEEAIQQgBSECDAMLIAZBf2ohBiAEQQFqIQQgAkEBaiICIANHDQALIAchBiADIQILIABBATYCACABIAY2AgAgACACNgIEDwsgAUEANgIAIAAgBDYCACAAIAI2AgQLCgAgABDHgICAAAvyNgELfyOAgICAAEEQayIBJICAgIAAAkBBACgCoNCAgAANAEEAEMuAgIAAQYDUhIAAayICQdkASQ0AQQAhAwJAQQAoAuDTgIAAIgQNAEEAQn83AuzTgIAAQQBCgICEgICAwAA3AuTTgIAAQQAgAUEIakFwcUHYqtWqBXMiBDYC4NOAgABBAEEANgL004CAAEEAQQA2AsTTgIAAC0EAIAI2AszTgIAAQQBBgNSEgAA2AsjTgIAAQQBBgNSEgAA2ApjQgIAAQQAgBDYCrNCAgABBAEF/NgKo0ICAAANAIANBxNCAgABqIANBuNCAgABqIgQ2AgAgBCADQbDQgIAAaiIFNgIAIANBvNCAgABqIAU2AgAgA0HM0ICAAGogA0HA0ICAAGoiBTYCACAFIAQ2AgAgA0HU0ICAAGogA0HI0ICAAGoiBDYCACAEIAU2AgAgA0HQ0ICAAGogBDYCACADQSBqIgNBgAJHDQALQYDUhIAAQXhBgNSEgABrQQ9xQQBBgNSEgABBCGpBD3EbIgNqIgRBBGogAkFIaiIFIANrIgNBAXI2AgBBAEEAKALw04CAADYCpNCAgABBACADNgKU0ICAAEEAIAQ2AqDQgIAAQYDUhIAAIAVqQTg2AgQLAkACQAJAAkACQAJAAkACQAJAAkACQAJAIABB7AFLDQACQEEAKAKI0ICAACIGQRAgAEETakFwcSAAQQtJGyICQQN2IgR2IgNBA3FFDQACQAJAIANBAXEgBHJBAXMiBUEDdCIEQbDQgIAAaiIDIARBuNCAgABqKAIAIgQoAggiAkcNAEEAIAZBfiAFd3E2AojQgIAADAELIAMgAjYCCCACIAM2AgwLIARBCGohAyAEIAVBA3QiBUEDcjYCBCAEIAVqIgQgBCgCBEEBcjYCBAwMCyACQQAoApDQgIAAIgdNDQECQCADRQ0AAkACQCADIAR0QQIgBHQiA0EAIANrcnEiA0EAIANrcUF/aiIDIANBDHZBEHEiA3YiBEEFdkEIcSIFIANyIAQgBXYiA0ECdkEEcSIEciADIAR2IgNBAXZBAnEiBHIgAyAEdiIDQQF2QQFxIgRyIAMgBHZqIgRBA3QiA0Gw0ICAAGoiBSADQbjQgIAAaigCACIDKAIIIgBHDQBBACAGQX4gBHdxIgY2AojQgIAADAELIAUgADYCCCAAIAU2AgwLIAMgAkEDcjYCBCADIARBA3QiBGogBCACayIFNgIAIAMgAmoiACAFQQFyNgIEAkAgB0UNACAHQXhxQbDQgIAAaiECQQAoApzQgIAAIQQCQAJAIAZBASAHQQN2dCIIcQ0AQQAgBiAIcjYCiNCAgAAgAiEIDAELIAIoAgghCAsgCCAENgIMIAIgBDYCCCAEIAI2AgwgBCAINgIICyADQQhqIQNBACAANgKc0ICAAEEAIAU2ApDQgIAADAwLQQAoAozQgIAAIglFDQEgCUEAIAlrcUF/aiIDIANBDHZBEHEiA3YiBEEFdkEIcSIFIANyIAQgBXYiA0ECdkEEcSIEciADIAR2IgNBAXZBAnEiBHIgAyAEdiIDQQF2QQFxIgRyIAMgBHZqQQJ0QbjSgIAAaigCACIAKAIEQXhxIAJrIQQgACEFAkADQAJAIAUoAhAiAw0AIAVBFGooAgAiA0UNAgsgAygCBEF4cSACayIFIAQgBSAESSIFGyEEIAMgACAFGyEAIAMhBQwACwsgACgCGCEKAkAgACgCDCIIIABGDQAgACgCCCIDQQAoApjQgIAASRogCCADNgIIIAMgCDYCDAwLCwJAIABBFGoiBSgCACIDDQAgACgCECIDRQ0DIABBEGohBQsDQCAFIQsgAyIIQRRqIgUoAgAiAw0AIAhBEGohBSAIKAIQIgMNAAsgC0EANgIADAoLQX8hAiAAQb9/Sw0AIABBE2oiA0FwcSECQQAoAozQgIAAIgdFDQBBACELAkAgAkGAAkkNAEEfIQsgAkH///8HSw0AIANBCHYiAyADQYD+P2pBEHZBCHEiA3QiBCAEQYDgH2pBEHZBBHEiBHQiBSAFQYCAD2pBEHZBAnEiBXRBD3YgAyAEciAFcmsiA0EBdCACIANBFWp2QQFxckEcaiELC0EAIAJrIQQCQAJAAkACQCALQQJ0QbjSgIAAaigCACIFDQBBACEDQQAhCAwBC0EAIQMgAkEAQRkgC0EBdmsgC0EfRht0IQBBACEIA0ACQCAFKAIEQXhxIAJrIgYgBE8NACAGIQQgBSEIIAYNAEEAIQQgBSEIIAUhAwwDCyADIAVBFGooAgAiBiAGIAUgAEEddkEEcWpBEGooAgAiBUYbIAMgBhshAyAAQQF0IQAgBQ0ACwsCQCADIAhyDQBBACEIQQIgC3QiA0EAIANrciAHcSIDRQ0DIANBACADa3FBf2oiAyADQQx2QRBxIgN2IgVBBXZBCHEiACADciAFIAB2IgNBAnZBBHEiBXIgAyAFdiIDQQF2QQJxIgVyIAMgBXYiA0EBdkEBcSIFciADIAV2akECdEG40oCAAGooAgAhAwsgA0UNAQsDQCADKAIEQXhxIAJrIgYgBEkhAAJAIAMoAhAiBQ0AIANBFGooAgAhBQsgBiAEIAAbIQQgAyAIIAAbIQggBSEDIAUNAAsLIAhFDQAgBEEAKAKQ0ICAACACa08NACAIKAIYIQsCQCAIKAIMIgAgCEYNACAIKAIIIgNBACgCmNCAgABJGiAAIAM2AgggAyAANgIMDAkLAkAgCEEUaiIFKAIAIgMNACAIKAIQIgNFDQMgCEEQaiEFCwNAIAUhBiADIgBBFGoiBSgCACIDDQAgAEEQaiEFIAAoAhAiAw0ACyAGQQA2AgAMCAsCQEEAKAKQ0ICAACIDIAJJDQBBACgCnNCAgAAhBAJAAkAgAyACayIFQRBJDQAgBCACaiIAIAVBAXI2AgRBACAFNgKQ0ICAAEEAIAA2ApzQgIAAIAQgA2ogBTYCACAEIAJBA3I2AgQMAQsgBCADQQNyNgIEIAQgA2oiAyADKAIEQQFyNgIEQQBBADYCnNCAgABBAEEANgKQ0ICAAAsgBEEIaiEDDAoLAkBBACgClNCAgAAiACACTQ0AQQAoAqDQgIAAIgMgAmoiBCAAIAJrIgVBAXI2AgRBACAFNgKU0ICAAEEAIAQ2AqDQgIAAIAMgAkEDcjYCBCADQQhqIQMMCgsCQAJAQQAoAuDTgIAARQ0AQQAoAujTgIAAIQQMAQtBAEJ/NwLs04CAAEEAQoCAhICAgMAANwLk04CAAEEAIAFBDGpBcHFB2KrVqgVzNgLg04CAAEEAQQA2AvTTgIAAQQBBADYCxNOAgABBgIAEIQQLQQAhAwJAIAQgAkHHAGoiB2oiBkEAIARrIgtxIgggAksNAEEAQTA2AvjTgIAADAoLAkBBACgCwNOAgAAiA0UNAAJAQQAoArjTgIAAIgQgCGoiBSAETQ0AIAUgA00NAQtBACEDQQBBMDYC+NOAgAAMCgtBAC0AxNOAgABBBHENBAJAAkACQEEAKAKg0ICAACIERQ0AQcjTgIAAIQMDQAJAIAMoAgAiBSAESw0AIAUgAygCBGogBEsNAwsgAygCCCIDDQALC0EAEMuAgIAAIgBBf0YNBSAIIQYCQEEAKALk04CAACIDQX9qIgQgAHFFDQAgCCAAayAEIABqQQAgA2txaiEGCyAGIAJNDQUgBkH+////B0sNBQJAQQAoAsDTgIAAIgNFDQBBACgCuNOAgAAiBCAGaiIFIARNDQYgBSADSw0GCyAGEMuAgIAAIgMgAEcNAQwHCyAGIABrIAtxIgZB/v///wdLDQQgBhDLgICAACIAIAMoAgAgAygCBGpGDQMgACEDCwJAIANBf0YNACACQcgAaiAGTQ0AAkAgByAGa0EAKALo04CAACIEakEAIARrcSIEQf7///8HTQ0AIAMhAAwHCwJAIAQQy4CAgABBf0YNACAEIAZqIQYgAyEADAcLQQAgBmsQy4CAgAAaDAQLIAMhACADQX9HDQUMAwtBACEIDAcLQQAhAAwFCyAAQX9HDQILQQBBACgCxNOAgABBBHI2AsTTgIAACyAIQf7///8HSw0BIAgQy4CAgAAhAEEAEMuAgIAAIQMgAEF/Rg0BIANBf0YNASAAIANPDQEgAyAAayIGIAJBOGpNDQELQQBBACgCuNOAgAAgBmoiAzYCuNOAgAACQCADQQAoArzTgIAATQ0AQQAgAzYCvNOAgAALAkACQAJAAkBBACgCoNCAgAAiBEUNAEHI04CAACEDA0AgACADKAIAIgUgAygCBCIIakYNAiADKAIIIgMNAAwDCwsCQAJAQQAoApjQgIAAIgNFDQAgACADTw0BC0EAIAA2ApjQgIAAC0EAIQNBACAGNgLM04CAAEEAIAA2AsjTgIAAQQBBfzYCqNCAgABBAEEAKALg04CAADYCrNCAgABBAEEANgLU04CAAANAIANBxNCAgABqIANBuNCAgABqIgQ2AgAgBCADQbDQgIAAaiIFNgIAIANBvNCAgABqIAU2AgAgA0HM0ICAAGogA0HA0ICAAGoiBTYCACAFIAQ2AgAgA0HU0ICAAGogA0HI0ICAAGoiBDYCACAEIAU2AgAgA0HQ0ICAAGogBDYCACADQSBqIgNBgAJHDQALIABBeCAAa0EPcUEAIABBCGpBD3EbIgNqIgQgBkFIaiIFIANrIgNBAXI2AgRBAEEAKALw04CAADYCpNCAgABBACADNgKU0ICAAEEAIAQ2AqDQgIAAIAAgBWpBODYCBAwCCyADLQAMQQhxDQAgBCAFSQ0AIAQgAE8NACAEQXggBGtBD3FBACAEQQhqQQ9xGyIFaiIAQQAoApTQgIAAIAZqIgsgBWsiBUEBcjYCBCADIAggBmo2AgRBAEEAKALw04CAADYCpNCAgABBACAFNgKU0ICAAEEAIAA2AqDQgIAAIAQgC2pBODYCBAwBCwJAIABBACgCmNCAgAAiCE8NAEEAIAA2ApjQgIAAIAAhCAsgACAGaiEFQcjTgIAAIQMCQAJAAkACQAJAAkACQANAIAMoAgAgBUYNASADKAIIIgMNAAwCCwsgAy0ADEEIcUUNAQtByNOAgAAhAwNAAkAgAygCACIFIARLDQAgBSADKAIEaiIFIARLDQMLIAMoAgghAwwACwsgAyAANgIAIAMgAygCBCAGajYCBCAAQXggAGtBD3FBACAAQQhqQQ9xG2oiCyACQQNyNgIEIAVBeCAFa0EPcUEAIAVBCGpBD3EbaiIGIAsgAmoiAmshAwJAIAYgBEcNAEEAIAI2AqDQgIAAQQBBACgClNCAgAAgA2oiAzYClNCAgAAgAiADQQFyNgIEDAMLAkAgBkEAKAKc0ICAAEcNAEEAIAI2ApzQgIAAQQBBACgCkNCAgAAgA2oiAzYCkNCAgAAgAiADQQFyNgIEIAIgA2ogAzYCAAwDCwJAIAYoAgQiBEEDcUEBRw0AIARBeHEhBwJAAkAgBEH/AUsNACAGKAIIIgUgBEEDdiIIQQN0QbDQgIAAaiIARhoCQCAGKAIMIgQgBUcNAEEAQQAoAojQgIAAQX4gCHdxNgKI0ICAAAwCCyAEIABGGiAEIAU2AgggBSAENgIMDAELIAYoAhghCQJAAkAgBigCDCIAIAZGDQAgBigCCCIEIAhJGiAAIAQ2AgggBCAANgIMDAELAkAgBkEUaiIEKAIAIgUNACAGQRBqIgQoAgAiBQ0AQQAhAAwBCwNAIAQhCCAFIgBBFGoiBCgCACIFDQAgAEEQaiEEIAAoAhAiBQ0ACyAIQQA2AgALIAlFDQACQAJAIAYgBigCHCIFQQJ0QbjSgIAAaiIEKAIARw0AIAQgADYCACAADQFBAEEAKAKM0ICAAEF+IAV3cTYCjNCAgAAMAgsgCUEQQRQgCSgCECAGRhtqIAA2AgAgAEUNAQsgACAJNgIYAkAgBigCECIERQ0AIAAgBDYCECAEIAA2AhgLIAYoAhQiBEUNACAAQRRqIAQ2AgAgBCAANgIYCyAHIANqIQMgBiAHaiIGKAIEIQQLIAYgBEF+cTYCBCACIANqIAM2AgAgAiADQQFyNgIEAkAgA0H/AUsNACADQXhxQbDQgIAAaiEEAkACQEEAKAKI0ICAACIFQQEgA0EDdnQiA3ENAEEAIAUgA3I2AojQgIAAIAQhAwwBCyAEKAIIIQMLIAMgAjYCDCAEIAI2AgggAiAENgIMIAIgAzYCCAwDC0EfIQQCQCADQf///wdLDQAgA0EIdiIEIARBgP4/akEQdkEIcSIEdCIFIAVBgOAfakEQdkEEcSIFdCIAIABBgIAPakEQdkECcSIAdEEPdiAEIAVyIAByayIEQQF0IAMgBEEVanZBAXFyQRxqIQQLIAIgBDYCHCACQgA3AhAgBEECdEG40oCAAGohBQJAQQAoAozQgIAAIgBBASAEdCIIcQ0AIAUgAjYCAEEAIAAgCHI2AozQgIAAIAIgBTYCGCACIAI2AgggAiACNgIMDAMLIANBAEEZIARBAXZrIARBH0YbdCEEIAUoAgAhAANAIAAiBSgCBEF4cSADRg0CIARBHXYhACAEQQF0IQQgBSAAQQRxakEQaiIIKAIAIgANAAsgCCACNgIAIAIgBTYCGCACIAI2AgwgAiACNgIIDAILIABBeCAAa0EPcUEAIABBCGpBD3EbIgNqIgsgBkFIaiIIIANrIgNBAXI2AgQgACAIakE4NgIEIAQgBUE3IAVrQQ9xQQAgBUFJakEPcRtqQUFqIgggCCAEQRBqSRsiCEEjNgIEQQBBACgC8NOAgAA2AqTQgIAAQQAgAzYClNCAgABBACALNgKg0ICAACAIQRBqQQApAtDTgIAANwIAIAhBACkCyNOAgAA3AghBACAIQQhqNgLQ04CAAEEAIAY2AszTgIAAQQAgADYCyNOAgABBAEEANgLU04CAACAIQSRqIQMDQCADQQc2AgAgA0EEaiIDIAVJDQALIAggBEYNAyAIIAgoAgRBfnE2AgQgCCAIIARrIgA2AgAgBCAAQQFyNgIEAkAgAEH/AUsNACAAQXhxQbDQgIAAaiEDAkACQEEAKAKI0ICAACIFQQEgAEEDdnQiAHENAEEAIAUgAHI2AojQgIAAIAMhBQwBCyADKAIIIQULIAUgBDYCDCADIAQ2AgggBCADNgIMIAQgBTYCCAwEC0EfIQMCQCAAQf///wdLDQAgAEEIdiIDIANBgP4/akEQdkEIcSIDdCIFIAVBgOAfakEQdkEEcSIFdCIIIAhBgIAPakEQdkECcSIIdEEPdiADIAVyIAhyayIDQQF0IAAgA0EVanZBAXFyQRxqIQMLIAQgAzYCHCAEQgA3AhAgA0ECdEG40oCAAGohBQJAQQAoAozQgIAAIghBASADdCIGcQ0AIAUgBDYCAEEAIAggBnI2AozQgIAAIAQgBTYCGCAEIAQ2AgggBCAENgIMDAQLIABBAEEZIANBAXZrIANBH0YbdCEDIAUoAgAhCANAIAgiBSgCBEF4cSAARg0DIANBHXYhCCADQQF0IQMgBSAIQQRxakEQaiIGKAIAIggNAAsgBiAENgIAIAQgBTYCGCAEIAQ2AgwgBCAENgIIDAMLIAUoAggiAyACNgIMIAUgAjYCCCACQQA2AhggAiAFNgIMIAIgAzYCCAsgC0EIaiEDDAULIAUoAggiAyAENgIMIAUgBDYCCCAEQQA2AhggBCAFNgIMIAQgAzYCCAtBACgClNCAgAAiAyACTQ0AQQAoAqDQgIAAIgQgAmoiBSADIAJrIgNBAXI2AgRBACADNgKU0ICAAEEAIAU2AqDQgIAAIAQgAkEDcjYCBCAEQQhqIQMMAwtBACEDQQBBMDYC+NOAgAAMAgsCQCALRQ0AAkACQCAIIAgoAhwiBUECdEG40oCAAGoiAygCAEcNACADIAA2AgAgAA0BQQAgB0F+IAV3cSIHNgKM0ICAAAwCCyALQRBBFCALKAIQIAhGG2ogADYCACAARQ0BCyAAIAs2AhgCQCAIKAIQIgNFDQAgACADNgIQIAMgADYCGAsgCEEUaigCACIDRQ0AIABBFGogAzYCACADIAA2AhgLAkACQCAEQQ9LDQAgCCAEIAJqIgNBA3I2AgQgCCADaiIDIAMoAgRBAXI2AgQMAQsgCCACaiIAIARBAXI2AgQgCCACQQNyNgIEIAAgBGogBDYCAAJAIARB/wFLDQAgBEF4cUGw0ICAAGohAwJAAkBBACgCiNCAgAAiBUEBIARBA3Z0IgRxDQBBACAFIARyNgKI0ICAACADIQQMAQsgAygCCCEECyAEIAA2AgwgAyAANgIIIAAgAzYCDCAAIAQ2AggMAQtBHyEDAkAgBEH///8HSw0AIARBCHYiAyADQYD+P2pBEHZBCHEiA3QiBSAFQYDgH2pBEHZBBHEiBXQiAiACQYCAD2pBEHZBAnEiAnRBD3YgAyAFciACcmsiA0EBdCAEIANBFWp2QQFxckEcaiEDCyAAIAM2AhwgAEIANwIQIANBAnRBuNKAgABqIQUCQCAHQQEgA3QiAnENACAFIAA2AgBBACAHIAJyNgKM0ICAACAAIAU2AhggACAANgIIIAAgADYCDAwBCyAEQQBBGSADQQF2ayADQR9GG3QhAyAFKAIAIQICQANAIAIiBSgCBEF4cSAERg0BIANBHXYhAiADQQF0IQMgBSACQQRxakEQaiIGKAIAIgINAAsgBiAANgIAIAAgBTYCGCAAIAA2AgwgACAANgIIDAELIAUoAggiAyAANgIMIAUgADYCCCAAQQA2AhggACAFNgIMIAAgAzYCCAsgCEEIaiEDDAELAkAgCkUNAAJAAkAgACAAKAIcIgVBAnRBuNKAgABqIgMoAgBHDQAgAyAINgIAIAgNAUEAIAlBfiAFd3E2AozQgIAADAILIApBEEEUIAooAhAgAEYbaiAINgIAIAhFDQELIAggCjYCGAJAIAAoAhAiA0UNACAIIAM2AhAgAyAINgIYCyAAQRRqKAIAIgNFDQAgCEEUaiADNgIAIAMgCDYCGAsCQAJAIARBD0sNACAAIAQgAmoiA0EDcjYCBCAAIANqIgMgAygCBEEBcjYCBAwBCyAAIAJqIgUgBEEBcjYCBCAAIAJBA3I2AgQgBSAEaiAENgIAAkAgB0UNACAHQXhxQbDQgIAAaiECQQAoApzQgIAAIQMCQAJAQQEgB0EDdnQiCCAGcQ0AQQAgCCAGcjYCiNCAgAAgAiEIDAELIAIoAgghCAsgCCADNgIMIAIgAzYCCCADIAI2AgwgAyAINgIIC0EAIAU2ApzQgIAAQQAgBDYCkNCAgAALIABBCGohAwsgAUEQaiSAgICAACADCwoAIAAQyYCAgAAL4g0BB38CQCAARQ0AIABBeGoiASAAQXxqKAIAIgJBeHEiAGohAwJAIAJBAXENACACQQNxRQ0BIAEgASgCACICayIBQQAoApjQgIAAIgRJDQEgAiAAaiEAAkAgAUEAKAKc0ICAAEYNAAJAIAJB/wFLDQAgASgCCCIEIAJBA3YiBUEDdEGw0ICAAGoiBkYaAkAgASgCDCICIARHDQBBAEEAKAKI0ICAAEF+IAV3cTYCiNCAgAAMAwsgAiAGRhogAiAENgIIIAQgAjYCDAwCCyABKAIYIQcCQAJAIAEoAgwiBiABRg0AIAEoAggiAiAESRogBiACNgIIIAIgBjYCDAwBCwJAIAFBFGoiAigCACIEDQAgAUEQaiICKAIAIgQNAEEAIQYMAQsDQCACIQUgBCIGQRRqIgIoAgAiBA0AIAZBEGohAiAGKAIQIgQNAAsgBUEANgIACyAHRQ0BAkACQCABIAEoAhwiBEECdEG40oCAAGoiAigCAEcNACACIAY2AgAgBg0BQQBBACgCjNCAgABBfiAEd3E2AozQgIAADAMLIAdBEEEUIAcoAhAgAUYbaiAGNgIAIAZFDQILIAYgBzYCGAJAIAEoAhAiAkUNACAGIAI2AhAgAiAGNgIYCyABKAIUIgJFDQEgBkEUaiACNgIAIAIgBjYCGAwBCyADKAIEIgJBA3FBA0cNACADIAJBfnE2AgRBACAANgKQ0ICAACABIABqIAA2AgAgASAAQQFyNgIEDwsgASADTw0AIAMoAgQiAkEBcUUNAAJAAkAgAkECcQ0AAkAgA0EAKAKg0ICAAEcNAEEAIAE2AqDQgIAAQQBBACgClNCAgAAgAGoiADYClNCAgAAgASAAQQFyNgIEIAFBACgCnNCAgABHDQNBAEEANgKQ0ICAAEEAQQA2ApzQgIAADwsCQCADQQAoApzQgIAARw0AQQAgATYCnNCAgABBAEEAKAKQ0ICAACAAaiIANgKQ0ICAACABIABBAXI2AgQgASAAaiAANgIADwsgAkF4cSAAaiEAAkACQCACQf8BSw0AIAMoAggiBCACQQN2IgVBA3RBsNCAgABqIgZGGgJAIAMoAgwiAiAERw0AQQBBACgCiNCAgABBfiAFd3E2AojQgIAADAILIAIgBkYaIAIgBDYCCCAEIAI2AgwMAQsgAygCGCEHAkACQCADKAIMIgYgA0YNACADKAIIIgJBACgCmNCAgABJGiAGIAI2AgggAiAGNgIMDAELAkAgA0EUaiICKAIAIgQNACADQRBqIgIoAgAiBA0AQQAhBgwBCwNAIAIhBSAEIgZBFGoiAigCACIEDQAgBkEQaiECIAYoAhAiBA0ACyAFQQA2AgALIAdFDQACQAJAIAMgAygCHCIEQQJ0QbjSgIAAaiICKAIARw0AIAIgBjYCACAGDQFBAEEAKAKM0ICAAEF+IAR3cTYCjNCAgAAMAgsgB0EQQRQgBygCECADRhtqIAY2AgAgBkUNAQsgBiAHNgIYAkAgAygCECICRQ0AIAYgAjYCECACIAY2AhgLIAMoAhQiAkUNACAGQRRqIAI2AgAgAiAGNgIYCyABIABqIAA2AgAgASAAQQFyNgIEIAFBACgCnNCAgABHDQFBACAANgKQ0ICAAA8LIAMgAkF+cTYCBCABIABqIAA2AgAgASAAQQFyNgIECwJAIABB/wFLDQAgAEF4cUGw0ICAAGohAgJAAkBBACgCiNCAgAAiBEEBIABBA3Z0IgBxDQBBACAEIAByNgKI0ICAACACIQAMAQsgAigCCCEACyAAIAE2AgwgAiABNgIIIAEgAjYCDCABIAA2AggPC0EfIQICQCAAQf///wdLDQAgAEEIdiICIAJBgP4/akEQdkEIcSICdCIEIARBgOAfakEQdkEEcSIEdCIGIAZBgIAPakEQdkECcSIGdEEPdiACIARyIAZyayICQQF0IAAgAkEVanZBAXFyQRxqIQILIAEgAjYCHCABQgA3AhAgAkECdEG40oCAAGohBAJAAkBBACgCjNCAgAAiBkEBIAJ0IgNxDQAgBCABNgIAQQAgBiADcjYCjNCAgAAgASAENgIYIAEgATYCCCABIAE2AgwMAQsgAEEAQRkgAkEBdmsgAkEfRht0IQIgBCgCACEGAkADQCAGIgQoAgRBeHEgAEYNASACQR12IQYgAkEBdCECIAQgBkEEcWpBEGoiAygCACIGDQALIAMgATYCACABIAQ2AhggASABNgIMIAEgATYCCAwBCyAEKAIIIgAgATYCDCAEIAE2AgggAUEANgIYIAEgBDYCDCABIAA2AggLQQBBACgCqNCAgABBf2oiAUF/IAEbNgKo0ICAAAsLBAAAAAtOAAJAIAANAD8AQRB0DwsCQCAAQf//A3ENACAAQX9MDQACQCAAQRB2QAAiAEF/Rw0AQQBBMDYC+NOAgABBfw8LIABBEHQPCxDKgICAAAAL8gICA38BfgJAIAJFDQAgACABOgAAIAIgAGoiA0F/aiABOgAAIAJBA0kNACAAIAE6AAIgACABOgABIANBfWogAToAACADQX5qIAE6AAAgAkEHSQ0AIAAgAToAAyADQXxqIAE6AAAgAkEJSQ0AIABBACAAa0EDcSIEaiIDIAFB/wFxQYGChAhsIgE2AgAgAyACIARrQXxxIgRqIgJBfGogATYCACAEQQlJDQAgAyABNgIIIAMgATYCBCACQXhqIAE2AgAgAkF0aiABNgIAIARBGUkNACADIAE2AhggAyABNgIUIAMgATYCECADIAE2AgwgAkFwaiABNgIAIAJBbGogATYCACACQWhqIAE2AgAgAkFkaiABNgIAIAQgA0EEcUEYciIFayICQSBJDQAgAa1CgYCAgBB+IQYgAyAFaiEBA0AgASAGNwMYIAEgBjcDECABIAY3AwggASAGNwMAIAFBIGohASACQWBqIgJBH0sNAAsLIAALC45IAQBBgAgLhkgBAAAAAgAAAAMAAAAAAAAAAAAAAAQAAAAFAAAAAAAAAAAAAAAGAAAABwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEludmFsaWQgY2hhciBpbiB1cmwgcXVlcnkAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9ib2R5AENvbnRlbnQtTGVuZ3RoIG92ZXJmbG93AENodW5rIHNpemUgb3ZlcmZsb3cAUmVzcG9uc2Ugb3ZlcmZsb3cASW52YWxpZCBtZXRob2QgZm9yIEhUVFAveC54IHJlcXVlc3QASW52YWxpZCBtZXRob2QgZm9yIFJUU1AveC54IHJlcXVlc3QARXhwZWN0ZWQgU09VUkNFIG1ldGhvZCBmb3IgSUNFL3gueCByZXF1ZXN0AEludmFsaWQgY2hhciBpbiB1cmwgZnJhZ21lbnQgc3RhcnQARXhwZWN0ZWQgZG90AFNwYW4gY2FsbGJhY2sgZXJyb3IgaW4gb25fc3RhdHVzAEludmFsaWQgcmVzcG9uc2Ugc3RhdHVzAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIGV4dGVuc2lvbnMAVXNlciBjYWxsYmFjayBlcnJvcgBgb25fcmVzZXRgIGNhbGxiYWNrIGVycm9yAGBvbl9jaHVua19oZWFkZXJgIGNhbGxiYWNrIGVycm9yAGBvbl9tZXNzYWdlX2JlZ2luYCBjYWxsYmFjayBlcnJvcgBgb25fY2h1bmtfZXh0ZW5zaW9uX3ZhbHVlYCBjYWxsYmFjayBlcnJvcgBgb25fc3RhdHVzX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fdmVyc2lvbl9jb21wbGV0ZWAgY2FsbGJhY2sgZXJyb3IAYG9uX3VybF9jb21wbGV0ZWAgY2FsbGJhY2sgZXJyb3IAYG9uX2NodW5rX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25faGVhZGVyX3ZhbHVlX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fbWVzc2FnZV9jb21wbGV0ZWAgY2FsbGJhY2sgZXJyb3IAYG9uX21ldGhvZF9jb21wbGV0ZWAgY2FsbGJhY2sgZXJyb3IAYG9uX2hlYWRlcl9maWVsZF9jb21wbGV0ZWAgY2FsbGJhY2sgZXJyb3IAYG9uX2NodW5rX2V4dGVuc2lvbl9uYW1lYCBjYWxsYmFjayBlcnJvcgBVbmV4cGVjdGVkIGNoYXIgaW4gdXJsIHNlcnZlcgBJbnZhbGlkIGhlYWRlciB2YWx1ZSBjaGFyAEludmFsaWQgaGVhZGVyIGZpZWxkIGNoYXIAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl92ZXJzaW9uAEludmFsaWQgbWlub3IgdmVyc2lvbgBJbnZhbGlkIG1ham9yIHZlcnNpb24ARXhwZWN0ZWQgc3BhY2UgYWZ0ZXIgdmVyc2lvbgBFeHBlY3RlZCBDUkxGIGFmdGVyIHZlcnNpb24ASW52YWxpZCBIVFRQIHZlcnNpb24ASW52YWxpZCBoZWFkZXIgdG9rZW4AU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl91cmwASW52YWxpZCBjaGFyYWN0ZXJzIGluIHVybABVbmV4cGVjdGVkIHN0YXJ0IGNoYXIgaW4gdXJsAERvdWJsZSBAIGluIHVybABFbXB0eSBDb250ZW50LUxlbmd0aABJbnZhbGlkIGNoYXJhY3RlciBpbiBDb250ZW50LUxlbmd0aABEdXBsaWNhdGUgQ29udGVudC1MZW5ndGgASW52YWxpZCBjaGFyIGluIHVybCBwYXRoAENvbnRlbnQtTGVuZ3RoIGNhbid0IGJlIHByZXNlbnQgd2l0aCBUcmFuc2Zlci1FbmNvZGluZwBJbnZhbGlkIGNoYXJhY3RlciBpbiBjaHVuayBzaXplAFNwYW4gY2FsbGJhY2sgZXJyb3IgaW4gb25faGVhZGVyX3ZhbHVlAFNwYW4gY2FsbGJhY2sgZXJyb3IgaW4gb25fY2h1bmtfZXh0ZW5zaW9uX3ZhbHVlAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIGV4dGVuc2lvbnMgdmFsdWUATWlzc2luZyBleHBlY3RlZCBMRiBhZnRlciBoZWFkZXIgdmFsdWUASW52YWxpZCBgVHJhbnNmZXItRW5jb2RpbmdgIGhlYWRlciB2YWx1ZQBJbnZhbGlkIGNoYXJhY3RlciBpbiBjaHVuayBleHRlbnNpb25zIHF1b3RlIHZhbHVlAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIGV4dGVuc2lvbnMgcXVvdGVkIHZhbHVlAFBhdXNlZCBieSBvbl9oZWFkZXJzX2NvbXBsZXRlAEludmFsaWQgRU9GIHN0YXRlAG9uX3Jlc2V0IHBhdXNlAG9uX2NodW5rX2hlYWRlciBwYXVzZQBvbl9tZXNzYWdlX2JlZ2luIHBhdXNlAG9uX2NodW5rX2V4dGVuc2lvbl92YWx1ZSBwYXVzZQBvbl9zdGF0dXNfY29tcGxldGUgcGF1c2UAb25fdmVyc2lvbl9jb21wbGV0ZSBwYXVzZQBvbl91cmxfY29tcGxldGUgcGF1c2UAb25fY2h1bmtfY29tcGxldGUgcGF1c2UAb25faGVhZGVyX3ZhbHVlX2NvbXBsZXRlIHBhdXNlAG9uX21lc3NhZ2VfY29tcGxldGUgcGF1c2UAb25fbWV0aG9kX2NvbXBsZXRlIHBhdXNlAG9uX2hlYWRlcl9maWVsZF9jb21wbGV0ZSBwYXVzZQBvbl9jaHVua19leHRlbnNpb25fbmFtZSBwYXVzZQBVbmV4cGVjdGVkIHNwYWNlIGFmdGVyIHN0YXJ0IGxpbmUAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9jaHVua19leHRlbnNpb25fbmFtZQBJbnZhbGlkIGNoYXJhY3RlciBpbiBjaHVuayBleHRlbnNpb25zIG5hbWUAUGF1c2Ugb24gQ09OTkVDVC9VcGdyYWRlAFBhdXNlIG9uIFBSSS9VcGdyYWRlAEV4cGVjdGVkIEhUVFAvMiBDb25uZWN0aW9uIFByZWZhY2UAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9tZXRob2QARXhwZWN0ZWQgc3BhY2UgYWZ0ZXIgbWV0aG9kAFNwYW4gY2FsbGJhY2sgZXJyb3IgaW4gb25faGVhZGVyX2ZpZWxkAFBhdXNlZABJbnZhbGlkIHdvcmQgZW5jb3VudGVyZWQASW52YWxpZCBtZXRob2QgZW5jb3VudGVyZWQAVW5leHBlY3RlZCBjaGFyIGluIHVybCBzY2hlbWEAUmVxdWVzdCBoYXMgaW52YWxpZCBgVHJhbnNmZXItRW5jb2RpbmdgAFNXSVRDSF9QUk9YWQBVU0VfUFJPWFkATUtBQ1RJVklUWQBVTlBST0NFU1NBQkxFX0VOVElUWQBDT1BZAE1PVkVEX1BFUk1BTkVOVExZAFRPT19FQVJMWQBOT1RJRlkARkFJTEVEX0RFUEVOREVOQ1kAQkFEX0dBVEVXQVkAUExBWQBQVVQAQ0hFQ0tPVVQAR0FURVdBWV9USU1FT1VUAFJFUVVFU1RfVElNRU9VVABORVRXT1JLX0NPTk5FQ1RfVElNRU9VVABDT05ORUNUSU9OX1RJTUVPVVQATE9HSU5fVElNRU9VVABORVRXT1JLX1JFQURfVElNRU9VVABQT1NUAE1JU0RJUkVDVEVEX1JFUVVFU1QAQ0xJRU5UX0NMT1NFRF9SRVFVRVNUAENMSUVOVF9DTE9TRURfTE9BRF9CQUxBTkNFRF9SRVFVRVNUAEJBRF9SRVFVRVNUAEhUVFBfUkVRVUVTVF9TRU5UX1RPX0hUVFBTX1BPUlQAUkVQT1JUAElNX0FfVEVBUE9UAFJFU0VUX0NPTlRFTlQATk9fQ09OVEVOVABQQVJUSUFMX0NPTlRFTlQASFBFX0lOVkFMSURfQ09OU1RBTlQASFBFX0NCX1JFU0VUAEdFVABIUEVfU1RSSUNUAENPTkZMSUNUAFRFTVBPUkFSWV9SRURJUkVDVABQRVJNQU5FTlRfUkVESVJFQ1QAQ09OTkVDVABNVUxUSV9TVEFUVVMASFBFX0lOVkFMSURfU1RBVFVTAFRPT19NQU5ZX1JFUVVFU1RTAEVBUkxZX0hJTlRTAFVOQVZBSUxBQkxFX0ZPUl9MRUdBTF9SRUFTT05TAE9QVElPTlMAU1dJVENISU5HX1BST1RPQ09MUwBWQVJJQU5UX0FMU09fTkVHT1RJQVRFUwBNVUxUSVBMRV9DSE9JQ0VTAElOVEVSTkFMX1NFUlZFUl9FUlJPUgBXRUJfU0VSVkVSX1VOS05PV05fRVJST1IAUkFJTEdVTl9FUlJPUgBJREVOVElUWV9QUk9WSURFUl9BVVRIRU5USUNBVElPTl9FUlJPUgBTU0xfQ0VSVElGSUNBVEVfRVJST1IASU5WQUxJRF9YX0ZPUldBUkRFRF9GT1IAU0VUX1BBUkFNRVRFUgBHRVRfUEFSQU1FVEVSAEhQRV9VU0VSAFNFRV9PVEhFUgBIUEVfQ0JfQ0hVTktfSEVBREVSAE1LQ0FMRU5EQVIAU0VUVVAAV0VCX1NFUlZFUl9JU19ET1dOAFRFQVJET1dOAEhQRV9DTE9TRURfQ09OTkVDVElPTgBIRVVSSVNUSUNfRVhQSVJBVElPTgBESVNDT05ORUNURURfT1BFUkFUSU9OAE5PTl9BVVRIT1JJVEFUSVZFX0lORk9STUFUSU9OAEhQRV9JTlZBTElEX1ZFUlNJT04ASFBFX0NCX01FU1NBR0VfQkVHSU4AU0lURV9JU19GUk9aRU4ASFBFX0lOVkFMSURfSEVBREVSX1RPS0VOAElOVkFMSURfVE9LRU4ARk9SQklEREVOAEVOSEFOQ0VfWU9VUl9DQUxNAEhQRV9JTlZBTElEX1VSTABCTE9DS0VEX0JZX1BBUkVOVEFMX0NPTlRST0wATUtDT0wAQUNMAEhQRV9JTlRFUk5BTABSRVFVRVNUX0hFQURFUl9GSUVMRFNfVE9PX0xBUkdFX1VOT0ZGSUNJQUwASFBFX09LAFVOTElOSwBVTkxPQ0sAUFJJAFJFVFJZX1dJVEgASFBFX0lOVkFMSURfQ09OVEVOVF9MRU5HVEgASFBFX1VORVhQRUNURURfQ09OVEVOVF9MRU5HVEgARkxVU0gAUFJPUFBBVENIAE0tU0VBUkNIAFVSSV9UT09fTE9ORwBQUk9DRVNTSU5HAE1JU0NFTExBTkVPVVNfUEVSU0lTVEVOVF9XQVJOSU5HAE1JU0NFTExBTkVPVVNfV0FSTklORwBIUEVfSU5WQUxJRF9UUkFOU0ZFUl9FTkNPRElORwBFeHBlY3RlZCBDUkxGAEhQRV9JTlZBTElEX0NIVU5LX1NJWkUATU9WRQBDT05USU5VRQBIUEVfQ0JfU1RBVFVTX0NPTVBMRVRFAEhQRV9DQl9IRUFERVJTX0NPTVBMRVRFAEhQRV9DQl9WRVJTSU9OX0NPTVBMRVRFAEhQRV9DQl9VUkxfQ09NUExFVEUASFBFX0NCX0NIVU5LX0NPTVBMRVRFAEhQRV9DQl9IRUFERVJfVkFMVUVfQ09NUExFVEUASFBFX0NCX0NIVU5LX0VYVEVOU0lPTl9WQUxVRV9DT01QTEVURQBIUEVfQ0JfQ0hVTktfRVhURU5TSU9OX05BTUVfQ09NUExFVEUASFBFX0NCX01FU1NBR0VfQ09NUExFVEUASFBFX0NCX01FVEhPRF9DT01QTEVURQBIUEVfQ0JfSEVBREVSX0ZJRUxEX0NPTVBMRVRFAERFTEVURQBIUEVfSU5WQUxJRF9FT0ZfU1RBVEUASU5WQUxJRF9TU0xfQ0VSVElGSUNBVEUAUEFVU0UATk9fUkVTUE9OU0UAVU5TVVBQT1JURURfTUVESUFfVFlQRQBHT05FAE5PVF9BQ0NFUFRBQkxFAFNFUlZJQ0VfVU5BVkFJTEFCTEUAUkFOR0VfTk9UX1NBVElTRklBQkxFAE9SSUdJTl9JU19VTlJFQUNIQUJMRQBSRVNQT05TRV9JU19TVEFMRQBQVVJHRQBNRVJHRQBSRVFVRVNUX0hFQURFUl9GSUVMRFNfVE9PX0xBUkdFAFJFUVVFU1RfSEVBREVSX1RPT19MQVJHRQBQQVlMT0FEX1RPT19MQVJHRQBJTlNVRkZJQ0lFTlRfU1RPUkFHRQBIUEVfUEFVU0VEX1VQR1JBREUASFBFX1BBVVNFRF9IMl9VUEdSQURFAFNPVVJDRQBBTk5PVU5DRQBUUkFDRQBIUEVfVU5FWFBFQ1RFRF9TUEFDRQBERVNDUklCRQBVTlNVQlNDUklCRQBSRUNPUkQASFBFX0lOVkFMSURfTUVUSE9EAE5PVF9GT1VORABQUk9QRklORABVTkJJTkQAUkVCSU5EAFVOQVVUSE9SSVpFRABNRVRIT0RfTk9UX0FMTE9XRUQASFRUUF9WRVJTSU9OX05PVF9TVVBQT1JURUQAQUxSRUFEWV9SRVBPUlRFRABBQ0NFUFRFRABOT1RfSU1QTEVNRU5URUQATE9PUF9ERVRFQ1RFRABIUEVfQ1JfRVhQRUNURUQASFBFX0xGX0VYUEVDVEVEAENSRUFURUQASU1fVVNFRABIUEVfUEFVU0VEAFRJTUVPVVRfT0NDVVJFRABQQVlNRU5UX1JFUVVJUkVEAFBSRUNPTkRJVElPTl9SRVFVSVJFRABQUk9YWV9BVVRIRU5USUNBVElPTl9SRVFVSVJFRABORVRXT1JLX0FVVEhFTlRJQ0FUSU9OX1JFUVVJUkVEAExFTkdUSF9SRVFVSVJFRABTU0xfQ0VSVElGSUNBVEVfUkVRVUlSRUQAVVBHUkFERV9SRVFVSVJFRABQQUdFX0VYUElSRUQAUFJFQ09ORElUSU9OX0ZBSUxFRABFWFBFQ1RBVElPTl9GQUlMRUQAUkVWQUxJREFUSU9OX0ZBSUxFRABTU0xfSEFORFNIQUtFX0ZBSUxFRABMT0NLRUQAVFJBTlNGT1JNQVRJT05fQVBQTElFRABOT1RfTU9ESUZJRUQATk9UX0VYVEVOREVEAEJBTkRXSURUSF9MSU1JVF9FWENFRURFRABTSVRFX0lTX09WRVJMT0FERUQASEVBRABFeHBlY3RlZCBIVFRQLwAAXhMAACYTAAAwEAAA8BcAAJ0TAAAVEgAAORcAAPASAAAKEAAAdRIAAK0SAACCEwAATxQAAH8QAACgFQAAIxQAAIkSAACLFAAATRUAANQRAADPFAAAEBgAAMkWAADcFgAAwREAAOAXAAC7FAAAdBQAAHwVAADlFAAACBcAAB8QAABlFQAAoxQAACgVAAACFQAAmRUAACwQAACLGQAATw8AANQOAABqEAAAzhAAAAIXAACJDgAAbhMAABwTAABmFAAAVhcAAMETAADNEwAAbBMAAGgXAABmFwAAXxcAACITAADODwAAaQ4AANgOAABjFgAAyxMAAKoOAAAoFwAAJhcAAMUTAABdFgAA6BEAAGcTAABlEwAA8hYAAHMTAAAdFwAA+RYAAPMRAADPDgAAzhUAAAwSAACzEQAApREAAGEQAAAyFwAAuxMAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQIBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAIDAgICAgIAAAICAAICAAICAgICAgICAgIABAAAAAAAAgICAgICAgICAgICAgICAgICAgICAgICAgIAAAACAgICAgICAgICAgICAgICAgICAgICAgICAgICAgACAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAACAAICAgICAAACAgACAgACAgICAgICAgICAAMABAAAAAICAgICAgICAgICAgICAgICAgICAgICAgICAAAAAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbG9zZWVlcC1hbGl2ZQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQIBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBY2h1bmtlZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAQEBAQEAAAEBAAEBAAEBAQEBAQEBAQEAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABlY3Rpb25lbnQtbGVuZ3Rob25yb3h5LWNvbm5lY3Rpb24AAAAAAAAAAAAAAAAAAAByYW5zZmVyLWVuY29kaW5ncGdyYWRlDQoNCg0KU00NCg0KVFRQL0NFL1RTUC8AAAAAAAAAAAAAAAABAgABAwAAAAAAAAAAAAAAAAAAAAAAAAQBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAQIAAQMAAAAAAAAAAAAAAAAAAAAAAAAEAQEFAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAAQAAAgAAAAAAAAAAAAAAAAAAAAAAAAMEAAAEBAQEBAQEBAQEBAUEBAQEBAQEBAQEBAQABAAGBwQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEAAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAADAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwAAAAAAAAMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAIAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMAAAAAAAADAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOT1VOQ0VFQ0tPVVRORUNURVRFQ1JJQkVMVVNIRVRFQURTRUFSQ0hSR0VDVElWSVRZTEVOREFSVkVPVElGWVBUSU9OU0NIU0VBWVNUQVRDSEdFT1JESVJFQ1RPUlRSQ0hQQVJBTUVURVJVUkNFQlNDUklCRUFSRE9XTkFDRUlORE5LQ0tVQlNDUklCRUhUVFAvQURUUC8='\n","module.exports = 'AGFzbQEAAAABMAhgAX8Bf2ADf39/AX9gBH9/f38Bf2AAAGADf39/AGABfwBgAn9/AGAGf39/f39/AALLAQgDZW52GHdhc21fb25faGVhZGVyc19jb21wbGV0ZQACA2VudhV3YXNtX29uX21lc3NhZ2VfYmVnaW4AAANlbnYLd2FzbV9vbl91cmwAAQNlbnYOd2FzbV9vbl9zdGF0dXMAAQNlbnYUd2FzbV9vbl9oZWFkZXJfZmllbGQAAQNlbnYUd2FzbV9vbl9oZWFkZXJfdmFsdWUAAQNlbnYMd2FzbV9vbl9ib2R5AAEDZW52GHdhc21fb25fbWVzc2FnZV9jb21wbGV0ZQAAA0ZFAwMEAAAFAAAAAAAABQEFAAUFBQAABgAAAAAGBgYGAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAAABAQcAAAUFAwABBAUBcAESEgUDAQACBggBfwFBgNQECwfRBSIGbWVtb3J5AgALX2luaXRpYWxpemUACRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALbGxodHRwX2luaXQAChhsbGh0dHBfc2hvdWxkX2tlZXBfYWxpdmUAQQxsbGh0dHBfYWxsb2MADAZtYWxsb2MARgtsbGh0dHBfZnJlZQANBGZyZWUASA9sbGh0dHBfZ2V0X3R5cGUADhVsbGh0dHBfZ2V0X2h0dHBfbWFqb3IADxVsbGh0dHBfZ2V0X2h0dHBfbWlub3IAEBFsbGh0dHBfZ2V0X21ldGhvZAARFmxsaHR0cF9nZXRfc3RhdHVzX2NvZGUAEhJsbGh0dHBfZ2V0X3VwZ3JhZGUAEwxsbGh0dHBfcmVzZXQAFA5sbGh0dHBfZXhlY3V0ZQAVFGxsaHR0cF9zZXR0aW5nc19pbml0ABYNbGxodHRwX2ZpbmlzaAAXDGxsaHR0cF9wYXVzZQAYDWxsaHR0cF9yZXN1bWUAGRtsbGh0dHBfcmVzdW1lX2FmdGVyX3VwZ3JhZGUAGhBsbGh0dHBfZ2V0X2Vycm5vABsXbGxodHRwX2dldF9lcnJvcl9yZWFzb24AHBdsbGh0dHBfc2V0X2Vycm9yX3JlYXNvbgAdFGxsaHR0cF9nZXRfZXJyb3JfcG9zAB4RbGxodHRwX2Vycm5vX25hbWUAHxJsbGh0dHBfbWV0aG9kX25hbWUAIBJsbGh0dHBfc3RhdHVzX25hbWUAIRpsbGh0dHBfc2V0X2xlbmllbnRfaGVhZGVycwAiIWxsaHR0cF9zZXRfbGVuaWVudF9jaHVua2VkX2xlbmd0aAAjHWxsaHR0cF9zZXRfbGVuaWVudF9rZWVwX2FsaXZlACQkbGxodHRwX3NldF9sZW5pZW50X3RyYW5zZmVyX2VuY29kaW5nACUYbGxodHRwX21lc3NhZ2VfbmVlZHNfZW9mAD8JFwEAQQELEQECAwQFCwYHNTk3MS8tJyspCrLgAkUCAAsIABCIgICAAAsZACAAEMKAgIAAGiAAIAI2AjggACABOgAoCxwAIAAgAC8BMiAALQAuIAAQwYCAgAAQgICAgAALKgEBf0HAABDGgICAACIBEMKAgIAAGiABQYCIgIAANgI4IAEgADoAKCABCwoAIAAQyICAgAALBwAgAC0AKAsHACAALQAqCwcAIAAtACsLBwAgAC0AKQsHACAALwEyCwcAIAAtAC4LRQEEfyAAKAIYIQEgAC0ALSECIAAtACghAyAAKAI4IQQgABDCgICAABogACAENgI4IAAgAzoAKCAAIAI6AC0gACABNgIYCxEAIAAgASABIAJqEMOAgIAACxAAIABBAEHcABDMgICAABoLZwEBf0EAIQECQCAAKAIMDQACQAJAAkACQCAALQAvDgMBAAMCCyAAKAI4IgFFDQAgASgCLCIBRQ0AIAAgARGAgICAAAAiAQ0DC0EADwsQyoCAgAAACyAAQcOWgIAANgIQQQ4hAQsgAQseAAJAIAAoAgwNACAAQdGbgIAANgIQIABBFTYCDAsLFgACQCAAKAIMQRVHDQAgAEEANgIMCwsWAAJAIAAoAgxBFkcNACAAQQA2AgwLCwcAIAAoAgwLBwAgACgCEAsJACAAIAE2AhALBwAgACgCFAsiAAJAIABBJEkNABDKgICAAAALIABBAnRBoLOAgABqKAIACyIAAkAgAEEuSQ0AEMqAgIAAAAsgAEECdEGwtICAAGooAgAL7gsBAX9B66iAgAAhAQJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAIABBnH9qDvQDY2IAAWFhYWFhYQIDBAVhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhBgcICQoLDA0OD2FhYWFhEGFhYWFhYWFhYWFhEWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYRITFBUWFxgZGhthYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2YTc4OTphYWFhYWFhYTthYWE8YWFhYT0+P2FhYWFhYWFhQGFhQWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYUJDREVGR0hJSktMTU5PUFFSU2FhYWFhYWFhVFVWV1hZWlthXF1hYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFeYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhX2BhC0Hhp4CAAA8LQaShgIAADwtBy6yAgAAPC0H+sYCAAA8LQcCkgIAADwtBq6SAgAAPC0GNqICAAA8LQeKmgIAADwtBgLCAgAAPC0G5r4CAAA8LQdekgIAADwtB75+AgAAPC0Hhn4CAAA8LQfqfgIAADwtB8qCAgAAPC0Gor4CAAA8LQa6ygIAADwtBiLCAgAAPC0Hsp4CAAA8LQYKigIAADwtBjp2AgAAPC0HQroCAAA8LQcqjgIAADwtBxbKAgAAPC0HfnICAAA8LQdKcgIAADwtBxKCAgAAPC0HXoICAAA8LQaKfgIAADwtB7a6AgAAPC0GrsICAAA8LQdSlgIAADwtBzK6AgAAPC0H6roCAAA8LQfyrgIAADwtB0rCAgAAPC0HxnYCAAA8LQbuggIAADwtB96uAgAAPC0GQsYCAAA8LQdexgIAADwtBoq2AgAAPC0HUp4CAAA8LQeCrgIAADwtBn6yAgAAPC0HrsYCAAA8LQdWfgIAADwtByrGAgAAPC0HepYCAAA8LQdSegIAADwtB9JyAgAAPC0GnsoCAAA8LQbGdgIAADwtBoJ2AgAAPC0G5sYCAAA8LQbywgIAADwtBkqGAgAAPC0GzpoCAAA8LQemsgIAADwtBrJ6AgAAPC0HUq4CAAA8LQfemgIAADwtBgKaAgAAPC0GwoYCAAA8LQf6egIAADwtBjaOAgAAPC0GJrYCAAA8LQfeigIAADwtBoLGAgAAPC0Gun4CAAA8LQcalgIAADwtB6J6AgAAPC0GTooCAAA8LQcKvgIAADwtBw52AgAAPC0GLrICAAA8LQeGdgIAADwtBja+AgAAPC0HqoYCAAA8LQbStgIAADwtB0q+AgAAPC0HfsoCAAA8LQdKygIAADwtB8LCAgAAPC0GpooCAAA8LQfmjgIAADwtBmZ6AgAAPC0G1rICAAA8LQZuwgIAADwtBkrKAgAAPC0G2q4CAAA8LQcKigIAADwtB+LKAgAAPC0GepYCAAA8LQdCigIAADwtBup6AgAAPC0GBnoCAAA8LEMqAgIAAAAtB1qGAgAAhAQsgAQsWACAAIAAtAC1B/gFxIAFBAEdyOgAtCxkAIAAgAC0ALUH9AXEgAUEAR0EBdHI6AC0LGQAgACAALQAtQfsBcSABQQBHQQJ0cjoALQsZACAAIAAtAC1B9wFxIAFBAEdBA3RyOgAtCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAgAiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCBCIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQcaRgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIwIgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAggiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEH2ioCAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCNCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIMIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABB7ZqAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAjgiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCECIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQZWQgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAI8IgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAhQiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEGqm4CAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCQCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIYIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABB7ZOAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAkQiBEUNACAAIAQRgICAgAAAIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCJCIERQ0AIAAgBBGAgICAAAAhAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIsIgRFDQAgACAEEYCAgIAAACEDCyADC0kBAn9BACEDAkAgACgCOCIERQ0AIAQoAigiBEUNACAAIAEgAiABayAEEYGAgIAAACIDQX9HDQAgAEH2iICAADYCEEEYIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCUCIERQ0AIAAgBBGAgICAAAAhAwsgAwtJAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAIcIgRFDQAgACABIAIgAWsgBBGBgICAAAAiA0F/Rw0AIABBwpmAgAA2AhBBGCEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAkgiBEUNACAAIAQRgICAgAAAIQMLIAMLSQECf0EAIQMCQCAAKAI4IgRFDQAgBCgCICIERQ0AIAAgASACIAFrIAQRgYCAgAAAIgNBf0cNACAAQZSUgIAANgIQQRghAwsgAwsuAQJ/QQAhAwJAIAAoAjgiBEUNACAEKAJMIgRFDQAgACAEEYCAgIAAACEDCyADCy4BAn9BACEDAkAgACgCOCIERQ0AIAQoAlQiBEUNACAAIAQRgICAgAAAIQMLIAMLLgECf0EAIQMCQCAAKAI4IgRFDQAgBCgCWCIERQ0AIAAgBBGAgICAAAAhAwsgAwtFAQF/AkACQCAALwEwQRRxQRRHDQBBASEDIAAtAChBAUYNASAALwEyQeUARiEDDAELIAAtAClBBUYhAwsgACADOgAuQQAL/gEBA39BASEDAkAgAC8BMCIEQQhxDQAgACkDIEIAUiEDCwJAAkAgAC0ALkUNAEEBIQUgAC0AKUEFRg0BQQEhBSAEQcAAcUUgA3FBAUcNAQtBACEFIARBwABxDQBBAiEFIARB//8DcSIDQQhxDQACQCADQYAEcUUNAAJAIAAtAChBAUcNACAALQAtQQpxDQBBBQ8LQQQPCwJAIANBIHENAAJAIAAtAChBAUYNACAALwEyQf//A3EiAEGcf2pB5ABJDQAgAEHMAUYNACAAQbACRg0AQQQhBSAEQShxRQ0CIANBiARxQYAERg0CC0EADwtBAEEDIAApAyBQGyEFCyAFC2IBAn9BACEBAkAgAC0AKEEBRg0AIAAvATJB//8DcSICQZx/akHkAEkNACACQcwBRg0AIAJBsAJGDQAgAC8BMCIAQcAAcQ0AQQEhASAAQYgEcUGABEYNACAAQShxRSEBCyABC6cBAQN/AkACQAJAIAAtACpFDQAgAC0AK0UNAEEAIQMgAC8BMCIEQQJxRQ0BDAILQQAhAyAALwEwIgRBAXFFDQELQQEhAyAALQAoQQFGDQAgAC8BMkH//wNxIgVBnH9qQeQASQ0AIAVBzAFGDQAgBUGwAkYNACAEQcAAcQ0AQQAhAyAEQYgEcUGABEYNACAEQShxQQBHIQMLIABBADsBMCAAQQA6AC8gAwuZAQECfwJAAkACQCAALQAqRQ0AIAAtACtFDQBBACEBIAAvATAiAkECcUUNAQwCC0EAIQEgAC8BMCICQQFxRQ0BC0EBIQEgAC0AKEEBRg0AIAAvATJB//8DcSIAQZx/akHkAEkNACAAQcwBRg0AIABBsAJGDQAgAkHAAHENAEEAIQEgAkGIBHFBgARGDQAgAkEocUEARyEBCyABC0kBAXsgAEEQav0MAAAAAAAAAAAAAAAAAAAAACIB/QsDACAAIAH9CwMAIABBMGogAf0LAwAgAEEgaiAB/QsDACAAQd0BNgIcQQALewEBfwJAIAAoAgwiAw0AAkAgACgCBEUNACAAIAE2AgQLAkAgACABIAIQxICAgAAiAw0AIAAoAgwPCyAAIAM2AhxBACEDIAAoAgQiAUUNACAAIAEgAiAAKAIIEYGAgIAAACIBRQ0AIAAgAjYCFCAAIAE2AgwgASEDCyADC+TzAQMOfwN+BH8jgICAgABBEGsiAySAgICAACABIQQgASEFIAEhBiABIQcgASEIIAEhCSABIQogASELIAEhDCABIQ0gASEOIAEhDwJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQCAAKAIcIhBBf2oO3QHaAQHZAQIDBAUGBwgJCgsMDQ7YAQ8Q1wEREtYBExQVFhcYGRob4AHfARwdHtUBHyAhIiMkJdQBJicoKSorLNMB0gEtLtEB0AEvMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUbbAUdISUrPAc4BS80BTMwBTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5/gAGBAYIBgwGEAYUBhgGHAYgBiQGKAYsBjAGNAY4BjwGQAZEBkgGTAZQBlQGWAZcBmAGZAZoBmwGcAZ0BngGfAaABoQGiAaMBpAGlAaYBpwGoAakBqgGrAawBrQGuAa8BsAGxAbIBswG0AbUBtgG3AcsBygG4AckBuQHIAboBuwG8Ab0BvgG/AcABwQHCAcMBxAHFAcYBANwBC0EAIRAMxgELQQ4hEAzFAQtBDSEQDMQBC0EPIRAMwwELQRAhEAzCAQtBEyEQDMEBC0EUIRAMwAELQRUhEAy/AQtBFiEQDL4BC0EXIRAMvQELQRghEAy8AQtBGSEQDLsBC0EaIRAMugELQRshEAy5AQtBHCEQDLgBC0EIIRAMtwELQR0hEAy2AQtBICEQDLUBC0EfIRAMtAELQQchEAyzAQtBISEQDLIBC0EiIRAMsQELQR4hEAywAQtBIyEQDK8BC0ESIRAMrgELQREhEAytAQtBJCEQDKwBC0ElIRAMqwELQSYhEAyqAQtBJyEQDKkBC0HDASEQDKgBC0EpIRAMpwELQSshEAymAQtBLCEQDKUBC0EtIRAMpAELQS4hEAyjAQtBLyEQDKIBC0HEASEQDKEBC0EwIRAMoAELQTQhEAyfAQtBDCEQDJ4BC0ExIRAMnQELQTIhEAycAQtBMyEQDJsBC0E5IRAMmgELQTUhEAyZAQtBxQEhEAyYAQtBCyEQDJcBC0E6IRAMlgELQTYhEAyVAQtBCiEQDJQBC0E3IRAMkwELQTghEAySAQtBPCEQDJEBC0E7IRAMkAELQT0hEAyPAQtBCSEQDI4BC0EoIRAMjQELQT4hEAyMAQtBPyEQDIsBC0HAACEQDIoBC0HBACEQDIkBC0HCACEQDIgBC0HDACEQDIcBC0HEACEQDIYBC0HFACEQDIUBC0HGACEQDIQBC0EqIRAMgwELQccAIRAMggELQcgAIRAMgQELQckAIRAMgAELQcoAIRAMfwtBywAhEAx+C0HNACEQDH0LQcwAIRAMfAtBzgAhEAx7C0HPACEQDHoLQdAAIRAMeQtB0QAhEAx4C0HSACEQDHcLQdMAIRAMdgtB1AAhEAx1C0HWACEQDHQLQdUAIRAMcwtBBiEQDHILQdcAIRAMcQtBBSEQDHALQdgAIRAMbwtBBCEQDG4LQdkAIRAMbQtB2gAhEAxsC0HbACEQDGsLQdwAIRAMagtBAyEQDGkLQd0AIRAMaAtB3gAhEAxnC0HfACEQDGYLQeEAIRAMZQtB4AAhEAxkC0HiACEQDGMLQeMAIRAMYgtBAiEQDGELQeQAIRAMYAtB5QAhEAxfC0HmACEQDF4LQecAIRAMXQtB6AAhEAxcC0HpACEQDFsLQeoAIRAMWgtB6wAhEAxZC0HsACEQDFgLQe0AIRAMVwtB7gAhEAxWC0HvACEQDFULQfAAIRAMVAtB8QAhEAxTC0HyACEQDFILQfMAIRAMUQtB9AAhEAxQC0H1ACEQDE8LQfYAIRAMTgtB9wAhEAxNC0H4ACEQDEwLQfkAIRAMSwtB+gAhEAxKC0H7ACEQDEkLQfwAIRAMSAtB/QAhEAxHC0H+ACEQDEYLQf8AIRAMRQtBgAEhEAxEC0GBASEQDEMLQYIBIRAMQgtBgwEhEAxBC0GEASEQDEALQYUBIRAMPwtBhgEhEAw+C0GHASEQDD0LQYgBIRAMPAtBiQEhEAw7C0GKASEQDDoLQYsBIRAMOQtBjAEhEAw4C0GNASEQDDcLQY4BIRAMNgtBjwEhEAw1C0GQASEQDDQLQZEBIRAMMwtBkgEhEAwyC0GTASEQDDELQZQBIRAMMAtBlQEhEAwvC0GWASEQDC4LQZcBIRAMLQtBmAEhEAwsC0GZASEQDCsLQZoBIRAMKgtBmwEhEAwpC0GcASEQDCgLQZ0BIRAMJwtBngEhEAwmC0GfASEQDCULQaABIRAMJAtBoQEhEAwjC0GiASEQDCILQaMBIRAMIQtBpAEhEAwgC0GlASEQDB8LQaYBIRAMHgtBpwEhEAwdC0GoASEQDBwLQakBIRAMGwtBqgEhEAwaC0GrASEQDBkLQawBIRAMGAtBrQEhEAwXC0GuASEQDBYLQQEhEAwVC0GvASEQDBQLQbABIRAMEwtBsQEhEAwSC0GzASEQDBELQbIBIRAMEAtBtAEhEAwPC0G1ASEQDA4LQbYBIRAMDQtBtwEhEAwMC0G4ASEQDAsLQbkBIRAMCgtBugEhEAwJC0G7ASEQDAgLQcYBIRAMBwtBvAEhEAwGC0G9ASEQDAULQb4BIRAMBAtBvwEhEAwDC0HAASEQDAILQcIBIRAMAQtBwQEhEAsDQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAIBAOxwEAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB4fICEjJSg/QEFERUZHSElKS0xNT1BRUlPeA1dZW1xdYGJlZmdoaWprbG1vcHFyc3R1dnd4eXp7fH1+gAGCAYUBhgGHAYkBiwGMAY0BjgGPAZABkQGUAZUBlgGXAZgBmQGaAZsBnAGdAZ4BnwGgAaEBogGjAaQBpQGmAacBqAGpAaoBqwGsAa0BrgGvAbABsQGyAbMBtAG1AbYBtwG4AbkBugG7AbwBvQG+Ab8BwAHBAcIBwwHEAcUBxgHHAcgByQHKAcsBzAHNAc4BzwHQAdEB0gHTAdQB1QHWAdcB2AHZAdoB2wHcAd0B3gHgAeEB4gHjAeQB5QHmAecB6AHpAeoB6wHsAe0B7gHvAfAB8QHyAfMBmQKkArAC/gL+AgsgASIEIAJHDfMBQd0BIRAM/wMLIAEiECACRw3dAUHDASEQDP4DCyABIgEgAkcNkAFB9wAhEAz9AwsgASIBIAJHDYYBQe8AIRAM/AMLIAEiASACRw1/QeoAIRAM+wMLIAEiASACRw17QegAIRAM+gMLIAEiASACRw14QeYAIRAM+QMLIAEiASACRw0aQRghEAz4AwsgASIBIAJHDRRBEiEQDPcDCyABIgEgAkcNWUHFACEQDPYDCyABIgEgAkcNSkE/IRAM9QMLIAEiASACRw1IQTwhEAz0AwsgASIBIAJHDUFBMSEQDPMDCyAALQAuQQFGDesDDIcCCyAAIAEiASACEMCAgIAAQQFHDeYBIABCADcDIAznAQsgACABIgEgAhC0gICAACIQDecBIAEhAQz1AgsCQCABIgEgAkcNAEEGIRAM8AMLIAAgAUEBaiIBIAIQu4CAgAAiEA3oASABIQEMMQsgAEIANwMgQRIhEAzVAwsgASIQIAJHDStBHSEQDO0DCwJAIAEiASACRg0AIAFBAWohAUEQIRAM1AMLQQchEAzsAwsgAEIAIAApAyAiESACIAEiEGutIhJ9IhMgEyARVhs3AyAgESASViIURQ3lAUEIIRAM6wMLAkAgASIBIAJGDQAgAEGJgICAADYCCCAAIAE2AgQgASEBQRQhEAzSAwtBCSEQDOoDCyABIQEgACkDIFAN5AEgASEBDPICCwJAIAEiASACRw0AQQshEAzpAwsgACABQQFqIgEgAhC2gICAACIQDeUBIAEhAQzyAgsgACABIgEgAhC4gICAACIQDeUBIAEhAQzyAgsgACABIgEgAhC4gICAACIQDeYBIAEhAQwNCyAAIAEiASACELqAgIAAIhAN5wEgASEBDPACCwJAIAEiASACRw0AQQ8hEAzlAwsgAS0AACIQQTtGDQggEEENRw3oASABQQFqIQEM7wILIAAgASIBIAIQuoCAgAAiEA3oASABIQEM8gILA0ACQCABLQAAQfC1gIAAai0AACIQQQFGDQAgEEECRw3rASAAKAIEIRAgAEEANgIEIAAgECABQQFqIgEQuYCAgAAiEA3qASABIQEM9AILIAFBAWoiASACRw0AC0ESIRAM4gMLIAAgASIBIAIQuoCAgAAiEA3pASABIQEMCgsgASIBIAJHDQZBGyEQDOADCwJAIAEiASACRw0AQRYhEAzgAwsgAEGKgICAADYCCCAAIAE2AgQgACABIAIQuICAgAAiEA3qASABIQFBICEQDMYDCwJAIAEiASACRg0AA0ACQCABLQAAQfC3gIAAai0AACIQQQJGDQACQCAQQX9qDgTlAewBAOsB7AELIAFBAWohAUEIIRAMyAMLIAFBAWoiASACRw0AC0EVIRAM3wMLQRUhEAzeAwsDQAJAIAEtAABB8LmAgABqLQAAIhBBAkYNACAQQX9qDgTeAewB4AHrAewBCyABQQFqIgEgAkcNAAtBGCEQDN0DCwJAIAEiASACRg0AIABBi4CAgAA2AgggACABNgIEIAEhAUEHIRAMxAMLQRkhEAzcAwsgAUEBaiEBDAILAkAgASIUIAJHDQBBGiEQDNsDCyAUIQECQCAULQAAQXNqDhTdAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gLuAu4C7gLuAgDuAgtBACEQIABBADYCHCAAQa+LgIAANgIQIABBAjYCDCAAIBRBAWo2AhQM2gMLAkAgAS0AACIQQTtGDQAgEEENRw3oASABQQFqIQEM5QILIAFBAWohAQtBIiEQDL8DCwJAIAEiECACRw0AQRwhEAzYAwtCACERIBAhASAQLQAAQVBqDjfnAeYBAQIDBAUGBwgAAAAAAAAACQoLDA0OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPEBESExQAC0EeIRAMvQMLQgIhEQzlAQtCAyERDOQBC0IEIREM4wELQgUhEQziAQtCBiERDOEBC0IHIREM4AELQgghEQzfAQtCCSERDN4BC0IKIREM3QELQgshEQzcAQtCDCERDNsBC0INIREM2gELQg4hEQzZAQtCDyERDNgBC0IKIREM1wELQgshEQzWAQtCDCERDNUBC0INIREM1AELQg4hEQzTAQtCDyERDNIBC0IAIRECQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAIBAtAABBUGoON+UB5AEAAQIDBAUGB+YB5gHmAeYB5gHmAeYBCAkKCwwN5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAeYB5gHmAQ4PEBESE+YBC0ICIREM5AELQgMhEQzjAQtCBCERDOIBC0IFIREM4QELQgYhEQzgAQtCByERDN8BC0IIIREM3gELQgkhEQzdAQtCCiERDNwBC0ILIREM2wELQgwhEQzaAQtCDSERDNkBC0IOIREM2AELQg8hEQzXAQtCCiERDNYBC0ILIREM1QELQgwhEQzUAQtCDSERDNMBC0IOIREM0gELQg8hEQzRAQsgAEIAIAApAyAiESACIAEiEGutIhJ9IhMgEyARVhs3AyAgESASViIURQ3SAUEfIRAMwAMLAkAgASIBIAJGDQAgAEGJgICAADYCCCAAIAE2AgQgASEBQSQhEAynAwtBICEQDL8DCyAAIAEiECACEL6AgIAAQX9qDgW2AQDFAgHRAdIBC0ERIRAMpAMLIABBAToALyAQIQEMuwMLIAEiASACRw3SAUEkIRAMuwMLIAEiDSACRw0eQcYAIRAMugMLIAAgASIBIAIQsoCAgAAiEA3UASABIQEMtQELIAEiECACRw0mQdAAIRAMuAMLAkAgASIBIAJHDQBBKCEQDLgDCyAAQQA2AgQgAEGMgICAADYCCCAAIAEgARCxgICAACIQDdMBIAEhAQzYAQsCQCABIhAgAkcNAEEpIRAMtwMLIBAtAAAiAUEgRg0UIAFBCUcN0wEgEEEBaiEBDBULAkAgASIBIAJGDQAgAUEBaiEBDBcLQSohEAy1AwsCQCABIhAgAkcNAEErIRAMtQMLAkAgEC0AACIBQQlGDQAgAUEgRw3VAQsgAC0ALEEIRg3TASAQIQEMkQMLAkAgASIBIAJHDQBBLCEQDLQDCyABLQAAQQpHDdUBIAFBAWohAQzJAgsgASIOIAJHDdUBQS8hEAyyAwsDQAJAIAEtAAAiEEEgRg0AAkAgEEF2ag4EANwB3AEA2gELIAEhAQzgAQsgAUEBaiIBIAJHDQALQTEhEAyxAwtBMiEQIAEiFCACRg2wAyACIBRrIAAoAgAiAWohFSAUIAFrQQNqIRYCQANAIBQtAAAiF0EgciAXIBdBv39qQf8BcUEaSRtB/wFxIAFB8LuAgABqLQAARw0BAkAgAUEDRw0AQQYhAQyWAwsgAUEBaiEBIBRBAWoiFCACRw0ACyAAIBU2AgAMsQMLIABBADYCACAUIQEM2QELQTMhECABIhQgAkYNrwMgAiAUayAAKAIAIgFqIRUgFCABa0EIaiEWAkADQCAULQAAIhdBIHIgFyAXQb9/akH/AXFBGkkbQf8BcSABQfS7gIAAai0AAEcNAQJAIAFBCEcNAEEFIQEMlQMLIAFBAWohASAUQQFqIhQgAkcNAAsgACAVNgIADLADCyAAQQA2AgAgFCEBDNgBC0E0IRAgASIUIAJGDa4DIAIgFGsgACgCACIBaiEVIBQgAWtBBWohFgJAA0AgFC0AACIXQSByIBcgF0G/f2pB/wFxQRpJG0H/AXEgAUHQwoCAAGotAABHDQECQCABQQVHDQBBByEBDJQDCyABQQFqIQEgFEEBaiIUIAJHDQALIAAgFTYCAAyvAwsgAEEANgIAIBQhAQzXAQsCQCABIgEgAkYNAANAAkAgAS0AAEGAvoCAAGotAAAiEEEBRg0AIBBBAkYNCiABIQEM3QELIAFBAWoiASACRw0AC0EwIRAMrgMLQTAhEAytAwsCQCABIgEgAkYNAANAAkAgAS0AACIQQSBGDQAgEEF2ag4E2QHaAdoB2QHaAQsgAUEBaiIBIAJHDQALQTghEAytAwtBOCEQDKwDCwNAAkAgAS0AACIQQSBGDQAgEEEJRw0DCyABQQFqIgEgAkcNAAtBPCEQDKsDCwNAAkAgAS0AACIQQSBGDQACQAJAIBBBdmoOBNoBAQHaAQALIBBBLEYN2wELIAEhAQwECyABQQFqIgEgAkcNAAtBPyEQDKoDCyABIQEM2wELQcAAIRAgASIUIAJGDagDIAIgFGsgACgCACIBaiEWIBQgAWtBBmohFwJAA0AgFC0AAEEgciABQYDAgIAAai0AAEcNASABQQZGDY4DIAFBAWohASAUQQFqIhQgAkcNAAsgACAWNgIADKkDCyAAQQA2AgAgFCEBC0E2IRAMjgMLAkAgASIPIAJHDQBBwQAhEAynAwsgAEGMgICAADYCCCAAIA82AgQgDyEBIAAtACxBf2oOBM0B1QHXAdkBhwMLIAFBAWohAQzMAQsCQCABIgEgAkYNAANAAkAgAS0AACIQQSByIBAgEEG/f2pB/wFxQRpJG0H/AXEiEEEJRg0AIBBBIEYNAAJAAkACQAJAIBBBnX9qDhMAAwMDAwMDAwEDAwMDAwMDAwMCAwsgAUEBaiEBQTEhEAyRAwsgAUEBaiEBQTIhEAyQAwsgAUEBaiEBQTMhEAyPAwsgASEBDNABCyABQQFqIgEgAkcNAAtBNSEQDKUDC0E1IRAMpAMLAkAgASIBIAJGDQADQAJAIAEtAABBgLyAgABqLQAAQQFGDQAgASEBDNMBCyABQQFqIgEgAkcNAAtBPSEQDKQDC0E9IRAMowMLIAAgASIBIAIQsICAgAAiEA3WASABIQEMAQsgEEEBaiEBC0E8IRAMhwMLAkAgASIBIAJHDQBBwgAhEAygAwsCQANAAkAgAS0AAEF3ag4YAAL+Av4ChAP+Av4C/gL+Av4C/gL+Av4C/gL+Av4C/gL+Av4C/gL+Av4C/gIA/gILIAFBAWoiASACRw0AC0HCACEQDKADCyABQQFqIQEgAC0ALUEBcUUNvQEgASEBC0EsIRAMhQMLIAEiASACRw3TAUHEACEQDJ0DCwNAAkAgAS0AAEGQwICAAGotAABBAUYNACABIQEMtwILIAFBAWoiASACRw0AC0HFACEQDJwDCyANLQAAIhBBIEYNswEgEEE6Rw2BAyAAKAIEIQEgAEEANgIEIAAgASANEK+AgIAAIgEN0AEgDUEBaiEBDLMCC0HHACEQIAEiDSACRg2aAyACIA1rIAAoAgAiAWohFiANIAFrQQVqIRcDQCANLQAAIhRBIHIgFCAUQb9/akH/AXFBGkkbQf8BcSABQZDCgIAAai0AAEcNgAMgAUEFRg30AiABQQFqIQEgDUEBaiINIAJHDQALIAAgFjYCAAyaAwtByAAhECABIg0gAkYNmQMgAiANayAAKAIAIgFqIRYgDSABa0EJaiEXA0AgDS0AACIUQSByIBQgFEG/f2pB/wFxQRpJG0H/AXEgAUGWwoCAAGotAABHDf8CAkAgAUEJRw0AQQIhAQz1AgsgAUEBaiEBIA1BAWoiDSACRw0ACyAAIBY2AgAMmQMLAkAgASINIAJHDQBByQAhEAyZAwsCQAJAIA0tAAAiAUEgciABIAFBv39qQf8BcUEaSRtB/wFxQZJ/ag4HAIADgAOAA4ADgAMBgAMLIA1BAWohAUE+IRAMgAMLIA1BAWohAUE/IRAM/wILQcoAIRAgASINIAJGDZcDIAIgDWsgACgCACIBaiEWIA0gAWtBAWohFwNAIA0tAAAiFEEgciAUIBRBv39qQf8BcUEaSRtB/wFxIAFBoMKAgABqLQAARw39AiABQQFGDfACIAFBAWohASANQQFqIg0gAkcNAAsgACAWNgIADJcDC0HLACEQIAEiDSACRg2WAyACIA1rIAAoAgAiAWohFiANIAFrQQ5qIRcDQCANLQAAIhRBIHIgFCAUQb9/akH/AXFBGkkbQf8BcSABQaLCgIAAai0AAEcN/AIgAUEORg3wAiABQQFqIQEgDUEBaiINIAJHDQALIAAgFjYCAAyWAwtBzAAhECABIg0gAkYNlQMgAiANayAAKAIAIgFqIRYgDSABa0EPaiEXA0AgDS0AACIUQSByIBQgFEG/f2pB/wFxQRpJG0H/AXEgAUHAwoCAAGotAABHDfsCAkAgAUEPRw0AQQMhAQzxAgsgAUEBaiEBIA1BAWoiDSACRw0ACyAAIBY2AgAMlQMLQc0AIRAgASINIAJGDZQDIAIgDWsgACgCACIBaiEWIA0gAWtBBWohFwNAIA0tAAAiFEEgciAUIBRBv39qQf8BcUEaSRtB/wFxIAFB0MKAgABqLQAARw36AgJAIAFBBUcNAEEEIQEM8AILIAFBAWohASANQQFqIg0gAkcNAAsgACAWNgIADJQDCwJAIAEiDSACRw0AQc4AIRAMlAMLAkACQAJAAkAgDS0AACIBQSByIAEgAUG/f2pB/wFxQRpJG0H/AXFBnX9qDhMA/QL9Av0C/QL9Av0C/QL9Av0C/QL9Av0CAf0C/QL9AgID/QILIA1BAWohAUHBACEQDP0CCyANQQFqIQFBwgAhEAz8AgsgDUEBaiEBQcMAIRAM+wILIA1BAWohAUHEACEQDPoCCwJAIAEiASACRg0AIABBjYCAgAA2AgggACABNgIEIAEhAUHFACEQDPoCC0HPACEQDJIDCyAQIQECQAJAIBAtAABBdmoOBAGoAqgCAKgCCyAQQQFqIQELQSchEAz4AgsCQCABIgEgAkcNAEHRACEQDJEDCwJAIAEtAABBIEYNACABIQEMjQELIAFBAWohASAALQAtQQFxRQ3HASABIQEMjAELIAEiFyACRw3IAUHSACEQDI8DC0HTACEQIAEiFCACRg2OAyACIBRrIAAoAgAiAWohFiAUIAFrQQFqIRcDQCAULQAAIAFB1sKAgABqLQAARw3MASABQQFGDccBIAFBAWohASAUQQFqIhQgAkcNAAsgACAWNgIADI4DCwJAIAEiASACRw0AQdUAIRAMjgMLIAEtAABBCkcNzAEgAUEBaiEBDMcBCwJAIAEiASACRw0AQdYAIRAMjQMLAkACQCABLQAAQXZqDgQAzQHNAQHNAQsgAUEBaiEBDMcBCyABQQFqIQFBygAhEAzzAgsgACABIgEgAhCugICAACIQDcsBIAEhAUHNACEQDPICCyAALQApQSJGDYUDDKYCCwJAIAEiASACRw0AQdsAIRAMigMLQQAhFEEBIRdBASEWQQAhEAJAAkACQAJAAkACQAJAAkACQCABLQAAQVBqDgrUAdMBAAECAwQFBgjVAQtBAiEQDAYLQQMhEAwFC0EEIRAMBAtBBSEQDAMLQQYhEAwCC0EHIRAMAQtBCCEQC0EAIRdBACEWQQAhFAzMAQtBCSEQQQEhFEEAIRdBACEWDMsBCwJAIAEiASACRw0AQd0AIRAMiQMLIAEtAABBLkcNzAEgAUEBaiEBDKYCCyABIgEgAkcNzAFB3wAhEAyHAwsCQCABIgEgAkYNACAAQY6AgIAANgIIIAAgATYCBCABIQFB0AAhEAzuAgtB4AAhEAyGAwtB4QAhECABIgEgAkYNhQMgAiABayAAKAIAIhRqIRYgASAUa0EDaiEXA0AgAS0AACAUQeLCgIAAai0AAEcNzQEgFEEDRg3MASAUQQFqIRQgAUEBaiIBIAJHDQALIAAgFjYCAAyFAwtB4gAhECABIgEgAkYNhAMgAiABayAAKAIAIhRqIRYgASAUa0ECaiEXA0AgAS0AACAUQebCgIAAai0AAEcNzAEgFEECRg3OASAUQQFqIRQgAUEBaiIBIAJHDQALIAAgFjYCAAyEAwtB4wAhECABIgEgAkYNgwMgAiABayAAKAIAIhRqIRYgASAUa0EDaiEXA0AgAS0AACAUQenCgIAAai0AAEcNywEgFEEDRg3OASAUQQFqIRQgAUEBaiIBIAJHDQALIAAgFjYCAAyDAwsCQCABIgEgAkcNAEHlACEQDIMDCyAAIAFBAWoiASACEKiAgIAAIhANzQEgASEBQdYAIRAM6QILAkAgASIBIAJGDQADQAJAIAEtAAAiEEEgRg0AAkACQAJAIBBBuH9qDgsAAc8BzwHPAc8BzwHPAc8BzwECzwELIAFBAWohAUHSACEQDO0CCyABQQFqIQFB0wAhEAzsAgsgAUEBaiEBQdQAIRAM6wILIAFBAWoiASACRw0AC0HkACEQDIIDC0HkACEQDIEDCwNAAkAgAS0AAEHwwoCAAGotAAAiEEEBRg0AIBBBfmoOA88B0AHRAdIBCyABQQFqIgEgAkcNAAtB5gAhEAyAAwsCQCABIgEgAkYNACABQQFqIQEMAwtB5wAhEAz/AgsDQAJAIAEtAABB8MSAgABqLQAAIhBBAUYNAAJAIBBBfmoOBNIB0wHUAQDVAQsgASEBQdcAIRAM5wILIAFBAWoiASACRw0AC0HoACEQDP4CCwJAIAEiASACRw0AQekAIRAM/gILAkAgAS0AACIQQXZqDhq6AdUB1QG8AdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHVAdUB1QHVAcoB1QHVAQDTAQsgAUEBaiEBC0EGIRAM4wILA0ACQCABLQAAQfDGgIAAai0AAEEBRg0AIAEhAQyeAgsgAUEBaiIBIAJHDQALQeoAIRAM+wILAkAgASIBIAJGDQAgAUEBaiEBDAMLQesAIRAM+gILAkAgASIBIAJHDQBB7AAhEAz6AgsgAUEBaiEBDAELAkAgASIBIAJHDQBB7QAhEAz5AgsgAUEBaiEBC0EEIRAM3gILAkAgASIUIAJHDQBB7gAhEAz3AgsgFCEBAkACQAJAIBQtAABB8MiAgABqLQAAQX9qDgfUAdUB1gEAnAIBAtcBCyAUQQFqIQEMCgsgFEEBaiEBDM0BC0EAIRAgAEEANgIcIABBm5KAgAA2AhAgAEEHNgIMIAAgFEEBajYCFAz2AgsCQANAAkAgAS0AAEHwyICAAGotAAAiEEEERg0AAkACQCAQQX9qDgfSAdMB1AHZAQAEAdkBCyABIQFB2gAhEAzgAgsgAUEBaiEBQdwAIRAM3wILIAFBAWoiASACRw0AC0HvACEQDPYCCyABQQFqIQEMywELAkAgASIUIAJHDQBB8AAhEAz1AgsgFC0AAEEvRw3UASAUQQFqIQEMBgsCQCABIhQgAkcNAEHxACEQDPQCCwJAIBQtAAAiAUEvRw0AIBRBAWohAUHdACEQDNsCCyABQXZqIgRBFksN0wFBASAEdEGJgIACcUUN0wEMygILAkAgASIBIAJGDQAgAUEBaiEBQd4AIRAM2gILQfIAIRAM8gILAkAgASIUIAJHDQBB9AAhEAzyAgsgFCEBAkAgFC0AAEHwzICAAGotAABBf2oOA8kClAIA1AELQeEAIRAM2AILAkAgASIUIAJGDQADQAJAIBQtAABB8MqAgABqLQAAIgFBA0YNAAJAIAFBf2oOAssCANUBCyAUIQFB3wAhEAzaAgsgFEEBaiIUIAJHDQALQfMAIRAM8QILQfMAIRAM8AILAkAgASIBIAJGDQAgAEGPgICAADYCCCAAIAE2AgQgASEBQeAAIRAM1wILQfUAIRAM7wILAkAgASIBIAJHDQBB9gAhEAzvAgsgAEGPgICAADYCCCAAIAE2AgQgASEBC0EDIRAM1AILA0AgAS0AAEEgRw3DAiABQQFqIgEgAkcNAAtB9wAhEAzsAgsCQCABIgEgAkcNAEH4ACEQDOwCCyABLQAAQSBHDc4BIAFBAWohAQzvAQsgACABIgEgAhCsgICAACIQDc4BIAEhAQyOAgsCQCABIgQgAkcNAEH6ACEQDOoCCyAELQAAQcwARw3RASAEQQFqIQFBEyEQDM8BCwJAIAEiBCACRw0AQfsAIRAM6QILIAIgBGsgACgCACIBaiEUIAQgAWtBBWohEANAIAQtAAAgAUHwzoCAAGotAABHDdABIAFBBUYNzgEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBB+wAhEAzoAgsCQCABIgQgAkcNAEH8ACEQDOgCCwJAAkAgBC0AAEG9f2oODADRAdEB0QHRAdEB0QHRAdEB0QHRAQHRAQsgBEEBaiEBQeYAIRAMzwILIARBAWohAUHnACEQDM4CCwJAIAEiBCACRw0AQf0AIRAM5wILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQe3PgIAAai0AAEcNzwEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQf0AIRAM5wILIABBADYCACAQQQFqIQFBECEQDMwBCwJAIAEiBCACRw0AQf4AIRAM5gILIAIgBGsgACgCACIBaiEUIAQgAWtBBWohEAJAA0AgBC0AACABQfbOgIAAai0AAEcNzgEgAUEFRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQf4AIRAM5gILIABBADYCACAQQQFqIQFBFiEQDMsBCwJAIAEiBCACRw0AQf8AIRAM5QILIAIgBGsgACgCACIBaiEUIAQgAWtBA2ohEAJAA0AgBC0AACABQfzOgIAAai0AAEcNzQEgAUEDRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQf8AIRAM5QILIABBADYCACAQQQFqIQFBBSEQDMoBCwJAIAEiBCACRw0AQYABIRAM5AILIAQtAABB2QBHDcsBIARBAWohAUEIIRAMyQELAkAgASIEIAJHDQBBgQEhEAzjAgsCQAJAIAQtAABBsn9qDgMAzAEBzAELIARBAWohAUHrACEQDMoCCyAEQQFqIQFB7AAhEAzJAgsCQCABIgQgAkcNAEGCASEQDOICCwJAAkAgBC0AAEG4f2oOCADLAcsBywHLAcsBywEBywELIARBAWohAUHqACEQDMkCCyAEQQFqIQFB7QAhEAzIAgsCQCABIgQgAkcNAEGDASEQDOECCyACIARrIAAoAgAiAWohECAEIAFrQQJqIRQCQANAIAQtAAAgAUGAz4CAAGotAABHDckBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgEDYCAEGDASEQDOECC0EAIRAgAEEANgIAIBRBAWohAQzGAQsCQCABIgQgAkcNAEGEASEQDOACCyACIARrIAAoAgAiAWohFCAEIAFrQQRqIRACQANAIAQtAAAgAUGDz4CAAGotAABHDcgBIAFBBEYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGEASEQDOACCyAAQQA2AgAgEEEBaiEBQSMhEAzFAQsCQCABIgQgAkcNAEGFASEQDN8CCwJAAkAgBC0AAEG0f2oOCADIAcgByAHIAcgByAEByAELIARBAWohAUHvACEQDMYCCyAEQQFqIQFB8AAhEAzFAgsCQCABIgQgAkcNAEGGASEQDN4CCyAELQAAQcUARw3FASAEQQFqIQEMgwILAkAgASIEIAJHDQBBhwEhEAzdAgsgAiAEayAAKAIAIgFqIRQgBCABa0EDaiEQAkADQCAELQAAIAFBiM+AgABqLQAARw3FASABQQNGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBhwEhEAzdAgsgAEEANgIAIBBBAWohAUEtIRAMwgELAkAgASIEIAJHDQBBiAEhEAzcAgsgAiAEayAAKAIAIgFqIRQgBCABa0EIaiEQAkADQCAELQAAIAFB0M+AgABqLQAARw3EASABQQhGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBiAEhEAzcAgsgAEEANgIAIBBBAWohAUEpIRAMwQELAkAgASIBIAJHDQBBiQEhEAzbAgtBASEQIAEtAABB3wBHDcABIAFBAWohAQyBAgsCQCABIgQgAkcNAEGKASEQDNoCCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRADQCAELQAAIAFBjM+AgABqLQAARw3BASABQQFGDa8CIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQYoBIRAM2QILAkAgASIEIAJHDQBBiwEhEAzZAgsgAiAEayAAKAIAIgFqIRQgBCABa0ECaiEQAkADQCAELQAAIAFBjs+AgABqLQAARw3BASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBiwEhEAzZAgsgAEEANgIAIBBBAWohAUECIRAMvgELAkAgASIEIAJHDQBBjAEhEAzYAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFB8M+AgABqLQAARw3AASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBjAEhEAzYAgsgAEEANgIAIBBBAWohAUEfIRAMvQELAkAgASIEIAJHDQBBjQEhEAzXAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFB8s+AgABqLQAARw2/ASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBjQEhEAzXAgsgAEEANgIAIBBBAWohAUEJIRAMvAELAkAgASIEIAJHDQBBjgEhEAzWAgsCQAJAIAQtAABBt39qDgcAvwG/Ab8BvwG/AQG/AQsgBEEBaiEBQfgAIRAMvQILIARBAWohAUH5ACEQDLwCCwJAIAEiBCACRw0AQY8BIRAM1QILIAIgBGsgACgCACIBaiEUIAQgAWtBBWohEAJAA0AgBC0AACABQZHPgIAAai0AAEcNvQEgAUEFRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQY8BIRAM1QILIABBADYCACAQQQFqIQFBGCEQDLoBCwJAIAEiBCACRw0AQZABIRAM1AILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQZfPgIAAai0AAEcNvAEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZABIRAM1AILIABBADYCACAQQQFqIQFBFyEQDLkBCwJAIAEiBCACRw0AQZEBIRAM0wILIAIgBGsgACgCACIBaiEUIAQgAWtBBmohEAJAA0AgBC0AACABQZrPgIAAai0AAEcNuwEgAUEGRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZEBIRAM0wILIABBADYCACAQQQFqIQFBFSEQDLgBCwJAIAEiBCACRw0AQZIBIRAM0gILIAIgBGsgACgCACIBaiEUIAQgAWtBBWohEAJAA0AgBC0AACABQaHPgIAAai0AAEcNugEgAUEFRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZIBIRAM0gILIABBADYCACAQQQFqIQFBHiEQDLcBCwJAIAEiBCACRw0AQZMBIRAM0QILIAQtAABBzABHDbgBIARBAWohAUEKIRAMtgELAkAgBCACRw0AQZQBIRAM0AILAkACQCAELQAAQb9/ag4PALkBuQG5AbkBuQG5AbkBuQG5AbkBuQG5AbkBAbkBCyAEQQFqIQFB/gAhEAy3AgsgBEEBaiEBQf8AIRAMtgILAkAgBCACRw0AQZUBIRAMzwILAkACQCAELQAAQb9/ag4DALgBAbgBCyAEQQFqIQFB/QAhEAy2AgsgBEEBaiEEQYABIRAMtQILAkAgBCACRw0AQZYBIRAMzgILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQafPgIAAai0AAEcNtgEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZYBIRAMzgILIABBADYCACAQQQFqIQFBCyEQDLMBCwJAIAQgAkcNAEGXASEQDM0CCwJAAkACQAJAIAQtAABBU2oOIwC4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBuAG4AbgBAbgBuAG4AbgBuAECuAG4AbgBA7gBCyAEQQFqIQFB+wAhEAy2AgsgBEEBaiEBQfwAIRAMtQILIARBAWohBEGBASEQDLQCCyAEQQFqIQRBggEhEAyzAgsCQCAEIAJHDQBBmAEhEAzMAgsgAiAEayAAKAIAIgFqIRQgBCABa0EEaiEQAkADQCAELQAAIAFBqc+AgABqLQAARw20ASABQQRGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBmAEhEAzMAgsgAEEANgIAIBBBAWohAUEZIRAMsQELAkAgBCACRw0AQZkBIRAMywILIAIgBGsgACgCACIBaiEUIAQgAWtBBWohEAJAA0AgBC0AACABQa7PgIAAai0AAEcNswEgAUEFRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZkBIRAMywILIABBADYCACAQQQFqIQFBBiEQDLABCwJAIAQgAkcNAEGaASEQDMoCCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRACQANAIAQtAAAgAUG0z4CAAGotAABHDbIBIAFBAUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGaASEQDMoCCyAAQQA2AgAgEEEBaiEBQRwhEAyvAQsCQCAEIAJHDQBBmwEhEAzJAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFBts+AgABqLQAARw2xASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBmwEhEAzJAgsgAEEANgIAIBBBAWohAUEnIRAMrgELAkAgBCACRw0AQZwBIRAMyAILAkACQCAELQAAQax/ag4CAAGxAQsgBEEBaiEEQYYBIRAMrwILIARBAWohBEGHASEQDK4CCwJAIAQgAkcNAEGdASEQDMcCCyACIARrIAAoAgAiAWohFCAEIAFrQQFqIRACQANAIAQtAAAgAUG4z4CAAGotAABHDa8BIAFBAUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGdASEQDMcCCyAAQQA2AgAgEEEBaiEBQSYhEAysAQsCQCAEIAJHDQBBngEhEAzGAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFBus+AgABqLQAARw2uASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBngEhEAzGAgsgAEEANgIAIBBBAWohAUEDIRAMqwELAkAgBCACRw0AQZ8BIRAMxQILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQe3PgIAAai0AAEcNrQEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQZ8BIRAMxQILIABBADYCACAQQQFqIQFBDCEQDKoBCwJAIAQgAkcNAEGgASEQDMQCCyACIARrIAAoAgAiAWohFCAEIAFrQQNqIRACQANAIAQtAAAgAUG8z4CAAGotAABHDawBIAFBA0YNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGgASEQDMQCCyAAQQA2AgAgEEEBaiEBQQ0hEAypAQsCQCAEIAJHDQBBoQEhEAzDAgsCQAJAIAQtAABBun9qDgsArAGsAawBrAGsAawBrAGsAawBAawBCyAEQQFqIQRBiwEhEAyqAgsgBEEBaiEEQYwBIRAMqQILAkAgBCACRw0AQaIBIRAMwgILIAQtAABB0ABHDakBIARBAWohBAzpAQsCQCAEIAJHDQBBowEhEAzBAgsCQAJAIAQtAABBt39qDgcBqgGqAaoBqgGqAQCqAQsgBEEBaiEEQY4BIRAMqAILIARBAWohAUEiIRAMpgELAkAgBCACRw0AQaQBIRAMwAILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQcDPgIAAai0AAEcNqAEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQaQBIRAMwAILIABBADYCACAQQQFqIQFBHSEQDKUBCwJAIAQgAkcNAEGlASEQDL8CCwJAAkAgBC0AAEGuf2oOAwCoAQGoAQsgBEEBaiEEQZABIRAMpgILIARBAWohAUEEIRAMpAELAkAgBCACRw0AQaYBIRAMvgILAkACQAJAAkACQCAELQAAQb9/ag4VAKoBqgGqAaoBqgGqAaoBqgGqAaoBAaoBqgECqgGqAQOqAaoBBKoBCyAEQQFqIQRBiAEhEAyoAgsgBEEBaiEEQYkBIRAMpwILIARBAWohBEGKASEQDKYCCyAEQQFqIQRBjwEhEAylAgsgBEEBaiEEQZEBIRAMpAILAkAgBCACRw0AQacBIRAMvQILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQe3PgIAAai0AAEcNpQEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQacBIRAMvQILIABBADYCACAQQQFqIQFBESEQDKIBCwJAIAQgAkcNAEGoASEQDLwCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHCz4CAAGotAABHDaQBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGoASEQDLwCCyAAQQA2AgAgEEEBaiEBQSwhEAyhAQsCQCAEIAJHDQBBqQEhEAy7AgsgAiAEayAAKAIAIgFqIRQgBCABa0EEaiEQAkADQCAELQAAIAFBxc+AgABqLQAARw2jASABQQRGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBqQEhEAy7AgsgAEEANgIAIBBBAWohAUErIRAMoAELAkAgBCACRw0AQaoBIRAMugILIAIgBGsgACgCACIBaiEUIAQgAWtBAmohEAJAA0AgBC0AACABQcrPgIAAai0AAEcNogEgAUECRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQaoBIRAMugILIABBADYCACAQQQFqIQFBFCEQDJ8BCwJAIAQgAkcNAEGrASEQDLkCCwJAAkACQAJAIAQtAABBvn9qDg8AAQKkAaQBpAGkAaQBpAGkAaQBpAGkAaQBA6QBCyAEQQFqIQRBkwEhEAyiAgsgBEEBaiEEQZQBIRAMoQILIARBAWohBEGVASEQDKACCyAEQQFqIQRBlgEhEAyfAgsCQCAEIAJHDQBBrAEhEAy4AgsgBC0AAEHFAEcNnwEgBEEBaiEEDOABCwJAIAQgAkcNAEGtASEQDLcCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHNz4CAAGotAABHDZ8BIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEGtASEQDLcCCyAAQQA2AgAgEEEBaiEBQQ4hEAycAQsCQCAEIAJHDQBBrgEhEAy2AgsgBC0AAEHQAEcNnQEgBEEBaiEBQSUhEAybAQsCQCAEIAJHDQBBrwEhEAy1AgsgAiAEayAAKAIAIgFqIRQgBCABa0EIaiEQAkADQCAELQAAIAFB0M+AgABqLQAARw2dASABQQhGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBrwEhEAy1AgsgAEEANgIAIBBBAWohAUEqIRAMmgELAkAgBCACRw0AQbABIRAMtAILAkACQCAELQAAQat/ag4LAJ0BnQGdAZ0BnQGdAZ0BnQGdAQGdAQsgBEEBaiEEQZoBIRAMmwILIARBAWohBEGbASEQDJoCCwJAIAQgAkcNAEGxASEQDLMCCwJAAkAgBC0AAEG/f2oOFACcAZwBnAGcAZwBnAGcAZwBnAGcAZwBnAGcAZwBnAGcAZwBnAEBnAELIARBAWohBEGZASEQDJoCCyAEQQFqIQRBnAEhEAyZAgsCQCAEIAJHDQBBsgEhEAyyAgsgAiAEayAAKAIAIgFqIRQgBCABa0EDaiEQAkADQCAELQAAIAFB2c+AgABqLQAARw2aASABQQNGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBsgEhEAyyAgsgAEEANgIAIBBBAWohAUEhIRAMlwELAkAgBCACRw0AQbMBIRAMsQILIAIgBGsgACgCACIBaiEUIAQgAWtBBmohEAJAA0AgBC0AACABQd3PgIAAai0AAEcNmQEgAUEGRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQbMBIRAMsQILIABBADYCACAQQQFqIQFBGiEQDJYBCwJAIAQgAkcNAEG0ASEQDLACCwJAAkACQCAELQAAQbt/ag4RAJoBmgGaAZoBmgGaAZoBmgGaAQGaAZoBmgGaAZoBApoBCyAEQQFqIQRBnQEhEAyYAgsgBEEBaiEEQZ4BIRAMlwILIARBAWohBEGfASEQDJYCCwJAIAQgAkcNAEG1ASEQDK8CCyACIARrIAAoAgAiAWohFCAEIAFrQQVqIRACQANAIAQtAAAgAUHkz4CAAGotAABHDZcBIAFBBUYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEG1ASEQDK8CCyAAQQA2AgAgEEEBaiEBQSghEAyUAQsCQCAEIAJHDQBBtgEhEAyuAgsgAiAEayAAKAIAIgFqIRQgBCABa0ECaiEQAkADQCAELQAAIAFB6s+AgABqLQAARw2WASABQQJGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBtgEhEAyuAgsgAEEANgIAIBBBAWohAUEHIRAMkwELAkAgBCACRw0AQbcBIRAMrQILAkACQCAELQAAQbt/ag4OAJYBlgGWAZYBlgGWAZYBlgGWAZYBlgGWAQGWAQsgBEEBaiEEQaEBIRAMlAILIARBAWohBEGiASEQDJMCCwJAIAQgAkcNAEG4ASEQDKwCCyACIARrIAAoAgAiAWohFCAEIAFrQQJqIRACQANAIAQtAAAgAUHtz4CAAGotAABHDZQBIAFBAkYNASABQQFqIQEgBEEBaiIEIAJHDQALIAAgFDYCAEG4ASEQDKwCCyAAQQA2AgAgEEEBaiEBQRIhEAyRAQsCQCAEIAJHDQBBuQEhEAyrAgsgAiAEayAAKAIAIgFqIRQgBCABa0EBaiEQAkADQCAELQAAIAFB8M+AgABqLQAARw2TASABQQFGDQEgAUEBaiEBIARBAWoiBCACRw0ACyAAIBQ2AgBBuQEhEAyrAgsgAEEANgIAIBBBAWohAUEgIRAMkAELAkAgBCACRw0AQboBIRAMqgILIAIgBGsgACgCACIBaiEUIAQgAWtBAWohEAJAA0AgBC0AACABQfLPgIAAai0AAEcNkgEgAUEBRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQboBIRAMqgILIABBADYCACAQQQFqIQFBDyEQDI8BCwJAIAQgAkcNAEG7ASEQDKkCCwJAAkAgBC0AAEG3f2oOBwCSAZIBkgGSAZIBAZIBCyAEQQFqIQRBpQEhEAyQAgsgBEEBaiEEQaYBIRAMjwILAkAgBCACRw0AQbwBIRAMqAILIAIgBGsgACgCACIBaiEUIAQgAWtBB2ohEAJAA0AgBC0AACABQfTPgIAAai0AAEcNkAEgAUEHRg0BIAFBAWohASAEQQFqIgQgAkcNAAsgACAUNgIAQbwBIRAMqAILIABBADYCACAQQQFqIQFBGyEQDI0BCwJAIAQgAkcNAEG9ASEQDKcCCwJAAkACQCAELQAAQb5/ag4SAJEBkQGRAZEBkQGRAZEBkQGRAQGRAZEBkQGRAZEBkQECkQELIARBAWohBEGkASEQDI8CCyAEQQFqIQRBpwEhEAyOAgsgBEEBaiEEQagBIRAMjQILAkAgBCACRw0AQb4BIRAMpgILIAQtAABBzgBHDY0BIARBAWohBAzPAQsCQCAEIAJHDQBBvwEhEAylAgsCQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQCAELQAAQb9/ag4VAAECA5wBBAUGnAGcAZwBBwgJCgucAQwNDg+cAQsgBEEBaiEBQegAIRAMmgILIARBAWohAUHpACEQDJkCCyAEQQFqIQFB7gAhEAyYAgsgBEEBaiEBQfIAIRAMlwILIARBAWohAUHzACEQDJYCCyAEQQFqIQFB9gAhEAyVAgsgBEEBaiEBQfcAIRAMlAILIARBAWohAUH6ACEQDJMCCyAEQQFqIQRBgwEhEAySAgsgBEEBaiEEQYQBIRAMkQILIARBAWohBEGFASEQDJACCyAEQQFqIQRBkgEhEAyPAgsgBEEBaiEEQZgBIRAMjgILIARBAWohBEGgASEQDI0CCyAEQQFqIQRBowEhEAyMAgsgBEEBaiEEQaoBIRAMiwILAkAgBCACRg0AIABBkICAgAA2AgggACAENgIEQasBIRAMiwILQcABIRAMowILIAAgBSACEKqAgIAAIgENiwEgBSEBDFwLAkAgBiACRg0AIAZBAWohBQyNAQtBwgEhEAyhAgsDQAJAIBAtAABBdmoOBIwBAACPAQALIBBBAWoiECACRw0AC0HDASEQDKACCwJAIAcgAkYNACAAQZGAgIAANgIIIAAgBzYCBCAHIQFBASEQDIcCC0HEASEQDJ8CCwJAIAcgAkcNAEHFASEQDJ8CCwJAAkAgBy0AAEF2ag4EAc4BzgEAzgELIAdBAWohBgyNAQsgB0EBaiEFDIkBCwJAIAcgAkcNAEHGASEQDJ4CCwJAAkAgBy0AAEF2ag4XAY8BjwEBjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BAI8BCyAHQQFqIQcLQbABIRAMhAILAkAgCCACRw0AQcgBIRAMnQILIAgtAABBIEcNjQEgAEEAOwEyIAhBAWohAUGzASEQDIMCCyABIRcCQANAIBciByACRg0BIActAABBUGpB/wFxIhBBCk8NzAECQCAALwEyIhRBmTNLDQAgACAUQQpsIhQ7ATIgEEH//wNzIBRB/v8DcUkNACAHQQFqIRcgACAUIBBqIhA7ATIgEEH//wNxQegHSQ0BCwtBACEQIABBADYCHCAAQcGJgIAANgIQIABBDTYCDCAAIAdBAWo2AhQMnAILQccBIRAMmwILIAAgCCACEK6AgIAAIhBFDcoBIBBBFUcNjAEgAEHIATYCHCAAIAg2AhQgAEHJl4CAADYCECAAQRU2AgxBACEQDJoCCwJAIAkgAkcNAEHMASEQDJoCC0EAIRRBASEXQQEhFkEAIRACQAJAAkACQAJAAkACQAJAAkAgCS0AAEFQag4KlgGVAQABAgMEBQYIlwELQQIhEAwGC0EDIRAMBQtBBCEQDAQLQQUhEAwDC0EGIRAMAgtBByEQDAELQQghEAtBACEXQQAhFkEAIRQMjgELQQkhEEEBIRRBACEXQQAhFgyNAQsCQCAKIAJHDQBBzgEhEAyZAgsgCi0AAEEuRw2OASAKQQFqIQkMygELIAsgAkcNjgFB0AEhEAyXAgsCQCALIAJGDQAgAEGOgICAADYCCCAAIAs2AgRBtwEhEAz+AQtB0QEhEAyWAgsCQCAEIAJHDQBB0gEhEAyWAgsgAiAEayAAKAIAIhBqIRQgBCAQa0EEaiELA0AgBC0AACAQQfzPgIAAai0AAEcNjgEgEEEERg3pASAQQQFqIRAgBEEBaiIEIAJHDQALIAAgFDYCAEHSASEQDJUCCyAAIAwgAhCsgICAACIBDY0BIAwhAQy4AQsCQCAEIAJHDQBB1AEhEAyUAgsgAiAEayAAKAIAIhBqIRQgBCAQa0EBaiEMA0AgBC0AACAQQYHQgIAAai0AAEcNjwEgEEEBRg2OASAQQQFqIRAgBEEBaiIEIAJHDQALIAAgFDYCAEHUASEQDJMCCwJAIAQgAkcNAEHWASEQDJMCCyACIARrIAAoAgAiEGohFCAEIBBrQQJqIQsDQCAELQAAIBBBg9CAgABqLQAARw2OASAQQQJGDZABIBBBAWohECAEQQFqIgQgAkcNAAsgACAUNgIAQdYBIRAMkgILAkAgBCACRw0AQdcBIRAMkgILAkACQCAELQAAQbt/ag4QAI8BjwGPAY8BjwGPAY8BjwGPAY8BjwGPAY8BjwEBjwELIARBAWohBEG7ASEQDPkBCyAEQQFqIQRBvAEhEAz4AQsCQCAEIAJHDQBB2AEhEAyRAgsgBC0AAEHIAEcNjAEgBEEBaiEEDMQBCwJAIAQgAkYNACAAQZCAgIAANgIIIAAgBDYCBEG+ASEQDPcBC0HZASEQDI8CCwJAIAQgAkcNAEHaASEQDI8CCyAELQAAQcgARg3DASAAQQE6ACgMuQELIABBAjoALyAAIAQgAhCmgICAACIQDY0BQcIBIRAM9AELIAAtAChBf2oOArcBuQG4AQsDQAJAIAQtAABBdmoOBACOAY4BAI4BCyAEQQFqIgQgAkcNAAtB3QEhEAyLAgsgAEEAOgAvIAAtAC1BBHFFDYQCCyAAQQA6AC8gAEEBOgA0IAEhAQyMAQsgEEEVRg3aASAAQQA2AhwgACABNgIUIABBp46AgAA2AhAgAEESNgIMQQAhEAyIAgsCQCAAIBAgAhC0gICAACIEDQAgECEBDIECCwJAIARBFUcNACAAQQM2AhwgACAQNgIUIABBsJiAgAA2AhAgAEEVNgIMQQAhEAyIAgsgAEEANgIcIAAgEDYCFCAAQaeOgIAANgIQIABBEjYCDEEAIRAMhwILIBBBFUYN1gEgAEEANgIcIAAgATYCFCAAQdqNgIAANgIQIABBFDYCDEEAIRAMhgILIAAoAgQhFyAAQQA2AgQgECARp2oiFiEBIAAgFyAQIBYgFBsiEBC1gICAACIURQ2NASAAQQc2AhwgACAQNgIUIAAgFDYCDEEAIRAMhQILIAAgAC8BMEGAAXI7ATAgASEBC0EqIRAM6gELIBBBFUYN0QEgAEEANgIcIAAgATYCFCAAQYOMgIAANgIQIABBEzYCDEEAIRAMggILIBBBFUYNzwEgAEEANgIcIAAgATYCFCAAQZqPgIAANgIQIABBIjYCDEEAIRAMgQILIAAoAgQhECAAQQA2AgQCQCAAIBAgARC3gICAACIQDQAgAUEBaiEBDI0BCyAAQQw2AhwgACAQNgIMIAAgAUEBajYCFEEAIRAMgAILIBBBFUYNzAEgAEEANgIcIAAgATYCFCAAQZqPgIAANgIQIABBIjYCDEEAIRAM/wELIAAoAgQhECAAQQA2AgQCQCAAIBAgARC3gICAACIQDQAgAUEBaiEBDIwBCyAAQQ02AhwgACAQNgIMIAAgAUEBajYCFEEAIRAM/gELIBBBFUYNyQEgAEEANgIcIAAgATYCFCAAQcaMgIAANgIQIABBIzYCDEEAIRAM/QELIAAoAgQhECAAQQA2AgQCQCAAIBAgARC5gICAACIQDQAgAUEBaiEBDIsBCyAAQQ42AhwgACAQNgIMIAAgAUEBajYCFEEAIRAM/AELIABBADYCHCAAIAE2AhQgAEHAlYCAADYCECAAQQI2AgxBACEQDPsBCyAQQRVGDcUBIABBADYCHCAAIAE2AhQgAEHGjICAADYCECAAQSM2AgxBACEQDPoBCyAAQRA2AhwgACABNgIUIAAgEDYCDEEAIRAM+QELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARC5gICAACIEDQAgAUEBaiEBDPEBCyAAQRE2AhwgACAENgIMIAAgAUEBajYCFEEAIRAM+AELIBBBFUYNwQEgAEEANgIcIAAgATYCFCAAQcaMgIAANgIQIABBIzYCDEEAIRAM9wELIAAoAgQhECAAQQA2AgQCQCAAIBAgARC5gICAACIQDQAgAUEBaiEBDIgBCyAAQRM2AhwgACAQNgIMIAAgAUEBajYCFEEAIRAM9gELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARC5gICAACIEDQAgAUEBaiEBDO0BCyAAQRQ2AhwgACAENgIMIAAgAUEBajYCFEEAIRAM9QELIBBBFUYNvQEgAEEANgIcIAAgATYCFCAAQZqPgIAANgIQIABBIjYCDEEAIRAM9AELIAAoAgQhECAAQQA2AgQCQCAAIBAgARC3gICAACIQDQAgAUEBaiEBDIYBCyAAQRY2AhwgACAQNgIMIAAgAUEBajYCFEEAIRAM8wELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARC3gICAACIEDQAgAUEBaiEBDOkBCyAAQRc2AhwgACAENgIMIAAgAUEBajYCFEEAIRAM8gELIABBADYCHCAAIAE2AhQgAEHNk4CAADYCECAAQQw2AgxBACEQDPEBC0IBIRELIBBBAWohAQJAIAApAyAiEkL//////////w9WDQAgACASQgSGIBGENwMgIAEhAQyEAQsgAEEANgIcIAAgATYCFCAAQa2JgIAANgIQIABBDDYCDEEAIRAM7wELIABBADYCHCAAIBA2AhQgAEHNk4CAADYCECAAQQw2AgxBACEQDO4BCyAAKAIEIRcgAEEANgIEIBAgEadqIhYhASAAIBcgECAWIBQbIhAQtYCAgAAiFEUNcyAAQQU2AhwgACAQNgIUIAAgFDYCDEEAIRAM7QELIABBADYCHCAAIBA2AhQgAEGqnICAADYCECAAQQ82AgxBACEQDOwBCyAAIBAgAhC0gICAACIBDQEgECEBC0EOIRAM0QELAkAgAUEVRw0AIABBAjYCHCAAIBA2AhQgAEGwmICAADYCECAAQRU2AgxBACEQDOoBCyAAQQA2AhwgACAQNgIUIABBp46AgAA2AhAgAEESNgIMQQAhEAzpAQsgAUEBaiEQAkAgAC8BMCIBQYABcUUNAAJAIAAgECACELuAgIAAIgENACAQIQEMcAsgAUEVRw26ASAAQQU2AhwgACAQNgIUIABB+ZeAgAA2AhAgAEEVNgIMQQAhEAzpAQsCQCABQaAEcUGgBEcNACAALQAtQQJxDQAgAEEANgIcIAAgEDYCFCAAQZaTgIAANgIQIABBBDYCDEEAIRAM6QELIAAgECACEL2AgIAAGiAQIQECQAJAAkACQAJAIAAgECACELOAgIAADhYCAQAEBAQEBAQEBAQEBAQEBAQEBAQDBAsgAEEBOgAuCyAAIAAvATBBwAByOwEwIBAhAQtBJiEQDNEBCyAAQSM2AhwgACAQNgIUIABBpZaAgAA2AhAgAEEVNgIMQQAhEAzpAQsgAEEANgIcIAAgEDYCFCAAQdWLgIAANgIQIABBETYCDEEAIRAM6AELIAAtAC1BAXFFDQFBwwEhEAzOAQsCQCANIAJGDQADQAJAIA0tAABBIEYNACANIQEMxAELIA1BAWoiDSACRw0AC0ElIRAM5wELQSUhEAzmAQsgACgCBCEEIABBADYCBCAAIAQgDRCvgICAACIERQ2tASAAQSY2AhwgACAENgIMIAAgDUEBajYCFEEAIRAM5QELIBBBFUYNqwEgAEEANgIcIAAgATYCFCAAQf2NgIAANgIQIABBHTYCDEEAIRAM5AELIABBJzYCHCAAIAE2AhQgACAQNgIMQQAhEAzjAQsgECEBQQEhFAJAAkACQAJAAkACQAJAIAAtACxBfmoOBwYFBQMBAgAFCyAAIAAvATBBCHI7ATAMAwtBAiEUDAELQQQhFAsgAEEBOgAsIAAgAC8BMCAUcjsBMAsgECEBC0ErIRAMygELIABBADYCHCAAIBA2AhQgAEGrkoCAADYCECAAQQs2AgxBACEQDOIBCyAAQQA2AhwgACABNgIUIABB4Y+AgAA2AhAgAEEKNgIMQQAhEAzhAQsgAEEAOgAsIBAhAQy9AQsgECEBQQEhFAJAAkACQAJAAkAgAC0ALEF7ag4EAwECAAULIAAgAC8BMEEIcjsBMAwDC0ECIRQMAQtBBCEUCyAAQQE6ACwgACAALwEwIBRyOwEwCyAQIQELQSkhEAzFAQsgAEEANgIcIAAgATYCFCAAQfCUgIAANgIQIABBAzYCDEEAIRAM3QELAkAgDi0AAEENRw0AIAAoAgQhASAAQQA2AgQCQCAAIAEgDhCxgICAACIBDQAgDkEBaiEBDHULIABBLDYCHCAAIAE2AgwgACAOQQFqNgIUQQAhEAzdAQsgAC0ALUEBcUUNAUHEASEQDMMBCwJAIA4gAkcNAEEtIRAM3AELAkACQANAAkAgDi0AAEF2ag4EAgAAAwALIA5BAWoiDiACRw0AC0EtIRAM3QELIAAoAgQhASAAQQA2AgQCQCAAIAEgDhCxgICAACIBDQAgDiEBDHQLIABBLDYCHCAAIA42AhQgACABNgIMQQAhEAzcAQsgACgCBCEBIABBADYCBAJAIAAgASAOELGAgIAAIgENACAOQQFqIQEMcwsgAEEsNgIcIAAgATYCDCAAIA5BAWo2AhRBACEQDNsBCyAAKAIEIQQgAEEANgIEIAAgBCAOELGAgIAAIgQNoAEgDiEBDM4BCyAQQSxHDQEgAUEBaiEQQQEhAQJAAkACQAJAAkAgAC0ALEF7ag4EAwECBAALIBAhAQwEC0ECIQEMAQtBBCEBCyAAQQE6ACwgACAALwEwIAFyOwEwIBAhAQwBCyAAIAAvATBBCHI7ATAgECEBC0E5IRAMvwELIABBADoALCABIQELQTQhEAy9AQsgACAALwEwQSByOwEwIAEhAQwCCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQsYCAgAAiBA0AIAEhAQzHAQsgAEE3NgIcIAAgATYCFCAAIAQ2AgxBACEQDNQBCyAAQQg6ACwgASEBC0EwIRAMuQELAkAgAC0AKEEBRg0AIAEhAQwECyAALQAtQQhxRQ2TASABIQEMAwsgAC0AMEEgcQ2UAUHFASEQDLcBCwJAIA8gAkYNAAJAA0ACQCAPLQAAQVBqIgFB/wFxQQpJDQAgDyEBQTUhEAy6AQsgACkDICIRQpmz5syZs+bMGVYNASAAIBFCCn4iETcDICARIAGtQv8BgyISQn+FVg0BIAAgESASfDcDICAPQQFqIg8gAkcNAAtBOSEQDNEBCyAAKAIEIQIgAEEANgIEIAAgAiAPQQFqIgQQsYCAgAAiAg2VASAEIQEMwwELQTkhEAzPAQsCQCAALwEwIgFBCHFFDQAgAC0AKEEBRw0AIAAtAC1BCHFFDZABCyAAIAFB9/sDcUGABHI7ATAgDyEBC0E3IRAMtAELIAAgAC8BMEEQcjsBMAyrAQsgEEEVRg2LASAAQQA2AhwgACABNgIUIABB8I6AgAA2AhAgAEEcNgIMQQAhEAzLAQsgAEHDADYCHCAAIAE2AgwgACANQQFqNgIUQQAhEAzKAQsCQCABLQAAQTpHDQAgACgCBCEQIABBADYCBAJAIAAgECABEK+AgIAAIhANACABQQFqIQEMYwsgAEHDADYCHCAAIBA2AgwgACABQQFqNgIUQQAhEAzKAQsgAEEANgIcIAAgATYCFCAAQbGRgIAANgIQIABBCjYCDEEAIRAMyQELIABBADYCHCAAIAE2AhQgAEGgmYCAADYCECAAQR42AgxBACEQDMgBCyAAQQA2AgALIABBgBI7ASogACAXQQFqIgEgAhCogICAACIQDQEgASEBC0HHACEQDKwBCyAQQRVHDYMBIABB0QA2AhwgACABNgIUIABB45eAgAA2AhAgAEEVNgIMQQAhEAzEAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMXgsgAEHSADYCHCAAIAE2AhQgACAQNgIMQQAhEAzDAQsgAEEANgIcIAAgFDYCFCAAQcGogIAANgIQIABBBzYCDCAAQQA2AgBBACEQDMIBCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxdCyAAQdMANgIcIAAgATYCFCAAIBA2AgxBACEQDMEBC0EAIRAgAEEANgIcIAAgATYCFCAAQYCRgIAANgIQIABBCTYCDAzAAQsgEEEVRg19IABBADYCHCAAIAE2AhQgAEGUjYCAADYCECAAQSE2AgxBACEQDL8BC0EBIRZBACEXQQAhFEEBIRALIAAgEDoAKyABQQFqIQECQAJAIAAtAC1BEHENAAJAAkACQCAALQAqDgMBAAIECyAWRQ0DDAILIBQNAQwCCyAXRQ0BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQrYCAgAAiEA0AIAEhAQxcCyAAQdgANgIcIAAgATYCFCAAIBA2AgxBACEQDL4BCyAAKAIEIQQgAEEANgIEAkAgACAEIAEQrYCAgAAiBA0AIAEhAQytAQsgAEHZADYCHCAAIAE2AhQgACAENgIMQQAhEAy9AQsgACgCBCEEIABBADYCBAJAIAAgBCABEK2AgIAAIgQNACABIQEMqwELIABB2gA2AhwgACABNgIUIAAgBDYCDEEAIRAMvAELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARCtgICAACIEDQAgASEBDKkBCyAAQdwANgIcIAAgATYCFCAAIAQ2AgxBACEQDLsBCwJAIAEtAABBUGoiEEH/AXFBCk8NACAAIBA6ACogAUEBaiEBQc8AIRAMogELIAAoAgQhBCAAQQA2AgQCQCAAIAQgARCtgICAACIEDQAgASEBDKcBCyAAQd4ANgIcIAAgATYCFCAAIAQ2AgxBACEQDLoBCyAAQQA2AgAgF0EBaiEBAkAgAC0AKUEjTw0AIAEhAQxZCyAAQQA2AhwgACABNgIUIABB04mAgAA2AhAgAEEINgIMQQAhEAy5AQsgAEEANgIAC0EAIRAgAEEANgIcIAAgATYCFCAAQZCzgIAANgIQIABBCDYCDAy3AQsgAEEANgIAIBdBAWohAQJAIAAtAClBIUcNACABIQEMVgsgAEEANgIcIAAgATYCFCAAQZuKgIAANgIQIABBCDYCDEEAIRAMtgELIABBADYCACAXQQFqIQECQCAALQApIhBBXWpBC08NACABIQEMVQsCQCAQQQZLDQBBASAQdEHKAHFFDQAgASEBDFULQQAhECAAQQA2AhwgACABNgIUIABB94mAgAA2AhAgAEEINgIMDLUBCyAQQRVGDXEgAEEANgIcIAAgATYCFCAAQbmNgIAANgIQIABBGjYCDEEAIRAMtAELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDFQLIABB5QA2AhwgACABNgIUIAAgEDYCDEEAIRAMswELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDE0LIABB0gA2AhwgACABNgIUIAAgEDYCDEEAIRAMsgELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDE0LIABB0wA2AhwgACABNgIUIAAgEDYCDEEAIRAMsQELIAAoAgQhECAAQQA2AgQCQCAAIBAgARCngICAACIQDQAgASEBDFELIABB5QA2AhwgACABNgIUIAAgEDYCDEEAIRAMsAELIABBADYCHCAAIAE2AhQgAEHGioCAADYCECAAQQc2AgxBACEQDK8BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxJCyAAQdIANgIcIAAgATYCFCAAIBA2AgxBACEQDK4BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxJCyAAQdMANgIcIAAgATYCFCAAIBA2AgxBACEQDK0BCyAAKAIEIRAgAEEANgIEAkAgACAQIAEQp4CAgAAiEA0AIAEhAQxNCyAAQeUANgIcIAAgATYCFCAAIBA2AgxBACEQDKwBCyAAQQA2AhwgACABNgIUIABB3IiAgAA2AhAgAEEHNgIMQQAhEAyrAQsgEEE/Rw0BIAFBAWohAQtBBSEQDJABC0EAIRAgAEEANgIcIAAgATYCFCAAQf2SgIAANgIQIABBBzYCDAyoAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMQgsgAEHSADYCHCAAIAE2AhQgACAQNgIMQQAhEAynAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMQgsgAEHTADYCHCAAIAE2AhQgACAQNgIMQQAhEAymAQsgACgCBCEQIABBADYCBAJAIAAgECABEKeAgIAAIhANACABIQEMRgsgAEHlADYCHCAAIAE2AhQgACAQNgIMQQAhEAylAQsgACgCBCEBIABBADYCBAJAIAAgASAUEKeAgIAAIgENACAUIQEMPwsgAEHSADYCHCAAIBQ2AhQgACABNgIMQQAhEAykAQsgACgCBCEBIABBADYCBAJAIAAgASAUEKeAgIAAIgENACAUIQEMPwsgAEHTADYCHCAAIBQ2AhQgACABNgIMQQAhEAyjAQsgACgCBCEBIABBADYCBAJAIAAgASAUEKeAgIAAIgENACAUIQEMQwsgAEHlADYCHCAAIBQ2AhQgACABNgIMQQAhEAyiAQsgAEEANgIcIAAgFDYCFCAAQcOPgIAANgIQIABBBzYCDEEAIRAMoQELIABBADYCHCAAIAE2AhQgAEHDj4CAADYCECAAQQc2AgxBACEQDKABC0EAIRAgAEEANgIcIAAgFDYCFCAAQYycgIAANgIQIABBBzYCDAyfAQsgAEEANgIcIAAgFDYCFCAAQYycgIAANgIQIABBBzYCDEEAIRAMngELIABBADYCHCAAIBQ2AhQgAEH+kYCAADYCECAAQQc2AgxBACEQDJ0BCyAAQQA2AhwgACABNgIUIABBjpuAgAA2AhAgAEEGNgIMQQAhEAycAQsgEEEVRg1XIABBADYCHCAAIAE2AhQgAEHMjoCAADYCECAAQSA2AgxBACEQDJsBCyAAQQA2AgAgEEEBaiEBQSQhEAsgACAQOgApIAAoAgQhECAAQQA2AgQgACAQIAEQq4CAgAAiEA1UIAEhAQw+CyAAQQA2AgALQQAhECAAQQA2AhwgACAENgIUIABB8ZuAgAA2AhAgAEEGNgIMDJcBCyABQRVGDVAgAEEANgIcIAAgBTYCFCAAQfCMgIAANgIQIABBGzYCDEEAIRAMlgELIAAoAgQhBSAAQQA2AgQgACAFIBAQqYCAgAAiBQ0BIBBBAWohBQtBrQEhEAx7CyAAQcEBNgIcIAAgBTYCDCAAIBBBAWo2AhRBACEQDJMBCyAAKAIEIQYgAEEANgIEIAAgBiAQEKmAgIAAIgYNASAQQQFqIQYLQa4BIRAMeAsgAEHCATYCHCAAIAY2AgwgACAQQQFqNgIUQQAhEAyQAQsgAEEANgIcIAAgBzYCFCAAQZeLgIAANgIQIABBDTYCDEEAIRAMjwELIABBADYCHCAAIAg2AhQgAEHjkICAADYCECAAQQk2AgxBACEQDI4BCyAAQQA2AhwgACAINgIUIABBlI2AgAA2AhAgAEEhNgIMQQAhEAyNAQtBASEWQQAhF0EAIRRBASEQCyAAIBA6ACsgCUEBaiEIAkACQCAALQAtQRBxDQACQAJAAkAgAC0AKg4DAQACBAsgFkUNAwwCCyAUDQEMAgsgF0UNAQsgACgCBCEQIABBADYCBCAAIBAgCBCtgICAACIQRQ09IABByQE2AhwgACAINgIUIAAgEDYCDEEAIRAMjAELIAAoAgQhBCAAQQA2AgQgACAEIAgQrYCAgAAiBEUNdiAAQcoBNgIcIAAgCDYCFCAAIAQ2AgxBACEQDIsBCyAAKAIEIQQgAEEANgIEIAAgBCAJEK2AgIAAIgRFDXQgAEHLATYCHCAAIAk2AhQgACAENgIMQQAhEAyKAQsgACgCBCEEIABBADYCBCAAIAQgChCtgICAACIERQ1yIABBzQE2AhwgACAKNgIUIAAgBDYCDEEAIRAMiQELAkAgCy0AAEFQaiIQQf8BcUEKTw0AIAAgEDoAKiALQQFqIQpBtgEhEAxwCyAAKAIEIQQgAEEANgIEIAAgBCALEK2AgIAAIgRFDXAgAEHPATYCHCAAIAs2AhQgACAENgIMQQAhEAyIAQsgAEEANgIcIAAgBDYCFCAAQZCzgIAANgIQIABBCDYCDCAAQQA2AgBBACEQDIcBCyABQRVGDT8gAEEANgIcIAAgDDYCFCAAQcyOgIAANgIQIABBIDYCDEEAIRAMhgELIABBgQQ7ASggACgCBCEQIABCADcDACAAIBAgDEEBaiIMEKuAgIAAIhBFDTggAEHTATYCHCAAIAw2AhQgACAQNgIMQQAhEAyFAQsgAEEANgIAC0EAIRAgAEEANgIcIAAgBDYCFCAAQdibgIAANgIQIABBCDYCDAyDAQsgACgCBCEQIABCADcDACAAIBAgC0EBaiILEKuAgIAAIhANAUHGASEQDGkLIABBAjoAKAxVCyAAQdUBNgIcIAAgCzYCFCAAIBA2AgxBACEQDIABCyAQQRVGDTcgAEEANgIcIAAgBDYCFCAAQaSMgIAANgIQIABBEDYCDEEAIRAMfwsgAC0ANEEBRw00IAAgBCACELyAgIAAIhBFDTQgEEEVRw01IABB3AE2AhwgACAENgIUIABB1ZaAgAA2AhAgAEEVNgIMQQAhEAx+C0EAIRAgAEEANgIcIABBr4uAgAA2AhAgAEECNgIMIAAgFEEBajYCFAx9C0EAIRAMYwtBAiEQDGILQQ0hEAxhC0EPIRAMYAtBJSEQDF8LQRMhEAxeC0EVIRAMXQtBFiEQDFwLQRchEAxbC0EYIRAMWgtBGSEQDFkLQRohEAxYC0EbIRAMVwtBHCEQDFYLQR0hEAxVC0EfIRAMVAtBISEQDFMLQSMhEAxSC0HGACEQDFELQS4hEAxQC0EvIRAMTwtBOyEQDE4LQT0hEAxNC0HIACEQDEwLQckAIRAMSwtBywAhEAxKC0HMACEQDEkLQc4AIRAMSAtB0QAhEAxHC0HVACEQDEYLQdgAIRAMRQtB2QAhEAxEC0HbACEQDEMLQeQAIRAMQgtB5QAhEAxBC0HxACEQDEALQfQAIRAMPwtBjQEhEAw+C0GXASEQDD0LQakBIRAMPAtBrAEhEAw7C0HAASEQDDoLQbkBIRAMOQtBrwEhEAw4C0GxASEQDDcLQbIBIRAMNgtBtAEhEAw1C0G1ASEQDDQLQboBIRAMMwtBvQEhEAwyC0G/ASEQDDELQcEBIRAMMAsgAEEANgIcIAAgBDYCFCAAQemLgIAANgIQIABBHzYCDEEAIRAMSAsgAEHbATYCHCAAIAQ2AhQgAEH6loCAADYCECAAQRU2AgxBACEQDEcLIABB+AA2AhwgACAMNgIUIABBypiAgAA2AhAgAEEVNgIMQQAhEAxGCyAAQdEANgIcIAAgBTYCFCAAQbCXgIAANgIQIABBFTYCDEEAIRAMRQsgAEH5ADYCHCAAIAE2AhQgACAQNgIMQQAhEAxECyAAQfgANgIcIAAgATYCFCAAQcqYgIAANgIQIABBFTYCDEEAIRAMQwsgAEHkADYCHCAAIAE2AhQgAEHjl4CAADYCECAAQRU2AgxBACEQDEILIABB1wA2AhwgACABNgIUIABByZeAgAA2AhAgAEEVNgIMQQAhEAxBCyAAQQA2AhwgACABNgIUIABBuY2AgAA2AhAgAEEaNgIMQQAhEAxACyAAQcIANgIcIAAgATYCFCAAQeOYgIAANgIQIABBFTYCDEEAIRAMPwsgAEEANgIEIAAgDyAPELGAgIAAIgRFDQEgAEE6NgIcIAAgBDYCDCAAIA9BAWo2AhRBACEQDD4LIAAoAgQhBCAAQQA2AgQCQCAAIAQgARCxgICAACIERQ0AIABBOzYCHCAAIAQ2AgwgACABQQFqNgIUQQAhEAw+CyABQQFqIQEMLQsgD0EBaiEBDC0LIABBADYCHCAAIA82AhQgAEHkkoCAADYCECAAQQQ2AgxBACEQDDsLIABBNjYCHCAAIAQ2AhQgACACNgIMQQAhEAw6CyAAQS42AhwgACAONgIUIAAgBDYCDEEAIRAMOQsgAEHQADYCHCAAIAE2AhQgAEGRmICAADYCECAAQRU2AgxBACEQDDgLIA1BAWohAQwsCyAAQRU2AhwgACABNgIUIABBgpmAgAA2AhAgAEEVNgIMQQAhEAw2CyAAQRs2AhwgACABNgIUIABBkZeAgAA2AhAgAEEVNgIMQQAhEAw1CyAAQQ82AhwgACABNgIUIABBkZeAgAA2AhAgAEEVNgIMQQAhEAw0CyAAQQs2AhwgACABNgIUIABBkZeAgAA2AhAgAEEVNgIMQQAhEAwzCyAAQRo2AhwgACABNgIUIABBgpmAgAA2AhAgAEEVNgIMQQAhEAwyCyAAQQs2AhwgACABNgIUIABBgpmAgAA2AhAgAEEVNgIMQQAhEAwxCyAAQQo2AhwgACABNgIUIABB5JaAgAA2AhAgAEEVNgIMQQAhEAwwCyAAQR42AhwgACABNgIUIABB+ZeAgAA2AhAgAEEVNgIMQQAhEAwvCyAAQQA2AhwgACAQNgIUIABB2o2AgAA2AhAgAEEUNgIMQQAhEAwuCyAAQQQ2AhwgACABNgIUIABBsJiAgAA2AhAgAEEVNgIMQQAhEAwtCyAAQQA2AgAgC0EBaiELC0G4ASEQDBILIABBADYCACAQQQFqIQFB9QAhEAwRCyABIQECQCAALQApQQVHDQBB4wAhEAwRC0HiACEQDBALQQAhECAAQQA2AhwgAEHkkYCAADYCECAAQQc2AgwgACAUQQFqNgIUDCgLIABBADYCACAXQQFqIQFBwAAhEAwOC0EBIQELIAAgAToALCAAQQA2AgAgF0EBaiEBC0EoIRAMCwsgASEBC0E4IRAMCQsCQCABIg8gAkYNAANAAkAgDy0AAEGAvoCAAGotAAAiAUEBRg0AIAFBAkcNAyAPQQFqIQEMBAsgD0EBaiIPIAJHDQALQT4hEAwiC0E+IRAMIQsgAEEAOgAsIA8hAQwBC0ELIRAMBgtBOiEQDAULIAFBAWohAUEtIRAMBAsgACABOgAsIABBADYCACAWQQFqIQFBDCEQDAMLIABBADYCACAXQQFqIQFBCiEQDAILIABBADYCAAsgAEEAOgAsIA0hAUEJIRAMAAsLQQAhECAAQQA2AhwgACALNgIUIABBzZCAgAA2AhAgAEEJNgIMDBcLQQAhECAAQQA2AhwgACAKNgIUIABB6YqAgAA2AhAgAEEJNgIMDBYLQQAhECAAQQA2AhwgACAJNgIUIABBt5CAgAA2AhAgAEEJNgIMDBULQQAhECAAQQA2AhwgACAINgIUIABBnJGAgAA2AhAgAEEJNgIMDBQLQQAhECAAQQA2AhwgACABNgIUIABBzZCAgAA2AhAgAEEJNgIMDBMLQQAhECAAQQA2AhwgACABNgIUIABB6YqAgAA2AhAgAEEJNgIMDBILQQAhECAAQQA2AhwgACABNgIUIABBt5CAgAA2AhAgAEEJNgIMDBELQQAhECAAQQA2AhwgACABNgIUIABBnJGAgAA2AhAgAEEJNgIMDBALQQAhECAAQQA2AhwgACABNgIUIABBl5WAgAA2AhAgAEEPNgIMDA8LQQAhECAAQQA2AhwgACABNgIUIABBl5WAgAA2AhAgAEEPNgIMDA4LQQAhECAAQQA2AhwgACABNgIUIABBwJKAgAA2AhAgAEELNgIMDA0LQQAhECAAQQA2AhwgACABNgIUIABBlYmAgAA2AhAgAEELNgIMDAwLQQAhECAAQQA2AhwgACABNgIUIABB4Y+AgAA2AhAgAEEKNgIMDAsLQQAhECAAQQA2AhwgACABNgIUIABB+4+AgAA2AhAgAEEKNgIMDAoLQQAhECAAQQA2AhwgACABNgIUIABB8ZmAgAA2AhAgAEECNgIMDAkLQQAhECAAQQA2AhwgACABNgIUIABBxJSAgAA2AhAgAEECNgIMDAgLQQAhECAAQQA2AhwgACABNgIUIABB8pWAgAA2AhAgAEECNgIMDAcLIABBAjYCHCAAIAE2AhQgAEGcmoCAADYCECAAQRY2AgxBACEQDAYLQQEhEAwFC0HUACEQIAEiBCACRg0EIANBCGogACAEIAJB2MKAgABBChDFgICAACADKAIMIQQgAygCCA4DAQQCAAsQyoCAgAAACyAAQQA2AhwgAEG1moCAADYCECAAQRc2AgwgACAEQQFqNgIUQQAhEAwCCyAAQQA2AhwgACAENgIUIABBypqAgAA2AhAgAEEJNgIMQQAhEAwBCwJAIAEiBCACRw0AQSIhEAwBCyAAQYmAgIAANgIIIAAgBDYCBEEhIRALIANBEGokgICAgAAgEAuvAQECfyABKAIAIQYCQAJAIAIgA0YNACAEIAZqIQQgBiADaiACayEHIAIgBkF/cyAFaiIGaiEFA0ACQCACLQAAIAQtAABGDQBBAiEEDAMLAkAgBg0AQQAhBCAFIQIMAwsgBkF/aiEGIARBAWohBCACQQFqIgIgA0cNAAsgByEGIAMhAgsgAEEBNgIAIAEgBjYCACAAIAI2AgQPCyABQQA2AgAgACAENgIAIAAgAjYCBAsKACAAEMeAgIAAC/I2AQt/I4CAgIAAQRBrIgEkgICAgAACQEEAKAKg0ICAAA0AQQAQy4CAgABBgNSEgABrIgJB2QBJDQBBACEDAkBBACgC4NOAgAAiBA0AQQBCfzcC7NOAgABBAEKAgISAgIDAADcC5NOAgABBACABQQhqQXBxQdiq1aoFcyIENgLg04CAAEEAQQA2AvTTgIAAQQBBADYCxNOAgAALQQAgAjYCzNOAgABBAEGA1ISAADYCyNOAgABBAEGA1ISAADYCmNCAgABBACAENgKs0ICAAEEAQX82AqjQgIAAA0AgA0HE0ICAAGogA0G40ICAAGoiBDYCACAEIANBsNCAgABqIgU2AgAgA0G80ICAAGogBTYCACADQczQgIAAaiADQcDQgIAAaiIFNgIAIAUgBDYCACADQdTQgIAAaiADQcjQgIAAaiIENgIAIAQgBTYCACADQdDQgIAAaiAENgIAIANBIGoiA0GAAkcNAAtBgNSEgABBeEGA1ISAAGtBD3FBAEGA1ISAAEEIakEPcRsiA2oiBEEEaiACQUhqIgUgA2siA0EBcjYCAEEAQQAoAvDTgIAANgKk0ICAAEEAIAM2ApTQgIAAQQAgBDYCoNCAgABBgNSEgAAgBWpBODYCBAsCQAJAAkACQAJAAkACQAJAAkACQAJAAkAgAEHsAUsNAAJAQQAoAojQgIAAIgZBECAAQRNqQXBxIABBC0kbIgJBA3YiBHYiA0EDcUUNAAJAAkAgA0EBcSAEckEBcyIFQQN0IgRBsNCAgABqIgMgBEG40ICAAGooAgAiBCgCCCICRw0AQQAgBkF+IAV3cTYCiNCAgAAMAQsgAyACNgIIIAIgAzYCDAsgBEEIaiEDIAQgBUEDdCIFQQNyNgIEIAQgBWoiBCAEKAIEQQFyNgIEDAwLIAJBACgCkNCAgAAiB00NAQJAIANFDQACQAJAIAMgBHRBAiAEdCIDQQAgA2tycSIDQQAgA2txQX9qIgMgA0EMdkEQcSIDdiIEQQV2QQhxIgUgA3IgBCAFdiIDQQJ2QQRxIgRyIAMgBHYiA0EBdkECcSIEciADIAR2IgNBAXZBAXEiBHIgAyAEdmoiBEEDdCIDQbDQgIAAaiIFIANBuNCAgABqKAIAIgMoAggiAEcNAEEAIAZBfiAEd3EiBjYCiNCAgAAMAQsgBSAANgIIIAAgBTYCDAsgAyACQQNyNgIEIAMgBEEDdCIEaiAEIAJrIgU2AgAgAyACaiIAIAVBAXI2AgQCQCAHRQ0AIAdBeHFBsNCAgABqIQJBACgCnNCAgAAhBAJAAkAgBkEBIAdBA3Z0IghxDQBBACAGIAhyNgKI0ICAACACIQgMAQsgAigCCCEICyAIIAQ2AgwgAiAENgIIIAQgAjYCDCAEIAg2AggLIANBCGohA0EAIAA2ApzQgIAAQQAgBTYCkNCAgAAMDAtBACgCjNCAgAAiCUUNASAJQQAgCWtxQX9qIgMgA0EMdkEQcSIDdiIEQQV2QQhxIgUgA3IgBCAFdiIDQQJ2QQRxIgRyIAMgBHYiA0EBdkECcSIEciADIAR2IgNBAXZBAXEiBHIgAyAEdmpBAnRBuNKAgABqKAIAIgAoAgRBeHEgAmshBCAAIQUCQANAAkAgBSgCECIDDQAgBUEUaigCACIDRQ0CCyADKAIEQXhxIAJrIgUgBCAFIARJIgUbIQQgAyAAIAUbIQAgAyEFDAALCyAAKAIYIQoCQCAAKAIMIgggAEYNACAAKAIIIgNBACgCmNCAgABJGiAIIAM2AgggAyAINgIMDAsLAkAgAEEUaiIFKAIAIgMNACAAKAIQIgNFDQMgAEEQaiEFCwNAIAUhCyADIghBFGoiBSgCACIDDQAgCEEQaiEFIAgoAhAiAw0ACyALQQA2AgAMCgtBfyECIABBv39LDQAgAEETaiIDQXBxIQJBACgCjNCAgAAiB0UNAEEAIQsCQCACQYACSQ0AQR8hCyACQf///wdLDQAgA0EIdiIDIANBgP4/akEQdkEIcSIDdCIEIARBgOAfakEQdkEEcSIEdCIFIAVBgIAPakEQdkECcSIFdEEPdiADIARyIAVyayIDQQF0IAIgA0EVanZBAXFyQRxqIQsLQQAgAmshBAJAAkACQAJAIAtBAnRBuNKAgABqKAIAIgUNAEEAIQNBACEIDAELQQAhAyACQQBBGSALQQF2ayALQR9GG3QhAEEAIQgDQAJAIAUoAgRBeHEgAmsiBiAETw0AIAYhBCAFIQggBg0AQQAhBCAFIQggBSEDDAMLIAMgBUEUaigCACIGIAYgBSAAQR12QQRxakEQaigCACIFRhsgAyAGGyEDIABBAXQhACAFDQALCwJAIAMgCHINAEEAIQhBAiALdCIDQQAgA2tyIAdxIgNFDQMgA0EAIANrcUF/aiIDIANBDHZBEHEiA3YiBUEFdkEIcSIAIANyIAUgAHYiA0ECdkEEcSIFciADIAV2IgNBAXZBAnEiBXIgAyAFdiIDQQF2QQFxIgVyIAMgBXZqQQJ0QbjSgIAAaigCACEDCyADRQ0BCwNAIAMoAgRBeHEgAmsiBiAESSEAAkAgAygCECIFDQAgA0EUaigCACEFCyAGIAQgABshBCADIAggABshCCAFIQMgBQ0ACwsgCEUNACAEQQAoApDQgIAAIAJrTw0AIAgoAhghCwJAIAgoAgwiACAIRg0AIAgoAggiA0EAKAKY0ICAAEkaIAAgAzYCCCADIAA2AgwMCQsCQCAIQRRqIgUoAgAiAw0AIAgoAhAiA0UNAyAIQRBqIQULA0AgBSEGIAMiAEEUaiIFKAIAIgMNACAAQRBqIQUgACgCECIDDQALIAZBADYCAAwICwJAQQAoApDQgIAAIgMgAkkNAEEAKAKc0ICAACEEAkACQCADIAJrIgVBEEkNACAEIAJqIgAgBUEBcjYCBEEAIAU2ApDQgIAAQQAgADYCnNCAgAAgBCADaiAFNgIAIAQgAkEDcjYCBAwBCyAEIANBA3I2AgQgBCADaiIDIAMoAgRBAXI2AgRBAEEANgKc0ICAAEEAQQA2ApDQgIAACyAEQQhqIQMMCgsCQEEAKAKU0ICAACIAIAJNDQBBACgCoNCAgAAiAyACaiIEIAAgAmsiBUEBcjYCBEEAIAU2ApTQgIAAQQAgBDYCoNCAgAAgAyACQQNyNgIEIANBCGohAwwKCwJAAkBBACgC4NOAgABFDQBBACgC6NOAgAAhBAwBC0EAQn83AuzTgIAAQQBCgICEgICAwAA3AuTTgIAAQQAgAUEMakFwcUHYqtWqBXM2AuDTgIAAQQBBADYC9NOAgABBAEEANgLE04CAAEGAgAQhBAtBACEDAkAgBCACQccAaiIHaiIGQQAgBGsiC3EiCCACSw0AQQBBMDYC+NOAgAAMCgsCQEEAKALA04CAACIDRQ0AAkBBACgCuNOAgAAiBCAIaiIFIARNDQAgBSADTQ0BC0EAIQNBAEEwNgL404CAAAwKC0EALQDE04CAAEEEcQ0EAkACQAJAQQAoAqDQgIAAIgRFDQBByNOAgAAhAwNAAkAgAygCACIFIARLDQAgBSADKAIEaiAESw0DCyADKAIIIgMNAAsLQQAQy4CAgAAiAEF/Rg0FIAghBgJAQQAoAuTTgIAAIgNBf2oiBCAAcUUNACAIIABrIAQgAGpBACADa3FqIQYLIAYgAk0NBSAGQf7///8HSw0FAkBBACgCwNOAgAAiA0UNAEEAKAK404CAACIEIAZqIgUgBE0NBiAFIANLDQYLIAYQy4CAgAAiAyAARw0BDAcLIAYgAGsgC3EiBkH+////B0sNBCAGEMuAgIAAIgAgAygCACADKAIEakYNAyAAIQMLAkAgA0F/Rg0AIAJByABqIAZNDQACQCAHIAZrQQAoAujTgIAAIgRqQQAgBGtxIgRB/v///wdNDQAgAyEADAcLAkAgBBDLgICAAEF/Rg0AIAQgBmohBiADIQAMBwtBACAGaxDLgICAABoMBAsgAyEAIANBf0cNBQwDC0EAIQgMBwtBACEADAULIABBf0cNAgtBAEEAKALE04CAAEEEcjYCxNOAgAALIAhB/v///wdLDQEgCBDLgICAACEAQQAQy4CAgAAhAyAAQX9GDQEgA0F/Rg0BIAAgA08NASADIABrIgYgAkE4ak0NAQtBAEEAKAK404CAACAGaiIDNgK404CAAAJAIANBACgCvNOAgABNDQBBACADNgK804CAAAsCQAJAAkACQEEAKAKg0ICAACIERQ0AQcjTgIAAIQMDQCAAIAMoAgAiBSADKAIEIghqRg0CIAMoAggiAw0ADAMLCwJAAkBBACgCmNCAgAAiA0UNACAAIANPDQELQQAgADYCmNCAgAALQQAhA0EAIAY2AszTgIAAQQAgADYCyNOAgABBAEF/NgKo0ICAAEEAQQAoAuDTgIAANgKs0ICAAEEAQQA2AtTTgIAAA0AgA0HE0ICAAGogA0G40ICAAGoiBDYCACAEIANBsNCAgABqIgU2AgAgA0G80ICAAGogBTYCACADQczQgIAAaiADQcDQgIAAaiIFNgIAIAUgBDYCACADQdTQgIAAaiADQcjQgIAAaiIENgIAIAQgBTYCACADQdDQgIAAaiAENgIAIANBIGoiA0GAAkcNAAsgAEF4IABrQQ9xQQAgAEEIakEPcRsiA2oiBCAGQUhqIgUgA2siA0EBcjYCBEEAQQAoAvDTgIAANgKk0ICAAEEAIAM2ApTQgIAAQQAgBDYCoNCAgAAgACAFakE4NgIEDAILIAMtAAxBCHENACAEIAVJDQAgBCAATw0AIARBeCAEa0EPcUEAIARBCGpBD3EbIgVqIgBBACgClNCAgAAgBmoiCyAFayIFQQFyNgIEIAMgCCAGajYCBEEAQQAoAvDTgIAANgKk0ICAAEEAIAU2ApTQgIAAQQAgADYCoNCAgAAgBCALakE4NgIEDAELAkAgAEEAKAKY0ICAACIITw0AQQAgADYCmNCAgAAgACEICyAAIAZqIQVByNOAgAAhAwJAAkACQAJAAkACQAJAA0AgAygCACAFRg0BIAMoAggiAw0ADAILCyADLQAMQQhxRQ0BC0HI04CAACEDA0ACQCADKAIAIgUgBEsNACAFIAMoAgRqIgUgBEsNAwsgAygCCCEDDAALCyADIAA2AgAgAyADKAIEIAZqNgIEIABBeCAAa0EPcUEAIABBCGpBD3EbaiILIAJBA3I2AgQgBUF4IAVrQQ9xQQAgBUEIakEPcRtqIgYgCyACaiICayEDAkAgBiAERw0AQQAgAjYCoNCAgABBAEEAKAKU0ICAACADaiIDNgKU0ICAACACIANBAXI2AgQMAwsCQCAGQQAoApzQgIAARw0AQQAgAjYCnNCAgABBAEEAKAKQ0ICAACADaiIDNgKQ0ICAACACIANBAXI2AgQgAiADaiADNgIADAMLAkAgBigCBCIEQQNxQQFHDQAgBEF4cSEHAkACQCAEQf8BSw0AIAYoAggiBSAEQQN2IghBA3RBsNCAgABqIgBGGgJAIAYoAgwiBCAFRw0AQQBBACgCiNCAgABBfiAId3E2AojQgIAADAILIAQgAEYaIAQgBTYCCCAFIAQ2AgwMAQsgBigCGCEJAkACQCAGKAIMIgAgBkYNACAGKAIIIgQgCEkaIAAgBDYCCCAEIAA2AgwMAQsCQCAGQRRqIgQoAgAiBQ0AIAZBEGoiBCgCACIFDQBBACEADAELA0AgBCEIIAUiAEEUaiIEKAIAIgUNACAAQRBqIQQgACgCECIFDQALIAhBADYCAAsgCUUNAAJAAkAgBiAGKAIcIgVBAnRBuNKAgABqIgQoAgBHDQAgBCAANgIAIAANAUEAQQAoAozQgIAAQX4gBXdxNgKM0ICAAAwCCyAJQRBBFCAJKAIQIAZGG2ogADYCACAARQ0BCyAAIAk2AhgCQCAGKAIQIgRFDQAgACAENgIQIAQgADYCGAsgBigCFCIERQ0AIABBFGogBDYCACAEIAA2AhgLIAcgA2ohAyAGIAdqIgYoAgQhBAsgBiAEQX5xNgIEIAIgA2ogAzYCACACIANBAXI2AgQCQCADQf8BSw0AIANBeHFBsNCAgABqIQQCQAJAQQAoAojQgIAAIgVBASADQQN2dCIDcQ0AQQAgBSADcjYCiNCAgAAgBCEDDAELIAQoAgghAwsgAyACNgIMIAQgAjYCCCACIAQ2AgwgAiADNgIIDAMLQR8hBAJAIANB////B0sNACADQQh2IgQgBEGA/j9qQRB2QQhxIgR0IgUgBUGA4B9qQRB2QQRxIgV0IgAgAEGAgA9qQRB2QQJxIgB0QQ92IAQgBXIgAHJrIgRBAXQgAyAEQRVqdkEBcXJBHGohBAsgAiAENgIcIAJCADcCECAEQQJ0QbjSgIAAaiEFAkBBACgCjNCAgAAiAEEBIAR0IghxDQAgBSACNgIAQQAgACAIcjYCjNCAgAAgAiAFNgIYIAIgAjYCCCACIAI2AgwMAwsgA0EAQRkgBEEBdmsgBEEfRht0IQQgBSgCACEAA0AgACIFKAIEQXhxIANGDQIgBEEddiEAIARBAXQhBCAFIABBBHFqQRBqIggoAgAiAA0ACyAIIAI2AgAgAiAFNgIYIAIgAjYCDCACIAI2AggMAgsgAEF4IABrQQ9xQQAgAEEIakEPcRsiA2oiCyAGQUhqIgggA2siA0EBcjYCBCAAIAhqQTg2AgQgBCAFQTcgBWtBD3FBACAFQUlqQQ9xG2pBQWoiCCAIIARBEGpJGyIIQSM2AgRBAEEAKALw04CAADYCpNCAgABBACADNgKU0ICAAEEAIAs2AqDQgIAAIAhBEGpBACkC0NOAgAA3AgAgCEEAKQLI04CAADcCCEEAIAhBCGo2AtDTgIAAQQAgBjYCzNOAgABBACAANgLI04CAAEEAQQA2AtTTgIAAIAhBJGohAwNAIANBBzYCACADQQRqIgMgBUkNAAsgCCAERg0DIAggCCgCBEF+cTYCBCAIIAggBGsiADYCACAEIABBAXI2AgQCQCAAQf8BSw0AIABBeHFBsNCAgABqIQMCQAJAQQAoAojQgIAAIgVBASAAQQN2dCIAcQ0AQQAgBSAAcjYCiNCAgAAgAyEFDAELIAMoAgghBQsgBSAENgIMIAMgBDYCCCAEIAM2AgwgBCAFNgIIDAQLQR8hAwJAIABB////B0sNACAAQQh2IgMgA0GA/j9qQRB2QQhxIgN0IgUgBUGA4B9qQRB2QQRxIgV0IgggCEGAgA9qQRB2QQJxIgh0QQ92IAMgBXIgCHJrIgNBAXQgACADQRVqdkEBcXJBHGohAwsgBCADNgIcIARCADcCECADQQJ0QbjSgIAAaiEFAkBBACgCjNCAgAAiCEEBIAN0IgZxDQAgBSAENgIAQQAgCCAGcjYCjNCAgAAgBCAFNgIYIAQgBDYCCCAEIAQ2AgwMBAsgAEEAQRkgA0EBdmsgA0EfRht0IQMgBSgCACEIA0AgCCIFKAIEQXhxIABGDQMgA0EddiEIIANBAXQhAyAFIAhBBHFqQRBqIgYoAgAiCA0ACyAGIAQ2AgAgBCAFNgIYIAQgBDYCDCAEIAQ2AggMAwsgBSgCCCIDIAI2AgwgBSACNgIIIAJBADYCGCACIAU2AgwgAiADNgIICyALQQhqIQMMBQsgBSgCCCIDIAQ2AgwgBSAENgIIIARBADYCGCAEIAU2AgwgBCADNgIIC0EAKAKU0ICAACIDIAJNDQBBACgCoNCAgAAiBCACaiIFIAMgAmsiA0EBcjYCBEEAIAM2ApTQgIAAQQAgBTYCoNCAgAAgBCACQQNyNgIEIARBCGohAwwDC0EAIQNBAEEwNgL404CAAAwCCwJAIAtFDQACQAJAIAggCCgCHCIFQQJ0QbjSgIAAaiIDKAIARw0AIAMgADYCACAADQFBACAHQX4gBXdxIgc2AozQgIAADAILIAtBEEEUIAsoAhAgCEYbaiAANgIAIABFDQELIAAgCzYCGAJAIAgoAhAiA0UNACAAIAM2AhAgAyAANgIYCyAIQRRqKAIAIgNFDQAgAEEUaiADNgIAIAMgADYCGAsCQAJAIARBD0sNACAIIAQgAmoiA0EDcjYCBCAIIANqIgMgAygCBEEBcjYCBAwBCyAIIAJqIgAgBEEBcjYCBCAIIAJBA3I2AgQgACAEaiAENgIAAkAgBEH/AUsNACAEQXhxQbDQgIAAaiEDAkACQEEAKAKI0ICAACIFQQEgBEEDdnQiBHENAEEAIAUgBHI2AojQgIAAIAMhBAwBCyADKAIIIQQLIAQgADYCDCADIAA2AgggACADNgIMIAAgBDYCCAwBC0EfIQMCQCAEQf///wdLDQAgBEEIdiIDIANBgP4/akEQdkEIcSIDdCIFIAVBgOAfakEQdkEEcSIFdCICIAJBgIAPakEQdkECcSICdEEPdiADIAVyIAJyayIDQQF0IAQgA0EVanZBAXFyQRxqIQMLIAAgAzYCHCAAQgA3AhAgA0ECdEG40oCAAGohBQJAIAdBASADdCICcQ0AIAUgADYCAEEAIAcgAnI2AozQgIAAIAAgBTYCGCAAIAA2AgggACAANgIMDAELIARBAEEZIANBAXZrIANBH0YbdCEDIAUoAgAhAgJAA0AgAiIFKAIEQXhxIARGDQEgA0EddiECIANBAXQhAyAFIAJBBHFqQRBqIgYoAgAiAg0ACyAGIAA2AgAgACAFNgIYIAAgADYCDCAAIAA2AggMAQsgBSgCCCIDIAA2AgwgBSAANgIIIABBADYCGCAAIAU2AgwgACADNgIICyAIQQhqIQMMAQsCQCAKRQ0AAkACQCAAIAAoAhwiBUECdEG40oCAAGoiAygCAEcNACADIAg2AgAgCA0BQQAgCUF+IAV3cTYCjNCAgAAMAgsgCkEQQRQgCigCECAARhtqIAg2AgAgCEUNAQsgCCAKNgIYAkAgACgCECIDRQ0AIAggAzYCECADIAg2AhgLIABBFGooAgAiA0UNACAIQRRqIAM2AgAgAyAINgIYCwJAAkAgBEEPSw0AIAAgBCACaiIDQQNyNgIEIAAgA2oiAyADKAIEQQFyNgIEDAELIAAgAmoiBSAEQQFyNgIEIAAgAkEDcjYCBCAFIARqIAQ2AgACQCAHRQ0AIAdBeHFBsNCAgABqIQJBACgCnNCAgAAhAwJAAkBBASAHQQN2dCIIIAZxDQBBACAIIAZyNgKI0ICAACACIQgMAQsgAigCCCEICyAIIAM2AgwgAiADNgIIIAMgAjYCDCADIAg2AggLQQAgBTYCnNCAgABBACAENgKQ0ICAAAsgAEEIaiEDCyABQRBqJICAgIAAIAMLCgAgABDJgICAAAviDQEHfwJAIABFDQAgAEF4aiIBIABBfGooAgAiAkF4cSIAaiEDAkAgAkEBcQ0AIAJBA3FFDQEgASABKAIAIgJrIgFBACgCmNCAgAAiBEkNASACIABqIQACQCABQQAoApzQgIAARg0AAkAgAkH/AUsNACABKAIIIgQgAkEDdiIFQQN0QbDQgIAAaiIGRhoCQCABKAIMIgIgBEcNAEEAQQAoAojQgIAAQX4gBXdxNgKI0ICAAAwDCyACIAZGGiACIAQ2AgggBCACNgIMDAILIAEoAhghBwJAAkAgASgCDCIGIAFGDQAgASgCCCICIARJGiAGIAI2AgggAiAGNgIMDAELAkAgAUEUaiICKAIAIgQNACABQRBqIgIoAgAiBA0AQQAhBgwBCwNAIAIhBSAEIgZBFGoiAigCACIEDQAgBkEQaiECIAYoAhAiBA0ACyAFQQA2AgALIAdFDQECQAJAIAEgASgCHCIEQQJ0QbjSgIAAaiICKAIARw0AIAIgBjYCACAGDQFBAEEAKAKM0ICAAEF+IAR3cTYCjNCAgAAMAwsgB0EQQRQgBygCECABRhtqIAY2AgAgBkUNAgsgBiAHNgIYAkAgASgCECICRQ0AIAYgAjYCECACIAY2AhgLIAEoAhQiAkUNASAGQRRqIAI2AgAgAiAGNgIYDAELIAMoAgQiAkEDcUEDRw0AIAMgAkF+cTYCBEEAIAA2ApDQgIAAIAEgAGogADYCACABIABBAXI2AgQPCyABIANPDQAgAygCBCICQQFxRQ0AAkACQCACQQJxDQACQCADQQAoAqDQgIAARw0AQQAgATYCoNCAgABBAEEAKAKU0ICAACAAaiIANgKU0ICAACABIABBAXI2AgQgAUEAKAKc0ICAAEcNA0EAQQA2ApDQgIAAQQBBADYCnNCAgAAPCwJAIANBACgCnNCAgABHDQBBACABNgKc0ICAAEEAQQAoApDQgIAAIABqIgA2ApDQgIAAIAEgAEEBcjYCBCABIABqIAA2AgAPCyACQXhxIABqIQACQAJAIAJB/wFLDQAgAygCCCIEIAJBA3YiBUEDdEGw0ICAAGoiBkYaAkAgAygCDCICIARHDQBBAEEAKAKI0ICAAEF+IAV3cTYCiNCAgAAMAgsgAiAGRhogAiAENgIIIAQgAjYCDAwBCyADKAIYIQcCQAJAIAMoAgwiBiADRg0AIAMoAggiAkEAKAKY0ICAAEkaIAYgAjYCCCACIAY2AgwMAQsCQCADQRRqIgIoAgAiBA0AIANBEGoiAigCACIEDQBBACEGDAELA0AgAiEFIAQiBkEUaiICKAIAIgQNACAGQRBqIQIgBigCECIEDQALIAVBADYCAAsgB0UNAAJAAkAgAyADKAIcIgRBAnRBuNKAgABqIgIoAgBHDQAgAiAGNgIAIAYNAUEAQQAoAozQgIAAQX4gBHdxNgKM0ICAAAwCCyAHQRBBFCAHKAIQIANGG2ogBjYCACAGRQ0BCyAGIAc2AhgCQCADKAIQIgJFDQAgBiACNgIQIAIgBjYCGAsgAygCFCICRQ0AIAZBFGogAjYCACACIAY2AhgLIAEgAGogADYCACABIABBAXI2AgQgAUEAKAKc0ICAAEcNAUEAIAA2ApDQgIAADwsgAyACQX5xNgIEIAEgAGogADYCACABIABBAXI2AgQLAkAgAEH/AUsNACAAQXhxQbDQgIAAaiECAkACQEEAKAKI0ICAACIEQQEgAEEDdnQiAHENAEEAIAQgAHI2AojQgIAAIAIhAAwBCyACKAIIIQALIAAgATYCDCACIAE2AgggASACNgIMIAEgADYCCA8LQR8hAgJAIABB////B0sNACAAQQh2IgIgAkGA/j9qQRB2QQhxIgJ0IgQgBEGA4B9qQRB2QQRxIgR0IgYgBkGAgA9qQRB2QQJxIgZ0QQ92IAIgBHIgBnJrIgJBAXQgACACQRVqdkEBcXJBHGohAgsgASACNgIcIAFCADcCECACQQJ0QbjSgIAAaiEEAkACQEEAKAKM0ICAACIGQQEgAnQiA3ENACAEIAE2AgBBACAGIANyNgKM0ICAACABIAQ2AhggASABNgIIIAEgATYCDAwBCyAAQQBBGSACQQF2ayACQR9GG3QhAiAEKAIAIQYCQANAIAYiBCgCBEF4cSAARg0BIAJBHXYhBiACQQF0IQIgBCAGQQRxakEQaiIDKAIAIgYNAAsgAyABNgIAIAEgBDYCGCABIAE2AgwgASABNgIIDAELIAQoAggiACABNgIMIAQgATYCCCABQQA2AhggASAENgIMIAEgADYCCAtBAEEAKAKo0ICAAEF/aiIBQX8gARs2AqjQgIAACwsEAAAAC04AAkAgAA0APwBBEHQPCwJAIABB//8DcQ0AIABBf0wNAAJAIABBEHZAACIAQX9HDQBBAEEwNgL404CAAEF/DwsgAEEQdA8LEMqAgIAAAAvyAgIDfwF+AkAgAkUNACAAIAE6AAAgAiAAaiIDQX9qIAE6AAAgAkEDSQ0AIAAgAToAAiAAIAE6AAEgA0F9aiABOgAAIANBfmogAToAACACQQdJDQAgACABOgADIANBfGogAToAACACQQlJDQAgAEEAIABrQQNxIgRqIgMgAUH/AXFBgYKECGwiATYCACADIAIgBGtBfHEiBGoiAkF8aiABNgIAIARBCUkNACADIAE2AgggAyABNgIEIAJBeGogATYCACACQXRqIAE2AgAgBEEZSQ0AIAMgATYCGCADIAE2AhQgAyABNgIQIAMgATYCDCACQXBqIAE2AgAgAkFsaiABNgIAIAJBaGogATYCACACQWRqIAE2AgAgBCADQQRxQRhyIgVrIgJBIEkNACABrUKBgICAEH4hBiADIAVqIQEDQCABIAY3AxggASAGNwMQIAEgBjcDCCABIAY3AwAgAUEgaiEBIAJBYGoiAkEfSw0ACwsgAAsLjkgBAEGACAuGSAEAAAACAAAAAwAAAAAAAAAAAAAABAAAAAUAAAAAAAAAAAAAAAYAAAAHAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASW52YWxpZCBjaGFyIGluIHVybCBxdWVyeQBTcGFuIGNhbGxiYWNrIGVycm9yIGluIG9uX2JvZHkAQ29udGVudC1MZW5ndGggb3ZlcmZsb3cAQ2h1bmsgc2l6ZSBvdmVyZmxvdwBSZXNwb25zZSBvdmVyZmxvdwBJbnZhbGlkIG1ldGhvZCBmb3IgSFRUUC94LnggcmVxdWVzdABJbnZhbGlkIG1ldGhvZCBmb3IgUlRTUC94LnggcmVxdWVzdABFeHBlY3RlZCBTT1VSQ0UgbWV0aG9kIGZvciBJQ0UveC54IHJlcXVlc3QASW52YWxpZCBjaGFyIGluIHVybCBmcmFnbWVudCBzdGFydABFeHBlY3RlZCBkb3QAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9zdGF0dXMASW52YWxpZCByZXNwb25zZSBzdGF0dXMASW52YWxpZCBjaGFyYWN0ZXIgaW4gY2h1bmsgZXh0ZW5zaW9ucwBVc2VyIGNhbGxiYWNrIGVycm9yAGBvbl9yZXNldGAgY2FsbGJhY2sgZXJyb3IAYG9uX2NodW5rX2hlYWRlcmAgY2FsbGJhY2sgZXJyb3IAYG9uX21lc3NhZ2VfYmVnaW5gIGNhbGxiYWNrIGVycm9yAGBvbl9jaHVua19leHRlbnNpb25fdmFsdWVgIGNhbGxiYWNrIGVycm9yAGBvbl9zdGF0dXNfY29tcGxldGVgIGNhbGxiYWNrIGVycm9yAGBvbl92ZXJzaW9uX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fdXJsX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fY2h1bmtfY29tcGxldGVgIGNhbGxiYWNrIGVycm9yAGBvbl9oZWFkZXJfdmFsdWVfY29tcGxldGVgIGNhbGxiYWNrIGVycm9yAGBvbl9tZXNzYWdlX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fbWV0aG9kX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25faGVhZGVyX2ZpZWxkX2NvbXBsZXRlYCBjYWxsYmFjayBlcnJvcgBgb25fY2h1bmtfZXh0ZW5zaW9uX25hbWVgIGNhbGxiYWNrIGVycm9yAFVuZXhwZWN0ZWQgY2hhciBpbiB1cmwgc2VydmVyAEludmFsaWQgaGVhZGVyIHZhbHVlIGNoYXIASW52YWxpZCBoZWFkZXIgZmllbGQgY2hhcgBTcGFuIGNhbGxiYWNrIGVycm9yIGluIG9uX3ZlcnNpb24ASW52YWxpZCBtaW5vciB2ZXJzaW9uAEludmFsaWQgbWFqb3IgdmVyc2lvbgBFeHBlY3RlZCBzcGFjZSBhZnRlciB2ZXJzaW9uAEV4cGVjdGVkIENSTEYgYWZ0ZXIgdmVyc2lvbgBJbnZhbGlkIEhUVFAgdmVyc2lvbgBJbnZhbGlkIGhlYWRlciB0b2tlbgBTcGFuIGNhbGxiYWNrIGVycm9yIGluIG9uX3VybABJbnZhbGlkIGNoYXJhY3RlcnMgaW4gdXJsAFVuZXhwZWN0ZWQgc3RhcnQgY2hhciBpbiB1cmwARG91YmxlIEAgaW4gdXJsAEVtcHR5IENvbnRlbnQtTGVuZ3RoAEludmFsaWQgY2hhcmFjdGVyIGluIENvbnRlbnQtTGVuZ3RoAER1cGxpY2F0ZSBDb250ZW50LUxlbmd0aABJbnZhbGlkIGNoYXIgaW4gdXJsIHBhdGgAQ29udGVudC1MZW5ndGggY2FuJ3QgYmUgcHJlc2VudCB3aXRoIFRyYW5zZmVyLUVuY29kaW5nAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIHNpemUAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9oZWFkZXJfdmFsdWUAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9jaHVua19leHRlbnNpb25fdmFsdWUASW52YWxpZCBjaGFyYWN0ZXIgaW4gY2h1bmsgZXh0ZW5zaW9ucyB2YWx1ZQBNaXNzaW5nIGV4cGVjdGVkIExGIGFmdGVyIGhlYWRlciB2YWx1ZQBJbnZhbGlkIGBUcmFuc2Zlci1FbmNvZGluZ2AgaGVhZGVyIHZhbHVlAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIGV4dGVuc2lvbnMgcXVvdGUgdmFsdWUASW52YWxpZCBjaGFyYWN0ZXIgaW4gY2h1bmsgZXh0ZW5zaW9ucyBxdW90ZWQgdmFsdWUAUGF1c2VkIGJ5IG9uX2hlYWRlcnNfY29tcGxldGUASW52YWxpZCBFT0Ygc3RhdGUAb25fcmVzZXQgcGF1c2UAb25fY2h1bmtfaGVhZGVyIHBhdXNlAG9uX21lc3NhZ2VfYmVnaW4gcGF1c2UAb25fY2h1bmtfZXh0ZW5zaW9uX3ZhbHVlIHBhdXNlAG9uX3N0YXR1c19jb21wbGV0ZSBwYXVzZQBvbl92ZXJzaW9uX2NvbXBsZXRlIHBhdXNlAG9uX3VybF9jb21wbGV0ZSBwYXVzZQBvbl9jaHVua19jb21wbGV0ZSBwYXVzZQBvbl9oZWFkZXJfdmFsdWVfY29tcGxldGUgcGF1c2UAb25fbWVzc2FnZV9jb21wbGV0ZSBwYXVzZQBvbl9tZXRob2RfY29tcGxldGUgcGF1c2UAb25faGVhZGVyX2ZpZWxkX2NvbXBsZXRlIHBhdXNlAG9uX2NodW5rX2V4dGVuc2lvbl9uYW1lIHBhdXNlAFVuZXhwZWN0ZWQgc3BhY2UgYWZ0ZXIgc3RhcnQgbGluZQBTcGFuIGNhbGxiYWNrIGVycm9yIGluIG9uX2NodW5rX2V4dGVuc2lvbl9uYW1lAEludmFsaWQgY2hhcmFjdGVyIGluIGNodW5rIGV4dGVuc2lvbnMgbmFtZQBQYXVzZSBvbiBDT05ORUNUL1VwZ3JhZGUAUGF1c2Ugb24gUFJJL1VwZ3JhZGUARXhwZWN0ZWQgSFRUUC8yIENvbm5lY3Rpb24gUHJlZmFjZQBTcGFuIGNhbGxiYWNrIGVycm9yIGluIG9uX21ldGhvZABFeHBlY3RlZCBzcGFjZSBhZnRlciBtZXRob2QAU3BhbiBjYWxsYmFjayBlcnJvciBpbiBvbl9oZWFkZXJfZmllbGQAUGF1c2VkAEludmFsaWQgd29yZCBlbmNvdW50ZXJlZABJbnZhbGlkIG1ldGhvZCBlbmNvdW50ZXJlZABVbmV4cGVjdGVkIGNoYXIgaW4gdXJsIHNjaGVtYQBSZXF1ZXN0IGhhcyBpbnZhbGlkIGBUcmFuc2Zlci1FbmNvZGluZ2AAU1dJVENIX1BST1hZAFVTRV9QUk9YWQBNS0FDVElWSVRZAFVOUFJPQ0VTU0FCTEVfRU5USVRZAENPUFkATU9WRURfUEVSTUFORU5UTFkAVE9PX0VBUkxZAE5PVElGWQBGQUlMRURfREVQRU5ERU5DWQBCQURfR0FURVdBWQBQTEFZAFBVVABDSEVDS09VVABHQVRFV0FZX1RJTUVPVVQAUkVRVUVTVF9USU1FT1VUAE5FVFdPUktfQ09OTkVDVF9USU1FT1VUAENPTk5FQ1RJT05fVElNRU9VVABMT0dJTl9USU1FT1VUAE5FVFdPUktfUkVBRF9USU1FT1VUAFBPU1QATUlTRElSRUNURURfUkVRVUVTVABDTElFTlRfQ0xPU0VEX1JFUVVFU1QAQ0xJRU5UX0NMT1NFRF9MT0FEX0JBTEFOQ0VEX1JFUVVFU1QAQkFEX1JFUVVFU1QASFRUUF9SRVFVRVNUX1NFTlRfVE9fSFRUUFNfUE9SVABSRVBPUlQASU1fQV9URUFQT1QAUkVTRVRfQ09OVEVOVABOT19DT05URU5UAFBBUlRJQUxfQ09OVEVOVABIUEVfSU5WQUxJRF9DT05TVEFOVABIUEVfQ0JfUkVTRVQAR0VUAEhQRV9TVFJJQ1QAQ09ORkxJQ1QAVEVNUE9SQVJZX1JFRElSRUNUAFBFUk1BTkVOVF9SRURJUkVDVABDT05ORUNUAE1VTFRJX1NUQVRVUwBIUEVfSU5WQUxJRF9TVEFUVVMAVE9PX01BTllfUkVRVUVTVFMARUFSTFlfSElOVFMAVU5BVkFJTEFCTEVfRk9SX0xFR0FMX1JFQVNPTlMAT1BUSU9OUwBTV0lUQ0hJTkdfUFJPVE9DT0xTAFZBUklBTlRfQUxTT19ORUdPVElBVEVTAE1VTFRJUExFX0NIT0lDRVMASU5URVJOQUxfU0VSVkVSX0VSUk9SAFdFQl9TRVJWRVJfVU5LTk9XTl9FUlJPUgBSQUlMR1VOX0VSUk9SAElERU5USVRZX1BST1ZJREVSX0FVVEhFTlRJQ0FUSU9OX0VSUk9SAFNTTF9DRVJUSUZJQ0FURV9FUlJPUgBJTlZBTElEX1hfRk9SV0FSREVEX0ZPUgBTRVRfUEFSQU1FVEVSAEdFVF9QQVJBTUVURVIASFBFX1VTRVIAU0VFX09USEVSAEhQRV9DQl9DSFVOS19IRUFERVIATUtDQUxFTkRBUgBTRVRVUABXRUJfU0VSVkVSX0lTX0RPV04AVEVBUkRPV04ASFBFX0NMT1NFRF9DT05ORUNUSU9OAEhFVVJJU1RJQ19FWFBJUkFUSU9OAERJU0NPTk5FQ1RFRF9PUEVSQVRJT04ATk9OX0FVVEhPUklUQVRJVkVfSU5GT1JNQVRJT04ASFBFX0lOVkFMSURfVkVSU0lPTgBIUEVfQ0JfTUVTU0FHRV9CRUdJTgBTSVRFX0lTX0ZST1pFTgBIUEVfSU5WQUxJRF9IRUFERVJfVE9LRU4ASU5WQUxJRF9UT0tFTgBGT1JCSURERU4ARU5IQU5DRV9ZT1VSX0NBTE0ASFBFX0lOVkFMSURfVVJMAEJMT0NLRURfQllfUEFSRU5UQUxfQ09OVFJPTABNS0NPTABBQ0wASFBFX0lOVEVSTkFMAFJFUVVFU1RfSEVBREVSX0ZJRUxEU19UT09fTEFSR0VfVU5PRkZJQ0lBTABIUEVfT0sAVU5MSU5LAFVOTE9DSwBQUkkAUkVUUllfV0lUSABIUEVfSU5WQUxJRF9DT05URU5UX0xFTkdUSABIUEVfVU5FWFBFQ1RFRF9DT05URU5UX0xFTkdUSABGTFVTSABQUk9QUEFUQ0gATS1TRUFSQ0gAVVJJX1RPT19MT05HAFBST0NFU1NJTkcATUlTQ0VMTEFORU9VU19QRVJTSVNURU5UX1dBUk5JTkcATUlTQ0VMTEFORU9VU19XQVJOSU5HAEhQRV9JTlZBTElEX1RSQU5TRkVSX0VOQ09ESU5HAEV4cGVjdGVkIENSTEYASFBFX0lOVkFMSURfQ0hVTktfU0laRQBNT1ZFAENPTlRJTlVFAEhQRV9DQl9TVEFUVVNfQ09NUExFVEUASFBFX0NCX0hFQURFUlNfQ09NUExFVEUASFBFX0NCX1ZFUlNJT05fQ09NUExFVEUASFBFX0NCX1VSTF9DT01QTEVURQBIUEVfQ0JfQ0hVTktfQ09NUExFVEUASFBFX0NCX0hFQURFUl9WQUxVRV9DT01QTEVURQBIUEVfQ0JfQ0hVTktfRVhURU5TSU9OX1ZBTFVFX0NPTVBMRVRFAEhQRV9DQl9DSFVOS19FWFRFTlNJT05fTkFNRV9DT01QTEVURQBIUEVfQ0JfTUVTU0FHRV9DT01QTEVURQBIUEVfQ0JfTUVUSE9EX0NPTVBMRVRFAEhQRV9DQl9IRUFERVJfRklFTERfQ09NUExFVEUAREVMRVRFAEhQRV9JTlZBTElEX0VPRl9TVEFURQBJTlZBTElEX1NTTF9DRVJUSUZJQ0FURQBQQVVTRQBOT19SRVNQT05TRQBVTlNVUFBPUlRFRF9NRURJQV9UWVBFAEdPTkUATk9UX0FDQ0VQVEFCTEUAU0VSVklDRV9VTkFWQUlMQUJMRQBSQU5HRV9OT1RfU0FUSVNGSUFCTEUAT1JJR0lOX0lTX1VOUkVBQ0hBQkxFAFJFU1BPTlNFX0lTX1NUQUxFAFBVUkdFAE1FUkdFAFJFUVVFU1RfSEVBREVSX0ZJRUxEU19UT09fTEFSR0UAUkVRVUVTVF9IRUFERVJfVE9PX0xBUkdFAFBBWUxPQURfVE9PX0xBUkdFAElOU1VGRklDSUVOVF9TVE9SQUdFAEhQRV9QQVVTRURfVVBHUkFERQBIUEVfUEFVU0VEX0gyX1VQR1JBREUAU09VUkNFAEFOTk9VTkNFAFRSQUNFAEhQRV9VTkVYUEVDVEVEX1NQQUNFAERFU0NSSUJFAFVOU1VCU0NSSUJFAFJFQ09SRABIUEVfSU5WQUxJRF9NRVRIT0QATk9UX0ZPVU5EAFBST1BGSU5EAFVOQklORABSRUJJTkQAVU5BVVRIT1JJWkVEAE1FVEhPRF9OT1RfQUxMT1dFRABIVFRQX1ZFUlNJT05fTk9UX1NVUFBPUlRFRABBTFJFQURZX1JFUE9SVEVEAEFDQ0VQVEVEAE5PVF9JTVBMRU1FTlRFRABMT09QX0RFVEVDVEVEAEhQRV9DUl9FWFBFQ1RFRABIUEVfTEZfRVhQRUNURUQAQ1JFQVRFRABJTV9VU0VEAEhQRV9QQVVTRUQAVElNRU9VVF9PQ0NVUkVEAFBBWU1FTlRfUkVRVUlSRUQAUFJFQ09ORElUSU9OX1JFUVVJUkVEAFBST1hZX0FVVEhFTlRJQ0FUSU9OX1JFUVVJUkVEAE5FVFdPUktfQVVUSEVOVElDQVRJT05fUkVRVUlSRUQATEVOR1RIX1JFUVVJUkVEAFNTTF9DRVJUSUZJQ0FURV9SRVFVSVJFRABVUEdSQURFX1JFUVVJUkVEAFBBR0VfRVhQSVJFRABQUkVDT05ESVRJT05fRkFJTEVEAEVYUEVDVEFUSU9OX0ZBSUxFRABSRVZBTElEQVRJT05fRkFJTEVEAFNTTF9IQU5EU0hBS0VfRkFJTEVEAExPQ0tFRABUUkFOU0ZPUk1BVElPTl9BUFBMSUVEAE5PVF9NT0RJRklFRABOT1RfRVhURU5ERUQAQkFORFdJRFRIX0xJTUlUX0VYQ0VFREVEAFNJVEVfSVNfT1ZFUkxPQURFRABIRUFEAEV4cGVjdGVkIEhUVFAvAABeEwAAJhMAADAQAADwFwAAnRMAABUSAAA5FwAA8BIAAAoQAAB1EgAArRIAAIITAABPFAAAfxAAAKAVAAAjFAAAiRIAAIsUAABNFQAA1BEAAM8UAAAQGAAAyRYAANwWAADBEQAA4BcAALsUAAB0FAAAfBUAAOUUAAAIFwAAHxAAAGUVAACjFAAAKBUAAAIVAACZFQAALBAAAIsZAABPDwAA1A4AAGoQAADOEAAAAhcAAIkOAABuEwAAHBMAAGYUAABWFwAAwRMAAM0TAABsEwAAaBcAAGYXAABfFwAAIhMAAM4PAABpDgAA2A4AAGMWAADLEwAAqg4AACgXAAAmFwAAxRMAAF0WAADoEQAAZxMAAGUTAADyFgAAcxMAAB0XAAD5FgAA8xEAAM8OAADOFQAADBIAALMRAAClEQAAYRAAADIXAAC7EwAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAgMCAgICAgAAAgIAAgIAAgICAgICAgICAgAEAAAAAAACAgICAgICAgICAgICAgICAgICAgICAgICAgAAAAICAgICAgICAgICAgICAgICAgICAgICAgICAgICAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAIAAgICAgIAAAICAAICAAICAgICAgICAgIAAwAEAAAAAgICAgICAgICAgICAgICAgICAgICAgICAgIAAAACAgICAgICAgICAgICAgICAgICAgICAgICAgICAgACAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsb3NlZWVwLWFsaXZlAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQFjaHVua2VkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQABAQEBAQAAAQEAAQEAAQEBAQEBAQEBAQAAAAAAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGVjdGlvbmVudC1sZW5ndGhvbnJveHktY29ubmVjdGlvbgAAAAAAAAAAAAAAAAAAAHJhbnNmZXItZW5jb2RpbmdwZ3JhZGUNCg0KDQpTTQ0KDQpUVFAvQ0UvVFNQLwAAAAAAAAAAAAAAAAECAAEDAAAAAAAAAAAAAAAAAAAAAAAABAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAABAgABAwAAAAAAAAAAAAAAAAAAAAAAAAQBAQUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAQEAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAABAAACAAAAAAAAAAAAAAAAAAAAAAAAAwQAAAQEBAQEBAQEBAQEBQQEBAQEBAQEBAQEBAAEAAYHBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAQABAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAAAAAAAAAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAgAAAAACAAAAAAAAAAAAAAAAAAAAAAADAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwAAAAAAAAMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE5PVU5DRUVDS09VVE5FQ1RFVEVDUklCRUxVU0hFVEVBRFNFQVJDSFJHRUNUSVZJVFlMRU5EQVJWRU9USUZZUFRJT05TQ0hTRUFZU1RBVENIR0VPUkRJUkVDVE9SVFJDSFBBUkFNRVRFUlVSQ0VCU0NSSUJFQVJET1dOQUNFSU5ETktDS1VCU0NSSUJFSFRUUC9BRFRQLw=='\n","\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.enumToMap = void 0;\nfunction enumToMap(obj) {\n    const res = {};\n    Object.keys(obj).forEach((key) => {\n        const value = obj[key];\n        if (typeof value === 'number') {\n            res[key] = value;\n        }\n    });\n    return res;\n}\nexports.enumToMap = enumToMap;\n//# sourceMappingURL=utils.js.map","'use strict'\n\nconst { kClients } = require('../core/symbols')\nconst Agent = require('../agent')\nconst {\n  kAgent,\n  kMockAgentSet,\n  kMockAgentGet,\n  kDispatches,\n  kIsMockActive,\n  kNetConnect,\n  kGetNetConnect,\n  kOptions,\n  kFactory\n} = require('./mock-symbols')\nconst MockClient = require('./mock-client')\nconst MockPool = require('./mock-pool')\nconst { matchValue, buildMockOptions } = require('./mock-utils')\nconst { InvalidArgumentError, UndiciError } = require('../core/errors')\nconst Dispatcher = require('../dispatcher')\nconst Pluralizer = require('./pluralizer')\nconst PendingInterceptorsFormatter = require('./pending-interceptors-formatter')\n\nclass FakeWeakRef {\n  constructor (value) {\n    this.value = value\n  }\n\n  deref () {\n    return this.value\n  }\n}\n\nclass MockAgent extends Dispatcher {\n  constructor (opts) {\n    super(opts)\n\n    this[kNetConnect] = true\n    this[kIsMockActive] = true\n\n    // Instantiate Agent and encapsulate\n    if ((opts && opts.agent && typeof opts.agent.dispatch !== 'function')) {\n      throw new InvalidArgumentError('Argument opts.agent must implement Agent')\n    }\n    const agent = opts && opts.agent ? opts.agent : new Agent(opts)\n    this[kAgent] = agent\n\n    this[kClients] = agent[kClients]\n    this[kOptions] = buildMockOptions(opts)\n  }\n\n  get (origin) {\n    let dispatcher = this[kMockAgentGet](origin)\n\n    if (!dispatcher) {\n      dispatcher = this[kFactory](origin)\n      this[kMockAgentSet](origin, dispatcher)\n    }\n    return dispatcher\n  }\n\n  dispatch (opts, handler) {\n    // Call MockAgent.get to perform additional setup before dispatching as normal\n    this.get(opts.origin)\n    return this[kAgent].dispatch(opts, handler)\n  }\n\n  async close () {\n    await this[kAgent].close()\n    this[kClients].clear()\n  }\n\n  deactivate () {\n    this[kIsMockActive] = false\n  }\n\n  activate () {\n    this[kIsMockActive] = true\n  }\n\n  enableNetConnect (matcher) {\n    if (typeof matcher === 'string' || typeof matcher === 'function' || matcher instanceof RegExp) {\n      if (Array.isArray(this[kNetConnect])) {\n        this[kNetConnect].push(matcher)\n      } else {\n        this[kNetConnect] = [matcher]\n      }\n    } else if (typeof matcher === 'undefined') {\n      this[kNetConnect] = true\n    } else {\n      throw new InvalidArgumentError('Unsupported matcher. Must be one of String|Function|RegExp.')\n    }\n  }\n\n  disableNetConnect () {\n    this[kNetConnect] = false\n  }\n\n  // This is required to bypass issues caused by using global symbols - see:\n  // https://github.com/nodejs/undici/issues/1447\n  get isMockActive () {\n    return this[kIsMockActive]\n  }\n\n  [kMockAgentSet] (origin, dispatcher) {\n    this[kClients].set(origin, new FakeWeakRef(dispatcher))\n  }\n\n  [kFactory] (origin) {\n    const mockOptions = Object.assign({ agent: this }, this[kOptions])\n    return this[kOptions] && this[kOptions].connections === 1\n      ? new MockClient(origin, mockOptions)\n      : new MockPool(origin, mockOptions)\n  }\n\n  [kMockAgentGet] (origin) {\n    // First check if we can immediately find it\n    const ref = this[kClients].get(origin)\n    if (ref) {\n      return ref.deref()\n    }\n\n    // If the origin is not a string create a dummy parent pool and return to user\n    if (typeof origin !== 'string') {\n      const dispatcher = this[kFactory]('http://localhost:9999')\n      this[kMockAgentSet](origin, dispatcher)\n      return dispatcher\n    }\n\n    // If we match, create a pool and assign the same dispatches\n    for (const [keyMatcher, nonExplicitRef] of Array.from(this[kClients])) {\n      const nonExplicitDispatcher = nonExplicitRef.deref()\n      if (nonExplicitDispatcher && typeof keyMatcher !== 'string' && matchValue(keyMatcher, origin)) {\n        const dispatcher = this[kFactory](origin)\n        this[kMockAgentSet](origin, dispatcher)\n        dispatcher[kDispatches] = nonExplicitDispatcher[kDispatches]\n        return dispatcher\n      }\n    }\n  }\n\n  [kGetNetConnect] () {\n    return this[kNetConnect]\n  }\n\n  pendingInterceptors () {\n    const mockAgentClients = this[kClients]\n\n    return Array.from(mockAgentClients.entries())\n      .flatMap(([origin, scope]) => scope.deref()[kDispatches].map(dispatch => ({ ...dispatch, origin })))\n      .filter(({ pending }) => pending)\n  }\n\n  assertNoPendingInterceptors ({ pendingInterceptorsFormatter = new PendingInterceptorsFormatter() } = {}) {\n    const pending = this.pendingInterceptors()\n\n    if (pending.length === 0) {\n      return\n    }\n\n    const pluralizer = new Pluralizer('interceptor', 'interceptors').pluralize(pending.length)\n\n    throw new UndiciError(`\n${pluralizer.count} ${pluralizer.noun} ${pluralizer.is} pending:\n\n${pendingInterceptorsFormatter.format(pending)}\n`.trim())\n  }\n}\n\nmodule.exports = MockAgent\n","'use strict'\n\nconst { promisify } = require('util')\nconst Client = require('../client')\nconst { buildMockDispatch } = require('./mock-utils')\nconst {\n  kDispatches,\n  kMockAgent,\n  kClose,\n  kOriginalClose,\n  kOrigin,\n  kOriginalDispatch,\n  kConnected\n} = require('./mock-symbols')\nconst { MockInterceptor } = require('./mock-interceptor')\nconst Symbols = require('../core/symbols')\nconst { InvalidArgumentError } = require('../core/errors')\n\n/**\n * MockClient provides an API that extends the Client to influence the mockDispatches.\n */\nclass MockClient extends Client {\n  constructor (origin, opts) {\n    super(origin, opts)\n\n    if (!opts || !opts.agent || typeof opts.agent.dispatch !== 'function') {\n      throw new InvalidArgumentError('Argument opts.agent must implement Agent')\n    }\n\n    this[kMockAgent] = opts.agent\n    this[kOrigin] = origin\n    this[kDispatches] = []\n    this[kConnected] = 1\n    this[kOriginalDispatch] = this.dispatch\n    this[kOriginalClose] = this.close.bind(this)\n\n    this.dispatch = buildMockDispatch.call(this)\n    this.close = this[kClose]\n  }\n\n  get [Symbols.kConnected] () {\n    return this[kConnected]\n  }\n\n  /**\n   * Sets up the base interceptor for mocking replies from undici.\n   */\n  intercept (opts) {\n    return new MockInterceptor(opts, this[kDispatches])\n  }\n\n  async [kClose] () {\n    await promisify(this[kOriginalClose])()\n    this[kConnected] = 0\n    this[kMockAgent][Symbols.kClients].delete(this[kOrigin])\n  }\n}\n\nmodule.exports = MockClient\n","'use strict'\n\nconst { UndiciError } = require('../core/errors')\n\nclass MockNotMatchedError extends UndiciError {\n  constructor (message) {\n    super(message)\n    Error.captureStackTrace(this, MockNotMatchedError)\n    this.name = 'MockNotMatchedError'\n    this.message = message || 'The request does not match any registered mock dispatches'\n    this.code = 'UND_MOCK_ERR_MOCK_NOT_MATCHED'\n  }\n}\n\nmodule.exports = {\n  MockNotMatchedError\n}\n","'use strict'\n\nconst { getResponseData, buildKey, addMockDispatch } = require('./mock-utils')\nconst {\n  kDispatches,\n  kDispatchKey,\n  kDefaultHeaders,\n  kDefaultTrailers,\n  kContentLength,\n  kMockDispatch\n} = require('./mock-symbols')\nconst { InvalidArgumentError } = require('../core/errors')\nconst { buildURL } = require('../core/util')\n\n/**\n * Defines the scope API for an interceptor reply\n */\nclass MockScope {\n  constructor (mockDispatch) {\n    this[kMockDispatch] = mockDispatch\n  }\n\n  /**\n   * Delay a reply by a set amount in ms.\n   */\n  delay (waitInMs) {\n    if (typeof waitInMs !== 'number' || !Number.isInteger(waitInMs) || waitInMs <= 0) {\n      throw new InvalidArgumentError('waitInMs must be a valid integer > 0')\n    }\n\n    this[kMockDispatch].delay = waitInMs\n    return this\n  }\n\n  /**\n   * For a defined reply, never mark as consumed.\n   */\n  persist () {\n    this[kMockDispatch].persist = true\n    return this\n  }\n\n  /**\n   * Allow one to define a reply for a set amount of matching requests.\n   */\n  times (repeatTimes) {\n    if (typeof repeatTimes !== 'number' || !Number.isInteger(repeatTimes) || repeatTimes <= 0) {\n      throw new InvalidArgumentError('repeatTimes must be a valid integer > 0')\n    }\n\n    this[kMockDispatch].times = repeatTimes\n    return this\n  }\n}\n\n/**\n * Defines an interceptor for a Mock\n */\nclass MockInterceptor {\n  constructor (opts, mockDispatches) {\n    if (typeof opts !== 'object') {\n      throw new InvalidArgumentError('opts must be an object')\n    }\n    if (typeof opts.path === 'undefined') {\n      throw new InvalidArgumentError('opts.path must be defined')\n    }\n    if (typeof opts.method === 'undefined') {\n      opts.method = 'GET'\n    }\n    // See https://github.com/nodejs/undici/issues/1245\n    // As per RFC 3986, clients are not supposed to send URI\n    // fragments to servers when they retrieve a document,\n    if (typeof opts.path === 'string') {\n      if (opts.query) {\n        opts.path = buildURL(opts.path, opts.query)\n      } else {\n        // Matches https://github.com/nodejs/undici/blob/main/lib/fetch/index.js#L1811\n        const parsedURL = new URL(opts.path, 'data://')\n        opts.path = parsedURL.pathname + parsedURL.search\n      }\n    }\n    if (typeof opts.method === 'string') {\n      opts.method = opts.method.toUpperCase()\n    }\n\n    this[kDispatchKey] = buildKey(opts)\n    this[kDispatches] = mockDispatches\n    this[kDefaultHeaders] = {}\n    this[kDefaultTrailers] = {}\n    this[kContentLength] = false\n  }\n\n  createMockScopeDispatchData (statusCode, data, responseOptions = {}) {\n    const responseData = getResponseData(data)\n    const contentLength = this[kContentLength] ? { 'content-length': responseData.length } : {}\n    const headers = { ...this[kDefaultHeaders], ...contentLength, ...responseOptions.headers }\n    const trailers = { ...this[kDefaultTrailers], ...responseOptions.trailers }\n\n    return { statusCode, data, headers, trailers }\n  }\n\n  validateReplyParameters (statusCode, data, responseOptions) {\n    if (typeof statusCode === 'undefined') {\n      throw new InvalidArgumentError('statusCode must be defined')\n    }\n    if (typeof data === 'undefined') {\n      throw new InvalidArgumentError('data must be defined')\n    }\n    if (typeof responseOptions !== 'object') {\n      throw new InvalidArgumentError('responseOptions must be an object')\n    }\n  }\n\n  /**\n   * Mock an undici request with a defined reply.\n   */\n  reply (replyData) {\n    // Values of reply aren't available right now as they\n    // can only be available when the reply callback is invoked.\n    if (typeof replyData === 'function') {\n      // We'll first wrap the provided callback in another function,\n      // this function will properly resolve the data from the callback\n      // when invoked.\n      const wrappedDefaultsCallback = (opts) => {\n        // Our reply options callback contains the parameter for statusCode, data and options.\n        const resolvedData = replyData(opts)\n\n        // Check if it is in the right format\n        if (typeof resolvedData !== 'object') {\n          throw new InvalidArgumentError('reply options callback must return an object')\n        }\n\n        const { statusCode, data = '', responseOptions = {} } = resolvedData\n        this.validateReplyParameters(statusCode, data, responseOptions)\n        // Since the values can be obtained immediately we return them\n        // from this higher order function that will be resolved later.\n        return {\n          ...this.createMockScopeDispatchData(statusCode, data, responseOptions)\n        }\n      }\n\n      // Add usual dispatch data, but this time set the data parameter to function that will eventually provide data.\n      const newMockDispatch = addMockDispatch(this[kDispatches], this[kDispatchKey], wrappedDefaultsCallback)\n      return new MockScope(newMockDispatch)\n    }\n\n    // We can have either one or three parameters, if we get here,\n    // we should have 1-3 parameters. So we spread the arguments of\n    // this function to obtain the parameters, since replyData will always\n    // just be the statusCode.\n    const [statusCode, data = '', responseOptions = {}] = [...arguments]\n    this.validateReplyParameters(statusCode, data, responseOptions)\n\n    // Send in-already provided data like usual\n    const dispatchData = this.createMockScopeDispatchData(statusCode, data, responseOptions)\n    const newMockDispatch = addMockDispatch(this[kDispatches], this[kDispatchKey], dispatchData)\n    return new MockScope(newMockDispatch)\n  }\n\n  /**\n   * Mock an undici request with a defined error.\n   */\n  replyWithError (error) {\n    if (typeof error === 'undefined') {\n      throw new InvalidArgumentError('error must be defined')\n    }\n\n    const newMockDispatch = addMockDispatch(this[kDispatches], this[kDispatchKey], { error })\n    return new MockScope(newMockDispatch)\n  }\n\n  /**\n   * Set default reply headers on the interceptor for subsequent replies\n   */\n  defaultReplyHeaders (headers) {\n    if (typeof headers === 'undefined') {\n      throw new InvalidArgumentError('headers must be defined')\n    }\n\n    this[kDefaultHeaders] = headers\n    return this\n  }\n\n  /**\n   * Set default reply trailers on the interceptor for subsequent replies\n   */\n  defaultReplyTrailers (trailers) {\n    if (typeof trailers === 'undefined') {\n      throw new InvalidArgumentError('trailers must be defined')\n    }\n\n    this[kDefaultTrailers] = trailers\n    return this\n  }\n\n  /**\n   * Set reply content length header for replies on the interceptor\n   */\n  replyContentLength () {\n    this[kContentLength] = true\n    return this\n  }\n}\n\nmodule.exports.MockInterceptor = MockInterceptor\nmodule.exports.MockScope = MockScope\n","'use strict'\n\nconst { promisify } = require('util')\nconst Pool = require('../pool')\nconst { buildMockDispatch } = require('./mock-utils')\nconst {\n  kDispatches,\n  kMockAgent,\n  kClose,\n  kOriginalClose,\n  kOrigin,\n  kOriginalDispatch,\n  kConnected\n} = require('./mock-symbols')\nconst { MockInterceptor } = require('./mock-interceptor')\nconst Symbols = require('../core/symbols')\nconst { InvalidArgumentError } = require('../core/errors')\n\n/**\n * MockPool provides an API that extends the Pool to influence the mockDispatches.\n */\nclass MockPool extends Pool {\n  constructor (origin, opts) {\n    super(origin, opts)\n\n    if (!opts || !opts.agent || typeof opts.agent.dispatch !== 'function') {\n      throw new InvalidArgumentError('Argument opts.agent must implement Agent')\n    }\n\n    this[kMockAgent] = opts.agent\n    this[kOrigin] = origin\n    this[kDispatches] = []\n    this[kConnected] = 1\n    this[kOriginalDispatch] = this.dispatch\n    this[kOriginalClose] = this.close.bind(this)\n\n    this.dispatch = buildMockDispatch.call(this)\n    this.close = this[kClose]\n  }\n\n  get [Symbols.kConnected] () {\n    return this[kConnected]\n  }\n\n  /**\n   * Sets up the base interceptor for mocking replies from undici.\n   */\n  intercept (opts) {\n    return new MockInterceptor(opts, this[kDispatches])\n  }\n\n  async [kClose] () {\n    await promisify(this[kOriginalClose])()\n    this[kConnected] = 0\n    this[kMockAgent][Symbols.kClients].delete(this[kOrigin])\n  }\n}\n\nmodule.exports = MockPool\n","'use strict'\n\nmodule.exports = {\n  kAgent: Symbol('agent'),\n  kOptions: Symbol('options'),\n  kFactory: Symbol('factory'),\n  kDispatches: Symbol('dispatches'),\n  kDispatchKey: Symbol('dispatch key'),\n  kDefaultHeaders: Symbol('default headers'),\n  kDefaultTrailers: Symbol('default trailers'),\n  kContentLength: Symbol('content length'),\n  kMockAgent: Symbol('mock agent'),\n  kMockAgentSet: Symbol('mock agent set'),\n  kMockAgentGet: Symbol('mock agent get'),\n  kMockDispatch: Symbol('mock dispatch'),\n  kClose: Symbol('close'),\n  kOriginalClose: Symbol('original agent close'),\n  kOrigin: Symbol('origin'),\n  kIsMockActive: Symbol('is mock active'),\n  kNetConnect: Symbol('net connect'),\n  kGetNetConnect: Symbol('get net connect'),\n  kConnected: Symbol('connected')\n}\n","'use strict'\n\nconst { MockNotMatchedError } = require('./mock-errors')\nconst {\n  kDispatches,\n  kMockAgent,\n  kOriginalDispatch,\n  kOrigin,\n  kGetNetConnect\n} = require('./mock-symbols')\nconst { buildURL, nop } = require('../core/util')\nconst { STATUS_CODES } = require('http')\nconst {\n  types: {\n    isPromise\n  }\n} = require('util')\n\nfunction matchValue (match, value) {\n  if (typeof match === 'string') {\n    return match === value\n  }\n  if (match instanceof RegExp) {\n    return match.test(value)\n  }\n  if (typeof match === 'function') {\n    return match(value) === true\n  }\n  return false\n}\n\nfunction lowerCaseEntries (headers) {\n  return Object.fromEntries(\n    Object.entries(headers).map(([headerName, headerValue]) => {\n      return [headerName.toLocaleLowerCase(), headerValue]\n    })\n  )\n}\n\n/**\n * @param {import('../../index').Headers|string[]|Record<string, string>} headers\n * @param {string} key\n */\nfunction getHeaderByName (headers, key) {\n  if (Array.isArray(headers)) {\n    for (let i = 0; i < headers.length; i += 2) {\n      if (headers[i].toLocaleLowerCase() === key.toLocaleLowerCase()) {\n        return headers[i + 1]\n      }\n    }\n\n    return undefined\n  } else if (typeof headers.get === 'function') {\n    return headers.get(key)\n  } else {\n    return lowerCaseEntries(headers)[key.toLocaleLowerCase()]\n  }\n}\n\n/** @param {string[]} headers */\nfunction buildHeadersFromArray (headers) { // fetch HeadersList\n  const clone = headers.slice()\n  const entries = []\n  for (let index = 0; index < clone.length; index += 2) {\n    entries.push([clone[index], clone[index + 1]])\n  }\n  return Object.fromEntries(entries)\n}\n\nfunction matchHeaders (mockDispatch, headers) {\n  if (typeof mockDispatch.headers === 'function') {\n    if (Array.isArray(headers)) { // fetch HeadersList\n      headers = buildHeadersFromArray(headers)\n    }\n    return mockDispatch.headers(headers ? lowerCaseEntries(headers) : {})\n  }\n  if (typeof mockDispatch.headers === 'undefined') {\n    return true\n  }\n  if (typeof headers !== 'object' || typeof mockDispatch.headers !== 'object') {\n    return false\n  }\n\n  for (const [matchHeaderName, matchHeaderValue] of Object.entries(mockDispatch.headers)) {\n    const headerValue = getHeaderByName(headers, matchHeaderName)\n\n    if (!matchValue(matchHeaderValue, headerValue)) {\n      return false\n    }\n  }\n  return true\n}\n\nfunction safeUrl (path) {\n  if (typeof path !== 'string') {\n    return path\n  }\n\n  const pathSegments = path.split('?')\n\n  if (pathSegments.length !== 2) {\n    return path\n  }\n\n  const qp = new URLSearchParams(pathSegments.pop())\n  qp.sort()\n  return [...pathSegments, qp.toString()].join('?')\n}\n\nfunction matchKey (mockDispatch, { path, method, body, headers }) {\n  const pathMatch = matchValue(mockDispatch.path, path)\n  const methodMatch = matchValue(mockDispatch.method, method)\n  const bodyMatch = typeof mockDispatch.body !== 'undefined' ? matchValue(mockDispatch.body, body) : true\n  const headersMatch = matchHeaders(mockDispatch, headers)\n  return pathMatch && methodMatch && bodyMatch && headersMatch\n}\n\nfunction getResponseData (data) {\n  if (Buffer.isBuffer(data)) {\n    return data\n  } else if (typeof data === 'object') {\n    return JSON.stringify(data)\n  } else {\n    return data.toString()\n  }\n}\n\nfunction getMockDispatch (mockDispatches, key) {\n  const basePath = key.query ? buildURL(key.path, key.query) : key.path\n  const resolvedPath = typeof basePath === 'string' ? safeUrl(basePath) : basePath\n\n  // Match path\n  let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path }) => matchValue(safeUrl(path), resolvedPath))\n  if (matchedMockDispatches.length === 0) {\n    throw new MockNotMatchedError(`Mock dispatch not matched for path '${resolvedPath}'`)\n  }\n\n  // Match method\n  matchedMockDispatches = matchedMockDispatches.filter(({ method }) => matchValue(method, key.method))\n  if (matchedMockDispatches.length === 0) {\n    throw new MockNotMatchedError(`Mock dispatch not matched for method '${key.method}'`)\n  }\n\n  // Match body\n  matchedMockDispatches = matchedMockDispatches.filter(({ body }) => typeof body !== 'undefined' ? matchValue(body, key.body) : true)\n  if (matchedMockDispatches.length === 0) {\n    throw new MockNotMatchedError(`Mock dispatch not matched for body '${key.body}'`)\n  }\n\n  // Match headers\n  matchedMockDispatches = matchedMockDispatches.filter((mockDispatch) => matchHeaders(mockDispatch, key.headers))\n  if (matchedMockDispatches.length === 0) {\n    throw new MockNotMatchedError(`Mock dispatch not matched for headers '${typeof key.headers === 'object' ? JSON.stringify(key.headers) : key.headers}'`)\n  }\n\n  return matchedMockDispatches[0]\n}\n\nfunction addMockDispatch (mockDispatches, key, data) {\n  const baseData = { timesInvoked: 0, times: 1, persist: false, consumed: false }\n  const replyData = typeof data === 'function' ? { callback: data } : { ...data }\n  const newMockDispatch = { ...baseData, ...key, pending: true, data: { error: null, ...replyData } }\n  mockDispatches.push(newMockDispatch)\n  return newMockDispatch\n}\n\nfunction deleteMockDispatch (mockDispatches, key) {\n  const index = mockDispatches.findIndex(dispatch => {\n    if (!dispatch.consumed) {\n      return false\n    }\n    return matchKey(dispatch, key)\n  })\n  if (index !== -1) {\n    mockDispatches.splice(index, 1)\n  }\n}\n\nfunction buildKey (opts) {\n  const { path, method, body, headers, query } = opts\n  return {\n    path,\n    method,\n    body,\n    headers,\n    query\n  }\n}\n\nfunction generateKeyValues (data) {\n  return Object.entries(data).reduce((keyValuePairs, [key, value]) => [\n    ...keyValuePairs,\n    Buffer.from(`${key}`),\n    Array.isArray(value) ? value.map(x => Buffer.from(`${x}`)) : Buffer.from(`${value}`)\n  ], [])\n}\n\n/**\n * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Status\n * @param {number} statusCode\n */\nfunction getStatusText (statusCode) {\n  return STATUS_CODES[statusCode] || 'unknown'\n}\n\nasync function getResponse (body) {\n  const buffers = []\n  for await (const data of body) {\n    buffers.push(data)\n  }\n  return Buffer.concat(buffers).toString('utf8')\n}\n\n/**\n * Mock dispatch function used to simulate undici dispatches\n */\nfunction mockDispatch (opts, handler) {\n  // Get mock dispatch from built key\n  const key = buildKey(opts)\n  const mockDispatch = getMockDispatch(this[kDispatches], key)\n\n  mockDispatch.timesInvoked++\n\n  // Here's where we resolve a callback if a callback is present for the dispatch data.\n  if (mockDispatch.data.callback) {\n    mockDispatch.data = { ...mockDispatch.data, ...mockDispatch.data.callback(opts) }\n  }\n\n  // Parse mockDispatch data\n  const { data: { statusCode, data, headers, trailers, error }, delay, persist } = mockDispatch\n  const { timesInvoked, times } = mockDispatch\n\n  // If it's used up and not persistent, mark as consumed\n  mockDispatch.consumed = !persist && timesInvoked >= times\n  mockDispatch.pending = timesInvoked < times\n\n  // If specified, trigger dispatch error\n  if (error !== null) {\n    deleteMockDispatch(this[kDispatches], key)\n    handler.onError(error)\n    return true\n  }\n\n  // Handle the request with a delay if necessary\n  if (typeof delay === 'number' && delay > 0) {\n    setTimeout(() => {\n      handleReply(this[kDispatches])\n    }, delay)\n  } else {\n    handleReply(this[kDispatches])\n  }\n\n  function handleReply (mockDispatches, _data = data) {\n    // fetch's HeadersList is a 1D string array\n    const optsHeaders = Array.isArray(opts.headers)\n      ? buildHeadersFromArray(opts.headers)\n      : opts.headers\n    const body = typeof _data === 'function'\n      ? _data({ ...opts, headers: optsHeaders })\n      : _data\n\n    // util.types.isPromise is likely needed for jest.\n    if (isPromise(body)) {\n      // If handleReply is asynchronous, throwing an error\n      // in the callback will reject the promise, rather than\n      // synchronously throw the error, which breaks some tests.\n      // Rather, we wait for the callback to resolve if it is a\n      // promise, and then re-run handleReply with the new body.\n      body.then((newData) => handleReply(mockDispatches, newData))\n      return\n    }\n\n    const responseData = getResponseData(body)\n    const responseHeaders = generateKeyValues(headers)\n    const responseTrailers = generateKeyValues(trailers)\n\n    handler.abort = nop\n    handler.onHeaders(statusCode, responseHeaders, resume, getStatusText(statusCode))\n    handler.onData(Buffer.from(responseData))\n    handler.onComplete(responseTrailers)\n    deleteMockDispatch(mockDispatches, key)\n  }\n\n  function resume () {}\n\n  return true\n}\n\nfunction buildMockDispatch () {\n  const agent = this[kMockAgent]\n  const origin = this[kOrigin]\n  const originalDispatch = this[kOriginalDispatch]\n\n  return function dispatch (opts, handler) {\n    if (agent.isMockActive) {\n      try {\n        mockDispatch.call(this, opts, handler)\n      } catch (error) {\n        if (error instanceof MockNotMatchedError) {\n          const netConnect = agent[kGetNetConnect]()\n          if (netConnect === false) {\n            throw new MockNotMatchedError(`${error.message}: subsequent request to origin ${origin} was not allowed (net.connect disabled)`)\n          }\n          if (checkNetConnect(netConnect, origin)) {\n            originalDispatch.call(this, opts, handler)\n          } else {\n            throw new MockNotMatchedError(`${error.message}: subsequent request to origin ${origin} was not allowed (net.connect is not enabled for this origin)`)\n          }\n        } else {\n          throw error\n        }\n      }\n    } else {\n      originalDispatch.call(this, opts, handler)\n    }\n  }\n}\n\nfunction checkNetConnect (netConnect, origin) {\n  const url = new URL(origin)\n  if (netConnect === true) {\n    return true\n  } else if (Array.isArray(netConnect) && netConnect.some((matcher) => matchValue(matcher, url.host))) {\n    return true\n  }\n  return false\n}\n\nfunction buildMockOptions (opts) {\n  if (opts) {\n    const { agent, ...mockOptions } = opts\n    return mockOptions\n  }\n}\n\nmodule.exports = {\n  getResponseData,\n  getMockDispatch,\n  addMockDispatch,\n  deleteMockDispatch,\n  buildKey,\n  generateKeyValues,\n  matchValue,\n  getResponse,\n  getStatusText,\n  mockDispatch,\n  buildMockDispatch,\n  checkNetConnect,\n  buildMockOptions,\n  getHeaderByName\n}\n","'use strict'\n\nconst { Transform } = require('stream')\nconst { Console } = require('console')\n\n/**\n * Gets the output of `console.table(…)` as a string.\n */\nmodule.exports = class PendingInterceptorsFormatter {\n  constructor ({ disableColors } = {}) {\n    this.transform = new Transform({\n      transform (chunk, _enc, cb) {\n        cb(null, chunk)\n      }\n    })\n\n    this.logger = new Console({\n      stdout: this.transform,\n      inspectOptions: {\n        colors: !disableColors && !process.env.CI\n      }\n    })\n  }\n\n  format (pendingInterceptors) {\n    const withPrettyHeaders = pendingInterceptors.map(\n      ({ method, path, data: { statusCode }, persist, times, timesInvoked, origin }) => ({\n        Method: method,\n        Origin: origin,\n        Path: path,\n        'Status code': statusCode,\n        Persistent: persist ? '✅' : '❌',\n        Invocations: timesInvoked,\n        Remaining: persist ? Infinity : times - timesInvoked\n      }))\n\n    this.logger.table(withPrettyHeaders)\n    return this.transform.read().toString()\n  }\n}\n","'use strict'\n\nconst singulars = {\n  pronoun: 'it',\n  is: 'is',\n  was: 'was',\n  this: 'this'\n}\n\nconst plurals = {\n  pronoun: 'they',\n  is: 'are',\n  was: 'were',\n  this: 'these'\n}\n\nmodule.exports = class Pluralizer {\n  constructor (singular, plural) {\n    this.singular = singular\n    this.plural = plural\n  }\n\n  pluralize (count) {\n    const one = count === 1\n    const keys = one ? singulars : plurals\n    const noun = one ? this.singular : this.plural\n    return { ...keys, count, noun }\n  }\n}\n","/* eslint-disable */\n\n'use strict'\n\n// Extracted from node/lib/internal/fixed_queue.js\n\n// Currently optimal queue size, tested on V8 6.0 - 6.6. Must be power of two.\nconst kSize = 2048;\nconst kMask = kSize - 1;\n\n// The FixedQueue is implemented as a singly-linked list of fixed-size\n// circular buffers. It looks something like this:\n//\n//  head                                                       tail\n//    |                                                          |\n//    v                                                          v\n// +-----------+ <-----\\       +-----------+ <------\\         +-----------+\n// |  [null]   |        \\----- |   next    |         \\------- |   next    |\n// +-----------+               +-----------+                  +-----------+\n// |   item    | <-- bottom    |   item    | <-- bottom       |  [empty]  |\n// |   item    |               |   item    |                  |  [empty]  |\n// |   item    |               |   item    |                  |  [empty]  |\n// |   item    |               |   item    |                  |  [empty]  |\n// |   item    |               |   item    |       bottom --> |   item    |\n// |   item    |               |   item    |                  |   item    |\n// |    ...    |               |    ...    |                  |    ...    |\n// |   item    |               |   item    |                  |   item    |\n// |   item    |               |   item    |                  |   item    |\n// |  [empty]  | <-- top       |   item    |                  |   item    |\n// |  [empty]  |               |   item    |                  |   item    |\n// |  [empty]  |               |  [empty]  | <-- top  top --> |  [empty]  |\n// +-----------+               +-----------+                  +-----------+\n//\n// Or, if there is only one circular buffer, it looks something\n// like either of these:\n//\n//  head   tail                                 head   tail\n//    |     |                                     |     |\n//    v     v                                     v     v\n// +-----------+                               +-----------+\n// |  [null]   |                               |  [null]   |\n// +-----------+                               +-----------+\n// |  [empty]  |                               |   item    |\n// |  [empty]  |                               |   item    |\n// |   item    | <-- bottom            top --> |  [empty]  |\n// |   item    |                               |  [empty]  |\n// |  [empty]  | <-- top            bottom --> |   item    |\n// |  [empty]  |                               |   item    |\n// +-----------+                               +-----------+\n//\n// Adding a value means moving `top` forward by one, removing means\n// moving `bottom` forward by one. After reaching the end, the queue\n// wraps around.\n//\n// When `top === bottom` the current queue is empty and when\n// `top + 1 === bottom` it's full. This wastes a single space of storage\n// but allows much quicker checks.\n\nclass FixedCircularBuffer {\n  constructor() {\n    this.bottom = 0;\n    this.top = 0;\n    this.list = new Array(kSize);\n    this.next = null;\n  }\n\n  isEmpty() {\n    return this.top === this.bottom;\n  }\n\n  isFull() {\n    return ((this.top + 1) & kMask) === this.bottom;\n  }\n\n  push(data) {\n    this.list[this.top] = data;\n    this.top = (this.top + 1) & kMask;\n  }\n\n  shift() {\n    const nextItem = this.list[this.bottom];\n    if (nextItem === undefined)\n      return null;\n    this.list[this.bottom] = undefined;\n    this.bottom = (this.bottom + 1) & kMask;\n    return nextItem;\n  }\n}\n\nmodule.exports = class FixedQueue {\n  constructor() {\n    this.head = this.tail = new FixedCircularBuffer();\n  }\n\n  isEmpty() {\n    return this.head.isEmpty();\n  }\n\n  push(data) {\n    if (this.head.isFull()) {\n      // Head is full: Creates a new queue, sets the old queue's `.next` to it,\n      // and sets it as the new main queue.\n      this.head = this.head.next = new FixedCircularBuffer();\n    }\n    this.head.push(data);\n  }\n\n  shift() {\n    const tail = this.tail;\n    const next = tail.shift();\n    if (tail.isEmpty() && tail.next !== null) {\n      // If there is another queue, it forms the new tail.\n      this.tail = tail.next;\n    }\n    return next;\n  }\n};\n","'use strict'\n\nconst DispatcherBase = require('./dispatcher-base')\nconst FixedQueue = require('./node/fixed-queue')\nconst { kConnected, kSize, kRunning, kPending, kQueued, kBusy, kFree, kUrl, kClose, kDestroy, kDispatch } = require('./core/symbols')\nconst PoolStats = require('./pool-stats')\n\nconst kClients = Symbol('clients')\nconst kNeedDrain = Symbol('needDrain')\nconst kQueue = Symbol('queue')\nconst kClosedResolve = Symbol('closed resolve')\nconst kOnDrain = Symbol('onDrain')\nconst kOnConnect = Symbol('onConnect')\nconst kOnDisconnect = Symbol('onDisconnect')\nconst kOnConnectionError = Symbol('onConnectionError')\nconst kGetDispatcher = Symbol('get dispatcher')\nconst kAddClient = Symbol('add client')\nconst kRemoveClient = Symbol('remove client')\nconst kStats = Symbol('stats')\n\nclass PoolBase extends DispatcherBase {\n  constructor () {\n    super()\n\n    this[kQueue] = new FixedQueue()\n    this[kClients] = []\n    this[kQueued] = 0\n\n    const pool = this\n\n    this[kOnDrain] = function onDrain (origin, targets) {\n      const queue = pool[kQueue]\n\n      let needDrain = false\n\n      while (!needDrain) {\n        const item = queue.shift()\n        if (!item) {\n          break\n        }\n        pool[kQueued]--\n        needDrain = !this.dispatch(item.opts, item.handler)\n      }\n\n      this[kNeedDrain] = needDrain\n\n      if (!this[kNeedDrain] && pool[kNeedDrain]) {\n        pool[kNeedDrain] = false\n        pool.emit('drain', origin, [pool, ...targets])\n      }\n\n      if (pool[kClosedResolve] && queue.isEmpty()) {\n        Promise\n          .all(pool[kClients].map(c => c.close()))\n          .then(pool[kClosedResolve])\n      }\n    }\n\n    this[kOnConnect] = (origin, targets) => {\n      pool.emit('connect', origin, [pool, ...targets])\n    }\n\n    this[kOnDisconnect] = (origin, targets, err) => {\n      pool.emit('disconnect', origin, [pool, ...targets], err)\n    }\n\n    this[kOnConnectionError] = (origin, targets, err) => {\n      pool.emit('connectionError', origin, [pool, ...targets], err)\n    }\n\n    this[kStats] = new PoolStats(this)\n  }\n\n  get [kBusy] () {\n    return this[kNeedDrain]\n  }\n\n  get [kConnected] () {\n    return this[kClients].filter(client => client[kConnected]).length\n  }\n\n  get [kFree] () {\n    return this[kClients].filter(client => client[kConnected] && !client[kNeedDrain]).length\n  }\n\n  get [kPending] () {\n    let ret = this[kQueued]\n    for (const { [kPending]: pending } of this[kClients]) {\n      ret += pending\n    }\n    return ret\n  }\n\n  get [kRunning] () {\n    let ret = 0\n    for (const { [kRunning]: running } of this[kClients]) {\n      ret += running\n    }\n    return ret\n  }\n\n  get [kSize] () {\n    let ret = this[kQueued]\n    for (const { [kSize]: size } of this[kClients]) {\n      ret += size\n    }\n    return ret\n  }\n\n  get stats () {\n    return this[kStats]\n  }\n\n  async [kClose] () {\n    if (this[kQueue].isEmpty()) {\n      return Promise.all(this[kClients].map(c => c.close()))\n    } else {\n      return new Promise((resolve) => {\n        this[kClosedResolve] = resolve\n      })\n    }\n  }\n\n  async [kDestroy] (err) {\n    while (true) {\n      const item = this[kQueue].shift()\n      if (!item) {\n        break\n      }\n      item.handler.onError(err)\n    }\n\n    return Promise.all(this[kClients].map(c => c.destroy(err)))\n  }\n\n  [kDispatch] (opts, handler) {\n    const dispatcher = this[kGetDispatcher]()\n\n    if (!dispatcher) {\n      this[kNeedDrain] = true\n      this[kQueue].push({ opts, handler })\n      this[kQueued]++\n    } else if (!dispatcher.dispatch(opts, handler)) {\n      dispatcher[kNeedDrain] = true\n      this[kNeedDrain] = !this[kGetDispatcher]()\n    }\n\n    return !this[kNeedDrain]\n  }\n\n  [kAddClient] (client) {\n    client\n      .on('drain', this[kOnDrain])\n      .on('connect', this[kOnConnect])\n      .on('disconnect', this[kOnDisconnect])\n      .on('connectionError', this[kOnConnectionError])\n\n    this[kClients].push(client)\n\n    if (this[kNeedDrain]) {\n      process.nextTick(() => {\n        if (this[kNeedDrain]) {\n          this[kOnDrain](client[kUrl], [this, client])\n        }\n      })\n    }\n\n    return this\n  }\n\n  [kRemoveClient] (client) {\n    client.close(() => {\n      const idx = this[kClients].indexOf(client)\n      if (idx !== -1) {\n        this[kClients].splice(idx, 1)\n      }\n    })\n\n    this[kNeedDrain] = this[kClients].some(dispatcher => (\n      !dispatcher[kNeedDrain] &&\n      dispatcher.closed !== true &&\n      dispatcher.destroyed !== true\n    ))\n  }\n}\n\nmodule.exports = {\n  PoolBase,\n  kClients,\n  kNeedDrain,\n  kAddClient,\n  kRemoveClient,\n  kGetDispatcher\n}\n","const { kFree, kConnected, kPending, kQueued, kRunning, kSize } = require('./core/symbols')\nconst kPool = Symbol('pool')\n\nclass PoolStats {\n  constructor (pool) {\n    this[kPool] = pool\n  }\n\n  get connected () {\n    return this[kPool][kConnected]\n  }\n\n  get free () {\n    return this[kPool][kFree]\n  }\n\n  get pending () {\n    return this[kPool][kPending]\n  }\n\n  get queued () {\n    return this[kPool][kQueued]\n  }\n\n  get running () {\n    return this[kPool][kRunning]\n  }\n\n  get size () {\n    return this[kPool][kSize]\n  }\n}\n\nmodule.exports = PoolStats\n","'use strict'\n\nconst {\n  PoolBase,\n  kClients,\n  kNeedDrain,\n  kAddClient,\n  kGetDispatcher\n} = require('./pool-base')\nconst Client = require('./client')\nconst {\n  InvalidArgumentError\n} = require('./core/errors')\nconst util = require('./core/util')\nconst { kUrl, kInterceptors } = require('./core/symbols')\nconst buildConnector = require('./core/connect')\n\nconst kOptions = Symbol('options')\nconst kConnections = Symbol('connections')\nconst kFactory = Symbol('factory')\n\nfunction defaultFactory (origin, opts) {\n  return new Client(origin, opts)\n}\n\nclass Pool extends PoolBase {\n  constructor (origin, {\n    connections,\n    factory = defaultFactory,\n    connect,\n    connectTimeout,\n    tls,\n    maxCachedSessions,\n    socketPath,\n    autoSelectFamily,\n    autoSelectFamilyAttemptTimeout,\n    allowH2,\n    ...options\n  } = {}) {\n    super()\n\n    if (connections != null && (!Number.isFinite(connections) || connections < 0)) {\n      throw new InvalidArgumentError('invalid connections')\n    }\n\n    if (typeof factory !== 'function') {\n      throw new InvalidArgumentError('factory must be a function.')\n    }\n\n    if (connect != null && typeof connect !== 'function' && typeof connect !== 'object') {\n      throw new InvalidArgumentError('connect must be a function or an object')\n    }\n\n    if (typeof connect !== 'function') {\n      connect = buildConnector({\n        ...tls,\n        maxCachedSessions,\n        allowH2,\n        socketPath,\n        timeout: connectTimeout,\n        ...(util.nodeHasAutoSelectFamily && autoSelectFamily ? { autoSelectFamily, autoSelectFamilyAttemptTimeout } : undefined),\n        ...connect\n      })\n    }\n\n    this[kInterceptors] = options.interceptors && options.interceptors.Pool && Array.isArray(options.interceptors.Pool)\n      ? options.interceptors.Pool\n      : []\n    this[kConnections] = connections || null\n    this[kUrl] = util.parseOrigin(origin)\n    this[kOptions] = { ...util.deepClone(options), connect, allowH2 }\n    this[kOptions].interceptors = options.interceptors\n      ? { ...options.interceptors }\n      : undefined\n    this[kFactory] = factory\n\n    this.on('connectionError', (origin, targets, error) => {\n      // If a connection error occurs, we remove the client from the pool,\n      // and emit a connectionError event. They will not be re-used.\n      // Fixes https://github.com/nodejs/undici/issues/3895\n      for (const target of targets) {\n        // Do not use kRemoveClient here, as it will close the client,\n        // but the client cannot be closed in this state.\n        const idx = this[kClients].indexOf(target)\n        if (idx !== -1) {\n          this[kClients].splice(idx, 1)\n        }\n      }\n    })\n  }\n\n  [kGetDispatcher] () {\n    let dispatcher = this[kClients].find(dispatcher => !dispatcher[kNeedDrain])\n\n    if (dispatcher) {\n      return dispatcher\n    }\n\n    if (!this[kConnections] || this[kClients].length < this[kConnections]) {\n      dispatcher = this[kFactory](this[kUrl], this[kOptions])\n      this[kAddClient](dispatcher)\n    }\n\n    return dispatcher\n  }\n}\n\nmodule.exports = Pool\n","'use strict'\n\nconst { kProxy, kClose, kDestroy, kInterceptors } = require('./core/symbols')\nconst { URL } = require('url')\nconst Agent = require('./agent')\nconst Pool = require('./pool')\nconst DispatcherBase = require('./dispatcher-base')\nconst { InvalidArgumentError, RequestAbortedError } = require('./core/errors')\nconst buildConnector = require('./core/connect')\n\nconst kAgent = Symbol('proxy agent')\nconst kClient = Symbol('proxy client')\nconst kProxyHeaders = Symbol('proxy headers')\nconst kRequestTls = Symbol('request tls settings')\nconst kProxyTls = Symbol('proxy tls settings')\nconst kConnectEndpoint = Symbol('connect endpoint function')\n\nfunction defaultProtocolPort (protocol) {\n  return protocol === 'https:' ? 443 : 80\n}\n\nfunction buildProxyOptions (opts) {\n  if (typeof opts === 'string') {\n    opts = { uri: opts }\n  }\n\n  if (!opts || !opts.uri) {\n    throw new InvalidArgumentError('Proxy opts.uri is mandatory')\n  }\n\n  return {\n    uri: opts.uri,\n    protocol: opts.protocol || 'https'\n  }\n}\n\nfunction defaultFactory (origin, opts) {\n  return new Pool(origin, opts)\n}\n\nclass ProxyAgent extends DispatcherBase {\n  constructor (opts) {\n    super(opts)\n    this[kProxy] = buildProxyOptions(opts)\n    this[kAgent] = new Agent(opts)\n    this[kInterceptors] = opts.interceptors && opts.interceptors.ProxyAgent && Array.isArray(opts.interceptors.ProxyAgent)\n      ? opts.interceptors.ProxyAgent\n      : []\n\n    if (typeof opts === 'string') {\n      opts = { uri: opts }\n    }\n\n    if (!opts || !opts.uri) {\n      throw new InvalidArgumentError('Proxy opts.uri is mandatory')\n    }\n\n    const { clientFactory = defaultFactory } = opts\n\n    if (typeof clientFactory !== 'function') {\n      throw new InvalidArgumentError('Proxy opts.clientFactory must be a function.')\n    }\n\n    this[kRequestTls] = opts.requestTls\n    this[kProxyTls] = opts.proxyTls\n    this[kProxyHeaders] = opts.headers || {}\n\n    const resolvedUrl = new URL(opts.uri)\n    const { origin, port, host, username, password } = resolvedUrl\n\n    if (opts.auth && opts.token) {\n      throw new InvalidArgumentError('opts.auth cannot be used in combination with opts.token')\n    } else if (opts.auth) {\n      /* @deprecated in favour of opts.token */\n      this[kProxyHeaders]['proxy-authorization'] = `Basic ${opts.auth}`\n    } else if (opts.token) {\n      this[kProxyHeaders]['proxy-authorization'] = opts.token\n    } else if (username && password) {\n      this[kProxyHeaders]['proxy-authorization'] = `Basic ${Buffer.from(`${decodeURIComponent(username)}:${decodeURIComponent(password)}`).toString('base64')}`\n    }\n\n    const connect = buildConnector({ ...opts.proxyTls })\n    this[kConnectEndpoint] = buildConnector({ ...opts.requestTls })\n    this[kClient] = clientFactory(resolvedUrl, { connect })\n    this[kAgent] = new Agent({\n      ...opts,\n      connect: async (opts, callback) => {\n        let requestedHost = opts.host\n        if (!opts.port) {\n          requestedHost += `:${defaultProtocolPort(opts.protocol)}`\n        }\n        try {\n          const { socket, statusCode } = await this[kClient].connect({\n            origin,\n            port,\n            path: requestedHost,\n            signal: opts.signal,\n            headers: {\n              ...this[kProxyHeaders],\n              host\n            }\n          })\n          if (statusCode !== 200) {\n            socket.on('error', () => {}).destroy()\n            callback(new RequestAbortedError(`Proxy response (${statusCode}) !== 200 when HTTP Tunneling`))\n          }\n          if (opts.protocol !== 'https:') {\n            callback(null, socket)\n            return\n          }\n          let servername\n          if (this[kRequestTls]) {\n            servername = this[kRequestTls].servername\n          } else {\n            servername = opts.servername\n          }\n          this[kConnectEndpoint]({ ...opts, servername, httpSocket: socket }, callback)\n        } catch (err) {\n          callback(err)\n        }\n      }\n    })\n  }\n\n  dispatch (opts, handler) {\n    const { host } = new URL(opts.origin)\n    const headers = buildHeaders(opts.headers)\n    throwIfProxyAuthIsSent(headers)\n    return this[kAgent].dispatch(\n      {\n        ...opts,\n        headers: {\n          ...headers,\n          host\n        }\n      },\n      handler\n    )\n  }\n\n  async [kClose] () {\n    await this[kAgent].close()\n    await this[kClient].close()\n  }\n\n  async [kDestroy] () {\n    await this[kAgent].destroy()\n    await this[kClient].destroy()\n  }\n}\n\n/**\n * @param {string[] | Record<string, string>} headers\n * @returns {Record<string, string>}\n */\nfunction buildHeaders (headers) {\n  // When using undici.fetch, the headers list is stored\n  // as an array.\n  if (Array.isArray(headers)) {\n    /** @type {Record<string, string>} */\n    const headersPair = {}\n\n    for (let i = 0; i < headers.length; i += 2) {\n      headersPair[headers[i]] = headers[i + 1]\n    }\n\n    return headersPair\n  }\n\n  return headers\n}\n\n/**\n * @param {Record<string, string>} headers\n *\n * Previous versions of ProxyAgent suggests the Proxy-Authorization in request headers\n * Nevertheless, it was changed and to avoid a security vulnerability by end users\n * this check was created.\n * It should be removed in the next major version for performance reasons\n */\nfunction throwIfProxyAuthIsSent (headers) {\n  const existProxyAuth = headers && Object.keys(headers)\n    .find((key) => key.toLowerCase() === 'proxy-authorization')\n  if (existProxyAuth) {\n    throw new InvalidArgumentError('Proxy-Authorization should be sent in ProxyAgent constructor')\n  }\n}\n\nmodule.exports = ProxyAgent\n","'use strict'\n\nlet fastNow = Date.now()\nlet fastNowTimeout\n\nconst fastTimers = []\n\nfunction onTimeout () {\n  fastNow = Date.now()\n\n  let len = fastTimers.length\n  let idx = 0\n  while (idx < len) {\n    const timer = fastTimers[idx]\n\n    if (timer.state === 0) {\n      timer.state = fastNow + timer.delay\n    } else if (timer.state > 0 && fastNow >= timer.state) {\n      timer.state = -1\n      timer.callback(timer.opaque)\n    }\n\n    if (timer.state === -1) {\n      timer.state = -2\n      if (idx !== len - 1) {\n        fastTimers[idx] = fastTimers.pop()\n      } else {\n        fastTimers.pop()\n      }\n      len -= 1\n    } else {\n      idx += 1\n    }\n  }\n\n  if (fastTimers.length > 0) {\n    refreshTimeout()\n  }\n}\n\nfunction refreshTimeout () {\n  if (fastNowTimeout && fastNowTimeout.refresh) {\n    fastNowTimeout.refresh()\n  } else {\n    clearTimeout(fastNowTimeout)\n    fastNowTimeout = setTimeout(onTimeout, 1e3)\n    if (fastNowTimeout.unref) {\n      fastNowTimeout.unref()\n    }\n  }\n}\n\nclass Timeout {\n  constructor (callback, delay, opaque) {\n    this.callback = callback\n    this.delay = delay\n    this.opaque = opaque\n\n    //  -2 not in timer list\n    //  -1 in timer list but inactive\n    //   0 in timer list waiting for time\n    // > 0 in timer list waiting for time to expire\n    this.state = -2\n\n    this.refresh()\n  }\n\n  refresh () {\n    if (this.state === -2) {\n      fastTimers.push(this)\n      if (!fastNowTimeout || fastTimers.length === 1) {\n        refreshTimeout()\n      }\n    }\n\n    this.state = 0\n  }\n\n  clear () {\n    this.state = -1\n  }\n}\n\nmodule.exports = {\n  setTimeout (callback, delay, opaque) {\n    return delay < 1e3\n      ? setTimeout(callback, delay, opaque)\n      : new Timeout(callback, delay, opaque)\n  },\n  clearTimeout (timeout) {\n    if (timeout instanceof Timeout) {\n      timeout.clear()\n    } else {\n      clearTimeout(timeout)\n    }\n  }\n}\n","'use strict'\n\nconst diagnosticsChannel = require('diagnostics_channel')\nconst { uid, states } = require('./constants')\nconst {\n  kReadyState,\n  kSentClose,\n  kByteParser,\n  kReceivedClose\n} = require('./symbols')\nconst { fireEvent, failWebsocketConnection } = require('./util')\nconst { CloseEvent } = require('./events')\nconst { makeRequest } = require('../fetch/request')\nconst { fetching } = require('../fetch/index')\nconst { Headers } = require('../fetch/headers')\nconst { getGlobalDispatcher } = require('../global')\nconst { kHeadersList } = require('../core/symbols')\n\nconst channels = {}\nchannels.open = diagnosticsChannel.channel('undici:websocket:open')\nchannels.close = diagnosticsChannel.channel('undici:websocket:close')\nchannels.socketError = diagnosticsChannel.channel('undici:websocket:socket_error')\n\n/** @type {import('crypto')} */\nlet crypto\ntry {\n  crypto = require('crypto')\n} catch {\n\n}\n\n/**\n * @see https://websockets.spec.whatwg.org/#concept-websocket-establish\n * @param {URL} url\n * @param {string|string[]} protocols\n * @param {import('./websocket').WebSocket} ws\n * @param {(response: any) => void} onEstablish\n * @param {Partial<import('../../types/websocket').WebSocketInit>} options\n */\nfunction establishWebSocketConnection (url, protocols, ws, onEstablish, options) {\n  // 1. Let requestURL be a copy of url, with its scheme set to \"http\", if url’s\n  //    scheme is \"ws\", and to \"https\" otherwise.\n  const requestURL = url\n\n  requestURL.protocol = url.protocol === 'ws:' ? 'http:' : 'https:'\n\n  // 2. Let request be a new request, whose URL is requestURL, client is client,\n  //    service-workers mode is \"none\", referrer is \"no-referrer\", mode is\n  //    \"websocket\", credentials mode is \"include\", cache mode is \"no-store\" ,\n  //    and redirect mode is \"error\".\n  const request = makeRequest({\n    urlList: [requestURL],\n    serviceWorkers: 'none',\n    referrer: 'no-referrer',\n    mode: 'websocket',\n    credentials: 'include',\n    cache: 'no-store',\n    redirect: 'error'\n  })\n\n  // Note: undici extension, allow setting custom headers.\n  if (options.headers) {\n    const headersList = new Headers(options.headers)[kHeadersList]\n\n    request.headersList = headersList\n  }\n\n  // 3. Append (`Upgrade`, `websocket`) to request’s header list.\n  // 4. Append (`Connection`, `Upgrade`) to request’s header list.\n  // Note: both of these are handled by undici currently.\n  // https://github.com/nodejs/undici/blob/68c269c4144c446f3f1220951338daef4a6b5ec4/lib/client.js#L1397\n\n  // 5. Let keyValue be a nonce consisting of a randomly selected\n  //    16-byte value that has been forgiving-base64-encoded and\n  //    isomorphic encoded.\n  const keyValue = crypto.randomBytes(16).toString('base64')\n\n  // 6. Append (`Sec-WebSocket-Key`, keyValue) to request’s\n  //    header list.\n  request.headersList.append('sec-websocket-key', keyValue)\n\n  // 7. Append (`Sec-WebSocket-Version`, `13`) to request’s\n  //    header list.\n  request.headersList.append('sec-websocket-version', '13')\n\n  // 8. For each protocol in protocols, combine\n  //    (`Sec-WebSocket-Protocol`, protocol) in request’s header\n  //    list.\n  for (const protocol of protocols) {\n    request.headersList.append('sec-websocket-protocol', protocol)\n  }\n\n  // 9. Let permessageDeflate be a user-agent defined\n  //    \"permessage-deflate\" extension header value.\n  // https://github.com/mozilla/gecko-dev/blob/ce78234f5e653a5d3916813ff990f053510227bc/netwerk/protocol/websocket/WebSocketChannel.cpp#L2673\n  // TODO: enable once permessage-deflate is supported\n  const permessageDeflate = '' // 'permessage-deflate; 15'\n\n  // 10. Append (`Sec-WebSocket-Extensions`, permessageDeflate) to\n  //     request’s header list.\n  // request.headersList.append('sec-websocket-extensions', permessageDeflate)\n\n  // 11. Fetch request with useParallelQueue set to true, and\n  //     processResponse given response being these steps:\n  const controller = fetching({\n    request,\n    useParallelQueue: true,\n    dispatcher: options.dispatcher ?? getGlobalDispatcher(),\n    processResponse (response) {\n      // 1. If response is a network error or its status is not 101,\n      //    fail the WebSocket connection.\n      if (response.type === 'error' || response.status !== 101) {\n        failWebsocketConnection(ws, 'Received network error or non-101 status code.')\n        return\n      }\n\n      // 2. If protocols is not the empty list and extracting header\n      //    list values given `Sec-WebSocket-Protocol` and response’s\n      //    header list results in null, failure, or the empty byte\n      //    sequence, then fail the WebSocket connection.\n      if (protocols.length !== 0 && !response.headersList.get('Sec-WebSocket-Protocol')) {\n        failWebsocketConnection(ws, 'Server did not respond with sent protocols.')\n        return\n      }\n\n      // 3. Follow the requirements stated step 2 to step 6, inclusive,\n      //    of the last set of steps in section 4.1 of The WebSocket\n      //    Protocol to validate response. This either results in fail\n      //    the WebSocket connection or the WebSocket connection is\n      //    established.\n\n      // 2. If the response lacks an |Upgrade| header field or the |Upgrade|\n      //    header field contains a value that is not an ASCII case-\n      //    insensitive match for the value \"websocket\", the client MUST\n      //    _Fail the WebSocket Connection_.\n      if (response.headersList.get('Upgrade')?.toLowerCase() !== 'websocket') {\n        failWebsocketConnection(ws, 'Server did not set Upgrade header to \"websocket\".')\n        return\n      }\n\n      // 3. If the response lacks a |Connection| header field or the\n      //    |Connection| header field doesn't contain a token that is an\n      //    ASCII case-insensitive match for the value \"Upgrade\", the client\n      //    MUST _Fail the WebSocket Connection_.\n      if (response.headersList.get('Connection')?.toLowerCase() !== 'upgrade') {\n        failWebsocketConnection(ws, 'Server did not set Connection header to \"upgrade\".')\n        return\n      }\n\n      // 4. If the response lacks a |Sec-WebSocket-Accept| header field or\n      //    the |Sec-WebSocket-Accept| contains a value other than the\n      //    base64-encoded SHA-1 of the concatenation of the |Sec-WebSocket-\n      //    Key| (as a string, not base64-decoded) with the string \"258EAFA5-\n      //    E914-47DA-95CA-C5AB0DC85B11\" but ignoring any leading and\n      //    trailing whitespace, the client MUST _Fail the WebSocket\n      //    Connection_.\n      const secWSAccept = response.headersList.get('Sec-WebSocket-Accept')\n      const digest = crypto.createHash('sha1').update(keyValue + uid).digest('base64')\n      if (secWSAccept !== digest) {\n        failWebsocketConnection(ws, 'Incorrect hash received in Sec-WebSocket-Accept header.')\n        return\n      }\n\n      // 5. If the response includes a |Sec-WebSocket-Extensions| header\n      //    field and this header field indicates the use of an extension\n      //    that was not present in the client's handshake (the server has\n      //    indicated an extension not requested by the client), the client\n      //    MUST _Fail the WebSocket Connection_.  (The parsing of this\n      //    header field to determine which extensions are requested is\n      //    discussed in Section 9.1.)\n      const secExtension = response.headersList.get('Sec-WebSocket-Extensions')\n\n      if (secExtension !== null && secExtension !== permessageDeflate) {\n        failWebsocketConnection(ws, 'Received different permessage-deflate than the one set.')\n        return\n      }\n\n      // 6. If the response includes a |Sec-WebSocket-Protocol| header field\n      //    and this header field indicates the use of a subprotocol that was\n      //    not present in the client's handshake (the server has indicated a\n      //    subprotocol not requested by the client), the client MUST _Fail\n      //    the WebSocket Connection_.\n      const secProtocol = response.headersList.get('Sec-WebSocket-Protocol')\n\n      if (secProtocol !== null && secProtocol !== request.headersList.get('Sec-WebSocket-Protocol')) {\n        failWebsocketConnection(ws, 'Protocol was not set in the opening handshake.')\n        return\n      }\n\n      response.socket.on('data', onSocketData)\n      response.socket.on('close', onSocketClose)\n      response.socket.on('error', onSocketError)\n\n      if (channels.open.hasSubscribers) {\n        channels.open.publish({\n          address: response.socket.address(),\n          protocol: secProtocol,\n          extensions: secExtension\n        })\n      }\n\n      onEstablish(response)\n    }\n  })\n\n  return controller\n}\n\n/**\n * @param {Buffer} chunk\n */\nfunction onSocketData (chunk) {\n  if (!this.ws[kByteParser].write(chunk)) {\n    this.pause()\n  }\n}\n\n/**\n * @see https://websockets.spec.whatwg.org/#feedback-from-the-protocol\n * @see https://datatracker.ietf.org/doc/html/rfc6455#section-7.1.4\n */\nfunction onSocketClose () {\n  const { ws } = this\n\n  // If the TCP connection was closed after the\n  // WebSocket closing handshake was completed, the WebSocket connection\n  // is said to have been closed _cleanly_.\n  const wasClean = ws[kSentClose] && ws[kReceivedClose]\n\n  let code = 1005\n  let reason = ''\n\n  const result = ws[kByteParser].closingInfo\n\n  if (result) {\n    code = result.code ?? 1005\n    reason = result.reason\n  } else if (!ws[kSentClose]) {\n    // If _The WebSocket\n    // Connection is Closed_ and no Close control frame was received by the\n    // endpoint (such as could occur if the underlying transport connection\n    // is lost), _The WebSocket Connection Close Code_ is considered to be\n    // 1006.\n    code = 1006\n  }\n\n  // 1. Change the ready state to CLOSED (3).\n  ws[kReadyState] = states.CLOSED\n\n  // 2. If the user agent was required to fail the WebSocket\n  //    connection, or if the WebSocket connection was closed\n  //    after being flagged as full, fire an event named error\n  //    at the WebSocket object.\n  // TODO\n\n  // 3. Fire an event named close at the WebSocket object,\n  //    using CloseEvent, with the wasClean attribute\n  //    initialized to true if the connection closed cleanly\n  //    and false otherwise, the code attribute initialized to\n  //    the WebSocket connection close code, and the reason\n  //    attribute initialized to the result of applying UTF-8\n  //    decode without BOM to the WebSocket connection close\n  //    reason.\n  fireEvent('close', ws, CloseEvent, {\n    wasClean, code, reason\n  })\n\n  if (channels.close.hasSubscribers) {\n    channels.close.publish({\n      websocket: ws,\n      code,\n      reason\n    })\n  }\n}\n\nfunction onSocketError (error) {\n  const { ws } = this\n\n  ws[kReadyState] = states.CLOSING\n\n  if (channels.socketError.hasSubscribers) {\n    channels.socketError.publish(error)\n  }\n\n  this.destroy()\n}\n\nmodule.exports = {\n  establishWebSocketConnection\n}\n","'use strict'\n\n// This is a Globally Unique Identifier unique used\n// to validate that the endpoint accepts websocket\n// connections.\n// See https://www.rfc-editor.org/rfc/rfc6455.html#section-1.3\nconst uid = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11'\n\n/** @type {PropertyDescriptor} */\nconst staticPropertyDescriptors = {\n  enumerable: true,\n  writable: false,\n  configurable: false\n}\n\nconst states = {\n  CONNECTING: 0,\n  OPEN: 1,\n  CLOSING: 2,\n  CLOSED: 3\n}\n\nconst opcodes = {\n  CONTINUATION: 0x0,\n  TEXT: 0x1,\n  BINARY: 0x2,\n  CLOSE: 0x8,\n  PING: 0x9,\n  PONG: 0xA\n}\n\nconst maxUnsigned16Bit = 2 ** 16 - 1 // 65535\n\nconst parserStates = {\n  INFO: 0,\n  PAYLOADLENGTH_16: 2,\n  PAYLOADLENGTH_64: 3,\n  READ_DATA: 4\n}\n\nconst emptyBuffer = Buffer.allocUnsafe(0)\n\nmodule.exports = {\n  uid,\n  staticPropertyDescriptors,\n  states,\n  opcodes,\n  maxUnsigned16Bit,\n  parserStates,\n  emptyBuffer\n}\n","'use strict'\n\nconst { webidl } = require('../fetch/webidl')\nconst { kEnumerableProperty } = require('../core/util')\nconst { MessagePort } = require('worker_threads')\n\n/**\n * @see https://html.spec.whatwg.org/multipage/comms.html#messageevent\n */\nclass MessageEvent extends Event {\n  #eventInit\n\n  constructor (type, eventInitDict = {}) {\n    webidl.argumentLengthCheck(arguments, 1, { header: 'MessageEvent constructor' })\n\n    type = webidl.converters.DOMString(type)\n    eventInitDict = webidl.converters.MessageEventInit(eventInitDict)\n\n    super(type, eventInitDict)\n\n    this.#eventInit = eventInitDict\n  }\n\n  get data () {\n    webidl.brandCheck(this, MessageEvent)\n\n    return this.#eventInit.data\n  }\n\n  get origin () {\n    webidl.brandCheck(this, MessageEvent)\n\n    return this.#eventInit.origin\n  }\n\n  get lastEventId () {\n    webidl.brandCheck(this, MessageEvent)\n\n    return this.#eventInit.lastEventId\n  }\n\n  get source () {\n    webidl.brandCheck(this, MessageEvent)\n\n    return this.#eventInit.source\n  }\n\n  get ports () {\n    webidl.brandCheck(this, MessageEvent)\n\n    if (!Object.isFrozen(this.#eventInit.ports)) {\n      Object.freeze(this.#eventInit.ports)\n    }\n\n    return this.#eventInit.ports\n  }\n\n  initMessageEvent (\n    type,\n    bubbles = false,\n    cancelable = false,\n    data = null,\n    origin = '',\n    lastEventId = '',\n    source = null,\n    ports = []\n  ) {\n    webidl.brandCheck(this, MessageEvent)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'MessageEvent.initMessageEvent' })\n\n    return new MessageEvent(type, {\n      bubbles, cancelable, data, origin, lastEventId, source, ports\n    })\n  }\n}\n\n/**\n * @see https://websockets.spec.whatwg.org/#the-closeevent-interface\n */\nclass CloseEvent extends Event {\n  #eventInit\n\n  constructor (type, eventInitDict = {}) {\n    webidl.argumentLengthCheck(arguments, 1, { header: 'CloseEvent constructor' })\n\n    type = webidl.converters.DOMString(type)\n    eventInitDict = webidl.converters.CloseEventInit(eventInitDict)\n\n    super(type, eventInitDict)\n\n    this.#eventInit = eventInitDict\n  }\n\n  get wasClean () {\n    webidl.brandCheck(this, CloseEvent)\n\n    return this.#eventInit.wasClean\n  }\n\n  get code () {\n    webidl.brandCheck(this, CloseEvent)\n\n    return this.#eventInit.code\n  }\n\n  get reason () {\n    webidl.brandCheck(this, CloseEvent)\n\n    return this.#eventInit.reason\n  }\n}\n\n// https://html.spec.whatwg.org/multipage/webappapis.html#the-errorevent-interface\nclass ErrorEvent extends Event {\n  #eventInit\n\n  constructor (type, eventInitDict) {\n    webidl.argumentLengthCheck(arguments, 1, { header: 'ErrorEvent constructor' })\n\n    super(type, eventInitDict)\n\n    type = webidl.converters.DOMString(type)\n    eventInitDict = webidl.converters.ErrorEventInit(eventInitDict ?? {})\n\n    this.#eventInit = eventInitDict\n  }\n\n  get message () {\n    webidl.brandCheck(this, ErrorEvent)\n\n    return this.#eventInit.message\n  }\n\n  get filename () {\n    webidl.brandCheck(this, ErrorEvent)\n\n    return this.#eventInit.filename\n  }\n\n  get lineno () {\n    webidl.brandCheck(this, ErrorEvent)\n\n    return this.#eventInit.lineno\n  }\n\n  get colno () {\n    webidl.brandCheck(this, ErrorEvent)\n\n    return this.#eventInit.colno\n  }\n\n  get error () {\n    webidl.brandCheck(this, ErrorEvent)\n\n    return this.#eventInit.error\n  }\n}\n\nObject.defineProperties(MessageEvent.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'MessageEvent',\n    configurable: true\n  },\n  data: kEnumerableProperty,\n  origin: kEnumerableProperty,\n  lastEventId: kEnumerableProperty,\n  source: kEnumerableProperty,\n  ports: kEnumerableProperty,\n  initMessageEvent: kEnumerableProperty\n})\n\nObject.defineProperties(CloseEvent.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'CloseEvent',\n    configurable: true\n  },\n  reason: kEnumerableProperty,\n  code: kEnumerableProperty,\n  wasClean: kEnumerableProperty\n})\n\nObject.defineProperties(ErrorEvent.prototype, {\n  [Symbol.toStringTag]: {\n    value: 'ErrorEvent',\n    configurable: true\n  },\n  message: kEnumerableProperty,\n  filename: kEnumerableProperty,\n  lineno: kEnumerableProperty,\n  colno: kEnumerableProperty,\n  error: kEnumerableProperty\n})\n\nwebidl.converters.MessagePort = webidl.interfaceConverter(MessagePort)\n\nwebidl.converters['sequence<MessagePort>'] = webidl.sequenceConverter(\n  webidl.converters.MessagePort\n)\n\nconst eventInit = [\n  {\n    key: 'bubbles',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'cancelable',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'composed',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  }\n]\n\nwebidl.converters.MessageEventInit = webidl.dictionaryConverter([\n  ...eventInit,\n  {\n    key: 'data',\n    converter: webidl.converters.any,\n    defaultValue: null\n  },\n  {\n    key: 'origin',\n    converter: webidl.converters.USVString,\n    defaultValue: ''\n  },\n  {\n    key: 'lastEventId',\n    converter: webidl.converters.DOMString,\n    defaultValue: ''\n  },\n  {\n    key: 'source',\n    // Node doesn't implement WindowProxy or ServiceWorker, so the only\n    // valid value for source is a MessagePort.\n    converter: webidl.nullableConverter(webidl.converters.MessagePort),\n    defaultValue: null\n  },\n  {\n    key: 'ports',\n    converter: webidl.converters['sequence<MessagePort>'],\n    get defaultValue () {\n      return []\n    }\n  }\n])\n\nwebidl.converters.CloseEventInit = webidl.dictionaryConverter([\n  ...eventInit,\n  {\n    key: 'wasClean',\n    converter: webidl.converters.boolean,\n    defaultValue: false\n  },\n  {\n    key: 'code',\n    converter: webidl.converters['unsigned short'],\n    defaultValue: 0\n  },\n  {\n    key: 'reason',\n    converter: webidl.converters.USVString,\n    defaultValue: ''\n  }\n])\n\nwebidl.converters.ErrorEventInit = webidl.dictionaryConverter([\n  ...eventInit,\n  {\n    key: 'message',\n    converter: webidl.converters.DOMString,\n    defaultValue: ''\n  },\n  {\n    key: 'filename',\n    converter: webidl.converters.USVString,\n    defaultValue: ''\n  },\n  {\n    key: 'lineno',\n    converter: webidl.converters['unsigned long'],\n    defaultValue: 0\n  },\n  {\n    key: 'colno',\n    converter: webidl.converters['unsigned long'],\n    defaultValue: 0\n  },\n  {\n    key: 'error',\n    converter: webidl.converters.any\n  }\n])\n\nmodule.exports = {\n  MessageEvent,\n  CloseEvent,\n  ErrorEvent\n}\n","'use strict'\n\nconst { maxUnsigned16Bit } = require('./constants')\n\n/** @type {import('crypto')} */\nlet crypto\ntry {\n  crypto = require('crypto')\n} catch {\n\n}\n\nclass WebsocketFrameSend {\n  /**\n   * @param {Buffer|undefined} data\n   */\n  constructor (data) {\n    this.frameData = data\n    this.maskKey = crypto.randomBytes(4)\n  }\n\n  createFrame (opcode) {\n    const bodyLength = this.frameData?.byteLength ?? 0\n\n    /** @type {number} */\n    let payloadLength = bodyLength // 0-125\n    let offset = 6\n\n    if (bodyLength > maxUnsigned16Bit) {\n      offset += 8 // payload length is next 8 bytes\n      payloadLength = 127\n    } else if (bodyLength > 125) {\n      offset += 2 // payload length is next 2 bytes\n      payloadLength = 126\n    }\n\n    const buffer = Buffer.allocUnsafe(bodyLength + offset)\n\n    // Clear first 2 bytes, everything else is overwritten\n    buffer[0] = buffer[1] = 0\n    buffer[0] |= 0x80 // FIN\n    buffer[0] = (buffer[0] & 0xF0) + opcode // opcode\n\n    /*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> */\n    buffer[offset - 4] = this.maskKey[0]\n    buffer[offset - 3] = this.maskKey[1]\n    buffer[offset - 2] = this.maskKey[2]\n    buffer[offset - 1] = this.maskKey[3]\n\n    buffer[1] = payloadLength\n\n    if (payloadLength === 126) {\n      buffer.writeUInt16BE(bodyLength, 2)\n    } else if (payloadLength === 127) {\n      // Clear extended payload length\n      buffer[2] = buffer[3] = 0\n      buffer.writeUIntBE(bodyLength, 4, 6)\n    }\n\n    buffer[1] |= 0x80 // MASK\n\n    // mask body\n    for (let i = 0; i < bodyLength; i++) {\n      buffer[offset + i] = this.frameData[i] ^ this.maskKey[i % 4]\n    }\n\n    return buffer\n  }\n}\n\nmodule.exports = {\n  WebsocketFrameSend\n}\n","'use strict'\n\nconst { Writable } = require('stream')\nconst diagnosticsChannel = require('diagnostics_channel')\nconst { parserStates, opcodes, states, emptyBuffer } = require('./constants')\nconst { kReadyState, kSentClose, kResponse, kReceivedClose } = require('./symbols')\nconst { isValidStatusCode, failWebsocketConnection, websocketMessageReceived } = require('./util')\nconst { WebsocketFrameSend } = require('./frame')\n\n// This code was influenced by ws released under the MIT license.\n// Copyright (c) 2011 Einar Otto Stangvik <einaros@gmail.com>\n// Copyright (c) 2013 Arnout Kazemier and contributors\n// Copyright (c) 2016 Luigi Pinca and contributors\n\nconst channels = {}\nchannels.ping = diagnosticsChannel.channel('undici:websocket:ping')\nchannels.pong = diagnosticsChannel.channel('undici:websocket:pong')\n\nclass ByteParser extends Writable {\n  #buffers = []\n  #byteOffset = 0\n\n  #state = parserStates.INFO\n\n  #info = {}\n  #fragments = []\n\n  constructor (ws) {\n    super()\n\n    this.ws = ws\n  }\n\n  /**\n   * @param {Buffer} chunk\n   * @param {() => void} callback\n   */\n  _write (chunk, _, callback) {\n    this.#buffers.push(chunk)\n    this.#byteOffset += chunk.length\n\n    this.run(callback)\n  }\n\n  /**\n   * Runs whenever a new chunk is received.\n   * Callback is called whenever there are no more chunks buffering,\n   * or not enough bytes are buffered to parse.\n   */\n  run (callback) {\n    while (true) {\n      if (this.#state === parserStates.INFO) {\n        // If there aren't enough bytes to parse the payload length, etc.\n        if (this.#byteOffset < 2) {\n          return callback()\n        }\n\n        const buffer = this.consume(2)\n\n        this.#info.fin = (buffer[0] & 0x80) !== 0\n        this.#info.opcode = buffer[0] & 0x0F\n\n        // If we receive a fragmented message, we use the type of the first\n        // frame to parse the full message as binary/text, when it's terminated\n        this.#info.originalOpcode ??= this.#info.opcode\n\n        this.#info.fragmented = !this.#info.fin && this.#info.opcode !== opcodes.CONTINUATION\n\n        if (this.#info.fragmented && this.#info.opcode !== opcodes.BINARY && this.#info.opcode !== opcodes.TEXT) {\n          // Only text and binary frames can be fragmented\n          failWebsocketConnection(this.ws, 'Invalid frame type was fragmented.')\n          return\n        }\n\n        const payloadLength = buffer[1] & 0x7F\n\n        if (payloadLength <= 125) {\n          this.#info.payloadLength = payloadLength\n          this.#state = parserStates.READ_DATA\n        } else if (payloadLength === 126) {\n          this.#state = parserStates.PAYLOADLENGTH_16\n        } else if (payloadLength === 127) {\n          this.#state = parserStates.PAYLOADLENGTH_64\n        }\n\n        if (this.#info.fragmented && payloadLength > 125) {\n          // A fragmented frame can't be fragmented itself\n          failWebsocketConnection(this.ws, 'Fragmented frame exceeded 125 bytes.')\n          return\n        } else if (\n          (this.#info.opcode === opcodes.PING ||\n            this.#info.opcode === opcodes.PONG ||\n            this.#info.opcode === opcodes.CLOSE) &&\n          payloadLength > 125\n        ) {\n          // Control frames can have a payload length of 125 bytes MAX\n          failWebsocketConnection(this.ws, 'Payload length for control frame exceeded 125 bytes.')\n          return\n        } else if (this.#info.opcode === opcodes.CLOSE) {\n          if (payloadLength === 1) {\n            failWebsocketConnection(this.ws, 'Received close frame with a 1-byte body.')\n            return\n          }\n\n          const body = this.consume(payloadLength)\n\n          this.#info.closeInfo = this.parseCloseBody(false, body)\n\n          if (!this.ws[kSentClose]) {\n            // If an endpoint receives a Close frame and did not previously send a\n            // Close frame, the endpoint MUST send a Close frame in response.  (When\n            // sending a Close frame in response, the endpoint typically echos the\n            // status code it received.)\n            const body = Buffer.allocUnsafe(2)\n            body.writeUInt16BE(this.#info.closeInfo.code, 0)\n            const closeFrame = new WebsocketFrameSend(body)\n\n            this.ws[kResponse].socket.write(\n              closeFrame.createFrame(opcodes.CLOSE),\n              (err) => {\n                if (!err) {\n                  this.ws[kSentClose] = true\n                }\n              }\n            )\n          }\n\n          // Upon either sending or receiving a Close control frame, it is said\n          // that _The WebSocket Closing Handshake is Started_ and that the\n          // WebSocket connection is in the CLOSING state.\n          this.ws[kReadyState] = states.CLOSING\n          this.ws[kReceivedClose] = true\n\n          this.end()\n\n          return\n        } else if (this.#info.opcode === opcodes.PING) {\n          // Upon receipt of a Ping frame, an endpoint MUST send a Pong frame in\n          // response, unless it already received a Close frame.\n          // A Pong frame sent in response to a Ping frame must have identical\n          // \"Application data\"\n\n          const body = this.consume(payloadLength)\n\n          if (!this.ws[kReceivedClose]) {\n            const frame = new WebsocketFrameSend(body)\n\n            this.ws[kResponse].socket.write(frame.createFrame(opcodes.PONG))\n\n            if (channels.ping.hasSubscribers) {\n              channels.ping.publish({\n                payload: body\n              })\n            }\n          }\n\n          this.#state = parserStates.INFO\n\n          if (this.#byteOffset > 0) {\n            continue\n          } else {\n            callback()\n            return\n          }\n        } else if (this.#info.opcode === opcodes.PONG) {\n          // A Pong frame MAY be sent unsolicited.  This serves as a\n          // unidirectional heartbeat.  A response to an unsolicited Pong frame is\n          // not expected.\n\n          const body = this.consume(payloadLength)\n\n          if (channels.pong.hasSubscribers) {\n            channels.pong.publish({\n              payload: body\n            })\n          }\n\n          if (this.#byteOffset > 0) {\n            continue\n          } else {\n            callback()\n            return\n          }\n        }\n      } else if (this.#state === parserStates.PAYLOADLENGTH_16) {\n        if (this.#byteOffset < 2) {\n          return callback()\n        }\n\n        const buffer = this.consume(2)\n\n        this.#info.payloadLength = buffer.readUInt16BE(0)\n        this.#state = parserStates.READ_DATA\n      } else if (this.#state === parserStates.PAYLOADLENGTH_64) {\n        if (this.#byteOffset < 8) {\n          return callback()\n        }\n\n        const buffer = this.consume(8)\n        const upper = buffer.readUInt32BE(0)\n\n        // 2^31 is the maxinimum bytes an arraybuffer can contain\n        // on 32-bit systems. Although, on 64-bit systems, this is\n        // 2^53-1 bytes.\n        // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Invalid_array_length\n        // https://source.chromium.org/chromium/chromium/src/+/main:v8/src/common/globals.h;drc=1946212ac0100668f14eb9e2843bdd846e510a1e;bpv=1;bpt=1;l=1275\n        // https://source.chromium.org/chromium/chromium/src/+/main:v8/src/objects/js-array-buffer.h;l=34;drc=1946212ac0100668f14eb9e2843bdd846e510a1e\n        if (upper > 2 ** 31 - 1) {\n          failWebsocketConnection(this.ws, 'Received payload length > 2^31 bytes.')\n          return\n        }\n\n        const lower = buffer.readUInt32BE(4)\n\n        this.#info.payloadLength = (upper << 8) + lower\n        this.#state = parserStates.READ_DATA\n      } else if (this.#state === parserStates.READ_DATA) {\n        if (this.#byteOffset < this.#info.payloadLength) {\n          // If there is still more data in this chunk that needs to be read\n          return callback()\n        } else if (this.#byteOffset >= this.#info.payloadLength) {\n          // If the server sent multiple frames in a single chunk\n\n          const body = this.consume(this.#info.payloadLength)\n\n          this.#fragments.push(body)\n\n          // If the frame is unfragmented, or a fragmented frame was terminated,\n          // a message was received\n          if (!this.#info.fragmented || (this.#info.fin && this.#info.opcode === opcodes.CONTINUATION)) {\n            const fullMessage = Buffer.concat(this.#fragments)\n\n            websocketMessageReceived(this.ws, this.#info.originalOpcode, fullMessage)\n\n            this.#info = {}\n            this.#fragments.length = 0\n          }\n\n          this.#state = parserStates.INFO\n        }\n      }\n\n      if (this.#byteOffset > 0) {\n        continue\n      } else {\n        callback()\n        break\n      }\n    }\n  }\n\n  /**\n   * Take n bytes from the buffered Buffers\n   * @param {number} n\n   * @returns {Buffer|null}\n   */\n  consume (n) {\n    if (n > this.#byteOffset) {\n      return null\n    } else if (n === 0) {\n      return emptyBuffer\n    }\n\n    if (this.#buffers[0].length === n) {\n      this.#byteOffset -= this.#buffers[0].length\n      return this.#buffers.shift()\n    }\n\n    const buffer = Buffer.allocUnsafe(n)\n    let offset = 0\n\n    while (offset !== n) {\n      const next = this.#buffers[0]\n      const { length } = next\n\n      if (length + offset === n) {\n        buffer.set(this.#buffers.shift(), offset)\n        break\n      } else if (length + offset > n) {\n        buffer.set(next.subarray(0, n - offset), offset)\n        this.#buffers[0] = next.subarray(n - offset)\n        break\n      } else {\n        buffer.set(this.#buffers.shift(), offset)\n        offset += next.length\n      }\n    }\n\n    this.#byteOffset -= n\n\n    return buffer\n  }\n\n  parseCloseBody (onlyCode, data) {\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-7.1.5\n    /** @type {number|undefined} */\n    let code\n\n    if (data.length >= 2) {\n      // _The WebSocket Connection Close Code_ is\n      // defined as the status code (Section 7.4) contained in the first Close\n      // control frame received by the application\n      code = data.readUInt16BE(0)\n    }\n\n    if (onlyCode) {\n      if (!isValidStatusCode(code)) {\n        return null\n      }\n\n      return { code }\n    }\n\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-7.1.6\n    /** @type {Buffer} */\n    let reason = data.subarray(2)\n\n    // Remove BOM\n    if (reason[0] === 0xEF && reason[1] === 0xBB && reason[2] === 0xBF) {\n      reason = reason.subarray(3)\n    }\n\n    if (code !== undefined && !isValidStatusCode(code)) {\n      return null\n    }\n\n    try {\n      // TODO: optimize this\n      reason = new TextDecoder('utf-8', { fatal: true }).decode(reason)\n    } catch {\n      return null\n    }\n\n    return { code, reason }\n  }\n\n  get closingInfo () {\n    return this.#info.closeInfo\n  }\n}\n\nmodule.exports = {\n  ByteParser\n}\n","'use strict'\n\nmodule.exports = {\n  kWebSocketURL: Symbol('url'),\n  kReadyState: Symbol('ready state'),\n  kController: Symbol('controller'),\n  kResponse: Symbol('response'),\n  kBinaryType: Symbol('binary type'),\n  kSentClose: Symbol('sent close'),\n  kReceivedClose: Symbol('received close'),\n  kByteParser: Symbol('byte parser')\n}\n","'use strict'\n\nconst { kReadyState, kController, kResponse, kBinaryType, kWebSocketURL } = require('./symbols')\nconst { states, opcodes } = require('./constants')\nconst { MessageEvent, ErrorEvent } = require('./events')\n\n/* globals Blob */\n\n/**\n * @param {import('./websocket').WebSocket} ws\n */\nfunction isEstablished (ws) {\n  // If the server's response is validated as provided for above, it is\n  // said that _The WebSocket Connection is Established_ and that the\n  // WebSocket Connection is in the OPEN state.\n  return ws[kReadyState] === states.OPEN\n}\n\n/**\n * @param {import('./websocket').WebSocket} ws\n */\nfunction isClosing (ws) {\n  // Upon either sending or receiving a Close control frame, it is said\n  // that _The WebSocket Closing Handshake is Started_ and that the\n  // WebSocket connection is in the CLOSING state.\n  return ws[kReadyState] === states.CLOSING\n}\n\n/**\n * @param {import('./websocket').WebSocket} ws\n */\nfunction isClosed (ws) {\n  return ws[kReadyState] === states.CLOSED\n}\n\n/**\n * @see https://dom.spec.whatwg.org/#concept-event-fire\n * @param {string} e\n * @param {EventTarget} target\n * @param {EventInit | undefined} eventInitDict\n */\nfunction fireEvent (e, target, eventConstructor = Event, eventInitDict) {\n  // 1. If eventConstructor is not given, then let eventConstructor be Event.\n\n  // 2. Let event be the result of creating an event given eventConstructor,\n  //    in the relevant realm of target.\n  // 3. Initialize event’s type attribute to e.\n  const event = new eventConstructor(e, eventInitDict) // eslint-disable-line new-cap\n\n  // 4. Initialize any other IDL attributes of event as described in the\n  //    invocation of this algorithm.\n\n  // 5. Return the result of dispatching event at target, with legacy target\n  //    override flag set if set.\n  target.dispatchEvent(event)\n}\n\n/**\n * @see https://websockets.spec.whatwg.org/#feedback-from-the-protocol\n * @param {import('./websocket').WebSocket} ws\n * @param {number} type Opcode\n * @param {Buffer} data application data\n */\nfunction websocketMessageReceived (ws, type, data) {\n  // 1. If ready state is not OPEN (1), then return.\n  if (ws[kReadyState] !== states.OPEN) {\n    return\n  }\n\n  // 2. Let dataForEvent be determined by switching on type and binary type:\n  let dataForEvent\n\n  if (type === opcodes.TEXT) {\n    // -> type indicates that the data is Text\n    //      a new DOMString containing data\n    try {\n      dataForEvent = new TextDecoder('utf-8', { fatal: true }).decode(data)\n    } catch {\n      failWebsocketConnection(ws, 'Received invalid UTF-8 in text frame.')\n      return\n    }\n  } else if (type === opcodes.BINARY) {\n    if (ws[kBinaryType] === 'blob') {\n      // -> type indicates that the data is Binary and binary type is \"blob\"\n      //      a new Blob object, created in the relevant Realm of the WebSocket\n      //      object, that represents data as its raw data\n      dataForEvent = new Blob([data])\n    } else {\n      // -> type indicates that the data is Binary and binary type is \"arraybuffer\"\n      //      a new ArrayBuffer object, created in the relevant Realm of the\n      //      WebSocket object, whose contents are data\n      dataForEvent = new Uint8Array(data).buffer\n    }\n  }\n\n  // 3. Fire an event named message at the WebSocket object, using MessageEvent,\n  //    with the origin attribute initialized to the serialization of the WebSocket\n  //    object’s url's origin, and the data attribute initialized to dataForEvent.\n  fireEvent('message', ws, MessageEvent, {\n    origin: ws[kWebSocketURL].origin,\n    data: dataForEvent\n  })\n}\n\n/**\n * @see https://datatracker.ietf.org/doc/html/rfc6455\n * @see https://datatracker.ietf.org/doc/html/rfc2616\n * @see https://bugs.chromium.org/p/chromium/issues/detail?id=398407\n * @param {string} protocol\n */\nfunction isValidSubprotocol (protocol) {\n  // If present, this value indicates one\n  // or more comma-separated subprotocol the client wishes to speak,\n  // ordered by preference.  The elements that comprise this value\n  // MUST be non-empty strings with characters in the range U+0021 to\n  // U+007E not including separator characters as defined in\n  // [RFC2616] and MUST all be unique strings.\n  if (protocol.length === 0) {\n    return false\n  }\n\n  for (const char of protocol) {\n    const code = char.charCodeAt(0)\n\n    if (\n      code < 0x21 ||\n      code > 0x7E ||\n      char === '(' ||\n      char === ')' ||\n      char === '<' ||\n      char === '>' ||\n      char === '@' ||\n      char === ',' ||\n      char === ';' ||\n      char === ':' ||\n      char === '\\\\' ||\n      char === '\"' ||\n      char === '/' ||\n      char === '[' ||\n      char === ']' ||\n      char === '?' ||\n      char === '=' ||\n      char === '{' ||\n      char === '}' ||\n      code === 32 || // SP\n      code === 9 // HT\n    ) {\n      return false\n    }\n  }\n\n  return true\n}\n\n/**\n * @see https://datatracker.ietf.org/doc/html/rfc6455#section-7-4\n * @param {number} code\n */\nfunction isValidStatusCode (code) {\n  if (code >= 1000 && code < 1015) {\n    return (\n      code !== 1004 && // reserved\n      code !== 1005 && // \"MUST NOT be set as a status code\"\n      code !== 1006 // \"MUST NOT be set as a status code\"\n    )\n  }\n\n  return code >= 3000 && code <= 4999\n}\n\n/**\n * @param {import('./websocket').WebSocket} ws\n * @param {string|undefined} reason\n */\nfunction failWebsocketConnection (ws, reason) {\n  const { [kController]: controller, [kResponse]: response } = ws\n\n  controller.abort()\n\n  if (response?.socket && !response.socket.destroyed) {\n    response.socket.destroy()\n  }\n\n  if (reason) {\n    fireEvent('error', ws, ErrorEvent, {\n      error: new Error(reason)\n    })\n  }\n}\n\nmodule.exports = {\n  isEstablished,\n  isClosing,\n  isClosed,\n  fireEvent,\n  isValidSubprotocol,\n  isValidStatusCode,\n  failWebsocketConnection,\n  websocketMessageReceived\n}\n","'use strict'\n\nconst { webidl } = require('../fetch/webidl')\nconst { DOMException } = require('../fetch/constants')\nconst { URLSerializer } = require('../fetch/dataURL')\nconst { getGlobalOrigin } = require('../fetch/global')\nconst { staticPropertyDescriptors, states, opcodes, emptyBuffer } = require('./constants')\nconst {\n  kWebSocketURL,\n  kReadyState,\n  kController,\n  kBinaryType,\n  kResponse,\n  kSentClose,\n  kByteParser\n} = require('./symbols')\nconst { isEstablished, isClosing, isValidSubprotocol, failWebsocketConnection, fireEvent } = require('./util')\nconst { establishWebSocketConnection } = require('./connection')\nconst { WebsocketFrameSend } = require('./frame')\nconst { ByteParser } = require('./receiver')\nconst { kEnumerableProperty, isBlobLike } = require('../core/util')\nconst { getGlobalDispatcher } = require('../global')\nconst { types } = require('util')\n\nlet experimentalWarned = false\n\n// https://websockets.spec.whatwg.org/#interface-definition\nclass WebSocket extends EventTarget {\n  #events = {\n    open: null,\n    error: null,\n    close: null,\n    message: null\n  }\n\n  #bufferedAmount = 0\n  #protocol = ''\n  #extensions = ''\n\n  /**\n   * @param {string} url\n   * @param {string|string[]} protocols\n   */\n  constructor (url, protocols = []) {\n    super()\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'WebSocket constructor' })\n\n    if (!experimentalWarned) {\n      experimentalWarned = true\n      process.emitWarning('WebSockets are experimental, expect them to change at any time.', {\n        code: 'UNDICI-WS'\n      })\n    }\n\n    const options = webidl.converters['DOMString or sequence<DOMString> or WebSocketInit'](protocols)\n\n    url = webidl.converters.USVString(url)\n    protocols = options.protocols\n\n    // 1. Let baseURL be this's relevant settings object's API base URL.\n    const baseURL = getGlobalOrigin()\n\n    // 1. Let urlRecord be the result of applying the URL parser to url with baseURL.\n    let urlRecord\n\n    try {\n      urlRecord = new URL(url, baseURL)\n    } catch (e) {\n      // 3. If urlRecord is failure, then throw a \"SyntaxError\" DOMException.\n      throw new DOMException(e, 'SyntaxError')\n    }\n\n    // 4. If urlRecord’s scheme is \"http\", then set urlRecord’s scheme to \"ws\".\n    if (urlRecord.protocol === 'http:') {\n      urlRecord.protocol = 'ws:'\n    } else if (urlRecord.protocol === 'https:') {\n      // 5. Otherwise, if urlRecord’s scheme is \"https\", set urlRecord’s scheme to \"wss\".\n      urlRecord.protocol = 'wss:'\n    }\n\n    // 6. If urlRecord’s scheme is not \"ws\" or \"wss\", then throw a \"SyntaxError\" DOMException.\n    if (urlRecord.protocol !== 'ws:' && urlRecord.protocol !== 'wss:') {\n      throw new DOMException(\n        `Expected a ws: or wss: protocol, got ${urlRecord.protocol}`,\n        'SyntaxError'\n      )\n    }\n\n    // 7. If urlRecord’s fragment is non-null, then throw a \"SyntaxError\"\n    //    DOMException.\n    if (urlRecord.hash || urlRecord.href.endsWith('#')) {\n      throw new DOMException('Got fragment', 'SyntaxError')\n    }\n\n    // 8. If protocols is a string, set protocols to a sequence consisting\n    //    of just that string.\n    if (typeof protocols === 'string') {\n      protocols = [protocols]\n    }\n\n    // 9. If any of the values in protocols occur more than once or otherwise\n    //    fail to match the requirements for elements that comprise the value\n    //    of `Sec-WebSocket-Protocol` fields as defined by The WebSocket\n    //    protocol, then throw a \"SyntaxError\" DOMException.\n    if (protocols.length !== new Set(protocols.map(p => p.toLowerCase())).size) {\n      throw new DOMException('Invalid Sec-WebSocket-Protocol value', 'SyntaxError')\n    }\n\n    if (protocols.length > 0 && !protocols.every(p => isValidSubprotocol(p))) {\n      throw new DOMException('Invalid Sec-WebSocket-Protocol value', 'SyntaxError')\n    }\n\n    // 10. Set this's url to urlRecord.\n    this[kWebSocketURL] = new URL(urlRecord.href)\n\n    // 11. Let client be this's relevant settings object.\n\n    // 12. Run this step in parallel:\n\n    //    1. Establish a WebSocket connection given urlRecord, protocols,\n    //       and client.\n    this[kController] = establishWebSocketConnection(\n      urlRecord,\n      protocols,\n      this,\n      (response) => this.#onConnectionEstablished(response),\n      options\n    )\n\n    // Each WebSocket object has an associated ready state, which is a\n    // number representing the state of the connection. Initially it must\n    // be CONNECTING (0).\n    this[kReadyState] = WebSocket.CONNECTING\n\n    // The extensions attribute must initially return the empty string.\n\n    // The protocol attribute must initially return the empty string.\n\n    // Each WebSocket object has an associated binary type, which is a\n    // BinaryType. Initially it must be \"blob\".\n    this[kBinaryType] = 'blob'\n  }\n\n  /**\n   * @see https://websockets.spec.whatwg.org/#dom-websocket-close\n   * @param {number|undefined} code\n   * @param {string|undefined} reason\n   */\n  close (code = undefined, reason = undefined) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (code !== undefined) {\n      code = webidl.converters['unsigned short'](code, { clamp: true })\n    }\n\n    if (reason !== undefined) {\n      reason = webidl.converters.USVString(reason)\n    }\n\n    // 1. If code is present, but is neither an integer equal to 1000 nor an\n    //    integer in the range 3000 to 4999, inclusive, throw an\n    //    \"InvalidAccessError\" DOMException.\n    if (code !== undefined) {\n      if (code !== 1000 && (code < 3000 || code > 4999)) {\n        throw new DOMException('invalid code', 'InvalidAccessError')\n      }\n    }\n\n    let reasonByteLength = 0\n\n    // 2. If reason is present, then run these substeps:\n    if (reason !== undefined) {\n      // 1. Let reasonBytes be the result of encoding reason.\n      // 2. If reasonBytes is longer than 123 bytes, then throw a\n      //    \"SyntaxError\" DOMException.\n      reasonByteLength = Buffer.byteLength(reason)\n\n      if (reasonByteLength > 123) {\n        throw new DOMException(\n          `Reason must be less than 123 bytes; received ${reasonByteLength}`,\n          'SyntaxError'\n        )\n      }\n    }\n\n    // 3. Run the first matching steps from the following list:\n    if (this[kReadyState] === WebSocket.CLOSING || this[kReadyState] === WebSocket.CLOSED) {\n      // If this's ready state is CLOSING (2) or CLOSED (3)\n      // Do nothing.\n    } else if (!isEstablished(this)) {\n      // If the WebSocket connection is not yet established\n      // Fail the WebSocket connection and set this's ready state\n      // to CLOSING (2).\n      failWebsocketConnection(this, 'Connection was closed before it was established.')\n      this[kReadyState] = WebSocket.CLOSING\n    } else if (!isClosing(this)) {\n      // If the WebSocket closing handshake has not yet been started\n      // Start the WebSocket closing handshake and set this's ready\n      // state to CLOSING (2).\n      // - If neither code nor reason is present, the WebSocket Close\n      //   message must not have a body.\n      // - If code is present, then the status code to use in the\n      //   WebSocket Close message must be the integer given by code.\n      // - If reason is also present, then reasonBytes must be\n      //   provided in the Close message after the status code.\n\n      const frame = new WebsocketFrameSend()\n\n      // If neither code nor reason is present, the WebSocket Close\n      // message must not have a body.\n\n      // If code is present, then the status code to use in the\n      // WebSocket Close message must be the integer given by code.\n      if (code !== undefined && reason === undefined) {\n        frame.frameData = Buffer.allocUnsafe(2)\n        frame.frameData.writeUInt16BE(code, 0)\n      } else if (code !== undefined && reason !== undefined) {\n        // If reason is also present, then reasonBytes must be\n        // provided in the Close message after the status code.\n        frame.frameData = Buffer.allocUnsafe(2 + reasonByteLength)\n        frame.frameData.writeUInt16BE(code, 0)\n        // the body MAY contain UTF-8-encoded data with value /reason/\n        frame.frameData.write(reason, 2, 'utf-8')\n      } else {\n        frame.frameData = emptyBuffer\n      }\n\n      /** @type {import('stream').Duplex} */\n      const socket = this[kResponse].socket\n\n      socket.write(frame.createFrame(opcodes.CLOSE), (err) => {\n        if (!err) {\n          this[kSentClose] = true\n        }\n      })\n\n      // Upon either sending or receiving a Close control frame, it is said\n      // that _The WebSocket Closing Handshake is Started_ and that the\n      // WebSocket connection is in the CLOSING state.\n      this[kReadyState] = states.CLOSING\n    } else {\n      // Otherwise\n      // Set this's ready state to CLOSING (2).\n      this[kReadyState] = WebSocket.CLOSING\n    }\n  }\n\n  /**\n   * @see https://websockets.spec.whatwg.org/#dom-websocket-send\n   * @param {NodeJS.TypedArray|ArrayBuffer|Blob|string} data\n   */\n  send (data) {\n    webidl.brandCheck(this, WebSocket)\n\n    webidl.argumentLengthCheck(arguments, 1, { header: 'WebSocket.send' })\n\n    data = webidl.converters.WebSocketSendData(data)\n\n    // 1. If this's ready state is CONNECTING, then throw an\n    //    \"InvalidStateError\" DOMException.\n    if (this[kReadyState] === WebSocket.CONNECTING) {\n      throw new DOMException('Sent before connected.', 'InvalidStateError')\n    }\n\n    // 2. Run the appropriate set of steps from the following list:\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-6.1\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-5.2\n\n    if (!isEstablished(this) || isClosing(this)) {\n      return\n    }\n\n    /** @type {import('stream').Duplex} */\n    const socket = this[kResponse].socket\n\n    // If data is a string\n    if (typeof data === 'string') {\n      // If the WebSocket connection is established and the WebSocket\n      // closing handshake has not yet started, then the user agent\n      // must send a WebSocket Message comprised of the data argument\n      // using a text frame opcode; if the data cannot be sent, e.g.\n      // because it would need to be buffered but the buffer is full,\n      // the user agent must flag the WebSocket as full and then close\n      // the WebSocket connection. Any invocation of this method with a\n      // string argument that does not throw an exception must increase\n      // the bufferedAmount attribute by the number of bytes needed to\n      // express the argument as UTF-8.\n\n      const value = Buffer.from(data)\n      const frame = new WebsocketFrameSend(value)\n      const buffer = frame.createFrame(opcodes.TEXT)\n\n      this.#bufferedAmount += value.byteLength\n      socket.write(buffer, () => {\n        this.#bufferedAmount -= value.byteLength\n      })\n    } else if (types.isArrayBuffer(data)) {\n      // If the WebSocket connection is established, and the WebSocket\n      // closing handshake has not yet started, then the user agent must\n      // send a WebSocket Message comprised of data using a binary frame\n      // opcode; if the data cannot be sent, e.g. because it would need\n      // to be buffered but the buffer is full, the user agent must flag\n      // the WebSocket as full and then close the WebSocket connection.\n      // The data to be sent is the data stored in the buffer described\n      // by the ArrayBuffer object. Any invocation of this method with an\n      // ArrayBuffer argument that does not throw an exception must\n      // increase the bufferedAmount attribute by the length of the\n      // ArrayBuffer in bytes.\n\n      const value = Buffer.from(data)\n      const frame = new WebsocketFrameSend(value)\n      const buffer = frame.createFrame(opcodes.BINARY)\n\n      this.#bufferedAmount += value.byteLength\n      socket.write(buffer, () => {\n        this.#bufferedAmount -= value.byteLength\n      })\n    } else if (ArrayBuffer.isView(data)) {\n      // If the WebSocket connection is established, and the WebSocket\n      // closing handshake has not yet started, then the user agent must\n      // send a WebSocket Message comprised of data using a binary frame\n      // opcode; if the data cannot be sent, e.g. because it would need to\n      // be buffered but the buffer is full, the user agent must flag the\n      // WebSocket as full and then close the WebSocket connection. The\n      // data to be sent is the data stored in the section of the buffer\n      // described by the ArrayBuffer object that data references. Any\n      // invocation of this method with this kind of argument that does\n      // not throw an exception must increase the bufferedAmount attribute\n      // by the length of data’s buffer in bytes.\n\n      const ab = Buffer.from(data, data.byteOffset, data.byteLength)\n\n      const frame = new WebsocketFrameSend(ab)\n      const buffer = frame.createFrame(opcodes.BINARY)\n\n      this.#bufferedAmount += ab.byteLength\n      socket.write(buffer, () => {\n        this.#bufferedAmount -= ab.byteLength\n      })\n    } else if (isBlobLike(data)) {\n      // If the WebSocket connection is established, and the WebSocket\n      // closing handshake has not yet started, then the user agent must\n      // send a WebSocket Message comprised of data using a binary frame\n      // opcode; if the data cannot be sent, e.g. because it would need to\n      // be buffered but the buffer is full, the user agent must flag the\n      // WebSocket as full and then close the WebSocket connection. The data\n      // to be sent is the raw data represented by the Blob object. Any\n      // invocation of this method with a Blob argument that does not throw\n      // an exception must increase the bufferedAmount attribute by the size\n      // of the Blob object’s raw data, in bytes.\n\n      const frame = new WebsocketFrameSend()\n\n      data.arrayBuffer().then((ab) => {\n        const value = Buffer.from(ab)\n        frame.frameData = value\n        const buffer = frame.createFrame(opcodes.BINARY)\n\n        this.#bufferedAmount += value.byteLength\n        socket.write(buffer, () => {\n          this.#bufferedAmount -= value.byteLength\n        })\n      })\n    }\n  }\n\n  get readyState () {\n    webidl.brandCheck(this, WebSocket)\n\n    // The readyState getter steps are to return this's ready state.\n    return this[kReadyState]\n  }\n\n  get bufferedAmount () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#bufferedAmount\n  }\n\n  get url () {\n    webidl.brandCheck(this, WebSocket)\n\n    // The url getter steps are to return this's url, serialized.\n    return URLSerializer(this[kWebSocketURL])\n  }\n\n  get extensions () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#extensions\n  }\n\n  get protocol () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#protocol\n  }\n\n  get onopen () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#events.open\n  }\n\n  set onopen (fn) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (this.#events.open) {\n      this.removeEventListener('open', this.#events.open)\n    }\n\n    if (typeof fn === 'function') {\n      this.#events.open = fn\n      this.addEventListener('open', fn)\n    } else {\n      this.#events.open = null\n    }\n  }\n\n  get onerror () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#events.error\n  }\n\n  set onerror (fn) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (this.#events.error) {\n      this.removeEventListener('error', this.#events.error)\n    }\n\n    if (typeof fn === 'function') {\n      this.#events.error = fn\n      this.addEventListener('error', fn)\n    } else {\n      this.#events.error = null\n    }\n  }\n\n  get onclose () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#events.close\n  }\n\n  set onclose (fn) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (this.#events.close) {\n      this.removeEventListener('close', this.#events.close)\n    }\n\n    if (typeof fn === 'function') {\n      this.#events.close = fn\n      this.addEventListener('close', fn)\n    } else {\n      this.#events.close = null\n    }\n  }\n\n  get onmessage () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this.#events.message\n  }\n\n  set onmessage (fn) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (this.#events.message) {\n      this.removeEventListener('message', this.#events.message)\n    }\n\n    if (typeof fn === 'function') {\n      this.#events.message = fn\n      this.addEventListener('message', fn)\n    } else {\n      this.#events.message = null\n    }\n  }\n\n  get binaryType () {\n    webidl.brandCheck(this, WebSocket)\n\n    return this[kBinaryType]\n  }\n\n  set binaryType (type) {\n    webidl.brandCheck(this, WebSocket)\n\n    if (type !== 'blob' && type !== 'arraybuffer') {\n      this[kBinaryType] = 'blob'\n    } else {\n      this[kBinaryType] = type\n    }\n  }\n\n  /**\n   * @see https://websockets.spec.whatwg.org/#feedback-from-the-protocol\n   */\n  #onConnectionEstablished (response) {\n    // processResponse is called when the \"response’s header list has been received and initialized.\"\n    // once this happens, the connection is open\n    this[kResponse] = response\n\n    const parser = new ByteParser(this)\n    parser.on('drain', function onParserDrain () {\n      this.ws[kResponse].socket.resume()\n    })\n\n    response.socket.ws = this\n    this[kByteParser] = parser\n\n    // 1. Change the ready state to OPEN (1).\n    this[kReadyState] = states.OPEN\n\n    // 2. Change the extensions attribute’s value to the extensions in use, if\n    //    it is not the null value.\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-9.1\n    const extensions = response.headersList.get('sec-websocket-extensions')\n\n    if (extensions !== null) {\n      this.#extensions = extensions\n    }\n\n    // 3. Change the protocol attribute’s value to the subprotocol in use, if\n    //    it is not the null value.\n    // https://datatracker.ietf.org/doc/html/rfc6455#section-1.9\n    const protocol = response.headersList.get('sec-websocket-protocol')\n\n    if (protocol !== null) {\n      this.#protocol = protocol\n    }\n\n    // 4. Fire an event named open at the WebSocket object.\n    fireEvent('open', this)\n  }\n}\n\n// https://websockets.spec.whatwg.org/#dom-websocket-connecting\nWebSocket.CONNECTING = WebSocket.prototype.CONNECTING = states.CONNECTING\n// https://websockets.spec.whatwg.org/#dom-websocket-open\nWebSocket.OPEN = WebSocket.prototype.OPEN = states.OPEN\n// https://websockets.spec.whatwg.org/#dom-websocket-closing\nWebSocket.CLOSING = WebSocket.prototype.CLOSING = states.CLOSING\n// https://websockets.spec.whatwg.org/#dom-websocket-closed\nWebSocket.CLOSED = WebSocket.prototype.CLOSED = states.CLOSED\n\nObject.defineProperties(WebSocket.prototype, {\n  CONNECTING: staticPropertyDescriptors,\n  OPEN: staticPropertyDescriptors,\n  CLOSING: staticPropertyDescriptors,\n  CLOSED: staticPropertyDescriptors,\n  url: kEnumerableProperty,\n  readyState: kEnumerableProperty,\n  bufferedAmount: kEnumerableProperty,\n  onopen: kEnumerableProperty,\n  onerror: kEnumerableProperty,\n  onclose: kEnumerableProperty,\n  close: kEnumerableProperty,\n  onmessage: kEnumerableProperty,\n  binaryType: kEnumerableProperty,\n  send: kEnumerableProperty,\n  extensions: kEnumerableProperty,\n  protocol: kEnumerableProperty,\n  [Symbol.toStringTag]: {\n    value: 'WebSocket',\n    writable: false,\n    enumerable: false,\n    configurable: true\n  }\n})\n\nObject.defineProperties(WebSocket, {\n  CONNECTING: staticPropertyDescriptors,\n  OPEN: staticPropertyDescriptors,\n  CLOSING: staticPropertyDescriptors,\n  CLOSED: staticPropertyDescriptors\n})\n\nwebidl.converters['sequence<DOMString>'] = webidl.sequenceConverter(\n  webidl.converters.DOMString\n)\n\nwebidl.converters['DOMString or sequence<DOMString>'] = function (V) {\n  if (webidl.util.Type(V) === 'Object' && Symbol.iterator in V) {\n    return webidl.converters['sequence<DOMString>'](V)\n  }\n\n  return webidl.converters.DOMString(V)\n}\n\n// This implements the propsal made in https://github.com/whatwg/websockets/issues/42\nwebidl.converters.WebSocketInit = webidl.dictionaryConverter([\n  {\n    key: 'protocols',\n    converter: webidl.converters['DOMString or sequence<DOMString>'],\n    get defaultValue () {\n      return []\n    }\n  },\n  {\n    key: 'dispatcher',\n    converter: (V) => V,\n    get defaultValue () {\n      return getGlobalDispatcher()\n    }\n  },\n  {\n    key: 'headers',\n    converter: webidl.nullableConverter(webidl.converters.HeadersInit)\n  }\n])\n\nwebidl.converters['DOMString or sequence<DOMString> or WebSocketInit'] = function (V) {\n  if (webidl.util.Type(V) === 'Object' && !(Symbol.iterator in V)) {\n    return webidl.converters.WebSocketInit(V)\n  }\n\n  return { protocols: webidl.converters['DOMString or sequence<DOMString>'](V) }\n}\n\nwebidl.converters.WebSocketSendData = function (V) {\n  if (webidl.util.Type(V) === 'Object') {\n    if (isBlobLike(V)) {\n      return webidl.converters.Blob(V, { strict: false })\n    }\n\n    if (ArrayBuffer.isView(V) || types.isAnyArrayBuffer(V)) {\n      return webidl.converters.BufferSource(V)\n    }\n  }\n\n  return webidl.converters.USVString(V)\n}\n\nmodule.exports = {\n  WebSocket\n}\n","/*\r\n * xpath.js\r\n *\r\n * An XPath 1.0 library for JavaScript.\r\n *\r\n * Cameron McCormack <cam (at) mcc.id.au>\r\n *\r\n * This work is licensed under the MIT License.\r\n *\r\n * Revision 20: April 26, 2011\r\n *   Fixed a typo resulting in FIRST_ORDERED_NODE_TYPE results being wrong,\r\n *   thanks to <shi_a009 (at) hotmail.com>.\r\n *\r\n * Revision 19: November 29, 2005\r\n *   Nodesets now store their nodes in a height balanced tree, increasing\r\n *   performance for the common case of selecting nodes in document order,\r\n *   thanks to Sébastien Cramatte <contact (at) zeninteractif.com>.\r\n *   AVL tree code adapted from Raimund Neumann <rnova (at) gmx.net>.\r\n *\r\n * Revision 18: October 27, 2005\r\n *   DOM 3 XPath support.  Caveats:\r\n *     - namespace prefixes aren't resolved in XPathEvaluator.createExpression,\r\n *       but in XPathExpression.evaluate.\r\n *     - XPathResult.invalidIteratorState is not implemented.\r\n *\r\n * Revision 17: October 25, 2005\r\n *   Some core XPath function fixes and a patch to avoid crashing certain\r\n *   versions of MSXML in PathExpr.prototype.getOwnerElement, thanks to\r\n *   Sébastien Cramatte <contact (at) zeninteractif.com>.\r\n *\r\n * Revision 16: September 22, 2005\r\n *   Workarounds for some IE 5.5 deficiencies.\r\n *   Fixed problem with prefix node tests on attribute nodes.\r\n *\r\n * Revision 15: May 21, 2005\r\n *   Fixed problem with QName node tests on elements with an xmlns=\"...\".\r\n *\r\n * Revision 14: May 19, 2005\r\n *   Fixed QName node tests on attribute node regression.\r\n *\r\n * Revision 13: May 3, 2005\r\n *   Node tests are case insensitive now if working in an HTML DOM.\r\n *\r\n * Revision 12: April 26, 2005\r\n *   Updated licence.  Slight code changes to enable use of Dean\r\n *   Edwards' script compression, http://dean.edwards.name/packer/ .\r\n *\r\n * Revision 11: April 23, 2005\r\n *   Fixed bug with 'and' and 'or' operators, fix thanks to\r\n *   Sandy McArthur <sandy (at) mcarthur.org>.\r\n *\r\n * Revision 10: April 15, 2005\r\n *   Added support for a virtual root node, supposedly helpful for\r\n *   implementing XForms.  Fixed problem with QName node tests and\r\n *   the parent axis.\r\n *\r\n * Revision 9: March 17, 2005\r\n *   Namespace resolver tweaked so using the document node as the context\r\n *   for namespace lookups is equivalent to using the document element.\r\n *\r\n * Revision 8: February 13, 2005\r\n *   Handle implicit declaration of 'xmlns' namespace prefix.\r\n *   Fixed bug when comparing nodesets.\r\n *   Instance data can now be associated with a FunctionResolver, and\r\n *     workaround for MSXML not supporting 'localName' and 'getElementById',\r\n *     thanks to Grant Gongaware.\r\n *   Fix a few problems when the context node is the root node.\r\n *\r\n * Revision 7: February 11, 2005\r\n *   Default namespace resolver fix from Grant Gongaware\r\n *   <grant (at) gongaware.com>.\r\n *\r\n * Revision 6: February 10, 2005\r\n *   Fixed bug in 'number' function.\r\n *\r\n * Revision 5: February 9, 2005\r\n *   Fixed bug where text nodes not getting converted to string values.\r\n *\r\n * Revision 4: January 21, 2005\r\n *   Bug in 'name' function, fix thanks to Bill Edney.\r\n *   Fixed incorrect processing of namespace nodes.\r\n *   Fixed NamespaceResolver to resolve 'xml' namespace.\r\n *   Implemented union '|' operator.\r\n *\r\n * Revision 3: January 14, 2005\r\n *   Fixed bug with nodeset comparisons, bug lexing < and >.\r\n *\r\n * Revision 2: October 26, 2004\r\n *   QName node test namespace handling fixed.  Few other bug fixes.\r\n *\r\n * Revision 1: August 13, 2004\r\n *   Bug fixes from William J. Edney <bedney (at) technicalpursuit.com>.\r\n *   Added minimal licence.\r\n *\r\n * Initial version: June 14, 2004\r\n */\r\n\r\n// non-node wrapper\r\nvar xpath = (typeof exports === 'undefined') ? {} : exports;\r\n\r\n(function (exports) {\r\n    \"use strict\";\r\n\r\n    // namespace nodes are not part of the DOM spec, so we use a custom nodetype for them.\r\n    // should NOT be used externally\r\n    var NAMESPACE_NODE_NODETYPE = '__namespace';\r\n\r\n    var isNil = function (x) {\r\n        return x === null || x === undefined;\r\n    };\r\n\r\n    var isValidNodeType = function (nodeType) {\r\n        return nodeType === NAMESPACE_NODE_NODETYPE ||\r\n            (Number.isInteger(nodeType)\r\n                && nodeType >= 1\r\n                && nodeType <= 11\r\n            );\r\n    };\r\n\r\n    var isNodeLike = function (value) {\r\n        return value\r\n            && isValidNodeType(value.nodeType)\r\n            && typeof value.nodeName === \"string\";\r\n    };\r\n\r\n    // functional helpers\r\n    function curry(func) {\r\n        var slice = Array.prototype.slice,\r\n            totalargs = func.length,\r\n            partial = function (args, fn) {\r\n                return function () {\r\n                    return fn.apply(this, args.concat(slice.call(arguments)));\r\n                }\r\n            },\r\n            fn = function () {\r\n                var args = slice.call(arguments);\r\n                return (args.length < totalargs) ?\r\n                    partial(args, fn) :\r\n                    func.apply(this, slice.apply(arguments, [0, totalargs]));\r\n            };\r\n        return fn;\r\n    }\r\n\r\n    var forEach = function (f, xs) {\r\n        for (var i = 0; i < xs.length; i += 1) {\r\n            f(xs[i], i, xs);\r\n        }\r\n    };\r\n\r\n    var reduce = function (f, seed, xs) {\r\n        var acc = seed;\r\n\r\n        forEach(function (x, i) { acc = f(acc, x, i); }, xs);\r\n\r\n        return acc;\r\n    };\r\n\r\n    var map = function (f, xs) {\r\n        var mapped = new Array(xs.length);\r\n\r\n        forEach(function (x, i) { mapped[i] = f(x); }, xs);\r\n\r\n        return mapped;\r\n    };\r\n\r\n    var filter = function (f, xs) {\r\n        var filtered = [];\r\n\r\n        forEach(function (x, i) { if (f(x, i)) { filtered.push(x); } }, xs);\r\n\r\n        return filtered;\r\n    };\r\n\r\n    var includes = function (values, value) {\r\n        for (var i = 0; i < values.length; i += 1) {\r\n            if (values[i] === value) {\r\n                return true;\r\n            }\r\n        }\r\n\r\n        return false;\r\n    };\r\n\r\n    function always(value) { return function () { return value; } }\r\n\r\n    function toString(x) { return x.toString(); }\r\n    var join = function (s, xs) { return xs.join(s); };\r\n    var wrap = function (pref, suf, str) { return pref + str + suf; };\r\n\r\n    var prototypeConcat = Array.prototype.concat;\r\n\r\n    var sortNodes = function (nodes, reverse) {\r\n        var ns = new XNodeSet();\r\n\r\n        ns.addArray(nodes);\r\n\r\n        var sorted = ns.toArray();\r\n\r\n        return reverse ? sorted.reverse() : sorted;\r\n    }\r\n\r\n    // .apply() fails above a certain number of arguments - https://github.com/goto100/xpath/pull/98\r\n    var MAX_ARGUMENT_LENGTH = 32767;\r\n\r\n    function flatten(arr) {\r\n        var result = [];\r\n\r\n        for (var start = 0; start < arr.length; start += MAX_ARGUMENT_LENGTH) {\r\n            var chunk = arr.slice(start, start + MAX_ARGUMENT_LENGTH);\r\n\r\n            result = prototypeConcat.apply(result, chunk);\r\n        }\r\n\r\n        return result;\r\n    }\r\n\r\n    function assign(target, varArgs) { // .length of function is 2\r\n        var to = Object(target);\r\n\r\n        for (var index = 1; index < arguments.length; index++) {\r\n            var nextSource = arguments[index];\r\n\r\n            if (nextSource != null) { // Skip over if undefined or null\r\n                for (var nextKey in nextSource) {\r\n                    // Avoid bugs when hasOwnProperty is shadowed\r\n                    if (Object.prototype.hasOwnProperty.call(nextSource, nextKey)) {\r\n                        to[nextKey] = nextSource[nextKey];\r\n                    }\r\n                }\r\n            }\r\n        }\r\n\r\n        return to;\r\n    }\r\n\r\n    var NodeTypes = {\r\n        ELEMENT_NODE: 1,\r\n        ATTRIBUTE_NODE: 2,\r\n        TEXT_NODE: 3,\r\n        CDATA_SECTION_NODE: 4,\r\n        PROCESSING_INSTRUCTION_NODE: 7,\r\n        COMMENT_NODE: 8,\r\n        DOCUMENT_NODE: 9,\r\n        DOCUMENT_TYPE_NODE: 10,\r\n        DOCUMENT_FRAGMENT_NODE: 11,\r\n        NAMESPACE_NODE: NAMESPACE_NODE_NODETYPE,\r\n    };\r\n\r\n    // XPathParser ///////////////////////////////////////////////////////////////\r\n\r\n    XPathParser.prototype = new Object();\r\n    XPathParser.prototype.constructor = XPathParser;\r\n    XPathParser.superclass = Object.prototype;\r\n\r\n    function XPathParser() {\r\n        this.init();\r\n    }\r\n\r\n    XPathParser.prototype.init = function () {\r\n        this.reduceActions = [];\r\n\r\n        this.reduceActions[3] = function (rhs) {\r\n            return new OrOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[5] = function (rhs) {\r\n            return new AndOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[7] = function (rhs) {\r\n            return new EqualsOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[8] = function (rhs) {\r\n            return new NotEqualOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[10] = function (rhs) {\r\n            return new LessThanOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[11] = function (rhs) {\r\n            return new GreaterThanOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[12] = function (rhs) {\r\n            return new LessThanOrEqualOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[13] = function (rhs) {\r\n            return new GreaterThanOrEqualOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[15] = function (rhs) {\r\n            return new PlusOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[16] = function (rhs) {\r\n            return new MinusOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[18] = function (rhs) {\r\n            return new MultiplyOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[19] = function (rhs) {\r\n            return new DivOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[20] = function (rhs) {\r\n            return new ModOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[22] = function (rhs) {\r\n            return new UnaryMinusOperation(rhs[1]);\r\n        };\r\n        this.reduceActions[24] = function (rhs) {\r\n            return new BarOperation(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[25] = function (rhs) {\r\n            return new PathExpr(undefined, undefined, rhs[0]);\r\n        };\r\n        this.reduceActions[27] = function (rhs) {\r\n            rhs[0].locationPath = rhs[2];\r\n            return rhs[0];\r\n        };\r\n        this.reduceActions[28] = function (rhs) {\r\n            rhs[0].locationPath = rhs[2];\r\n            rhs[0].locationPath.steps.unshift(new Step(Step.DESCENDANTORSELF, NodeTest.nodeTest, []));\r\n            return rhs[0];\r\n        };\r\n        this.reduceActions[29] = function (rhs) {\r\n            return new PathExpr(rhs[0], [], undefined);\r\n        };\r\n        this.reduceActions[30] = function (rhs) {\r\n            if (Utilities.instance_of(rhs[0], PathExpr)) {\r\n                if (rhs[0].filterPredicates == undefined) {\r\n                    rhs[0].filterPredicates = [];\r\n                }\r\n                rhs[0].filterPredicates.push(rhs[1]);\r\n                return rhs[0];\r\n            } else {\r\n                return new PathExpr(rhs[0], [rhs[1]], undefined);\r\n            }\r\n        };\r\n        this.reduceActions[32] = function (rhs) {\r\n            return rhs[1];\r\n        };\r\n        this.reduceActions[33] = function (rhs) {\r\n            return new XString(rhs[0]);\r\n        };\r\n        this.reduceActions[34] = function (rhs) {\r\n            return new XNumber(rhs[0]);\r\n        };\r\n        this.reduceActions[36] = function (rhs) {\r\n            return new FunctionCall(rhs[0], []);\r\n        };\r\n        this.reduceActions[37] = function (rhs) {\r\n            return new FunctionCall(rhs[0], rhs[2]);\r\n        };\r\n        this.reduceActions[38] = function (rhs) {\r\n            return [rhs[0]];\r\n        };\r\n        this.reduceActions[39] = function (rhs) {\r\n            rhs[2].unshift(rhs[0]);\r\n            return rhs[2];\r\n        };\r\n        this.reduceActions[43] = function (rhs) {\r\n            return new LocationPath(true, []);\r\n        };\r\n        this.reduceActions[44] = function (rhs) {\r\n            rhs[1].absolute = true;\r\n            return rhs[1];\r\n        };\r\n        this.reduceActions[46] = function (rhs) {\r\n            return new LocationPath(false, [rhs[0]]);\r\n        };\r\n        this.reduceActions[47] = function (rhs) {\r\n            rhs[0].steps.push(rhs[2]);\r\n            return rhs[0];\r\n        };\r\n        this.reduceActions[49] = function (rhs) {\r\n            return new Step(rhs[0], rhs[1], []);\r\n        };\r\n        this.reduceActions[50] = function (rhs) {\r\n            return new Step(Step.CHILD, rhs[0], []);\r\n        };\r\n        this.reduceActions[51] = function (rhs) {\r\n            return new Step(rhs[0], rhs[1], rhs[2]);\r\n        };\r\n        this.reduceActions[52] = function (rhs) {\r\n            return new Step(Step.CHILD, rhs[0], rhs[1]);\r\n        };\r\n        this.reduceActions[54] = function (rhs) {\r\n            return [rhs[0]];\r\n        };\r\n        this.reduceActions[55] = function (rhs) {\r\n            rhs[1].unshift(rhs[0]);\r\n            return rhs[1];\r\n        };\r\n        this.reduceActions[56] = function (rhs) {\r\n            if (rhs[0] == \"ancestor\") {\r\n                return Step.ANCESTOR;\r\n            } else if (rhs[0] == \"ancestor-or-self\") {\r\n                return Step.ANCESTORORSELF;\r\n            } else if (rhs[0] == \"attribute\") {\r\n                return Step.ATTRIBUTE;\r\n            } else if (rhs[0] == \"child\") {\r\n                return Step.CHILD;\r\n            } else if (rhs[0] == \"descendant\") {\r\n                return Step.DESCENDANT;\r\n            } else if (rhs[0] == \"descendant-or-self\") {\r\n                return Step.DESCENDANTORSELF;\r\n            } else if (rhs[0] == \"following\") {\r\n                return Step.FOLLOWING;\r\n            } else if (rhs[0] == \"following-sibling\") {\r\n                return Step.FOLLOWINGSIBLING;\r\n            } else if (rhs[0] == \"namespace\") {\r\n                return Step.NAMESPACE;\r\n            } else if (rhs[0] == \"parent\") {\r\n                return Step.PARENT;\r\n            } else if (rhs[0] == \"preceding\") {\r\n                return Step.PRECEDING;\r\n            } else if (rhs[0] == \"preceding-sibling\") {\r\n                return Step.PRECEDINGSIBLING;\r\n            } else if (rhs[0] == \"self\") {\r\n                return Step.SELF;\r\n            }\r\n            return -1;\r\n        };\r\n        this.reduceActions[57] = function (rhs) {\r\n            return Step.ATTRIBUTE;\r\n        };\r\n        this.reduceActions[59] = function (rhs) {\r\n            if (rhs[0] == \"comment\") {\r\n                return NodeTest.commentTest;\r\n            } else if (rhs[0] == \"text\") {\r\n                return NodeTest.textTest;\r\n            } else if (rhs[0] == \"processing-instruction\") {\r\n                return NodeTest.anyPiTest;\r\n            } else if (rhs[0] == \"node\") {\r\n                return NodeTest.nodeTest;\r\n            }\r\n            return new NodeTest(-1, undefined);\r\n        };\r\n        this.reduceActions[60] = function (rhs) {\r\n            return new NodeTest.PITest(rhs[2]);\r\n        };\r\n        this.reduceActions[61] = function (rhs) {\r\n            return rhs[1];\r\n        };\r\n        this.reduceActions[63] = function (rhs) {\r\n            rhs[1].absolute = true;\r\n            rhs[1].steps.unshift(new Step(Step.DESCENDANTORSELF, NodeTest.nodeTest, []));\r\n            return rhs[1];\r\n        };\r\n        this.reduceActions[64] = function (rhs) {\r\n            rhs[0].steps.push(new Step(Step.DESCENDANTORSELF, NodeTest.nodeTest, []));\r\n            rhs[0].steps.push(rhs[2]);\r\n            return rhs[0];\r\n        };\r\n        this.reduceActions[65] = function (rhs) {\r\n            return new Step(Step.SELF, NodeTest.nodeTest, []);\r\n        };\r\n        this.reduceActions[66] = function (rhs) {\r\n            return new Step(Step.PARENT, NodeTest.nodeTest, []);\r\n        };\r\n        this.reduceActions[67] = function (rhs) {\r\n            return new VariableReference(rhs[1]);\r\n        };\r\n        this.reduceActions[68] = function (rhs) {\r\n            return NodeTest.nameTestAny;\r\n        };\r\n        this.reduceActions[69] = function (rhs) {\r\n            return new NodeTest.NameTestPrefixAny(rhs[0].split(':')[0]);\r\n        };\r\n        this.reduceActions[70] = function (rhs) {\r\n            return new NodeTest.NameTestQName(rhs[0]);\r\n        };\r\n    };\r\n\r\n    XPathParser.actionTable = [\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \"                 s                  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"                rrrrr               \",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \"rs  rrrrrrrr s  sssssrrrrrr  rrs rs \",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \"                            s       \",\r\n        \"                            s       \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"  s                                 \",\r\n        \"                            s       \",\r\n        \" s           s  sssss          s  s \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"a                                   \",\r\n        \"r       s                    rr  r  \",\r\n        \"r      sr                    rr  r  \",\r\n        \"r   s  rr            s       rr  r  \",\r\n        \"r   rssrr            rss     rr  r  \",\r\n        \"r   rrrrr            rrrss   rr  r  \",\r\n        \"r   rrrrrsss         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrrs  rr  r  \",\r\n        \"r   rrrrrrrr         rrrrrr  rr  r  \",\r\n        \"r   rrrrrrrr         rrrrrr  rr  r  \",\r\n        \"r  srrrrrrrr         rrrrrrs rr sr  \",\r\n        \"r  srrrrrrrr         rrrrrrs rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r   rrrrrrrr         rrrrrr  rr  r  \",\r\n        \"r   rrrrrrrr         rrrrrr  rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"                sssss               \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr sr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"                             s      \",\r\n        \"r  srrrrrrrr         rrrrrrs rr  r  \",\r\n        \"r   rrrrrrrr         rrrrr   rr  r  \",\r\n        \"              s                     \",\r\n        \"                             s      \",\r\n        \"                rrrrr               \",\r\n        \" s s        sssssssss    s sss s  ss\",\r\n        \"r  srrrrrrrr         rrrrrrs rr  r  \",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s s        sssssssss      ss  s  ss\",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \" s           s  sssss          s  s \",\r\n        \" s           s  sssss          s  s \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \" s           s  sssss          s  s \",\r\n        \" s           s  sssss          s  s \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr sr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr sr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"                             s      \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"                             rr     \",\r\n        \"                             s      \",\r\n        \"                             rs     \",\r\n        \"r      sr                    rr  r  \",\r\n        \"r   s  rr            s       rr  r  \",\r\n        \"r   rssrr            rss     rr  r  \",\r\n        \"r   rssrr            rss     rr  r  \",\r\n        \"r   rrrrr            rrrss   rr  r  \",\r\n        \"r   rrrrr            rrrss   rr  r  \",\r\n        \"r   rrrrr            rrrss   rr  r  \",\r\n        \"r   rrrrr            rrrss   rr  r  \",\r\n        \"r   rrrrrsss         rrrrr   rr  r  \",\r\n        \"r   rrrrrsss         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrr   rr  r  \",\r\n        \"r   rrrrrrrr         rrrrrr  rr  r  \",\r\n        \"                                 r  \",\r\n        \"                                 s  \",\r\n        \"r  srrrrrrrr         rrrrrrs rr  r  \",\r\n        \"r  srrrrrrrr         rrrrrrs rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr  r  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \" s s        sssssssss    s ss  s  ss\",\r\n        \"r  rrrrrrrrr         rrrrrrr rr rr  \",\r\n        \"                             r      \"\r\n    ];\r\n\r\n    XPathParser.actionTableNumber = [\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \"                 J                  \",\r\n        \"a  aaaaaaaaa         aaaaaaa aa  a  \",\r\n        \"                YYYYY               \",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \"K1  KKKKKKKK .  +*)('KKKKKK  KK# K\\\" \",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \"                            N       \",\r\n        \"                            O       \",\r\n        \"e  eeeeeeeee         eeeeeee ee ee  \",\r\n        \"f  fffffffff         fffffff ff ff  \",\r\n        \"d  ddddddddd         ddddddd dd dd  \",\r\n        \"B  BBBBBBBBB         BBBBBBB BB BB  \",\r\n        \"A  AAAAAAAAA         AAAAAAA AA AA  \",\r\n        \"  P                                 \",\r\n        \"                            Q       \",\r\n        \" 1           .  +*)('          #  \\\" \",\r\n        \"b  bbbbbbbbb         bbbbbbb bb  b  \",\r\n        \"                                    \",\r\n        \"!       S                    !!  !  \",\r\n        \"\\\"      T\\\"                    \\\"\\\"  \\\"  \",\r\n        \"$   V  $$            U       $$  $  \",\r\n        \"&   &ZY&&            &XW     &&  &  \",\r\n        \")   )))))            )))\\\\[   ))  )  \",\r\n        \".   ....._^]         .....   ..  .  \",\r\n        \"1   11111111         11111   11  1  \",\r\n        \"5   55555555         55555`  55  5  \",\r\n        \"7   77777777         777777  77  7  \",\r\n        \"9   99999999         999999  99  9  \",\r\n        \":  c::::::::         ::::::b :: a:  \",\r\n        \"I  fIIIIIIII         IIIIIIe II  I  \",\r\n        \"=  =========         ======= == ==  \",\r\n        \"?  ?????????         ??????? ?? ??  \",\r\n        \"C  CCCCCCCCC         CCCCCCC CC CC  \",\r\n        \"J   JJJJJJJJ         JJJJJJ  JJ  J  \",\r\n        \"M   MMMMMMMM         MMMMMM  MM  M  \",\r\n        \"N  NNNNNNNNN         NNNNNNN NN  N  \",\r\n        \"P  PPPPPPPPP         PPPPPPP PP  P  \",\r\n        \"                +*)('               \",\r\n        \"R  RRRRRRRRR         RRRRRRR RR aR  \",\r\n        \"U  UUUUUUUUU         UUUUUUU UU  U  \",\r\n        \"Z  ZZZZZZZZZ         ZZZZZZZ ZZ ZZ  \",\r\n        \"c  ccccccccc         ccccccc cc cc  \",\r\n        \"                             j      \",\r\n        \"L  fLLLLLLLL         LLLLLLe LL  L  \",\r\n        \"6   66666666         66666   66  6  \",\r\n        \"              k                     \",\r\n        \"                             l      \",\r\n        \"                XXXXX               \",\r\n        \" 1 0        /.-,+*)('    & %$m #  \\\"!\",\r\n        \"_  f________         ______e __  _  \",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('      %$  #  \\\"!\",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \" 1           .  +*)('          #  \\\" \",\r\n        \" 1           .  +*)('          #  \\\" \",\r\n        \">  >>>>>>>>>         >>>>>>> >> >>  \",\r\n        \" 1           .  +*)('          #  \\\" \",\r\n        \" 1           .  +*)('          #  \\\" \",\r\n        \"Q  QQQQQQQQQ         QQQQQQQ QQ aQ  \",\r\n        \"V  VVVVVVVVV         VVVVVVV VV aV  \",\r\n        \"T  TTTTTTTTT         TTTTTTT TT  T  \",\r\n        \"@  @@@@@@@@@         @@@@@@@ @@ @@  \",\r\n        \"                             \\x87      \",\r\n        \"[  [[[[[[[[[         [[[[[[[ [[ [[  \",\r\n        \"D  DDDDDDDDD         DDDDDDD DD DD  \",\r\n        \"                             HH     \",\r\n        \"                             \\x88      \",\r\n        \"                             F\\x89     \",\r\n        \"#      T#                    ##  #  \",\r\n        \"%   V  %%            U       %%  %  \",\r\n        \"'   'ZY''            'XW     ''  '  \",\r\n        \"(   (ZY((            (XW     ((  (  \",\r\n        \"+   +++++            +++\\\\[   ++  +  \",\r\n        \"*   *****            ***\\\\[   **  *  \",\r\n        \"-   -----            ---\\\\[   --  -  \",\r\n        \",   ,,,,,            ,,,\\\\[   ,,  ,  \",\r\n        \"0   00000_^]         00000   00  0  \",\r\n        \"/   /////_^]         /////   //  /  \",\r\n        \"2   22222222         22222   22  2  \",\r\n        \"3   33333333         33333   33  3  \",\r\n        \"4   44444444         44444   44  4  \",\r\n        \"8   88888888         888888  88  8  \",\r\n        \"                                 ^  \",\r\n        \"                                 \\x8a  \",\r\n        \";  f;;;;;;;;         ;;;;;;e ;;  ;  \",\r\n        \"<  f<<<<<<<<         <<<<<<e <<  <  \",\r\n        \"O  OOOOOOOOO         OOOOOOO OO  O  \",\r\n        \"`  `````````         ``````` ``  `  \",\r\n        \"S  SSSSSSSSS         SSSSSSS SS  S  \",\r\n        \"W  WWWWWWWWW         WWWWWWW WW  W  \",\r\n        \"\\\\  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\         \\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\ \\\\\\\\  \",\r\n        \"E  EEEEEEEEE         EEEEEEE EE EE  \",\r\n        \" 1 0        /.-,+*)('    & %$  #  \\\"!\",\r\n        \"]  ]]]]]]]]]         ]]]]]]] ]] ]]  \",\r\n        \"                             G      \"\r\n    ];\r\n\r\n    XPathParser.gotoTable = [\r\n        \"3456789:;<=>?@ AB  CDEFGH IJ \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"L456789:;<=>?@ AB  CDEFGH IJ \",\r\n        \"            M        EFGH IJ \",\r\n        \"       N;<=>?@ AB  CDEFGH IJ \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"            S        EFGH IJ \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"              e              \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                        h  J \",\r\n        \"              i          j   \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"o456789:;<=>?@ ABpqCDEFGH IJ \",\r\n        \"                             \",\r\n        \"  r6789:;<=>?@ AB  CDEFGH IJ \",\r\n        \"   s789:;<=>?@ AB  CDEFGH IJ \",\r\n        \"    t89:;<=>?@ AB  CDEFGH IJ \",\r\n        \"    u89:;<=>?@ AB  CDEFGH IJ \",\r\n        \"     v9:;<=>?@ AB  CDEFGH IJ \",\r\n        \"     w9:;<=>?@ AB  CDEFGH IJ \",\r\n        \"     x9:;<=>?@ AB  CDEFGH IJ \",\r\n        \"     y9:;<=>?@ AB  CDEFGH IJ \",\r\n        \"      z:;<=>?@ AB  CDEFGH IJ \",\r\n        \"      {:;<=>?@ AB  CDEFGH IJ \",\r\n        \"       |;<=>?@ AB  CDEFGH IJ \",\r\n        \"       };<=>?@ AB  CDEFGH IJ \",\r\n        \"       ~;<=>?@ AB  CDEFGH IJ \",\r\n        \"         \\x7f=>?@ AB  CDEFGH IJ \",\r\n        \"\\x80456789:;<=>?@ AB  CDEFGH IJ\\x81\",\r\n        \"            \\x82        EFGH IJ \",\r\n        \"            \\x83        EFGH IJ \",\r\n        \"                             \",\r\n        \"                     \\x84 GH IJ \",\r\n        \"                     \\x85 GH IJ \",\r\n        \"              i          \\x86   \",\r\n        \"              i          \\x87   \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"                             \",\r\n        \"o456789:;<=>?@ AB\\x8cqCDEFGH IJ \",\r\n        \"                             \",\r\n        \"                             \"\r\n    ];\r\n\r\n    XPathParser.productions = [\r\n        [1, 1, 2],\r\n        [2, 1, 3],\r\n        [3, 1, 4],\r\n        [3, 3, 3, -9, 4],\r\n        [4, 1, 5],\r\n        [4, 3, 4, -8, 5],\r\n        [5, 1, 6],\r\n        [5, 3, 5, -22, 6],\r\n        [5, 3, 5, -5, 6],\r\n        [6, 1, 7],\r\n        [6, 3, 6, -23, 7],\r\n        [6, 3, 6, -24, 7],\r\n        [6, 3, 6, -6, 7],\r\n        [6, 3, 6, -7, 7],\r\n        [7, 1, 8],\r\n        [7, 3, 7, -25, 8],\r\n        [7, 3, 7, -26, 8],\r\n        [8, 1, 9],\r\n        [8, 3, 8, -12, 9],\r\n        [8, 3, 8, -11, 9],\r\n        [8, 3, 8, -10, 9],\r\n        [9, 1, 10],\r\n        [9, 2, -26, 9],\r\n        [10, 1, 11],\r\n        [10, 3, 10, -27, 11],\r\n        [11, 1, 12],\r\n        [11, 1, 13],\r\n        [11, 3, 13, -28, 14],\r\n        [11, 3, 13, -4, 14],\r\n        [13, 1, 15],\r\n        [13, 2, 13, 16],\r\n        [15, 1, 17],\r\n        [15, 3, -29, 2, -30],\r\n        [15, 1, -15],\r\n        [15, 1, -16],\r\n        [15, 1, 18],\r\n        [18, 3, -13, -29, -30],\r\n        [18, 4, -13, -29, 19, -30],\r\n        [19, 1, 20],\r\n        [19, 3, 20, -31, 19],\r\n        [20, 1, 2],\r\n        [12, 1, 14],\r\n        [12, 1, 21],\r\n        [21, 1, -28],\r\n        [21, 2, -28, 14],\r\n        [21, 1, 22],\r\n        [14, 1, 23],\r\n        [14, 3, 14, -28, 23],\r\n        [14, 1, 24],\r\n        [23, 2, 25, 26],\r\n        [23, 1, 26],\r\n        [23, 3, 25, 26, 27],\r\n        [23, 2, 26, 27],\r\n        [23, 1, 28],\r\n        [27, 1, 16],\r\n        [27, 2, 16, 27],\r\n        [25, 2, -14, -3],\r\n        [25, 1, -32],\r\n        [26, 1, 29],\r\n        [26, 3, -20, -29, -30],\r\n        [26, 4, -21, -29, -15, -30],\r\n        [16, 3, -33, 30, -34],\r\n        [30, 1, 2],\r\n        [22, 2, -4, 14],\r\n        [24, 3, 14, -4, 23],\r\n        [28, 1, -35],\r\n        [28, 1, -2],\r\n        [17, 2, -36, -18],\r\n        [29, 1, -17],\r\n        [29, 1, -19],\r\n        [29, 1, -18]\r\n    ];\r\n\r\n    XPathParser.DOUBLEDOT = 2;\r\n    XPathParser.DOUBLECOLON = 3;\r\n    XPathParser.DOUBLESLASH = 4;\r\n    XPathParser.NOTEQUAL = 5;\r\n    XPathParser.LESSTHANOREQUAL = 6;\r\n    XPathParser.GREATERTHANOREQUAL = 7;\r\n    XPathParser.AND = 8;\r\n    XPathParser.OR = 9;\r\n    XPathParser.MOD = 10;\r\n    XPathParser.DIV = 11;\r\n    XPathParser.MULTIPLYOPERATOR = 12;\r\n    XPathParser.FUNCTIONNAME = 13;\r\n    XPathParser.AXISNAME = 14;\r\n    XPathParser.LITERAL = 15;\r\n    XPathParser.NUMBER = 16;\r\n    XPathParser.ASTERISKNAMETEST = 17;\r\n    XPathParser.QNAME = 18;\r\n    XPathParser.NCNAMECOLONASTERISK = 19;\r\n    XPathParser.NODETYPE = 20;\r\n    XPathParser.PROCESSINGINSTRUCTIONWITHLITERAL = 21;\r\n    XPathParser.EQUALS = 22;\r\n    XPathParser.LESSTHAN = 23;\r\n    XPathParser.GREATERTHAN = 24;\r\n    XPathParser.PLUS = 25;\r\n    XPathParser.MINUS = 26;\r\n    XPathParser.BAR = 27;\r\n    XPathParser.SLASH = 28;\r\n    XPathParser.LEFTPARENTHESIS = 29;\r\n    XPathParser.RIGHTPARENTHESIS = 30;\r\n    XPathParser.COMMA = 31;\r\n    XPathParser.AT = 32;\r\n    XPathParser.LEFTBRACKET = 33;\r\n    XPathParser.RIGHTBRACKET = 34;\r\n    XPathParser.DOT = 35;\r\n    XPathParser.DOLLAR = 36;\r\n\r\n    XPathParser.prototype.tokenize = function (s1) {\r\n        var types = [];\r\n        var values = [];\r\n        var s = s1 + '\\0';\r\n\r\n        var pos = 0;\r\n        var c = s.charAt(pos++);\r\n        while (1) {\r\n            while (c == ' ' || c == '\\t' || c == '\\r' || c == '\\n') {\r\n                c = s.charAt(pos++);\r\n            }\r\n            if (c == '\\0' || pos >= s.length) {\r\n                break;\r\n            }\r\n\r\n            if (c == '(') {\r\n                types.push(XPathParser.LEFTPARENTHESIS);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == ')') {\r\n                types.push(XPathParser.RIGHTPARENTHESIS);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '[') {\r\n                types.push(XPathParser.LEFTBRACKET);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == ']') {\r\n                types.push(XPathParser.RIGHTBRACKET);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '@') {\r\n                types.push(XPathParser.AT);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == ',') {\r\n                types.push(XPathParser.COMMA);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '|') {\r\n                types.push(XPathParser.BAR);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '+') {\r\n                types.push(XPathParser.PLUS);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '-') {\r\n                types.push(XPathParser.MINUS);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '=') {\r\n                types.push(XPathParser.EQUALS);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n            if (c == '$') {\r\n                types.push(XPathParser.DOLLAR);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n\r\n            if (c == '.') {\r\n                c = s.charAt(pos++);\r\n                if (c == '.') {\r\n                    types.push(XPathParser.DOUBLEDOT);\r\n                    values.push(\"..\");\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n                if (c >= '0' && c <= '9') {\r\n                    var number = \".\" + c;\r\n                    c = s.charAt(pos++);\r\n                    while (c >= '0' && c <= '9') {\r\n                        number += c;\r\n                        c = s.charAt(pos++);\r\n                    }\r\n                    types.push(XPathParser.NUMBER);\r\n                    values.push(number);\r\n                    continue;\r\n                }\r\n                types.push(XPathParser.DOT);\r\n                values.push('.');\r\n                continue;\r\n            }\r\n\r\n            if (c == '\\'' || c == '\"') {\r\n                var delimiter = c;\r\n                var literal = \"\";\r\n                while (pos < s.length && (c = s.charAt(pos)) !== delimiter) {\r\n                    literal += c;\r\n                    pos += 1;\r\n                }\r\n                if (c !== delimiter) {\r\n                    throw XPathException.fromMessage(\"Unterminated string literal: \" + delimiter + literal);\r\n                }\r\n                pos += 1;\r\n                types.push(XPathParser.LITERAL);\r\n                values.push(literal);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n\r\n            if (c >= '0' && c <= '9') {\r\n                var number = c;\r\n                c = s.charAt(pos++);\r\n                while (c >= '0' && c <= '9') {\r\n                    number += c;\r\n                    c = s.charAt(pos++);\r\n                }\r\n                if (c == '.') {\r\n                    if (s.charAt(pos) >= '0' && s.charAt(pos) <= '9') {\r\n                        number += c;\r\n                        number += s.charAt(pos++);\r\n                        c = s.charAt(pos++);\r\n                        while (c >= '0' && c <= '9') {\r\n                            number += c;\r\n                            c = s.charAt(pos++);\r\n                        }\r\n                    }\r\n                }\r\n                types.push(XPathParser.NUMBER);\r\n                values.push(number);\r\n                continue;\r\n            }\r\n\r\n            if (c == '*') {\r\n                if (types.length > 0) {\r\n                    var last = types[types.length - 1];\r\n                    if (last != XPathParser.AT\r\n                        && last != XPathParser.DOUBLECOLON\r\n                        && last != XPathParser.LEFTPARENTHESIS\r\n                        && last != XPathParser.LEFTBRACKET\r\n                        && last != XPathParser.AND\r\n                        && last != XPathParser.OR\r\n                        && last != XPathParser.MOD\r\n                        && last != XPathParser.DIV\r\n                        && last != XPathParser.MULTIPLYOPERATOR\r\n                        && last != XPathParser.SLASH\r\n                        && last != XPathParser.DOUBLESLASH\r\n                        && last != XPathParser.BAR\r\n                        && last != XPathParser.PLUS\r\n                        && last != XPathParser.MINUS\r\n                        && last != XPathParser.EQUALS\r\n                        && last != XPathParser.NOTEQUAL\r\n                        && last != XPathParser.LESSTHAN\r\n                        && last != XPathParser.LESSTHANOREQUAL\r\n                        && last != XPathParser.GREATERTHAN\r\n                        && last != XPathParser.GREATERTHANOREQUAL) {\r\n                        types.push(XPathParser.MULTIPLYOPERATOR);\r\n                        values.push(c);\r\n                        c = s.charAt(pos++);\r\n                        continue;\r\n                    }\r\n                }\r\n                types.push(XPathParser.ASTERISKNAMETEST);\r\n                values.push(c);\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n\r\n            if (c == ':') {\r\n                if (s.charAt(pos) == ':') {\r\n                    types.push(XPathParser.DOUBLECOLON);\r\n                    values.push(\"::\");\r\n                    pos++;\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n            }\r\n\r\n            if (c == '/') {\r\n                c = s.charAt(pos++);\r\n                if (c == '/') {\r\n                    types.push(XPathParser.DOUBLESLASH);\r\n                    values.push(\"//\");\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n                types.push(XPathParser.SLASH);\r\n                values.push('/');\r\n                continue;\r\n            }\r\n\r\n            if (c == '!') {\r\n                if (s.charAt(pos) == '=') {\r\n                    types.push(XPathParser.NOTEQUAL);\r\n                    values.push(\"!=\");\r\n                    pos++;\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n            }\r\n\r\n            if (c == '<') {\r\n                if (s.charAt(pos) == '=') {\r\n                    types.push(XPathParser.LESSTHANOREQUAL);\r\n                    values.push(\"<=\");\r\n                    pos++;\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n                types.push(XPathParser.LESSTHAN);\r\n                values.push('<');\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n\r\n            if (c == '>') {\r\n                if (s.charAt(pos) == '=') {\r\n                    types.push(XPathParser.GREATERTHANOREQUAL);\r\n                    values.push(\">=\");\r\n                    pos++;\r\n                    c = s.charAt(pos++);\r\n                    continue;\r\n                }\r\n                types.push(XPathParser.GREATERTHAN);\r\n                values.push('>');\r\n                c = s.charAt(pos++);\r\n                continue;\r\n            }\r\n\r\n            if (c == '_' || Utilities.isLetter(c.charCodeAt(0))) {\r\n                var name = c;\r\n                c = s.charAt(pos++);\r\n                while (Utilities.isNCNameChar(c.charCodeAt(0))) {\r\n                    name += c;\r\n                    c = s.charAt(pos++);\r\n                }\r\n                if (types.length > 0) {\r\n                    var last = types[types.length - 1];\r\n                    if (last != XPathParser.AT\r\n                        && last != XPathParser.DOUBLECOLON\r\n                        && last != XPathParser.LEFTPARENTHESIS\r\n                        && last != XPathParser.LEFTBRACKET\r\n                        && last != XPathParser.AND\r\n                        && last != XPathParser.OR\r\n                        && last != XPathParser.MOD\r\n                        && last != XPathParser.DIV\r\n                        && last != XPathParser.MULTIPLYOPERATOR\r\n                        && last != XPathParser.SLASH\r\n                        && last != XPathParser.DOUBLESLASH\r\n                        && last != XPathParser.BAR\r\n                        && last != XPathParser.PLUS\r\n                        && last != XPathParser.MINUS\r\n                        && last != XPathParser.EQUALS\r\n                        && last != XPathParser.NOTEQUAL\r\n                        && last != XPathParser.LESSTHAN\r\n                        && last != XPathParser.LESSTHANOREQUAL\r\n                        && last != XPathParser.GREATERTHAN\r\n                        && last != XPathParser.GREATERTHANOREQUAL) {\r\n                        if (name == \"and\") {\r\n                            types.push(XPathParser.AND);\r\n                            values.push(name);\r\n                            continue;\r\n                        }\r\n                        if (name == \"or\") {\r\n                            types.push(XPathParser.OR);\r\n                            values.push(name);\r\n                            continue;\r\n                        }\r\n                        if (name == \"mod\") {\r\n                            types.push(XPathParser.MOD);\r\n                            values.push(name);\r\n                            continue;\r\n                        }\r\n                        if (name == \"div\") {\r\n                            types.push(XPathParser.DIV);\r\n                            values.push(name);\r\n                            continue;\r\n                        }\r\n                    }\r\n                }\r\n                if (c == ':') {\r\n                    if (s.charAt(pos) == '*') {\r\n                        types.push(XPathParser.NCNAMECOLONASTERISK);\r\n                        values.push(name + \":*\");\r\n                        pos++;\r\n                        c = s.charAt(pos++);\r\n                        continue;\r\n                    }\r\n                    if (s.charAt(pos) == '_' || Utilities.isLetter(s.charCodeAt(pos))) {\r\n                        name += ':';\r\n                        c = s.charAt(pos++);\r\n                        while (Utilities.isNCNameChar(c.charCodeAt(0))) {\r\n                            name += c;\r\n                            c = s.charAt(pos++);\r\n                        }\r\n                        if (c == '(') {\r\n                            types.push(XPathParser.FUNCTIONNAME);\r\n                            values.push(name);\r\n                            continue;\r\n                        }\r\n                        types.push(XPathParser.QNAME);\r\n                        values.push(name);\r\n                        continue;\r\n                    }\r\n                    if (s.charAt(pos) == ':') {\r\n                        types.push(XPathParser.AXISNAME);\r\n                        values.push(name);\r\n                        continue;\r\n                    }\r\n                }\r\n                if (c == '(') {\r\n                    if (name == \"comment\" || name == \"text\" || name == \"node\") {\r\n                        types.push(XPathParser.NODETYPE);\r\n                        values.push(name);\r\n                        continue;\r\n                    }\r\n                    if (name == \"processing-instruction\") {\r\n                        if (s.charAt(pos) == ')') {\r\n                            types.push(XPathParser.NODETYPE);\r\n                        } else {\r\n                            types.push(XPathParser.PROCESSINGINSTRUCTIONWITHLITERAL);\r\n                        }\r\n                        values.push(name);\r\n                        continue;\r\n                    }\r\n                    types.push(XPathParser.FUNCTIONNAME);\r\n                    values.push(name);\r\n                    continue;\r\n                }\r\n                types.push(XPathParser.QNAME);\r\n                values.push(name);\r\n                continue;\r\n            }\r\n\r\n            throw new Error(\"Unexpected character \" + c);\r\n        }\r\n        types.push(1);\r\n        values.push(\"[EOF]\");\r\n        return [types, values];\r\n    };\r\n\r\n    XPathParser.SHIFT = 's';\r\n    XPathParser.REDUCE = 'r';\r\n    XPathParser.ACCEPT = 'a';\r\n\r\n    XPathParser.prototype.parse = function (s) {\r\n        if (!s) {\r\n            throw new Error('XPath expression unspecified.');\r\n        }\r\n        if (typeof s !== 'string'){\r\n            throw new Error('XPath expression must be a string.');\r\n        }\r\n\r\n        var types;\r\n        var values;\r\n        var res = this.tokenize(s);\r\n        if (res == undefined) {\r\n            return undefined;\r\n        }\r\n        types = res[0];\r\n        values = res[1];\r\n        var tokenPos = 0;\r\n        var state = [];\r\n        var tokenType = [];\r\n        var tokenValue = [];\r\n        var s;\r\n        var a;\r\n        var t;\r\n\r\n        state.push(0);\r\n        tokenType.push(1);\r\n        tokenValue.push(\"_S\");\r\n\r\n        a = types[tokenPos];\r\n        t = values[tokenPos++];\r\n        while (1) {\r\n            s = state[state.length - 1];\r\n            switch (XPathParser.actionTable[s].charAt(a - 1)) {\r\n                case XPathParser.SHIFT:\r\n                    tokenType.push(-a);\r\n                    tokenValue.push(t);\r\n                    state.push(XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32);\r\n                    a = types[tokenPos];\r\n                    t = values[tokenPos++];\r\n                    break;\r\n                case XPathParser.REDUCE:\r\n                    var num = XPathParser.productions[XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32][1];\r\n                    var rhs = [];\r\n                    for (var i = 0; i < num; i++) {\r\n                        tokenType.pop();\r\n                        rhs.unshift(tokenValue.pop());\r\n                        state.pop();\r\n                    }\r\n                    var s_ = state[state.length - 1];\r\n                    tokenType.push(XPathParser.productions[XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32][0]);\r\n                    if (this.reduceActions[XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32] == undefined) {\r\n                        tokenValue.push(rhs[0]);\r\n                    } else {\r\n                        tokenValue.push(this.reduceActions[XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32](rhs));\r\n                    }\r\n                    state.push(XPathParser.gotoTable[s_].charCodeAt(XPathParser.productions[XPathParser.actionTableNumber[s].charCodeAt(a - 1) - 32][0] - 2) - 33);\r\n                    break;\r\n                case XPathParser.ACCEPT:\r\n                    return new XPath(tokenValue.pop());\r\n                default:\r\n                    throw new Error(\"XPath parse error\");\r\n            }\r\n        }\r\n    };\r\n\r\n    // XPath /////////////////////////////////////////////////////////////////////\r\n\r\n    XPath.prototype = new Object();\r\n    XPath.prototype.constructor = XPath;\r\n    XPath.superclass = Object.prototype;\r\n\r\n    function XPath(e) {\r\n        this.expression = e;\r\n    }\r\n\r\n    XPath.prototype.toString = function () {\r\n        return this.expression.toString();\r\n    };\r\n\r\n    function setIfUnset(obj, prop, value) {\r\n        if (!(prop in obj)) {\r\n            obj[prop] = value;\r\n        }\r\n    }\r\n\r\n    XPath.prototype.evaluate = function (c) {\r\n        var node = c.expressionContextNode;\r\n\r\n        if (!(isNil(node) || isNodeLike(node))) {\r\n            throw new Error(\"Context node does not appear to be a valid DOM node.\");\r\n        }\r\n\r\n        c.contextNode = c.expressionContextNode;\r\n        c.contextSize = 1;\r\n        c.contextPosition = 1;\r\n\r\n        // [2017-11-25] Removed usage of .implementation.hasFeature() since it does\r\n        //              not reliably detect HTML DOMs (always returns false in xmldom and true in browsers)\r\n        if (c.isHtml) {\r\n            setIfUnset(c, 'caseInsensitive', true);\r\n            setIfUnset(c, 'allowAnyNamespaceForNoPrefix', true);\r\n        }\r\n\r\n        setIfUnset(c, 'caseInsensitive', false);\r\n\r\n        return this.expression.evaluate(c);\r\n    };\r\n\r\n    XPath.XML_NAMESPACE_URI = \"http://www.w3.org/XML/1998/namespace\";\r\n    XPath.XMLNS_NAMESPACE_URI = \"http://www.w3.org/2000/xmlns/\";\r\n\r\n    // Expression ////////////////////////////////////////////////////////////////\r\n\r\n    Expression.prototype = new Object();\r\n    Expression.prototype.constructor = Expression;\r\n    Expression.superclass = Object.prototype;\r\n\r\n    function Expression() {\r\n    }\r\n\r\n    Expression.prototype.init = function () {\r\n    };\r\n\r\n    Expression.prototype.toString = function () {\r\n        return \"<Expression>\";\r\n    };\r\n\r\n    Expression.prototype.evaluate = function (c) {\r\n        throw new Error(\"Could not evaluate expression.\");\r\n    };\r\n\r\n    // UnaryOperation ////////////////////////////////////////////////////////////\r\n\r\n    UnaryOperation.prototype = new Expression();\r\n    UnaryOperation.prototype.constructor = UnaryOperation;\r\n    UnaryOperation.superclass = Expression.prototype;\r\n\r\n    function UnaryOperation(rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(rhs);\r\n        }\r\n    }\r\n\r\n    UnaryOperation.prototype.init = function (rhs) {\r\n        this.rhs = rhs;\r\n    };\r\n\r\n    // UnaryMinusOperation ///////////////////////////////////////////////////////\r\n\r\n    UnaryMinusOperation.prototype = new UnaryOperation();\r\n    UnaryMinusOperation.prototype.constructor = UnaryMinusOperation;\r\n    UnaryMinusOperation.superclass = UnaryOperation.prototype;\r\n\r\n    function UnaryMinusOperation(rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(rhs);\r\n        }\r\n    }\r\n\r\n    UnaryMinusOperation.prototype.init = function (rhs) {\r\n        UnaryMinusOperation.superclass.init.call(this, rhs);\r\n    };\r\n\r\n    UnaryMinusOperation.prototype.evaluate = function (c) {\r\n        return this.rhs.evaluate(c).number().negate();\r\n    };\r\n\r\n    UnaryMinusOperation.prototype.toString = function () {\r\n        return \"-\" + this.rhs.toString();\r\n    };\r\n\r\n    // BinaryOperation ///////////////////////////////////////////////////////////\r\n\r\n    BinaryOperation.prototype = new Expression();\r\n    BinaryOperation.prototype.constructor = BinaryOperation;\r\n    BinaryOperation.superclass = Expression.prototype;\r\n\r\n    function BinaryOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    BinaryOperation.prototype.init = function (lhs, rhs) {\r\n        this.lhs = lhs;\r\n        this.rhs = rhs;\r\n    };\r\n\r\n    // OrOperation ///////////////////////////////////////////////////////////////\r\n\r\n    OrOperation.prototype = new BinaryOperation();\r\n    OrOperation.prototype.constructor = OrOperation;\r\n    OrOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function OrOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    OrOperation.prototype.init = function (lhs, rhs) {\r\n        OrOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    OrOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" or \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    OrOperation.prototype.evaluate = function (c) {\r\n        var b = this.lhs.evaluate(c).bool();\r\n        if (b.booleanValue()) {\r\n            return b;\r\n        }\r\n        return this.rhs.evaluate(c).bool();\r\n    };\r\n\r\n    // AndOperation //////////////////////////////////////////////////////////////\r\n\r\n    AndOperation.prototype = new BinaryOperation();\r\n    AndOperation.prototype.constructor = AndOperation;\r\n    AndOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function AndOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    AndOperation.prototype.init = function (lhs, rhs) {\r\n        AndOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    AndOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" and \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    AndOperation.prototype.evaluate = function (c) {\r\n        var b = this.lhs.evaluate(c).bool();\r\n        if (!b.booleanValue()) {\r\n            return b;\r\n        }\r\n        return this.rhs.evaluate(c).bool();\r\n    };\r\n\r\n    // EqualsOperation ///////////////////////////////////////////////////////////\r\n\r\n    EqualsOperation.prototype = new BinaryOperation();\r\n    EqualsOperation.prototype.constructor = EqualsOperation;\r\n    EqualsOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function EqualsOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    EqualsOperation.prototype.init = function (lhs, rhs) {\r\n        EqualsOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    EqualsOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" = \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    EqualsOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).equals(this.rhs.evaluate(c));\r\n    };\r\n\r\n    // NotEqualOperation /////////////////////////////////////////////////////////\r\n\r\n    NotEqualOperation.prototype = new BinaryOperation();\r\n    NotEqualOperation.prototype.constructor = NotEqualOperation;\r\n    NotEqualOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function NotEqualOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    NotEqualOperation.prototype.init = function (lhs, rhs) {\r\n        NotEqualOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    NotEqualOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" != \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    NotEqualOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).notequal(this.rhs.evaluate(c));\r\n    };\r\n\r\n    // LessThanOperation /////////////////////////////////////////////////////////\r\n\r\n    LessThanOperation.prototype = new BinaryOperation();\r\n    LessThanOperation.prototype.constructor = LessThanOperation;\r\n    LessThanOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function LessThanOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    LessThanOperation.prototype.init = function (lhs, rhs) {\r\n        LessThanOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    LessThanOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).lessthan(this.rhs.evaluate(c));\r\n    };\r\n\r\n    LessThanOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" < \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // GreaterThanOperation //////////////////////////////////////////////////////\r\n\r\n    GreaterThanOperation.prototype = new BinaryOperation();\r\n    GreaterThanOperation.prototype.constructor = GreaterThanOperation;\r\n    GreaterThanOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function GreaterThanOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    GreaterThanOperation.prototype.init = function (lhs, rhs) {\r\n        GreaterThanOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    GreaterThanOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).greaterthan(this.rhs.evaluate(c));\r\n    };\r\n\r\n    GreaterThanOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" > \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // LessThanOrEqualOperation //////////////////////////////////////////////////\r\n\r\n    LessThanOrEqualOperation.prototype = new BinaryOperation();\r\n    LessThanOrEqualOperation.prototype.constructor = LessThanOrEqualOperation;\r\n    LessThanOrEqualOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function LessThanOrEqualOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    LessThanOrEqualOperation.prototype.init = function (lhs, rhs) {\r\n        LessThanOrEqualOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    LessThanOrEqualOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).lessthanorequal(this.rhs.evaluate(c));\r\n    };\r\n\r\n    LessThanOrEqualOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" <= \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // GreaterThanOrEqualOperation ///////////////////////////////////////////////\r\n\r\n    GreaterThanOrEqualOperation.prototype = new BinaryOperation();\r\n    GreaterThanOrEqualOperation.prototype.constructor = GreaterThanOrEqualOperation;\r\n    GreaterThanOrEqualOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function GreaterThanOrEqualOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    GreaterThanOrEqualOperation.prototype.init = function (lhs, rhs) {\r\n        GreaterThanOrEqualOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    GreaterThanOrEqualOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).greaterthanorequal(this.rhs.evaluate(c));\r\n    };\r\n\r\n    GreaterThanOrEqualOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" >= \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // PlusOperation /////////////////////////////////////////////////////////////\r\n\r\n    PlusOperation.prototype = new BinaryOperation();\r\n    PlusOperation.prototype.constructor = PlusOperation;\r\n    PlusOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function PlusOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    PlusOperation.prototype.init = function (lhs, rhs) {\r\n        PlusOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    PlusOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).number().plus(this.rhs.evaluate(c).number());\r\n    };\r\n\r\n    PlusOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" + \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // MinusOperation ////////////////////////////////////////////////////////////\r\n\r\n    MinusOperation.prototype = new BinaryOperation();\r\n    MinusOperation.prototype.constructor = MinusOperation;\r\n    MinusOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function MinusOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    MinusOperation.prototype.init = function (lhs, rhs) {\r\n        MinusOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    MinusOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).number().minus(this.rhs.evaluate(c).number());\r\n    };\r\n\r\n    MinusOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" - \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // MultiplyOperation /////////////////////////////////////////////////////////\r\n\r\n    MultiplyOperation.prototype = new BinaryOperation();\r\n    MultiplyOperation.prototype.constructor = MultiplyOperation;\r\n    MultiplyOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function MultiplyOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    MultiplyOperation.prototype.init = function (lhs, rhs) {\r\n        MultiplyOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    MultiplyOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).number().multiply(this.rhs.evaluate(c).number());\r\n    };\r\n\r\n    MultiplyOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" * \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // DivOperation //////////////////////////////////////////////////////////////\r\n\r\n    DivOperation.prototype = new BinaryOperation();\r\n    DivOperation.prototype.constructor = DivOperation;\r\n    DivOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function DivOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    DivOperation.prototype.init = function (lhs, rhs) {\r\n        DivOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    DivOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).number().div(this.rhs.evaluate(c).number());\r\n    };\r\n\r\n    DivOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" div \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // ModOperation //////////////////////////////////////////////////////////////\r\n\r\n    ModOperation.prototype = new BinaryOperation();\r\n    ModOperation.prototype.constructor = ModOperation;\r\n    ModOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function ModOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    ModOperation.prototype.init = function (lhs, rhs) {\r\n        ModOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    ModOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).number().mod(this.rhs.evaluate(c).number());\r\n    };\r\n\r\n    ModOperation.prototype.toString = function () {\r\n        return \"(\" + this.lhs.toString() + \" mod \" + this.rhs.toString() + \")\";\r\n    };\r\n\r\n    // BarOperation //////////////////////////////////////////////////////////////\r\n\r\n    BarOperation.prototype = new BinaryOperation();\r\n    BarOperation.prototype.constructor = BarOperation;\r\n    BarOperation.superclass = BinaryOperation.prototype;\r\n\r\n    function BarOperation(lhs, rhs) {\r\n        if (arguments.length > 0) {\r\n            this.init(lhs, rhs);\r\n        }\r\n    }\r\n\r\n    BarOperation.prototype.init = function (lhs, rhs) {\r\n        BarOperation.superclass.init.call(this, lhs, rhs);\r\n    };\r\n\r\n    BarOperation.prototype.evaluate = function (c) {\r\n        return this.lhs.evaluate(c).nodeset().union(this.rhs.evaluate(c).nodeset());\r\n    };\r\n\r\n    BarOperation.prototype.toString = function () {\r\n        return map(toString, [this.lhs, this.rhs]).join(' | ');\r\n    };\r\n\r\n    // PathExpr //////////////////////////////////////////////////////////////////\r\n\r\n    PathExpr.prototype = new Expression();\r\n    PathExpr.prototype.constructor = PathExpr;\r\n    PathExpr.superclass = Expression.prototype;\r\n\r\n    function PathExpr(filter, filterPreds, locpath) {\r\n        if (arguments.length > 0) {\r\n            this.init(filter, filterPreds, locpath);\r\n        }\r\n    }\r\n\r\n    PathExpr.prototype.init = function (filter, filterPreds, locpath) {\r\n        PathExpr.superclass.init.call(this);\r\n        this.filter = filter;\r\n        this.filterPredicates = filterPreds;\r\n        this.locationPath = locpath;\r\n    };\r\n\r\n    /**\r\n     * Returns the topmost node of the tree containing node\r\n     */\r\n    function findRoot(node) {\r\n        while (node && node.parentNode) {\r\n            node = node.parentNode;\r\n        }\r\n\r\n        return node;\r\n    }\r\n\r\n    var applyPredicates = function (predicates, c, nodes, reverse) {\r\n        if (predicates.length === 0) {\r\n            return nodes;\r\n        }\r\n\r\n        var ctx = c.extend({});\r\n\r\n        return reduce(\r\n            function (inNodes, pred) {\r\n                ctx.contextSize = inNodes.length;\r\n\r\n                return filter(\r\n                    function (node, i) {\r\n                        ctx.contextNode = node;\r\n                        ctx.contextPosition = i + 1;\r\n\r\n                        return PathExpr.predicateMatches(pred, ctx);\r\n                    },\r\n                    inNodes\r\n                );\r\n            },\r\n            sortNodes(nodes, reverse),\r\n            predicates\r\n        );\r\n    };\r\n\r\n    PathExpr.getRoot = function (xpc, nodes) {\r\n        var firstNode = nodes[0];\r\n\r\n        // xpc.virtualRoot could possibly provide a root even if firstNode is null,\r\n        // so using a guard here instead of throwing.\r\n        if (firstNode && firstNode.nodeType === NodeTypes.DOCUMENT_NODE) {\r\n            return firstNode;\r\n        }\r\n\r\n        if (xpc.virtualRoot) {\r\n            return xpc.virtualRoot;\r\n        }\r\n\r\n        if (!firstNode) {\r\n            throw new Error('Context node not found when determining document root.');\r\n        }\r\n\r\n        var ownerDoc = firstNode.ownerDocument;\r\n\r\n        if (ownerDoc) {\r\n            return ownerDoc;\r\n        }\r\n\r\n        // IE 5.5 doesn't have ownerDocument?\r\n        var n = firstNode;\r\n        while (n.parentNode != null) {\r\n            n = n.parentNode;\r\n        }\r\n        return n;\r\n    }\r\n\r\n    var getPrefixForNamespaceNode = function (attrNode) {\r\n        var nm = String(attrNode.name);\r\n\r\n        if (nm === \"xmlns\") {\r\n            return \"\";\r\n        }\r\n\r\n        if (nm.substring(0, 6) === \"xmlns:\") {\r\n            return nm.substring(6, nm.length);\r\n        }\r\n\r\n        return null;\r\n    };\r\n\r\n    PathExpr.applyStep = function (step, xpc, node) {\r\n        if (!node) {\r\n            throw new Error('Context node not found when evaluating XPath step: ' + step);\r\n        }\r\n\r\n        var newNodes = [];\r\n        xpc.contextNode = node;\r\n\r\n        switch (step.axis) {\r\n            case Step.ANCESTOR:\r\n                // look at all the ancestor nodes\r\n                if (xpc.contextNode === xpc.virtualRoot) {\r\n                    break;\r\n                }\r\n                var m;\r\n                if (xpc.contextNode.nodeType == NodeTypes.ATTRIBUTE_NODE) {\r\n                    m = PathExpr.getOwnerElement(xpc.contextNode);\r\n                } else {\r\n                    m = xpc.contextNode.parentNode;\r\n                }\r\n                while (m != null) {\r\n                    if (step.nodeTest.matches(m, xpc)) {\r\n                        newNodes.push(m);\r\n                    }\r\n                    if (m === xpc.virtualRoot) {\r\n                        break;\r\n                    }\r\n                    m = m.parentNode;\r\n                }\r\n                break;\r\n\r\n            case Step.ANCESTORORSELF:\r\n                // look at all the ancestor nodes and the current node\r\n                for (var m = xpc.contextNode; m != null; m = m.nodeType == NodeTypes.ATTRIBUTE_NODE ? PathExpr.getOwnerElement(m) : m.parentNode) {\r\n                    if (step.nodeTest.matches(m, xpc)) {\r\n                        newNodes.push(m);\r\n                    }\r\n                    if (m === xpc.virtualRoot) {\r\n                        break;\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.ATTRIBUTE:\r\n                // look at the attributes\r\n                var nnm = xpc.contextNode.attributes;\r\n                if (nnm != null) {\r\n                    for (var k = 0; k < nnm.length; k++) {\r\n                        var m = nnm.item(k);\r\n                        if (step.nodeTest.matches(m, xpc)) {\r\n                            newNodes.push(m);\r\n                        }\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.CHILD:\r\n                // look at all child elements\r\n                for (var m = xpc.contextNode.firstChild; m != null; m = m.nextSibling) {\r\n                    if (step.nodeTest.matches(m, xpc)) {\r\n                        newNodes.push(m);\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.DESCENDANT:\r\n                // look at all descendant nodes\r\n                var st = [xpc.contextNode.firstChild];\r\n                while (st.length > 0) {\r\n                    for (var m = st.pop(); m != null;) {\r\n                        if (step.nodeTest.matches(m, xpc)) {\r\n                            newNodes.push(m);\r\n                        }\r\n                        if (m.firstChild != null) {\r\n                            st.push(m.nextSibling);\r\n                            m = m.firstChild;\r\n                        } else {\r\n                            m = m.nextSibling;\r\n                        }\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.DESCENDANTORSELF:\r\n                // look at self\r\n                if (step.nodeTest.matches(xpc.contextNode, xpc)) {\r\n                    newNodes.push(xpc.contextNode);\r\n                }\r\n                // look at all descendant nodes\r\n                var st = [xpc.contextNode.firstChild];\r\n                while (st.length > 0) {\r\n                    for (var m = st.pop(); m != null;) {\r\n                        if (step.nodeTest.matches(m, xpc)) {\r\n                            newNodes.push(m);\r\n                        }\r\n                        if (m.firstChild != null) {\r\n                            st.push(m.nextSibling);\r\n                            m = m.firstChild;\r\n                        } else {\r\n                            m = m.nextSibling;\r\n                        }\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.FOLLOWING:\r\n                if (xpc.contextNode === xpc.virtualRoot) {\r\n                    break;\r\n                }\r\n                var st = [];\r\n                if (xpc.contextNode.firstChild != null) {\r\n                    st.unshift(xpc.contextNode.firstChild);\r\n                } else {\r\n                    st.unshift(xpc.contextNode.nextSibling);\r\n                }\r\n                for (var m = xpc.contextNode.parentNode; m != null && m.nodeType != NodeTypes.DOCUMENT_NODE && m !== xpc.virtualRoot; m = m.parentNode) {\r\n                    st.unshift(m.nextSibling);\r\n                }\r\n                do {\r\n                    for (var m = st.pop(); m != null;) {\r\n                        if (step.nodeTest.matches(m, xpc)) {\r\n                            newNodes.push(m);\r\n                        }\r\n                        if (m.firstChild != null) {\r\n                            st.push(m.nextSibling);\r\n                            m = m.firstChild;\r\n                        } else {\r\n                            m = m.nextSibling;\r\n                        }\r\n                    }\r\n                } while (st.length > 0);\r\n                break;\r\n\r\n            case Step.FOLLOWINGSIBLING:\r\n                if (xpc.contextNode === xpc.virtualRoot) {\r\n                    break;\r\n                }\r\n                for (var m = xpc.contextNode.nextSibling; m != null; m = m.nextSibling) {\r\n                    if (step.nodeTest.matches(m, xpc)) {\r\n                        newNodes.push(m);\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.NAMESPACE:\r\n                var nodes = {};\r\n\r\n                if (xpc.contextNode.nodeType == NodeTypes.ELEMENT_NODE) {\r\n                    // BUG: This only collects the namespaces on the current node, but seemingly\r\n                    //      it should collect all those in scope\r\n                    nodes[\"xml\"] = new XPathNamespace(\"xml\", null, XPath.XML_NAMESPACE_URI, xpc.contextNode);\r\n\r\n                    for (var m = xpc.contextNode; m != null && m.nodeType == NodeTypes.ELEMENT_NODE; m = m.parentNode) {\r\n                        for (var k = 0; k < m.attributes.length; k++) {\r\n                            var attr = m.attributes.item(k);\r\n\r\n                            var pre = getPrefixForNamespaceNode(attr);\r\n\r\n                            if (pre != null && nodes[pre] == undefined) {\r\n                                nodes[pre] = new XPathNamespace(pre, attr, attr.value, xpc.contextNode);\r\n                            }\r\n                        }\r\n                    }\r\n\r\n                    for (var pre in nodes) {\r\n                        var node = nodes[pre];\r\n\r\n                        if (step.nodeTest.matches(node, xpc)) {\r\n                            newNodes.push(node);\r\n                        }\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.PARENT:\r\n                m = null;\r\n                if (xpc.contextNode !== xpc.virtualRoot) {\r\n                    if (xpc.contextNode.nodeType == NodeTypes.ATTRIBUTE_NODE) {\r\n                        m = PathExpr.getOwnerElement(xpc.contextNode);\r\n                    } else {\r\n                        m = xpc.contextNode.parentNode;\r\n                    }\r\n                }\r\n                if (m != null && step.nodeTest.matches(m, xpc)) {\r\n                    newNodes.push(m);\r\n                }\r\n                break;\r\n\r\n            case Step.PRECEDING:\r\n                var st;\r\n                if (xpc.virtualRoot != null) {\r\n                    st = [xpc.virtualRoot];\r\n                } else {\r\n                    // cannot rely on .ownerDocument because the node may be in a document fragment\r\n                    st = [findRoot(xpc.contextNode)];\r\n                }\r\n                outer: while (st.length > 0) {\r\n                    for (var m = st.pop(); m != null;) {\r\n                        if (m == xpc.contextNode) {\r\n                            break outer;\r\n                        }\r\n                        if (step.nodeTest.matches(m, xpc)) {\r\n                            newNodes.unshift(m);\r\n                        }\r\n                        if (m.firstChild != null) {\r\n                            st.push(m.nextSibling);\r\n                            m = m.firstChild;\r\n                        } else {\r\n                            m = m.nextSibling;\r\n                        }\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.PRECEDINGSIBLING:\r\n                if (xpc.contextNode === xpc.virtualRoot) {\r\n                    break;\r\n                }\r\n                for (var m = xpc.contextNode.previousSibling; m != null; m = m.previousSibling) {\r\n                    if (step.nodeTest.matches(m, xpc)) {\r\n                        newNodes.push(m);\r\n                    }\r\n                }\r\n                break;\r\n\r\n            case Step.SELF:\r\n                if (step.nodeTest.matches(xpc.contextNode, xpc)) {\r\n                    newNodes.push(xpc.contextNode);\r\n                }\r\n                break;\r\n\r\n            default:\r\n        }\r\n\r\n        return newNodes;\r\n    };\r\n\r\n    function applyStepWithPredicates(step, xpc, node) {\r\n        return applyPredicates(\r\n            step.predicates,\r\n            xpc,\r\n            PathExpr.applyStep(step, xpc, node),\r\n            includes(REVERSE_AXES, step.axis)\r\n        );\r\n    }\r\n\r\n    function applyStepToNodes(context, nodes, step) {\r\n        return flatten(\r\n            map(\r\n                applyStepWithPredicates.bind(null, step, context),\r\n                nodes\r\n            )\r\n        );\r\n    }\r\n\r\n    PathExpr.applySteps = function (steps, xpc, nodes) {\r\n        return reduce(\r\n            applyStepToNodes.bind(null, xpc),\r\n            nodes,\r\n            steps\r\n        );\r\n    }\r\n\r\n    PathExpr.prototype.applyFilter = function (c, xpc) {\r\n        if (!this.filter) {\r\n            return { nodes: [c.contextNode] };\r\n        }\r\n\r\n        var ns = this.filter.evaluate(c);\r\n\r\n        if (!Utilities.instance_of(ns, XNodeSet)) {\r\n            if (this.filterPredicates != null && this.filterPredicates.length > 0 || this.locationPath != null) {\r\n                throw new Error(\"Path expression filter must evaluate to a nodeset if predicates or location path are used\");\r\n            }\r\n\r\n            return { nonNodes: ns };\r\n        }\r\n\r\n        return {\r\n            nodes: applyPredicates(\r\n                this.filterPredicates || [],\r\n                xpc,\r\n                ns.toUnsortedArray(),\r\n                false // reverse\r\n            )\r\n        };\r\n    };\r\n\r\n    PathExpr.applyLocationPath = function (locationPath, xpc, nodes) {\r\n        if (!locationPath) {\r\n            return nodes;\r\n        }\r\n\r\n        var startNodes = locationPath.absolute ? [PathExpr.getRoot(xpc, nodes)] : nodes;\r\n\r\n        return PathExpr.applySteps(locationPath.steps, xpc, startNodes);\r\n    };\r\n\r\n    PathExpr.prototype.evaluate = function (c) {\r\n        var xpc = assign(new XPathContext(), c);\r\n\r\n        var filterResult = this.applyFilter(c, xpc);\r\n\r\n        if ('nonNodes' in filterResult) {\r\n            return filterResult.nonNodes;\r\n        }\r\n\r\n        var ns = new XNodeSet();\r\n        ns.addArray(PathExpr.applyLocationPath(this.locationPath, xpc, filterResult.nodes));\r\n        return ns;\r\n    };\r\n\r\n    PathExpr.predicateMatches = function (pred, c) {\r\n        var res = pred.evaluate(c);\r\n\r\n        return Utilities.instance_of(res, XNumber)\r\n            ? c.contextPosition === res.numberValue()\r\n            : res.booleanValue();\r\n    };\r\n\r\n    PathExpr.predicateString = function (predicate) {\r\n        return wrap('[', ']', predicate.toString());\r\n    }\r\n\r\n    PathExpr.predicatesString = function (predicates) {\r\n        return join(\r\n            '',\r\n            map(PathExpr.predicateString, predicates)\r\n        );\r\n    }\r\n\r\n    PathExpr.prototype.toString = function () {\r\n        if (this.filter != undefined) {\r\n            var filterStr = toString(this.filter);\r\n\r\n            if (Utilities.instance_of(this.filter, XString)) {\r\n                return wrap(\"'\", \"'\", filterStr);\r\n            }\r\n            if (this.filterPredicates != undefined && this.filterPredicates.length) {\r\n                return wrap('(', ')', filterStr) +\r\n                    PathExpr.predicatesString(this.filterPredicates);\r\n            }\r\n            if (this.locationPath != undefined) {\r\n                return filterStr +\r\n                    (this.locationPath.absolute ? '' : '/') +\r\n                    toString(this.locationPath);\r\n            }\r\n\r\n            return filterStr;\r\n        }\r\n\r\n        return toString(this.locationPath);\r\n    };\r\n\r\n    PathExpr.getOwnerElement = function (n) {\r\n        // DOM 2 has ownerElement\r\n        if (n.ownerElement) {\r\n            return n.ownerElement;\r\n        }\r\n        // DOM 1 Internet Explorer can use selectSingleNode (ironically)\r\n        try {\r\n            if (n.selectSingleNode) {\r\n                return n.selectSingleNode(\"..\");\r\n            }\r\n        } catch (e) {\r\n        }\r\n        // Other DOM 1 implementations must use this egregious search\r\n        var doc = n.nodeType == NodeTypes.DOCUMENT_NODE\r\n            ? n\r\n            : n.ownerDocument;\r\n        var elts = doc.getElementsByTagName(\"*\");\r\n        for (var i = 0; i < elts.length; i++) {\r\n            var elt = elts.item(i);\r\n            var nnm = elt.attributes;\r\n            for (var j = 0; j < nnm.length; j++) {\r\n                var an = nnm.item(j);\r\n                if (an === n) {\r\n                    return elt;\r\n                }\r\n            }\r\n        }\r\n        return null;\r\n    };\r\n\r\n    // LocationPath //////////////////////////////////////////////////////////////\r\n\r\n    LocationPath.prototype = new Object();\r\n    LocationPath.prototype.constructor = LocationPath;\r\n    LocationPath.superclass = Object.prototype;\r\n\r\n    function LocationPath(abs, steps) {\r\n        if (arguments.length > 0) {\r\n            this.init(abs, steps);\r\n        }\r\n    }\r\n\r\n    LocationPath.prototype.init = function (abs, steps) {\r\n        this.absolute = abs;\r\n        this.steps = steps;\r\n    };\r\n\r\n    LocationPath.prototype.toString = function () {\r\n        return (\r\n            (this.absolute ? '/' : '') +\r\n            map(toString, this.steps).join('/')\r\n        );\r\n    };\r\n\r\n    // Step //////////////////////////////////////////////////////////////////////\r\n\r\n    Step.prototype = new Object();\r\n    Step.prototype.constructor = Step;\r\n    Step.superclass = Object.prototype;\r\n\r\n    function Step(axis, nodetest, preds) {\r\n        if (arguments.length > 0) {\r\n            this.init(axis, nodetest, preds);\r\n        }\r\n    }\r\n\r\n    Step.prototype.init = function (axis, nodetest, preds) {\r\n        this.axis = axis;\r\n        this.nodeTest = nodetest;\r\n        this.predicates = preds;\r\n    };\r\n\r\n    Step.prototype.toString = function () {\r\n        return Step.STEPNAMES[this.axis] +\r\n            \"::\" +\r\n            this.nodeTest.toString() +\r\n            PathExpr.predicatesString(this.predicates);\r\n    };\r\n\r\n\r\n    Step.ANCESTOR = 0;\r\n    Step.ANCESTORORSELF = 1;\r\n    Step.ATTRIBUTE = 2;\r\n    Step.CHILD = 3;\r\n    Step.DESCENDANT = 4;\r\n    Step.DESCENDANTORSELF = 5;\r\n    Step.FOLLOWING = 6;\r\n    Step.FOLLOWINGSIBLING = 7;\r\n    Step.NAMESPACE = 8;\r\n    Step.PARENT = 9;\r\n    Step.PRECEDING = 10;\r\n    Step.PRECEDINGSIBLING = 11;\r\n    Step.SELF = 12;\r\n\r\n    Step.STEPNAMES = reduce(function (acc, x) { return acc[x[0]] = x[1], acc; }, {}, [\r\n        [Step.ANCESTOR, 'ancestor'],\r\n        [Step.ANCESTORORSELF, 'ancestor-or-self'],\r\n        [Step.ATTRIBUTE, 'attribute'],\r\n        [Step.CHILD, 'child'],\r\n        [Step.DESCENDANT, 'descendant'],\r\n        [Step.DESCENDANTORSELF, 'descendant-or-self'],\r\n        [Step.FOLLOWING, 'following'],\r\n        [Step.FOLLOWINGSIBLING, 'following-sibling'],\r\n        [Step.NAMESPACE, 'namespace'],\r\n        [Step.PARENT, 'parent'],\r\n        [Step.PRECEDING, 'preceding'],\r\n        [Step.PRECEDINGSIBLING, 'preceding-sibling'],\r\n        [Step.SELF, 'self']\r\n    ]);\r\n\r\n    var REVERSE_AXES = [\r\n        Step.ANCESTOR,\r\n        Step.ANCESTORORSELF,\r\n        Step.PARENT,\r\n        Step.PRECEDING,\r\n        Step.PRECEDINGSIBLING\r\n    ];\r\n\r\n    // NodeTest //////////////////////////////////////////////////////////////////\r\n\r\n    NodeTest.prototype = new Object();\r\n    NodeTest.prototype.constructor = NodeTest;\r\n    NodeTest.superclass = Object.prototype;\r\n\r\n    function NodeTest(type, value) {\r\n        if (arguments.length > 0) {\r\n            this.init(type, value);\r\n        }\r\n    }\r\n\r\n    NodeTest.prototype.init = function (type, value) {\r\n        this.type = type;\r\n        this.value = value;\r\n    };\r\n\r\n    NodeTest.prototype.toString = function () {\r\n        return \"<unknown nodetest type>\";\r\n    };\r\n\r\n    NodeTest.prototype.matches = function (n, xpc) {\r\n        console.warn('unknown node test type');\r\n    };\r\n\r\n    NodeTest.NAMETESTANY = 0;\r\n    NodeTest.NAMETESTPREFIXANY = 1;\r\n    NodeTest.NAMETESTQNAME = 2;\r\n    NodeTest.COMMENT = 3;\r\n    NodeTest.TEXT = 4;\r\n    NodeTest.PI = 5;\r\n    NodeTest.NODE = 6;\r\n\r\n    NodeTest.isNodeType = function (types) {\r\n        return function (node) {\r\n            return includes(types, node.nodeType);\r\n        };\r\n    };\r\n\r\n    NodeTest.makeNodeTestType = function (type, members, ctor) {\r\n        var newType = ctor || function () { };\r\n\r\n        newType.prototype = new NodeTest(type);\r\n        newType.prototype.constructor = newType;\r\n\r\n        assign(newType.prototype, members);\r\n\r\n        return newType;\r\n    };\r\n    // create invariant node test for certain node types\r\n    NodeTest.makeNodeTypeTest = function (type, nodeTypes, stringVal) {\r\n        return new (NodeTest.makeNodeTestType(type, {\r\n            matches: NodeTest.isNodeType(nodeTypes),\r\n            toString: always(stringVal)\r\n        }))();\r\n    };\r\n\r\n    NodeTest.hasPrefix = function (node) {\r\n        return node.prefix || (node.nodeName || node.tagName).indexOf(':') !== -1;\r\n    };\r\n\r\n    NodeTest.isElementOrAttribute = NodeTest.isNodeType([1, 2]);\r\n    NodeTest.nameSpaceMatches = function (prefix, xpc, n) {\r\n        var nNamespace = (n.namespaceURI || '');\r\n\r\n        if (!prefix) {\r\n            return !nNamespace || (xpc.allowAnyNamespaceForNoPrefix && !NodeTest.hasPrefix(n));\r\n        }\r\n\r\n        var ns = xpc.namespaceResolver.getNamespace(prefix, xpc.expressionContextNode);\r\n\r\n        if (ns == null) {\r\n            throw new Error(\"Cannot resolve QName \" + prefix);\r\n        }\r\n\r\n        return ns === nNamespace;\r\n    };\r\n    NodeTest.localNameMatches = function (localName, xpc, n) {\r\n        var nLocalName = (n.localName || n.nodeName);\r\n\r\n        return xpc.caseInsensitive\r\n            ? localName.toLowerCase() === nLocalName.toLowerCase()\r\n            : localName === nLocalName;\r\n    };\r\n\r\n    NodeTest.NameTestPrefixAny = NodeTest.makeNodeTestType(\r\n        NodeTest.NAMETESTPREFIXANY,\r\n        {\r\n            matches: function (n, xpc) {\r\n                return NodeTest.isElementOrAttribute(n) &&\r\n                    NodeTest.nameSpaceMatches(this.prefix, xpc, n);\r\n            },\r\n            toString: function () {\r\n                return this.prefix + \":*\";\r\n            }\r\n        },\r\n        function NameTestPrefixAny(prefix) { this.prefix = prefix; }\r\n    );\r\n\r\n    NodeTest.NameTestQName = NodeTest.makeNodeTestType(\r\n        NodeTest.NAMETESTQNAME,\r\n        {\r\n            matches: function (n, xpc) {\r\n                return NodeTest.isNodeType(\r\n                    [\r\n                        NodeTypes.ELEMENT_NODE,\r\n                        NodeTypes.ATTRIBUTE_NODE,\r\n                        NodeTypes.NAMESPACE_NODE,\r\n                    ]\r\n                )(n) &&\r\n                    NodeTest.nameSpaceMatches(this.prefix, xpc, n) &&\r\n                    NodeTest.localNameMatches(this.localName, xpc, n);\r\n            },\r\n            toString: function () {\r\n                return this.name;\r\n            }\r\n        },\r\n        function NameTestQName(name) {\r\n            var nameParts = name.split(':');\r\n\r\n            this.name = name;\r\n            this.prefix = nameParts.length > 1 ? nameParts[0] : null;\r\n            this.localName = nameParts[nameParts.length > 1 ? 1 : 0];\r\n        }\r\n    );\r\n\r\n    NodeTest.PITest = NodeTest.makeNodeTestType(NodeTest.PI, {\r\n        matches: function (n, xpc) {\r\n            return NodeTest.isNodeType(\r\n                [NodeTypes.PROCESSING_INSTRUCTION_NODE]\r\n            )(n) &&\r\n                (n.target || n.nodeName) === this.name;\r\n        },\r\n        toString: function () {\r\n            return wrap('processing-instruction(\"', '\")', this.name);\r\n        }\r\n    }, function (name) { this.name = name; })\r\n\r\n    // singletons\r\n\r\n    // elements, attributes, namespaces\r\n    NodeTest.nameTestAny = NodeTest.makeNodeTypeTest(\r\n        NodeTest.NAMETESTANY,\r\n        [\r\n            NodeTypes.ELEMENT_NODE,\r\n            NodeTypes.ATTRIBUTE_NODE,\r\n            NodeTypes.NAMESPACE_NODE,\r\n        ],\r\n        '*'\r\n    );\r\n    // text, cdata\r\n    NodeTest.textTest = NodeTest.makeNodeTypeTest(\r\n        NodeTest.TEXT,\r\n        [\r\n            NodeTypes.TEXT_NODE,\r\n            NodeTypes.CDATA_SECTION_NODE,\r\n        ],\r\n        'text()'\r\n    );\r\n    NodeTest.commentTest = NodeTest.makeNodeTypeTest(\r\n        NodeTest.COMMENT,\r\n        [NodeTypes.COMMENT_NODE],\r\n        'comment()'\r\n    );\r\n    // elements, attributes, text, cdata, PIs, comments, document nodes\r\n    NodeTest.nodeTest = NodeTest.makeNodeTypeTest(\r\n        NodeTest.NODE,\r\n        [\r\n            NodeTypes.ELEMENT_NODE,\r\n            NodeTypes.ATTRIBUTE_NODE,\r\n            NodeTypes.TEXT_NODE,\r\n            NodeTypes.CDATA_SECTION_NODE,\r\n            NodeTypes.PROCESSING_INSTRUCTION_NODE,\r\n            NodeTypes.COMMENT_NODE,\r\n            NodeTypes.DOCUMENT_NODE,\r\n        ],\r\n        'node()'\r\n    );\r\n    NodeTest.anyPiTest = NodeTest.makeNodeTypeTest(\r\n        NodeTest.PI,\r\n        [NodeTypes.PROCESSING_INSTRUCTION_NODE],\r\n        'processing-instruction()'\r\n    );\r\n\r\n    // VariableReference /////////////////////////////////////////////////////////\r\n\r\n    VariableReference.prototype = new Expression();\r\n    VariableReference.prototype.constructor = VariableReference;\r\n    VariableReference.superclass = Expression.prototype;\r\n\r\n    function VariableReference(v) {\r\n        if (arguments.length > 0) {\r\n            this.init(v);\r\n        }\r\n    }\r\n\r\n    VariableReference.prototype.init = function (v) {\r\n        this.variable = v;\r\n    };\r\n\r\n    VariableReference.prototype.toString = function () {\r\n        return \"$\" + this.variable;\r\n    };\r\n\r\n    VariableReference.prototype.evaluate = function (c) {\r\n        var parts = Utilities.resolveQName(this.variable, c.namespaceResolver, c.contextNode, false);\r\n\r\n        if (parts[0] == null) {\r\n            throw new Error(\"Cannot resolve QName \" + fn);\r\n        }\r\n        var result = c.variableResolver.getVariable(parts[1], parts[0]);\r\n        if (!result) {\r\n            throw XPathException.fromMessage(\"Undeclared variable: \" + this.toString());\r\n        }\r\n        return result;\r\n    };\r\n\r\n    // FunctionCall //////////////////////////////////////////////////////////////\r\n\r\n    FunctionCall.prototype = new Expression();\r\n    FunctionCall.prototype.constructor = FunctionCall;\r\n    FunctionCall.superclass = Expression.prototype;\r\n\r\n    function FunctionCall(fn, args) {\r\n        if (arguments.length > 0) {\r\n            this.init(fn, args);\r\n        }\r\n    }\r\n\r\n    FunctionCall.prototype.init = function (fn, args) {\r\n        this.functionName = fn;\r\n        this.arguments = args;\r\n    };\r\n\r\n    FunctionCall.prototype.toString = function () {\r\n        var s = this.functionName + \"(\";\r\n        for (var i = 0; i < this.arguments.length; i++) {\r\n            if (i > 0) {\r\n                s += \", \";\r\n            }\r\n            s += this.arguments[i].toString();\r\n        }\r\n        return s + \")\";\r\n    };\r\n\r\n    FunctionCall.prototype.evaluate = function (c) {\r\n        var f = FunctionResolver.getFunctionFromContext(this.functionName, c);\r\n\r\n        if (!f) {\r\n            throw new Error(\"Unknown function \" + this.functionName);\r\n        }\r\n\r\n        var a = [c].concat(this.arguments);\r\n        return f.apply(c.functionResolver.thisArg, a);\r\n    };\r\n\r\n    // Operators /////////////////////////////////////////////////////////////////\r\n\r\n    var Operators = new Object();\r\n\r\n    Operators.equals = function (l, r) {\r\n        return l.equals(r);\r\n    };\r\n\r\n    Operators.notequal = function (l, r) {\r\n        return l.notequal(r);\r\n    };\r\n\r\n    Operators.lessthan = function (l, r) {\r\n        return l.lessthan(r);\r\n    };\r\n\r\n    Operators.greaterthan = function (l, r) {\r\n        return l.greaterthan(r);\r\n    };\r\n\r\n    Operators.lessthanorequal = function (l, r) {\r\n        return l.lessthanorequal(r);\r\n    };\r\n\r\n    Operators.greaterthanorequal = function (l, r) {\r\n        return l.greaterthanorequal(r);\r\n    };\r\n\r\n    // XString ///////////////////////////////////////////////////////////////////\r\n\r\n    XString.prototype = new Expression();\r\n    XString.prototype.constructor = XString;\r\n    XString.superclass = Expression.prototype;\r\n\r\n    function XString(s) {\r\n        if (arguments.length > 0) {\r\n            this.init(s);\r\n        }\r\n    }\r\n\r\n    XString.prototype.init = function (s) {\r\n        this.str = String(s);\r\n    };\r\n\r\n    XString.prototype.toString = function () {\r\n        return this.str;\r\n    };\r\n\r\n    XString.prototype.evaluate = function (c) {\r\n        return this;\r\n    };\r\n\r\n    XString.prototype.string = function () {\r\n        return this;\r\n    };\r\n\r\n    XString.prototype.number = function () {\r\n        return new XNumber(this.str);\r\n    };\r\n\r\n    XString.prototype.bool = function () {\r\n        return new XBoolean(this.str);\r\n    };\r\n\r\n    XString.prototype.nodeset = function () {\r\n        throw new Error(\"Cannot convert string to nodeset\");\r\n    };\r\n\r\n    XString.prototype.stringValue = function () {\r\n        return this.str;\r\n    };\r\n\r\n    XString.prototype.numberValue = function () {\r\n        return this.number().numberValue();\r\n    };\r\n\r\n    XString.prototype.booleanValue = function () {\r\n        return this.bool().booleanValue();\r\n    };\r\n\r\n    XString.prototype.equals = function (r) {\r\n        if (Utilities.instance_of(r, XBoolean)) {\r\n            return this.bool().equals(r);\r\n        }\r\n        if (Utilities.instance_of(r, XNumber)) {\r\n            return this.number().equals(r);\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithString(this, Operators.equals);\r\n        }\r\n        return new XBoolean(this.str == r.str);\r\n    };\r\n\r\n    XString.prototype.notequal = function (r) {\r\n        if (Utilities.instance_of(r, XBoolean)) {\r\n            return this.bool().notequal(r);\r\n        }\r\n        if (Utilities.instance_of(r, XNumber)) {\r\n            return this.number().notequal(r);\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithString(this, Operators.notequal);\r\n        }\r\n        return new XBoolean(this.str != r.str);\r\n    };\r\n\r\n    XString.prototype.lessthan = function (r) {\r\n        return this.number().lessthan(r);\r\n    };\r\n\r\n    XString.prototype.greaterthan = function (r) {\r\n        return this.number().greaterthan(r);\r\n    };\r\n\r\n    XString.prototype.lessthanorequal = function (r) {\r\n        return this.number().lessthanorequal(r);\r\n    };\r\n\r\n    XString.prototype.greaterthanorequal = function (r) {\r\n        return this.number().greaterthanorequal(r);\r\n    };\r\n\r\n    // XNumber ///////////////////////////////////////////////////////////////////\r\n\r\n    XNumber.prototype = new Expression();\r\n    XNumber.prototype.constructor = XNumber;\r\n    XNumber.superclass = Expression.prototype;\r\n\r\n    function XNumber(n) {\r\n        if (arguments.length > 0) {\r\n            this.init(n);\r\n        }\r\n    }\r\n\r\n    XNumber.prototype.init = function (n) {\r\n        this.num = typeof n === \"string\" ? this.parse(n) : Number(n);\r\n    };\r\n\r\n    XNumber.prototype.numberFormat = /^\\s*-?[0-9]*\\.?[0-9]+\\s*$/;\r\n\r\n    XNumber.prototype.parse = function (s) {\r\n        // XPath representation of numbers is more restrictive than what Number() or parseFloat() allow\r\n        return this.numberFormat.test(s) ? parseFloat(s) : Number.NaN;\r\n    };\r\n\r\n    function padSmallNumber(numberStr) {\r\n        var parts = numberStr.split('e-');\r\n        var base = parts[0].replace('.', '');\r\n        var exponent = Number(parts[1]);\r\n\r\n        for (var i = 0; i < exponent - 1; i += 1) {\r\n            base = '0' + base;\r\n        }\r\n\r\n        return '0.' + base;\r\n    }\r\n\r\n    function padLargeNumber(numberStr) {\r\n        var parts = numberStr.split('e');\r\n        var base = parts[0].replace('.', '');\r\n        var exponent = Number(parts[1]);\r\n        var zerosToAppend = exponent + 1 - base.length;\r\n\r\n        for (var i = 0; i < zerosToAppend; i += 1) {\r\n            base += '0';\r\n        }\r\n\r\n        return base;\r\n    }\r\n\r\n    XNumber.prototype.toString = function () {\r\n        var strValue = this.num.toString();\r\n\r\n        if (strValue.indexOf('e-') !== -1) {\r\n            return padSmallNumber(strValue);\r\n        }\r\n\r\n        if (strValue.indexOf('e') !== -1) {\r\n            return padLargeNumber(strValue);\r\n        }\r\n\r\n        return strValue;\r\n    };\r\n\r\n    XNumber.prototype.evaluate = function (c) {\r\n        return this;\r\n    };\r\n\r\n    XNumber.prototype.string = function () {\r\n\r\n\r\n        return new XString(this.toString());\r\n    };\r\n\r\n    XNumber.prototype.number = function () {\r\n        return this;\r\n    };\r\n\r\n    XNumber.prototype.bool = function () {\r\n        return new XBoolean(this.num);\r\n    };\r\n\r\n    XNumber.prototype.nodeset = function () {\r\n        throw new Error(\"Cannot convert number to nodeset\");\r\n    };\r\n\r\n    XNumber.prototype.stringValue = function () {\r\n        return this.string().stringValue();\r\n    };\r\n\r\n    XNumber.prototype.numberValue = function () {\r\n        return this.num;\r\n    };\r\n\r\n    XNumber.prototype.booleanValue = function () {\r\n        return this.bool().booleanValue();\r\n    };\r\n\r\n    XNumber.prototype.negate = function () {\r\n        return new XNumber(-this.num);\r\n    };\r\n\r\n    XNumber.prototype.equals = function (r) {\r\n        if (Utilities.instance_of(r, XBoolean)) {\r\n            return this.bool().equals(r);\r\n        }\r\n        if (Utilities.instance_of(r, XString)) {\r\n            return this.equals(r.number());\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.equals);\r\n        }\r\n        return new XBoolean(this.num == r.num);\r\n    };\r\n\r\n    XNumber.prototype.notequal = function (r) {\r\n        if (Utilities.instance_of(r, XBoolean)) {\r\n            return this.bool().notequal(r);\r\n        }\r\n        if (Utilities.instance_of(r, XString)) {\r\n            return this.notequal(r.number());\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.notequal);\r\n        }\r\n        return new XBoolean(this.num != r.num);\r\n    };\r\n\r\n    XNumber.prototype.lessthan = function (r) {\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.greaterthan);\r\n        }\r\n        if (Utilities.instance_of(r, XBoolean) || Utilities.instance_of(r, XString)) {\r\n            return this.lessthan(r.number());\r\n        }\r\n        return new XBoolean(this.num < r.num);\r\n    };\r\n\r\n    XNumber.prototype.greaterthan = function (r) {\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.lessthan);\r\n        }\r\n        if (Utilities.instance_of(r, XBoolean) || Utilities.instance_of(r, XString)) {\r\n            return this.greaterthan(r.number());\r\n        }\r\n        return new XBoolean(this.num > r.num);\r\n    };\r\n\r\n    XNumber.prototype.lessthanorequal = function (r) {\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.greaterthanorequal);\r\n        }\r\n        if (Utilities.instance_of(r, XBoolean) || Utilities.instance_of(r, XString)) {\r\n            return this.lessthanorequal(r.number());\r\n        }\r\n        return new XBoolean(this.num <= r.num);\r\n    };\r\n\r\n    XNumber.prototype.greaterthanorequal = function (r) {\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithNumber(this, Operators.lessthanorequal);\r\n        }\r\n        if (Utilities.instance_of(r, XBoolean) || Utilities.instance_of(r, XString)) {\r\n            return this.greaterthanorequal(r.number());\r\n        }\r\n        return new XBoolean(this.num >= r.num);\r\n    };\r\n\r\n    XNumber.prototype.plus = function (r) {\r\n        return new XNumber(this.num + r.num);\r\n    };\r\n\r\n    XNumber.prototype.minus = function (r) {\r\n        return new XNumber(this.num - r.num);\r\n    };\r\n\r\n    XNumber.prototype.multiply = function (r) {\r\n        return new XNumber(this.num * r.num);\r\n    };\r\n\r\n    XNumber.prototype.div = function (r) {\r\n        return new XNumber(this.num / r.num);\r\n    };\r\n\r\n    XNumber.prototype.mod = function (r) {\r\n        return new XNumber(this.num % r.num);\r\n    };\r\n\r\n    // XBoolean //////////////////////////////////////////////////////////////////\r\n\r\n    XBoolean.prototype = new Expression();\r\n    XBoolean.prototype.constructor = XBoolean;\r\n    XBoolean.superclass = Expression.prototype;\r\n\r\n    function XBoolean(b) {\r\n        if (arguments.length > 0) {\r\n            this.init(b);\r\n        }\r\n    }\r\n\r\n    XBoolean.prototype.init = function (b) {\r\n        this.b = Boolean(b);\r\n    };\r\n\r\n    XBoolean.prototype.toString = function () {\r\n        return this.b.toString();\r\n    };\r\n\r\n    XBoolean.prototype.evaluate = function (c) {\r\n        return this;\r\n    };\r\n\r\n    XBoolean.prototype.string = function () {\r\n        return new XString(this.b);\r\n    };\r\n\r\n    XBoolean.prototype.number = function () {\r\n        return new XNumber(this.b);\r\n    };\r\n\r\n    XBoolean.prototype.bool = function () {\r\n        return this;\r\n    };\r\n\r\n    XBoolean.prototype.nodeset = function () {\r\n        throw new Error(\"Cannot convert boolean to nodeset\");\r\n    };\r\n\r\n    XBoolean.prototype.stringValue = function () {\r\n        return this.string().stringValue();\r\n    };\r\n\r\n    XBoolean.prototype.numberValue = function () {\r\n        return this.number().numberValue();\r\n    };\r\n\r\n    XBoolean.prototype.booleanValue = function () {\r\n        return this.b;\r\n    };\r\n\r\n    XBoolean.prototype.not = function () {\r\n        return new XBoolean(!this.b);\r\n    };\r\n\r\n    XBoolean.prototype.equals = function (r) {\r\n        if (Utilities.instance_of(r, XString) || Utilities.instance_of(r, XNumber)) {\r\n            return this.equals(r.bool());\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithBoolean(this, Operators.equals);\r\n        }\r\n        return new XBoolean(this.b == r.b);\r\n    };\r\n\r\n    XBoolean.prototype.notequal = function (r) {\r\n        if (Utilities.instance_of(r, XString) || Utilities.instance_of(r, XNumber)) {\r\n            return this.notequal(r.bool());\r\n        }\r\n        if (Utilities.instance_of(r, XNodeSet)) {\r\n            return r.compareWithBoolean(this, Operators.notequal);\r\n        }\r\n        return new XBoolean(this.b != r.b);\r\n    };\r\n\r\n    XBoolean.prototype.lessthan = function (r) {\r\n        return this.number().lessthan(r);\r\n    };\r\n\r\n    XBoolean.prototype.greaterthan = function (r) {\r\n        return this.number().greaterthan(r);\r\n    };\r\n\r\n    XBoolean.prototype.lessthanorequal = function (r) {\r\n        return this.number().lessthanorequal(r);\r\n    };\r\n\r\n    XBoolean.prototype.greaterthanorequal = function (r) {\r\n        return this.number().greaterthanorequal(r);\r\n    };\r\n\r\n    XBoolean.true_ = new XBoolean(true);\r\n    XBoolean.false_ = new XBoolean(false);\r\n\r\n    // AVLTree ///////////////////////////////////////////////////////////////////\r\n\r\n    AVLTree.prototype = new Object();\r\n    AVLTree.prototype.constructor = AVLTree;\r\n    AVLTree.superclass = Object.prototype;\r\n\r\n    function AVLTree(n) {\r\n        this.init(n);\r\n    }\r\n\r\n    AVLTree.prototype.init = function (n) {\r\n        this.left = null;\r\n        this.right = null;\r\n        this.node = n;\r\n        this.depth = 1;\r\n    };\r\n\r\n    AVLTree.prototype.balance = function () {\r\n        var ldepth = this.left == null ? 0 : this.left.depth;\r\n        var rdepth = this.right == null ? 0 : this.right.depth;\r\n\r\n        if (ldepth > rdepth + 1) {\r\n            // LR or LL rotation\r\n            var lldepth = this.left.left == null ? 0 : this.left.left.depth;\r\n            var lrdepth = this.left.right == null ? 0 : this.left.right.depth;\r\n\r\n            if (lldepth < lrdepth) {\r\n                // LR rotation consists of a RR rotation of the left child\r\n                this.left.rotateRR();\r\n                // plus a LL rotation of this node, which happens anyway\r\n            }\r\n            this.rotateLL();\r\n        } else if (ldepth + 1 < rdepth) {\r\n            // RR or RL rorarion\r\n            var rrdepth = this.right.right == null ? 0 : this.right.right.depth;\r\n            var rldepth = this.right.left == null ? 0 : this.right.left.depth;\r\n\r\n            if (rldepth > rrdepth) {\r\n                // RR rotation consists of a LL rotation of the right child\r\n                this.right.rotateLL();\r\n                // plus a RR rotation of this node, which happens anyway\r\n            }\r\n            this.rotateRR();\r\n        }\r\n    };\r\n\r\n    AVLTree.prototype.rotateLL = function () {\r\n        // the left side is too long => rotate from the left (_not_ leftwards)\r\n        var nodeBefore = this.node;\r\n        var rightBefore = this.right;\r\n        this.node = this.left.node;\r\n        this.right = this.left;\r\n        this.left = this.left.left;\r\n        this.right.left = this.right.right;\r\n        this.right.right = rightBefore;\r\n        this.right.node = nodeBefore;\r\n        this.right.updateInNewLocation();\r\n        this.updateInNewLocation();\r\n    };\r\n\r\n    AVLTree.prototype.rotateRR = function () {\r\n        // the right side is too long => rotate from the right (_not_ rightwards)\r\n        var nodeBefore = this.node;\r\n        var leftBefore = this.left;\r\n        this.node = this.right.node;\r\n        this.left = this.right;\r\n        this.right = this.right.right;\r\n        this.left.right = this.left.left;\r\n        this.left.left = leftBefore;\r\n        this.left.node = nodeBefore;\r\n        this.left.updateInNewLocation();\r\n        this.updateInNewLocation();\r\n    };\r\n\r\n    AVLTree.prototype.updateInNewLocation = function () {\r\n        this.getDepthFromChildren();\r\n    };\r\n\r\n    AVLTree.prototype.getDepthFromChildren = function () {\r\n        this.depth = this.node == null ? 0 : 1;\r\n        if (this.left != null) {\r\n            this.depth = this.left.depth + 1;\r\n        }\r\n        if (this.right != null && this.depth <= this.right.depth) {\r\n            this.depth = this.right.depth + 1;\r\n        }\r\n    };\r\n\r\n    function nodeOrder(n1, n2) {\r\n        if (n1 === n2) {\r\n            return 0;\r\n        }\r\n\r\n        if (n1.compareDocumentPosition) {\r\n            var cpos = n1.compareDocumentPosition(n2);\r\n\r\n            if (cpos & 0x01) {\r\n                // not in the same document; return an arbitrary result (is there a better way to do this)\r\n                return 1;\r\n            }\r\n            if (cpos & 0x0A) {\r\n                // n2 precedes or contains n1\r\n                return 1;\r\n            }\r\n            if (cpos & 0x14) {\r\n                // n2 follows or is contained by n1\r\n                return -1;\r\n            }\r\n\r\n            return 0;\r\n        }\r\n\r\n        var d1 = 0,\r\n            d2 = 0;\r\n        for (var m1 = n1; m1 != null; m1 = m1.parentNode || m1.ownerElement) {\r\n            d1++;\r\n        }\r\n        for (var m2 = n2; m2 != null; m2 = m2.parentNode || m2.ownerElement) {\r\n            d2++;\r\n        }\r\n\r\n        // step up to same depth\r\n        if (d1 > d2) {\r\n            while (d1 > d2) {\r\n                n1 = n1.parentNode || n1.ownerElement;\r\n                d1--;\r\n            }\r\n            if (n1 === n2) {\r\n                return 1;\r\n            }\r\n        } else if (d2 > d1) {\r\n            while (d2 > d1) {\r\n                n2 = n2.parentNode || n2.ownerElement;\r\n                d2--;\r\n            }\r\n            if (n1 === n2) {\r\n                return -1;\r\n            }\r\n        }\r\n\r\n        var n1Par = n1.parentNode || n1.ownerElement,\r\n            n2Par = n2.parentNode || n2.ownerElement;\r\n\r\n        // find common parent\r\n        while (n1Par !== n2Par) {\r\n            n1 = n1Par;\r\n            n2 = n2Par;\r\n            n1Par = n1.parentNode || n1.ownerElement;\r\n            n2Par = n2.parentNode || n2.ownerElement;\r\n        }\r\n\r\n        var n1isAttr = isAttributeLike(n1);\r\n        var n2isAttr = isAttributeLike(n2);\r\n\r\n        if (n1isAttr && !n2isAttr) {\r\n            return -1;\r\n        }\r\n        if (!n1isAttr && n2isAttr) {\r\n            return 1;\r\n        }\r\n\r\n        // xml namespace node comes before others. namespace nodes before non-namespace nodes\r\n        if (n1.isXPathNamespace) {\r\n            if (n1.nodeValue === XPath.XML_NAMESPACE_URI) {\r\n                return -1;\r\n            }\r\n\r\n            if (!n2.isXPathNamespace) {\r\n                return -1;\r\n            }\r\n\r\n            if (n2.nodeValue === XPath.XML_NAMESPACE_URI) {\r\n                return 1;\r\n            }\r\n        } else if (n2.isXPathNamespace) {\r\n            return 1;\r\n        }\r\n\r\n        if (n1Par) {\r\n            var cn = n1isAttr ? n1Par.attributes : n1Par.childNodes;\r\n            var len = cn.length;\r\n            var n1Compare = n1.baseNode || n1;\r\n            var n2Compare = n2.baseNode || n2;\r\n\r\n            for (var i = 0; i < len; i += 1) {\r\n                var n = cn[i];\r\n                if (n === n1Compare) {\r\n                    return -1;\r\n                }\r\n                if (n === n2Compare) {\r\n                    return 1;\r\n                }\r\n            }\r\n        }\r\n\r\n        throw new Error('Unexpected: could not determine node order');\r\n    }\r\n\r\n    AVLTree.prototype.add = function (n) {\r\n        if (n === this.node) {\r\n            return false;\r\n        }\r\n\r\n        var o = nodeOrder(n, this.node);\r\n\r\n        var ret = false;\r\n        if (o == -1) {\r\n            if (this.left == null) {\r\n                this.left = new AVLTree(n);\r\n                ret = true;\r\n            } else {\r\n                ret = this.left.add(n);\r\n                if (ret) {\r\n                    this.balance();\r\n                }\r\n            }\r\n        } else if (o == 1) {\r\n            if (this.right == null) {\r\n                this.right = new AVLTree(n);\r\n                ret = true;\r\n            } else {\r\n                ret = this.right.add(n);\r\n                if (ret) {\r\n                    this.balance();\r\n                }\r\n            }\r\n        }\r\n\r\n        if (ret) {\r\n            this.getDepthFromChildren();\r\n        }\r\n        return ret;\r\n    };\r\n\r\n    // XNodeSet //////////////////////////////////////////////////////////////////\r\n\r\n    XNodeSet.prototype = new Expression();\r\n    XNodeSet.prototype.constructor = XNodeSet;\r\n    XNodeSet.superclass = Expression.prototype;\r\n\r\n    function XNodeSet() {\r\n        this.init();\r\n    }\r\n\r\n    XNodeSet.prototype.init = function () {\r\n        this.tree = null;\r\n        this.nodes = [];\r\n        this.size = 0;\r\n    };\r\n\r\n    XNodeSet.prototype.toString = function () {\r\n        var p = this.first();\r\n        if (p == null) {\r\n            return \"\";\r\n        }\r\n        return this.stringForNode(p);\r\n    };\r\n\r\n    XNodeSet.prototype.evaluate = function (c) {\r\n        return this;\r\n    };\r\n\r\n    XNodeSet.prototype.string = function () {\r\n        return new XString(this.toString());\r\n    };\r\n\r\n    XNodeSet.prototype.stringValue = function () {\r\n        return this.toString();\r\n    };\r\n\r\n    XNodeSet.prototype.number = function () {\r\n        return new XNumber(this.string());\r\n    };\r\n\r\n    XNodeSet.prototype.numberValue = function () {\r\n        return Number(this.string());\r\n    };\r\n\r\n    XNodeSet.prototype.bool = function () {\r\n        return new XBoolean(this.booleanValue());\r\n    };\r\n\r\n    XNodeSet.prototype.booleanValue = function () {\r\n        return !!this.size;\r\n    };\r\n\r\n    XNodeSet.prototype.nodeset = function () {\r\n        return this;\r\n    };\r\n\r\n    XNodeSet.prototype.stringForNode = function (n) {\r\n        if (n.nodeType == NodeTypes.DOCUMENT_NODE ||\r\n            n.nodeType == NodeTypes.ELEMENT_NODE ||\r\n            n.nodeType === NodeTypes.DOCUMENT_FRAGMENT_NODE) {\r\n            return this.stringForContainerNode(n);\r\n        }\r\n        if (n.nodeType === NodeTypes.ATTRIBUTE_NODE) {\r\n            return n.value || n.nodeValue;\r\n        }\r\n        if (n.isNamespaceNode) {\r\n            return n.namespace;\r\n        }\r\n        return n.nodeValue;\r\n    };\r\n\r\n    XNodeSet.prototype.stringForContainerNode = function (n) {\r\n        var s = \"\";\r\n        for (var n2 = n.firstChild; n2 != null; n2 = n2.nextSibling) {\r\n            var nt = n2.nodeType;\r\n            //  Element,    Text,       CDATA,      Document,   Document Fragment\r\n            if (nt === 1 || nt === 3 || nt === 4 || nt === 9 || nt === 11) {\r\n                s += this.stringForNode(n2);\r\n            }\r\n        }\r\n        return s;\r\n    };\r\n\r\n    XNodeSet.prototype.buildTree = function () {\r\n        if (!this.tree && this.nodes.length) {\r\n            this.tree = new AVLTree(this.nodes[0]);\r\n            for (var i = 1; i < this.nodes.length; i += 1) {\r\n                this.tree.add(this.nodes[i]);\r\n            }\r\n        }\r\n\r\n        return this.tree;\r\n    };\r\n\r\n    XNodeSet.prototype.first = function () {\r\n        var p = this.buildTree();\r\n        if (p == null) {\r\n            return null;\r\n        }\r\n        while (p.left != null) {\r\n            p = p.left;\r\n        }\r\n        return p.node;\r\n    };\r\n\r\n    XNodeSet.prototype.add = function (n) {\r\n        for (var i = 0; i < this.nodes.length; i += 1) {\r\n            if (n === this.nodes[i]) {\r\n                return;\r\n            }\r\n        }\r\n\r\n        this.tree = null;\r\n        this.nodes.push(n);\r\n        this.size += 1;\r\n    };\r\n\r\n    XNodeSet.prototype.addArray = function (ns) {\r\n        var self = this;\r\n\r\n        forEach(function (x) { self.add(x); }, ns);\r\n    };\r\n\r\n    /**\r\n     * Returns an array of the node set's contents in document order\r\n     */\r\n    XNodeSet.prototype.toArray = function () {\r\n        var a = [];\r\n        this.toArrayRec(this.buildTree(), a);\r\n        return a;\r\n    };\r\n\r\n    XNodeSet.prototype.toArrayRec = function (t, a) {\r\n        if (t != null) {\r\n            this.toArrayRec(t.left, a);\r\n            a.push(t.node);\r\n            this.toArrayRec(t.right, a);\r\n        }\r\n    };\r\n\r\n    /**\r\n     * Returns an array of the node set's contents in arbitrary order\r\n     */\r\n    XNodeSet.prototype.toUnsortedArray = function () {\r\n        return this.nodes.slice();\r\n    };\r\n\r\n    XNodeSet.prototype.compareWithString = function (r, o) {\r\n        var a = this.toUnsortedArray();\r\n        for (var i = 0; i < a.length; i++) {\r\n            var n = a[i];\r\n            var l = new XString(this.stringForNode(n));\r\n            var res = o(l, r);\r\n            if (res.booleanValue()) {\r\n                return res;\r\n            }\r\n        }\r\n        return new XBoolean(false);\r\n    };\r\n\r\n    XNodeSet.prototype.compareWithNumber = function (r, o) {\r\n        var a = this.toUnsortedArray();\r\n        for (var i = 0; i < a.length; i++) {\r\n            var n = a[i];\r\n            var l = new XNumber(this.stringForNode(n));\r\n            var res = o(l, r);\r\n            if (res.booleanValue()) {\r\n                return res;\r\n            }\r\n        }\r\n        return new XBoolean(false);\r\n    };\r\n\r\n    XNodeSet.prototype.compareWithBoolean = function (r, o) {\r\n        return o(this.bool(), r);\r\n    };\r\n\r\n    XNodeSet.prototype.compareWithNodeSet = function (r, o) {\r\n        var arr = this.toUnsortedArray();\r\n        var oInvert = function (lop, rop) { return o(rop, lop); };\r\n\r\n        for (var i = 0; i < arr.length; i++) {\r\n            var l = new XString(this.stringForNode(arr[i]));\r\n\r\n            var res = r.compareWithString(l, oInvert);\r\n            if (res.booleanValue()) {\r\n                return res;\r\n            }\r\n        }\r\n\r\n        return new XBoolean(false);\r\n    };\r\n\r\n    XNodeSet.compareWith = curry(function (o, r) {\r\n        if (Utilities.instance_of(r, XString)) {\r\n            return this.compareWithString(r, o);\r\n        }\r\n        if (Utilities.instance_of(r, XNumber)) {\r\n            return this.compareWithNumber(r, o);\r\n        }\r\n        if (Utilities.instance_of(r, XBoolean)) {\r\n            return this.compareWithBoolean(r, o);\r\n        }\r\n        return this.compareWithNodeSet(r, o);\r\n    });\r\n\r\n    XNodeSet.prototype.equals = XNodeSet.compareWith(Operators.equals);\r\n    XNodeSet.prototype.notequal = XNodeSet.compareWith(Operators.notequal);\r\n    XNodeSet.prototype.lessthan = XNodeSet.compareWith(Operators.lessthan);\r\n    XNodeSet.prototype.greaterthan = XNodeSet.compareWith(Operators.greaterthan);\r\n    XNodeSet.prototype.lessthanorequal = XNodeSet.compareWith(Operators.lessthanorequal);\r\n    XNodeSet.prototype.greaterthanorequal = XNodeSet.compareWith(Operators.greaterthanorequal);\r\n\r\n    XNodeSet.prototype.union = function (r) {\r\n        var ns = new XNodeSet();\r\n        ns.addArray(this.toUnsortedArray());\r\n        ns.addArray(r.toUnsortedArray());\r\n        return ns;\r\n    };\r\n\r\n    // XPathNamespace ////////////////////////////////////////////////////////////\r\n\r\n    XPathNamespace.prototype = new Object();\r\n    XPathNamespace.prototype.constructor = XPathNamespace;\r\n    XPathNamespace.superclass = Object.prototype;\r\n\r\n    function XPathNamespace(pre, node, uri, p) {\r\n        this.isXPathNamespace = true;\r\n        this.baseNode = node;\r\n        this.ownerDocument = p.ownerDocument;\r\n        this.nodeName = pre;\r\n        this.prefix = pre;\r\n        this.localName = pre;\r\n        this.namespaceURI = null;\r\n        this.nodeValue = uri;\r\n        this.ownerElement = p;\r\n        this.nodeType = NodeTypes.NAMESPACE_NODE;\r\n    }\r\n\r\n    XPathNamespace.prototype.toString = function () {\r\n        return \"{ \\\"\" + this.prefix + \"\\\", \\\"\" + this.namespaceURI + \"\\\" }\";\r\n    };\r\n\r\n    // XPathContext //////////////////////////////////////////////////////////////\r\n\r\n    XPathContext.prototype = new Object();\r\n    XPathContext.prototype.constructor = XPathContext;\r\n    XPathContext.superclass = Object.prototype;\r\n\r\n    function XPathContext(vr, nr, fr) {\r\n        this.variableResolver = vr != null ? vr : new VariableResolver();\r\n        this.namespaceResolver = nr != null ? nr : new NamespaceResolver();\r\n        this.functionResolver = fr != null ? fr : new FunctionResolver();\r\n    }\r\n\r\n    XPathContext.prototype.extend = function (newProps) {\r\n        return assign(new XPathContext(), this, newProps);\r\n    };\r\n\r\n    // VariableResolver //////////////////////////////////////////////////////////\r\n\r\n    VariableResolver.prototype = new Object();\r\n    VariableResolver.prototype.constructor = VariableResolver;\r\n    VariableResolver.superclass = Object.prototype;\r\n\r\n    function VariableResolver() {\r\n    }\r\n\r\n    VariableResolver.prototype.getVariable = function (ln, ns) {\r\n        return null;\r\n    };\r\n\r\n    // FunctionResolver //////////////////////////////////////////////////////////\r\n\r\n    FunctionResolver.prototype = new Object();\r\n    FunctionResolver.prototype.constructor = FunctionResolver;\r\n    FunctionResolver.superclass = Object.prototype;\r\n\r\n    function FunctionResolver(thisArg) {\r\n        this.thisArg = thisArg != null ? thisArg : Functions;\r\n        this.functions = new Object();\r\n        this.addStandardFunctions();\r\n    }\r\n\r\n    FunctionResolver.prototype.addStandardFunctions = function () {\r\n        this.functions[\"{}last\"] = Functions.last;\r\n        this.functions[\"{}position\"] = Functions.position;\r\n        this.functions[\"{}count\"] = Functions.count;\r\n        this.functions[\"{}id\"] = Functions.id;\r\n        this.functions[\"{}local-name\"] = Functions.localName;\r\n        this.functions[\"{}namespace-uri\"] = Functions.namespaceURI;\r\n        this.functions[\"{}name\"] = Functions.name;\r\n        this.functions[\"{}string\"] = Functions.string;\r\n        this.functions[\"{}concat\"] = Functions.concat;\r\n        this.functions[\"{}starts-with\"] = Functions.startsWith;\r\n        this.functions[\"{}contains\"] = Functions.contains;\r\n        this.functions[\"{}substring-before\"] = Functions.substringBefore;\r\n        this.functions[\"{}substring-after\"] = Functions.substringAfter;\r\n        this.functions[\"{}substring\"] = Functions.substring;\r\n        this.functions[\"{}string-length\"] = Functions.stringLength;\r\n        this.functions[\"{}normalize-space\"] = Functions.normalizeSpace;\r\n        this.functions[\"{}translate\"] = Functions.translate;\r\n        this.functions[\"{}boolean\"] = Functions.boolean_;\r\n        this.functions[\"{}not\"] = Functions.not;\r\n        this.functions[\"{}true\"] = Functions.true_;\r\n        this.functions[\"{}false\"] = Functions.false_;\r\n        this.functions[\"{}lang\"] = Functions.lang;\r\n        this.functions[\"{}number\"] = Functions.number;\r\n        this.functions[\"{}sum\"] = Functions.sum;\r\n        this.functions[\"{}floor\"] = Functions.floor;\r\n        this.functions[\"{}ceiling\"] = Functions.ceiling;\r\n        this.functions[\"{}round\"] = Functions.round;\r\n    };\r\n\r\n    FunctionResolver.prototype.addFunction = function (ns, ln, f) {\r\n        this.functions[\"{\" + ns + \"}\" + ln] = f;\r\n    };\r\n\r\n    FunctionResolver.getFunctionFromContext = function (qName, context) {\r\n        var parts = Utilities.resolveQName(qName, context.namespaceResolver, context.contextNode, false);\r\n\r\n        if (parts[0] === null) {\r\n            throw new Error(\"Cannot resolve QName \" + name);\r\n        }\r\n\r\n        return context.functionResolver.getFunction(parts[1], parts[0]);\r\n    };\r\n\r\n    FunctionResolver.prototype.getFunction = function (localName, namespace) {\r\n        return this.functions[\"{\" + namespace + \"}\" + localName];\r\n    };\r\n\r\n    // NamespaceResolver /////////////////////////////////////////////////////////\r\n\r\n    NamespaceResolver.prototype = new Object();\r\n    NamespaceResolver.prototype.constructor = NamespaceResolver;\r\n    NamespaceResolver.superclass = Object.prototype;\r\n\r\n    function NamespaceResolver() {\r\n    }\r\n\r\n    NamespaceResolver.prototype.getNamespace = function (prefix, n) {\r\n        if (prefix == \"xml\") {\r\n            return XPath.XML_NAMESPACE_URI;\r\n        } else if (prefix == \"xmlns\") {\r\n            return XPath.XMLNS_NAMESPACE_URI;\r\n        }\r\n        if (n.nodeType == NodeTypes.DOCUMENT_NODE) {\r\n            n = n.documentElement;\r\n        } else if (n.nodeType == NodeTypes.ATTRIBUTE_NODE) {\r\n            n = PathExpr.getOwnerElement(n);\r\n        } else if (n.nodeType != NodeTypes.ELEMENT_NODE) {\r\n            n = n.parentNode;\r\n        }\r\n        while (n != null && n.nodeType == NodeTypes.ELEMENT_NODE) {\r\n            var nnm = n.attributes;\r\n            for (var i = 0; i < nnm.length; i++) {\r\n                var a = nnm.item(i);\r\n                var aname = a.name || a.nodeName;\r\n                if ((aname === \"xmlns\" && prefix === \"\")\r\n                    || aname === \"xmlns:\" + prefix) {\r\n                    return String(a.value || a.nodeValue);\r\n                }\r\n            }\r\n            n = n.parentNode;\r\n        }\r\n        return null;\r\n    };\r\n\r\n    // Functions /////////////////////////////////////////////////////////////////\r\n\r\n    var Functions = new Object();\r\n\r\n    Functions.last = function (c) {\r\n        if (arguments.length != 1) {\r\n            throw new Error(\"Function last expects ()\");\r\n        }\r\n\r\n        return new XNumber(c.contextSize);\r\n    };\r\n\r\n    Functions.position = function (c) {\r\n        if (arguments.length != 1) {\r\n            throw new Error(\"Function position expects ()\");\r\n        }\r\n\r\n        return new XNumber(c.contextPosition);\r\n    };\r\n\r\n    Functions.count = function () {\r\n        var c = arguments[0];\r\n        var ns;\r\n        if (arguments.length != 2 || !Utilities.instance_of(ns = arguments[1].evaluate(c), XNodeSet)) {\r\n            throw new Error(\"Function count expects (node-set)\");\r\n        }\r\n        return new XNumber(ns.size);\r\n    };\r\n\r\n    Functions.id = function () {\r\n        var c = arguments[0];\r\n        var id;\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function id expects (object)\");\r\n        }\r\n        id = arguments[1].evaluate(c);\r\n        if (Utilities.instance_of(id, XNodeSet)) {\r\n            id = id.toArray().join(\" \");\r\n        } else {\r\n            id = id.stringValue();\r\n        }\r\n        var ids = id.split(/[\\x0d\\x0a\\x09\\x20]+/);\r\n        var count = 0;\r\n        var ns = new XNodeSet();\r\n        var doc = c.contextNode.nodeType == NodeTypes.DOCUMENT_NODE\r\n            ? c.contextNode\r\n            : c.contextNode.ownerDocument;\r\n        for (var i = 0; i < ids.length; i++) {\r\n            var n;\r\n            if (doc.getElementById) {\r\n                n = doc.getElementById(ids[i]);\r\n            } else {\r\n                n = Utilities.getElementById(doc, ids[i]);\r\n            }\r\n            if (n != null) {\r\n                ns.add(n);\r\n                count++;\r\n            }\r\n        }\r\n        return ns;\r\n    };\r\n\r\n    Functions.localName = function (c, eNode) {\r\n        var n;\r\n\r\n        if (arguments.length == 1) {\r\n            n = c.contextNode;\r\n        } else if (arguments.length == 2) {\r\n            n = eNode.evaluate(c).first();\r\n        } else {\r\n            throw new Error(\"Function local-name expects (node-set?)\");\r\n        }\r\n\r\n        if (n == null) {\r\n            return new XString(\"\");\r\n        }\r\n\r\n        return new XString(\r\n            n.localName ||     //  standard elements and attributes\r\n            n.baseName ||     //  IE\r\n            n.target ||     //  processing instructions\r\n            n.nodeName ||     //  DOM1 elements\r\n            \"\"                 //  fallback\r\n        );\r\n    };\r\n\r\n    Functions.namespaceURI = function () {\r\n        var c = arguments[0];\r\n        var n;\r\n\r\n        if (arguments.length == 1) {\r\n            n = c.contextNode;\r\n        } else if (arguments.length == 2) {\r\n            n = arguments[1].evaluate(c).first();\r\n        } else {\r\n            throw new Error(\"Function namespace-uri expects (node-set?)\");\r\n        }\r\n\r\n        if (n == null) {\r\n            return new XString(\"\");\r\n        }\r\n        return new XString(n.namespaceURI || '');\r\n    };\r\n\r\n    Functions.name = function () {\r\n        var c = arguments[0];\r\n        var n;\r\n        if (arguments.length == 1) {\r\n            n = c.contextNode;\r\n        } else if (arguments.length == 2) {\r\n            n = arguments[1].evaluate(c).first();\r\n        } else {\r\n            throw new Error(\"Function name expects (node-set?)\");\r\n        }\r\n        if (n == null) {\r\n            return new XString(\"\");\r\n        }\r\n        if (n.nodeType == NodeTypes.ELEMENT_NODE) {\r\n            return new XString(n.nodeName);\r\n        } else if (n.nodeType == NodeTypes.ATTRIBUTE_NODE) {\r\n            return new XString(n.name || n.nodeName);\r\n        } else if (n.nodeType === NodeTypes.PROCESSING_INSTRUCTION_NODE) {\r\n            return new XString(n.target || n.nodeName);\r\n        } else if (n.localName == null) {\r\n            return new XString(\"\");\r\n        } else {\r\n            return new XString(n.localName);\r\n        }\r\n    };\r\n\r\n    Functions.string = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length == 1) {\r\n            return new XString(XNodeSet.prototype.stringForNode(c.contextNode));\r\n        } else if (arguments.length == 2) {\r\n            return arguments[1].evaluate(c).string();\r\n        }\r\n        throw new Error(\"Function string expects (object?)\");\r\n    };\r\n\r\n    Functions.concat = function (c) {\r\n        if (arguments.length < 3) {\r\n            throw new Error(\"Function concat expects (string, string[, string]*)\");\r\n        }\r\n        var s = \"\";\r\n        for (var i = 1; i < arguments.length; i++) {\r\n            s += arguments[i].evaluate(c).stringValue();\r\n        }\r\n        return new XString(s);\r\n    };\r\n\r\n    Functions.startsWith = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 3) {\r\n            throw new Error(\"Function startsWith expects (string, string)\");\r\n        }\r\n        var s1 = arguments[1].evaluate(c).stringValue();\r\n        var s2 = arguments[2].evaluate(c).stringValue();\r\n        return new XBoolean(s1.substring(0, s2.length) == s2);\r\n    };\r\n\r\n    Functions.contains = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 3) {\r\n            throw new Error(\"Function contains expects (string, string)\");\r\n        }\r\n        var s1 = arguments[1].evaluate(c).stringValue();\r\n        var s2 = arguments[2].evaluate(c).stringValue();\r\n        return new XBoolean(s1.indexOf(s2) !== -1);\r\n    };\r\n\r\n    Functions.substringBefore = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 3) {\r\n            throw new Error(\"Function substring-before expects (string, string)\");\r\n        }\r\n        var s1 = arguments[1].evaluate(c).stringValue();\r\n        var s2 = arguments[2].evaluate(c).stringValue();\r\n        return new XString(s1.substring(0, s1.indexOf(s2)));\r\n    };\r\n\r\n    Functions.substringAfter = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 3) {\r\n            throw new Error(\"Function substring-after expects (string, string)\");\r\n        }\r\n        var s1 = arguments[1].evaluate(c).stringValue();\r\n        var s2 = arguments[2].evaluate(c).stringValue();\r\n        if (s2.length == 0) {\r\n            return new XString(s1);\r\n        }\r\n        var i = s1.indexOf(s2);\r\n        if (i == -1) {\r\n            return new XString(\"\");\r\n        }\r\n        return new XString(s1.substring(i + s2.length));\r\n    };\r\n\r\n    Functions.substring = function () {\r\n        var c = arguments[0];\r\n        if (!(arguments.length == 3 || arguments.length == 4)) {\r\n            throw new Error(\"Function substring expects (string, number, number?)\");\r\n        }\r\n        var s = arguments[1].evaluate(c).stringValue();\r\n        var n1 = Math.round(arguments[2].evaluate(c).numberValue()) - 1;\r\n        var n2 = arguments.length == 4 ? n1 + Math.round(arguments[3].evaluate(c).numberValue()) : undefined;\r\n        return new XString(s.substring(n1, n2));\r\n    };\r\n\r\n    Functions.stringLength = function () {\r\n        var c = arguments[0];\r\n        var s;\r\n        if (arguments.length == 1) {\r\n            s = XNodeSet.prototype.stringForNode(c.contextNode);\r\n        } else if (arguments.length == 2) {\r\n            s = arguments[1].evaluate(c).stringValue();\r\n        } else {\r\n            throw new Error(\"Function string-length expects (string?)\");\r\n        }\r\n        return new XNumber(s.length);\r\n    };\r\n\r\n    Functions.normalizeSpace = function () {\r\n        var c = arguments[0];\r\n        var s;\r\n        if (arguments.length == 1) {\r\n            s = XNodeSet.prototype.stringForNode(c.contextNode);\r\n        } else if (arguments.length == 2) {\r\n            s = arguments[1].evaluate(c).stringValue();\r\n        } else {\r\n            throw new Error(\"Function normalize-space expects (string?)\");\r\n        }\r\n        var i = 0;\r\n        var j = s.length - 1;\r\n        while (Utilities.isSpace(s.charCodeAt(j))) {\r\n            j--;\r\n        }\r\n        var t = \"\";\r\n        while (i <= j && Utilities.isSpace(s.charCodeAt(i))) {\r\n            i++;\r\n        }\r\n        while (i <= j) {\r\n            if (Utilities.isSpace(s.charCodeAt(i))) {\r\n                t += \" \";\r\n                while (i <= j && Utilities.isSpace(s.charCodeAt(i))) {\r\n                    i++;\r\n                }\r\n            } else {\r\n                t += s.charAt(i);\r\n                i++;\r\n            }\r\n        }\r\n        return new XString(t);\r\n    };\r\n\r\n    Functions.translate = function (c, eValue, eFrom, eTo) {\r\n        if (arguments.length != 4) {\r\n            throw new Error(\"Function translate expects (string, string, string)\");\r\n        }\r\n\r\n        var value = eValue.evaluate(c).stringValue();\r\n        var from = eFrom.evaluate(c).stringValue();\r\n        var to = eTo.evaluate(c).stringValue();\r\n\r\n        var cMap = reduce(function (acc, ch, i) {\r\n            if (!(ch in acc)) {\r\n                acc[ch] = i > to.length ? '' : to[i];\r\n            }\r\n            return acc;\r\n        }, {}, from);\r\n\r\n        var t = join(\r\n            '',\r\n            map(function (ch) {\r\n                return ch in cMap ? cMap[ch] : ch;\r\n            }, value)\r\n        );\r\n\r\n        return new XString(t);\r\n    };\r\n\r\n    Functions.boolean_ = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function boolean expects (object)\");\r\n        }\r\n        return arguments[1].evaluate(c).bool();\r\n    };\r\n\r\n    Functions.not = function (c, eValue) {\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function not expects (object)\");\r\n        }\r\n        return eValue.evaluate(c).bool().not();\r\n    };\r\n\r\n    Functions.true_ = function () {\r\n        if (arguments.length != 1) {\r\n            throw new Error(\"Function true expects ()\");\r\n        }\r\n        return XBoolean.true_;\r\n    };\r\n\r\n    Functions.false_ = function () {\r\n        if (arguments.length != 1) {\r\n            throw new Error(\"Function false expects ()\");\r\n        }\r\n        return XBoolean.false_;\r\n    };\r\n\r\n    Functions.lang = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function lang expects (string)\");\r\n        }\r\n        var lang;\r\n        for (var n = c.contextNode; n != null && n.nodeType != NodeTypes.DOCUMENT_NODE; n = n.parentNode) {\r\n            var a = n.getAttributeNS(XPath.XML_NAMESPACE_URI, \"lang\");\r\n            if (a != null) {\r\n                lang = String(a);\r\n                break;\r\n            }\r\n        }\r\n        if (lang == null) {\r\n            return XBoolean.false_;\r\n        }\r\n        var s = arguments[1].evaluate(c).stringValue();\r\n        return new XBoolean(lang.substring(0, s.length) == s\r\n            && (lang.length == s.length || lang.charAt(s.length) == '-'));\r\n    };\r\n\r\n    Functions.number = function () {\r\n        var c = arguments[0];\r\n        if (!(arguments.length == 1 || arguments.length == 2)) {\r\n            throw new Error(\"Function number expects (object?)\");\r\n        }\r\n        if (arguments.length == 1) {\r\n            return new XNumber(XNodeSet.prototype.stringForNode(c.contextNode));\r\n        }\r\n        return arguments[1].evaluate(c).number();\r\n    };\r\n\r\n    Functions.sum = function () {\r\n        var c = arguments[0];\r\n        var ns;\r\n        if (arguments.length != 2 || !Utilities.instance_of((ns = arguments[1].evaluate(c)), XNodeSet)) {\r\n            throw new Error(\"Function sum expects (node-set)\");\r\n        }\r\n        ns = ns.toUnsortedArray();\r\n        var n = 0;\r\n        for (var i = 0; i < ns.length; i++) {\r\n            n += new XNumber(XNodeSet.prototype.stringForNode(ns[i])).numberValue();\r\n        }\r\n        return new XNumber(n);\r\n    };\r\n\r\n    Functions.floor = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function floor expects (number)\");\r\n        }\r\n        return new XNumber(Math.floor(arguments[1].evaluate(c).numberValue()));\r\n    };\r\n\r\n    Functions.ceiling = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function ceiling expects (number)\");\r\n        }\r\n        return new XNumber(Math.ceil(arguments[1].evaluate(c).numberValue()));\r\n    };\r\n\r\n    Functions.round = function () {\r\n        var c = arguments[0];\r\n        if (arguments.length != 2) {\r\n            throw new Error(\"Function round expects (number)\");\r\n        }\r\n        return new XNumber(Math.round(arguments[1].evaluate(c).numberValue()));\r\n    };\r\n\r\n    // Utilities /////////////////////////////////////////////////////////////////\r\n\r\n    var Utilities = new Object();\r\n\r\n    // Returns true if the node is an attribute node or namespace node\r\n    var isAttributeLike = function (val) {\r\n        return val && (\r\n            val.nodeType === NodeTypes.ATTRIBUTE_NODE ||\r\n            val.ownerElement ||\r\n            val.isXPathNamespace\r\n        );\r\n    }\r\n\r\n    Utilities.splitQName = function (qn) {\r\n        var i = qn.indexOf(\":\");\r\n        if (i == -1) {\r\n            return [null, qn];\r\n        }\r\n        return [qn.substring(0, i), qn.substring(i + 1)];\r\n    };\r\n\r\n    Utilities.resolveQName = function (qn, nr, n, useDefault) {\r\n        var parts = Utilities.splitQName(qn);\r\n        if (parts[0] != null) {\r\n            parts[0] = nr.getNamespace(parts[0], n);\r\n        } else {\r\n            if (useDefault) {\r\n                parts[0] = nr.getNamespace(\"\", n);\r\n                if (parts[0] == null) {\r\n                    parts[0] = \"\";\r\n                }\r\n            } else {\r\n                parts[0] = \"\";\r\n            }\r\n        }\r\n        return parts;\r\n    };\r\n\r\n    Utilities.isSpace = function (c) {\r\n        return c == 0x9 || c == 0xd || c == 0xa || c == 0x20;\r\n    };\r\n\r\n    Utilities.isLetter = function (c) {\r\n        return c >= 0x0041 && c <= 0x005A ||\r\n            c >= 0x0061 && c <= 0x007A ||\r\n            c >= 0x00C0 && c <= 0x00D6 ||\r\n            c >= 0x00D8 && c <= 0x00F6 ||\r\n            c >= 0x00F8 && c <= 0x00FF ||\r\n            c >= 0x0100 && c <= 0x0131 ||\r\n            c >= 0x0134 && c <= 0x013E ||\r\n            c >= 0x0141 && c <= 0x0148 ||\r\n            c >= 0x014A && c <= 0x017E ||\r\n            c >= 0x0180 && c <= 0x01C3 ||\r\n            c >= 0x01CD && c <= 0x01F0 ||\r\n            c >= 0x01F4 && c <= 0x01F5 ||\r\n            c >= 0x01FA && c <= 0x0217 ||\r\n            c >= 0x0250 && c <= 0x02A8 ||\r\n            c >= 0x02BB && c <= 0x02C1 ||\r\n            c == 0x0386 ||\r\n            c >= 0x0388 && c <= 0x038A ||\r\n            c == 0x038C ||\r\n            c >= 0x038E && c <= 0x03A1 ||\r\n            c >= 0x03A3 && c <= 0x03CE ||\r\n            c >= 0x03D0 && c <= 0x03D6 ||\r\n            c == 0x03DA ||\r\n            c == 0x03DC ||\r\n            c == 0x03DE ||\r\n            c == 0x03E0 ||\r\n            c >= 0x03E2 && c <= 0x03F3 ||\r\n            c >= 0x0401 && c <= 0x040C ||\r\n            c >= 0x040E && c <= 0x044F ||\r\n            c >= 0x0451 && c <= 0x045C ||\r\n            c >= 0x045E && c <= 0x0481 ||\r\n            c >= 0x0490 && c <= 0x04C4 ||\r\n            c >= 0x04C7 && c <= 0x04C8 ||\r\n            c >= 0x04CB && c <= 0x04CC ||\r\n            c >= 0x04D0 && c <= 0x04EB ||\r\n            c >= 0x04EE && c <= 0x04F5 ||\r\n            c >= 0x04F8 && c <= 0x04F9 ||\r\n            c >= 0x0531 && c <= 0x0556 ||\r\n            c == 0x0559 ||\r\n            c >= 0x0561 && c <= 0x0586 ||\r\n            c >= 0x05D0 && c <= 0x05EA ||\r\n            c >= 0x05F0 && c <= 0x05F2 ||\r\n            c >= 0x0621 && c <= 0x063A ||\r\n            c >= 0x0641 && c <= 0x064A ||\r\n            c >= 0x0671 && c <= 0x06B7 ||\r\n            c >= 0x06BA && c <= 0x06BE ||\r\n            c >= 0x06C0 && c <= 0x06CE ||\r\n            c >= 0x06D0 && c <= 0x06D3 ||\r\n            c == 0x06D5 ||\r\n            c >= 0x06E5 && c <= 0x06E6 ||\r\n            c >= 0x0905 && c <= 0x0939 ||\r\n            c == 0x093D ||\r\n            c >= 0x0958 && c <= 0x0961 ||\r\n            c >= 0x0985 && c <= 0x098C ||\r\n            c >= 0x098F && c <= 0x0990 ||\r\n            c >= 0x0993 && c <= 0x09A8 ||\r\n            c >= 0x09AA && c <= 0x09B0 ||\r\n            c == 0x09B2 ||\r\n            c >= 0x09B6 && c <= 0x09B9 ||\r\n            c >= 0x09DC && c <= 0x09DD ||\r\n            c >= 0x09DF && c <= 0x09E1 ||\r\n            c >= 0x09F0 && c <= 0x09F1 ||\r\n            c >= 0x0A05 && c <= 0x0A0A ||\r\n            c >= 0x0A0F && c <= 0x0A10 ||\r\n            c >= 0x0A13 && c <= 0x0A28 ||\r\n            c >= 0x0A2A && c <= 0x0A30 ||\r\n            c >= 0x0A32 && c <= 0x0A33 ||\r\n            c >= 0x0A35 && c <= 0x0A36 ||\r\n            c >= 0x0A38 && c <= 0x0A39 ||\r\n            c >= 0x0A59 && c <= 0x0A5C ||\r\n            c == 0x0A5E ||\r\n            c >= 0x0A72 && c <= 0x0A74 ||\r\n            c >= 0x0A85 && c <= 0x0A8B ||\r\n            c == 0x0A8D ||\r\n            c >= 0x0A8F && c <= 0x0A91 ||\r\n            c >= 0x0A93 && c <= 0x0AA8 ||\r\n            c >= 0x0AAA && c <= 0x0AB0 ||\r\n            c >= 0x0AB2 && c <= 0x0AB3 ||\r\n            c >= 0x0AB5 && c <= 0x0AB9 ||\r\n            c == 0x0ABD ||\r\n            c == 0x0AE0 ||\r\n            c >= 0x0B05 && c <= 0x0B0C ||\r\n            c >= 0x0B0F && c <= 0x0B10 ||\r\n            c >= 0x0B13 && c <= 0x0B28 ||\r\n            c >= 0x0B2A && c <= 0x0B30 ||\r\n            c >= 0x0B32 && c <= 0x0B33 ||\r\n            c >= 0x0B36 && c <= 0x0B39 ||\r\n            c == 0x0B3D ||\r\n            c >= 0x0B5C && c <= 0x0B5D ||\r\n            c >= 0x0B5F && c <= 0x0B61 ||\r\n            c >= 0x0B85 && c <= 0x0B8A ||\r\n            c >= 0x0B8E && c <= 0x0B90 ||\r\n            c >= 0x0B92 && c <= 0x0B95 ||\r\n            c >= 0x0B99 && c <= 0x0B9A ||\r\n            c == 0x0B9C ||\r\n            c >= 0x0B9E && c <= 0x0B9F ||\r\n            c >= 0x0BA3 && c <= 0x0BA4 ||\r\n            c >= 0x0BA8 && c <= 0x0BAA ||\r\n            c >= 0x0BAE && c <= 0x0BB5 ||\r\n            c >= 0x0BB7 && c <= 0x0BB9 ||\r\n            c >= 0x0C05 && c <= 0x0C0C ||\r\n            c >= 0x0C0E && c <= 0x0C10 ||\r\n            c >= 0x0C12 && c <= 0x0C28 ||\r\n            c >= 0x0C2A && c <= 0x0C33 ||\r\n            c >= 0x0C35 && c <= 0x0C39 ||\r\n            c >= 0x0C60 && c <= 0x0C61 ||\r\n            c >= 0x0C85 && c <= 0x0C8C ||\r\n            c >= 0x0C8E && c <= 0x0C90 ||\r\n            c >= 0x0C92 && c <= 0x0CA8 ||\r\n            c >= 0x0CAA && c <= 0x0CB3 ||\r\n            c >= 0x0CB5 && c <= 0x0CB9 ||\r\n            c == 0x0CDE ||\r\n            c >= 0x0CE0 && c <= 0x0CE1 ||\r\n            c >= 0x0D05 && c <= 0x0D0C ||\r\n            c >= 0x0D0E && c <= 0x0D10 ||\r\n            c >= 0x0D12 && c <= 0x0D28 ||\r\n            c >= 0x0D2A && c <= 0x0D39 ||\r\n            c >= 0x0D60 && c <= 0x0D61 ||\r\n            c >= 0x0E01 && c <= 0x0E2E ||\r\n            c == 0x0E30 ||\r\n            c >= 0x0E32 && c <= 0x0E33 ||\r\n            c >= 0x0E40 && c <= 0x0E45 ||\r\n            c >= 0x0E81 && c <= 0x0E82 ||\r\n            c == 0x0E84 ||\r\n            c >= 0x0E87 && c <= 0x0E88 ||\r\n            c == 0x0E8A ||\r\n            c == 0x0E8D ||\r\n            c >= 0x0E94 && c <= 0x0E97 ||\r\n            c >= 0x0E99 && c <= 0x0E9F ||\r\n            c >= 0x0EA1 && c <= 0x0EA3 ||\r\n            c == 0x0EA5 ||\r\n            c == 0x0EA7 ||\r\n            c >= 0x0EAA && c <= 0x0EAB ||\r\n            c >= 0x0EAD && c <= 0x0EAE ||\r\n            c == 0x0EB0 ||\r\n            c >= 0x0EB2 && c <= 0x0EB3 ||\r\n            c == 0x0EBD ||\r\n            c >= 0x0EC0 && c <= 0x0EC4 ||\r\n            c >= 0x0F40 && c <= 0x0F47 ||\r\n            c >= 0x0F49 && c <= 0x0F69 ||\r\n            c >= 0x10A0 && c <= 0x10C5 ||\r\n            c >= 0x10D0 && c <= 0x10F6 ||\r\n            c == 0x1100 ||\r\n            c >= 0x1102 && c <= 0x1103 ||\r\n            c >= 0x1105 && c <= 0x1107 ||\r\n            c == 0x1109 ||\r\n            c >= 0x110B && c <= 0x110C ||\r\n            c >= 0x110E && c <= 0x1112 ||\r\n            c == 0x113C ||\r\n            c == 0x113E ||\r\n            c == 0x1140 ||\r\n            c == 0x114C ||\r\n            c == 0x114E ||\r\n            c == 0x1150 ||\r\n            c >= 0x1154 && c <= 0x1155 ||\r\n            c == 0x1159 ||\r\n            c >= 0x115F && c <= 0x1161 ||\r\n            c == 0x1163 ||\r\n            c == 0x1165 ||\r\n            c == 0x1167 ||\r\n            c == 0x1169 ||\r\n            c >= 0x116D && c <= 0x116E ||\r\n            c >= 0x1172 && c <= 0x1173 ||\r\n            c == 0x1175 ||\r\n            c == 0x119E ||\r\n            c == 0x11A8 ||\r\n            c == 0x11AB ||\r\n            c >= 0x11AE && c <= 0x11AF ||\r\n            c >= 0x11B7 && c <= 0x11B8 ||\r\n            c == 0x11BA ||\r\n            c >= 0x11BC && c <= 0x11C2 ||\r\n            c == 0x11EB ||\r\n            c == 0x11F0 ||\r\n            c == 0x11F9 ||\r\n            c >= 0x1E00 && c <= 0x1E9B ||\r\n            c >= 0x1EA0 && c <= 0x1EF9 ||\r\n            c >= 0x1F00 && c <= 0x1F15 ||\r\n            c >= 0x1F18 && c <= 0x1F1D ||\r\n            c >= 0x1F20 && c <= 0x1F45 ||\r\n            c >= 0x1F48 && c <= 0x1F4D ||\r\n            c >= 0x1F50 && c <= 0x1F57 ||\r\n            c == 0x1F59 ||\r\n            c == 0x1F5B ||\r\n            c == 0x1F5D ||\r\n            c >= 0x1F5F && c <= 0x1F7D ||\r\n            c >= 0x1F80 && c <= 0x1FB4 ||\r\n            c >= 0x1FB6 && c <= 0x1FBC ||\r\n            c == 0x1FBE ||\r\n            c >= 0x1FC2 && c <= 0x1FC4 ||\r\n            c >= 0x1FC6 && c <= 0x1FCC ||\r\n            c >= 0x1FD0 && c <= 0x1FD3 ||\r\n            c >= 0x1FD6 && c <= 0x1FDB ||\r\n            c >= 0x1FE0 && c <= 0x1FEC ||\r\n            c >= 0x1FF2 && c <= 0x1FF4 ||\r\n            c >= 0x1FF6 && c <= 0x1FFC ||\r\n            c == 0x2126 ||\r\n            c >= 0x212A && c <= 0x212B ||\r\n            c == 0x212E ||\r\n            c >= 0x2180 && c <= 0x2182 ||\r\n            c >= 0x3041 && c <= 0x3094 ||\r\n            c >= 0x30A1 && c <= 0x30FA ||\r\n            c >= 0x3105 && c <= 0x312C ||\r\n            c >= 0xAC00 && c <= 0xD7A3 ||\r\n            c >= 0x4E00 && c <= 0x9FA5 ||\r\n            c == 0x3007 ||\r\n            c >= 0x3021 && c <= 0x3029;\r\n    };\r\n\r\n    Utilities.isNCNameChar = function (c) {\r\n        return c >= 0x0030 && c <= 0x0039\r\n            || c >= 0x0660 && c <= 0x0669\r\n            || c >= 0x06F0 && c <= 0x06F9\r\n            || c >= 0x0966 && c <= 0x096F\r\n            || c >= 0x09E6 && c <= 0x09EF\r\n            || c >= 0x0A66 && c <= 0x0A6F\r\n            || c >= 0x0AE6 && c <= 0x0AEF\r\n            || c >= 0x0B66 && c <= 0x0B6F\r\n            || c >= 0x0BE7 && c <= 0x0BEF\r\n            || c >= 0x0C66 && c <= 0x0C6F\r\n            || c >= 0x0CE6 && c <= 0x0CEF\r\n            || c >= 0x0D66 && c <= 0x0D6F\r\n            || c >= 0x0E50 && c <= 0x0E59\r\n            || c >= 0x0ED0 && c <= 0x0ED9\r\n            || c >= 0x0F20 && c <= 0x0F29\r\n            || c == 0x002E\r\n            || c == 0x002D\r\n            || c == 0x005F\r\n            || Utilities.isLetter(c)\r\n            || c >= 0x0300 && c <= 0x0345\r\n            || c >= 0x0360 && c <= 0x0361\r\n            || c >= 0x0483 && c <= 0x0486\r\n            || c >= 0x0591 && c <= 0x05A1\r\n            || c >= 0x05A3 && c <= 0x05B9\r\n            || c >= 0x05BB && c <= 0x05BD\r\n            || c == 0x05BF\r\n            || c >= 0x05C1 && c <= 0x05C2\r\n            || c == 0x05C4\r\n            || c >= 0x064B && c <= 0x0652\r\n            || c == 0x0670\r\n            || c >= 0x06D6 && c <= 0x06DC\r\n            || c >= 0x06DD && c <= 0x06DF\r\n            || c >= 0x06E0 && c <= 0x06E4\r\n            || c >= 0x06E7 && c <= 0x06E8\r\n            || c >= 0x06EA && c <= 0x06ED\r\n            || c >= 0x0901 && c <= 0x0903\r\n            || c == 0x093C\r\n            || c >= 0x093E && c <= 0x094C\r\n            || c == 0x094D\r\n            || c >= 0x0951 && c <= 0x0954\r\n            || c >= 0x0962 && c <= 0x0963\r\n            || c >= 0x0981 && c <= 0x0983\r\n            || c == 0x09BC\r\n            || c == 0x09BE\r\n            || c == 0x09BF\r\n            || c >= 0x09C0 && c <= 0x09C4\r\n            || c >= 0x09C7 && c <= 0x09C8\r\n            || c >= 0x09CB && c <= 0x09CD\r\n            || c == 0x09D7\r\n            || c >= 0x09E2 && c <= 0x09E3\r\n            || c == 0x0A02\r\n            || c == 0x0A3C\r\n            || c == 0x0A3E\r\n            || c == 0x0A3F\r\n            || c >= 0x0A40 && c <= 0x0A42\r\n            || c >= 0x0A47 && c <= 0x0A48\r\n            || c >= 0x0A4B && c <= 0x0A4D\r\n            || c >= 0x0A70 && c <= 0x0A71\r\n            || c >= 0x0A81 && c <= 0x0A83\r\n            || c == 0x0ABC\r\n            || c >= 0x0ABE && c <= 0x0AC5\r\n            || c >= 0x0AC7 && c <= 0x0AC9\r\n            || c >= 0x0ACB && c <= 0x0ACD\r\n            || c >= 0x0B01 && c <= 0x0B03\r\n            || c == 0x0B3C\r\n            || c >= 0x0B3E && c <= 0x0B43\r\n            || c >= 0x0B47 && c <= 0x0B48\r\n            || c >= 0x0B4B && c <= 0x0B4D\r\n            || c >= 0x0B56 && c <= 0x0B57\r\n            || c >= 0x0B82 && c <= 0x0B83\r\n            || c >= 0x0BBE && c <= 0x0BC2\r\n            || c >= 0x0BC6 && c <= 0x0BC8\r\n            || c >= 0x0BCA && c <= 0x0BCD\r\n            || c == 0x0BD7\r\n            || c >= 0x0C01 && c <= 0x0C03\r\n            || c >= 0x0C3E && c <= 0x0C44\r\n            || c >= 0x0C46 && c <= 0x0C48\r\n            || c >= 0x0C4A && c <= 0x0C4D\r\n            || c >= 0x0C55 && c <= 0x0C56\r\n            || c >= 0x0C82 && c <= 0x0C83\r\n            || c >= 0x0CBE && c <= 0x0CC4\r\n            || c >= 0x0CC6 && c <= 0x0CC8\r\n            || c >= 0x0CCA && c <= 0x0CCD\r\n            || c >= 0x0CD5 && c <= 0x0CD6\r\n            || c >= 0x0D02 && c <= 0x0D03\r\n            || c >= 0x0D3E && c <= 0x0D43\r\n            || c >= 0x0D46 && c <= 0x0D48\r\n            || c >= 0x0D4A && c <= 0x0D4D\r\n            || c == 0x0D57\r\n            || c == 0x0E31\r\n            || c >= 0x0E34 && c <= 0x0E3A\r\n            || c >= 0x0E47 && c <= 0x0E4E\r\n            || c == 0x0EB1\r\n            || c >= 0x0EB4 && c <= 0x0EB9\r\n            || c >= 0x0EBB && c <= 0x0EBC\r\n            || c >= 0x0EC8 && c <= 0x0ECD\r\n            || c >= 0x0F18 && c <= 0x0F19\r\n            || c == 0x0F35\r\n            || c == 0x0F37\r\n            || c == 0x0F39\r\n            || c == 0x0F3E\r\n            || c == 0x0F3F\r\n            || c >= 0x0F71 && c <= 0x0F84\r\n            || c >= 0x0F86 && c <= 0x0F8B\r\n            || c >= 0x0F90 && c <= 0x0F95\r\n            || c == 0x0F97\r\n            || c >= 0x0F99 && c <= 0x0FAD\r\n            || c >= 0x0FB1 && c <= 0x0FB7\r\n            || c == 0x0FB9\r\n            || c >= 0x20D0 && c <= 0x20DC\r\n            || c == 0x20E1\r\n            || c >= 0x302A && c <= 0x302F\r\n            || c == 0x3099\r\n            || c == 0x309A\r\n            || c == 0x00B7\r\n            || c == 0x02D0\r\n            || c == 0x02D1\r\n            || c == 0x0387\r\n            || c == 0x0640\r\n            || c == 0x0E46\r\n            || c == 0x0EC6\r\n            || c == 0x3005\r\n            || c >= 0x3031 && c <= 0x3035\r\n            || c >= 0x309D && c <= 0x309E\r\n            || c >= 0x30FC && c <= 0x30FE;\r\n    };\r\n\r\n    Utilities.coalesceText = function (n) {\r\n        for (var m = n.firstChild; m != null; m = m.nextSibling) {\r\n            if (m.nodeType == NodeTypes.TEXT_NODE || m.nodeType == NodeTypes.CDATA_SECTION_NODE) {\r\n                var s = m.nodeValue;\r\n                var first = m;\r\n                m = m.nextSibling;\r\n                while (m != null && (m.nodeType == NodeTypes.TEXT_NODE || m.nodeType == NodeTypes.CDATA_SECTION_NODE)) {\r\n                    s += m.nodeValue;\r\n                    var del = m;\r\n                    m = m.nextSibling;\r\n                    del.parentNode.removeChild(del);\r\n                }\r\n                if (first.nodeType == NodeTypes.CDATA_SECTION_NODE) {\r\n                    var p = first.parentNode;\r\n                    if (first.nextSibling == null) {\r\n                        p.removeChild(first);\r\n                        p.appendChild(p.ownerDocument.createTextNode(s));\r\n                    } else {\r\n                        var next = first.nextSibling;\r\n                        p.removeChild(first);\r\n                        p.insertBefore(p.ownerDocument.createTextNode(s), next);\r\n                    }\r\n                } else {\r\n                    first.nodeValue = s;\r\n                }\r\n                if (m == null) {\r\n                    break;\r\n                }\r\n            } else if (m.nodeType == NodeTypes.ELEMENT_NODE) {\r\n                Utilities.coalesceText(m);\r\n            }\r\n        }\r\n    };\r\n\r\n    Utilities.instance_of = function (o, c) {\r\n        while (o != null) {\r\n            if (o.constructor === c) {\r\n                return true;\r\n            }\r\n            if (o === Object) {\r\n                return false;\r\n            }\r\n            o = o.constructor.superclass;\r\n        }\r\n        return false;\r\n    };\r\n\r\n    Utilities.getElementById = function (n, id) {\r\n        // Note that this does not check the DTD to check for actual\r\n        // attributes of type ID, so this may be a bit wrong.\r\n        if (n.nodeType == NodeTypes.ELEMENT_NODE) {\r\n            if (n.getAttribute(\"id\") == id\r\n                || n.getAttributeNS(null, \"id\") == id) {\r\n                return n;\r\n            }\r\n        }\r\n        for (var m = n.firstChild; m != null; m = m.nextSibling) {\r\n            var res = Utilities.getElementById(m, id);\r\n            if (res != null) {\r\n                return res;\r\n            }\r\n        }\r\n        return null;\r\n    };\r\n\r\n    // XPathException ////////////////////////////////////////////////////////////\r\n\r\n    var XPathException = (function () {\r\n        function getMessage(code, exception) {\r\n            var msg = exception ? \": \" + exception.toString() : \"\";\r\n            switch (code) {\r\n                case XPathException.INVALID_EXPRESSION_ERR:\r\n                    return \"Invalid expression\" + msg;\r\n                case XPathException.TYPE_ERR:\r\n                    return \"Type error\" + msg;\r\n            }\r\n            return null;\r\n        }\r\n\r\n        function XPathException(code, error, message) {\r\n            var err = Error.call(this, getMessage(code, error) || message);\r\n\r\n            err.code = code;\r\n            err.exception = error;\r\n\r\n            return err;\r\n        }\r\n\r\n        XPathException.prototype = Object.create(Error.prototype);\r\n        XPathException.prototype.constructor = XPathException;\r\n        XPathException.superclass = Error;\r\n\r\n        XPathException.prototype.toString = function () {\r\n            return this.message;\r\n        };\r\n\r\n        XPathException.fromMessage = function (message, error) {\r\n            return new XPathException(null, error, message);\r\n        };\r\n\r\n        XPathException.INVALID_EXPRESSION_ERR = 51;\r\n        XPathException.TYPE_ERR = 52;\r\n\r\n        return XPathException;\r\n    })();\r\n\r\n    // XPathExpression ///////////////////////////////////////////////////////////\r\n\r\n    XPathExpression.prototype = {};\r\n    XPathExpression.prototype.constructor = XPathExpression;\r\n    XPathExpression.superclass = Object.prototype;\r\n\r\n    function XPathExpression(e, r, p) {\r\n        this.xpath = p.parse(e);\r\n        this.context = new XPathContext();\r\n        this.context.namespaceResolver = new XPathNSResolverWrapper(r);\r\n    }\r\n\r\n    XPathExpression.getOwnerDocument = function (n) {\r\n        return n.nodeType === NodeTypes.DOCUMENT_NODE ? n : n.ownerDocument;\r\n    }\r\n\r\n    XPathExpression.detectHtmlDom = function (n) {\r\n        if (!n) { return false; }\r\n\r\n        var doc = XPathExpression.getOwnerDocument(n);\r\n\r\n        try {\r\n            return doc.implementation.hasFeature(\"HTML\", \"2.0\");\r\n        } catch (e) {\r\n            return true;\r\n        }\r\n    }\r\n\r\n    XPathExpression.prototype.evaluate = function (n, t, res) {\r\n        this.context.expressionContextNode = n;\r\n        // backward compatibility - no reliable way to detect whether the DOM is HTML, but\r\n        // this library has been using this method up until now, so we will continue to use it\r\n        // ONLY when using an XPathExpression\r\n        this.context.caseInsensitive = XPathExpression.detectHtmlDom(n);\r\n\r\n        var result = this.xpath.evaluate(this.context);\r\n\r\n        return new XPathResult(result, t);\r\n    }\r\n\r\n    // XPathNSResolverWrapper ////////////////////////////////////////////////////\r\n\r\n    XPathNSResolverWrapper.prototype = {};\r\n    XPathNSResolverWrapper.prototype.constructor = XPathNSResolverWrapper;\r\n    XPathNSResolverWrapper.superclass = Object.prototype;\r\n\r\n    function XPathNSResolverWrapper(r) {\r\n        this.xpathNSResolver = r;\r\n    }\r\n\r\n    XPathNSResolverWrapper.prototype.getNamespace = function (prefix, n) {\r\n        if (this.xpathNSResolver == null) {\r\n            return null;\r\n        }\r\n        return this.xpathNSResolver.lookupNamespaceURI(prefix);\r\n    };\r\n\r\n    // NodeXPathNSResolver ///////////////////////////////////////////////////////\r\n\r\n    NodeXPathNSResolver.prototype = {};\r\n    NodeXPathNSResolver.prototype.constructor = NodeXPathNSResolver;\r\n    NodeXPathNSResolver.superclass = Object.prototype;\r\n\r\n    function NodeXPathNSResolver(n) {\r\n        this.node = n;\r\n        this.namespaceResolver = new NamespaceResolver();\r\n    }\r\n\r\n    NodeXPathNSResolver.prototype.lookupNamespaceURI = function (prefix) {\r\n        return this.namespaceResolver.getNamespace(prefix, this.node);\r\n    };\r\n\r\n    // XPathResult ///////////////////////////////////////////////////////////////\r\n\r\n    XPathResult.prototype = {};\r\n    XPathResult.prototype.constructor = XPathResult;\r\n    XPathResult.superclass = Object.prototype;\r\n\r\n    function XPathResult(v, t) {\r\n        if (t == XPathResult.ANY_TYPE) {\r\n            if (v.constructor === XString) {\r\n                t = XPathResult.STRING_TYPE;\r\n            } else if (v.constructor === XNumber) {\r\n                t = XPathResult.NUMBER_TYPE;\r\n            } else if (v.constructor === XBoolean) {\r\n                t = XPathResult.BOOLEAN_TYPE;\r\n            } else if (v.constructor === XNodeSet) {\r\n                t = XPathResult.UNORDERED_NODE_ITERATOR_TYPE;\r\n            }\r\n        }\r\n        this.resultType = t;\r\n        switch (t) {\r\n            case XPathResult.NUMBER_TYPE:\r\n                this.numberValue = v.numberValue();\r\n                return;\r\n            case XPathResult.STRING_TYPE:\r\n                this.stringValue = v.stringValue();\r\n                return;\r\n            case XPathResult.BOOLEAN_TYPE:\r\n                this.booleanValue = v.booleanValue();\r\n                return;\r\n            case XPathResult.ANY_UNORDERED_NODE_TYPE:\r\n            case XPathResult.FIRST_ORDERED_NODE_TYPE:\r\n                if (v.constructor === XNodeSet) {\r\n                    this.singleNodeValue = v.first();\r\n                    return;\r\n                }\r\n                break;\r\n            case XPathResult.UNORDERED_NODE_ITERATOR_TYPE:\r\n            case XPathResult.ORDERED_NODE_ITERATOR_TYPE:\r\n                if (v.constructor === XNodeSet) {\r\n                    this.invalidIteratorState = false;\r\n                    this.nodes = v.toArray();\r\n                    this.iteratorIndex = 0;\r\n                    return;\r\n                }\r\n                break;\r\n            case XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE:\r\n            case XPathResult.ORDERED_NODE_SNAPSHOT_TYPE:\r\n                if (v.constructor === XNodeSet) {\r\n                    this.nodes = v.toArray();\r\n                    this.snapshotLength = this.nodes.length;\r\n                    return;\r\n                }\r\n                break;\r\n        }\r\n        throw new XPathException(XPathException.TYPE_ERR);\r\n    };\r\n\r\n    XPathResult.prototype.iterateNext = function () {\r\n        if (this.resultType != XPathResult.UNORDERED_NODE_ITERATOR_TYPE\r\n            && this.resultType != XPathResult.ORDERED_NODE_ITERATOR_TYPE) {\r\n            throw new XPathException(XPathException.TYPE_ERR);\r\n        }\r\n        return this.nodes[this.iteratorIndex++];\r\n    };\r\n\r\n    XPathResult.prototype.snapshotItem = function (i) {\r\n        if (this.resultType != XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE\r\n            && this.resultType != XPathResult.ORDERED_NODE_SNAPSHOT_TYPE) {\r\n            throw new XPathException(XPathException.TYPE_ERR);\r\n        }\r\n        return this.nodes[i];\r\n    };\r\n\r\n    XPathResult.ANY_TYPE = 0;\r\n    XPathResult.NUMBER_TYPE = 1;\r\n    XPathResult.STRING_TYPE = 2;\r\n    XPathResult.BOOLEAN_TYPE = 3;\r\n    XPathResult.UNORDERED_NODE_ITERATOR_TYPE = 4;\r\n    XPathResult.ORDERED_NODE_ITERATOR_TYPE = 5;\r\n    XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE = 6;\r\n    XPathResult.ORDERED_NODE_SNAPSHOT_TYPE = 7;\r\n    XPathResult.ANY_UNORDERED_NODE_TYPE = 8;\r\n    XPathResult.FIRST_ORDERED_NODE_TYPE = 9;\r\n\r\n    // DOM 3 XPath support ///////////////////////////////////////////////////////\r\n\r\n    function installDOM3XPathSupport(doc, p) {\r\n        doc.createExpression = function (e, r) {\r\n            try {\r\n                return new XPathExpression(e, r, p);\r\n            } catch (e) {\r\n                throw new XPathException(XPathException.INVALID_EXPRESSION_ERR, e);\r\n            }\r\n        };\r\n        doc.createNSResolver = function (n) {\r\n            return new NodeXPathNSResolver(n);\r\n        };\r\n        doc.evaluate = function (e, cn, r, t, res) {\r\n            if (t < 0 || t > 9) {\r\n                throw { code: 0, toString: function () { return \"Request type not supported\"; } };\r\n            }\r\n            return doc.createExpression(e, r, p).evaluate(cn, t, res);\r\n        };\r\n    };\r\n\r\n    // ---------------------------------------------------------------------------\r\n\r\n    // Install DOM 3 XPath support for the current document.\r\n    try {\r\n        var shouldInstall = true;\r\n        try {\r\n            if (document.implementation\r\n                && document.implementation.hasFeature\r\n                && document.implementation.hasFeature(\"XPath\", null)) {\r\n                shouldInstall = false;\r\n            }\r\n        } catch (e) {\r\n        }\r\n        if (shouldInstall) {\r\n            installDOM3XPathSupport(document, new XPathParser());\r\n        }\r\n    } catch (e) {\r\n    }\r\n\r\n    // ---------------------------------------------------------------------------\r\n    // exports for node.js\r\n\r\n    installDOM3XPathSupport(exports, new XPathParser());\r\n\r\n    (function () {\r\n        var parser = new XPathParser();\r\n\r\n        var defaultNSResolver = new NamespaceResolver();\r\n        var defaultFunctionResolver = new FunctionResolver();\r\n        var defaultVariableResolver = new VariableResolver();\r\n\r\n        function makeNSResolverFromFunction(func) {\r\n            return {\r\n                getNamespace: function (prefix, node) {\r\n                    var ns = func(prefix, node);\r\n\r\n                    return ns || defaultNSResolver.getNamespace(prefix, node);\r\n                }\r\n            };\r\n        }\r\n\r\n        function makeNSResolverFromObject(obj) {\r\n            return makeNSResolverFromFunction(obj.getNamespace.bind(obj));\r\n        }\r\n\r\n        function makeNSResolverFromMap(map) {\r\n            return makeNSResolverFromFunction(function (prefix) {\r\n                return map[prefix];\r\n            });\r\n        }\r\n\r\n        function makeNSResolver(resolver) {\r\n            if (resolver && typeof resolver.getNamespace === \"function\") {\r\n                return makeNSResolverFromObject(resolver);\r\n            }\r\n\r\n            if (typeof resolver === \"function\") {\r\n                return makeNSResolverFromFunction(resolver);\r\n            }\r\n\r\n            // assume prefix -> uri mapping\r\n            if (typeof resolver === \"object\") {\r\n                return makeNSResolverFromMap(resolver);\r\n            }\r\n\r\n            return defaultNSResolver;\r\n        }\r\n\r\n        /** Converts native JavaScript types to their XPath library equivalent */\r\n        function convertValue(value) {\r\n            if (value === null ||\r\n                typeof value === \"undefined\" ||\r\n                value instanceof XString ||\r\n                value instanceof XBoolean ||\r\n                value instanceof XNumber ||\r\n                value instanceof XNodeSet) {\r\n                return value;\r\n            }\r\n\r\n            switch (typeof value) {\r\n                case \"string\": return new XString(value);\r\n                case \"boolean\": return new XBoolean(value);\r\n                case \"number\": return new XNumber(value);\r\n            }\r\n\r\n            // assume node(s)\r\n            var ns = new XNodeSet();\r\n            ns.addArray([].concat(value));\r\n            return ns;\r\n        }\r\n\r\n        function makeEvaluator(func) {\r\n            return function (context) {\r\n                var args = Array.prototype.slice.call(arguments, 1).map(function (arg) {\r\n                    return arg.evaluate(context);\r\n                });\r\n                var result = func.apply(this, [].concat(context, args));\r\n                return convertValue(result);\r\n            };\r\n        }\r\n\r\n        function makeFunctionResolverFromFunction(func) {\r\n            return {\r\n                getFunction: function (name, namespace) {\r\n                    var found = func(name, namespace);\r\n                    if (found) {\r\n                        return makeEvaluator(found);\r\n                    }\r\n                    return defaultFunctionResolver.getFunction(name, namespace);\r\n                }\r\n            };\r\n        }\r\n\r\n        function makeFunctionResolverFromObject(obj) {\r\n            return makeFunctionResolverFromFunction(obj.getFunction.bind(obj));\r\n        }\r\n\r\n        function makeFunctionResolverFromMap(map) {\r\n            return makeFunctionResolverFromFunction(function (name) {\r\n                return map[name];\r\n            });\r\n        }\r\n\r\n        function makeFunctionResolver(resolver) {\r\n            if (resolver && typeof resolver.getFunction === \"function\") {\r\n                return makeFunctionResolverFromObject(resolver);\r\n            }\r\n\r\n            if (typeof resolver === \"function\") {\r\n                return makeFunctionResolverFromFunction(resolver);\r\n            }\r\n\r\n            // assume map\r\n            if (typeof resolver === \"object\") {\r\n                return makeFunctionResolverFromMap(resolver);\r\n            }\r\n\r\n            return defaultFunctionResolver;\r\n        }\r\n\r\n        function makeVariableResolverFromFunction(func) {\r\n            return {\r\n                getVariable: function (name, namespace) {\r\n                    var value = func(name, namespace);\r\n                    return convertValue(value);\r\n                }\r\n            };\r\n        }\r\n\r\n        function makeVariableResolver(resolver) {\r\n            if (resolver) {\r\n                if (typeof resolver.getVariable === \"function\") {\r\n                    return makeVariableResolverFromFunction(resolver.getVariable.bind(resolver));\r\n                }\r\n\r\n                if (typeof resolver === \"function\") {\r\n                    return makeVariableResolverFromFunction(resolver);\r\n                }\r\n\r\n                // assume map\r\n                if (typeof resolver === \"object\") {\r\n                    return makeVariableResolverFromFunction(function (name) {\r\n                        return resolver[name];\r\n                    });\r\n                }\r\n            }\r\n\r\n            return defaultVariableResolver;\r\n        }\r\n\r\n        function copyIfPresent(prop, dest, source) {\r\n            if (prop in source) { dest[prop] = source[prop]; }\r\n        }\r\n\r\n        function makeContext(options) {\r\n            var context = new XPathContext();\r\n\r\n            if (options) {\r\n                context.namespaceResolver = makeNSResolver(options.namespaces);\r\n                context.functionResolver = makeFunctionResolver(options.functions);\r\n                context.variableResolver = makeVariableResolver(options.variables);\r\n                context.expressionContextNode = options.node;\r\n                copyIfPresent('allowAnyNamespaceForNoPrefix', context, options);\r\n                copyIfPresent('isHtml', context, options);\r\n            } else {\r\n                context.namespaceResolver = defaultNSResolver;\r\n            }\r\n\r\n            return context;\r\n        }\r\n\r\n        function evaluate(parsedExpression, options) {\r\n            var context = makeContext(options);\r\n\r\n            return parsedExpression.evaluate(context);\r\n        }\r\n\r\n        var evaluatorPrototype = {\r\n            evaluate: function (options) {\r\n                return evaluate(this.expression, options);\r\n            }\r\n\r\n            , evaluateNumber: function (options) {\r\n                return this.evaluate(options).numberValue();\r\n            }\r\n\r\n            , evaluateString: function (options) {\r\n                return this.evaluate(options).stringValue();\r\n            }\r\n\r\n            , evaluateBoolean: function (options) {\r\n                return this.evaluate(options).booleanValue();\r\n            }\r\n\r\n            , evaluateNodeSet: function (options) {\r\n                return this.evaluate(options).nodeset();\r\n            }\r\n\r\n            , select: function (options) {\r\n                return this.evaluateNodeSet(options).toArray()\r\n            }\r\n\r\n            , select1: function (options) {\r\n                return this.select(options)[0];\r\n            }\r\n        };\r\n\r\n        function parse(xpath) {\r\n            var parsed = parser.parse(xpath);\r\n\r\n            return Object.create(evaluatorPrototype, {\r\n                expression: {\r\n                    value: parsed\r\n                }\r\n            });\r\n        }\r\n\r\n        exports.parse = parse;\r\n    })();\r\n\r\n    assign(\r\n        exports,\r\n        {\r\n            XPath: XPath,\r\n            XPathParser: XPathParser,\r\n            XPathResult: XPathResult,\r\n\r\n            Step: Step,\r\n            PathExpr: PathExpr,\r\n            NodeTest: NodeTest,\r\n            LocationPath: LocationPath,\r\n\r\n            OrOperation: OrOperation,\r\n            AndOperation: AndOperation,\r\n\r\n            BarOperation: BarOperation,\r\n\r\n            EqualsOperation: EqualsOperation,\r\n            NotEqualOperation: NotEqualOperation,\r\n            LessThanOperation: LessThanOperation,\r\n            GreaterThanOperation: GreaterThanOperation,\r\n            LessThanOrEqualOperation: LessThanOrEqualOperation,\r\n            GreaterThanOrEqualOperation: GreaterThanOrEqualOperation,\r\n\r\n            PlusOperation: PlusOperation,\r\n            MinusOperation: MinusOperation,\r\n            MultiplyOperation: MultiplyOperation,\r\n            DivOperation: DivOperation,\r\n            ModOperation: ModOperation,\r\n            UnaryMinusOperation: UnaryMinusOperation,\r\n\r\n            FunctionCall: FunctionCall,\r\n            VariableReference: VariableReference,\r\n\r\n            XPathContext: XPathContext,\r\n\r\n            XNodeSet: XNodeSet,\r\n            XBoolean: XBoolean,\r\n            XString: XString,\r\n            XNumber: XNumber,\r\n\r\n            NamespaceResolver: NamespaceResolver,\r\n            FunctionResolver: FunctionResolver,\r\n            VariableResolver: VariableResolver,\r\n\r\n            Utilities: Utilities,\r\n        }\r\n    );\r\n\r\n    // helper\r\n    exports.select = function (e, doc, single) {\r\n        return exports.selectWithResolver(e, doc, null, single);\r\n    };\r\n\r\n    exports.useNamespaces = function (mappings) {\r\n        var resolver = {\r\n            mappings: mappings || {},\r\n            lookupNamespaceURI: function (prefix) {\r\n                return this.mappings[prefix];\r\n            }\r\n        };\r\n\r\n        return function (e, doc, single) {\r\n            return exports.selectWithResolver(e, doc, resolver, single);\r\n        };\r\n    };\r\n\r\n    exports.selectWithResolver = function (e, doc, resolver, single) {\r\n        var expression = new XPathExpression(e, resolver, new XPathParser());\r\n        var type = XPathResult.ANY_TYPE;\r\n\r\n        var result = expression.evaluate(doc, type, null);\r\n\r\n        if (result.resultType == XPathResult.STRING_TYPE) {\r\n            result = result.stringValue;\r\n        }\r\n        else if (result.resultType == XPathResult.NUMBER_TYPE) {\r\n            result = result.numberValue;\r\n        }\r\n        else if (result.resultType == XPathResult.BOOLEAN_TYPE) {\r\n            result = result.booleanValue;\r\n        }\r\n        else {\r\n            result = result.nodes;\r\n            if (single) {\r\n                result = result[0];\r\n            }\r\n        }\r\n\r\n        return result;\r\n    };\r\n\r\n    exports.select1 = function (e, doc) {\r\n        return exports.select(e, doc, true);\r\n    };\r\n\r\n    var isArrayOfNodes = function (value) {\r\n        return Array.isArray(value) && value.every(isNodeLike);\r\n    };\r\n\r\n    var isNodeOfType = function (type) {\r\n        return function (value) {\r\n            return isNodeLike(value) && value.nodeType === type;\r\n        };\r\n    };\r\n\r\n    assign(\r\n        exports,\r\n        {\r\n            isNodeLike: isNodeLike,\r\n            isArrayOfNodes: isArrayOfNodes,\r\n            isElement: isNodeOfType(NodeTypes.ELEMENT_NODE),\r\n            isAttribute: isNodeOfType(NodeTypes.ATTRIBUTE_NODE),\r\n            isTextNode: isNodeOfType(NodeTypes.TEXT_NODE),\r\n            isCDATASection: isNodeOfType(NodeTypes.CDATA_SECTION_NODE),\r\n            isProcessingInstruction: isNodeOfType(NodeTypes.PROCESSING_INSTRUCTION_NODE),\r\n            isComment: isNodeOfType(NodeTypes.COMMENT_NODE),\r\n            isDocumentNode: isNodeOfType(NodeTypes.DOCUMENT_NODE),\r\n            isDocumentTypeNode: isNodeOfType(NodeTypes.DOCUMENT_TYPE_NODE),\r\n            isDocumentFragment: isNodeOfType(NodeTypes.DOCUMENT_FRAGMENT_NODE),\r\n        }\r\n    );\r\n    // end non-node wrapper\r\n})(xpath);\r\n","module.exports = require(\"assert\");","module.exports = require(\"async_hooks\");","module.exports = require(\"buffer\");","module.exports = require(\"child_process\");","module.exports = require(\"console\");","module.exports = require(\"crypto\");","module.exports = require(\"diagnostics_channel\");","module.exports = require(\"events\");","module.exports = require(\"fs\");","module.exports = require(\"http\");","module.exports = require(\"http2\");","module.exports = require(\"https\");","module.exports = require(\"net\");","module.exports = require(\"node:crypto\");","module.exports = require(\"node:events\");","module.exports = require(\"node:stream\");","module.exports = require(\"node:util\");","module.exports = require(\"os\");","module.exports = require(\"path\");","module.exports = require(\"perf_hooks\");","module.exports = require(\"process\");","module.exports = require(\"querystring\");","module.exports = require(\"stream\");","module.exports = require(\"stream/web\");","module.exports = require(\"string_decoder\");","module.exports = require(\"timers\");","module.exports = require(\"tls\");","module.exports = require(\"url\");","module.exports = require(\"util\");","module.exports = require(\"util/types\");","module.exports = require(\"vm\");","module.exports = require(\"worker_threads\");","module.exports = require(\"zlib\");","'use strict'\n\nconst WritableStream = require('node:stream').Writable\nconst inherits = require('node:util').inherits\n\nconst StreamSearch = require('../../streamsearch/sbmh')\n\nconst PartStream = require('./PartStream')\nconst HeaderParser = require('./HeaderParser')\n\nconst DASH = 45\nconst B_ONEDASH = Buffer.from('-')\nconst B_CRLF = Buffer.from('\\r\\n')\nconst EMPTY_FN = function () {}\n\nfunction Dicer (cfg) {\n  if (!(this instanceof Dicer)) { return new Dicer(cfg) }\n  WritableStream.call(this, cfg)\n\n  if (!cfg || (!cfg.headerFirst && typeof cfg.boundary !== 'string')) { throw new TypeError('Boundary required') }\n\n  if (typeof cfg.boundary === 'string') { this.setBoundary(cfg.boundary) } else { this._bparser = undefined }\n\n  this._headerFirst = cfg.headerFirst\n\n  this._dashes = 0\n  this._parts = 0\n  this._finished = false\n  this._realFinish = false\n  this._isPreamble = true\n  this._justMatched = false\n  this._firstWrite = true\n  this._inHeader = true\n  this._part = undefined\n  this._cb = undefined\n  this._ignoreData = false\n  this._partOpts = { highWaterMark: cfg.partHwm }\n  this._pause = false\n\n  const self = this\n  this._hparser = new HeaderParser(cfg)\n  this._hparser.on('header', function (header) {\n    self._inHeader = false\n    self._part.emit('header', header)\n  })\n}\ninherits(Dicer, WritableStream)\n\nDicer.prototype.emit = function (ev) {\n  if (ev === 'finish' && !this._realFinish) {\n    if (!this._finished) {\n      const self = this\n      process.nextTick(function () {\n        self.emit('error', new Error('Unexpected end of multipart data'))\n        if (self._part && !self._ignoreData) {\n          const type = (self._isPreamble ? 'Preamble' : 'Part')\n          self._part.emit('error', new Error(type + ' terminated early due to unexpected end of multipart data'))\n          self._part.push(null)\n          process.nextTick(function () {\n            self._realFinish = true\n            self.emit('finish')\n            self._realFinish = false\n          })\n          return\n        }\n        self._realFinish = true\n        self.emit('finish')\n        self._realFinish = false\n      })\n    }\n  } else { WritableStream.prototype.emit.apply(this, arguments) }\n}\n\nDicer.prototype._write = function (data, encoding, cb) {\n  // ignore unexpected data (e.g. extra trailer data after finished)\n  if (!this._hparser && !this._bparser) { return cb() }\n\n  if (this._headerFirst && this._isPreamble) {\n    if (!this._part) {\n      this._part = new PartStream(this._partOpts)\n      if (this.listenerCount('preamble') !== 0) { this.emit('preamble', this._part) } else { this._ignore() }\n    }\n    const r = this._hparser.push(data)\n    if (!this._inHeader && r !== undefined && r < data.length) { data = data.slice(r) } else { return cb() }\n  }\n\n  // allows for \"easier\" testing\n  if (this._firstWrite) {\n    this._bparser.push(B_CRLF)\n    this._firstWrite = false\n  }\n\n  this._bparser.push(data)\n\n  if (this._pause) { this._cb = cb } else { cb() }\n}\n\nDicer.prototype.reset = function () {\n  this._part = undefined\n  this._bparser = undefined\n  this._hparser = undefined\n}\n\nDicer.prototype.setBoundary = function (boundary) {\n  const self = this\n  this._bparser = new StreamSearch('\\r\\n--' + boundary)\n  this._bparser.on('info', function (isMatch, data, start, end) {\n    self._oninfo(isMatch, data, start, end)\n  })\n}\n\nDicer.prototype._ignore = function () {\n  if (this._part && !this._ignoreData) {\n    this._ignoreData = true\n    this._part.on('error', EMPTY_FN)\n    // we must perform some kind of read on the stream even though we are\n    // ignoring the data, otherwise node's Readable stream will not emit 'end'\n    // after pushing null to the stream\n    this._part.resume()\n  }\n}\n\nDicer.prototype._oninfo = function (isMatch, data, start, end) {\n  let buf; const self = this; let i = 0; let r; let shouldWriteMore = true\n\n  if (!this._part && this._justMatched && data) {\n    while (this._dashes < 2 && (start + i) < end) {\n      if (data[start + i] === DASH) {\n        ++i\n        ++this._dashes\n      } else {\n        if (this._dashes) { buf = B_ONEDASH }\n        this._dashes = 0\n        break\n      }\n    }\n    if (this._dashes === 2) {\n      if ((start + i) < end && this.listenerCount('trailer') !== 0) { this.emit('trailer', data.slice(start + i, end)) }\n      this.reset()\n      this._finished = true\n      // no more parts will be added\n      if (self._parts === 0) {\n        self._realFinish = true\n        self.emit('finish')\n        self._realFinish = false\n      }\n    }\n    if (this._dashes) { return }\n  }\n  if (this._justMatched) { this._justMatched = false }\n  if (!this._part) {\n    this._part = new PartStream(this._partOpts)\n    this._part._read = function (n) {\n      self._unpause()\n    }\n    if (this._isPreamble && this.listenerCount('preamble') !== 0) {\n      this.emit('preamble', this._part)\n    } else if (this._isPreamble !== true && this.listenerCount('part') !== 0) {\n      this.emit('part', this._part)\n    } else {\n      this._ignore()\n    }\n    if (!this._isPreamble) { this._inHeader = true }\n  }\n  if (data && start < end && !this._ignoreData) {\n    if (this._isPreamble || !this._inHeader) {\n      if (buf) { shouldWriteMore = this._part.push(buf) }\n      shouldWriteMore = this._part.push(data.slice(start, end))\n      if (!shouldWriteMore) { this._pause = true }\n    } else if (!this._isPreamble && this._inHeader) {\n      if (buf) { this._hparser.push(buf) }\n      r = this._hparser.push(data.slice(start, end))\n      if (!this._inHeader && r !== undefined && r < end) { this._oninfo(false, data, start + r, end) }\n    }\n  }\n  if (isMatch) {\n    this._hparser.reset()\n    if (this._isPreamble) { this._isPreamble = false } else {\n      if (start !== end) {\n        ++this._parts\n        this._part.on('end', function () {\n          if (--self._parts === 0) {\n            if (self._finished) {\n              self._realFinish = true\n              self.emit('finish')\n              self._realFinish = false\n            } else {\n              self._unpause()\n            }\n          }\n        })\n      }\n    }\n    this._part.push(null)\n    this._part = undefined\n    this._ignoreData = false\n    this._justMatched = true\n    this._dashes = 0\n  }\n}\n\nDicer.prototype._unpause = function () {\n  if (!this._pause) { return }\n\n  this._pause = false\n  if (this._cb) {\n    const cb = this._cb\n    this._cb = undefined\n    cb()\n  }\n}\n\nmodule.exports = Dicer\n","'use strict'\n\nconst EventEmitter = require('node:events').EventEmitter\nconst inherits = require('node:util').inherits\nconst getLimit = require('../../../lib/utils/getLimit')\n\nconst StreamSearch = require('../../streamsearch/sbmh')\n\nconst B_DCRLF = Buffer.from('\\r\\n\\r\\n')\nconst RE_CRLF = /\\r\\n/g\nconst RE_HDR = /^([^:]+):[ \\t]?([\\x00-\\xFF]+)?$/ // eslint-disable-line no-control-regex\n\nfunction HeaderParser (cfg) {\n  EventEmitter.call(this)\n\n  cfg = cfg || {}\n  const self = this\n  this.nread = 0\n  this.maxed = false\n  this.npairs = 0\n  this.maxHeaderPairs = getLimit(cfg, 'maxHeaderPairs', 2000)\n  this.maxHeaderSize = getLimit(cfg, 'maxHeaderSize', 80 * 1024)\n  this.buffer = ''\n  this.header = {}\n  this.finished = false\n  this.ss = new StreamSearch(B_DCRLF)\n  this.ss.on('info', function (isMatch, data, start, end) {\n    if (data && !self.maxed) {\n      if (self.nread + end - start >= self.maxHeaderSize) {\n        end = self.maxHeaderSize - self.nread + start\n        self.nread = self.maxHeaderSize\n        self.maxed = true\n      } else { self.nread += (end - start) }\n\n      self.buffer += data.toString('binary', start, end)\n    }\n    if (isMatch) { self._finish() }\n  })\n}\ninherits(HeaderParser, EventEmitter)\n\nHeaderParser.prototype.push = function (data) {\n  const r = this.ss.push(data)\n  if (this.finished) { return r }\n}\n\nHeaderParser.prototype.reset = function () {\n  this.finished = false\n  this.buffer = ''\n  this.header = {}\n  this.ss.reset()\n}\n\nHeaderParser.prototype._finish = function () {\n  if (this.buffer) { this._parseHeader() }\n  this.ss.matches = this.ss.maxMatches\n  const header = this.header\n  this.header = {}\n  this.buffer = ''\n  this.finished = true\n  this.nread = this.npairs = 0\n  this.maxed = false\n  this.emit('header', header)\n}\n\nHeaderParser.prototype._parseHeader = function () {\n  if (this.npairs === this.maxHeaderPairs) { return }\n\n  const lines = this.buffer.split(RE_CRLF)\n  const len = lines.length\n  let m, h\n\n  for (var i = 0; i < len; ++i) { // eslint-disable-line no-var\n    if (lines[i].length === 0) { continue }\n    if (lines[i][0] === '\\t' || lines[i][0] === ' ') {\n      // folded header content\n      // RFC2822 says to just remove the CRLF and not the whitespace following\n      // it, so we follow the RFC and include the leading whitespace ...\n      if (h) {\n        this.header[h][this.header[h].length - 1] += lines[i]\n        continue\n      }\n    }\n\n    const posColon = lines[i].indexOf(':')\n    if (\n      posColon === -1 ||\n      posColon === 0\n    ) {\n      return\n    }\n    m = RE_HDR.exec(lines[i])\n    h = m[1].toLowerCase()\n    this.header[h] = this.header[h] || []\n    this.header[h].push((m[2] || ''))\n    if (++this.npairs === this.maxHeaderPairs) { break }\n  }\n}\n\nmodule.exports = HeaderParser\n","'use strict'\n\nconst inherits = require('node:util').inherits\nconst ReadableStream = require('node:stream').Readable\n\nfunction PartStream (opts) {\n  ReadableStream.call(this, opts)\n}\ninherits(PartStream, ReadableStream)\n\nPartStream.prototype._read = function (n) {}\n\nmodule.exports = PartStream\n","'use strict'\n\n/**\n * Copyright Brian White. All rights reserved.\n *\n * @see https://github.com/mscdex/streamsearch\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n *\n * Based heavily on the Streaming Boyer-Moore-Horspool C++ implementation\n * by Hongli Lai at: https://github.com/FooBarWidget/boyer-moore-horspool\n */\nconst EventEmitter = require('node:events').EventEmitter\nconst inherits = require('node:util').inherits\n\nfunction SBMH (needle) {\n  if (typeof needle === 'string') {\n    needle = Buffer.from(needle)\n  }\n\n  if (!Buffer.isBuffer(needle)) {\n    throw new TypeError('The needle has to be a String or a Buffer.')\n  }\n\n  const needleLength = needle.length\n\n  if (needleLength === 0) {\n    throw new Error('The needle cannot be an empty String/Buffer.')\n  }\n\n  if (needleLength > 256) {\n    throw new Error('The needle cannot have a length bigger than 256.')\n  }\n\n  this.maxMatches = Infinity\n  this.matches = 0\n\n  this._occ = new Array(256)\n    .fill(needleLength) // Initialize occurrence table.\n  this._lookbehind_size = 0\n  this._needle = needle\n  this._bufpos = 0\n\n  this._lookbehind = Buffer.alloc(needleLength)\n\n  // Populate occurrence table with analysis of the needle,\n  // ignoring last letter.\n  for (var i = 0; i < needleLength - 1; ++i) { // eslint-disable-line no-var\n    this._occ[needle[i]] = needleLength - 1 - i\n  }\n}\ninherits(SBMH, EventEmitter)\n\nSBMH.prototype.reset = function () {\n  this._lookbehind_size = 0\n  this.matches = 0\n  this._bufpos = 0\n}\n\nSBMH.prototype.push = function (chunk, pos) {\n  if (!Buffer.isBuffer(chunk)) {\n    chunk = Buffer.from(chunk, 'binary')\n  }\n  const chlen = chunk.length\n  this._bufpos = pos || 0\n  let r\n  while (r !== chlen && this.matches < this.maxMatches) { r = this._sbmh_feed(chunk) }\n  return r\n}\n\nSBMH.prototype._sbmh_feed = function (data) {\n  const len = data.length\n  const needle = this._needle\n  const needleLength = needle.length\n  const lastNeedleChar = needle[needleLength - 1]\n\n  // Positive: points to a position in `data`\n  //           pos == 3 points to data[3]\n  // Negative: points to a position in the lookbehind buffer\n  //           pos == -2 points to lookbehind[lookbehind_size - 2]\n  let pos = -this._lookbehind_size\n  let ch\n\n  if (pos < 0) {\n    // Lookbehind buffer is not empty. Perform Boyer-Moore-Horspool\n    // search with character lookup code that considers both the\n    // lookbehind buffer and the current round's haystack data.\n    //\n    // Loop until\n    //   there is a match.\n    // or until\n    //   we've moved past the position that requires the\n    //   lookbehind buffer. In this case we switch to the\n    //   optimized loop.\n    // or until\n    //   the character to look at lies outside the haystack.\n    while (pos < 0 && pos <= len - needleLength) {\n      ch = this._sbmh_lookup_char(data, pos + needleLength - 1)\n\n      if (\n        ch === lastNeedleChar &&\n        this._sbmh_memcmp(data, pos, needleLength - 1)\n      ) {\n        this._lookbehind_size = 0\n        ++this.matches\n        this.emit('info', true)\n\n        return (this._bufpos = pos + needleLength)\n      }\n      pos += this._occ[ch]\n    }\n\n    // No match.\n\n    if (pos < 0) {\n      // There's too few data for Boyer-Moore-Horspool to run,\n      // so let's use a different algorithm to skip as much as\n      // we can.\n      // Forward pos until\n      //   the trailing part of lookbehind + data\n      //   looks like the beginning of the needle\n      // or until\n      //   pos == 0\n      while (pos < 0 && !this._sbmh_memcmp(data, pos, len - pos)) { ++pos }\n    }\n\n    if (pos >= 0) {\n      // Discard lookbehind buffer.\n      this.emit('info', false, this._lookbehind, 0, this._lookbehind_size)\n      this._lookbehind_size = 0\n    } else {\n      // Cut off part of the lookbehind buffer that has\n      // been processed and append the entire haystack\n      // into it.\n      const bytesToCutOff = this._lookbehind_size + pos\n      if (bytesToCutOff > 0) {\n        // The cut off data is guaranteed not to contain the needle.\n        this.emit('info', false, this._lookbehind, 0, bytesToCutOff)\n      }\n\n      this._lookbehind.copy(this._lookbehind, 0, bytesToCutOff,\n        this._lookbehind_size - bytesToCutOff)\n      this._lookbehind_size -= bytesToCutOff\n\n      data.copy(this._lookbehind, this._lookbehind_size)\n      this._lookbehind_size += len\n\n      this._bufpos = len\n      return len\n    }\n  }\n\n  pos += (pos >= 0) * this._bufpos\n\n  // Lookbehind buffer is now empty. We only need to check if the\n  // needle is in the haystack.\n  if (data.indexOf(needle, pos) !== -1) {\n    pos = data.indexOf(needle, pos)\n    ++this.matches\n    if (pos > 0) { this.emit('info', true, data, this._bufpos, pos) } else { this.emit('info', true) }\n\n    return (this._bufpos = pos + needleLength)\n  } else {\n    pos = len - needleLength\n  }\n\n  // There was no match. If there's trailing haystack data that we cannot\n  // match yet using the Boyer-Moore-Horspool algorithm (because the trailing\n  // data is less than the needle size) then match using a modified\n  // algorithm that starts matching from the beginning instead of the end.\n  // Whatever trailing data is left after running this algorithm is added to\n  // the lookbehind buffer.\n  while (\n    pos < len &&\n    (\n      data[pos] !== needle[0] ||\n      (\n        (Buffer.compare(\n          data.subarray(pos, pos + len - pos),\n          needle.subarray(0, len - pos)\n        ) !== 0)\n      )\n    )\n  ) {\n    ++pos\n  }\n  if (pos < len) {\n    data.copy(this._lookbehind, 0, pos, pos + (len - pos))\n    this._lookbehind_size = len - pos\n  }\n\n  // Everything until pos is guaranteed not to contain needle data.\n  if (pos > 0) { this.emit('info', false, data, this._bufpos, pos < len ? pos : len) }\n\n  this._bufpos = len\n  return len\n}\n\nSBMH.prototype._sbmh_lookup_char = function (data, pos) {\n  return (pos < 0)\n    ? this._lookbehind[this._lookbehind_size + pos]\n    : data[pos]\n}\n\nSBMH.prototype._sbmh_memcmp = function (data, pos, len) {\n  for (var i = 0; i < len; ++i) { // eslint-disable-line no-var\n    if (this._sbmh_lookup_char(data, pos + i) !== this._needle[i]) { return false }\n  }\n  return true\n}\n\nmodule.exports = SBMH\n","'use strict'\n\nconst WritableStream = require('node:stream').Writable\nconst { inherits } = require('node:util')\nconst Dicer = require('../deps/dicer/lib/Dicer')\n\nconst MultipartParser = require('./types/multipart')\nconst UrlencodedParser = require('./types/urlencoded')\nconst parseParams = require('./utils/parseParams')\n\nfunction Busboy (opts) {\n  if (!(this instanceof Busboy)) { return new Busboy(opts) }\n\n  if (typeof opts !== 'object') {\n    throw new TypeError('Busboy expected an options-Object.')\n  }\n  if (typeof opts.headers !== 'object') {\n    throw new TypeError('Busboy expected an options-Object with headers-attribute.')\n  }\n  if (typeof opts.headers['content-type'] !== 'string') {\n    throw new TypeError('Missing Content-Type-header.')\n  }\n\n  const {\n    headers,\n    ...streamOptions\n  } = opts\n\n  this.opts = {\n    autoDestroy: false,\n    ...streamOptions\n  }\n  WritableStream.call(this, this.opts)\n\n  this._done = false\n  this._parser = this.getParserByHeaders(headers)\n  this._finished = false\n}\ninherits(Busboy, WritableStream)\n\nBusboy.prototype.emit = function (ev) {\n  if (ev === 'finish') {\n    if (!this._done) {\n      this._parser?.end()\n      return\n    } else if (this._finished) {\n      return\n    }\n    this._finished = true\n  }\n  WritableStream.prototype.emit.apply(this, arguments)\n}\n\nBusboy.prototype.getParserByHeaders = function (headers) {\n  const parsed = parseParams(headers['content-type'])\n\n  const cfg = {\n    defCharset: this.opts.defCharset,\n    fileHwm: this.opts.fileHwm,\n    headers,\n    highWaterMark: this.opts.highWaterMark,\n    isPartAFile: this.opts.isPartAFile,\n    limits: this.opts.limits,\n    parsedConType: parsed,\n    preservePath: this.opts.preservePath\n  }\n\n  if (MultipartParser.detect.test(parsed[0])) {\n    return new MultipartParser(this, cfg)\n  }\n  if (UrlencodedParser.detect.test(parsed[0])) {\n    return new UrlencodedParser(this, cfg)\n  }\n  throw new Error('Unsupported Content-Type.')\n}\n\nBusboy.prototype._write = function (chunk, encoding, cb) {\n  this._parser.write(chunk, cb)\n}\n\nmodule.exports = Busboy\nmodule.exports.default = Busboy\nmodule.exports.Busboy = Busboy\n\nmodule.exports.Dicer = Dicer\n","'use strict'\n\n// TODO:\n//  * support 1 nested multipart level\n//    (see second multipart example here:\n//     http://www.w3.org/TR/html401/interact/forms.html#didx-multipartform-data)\n//  * support limits.fieldNameSize\n//     -- this will require modifications to utils.parseParams\n\nconst { Readable } = require('node:stream')\nconst { inherits } = require('node:util')\n\nconst Dicer = require('../../deps/dicer/lib/Dicer')\n\nconst parseParams = require('../utils/parseParams')\nconst decodeText = require('../utils/decodeText')\nconst basename = require('../utils/basename')\nconst getLimit = require('../utils/getLimit')\n\nconst RE_BOUNDARY = /^boundary$/i\nconst RE_FIELD = /^form-data$/i\nconst RE_CHARSET = /^charset$/i\nconst RE_FILENAME = /^filename$/i\nconst RE_NAME = /^name$/i\n\nMultipart.detect = /^multipart\\/form-data/i\nfunction Multipart (boy, cfg) {\n  let i\n  let len\n  const self = this\n  let boundary\n  const limits = cfg.limits\n  const isPartAFile = cfg.isPartAFile || ((fieldName, contentType, fileName) => (contentType === 'application/octet-stream' || fileName !== undefined))\n  const parsedConType = cfg.parsedConType || []\n  const defCharset = cfg.defCharset || 'utf8'\n  const preservePath = cfg.preservePath\n  const fileOpts = { highWaterMark: cfg.fileHwm }\n\n  for (i = 0, len = parsedConType.length; i < len; ++i) {\n    if (Array.isArray(parsedConType[i]) &&\n      RE_BOUNDARY.test(parsedConType[i][0])) {\n      boundary = parsedConType[i][1]\n      break\n    }\n  }\n\n  function checkFinished () {\n    if (nends === 0 && finished && !boy._done) {\n      finished = false\n      self.end()\n    }\n  }\n\n  if (typeof boundary !== 'string') { throw new Error('Multipart: Boundary not found') }\n\n  const fieldSizeLimit = getLimit(limits, 'fieldSize', 1 * 1024 * 1024)\n  const fileSizeLimit = getLimit(limits, 'fileSize', Infinity)\n  const filesLimit = getLimit(limits, 'files', Infinity)\n  const fieldsLimit = getLimit(limits, 'fields', Infinity)\n  const partsLimit = getLimit(limits, 'parts', Infinity)\n  const headerPairsLimit = getLimit(limits, 'headerPairs', 2000)\n  const headerSizeLimit = getLimit(limits, 'headerSize', 80 * 1024)\n\n  let nfiles = 0\n  let nfields = 0\n  let nends = 0\n  let curFile\n  let curField\n  let finished = false\n\n  this._needDrain = false\n  this._pause = false\n  this._cb = undefined\n  this._nparts = 0\n  this._boy = boy\n\n  const parserCfg = {\n    boundary,\n    maxHeaderPairs: headerPairsLimit,\n    maxHeaderSize: headerSizeLimit,\n    partHwm: fileOpts.highWaterMark,\n    highWaterMark: cfg.highWaterMark\n  }\n\n  this.parser = new Dicer(parserCfg)\n  this.parser.on('drain', function () {\n    self._needDrain = false\n    if (self._cb && !self._pause) {\n      const cb = self._cb\n      self._cb = undefined\n      cb()\n    }\n  }).on('part', function onPart (part) {\n    if (++self._nparts > partsLimit) {\n      self.parser.removeListener('part', onPart)\n      self.parser.on('part', skipPart)\n      boy.hitPartsLimit = true\n      boy.emit('partsLimit')\n      return skipPart(part)\n    }\n\n    // hack because streams2 _always_ doesn't emit 'end' until nextTick, so let\n    // us emit 'end' early since we know the part has ended if we are already\n    // seeing the next part\n    if (curField) {\n      const field = curField\n      field.emit('end')\n      field.removeAllListeners('end')\n    }\n\n    part.on('header', function (header) {\n      let contype\n      let fieldname\n      let parsed\n      let charset\n      let encoding\n      let filename\n      let nsize = 0\n\n      if (header['content-type']) {\n        parsed = parseParams(header['content-type'][0])\n        if (parsed[0]) {\n          contype = parsed[0].toLowerCase()\n          for (i = 0, len = parsed.length; i < len; ++i) {\n            if (RE_CHARSET.test(parsed[i][0])) {\n              charset = parsed[i][1].toLowerCase()\n              break\n            }\n          }\n        }\n      }\n\n      if (contype === undefined) { contype = 'text/plain' }\n      if (charset === undefined) { charset = defCharset }\n\n      if (header['content-disposition']) {\n        parsed = parseParams(header['content-disposition'][0])\n        if (!RE_FIELD.test(parsed[0])) { return skipPart(part) }\n        for (i = 0, len = parsed.length; i < len; ++i) {\n          if (RE_NAME.test(parsed[i][0])) {\n            fieldname = parsed[i][1]\n          } else if (RE_FILENAME.test(parsed[i][0])) {\n            filename = parsed[i][1]\n            if (!preservePath) { filename = basename(filename) }\n          }\n        }\n      } else { return skipPart(part) }\n\n      if (header['content-transfer-encoding']) { encoding = header['content-transfer-encoding'][0].toLowerCase() } else { encoding = '7bit' }\n\n      let onData,\n        onEnd\n\n      if (isPartAFile(fieldname, contype, filename)) {\n        // file/binary field\n        if (nfiles === filesLimit) {\n          if (!boy.hitFilesLimit) {\n            boy.hitFilesLimit = true\n            boy.emit('filesLimit')\n          }\n          return skipPart(part)\n        }\n\n        ++nfiles\n\n        if (boy.listenerCount('file') === 0) {\n          self.parser._ignore()\n          return\n        }\n\n        ++nends\n        const file = new FileStream(fileOpts)\n        curFile = file\n        file.on('end', function () {\n          --nends\n          self._pause = false\n          checkFinished()\n          if (self._cb && !self._needDrain) {\n            const cb = self._cb\n            self._cb = undefined\n            cb()\n          }\n        })\n        file._read = function (n) {\n          if (!self._pause) { return }\n          self._pause = false\n          if (self._cb && !self._needDrain) {\n            const cb = self._cb\n            self._cb = undefined\n            cb()\n          }\n        }\n        boy.emit('file', fieldname, file, filename, encoding, contype)\n\n        onData = function (data) {\n          if ((nsize += data.length) > fileSizeLimit) {\n            const extralen = fileSizeLimit - nsize + data.length\n            if (extralen > 0) { file.push(data.slice(0, extralen)) }\n            file.truncated = true\n            file.bytesRead = fileSizeLimit\n            part.removeAllListeners('data')\n            file.emit('limit')\n            return\n          } else if (!file.push(data)) { self._pause = true }\n\n          file.bytesRead = nsize\n        }\n\n        onEnd = function () {\n          curFile = undefined\n          file.push(null)\n        }\n      } else {\n        // non-file field\n        if (nfields === fieldsLimit) {\n          if (!boy.hitFieldsLimit) {\n            boy.hitFieldsLimit = true\n            boy.emit('fieldsLimit')\n          }\n          return skipPart(part)\n        }\n\n        ++nfields\n        ++nends\n        let buffer = ''\n        let truncated = false\n        curField = part\n\n        onData = function (data) {\n          if ((nsize += data.length) > fieldSizeLimit) {\n            const extralen = (fieldSizeLimit - (nsize - data.length))\n            buffer += data.toString('binary', 0, extralen)\n            truncated = true\n            part.removeAllListeners('data')\n          } else { buffer += data.toString('binary') }\n        }\n\n        onEnd = function () {\n          curField = undefined\n          if (buffer.length) { buffer = decodeText(buffer, 'binary', charset) }\n          boy.emit('field', fieldname, buffer, false, truncated, encoding, contype)\n          --nends\n          checkFinished()\n        }\n      }\n\n      /* As of node@2efe4ab761666 (v0.10.29+/v0.11.14+), busboy had become\n         broken. Streams2/streams3 is a huge black box of confusion, but\n         somehow overriding the sync state seems to fix things again (and still\n         seems to work for previous node versions).\n      */\n      part._readableState.sync = false\n\n      part.on('data', onData)\n      part.on('end', onEnd)\n    }).on('error', function (err) {\n      if (curFile) { curFile.emit('error', err) }\n    })\n  }).on('error', function (err) {\n    boy.emit('error', err)\n  }).on('finish', function () {\n    finished = true\n    checkFinished()\n  })\n}\n\nMultipart.prototype.write = function (chunk, cb) {\n  const r = this.parser.write(chunk)\n  if (r && !this._pause) {\n    cb()\n  } else {\n    this._needDrain = !r\n    this._cb = cb\n  }\n}\n\nMultipart.prototype.end = function () {\n  const self = this\n\n  if (self.parser.writable) {\n    self.parser.end()\n  } else if (!self._boy._done) {\n    process.nextTick(function () {\n      self._boy._done = true\n      self._boy.emit('finish')\n    })\n  }\n}\n\nfunction skipPart (part) {\n  part.resume()\n}\n\nfunction FileStream (opts) {\n  Readable.call(this, opts)\n\n  this.bytesRead = 0\n\n  this.truncated = false\n}\n\ninherits(FileStream, Readable)\n\nFileStream.prototype._read = function (n) {}\n\nmodule.exports = Multipart\n","'use strict'\n\nconst Decoder = require('../utils/Decoder')\nconst decodeText = require('../utils/decodeText')\nconst getLimit = require('../utils/getLimit')\n\nconst RE_CHARSET = /^charset$/i\n\nUrlEncoded.detect = /^application\\/x-www-form-urlencoded/i\nfunction UrlEncoded (boy, cfg) {\n  const limits = cfg.limits\n  const parsedConType = cfg.parsedConType\n  this.boy = boy\n\n  this.fieldSizeLimit = getLimit(limits, 'fieldSize', 1 * 1024 * 1024)\n  this.fieldNameSizeLimit = getLimit(limits, 'fieldNameSize', 100)\n  this.fieldsLimit = getLimit(limits, 'fields', Infinity)\n\n  let charset\n  for (var i = 0, len = parsedConType.length; i < len; ++i) { // eslint-disable-line no-var\n    if (Array.isArray(parsedConType[i]) &&\n        RE_CHARSET.test(parsedConType[i][0])) {\n      charset = parsedConType[i][1].toLowerCase()\n      break\n    }\n  }\n\n  if (charset === undefined) { charset = cfg.defCharset || 'utf8' }\n\n  this.decoder = new Decoder()\n  this.charset = charset\n  this._fields = 0\n  this._state = 'key'\n  this._checkingBytes = true\n  this._bytesKey = 0\n  this._bytesVal = 0\n  this._key = ''\n  this._val = ''\n  this._keyTrunc = false\n  this._valTrunc = false\n  this._hitLimit = false\n}\n\nUrlEncoded.prototype.write = function (data, cb) {\n  if (this._fields === this.fieldsLimit) {\n    if (!this.boy.hitFieldsLimit) {\n      this.boy.hitFieldsLimit = true\n      this.boy.emit('fieldsLimit')\n    }\n    return cb()\n  }\n\n  let idxeq; let idxamp; let i; let p = 0; const len = data.length\n\n  while (p < len) {\n    if (this._state === 'key') {\n      idxeq = idxamp = undefined\n      for (i = p; i < len; ++i) {\n        if (!this._checkingBytes) { ++p }\n        if (data[i] === 0x3D/* = */) {\n          idxeq = i\n          break\n        } else if (data[i] === 0x26/* & */) {\n          idxamp = i\n          break\n        }\n        if (this._checkingBytes && this._bytesKey === this.fieldNameSizeLimit) {\n          this._hitLimit = true\n          break\n        } else if (this._checkingBytes) { ++this._bytesKey }\n      }\n\n      if (idxeq !== undefined) {\n        // key with assignment\n        if (idxeq > p) { this._key += this.decoder.write(data.toString('binary', p, idxeq)) }\n        this._state = 'val'\n\n        this._hitLimit = false\n        this._checkingBytes = true\n        this._val = ''\n        this._bytesVal = 0\n        this._valTrunc = false\n        this.decoder.reset()\n\n        p = idxeq + 1\n      } else if (idxamp !== undefined) {\n        // key with no assignment\n        ++this._fields\n        let key; const keyTrunc = this._keyTrunc\n        if (idxamp > p) { key = (this._key += this.decoder.write(data.toString('binary', p, idxamp))) } else { key = this._key }\n\n        this._hitLimit = false\n        this._checkingBytes = true\n        this._key = ''\n        this._bytesKey = 0\n        this._keyTrunc = false\n        this.decoder.reset()\n\n        if (key.length) {\n          this.boy.emit('field', decodeText(key, 'binary', this.charset),\n            '',\n            keyTrunc,\n            false)\n        }\n\n        p = idxamp + 1\n        if (this._fields === this.fieldsLimit) { return cb() }\n      } else if (this._hitLimit) {\n        // we may not have hit the actual limit if there are encoded bytes...\n        if (i > p) { this._key += this.decoder.write(data.toString('binary', p, i)) }\n        p = i\n        if ((this._bytesKey = this._key.length) === this.fieldNameSizeLimit) {\n          // yep, we actually did hit the limit\n          this._checkingBytes = false\n          this._keyTrunc = true\n        }\n      } else {\n        if (p < len) { this._key += this.decoder.write(data.toString('binary', p)) }\n        p = len\n      }\n    } else {\n      idxamp = undefined\n      for (i = p; i < len; ++i) {\n        if (!this._checkingBytes) { ++p }\n        if (data[i] === 0x26/* & */) {\n          idxamp = i\n          break\n        }\n        if (this._checkingBytes && this._bytesVal === this.fieldSizeLimit) {\n          this._hitLimit = true\n          break\n        } else if (this._checkingBytes) { ++this._bytesVal }\n      }\n\n      if (idxamp !== undefined) {\n        ++this._fields\n        if (idxamp > p) { this._val += this.decoder.write(data.toString('binary', p, idxamp)) }\n        this.boy.emit('field', decodeText(this._key, 'binary', this.charset),\n          decodeText(this._val, 'binary', this.charset),\n          this._keyTrunc,\n          this._valTrunc)\n        this._state = 'key'\n\n        this._hitLimit = false\n        this._checkingBytes = true\n        this._key = ''\n        this._bytesKey = 0\n        this._keyTrunc = false\n        this.decoder.reset()\n\n        p = idxamp + 1\n        if (this._fields === this.fieldsLimit) { return cb() }\n      } else if (this._hitLimit) {\n        // we may not have hit the actual limit if there are encoded bytes...\n        if (i > p) { this._val += this.decoder.write(data.toString('binary', p, i)) }\n        p = i\n        if ((this._val === '' && this.fieldSizeLimit === 0) ||\n            (this._bytesVal = this._val.length) === this.fieldSizeLimit) {\n          // yep, we actually did hit the limit\n          this._checkingBytes = false\n          this._valTrunc = true\n        }\n      } else {\n        if (p < len) { this._val += this.decoder.write(data.toString('binary', p)) }\n        p = len\n      }\n    }\n  }\n  cb()\n}\n\nUrlEncoded.prototype.end = function () {\n  if (this.boy._done) { return }\n\n  if (this._state === 'key' && this._key.length > 0) {\n    this.boy.emit('field', decodeText(this._key, 'binary', this.charset),\n      '',\n      this._keyTrunc,\n      false)\n  } else if (this._state === 'val') {\n    this.boy.emit('field', decodeText(this._key, 'binary', this.charset),\n      decodeText(this._val, 'binary', this.charset),\n      this._keyTrunc,\n      this._valTrunc)\n  }\n  this.boy._done = true\n  this.boy.emit('finish')\n}\n\nmodule.exports = UrlEncoded\n","'use strict'\n\nconst RE_PLUS = /\\+/g\n\nconst HEX = [\n  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,\n  0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0\n]\n\nfunction Decoder () {\n  this.buffer = undefined\n}\nDecoder.prototype.write = function (str) {\n  // Replace '+' with ' ' before decoding\n  str = str.replace(RE_PLUS, ' ')\n  let res = ''\n  let i = 0; let p = 0; const len = str.length\n  for (; i < len; ++i) {\n    if (this.buffer !== undefined) {\n      if (!HEX[str.charCodeAt(i)]) {\n        res += '%' + this.buffer\n        this.buffer = undefined\n        --i // retry character\n      } else {\n        this.buffer += str[i]\n        ++p\n        if (this.buffer.length === 2) {\n          res += String.fromCharCode(parseInt(this.buffer, 16))\n          this.buffer = undefined\n        }\n      }\n    } else if (str[i] === '%') {\n      if (i > p) {\n        res += str.substring(p, i)\n        p = i\n      }\n      this.buffer = ''\n      ++p\n    }\n  }\n  if (p < len && this.buffer === undefined) { res += str.substring(p) }\n  return res\n}\nDecoder.prototype.reset = function () {\n  this.buffer = undefined\n}\n\nmodule.exports = Decoder\n","'use strict'\n\nmodule.exports = function basename (path) {\n  if (typeof path !== 'string') { return '' }\n  for (var i = path.length - 1; i >= 0; --i) { // eslint-disable-line no-var\n    switch (path.charCodeAt(i)) {\n      case 0x2F: // '/'\n      case 0x5C: // '\\'\n        path = path.slice(i + 1)\n        return (path === '..' || path === '.' ? '' : path)\n    }\n  }\n  return (path === '..' || path === '.' ? '' : path)\n}\n","'use strict'\n\n// Node has always utf-8\nconst utf8Decoder = new TextDecoder('utf-8')\nconst textDecoders = new Map([\n  ['utf-8', utf8Decoder],\n  ['utf8', utf8Decoder]\n])\n\nfunction getDecoder (charset) {\n  let lc\n  while (true) {\n    switch (charset) {\n      case 'utf-8':\n      case 'utf8':\n        return decoders.utf8\n      case 'latin1':\n      case 'ascii': // TODO: Make these a separate, strict decoder?\n      case 'us-ascii':\n      case 'iso-8859-1':\n      case 'iso8859-1':\n      case 'iso88591':\n      case 'iso_8859-1':\n      case 'windows-1252':\n      case 'iso_8859-1:1987':\n      case 'cp1252':\n      case 'x-cp1252':\n        return decoders.latin1\n      case 'utf16le':\n      case 'utf-16le':\n      case 'ucs2':\n      case 'ucs-2':\n        return decoders.utf16le\n      case 'base64':\n        return decoders.base64\n      default:\n        if (lc === undefined) {\n          lc = true\n          charset = charset.toLowerCase()\n          continue\n        }\n        return decoders.other.bind(charset)\n    }\n  }\n}\n\nconst decoders = {\n  utf8: (data, sourceEncoding) => {\n    if (data.length === 0) {\n      return ''\n    }\n    if (typeof data === 'string') {\n      data = Buffer.from(data, sourceEncoding)\n    }\n    return data.utf8Slice(0, data.length)\n  },\n\n  latin1: (data, sourceEncoding) => {\n    if (data.length === 0) {\n      return ''\n    }\n    if (typeof data === 'string') {\n      return data\n    }\n    return data.latin1Slice(0, data.length)\n  },\n\n  utf16le: (data, sourceEncoding) => {\n    if (data.length === 0) {\n      return ''\n    }\n    if (typeof data === 'string') {\n      data = Buffer.from(data, sourceEncoding)\n    }\n    return data.ucs2Slice(0, data.length)\n  },\n\n  base64: (data, sourceEncoding) => {\n    if (data.length === 0) {\n      return ''\n    }\n    if (typeof data === 'string') {\n      data = Buffer.from(data, sourceEncoding)\n    }\n    return data.base64Slice(0, data.length)\n  },\n\n  other: (data, sourceEncoding) => {\n    if (data.length === 0) {\n      return ''\n    }\n    if (typeof data === 'string') {\n      data = Buffer.from(data, sourceEncoding)\n    }\n\n    if (textDecoders.has(this.toString())) {\n      try {\n        return textDecoders.get(this).decode(data)\n      } catch {}\n    }\n    return typeof data === 'string'\n      ? data\n      : data.toString()\n  }\n}\n\nfunction decodeText (text, sourceEncoding, destEncoding) {\n  if (text) {\n    return getDecoder(destEncoding)(text, sourceEncoding)\n  }\n  return text\n}\n\nmodule.exports = decodeText\n","'use strict'\n\nmodule.exports = function getLimit (limits, name, defaultLimit) {\n  if (\n    !limits ||\n    limits[name] === undefined ||\n    limits[name] === null\n  ) { return defaultLimit }\n\n  if (\n    typeof limits[name] !== 'number' ||\n    isNaN(limits[name])\n  ) { throw new TypeError('Limit ' + name + ' is not a valid number') }\n\n  return limits[name]\n}\n","/* eslint-disable object-property-newline */\n'use strict'\n\nconst decodeText = require('./decodeText')\n\nconst RE_ENCODED = /%[a-fA-F0-9][a-fA-F0-9]/g\n\nconst EncodedLookup = {\n  '%00': '\\x00', '%01': '\\x01', '%02': '\\x02', '%03': '\\x03', '%04': '\\x04',\n  '%05': '\\x05', '%06': '\\x06', '%07': '\\x07', '%08': '\\x08', '%09': '\\x09',\n  '%0a': '\\x0a', '%0A': '\\x0a', '%0b': '\\x0b', '%0B': '\\x0b', '%0c': '\\x0c',\n  '%0C': '\\x0c', '%0d': '\\x0d', '%0D': '\\x0d', '%0e': '\\x0e', '%0E': '\\x0e',\n  '%0f': '\\x0f', '%0F': '\\x0f', '%10': '\\x10', '%11': '\\x11', '%12': '\\x12',\n  '%13': '\\x13', '%14': '\\x14', '%15': '\\x15', '%16': '\\x16', '%17': '\\x17',\n  '%18': '\\x18', '%19': '\\x19', '%1a': '\\x1a', '%1A': '\\x1a', '%1b': '\\x1b',\n  '%1B': '\\x1b', '%1c': '\\x1c', '%1C': '\\x1c', '%1d': '\\x1d', '%1D': '\\x1d',\n  '%1e': '\\x1e', '%1E': '\\x1e', '%1f': '\\x1f', '%1F': '\\x1f', '%20': '\\x20',\n  '%21': '\\x21', '%22': '\\x22', '%23': '\\x23', '%24': '\\x24', '%25': '\\x25',\n  '%26': '\\x26', '%27': '\\x27', '%28': '\\x28', '%29': '\\x29', '%2a': '\\x2a',\n  '%2A': '\\x2a', '%2b': '\\x2b', '%2B': '\\x2b', '%2c': '\\x2c', '%2C': '\\x2c',\n  '%2d': '\\x2d', '%2D': '\\x2d', '%2e': '\\x2e', '%2E': '\\x2e', '%2f': '\\x2f',\n  '%2F': '\\x2f', '%30': '\\x30', '%31': '\\x31', '%32': '\\x32', '%33': '\\x33',\n  '%34': '\\x34', '%35': '\\x35', '%36': '\\x36', '%37': '\\x37', '%38': '\\x38',\n  '%39': '\\x39', '%3a': '\\x3a', '%3A': '\\x3a', '%3b': '\\x3b', '%3B': '\\x3b',\n  '%3c': '\\x3c', '%3C': '\\x3c', '%3d': '\\x3d', '%3D': '\\x3d', '%3e': '\\x3e',\n  '%3E': '\\x3e', '%3f': '\\x3f', '%3F': '\\x3f', '%40': '\\x40', '%41': '\\x41',\n  '%42': '\\x42', '%43': '\\x43', '%44': '\\x44', '%45': '\\x45', '%46': '\\x46',\n  '%47': '\\x47', '%48': '\\x48', '%49': '\\x49', '%4a': '\\x4a', '%4A': '\\x4a',\n  '%4b': '\\x4b', '%4B': '\\x4b', '%4c': '\\x4c', '%4C': '\\x4c', '%4d': '\\x4d',\n  '%4D': '\\x4d', '%4e': '\\x4e', '%4E': '\\x4e', '%4f': '\\x4f', '%4F': '\\x4f',\n  '%50': '\\x50', '%51': '\\x51', '%52': '\\x52', '%53': '\\x53', '%54': '\\x54',\n  '%55': '\\x55', '%56': '\\x56', '%57': '\\x57', '%58': '\\x58', '%59': '\\x59',\n  '%5a': '\\x5a', '%5A': '\\x5a', '%5b': '\\x5b', '%5B': '\\x5b', '%5c': '\\x5c',\n  '%5C': '\\x5c', '%5d': '\\x5d', '%5D': '\\x5d', '%5e': '\\x5e', '%5E': '\\x5e',\n  '%5f': '\\x5f', '%5F': '\\x5f', '%60': '\\x60', '%61': '\\x61', '%62': '\\x62',\n  '%63': '\\x63', '%64': '\\x64', '%65': '\\x65', '%66': '\\x66', '%67': '\\x67',\n  '%68': '\\x68', '%69': '\\x69', '%6a': '\\x6a', '%6A': '\\x6a', '%6b': '\\x6b',\n  '%6B': '\\x6b', '%6c': '\\x6c', '%6C': '\\x6c', '%6d': '\\x6d', '%6D': '\\x6d',\n  '%6e': '\\x6e', '%6E': '\\x6e', '%6f': '\\x6f', '%6F': '\\x6f', '%70': '\\x70',\n  '%71': '\\x71', '%72': '\\x72', '%73': '\\x73', '%74': '\\x74', '%75': '\\x75',\n  '%76': '\\x76', '%77': '\\x77', '%78': '\\x78', '%79': '\\x79', '%7a': '\\x7a',\n  '%7A': '\\x7a', '%7b': '\\x7b', '%7B': '\\x7b', '%7c': '\\x7c', '%7C': '\\x7c',\n  '%7d': '\\x7d', '%7D': '\\x7d', '%7e': '\\x7e', '%7E': '\\x7e', '%7f': '\\x7f',\n  '%7F': '\\x7f', '%80': '\\x80', '%81': '\\x81', '%82': '\\x82', '%83': '\\x83',\n  '%84': '\\x84', '%85': '\\x85', '%86': '\\x86', '%87': '\\x87', '%88': '\\x88',\n  '%89': '\\x89', '%8a': '\\x8a', '%8A': '\\x8a', '%8b': '\\x8b', '%8B': '\\x8b',\n  '%8c': '\\x8c', '%8C': '\\x8c', '%8d': '\\x8d', '%8D': '\\x8d', '%8e': '\\x8e',\n  '%8E': '\\x8e', '%8f': '\\x8f', '%8F': '\\x8f', '%90': '\\x90', '%91': '\\x91',\n  '%92': '\\x92', '%93': '\\x93', '%94': '\\x94', '%95': '\\x95', '%96': '\\x96',\n  '%97': '\\x97', '%98': '\\x98', '%99': '\\x99', '%9a': '\\x9a', '%9A': '\\x9a',\n  '%9b': '\\x9b', '%9B': '\\x9b', '%9c': '\\x9c', '%9C': '\\x9c', '%9d': '\\x9d',\n  '%9D': '\\x9d', '%9e': '\\x9e', '%9E': '\\x9e', '%9f': '\\x9f', '%9F': '\\x9f',\n  '%a0': '\\xa0', '%A0': '\\xa0', '%a1': '\\xa1', '%A1': '\\xa1', '%a2': '\\xa2',\n  '%A2': '\\xa2', '%a3': '\\xa3', '%A3': '\\xa3', '%a4': '\\xa4', '%A4': '\\xa4',\n  '%a5': '\\xa5', '%A5': '\\xa5', '%a6': '\\xa6', '%A6': '\\xa6', '%a7': '\\xa7',\n  '%A7': '\\xa7', '%a8': '\\xa8', '%A8': '\\xa8', '%a9': '\\xa9', '%A9': '\\xa9',\n  '%aa': '\\xaa', '%Aa': '\\xaa', '%aA': '\\xaa', '%AA': '\\xaa', '%ab': '\\xab',\n  '%Ab': '\\xab', '%aB': '\\xab', '%AB': '\\xab', '%ac': '\\xac', '%Ac': '\\xac',\n  '%aC': '\\xac', '%AC': '\\xac', '%ad': '\\xad', '%Ad': '\\xad', '%aD': '\\xad',\n  '%AD': '\\xad', '%ae': '\\xae', '%Ae': '\\xae', '%aE': '\\xae', '%AE': '\\xae',\n  '%af': '\\xaf', '%Af': '\\xaf', '%aF': '\\xaf', '%AF': '\\xaf', '%b0': '\\xb0',\n  '%B0': '\\xb0', '%b1': '\\xb1', '%B1': '\\xb1', '%b2': '\\xb2', '%B2': '\\xb2',\n  '%b3': '\\xb3', '%B3': '\\xb3', '%b4': '\\xb4', '%B4': '\\xb4', '%b5': '\\xb5',\n  '%B5': '\\xb5', '%b6': '\\xb6', '%B6': '\\xb6', '%b7': '\\xb7', '%B7': '\\xb7',\n  '%b8': '\\xb8', '%B8': '\\xb8', '%b9': '\\xb9', '%B9': '\\xb9', '%ba': '\\xba',\n  '%Ba': '\\xba', '%bA': '\\xba', '%BA': '\\xba', '%bb': '\\xbb', '%Bb': '\\xbb',\n  '%bB': '\\xbb', '%BB': '\\xbb', '%bc': '\\xbc', '%Bc': '\\xbc', '%bC': '\\xbc',\n  '%BC': '\\xbc', '%bd': '\\xbd', '%Bd': '\\xbd', '%bD': '\\xbd', '%BD': '\\xbd',\n  '%be': '\\xbe', '%Be': '\\xbe', '%bE': '\\xbe', '%BE': '\\xbe', '%bf': '\\xbf',\n  '%Bf': '\\xbf', '%bF': '\\xbf', '%BF': '\\xbf', '%c0': '\\xc0', '%C0': '\\xc0',\n  '%c1': '\\xc1', '%C1': '\\xc1', '%c2': '\\xc2', '%C2': '\\xc2', '%c3': '\\xc3',\n  '%C3': '\\xc3', '%c4': '\\xc4', '%C4': '\\xc4', '%c5': '\\xc5', '%C5': '\\xc5',\n  '%c6': '\\xc6', '%C6': '\\xc6', '%c7': '\\xc7', '%C7': '\\xc7', '%c8': '\\xc8',\n  '%C8': '\\xc8', '%c9': '\\xc9', '%C9': '\\xc9', '%ca': '\\xca', '%Ca': '\\xca',\n  '%cA': '\\xca', '%CA': '\\xca', '%cb': '\\xcb', '%Cb': '\\xcb', '%cB': '\\xcb',\n  '%CB': '\\xcb', '%cc': '\\xcc', '%Cc': '\\xcc', '%cC': '\\xcc', '%CC': '\\xcc',\n  '%cd': '\\xcd', '%Cd': '\\xcd', '%cD': '\\xcd', '%CD': '\\xcd', '%ce': '\\xce',\n  '%Ce': '\\xce', '%cE': '\\xce', '%CE': '\\xce', '%cf': '\\xcf', '%Cf': '\\xcf',\n  '%cF': '\\xcf', '%CF': '\\xcf', '%d0': '\\xd0', '%D0': '\\xd0', '%d1': '\\xd1',\n  '%D1': '\\xd1', '%d2': '\\xd2', '%D2': '\\xd2', '%d3': '\\xd3', '%D3': '\\xd3',\n  '%d4': '\\xd4', '%D4': '\\xd4', '%d5': '\\xd5', '%D5': '\\xd5', '%d6': '\\xd6',\n  '%D6': '\\xd6', '%d7': '\\xd7', '%D7': '\\xd7', '%d8': '\\xd8', '%D8': '\\xd8',\n  '%d9': '\\xd9', '%D9': '\\xd9', '%da': '\\xda', '%Da': '\\xda', '%dA': '\\xda',\n  '%DA': '\\xda', '%db': '\\xdb', '%Db': '\\xdb', '%dB': '\\xdb', '%DB': '\\xdb',\n  '%dc': '\\xdc', '%Dc': '\\xdc', '%dC': '\\xdc', '%DC': '\\xdc', '%dd': '\\xdd',\n  '%Dd': '\\xdd', '%dD': '\\xdd', '%DD': '\\xdd', '%de': '\\xde', '%De': '\\xde',\n  '%dE': '\\xde', '%DE': '\\xde', '%df': '\\xdf', '%Df': '\\xdf', '%dF': '\\xdf',\n  '%DF': '\\xdf', '%e0': '\\xe0', '%E0': '\\xe0', '%e1': '\\xe1', '%E1': '\\xe1',\n  '%e2': '\\xe2', '%E2': '\\xe2', '%e3': '\\xe3', '%E3': '\\xe3', '%e4': '\\xe4',\n  '%E4': '\\xe4', '%e5': '\\xe5', '%E5': '\\xe5', '%e6': '\\xe6', '%E6': '\\xe6',\n  '%e7': '\\xe7', '%E7': '\\xe7', '%e8': '\\xe8', '%E8': '\\xe8', '%e9': '\\xe9',\n  '%E9': '\\xe9', '%ea': '\\xea', '%Ea': '\\xea', '%eA': '\\xea', '%EA': '\\xea',\n  '%eb': '\\xeb', '%Eb': '\\xeb', '%eB': '\\xeb', '%EB': '\\xeb', '%ec': '\\xec',\n  '%Ec': '\\xec', '%eC': '\\xec', '%EC': '\\xec', '%ed': '\\xed', '%Ed': '\\xed',\n  '%eD': '\\xed', '%ED': '\\xed', '%ee': '\\xee', '%Ee': '\\xee', '%eE': '\\xee',\n  '%EE': '\\xee', '%ef': '\\xef', '%Ef': '\\xef', '%eF': '\\xef', '%EF': '\\xef',\n  '%f0': '\\xf0', '%F0': '\\xf0', '%f1': '\\xf1', '%F1': '\\xf1', '%f2': '\\xf2',\n  '%F2': '\\xf2', '%f3': '\\xf3', '%F3': '\\xf3', '%f4': '\\xf4', '%F4': '\\xf4',\n  '%f5': '\\xf5', '%F5': '\\xf5', '%f6': '\\xf6', '%F6': '\\xf6', '%f7': '\\xf7',\n  '%F7': '\\xf7', '%f8': '\\xf8', '%F8': '\\xf8', '%f9': '\\xf9', '%F9': '\\xf9',\n  '%fa': '\\xfa', '%Fa': '\\xfa', '%fA': '\\xfa', '%FA': '\\xfa', '%fb': '\\xfb',\n  '%Fb': '\\xfb', '%fB': '\\xfb', '%FB': '\\xfb', '%fc': '\\xfc', '%Fc': '\\xfc',\n  '%fC': '\\xfc', '%FC': '\\xfc', '%fd': '\\xfd', '%Fd': '\\xfd', '%fD': '\\xfd',\n  '%FD': '\\xfd', '%fe': '\\xfe', '%Fe': '\\xfe', '%fE': '\\xfe', '%FE': '\\xfe',\n  '%ff': '\\xff', '%Ff': '\\xff', '%fF': '\\xff', '%FF': '\\xff'\n}\n\nfunction encodedReplacer (match) {\n  return EncodedLookup[match]\n}\n\nconst STATE_KEY = 0\nconst STATE_VALUE = 1\nconst STATE_CHARSET = 2\nconst STATE_LANG = 3\n\nfunction parseParams (str) {\n  const res = []\n  let state = STATE_KEY\n  let charset = ''\n  let inquote = false\n  let escaping = false\n  let p = 0\n  let tmp = ''\n  const len = str.length\n\n  for (var i = 0; i < len; ++i) { // eslint-disable-line no-var\n    const char = str[i]\n    if (char === '\\\\' && inquote) {\n      if (escaping) { escaping = false } else {\n        escaping = true\n        continue\n      }\n    } else if (char === '\"') {\n      if (!escaping) {\n        if (inquote) {\n          inquote = false\n          state = STATE_KEY\n        } else { inquote = true }\n        continue\n      } else { escaping = false }\n    } else {\n      if (escaping && inquote) { tmp += '\\\\' }\n      escaping = false\n      if ((state === STATE_CHARSET || state === STATE_LANG) && char === \"'\") {\n        if (state === STATE_CHARSET) {\n          state = STATE_LANG\n          charset = tmp.substring(1)\n        } else { state = STATE_VALUE }\n        tmp = ''\n        continue\n      } else if (state === STATE_KEY &&\n        (char === '*' || char === '=') &&\n        res.length) {\n        state = char === '*'\n          ? STATE_CHARSET\n          : STATE_VALUE\n        res[p] = [tmp, undefined]\n        tmp = ''\n        continue\n      } else if (!inquote && char === ';') {\n        state = STATE_KEY\n        if (charset) {\n          if (tmp.length) {\n            tmp = decodeText(tmp.replace(RE_ENCODED, encodedReplacer),\n              'binary',\n              charset)\n          }\n          charset = ''\n        } else if (tmp.length) {\n          tmp = decodeText(tmp, 'binary', 'utf8')\n        }\n        if (res[p] === undefined) { res[p] = tmp } else { res[p][1] = tmp }\n        tmp = ''\n        ++p\n        continue\n      } else if (!inquote && (char === ' ' || char === '\\t')) { continue }\n    }\n    tmp += char\n  }\n  if (charset && tmp.length) {\n    tmp = decodeText(tmp.replace(RE_ENCODED, encodedReplacer),\n      'binary',\n      charset)\n  } else if (tmp) {\n    tmp = decodeText(tmp, 'binary', 'utf8')\n  }\n\n  if (res[p] === undefined) {\n    if (tmp) { res[p] = tmp }\n  } else { res[p][1] = tmp }\n\n  return res\n}\n\nmodule.exports = parseParams\n","'use strict';\n\nvar vm = require('vm');\n\n/**\n * @implements {IHooks}\n */\nclass Hooks {\n  /**\n   * @callback HookCallback\n   * @this {*|Jsep} this\n   * @param {Jsep} env\n   * @returns: void\n   */\n  /**\n   * Adds the given callback to the list of callbacks for the given hook.\n   *\n   * The callback will be invoked when the hook it is registered for is run.\n   *\n   * One callback function can be registered to multiple hooks and the same hook multiple times.\n   *\n   * @param {string|object} name The name of the hook, or an object of callbacks keyed by name\n   * @param {HookCallback|boolean} callback The callback function which is given environment variables.\n   * @param {?boolean} [first=false] Will add the hook to the top of the list (defaults to the bottom)\n   * @public\n   */\n  add(name, callback, first) {\n    if (typeof arguments[0] != 'string') {\n      // Multiple hook callbacks, keyed by name\n      for (let name in arguments[0]) {\n        this.add(name, arguments[0][name], arguments[1]);\n      }\n    } else {\n      (Array.isArray(name) ? name : [name]).forEach(function (name) {\n        this[name] = this[name] || [];\n        if (callback) {\n          this[name][first ? 'unshift' : 'push'](callback);\n        }\n      }, this);\n    }\n  }\n\n  /**\n   * Runs a hook invoking all registered callbacks with the given environment variables.\n   *\n   * Callbacks will be invoked synchronously and in the order in which they were registered.\n   *\n   * @param {string} name The name of the hook.\n   * @param {Object<string, any>} env The environment variables of the hook passed to all callbacks registered.\n   * @public\n   */\n  run(name, env) {\n    this[name] = this[name] || [];\n    this[name].forEach(function (callback) {\n      callback.call(env && env.context ? env.context : env, env);\n    });\n  }\n}\n\n/**\n * @implements {IPlugins}\n */\nclass Plugins {\n  constructor(jsep) {\n    this.jsep = jsep;\n    this.registered = {};\n  }\n\n  /**\n   * @callback PluginSetup\n   * @this {Jsep} jsep\n   * @returns: void\n   */\n  /**\n   * Adds the given plugin(s) to the registry\n   *\n   * @param {object} plugins\n   * @param {string} plugins.name The name of the plugin\n   * @param {PluginSetup} plugins.init The init function\n   * @public\n   */\n  register(...plugins) {\n    plugins.forEach(plugin => {\n      if (typeof plugin !== 'object' || !plugin.name || !plugin.init) {\n        throw new Error('Invalid JSEP plugin format');\n      }\n      if (this.registered[plugin.name]) {\n        // already registered. Ignore.\n        return;\n      }\n      plugin.init(this.jsep);\n      this.registered[plugin.name] = plugin;\n    });\n  }\n}\n\n//     JavaScript Expression Parser (JSEP) 1.4.0\n\nclass Jsep {\n  /**\n   * @returns {string}\n   */\n  static get version() {\n    // To be filled in by the template\n    return '1.4.0';\n  }\n\n  /**\n   * @returns {string}\n   */\n  static toString() {\n    return 'JavaScript Expression Parser (JSEP) v' + Jsep.version;\n  }\n  // ==================== CONFIG ================================\n  /**\n   * @method addUnaryOp\n   * @param {string} op_name The name of the unary op to add\n   * @returns {Jsep}\n   */\n  static addUnaryOp(op_name) {\n    Jsep.max_unop_len = Math.max(op_name.length, Jsep.max_unop_len);\n    Jsep.unary_ops[op_name] = 1;\n    return Jsep;\n  }\n\n  /**\n   * @method jsep.addBinaryOp\n   * @param {string} op_name The name of the binary op to add\n   * @param {number} precedence The precedence of the binary op (can be a float). Higher number = higher precedence\n   * @param {boolean} [isRightAssociative=false] whether operator is right-associative\n   * @returns {Jsep}\n   */\n  static addBinaryOp(op_name, precedence, isRightAssociative) {\n    Jsep.max_binop_len = Math.max(op_name.length, Jsep.max_binop_len);\n    Jsep.binary_ops[op_name] = precedence;\n    if (isRightAssociative) {\n      Jsep.right_associative.add(op_name);\n    } else {\n      Jsep.right_associative.delete(op_name);\n    }\n    return Jsep;\n  }\n\n  /**\n   * @method addIdentifierChar\n   * @param {string} char The additional character to treat as a valid part of an identifier\n   * @returns {Jsep}\n   */\n  static addIdentifierChar(char) {\n    Jsep.additional_identifier_chars.add(char);\n    return Jsep;\n  }\n\n  /**\n   * @method addLiteral\n   * @param {string} literal_name The name of the literal to add\n   * @param {*} literal_value The value of the literal\n   * @returns {Jsep}\n   */\n  static addLiteral(literal_name, literal_value) {\n    Jsep.literals[literal_name] = literal_value;\n    return Jsep;\n  }\n\n  /**\n   * @method removeUnaryOp\n   * @param {string} op_name The name of the unary op to remove\n   * @returns {Jsep}\n   */\n  static removeUnaryOp(op_name) {\n    delete Jsep.unary_ops[op_name];\n    if (op_name.length === Jsep.max_unop_len) {\n      Jsep.max_unop_len = Jsep.getMaxKeyLen(Jsep.unary_ops);\n    }\n    return Jsep;\n  }\n\n  /**\n   * @method removeAllUnaryOps\n   * @returns {Jsep}\n   */\n  static removeAllUnaryOps() {\n    Jsep.unary_ops = {};\n    Jsep.max_unop_len = 0;\n    return Jsep;\n  }\n\n  /**\n   * @method removeIdentifierChar\n   * @param {string} char The additional character to stop treating as a valid part of an identifier\n   * @returns {Jsep}\n   */\n  static removeIdentifierChar(char) {\n    Jsep.additional_identifier_chars.delete(char);\n    return Jsep;\n  }\n\n  /**\n   * @method removeBinaryOp\n   * @param {string} op_name The name of the binary op to remove\n   * @returns {Jsep}\n   */\n  static removeBinaryOp(op_name) {\n    delete Jsep.binary_ops[op_name];\n    if (op_name.length === Jsep.max_binop_len) {\n      Jsep.max_binop_len = Jsep.getMaxKeyLen(Jsep.binary_ops);\n    }\n    Jsep.right_associative.delete(op_name);\n    return Jsep;\n  }\n\n  /**\n   * @method removeAllBinaryOps\n   * @returns {Jsep}\n   */\n  static removeAllBinaryOps() {\n    Jsep.binary_ops = {};\n    Jsep.max_binop_len = 0;\n    return Jsep;\n  }\n\n  /**\n   * @method removeLiteral\n   * @param {string} literal_name The name of the literal to remove\n   * @returns {Jsep}\n   */\n  static removeLiteral(literal_name) {\n    delete Jsep.literals[literal_name];\n    return Jsep;\n  }\n\n  /**\n   * @method removeAllLiterals\n   * @returns {Jsep}\n   */\n  static removeAllLiterals() {\n    Jsep.literals = {};\n    return Jsep;\n  }\n  // ==================== END CONFIG ============================\n\n  /**\n   * @returns {string}\n   */\n  get char() {\n    return this.expr.charAt(this.index);\n  }\n\n  /**\n   * @returns {number}\n   */\n  get code() {\n    return this.expr.charCodeAt(this.index);\n  }\n  /**\n   * @param {string} expr a string with the passed in express\n   * @returns Jsep\n   */\n  constructor(expr) {\n    // `index` stores the character number we are currently at\n    // All of the gobbles below will modify `index` as we move along\n    this.expr = expr;\n    this.index = 0;\n  }\n\n  /**\n   * static top-level parser\n   * @returns {jsep.Expression}\n   */\n  static parse(expr) {\n    return new Jsep(expr).parse();\n  }\n\n  /**\n   * Get the longest key length of any object\n   * @param {object} obj\n   * @returns {number}\n   */\n  static getMaxKeyLen(obj) {\n    return Math.max(0, ...Object.keys(obj).map(k => k.length));\n  }\n\n  /**\n   * `ch` is a character code in the next three functions\n   * @param {number} ch\n   * @returns {boolean}\n   */\n  static isDecimalDigit(ch) {\n    return ch >= 48 && ch <= 57; // 0...9\n  }\n\n  /**\n   * Returns the precedence of a binary operator or `0` if it isn't a binary operator. Can be float.\n   * @param {string} op_val\n   * @returns {number}\n   */\n  static binaryPrecedence(op_val) {\n    return Jsep.binary_ops[op_val] || 0;\n  }\n\n  /**\n   * Looks for start of identifier\n   * @param {number} ch\n   * @returns {boolean}\n   */\n  static isIdentifierStart(ch) {\n    return ch >= 65 && ch <= 90 ||\n    // A...Z\n    ch >= 97 && ch <= 122 ||\n    // a...z\n    ch >= 128 && !Jsep.binary_ops[String.fromCharCode(ch)] ||\n    // any non-ASCII that is not an operator\n    Jsep.additional_identifier_chars.has(String.fromCharCode(ch)); // additional characters\n  }\n\n  /**\n   * @param {number} ch\n   * @returns {boolean}\n   */\n  static isIdentifierPart(ch) {\n    return Jsep.isIdentifierStart(ch) || Jsep.isDecimalDigit(ch);\n  }\n\n  /**\n   * throw error at index of the expression\n   * @param {string} message\n   * @throws\n   */\n  throwError(message) {\n    const error = new Error(message + ' at character ' + this.index);\n    error.index = this.index;\n    error.description = message;\n    throw error;\n  }\n\n  /**\n   * Run a given hook\n   * @param {string} name\n   * @param {jsep.Expression|false} [node]\n   * @returns {?jsep.Expression}\n   */\n  runHook(name, node) {\n    if (Jsep.hooks[name]) {\n      const env = {\n        context: this,\n        node\n      };\n      Jsep.hooks.run(name, env);\n      return env.node;\n    }\n    return node;\n  }\n\n  /**\n   * Runs a given hook until one returns a node\n   * @param {string} name\n   * @returns {?jsep.Expression}\n   */\n  searchHook(name) {\n    if (Jsep.hooks[name]) {\n      const env = {\n        context: this\n      };\n      Jsep.hooks[name].find(function (callback) {\n        callback.call(env.context, env);\n        return env.node;\n      });\n      return env.node;\n    }\n  }\n\n  /**\n   * Push `index` up to the next non-space character\n   */\n  gobbleSpaces() {\n    let ch = this.code;\n    // Whitespace\n    while (ch === Jsep.SPACE_CODE || ch === Jsep.TAB_CODE || ch === Jsep.LF_CODE || ch === Jsep.CR_CODE) {\n      ch = this.expr.charCodeAt(++this.index);\n    }\n    this.runHook('gobble-spaces');\n  }\n\n  /**\n   * Top-level method to parse all expressions and returns compound or single node\n   * @returns {jsep.Expression}\n   */\n  parse() {\n    this.runHook('before-all');\n    const nodes = this.gobbleExpressions();\n\n    // If there's only one expression just try returning the expression\n    const node = nodes.length === 1 ? nodes[0] : {\n      type: Jsep.COMPOUND,\n      body: nodes\n    };\n    return this.runHook('after-all', node);\n  }\n\n  /**\n   * top-level parser (but can be reused within as well)\n   * @param {number} [untilICode]\n   * @returns {jsep.Expression[]}\n   */\n  gobbleExpressions(untilICode) {\n    let nodes = [],\n      ch_i,\n      node;\n    while (this.index < this.expr.length) {\n      ch_i = this.code;\n\n      // Expressions can be separated by semicolons, commas, or just inferred without any\n      // separators\n      if (ch_i === Jsep.SEMCOL_CODE || ch_i === Jsep.COMMA_CODE) {\n        this.index++; // ignore separators\n      } else {\n        // Try to gobble each expression individually\n        if (node = this.gobbleExpression()) {\n          nodes.push(node);\n          // If we weren't able to find a binary expression and are out of room, then\n          // the expression passed in probably has too much\n        } else if (this.index < this.expr.length) {\n          if (ch_i === untilICode) {\n            break;\n          }\n          this.throwError('Unexpected \"' + this.char + '\"');\n        }\n      }\n    }\n    return nodes;\n  }\n\n  /**\n   * The main parsing function.\n   * @returns {?jsep.Expression}\n   */\n  gobbleExpression() {\n    const node = this.searchHook('gobble-expression') || this.gobbleBinaryExpression();\n    this.gobbleSpaces();\n    return this.runHook('after-expression', node);\n  }\n\n  /**\n   * Search for the operation portion of the string (e.g. `+`, `===`)\n   * Start by taking the longest possible binary operations (3 characters: `===`, `!==`, `>>>`)\n   * and move down from 3 to 2 to 1 character until a matching binary operation is found\n   * then, return that binary operation\n   * @returns {string|boolean}\n   */\n  gobbleBinaryOp() {\n    this.gobbleSpaces();\n    let to_check = this.expr.substr(this.index, Jsep.max_binop_len);\n    let tc_len = to_check.length;\n    while (tc_len > 0) {\n      // Don't accept a binary op when it is an identifier.\n      // Binary ops that start with a identifier-valid character must be followed\n      // by a non identifier-part valid character\n      if (Jsep.binary_ops.hasOwnProperty(to_check) && (!Jsep.isIdentifierStart(this.code) || this.index + to_check.length < this.expr.length && !Jsep.isIdentifierPart(this.expr.charCodeAt(this.index + to_check.length)))) {\n        this.index += tc_len;\n        return to_check;\n      }\n      to_check = to_check.substr(0, --tc_len);\n    }\n    return false;\n  }\n\n  /**\n   * This function is responsible for gobbling an individual expression,\n   * e.g. `1`, `1+2`, `a+(b*2)-Math.sqrt(2)`\n   * @returns {?jsep.BinaryExpression}\n   */\n  gobbleBinaryExpression() {\n    let node, biop, prec, stack, biop_info, left, right, i, cur_biop;\n\n    // First, try to get the leftmost thing\n    // Then, check to see if there's a binary operator operating on that leftmost thing\n    // Don't gobbleBinaryOp without a left-hand-side\n    left = this.gobbleToken();\n    if (!left) {\n      return left;\n    }\n    biop = this.gobbleBinaryOp();\n\n    // If there wasn't a binary operator, just return the leftmost node\n    if (!biop) {\n      return left;\n    }\n\n    // Otherwise, we need to start a stack to properly place the binary operations in their\n    // precedence structure\n    biop_info = {\n      value: biop,\n      prec: Jsep.binaryPrecedence(biop),\n      right_a: Jsep.right_associative.has(biop)\n    };\n    right = this.gobbleToken();\n    if (!right) {\n      this.throwError(\"Expected expression after \" + biop);\n    }\n    stack = [left, biop_info, right];\n\n    // Properly deal with precedence using [recursive descent](http://www.engr.mun.ca/~theo/Misc/exp_parsing.htm)\n    while (biop = this.gobbleBinaryOp()) {\n      prec = Jsep.binaryPrecedence(biop);\n      if (prec === 0) {\n        this.index -= biop.length;\n        break;\n      }\n      biop_info = {\n        value: biop,\n        prec,\n        right_a: Jsep.right_associative.has(biop)\n      };\n      cur_biop = biop;\n\n      // Reduce: make a binary expression from the three topmost entries.\n      const comparePrev = prev => biop_info.right_a && prev.right_a ? prec > prev.prec : prec <= prev.prec;\n      while (stack.length > 2 && comparePrev(stack[stack.length - 2])) {\n        right = stack.pop();\n        biop = stack.pop().value;\n        left = stack.pop();\n        node = {\n          type: Jsep.BINARY_EXP,\n          operator: biop,\n          left,\n          right\n        };\n        stack.push(node);\n      }\n      node = this.gobbleToken();\n      if (!node) {\n        this.throwError(\"Expected expression after \" + cur_biop);\n      }\n      stack.push(biop_info, node);\n    }\n    i = stack.length - 1;\n    node = stack[i];\n    while (i > 1) {\n      node = {\n        type: Jsep.BINARY_EXP,\n        operator: stack[i - 1].value,\n        left: stack[i - 2],\n        right: node\n      };\n      i -= 2;\n    }\n    return node;\n  }\n\n  /**\n   * An individual part of a binary expression:\n   * e.g. `foo.bar(baz)`, `1`, `\"abc\"`, `(a % 2)` (because it's in parenthesis)\n   * @returns {boolean|jsep.Expression}\n   */\n  gobbleToken() {\n    let ch, to_check, tc_len, node;\n    this.gobbleSpaces();\n    node = this.searchHook('gobble-token');\n    if (node) {\n      return this.runHook('after-token', node);\n    }\n    ch = this.code;\n    if (Jsep.isDecimalDigit(ch) || ch === Jsep.PERIOD_CODE) {\n      // Char code 46 is a dot `.` which can start off a numeric literal\n      return this.gobbleNumericLiteral();\n    }\n    if (ch === Jsep.SQUOTE_CODE || ch === Jsep.DQUOTE_CODE) {\n      // Single or double quotes\n      node = this.gobbleStringLiteral();\n    } else if (ch === Jsep.OBRACK_CODE) {\n      node = this.gobbleArray();\n    } else {\n      to_check = this.expr.substr(this.index, Jsep.max_unop_len);\n      tc_len = to_check.length;\n      while (tc_len > 0) {\n        // Don't accept an unary op when it is an identifier.\n        // Unary ops that start with a identifier-valid character must be followed\n        // by a non identifier-part valid character\n        if (Jsep.unary_ops.hasOwnProperty(to_check) && (!Jsep.isIdentifierStart(this.code) || this.index + to_check.length < this.expr.length && !Jsep.isIdentifierPart(this.expr.charCodeAt(this.index + to_check.length)))) {\n          this.index += tc_len;\n          const argument = this.gobbleToken();\n          if (!argument) {\n            this.throwError('missing unaryOp argument');\n          }\n          return this.runHook('after-token', {\n            type: Jsep.UNARY_EXP,\n            operator: to_check,\n            argument,\n            prefix: true\n          });\n        }\n        to_check = to_check.substr(0, --tc_len);\n      }\n      if (Jsep.isIdentifierStart(ch)) {\n        node = this.gobbleIdentifier();\n        if (Jsep.literals.hasOwnProperty(node.name)) {\n          node = {\n            type: Jsep.LITERAL,\n            value: Jsep.literals[node.name],\n            raw: node.name\n          };\n        } else if (node.name === Jsep.this_str) {\n          node = {\n            type: Jsep.THIS_EXP\n          };\n        }\n      } else if (ch === Jsep.OPAREN_CODE) {\n        // open parenthesis\n        node = this.gobbleGroup();\n      }\n    }\n    if (!node) {\n      return this.runHook('after-token', false);\n    }\n    node = this.gobbleTokenProperty(node);\n    return this.runHook('after-token', node);\n  }\n\n  /**\n   * Gobble properties of of identifiers/strings/arrays/groups.\n   * e.g. `foo`, `bar.baz`, `foo['bar'].baz`\n   * It also gobbles function calls:\n   * e.g. `Math.acos(obj.angle)`\n   * @param {jsep.Expression} node\n   * @returns {jsep.Expression}\n   */\n  gobbleTokenProperty(node) {\n    this.gobbleSpaces();\n    let ch = this.code;\n    while (ch === Jsep.PERIOD_CODE || ch === Jsep.OBRACK_CODE || ch === Jsep.OPAREN_CODE || ch === Jsep.QUMARK_CODE) {\n      let optional;\n      if (ch === Jsep.QUMARK_CODE) {\n        if (this.expr.charCodeAt(this.index + 1) !== Jsep.PERIOD_CODE) {\n          break;\n        }\n        optional = true;\n        this.index += 2;\n        this.gobbleSpaces();\n        ch = this.code;\n      }\n      this.index++;\n      if (ch === Jsep.OBRACK_CODE) {\n        node = {\n          type: Jsep.MEMBER_EXP,\n          computed: true,\n          object: node,\n          property: this.gobbleExpression()\n        };\n        if (!node.property) {\n          this.throwError('Unexpected \"' + this.char + '\"');\n        }\n        this.gobbleSpaces();\n        ch = this.code;\n        if (ch !== Jsep.CBRACK_CODE) {\n          this.throwError('Unclosed [');\n        }\n        this.index++;\n      } else if (ch === Jsep.OPAREN_CODE) {\n        // A function call is being made; gobble all the arguments\n        node = {\n          type: Jsep.CALL_EXP,\n          'arguments': this.gobbleArguments(Jsep.CPAREN_CODE),\n          callee: node\n        };\n      } else if (ch === Jsep.PERIOD_CODE || optional) {\n        if (optional) {\n          this.index--;\n        }\n        this.gobbleSpaces();\n        node = {\n          type: Jsep.MEMBER_EXP,\n          computed: false,\n          object: node,\n          property: this.gobbleIdentifier()\n        };\n      }\n      if (optional) {\n        node.optional = true;\n      } // else leave undefined for compatibility with esprima\n\n      this.gobbleSpaces();\n      ch = this.code;\n    }\n    return node;\n  }\n\n  /**\n   * Parse simple numeric literals: `12`, `3.4`, `.5`. Do this by using a string to\n   * keep track of everything in the numeric literal and then calling `parseFloat` on that string\n   * @returns {jsep.Literal}\n   */\n  gobbleNumericLiteral() {\n    let number = '',\n      ch,\n      chCode;\n    while (Jsep.isDecimalDigit(this.code)) {\n      number += this.expr.charAt(this.index++);\n    }\n    if (this.code === Jsep.PERIOD_CODE) {\n      // can start with a decimal marker\n      number += this.expr.charAt(this.index++);\n      while (Jsep.isDecimalDigit(this.code)) {\n        number += this.expr.charAt(this.index++);\n      }\n    }\n    ch = this.char;\n    if (ch === 'e' || ch === 'E') {\n      // exponent marker\n      number += this.expr.charAt(this.index++);\n      ch = this.char;\n      if (ch === '+' || ch === '-') {\n        // exponent sign\n        number += this.expr.charAt(this.index++);\n      }\n      while (Jsep.isDecimalDigit(this.code)) {\n        // exponent itself\n        number += this.expr.charAt(this.index++);\n      }\n      if (!Jsep.isDecimalDigit(this.expr.charCodeAt(this.index - 1))) {\n        this.throwError('Expected exponent (' + number + this.char + ')');\n      }\n    }\n    chCode = this.code;\n\n    // Check to make sure this isn't a variable name that start with a number (123abc)\n    if (Jsep.isIdentifierStart(chCode)) {\n      this.throwError('Variable names cannot start with a number (' + number + this.char + ')');\n    } else if (chCode === Jsep.PERIOD_CODE || number.length === 1 && number.charCodeAt(0) === Jsep.PERIOD_CODE) {\n      this.throwError('Unexpected period');\n    }\n    return {\n      type: Jsep.LITERAL,\n      value: parseFloat(number),\n      raw: number\n    };\n  }\n\n  /**\n   * Parses a string literal, staring with single or double quotes with basic support for escape codes\n   * e.g. `\"hello world\"`, `'this is\\nJSEP'`\n   * @returns {jsep.Literal}\n   */\n  gobbleStringLiteral() {\n    let str = '';\n    const startIndex = this.index;\n    const quote = this.expr.charAt(this.index++);\n    let closed = false;\n    while (this.index < this.expr.length) {\n      let ch = this.expr.charAt(this.index++);\n      if (ch === quote) {\n        closed = true;\n        break;\n      } else if (ch === '\\\\') {\n        // Check for all of the common escape codes\n        ch = this.expr.charAt(this.index++);\n        switch (ch) {\n          case 'n':\n            str += '\\n';\n            break;\n          case 'r':\n            str += '\\r';\n            break;\n          case 't':\n            str += '\\t';\n            break;\n          case 'b':\n            str += '\\b';\n            break;\n          case 'f':\n            str += '\\f';\n            break;\n          case 'v':\n            str += '\\x0B';\n            break;\n          default:\n            str += ch;\n        }\n      } else {\n        str += ch;\n      }\n    }\n    if (!closed) {\n      this.throwError('Unclosed quote after \"' + str + '\"');\n    }\n    return {\n      type: Jsep.LITERAL,\n      value: str,\n      raw: this.expr.substring(startIndex, this.index)\n    };\n  }\n\n  /**\n   * Gobbles only identifiers\n   * e.g.: `foo`, `_value`, `$x1`\n   * Also, this function checks if that identifier is a literal:\n   * (e.g. `true`, `false`, `null`) or `this`\n   * @returns {jsep.Identifier}\n   */\n  gobbleIdentifier() {\n    let ch = this.code,\n      start = this.index;\n    if (Jsep.isIdentifierStart(ch)) {\n      this.index++;\n    } else {\n      this.throwError('Unexpected ' + this.char);\n    }\n    while (this.index < this.expr.length) {\n      ch = this.code;\n      if (Jsep.isIdentifierPart(ch)) {\n        this.index++;\n      } else {\n        break;\n      }\n    }\n    return {\n      type: Jsep.IDENTIFIER,\n      name: this.expr.slice(start, this.index)\n    };\n  }\n\n  /**\n   * Gobbles a list of arguments within the context of a function call\n   * or array literal. This function also assumes that the opening character\n   * `(` or `[` has already been gobbled, and gobbles expressions and commas\n   * until the terminator character `)` or `]` is encountered.\n   * e.g. `foo(bar, baz)`, `my_func()`, or `[bar, baz]`\n   * @param {number} termination\n   * @returns {jsep.Expression[]}\n   */\n  gobbleArguments(termination) {\n    const args = [];\n    let closed = false;\n    let separator_count = 0;\n    while (this.index < this.expr.length) {\n      this.gobbleSpaces();\n      let ch_i = this.code;\n      if (ch_i === termination) {\n        // done parsing\n        closed = true;\n        this.index++;\n        if (termination === Jsep.CPAREN_CODE && separator_count && separator_count >= args.length) {\n          this.throwError('Unexpected token ' + String.fromCharCode(termination));\n        }\n        break;\n      } else if (ch_i === Jsep.COMMA_CODE) {\n        // between expressions\n        this.index++;\n        separator_count++;\n        if (separator_count !== args.length) {\n          // missing argument\n          if (termination === Jsep.CPAREN_CODE) {\n            this.throwError('Unexpected token ,');\n          } else if (termination === Jsep.CBRACK_CODE) {\n            for (let arg = args.length; arg < separator_count; arg++) {\n              args.push(null);\n            }\n          }\n        }\n      } else if (args.length !== separator_count && separator_count !== 0) {\n        // NOTE: `&& separator_count !== 0` allows for either all commas, or all spaces as arguments\n        this.throwError('Expected comma');\n      } else {\n        const node = this.gobbleExpression();\n        if (!node || node.type === Jsep.COMPOUND) {\n          this.throwError('Expected comma');\n        }\n        args.push(node);\n      }\n    }\n    if (!closed) {\n      this.throwError('Expected ' + String.fromCharCode(termination));\n    }\n    return args;\n  }\n\n  /**\n   * Responsible for parsing a group of things within parentheses `()`\n   * that have no identifier in front (so not a function call)\n   * This function assumes that it needs to gobble the opening parenthesis\n   * and then tries to gobble everything within that parenthesis, assuming\n   * that the next thing it should see is the close parenthesis. If not,\n   * then the expression probably doesn't have a `)`\n   * @returns {boolean|jsep.Expression}\n   */\n  gobbleGroup() {\n    this.index++;\n    let nodes = this.gobbleExpressions(Jsep.CPAREN_CODE);\n    if (this.code === Jsep.CPAREN_CODE) {\n      this.index++;\n      if (nodes.length === 1) {\n        return nodes[0];\n      } else if (!nodes.length) {\n        return false;\n      } else {\n        return {\n          type: Jsep.SEQUENCE_EXP,\n          expressions: nodes\n        };\n      }\n    } else {\n      this.throwError('Unclosed (');\n    }\n  }\n\n  /**\n   * Responsible for parsing Array literals `[1, 2, 3]`\n   * This function assumes that it needs to gobble the opening bracket\n   * and then tries to gobble the expressions as arguments.\n   * @returns {jsep.ArrayExpression}\n   */\n  gobbleArray() {\n    this.index++;\n    return {\n      type: Jsep.ARRAY_EXP,\n      elements: this.gobbleArguments(Jsep.CBRACK_CODE)\n    };\n  }\n}\n\n// Static fields:\nconst hooks = new Hooks();\nObject.assign(Jsep, {\n  hooks,\n  plugins: new Plugins(Jsep),\n  // Node Types\n  // ----------\n  // This is the full set of types that any JSEP node can be.\n  // Store them here to save space when minified\n  COMPOUND: 'Compound',\n  SEQUENCE_EXP: 'SequenceExpression',\n  IDENTIFIER: 'Identifier',\n  MEMBER_EXP: 'MemberExpression',\n  LITERAL: 'Literal',\n  THIS_EXP: 'ThisExpression',\n  CALL_EXP: 'CallExpression',\n  UNARY_EXP: 'UnaryExpression',\n  BINARY_EXP: 'BinaryExpression',\n  ARRAY_EXP: 'ArrayExpression',\n  TAB_CODE: 9,\n  LF_CODE: 10,\n  CR_CODE: 13,\n  SPACE_CODE: 32,\n  PERIOD_CODE: 46,\n  // '.'\n  COMMA_CODE: 44,\n  // ','\n  SQUOTE_CODE: 39,\n  // single quote\n  DQUOTE_CODE: 34,\n  // double quotes\n  OPAREN_CODE: 40,\n  // (\n  CPAREN_CODE: 41,\n  // )\n  OBRACK_CODE: 91,\n  // [\n  CBRACK_CODE: 93,\n  // ]\n  QUMARK_CODE: 63,\n  // ?\n  SEMCOL_CODE: 59,\n  // ;\n  COLON_CODE: 58,\n  // :\n\n  // Operations\n  // ----------\n  // Use a quickly-accessible map to store all of the unary operators\n  // Values are set to `1` (it really doesn't matter)\n  unary_ops: {\n    '-': 1,\n    '!': 1,\n    '~': 1,\n    '+': 1\n  },\n  // Also use a map for the binary operations but set their values to their\n  // binary precedence for quick reference (higher number = higher precedence)\n  // see [Order of operations](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Operator_Precedence)\n  binary_ops: {\n    '||': 1,\n    '??': 1,\n    '&&': 2,\n    '|': 3,\n    '^': 4,\n    '&': 5,\n    '==': 6,\n    '!=': 6,\n    '===': 6,\n    '!==': 6,\n    '<': 7,\n    '>': 7,\n    '<=': 7,\n    '>=': 7,\n    '<<': 8,\n    '>>': 8,\n    '>>>': 8,\n    '+': 9,\n    '-': 9,\n    '*': 10,\n    '/': 10,\n    '%': 10,\n    '**': 11\n  },\n  // sets specific binary_ops as right-associative\n  right_associative: new Set(['**']),\n  // Additional valid identifier chars, apart from a-z, A-Z and 0-9 (except on the starting char)\n  additional_identifier_chars: new Set(['$', '_']),\n  // Literals\n  // ----------\n  // Store the values to return for the various literals we may encounter\n  literals: {\n    'true': true,\n    'false': false,\n    'null': null\n  },\n  // Except for `this`, which is special. This could be changed to something like `'self'` as well\n  this_str: 'this'\n});\nJsep.max_unop_len = Jsep.getMaxKeyLen(Jsep.unary_ops);\nJsep.max_binop_len = Jsep.getMaxKeyLen(Jsep.binary_ops);\n\n// Backward Compatibility:\nconst jsep = expr => new Jsep(expr).parse();\nconst stdClassProps = Object.getOwnPropertyNames(class Test {});\nObject.getOwnPropertyNames(Jsep).filter(prop => !stdClassProps.includes(prop) && jsep[prop] === undefined).forEach(m => {\n  jsep[m] = Jsep[m];\n});\njsep.Jsep = Jsep; // allows for const { Jsep } = require('jsep');\n\nconst CONDITIONAL_EXP = 'ConditionalExpression';\nvar ternary = {\n  name: 'ternary',\n  init(jsep) {\n    // Ternary expression: test ? consequent : alternate\n    jsep.hooks.add('after-expression', function gobbleTernary(env) {\n      if (env.node && this.code === jsep.QUMARK_CODE) {\n        this.index++;\n        const test = env.node;\n        const consequent = this.gobbleExpression();\n        if (!consequent) {\n          this.throwError('Expected expression');\n        }\n        this.gobbleSpaces();\n        if (this.code === jsep.COLON_CODE) {\n          this.index++;\n          const alternate = this.gobbleExpression();\n          if (!alternate) {\n            this.throwError('Expected expression');\n          }\n          env.node = {\n            type: CONDITIONAL_EXP,\n            test,\n            consequent,\n            alternate\n          };\n\n          // check for operators of higher priority than ternary (i.e. assignment)\n          // jsep sets || at 1, and assignment at 0.9, and conditional should be between them\n          if (test.operator && jsep.binary_ops[test.operator] <= 0.9) {\n            let newTest = test;\n            while (newTest.right.operator && jsep.binary_ops[newTest.right.operator] <= 0.9) {\n              newTest = newTest.right;\n            }\n            env.node.test = newTest.right;\n            newTest.right = env.node;\n            env.node = test;\n          }\n        } else {\n          this.throwError('Expected :');\n        }\n      }\n    });\n  }\n};\n\n// Add default plugins:\n\njsep.plugins.register(ternary);\n\nconst FSLASH_CODE = 47; // '/'\nconst BSLASH_CODE = 92; // '\\\\'\n\nvar index = {\n  name: 'regex',\n  init(jsep) {\n    // Regex literal: /abc123/ig\n    jsep.hooks.add('gobble-token', function gobbleRegexLiteral(env) {\n      if (this.code === FSLASH_CODE) {\n        const patternIndex = ++this.index;\n        let inCharSet = false;\n        while (this.index < this.expr.length) {\n          if (this.code === FSLASH_CODE && !inCharSet) {\n            const pattern = this.expr.slice(patternIndex, this.index);\n            let flags = '';\n            while (++this.index < this.expr.length) {\n              const code = this.code;\n              if (code >= 97 && code <= 122 // a...z\n              || code >= 65 && code <= 90 // A...Z\n              || code >= 48 && code <= 57) {\n                // 0-9\n                flags += this.char;\n              } else {\n                break;\n              }\n            }\n            let value;\n            try {\n              value = new RegExp(pattern, flags);\n            } catch (e) {\n              this.throwError(e.message);\n            }\n            env.node = {\n              type: jsep.LITERAL,\n              value,\n              raw: this.expr.slice(patternIndex - 1, this.index)\n            };\n\n            // allow . [] and () after regex: /regex/.test(a)\n            env.node = this.gobbleTokenProperty(env.node);\n            return env.node;\n          }\n          if (this.code === jsep.OBRACK_CODE) {\n            inCharSet = true;\n          } else if (inCharSet && this.code === jsep.CBRACK_CODE) {\n            inCharSet = false;\n          }\n          this.index += this.code === BSLASH_CODE ? 2 : 1;\n        }\n        this.throwError('Unclosed Regex');\n      }\n    });\n  }\n};\n\nconst PLUS_CODE = 43; // +\nconst MINUS_CODE = 45; // -\n\nconst plugin = {\n  name: 'assignment',\n  assignmentOperators: new Set(['=', '*=', '**=', '/=', '%=', '+=', '-=', '<<=', '>>=', '>>>=', '&=', '^=', '|=', '||=', '&&=', '??=']),\n  updateOperators: [PLUS_CODE, MINUS_CODE],\n  assignmentPrecedence: 0.9,\n  init(jsep) {\n    const updateNodeTypes = [jsep.IDENTIFIER, jsep.MEMBER_EXP];\n    plugin.assignmentOperators.forEach(op => jsep.addBinaryOp(op, plugin.assignmentPrecedence, true));\n    jsep.hooks.add('gobble-token', function gobbleUpdatePrefix(env) {\n      const code = this.code;\n      if (plugin.updateOperators.some(c => c === code && c === this.expr.charCodeAt(this.index + 1))) {\n        this.index += 2;\n        env.node = {\n          type: 'UpdateExpression',\n          operator: code === PLUS_CODE ? '++' : '--',\n          argument: this.gobbleTokenProperty(this.gobbleIdentifier()),\n          prefix: true\n        };\n        if (!env.node.argument || !updateNodeTypes.includes(env.node.argument.type)) {\n          this.throwError(`Unexpected ${env.node.operator}`);\n        }\n      }\n    });\n    jsep.hooks.add('after-token', function gobbleUpdatePostfix(env) {\n      if (env.node) {\n        const code = this.code;\n        if (plugin.updateOperators.some(c => c === code && c === this.expr.charCodeAt(this.index + 1))) {\n          if (!updateNodeTypes.includes(env.node.type)) {\n            this.throwError(`Unexpected ${env.node.operator}`);\n          }\n          this.index += 2;\n          env.node = {\n            type: 'UpdateExpression',\n            operator: code === PLUS_CODE ? '++' : '--',\n            argument: env.node,\n            prefix: false\n          };\n        }\n      }\n    });\n    jsep.hooks.add('after-expression', function gobbleAssignment(env) {\n      if (env.node) {\n        // Note: Binaries can be chained in a single expression to respect\n        // operator precedence (i.e. a = b = 1 + 2 + 3)\n        // Update all binary assignment nodes in the tree\n        updateBinariesToAssignments(env.node);\n      }\n    });\n    function updateBinariesToAssignments(node) {\n      if (plugin.assignmentOperators.has(node.operator)) {\n        node.type = 'AssignmentExpression';\n        updateBinariesToAssignments(node.left);\n        updateBinariesToAssignments(node.right);\n      } else if (!node.operator) {\n        Object.values(node).forEach(val => {\n          if (val && typeof val === 'object') {\n            updateBinariesToAssignments(val);\n          }\n        });\n      }\n    }\n  }\n};\n\n/* eslint-disable no-bitwise -- Convenient */\n\n// register plugins\njsep.plugins.register(index, plugin);\njsep.addUnaryOp('typeof');\njsep.addLiteral('null', null);\njsep.addLiteral('undefined', undefined);\nconst BLOCKED_PROTO_PROPERTIES = new Set(['constructor', '__proto__', '__defineGetter__', '__defineSetter__']);\nconst SafeEval = {\n  /**\n   * @param {jsep.Expression} ast\n   * @param {Record<string, any>} subs\n   */\n  evalAst(ast, subs) {\n    switch (ast.type) {\n      case 'BinaryExpression':\n      case 'LogicalExpression':\n        return SafeEval.evalBinaryExpression(ast, subs);\n      case 'Compound':\n        return SafeEval.evalCompound(ast, subs);\n      case 'ConditionalExpression':\n        return SafeEval.evalConditionalExpression(ast, subs);\n      case 'Identifier':\n        return SafeEval.evalIdentifier(ast, subs);\n      case 'Literal':\n        return SafeEval.evalLiteral(ast, subs);\n      case 'MemberExpression':\n        return SafeEval.evalMemberExpression(ast, subs);\n      case 'UnaryExpression':\n        return SafeEval.evalUnaryExpression(ast, subs);\n      case 'ArrayExpression':\n        return SafeEval.evalArrayExpression(ast, subs);\n      case 'CallExpression':\n        return SafeEval.evalCallExpression(ast, subs);\n      case 'AssignmentExpression':\n        return SafeEval.evalAssignmentExpression(ast, subs);\n      default:\n        throw SyntaxError('Unexpected expression', ast);\n    }\n  },\n  evalBinaryExpression(ast, subs) {\n    const result = {\n      '||': (a, b) => a || b(),\n      '&&': (a, b) => a && b(),\n      '|': (a, b) => a | b(),\n      '^': (a, b) => a ^ b(),\n      '&': (a, b) => a & b(),\n      // eslint-disable-next-line eqeqeq -- API\n      '==': (a, b) => a == b(),\n      // eslint-disable-next-line eqeqeq -- API\n      '!=': (a, b) => a != b(),\n      '===': (a, b) => a === b(),\n      '!==': (a, b) => a !== b(),\n      '<': (a, b) => a < b(),\n      '>': (a, b) => a > b(),\n      '<=': (a, b) => a <= b(),\n      '>=': (a, b) => a >= b(),\n      '<<': (a, b) => a << b(),\n      '>>': (a, b) => a >> b(),\n      '>>>': (a, b) => a >>> b(),\n      '+': (a, b) => a + b(),\n      '-': (a, b) => a - b(),\n      '*': (a, b) => a * b(),\n      '/': (a, b) => a / b(),\n      '%': (a, b) => a % b()\n    }[ast.operator](SafeEval.evalAst(ast.left, subs), () => SafeEval.evalAst(ast.right, subs));\n    return result;\n  },\n  evalCompound(ast, subs) {\n    let last;\n    for (let i = 0; i < ast.body.length; i++) {\n      if (ast.body[i].type === 'Identifier' && ['var', 'let', 'const'].includes(ast.body[i].name) && ast.body[i + 1] && ast.body[i + 1].type === 'AssignmentExpression') {\n        // var x=2; is detected as\n        // [{Identifier var}, {AssignmentExpression x=2}]\n        // eslint-disable-next-line @stylistic/max-len -- Long\n        // eslint-disable-next-line sonarjs/updated-loop-counter -- Convenient\n        i += 1;\n      }\n      const expr = ast.body[i];\n      last = SafeEval.evalAst(expr, subs);\n    }\n    return last;\n  },\n  evalConditionalExpression(ast, subs) {\n    if (SafeEval.evalAst(ast.test, subs)) {\n      return SafeEval.evalAst(ast.consequent, subs);\n    }\n    return SafeEval.evalAst(ast.alternate, subs);\n  },\n  evalIdentifier(ast, subs) {\n    if (Object.hasOwn(subs, ast.name)) {\n      return subs[ast.name];\n    }\n    throw ReferenceError(`${ast.name} is not defined`);\n  },\n  evalLiteral(ast) {\n    return ast.value;\n  },\n  evalMemberExpression(ast, subs) {\n    const prop = String(\n    // NOTE: `String(value)` throws error when\n    // value has overwritten the toString method to return non-string\n    // i.e. `value = {toString: () => []}`\n    ast.computed ? SafeEval.evalAst(ast.property) // `object[property]`\n    : ast.property.name // `object.property` property is Identifier\n    );\n    const obj = SafeEval.evalAst(ast.object, subs);\n    if (obj === undefined || obj === null) {\n      throw TypeError(`Cannot read properties of ${obj} (reading '${prop}')`);\n    }\n    if (!Object.hasOwn(obj, prop) && BLOCKED_PROTO_PROPERTIES.has(prop)) {\n      throw TypeError(`Cannot read properties of ${obj} (reading '${prop}')`);\n    }\n    const result = obj[prop];\n    if (typeof result === 'function') {\n      return result.bind(obj); // arrow functions aren't affected by bind.\n    }\n    return result;\n  },\n  evalUnaryExpression(ast, subs) {\n    const result = {\n      '-': a => -SafeEval.evalAst(a, subs),\n      '!': a => !SafeEval.evalAst(a, subs),\n      '~': a => ~SafeEval.evalAst(a, subs),\n      // eslint-disable-next-line no-implicit-coercion -- API\n      '+': a => +SafeEval.evalAst(a, subs),\n      typeof: a => typeof SafeEval.evalAst(a, subs)\n    }[ast.operator](ast.argument);\n    return result;\n  },\n  evalArrayExpression(ast, subs) {\n    return ast.elements.map(el => SafeEval.evalAst(el, subs));\n  },\n  evalCallExpression(ast, subs) {\n    const args = ast.arguments.map(arg => SafeEval.evalAst(arg, subs));\n    const func = SafeEval.evalAst(ast.callee, subs);\n    // if (func === Function) {\n    //     throw new Error('Function constructor is disabled');\n    // }\n    return func(...args);\n  },\n  evalAssignmentExpression(ast, subs) {\n    if (ast.left.type !== 'Identifier') {\n      throw SyntaxError('Invalid left-hand side in assignment');\n    }\n    const id = ast.left.name;\n    const value = SafeEval.evalAst(ast.right, subs);\n    subs[id] = value;\n    return subs[id];\n  }\n};\n\n/**\n * A replacement for NodeJS' VM.Script which is also {@link https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP | Content Security Policy} friendly.\n */\nclass SafeScript {\n  /**\n   * @param {string} expr Expression to evaluate\n   */\n  constructor(expr) {\n    this.code = expr;\n    this.ast = jsep(this.code);\n  }\n\n  /**\n   * @param {object} context Object whose items will be added\n   *   to evaluation\n   * @returns {EvaluatedResult} Result of evaluated code\n   */\n  runInNewContext(context) {\n    // `Object.create(null)` creates a prototypeless object\n    const keyMap = Object.assign(Object.create(null), context);\n    return SafeEval.evalAst(this.ast, keyMap);\n  }\n}\n\n/* eslint-disable camelcase -- Convenient for escaping */\n\n\n/**\n * @typedef {null|boolean|number|string|object|GenericArray} JSONObject\n */\n\n/**\n * @typedef {any} AnyItem\n */\n\n/**\n * @typedef {any} AnyResult\n */\n\n/**\n * Copies array and then pushes item into it.\n * @param {GenericArray} arr Array to copy and into which to push\n * @param {AnyItem} item Array item to add (to end)\n * @returns {GenericArray} Copy of the original array\n */\nfunction push(arr, item) {\n  arr = arr.slice();\n  arr.push(item);\n  return arr;\n}\n/**\n * Copies array and then unshifts item into it.\n * @param {AnyItem} item Array item to add (to beginning)\n * @param {GenericArray} arr Array to copy and into which to unshift\n * @returns {GenericArray} Copy of the original array\n */\nfunction unshift(item, arr) {\n  arr = arr.slice();\n  arr.unshift(item);\n  return arr;\n}\n\n/**\n * Caught when JSONPath is used without `new` but rethrown if with `new`\n * @extends Error\n */\nclass NewError extends Error {\n  /**\n   * @param {AnyResult} value The evaluated scalar value\n   */\n  constructor(value) {\n    super('JSONPath should not be called with \"new\" (it prevents return ' + 'of (unwrapped) scalar values)');\n    this.avoidNew = true;\n    this.value = value;\n    this.name = 'NewError';\n  }\n}\n\n/**\n* @typedef {object} ReturnObject\n* @property {string} path\n* @property {JSONObject} value\n* @property {object|GenericArray} parent\n* @property {string} parentProperty\n*/\n\n/**\n* @callback JSONPathCallback\n* @param {string|object} preferredOutput\n* @param {\"value\"|\"property\"} type\n* @param {ReturnObject} fullRetObj\n* @returns {void}\n*/\n\n/**\n* @callback OtherTypeCallback\n* @param {JSONObject} val\n* @param {string} path\n* @param {object|GenericArray} parent\n* @param {string} parentPropName\n* @returns {boolean}\n*/\n\n/**\n * @typedef {any} ContextItem\n */\n\n/**\n * @typedef {any} EvaluatedResult\n */\n\n/**\n* @callback EvalCallback\n* @param {string} code\n* @param {ContextItem} context\n* @returns {EvaluatedResult}\n*/\n\n/**\n * @typedef {typeof SafeScript} EvalClass\n */\n\n/**\n * @typedef {object} JSONPathOptions\n * @property {JSON} json\n * @property {string|string[]} path\n * @property {\"value\"|\"path\"|\"pointer\"|\"parent\"|\"parentProperty\"|\n *   \"all\"} [resultType=\"value\"]\n * @property {boolean} [flatten=false]\n * @property {boolean} [wrap=true]\n * @property {object} [sandbox={}]\n * @property {EvalCallback|EvalClass|'safe'|'native'|\n *   boolean} [eval = 'safe']\n * @property {object|GenericArray|null} [parent=null]\n * @property {string|null} [parentProperty=null]\n * @property {JSONPathCallback} [callback]\n * @property {OtherTypeCallback} [otherTypeCallback] Defaults to\n *   function which throws on encountering `@other`\n * @property {boolean} [autostart=true]\n */\n\n/**\n * @param {string|JSONPathOptions} opts If a string, will be treated as `expr`\n * @param {string} [expr] JSON path to evaluate\n * @param {JSON} [obj] JSON object to evaluate against\n * @param {JSONPathCallback} [callback] Passed 3 arguments: 1) desired payload\n *     per `resultType`, 2) `\"value\"|\"property\"`, 3) Full returned object with\n *     all payloads\n * @param {OtherTypeCallback} [otherTypeCallback] If `@other()` is at the end\n *   of one's query, this will be invoked with the value of the item, its\n *   path, its parent, and its parent's property name, and it should return\n *   a boolean indicating whether the supplied value belongs to the \"other\"\n *   type or not (or it may handle transformations and return `false`).\n * @returns {JSONPath}\n * @class\n */\nfunction JSONPath(opts, expr, obj, callback, otherTypeCallback) {\n  // eslint-disable-next-line no-restricted-syntax -- Allow for pseudo-class\n  if (!(this instanceof JSONPath)) {\n    try {\n      return new JSONPath(opts, expr, obj, callback, otherTypeCallback);\n    } catch (e) {\n      if (!e.avoidNew) {\n        throw e;\n      }\n      return e.value;\n    }\n  }\n  if (typeof opts === 'string') {\n    otherTypeCallback = callback;\n    callback = obj;\n    obj = expr;\n    expr = opts;\n    opts = null;\n  }\n  const optObj = opts && typeof opts === 'object';\n  opts = opts || {};\n  this.json = opts.json || obj;\n  this.path = opts.path || expr;\n  this.resultType = opts.resultType || 'value';\n  this.flatten = opts.flatten || false;\n  this.wrap = Object.hasOwn(opts, 'wrap') ? opts.wrap : true;\n  this.sandbox = opts.sandbox || {};\n  this.eval = opts.eval === undefined ? 'safe' : opts.eval;\n  this.ignoreEvalErrors = typeof opts.ignoreEvalErrors === 'undefined' ? false : opts.ignoreEvalErrors;\n  this.parent = opts.parent || null;\n  this.parentProperty = opts.parentProperty || null;\n  this.callback = opts.callback || callback || null;\n  this.otherTypeCallback = opts.otherTypeCallback || otherTypeCallback || function () {\n    throw new TypeError('You must supply an otherTypeCallback callback option ' + 'with the @other() operator.');\n  };\n  if (opts.autostart !== false) {\n    const args = {\n      path: optObj ? opts.path : expr\n    };\n    if (!optObj) {\n      args.json = obj;\n    } else if ('json' in opts) {\n      args.json = opts.json;\n    }\n    const ret = this.evaluate(args);\n    if (!ret || typeof ret !== 'object') {\n      throw new NewError(ret);\n    }\n    return ret;\n  }\n}\n\n// PUBLIC METHODS\nJSONPath.prototype.evaluate = function (expr, json, callback, otherTypeCallback) {\n  let currParent = this.parent,\n    currParentProperty = this.parentProperty;\n  let {\n    flatten,\n    wrap\n  } = this;\n  this.currResultType = this.resultType;\n  this.currEval = this.eval;\n  this.currSandbox = this.sandbox;\n  callback = callback || this.callback;\n  this.currOtherTypeCallback = otherTypeCallback || this.otherTypeCallback;\n  json = json || this.json;\n  expr = expr || this.path;\n  if (expr && typeof expr === 'object' && !Array.isArray(expr)) {\n    if (!expr.path && expr.path !== '') {\n      throw new TypeError('You must supply a \"path\" property when providing an object ' + 'argument to JSONPath.evaluate().');\n    }\n    if (!Object.hasOwn(expr, 'json')) {\n      throw new TypeError('You must supply a \"json\" property when providing an object ' + 'argument to JSONPath.evaluate().');\n    }\n    ({\n      json\n    } = expr);\n    flatten = Object.hasOwn(expr, 'flatten') ? expr.flatten : flatten;\n    this.currResultType = Object.hasOwn(expr, 'resultType') ? expr.resultType : this.currResultType;\n    this.currSandbox = Object.hasOwn(expr, 'sandbox') ? expr.sandbox : this.currSandbox;\n    wrap = Object.hasOwn(expr, 'wrap') ? expr.wrap : wrap;\n    this.currEval = Object.hasOwn(expr, 'eval') ? expr.eval : this.currEval;\n    callback = Object.hasOwn(expr, 'callback') ? expr.callback : callback;\n    this.currOtherTypeCallback = Object.hasOwn(expr, 'otherTypeCallback') ? expr.otherTypeCallback : this.currOtherTypeCallback;\n    currParent = Object.hasOwn(expr, 'parent') ? expr.parent : currParent;\n    currParentProperty = Object.hasOwn(expr, 'parentProperty') ? expr.parentProperty : currParentProperty;\n    expr = expr.path;\n  }\n  currParent = currParent || null;\n  currParentProperty = currParentProperty || null;\n  if (Array.isArray(expr)) {\n    expr = JSONPath.toPathString(expr);\n  }\n  if (!expr && expr !== '' || !json) {\n    return undefined;\n  }\n  const exprList = JSONPath.toPathArray(expr);\n  if (exprList[0] === '$' && exprList.length > 1) {\n    exprList.shift();\n  }\n  this._hasParentSelector = null;\n  const result = this._trace(exprList, json, ['$'], currParent, currParentProperty, callback).filter(function (ea) {\n    return ea && !ea.isParentSelector;\n  });\n  if (!result.length) {\n    return wrap ? [] : undefined;\n  }\n  if (!wrap && result.length === 1 && !result[0].hasArrExpr) {\n    return this._getPreferredOutput(result[0]);\n  }\n  return result.reduce((rslt, ea) => {\n    const valOrPath = this._getPreferredOutput(ea);\n    if (flatten && Array.isArray(valOrPath)) {\n      rslt = rslt.concat(valOrPath);\n    } else {\n      rslt.push(valOrPath);\n    }\n    return rslt;\n  }, []);\n};\n\n// PRIVATE METHODS\n\nJSONPath.prototype._getPreferredOutput = function (ea) {\n  const resultType = this.currResultType;\n  switch (resultType) {\n    case 'all':\n      {\n        const path = Array.isArray(ea.path) ? ea.path : JSONPath.toPathArray(ea.path);\n        ea.pointer = JSONPath.toPointer(path);\n        ea.path = typeof ea.path === 'string' ? ea.path : JSONPath.toPathString(ea.path);\n        return ea;\n      }\n    case 'value':\n    case 'parent':\n    case 'parentProperty':\n      return ea[resultType];\n    case 'path':\n      return JSONPath.toPathString(ea[resultType]);\n    case 'pointer':\n      return JSONPath.toPointer(ea.path);\n    default:\n      throw new TypeError('Unknown result type');\n  }\n};\nJSONPath.prototype._handleCallback = function (fullRetObj, callback, type) {\n  if (callback) {\n    const preferredOutput = this._getPreferredOutput(fullRetObj);\n    fullRetObj.path = typeof fullRetObj.path === 'string' ? fullRetObj.path : JSONPath.toPathString(fullRetObj.path);\n    // eslint-disable-next-line n/callback-return -- No need to return\n    callback(preferredOutput, type, fullRetObj);\n  }\n};\n\n/**\n *\n * @param {string} expr\n * @param {JSONObject} val\n * @param {string} path\n * @param {object|GenericArray} parent\n * @param {string} parentPropName\n * @param {JSONPathCallback} callback\n * @param {boolean} hasArrExpr\n * @param {boolean} literalPriority\n * @returns {ReturnObject|ReturnObject[]}\n */\nJSONPath.prototype._trace = function (expr, val, path, parent, parentPropName, callback, hasArrExpr, literalPriority) {\n  // No expr to follow? return path and value as the result of\n  //  this trace branch\n  let retObj;\n  if (!expr.length) {\n    retObj = {\n      path,\n      value: val,\n      parent,\n      parentProperty: parentPropName,\n      hasArrExpr\n    };\n    this._handleCallback(retObj, callback, 'value');\n    return retObj;\n  }\n  const loc = expr[0],\n    x = expr.slice(1);\n\n  // We need to gather the return value of recursive trace calls in order to\n  // do the parent sel computation.\n  const ret = [];\n  /**\n   *\n   * @param {ReturnObject|ReturnObject[]} elems\n   * @returns {void}\n   */\n  function addRet(elems) {\n    if (Array.isArray(elems)) {\n      // This was causing excessive stack size in Node (with or\n      //  without Babel) against our performance test:\n      //  `ret.push(...elems);`\n      elems.forEach(t => {\n        ret.push(t);\n      });\n    } else {\n      ret.push(elems);\n    }\n  }\n  if ((typeof loc !== 'string' || literalPriority) && val && Object.hasOwn(val, loc)) {\n    // simple case--directly follow property\n    addRet(this._trace(x, val[loc], push(path, loc), val, loc, callback, hasArrExpr));\n    // eslint-disable-next-line unicorn/prefer-switch -- Part of larger `if`\n  } else if (loc === '*') {\n    // all child properties\n    this._walk(val, m => {\n      addRet(this._trace(x, val[m], push(path, m), val, m, callback, true, true));\n    });\n  } else if (loc === '..') {\n    // all descendent parent properties\n    // Check remaining expression with val's immediate children\n    addRet(this._trace(x, val, path, parent, parentPropName, callback, hasArrExpr));\n    this._walk(val, m => {\n      // We don't join m and x here because we only want parents,\n      //   not scalar values\n      if (typeof val[m] === 'object') {\n        // Keep going with recursive descent on val's\n        //   object children\n        addRet(this._trace(expr.slice(), val[m], push(path, m), val, m, callback, true));\n      }\n    });\n    // The parent sel computation is handled in the frame above using the\n    // ancestor object of val\n  } else if (loc === '^') {\n    // This is not a final endpoint, so we do not invoke the callback here\n    this._hasParentSelector = true;\n    return {\n      path: path.slice(0, -1),\n      expr: x,\n      isParentSelector: true\n    };\n  } else if (loc === '~') {\n    // property name\n    retObj = {\n      path: push(path, loc),\n      value: parentPropName,\n      parent,\n      parentProperty: null\n    };\n    this._handleCallback(retObj, callback, 'property');\n    return retObj;\n  } else if (loc === '$') {\n    // root only\n    addRet(this._trace(x, val, path, null, null, callback, hasArrExpr));\n  } else if (/^(-?\\d*):(-?\\d*):?(\\d*)$/u.test(loc)) {\n    // [start:end:step]  Python slice syntax\n    addRet(this._slice(loc, x, val, path, parent, parentPropName, callback));\n  } else if (loc.indexOf('?(') === 0) {\n    // [?(expr)] (filtering)\n    if (this.currEval === false) {\n      throw new Error('Eval [?(expr)] prevented in JSONPath expression.');\n    }\n    const safeLoc = loc.replace(/^\\?\\((.*?)\\)$/u, '$1');\n    // check for a nested filter expression\n    const nested = /@.?([^?]*)[['](\\??\\(.*?\\))(?!.\\)\\])[\\]']/gu.exec(safeLoc);\n    if (nested) {\n      // find if there are matches in the nested expression\n      // add them to the result set if there is at least one match\n      this._walk(val, m => {\n        const npath = [nested[2]];\n        const nvalue = nested[1] ? val[m][nested[1]] : val[m];\n        const filterResults = this._trace(npath, nvalue, path, parent, parentPropName, callback, true);\n        if (filterResults.length > 0) {\n          addRet(this._trace(x, val[m], push(path, m), val, m, callback, true));\n        }\n      });\n    } else {\n      this._walk(val, m => {\n        if (this._eval(safeLoc, val[m], m, path, parent, parentPropName)) {\n          addRet(this._trace(x, val[m], push(path, m), val, m, callback, true));\n        }\n      });\n    }\n  } else if (loc[0] === '(') {\n    // [(expr)] (dynamic property/index)\n    if (this.currEval === false) {\n      throw new Error('Eval [(expr)] prevented in JSONPath expression.');\n    }\n    // As this will resolve to a property name (but we don't know it\n    //  yet), property and parent information is relative to the\n    //  parent of the property to which this expression will resolve\n    addRet(this._trace(unshift(this._eval(loc, val, path.at(-1), path.slice(0, -1), parent, parentPropName), x), val, path, parent, parentPropName, callback, hasArrExpr));\n  } else if (loc[0] === '@') {\n    // value type: @boolean(), etc.\n    let addType = false;\n    const valueType = loc.slice(1, -2);\n    switch (valueType) {\n      case 'scalar':\n        if (!val || !['object', 'function'].includes(typeof val)) {\n          addType = true;\n        }\n        break;\n      case 'boolean':\n      case 'string':\n      case 'undefined':\n      case 'function':\n        if (typeof val === valueType) {\n          addType = true;\n        }\n        break;\n      case 'integer':\n        if (Number.isFinite(val) && !(val % 1)) {\n          addType = true;\n        }\n        break;\n      case 'number':\n        if (Number.isFinite(val)) {\n          addType = true;\n        }\n        break;\n      case 'nonFinite':\n        if (typeof val === 'number' && !Number.isFinite(val)) {\n          addType = true;\n        }\n        break;\n      case 'object':\n        if (val && typeof val === valueType) {\n          addType = true;\n        }\n        break;\n      case 'array':\n        if (Array.isArray(val)) {\n          addType = true;\n        }\n        break;\n      case 'other':\n        addType = this.currOtherTypeCallback(val, path, parent, parentPropName);\n        break;\n      case 'null':\n        if (val === null) {\n          addType = true;\n        }\n        break;\n      /* c8 ignore next 2 */\n      default:\n        throw new TypeError('Unknown value type ' + valueType);\n    }\n    if (addType) {\n      retObj = {\n        path,\n        value: val,\n        parent,\n        parentProperty: parentPropName\n      };\n      this._handleCallback(retObj, callback, 'value');\n      return retObj;\n    }\n    // `-escaped property\n  } else if (loc[0] === '`' && val && Object.hasOwn(val, loc.slice(1))) {\n    const locProp = loc.slice(1);\n    addRet(this._trace(x, val[locProp], push(path, locProp), val, locProp, callback, hasArrExpr, true));\n  } else if (loc.includes(',')) {\n    // [name1,name2,...]\n    const parts = loc.split(',');\n    for (const part of parts) {\n      addRet(this._trace(unshift(part, x), val, path, parent, parentPropName, callback, true));\n    }\n    // simple case--directly follow property\n  } else if (!literalPriority && val && Object.hasOwn(val, loc)) {\n    addRet(this._trace(x, val[loc], push(path, loc), val, loc, callback, hasArrExpr, true));\n  }\n\n  // We check the resulting values for parent selections. For parent\n  // selections we discard the value object and continue the trace with the\n  // current val object\n  if (this._hasParentSelector) {\n    for (let t = 0; t < ret.length; t++) {\n      const rett = ret[t];\n      if (rett && rett.isParentSelector) {\n        const tmp = this._trace(rett.expr, val, rett.path, parent, parentPropName, callback, hasArrExpr);\n        if (Array.isArray(tmp)) {\n          ret[t] = tmp[0];\n          const tl = tmp.length;\n          for (let tt = 1; tt < tl; tt++) {\n            // eslint-disable-next-line @stylistic/max-len -- Long\n            // eslint-disable-next-line sonarjs/updated-loop-counter -- Convenient\n            t++;\n            ret.splice(t, 0, tmp[tt]);\n          }\n        } else {\n          ret[t] = tmp;\n        }\n      }\n    }\n  }\n  return ret;\n};\nJSONPath.prototype._walk = function (val, f) {\n  if (Array.isArray(val)) {\n    const n = val.length;\n    for (let i = 0; i < n; i++) {\n      f(i);\n    }\n  } else if (val && typeof val === 'object') {\n    Object.keys(val).forEach(m => {\n      f(m);\n    });\n  }\n};\nJSONPath.prototype._slice = function (loc, expr, val, path, parent, parentPropName, callback) {\n  if (!Array.isArray(val)) {\n    return undefined;\n  }\n  const len = val.length,\n    parts = loc.split(':'),\n    step = parts[2] && Number.parseInt(parts[2]) || 1;\n  let start = parts[0] && Number.parseInt(parts[0]) || 0,\n    end = parts[1] && Number.parseInt(parts[1]) || len;\n  start = start < 0 ? Math.max(0, start + len) : Math.min(len, start);\n  end = end < 0 ? Math.max(0, end + len) : Math.min(len, end);\n  const ret = [];\n  for (let i = start; i < end; i += step) {\n    const tmp = this._trace(unshift(i, expr), val, path, parent, parentPropName, callback, true);\n    // Should only be possible to be an array here since first part of\n    //   ``unshift(i, expr)` passed in above would not be empty, nor `~`,\n    //     nor begin with `@` (as could return objects)\n    // This was causing excessive stack size in Node (with or\n    //  without Babel) against our performance test: `ret.push(...tmp);`\n    tmp.forEach(t => {\n      ret.push(t);\n    });\n  }\n  return ret;\n};\nJSONPath.prototype._eval = function (code, _v, _vname, path, parent, parentPropName) {\n  this.currSandbox._$_parentProperty = parentPropName;\n  this.currSandbox._$_parent = parent;\n  this.currSandbox._$_property = _vname;\n  this.currSandbox._$_root = this.json;\n  this.currSandbox._$_v = _v;\n  const containsPath = code.includes('@path');\n  if (containsPath) {\n    this.currSandbox._$_path = JSONPath.toPathString(path.concat([_vname]));\n  }\n  const scriptCacheKey = this.currEval + 'Script:' + code;\n  if (!JSONPath.cache[scriptCacheKey]) {\n    let script = code.replaceAll('@parentProperty', '_$_parentProperty').replaceAll('@parent', '_$_parent').replaceAll('@property', '_$_property').replaceAll('@root', '_$_root').replaceAll(/@([.\\s)[])/gu, '_$_v$1');\n    if (containsPath) {\n      script = script.replaceAll('@path', '_$_path');\n    }\n    if (this.currEval === 'safe' || this.currEval === true || this.currEval === undefined) {\n      JSONPath.cache[scriptCacheKey] = new this.safeVm.Script(script);\n    } else if (this.currEval === 'native') {\n      JSONPath.cache[scriptCacheKey] = new this.vm.Script(script);\n    } else if (typeof this.currEval === 'function' && this.currEval.prototype && Object.hasOwn(this.currEval.prototype, 'runInNewContext')) {\n      const CurrEval = this.currEval;\n      JSONPath.cache[scriptCacheKey] = new CurrEval(script);\n    } else if (typeof this.currEval === 'function') {\n      JSONPath.cache[scriptCacheKey] = {\n        runInNewContext: context => this.currEval(script, context)\n      };\n    } else {\n      throw new TypeError(`Unknown \"eval\" property \"${this.currEval}\"`);\n    }\n  }\n  try {\n    return JSONPath.cache[scriptCacheKey].runInNewContext(this.currSandbox);\n  } catch (e) {\n    if (this.ignoreEvalErrors) {\n      return false;\n    }\n    throw new Error('jsonPath: ' + e.message + ': ' + code);\n  }\n};\n\n// PUBLIC CLASS PROPERTIES AND METHODS\n\n// Could store the cache object itself\nJSONPath.cache = {};\n\n/**\n * @param {string[]} pathArr Array to convert\n * @returns {string} The path string\n */\nJSONPath.toPathString = function (pathArr) {\n  const x = pathArr,\n    n = x.length;\n  let p = '$';\n  for (let i = 1; i < n; i++) {\n    if (!/^(~|\\^|@.*?\\(\\))$/u.test(x[i])) {\n      p += /^[0-9*]+$/u.test(x[i]) ? '[' + x[i] + ']' : \"['\" + x[i] + \"']\";\n    }\n  }\n  return p;\n};\n\n/**\n * @param {string} pointer JSON Path\n * @returns {string} JSON Pointer\n */\nJSONPath.toPointer = function (pointer) {\n  const x = pointer,\n    n = x.length;\n  let p = '';\n  for (let i = 1; i < n; i++) {\n    if (!/^(~|\\^|@.*?\\(\\))$/u.test(x[i])) {\n      p += '/' + x[i].toString().replaceAll('~', '~0').replaceAll('/', '~1');\n    }\n  }\n  return p;\n};\n\n/**\n * @param {string} expr Expression to convert\n * @returns {string[]}\n */\nJSONPath.toPathArray = function (expr) {\n  const {\n    cache\n  } = JSONPath;\n  if (cache[expr]) {\n    return cache[expr].concat();\n  }\n  const subx = [];\n  const normalized = expr\n  // Properties\n  .replaceAll(/@(?:null|boolean|number|string|integer|undefined|nonFinite|scalar|array|object|function|other)\\(\\)/gu, ';$&;')\n  // Parenthetical evaluations (filtering and otherwise), directly\n  //   within brackets or single quotes\n  .replaceAll(/[['](\\??\\(.*?\\))[\\]'](?!.\\])/gu, function ($0, $1) {\n    return '[#' + (subx.push($1) - 1) + ']';\n  })\n  // Escape periods and tildes within properties\n  .replaceAll(/\\[['\"]([^'\\]]*)['\"]\\]/gu, function ($0, prop) {\n    return \"['\" + prop.replaceAll('.', '%@%').replaceAll('~', '%%@@%%') + \"']\";\n  })\n  // Properties operator\n  .replaceAll('~', ';~;')\n  // Split by property boundaries\n  .replaceAll(/['\"]?\\.['\"]?(?![^[]*\\])|\\[['\"]?/gu, ';')\n  // Reinsert periods within properties\n  .replaceAll('%@%', '.')\n  // Reinsert tildes within properties\n  .replaceAll('%%@@%%', '~')\n  // Parent\n  .replaceAll(/(?:;)?(\\^+)(?:;)?/gu, function ($0, ups) {\n    return ';' + ups.split('').join(';') + ';';\n  })\n  // Descendents\n  .replaceAll(/;;;|;;/gu, ';..;')\n  // Remove trailing\n  .replaceAll(/;$|'?\\]|'$/gu, '');\n  const exprList = normalized.split(';').map(function (exp) {\n    const match = exp.match(/#(\\d+)/u);\n    return !match || !match[1] ? exp : subx[match[1]];\n  });\n  cache[expr] = exprList;\n  return cache[expr].concat();\n};\nJSONPath.prototype.safeVm = {\n  Script: SafeScript\n};\n\nJSONPath.prototype.vm = vm;\n\nexports.JSONPath = JSONPath;\n","// The module cache\nvar __webpack_module_cache__ = {};\n\n// The require function\nfunction __webpack_require__(moduleId) {\n\t// Check if module is in cache\n\tvar cachedModule = __webpack_module_cache__[moduleId];\n\tif (cachedModule !== undefined) {\n\t\treturn cachedModule.exports;\n\t}\n\t// Create a new module (and put it into the cache)\n\tvar module = __webpack_module_cache__[moduleId] = {\n\t\t// no module.id needed\n\t\t// no module.loaded needed\n\t\texports: {}\n\t};\n\n\t// Execute the module function\n\tvar threw = true;\n\ttry {\n\t\t__webpack_modules__[moduleId].call(module.exports, module, module.exports, __webpack_require__);\n\t\tthrew = false;\n\t} finally {\n\t\tif(threw) delete __webpack_module_cache__[moduleId];\n\t}\n\n\t// Return the exports of the module\n\treturn module.exports;\n}\n\n","\nif (typeof __webpack_require__ !== 'undefined') __webpack_require__.ab = __dirname + \"/\";","","// startup\n// Load entry module and return exports\n// This entry module is referenced by other modules so it can't be inlined\nvar __webpack_exports__ = __webpack_require__(5915);\n",""],"names":[],"sourceRoot":""}
\ No newline at end of file
diff --git a/src/main.ts b/src/main.ts
index 5bd4ab5..9aaef22 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -5,7 +5,7 @@ import * as core from '@actions/core'
 import {DOMParser} from '@xmldom/xmldom'
 import * as xpath from 'xpath'
 import {JSONPath} from 'jsonpath-plus'
-import {LogLevel, log} from './utils'
+import {LogLevel, log, normalizeCweId} from './utils'
 
 let sarifFilePath: string
 let outputFilePath: string
@@ -103,9 +103,15 @@ JSONPath({
     for (const tag of tags) {
       if (tag.startsWith(codeQlCweTagPrefix)) {
         const cweId = tag.replace(codeQlCweTagPrefix, '')
-        if (cweIds.includes(cweId)) {
+        // Normalize CWE ID by converting to integer to remove leading zeros
+        const normalizedCweId = normalizeCweId(cweId)
+        // Skip if the CWE ID is not a valid number
+        if (normalizedCweId === null) {
+          continue
+        }
+        if (cweIds.includes(normalizedCweId)) {
           tags.push(securityStandardTag)
-          tags.push(...cweCategories[cweId])
+          tags.push(...cweCategories[normalizedCweId])
           return
         }
       }
diff --git a/src/utils.ts b/src/utils.ts
index f12c569..78daef3 100644
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -41,3 +41,16 @@ export function log(message: string, level = LogLevel.Info): void {
     }
   }
 }
+
+/**
+ * Normalize a CWE ID by removing leading zeros
+ * @param cweId - The CWE ID string (e.g., "099", "020", "89")
+ * @returns The normalized CWE ID string (e.g., "99", "20", "89") or null if invalid
+ */
+export function normalizeCweId(cweId: string): string | null {
+  const parsedCweId = parseInt(cweId, 10)
+  if (Number.isNaN(parsedCweId) || parsedCweId < 0) {
+    return null
+  }
+  return String(parsedCweId)
+}
diff --git a/test-data/webgoat-with-security-standard-tag.sarif.expected b/test-data/webgoat-with-security-standard-tag.sarif.expected
index 31cf392..94c11eb 100644
--- a/test-data/webgoat-with-security-standard-tag.sarif.expected
+++ b/test-data/webgoat-with-security-standard-tag.sarif.expected
@@ -1 +1 @@
-{"$schema":"https://json.schemastore.org/sarif-2.1.0.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"CodeQL","organization":"GitHub","semanticVersion":"2.12.2","notifications":[{"id":"java/baseline/expected-extracted-files","name":"java/baseline/expected-extracted-files","shortDescription":{"text":"Expected extracted files"},"fullDescription":{"text":"Files appearing in the source archive that are expected to be extracted."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["expected-extracted-files","telemetry"]}},{"id":"js/baseline/expected-extracted-files","name":"js/baseline/expected-extracted-files","shortDescription":{"text":"Expected extracted files"},"fullDescription":{"text":"Files appearing in the source archive that are expected to be extracted."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["expected-extracted-files","telemetry"]}}],"rules":[]},"extensions":[{"name":"codeql/java-all","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-all/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-all/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/javascript-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/java-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/cpp-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/regex","semanticVersion":"0.0.6+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/regex/0.0.6/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/regex/0.0.6/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/csharp-queries","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-queries/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-queries/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/tutorial","semanticVersion":"0.0.3+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/tutorial/0.0.3/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/tutorial/0.0.3/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/ssa","semanticVersion":"0.0.10+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ssa/0.0.10/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ssa/0.0.10/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/util","semanticVersion":"0.0.3+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/util/0.0.3/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/util/0.0.3/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/ruby-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/typos","semanticVersion":"0.0.10+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/typos/0.0.10/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/typos/0.0.10/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/ruby-all","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-all/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-all/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/csharp-all","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-all/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-all/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/javascript-all","semanticVersion":"0.4.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-all/0.4.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-all/0.4.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/python-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/csharp-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"legacy-upgrades","semanticVersion":"0.0.0","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/legacy-upgrades/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/legacy-upgrades/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/go-all","semanticVersion":"0.4.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-all/0.4.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-all/0.4.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/java-queries","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","notifications":[{"id":"java/diagnostics/extraction-errors","name":"java/diagnostics/extraction-errors","shortDescription":{"text":"Extraction errors"},"fullDescription":{"text":"A list of extraction errors for files in the source code directory."},"defaultConfiguration":{"enabled":true},"properties":{"description":"A list of extraction errors for files in the source code directory.","id":"java/diagnostics/extraction-errors","kind":"diagnostic","name":"Extraction errors"}},{"id":"java/diagnostics/successfully-extracted-files","name":"java/diagnostics/successfully-extracted-files","shortDescription":{"text":"Successfully extracted files"},"fullDescription":{"text":"A list of all files in the source code directory that were extracted without encountering an error in the file."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["successfully-extracted-files"],"description":"A list of all files in the source code directory that\n              were extracted without encountering an error in the file.","id":"java/diagnostics/successfully-extracted-files","kind":"diagnostic","name":"Successfully extracted files"}},{"id":"java/diagnostics/extraction-warnings","name":"java/diagnostics/extraction-warnings","shortDescription":{"text":"Extraction warnings"},"fullDescription":{"text":"A list of extraction warnings for files in the source code directory."},"defaultConfiguration":{"enabled":true},"properties":{"description":"A list of extraction warnings for files in the source code directory.","id":"java/diagnostics/extraction-warnings","kind":"diagnostic","name":"Extraction warnings"}}],"rules":[{"id":"java/implicit-cast-in-compound-assignment","name":"java/implicit-cast-in-compound-assignment","shortDescription":{"text":"Implicit narrowing conversion in compound assignment"},"fullDescription":{"text":"Compound assignment statements (for example 'intvar += longvar') that implicitly cast a value of a wider type to a narrower type may result in information loss and numeric errors such as overflows."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Implicit narrowing conversion in compound assignment\nCompound assignment statements of the form `x += y` or `x *= y` perform an implicit narrowing conversion if the type of `x` is narrower than the type of `y`. For example, `x += y` is equivalent to `x = (T)(x + y)`, where `T` is the type of `x`. This can result in information loss and numeric errors such as overflows.\n\n\n## Recommendation\nEnsure that the type of the left-hand side of the compound assignment statement is at least as wide as the type of the right-hand side.\n\n\n## Example\nIf `x` is of type `short` and `y` is of type `int`, the expression `x + y` is of type `int`. However, the expression `x += y` is equivalent to `x = (short) (x + y)`. The expression `x + y` is cast to the type of the left-hand side of the assignment: `short`, possibly leading to information loss.\n\nTo avoid implicitly narrowing the type of `x + y`, change the type of `x` to `int`. Then the types of `x` and `x + y` are both `int` and there is no need for an implicit cast.\n\n\n## References\n* J. Bloch and N. Gafter, *Java Puzzlers: Traps, Pitfalls, and Corner Cases*, Puzzle 9. Addison-Wesley, 2005.\n* Java Language Specification: [Compound Assignment Operators](https://docs.oracle.com/javase/specs/jls/se11/html/jls-15.html#jls-15.26.2), [Narrowing Primitive Conversion](https://docs.oracle.com/javase/specs/jls/se11/html/jls-5.html#jls-5.1.3).\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-192](https://cwe.mitre.org/data/definitions/192.html).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n* Common Weakness Enumeration: [CWE-681](https://cwe.mitre.org/data/definitions/681.html).\n","markdown":"# Implicit narrowing conversion in compound assignment\nCompound assignment statements of the form `x += y` or `x *= y` perform an implicit narrowing conversion if the type of `x` is narrower than the type of `y`. For example, `x += y` is equivalent to `x = (T)(x + y)`, where `T` is the type of `x`. This can result in information loss and numeric errors such as overflows.\n\n\n## Recommendation\nEnsure that the type of the left-hand side of the compound assignment statement is at least as wide as the type of the right-hand side.\n\n\n## Example\nIf `x` is of type `short` and `y` is of type `int`, the expression `x + y` is of type `int`. However, the expression `x += y` is equivalent to `x = (short) (x + y)`. The expression `x + y` is cast to the type of the left-hand side of the assignment: `short`, possibly leading to information loss.\n\nTo avoid implicitly narrowing the type of `x + y`, change the type of `x` to `int`. Then the types of `x` and `x + y` are both `int` and there is no need for an implicit cast.\n\n\n## References\n* J. Bloch and N. Gafter, *Java Puzzlers: Traps, Pitfalls, and Corner Cases*, Puzzle 9. Addison-Wesley, 2005.\n* Java Language Specification: [Compound Assignment Operators](https://docs.oracle.com/javase/specs/jls/se11/html/jls-15.html#jls-15.26.2), [Narrowing Primitive Conversion](https://docs.oracle.com/javase/specs/jls/se11/html/jls-5.html#jls-5.1.3).\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-192](https://cwe.mitre.org/data/definitions/192.html).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n* Common Weakness Enumeration: [CWE-681](https://cwe.mitre.org/data/definitions/681.html).\n"},"properties":{"tags":["reliability","security","external/cwe/cwe-190","external/cwe/cwe-192","external/cwe/cwe-197","external/cwe/cwe-681"],"description":"Compound assignment statements (for example 'intvar += longvar') that implicitly\n              cast a value of a wider type to a narrower type may result in information loss and\n              numeric errors such as overflows.","id":"java/implicit-cast-in-compound-assignment","kind":"problem","name":"Implicit narrowing conversion in compound assignment","precision":"very-high","problem.severity":"warning","security-severity":"8.1"}},{"id":"java/predictable-seed","name":"java/predictable-seed","shortDescription":{"text":"Use of a predictable seed in a secure random number generator"},"fullDescription":{"text":"Using a predictable seed in a pseudo-random number generator can lead to predictability of the numbers generated by it."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Use of a predictable seed in a secure random number generator\nUsing a predictable seed in a pseudo-random number generator can lead to predictability of the numbers generated by it.\n\n\n## Recommendation\nIf the predictability of the pseudo-random number generator does not matter then consider using the faster `Random` class from `java.util`. If it is important that the pseudo-random number generator produces completely unpredictable values then either let the generator securely seed itself by not specifying a seed or specify a randomly generated, unpredictable seed.\n\n\n## Example\nIn the first example shown here, a constant value is used as a seed. Depending on the implementation of ` SecureRandom`, this could lead to the same random number being generated each time the code is executed.\n\nIn the second example shown here, the system time is used as a seed. Depending on the implementation of ` SecureRandom`, if an attacker knows what time the code was run, they could predict the generated random number.\n\nIn the third example shown here, the random number generator is allowed to generate its own seed, which it will do in a secure way.\n\n\n```java\nSecureRandom prng = new SecureRandom();\nint randomData = 0;\n\n// BAD: Using a constant value as a seed for a random number generator means all numbers it generates are predictable.\nprng.setSeed(12345L);\nrandomData = prng.next(32);\n\n// BAD: System.currentTimeMillis() returns the system time which is predictable.\nprng.setSeed(System.currentTimeMillis());\nrandomData = prng.next(32);\n\n// GOOD: SecureRandom implementations seed themselves securely by default.\nprng = new SecureRandom();\nrandomData = prng.next(32);\n\n```\n\n## References\n* Common Weakness Enumeration: [CWE-335](https://cwe.mitre.org/data/definitions/335.html).\n* Common Weakness Enumeration: [CWE-337](https://cwe.mitre.org/data/definitions/337.html).\n","markdown":"# Use of a predictable seed in a secure random number generator\nUsing a predictable seed in a pseudo-random number generator can lead to predictability of the numbers generated by it.\n\n\n## Recommendation\nIf the predictability of the pseudo-random number generator does not matter then consider using the faster `Random` class from `java.util`. If it is important that the pseudo-random number generator produces completely unpredictable values then either let the generator securely seed itself by not specifying a seed or specify a randomly generated, unpredictable seed.\n\n\n## Example\nIn the first example shown here, a constant value is used as a seed. Depending on the implementation of ` SecureRandom`, this could lead to the same random number being generated each time the code is executed.\n\nIn the second example shown here, the system time is used as a seed. Depending on the implementation of ` SecureRandom`, if an attacker knows what time the code was run, they could predict the generated random number.\n\nIn the third example shown here, the random number generator is allowed to generate its own seed, which it will do in a secure way.\n\n\n```java\nSecureRandom prng = new SecureRandom();\nint randomData = 0;\n\n// BAD: Using a constant value as a seed for a random number generator means all numbers it generates are predictable.\nprng.setSeed(12345L);\nrandomData = prng.next(32);\n\n// BAD: System.currentTimeMillis() returns the system time which is predictable.\nprng.setSeed(System.currentTimeMillis());\nrandomData = prng.next(32);\n\n// GOOD: SecureRandom implementations seed themselves securely by default.\nprng = new SecureRandom();\nrandomData = prng.next(32);\n\n```\n\n## References\n* Common Weakness Enumeration: [CWE-335](https://cwe.mitre.org/data/definitions/335.html).\n* Common Weakness Enumeration: [CWE-337](https://cwe.mitre.org/data/definitions/337.html).\n"},"properties":{"tags":["security","external/cwe/cwe-335","external/cwe/cwe-337","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using a predictable seed in a pseudo-random number generator can lead to predictability of the numbers generated by it.","id":"java/predictable-seed","kind":"problem","name":"Use of a predictable seed in a secure random number generator","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/android/intent-uri-permission-manipulation","name":"java/android/intent-uri-permission-manipulation","shortDescription":{"text":"Intent URI permission manipulation"},"fullDescription":{"text":"Returning an externally provided Intent via 'setResult' may allow a malicious application to access arbitrary content providers of the vulnerable application."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Intent URI permission manipulation\nWhen an Android component expects a result from an Activity, `startActivityForResult` can be used. The started Activity can then use `setResult` to return the appropriate data to the calling component.\n\nIf an Activity obtains the incoming, user-provided Intent and directly returns it via `setResult` without any checks, the application may be unintentionally giving arbitrary access to its content providers, even if they are not exported, as long as they are configured with the attribute `android:grantUriPermissions=\"true\"`. This happens because the attacker adds the appropriate URI permission flags to the provided Intent, which take effect once the Intent is reflected back.\n\n\n## Recommendation\nAvoid returning user-provided or untrusted Intents via `setResult`. Use a new Intent instead.\n\nIf it is required to use the received Intent, make sure that it does not contain URI permission flags, either by checking them with `Intent.getFlags` or removing them with `Intent.removeFlags`.\n\n\n## Example\nThe following sample contains three examples. In the first example, a user-provided Intent is obtained and directly returned back with `setResult`, which is dangerous. In the second example, a new Intent is created to safely return the desired data. The third example shows how the obtained Intent can be sanitized by removing dangerous flags before using it to return data to the calling component.\n\n\n```java\npublic class IntentUriPermissionManipulation extends Activity {\n\n    // BAD: the user-provided Intent is returned as-is\n    public void dangerous() {\n        Intent intent = getIntent();\n        intent.putExtra(\"result\", \"resultData\");\n        setResult(intent);\n    }\n\n    // GOOD: a new Intent is created and returned\n    public void safe() {\n        Intent intent = new Intent();\n        intent.putExtra(\"result\", \"resultData\");\n        setResult(intent);\n    }\n\n    // GOOD: the user-provided Intent is sanitized before being returned\n    public void sanitized() {\n        Intent intent = getIntent();\n        intent.putExtra(\"result\", \"resultData\");\n        intent.removeFlags(\n                Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_READ_URI_PERMISSION);\n        setResult(intent);\n    }\n}\n\n```\n\n## References\n* Google Help: [Remediation for Intent Redirection Vulnerability](https://support.google.com/faqs/answer/9267555?hl=en).\n* Common Weakness Enumeration: [CWE-266](https://cwe.mitre.org/data/definitions/266.html).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n","markdown":"# Intent URI permission manipulation\nWhen an Android component expects a result from an Activity, `startActivityForResult` can be used. The started Activity can then use `setResult` to return the appropriate data to the calling component.\n\nIf an Activity obtains the incoming, user-provided Intent and directly returns it via `setResult` without any checks, the application may be unintentionally giving arbitrary access to its content providers, even if they are not exported, as long as they are configured with the attribute `android:grantUriPermissions=\"true\"`. This happens because the attacker adds the appropriate URI permission flags to the provided Intent, which take effect once the Intent is reflected back.\n\n\n## Recommendation\nAvoid returning user-provided or untrusted Intents via `setResult`. Use a new Intent instead.\n\nIf it is required to use the received Intent, make sure that it does not contain URI permission flags, either by checking them with `Intent.getFlags` or removing them with `Intent.removeFlags`.\n\n\n## Example\nThe following sample contains three examples. In the first example, a user-provided Intent is obtained and directly returned back with `setResult`, which is dangerous. In the second example, a new Intent is created to safely return the desired data. The third example shows how the obtained Intent can be sanitized by removing dangerous flags before using it to return data to the calling component.\n\n\n```java\npublic class IntentUriPermissionManipulation extends Activity {\n\n    // BAD: the user-provided Intent is returned as-is\n    public void dangerous() {\n        Intent intent = getIntent();\n        intent.putExtra(\"result\", \"resultData\");\n        setResult(intent);\n    }\n\n    // GOOD: a new Intent is created and returned\n    public void safe() {\n        Intent intent = new Intent();\n        intent.putExtra(\"result\", \"resultData\");\n        setResult(intent);\n    }\n\n    // GOOD: the user-provided Intent is sanitized before being returned\n    public void sanitized() {\n        Intent intent = getIntent();\n        intent.putExtra(\"result\", \"resultData\");\n        intent.removeFlags(\n                Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_READ_URI_PERMISSION);\n        setResult(intent);\n    }\n}\n\n```\n\n## References\n* Google Help: [Remediation for Intent Redirection Vulnerability](https://support.google.com/faqs/answer/9267555?hl=en).\n* Common Weakness Enumeration: [CWE-266](https://cwe.mitre.org/data/definitions/266.html).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n"},"properties":{"tags":["security","external/cwe/cwe-266","external/cwe/cwe-926","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Returning an externally provided Intent via 'setResult' may allow a malicious\n              application to access arbitrary content providers of the vulnerable application.","id":"java/android/intent-uri-permission-manipulation","kind":"path-problem","name":"Intent URI permission manipulation","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"java/android/debuggable-attribute-enabled","name":"java/android/debuggable-attribute-enabled","shortDescription":{"text":"Android debuggable attribute enabled"},"fullDescription":{"text":"An enabled debugger can allow for entry points in the application or reveal sensitive information."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android debuggable attribute enabled\nThe Android manifest file defines configuration settings for Android applications. In this file, the `android:debuggable` attribute of the `application` element can be used to define whether or not the application can be debugged. When set to `true`, this attribute will allow the application to be debugged even when running on a device in user mode.\n\nWhen a debugger is enabled, it could allow for entry points in the application or reveal sensitive information. As a result, `android:debuggable` should only be enabled during development and should be disabled in production builds.\n\n\n## Recommendation\nIn Android applications, either set the `android:debuggable` attribute to `false`, or do not include it in the manifest. The default value, when not included, is `false`.\n\n\n## Example\nIn the example below, the `android:debuggable` attribute is set to `true`.\n\n\n```xml\n<manifest ... >\n    <!-- BAD: 'android:debuggable' set to 'true' -->\n    <application\n        android:debuggable=\"true\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\nThe corrected version sets the `android:debuggable` attribute to `false`.\n\n\n```xml\n<manifest ... >\n    <!-- GOOD: 'android:debuggable' set to 'false' -->\n    <application\n        android:debuggable=\"false\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Developers: [App Manifest Overview](https://developer.android.com/guide/topics/manifest/manifest-intro).\n* Android Developers: [The android:debuggable attribute](https://developer.android.com/guide/topics/manifest/application-element#debug).\n* Android Developers: [Enable debugging](https://developer.android.com/studio/debug#enable-debug).\n* Common Weakness Enumeration: [CWE-489](https://cwe.mitre.org/data/definitions/489.html).\n","markdown":"# Android debuggable attribute enabled\nThe Android manifest file defines configuration settings for Android applications. In this file, the `android:debuggable` attribute of the `application` element can be used to define whether or not the application can be debugged. When set to `true`, this attribute will allow the application to be debugged even when running on a device in user mode.\n\nWhen a debugger is enabled, it could allow for entry points in the application or reveal sensitive information. As a result, `android:debuggable` should only be enabled during development and should be disabled in production builds.\n\n\n## Recommendation\nIn Android applications, either set the `android:debuggable` attribute to `false`, or do not include it in the manifest. The default value, when not included, is `false`.\n\n\n## Example\nIn the example below, the `android:debuggable` attribute is set to `true`.\n\n\n```xml\n<manifest ... >\n    <!-- BAD: 'android:debuggable' set to 'true' -->\n    <application\n        android:debuggable=\"true\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\nThe corrected version sets the `android:debuggable` attribute to `false`.\n\n\n```xml\n<manifest ... >\n    <!-- GOOD: 'android:debuggable' set to 'false' -->\n    <application\n        android:debuggable=\"false\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Developers: [App Manifest Overview](https://developer.android.com/guide/topics/manifest/manifest-intro).\n* Android Developers: [The android:debuggable attribute](https://developer.android.com/guide/topics/manifest/application-element#debug).\n* Android Developers: [Enable debugging](https://developer.android.com/studio/debug#enable-debug).\n* Common Weakness Enumeration: [CWE-489](https://cwe.mitre.org/data/definitions/489.html).\n"},"properties":{"tags":["security","external/cwe/cwe-489"],"description":"An enabled debugger can allow for entry points in the application or reveal sensitive information.","id":"java/android/debuggable-attribute-enabled","kind":"problem","name":"Android debuggable attribute enabled","precision":"very-high","problem.severity":"warning","security-severity":"7.2"}},{"id":"java/android/webview-debugging-enabled","name":"java/android/webview-debugging-enabled","shortDescription":{"text":"Android Webview debugging enabled"},"fullDescription":{"text":"Enabling Webview debugging in production builds can expose entry points or leak sensitive information."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android Webview debugging enabled\nThe `WebView.setWebContentsDebuggingEnabled` method enables or disables the contents of any `WebView` in the application to be debugged.\n\nYou should only enable debugging features during development. When you create a production build, you should disable it. If you enable debugging features, this can make your code vulnerable by adding entry points, or leaking sensitive information.\n\n\n## Recommendation\nEnsure that debugging features are not enabled in production builds, such as by guarding calls to `WebView.setWebContentsDebuggingEnabled(true)` by a flag that is only enabled in debug builds.\n\n\n## Example\nIn the first (bad) example, WebView debugging is always enabled. whereas the GOOD case only enables it if the `android:debuggable` attribute is set to `true`.\n\n\n```java\n// BAD - debugging is always enabled \nWebView.setWebContentsDebuggingEnabled(true);\n\n// GOOD - debugging is only enabled when this is a debug build, as indicated by the debuggable flag being set.\nif (0 != (getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE)) {\n    WebView.setWebContentsDebuggingEnabled(true);\n}\n```\n\n## References\n* Android Developers: [setWebContentsDebuggingEnabled](https://developer.android.com/reference/android/webkit/WebView.html#setWebContentsDebuggingEnabled(boolean)).\n* Android Developers: [Remote debugging WebViews](https://developer.chrome.com/docs/devtools/remote-debugging/webviews/).\n* Common Weakness Enumeration: [CWE-489](https://cwe.mitre.org/data/definitions/489.html).\n","markdown":"# Android Webview debugging enabled\nThe `WebView.setWebContentsDebuggingEnabled` method enables or disables the contents of any `WebView` in the application to be debugged.\n\nYou should only enable debugging features during development. When you create a production build, you should disable it. If you enable debugging features, this can make your code vulnerable by adding entry points, or leaking sensitive information.\n\n\n## Recommendation\nEnsure that debugging features are not enabled in production builds, such as by guarding calls to `WebView.setWebContentsDebuggingEnabled(true)` by a flag that is only enabled in debug builds.\n\n\n## Example\nIn the first (bad) example, WebView debugging is always enabled. whereas the GOOD case only enables it if the `android:debuggable` attribute is set to `true`.\n\n\n```java\n// BAD - debugging is always enabled \nWebView.setWebContentsDebuggingEnabled(true);\n\n// GOOD - debugging is only enabled when this is a debug build, as indicated by the debuggable flag being set.\nif (0 != (getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE)) {\n    WebView.setWebContentsDebuggingEnabled(true);\n}\n```\n\n## References\n* Android Developers: [setWebContentsDebuggingEnabled](https://developer.android.com/reference/android/webkit/WebView.html#setWebContentsDebuggingEnabled(boolean)).\n* Android Developers: [Remote debugging WebViews](https://developer.chrome.com/docs/devtools/remote-debugging/webviews/).\n* Common Weakness Enumeration: [CWE-489](https://cwe.mitre.org/data/definitions/489.html).\n"},"properties":{"tags":["security","external/cwe/cwe-489"],"description":"Enabling Webview debugging in production builds can expose entry points or leak sensitive information.","id":"java/android/webview-debugging-enabled","kind":"path-problem","name":"Android Webview debugging enabled","precision":"high","problem.severity":"warning","security-severity":"7.2"}},{"id":"java/tainted-permissions-check","name":"java/tainted-permissions-check","shortDescription":{"text":"User-controlled data used in permissions check"},"fullDescription":{"text":"Using user-controlled data in a permissions check may result in inappropriate permissions being granted."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# User-controlled data used in permissions check\nUsing user-controlled data in a permissions check may allow a user to gain unauthorized access to protected functionality or data.\n\n\n## Recommendation\nWhen checking whether a user is authorized for a particular activity, do not use data that is controlled by that user in the permissions check. If necessary, always validate the input, ideally against a fixed list of expected values.\n\nSimilarly, do not decide which permission to check for based on user data. In particular, avoid using computation to decide which permissions to check for. Use fixed permissions for particular actions, rather than generating the permission to check for.\n\n\n## Example\nThis example, using the Apache Shiro security framework, shows two ways to specify the permissions to check. The first way uses a string, `whatDoTheyWantToDo`, to specify the permissions to check. However, this string is built from user input. This can allow an attacker to force a check against a permission that they know they have, rather than the permission that should be checked. For example, while trying to access the account details of another user, the attacker could force the system to check whether they had permissions to access their *own* account details, which is incorrect, and would allow them to perform the action. The second, more secure way uses a fixed check that does not depend on data that is controlled by the user.\n\n\n```java\npublic static void main(String[] args) {\n\tString whatDoTheyWantToDo = args[0];\n\tSubject subject = SecurityUtils.getSubject();\n\n\t// BAD: permissions decision made using tainted data\n\tif(subject.isPermitted(\"domain:sublevel:\" + whatDoTheyWantToDo))\n\t\tdoIt();\n\n\t// GOOD: use fixed checks\n\tif(subject.isPermitted(\"domain:sublevel:whatTheMethodDoes\"))\n\t\tdoIt();\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SEC02-J. Do not base security checks on untrusted sources](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources).\n* Common Weakness Enumeration: [CWE-807](https://cwe.mitre.org/data/definitions/807.html).\n* Common Weakness Enumeration: [CWE-290](https://cwe.mitre.org/data/definitions/290.html).\n","markdown":"# User-controlled data used in permissions check\nUsing user-controlled data in a permissions check may allow a user to gain unauthorized access to protected functionality or data.\n\n\n## Recommendation\nWhen checking whether a user is authorized for a particular activity, do not use data that is controlled by that user in the permissions check. If necessary, always validate the input, ideally against a fixed list of expected values.\n\nSimilarly, do not decide which permission to check for based on user data. In particular, avoid using computation to decide which permissions to check for. Use fixed permissions for particular actions, rather than generating the permission to check for.\n\n\n## Example\nThis example, using the Apache Shiro security framework, shows two ways to specify the permissions to check. The first way uses a string, `whatDoTheyWantToDo`, to specify the permissions to check. However, this string is built from user input. This can allow an attacker to force a check against a permission that they know they have, rather than the permission that should be checked. For example, while trying to access the account details of another user, the attacker could force the system to check whether they had permissions to access their *own* account details, which is incorrect, and would allow them to perform the action. The second, more secure way uses a fixed check that does not depend on data that is controlled by the user.\n\n\n```java\npublic static void main(String[] args) {\n\tString whatDoTheyWantToDo = args[0];\n\tSubject subject = SecurityUtils.getSubject();\n\n\t// BAD: permissions decision made using tainted data\n\tif(subject.isPermitted(\"domain:sublevel:\" + whatDoTheyWantToDo))\n\t\tdoIt();\n\n\t// GOOD: use fixed checks\n\tif(subject.isPermitted(\"domain:sublevel:whatTheMethodDoes\"))\n\t\tdoIt();\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SEC02-J. Do not base security checks on untrusted sources](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources).\n* Common Weakness Enumeration: [CWE-807](https://cwe.mitre.org/data/definitions/807.html).\n* Common Weakness Enumeration: [CWE-290](https://cwe.mitre.org/data/definitions/290.html).\n"},"properties":{"tags":["security","external/cwe/cwe-807","external/cwe/cwe-290","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Using user-controlled data in a permissions check may result in inappropriate\n              permissions being granted.","id":"java/tainted-permissions-check","kind":"path-problem","name":"User-controlled data used in permissions check","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"java/static-initialization-vector","name":"java/static-initialization-vector","shortDescription":{"text":"Using a static initialization vector for encryption"},"fullDescription":{"text":"An initialization vector (IV) used for ciphers of certain modes (such as CBC or GCM) should be unique and unpredictable, to maximize encryption and prevent dictionary attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Using a static initialization vector for encryption\nWhen a cipher is used in certain modes such as CBC or GCM, it requires an initialization vector (IV). Under the same secret key, IVs should be unique and ideally unpredictable. If the same IV is used with the same secret key, then the same plaintext results in the same ciphertext. This can let an attacker learn if the same data pieces are transferred or stored, or help the attacker run a dictionary attack.\n\n\n## Recommendation\nUse a random IV generated by `SecureRandom`.\n\n\n## Example\nThe following example initializes a cipher with a static IV, which is unsafe:\n\n\n```java\nbyte[] iv = new byte[16]; // all zeroes\nGCMParameterSpec params = new GCMParameterSpec(128, iv);\nCipher cipher = Cipher.getInstance(\"AES/GCM/PKCS5PADDING\");\ncipher.init(Cipher.ENCRYPT_MODE, key, params);\n```\nThe next example initializes a cipher with a random IV:\n\n\n```java\nbyte[] iv = new byte[16];\nSecureRandom random = SecureRandom.getInstanceStrong();\nrandom.nextBytes(iv);\nGCMParameterSpec params = new GCMParameterSpec(128, iv);\nCipher cipher = Cipher.getInstance(\"AES/GCM/PKCS5PADDING\");\ncipher.init(Cipher.ENCRYPT_MODE, key, params);\n```\n\n## References\n* Wikipedia: [Initialization vector](https://en.wikipedia.org/wiki/Initialization_vector).\n* National Institute of Standards and Technology: [Recommendation for Block Cipher Modes of Operation](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf).\n* National Institute of Standards and Technology: [FIPS 140-2: Security Requirements for Cryptographic Modules](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf).\n* Common Weakness Enumeration: [CWE-329](https://cwe.mitre.org/data/definitions/329.html).\n* Common Weakness Enumeration: [CWE-1204](https://cwe.mitre.org/data/definitions/1204.html).\n","markdown":"# Using a static initialization vector for encryption\nWhen a cipher is used in certain modes such as CBC or GCM, it requires an initialization vector (IV). Under the same secret key, IVs should be unique and ideally unpredictable. If the same IV is used with the same secret key, then the same plaintext results in the same ciphertext. This can let an attacker learn if the same data pieces are transferred or stored, or help the attacker run a dictionary attack.\n\n\n## Recommendation\nUse a random IV generated by `SecureRandom`.\n\n\n## Example\nThe following example initializes a cipher with a static IV, which is unsafe:\n\n\n```java\nbyte[] iv = new byte[16]; // all zeroes\nGCMParameterSpec params = new GCMParameterSpec(128, iv);\nCipher cipher = Cipher.getInstance(\"AES/GCM/PKCS5PADDING\");\ncipher.init(Cipher.ENCRYPT_MODE, key, params);\n```\nThe next example initializes a cipher with a random IV:\n\n\n```java\nbyte[] iv = new byte[16];\nSecureRandom random = SecureRandom.getInstanceStrong();\nrandom.nextBytes(iv);\nGCMParameterSpec params = new GCMParameterSpec(128, iv);\nCipher cipher = Cipher.getInstance(\"AES/GCM/PKCS5PADDING\");\ncipher.init(Cipher.ENCRYPT_MODE, key, params);\n```\n\n## References\n* Wikipedia: [Initialization vector](https://en.wikipedia.org/wiki/Initialization_vector).\n* National Institute of Standards and Technology: [Recommendation for Block Cipher Modes of Operation](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf).\n* National Institute of Standards and Technology: [FIPS 140-2: Security Requirements for Cryptographic Modules](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf).\n* Common Weakness Enumeration: [CWE-329](https://cwe.mitre.org/data/definitions/329.html).\n* Common Weakness Enumeration: [CWE-1204](https://cwe.mitre.org/data/definitions/1204.html).\n"},"properties":{"tags":["security","external/cwe/cwe-329","external/cwe/cwe-1204","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"An initialization vector (IV) used for ciphers of certain modes (such as CBC or GCM) should be unique and unpredictable, to maximize encryption and prevent dictionary attacks.","id":"java/static-initialization-vector","kind":"path-problem","name":"Using a static initialization vector for encryption","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/cleartext-storage-in-cookie","name":"java/cleartext-storage-in-cookie","shortDescription":{"text":"Cleartext storage of sensitive information in cookie"},"fullDescription":{"text":"Storing sensitive information in cleartext can expose it to an attacker."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Cleartext storage of sensitive information in cookie\nSensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.\n\n\n## Recommendation\nEnsure that sensitive information is always encrypted before being stored. It may be wise to encrypt information before it is put into a heap data structure (such as `Java.util.Properties`) that may be written to disk later. Objects that are serializable or marshallable should also always contain encrypted information unless you are certain that they are not ever going to be serialized.\n\nIn general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.\n\n\n## Example\nThe following example shows two ways of storing user credentials in a cookie. In the 'BAD' case, the credentials are simply stored in cleartext. In the 'GOOD' case, the credentials are hashed before storing them.\n\n\n```java\npublic static void main(String[] args) {\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"BP@ssw0rd\".toCharArray());\n\t\tdata = credentials.getUserName() + \":\" + new String(credentials.getPassword());\n\t\n\t\t// BAD: store data in a cookie in cleartext form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n\t\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"GP@ssw0rd\".toCharArray());\n\t\tString salt = \"ThisIsMySalt\";\n\t\tMessageDigest messageDigest = MessageDigest.getInstance(\"SHA-512\");\n\t\tmessageDigest.reset();\n\t\tString credentialsToHash =\n\t\t\t\tcredentials.getUserName() + \":\" + credentials.getPassword();\n\t\tbyte[] hashedCredsAsBytes =\n\t\t\t\tmessageDigest.digest((salt+credentialsToHash).getBytes(\"UTF-8\"));\n\t\tdata = bytesToString(hashedCredsAsBytes);\n\t\t\n\t\t// GOOD: store data in a cookie in encrypted form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n}\n\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* M. Dowd, J. McDonald and J. Schuhm, *The Art of Software Security Assessment*, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.\n* M. Howard and D. LeBlanc, *Writing Secure Code*, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.\n* Common Weakness Enumeration: [CWE-315](https://cwe.mitre.org/data/definitions/315.html).\n","markdown":"# Cleartext storage of sensitive information in cookie\nSensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.\n\n\n## Recommendation\nEnsure that sensitive information is always encrypted before being stored. It may be wise to encrypt information before it is put into a heap data structure (such as `Java.util.Properties`) that may be written to disk later. Objects that are serializable or marshallable should also always contain encrypted information unless you are certain that they are not ever going to be serialized.\n\nIn general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.\n\n\n## Example\nThe following example shows two ways of storing user credentials in a cookie. In the 'BAD' case, the credentials are simply stored in cleartext. In the 'GOOD' case, the credentials are hashed before storing them.\n\n\n```java\npublic static void main(String[] args) {\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"BP@ssw0rd\".toCharArray());\n\t\tdata = credentials.getUserName() + \":\" + new String(credentials.getPassword());\n\t\n\t\t// BAD: store data in a cookie in cleartext form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n\t\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"GP@ssw0rd\".toCharArray());\n\t\tString salt = \"ThisIsMySalt\";\n\t\tMessageDigest messageDigest = MessageDigest.getInstance(\"SHA-512\");\n\t\tmessageDigest.reset();\n\t\tString credentialsToHash =\n\t\t\t\tcredentials.getUserName() + \":\" + credentials.getPassword();\n\t\tbyte[] hashedCredsAsBytes =\n\t\t\t\tmessageDigest.digest((salt+credentialsToHash).getBytes(\"UTF-8\"));\n\t\tdata = bytesToString(hashedCredsAsBytes);\n\t\t\n\t\t// GOOD: store data in a cookie in encrypted form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n}\n\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* M. Dowd, J. McDonald and J. Schuhm, *The Art of Software Security Assessment*, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.\n* M. Howard and D. LeBlanc, *Writing Secure Code*, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.\n* Common Weakness Enumeration: [CWE-315](https://cwe.mitre.org/data/definitions/315.html).\n"},"properties":{"tags":["security","external/cwe/cwe-315","owasp-top10-2021","A05:2021 - Security Misconfiguration"],"description":"Storing sensitive information in cleartext can expose it to an attacker.","id":"java/cleartext-storage-in-cookie","kind":"problem","name":"Cleartext storage of sensitive information in cookie","precision":"high","problem.severity":"error","security-severity":"5.0"}},{"id":"java/android/backup-enabled","name":"java/android/backup-enabled","shortDescription":{"text":"Application backup allowed"},"fullDescription":{"text":"Allowing application backups may allow an attacker to extract sensitive data."},"defaultConfiguration":{"enabled":true,"level":"note"},"help":{"text":"# Application backup allowed\nIn the Android manifest file, you can use the `android:allowBackup` attribute of the `application` element to define whether the application will have automatic backups or not.\n\nIf your application uses any sensitive data, you should disable automatic backups to prevent attackers from extracting it.\n\n\n## Recommendation\nFor Android applications which process sensitive data, set `android:allowBackup` to `false` in the manifest file.\n\nNote: Since Android 6.0 (Marshmallow), automatic backups for applications are switched on by default.\n\n\n## Example\nIn the following two (bad) examples, the `android:allowBackup` setting is enabled:\n\n\n```xml\n<manifest ... >\n    <!-- BAD: 'android:allowBackup' set to 'true' -->\n    <application\n        android:allowBackup=\"true\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <!-- BAD: no 'android:allowBackup' set, defaults to 'true' -->\n    <application>\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\nIn the following (good) example, `android:allowBackup` is set to `false`:\n\n\n```xml\n<manifest ... >\n    <!-- GOOD: 'android:allowBackup' set to 'false' -->\n    <application\n        android:allowBackup=\"false\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Documentation: [Back up user data with Auto Backup](https://developer.android.com/guide/topics/data/autobackup#EnablingAutoBackup)\n* OWASP Mobile Security Testing Guide: [ Android Backups ](https://github.com/OWASP/owasp-mstg/blob/b7a93a2e5e0557cc9a12e55fc3f6675f6986bb86/Document/0x05d-Testing-Data-Storage.md#backups)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n","markdown":"# Application backup allowed\nIn the Android manifest file, you can use the `android:allowBackup` attribute of the `application` element to define whether the application will have automatic backups or not.\n\nIf your application uses any sensitive data, you should disable automatic backups to prevent attackers from extracting it.\n\n\n## Recommendation\nFor Android applications which process sensitive data, set `android:allowBackup` to `false` in the manifest file.\n\nNote: Since Android 6.0 (Marshmallow), automatic backups for applications are switched on by default.\n\n\n## Example\nIn the following two (bad) examples, the `android:allowBackup` setting is enabled:\n\n\n```xml\n<manifest ... >\n    <!-- BAD: 'android:allowBackup' set to 'true' -->\n    <application\n        android:allowBackup=\"true\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <!-- BAD: no 'android:allowBackup' set, defaults to 'true' -->\n    <application>\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\nIn the following (good) example, `android:allowBackup` is set to `false`:\n\n\n```xml\n<manifest ... >\n    <!-- GOOD: 'android:allowBackup' set to 'false' -->\n    <application\n        android:allowBackup=\"false\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Documentation: [Back up user data with Auto Backup](https://developer.android.com/guide/topics/data/autobackup#EnablingAutoBackup)\n* OWASP Mobile Security Testing Guide: [ Android Backups ](https://github.com/OWASP/owasp-mstg/blob/b7a93a2e5e0557cc9a12e55fc3f6675f6986bb86/Document/0x05d-Testing-Data-Storage.md#backups)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n"},"properties":{"tags":["security","external/cwe/cwe-312","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Allowing application backups may allow an attacker to extract sensitive data.","id":"java/android/backup-enabled","kind":"problem","name":"Application backup allowed","precision":"very-high","problem.severity":"recommendation","security-severity":"7.5"}},{"id":"java/android/intent-redirection","name":"java/android/intent-redirection","shortDescription":{"text":"Android Intent redirection"},"fullDescription":{"text":"Starting Android components with user-provided Intents can provide access to internal components of the application, increasing the attack surface and potentially causing unintended effects."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Android Intent redirection\nAn exported Android component that obtains a user-provided Intent and uses it to launch another component can be exploited to obtain access to private, unexported components of the same app or to launch other apps' components on behalf of the victim app.\n\n\n## Recommendation\nDo not export components that start other components from a user-provided Intent. They can be made private by setting the `android:exported` property to `false` in the app's Android Manifest.\n\nIf this is not possible, restrict either which apps can send Intents to the affected component, or which components can be started from it.\n\n\n## Example\nThe following snippet contains three examples. In the first example, an arbitrary component can be started from the externally provided `forward_intent` Intent. In the second example, the destination component of the Intent is first checked to make sure it is safe. In the third example, the component that created the Intent is first checked to make sure it comes from a trusted origin.\n\n\n```java\n// BAD: A user-provided Intent is used to launch an arbitrary component\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nstartActivity(forwardIntent);\n\n// GOOD: The destination component is checked before launching it\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nComponentName destinationComponent = forwardIntent.resolveActivity(getPackageManager());\nif (destinationComponent.getPackageName().equals(\"safe.package\") && \n    destinationComponent.getClassName().equals(\"SafeClass\")) {\n    startActivity(forwardIntent);\n}\n\n// GOOD: The component that sent the Intent is checked before launching the destination component\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nComponentName originComponent = getCallingActivity();\nif (originComponent.getPackageName().equals(\"trusted.package\") && originComponent.getClassName().equals(\"TrustedClass\")) {\n    startActivity(forwardIntent);\n}\n\n```\n\n## References\n* Google: [Remediation for Intent Redirection Vulnerability](https://support.google.com/faqs/answer/9267555?hl=en).\n* OWASP Mobile Security Testing Guide: [Intents](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05a-platform-overview#intents).\n* Android Developers: [The android:exported attribute](https://developer.android.com/guide/topics/manifest/activity-element#exported).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n* Common Weakness Enumeration: [CWE-940](https://cwe.mitre.org/data/definitions/940.html).\n","markdown":"# Android Intent redirection\nAn exported Android component that obtains a user-provided Intent and uses it to launch another component can be exploited to obtain access to private, unexported components of the same app or to launch other apps' components on behalf of the victim app.\n\n\n## Recommendation\nDo not export components that start other components from a user-provided Intent. They can be made private by setting the `android:exported` property to `false` in the app's Android Manifest.\n\nIf this is not possible, restrict either which apps can send Intents to the affected component, or which components can be started from it.\n\n\n## Example\nThe following snippet contains three examples. In the first example, an arbitrary component can be started from the externally provided `forward_intent` Intent. In the second example, the destination component of the Intent is first checked to make sure it is safe. In the third example, the component that created the Intent is first checked to make sure it comes from a trusted origin.\n\n\n```java\n// BAD: A user-provided Intent is used to launch an arbitrary component\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nstartActivity(forwardIntent);\n\n// GOOD: The destination component is checked before launching it\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nComponentName destinationComponent = forwardIntent.resolveActivity(getPackageManager());\nif (destinationComponent.getPackageName().equals(\"safe.package\") && \n    destinationComponent.getClassName().equals(\"SafeClass\")) {\n    startActivity(forwardIntent);\n}\n\n// GOOD: The component that sent the Intent is checked before launching the destination component\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nComponentName originComponent = getCallingActivity();\nif (originComponent.getPackageName().equals(\"trusted.package\") && originComponent.getClassName().equals(\"TrustedClass\")) {\n    startActivity(forwardIntent);\n}\n\n```\n\n## References\n* Google: [Remediation for Intent Redirection Vulnerability](https://support.google.com/faqs/answer/9267555?hl=en).\n* OWASP Mobile Security Testing Guide: [Intents](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05a-platform-overview#intents).\n* Android Developers: [The android:exported attribute](https://developer.android.com/guide/topics/manifest/activity-element#exported).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n* Common Weakness Enumeration: [CWE-940](https://cwe.mitre.org/data/definitions/940.html).\n"},"properties":{"tags":["security","external/cwe/cwe-926","external/cwe/cwe-940","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Starting Android components with user-provided Intents\n              can provide access to internal components of the application,\n              increasing the attack surface and potentially causing unintended effects.","id":"java/android/intent-redirection","kind":"path-problem","name":"Android Intent redirection","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/insecure-cookie","name":"java/insecure-cookie","shortDescription":{"text":"Failure to use secure cookies"},"fullDescription":{"text":"Insecure cookies may be sent in cleartext, which makes them vulnerable to interception."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Failure to use secure cookies\nFailing to set the 'secure' flag on a cookie can cause it to be sent in cleartext. This makes it easier for an attacker to intercept.\n\n\n## Recommendation\nAlways use `setSecure` to set the 'secure' flag on a cookie before adding it to an `HttpServletResponse`.\n\n\n## Example\nThis example shows two ways of adding a cookie to an `HttpServletResponse`. The first way leaves out the setting of the 'secure' flag; the second way includes the setting of the flag.\n\n\n```java\npublic static void test(HttpServletRequest request, HttpServletResponse response) {\n\t{\n\t\tCookie cookie = new Cookie(\"secret\", \"fakesecret\");\n\t\t\n\t\t// BAD: 'secure' flag not set\n\t\tresponse.addCookie(cookie);\n\t}\n\n\t{\n\t\tCookie cookie = new Cookie(\"secret\", \"fakesecret\");\n\t\t\n\t\t// GOOD: set 'secure' flag\n\t\tcookie.setSecure(true);\n\t\tresponse.addCookie(cookie);\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* Java Platform, Enterprise Edition (Java EE) 7, API Specification: [Class Cookie](https://docs.oracle.com/javaee/7/api/javax/servlet/http/Cookie.html).\n* Common Weakness Enumeration: [CWE-614](https://cwe.mitre.org/data/definitions/614.html).\n","markdown":"# Failure to use secure cookies\nFailing to set the 'secure' flag on a cookie can cause it to be sent in cleartext. This makes it easier for an attacker to intercept.\n\n\n## Recommendation\nAlways use `setSecure` to set the 'secure' flag on a cookie before adding it to an `HttpServletResponse`.\n\n\n## Example\nThis example shows two ways of adding a cookie to an `HttpServletResponse`. The first way leaves out the setting of the 'secure' flag; the second way includes the setting of the flag.\n\n\n```java\npublic static void test(HttpServletRequest request, HttpServletResponse response) {\n\t{\n\t\tCookie cookie = new Cookie(\"secret\", \"fakesecret\");\n\t\t\n\t\t// BAD: 'secure' flag not set\n\t\tresponse.addCookie(cookie);\n\t}\n\n\t{\n\t\tCookie cookie = new Cookie(\"secret\", \"fakesecret\");\n\t\t\n\t\t// GOOD: set 'secure' flag\n\t\tcookie.setSecure(true);\n\t\tresponse.addCookie(cookie);\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* Java Platform, Enterprise Edition (Java EE) 7, API Specification: [Class Cookie](https://docs.oracle.com/javaee/7/api/javax/servlet/http/Cookie.html).\n* Common Weakness Enumeration: [CWE-614](https://cwe.mitre.org/data/definitions/614.html).\n"},"properties":{"tags":["security","external/cwe/cwe-614","owasp-top10-2021","A05:2021 - Security Misconfiguration"],"description":"Insecure cookies may be sent in cleartext, which makes them vulnerable to\n              interception.","id":"java/insecure-cookie","kind":"problem","name":"Failure to use secure cookies","precision":"high","problem.severity":"error","security-severity":"5.0"}},{"id":"java/jhipster-prng","name":"java/jhipster-prng","shortDescription":{"text":"Detect JHipster Generator Vulnerability CVE-2019-16303"},"fullDescription":{"text":"Using a vulnerable version of JHipster to generate random numbers makes it easier for attackers to take over accounts."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Detect JHipster Generator Vulnerability CVE-2019-16303\nThis query detects instances of `RandomUtil.java` that were generated by a [JHipster](https://www.jhipster.tech/) version that is vulnerable to [CVE-2019-16303](https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84).\n\nIf an app uses `RandomUtil.java` generated by a vulnerable version of JHipster, attackers can request a password reset token and use this to predict the value of future reset tokens generated by this server. Using this information, they can create a reset link that allows them to take over any account.\n\nThis vulnerability has a [ CVSS v3.0 Base Score of 9.8/10 ](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-16303&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST).\n\n\n## Example\nThe example below shows the vulnerable `RandomUtil` class generated by [JHipster prior to version 6.3.0](https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html).\n\n\n```java\nimport org.apache.commons.lang3.RandomStringUtils;\n\n/**\n * Utility class for generating random Strings.\n */\npublic final class RandomUtil {\n\n    private static final int DEF_COUNT = 20;\n\n    private RandomUtil() {\n    }\n\n    /**\n     * Generate a password.\n     *\n     * @return the generated password.\n     */\n    public static String generatePassword() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate an activation key.\n     *\n     * @return the generated activation key.\n     */\n    public static String generateActivationKey() {\n        return RandomStringUtils.randomNumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a reset key.\n     *\n     * @return the generated reset key.\n     */\n    public static String generateResetKey() {\n        return RandomStringUtils.randomNumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a unique series to validate a persistent token, used in the\n     * authentication remember-me mechanism.\n     *\n     * @return the generated series data.\n     */\n    public static String generateSeriesData() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a persistent token, used in the authentication remember-me mechanism.\n     *\n     * @return the generated token data.\n     */\n    public static String generateTokenData() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n}\n\n```\nBelow is a fixed version of the `RandomUtil` class.\n\n\n```java\nimport org.apache.commons.lang3.RandomStringUtils;\n\nimport java.security.SecureRandom;\n\n/**\n * Utility class for generating random Strings.\n */\npublic final class RandomUtil {\n    private static final SecureRandom SECURE_RANDOM = new SecureRandom(); // GOOD: Using SecureRandom\n\n    private static final int DEF_COUNT = 20;\n\n    static {\n        SECURE_RANDOM.nextBytes(new byte[64]);\n    }\n\n    private RandomUtil() {\n    }\n\n    private static String generateRandomAlphanumericString() {\n        // GOOD: Passing Secure Random to RandomStringUtils::random\n        return RandomStringUtils.random(DEF_COUNT, 0, 0, true, true, null, SECURE_RANDOM);\n    }\n\n    /**\n     * Generate a password.\n     *\n     * @return the generated password.\n     */\n    public static String generatePassword() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate an activation key.\n     *\n     * @return the generated activation key.\n     */\n    public static String generateActivationKey() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a reset key.\n     *\n     * @return the generated reset key.\n     */\n    public static String generateResetKey() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a unique series to validate a persistent token, used in the\n     * authentication remember-me mechanism.\n     *\n     * @return the generated series data.\n     */\n    public static String generateSeriesData() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a persistent token, used in the authentication remember-me mechanism.\n     *\n     * @return the generated token data.\n     */\n    public static String generateTokenData() {\n        return generateRandomAlphanumericString();\n    }\n}\n\n```\n\n## Recommendation\nYou should refactor the `RandomUtil` class and replace every call to `RandomStringUtils.randomAlphaNumeric`. You could regenerate the class using the latest version of JHipster, or use an automated refactoring. For example, using the [Patching JHipster CWE-338](https://github.com/moderneinc/jhipster-cwe-338) for the [Rewrite project](https://github.com/openrewrite/rewrite).\n\n\n## References\n* Cloudflare Blog: [ Why secure systems require random numbers ](https://blog.cloudflare.com/why-randomness-matters/)\n* Hacker News: [ How I Hacked Hacker News (with arc security advisory) ](https://news.ycombinator.com/item?id=639976)\n* Posts by Pucara Information Security Team: [ The Java Soothsayer: A practical application for insecure randomness. (Includes free 0day) ](https://blog.pucarasec.com/2020/05/09/the-java-soothsayer-a-practical-application-for-insecure-randomness-includes-free-0day/)\n* Common Weakness Enumeration: [CWE-338](https://cwe.mitre.org/data/definitions/338.html).\n","markdown":"# Detect JHipster Generator Vulnerability CVE-2019-16303\nThis query detects instances of `RandomUtil.java` that were generated by a [JHipster](https://www.jhipster.tech/) version that is vulnerable to [CVE-2019-16303](https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84).\n\nIf an app uses `RandomUtil.java` generated by a vulnerable version of JHipster, attackers can request a password reset token and use this to predict the value of future reset tokens generated by this server. Using this information, they can create a reset link that allows them to take over any account.\n\nThis vulnerability has a [ CVSS v3.0 Base Score of 9.8/10 ](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-16303&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST).\n\n\n## Example\nThe example below shows the vulnerable `RandomUtil` class generated by [JHipster prior to version 6.3.0](https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html).\n\n\n```java\nimport org.apache.commons.lang3.RandomStringUtils;\n\n/**\n * Utility class for generating random Strings.\n */\npublic final class RandomUtil {\n\n    private static final int DEF_COUNT = 20;\n\n    private RandomUtil() {\n    }\n\n    /**\n     * Generate a password.\n     *\n     * @return the generated password.\n     */\n    public static String generatePassword() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate an activation key.\n     *\n     * @return the generated activation key.\n     */\n    public static String generateActivationKey() {\n        return RandomStringUtils.randomNumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a reset key.\n     *\n     * @return the generated reset key.\n     */\n    public static String generateResetKey() {\n        return RandomStringUtils.randomNumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a unique series to validate a persistent token, used in the\n     * authentication remember-me mechanism.\n     *\n     * @return the generated series data.\n     */\n    public static String generateSeriesData() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a persistent token, used in the authentication remember-me mechanism.\n     *\n     * @return the generated token data.\n     */\n    public static String generateTokenData() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n}\n\n```\nBelow is a fixed version of the `RandomUtil` class.\n\n\n```java\nimport org.apache.commons.lang3.RandomStringUtils;\n\nimport java.security.SecureRandom;\n\n/**\n * Utility class for generating random Strings.\n */\npublic final class RandomUtil {\n    private static final SecureRandom SECURE_RANDOM = new SecureRandom(); // GOOD: Using SecureRandom\n\n    private static final int DEF_COUNT = 20;\n\n    static {\n        SECURE_RANDOM.nextBytes(new byte[64]);\n    }\n\n    private RandomUtil() {\n    }\n\n    private static String generateRandomAlphanumericString() {\n        // GOOD: Passing Secure Random to RandomStringUtils::random\n        return RandomStringUtils.random(DEF_COUNT, 0, 0, true, true, null, SECURE_RANDOM);\n    }\n\n    /**\n     * Generate a password.\n     *\n     * @return the generated password.\n     */\n    public static String generatePassword() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate an activation key.\n     *\n     * @return the generated activation key.\n     */\n    public static String generateActivationKey() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a reset key.\n     *\n     * @return the generated reset key.\n     */\n    public static String generateResetKey() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a unique series to validate a persistent token, used in the\n     * authentication remember-me mechanism.\n     *\n     * @return the generated series data.\n     */\n    public static String generateSeriesData() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a persistent token, used in the authentication remember-me mechanism.\n     *\n     * @return the generated token data.\n     */\n    public static String generateTokenData() {\n        return generateRandomAlphanumericString();\n    }\n}\n\n```\n\n## Recommendation\nYou should refactor the `RandomUtil` class and replace every call to `RandomStringUtils.randomAlphaNumeric`. You could regenerate the class using the latest version of JHipster, or use an automated refactoring. For example, using the [Patching JHipster CWE-338](https://github.com/moderneinc/jhipster-cwe-338) for the [Rewrite project](https://github.com/openrewrite/rewrite).\n\n\n## References\n* Cloudflare Blog: [ Why secure systems require random numbers ](https://blog.cloudflare.com/why-randomness-matters/)\n* Hacker News: [ How I Hacked Hacker News (with arc security advisory) ](https://news.ycombinator.com/item?id=639976)\n* Posts by Pucara Information Security Team: [ The Java Soothsayer: A practical application for insecure randomness. (Includes free 0day) ](https://blog.pucarasec.com/2020/05/09/the-java-soothsayer-a-practical-application-for-insecure-randomness-includes-free-0day/)\n* Common Weakness Enumeration: [CWE-338](https://cwe.mitre.org/data/definitions/338.html).\n"},"properties":{"tags":["security","external/cwe/cwe-338","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using a vulnerable version of JHipster to generate random numbers makes it easier for attackers to take over accounts.","id":"java/jhipster-prng","kind":"problem","name":"Detect JHipster Generator Vulnerability CVE-2019-16303","precision":"very-high","problem.severity":"error","security-severity":"7.8"}},{"id":"java/maven/dependency-upon-bintray","name":"java/maven/dependency-upon-bintray","shortDescription":{"text":"Depending upon JCenter/Bintray as an artifact repository"},"fullDescription":{"text":"Using a deprecated artifact repository may eventually give attackers access for a supply chain attack."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Depending upon JCenter/Bintray as an artifact repository\n[Bintray and JCenter are shutting down on February 1st, 2022](https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/). Relying upon repositories that are deprecated or scheduled to be shutdown can have unintended consequences; for example, artifacts being resolved from a different artifact server or a total failure of the CI build.\n\nWhen artifact repositories are left unmaintained for a long period of time, vulnerabilities may emerge. Theoretically, this could allow attackers to inject malicious code into the artifacts that you are resolving and infect build artifacts that are being produced. This can be used by attackers to perform a [supply chain attack](https://en.wikipedia.org/wiki/Supply_chain_attack) against your project's users.\n\n\n## Recommendation\nAlways use the canonical repository for resolving your dependencies.\n\n\n## Example\nThe following example shows locations in a Maven POM file where artifact repository upload/download is configured. The use of Bintray in any of these locations is not advised.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Bintray Usage</name>\n    <description>An example of using bintray to download and upload dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </repository>\n        <snapshotRepository>\n            <id>jcenter-snapshots</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </repository>\n    </repositories>\n    <repositories>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use Bintray -->\n            <url>https://dl.bintray.com/groovy/maven</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>jcenter-plugins</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n## References\n* JFrog blog: [ Into the Sunset on May 1st: Bintray, JCenter, GoCenter, and ChartCenter ](https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/)\n* Common Weakness Enumeration: [CWE-1104](https://cwe.mitre.org/data/definitions/1104.html).\n","markdown":"# Depending upon JCenter/Bintray as an artifact repository\n[Bintray and JCenter are shutting down on February 1st, 2022](https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/). Relying upon repositories that are deprecated or scheduled to be shutdown can have unintended consequences; for example, artifacts being resolved from a different artifact server or a total failure of the CI build.\n\nWhen artifact repositories are left unmaintained for a long period of time, vulnerabilities may emerge. Theoretically, this could allow attackers to inject malicious code into the artifacts that you are resolving and infect build artifacts that are being produced. This can be used by attackers to perform a [supply chain attack](https://en.wikipedia.org/wiki/Supply_chain_attack) against your project's users.\n\n\n## Recommendation\nAlways use the canonical repository for resolving your dependencies.\n\n\n## Example\nThe following example shows locations in a Maven POM file where artifact repository upload/download is configured. The use of Bintray in any of these locations is not advised.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Bintray Usage</name>\n    <description>An example of using bintray to download and upload dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </repository>\n        <snapshotRepository>\n            <id>jcenter-snapshots</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </repository>\n    </repositories>\n    <repositories>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use Bintray -->\n            <url>https://dl.bintray.com/groovy/maven</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>jcenter-plugins</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n## References\n* JFrog blog: [ Into the Sunset on May 1st: Bintray, JCenter, GoCenter, and ChartCenter ](https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/)\n* Common Weakness Enumeration: [CWE-1104](https://cwe.mitre.org/data/definitions/1104.html).\n"},"properties":{"tags":["security","external/cwe/cwe-1104","owasp-top10-2021","A06:2021 - Vulnerable and Outdated Components"],"description":"Using a deprecated artifact repository may eventually give attackers access for a supply chain attack.","id":"java/maven/dependency-upon-bintray","kind":"problem","name":"Depending upon JCenter/Bintray as an artifact repository","precision":"very-high","problem.severity":"error","security-severity":"6.5"}},{"id":"java/stack-trace-exposure","name":"java/stack-trace-exposure","shortDescription":{"text":"Information exposure through a stack trace"},"fullDescription":{"text":"Information from a stack trace propagates to an external user. Stack traces can unintentionally reveal implementation details that are useful to an attacker for developing a subsequent exploit."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Information exposure through a stack trace\nSoftware developers often add stack traces to error messages, as a debugging aid. Whenever that error message occurs for an end user, the developer can use the stack trace to help identify how to fix the problem. In particular, stack traces can tell the developer more about the sequence of events that led to a failure, as opposed to merely the final state of the software when the error occurred.\n\nUnfortunately, the same information can be useful to an attacker. The sequence of class names in a stack trace can reveal the structure of the application as well as any internal components it relies on. Furthermore, the error message at the top of a stack trace can include information such as server-side file names and SQL code that the application relies on, allowing an attacker to fine-tune a subsequent injection attack.\n\n\n## Recommendation\nSend the user a more generic error message that reveals less information. Either suppress the stack trace entirely, or log it only on the server.\n\n\n## Example\nIn the following example, an exception is handled in two different ways. In the first version, labeled BAD, the exception is sent back to the remote user using the `sendError()` method. As such, the user is able to see a detailed stack trace, which may contain sensitive information. In the second version, the error message is logged only on the server. That way, the developers can still access and use the error log, but remote users will not see the information.\n\n\n```java\nprotected void doGet(HttpServletRequest request, HttpServletResponse response) {\n\ttry {\n\t\tdoSomeWork();\n\t} catch (NullPointerException ex) {\n\t\t// BAD: printing a stack trace back to the response\n\t\tex.printStackTrace(response.getWriter());\n\t\treturn;\n\t}\n\n\ttry {\n\t\tdoSomeWork();\n\t} catch (NullPointerException ex) {\n\t\t// GOOD: log the stack trace, and send back a non-revealing response\n\t\tlog(\"Exception occurred\", ex);\n\t\tresponse.sendError(\n\t\t\tHttpServletResponse.SC_INTERNAL_SERVER_ERROR,\n\t\t\t\"Exception occurred\");\n\t\treturn;\n\t}\n}\n\n```\n\n## References\n* OWASP: [Improper Error Handling](https://owasp.org/www-community/Improper_Error_Handling).\n* CERT Java Coding Standard: [ERR01-J. Do not allow exceptions to expose sensitive information](https://www.securecoding.cert.org/confluence/display/java/ERR01-J.+Do+not+allow+exceptions+to+expose+sensitive+information).\n* Common Weakness Enumeration: [CWE-209](https://cwe.mitre.org/data/definitions/209.html).\n* Common Weakness Enumeration: [CWE-497](https://cwe.mitre.org/data/definitions/497.html).\n","markdown":"# Information exposure through a stack trace\nSoftware developers often add stack traces to error messages, as a debugging aid. Whenever that error message occurs for an end user, the developer can use the stack trace to help identify how to fix the problem. In particular, stack traces can tell the developer more about the sequence of events that led to a failure, as opposed to merely the final state of the software when the error occurred.\n\nUnfortunately, the same information can be useful to an attacker. The sequence of class names in a stack trace can reveal the structure of the application as well as any internal components it relies on. Furthermore, the error message at the top of a stack trace can include information such as server-side file names and SQL code that the application relies on, allowing an attacker to fine-tune a subsequent injection attack.\n\n\n## Recommendation\nSend the user a more generic error message that reveals less information. Either suppress the stack trace entirely, or log it only on the server.\n\n\n## Example\nIn the following example, an exception is handled in two different ways. In the first version, labeled BAD, the exception is sent back to the remote user using the `sendError()` method. As such, the user is able to see a detailed stack trace, which may contain sensitive information. In the second version, the error message is logged only on the server. That way, the developers can still access and use the error log, but remote users will not see the information.\n\n\n```java\nprotected void doGet(HttpServletRequest request, HttpServletResponse response) {\n\ttry {\n\t\tdoSomeWork();\n\t} catch (NullPointerException ex) {\n\t\t// BAD: printing a stack trace back to the response\n\t\tex.printStackTrace(response.getWriter());\n\t\treturn;\n\t}\n\n\ttry {\n\t\tdoSomeWork();\n\t} catch (NullPointerException ex) {\n\t\t// GOOD: log the stack trace, and send back a non-revealing response\n\t\tlog(\"Exception occurred\", ex);\n\t\tresponse.sendError(\n\t\t\tHttpServletResponse.SC_INTERNAL_SERVER_ERROR,\n\t\t\t\"Exception occurred\");\n\t\treturn;\n\t}\n}\n\n```\n\n## References\n* OWASP: [Improper Error Handling](https://owasp.org/www-community/Improper_Error_Handling).\n* CERT Java Coding Standard: [ERR01-J. Do not allow exceptions to expose sensitive information](https://www.securecoding.cert.org/confluence/display/java/ERR01-J.+Do+not+allow+exceptions+to+expose+sensitive+information).\n* Common Weakness Enumeration: [CWE-209](https://cwe.mitre.org/data/definitions/209.html).\n* Common Weakness Enumeration: [CWE-497](https://cwe.mitre.org/data/definitions/497.html).\n"},"properties":{"tags":["security","external/cwe/cwe-209","external/cwe/cwe-497","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Information from a stack trace propagates to an external user.\n              Stack traces can unintentionally reveal implementation details\n              that are useful to an attacker for developing a subsequent exploit.","id":"java/stack-trace-exposure","kind":"problem","name":"Information exposure through a stack trace","precision":"high","problem.severity":"error","security-severity":"5.4"}},{"id":"java/tainted-numeric-cast","name":"java/tainted-numeric-cast","shortDescription":{"text":"User-controlled data in numeric cast"},"fullDescription":{"text":"Casting user-controlled numeric data to a narrower type without validation can cause unexpected truncation."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# User-controlled data in numeric cast\nCasting a user-controlled numeric value to a narrower type can result in truncated values unless the input is validated.\n\nNarrowing conversions may cause potentially unintended results. For example, casting the positive integer value `128` to type `byte` yields the negative value `-128`.\n\n\n## Recommendation\nGuard against unexpected truncation of user-controlled arithmetic data by doing one of the following:\n\n* Validate the user input.\n* Define a guard on the cast expression, so that the cast is performed only if the input is known to be within the range of the resulting type.\n* Avoid casting to a narrower type, and instead continue to use a wider type.\n\n## Example\nIn this example, a value is read from standard input into a `long`. Because the value is a user-controlled value, it could be extremely large. Casting this value to a narrower type could therefore cause unexpected truncation. The `scaled2` example uses a guard to avoid this problem and checks the range of the input before performing the cast. If the value is too large to cast to type `int` it is rejected as invalid.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) throws IOException {\n\t\t{\n\t\t\tlong data;\n\n\t\t\tBufferedReader readerBuffered = new BufferedReader(\n\t\t\t\t\tnew InputStreamReader(System.in, \"UTF-8\"));\n\t\t\tString stringNumber = readerBuffered.readLine();\n\t\t\tif (stringNumber != null) {\n\t\t\t\tdata = Long.parseLong(stringNumber.trim());\n\t\t\t} else {\n\t\t\t\tdata = 0;\n\t\t\t}\n\n\t\t\t// AVOID: potential truncation if input data is very large,\n\t\t\t// for example 'Long.MAX_VALUE'\n\t\t\tint scaled = (int)data;\n\n\t\t\t//...\n\n\t\t\t// GOOD: use a guard to ensure no truncation occurs\n\t\t\tint scaled2;\n\t\t\tif (data > Integer.MIN_VALUE && data < Integer.MAX_VALUE)\n\t\t\t\tscaled2 = (int)data;\n\t\t\telse\n\t\t\t\tthrow new IllegalArgumentException(\"Invalid input\");\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data](https://wiki.sei.cmu.edu/confluence/display/java/NUM12-J.+Ensure+conversions+of+numeric+types+to+narrower+types+do+not+result+in+lost+or+misinterpreted+data).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n* Common Weakness Enumeration: [CWE-681](https://cwe.mitre.org/data/definitions/681.html).\n","markdown":"# User-controlled data in numeric cast\nCasting a user-controlled numeric value to a narrower type can result in truncated values unless the input is validated.\n\nNarrowing conversions may cause potentially unintended results. For example, casting the positive integer value `128` to type `byte` yields the negative value `-128`.\n\n\n## Recommendation\nGuard against unexpected truncation of user-controlled arithmetic data by doing one of the following:\n\n* Validate the user input.\n* Define a guard on the cast expression, so that the cast is performed only if the input is known to be within the range of the resulting type.\n* Avoid casting to a narrower type, and instead continue to use a wider type.\n\n## Example\nIn this example, a value is read from standard input into a `long`. Because the value is a user-controlled value, it could be extremely large. Casting this value to a narrower type could therefore cause unexpected truncation. The `scaled2` example uses a guard to avoid this problem and checks the range of the input before performing the cast. If the value is too large to cast to type `int` it is rejected as invalid.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) throws IOException {\n\t\t{\n\t\t\tlong data;\n\n\t\t\tBufferedReader readerBuffered = new BufferedReader(\n\t\t\t\t\tnew InputStreamReader(System.in, \"UTF-8\"));\n\t\t\tString stringNumber = readerBuffered.readLine();\n\t\t\tif (stringNumber != null) {\n\t\t\t\tdata = Long.parseLong(stringNumber.trim());\n\t\t\t} else {\n\t\t\t\tdata = 0;\n\t\t\t}\n\n\t\t\t// AVOID: potential truncation if input data is very large,\n\t\t\t// for example 'Long.MAX_VALUE'\n\t\t\tint scaled = (int)data;\n\n\t\t\t//...\n\n\t\t\t// GOOD: use a guard to ensure no truncation occurs\n\t\t\tint scaled2;\n\t\t\tif (data > Integer.MIN_VALUE && data < Integer.MAX_VALUE)\n\t\t\t\tscaled2 = (int)data;\n\t\t\telse\n\t\t\t\tthrow new IllegalArgumentException(\"Invalid input\");\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data](https://wiki.sei.cmu.edu/confluence/display/java/NUM12-J.+Ensure+conversions+of+numeric+types+to+narrower+types+do+not+result+in+lost+or+misinterpreted+data).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n* Common Weakness Enumeration: [CWE-681](https://cwe.mitre.org/data/definitions/681.html).\n"},"properties":{"tags":["security","external/cwe/cwe-197","external/cwe/cwe-681"],"description":"Casting user-controlled numeric data to a narrower type without validation\n              can cause unexpected truncation.","id":"java/tainted-numeric-cast","kind":"path-problem","name":"User-controlled data in numeric cast","precision":"high","problem.severity":"error","security-severity":"9.0"}},{"id":"java/xss","name":"java/xss","shortDescription":{"text":"Cross-site scripting"},"fullDescription":{"text":"Writing user input directly to a web page allows for a cross-site scripting vulnerability."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Cross-site scripting\nDirectly writing user input (for example, an HTTP request parameter) to a web page, without properly sanitizing the input first, allows for a cross-site scripting vulnerability.\n\n\n## Recommendation\nTo guard against cross-site scripting, consider using contextual output encoding/escaping before writing user input to the page, or one of the other solutions that are mentioned in the reference.\n\n\n## Example\nThe following example shows the `page` parameter being written directly to the page, leaving the website vulnerable to cross-site scripting.\n\n\n```java\npublic class XSS extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: a request parameter is written directly to the Servlet response stream\n\t\tresponse.getWriter().print(\n\t\t\t\t\"The page \\\"\" + request.getParameter(\"page\") + \"\\\" was not found.\");\n\n\t}\n}\n\n```\n\n## References\n* OWASP: [XSS (Cross Site Scripting) Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html).\n* Wikipedia: [Cross-site scripting](http://en.wikipedia.org/wiki/Cross-site_scripting).\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n","markdown":"# Cross-site scripting\nDirectly writing user input (for example, an HTTP request parameter) to a web page, without properly sanitizing the input first, allows for a cross-site scripting vulnerability.\n\n\n## Recommendation\nTo guard against cross-site scripting, consider using contextual output encoding/escaping before writing user input to the page, or one of the other solutions that are mentioned in the reference.\n\n\n## Example\nThe following example shows the `page` parameter being written directly to the page, leaving the website vulnerable to cross-site scripting.\n\n\n```java\npublic class XSS extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: a request parameter is written directly to the Servlet response stream\n\t\tresponse.getWriter().print(\n\t\t\t\t\"The page \\\"\" + request.getParameter(\"page\") + \"\\\" was not found.\");\n\n\t}\n}\n\n```\n\n## References\n* OWASP: [XSS (Cross Site Scripting) Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html).\n* Wikipedia: [Cross-site scripting](http://en.wikipedia.org/wiki/Cross-site_scripting).\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n"},"properties":{"tags":["security","external/cwe/cwe-079"],"description":"Writing user input directly to a web page\n              allows for a cross-site scripting vulnerability.","id":"java/xss","kind":"path-problem","name":"Cross-site scripting","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"java/rsa-without-oaep","name":"java/rsa-without-oaep","shortDescription":{"text":"Use of RSA algorithm without OAEP"},"fullDescription":{"text":"Using RSA encryption without OAEP padding can result in a padding oracle attack, leading to a weaker encryption."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Use of RSA algorithm without OAEP\nCryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP (Optimal Asymmetric Encryption Padding) scheme should be used with RSA encryption. Using an outdated padding scheme such as PKCS1, or no padding at all, can weaken the encryption by making it vulnerable to a padding oracle attack.\n\n\n## Recommendation\nUse the OAEP scheme when using RSA encryption.\n\n\n## Example\nIn the following example, the BAD case shows no padding being used, whereas the GOOD case shows an OAEP scheme being used.\n\n\n```java\n// BAD: No padding scheme is used\nCipher rsa = Cipher.getInstance(\"RSA/ECB/NoPadding\");\n...\n\n//GOOD: OAEP padding is used\nCipher rsa = Cipher.getInstance(\"RSA/ECB/OAEPWithSHA-1AndMGF1Padding\");\n...\n```\n\n## References\n* [Mobile Security Testing Guide](https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#padding-oracle-attacks-due-to-weaker-padding-or-block-operation-implementations).\n* [The Padding Oracle Attack](https://robertheaton.com/2013/07/29/padding-oracle-attack/).\n* Common Weakness Enumeration: [CWE-780](https://cwe.mitre.org/data/definitions/780.html).\n","markdown":"# Use of RSA algorithm without OAEP\nCryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP (Optimal Asymmetric Encryption Padding) scheme should be used with RSA encryption. Using an outdated padding scheme such as PKCS1, or no padding at all, can weaken the encryption by making it vulnerable to a padding oracle attack.\n\n\n## Recommendation\nUse the OAEP scheme when using RSA encryption.\n\n\n## Example\nIn the following example, the BAD case shows no padding being used, whereas the GOOD case shows an OAEP scheme being used.\n\n\n```java\n// BAD: No padding scheme is used\nCipher rsa = Cipher.getInstance(\"RSA/ECB/NoPadding\");\n...\n\n//GOOD: OAEP padding is used\nCipher rsa = Cipher.getInstance(\"RSA/ECB/OAEPWithSHA-1AndMGF1Padding\");\n...\n```\n\n## References\n* [Mobile Security Testing Guide](https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#padding-oracle-attacks-due-to-weaker-padding-or-block-operation-implementations).\n* [The Padding Oracle Attack](https://robertheaton.com/2013/07/29/padding-oracle-attack/).\n* Common Weakness Enumeration: [CWE-780](https://cwe.mitre.org/data/definitions/780.html).\n"},"properties":{"tags":["security","external/cwe/cwe-780","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using RSA encryption without OAEP padding can result in a padding oracle attack, leading to a weaker encryption.","id":"java/rsa-without-oaep","kind":"path-problem","name":"Use of RSA algorithm without OAEP","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/missing-jwt-signature-check","name":"java/missing-jwt-signature-check","shortDescription":{"text":"Missing JWT signature check"},"fullDescription":{"text":"Failing to check the Json Web Token (JWT) signature may allow an attacker to forge their own tokens."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Missing JWT signature check\nA JSON Web Token (JWT) consists of three parts: header, payload, and signature. The `io.jsonwebtoken.jjwt` library is one of many libraries used for working with JWTs. It offers different methods for parsing tokens like `parse`, `parseClaimsJws`, and `parsePlaintextJws`. The last two correctly verify that the JWT is properly signed. This is done by computing the signature of the combination of header and payload and comparing the locally computed signature with the signature part of the JWT.\n\nTherefore it is necessary to provide the `JwtParser` with a key that is used for signature validation. Unfortunately the `parse` method **accepts** a JWT whose signature is empty although a signing key has been set for the parser. This means that an attacker can create arbitrary JWTs that will be accepted if this method is used.\n\n\n## Recommendation\nAlways verify the signature by using either the `parseClaimsJws` and `parsePlaintextJws` methods or by overriding the `onPlaintextJws` or `onClaimsJws` of `JwtHandlerAdapter`.\n\n\n## Example\nThe following example shows four cases where a signing key is set for a parser. In the first 'BAD' case the `parse` method is used, which will not validate the signature. The second 'BAD' case uses a `JwtHandlerAdapter` where the `onPlaintextJwt` method is overriden, so it will not validate the signature. The third and fourth 'GOOD' cases use `parseClaimsJws` method or override the `onPlaintextJws` method.\n\n\n```java\npublic void badJwt(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(token); // BAD: Does not verify the signature\n}\n\npublic void badJwtHandler(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(plaintextJwt, new JwtHandlerAdapter<Jwt<Header, String>>() {\n                    @Override\n                    public Jwt<Header, String> onPlaintextJwt(Jwt<Header, String> jwt) {\n                        return jwt;\n                    }\n                }); // BAD: The handler is called on an unverified JWT\n}\n\npublic void goodJwt(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parseClaimsJws(token) // GOOD: Verify the signature\n                .getBody();\n}\n\npublic void goodJwtHandler(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(plaintextJwt, new JwtHandlerAdapter<Jws<String>>() {\n                    @Override\n                    public Jws<String> onPlaintextJws(Jws<String> jws) {\n                        return jws;\n                    }\n                }); // GOOD: The handler is called on a verified JWS\n}\n```\n\n## References\n* zofrex: [How I Found An alg=none JWT Vulnerability in the NHS Contact Tracing App](https://www.zofrex.com/blog/2020/10/20/alg-none-jwt-nhs-contact-tracing-app/).\n* Common Weakness Enumeration: [CWE-347](https://cwe.mitre.org/data/definitions/347.html).\n","markdown":"# Missing JWT signature check\nA JSON Web Token (JWT) consists of three parts: header, payload, and signature. The `io.jsonwebtoken.jjwt` library is one of many libraries used for working with JWTs. It offers different methods for parsing tokens like `parse`, `parseClaimsJws`, and `parsePlaintextJws`. The last two correctly verify that the JWT is properly signed. This is done by computing the signature of the combination of header and payload and comparing the locally computed signature with the signature part of the JWT.\n\nTherefore it is necessary to provide the `JwtParser` with a key that is used for signature validation. Unfortunately the `parse` method **accepts** a JWT whose signature is empty although a signing key has been set for the parser. This means that an attacker can create arbitrary JWTs that will be accepted if this method is used.\n\n\n## Recommendation\nAlways verify the signature by using either the `parseClaimsJws` and `parsePlaintextJws` methods or by overriding the `onPlaintextJws` or `onClaimsJws` of `JwtHandlerAdapter`.\n\n\n## Example\nThe following example shows four cases where a signing key is set for a parser. In the first 'BAD' case the `parse` method is used, which will not validate the signature. The second 'BAD' case uses a `JwtHandlerAdapter` where the `onPlaintextJwt` method is overriden, so it will not validate the signature. The third and fourth 'GOOD' cases use `parseClaimsJws` method or override the `onPlaintextJws` method.\n\n\n```java\npublic void badJwt(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(token); // BAD: Does not verify the signature\n}\n\npublic void badJwtHandler(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(plaintextJwt, new JwtHandlerAdapter<Jwt<Header, String>>() {\n                    @Override\n                    public Jwt<Header, String> onPlaintextJwt(Jwt<Header, String> jwt) {\n                        return jwt;\n                    }\n                }); // BAD: The handler is called on an unverified JWT\n}\n\npublic void goodJwt(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parseClaimsJws(token) // GOOD: Verify the signature\n                .getBody();\n}\n\npublic void goodJwtHandler(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(plaintextJwt, new JwtHandlerAdapter<Jws<String>>() {\n                    @Override\n                    public Jws<String> onPlaintextJws(Jws<String> jws) {\n                        return jws;\n                    }\n                }); // GOOD: The handler is called on a verified JWS\n}\n```\n\n## References\n* zofrex: [How I Found An alg=none JWT Vulnerability in the NHS Contact Tracing App](https://www.zofrex.com/blog/2020/10/20/alg-none-jwt-nhs-contact-tracing-app/).\n* Common Weakness Enumeration: [CWE-347](https://cwe.mitre.org/data/definitions/347.html).\n"},"properties":{"tags":["security","external/cwe/cwe-347","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Failing to check the Json Web Token (JWT) signature may allow an attacker to forge their own tokens.","id":"java/missing-jwt-signature-check","kind":"path-problem","name":"Missing JWT signature check","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"java/insecure-trustmanager","name":"java/insecure-trustmanager","shortDescription":{"text":"`TrustManager` that accepts all certificates"},"fullDescription":{"text":"Trusting all certificates allows an attacker to perform a machine-in-the-middle attack."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# `TrustManager` that accepts all certificates\nIf the `checkServerTrusted` method of a `TrustManager` never throws a `CertificateException`, it trusts every certificate. This allows an attacker to perform a machine-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.\n\nAn attack might look like this:\n\n1. The vulnerable program connects to `https://example.com`.\n1. The attacker intercepts this connection and presents a valid, self-signed certificate for `https://example.com`.\n1. The vulnerable program calls the `checkServerTrusted` method to check whether it should trust the certificate.\n1. The `checkServerTrusted` method of your `TrustManager` does not throw a `CertificateException`.\n1. The vulnerable program accepts the certificate and proceeds with the connection since your `TrustManager` implicitly trusted it by not throwing an exception.\n1. The attacker can now read the data your program sends to `https://example.com` and/or alter its replies while the program thinks the connection is secure.\n\n## Recommendation\nDo not use a custom `TrustManager` that trusts any certificate. If you have to use a self-signed certificate, don't trust every certificate, but instead only trust this specific certificate. See below for an example of how to do this.\n\n\n## Example\nIn the first (bad) example, the `TrustManager` never throws a `CertificateException` and therefore implicitly trusts any certificate. This allows an attacker to perform a machine-in-the-middle attack. In the second (good) example, the self-signed certificate that should be trusted is loaded into a `KeyStore`. This explicitly defines the certificate as trusted and there is no need to create a custom `TrustManager`.\n\n\n```java\npublic static void main(String[] args) throws Exception {\n    {\n        class InsecureTrustManager implements X509TrustManager {\n            @Override\n            public X509Certificate[] getAcceptedIssuers() {\n                return null;\n            }\n\n            @Override\n            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {\n                // BAD: Does not verify the certificate chain, allowing any certificate.\n            }\n\n            @Override\n            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {\n\n            }\n        }\n        SSLContext context = SSLContext.getInstance(\"TLS\");\n        TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };\n        context.init(null, trustManager, null);\n    }\n    {\n        SSLContext context = SSLContext.getInstance(\"TLS\");\n        File certificateFile = new File(\"path/to/self-signed-certificate\");\n        // Create a `KeyStore` with default type\n        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());\n        // `keyStore` is initially empty\n        keyStore.load(null, null);\n        X509Certificate generatedCertificate;\n        try (InputStream cert = new FileInputStream(certificateFile)) {\n            generatedCertificate = (X509Certificate) CertificateFactory.getInstance(\"X509\")\n                    .generateCertificate(cert);\n        }\n        // Add the self-signed certificate to the key store\n        keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);\n        // Get default `TrustManagerFactory`\n        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());\n        // Use it with our key store that trusts our self-signed certificate\n        tmf.init(keyStore);\n        TrustManager[] trustManagers = tmf.getTrustManagers();\n        context.init(null, trustManagers, null);\n        // GOOD, we are not using a custom `TrustManager` but instead have\n        // added the self-signed certificate we want to trust to the key\n        // store. Note, the `trustManagers` will **only** trust this one\n        // certificate.\n        \n        URL url = new URL(\"https://self-signed.badssl.com/\");\n        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();\n        conn.setSSLSocketFactory(context.getSocketFactory());\n    }\n}\n\n```\n\n## References\n* Android Developers: [Security with HTTPS and SSL](https://developer.android.com/training/articles/security-ssl).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n","markdown":"# `TrustManager` that accepts all certificates\nIf the `checkServerTrusted` method of a `TrustManager` never throws a `CertificateException`, it trusts every certificate. This allows an attacker to perform a machine-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.\n\nAn attack might look like this:\n\n1. The vulnerable program connects to `https://example.com`.\n1. The attacker intercepts this connection and presents a valid, self-signed certificate for `https://example.com`.\n1. The vulnerable program calls the `checkServerTrusted` method to check whether it should trust the certificate.\n1. The `checkServerTrusted` method of your `TrustManager` does not throw a `CertificateException`.\n1. The vulnerable program accepts the certificate and proceeds with the connection since your `TrustManager` implicitly trusted it by not throwing an exception.\n1. The attacker can now read the data your program sends to `https://example.com` and/or alter its replies while the program thinks the connection is secure.\n\n## Recommendation\nDo not use a custom `TrustManager` that trusts any certificate. If you have to use a self-signed certificate, don't trust every certificate, but instead only trust this specific certificate. See below for an example of how to do this.\n\n\n## Example\nIn the first (bad) example, the `TrustManager` never throws a `CertificateException` and therefore implicitly trusts any certificate. This allows an attacker to perform a machine-in-the-middle attack. In the second (good) example, the self-signed certificate that should be trusted is loaded into a `KeyStore`. This explicitly defines the certificate as trusted and there is no need to create a custom `TrustManager`.\n\n\n```java\npublic static void main(String[] args) throws Exception {\n    {\n        class InsecureTrustManager implements X509TrustManager {\n            @Override\n            public X509Certificate[] getAcceptedIssuers() {\n                return null;\n            }\n\n            @Override\n            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {\n                // BAD: Does not verify the certificate chain, allowing any certificate.\n            }\n\n            @Override\n            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {\n\n            }\n        }\n        SSLContext context = SSLContext.getInstance(\"TLS\");\n        TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };\n        context.init(null, trustManager, null);\n    }\n    {\n        SSLContext context = SSLContext.getInstance(\"TLS\");\n        File certificateFile = new File(\"path/to/self-signed-certificate\");\n        // Create a `KeyStore` with default type\n        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());\n        // `keyStore` is initially empty\n        keyStore.load(null, null);\n        X509Certificate generatedCertificate;\n        try (InputStream cert = new FileInputStream(certificateFile)) {\n            generatedCertificate = (X509Certificate) CertificateFactory.getInstance(\"X509\")\n                    .generateCertificate(cert);\n        }\n        // Add the self-signed certificate to the key store\n        keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);\n        // Get default `TrustManagerFactory`\n        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());\n        // Use it with our key store that trusts our self-signed certificate\n        tmf.init(keyStore);\n        TrustManager[] trustManagers = tmf.getTrustManagers();\n        context.init(null, trustManagers, null);\n        // GOOD, we are not using a custom `TrustManager` but instead have\n        // added the self-signed certificate we want to trust to the key\n        // store. Note, the `trustManagers` will **only** trust this one\n        // certificate.\n        \n        URL url = new URL(\"https://self-signed.badssl.com/\");\n        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();\n        conn.setSSLSocketFactory(context.getSocketFactory());\n    }\n}\n\n```\n\n## References\n* Android Developers: [Security with HTTPS and SSL](https://developer.android.com/training/articles/security-ssl).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n"},"properties":{"tags":["security","external/cwe/cwe-295","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Trusting all certificates allows an attacker to perform a machine-in-the-middle attack.","id":"java/insecure-trustmanager","kind":"path-problem","name":"`TrustManager` that accepts all certificates","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/improper-webview-certificate-validation","name":"java/improper-webview-certificate-validation","shortDescription":{"text":"Android `WebView` that accepts all certificates"},"fullDescription":{"text":"Trusting all certificates allows an attacker to perform a machine-in-the-middle attack."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Android `WebView` that accepts all certificates\nIf the `onReceivedSslError` method of an Android `WebViewClient` always calls `proceed` on the given `SslErrorHandler`, it trusts any certificate. This allows an attacker to perform a machine-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.\n\nAn attack might look like this:\n\n1. The vulnerable application connects to `https://example.com`.\n1. The attacker intercepts this connection and presents a valid, self-signed certificate for `https://example.com`.\n1. The vulnerable application calls the `onReceivedSslError` method to check whether it should trust the certificate.\n1. The `onReceivedSslError` method of your `WebViewClient` calls `SslErrorHandler.proceed`.\n1. The vulnerable application accepts the certificate and proceeds with the connection since your `WevViewClient` trusted it by proceeding.\n1. The attacker can now read the data your application sends to `https://example.com` and/or alter its replies while the application thinks the connection is secure.\n\n## Recommendation\nDo not use a call `SslerrorHandler.proceed` unconditionally. If you have to use a self-signed certificate, only accept that certificate, not all certificates.\n\n\n## Example\nIn the first (bad) example, the `WebViewClient` trusts all certificates by always calling `SslErrorHandler.proceed`. In the second (good) example, only certificates signed by a certain public key are accepted.\n\n\n```java\nclass Bad extends WebViewClient {\n    // BAD: All certificates are trusted.\n    public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult\n        handler.proceed(); \n    }\n}\n\nclass Good extends WebViewClient {\n    PublicKey myPubKey = ...;\n\n    // GOOD: Only certificates signed by a certain public key are trusted.\n    public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult\n        try {\n            X509Certificate cert = error.getCertificate().getX509Certificate();\n            cert.verify(this.myPubKey);\n            handler.proceed();\n        }\n        catch (CertificateException|NoSuchAlgorithmException|InvalidKeyException|NoSuchProviderException|SignatureException e) {\n            handler.cancel();\n        }\n    }    \n}\n```\n\n## References\n* [WebViewClient.onReceivedSslError documentation](https://developer.android.com/reference/android/webkit/WebViewClient?hl=en#onReceivedSslError(android.webkit.WebView,%20android.webkit.SslErrorHandler,%20android.net.http.SslError)).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n","markdown":"# Android `WebView` that accepts all certificates\nIf the `onReceivedSslError` method of an Android `WebViewClient` always calls `proceed` on the given `SslErrorHandler`, it trusts any certificate. This allows an attacker to perform a machine-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.\n\nAn attack might look like this:\n\n1. The vulnerable application connects to `https://example.com`.\n1. The attacker intercepts this connection and presents a valid, self-signed certificate for `https://example.com`.\n1. The vulnerable application calls the `onReceivedSslError` method to check whether it should trust the certificate.\n1. The `onReceivedSslError` method of your `WebViewClient` calls `SslErrorHandler.proceed`.\n1. The vulnerable application accepts the certificate and proceeds with the connection since your `WevViewClient` trusted it by proceeding.\n1. The attacker can now read the data your application sends to `https://example.com` and/or alter its replies while the application thinks the connection is secure.\n\n## Recommendation\nDo not use a call `SslerrorHandler.proceed` unconditionally. If you have to use a self-signed certificate, only accept that certificate, not all certificates.\n\n\n## Example\nIn the first (bad) example, the `WebViewClient` trusts all certificates by always calling `SslErrorHandler.proceed`. In the second (good) example, only certificates signed by a certain public key are accepted.\n\n\n```java\nclass Bad extends WebViewClient {\n    // BAD: All certificates are trusted.\n    public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult\n        handler.proceed(); \n    }\n}\n\nclass Good extends WebViewClient {\n    PublicKey myPubKey = ...;\n\n    // GOOD: Only certificates signed by a certain public key are trusted.\n    public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult\n        try {\n            X509Certificate cert = error.getCertificate().getX509Certificate();\n            cert.verify(this.myPubKey);\n            handler.proceed();\n        }\n        catch (CertificateException|NoSuchAlgorithmException|InvalidKeyException|NoSuchProviderException|SignatureException e) {\n            handler.cancel();\n        }\n    }    \n}\n```\n\n## References\n* [WebViewClient.onReceivedSslError documentation](https://developer.android.com/reference/android/webkit/WebViewClient?hl=en#onReceivedSslError(android.webkit.WebView,%20android.webkit.SslErrorHandler,%20android.net.http.SslError)).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n"},"properties":{"tags":["security","external/cwe/cwe-295","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Trusting all certificates allows an attacker to perform a machine-in-the-middle attack.","id":"java/improper-webview-certificate-validation","kind":"problem","name":"Android `WebView` that accepts all certificates","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/ognl-injection","name":"java/ognl-injection","shortDescription":{"text":"OGNL Expression Language statement with user-controlled input"},"fullDescription":{"text":"Evaluation of OGNL Expression Language statement with user-controlled input can lead to execution of arbitrary code."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# OGNL Expression Language statement with user-controlled input\nObject-Graph Navigation Language (OGNL) is an open-source Expression Language (EL) for Java. OGNL can create or change executable code, consequently it can introduce critical security flaws to any application that uses it. Evaluation of unvalidated expressions is a common flaw in OGNL. This exposes the properties of Java objects to modification by an attacker and may allow them to execute arbitrary code.\n\n\n## Recommendation\nThe general recommendation is to avoid evaluating untrusted ONGL expressions. If user-provided OGNL expressions must be evaluated, do this in a sandbox and validate the expressions before evaluation.\n\n\n## Example\nIn the following examples, the code accepts an OGNL expression from the user and evaluates it.\n\nIn the first example, the user-provided OGNL expression is parsed and evaluated.\n\nThe second example validates the expression and evaluates it inside a sandbox. You can add a sandbox by setting a system property, as shown in the example, or by adding `-Dognl.security.manager` to JVM arguments.\n\n\n```java\nimport ognl.Ognl;\nimport ognl.OgnlException;\n\npublic void evaluate(HttpServletRequest request, Object root) throws OgnlException {\n  String expression = request.getParameter(\"expression\");\n\n  // BAD: User provided expression is evaluated\n  Ognl.getValue(expression, root);\n  \n  // GOOD: The name is validated and expression is evaluated in sandbox\n  System.setProperty(\"ognl.security.manager\", \"\"); // Or add -Dognl.security.manager to JVM args\n  if (isValid(expression)) {\n    Ognl.getValue(expression, root);\n  } else {\n    // Reject the request\n  }\n}\n\npublic void isValid(Strig expression) {\n  // Custom method to validate the expression.\n  // For instance, make sure it doesn't include unexpected code.\n}\n\n```\n\n## References\n* Apache Commons: [Apache Commons OGNL](https://commons.apache.org/proper/commons-ognl/).\n* Struts security: [Proactively protect from OGNL Expression Injections attacks](https://struts.apache.org/security/#proactively-protect-from-ognl-expression-injections-attacks-if-easily-applicable).\n* Common Weakness Enumeration: [CWE-917](https://cwe.mitre.org/data/definitions/917.html).\n","markdown":"# OGNL Expression Language statement with user-controlled input\nObject-Graph Navigation Language (OGNL) is an open-source Expression Language (EL) for Java. OGNL can create or change executable code, consequently it can introduce critical security flaws to any application that uses it. Evaluation of unvalidated expressions is a common flaw in OGNL. This exposes the properties of Java objects to modification by an attacker and may allow them to execute arbitrary code.\n\n\n## Recommendation\nThe general recommendation is to avoid evaluating untrusted ONGL expressions. If user-provided OGNL expressions must be evaluated, do this in a sandbox and validate the expressions before evaluation.\n\n\n## Example\nIn the following examples, the code accepts an OGNL expression from the user and evaluates it.\n\nIn the first example, the user-provided OGNL expression is parsed and evaluated.\n\nThe second example validates the expression and evaluates it inside a sandbox. You can add a sandbox by setting a system property, as shown in the example, or by adding `-Dognl.security.manager` to JVM arguments.\n\n\n```java\nimport ognl.Ognl;\nimport ognl.OgnlException;\n\npublic void evaluate(HttpServletRequest request, Object root) throws OgnlException {\n  String expression = request.getParameter(\"expression\");\n\n  // BAD: User provided expression is evaluated\n  Ognl.getValue(expression, root);\n  \n  // GOOD: The name is validated and expression is evaluated in sandbox\n  System.setProperty(\"ognl.security.manager\", \"\"); // Or add -Dognl.security.manager to JVM args\n  if (isValid(expression)) {\n    Ognl.getValue(expression, root);\n  } else {\n    // Reject the request\n  }\n}\n\npublic void isValid(Strig expression) {\n  // Custom method to validate the expression.\n  // For instance, make sure it doesn't include unexpected code.\n}\n\n```\n\n## References\n* Apache Commons: [Apache Commons OGNL](https://commons.apache.org/proper/commons-ognl/).\n* Struts security: [Proactively protect from OGNL Expression Injections attacks](https://struts.apache.org/security/#proactively-protect-from-ognl-expression-injections-attacks-if-easily-applicable).\n* Common Weakness Enumeration: [CWE-917](https://cwe.mitre.org/data/definitions/917.html).\n"},"properties":{"tags":["security","external/cwe/cwe-917","owasp-top10-2021","A03:2021 - Injection"],"description":"Evaluation of OGNL Expression Language statement with user-controlled input can\n                lead to execution of arbitrary code.","id":"java/ognl-injection","kind":"path-problem","name":"OGNL Expression Language statement with user-controlled input","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/netty-http-request-or-response-splitting","name":"java/netty-http-request-or-response-splitting","shortDescription":{"text":"Disabled Netty HTTP header validation"},"fullDescription":{"text":"Disabling HTTP header validation makes code vulnerable to attack by header splitting if user input is written directly to an HTTP header."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Disabled Netty HTTP header validation\nDirectly writing user input (for example, an HTTP request parameter) to an HTTP header can lead to an HTTP request-splitting or response-splitting vulnerability.\n\nHTTP response splitting can lead to vulnerabilities such as XSS and cache poisoning.\n\nHTTP request splitting can allow an attacker to inject an additional HTTP request into a client's outgoing socket connection. This can allow an attacker to perform an SSRF-like attack.\n\nIn the context of a servlet container, if the user input includes blank lines and the servlet container does not escape the blank lines, then a remote user can cause the response to turn into two separate responses. The remote user can then control one or more responses, which is also HTTP response splitting.\n\n\n## Recommendation\nGuard against HTTP header splitting in the same way as guarding against cross-site scripting. Before passing any data into HTTP headers, either check the data for special characters, or escape any special characters that are present.\n\nIf the code calls Netty API's directly, ensure that the `validateHeaders` parameter is set to `true`.\n\n\n## Example\nThe following example shows the 'name' parameter being written to a cookie in two different ways. The first way writes it directly to the cookie, and thus is vulnerable to response-splitting attacks. The second way first removes all special characters, thus avoiding the potential problem.\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: setting a cookie with an unvalidated parameter\n\t\tCookie cookie = new Cookie(\"name\", request.getParameter(\"name\"));\n\t\tresponse.addCookie(cookie);\n\n\t\t// GOOD: remove special characters before putting them in the header\n\t\tString name = removeSpecial(request.getParameter(\"name\"));\n\t\tCookie cookie2 = new Cookie(\"name\", name);\n\t\tresponse.addCookie(cookie2);\n\t}\n\n\tprivate static String removeSpecial(String str) {\n\t\treturn str.replaceAll(\"[^a-zA-Z ]\", \"\");\n\t}\n}\n\n```\n\n## Example\nThe following example shows the use of the library 'netty' with HTTP response-splitting verification configurations. The second way will verify the parameters before using them to build the HTTP response.\n\n\n```java\nimport io.netty.handler.codec.http.DefaultHttpHeaders;\n\npublic class ResponseSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpResponse badResponse = new DefaultHttpResponse(version, httpResponseStatus, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpResponse goodResponse = new DefaultHttpResponse(version, httpResponseStatus);\n}\n\n```\n\n## Example\nThe following example shows the use of the netty library with configurations for verification of HTTP request splitting. The second recommended approach in the example verifies the parameters before using them to build the HTTP request.\n\n\n```java\npublic class NettyRequestSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpRequest badRequest = new DefaultHttpRequest(httpVersion, method, uri, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpRequest goodResponse = new DefaultHttpRequest(httpVersion, method, uri);\n}\n\n```\n\n## References\n* SecLists.org: [HTTP response splitting](https://seclists.org/bugtraq/2005/Apr/187).\n* OWASP: [HTTP Response Splitting](https://www.owasp.org/index.php/HTTP_Response_Splitting).\n* Wikipedia: [HTTP response splitting](http://en.wikipedia.org/wiki/HTTP_response_splitting).\n* CAPEC: [CAPEC-105: HTTP Request Splitting](https://capec.mitre.org/data/definitions/105.html)\n* Common Weakness Enumeration: [CWE-93](https://cwe.mitre.org/data/definitions/93.html).\n* Common Weakness Enumeration: [CWE-113](https://cwe.mitre.org/data/definitions/113.html).\n","markdown":"# Disabled Netty HTTP header validation\nDirectly writing user input (for example, an HTTP request parameter) to an HTTP header can lead to an HTTP request-splitting or response-splitting vulnerability.\n\nHTTP response splitting can lead to vulnerabilities such as XSS and cache poisoning.\n\nHTTP request splitting can allow an attacker to inject an additional HTTP request into a client's outgoing socket connection. This can allow an attacker to perform an SSRF-like attack.\n\nIn the context of a servlet container, if the user input includes blank lines and the servlet container does not escape the blank lines, then a remote user can cause the response to turn into two separate responses. The remote user can then control one or more responses, which is also HTTP response splitting.\n\n\n## Recommendation\nGuard against HTTP header splitting in the same way as guarding against cross-site scripting. Before passing any data into HTTP headers, either check the data for special characters, or escape any special characters that are present.\n\nIf the code calls Netty API's directly, ensure that the `validateHeaders` parameter is set to `true`.\n\n\n## Example\nThe following example shows the 'name' parameter being written to a cookie in two different ways. The first way writes it directly to the cookie, and thus is vulnerable to response-splitting attacks. The second way first removes all special characters, thus avoiding the potential problem.\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: setting a cookie with an unvalidated parameter\n\t\tCookie cookie = new Cookie(\"name\", request.getParameter(\"name\"));\n\t\tresponse.addCookie(cookie);\n\n\t\t// GOOD: remove special characters before putting them in the header\n\t\tString name = removeSpecial(request.getParameter(\"name\"));\n\t\tCookie cookie2 = new Cookie(\"name\", name);\n\t\tresponse.addCookie(cookie2);\n\t}\n\n\tprivate static String removeSpecial(String str) {\n\t\treturn str.replaceAll(\"[^a-zA-Z ]\", \"\");\n\t}\n}\n\n```\n\n## Example\nThe following example shows the use of the library 'netty' with HTTP response-splitting verification configurations. The second way will verify the parameters before using them to build the HTTP response.\n\n\n```java\nimport io.netty.handler.codec.http.DefaultHttpHeaders;\n\npublic class ResponseSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpResponse badResponse = new DefaultHttpResponse(version, httpResponseStatus, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpResponse goodResponse = new DefaultHttpResponse(version, httpResponseStatus);\n}\n\n```\n\n## Example\nThe following example shows the use of the netty library with configurations for verification of HTTP request splitting. The second recommended approach in the example verifies the parameters before using them to build the HTTP request.\n\n\n```java\npublic class NettyRequestSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpRequest badRequest = new DefaultHttpRequest(httpVersion, method, uri, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpRequest goodResponse = new DefaultHttpRequest(httpVersion, method, uri);\n}\n\n```\n\n## References\n* SecLists.org: [HTTP response splitting](https://seclists.org/bugtraq/2005/Apr/187).\n* OWASP: [HTTP Response Splitting](https://www.owasp.org/index.php/HTTP_Response_Splitting).\n* Wikipedia: [HTTP response splitting](http://en.wikipedia.org/wiki/HTTP_response_splitting).\n* CAPEC: [CAPEC-105: HTTP Request Splitting](https://capec.mitre.org/data/definitions/105.html)\n* Common Weakness Enumeration: [CWE-93](https://cwe.mitre.org/data/definitions/93.html).\n* Common Weakness Enumeration: [CWE-113](https://cwe.mitre.org/data/definitions/113.html).\n"},"properties":{"tags":["security","external/cwe/cwe-93","external/cwe/cwe-113","owasp-top10-2021","A03:2021 - Injection"],"description":"Disabling HTTP header validation makes code vulnerable to\n              attack by header splitting if user input is written directly to\n              an HTTP header.","id":"java/netty-http-request-or-response-splitting","kind":"problem","name":"Disabled Netty HTTP header validation","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"java/http-response-splitting","name":"java/http-response-splitting","shortDescription":{"text":"HTTP response splitting"},"fullDescription":{"text":"Writing user input directly to an HTTP header makes code vulnerable to attack by header splitting."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# HTTP response splitting\nDirectly writing user input (for example, an HTTP request parameter) to an HTTP header can lead to an HTTP request-splitting or response-splitting vulnerability.\n\nHTTP response splitting can lead to vulnerabilities such as XSS and cache poisoning.\n\nHTTP request splitting can allow an attacker to inject an additional HTTP request into a client's outgoing socket connection. This can allow an attacker to perform an SSRF-like attack.\n\nIn the context of a servlet container, if the user input includes blank lines and the servlet container does not escape the blank lines, then a remote user can cause the response to turn into two separate responses. The remote user can then control one or more responses, which is also HTTP response splitting.\n\n\n## Recommendation\nGuard against HTTP header splitting in the same way as guarding against cross-site scripting. Before passing any data into HTTP headers, either check the data for special characters, or escape any special characters that are present.\n\nIf the code calls Netty API's directly, ensure that the `validateHeaders` parameter is set to `true`.\n\n\n## Example\nThe following example shows the 'name' parameter being written to a cookie in two different ways. The first way writes it directly to the cookie, and thus is vulnerable to response-splitting attacks. The second way first removes all special characters, thus avoiding the potential problem.\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: setting a cookie with an unvalidated parameter\n\t\tCookie cookie = new Cookie(\"name\", request.getParameter(\"name\"));\n\t\tresponse.addCookie(cookie);\n\n\t\t// GOOD: remove special characters before putting them in the header\n\t\tString name = removeSpecial(request.getParameter(\"name\"));\n\t\tCookie cookie2 = new Cookie(\"name\", name);\n\t\tresponse.addCookie(cookie2);\n\t}\n\n\tprivate static String removeSpecial(String str) {\n\t\treturn str.replaceAll(\"[^a-zA-Z ]\", \"\");\n\t}\n}\n\n```\n\n## Example\nThe following example shows the use of the library 'netty' with HTTP response-splitting verification configurations. The second way will verify the parameters before using them to build the HTTP response.\n\n\n```java\nimport io.netty.handler.codec.http.DefaultHttpHeaders;\n\npublic class ResponseSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpResponse badResponse = new DefaultHttpResponse(version, httpResponseStatus, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpResponse goodResponse = new DefaultHttpResponse(version, httpResponseStatus);\n}\n\n```\n\n## Example\nThe following example shows the use of the netty library with configurations for verification of HTTP request splitting. The second recommended approach in the example verifies the parameters before using them to build the HTTP request.\n\n\n```java\npublic class NettyRequestSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpRequest badRequest = new DefaultHttpRequest(httpVersion, method, uri, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpRequest goodResponse = new DefaultHttpRequest(httpVersion, method, uri);\n}\n\n```\n\n## References\n* SecLists.org: [HTTP response splitting](https://seclists.org/bugtraq/2005/Apr/187).\n* OWASP: [HTTP Response Splitting](https://www.owasp.org/index.php/HTTP_Response_Splitting).\n* Wikipedia: [HTTP response splitting](http://en.wikipedia.org/wiki/HTTP_response_splitting).\n* CAPEC: [CAPEC-105: HTTP Request Splitting](https://capec.mitre.org/data/definitions/105.html)\n* Common Weakness Enumeration: [CWE-113](https://cwe.mitre.org/data/definitions/113.html).\n","markdown":"# HTTP response splitting\nDirectly writing user input (for example, an HTTP request parameter) to an HTTP header can lead to an HTTP request-splitting or response-splitting vulnerability.\n\nHTTP response splitting can lead to vulnerabilities such as XSS and cache poisoning.\n\nHTTP request splitting can allow an attacker to inject an additional HTTP request into a client's outgoing socket connection. This can allow an attacker to perform an SSRF-like attack.\n\nIn the context of a servlet container, if the user input includes blank lines and the servlet container does not escape the blank lines, then a remote user can cause the response to turn into two separate responses. The remote user can then control one or more responses, which is also HTTP response splitting.\n\n\n## Recommendation\nGuard against HTTP header splitting in the same way as guarding against cross-site scripting. Before passing any data into HTTP headers, either check the data for special characters, or escape any special characters that are present.\n\nIf the code calls Netty API's directly, ensure that the `validateHeaders` parameter is set to `true`.\n\n\n## Example\nThe following example shows the 'name' parameter being written to a cookie in two different ways. The first way writes it directly to the cookie, and thus is vulnerable to response-splitting attacks. The second way first removes all special characters, thus avoiding the potential problem.\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: setting a cookie with an unvalidated parameter\n\t\tCookie cookie = new Cookie(\"name\", request.getParameter(\"name\"));\n\t\tresponse.addCookie(cookie);\n\n\t\t// GOOD: remove special characters before putting them in the header\n\t\tString name = removeSpecial(request.getParameter(\"name\"));\n\t\tCookie cookie2 = new Cookie(\"name\", name);\n\t\tresponse.addCookie(cookie2);\n\t}\n\n\tprivate static String removeSpecial(String str) {\n\t\treturn str.replaceAll(\"[^a-zA-Z ]\", \"\");\n\t}\n}\n\n```\n\n## Example\nThe following example shows the use of the library 'netty' with HTTP response-splitting verification configurations. The second way will verify the parameters before using them to build the HTTP response.\n\n\n```java\nimport io.netty.handler.codec.http.DefaultHttpHeaders;\n\npublic class ResponseSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpResponse badResponse = new DefaultHttpResponse(version, httpResponseStatus, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpResponse goodResponse = new DefaultHttpResponse(version, httpResponseStatus);\n}\n\n```\n\n## Example\nThe following example shows the use of the netty library with configurations for verification of HTTP request splitting. The second recommended approach in the example verifies the parameters before using them to build the HTTP request.\n\n\n```java\npublic class NettyRequestSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpRequest badRequest = new DefaultHttpRequest(httpVersion, method, uri, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpRequest goodResponse = new DefaultHttpRequest(httpVersion, method, uri);\n}\n\n```\n\n## References\n* SecLists.org: [HTTP response splitting](https://seclists.org/bugtraq/2005/Apr/187).\n* OWASP: [HTTP Response Splitting](https://www.owasp.org/index.php/HTTP_Response_Splitting).\n* Wikipedia: [HTTP response splitting](http://en.wikipedia.org/wiki/HTTP_response_splitting).\n* CAPEC: [CAPEC-105: HTTP Request Splitting](https://capec.mitre.org/data/definitions/105.html)\n* Common Weakness Enumeration: [CWE-113](https://cwe.mitre.org/data/definitions/113.html).\n"},"properties":{"tags":["security","external/cwe/cwe-113","owasp-top10-2021","A03:2021 - Injection"],"description":"Writing user input directly to an HTTP header\n              makes code vulnerable to attack by header splitting.","id":"java/http-response-splitting","kind":"path-problem","name":"HTTP response splitting","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"java/overly-large-range","name":"java/overly-large-range","shortDescription":{"text":"Overly permissive regular expression range"},"fullDescription":{"text":"Overly permissive regular expression ranges match a wider range of characters than intended. This may allow an attacker to bypass a filter or sanitizer."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Overly permissive regular expression range\nIt's easy to write a regular expression range that matches a wider range of characters than you intended. For example, `/[a-zA-z]/` matches all lowercase and all uppercase letters, as you would expect, but it also matches the characters: `` [ \\ ] ^ _ ` ``.\n\nAnother common problem is failing to escape the dash character in a regular expression. An unescaped dash is interpreted as part of a range. For example, in the character class `[a-zA-Z0-9%=.,-_]` the last character range matches the 55 characters between `,` and `_` (both included), which overlaps with the range `[0-9]` and is clearly not intended by the writer.\n\n\n## Recommendation\nAvoid any confusion about which characters are included in the range by writing unambiguous regular expressions. Always check that character ranges match only the expected characters.\n\n\n## Example\nThe following example code is intended to check whether a string is a valid 6 digit hex color.\n\n```java\n\nimport java.util.regex.Pattern\npublic class Tester {\n    public static boolean is_valid_hex_color(String color) {\n        return Pattern.matches(\"#[0-9a-fA-f]{6}\", color);\n    }\n}\n\n```\nHowever, the `A-f` range is overly large and matches every uppercase character. It would parse a \"color\" like `#XXYYZZ` as valid.\n\nThe fix is to use an uppercase `A-F` range instead.\n\n```javascript\n\nimport java.util.regex.Pattern\npublic class Tester {\n    public static boolean is_valid_hex_color(String color) {\n        return Pattern.matches(\"#[0-9a-fA-F]{6}\", color);\n    }\n}\n\n```\n\n## References\n* GitHub Advisory Database: [CVE-2021-42740: Improper Neutralization of Special Elements used in a Command in Shell-quote](https://github.com/advisories/GHSA-g4rg-993r-mgx7)\n* wh0.github.io: [Exploiting CVE-2021-42740](https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html)\n* Yosuke Ota: [no-obscure-range](https://ota-meshi.github.io/eslint-plugin-regexp/rules/no-obscure-range.html)\n* Paul Boyd: [The regex \\[,-.\\]](https://pboyd.io/posts/comma-dash-dot/)\n* Common Weakness Enumeration: [CWE-20](https://cwe.mitre.org/data/definitions/20.html).\n","markdown":"# Overly permissive regular expression range\nIt's easy to write a regular expression range that matches a wider range of characters than you intended. For example, `/[a-zA-z]/` matches all lowercase and all uppercase letters, as you would expect, but it also matches the characters: `` [ \\ ] ^ _ ` ``.\n\nAnother common problem is failing to escape the dash character in a regular expression. An unescaped dash is interpreted as part of a range. For example, in the character class `[a-zA-Z0-9%=.,-_]` the last character range matches the 55 characters between `,` and `_` (both included), which overlaps with the range `[0-9]` and is clearly not intended by the writer.\n\n\n## Recommendation\nAvoid any confusion about which characters are included in the range by writing unambiguous regular expressions. Always check that character ranges match only the expected characters.\n\n\n## Example\nThe following example code is intended to check whether a string is a valid 6 digit hex color.\n\n```java\n\nimport java.util.regex.Pattern\npublic class Tester {\n    public static boolean is_valid_hex_color(String color) {\n        return Pattern.matches(\"#[0-9a-fA-f]{6}\", color);\n    }\n}\n\n```\nHowever, the `A-f` range is overly large and matches every uppercase character. It would parse a \"color\" like `#XXYYZZ` as valid.\n\nThe fix is to use an uppercase `A-F` range instead.\n\n```javascript\n\nimport java.util.regex.Pattern\npublic class Tester {\n    public static boolean is_valid_hex_color(String color) {\n        return Pattern.matches(\"#[0-9a-fA-F]{6}\", color);\n    }\n}\n\n```\n\n## References\n* GitHub Advisory Database: [CVE-2021-42740: Improper Neutralization of Special Elements used in a Command in Shell-quote](https://github.com/advisories/GHSA-g4rg-993r-mgx7)\n* wh0.github.io: [Exploiting CVE-2021-42740](https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html)\n* Yosuke Ota: [no-obscure-range](https://ota-meshi.github.io/eslint-plugin-regexp/rules/no-obscure-range.html)\n* Paul Boyd: [The regex \\[,-.\\]](https://pboyd.io/posts/comma-dash-dot/)\n* Common Weakness Enumeration: [CWE-20](https://cwe.mitre.org/data/definitions/20.html).\n"},"properties":{"tags":["correctness","security","external/cwe/cwe-020"],"description":"Overly permissive regular expression ranges match a wider range of characters than intended.\n              This may allow an attacker to bypass a filter or sanitizer.","id":"java/overly-large-range","kind":"problem","name":"Overly permissive regular expression range","precision":"high","problem.severity":"warning","security-severity":"5.0"}},{"id":"java/path-injection","name":"java/path-injection","shortDescription":{"text":"Uncontrolled data used in path expression"},"fullDescription":{"text":"Accessing paths influenced by users can allow an attacker to access unexpected resources."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Uncontrolled data used in path expression\nAccessing paths controlled by users can allow an attacker to access unexpected resources. This can result in sensitive information being revealed or deleted, or an attacker being able to influence behavior by modifying unexpected files.\n\nPaths that are naively constructed from data controlled by a user may contain unexpected special characters, such as \"..\". Such a path may potentially point to any directory on the file system.\n\n\n## Recommendation\nValidate user input before using it to construct a file path. Ideally, follow these rules:\n\n* Do not allow more than a single \".\" character.\n* Do not allow directory separators such as \"/\" or \"\\\\\" (depending on the file system).\n* Do not rely on simply replacing problematic sequences such as \"../\". For example, after applying this filter to \".../...//\" the resulting string would still be \"../\".\n* Ideally use a whitelist of known good patterns.\n\n## Example\nIn this example, a file name is read from a `java.net.Socket` and then used to access a file in the user's home directory and send it back over the socket. However, a malicious user could enter a file name which contains special characters. For example, the string \"../../etc/passwd\" will result in the code reading the file located at \"/home/\\[user\\]/../../etc/passwd\", which is the system's password file. This file would then be sent back to the user, giving them access to all the system's passwords.\n\n\n```java\npublic void sendUserFile(Socket sock, String user) {\n\tBufferedReader filenameReader = new BufferedReader(\n\t\t\tnew InputStreamReader(sock.getInputStream(), \"UTF-8\"));\n\tString filename = filenameReader.readLine();\n\t// BAD: read from a file using a path controlled by the user\n\tBufferedReader fileReader = new BufferedReader(\n\t\t\tnew FileReader(\"/home/\" + user + \"/\" + filename));\n\tString fileLine = fileReader.readLine();\n\twhile(fileLine != null) {\n\t\tsock.getOutputStream().write(fileLine.getBytes());\n\t\tfileLine = fileReader.readLine();\n\t}\n}\n\npublic void sendUserFileFixed(Socket sock, String user) {\n\t// ...\n\t\n\t// GOOD: remove all dots and directory delimiters from the filename before using\n\tString filename = filenameReader.readLine().replaceAll(\"\\\\.\", \"\").replaceAll(\"/\", \"\");\n\tBufferedReader fileReader = new BufferedReader(\n\t\t\tnew FileReader(\"/home/\" + user + \"/\" + filename));\n\n\t// ...\n}\n\n```\n\n## References\n* OWASP: [Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* Common Weakness Enumeration: [CWE-22](https://cwe.mitre.org/data/definitions/22.html).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n* Common Weakness Enumeration: [CWE-36](https://cwe.mitre.org/data/definitions/36.html).\n* Common Weakness Enumeration: [CWE-73](https://cwe.mitre.org/data/definitions/73.html).\n","markdown":"# Uncontrolled data used in path expression\nAccessing paths controlled by users can allow an attacker to access unexpected resources. This can result in sensitive information being revealed or deleted, or an attacker being able to influence behavior by modifying unexpected files.\n\nPaths that are naively constructed from data controlled by a user may contain unexpected special characters, such as \"..\". Such a path may potentially point to any directory on the file system.\n\n\n## Recommendation\nValidate user input before using it to construct a file path. Ideally, follow these rules:\n\n* Do not allow more than a single \".\" character.\n* Do not allow directory separators such as \"/\" or \"\\\\\" (depending on the file system).\n* Do not rely on simply replacing problematic sequences such as \"../\". For example, after applying this filter to \".../...//\" the resulting string would still be \"../\".\n* Ideally use a whitelist of known good patterns.\n\n## Example\nIn this example, a file name is read from a `java.net.Socket` and then used to access a file in the user's home directory and send it back over the socket. However, a malicious user could enter a file name which contains special characters. For example, the string \"../../etc/passwd\" will result in the code reading the file located at \"/home/\\[user\\]/../../etc/passwd\", which is the system's password file. This file would then be sent back to the user, giving them access to all the system's passwords.\n\n\n```java\npublic void sendUserFile(Socket sock, String user) {\n\tBufferedReader filenameReader = new BufferedReader(\n\t\t\tnew InputStreamReader(sock.getInputStream(), \"UTF-8\"));\n\tString filename = filenameReader.readLine();\n\t// BAD: read from a file using a path controlled by the user\n\tBufferedReader fileReader = new BufferedReader(\n\t\t\tnew FileReader(\"/home/\" + user + \"/\" + filename));\n\tString fileLine = fileReader.readLine();\n\twhile(fileLine != null) {\n\t\tsock.getOutputStream().write(fileLine.getBytes());\n\t\tfileLine = fileReader.readLine();\n\t}\n}\n\npublic void sendUserFileFixed(Socket sock, String user) {\n\t// ...\n\t\n\t// GOOD: remove all dots and directory delimiters from the filename before using\n\tString filename = filenameReader.readLine().replaceAll(\"\\\\.\", \"\").replaceAll(\"/\", \"\");\n\tBufferedReader fileReader = new BufferedReader(\n\t\t\tnew FileReader(\"/home/\" + user + \"/\" + filename));\n\n\t// ...\n}\n\n```\n\n## References\n* OWASP: [Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* Common Weakness Enumeration: [CWE-22](https://cwe.mitre.org/data/definitions/22.html).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n* Common Weakness Enumeration: [CWE-36](https://cwe.mitre.org/data/definitions/36.html).\n* Common Weakness Enumeration: [CWE-73](https://cwe.mitre.org/data/definitions/73.html).\n"},"properties":{"tags":["security","external/cwe/cwe-022","external/cwe/cwe-023","external/cwe/cwe-036","external/cwe/cwe-073"],"description":"Accessing paths influenced by users can allow an attacker to access unexpected resources.","id":"java/path-injection","kind":"path-problem","name":"Uncontrolled data used in path expression","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/zipslip","name":"java/zipslip","shortDescription":{"text":"Arbitrary file write during archive extraction (\"Zip Slip\")"},"fullDescription":{"text":"Extracting files from a malicious archive without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Arbitrary file write during archive extraction (\"Zip Slip\")\nExtracting files from a malicious zip archive (or another archive format) without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten, due to the possible presence of directory traversal elements (`..`) in archive paths.\n\nZip archives contain archive entries representing each file in the archive. These entries include a file path for the entry, but these file paths are not restricted and may contain unexpected special elements such as the directory traversal element (`..`). If these file paths are used to determine an output file to write the contents of the archive item to, then the file may be written to an unexpected location. This can result in sensitive information being revealed or deleted, or an attacker being able to influence behavior by modifying unexpected files.\n\nFor example, if a zip file contains a file entry `..\\sneaky-file`, and the zip file is extracted to the directory `c:\\output`, then naively combining the paths would result in an output file path of `c:\\output\\..\\sneaky-file`, which would cause the file to be written to `c:\\sneaky-file`.\n\n\n## Recommendation\nEnsure that output paths constructed from zip archive entries are validated to prevent writing files to unexpected locations.\n\nThe recommended way of writing an output file from a zip archive entry is to verify that the normalized full path of the output file starts with a prefix that matches the destination directory. Path normalization can be done with either `java.io.File.getCanonicalFile()` or `java.nio.file.Path.normalize()`. Prefix checking can be done with `String.startsWith(..)`, but it is better to use `java.nio.file.Path.startsWith(..)`, as the latter works on complete path segments.\n\nAnother alternative is to validate archive entries against a whitelist of expected files.\n\n\n## Example\nIn this example, a file path taken from a zip archive item entry is combined with a destination directory. The result is used as the destination file path without verifying that the result is within the destination directory. If provided with a zip file containing an archive path like `..\\sneaky-file`, then this file would be written outside the destination directory.\n\n\n```java\nvoid writeZipEntry(ZipEntry entry, File destinationDir) {\n    File file = new File(destinationDir, entry.getName());\n    FileOutputStream fos = new FileOutputStream(file); // BAD\n    // ... write entry to fos ...\n}\n\n```\nTo fix this vulnerability, we need to verify that the normalized `file` still has `destinationDir` as its prefix, and throw an exception if this is not the case.\n\n\n```java\nvoid writeZipEntry(ZipEntry entry, File destinationDir) {\n    File file = new File(destinationDir, entry.getName());\n    if (!file.toPath().normalize().startsWith(destinationDir.toPath()))\n        throw new Exception(\"Bad zip entry\");\n    FileOutputStream fos = new FileOutputStream(file); // OK\n    // ... write entry to fos ...\n}\n\n```\n\n## References\n* Snyk: [Zip Slip Vulnerability](https://snyk.io/research/zip-slip-vulnerability).\n* OWASP: [Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* Common Weakness Enumeration: [CWE-22](https://cwe.mitre.org/data/definitions/22.html).\n","markdown":"# Arbitrary file write during archive extraction (\"Zip Slip\")\nExtracting files from a malicious zip archive (or another archive format) without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten, due to the possible presence of directory traversal elements (`..`) in archive paths.\n\nZip archives contain archive entries representing each file in the archive. These entries include a file path for the entry, but these file paths are not restricted and may contain unexpected special elements such as the directory traversal element (`..`). If these file paths are used to determine an output file to write the contents of the archive item to, then the file may be written to an unexpected location. This can result in sensitive information being revealed or deleted, or an attacker being able to influence behavior by modifying unexpected files.\n\nFor example, if a zip file contains a file entry `..\\sneaky-file`, and the zip file is extracted to the directory `c:\\output`, then naively combining the paths would result in an output file path of `c:\\output\\..\\sneaky-file`, which would cause the file to be written to `c:\\sneaky-file`.\n\n\n## Recommendation\nEnsure that output paths constructed from zip archive entries are validated to prevent writing files to unexpected locations.\n\nThe recommended way of writing an output file from a zip archive entry is to verify that the normalized full path of the output file starts with a prefix that matches the destination directory. Path normalization can be done with either `java.io.File.getCanonicalFile()` or `java.nio.file.Path.normalize()`. Prefix checking can be done with `String.startsWith(..)`, but it is better to use `java.nio.file.Path.startsWith(..)`, as the latter works on complete path segments.\n\nAnother alternative is to validate archive entries against a whitelist of expected files.\n\n\n## Example\nIn this example, a file path taken from a zip archive item entry is combined with a destination directory. The result is used as the destination file path without verifying that the result is within the destination directory. If provided with a zip file containing an archive path like `..\\sneaky-file`, then this file would be written outside the destination directory.\n\n\n```java\nvoid writeZipEntry(ZipEntry entry, File destinationDir) {\n    File file = new File(destinationDir, entry.getName());\n    FileOutputStream fos = new FileOutputStream(file); // BAD\n    // ... write entry to fos ...\n}\n\n```\nTo fix this vulnerability, we need to verify that the normalized `file` still has `destinationDir` as its prefix, and throw an exception if this is not the case.\n\n\n```java\nvoid writeZipEntry(ZipEntry entry, File destinationDir) {\n    File file = new File(destinationDir, entry.getName());\n    if (!file.toPath().normalize().startsWith(destinationDir.toPath()))\n        throw new Exception(\"Bad zip entry\");\n    FileOutputStream fos = new FileOutputStream(file); // OK\n    // ... write entry to fos ...\n}\n\n```\n\n## References\n* Snyk: [Zip Slip Vulnerability](https://snyk.io/research/zip-slip-vulnerability).\n* OWASP: [Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* Common Weakness Enumeration: [CWE-22](https://cwe.mitre.org/data/definitions/22.html).\n"},"properties":{"tags":["security","external/cwe/cwe-022"],"description":"Extracting files from a malicious archive without validating that the\n              destination file path is within the destination directory can cause files outside\n              the destination directory to be overwritten.","id":"java/zipslip","kind":"path-problem","name":"Arbitrary file write during archive extraction (\"Zip Slip\")","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/android/unsafe-content-uri-resolution","name":"java/android/unsafe-content-uri-resolution","shortDescription":{"text":"Uncontrolled data used in content resolution"},"fullDescription":{"text":"Resolving externally-provided content URIs without validation can allow an attacker to access unexpected resources."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Uncontrolled data used in content resolution\nWhen an Android application wants to access data in a content provider, it uses the `ContentResolver` object. `ContentResolver`s communicate with an instance of a class that implements the `ContentProvider` interface via URIs with the `content://` scheme. The authority part (the first path segment) of the URI, passed as parameter to the `ContentResolver`, determines which content provider is contacted for the operation. Specific operations that act on files also support the `file://` scheme, in which case the local filesystem is queried instead. If an external component, like a malicious or compromised application, controls the URI for a `ContentResolver` operation, it can trick the vulnerable application into accessing its own private files or non-exported content providers. The attacking application might be able to get access to the file by forcing it to be copied to a public directory, like external storage, or tamper with the contents by making the application overwrite the file with unexpected data.\n\n\n## Recommendation\nIf possible, avoid using externally-provided data to determine the URI for a `ContentResolver` to use. If that is not an option, validate that the incoming URI can only reference trusted components, like an allow list of content providers and/or applications, or alternatively make sure that the URI does not reference private directories like `/data/`.\n\n\n## Example\nThis example shows three ways of opening a file using a `ContentResolver`. In the first case, externally-provided data from an intent is used directly in the file-reading operation. This allows an attacker to provide a URI of the form `/data/data/(vulnerable app package)/(private file)` to trick the application into reading it and copying it to the external storage. In the second case, an insufficient check is performed on the externally-provided URI, still leaving room for exploitation. In the third case, the URI is correctly validated before being used, making sure it does not reference any internal application files.\n\n\n```java\nimport android.content.ContentResolver;\nimport android.net.Uri;\n\npublic class Example extends Activity {\n    public void onCreate() {\n        // BAD: Externally-provided URI directly used in content resolution\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n        // BAD: input URI is not normalized, and check can be bypassed with \"..\" characters\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            String path = uri.getPath();\n            if (path.startsWith(\"/data\"))\n                throw new SecurityException();\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n        // GOOD: URI is properly validated to block access to internal files\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            String path = uri.getPath();\n            java.nio.file.Path normalized =\n                    java.nio.file.FileSystems.getDefault().getPath(path).normalize();\n            if (normalized.startsWith(\"/data\"))\n                throw new SecurityException();\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n    }\n\n    private void copyToExternalCache(InputStream is) {\n        // Reads the contents of is and writes a file in the app's external\n        // cache directory, which can be read publicly by applications in the same device.\n    }\n}\n\n```\n\n## References\n* Android developers: [Content provider basics](https://developer.android.com/guide/topics/providers/content-provider-basics)\n* [The ContentResolver class](https://developer.android.com/reference/android/content/ContentResolver)\n* Common Weakness Enumeration: [CWE-441](https://cwe.mitre.org/data/definitions/441.html).\n* Common Weakness Enumeration: [CWE-610](https://cwe.mitre.org/data/definitions/610.html).\n","markdown":"# Uncontrolled data used in content resolution\nWhen an Android application wants to access data in a content provider, it uses the `ContentResolver` object. `ContentResolver`s communicate with an instance of a class that implements the `ContentProvider` interface via URIs with the `content://` scheme. The authority part (the first path segment) of the URI, passed as parameter to the `ContentResolver`, determines which content provider is contacted for the operation. Specific operations that act on files also support the `file://` scheme, in which case the local filesystem is queried instead. If an external component, like a malicious or compromised application, controls the URI for a `ContentResolver` operation, it can trick the vulnerable application into accessing its own private files or non-exported content providers. The attacking application might be able to get access to the file by forcing it to be copied to a public directory, like external storage, or tamper with the contents by making the application overwrite the file with unexpected data.\n\n\n## Recommendation\nIf possible, avoid using externally-provided data to determine the URI for a `ContentResolver` to use. If that is not an option, validate that the incoming URI can only reference trusted components, like an allow list of content providers and/or applications, or alternatively make sure that the URI does not reference private directories like `/data/`.\n\n\n## Example\nThis example shows three ways of opening a file using a `ContentResolver`. In the first case, externally-provided data from an intent is used directly in the file-reading operation. This allows an attacker to provide a URI of the form `/data/data/(vulnerable app package)/(private file)` to trick the application into reading it and copying it to the external storage. In the second case, an insufficient check is performed on the externally-provided URI, still leaving room for exploitation. In the third case, the URI is correctly validated before being used, making sure it does not reference any internal application files.\n\n\n```java\nimport android.content.ContentResolver;\nimport android.net.Uri;\n\npublic class Example extends Activity {\n    public void onCreate() {\n        // BAD: Externally-provided URI directly used in content resolution\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n        // BAD: input URI is not normalized, and check can be bypassed with \"..\" characters\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            String path = uri.getPath();\n            if (path.startsWith(\"/data\"))\n                throw new SecurityException();\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n        // GOOD: URI is properly validated to block access to internal files\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            String path = uri.getPath();\n            java.nio.file.Path normalized =\n                    java.nio.file.FileSystems.getDefault().getPath(path).normalize();\n            if (normalized.startsWith(\"/data\"))\n                throw new SecurityException();\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n    }\n\n    private void copyToExternalCache(InputStream is) {\n        // Reads the contents of is and writes a file in the app's external\n        // cache directory, which can be read publicly by applications in the same device.\n    }\n}\n\n```\n\n## References\n* Android developers: [Content provider basics](https://developer.android.com/guide/topics/providers/content-provider-basics)\n* [The ContentResolver class](https://developer.android.com/reference/android/content/ContentResolver)\n* Common Weakness Enumeration: [CWE-441](https://cwe.mitre.org/data/definitions/441.html).\n* Common Weakness Enumeration: [CWE-610](https://cwe.mitre.org/data/definitions/610.html).\n"},"properties":{"tags":["security","external/cwe/cwe-441","external/cwe/cwe-610","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Resolving externally-provided content URIs without validation can allow an attacker\n              to access unexpected resources.","id":"java/android/unsafe-content-uri-resolution","kind":"path-problem","name":"Uncontrolled data used in content resolution","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/insufficient-key-size","name":"java/insufficient-key-size","shortDescription":{"text":"Use of a cryptographic algorithm with insufficient key size"},"fullDescription":{"text":"Using cryptographic algorithms with too small a key size can allow an attacker to compromise security."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Use of a cryptographic algorithm with insufficient key size\nModern encryption relies on the computational infeasibility of breaking a cipher and decoding its message without the key. As computational power increases, the ability to break ciphers grows, and key sizes need to become larger as a result. Cryptographic algorithms that use too small of a key size are vulnerable to brute force attacks, which can reveal sensitive data.\n\n\n## Recommendation\nUse a key of the recommended size or larger. The key size should be at least 128 bits for AES encryption, 256 bits for elliptic-curve cryptography (ECC), and 2048 bits for RSA, DSA, or DH encryption.\n\n\n## Example\nThe following code uses cryptographic algorithms with insufficient key sizes.\n\n\n```java\n    KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance(\"RSA\");\n    keyPairGen1.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance(\"DSA\");\n    keyPairGen2.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance(\"DH\");\n    keyPairGen3.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance(\"EC\");\n    ECGenParameterSpec ecSpec = new ECGenParameterSpec(\"secp112r1\"); // BAD: Key size is less than 256\n    keyPairGen4.initialize(ecSpec);\n\n    KeyGenerator keyGen = KeyGenerator.getInstance(\"AES\");\n    keyGen.init(64); // BAD: Key size is less than 128\n\n```\nTo fix the code, change the key sizes to be the recommended size or larger for each algorithm.\n\n\n## References\n* Wikipedia: [Key size](http://en.wikipedia.org/wiki/Key_size).\n* Wikipedia: [Strong cryptography](https://en.wikipedia.org/wiki/Strong_cryptography).\n* OWASP: [ Cryptographic Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms).\n* OWASP: [ Testing for Weak Encryption](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption).\n* NIST: [ Transitioning the Use of Cryptographic Algorithms and Key Lengths](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf).\n* Common Weakness Enumeration: [CWE-326](https://cwe.mitre.org/data/definitions/326.html).\n","markdown":"# Use of a cryptographic algorithm with insufficient key size\nModern encryption relies on the computational infeasibility of breaking a cipher and decoding its message without the key. As computational power increases, the ability to break ciphers grows, and key sizes need to become larger as a result. Cryptographic algorithms that use too small of a key size are vulnerable to brute force attacks, which can reveal sensitive data.\n\n\n## Recommendation\nUse a key of the recommended size or larger. The key size should be at least 128 bits for AES encryption, 256 bits for elliptic-curve cryptography (ECC), and 2048 bits for RSA, DSA, or DH encryption.\n\n\n## Example\nThe following code uses cryptographic algorithms with insufficient key sizes.\n\n\n```java\n    KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance(\"RSA\");\n    keyPairGen1.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance(\"DSA\");\n    keyPairGen2.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance(\"DH\");\n    keyPairGen3.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance(\"EC\");\n    ECGenParameterSpec ecSpec = new ECGenParameterSpec(\"secp112r1\"); // BAD: Key size is less than 256\n    keyPairGen4.initialize(ecSpec);\n\n    KeyGenerator keyGen = KeyGenerator.getInstance(\"AES\");\n    keyGen.init(64); // BAD: Key size is less than 128\n\n```\nTo fix the code, change the key sizes to be the recommended size or larger for each algorithm.\n\n\n## References\n* Wikipedia: [Key size](http://en.wikipedia.org/wiki/Key_size).\n* Wikipedia: [Strong cryptography](https://en.wikipedia.org/wiki/Strong_cryptography).\n* OWASP: [ Cryptographic Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms).\n* OWASP: [ Testing for Weak Encryption](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption).\n* NIST: [ Transitioning the Use of Cryptographic Algorithms and Key Lengths](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf).\n* Common Weakness Enumeration: [CWE-326](https://cwe.mitre.org/data/definitions/326.html).\n"},"properties":{"tags":["security","external/cwe/cwe-326","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using cryptographic algorithms with too small a key size can\n              allow an attacker to compromise security.","id":"java/insufficient-key-size","kind":"path-problem","name":"Use of a cryptographic algorithm with insufficient key size","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/android/implicit-pendingintents","name":"java/android/implicit-pendingintents","shortDescription":{"text":"Use of implicit PendingIntents"},"fullDescription":{"text":"Sending an implicit and mutable 'PendingIntent' to an unspecified third party component may provide an attacker with access to internal components of the application or cause other unintended effects."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Use of implicit PendingIntents\nA `PendingIntent` is used to wrap an `Intent` that will be supplied and executed by another application. When the `Intent` is executed, it behaves as if it were run directly by the supplying application, using the privileges of that application.\n\nIf a `PendingIntent` is configured to be mutable, the fields of its internal `Intent` can be changed by the receiving application if they were not previously set. This means that a mutable `PendingIntent` that has not defined a destination component (that is, an implicit `PendingIntent`) can be altered to execute an arbitrary action with the privileges of the application that created it.\n\nA malicious application can access an implicit `PendingIntent` as follows:\n\n* It is wrapped and sent as an extra of another implicit `Intent`.\n* It is sent as the action of a `Slide`.\n* It is sent as the action of a `Notification`.\n\n\nOn gaining access, the attacker can modify the underlying `Intent` and execute an arbitrary action with elevated privileges. This could give the malicious application access to private components of the victim application, or the ability to perform actions without having the necessary permissions.\n\n\n## Recommendation\nAvoid creating implicit `PendingIntent`s. This means that the underlying `Intent` should always have an explicit destination component.\n\nWhen you add the `PendingIntent` as an extra of another `Intent`, make sure that this second `Intent` also has an explicit destination component, so that it is not delivered to untrusted applications.\n\nCreate the `PendingIntent` using the flag `FLAG_IMMUTABLE` whenever possible, to prevent the destination component from modifying empty fields of the underlying `Intent`.\n\n\n## Example\nIn the following examples, a `PendingIntent` is created and wrapped as an extra of another `Intent`.\n\nIn the first example, both the `PendingIntent` and the `Intent` it is wrapped in are implicit, making them vulnerable to attack.\n\nIn the second example, the issue is avoided by adding explicit destination components to the `PendingIntent` and the wrapping `Intent`.\n\nThe third example uses the `FLAG_IMMUTABLE` flag to prevent the underlying `Intent` from being modified by the destination component.\n\n\n```java\nimport android.app.Activity;\nimport android.app.PendingIntent;\nimport android.content.Intent;\nimport android.os.Bundle;\n\npublic class ImplicitPendingIntents extends Activity {\n\n\tpublic void onCreate(Bundle savedInstance) {\n\t\t{\n\t\t\t// BAD: an implicit Intent is used to create a PendingIntent.\n\t\t\t// The PendingIntent is then added to another implicit Intent\n\t\t\t// and started.\n\t\t\tIntent baseIntent = new Intent();\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, baseIntent, PendingIntent.FLAG_ONE_SHOT);\n\t\t\tIntent fwdIntent = new Intent(\"SOME_ACTION\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tsendBroadcast(fwdIntent);\n\t\t}\n\n\t\t{\n\t\t\t// GOOD: both the PendingIntent and the wrapping Intent are explicit.\n\t\t\tIntent safeIntent = new Intent(this, AnotherActivity.class);\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, safeIntent, PendingIntent.FLAG_ONE_SHOT);\n\t\t\tIntent fwdIntent = new Intent();\n\t\t\tfwdIntent.setClassName(\"destination.package\", \"DestinationClass\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tstartActivity(fwdIntent);\n\t\t}\n\n\t\t{\n\t\t\t// GOOD: The PendingIntent is created with FLAG_IMMUTABLE.\n\t\t\tIntent baseIntent = new Intent(\"SOME_ACTION\");\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, baseIntent, PendingIntent.FLAG_IMMUTABLE);\n\t\t\tIntent fwdIntent = new Intent();\n\t\t\tfwdIntent.setClassName(\"destination.package\", \"DestinationClass\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tstartActivity(fwdIntent);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* Google Help: [ Remediation for Implicit PendingIntent Vulnerability ](https://support.google.com/faqs/answer/10437428?hl=en)\n* University of Potsdam: [ PIAnalyzer: A precise approach for PendingIntent vulnerability analysis ](https://www.cs.uni-potsdam.de/se/papers/esorics18.pdf)\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n","markdown":"# Use of implicit PendingIntents\nA `PendingIntent` is used to wrap an `Intent` that will be supplied and executed by another application. When the `Intent` is executed, it behaves as if it were run directly by the supplying application, using the privileges of that application.\n\nIf a `PendingIntent` is configured to be mutable, the fields of its internal `Intent` can be changed by the receiving application if they were not previously set. This means that a mutable `PendingIntent` that has not defined a destination component (that is, an implicit `PendingIntent`) can be altered to execute an arbitrary action with the privileges of the application that created it.\n\nA malicious application can access an implicit `PendingIntent` as follows:\n\n* It is wrapped and sent as an extra of another implicit `Intent`.\n* It is sent as the action of a `Slide`.\n* It is sent as the action of a `Notification`.\n\n\nOn gaining access, the attacker can modify the underlying `Intent` and execute an arbitrary action with elevated privileges. This could give the malicious application access to private components of the victim application, or the ability to perform actions without having the necessary permissions.\n\n\n## Recommendation\nAvoid creating implicit `PendingIntent`s. This means that the underlying `Intent` should always have an explicit destination component.\n\nWhen you add the `PendingIntent` as an extra of another `Intent`, make sure that this second `Intent` also has an explicit destination component, so that it is not delivered to untrusted applications.\n\nCreate the `PendingIntent` using the flag `FLAG_IMMUTABLE` whenever possible, to prevent the destination component from modifying empty fields of the underlying `Intent`.\n\n\n## Example\nIn the following examples, a `PendingIntent` is created and wrapped as an extra of another `Intent`.\n\nIn the first example, both the `PendingIntent` and the `Intent` it is wrapped in are implicit, making them vulnerable to attack.\n\nIn the second example, the issue is avoided by adding explicit destination components to the `PendingIntent` and the wrapping `Intent`.\n\nThe third example uses the `FLAG_IMMUTABLE` flag to prevent the underlying `Intent` from being modified by the destination component.\n\n\n```java\nimport android.app.Activity;\nimport android.app.PendingIntent;\nimport android.content.Intent;\nimport android.os.Bundle;\n\npublic class ImplicitPendingIntents extends Activity {\n\n\tpublic void onCreate(Bundle savedInstance) {\n\t\t{\n\t\t\t// BAD: an implicit Intent is used to create a PendingIntent.\n\t\t\t// The PendingIntent is then added to another implicit Intent\n\t\t\t// and started.\n\t\t\tIntent baseIntent = new Intent();\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, baseIntent, PendingIntent.FLAG_ONE_SHOT);\n\t\t\tIntent fwdIntent = new Intent(\"SOME_ACTION\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tsendBroadcast(fwdIntent);\n\t\t}\n\n\t\t{\n\t\t\t// GOOD: both the PendingIntent and the wrapping Intent are explicit.\n\t\t\tIntent safeIntent = new Intent(this, AnotherActivity.class);\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, safeIntent, PendingIntent.FLAG_ONE_SHOT);\n\t\t\tIntent fwdIntent = new Intent();\n\t\t\tfwdIntent.setClassName(\"destination.package\", \"DestinationClass\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tstartActivity(fwdIntent);\n\t\t}\n\n\t\t{\n\t\t\t// GOOD: The PendingIntent is created with FLAG_IMMUTABLE.\n\t\t\tIntent baseIntent = new Intent(\"SOME_ACTION\");\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, baseIntent, PendingIntent.FLAG_IMMUTABLE);\n\t\t\tIntent fwdIntent = new Intent();\n\t\t\tfwdIntent.setClassName(\"destination.package\", \"DestinationClass\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tstartActivity(fwdIntent);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* Google Help: [ Remediation for Implicit PendingIntent Vulnerability ](https://support.google.com/faqs/answer/10437428?hl=en)\n* University of Potsdam: [ PIAnalyzer: A precise approach for PendingIntent vulnerability analysis ](https://www.cs.uni-potsdam.de/se/papers/esorics18.pdf)\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n"},"properties":{"tags":["security","external/cwe/cwe-927","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Sending an implicit and mutable 'PendingIntent' to an unspecified third party\n              component may provide an attacker with access to internal components of the\n              application or cause other unintended effects.","id":"java/android/implicit-pendingintents","kind":"path-problem","name":"Use of implicit PendingIntents","precision":"high","problem.severity":"error","security-severity":"8.2"}},{"id":"java/ldap-injection","name":"java/ldap-injection","shortDescription":{"text":"LDAP query built from user-controlled sources"},"fullDescription":{"text":"Building an LDAP query from user-controlled sources is vulnerable to insertion of malicious LDAP code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# LDAP query built from user-controlled sources\nIf an LDAP query is built using string concatenation, and the components of the concatenation include user input, a user is likely to be able to run malicious LDAP queries.\n\n\n## Recommendation\nIf user input must be included in an LDAP query, it should be escaped to avoid a malicious user providing special characters that change the meaning of the query. If possible build the LDAP query using framework helper methods, for example from Spring's `LdapQueryBuilder` and `LdapNameBuilder`, instead of string concatenation. Alternatively, escape user input using an appropriate LDAP encoding method, for example: `encodeForLDAP` or `encodeForDN` from OWASP ESAPI, `LdapEncoder.filterEncode` or `LdapEncoder.nameEncode` from Spring LDAP, or `Filter.encodeValue` from UnboundID library.\n\n\n## Example\nIn the following examples, the code accepts an \"organization name\" and a \"username\" from the user, which it uses to query LDAP.\n\nThe first example concatenates the unvalidated and unencoded user input directly into both the DN (Distinguished Name) and the search filter used for the LDAP query. A malicious user could provide special characters to change the meaning of these queries, and search for a completely different set of values. The LDAP query is executed using Java JNDI API.\n\nThe second example uses the OWASP ESAPI library to encode the user values before they are included in the DN and search filters. This ensures the meaning of the query cannot be changed by a malicious user.\n\n\n```java\nimport javax.naming.directory.DirContext;\nimport org.owasp.esapi.Encoder;\nimport org.owasp.esapi.reference.DefaultEncoder;\n\npublic void ldapQueryBad(HttpServletRequest request, DirContext ctx) throws NamingException {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // BAD: User input used in DN (Distinguished Name) without encoding\n  String dn = \"OU=People,O=\" + organizationName;\n\n  // BAD: User input used in search filter without encoding\n  String filter = \"username=\" + userName;\n\n  ctx.search(dn, filter, new SearchControls());\n}\n\npublic void ldapQueryGood(HttpServletRequest request, DirContext ctx) throws NamingException {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // ESAPI encoder\n  Encoder encoder = DefaultEncoder.getInstance();\n\n  // GOOD: Organization name is encoded before being used in DN\n  String safeOrganizationName = encoder.encodeForDN(organizationName);\n  String safeDn = \"OU=People,O=\" + safeOrganizationName;\n\n  // GOOD: User input is encoded before being used in search filter\n  String safeUsername = encoder.encodeForLDAP(username);\n  String safeFilter = \"username=\" + safeUsername;\n  \n  ctx.search(safeDn, safeFilter, new SearchControls());\n}\n```\nThe third example uses Spring `LdapQueryBuilder` to build an LDAP query. In addition to simplifying the building of complex search parameters, it also provides proper escaping of any unsafe characters in search filters. The DN is built using `LdapNameBuilder`, which also provides proper escaping.\n\n\n```java\nimport static org.springframework.ldap.query.LdapQueryBuilder.query;\nimport org.springframework.ldap.support.LdapNameBuilder;\n\npublic void ldapQueryGood(@RequestParam String organizationName, @RequestParam String username) {\n  // GOOD: Organization name is encoded before being used in DN\n  String safeDn = LdapNameBuilder.newInstance()\n    .add(\"O\", organizationName)\n    .add(\"OU=People\")\n    .build().toString();\n\n  // GOOD: User input is encoded before being used in search filter\n  LdapQuery query = query()\n    .base(safeDn)\n    .where(\"username\").is(username);\n\n  ldapTemplate.search(query, new AttributeCheckAttributesMapper());\n}\n```\nThe fourth example uses `UnboundID` classes, `Filter` and `DN`, to construct a safe filter and base DN.\n\n\n```java\nimport com.unboundid.ldap.sdk.LDAPConnection;\nimport com.unboundid.ldap.sdk.DN;\nimport com.unboundid.ldap.sdk.RDN;\nimport com.unboundid.ldap.sdk.Filter;\n\npublic void ldapQueryGood(HttpServletRequest request, LDAPConnection c) {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // GOOD: Organization name is encoded before being used in DN\n  DN safeDn = new DN(new RDN(\"OU\", \"People\"), new RDN(\"O\", organizationName));\n\n  // GOOD: User input is encoded before being used in search filter\n  Filter safeFilter = Filter.createEqualityFilter(\"username\", username);\n  \n  c.search(safeDn.toString(), SearchScope.ONE, safeFilter);\n}\n```\nThe fifth example shows how to build a safe filter and DN using the Apache LDAP API.\n\n\n```java\nimport org.apache.directory.ldap.client.api.LdapConnection;\nimport org.apache.directory.api.ldap.model.name.Dn;\nimport org.apache.directory.api.ldap.model.name.Rdn;\nimport org.apache.directory.api.ldap.model.message.SearchRequest;\nimport org.apache.directory.api.ldap.model.message.SearchRequestImpl;\nimport static org.apache.directory.ldap.client.api.search.FilterBuilder.equal;\n\npublic void ldapQueryGood(HttpServletRequest request, LdapConnection c) {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // GOOD: Organization name is encoded before being used in DN\n  Dn safeDn = new Dn(new Rdn(\"OU\", \"People\"), new Rdn(\"O\", organizationName));\n\n  // GOOD: User input is encoded before being used in search filter\n  String safeFilter = equal(\"username\", username);\n  \n  SearchRequest searchRequest = new SearchRequestImpl();\n  searchRequest.setBase(safeDn);\n  searchRequest.setFilter(safeFilter);\n  c.search(searchRequest);\n}\n```\n\n## References\n* OWASP: [LDAP Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html).\n* OWASP ESAPI: [OWASP ESAPI](https://owasp.org/www-project-enterprise-security-api/).\n* Spring LdapQueryBuilder doc: [LdapQueryBuilder](https://docs.spring.io/spring-ldap/docs/current/apidocs/org/springframework/ldap/query/LdapQueryBuilder.html).\n* Spring LdapNameBuilder doc: [LdapNameBuilder](https://docs.spring.io/spring-ldap/docs/current/apidocs/org/springframework/ldap/support/LdapNameBuilder.html).\n* UnboundID: [Understanding and Defending Against LDAP Injection Attacks](https://ldap.com/2018/05/04/understanding-and-defending-against-ldap-injection-attacks/).\n* Common Weakness Enumeration: [CWE-90](https://cwe.mitre.org/data/definitions/90.html).\n","markdown":"# LDAP query built from user-controlled sources\nIf an LDAP query is built using string concatenation, and the components of the concatenation include user input, a user is likely to be able to run malicious LDAP queries.\n\n\n## Recommendation\nIf user input must be included in an LDAP query, it should be escaped to avoid a malicious user providing special characters that change the meaning of the query. If possible build the LDAP query using framework helper methods, for example from Spring's `LdapQueryBuilder` and `LdapNameBuilder`, instead of string concatenation. Alternatively, escape user input using an appropriate LDAP encoding method, for example: `encodeForLDAP` or `encodeForDN` from OWASP ESAPI, `LdapEncoder.filterEncode` or `LdapEncoder.nameEncode` from Spring LDAP, or `Filter.encodeValue` from UnboundID library.\n\n\n## Example\nIn the following examples, the code accepts an \"organization name\" and a \"username\" from the user, which it uses to query LDAP.\n\nThe first example concatenates the unvalidated and unencoded user input directly into both the DN (Distinguished Name) and the search filter used for the LDAP query. A malicious user could provide special characters to change the meaning of these queries, and search for a completely different set of values. The LDAP query is executed using Java JNDI API.\n\nThe second example uses the OWASP ESAPI library to encode the user values before they are included in the DN and search filters. This ensures the meaning of the query cannot be changed by a malicious user.\n\n\n```java\nimport javax.naming.directory.DirContext;\nimport org.owasp.esapi.Encoder;\nimport org.owasp.esapi.reference.DefaultEncoder;\n\npublic void ldapQueryBad(HttpServletRequest request, DirContext ctx) throws NamingException {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // BAD: User input used in DN (Distinguished Name) without encoding\n  String dn = \"OU=People,O=\" + organizationName;\n\n  // BAD: User input used in search filter without encoding\n  String filter = \"username=\" + userName;\n\n  ctx.search(dn, filter, new SearchControls());\n}\n\npublic void ldapQueryGood(HttpServletRequest request, DirContext ctx) throws NamingException {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // ESAPI encoder\n  Encoder encoder = DefaultEncoder.getInstance();\n\n  // GOOD: Organization name is encoded before being used in DN\n  String safeOrganizationName = encoder.encodeForDN(organizationName);\n  String safeDn = \"OU=People,O=\" + safeOrganizationName;\n\n  // GOOD: User input is encoded before being used in search filter\n  String safeUsername = encoder.encodeForLDAP(username);\n  String safeFilter = \"username=\" + safeUsername;\n  \n  ctx.search(safeDn, safeFilter, new SearchControls());\n}\n```\nThe third example uses Spring `LdapQueryBuilder` to build an LDAP query. In addition to simplifying the building of complex search parameters, it also provides proper escaping of any unsafe characters in search filters. The DN is built using `LdapNameBuilder`, which also provides proper escaping.\n\n\n```java\nimport static org.springframework.ldap.query.LdapQueryBuilder.query;\nimport org.springframework.ldap.support.LdapNameBuilder;\n\npublic void ldapQueryGood(@RequestParam String organizationName, @RequestParam String username) {\n  // GOOD: Organization name is encoded before being used in DN\n  String safeDn = LdapNameBuilder.newInstance()\n    .add(\"O\", organizationName)\n    .add(\"OU=People\")\n    .build().toString();\n\n  // GOOD: User input is encoded before being used in search filter\n  LdapQuery query = query()\n    .base(safeDn)\n    .where(\"username\").is(username);\n\n  ldapTemplate.search(query, new AttributeCheckAttributesMapper());\n}\n```\nThe fourth example uses `UnboundID` classes, `Filter` and `DN`, to construct a safe filter and base DN.\n\n\n```java\nimport com.unboundid.ldap.sdk.LDAPConnection;\nimport com.unboundid.ldap.sdk.DN;\nimport com.unboundid.ldap.sdk.RDN;\nimport com.unboundid.ldap.sdk.Filter;\n\npublic void ldapQueryGood(HttpServletRequest request, LDAPConnection c) {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // GOOD: Organization name is encoded before being used in DN\n  DN safeDn = new DN(new RDN(\"OU\", \"People\"), new RDN(\"O\", organizationName));\n\n  // GOOD: User input is encoded before being used in search filter\n  Filter safeFilter = Filter.createEqualityFilter(\"username\", username);\n  \n  c.search(safeDn.toString(), SearchScope.ONE, safeFilter);\n}\n```\nThe fifth example shows how to build a safe filter and DN using the Apache LDAP API.\n\n\n```java\nimport org.apache.directory.ldap.client.api.LdapConnection;\nimport org.apache.directory.api.ldap.model.name.Dn;\nimport org.apache.directory.api.ldap.model.name.Rdn;\nimport org.apache.directory.api.ldap.model.message.SearchRequest;\nimport org.apache.directory.api.ldap.model.message.SearchRequestImpl;\nimport static org.apache.directory.ldap.client.api.search.FilterBuilder.equal;\n\npublic void ldapQueryGood(HttpServletRequest request, LdapConnection c) {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // GOOD: Organization name is encoded before being used in DN\n  Dn safeDn = new Dn(new Rdn(\"OU\", \"People\"), new Rdn(\"O\", organizationName));\n\n  // GOOD: User input is encoded before being used in search filter\n  String safeFilter = equal(\"username\", username);\n  \n  SearchRequest searchRequest = new SearchRequestImpl();\n  searchRequest.setBase(safeDn);\n  searchRequest.setFilter(safeFilter);\n  c.search(searchRequest);\n}\n```\n\n## References\n* OWASP: [LDAP Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html).\n* OWASP ESAPI: [OWASP ESAPI](https://owasp.org/www-project-enterprise-security-api/).\n* Spring LdapQueryBuilder doc: [LdapQueryBuilder](https://docs.spring.io/spring-ldap/docs/current/apidocs/org/springframework/ldap/query/LdapQueryBuilder.html).\n* Spring LdapNameBuilder doc: [LdapNameBuilder](https://docs.spring.io/spring-ldap/docs/current/apidocs/org/springframework/ldap/support/LdapNameBuilder.html).\n* UnboundID: [Understanding and Defending Against LDAP Injection Attacks](https://ldap.com/2018/05/04/understanding-and-defending-against-ldap-injection-attacks/).\n* Common Weakness Enumeration: [CWE-90](https://cwe.mitre.org/data/definitions/90.html).\n"},"properties":{"tags":["security","external/cwe/cwe-090"],"description":"Building an LDAP query from user-controlled sources is vulnerable to insertion of\n              malicious LDAP code by the user.","id":"java/ldap-injection","kind":"path-problem","name":"LDAP query built from user-controlled sources","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/android/fragment-injection","name":"java/android/fragment-injection","shortDescription":{"text":"Android fragment injection"},"fullDescription":{"text":"Instantiating an Android fragment from a user-provided value may allow a malicious application to bypass access controls, exposing the application to unintended effects."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Android fragment injection\nWhen fragments are instantiated with externally provided names, this exposes any exported activity that dynamically creates and hosts the fragment to fragment injection. A malicious application could provide the name of an arbitrary fragment, even one not designed to be externally accessible, and inject it into the activity. This can bypass access controls and expose the application to unintended effects.\n\nFragments are reusable parts of an Android application's user interface. Even though a fragment controls its own lifecycle and layout, and handles its input events, it cannot exist on its own: it must be hosted either by an activity or another fragment. This means that, normally, a fragment will be accessible by third-party applications (that is, exported) only if its hosting activity is itself exported.\n\n\n## Recommendation\nIn general, do not instantiate classes (including fragments) with user-provided names unless the name has been properly validated. Also, if an exported activity is extending the `PreferenceActivity` class, make sure that the `isValidFragment` method is overriden and only returns `true` when the provided `fragmentName` points to an intended fragment.\n\n\n## Example\nThe following example shows two cases: in the first one, untrusted data is used to instantiate and add a fragment to an activity, while in the second one, a fragment is safely added with a static name.\n\n\n```java\npublic class MyActivity extends FragmentActivity {\n\n    @Override\n    protected void onCreate(Bundle savedInstance) {\n        try {\n            super.onCreate(savedInstance);\n            // BAD: Fragment instantiated from user input without validation\n            {\n                String fName = getIntent().getStringExtra(\"fragmentName\");\n                getFragmentManager().beginTransaction().replace(com.android.internal.R.id.prefs,\n                        Fragment.instantiate(this, fName, null)).commit();\n            }\n            // GOOD: Fragment instantiated statically\n            {\n                getFragmentManager().beginTransaction()\n                        .replace(com.android.internal.R.id.prefs, new MyFragment()).commit();\n            }\n        } catch (Exception e) {\n        }\n    }\n\n}\n\n```\nThe next example shows two activities that extend `PreferenceActivity`. The first activity overrides `isValidFragment`, but it wrongly returns `true` unconditionally. The second activity correctly overrides `isValidFragment` so that it only returns `true` when `fragmentName` is a trusted fragment name.\n\n\n```java\nclass UnsafeActivity extends PreferenceActivity {\n\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // BAD: any Fragment name can be provided.\n        return true;\n    }\n}\n\n\nclass SafeActivity extends PreferenceActivity {\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // Good: only trusted Fragment names are allowed.\n        return SafeFragment1.class.getName().equals(fragmentName)\n                || SafeFragment2.class.getName().equals(fragmentName)\n                || SafeFragment3.class.getName().equals(fragmentName);\n    }\n\n}\n\n\n```\n\n## References\n* Google Help: [How to fix Fragment Injection vulnerability](https://support.google.com/faqs/answer/7188427?hl=en).\n* IBM Security Systems: [Android collapses into Fragments](https://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf).\n* Android Developers: [Fragments](https://developer.android.com/guide/fragments)\n* Common Weakness Enumeration: [CWE-470](https://cwe.mitre.org/data/definitions/470.html).\n","markdown":"# Android fragment injection\nWhen fragments are instantiated with externally provided names, this exposes any exported activity that dynamically creates and hosts the fragment to fragment injection. A malicious application could provide the name of an arbitrary fragment, even one not designed to be externally accessible, and inject it into the activity. This can bypass access controls and expose the application to unintended effects.\n\nFragments are reusable parts of an Android application's user interface. Even though a fragment controls its own lifecycle and layout, and handles its input events, it cannot exist on its own: it must be hosted either by an activity or another fragment. This means that, normally, a fragment will be accessible by third-party applications (that is, exported) only if its hosting activity is itself exported.\n\n\n## Recommendation\nIn general, do not instantiate classes (including fragments) with user-provided names unless the name has been properly validated. Also, if an exported activity is extending the `PreferenceActivity` class, make sure that the `isValidFragment` method is overriden and only returns `true` when the provided `fragmentName` points to an intended fragment.\n\n\n## Example\nThe following example shows two cases: in the first one, untrusted data is used to instantiate and add a fragment to an activity, while in the second one, a fragment is safely added with a static name.\n\n\n```java\npublic class MyActivity extends FragmentActivity {\n\n    @Override\n    protected void onCreate(Bundle savedInstance) {\n        try {\n            super.onCreate(savedInstance);\n            // BAD: Fragment instantiated from user input without validation\n            {\n                String fName = getIntent().getStringExtra(\"fragmentName\");\n                getFragmentManager().beginTransaction().replace(com.android.internal.R.id.prefs,\n                        Fragment.instantiate(this, fName, null)).commit();\n            }\n            // GOOD: Fragment instantiated statically\n            {\n                getFragmentManager().beginTransaction()\n                        .replace(com.android.internal.R.id.prefs, new MyFragment()).commit();\n            }\n        } catch (Exception e) {\n        }\n    }\n\n}\n\n```\nThe next example shows two activities that extend `PreferenceActivity`. The first activity overrides `isValidFragment`, but it wrongly returns `true` unconditionally. The second activity correctly overrides `isValidFragment` so that it only returns `true` when `fragmentName` is a trusted fragment name.\n\n\n```java\nclass UnsafeActivity extends PreferenceActivity {\n\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // BAD: any Fragment name can be provided.\n        return true;\n    }\n}\n\n\nclass SafeActivity extends PreferenceActivity {\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // Good: only trusted Fragment names are allowed.\n        return SafeFragment1.class.getName().equals(fragmentName)\n                || SafeFragment2.class.getName().equals(fragmentName)\n                || SafeFragment3.class.getName().equals(fragmentName);\n    }\n\n}\n\n\n```\n\n## References\n* Google Help: [How to fix Fragment Injection vulnerability](https://support.google.com/faqs/answer/7188427?hl=en).\n* IBM Security Systems: [Android collapses into Fragments](https://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf).\n* Android Developers: [Fragments](https://developer.android.com/guide/fragments)\n* Common Weakness Enumeration: [CWE-470](https://cwe.mitre.org/data/definitions/470.html).\n"},"properties":{"tags":["security","external/cwe/cwe-470","owasp-top10-2021","A03:2021 - Injection"],"description":"Instantiating an Android fragment from a user-provided value\n              may allow a malicious application to bypass access controls,  exposing the application to unintended effects.","id":"java/android/fragment-injection","kind":"path-problem","name":"Android fragment injection","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/android/fragment-injection-preference-activity","name":"java/android/fragment-injection-preference-activity","shortDescription":{"text":"Android fragment injection in PreferenceActivity"},"fullDescription":{"text":"An insecure implementation of the 'isValidFragment' method of the 'PreferenceActivity' class may allow a malicious application to bypass access controls, exposing the application to unintended effects."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Android fragment injection in PreferenceActivity\nWhen fragments are instantiated with externally provided names, this exposes any exported activity that dynamically creates and hosts the fragment to fragment injection. A malicious application could provide the name of an arbitrary fragment, even one not designed to be externally accessible, and inject it into the activity. This can bypass access controls and expose the application to unintended effects.\n\nFragments are reusable parts of an Android application's user interface. Even though a fragment controls its own lifecycle and layout, and handles its input events, it cannot exist on its own: it must be hosted either by an activity or another fragment. This means that, normally, a fragment will be accessible by third-party applications (that is, exported) only if its hosting activity is itself exported.\n\n\n## Recommendation\nIn general, do not instantiate classes (including fragments) with user-provided names unless the name has been properly validated. Also, if an exported activity is extending the `PreferenceActivity` class, make sure that the `isValidFragment` method is overriden and only returns `true` when the provided `fragmentName` points to an intended fragment.\n\n\n## Example\nThe following example shows two cases: in the first one, untrusted data is used to instantiate and add a fragment to an activity, while in the second one, a fragment is safely added with a static name.\n\n\n```java\npublic class MyActivity extends FragmentActivity {\n\n    @Override\n    protected void onCreate(Bundle savedInstance) {\n        try {\n            super.onCreate(savedInstance);\n            // BAD: Fragment instantiated from user input without validation\n            {\n                String fName = getIntent().getStringExtra(\"fragmentName\");\n                getFragmentManager().beginTransaction().replace(com.android.internal.R.id.prefs,\n                        Fragment.instantiate(this, fName, null)).commit();\n            }\n            // GOOD: Fragment instantiated statically\n            {\n                getFragmentManager().beginTransaction()\n                        .replace(com.android.internal.R.id.prefs, new MyFragment()).commit();\n            }\n        } catch (Exception e) {\n        }\n    }\n\n}\n\n```\nThe next example shows two activities that extend `PreferenceActivity`. The first activity overrides `isValidFragment`, but it wrongly returns `true` unconditionally. The second activity correctly overrides `isValidFragment` so that it only returns `true` when `fragmentName` is a trusted fragment name.\n\n\n```java\nclass UnsafeActivity extends PreferenceActivity {\n\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // BAD: any Fragment name can be provided.\n        return true;\n    }\n}\n\n\nclass SafeActivity extends PreferenceActivity {\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // Good: only trusted Fragment names are allowed.\n        return SafeFragment1.class.getName().equals(fragmentName)\n                || SafeFragment2.class.getName().equals(fragmentName)\n                || SafeFragment3.class.getName().equals(fragmentName);\n    }\n\n}\n\n\n```\n\n## References\n* Google Help: [How to fix Fragment Injection vulnerability](https://support.google.com/faqs/answer/7188427?hl=en).\n* IBM Security Systems: [Android collapses into Fragments](https://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf).\n* Android Developers: [Fragments](https://developer.android.com/guide/fragments)\n* Common Weakness Enumeration: [CWE-470](https://cwe.mitre.org/data/definitions/470.html).\n","markdown":"# Android fragment injection in PreferenceActivity\nWhen fragments are instantiated with externally provided names, this exposes any exported activity that dynamically creates and hosts the fragment to fragment injection. A malicious application could provide the name of an arbitrary fragment, even one not designed to be externally accessible, and inject it into the activity. This can bypass access controls and expose the application to unintended effects.\n\nFragments are reusable parts of an Android application's user interface. Even though a fragment controls its own lifecycle and layout, and handles its input events, it cannot exist on its own: it must be hosted either by an activity or another fragment. This means that, normally, a fragment will be accessible by third-party applications (that is, exported) only if its hosting activity is itself exported.\n\n\n## Recommendation\nIn general, do not instantiate classes (including fragments) with user-provided names unless the name has been properly validated. Also, if an exported activity is extending the `PreferenceActivity` class, make sure that the `isValidFragment` method is overriden and only returns `true` when the provided `fragmentName` points to an intended fragment.\n\n\n## Example\nThe following example shows two cases: in the first one, untrusted data is used to instantiate and add a fragment to an activity, while in the second one, a fragment is safely added with a static name.\n\n\n```java\npublic class MyActivity extends FragmentActivity {\n\n    @Override\n    protected void onCreate(Bundle savedInstance) {\n        try {\n            super.onCreate(savedInstance);\n            // BAD: Fragment instantiated from user input without validation\n            {\n                String fName = getIntent().getStringExtra(\"fragmentName\");\n                getFragmentManager().beginTransaction().replace(com.android.internal.R.id.prefs,\n                        Fragment.instantiate(this, fName, null)).commit();\n            }\n            // GOOD: Fragment instantiated statically\n            {\n                getFragmentManager().beginTransaction()\n                        .replace(com.android.internal.R.id.prefs, new MyFragment()).commit();\n            }\n        } catch (Exception e) {\n        }\n    }\n\n}\n\n```\nThe next example shows two activities that extend `PreferenceActivity`. The first activity overrides `isValidFragment`, but it wrongly returns `true` unconditionally. The second activity correctly overrides `isValidFragment` so that it only returns `true` when `fragmentName` is a trusted fragment name.\n\n\n```java\nclass UnsafeActivity extends PreferenceActivity {\n\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // BAD: any Fragment name can be provided.\n        return true;\n    }\n}\n\n\nclass SafeActivity extends PreferenceActivity {\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // Good: only trusted Fragment names are allowed.\n        return SafeFragment1.class.getName().equals(fragmentName)\n                || SafeFragment2.class.getName().equals(fragmentName)\n                || SafeFragment3.class.getName().equals(fragmentName);\n    }\n\n}\n\n\n```\n\n## References\n* Google Help: [How to fix Fragment Injection vulnerability](https://support.google.com/faqs/answer/7188427?hl=en).\n* IBM Security Systems: [Android collapses into Fragments](https://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf).\n* Android Developers: [Fragments](https://developer.android.com/guide/fragments)\n* Common Weakness Enumeration: [CWE-470](https://cwe.mitre.org/data/definitions/470.html).\n"},"properties":{"tags":["security","external/cwe/cwe-470","owasp-top10-2021","A03:2021 - Injection"],"description":"An insecure implementation of the 'isValidFragment' method\n              of the 'PreferenceActivity' class may allow a malicious application to bypass access controls,\n              exposing the application to unintended effects.","id":"java/android/fragment-injection-preference-activity","kind":"problem","name":"Android fragment injection in PreferenceActivity","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/partial-path-traversal-from-remote","name":"java/partial-path-traversal-from-remote","shortDescription":{"text":"Partial path traversal vulnerability from remote"},"fullDescription":{"text":"A prefix used to check that a canonicalised path falls within another must be slash-terminated."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Partial path traversal vulnerability from remote\nA common way to check that a user-supplied path `SUBDIR` falls inside a directory `DIR` is to use `getCanonicalPath()` to remove any path-traversal elements and then check that `DIR` is a prefix. However, if `DIR` is not slash-terminated, this can unexpectedly allow accessing siblings of `DIR`.\n\nSee also `java/partial-path-traversal`, which is similar to this query, but may also flag non-remotely-exploitable instances of partial path traversal vulnerabilities.\n\n\n## Recommendation\nIf the user should only access items within a certain directory `DIR`, ensure that `DIR` is slash-terminated before checking that `DIR` is a prefix of the user-provided path, `SUBDIR`. Note, Java's `getCanonicalPath()` returns a **non**-slash-terminated path string, so a slash must be added to `DIR` if that method is used.\n\n\n## Example\nIn this example, the `if` statement checks if `parent.getCanonicalPath()` is a prefix of `dir.getCanonicalPath()`. However, `parent.getCanonicalPath()` is not slash-terminated. This means that users that supply `dir` may be also allowed to access siblings of `parent` and not just children of `parent`, which is a security issue.\n\n\n```java\npublic class PartialPathTraversalBad {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\nIn this example, the `if` statement checks if `parent.getCanonicalPath() + File.separator ` is a prefix of `dir.getCanonicalPath()`. Because `parent.getCanonicalPath() + File.separator` is indeed slash-terminated, the user supplying `dir` can only access children of `parent`, as desired.\n\n\n```java\npublic class PartialPathTraversalGood {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Partial Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* CVE-2022-23457: [ ESAPI Vulnerability Report](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n","markdown":"# Partial path traversal vulnerability from remote\nA common way to check that a user-supplied path `SUBDIR` falls inside a directory `DIR` is to use `getCanonicalPath()` to remove any path-traversal elements and then check that `DIR` is a prefix. However, if `DIR` is not slash-terminated, this can unexpectedly allow accessing siblings of `DIR`.\n\nSee also `java/partial-path-traversal`, which is similar to this query, but may also flag non-remotely-exploitable instances of partial path traversal vulnerabilities.\n\n\n## Recommendation\nIf the user should only access items within a certain directory `DIR`, ensure that `DIR` is slash-terminated before checking that `DIR` is a prefix of the user-provided path, `SUBDIR`. Note, Java's `getCanonicalPath()` returns a **non**-slash-terminated path string, so a slash must be added to `DIR` if that method is used.\n\n\n## Example\nIn this example, the `if` statement checks if `parent.getCanonicalPath()` is a prefix of `dir.getCanonicalPath()`. However, `parent.getCanonicalPath()` is not slash-terminated. This means that users that supply `dir` may be also allowed to access siblings of `parent` and not just children of `parent`, which is a security issue.\n\n\n```java\npublic class PartialPathTraversalBad {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\nIn this example, the `if` statement checks if `parent.getCanonicalPath() + File.separator ` is a prefix of `dir.getCanonicalPath()`. Because `parent.getCanonicalPath() + File.separator` is indeed slash-terminated, the user supplying `dir` can only access children of `parent`, as desired.\n\n\n```java\npublic class PartialPathTraversalGood {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Partial Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* CVE-2022-23457: [ ESAPI Vulnerability Report](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n"},"properties":{"tags":["security","external/cwe/cwe-023"],"description":"A prefix used to check that a canonicalised path falls within another must be slash-terminated.","id":"java/partial-path-traversal-from-remote","kind":"path-problem","name":"Partial path traversal vulnerability from remote","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/tainted-format-string","name":"java/tainted-format-string","shortDescription":{"text":"Use of externally-controlled format string"},"fullDescription":{"text":"Using external input in format strings can lead to exceptions or information leaks."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Use of externally-controlled format string\nThe `String.format` method and related methods, like `PrintStream.printf` and `Formatter.format`, all accept a format string that is used to format the trailing arguments to the format call by providing inline format specifiers. If the format string contains unsanitized input from an untrusted source, then that string may contain extra format specifiers that cause an exception to be thrown or information to be leaked.\n\nThe Java standard library implementation for the format methods throws an exception if either the format specifier does not match the type of the argument, or if there are too few or too many arguments. If unsanitized input is used in the format string, it may contain invalid extra format specifiers which cause an exception to be thrown.\n\nPositional format specifiers may be used to access an argument to the format call by position. Unsanitized input in the format string may use a positional format specifier to access information that was not intended to be visible. For example, when formatting a Calendar instance we may intend to print only the year, but a user-specified format string may include a specifier to access the month and day.\n\n\n## Recommendation\nIf the argument passed as a format string is meant to be a plain string rather than a format string, then pass `%s` as the format string, and pass the original argument as the sole trailing argument.\n\n\n## Example\nThe following program is meant to check a card security code for a stored credit card:\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    Calendar expirationDate = new GregorianCalendar(2017, GregorianCalendar.SEPTEMBER, 1);\n    // User provided value\n    String cardSecurityCode = request.getParameter(\"cardSecurityCode\");\n    \n    if (notValid(cardSecurityCode)) {\n      \n      /*\n       * BAD: user provided value is included in the format string.\n       * A malicious user could provide an extra format specifier, which causes an\n       * exception to be thrown. Or they could provide a %1$tm or %1$te format specifier to\n       * access the month or day of the expiration date.\n       */\n      System.out.format(cardSecurityCode +\n                          \" is not the right value. Hint: the card expires in %1$ty.\",\n                        expirationDate);\n      \n      // GOOD: %s is used to include the user-provided cardSecurityCode in the output\n      System.out.format(\"%s is not the right value. Hint: the card expires in %2$ty.\",\n                        cardSecurityCode,\n                        expirationDate);\n    }\n\n  }\n}\n```\nHowever, in the first format call it uses the cardSecurityCode provided by the user in a format string. If the user includes a format specifier in the cardSecurityCode field, they may be able to cause an exception to be thrown, or to be able to access extra information about the stored card expiration date.\n\nThe second format call shows the correct approach. The user-provided value is passed as an argument to the format call. This prevents any format specifiers in the user provided value from being evaluated.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [IDS06-J. Exclude unsanitized user input from format strings](https://wiki.sei.cmu.edu/confluence/display/java/IDS06-J.+Exclude+unsanitized+user+input+from+format+strings).\n* The Java Tutorials: [Formatting Numeric Print Output](https://docs.oracle.com/javase/tutorial/java/data/numberformat.html).\n* Java API Specification: [Formatter](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/Formatter.html).\n* Common Weakness Enumeration: [CWE-134](https://cwe.mitre.org/data/definitions/134.html).\n","markdown":"# Use of externally-controlled format string\nThe `String.format` method and related methods, like `PrintStream.printf` and `Formatter.format`, all accept a format string that is used to format the trailing arguments to the format call by providing inline format specifiers. If the format string contains unsanitized input from an untrusted source, then that string may contain extra format specifiers that cause an exception to be thrown or information to be leaked.\n\nThe Java standard library implementation for the format methods throws an exception if either the format specifier does not match the type of the argument, or if there are too few or too many arguments. If unsanitized input is used in the format string, it may contain invalid extra format specifiers which cause an exception to be thrown.\n\nPositional format specifiers may be used to access an argument to the format call by position. Unsanitized input in the format string may use a positional format specifier to access information that was not intended to be visible. For example, when formatting a Calendar instance we may intend to print only the year, but a user-specified format string may include a specifier to access the month and day.\n\n\n## Recommendation\nIf the argument passed as a format string is meant to be a plain string rather than a format string, then pass `%s` as the format string, and pass the original argument as the sole trailing argument.\n\n\n## Example\nThe following program is meant to check a card security code for a stored credit card:\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    Calendar expirationDate = new GregorianCalendar(2017, GregorianCalendar.SEPTEMBER, 1);\n    // User provided value\n    String cardSecurityCode = request.getParameter(\"cardSecurityCode\");\n    \n    if (notValid(cardSecurityCode)) {\n      \n      /*\n       * BAD: user provided value is included in the format string.\n       * A malicious user could provide an extra format specifier, which causes an\n       * exception to be thrown. Or they could provide a %1$tm or %1$te format specifier to\n       * access the month or day of the expiration date.\n       */\n      System.out.format(cardSecurityCode +\n                          \" is not the right value. Hint: the card expires in %1$ty.\",\n                        expirationDate);\n      \n      // GOOD: %s is used to include the user-provided cardSecurityCode in the output\n      System.out.format(\"%s is not the right value. Hint: the card expires in %2$ty.\",\n                        cardSecurityCode,\n                        expirationDate);\n    }\n\n  }\n}\n```\nHowever, in the first format call it uses the cardSecurityCode provided by the user in a format string. If the user includes a format specifier in the cardSecurityCode field, they may be able to cause an exception to be thrown, or to be able to access extra information about the stored card expiration date.\n\nThe second format call shows the correct approach. The user-provided value is passed as an argument to the format call. This prevents any format specifiers in the user provided value from being evaluated.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [IDS06-J. Exclude unsanitized user input from format strings](https://wiki.sei.cmu.edu/confluence/display/java/IDS06-J.+Exclude+unsanitized+user+input+from+format+strings).\n* The Java Tutorials: [Formatting Numeric Print Output](https://docs.oracle.com/javase/tutorial/java/data/numberformat.html).\n* Java API Specification: [Formatter](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/Formatter.html).\n* Common Weakness Enumeration: [CWE-134](https://cwe.mitre.org/data/definitions/134.html).\n"},"properties":{"tags":["security","external/cwe/cwe-134"],"description":"Using external input in format strings can lead to exceptions or information leaks.","id":"java/tainted-format-string","kind":"path-problem","name":"Use of externally-controlled format string","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/xml/xpath-injection","name":"java/xml/xpath-injection","shortDescription":{"text":"XPath injection"},"fullDescription":{"text":"Building an XPath expression from user-controlled sources is vulnerable to insertion of malicious code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# XPath injection\nIf an XPath expression is built using string concatenation, and the components of the concatenation include user input, it makes it very easy for a user to create a malicious XPath expression.\n\n\n## Recommendation\nIf user input must be included in an XPath expression, either sanitize the data or pre-compile the query and use variable references to include the user input.\n\nXPath injection can also be prevented by using XQuery.\n\n\n## Example\nIn the first three examples, the code accepts a name and password specified by the user, and uses this unvalidated and unsanitized value in an XPath expression. This is vulnerable to the user providing special characters or string sequences that change the meaning of the XPath expression to search for different values.\n\nIn the fourth example, the code uses `setXPathVariableResolver` which prevents XPath injection.\n\nThe final two examples are for dom4j. They show an example of XPath injection and one method of preventing it.\n\n\n```java\nfinal String xmlStr = \"<users>\" + \n                        \"   <user name=\\\"aaa\\\" pass=\\\"pass1\\\"></user>\" + \n                        \"   <user name=\\\"bbb\\\" pass=\\\"pass2\\\"></user>\" + \n                        \"</users>\";\ntry {\n    DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();\n    domFactory.setNamespaceAware(true);\n    DocumentBuilder builder = domFactory.newDocumentBuilder();\n    //Document doc = builder.parse(\"user.xml\");\n    Document doc = builder.parse(new InputSource(new StringReader(xmlStr)));\n\n    XPathFactory factory = XPathFactory.newInstance();\n    XPath xpath = factory.newXPath();\n\n    // Injectable data\n    String user = request.getParameter(\"user\");\n    String pass = request.getParameter(\"pass\");\n    if (user != null && pass != null) {\n        boolean isExist = false;\n\n        // Bad expression\n        String expression1 = \"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\";\n        isExist = (boolean)xpath.evaluate(expression1, doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Bad expression\n        XPathExpression expression2 = xpath.compile(\"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\");\n        isExist = (boolean)expression2.evaluate(doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Bad expression\n        StringBuffer sb = new StringBuffer(\"/users/user[@name=\");\n        sb.append(user);\n        sb.append(\"' and @pass='\");\n        sb.append(pass);\n        sb.append(\"']\");\n        String query = sb.toString();\n        XPathExpression expression3 = xpath.compile(query);\n        isExist = (boolean)expression3.evaluate(doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Good expression\n        String expression4 = \"/users/user[@name=$user and @pass=$pass]\";\n        xpath.setXPathVariableResolver(v -> {\n        switch (v.getLocalPart()) {\n            case \"user\":\n                return user;\n            case \"pass\":\n                return pass;\n            default:\n                throw new IllegalArgumentException();\n            }\n        });\n        isExist = (boolean)xpath.evaluate(expression4, doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n\n        // Bad Dom4j \n        org.dom4j.io.SAXReader reader = new org.dom4j.io.SAXReader();\n        org.dom4j.Document document = reader.read(new InputSource(new StringReader(xmlStr)));\n        isExist = document.selectSingleNode(\"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\") != null;\n        // or document.selectNodes\n        System.out.println(isExist);\n\n        // Good Dom4j\n        org.jaxen.SimpleVariableContext svc = new org.jaxen.SimpleVariableContext();\n        svc.setVariableValue(\"user\", user);\n        svc.setVariableValue(\"pass\", pass);\n        String xpathString = \"/users/user[@name=$user and @pass=$pass]\";\n        org.dom4j.XPath safeXPath = document.createXPath(xpathString);\n        safeXPath.setVariableContext(svc);\n        isExist = safeXPath.selectSingleNode(document) != null;\n        System.out.println(isExist);\n    }\n} catch (ParserConfigurationException e) {\n\n} catch (SAXException e) {\n\n} catch (XPathExpressionException e) {\n\n} catch (org.dom4j.DocumentException e) {\n\n}\n```\n\n## References\n* OWASP: [Testing for XPath Injection](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection).\n* OWASP: [XPath Injection](https://owasp.org/www-community/attacks/XPATH_Injection).\n* Common Weakness Enumeration: [CWE-643](https://cwe.mitre.org/data/definitions/643.html).\n","markdown":"# XPath injection\nIf an XPath expression is built using string concatenation, and the components of the concatenation include user input, it makes it very easy for a user to create a malicious XPath expression.\n\n\n## Recommendation\nIf user input must be included in an XPath expression, either sanitize the data or pre-compile the query and use variable references to include the user input.\n\nXPath injection can also be prevented by using XQuery.\n\n\n## Example\nIn the first three examples, the code accepts a name and password specified by the user, and uses this unvalidated and unsanitized value in an XPath expression. This is vulnerable to the user providing special characters or string sequences that change the meaning of the XPath expression to search for different values.\n\nIn the fourth example, the code uses `setXPathVariableResolver` which prevents XPath injection.\n\nThe final two examples are for dom4j. They show an example of XPath injection and one method of preventing it.\n\n\n```java\nfinal String xmlStr = \"<users>\" + \n                        \"   <user name=\\\"aaa\\\" pass=\\\"pass1\\\"></user>\" + \n                        \"   <user name=\\\"bbb\\\" pass=\\\"pass2\\\"></user>\" + \n                        \"</users>\";\ntry {\n    DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();\n    domFactory.setNamespaceAware(true);\n    DocumentBuilder builder = domFactory.newDocumentBuilder();\n    //Document doc = builder.parse(\"user.xml\");\n    Document doc = builder.parse(new InputSource(new StringReader(xmlStr)));\n\n    XPathFactory factory = XPathFactory.newInstance();\n    XPath xpath = factory.newXPath();\n\n    // Injectable data\n    String user = request.getParameter(\"user\");\n    String pass = request.getParameter(\"pass\");\n    if (user != null && pass != null) {\n        boolean isExist = false;\n\n        // Bad expression\n        String expression1 = \"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\";\n        isExist = (boolean)xpath.evaluate(expression1, doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Bad expression\n        XPathExpression expression2 = xpath.compile(\"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\");\n        isExist = (boolean)expression2.evaluate(doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Bad expression\n        StringBuffer sb = new StringBuffer(\"/users/user[@name=\");\n        sb.append(user);\n        sb.append(\"' and @pass='\");\n        sb.append(pass);\n        sb.append(\"']\");\n        String query = sb.toString();\n        XPathExpression expression3 = xpath.compile(query);\n        isExist = (boolean)expression3.evaluate(doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Good expression\n        String expression4 = \"/users/user[@name=$user and @pass=$pass]\";\n        xpath.setXPathVariableResolver(v -> {\n        switch (v.getLocalPart()) {\n            case \"user\":\n                return user;\n            case \"pass\":\n                return pass;\n            default:\n                throw new IllegalArgumentException();\n            }\n        });\n        isExist = (boolean)xpath.evaluate(expression4, doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n\n        // Bad Dom4j \n        org.dom4j.io.SAXReader reader = new org.dom4j.io.SAXReader();\n        org.dom4j.Document document = reader.read(new InputSource(new StringReader(xmlStr)));\n        isExist = document.selectSingleNode(\"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\") != null;\n        // or document.selectNodes\n        System.out.println(isExist);\n\n        // Good Dom4j\n        org.jaxen.SimpleVariableContext svc = new org.jaxen.SimpleVariableContext();\n        svc.setVariableValue(\"user\", user);\n        svc.setVariableValue(\"pass\", pass);\n        String xpathString = \"/users/user[@name=$user and @pass=$pass]\";\n        org.dom4j.XPath safeXPath = document.createXPath(xpathString);\n        safeXPath.setVariableContext(svc);\n        isExist = safeXPath.selectSingleNode(document) != null;\n        System.out.println(isExist);\n    }\n} catch (ParserConfigurationException e) {\n\n} catch (SAXException e) {\n\n} catch (XPathExpressionException e) {\n\n} catch (org.dom4j.DocumentException e) {\n\n}\n```\n\n## References\n* OWASP: [Testing for XPath Injection](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection).\n* OWASP: [XPath Injection](https://owasp.org/www-community/attacks/XPATH_Injection).\n* Common Weakness Enumeration: [CWE-643](https://cwe.mitre.org/data/definitions/643.html).\n"},"properties":{"tags":["security","external/cwe/cwe-643","owasp-top10-2021","A03:2021 - Injection"],"description":"Building an XPath expression from user-controlled sources is vulnerable to insertion of\n              malicious code by the user.","id":"java/xml/xpath-injection","kind":"path-problem","name":"XPath injection","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/improper-intent-verification","name":"java/improper-intent-verification","shortDescription":{"text":"Improper verification of intent by broadcast receiver"},"fullDescription":{"text":"A broadcast receiver that does not verify intents it receives may be susceptible to unintended behavior by third party applications sending it explicit intents."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Improper verification of intent by broadcast receiver\nWhen an Android application uses a `BroadcastReceiver` to receive intents, it is also able to receive explicit intents that are sent directly to it, regardless of its filter. Certain intent actions are only able to be sent by the operating system, not third-party applications. However, a `BroadcastReceiver` that is registered to receive system intents is still able to receive intents from a third-party application, so it should check that the intent received has the expected action. Otherwise, a third-party application could impersonate the system this way to cause unintended behavior, such as a denial of service.\n\n\n## Example\nIn the following code, the `ShutdownReceiver` initiates a shutdown procedure upon receiving an intent, without checking that the received action is indeed `ACTION_SHUTDOWN`. This allows third-party applications to send explicit intents to this receiver to cause a denial of service.\n\n\n```java\npublic class ShutdownReceiver extends BroadcastReceiver {\n    @Override\n    public void onReceive(final Context context, final Intent intent) {\n        mainActivity.saveLocalData();\n        mainActivity.stopActivity();\n    }\n}\n```\n\n```xml\n<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\" package=\"test\">\n    <application>\n        <receiver android:name=\".BootReceiverXml\">\n            <intent-filter>\n                <action android:name=\"android.intent.action.BOOT_COMPLETED\" />\n            </intent-filter>\n        </receiver>\n    </application>\n</manifest>\n```\n\n## Recommendation\nIn the `onReceive` method of a `BroadcastReceiver`, the action of the received Intent should be checked. The following code demonstrates this.\n\n\n```java\npublic class ShutdownReceiver extends BroadcastReceiver {\n    @Override\n    public void onReceive(final Context context, final Intent intent) {\n        if (!intent.getAction().equals(Intent.ACTION_SHUTDOWN)) {\n            return;\n        }\n        mainActivity.saveLocalData();\n        mainActivity.stopActivity();\n    }\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-925](https://cwe.mitre.org/data/definitions/925.html).\n","markdown":"# Improper verification of intent by broadcast receiver\nWhen an Android application uses a `BroadcastReceiver` to receive intents, it is also able to receive explicit intents that are sent directly to it, regardless of its filter. Certain intent actions are only able to be sent by the operating system, not third-party applications. However, a `BroadcastReceiver` that is registered to receive system intents is still able to receive intents from a third-party application, so it should check that the intent received has the expected action. Otherwise, a third-party application could impersonate the system this way to cause unintended behavior, such as a denial of service.\n\n\n## Example\nIn the following code, the `ShutdownReceiver` initiates a shutdown procedure upon receiving an intent, without checking that the received action is indeed `ACTION_SHUTDOWN`. This allows third-party applications to send explicit intents to this receiver to cause a denial of service.\n\n\n```java\npublic class ShutdownReceiver extends BroadcastReceiver {\n    @Override\n    public void onReceive(final Context context, final Intent intent) {\n        mainActivity.saveLocalData();\n        mainActivity.stopActivity();\n    }\n}\n```\n\n```xml\n<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\" package=\"test\">\n    <application>\n        <receiver android:name=\".BootReceiverXml\">\n            <intent-filter>\n                <action android:name=\"android.intent.action.BOOT_COMPLETED\" />\n            </intent-filter>\n        </receiver>\n    </application>\n</manifest>\n```\n\n## Recommendation\nIn the `onReceive` method of a `BroadcastReceiver`, the action of the received Intent should be checked. The following code demonstrates this.\n\n\n```java\npublic class ShutdownReceiver extends BroadcastReceiver {\n    @Override\n    public void onReceive(final Context context, final Intent intent) {\n        if (!intent.getAction().equals(Intent.ACTION_SHUTDOWN)) {\n            return;\n        }\n        mainActivity.saveLocalData();\n        mainActivity.stopActivity();\n    }\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-925](https://cwe.mitre.org/data/definitions/925.html).\n"},"properties":{"tags":["security","external/cwe/cwe-925"],"description":"A broadcast receiver that does not verify intents it receives may be susceptible to unintended behavior by third party applications sending it explicit intents.","id":"java/improper-intent-verification","kind":"problem","name":"Improper verification of intent by broadcast receiver","precision":"high","problem.severity":"warning","security-severity":"8.2"}},{"id":"java/unsafe-hostname-verification","name":"java/unsafe-hostname-verification","shortDescription":{"text":"Unsafe hostname verification"},"fullDescription":{"text":"Marking a certificate as valid for a host without checking the certificate hostname allows an attacker to perform a machine-in-the-middle attack."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Unsafe hostname verification\nIf a `HostnameVerifier` always returns `true` it will not verify the hostname at all. This stops Transport Layer Security (TLS) providing any security and allows an attacker to perform a man-in-the-middle attack against the application.\n\nAn attack might look like this:\n\n1. The program connects to `https://example.com`.\n1. The attacker intercepts this connection and presents an apparently-valid certificate of their choosing.\n1. The `TrustManager` of the program verifies that the certificate has been issued by a trusted certificate authority.\n1. The Java HTTPS library checks whether the certificate has been issued for the host `example.com`. This check fails because the certificate has been issued for a domain controlled by the attacker, for example: `malicious.domain`.\n1. The HTTPS library wants to reject the certificate because the hostname does not match. Before doing this it checks whether a `HostnameVerifier` exists.\n1. Your `HostnameVerifier` is called which returns `true` for any certificate so also for this one.\n1. The program proceeds with the connection since your `HostnameVerifier` accepted it.\n1. The attacker can now read the data your program sends to `https://example.com` and/or alter its replies while the program thinks the connection is secure.\n\n## Recommendation\nDo not use an open `HostnameVerifier`. If you have a configuration problem with TLS/HTTPS, you should always solve the configuration problem instead of using an open verifier.\n\n\n## Example\nIn the first (bad) example, the `HostnameVerifier` always returns `true`. This allows an attacker to perform a man-in-the-middle attack, because any certificate is accepted despite an incorrect hostname. In the second (good) example, the `HostnameVerifier` only returns `true` when the certificate has been correctly checked.\n\n\n```java\npublic static void main(String[] args) {\n\n\t{\n\t\tHostnameVerifier verifier = new HostnameVerifier() {\n\t\t\t@Override\n\t\t\tpublic boolean verify(String hostname, SSLSession session) {\n\t\t\t\treturn true; // BAD: accept even if the hostname doesn't match\n\t\t\t}\n\t\t};\n\t\tHttpsURLConnection.setDefaultHostnameVerifier(verifier);\n\t}\n\n\t{\n\t\tHostnameVerifier verifier = new HostnameVerifier() {\n\t\t\t@Override\n\t\t\tpublic boolean verify(String hostname, SSLSession session) {\n\t\t\t\ttry { // GOOD: verify the certificate\n\t\t\t\t\tCertificate[] certs = session.getPeerCertificates();\n\t\t\t\t\tX509Certificate x509 = (X509Certificate) certs[0];\n\t\t\t\t\tcheck(new String[]{host}, x509);\n\t\t\t\t\treturn true;\n\t\t\t\t} catch (SSLException e) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t}\n\t\t};\n\t\tHttpsURLConnection.setDefaultHostnameVerifier(verifier);\n\t}\n\n}\n```\n\n## References\n* Android developers: [Security with HTTPS and SSL](https://developer.android.com/training/articles/security-ssl).\n* Terse systems blog: [Fixing Hostname Verification](https://tersesystems.com/blog/2014/03/23/fixing-hostname-verification/).\n* Common Weakness Enumeration: [CWE-297](https://cwe.mitre.org/data/definitions/297.html).\n","markdown":"# Unsafe hostname verification\nIf a `HostnameVerifier` always returns `true` it will not verify the hostname at all. This stops Transport Layer Security (TLS) providing any security and allows an attacker to perform a man-in-the-middle attack against the application.\n\nAn attack might look like this:\n\n1. The program connects to `https://example.com`.\n1. The attacker intercepts this connection and presents an apparently-valid certificate of their choosing.\n1. The `TrustManager` of the program verifies that the certificate has been issued by a trusted certificate authority.\n1. The Java HTTPS library checks whether the certificate has been issued for the host `example.com`. This check fails because the certificate has been issued for a domain controlled by the attacker, for example: `malicious.domain`.\n1. The HTTPS library wants to reject the certificate because the hostname does not match. Before doing this it checks whether a `HostnameVerifier` exists.\n1. Your `HostnameVerifier` is called which returns `true` for any certificate so also for this one.\n1. The program proceeds with the connection since your `HostnameVerifier` accepted it.\n1. The attacker can now read the data your program sends to `https://example.com` and/or alter its replies while the program thinks the connection is secure.\n\n## Recommendation\nDo not use an open `HostnameVerifier`. If you have a configuration problem with TLS/HTTPS, you should always solve the configuration problem instead of using an open verifier.\n\n\n## Example\nIn the first (bad) example, the `HostnameVerifier` always returns `true`. This allows an attacker to perform a man-in-the-middle attack, because any certificate is accepted despite an incorrect hostname. In the second (good) example, the `HostnameVerifier` only returns `true` when the certificate has been correctly checked.\n\n\n```java\npublic static void main(String[] args) {\n\n\t{\n\t\tHostnameVerifier verifier = new HostnameVerifier() {\n\t\t\t@Override\n\t\t\tpublic boolean verify(String hostname, SSLSession session) {\n\t\t\t\treturn true; // BAD: accept even if the hostname doesn't match\n\t\t\t}\n\t\t};\n\t\tHttpsURLConnection.setDefaultHostnameVerifier(verifier);\n\t}\n\n\t{\n\t\tHostnameVerifier verifier = new HostnameVerifier() {\n\t\t\t@Override\n\t\t\tpublic boolean verify(String hostname, SSLSession session) {\n\t\t\t\ttry { // GOOD: verify the certificate\n\t\t\t\t\tCertificate[] certs = session.getPeerCertificates();\n\t\t\t\t\tX509Certificate x509 = (X509Certificate) certs[0];\n\t\t\t\t\tcheck(new String[]{host}, x509);\n\t\t\t\t\treturn true;\n\t\t\t\t} catch (SSLException e) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t}\n\t\t};\n\t\tHttpsURLConnection.setDefaultHostnameVerifier(verifier);\n\t}\n\n}\n```\n\n## References\n* Android developers: [Security with HTTPS and SSL](https://developer.android.com/training/articles/security-ssl).\n* Terse systems blog: [Fixing Hostname Verification](https://tersesystems.com/blog/2014/03/23/fixing-hostname-verification/).\n* Common Weakness Enumeration: [CWE-297](https://cwe.mitre.org/data/definitions/297.html).\n"},"properties":{"tags":["security","external/cwe/cwe-297","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Marking a certificate as valid for a host without checking the certificate hostname allows an attacker to perform a machine-in-the-middle attack.","id":"java/unsafe-hostname-verification","kind":"path-problem","name":"Unsafe hostname verification","precision":"high","problem.severity":"error","security-severity":"5.9"}},{"id":"java/xxe","name":"java/xxe","shortDescription":{"text":"Resolving XML external entity in user-controlled data"},"fullDescription":{"text":"Parsing user-controlled XML documents and allowing expansion of external entity references may lead to disclosure of confidential data or denial of service."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Resolving XML external entity in user-controlled data\nParsing untrusted XML files with a weakly configured XML parser may lead to an XML External Entity (XXE) attack. This type of attack uses external entity references to access arbitrary files on a system, carry out denial of service, or server side request forgery. Even when the result of parsing is not returned to the user, out-of-band data retrieval techniques may allow attackers to steal sensitive data. Denial of services can also be carried out in this situation.\n\nThere are many XML parsers for Java, and most of them are vulnerable to XXE because their default settings enable parsing of external entities. This query currently identifies vulnerable XML parsing from the following parsers: `javax.xml.parsers.DocumentBuilder`, `javax.xml.stream.XMLStreamReader`, `org.jdom.input.SAXBuilder`/`org.jdom2.input.SAXBuilder`, `javax.xml.parsers.SAXParser`,`org.dom4j.io.SAXReader`, `org.xml.sax.XMLReader`, `javax.xml.transform.sax.SAXSource`, `javax.xml.transform.TransformerFactory`, `javax.xml.transform.sax.SAXTransformerFactory`, `javax.xml.validation.SchemaFactory`, `javax.xml.bind.Unmarshaller` and `javax.xml.xpath.XPathExpression`.\n\n\n## Recommendation\nThe best way to prevent XXE attacks is to disable the parsing of any Document Type Declarations (DTDs) in untrusted data. If this is not possible you should disable the parsing of external general entities and external parameter entities. This improves security but the code will still be at risk of denial of service and server side request forgery attacks. Protection against denial of service attacks may also be implemented by setting entity expansion limits, which is done by default in recent JDK and JRE implementations. Because there are many different ways to disable external entity retrieval with varying support between different providers, in this query we choose to specifically check for the [OWASP recommended way](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java) to disable external entity retrieval for a particular parser. There may be other ways of making a particular parser safe which deviate from these guidelines, in which case this query will continue to flag the parser as potentially dangerous.\n\n\n## Example\nThe following example calls `parse` on a `DocumentBuilder` that is not safely configured on untrusted data, and is therefore inherently unsafe.\n\n\n```java\npublic void parse(Socket sock) throws Exception {\n  DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();\n  DocumentBuilder builder = factory.newDocumentBuilder();\n  builder.parse(sock.getInputStream()); //unsafe\n}\n\n```\nIn this example, the `DocumentBuilder` is created with DTD disabled, securing it against XXE attack.\n\n\n```java\npublic void disableDTDParse(Socket sock) throws Exception {\n  DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();\n  factory.setFeature(\"http://apache.org/xml/features/disallow-doctype-decl\", true);\n  DocumentBuilder builder = factory.newDocumentBuilder();\n  builder.parse(sock.getInputStream()); //safe\n}\n\n```\n\n## References\n* OWASP vulnerability description: [XML External Entity (XXE) Processing](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing).\n* OWASP guidance on parsing xml files: [XXE Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java).\n* Paper by Timothy Morgen: [XML Schema, DTD, and Entity Attacks](https://research.nccgroup.com/2014/05/19/xml-schema-dtd-and-entity-attacks-a-compendium-of-known-techniques/)\n* Out-of-band data retrieval: Timur Yunusov &amp; Alexey Osipov, Black hat EU 2013: [XML Out-Of-Band Data Retrieval](https://www.slideshare.net/qqlan/bh-ready-v4).\n* Denial of service attack (Billion laughs): [Billion Laughs.](https://en.wikipedia.org/wiki/Billion_laughs)\n* The Java Tutorials: [Processing Limit Definitions.](https://docs.oracle.com/javase/tutorial/jaxp/limits/limits.html)\n* Common Weakness Enumeration: [CWE-611](https://cwe.mitre.org/data/definitions/611.html).\n* Common Weakness Enumeration: [CWE-776](https://cwe.mitre.org/data/definitions/776.html).\n* Common Weakness Enumeration: [CWE-827](https://cwe.mitre.org/data/definitions/827.html).\n","markdown":"# Resolving XML external entity in user-controlled data\nParsing untrusted XML files with a weakly configured XML parser may lead to an XML External Entity (XXE) attack. This type of attack uses external entity references to access arbitrary files on a system, carry out denial of service, or server side request forgery. Even when the result of parsing is not returned to the user, out-of-band data retrieval techniques may allow attackers to steal sensitive data. Denial of services can also be carried out in this situation.\n\nThere are many XML parsers for Java, and most of them are vulnerable to XXE because their default settings enable parsing of external entities. This query currently identifies vulnerable XML parsing from the following parsers: `javax.xml.parsers.DocumentBuilder`, `javax.xml.stream.XMLStreamReader`, `org.jdom.input.SAXBuilder`/`org.jdom2.input.SAXBuilder`, `javax.xml.parsers.SAXParser`,`org.dom4j.io.SAXReader`, `org.xml.sax.XMLReader`, `javax.xml.transform.sax.SAXSource`, `javax.xml.transform.TransformerFactory`, `javax.xml.transform.sax.SAXTransformerFactory`, `javax.xml.validation.SchemaFactory`, `javax.xml.bind.Unmarshaller` and `javax.xml.xpath.XPathExpression`.\n\n\n## Recommendation\nThe best way to prevent XXE attacks is to disable the parsing of any Document Type Declarations (DTDs) in untrusted data. If this is not possible you should disable the parsing of external general entities and external parameter entities. This improves security but the code will still be at risk of denial of service and server side request forgery attacks. Protection against denial of service attacks may also be implemented by setting entity expansion limits, which is done by default in recent JDK and JRE implementations. Because there are many different ways to disable external entity retrieval with varying support between different providers, in this query we choose to specifically check for the [OWASP recommended way](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java) to disable external entity retrieval for a particular parser. There may be other ways of making a particular parser safe which deviate from these guidelines, in which case this query will continue to flag the parser as potentially dangerous.\n\n\n## Example\nThe following example calls `parse` on a `DocumentBuilder` that is not safely configured on untrusted data, and is therefore inherently unsafe.\n\n\n```java\npublic void parse(Socket sock) throws Exception {\n  DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();\n  DocumentBuilder builder = factory.newDocumentBuilder();\n  builder.parse(sock.getInputStream()); //unsafe\n}\n\n```\nIn this example, the `DocumentBuilder` is created with DTD disabled, securing it against XXE attack.\n\n\n```java\npublic void disableDTDParse(Socket sock) throws Exception {\n  DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();\n  factory.setFeature(\"http://apache.org/xml/features/disallow-doctype-decl\", true);\n  DocumentBuilder builder = factory.newDocumentBuilder();\n  builder.parse(sock.getInputStream()); //safe\n}\n\n```\n\n## References\n* OWASP vulnerability description: [XML External Entity (XXE) Processing](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing).\n* OWASP guidance on parsing xml files: [XXE Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java).\n* Paper by Timothy Morgen: [XML Schema, DTD, and Entity Attacks](https://research.nccgroup.com/2014/05/19/xml-schema-dtd-and-entity-attacks-a-compendium-of-known-techniques/)\n* Out-of-band data retrieval: Timur Yunusov &amp; Alexey Osipov, Black hat EU 2013: [XML Out-Of-Band Data Retrieval](https://www.slideshare.net/qqlan/bh-ready-v4).\n* Denial of service attack (Billion laughs): [Billion Laughs.](https://en.wikipedia.org/wiki/Billion_laughs)\n* The Java Tutorials: [Processing Limit Definitions.](https://docs.oracle.com/javase/tutorial/jaxp/limits/limits.html)\n* Common Weakness Enumeration: [CWE-611](https://cwe.mitre.org/data/definitions/611.html).\n* Common Weakness Enumeration: [CWE-776](https://cwe.mitre.org/data/definitions/776.html).\n* Common Weakness Enumeration: [CWE-827](https://cwe.mitre.org/data/definitions/827.html).\n"},"properties":{"tags":["security","external/cwe/cwe-611","external/cwe/cwe-776","external/cwe/cwe-827","owasp-top10-2021","A05:2021 - Security Misconfiguration"],"description":"Parsing user-controlled XML documents and allowing expansion of external entity\n references may lead to disclosure of confidential data or denial of service.","id":"java/xxe","kind":"path-problem","name":"Resolving XML external entity in user-controlled data","precision":"high","problem.severity":"error","security-severity":"9.1"}},{"id":"java/unvalidated-url-redirection","name":"java/unvalidated-url-redirection","shortDescription":{"text":"URL redirection from remote source"},"fullDescription":{"text":"URL redirection based on unvalidated user-input may cause redirection to malicious web sites."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# URL redirection from remote source\nDirectly incorporating user input into a URL redirect request without validating the input can facilitate phishing attacks. In these attacks, unsuspecting users can be redirected to a malicious site that looks very similar to the real site they intend to visit, but which is controlled by the attacker.\n\n\n## Recommendation\nTo guard against untrusted URL redirection, it is advisable to avoid putting user input directly into a redirect URL. Instead, maintain a list of authorized redirects on the server; then choose from that list based on the user input provided.\n\n\n## Example\nThe following example shows an HTTP request parameter being used directly in a URL redirect without validating the input, which facilitates phishing attacks. It also shows how to remedy the problem by validating the user input against a known fixed string.\n\n\n```java\npublic class UrlRedirect extends HttpServlet {\n\tprivate static final String VALID_REDIRECT = \"http://cwe.mitre.org/data/definitions/601.html\";\n\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: a request parameter is incorporated without validation into a URL redirect\n\t\tresponse.sendRedirect(request.getParameter(\"target\"));\n\n\t\t// GOOD: the request parameter is validated against a known fixed string\n\t\tif (VALID_REDIRECT.equals(request.getParameter(\"target\"))) {\n\t\t\tresponse.sendRedirect(VALID_REDIRECT);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* Common Weakness Enumeration: [CWE-601](https://cwe.mitre.org/data/definitions/601.html).\n","markdown":"# URL redirection from remote source\nDirectly incorporating user input into a URL redirect request without validating the input can facilitate phishing attacks. In these attacks, unsuspecting users can be redirected to a malicious site that looks very similar to the real site they intend to visit, but which is controlled by the attacker.\n\n\n## Recommendation\nTo guard against untrusted URL redirection, it is advisable to avoid putting user input directly into a redirect URL. Instead, maintain a list of authorized redirects on the server; then choose from that list based on the user input provided.\n\n\n## Example\nThe following example shows an HTTP request parameter being used directly in a URL redirect without validating the input, which facilitates phishing attacks. It also shows how to remedy the problem by validating the user input against a known fixed string.\n\n\n```java\npublic class UrlRedirect extends HttpServlet {\n\tprivate static final String VALID_REDIRECT = \"http://cwe.mitre.org/data/definitions/601.html\";\n\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: a request parameter is incorporated without validation into a URL redirect\n\t\tresponse.sendRedirect(request.getParameter(\"target\"));\n\n\t\t// GOOD: the request parameter is validated against a known fixed string\n\t\tif (VALID_REDIRECT.equals(request.getParameter(\"target\"))) {\n\t\t\tresponse.sendRedirect(VALID_REDIRECT);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* Common Weakness Enumeration: [CWE-601](https://cwe.mitre.org/data/definitions/601.html).\n"},"properties":{"tags":["security","external/cwe/cwe-601","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"URL redirection based on unvalidated user-input\n              may cause redirection to malicious web sites.","id":"java/unvalidated-url-redirection","kind":"path-problem","name":"URL redirection from remote source","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"java/command-line-injection","name":"java/command-line-injection","shortDescription":{"text":"Uncontrolled command line"},"fullDescription":{"text":"Using externally controlled strings in a command line is vulnerable to malicious changes in the strings."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Uncontrolled command line\nCode that passes user input directly to `Runtime.exec`, or some other library routine that executes a command, allows the user to execute malicious code.\n\n\n## Recommendation\nIf possible, use hard-coded string literals to specify the command to run or library to load. Instead of passing the user input directly to the process or library function, examine the user input and then choose among hard-coded string literals.\n\nIf the applicable libraries or commands cannot be determined at compile time, then add code to verify that the user input string is safe before using it.\n\n\n## Example\nThe following example shows code that takes a shell script that can be changed maliciously by a user, and passes it straight to `Runtime.exec` without examining it first.\n\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        String script = System.getenv(\"SCRIPTNAME\");\n        if (script != null) {\n            // BAD: The script to be executed is controlled by the user.\n            Runtime.getRuntime().exec(script);\n        }\n    }\n}\n```\n\n## References\n* OWASP: [Command Injection](https://www.owasp.org/index.php/Command_Injection).\n* SEI CERT Oracle Coding Standard for Java: [IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method](https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method).\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n","markdown":"# Uncontrolled command line\nCode that passes user input directly to `Runtime.exec`, or some other library routine that executes a command, allows the user to execute malicious code.\n\n\n## Recommendation\nIf possible, use hard-coded string literals to specify the command to run or library to load. Instead of passing the user input directly to the process or library function, examine the user input and then choose among hard-coded string literals.\n\nIf the applicable libraries or commands cannot be determined at compile time, then add code to verify that the user input string is safe before using it.\n\n\n## Example\nThe following example shows code that takes a shell script that can be changed maliciously by a user, and passes it straight to `Runtime.exec` without examining it first.\n\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        String script = System.getenv(\"SCRIPTNAME\");\n        if (script != null) {\n            // BAD: The script to be executed is controlled by the user.\n            Runtime.getRuntime().exec(script);\n        }\n    }\n}\n```\n\n## References\n* OWASP: [Command Injection](https://www.owasp.org/index.php/Command_Injection).\n* SEI CERT Oracle Coding Standard for Java: [IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method](https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method).\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n"},"properties":{"tags":["security","external/cwe/cwe-078","external/cwe/cwe-088"],"description":"Using externally controlled strings in a command line is vulnerable to malicious\n              changes in the strings.","id":"java/command-line-injection","kind":"path-problem","name":"Uncontrolled command line","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/concatenated-command-line","name":"java/concatenated-command-line","shortDescription":{"text":"Building a command line with string concatenation"},"fullDescription":{"text":"Using concatenated strings in a command line is vulnerable to malicious insertion of special characters in the strings."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Building a command line with string concatenation\nCode that builds a command line by concatenating strings that have been entered by a user allows the user to execute malicious code.\n\n\n## Recommendation\nExecute external commands using an array of strings rather than a single string. By using an array, many possible vulnerabilities in the formatting of the string are avoided.\n\n\n## Example\nIn the following example, `latlonCoords` contains a string that has been entered by a user but not validated by the program. This allows the user to, for example, append an ampersand (&amp;) followed by the command for a malicious program to the end of the string. The ampersand instructs Windows to execute another program. In the block marked 'BAD', `latlonCoords` is passed to `exec` as part of a concatenated string, which allows more than one command to be executed. However, in the block marked 'GOOD', `latlonCoords` is passed as part of an array, which means that `exec` treats it only as an argument.\n\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        // BAD: user input might include special characters such as ampersands\n        {\n            String latlonCoords = args[1];\n            Runtime rt = Runtime.getRuntime();\n            Process exec = rt.exec(\"cmd.exe /C latlon2utm.exe \" + latlonCoords);\n        }\n\n        // GOOD: use an array of arguments instead of executing a string\n        {\n            String latlonCoords = args[1];\n            Runtime rt = Runtime.getRuntime();\n            Process exec = rt.exec(new String[] {\n                    \"c:\\\\path\\to\\latlon2utm.exe\",\n                    latlonCoords });\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Command Injection](https://www.owasp.org/index.php/Command_Injection).\n* SEI CERT Oracle Coding Standard for Java: [IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method](https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method).\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n","markdown":"# Building a command line with string concatenation\nCode that builds a command line by concatenating strings that have been entered by a user allows the user to execute malicious code.\n\n\n## Recommendation\nExecute external commands using an array of strings rather than a single string. By using an array, many possible vulnerabilities in the formatting of the string are avoided.\n\n\n## Example\nIn the following example, `latlonCoords` contains a string that has been entered by a user but not validated by the program. This allows the user to, for example, append an ampersand (&amp;) followed by the command for a malicious program to the end of the string. The ampersand instructs Windows to execute another program. In the block marked 'BAD', `latlonCoords` is passed to `exec` as part of a concatenated string, which allows more than one command to be executed. However, in the block marked 'GOOD', `latlonCoords` is passed as part of an array, which means that `exec` treats it only as an argument.\n\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        // BAD: user input might include special characters such as ampersands\n        {\n            String latlonCoords = args[1];\n            Runtime rt = Runtime.getRuntime();\n            Process exec = rt.exec(\"cmd.exe /C latlon2utm.exe \" + latlonCoords);\n        }\n\n        // GOOD: use an array of arguments instead of executing a string\n        {\n            String latlonCoords = args[1];\n            Runtime rt = Runtime.getRuntime();\n            Process exec = rt.exec(new String[] {\n                    \"c:\\\\path\\to\\latlon2utm.exe\",\n                    latlonCoords });\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Command Injection](https://www.owasp.org/index.php/Command_Injection).\n* SEI CERT Oracle Coding Standard for Java: [IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method](https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method).\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n"},"properties":{"tags":["security","external/cwe/cwe-078","external/cwe/cwe-088"],"description":"Using concatenated strings in a command line is vulnerable to malicious\n              insertion of special characters in the strings.","id":"java/concatenated-command-line","kind":"problem","name":"Building a command line with string concatenation","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/unsafe-deserialization","name":"java/unsafe-deserialization","shortDescription":{"text":"Deserialization of user-controlled data"},"fullDescription":{"text":"Deserializing user-controlled data may allow attackers to execute arbitrary code."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Deserialization of user-controlled data\nDeserializing untrusted data using any deserialization framework that allows the construction of arbitrary serializable objects is easily exploitable and in many cases allows an attacker to execute arbitrary code. Even before a deserialized object is returned to the caller of a deserialization method a lot of code may have been executed, including static initializers, constructors, and finalizers. Automatic deserialization of fields means that an attacker may craft a nested combination of objects on which the executed initialization code may have unforeseen effects, such as the execution of arbitrary code.\n\nThere are many different serialization frameworks. This query currently supports Kryo, XmlDecoder, XStream, SnakeYaml, JYaml, JsonIO, YAMLBeans, HessianBurlap, Castor, Burlap, Jackson, Jabsorb, Jodd JSON, Flexjson, Gson and Java IO serialization through `ObjectInputStream`/`ObjectOutputStream`.\n\n\n## Recommendation\nAvoid deserialization of untrusted data if at all possible. If the architecture permits it then use other formats instead of serialized objects, for example JSON or XML. However, these formats should not be deserialized into complex objects because this provides further opportunities for attack. For example, XML-based deserialization attacks are possible through libraries such as XStream and XmlDecoder.\n\nAlternatively, a tightly controlled whitelist can limit the vulnerability of code, but be aware of the existence of so-called Bypass Gadgets, which can circumvent such protection measures.\n\nRecommendations specific to particular frameworks supported by this query:\n\n**FastJson** - `com.alibaba:fastjson`\n\n* **Secure by Default**: Partially\n* **Recommendation**: Call `com.alibaba.fastjson.parser.ParserConfig#setSafeMode` with the argument `true` before deserializing untrusted data.\n\n\n**FasterXML** - `com.fasterxml.jackson.core:jackson-databind`\n\n* **Secure by Default**: Yes\n* **Recommendation**: Don't call `com.fasterxml.jackson.databind.ObjectMapper#enableDefaultTyping` and don't annotate any object fields with `com.fasterxml.jackson.annotation.JsonTypeInfo` passing either the `CLASS` or `MINIMAL_CLASS` values to the annotation. Read [this guide](https://cowtowncoder.medium.com/jackson-2-10-safe-default-typing-2d018f0ce2ba).\n\n\n**Kryo** - `com.esotericsoftware:kryo` and `com.esotericsoftware:kryo5`\n\n* **Secure by Default**: Yes for `com.esotericsoftware:kryo5` and for `com.esotericsoftware:kryo` &gt;= v5.0.0\n* **Recommendation**: Don't call `com.esotericsoftware.kryo(5).Kryo#setRegistrationRequired` with the argument `false` on any `Kryo` instance that may deserialize untrusted data.\n\n\n**ObjectInputStream** - `Java Standard Library`\n\n* **Secure by Default**: No\n* **Recommendation**: Use a validating input stream, such as `org.apache.commons.io.serialization.ValidatingObjectInputStream`.\n\n\n**SnakeYAML** - `org.yaml:snakeyaml`\n\n* **Secure by Default**: No\n* **Recommendation**: Pass an instance of `org.yaml.snakeyaml.constructor.SafeConstructor` to `org.yaml.snakeyaml.Yaml`'s constructor before using it to deserialize untrusted data.\n\n\n**XML Decoder** - `Standard Java Library`\n\n* **Secure by Default**: No\n* **Recommendation**: Do not use with untrusted user input.\n\n\n\n## Example\nThe following example calls `readObject` directly on an `ObjectInputStream` that is constructed from untrusted data, and is therefore inherently unsafe.\n\n\n```java\npublic MyObject {\n  public int field;\n  MyObject(int field) {\n    this.field = field;\n  }\n}\n\npublic MyObject deserialize(Socket sock) {\n  try(ObjectInputStream in = new ObjectInputStream(sock.getInputStream())) {\n    return (MyObject)in.readObject(); // unsafe\n  }\n}\n\n```\nRewriting the communication protocol to only rely on reading primitive types from the input stream removes the vulnerability.\n\n\n```java\npublic MyObject deserialize(Socket sock) {\n  try(DataInputStream in = new DataInputStream(sock.getInputStream())) {\n    return new MyObject(in.readInt());\n  }\n}\n\n```\n\n## References\n* OWASP vulnerability description: [Deserialization of untrusted data](https://www.owasp.org/index.php/Deserialization_of_untrusted_data).\n* OWASP guidance on deserializing objects: [Deserialization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html).\n* Talks by Chris Frohoff &amp; Gabriel Lawrence: [ AppSecCali 2015: Marshalling Pickles - how deserializing objects will ruin your day](http://frohoff.github.io/appseccali-marshalling-pickles/), [OWASP SD: Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization](http://frohoff.github.io/owaspsd-deserialize-my-shorts/).\n* Alvaro Muñoz &amp; Christian Schneider, RSAConference 2016: [Serial Killer: Silently Pwning Your Java Endpoints](https://speakerdeck.com/pwntester/serial-killer-silently-pwning-your-java-endpoints).\n* SnakeYaml documentation on deserialization: [SnakeYaml deserialization](https://bitbucket.org/snakeyaml/snakeyaml/wiki/Documentation#markdown-header-loading-yaml).\n* Hessian deserialization and related gadget chains: [Hessian deserialization](https://paper.seebug.org/1137/).\n* Castor and Hessian java deserialization vulnerabilities: [Castor and Hessian deserialization](https://securitylab.github.com/research/hessian-java-deserialization-castor-vulnerabilities/).\n* Remote code execution in JYaml library: [JYaml deserialization](https://www.cybersecurity-help.cz/vdb/SB2020022512).\n* JsonIO deserialization vulnerabilities: [JsonIO deserialization](https://klezvirus.github.io/Advanced-Web-Hacking/Serialisation/).\n* Research by Moritz Bechler: [Java Unmarshaller Security - Turning your data into code execution](https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true)\n* Blog posts by the developer of Jackson libraries: [On Jackson CVEs: Don’t Panic — Here is what you need to know](https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062) [Jackson 2.10: Safe Default Typing](https://cowtowncoder.medium.com/jackson-2-10-safe-default-typing-2d018f0ce2ba)\n* Jabsorb documentation on deserialization: [Jabsorb JSON Serializer](https://github.com/Servoy/jabsorb/blob/master/src/org/jabsorb/).\n* Jodd JSON documentation on deserialization: [JoddJson Parser](https://json.jodd.org/parser).\n* RCE in Flexjson: [Flexjson deserialization](https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html).\n* Android Intent deserialization vulnerabilities with GSON parser: [Insecure use of JSON parsers](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/#insecure-use-of-json-parsers).\n* Common Weakness Enumeration: [CWE-502](https://cwe.mitre.org/data/definitions/502.html).\n","markdown":"# Deserialization of user-controlled data\nDeserializing untrusted data using any deserialization framework that allows the construction of arbitrary serializable objects is easily exploitable and in many cases allows an attacker to execute arbitrary code. Even before a deserialized object is returned to the caller of a deserialization method a lot of code may have been executed, including static initializers, constructors, and finalizers. Automatic deserialization of fields means that an attacker may craft a nested combination of objects on which the executed initialization code may have unforeseen effects, such as the execution of arbitrary code.\n\nThere are many different serialization frameworks. This query currently supports Kryo, XmlDecoder, XStream, SnakeYaml, JYaml, JsonIO, YAMLBeans, HessianBurlap, Castor, Burlap, Jackson, Jabsorb, Jodd JSON, Flexjson, Gson and Java IO serialization through `ObjectInputStream`/`ObjectOutputStream`.\n\n\n## Recommendation\nAvoid deserialization of untrusted data if at all possible. If the architecture permits it then use other formats instead of serialized objects, for example JSON or XML. However, these formats should not be deserialized into complex objects because this provides further opportunities for attack. For example, XML-based deserialization attacks are possible through libraries such as XStream and XmlDecoder.\n\nAlternatively, a tightly controlled whitelist can limit the vulnerability of code, but be aware of the existence of so-called Bypass Gadgets, which can circumvent such protection measures.\n\nRecommendations specific to particular frameworks supported by this query:\n\n**FastJson** - `com.alibaba:fastjson`\n\n* **Secure by Default**: Partially\n* **Recommendation**: Call `com.alibaba.fastjson.parser.ParserConfig#setSafeMode` with the argument `true` before deserializing untrusted data.\n\n\n**FasterXML** - `com.fasterxml.jackson.core:jackson-databind`\n\n* **Secure by Default**: Yes\n* **Recommendation**: Don't call `com.fasterxml.jackson.databind.ObjectMapper#enableDefaultTyping` and don't annotate any object fields with `com.fasterxml.jackson.annotation.JsonTypeInfo` passing either the `CLASS` or `MINIMAL_CLASS` values to the annotation. Read [this guide](https://cowtowncoder.medium.com/jackson-2-10-safe-default-typing-2d018f0ce2ba).\n\n\n**Kryo** - `com.esotericsoftware:kryo` and `com.esotericsoftware:kryo5`\n\n* **Secure by Default**: Yes for `com.esotericsoftware:kryo5` and for `com.esotericsoftware:kryo` &gt;= v5.0.0\n* **Recommendation**: Don't call `com.esotericsoftware.kryo(5).Kryo#setRegistrationRequired` with the argument `false` on any `Kryo` instance that may deserialize untrusted data.\n\n\n**ObjectInputStream** - `Java Standard Library`\n\n* **Secure by Default**: No\n* **Recommendation**: Use a validating input stream, such as `org.apache.commons.io.serialization.ValidatingObjectInputStream`.\n\n\n**SnakeYAML** - `org.yaml:snakeyaml`\n\n* **Secure by Default**: No\n* **Recommendation**: Pass an instance of `org.yaml.snakeyaml.constructor.SafeConstructor` to `org.yaml.snakeyaml.Yaml`'s constructor before using it to deserialize untrusted data.\n\n\n**XML Decoder** - `Standard Java Library`\n\n* **Secure by Default**: No\n* **Recommendation**: Do not use with untrusted user input.\n\n\n\n## Example\nThe following example calls `readObject` directly on an `ObjectInputStream` that is constructed from untrusted data, and is therefore inherently unsafe.\n\n\n```java\npublic MyObject {\n  public int field;\n  MyObject(int field) {\n    this.field = field;\n  }\n}\n\npublic MyObject deserialize(Socket sock) {\n  try(ObjectInputStream in = new ObjectInputStream(sock.getInputStream())) {\n    return (MyObject)in.readObject(); // unsafe\n  }\n}\n\n```\nRewriting the communication protocol to only rely on reading primitive types from the input stream removes the vulnerability.\n\n\n```java\npublic MyObject deserialize(Socket sock) {\n  try(DataInputStream in = new DataInputStream(sock.getInputStream())) {\n    return new MyObject(in.readInt());\n  }\n}\n\n```\n\n## References\n* OWASP vulnerability description: [Deserialization of untrusted data](https://www.owasp.org/index.php/Deserialization_of_untrusted_data).\n* OWASP guidance on deserializing objects: [Deserialization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html).\n* Talks by Chris Frohoff &amp; Gabriel Lawrence: [ AppSecCali 2015: Marshalling Pickles - how deserializing objects will ruin your day](http://frohoff.github.io/appseccali-marshalling-pickles/), [OWASP SD: Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization](http://frohoff.github.io/owaspsd-deserialize-my-shorts/).\n* Alvaro Muñoz &amp; Christian Schneider, RSAConference 2016: [Serial Killer: Silently Pwning Your Java Endpoints](https://speakerdeck.com/pwntester/serial-killer-silently-pwning-your-java-endpoints).\n* SnakeYaml documentation on deserialization: [SnakeYaml deserialization](https://bitbucket.org/snakeyaml/snakeyaml/wiki/Documentation#markdown-header-loading-yaml).\n* Hessian deserialization and related gadget chains: [Hessian deserialization](https://paper.seebug.org/1137/).\n* Castor and Hessian java deserialization vulnerabilities: [Castor and Hessian deserialization](https://securitylab.github.com/research/hessian-java-deserialization-castor-vulnerabilities/).\n* Remote code execution in JYaml library: [JYaml deserialization](https://www.cybersecurity-help.cz/vdb/SB2020022512).\n* JsonIO deserialization vulnerabilities: [JsonIO deserialization](https://klezvirus.github.io/Advanced-Web-Hacking/Serialisation/).\n* Research by Moritz Bechler: [Java Unmarshaller Security - Turning your data into code execution](https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true)\n* Blog posts by the developer of Jackson libraries: [On Jackson CVEs: Don’t Panic — Here is what you need to know](https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062) [Jackson 2.10: Safe Default Typing](https://cowtowncoder.medium.com/jackson-2-10-safe-default-typing-2d018f0ce2ba)\n* Jabsorb documentation on deserialization: [Jabsorb JSON Serializer](https://github.com/Servoy/jabsorb/blob/master/src/org/jabsorb/).\n* Jodd JSON documentation on deserialization: [JoddJson Parser](https://json.jodd.org/parser).\n* RCE in Flexjson: [Flexjson deserialization](https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html).\n* Android Intent deserialization vulnerabilities with GSON parser: [Insecure use of JSON parsers](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/#insecure-use-of-json-parsers).\n* Common Weakness Enumeration: [CWE-502](https://cwe.mitre.org/data/definitions/502.html).\n"},"properties":{"tags":["security","external/cwe/cwe-502","owasp-top10-2021","A08:2021 - Software and Data Integrity Failures"],"description":"Deserializing user-controlled data may allow attackers to\n              execute arbitrary code.","id":"java/unsafe-deserialization","kind":"path-problem","name":"Deserialization of user-controlled data","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/world-writable-file-read","name":"java/world-writable-file-read","shortDescription":{"text":"Reading from a world writable file"},"fullDescription":{"text":"Reading from a file which is set as world writable is dangerous because the file may be modified or removed by external actors."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Reading from a world writable file\nReading from a world-writable file is dangerous on a multi-user system because other users may be able to affect program execution by modifying or deleting the file.\n\n\n## Recommendation\nDo not make files explicitly world writable unless the file is intended to be written by multiple users on a multi-user system. In many cases, the file may only need to be writable for the current user.\n\nFor some file systems, there may be alternatives to setting the file to be world writable. For example, POSIX file systems support \"groups\" which may be used to ensure that only subset of all the users can write to the file. Access Control Lists (ACLs) are available for many operating system and file system combinations, and can provide fine-grained read and write support without resorting to world writable permissions.\n\n\n## Example\nIn the following example, we are loading some configuration parameters from a file:\n\n```java\n\nprivate void readConfig(File configFile) {\n  if (!configFile.exists()) {\n    // Create an empty config file\n    configFile.createNewFile();\n    // Make the file writable for all\n    configFile.setWritable(true, false);\n  }\n  // Now read the config\n  loadConfig(configFile);\n}\n\n```\nIf the configuration file does not yet exist, an empty file is created. Creating an empty file can simplify the later code and is a convenience for the user. However, by setting the file to be world writable, we allow any user on the system to modify the configuration, not just the current user. If there may be untrusted users on the system, this is potentially dangerous.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [FIO01-J. Create files with appropriate access permissions](https://wiki.sei.cmu.edu/confluence/display/java/FIO01-J.+Create+files+with+appropriate+access+permissions).\n* Common Weakness Enumeration: [CWE-732](https://cwe.mitre.org/data/definitions/732.html).\n","markdown":"# Reading from a world writable file\nReading from a world-writable file is dangerous on a multi-user system because other users may be able to affect program execution by modifying or deleting the file.\n\n\n## Recommendation\nDo not make files explicitly world writable unless the file is intended to be written by multiple users on a multi-user system. In many cases, the file may only need to be writable for the current user.\n\nFor some file systems, there may be alternatives to setting the file to be world writable. For example, POSIX file systems support \"groups\" which may be used to ensure that only subset of all the users can write to the file. Access Control Lists (ACLs) are available for many operating system and file system combinations, and can provide fine-grained read and write support without resorting to world writable permissions.\n\n\n## Example\nIn the following example, we are loading some configuration parameters from a file:\n\n```java\n\nprivate void readConfig(File configFile) {\n  if (!configFile.exists()) {\n    // Create an empty config file\n    configFile.createNewFile();\n    // Make the file writable for all\n    configFile.setWritable(true, false);\n  }\n  // Now read the config\n  loadConfig(configFile);\n}\n\n```\nIf the configuration file does not yet exist, an empty file is created. Creating an empty file can simplify the later code and is a convenience for the user. However, by setting the file to be world writable, we allow any user on the system to modify the configuration, not just the current user. If there may be untrusted users on the system, this is potentially dangerous.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [FIO01-J. Create files with appropriate access permissions](https://wiki.sei.cmu.edu/confluence/display/java/FIO01-J.+Create+files+with+appropriate+access+permissions).\n* Common Weakness Enumeration: [CWE-732](https://cwe.mitre.org/data/definitions/732.html).\n"},"properties":{"tags":["security","external/cwe/cwe-732"],"description":"Reading from a file which is set as world writable is dangerous because\n              the file may be modified or removed by external actors.","id":"java/world-writable-file-read","kind":"problem","name":"Reading from a world writable file","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"java/regex-injection","name":"java/regex-injection","shortDescription":{"text":"Regular expression injection"},"fullDescription":{"text":"User input should not be used in regular expressions without first being escaped, otherwise a malicious user may be able to provide a regex that could require exponential time on certain inputs."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Regular expression injection\nConstructing a regular expression with unsanitized user input is dangerous as a malicious user may be able to modify the meaning of the expression. In particular, such a user may be able to provide a regular expression fragment that takes exponential time in the worst case, and use that to perform a Denial of Service attack.\n\n\n## Recommendation\nBefore embedding user input into a regular expression, use a sanitization function such as `Pattern.quote` to escape meta-characters that have special meaning.\n\n\n## Example\nThe following example shows an HTTP request parameter that is used to construct a regular expression.\n\nIn the first case the user-provided regex is not escaped. If a malicious user provides a regex whose worst-case performance is exponential, then this could lead to a Denial of Service.\n\nIn the second case, the user input is escaped using `Pattern.quote` before being included in the regular expression. This ensures that the user cannot insert characters which have a special meaning in regular expressions.\n\n\n```java\nimport java.util.regex.Pattern;\nimport javax.servlet.http.HttpServlet;\nimport javax.servlet.http.HttpServletRequest;\n\npublic class RegexInjectionDemo extends HttpServlet {\n\n  public boolean badExample(javax.servlet.http.HttpServletRequest request) {\n    String regex = request.getParameter(\"regex\");\n    String input = request.getParameter(\"input\");\n\n    // BAD: Unsanitized user input is used to construct a regular expression\n    return input.matches(regex);\n  }\n\n  public boolean goodExample(javax.servlet.http.HttpServletRequest request) {\n    String regex = request.getParameter(\"regex\");\n    String input = request.getParameter(\"input\");\n\n    // GOOD: User input is sanitized before constructing the regex\n    return input.matches(Pattern.quote(regex));\n  }\n}\n\n```\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Java API Specification: [Pattern.quote](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/regex/Pattern.html#quote(java.lang.String)).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n","markdown":"# Regular expression injection\nConstructing a regular expression with unsanitized user input is dangerous as a malicious user may be able to modify the meaning of the expression. In particular, such a user may be able to provide a regular expression fragment that takes exponential time in the worst case, and use that to perform a Denial of Service attack.\n\n\n## Recommendation\nBefore embedding user input into a regular expression, use a sanitization function such as `Pattern.quote` to escape meta-characters that have special meaning.\n\n\n## Example\nThe following example shows an HTTP request parameter that is used to construct a regular expression.\n\nIn the first case the user-provided regex is not escaped. If a malicious user provides a regex whose worst-case performance is exponential, then this could lead to a Denial of Service.\n\nIn the second case, the user input is escaped using `Pattern.quote` before being included in the regular expression. This ensures that the user cannot insert characters which have a special meaning in regular expressions.\n\n\n```java\nimport java.util.regex.Pattern;\nimport javax.servlet.http.HttpServlet;\nimport javax.servlet.http.HttpServletRequest;\n\npublic class RegexInjectionDemo extends HttpServlet {\n\n  public boolean badExample(javax.servlet.http.HttpServletRequest request) {\n    String regex = request.getParameter(\"regex\");\n    String input = request.getParameter(\"input\");\n\n    // BAD: Unsanitized user input is used to construct a regular expression\n    return input.matches(regex);\n  }\n\n  public boolean goodExample(javax.servlet.http.HttpServletRequest request) {\n    String regex = request.getParameter(\"regex\");\n    String input = request.getParameter(\"input\");\n\n    // GOOD: User input is sanitized before constructing the regex\n    return input.matches(Pattern.quote(regex));\n  }\n}\n\n```\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Java API Specification: [Pattern.quote](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/regex/Pattern.html#quote(java.lang.String)).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n"},"properties":{"tags":["security","external/cwe/cwe-730","external/cwe/cwe-400"],"description":"User input should not be used in regular expressions without first being escaped,\n              otherwise a malicious user may be able to provide a regex that could require\n              exponential time on certain inputs.","id":"java/regex-injection","kind":"path-problem","name":"Regular expression injection","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/redos","name":"java/redos","shortDescription":{"text":"Inefficient regular expression"},"fullDescription":{"text":"A regular expression that requires exponential time to match certain inputs can be a performance bottleneck, and may be vulnerable to denial-of-service attacks."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Inefficient regular expression\nSome regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length *n* is proportional to *n<sup>k</sup>* or even *2<sup>n</sup>*. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service (\"DoS\") attack by crafting an expensive input string for the regular expression to match.\n\nThe regular expression engine provided by Java uses a backtracking non-deterministic finite automata to implement regular expression matching. While this approach is space-efficient and allows supporting advanced features like capture groups, it is not time-efficient in general. The worst-case time complexity of such an automaton can be polynomial or even exponential, meaning that for strings of a certain shape, increasing the input length by ten characters may make the automaton about 1000 times slower.\n\nTypically, a regular expression is affected by this problem if it contains a repetition of the form `r*` or `r+` where the sub-expression `r` is ambiguous in the sense that it can match some string in multiple ways. More information about the precise circumstances can be found in the references.\n\nNote that Java versions 9 and above have some mitigations against ReDoS; however they aren't perfect and more complex regular expressions can still be affected by this problem.\n\n\n## Recommendation\nModify the regular expression to remove the ambiguity, or ensure that the strings matched with the regular expression are short enough that the time-complexity does not matter. Alternatively, an alternate regex library that guarantees linear time execution, such as Google's RE2J, may be used.\n\n\n## Example\nConsider this regular expression:\n\n```java\n\n\t\t\t^_(__|.)+_$\n\t\t\n```\nIts sub-expression `\"(__|.)+?\"` can match the string `\"__\"` either by the first alternative `\"__\"` to the left of the `\"|\"` operator, or by two repetitions of the second alternative `\".\"` to the right. Thus, a string consisting of an odd number of underscores followed by some other character will cause the regular expression engine to run for an exponential amount of time before rejecting the input.\n\nThis problem can be avoided by rewriting the regular expression to remove the ambiguity between the two branches of the alternative inside the repetition:\n\n```java\n\n\t\t\t^_(__|[^_])+_$\n\t\t\n```\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity).\n* James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf).\n* Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n","markdown":"# Inefficient regular expression\nSome regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length *n* is proportional to *n<sup>k</sup>* or even *2<sup>n</sup>*. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service (\"DoS\") attack by crafting an expensive input string for the regular expression to match.\n\nThe regular expression engine provided by Java uses a backtracking non-deterministic finite automata to implement regular expression matching. While this approach is space-efficient and allows supporting advanced features like capture groups, it is not time-efficient in general. The worst-case time complexity of such an automaton can be polynomial or even exponential, meaning that for strings of a certain shape, increasing the input length by ten characters may make the automaton about 1000 times slower.\n\nTypically, a regular expression is affected by this problem if it contains a repetition of the form `r*` or `r+` where the sub-expression `r` is ambiguous in the sense that it can match some string in multiple ways. More information about the precise circumstances can be found in the references.\n\nNote that Java versions 9 and above have some mitigations against ReDoS; however they aren't perfect and more complex regular expressions can still be affected by this problem.\n\n\n## Recommendation\nModify the regular expression to remove the ambiguity, or ensure that the strings matched with the regular expression are short enough that the time-complexity does not matter. Alternatively, an alternate regex library that guarantees linear time execution, such as Google's RE2J, may be used.\n\n\n## Example\nConsider this regular expression:\n\n```java\n\n\t\t\t^_(__|.)+_$\n\t\t\n```\nIts sub-expression `\"(__|.)+?\"` can match the string `\"__\"` either by the first alternative `\"__\"` to the left of the `\"|\"` operator, or by two repetitions of the second alternative `\".\"` to the right. Thus, a string consisting of an odd number of underscores followed by some other character will cause the regular expression engine to run for an exponential amount of time before rejecting the input.\n\nThis problem can be avoided by rewriting the regular expression to remove the ambiguity between the two branches of the alternative inside the repetition:\n\n```java\n\n\t\t\t^_(__|[^_])+_$\n\t\t\n```\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity).\n* James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf).\n* Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n"},"properties":{"tags":["security","external/cwe/cwe-1333","external/cwe/cwe-730","external/cwe/cwe-400"],"description":"A regular expression that requires exponential time to match certain inputs\n              can be a performance bottleneck, and may be vulnerable to denial-of-service\n              attacks.","id":"java/redos","kind":"problem","name":"Inefficient regular expression","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/polynomial-redos","name":"java/polynomial-redos","shortDescription":{"text":"Polynomial regular expression used on uncontrolled data"},"fullDescription":{"text":"A regular expression that can require polynomial time to match may be vulnerable to denial-of-service attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Polynomial regular expression used on uncontrolled data\nSome regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length *n* is proportional to *n<sup>k</sup>* or even *2<sup>n</sup>*. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service (\"DoS\") attack by crafting an expensive input string for the regular expression to match.\n\nThe regular expression engine provided by Java uses a backtracking non-deterministic finite automata to implement regular expression matching. While this approach is space-efficient and allows supporting advanced features like capture groups, it is not time-efficient in general. The worst-case time complexity of such an automaton can be polynomial or even exponential, meaning that for strings of a certain shape, increasing the input length by ten characters may make the automaton about 1000 times slower.\n\nTypically, a regular expression is affected by this problem if it contains a repetition of the form `r*` or `r+` where the sub-expression `r` is ambiguous in the sense that it can match some string in multiple ways. More information about the precise circumstances can be found in the references.\n\nNote that Java versions 9 and above have some mitigations against ReDoS; however they aren't perfect and more complex regular expressions can still be affected by this problem.\n\n\n## Recommendation\nModify the regular expression to remove the ambiguity, or ensure that the strings matched with the regular expression are short enough that the time-complexity does not matter. Alternatively, an alternate regex library that guarantees linear time execution, such as Google's RE2J, may be used.\n\n\n## Example\nConsider this use of a regular expression, which removes all leading and trailing whitespace in a string:\n\n```java\n\n\t\t\tPattern.compile(\"^\\\\s+|\\\\s+$\").matcher(text).replaceAll(\"\") // BAD\n\t\t\n```\nThe sub-expression `\"\\\\s+$\"` will match the whitespace characters in `text` from left to right, but it can start matching anywhere within a whitespace sequence. This is problematic for strings that do **not** end with a whitespace character. Such a string will force the regular expression engine to process each whitespace sequence once per whitespace character in the sequence.\n\nThis ultimately means that the time cost of trimming a string is quadratic in the length of the string. So a string like `\"a b\"` will take milliseconds to process, but a similar string with a million spaces instead of just one will take several minutes.\n\nAvoid this problem by rewriting the regular expression to not contain the ambiguity about when to start matching whitespace sequences. For instance, by using a negative look-behind (`\"^\\\\s+|(?<!\\\\s)\\\\s+$\"`), or just by using the built-in trim method (`text.trim()`).\n\nNote that the sub-expression `\"^\\\\s+\"` is **not** problematic as the `^` anchor restricts when that sub-expression can start matching, and as the regular expression engine matches from left to right.\n\n\n## Example\nAs a similar, but slightly subtler problem, consider the regular expression that matches lines with numbers, possibly written using scientific notation:\n\n```java\n\n\t\t\t\"^0\\\\.\\\\d+E?\\\\d+$\"\" \n\t\t\n```\nThe problem with this regular expression is in the sub-expression `\\d+E?\\d+` because the second `\\d+` can start matching digits anywhere after the first match of the first `\\d+` if there is no `E` in the input string.\n\nThis is problematic for strings that do **not** end with a digit. Such a string will force the regular expression engine to process each digit sequence once per digit in the sequence, again leading to a quadratic time complexity.\n\nTo make the processing faster, the regular expression should be rewritten such that the two `\\d+` sub-expressions do not have overlapping matches: `\"^0\\\\.\\\\d+(E\\\\d+)?$\"`.\n\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity).\n* James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf).\n* Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n","markdown":"# Polynomial regular expression used on uncontrolled data\nSome regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length *n* is proportional to *n<sup>k</sup>* or even *2<sup>n</sup>*. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service (\"DoS\") attack by crafting an expensive input string for the regular expression to match.\n\nThe regular expression engine provided by Java uses a backtracking non-deterministic finite automata to implement regular expression matching. While this approach is space-efficient and allows supporting advanced features like capture groups, it is not time-efficient in general. The worst-case time complexity of such an automaton can be polynomial or even exponential, meaning that for strings of a certain shape, increasing the input length by ten characters may make the automaton about 1000 times slower.\n\nTypically, a regular expression is affected by this problem if it contains a repetition of the form `r*` or `r+` where the sub-expression `r` is ambiguous in the sense that it can match some string in multiple ways. More information about the precise circumstances can be found in the references.\n\nNote that Java versions 9 and above have some mitigations against ReDoS; however they aren't perfect and more complex regular expressions can still be affected by this problem.\n\n\n## Recommendation\nModify the regular expression to remove the ambiguity, or ensure that the strings matched with the regular expression are short enough that the time-complexity does not matter. Alternatively, an alternate regex library that guarantees linear time execution, such as Google's RE2J, may be used.\n\n\n## Example\nConsider this use of a regular expression, which removes all leading and trailing whitespace in a string:\n\n```java\n\n\t\t\tPattern.compile(\"^\\\\s+|\\\\s+$\").matcher(text).replaceAll(\"\") // BAD\n\t\t\n```\nThe sub-expression `\"\\\\s+$\"` will match the whitespace characters in `text` from left to right, but it can start matching anywhere within a whitespace sequence. This is problematic for strings that do **not** end with a whitespace character. Such a string will force the regular expression engine to process each whitespace sequence once per whitespace character in the sequence.\n\nThis ultimately means that the time cost of trimming a string is quadratic in the length of the string. So a string like `\"a b\"` will take milliseconds to process, but a similar string with a million spaces instead of just one will take several minutes.\n\nAvoid this problem by rewriting the regular expression to not contain the ambiguity about when to start matching whitespace sequences. For instance, by using a negative look-behind (`\"^\\\\s+|(?<!\\\\s)\\\\s+$\"`), or just by using the built-in trim method (`text.trim()`).\n\nNote that the sub-expression `\"^\\\\s+\"` is **not** problematic as the `^` anchor restricts when that sub-expression can start matching, and as the regular expression engine matches from left to right.\n\n\n## Example\nAs a similar, but slightly subtler problem, consider the regular expression that matches lines with numbers, possibly written using scientific notation:\n\n```java\n\n\t\t\t\"^0\\\\.\\\\d+E?\\\\d+$\"\" \n\t\t\n```\nThe problem with this regular expression is in the sub-expression `\\d+E?\\d+` because the second `\\d+` can start matching digits anywhere after the first match of the first `\\d+` if there is no `E` in the input string.\n\nThis is problematic for strings that do **not** end with a digit. Such a string will force the regular expression engine to process each digit sequence once per digit in the sequence, again leading to a quadratic time complexity.\n\nTo make the processing faster, the regular expression should be rewritten such that the two `\\d+` sub-expressions do not have overlapping matches: `\"^0\\\\.\\\\d+(E\\\\d+)?$\"`.\n\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity).\n* James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf).\n* Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n"},"properties":{"tags":["security","external/cwe/cwe-1333","external/cwe/cwe-730","external/cwe/cwe-400"],"description":"A regular expression that can require polynomial time\n              to match may be vulnerable to denial-of-service attacks.","id":"java/polynomial-redos","kind":"path-problem","name":"Polynomial regular expression used on uncontrolled data","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/maven/non-https-url","name":"java/maven/non-https-url","shortDescription":{"text":"Failure to use HTTPS or SFTP URL in Maven artifact upload/download"},"fullDescription":{"text":"Non-HTTPS connections can be intercepted by third parties."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Failure to use HTTPS or SFTP URL in Maven artifact upload/download\nUsing an insecure protocol like HTTP or FTP to download your dependencies leaves your Maven build vulnerable to a [Man in the Middle (MITM)](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). This can allow attackers to inject malicious code into the artifacts that you are resolving and infect build artifacts that are being produced. This can be used by attackers to perform a [Supply chain attack](https://en.wikipedia.org/wiki/Supply_chain_attack) against your project's users.\n\nThis vulnerability has a [ CVSS v3.1 base score of 8.1/10 ](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1).\n\n\n## Recommendation\nAlways use HTTPS or SFTP to download artifacts from artifact servers.\n\n\n## Example\nThese examples show examples of locations in Maven POM files where artifact repository upload/download is configured. The first shows the use of HTTP, the second shows the use of HTTPS.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Security Testing</name>\n    <description>An example of insecure download and upload of dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>insecure-releases</id>\n            <name>Insecure Repository Releases</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </repository>\n        <snapshotRepository>\n            <id>insecure-snapshots</id>\n            <name>Insecure Repository Snapshots</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>insecure</id>\n            <name>Insecure Repository</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>insecure-plugins</id>\n            <name>Insecure Repository Releases</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Security Testing</name>\n    <description>An example of secure download and upload of dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>insecure-releases</id>\n            <name>Secure Repository Releases</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </repository>\n        <snapshotRepository>\n            <id>insecure-snapshots</id>\n            <name>Secure Repository Snapshots</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>insecure</id>\n            <name>Secure Repository</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>insecure-plugins</id>\n            <name>Secure Repository Releases</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n## References\n* Research: [ Want to take over the Java ecosystem? All you need is a MITM! ](https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb?source=friends_link&sk=3c99970c55a899ad9ef41f126efcde0e)\n* Research: [ How to take over the computer of any Java (or Closure or Scala) Developer. ](https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/)\n* Proof of Concept: [ mveytsman/dilettante ](https://github.com/mveytsman/dilettante)\n* Additional Gradle &amp; Maven plugin: [ Announcing nohttp ](https://spring.io/blog/2019/06/10/announcing-nohttp)\n* Java Ecosystem Announcement: [ HTTP Decommission Artifact Server Announcements ](https://gist.github.com/JLLeitschuh/789e49e3d34092a005031a0a1880af99)\n* Common Weakness Enumeration: [CWE-300](https://cwe.mitre.org/data/definitions/300.html).\n* Common Weakness Enumeration: [CWE-319](https://cwe.mitre.org/data/definitions/319.html).\n* Common Weakness Enumeration: [CWE-494](https://cwe.mitre.org/data/definitions/494.html).\n* Common Weakness Enumeration: [CWE-829](https://cwe.mitre.org/data/definitions/829.html).\n","markdown":"# Failure to use HTTPS or SFTP URL in Maven artifact upload/download\nUsing an insecure protocol like HTTP or FTP to download your dependencies leaves your Maven build vulnerable to a [Man in the Middle (MITM)](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). This can allow attackers to inject malicious code into the artifacts that you are resolving and infect build artifacts that are being produced. This can be used by attackers to perform a [Supply chain attack](https://en.wikipedia.org/wiki/Supply_chain_attack) against your project's users.\n\nThis vulnerability has a [ CVSS v3.1 base score of 8.1/10 ](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1).\n\n\n## Recommendation\nAlways use HTTPS or SFTP to download artifacts from artifact servers.\n\n\n## Example\nThese examples show examples of locations in Maven POM files where artifact repository upload/download is configured. The first shows the use of HTTP, the second shows the use of HTTPS.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Security Testing</name>\n    <description>An example of insecure download and upload of dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>insecure-releases</id>\n            <name>Insecure Repository Releases</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </repository>\n        <snapshotRepository>\n            <id>insecure-snapshots</id>\n            <name>Insecure Repository Snapshots</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>insecure</id>\n            <name>Insecure Repository</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>insecure-plugins</id>\n            <name>Insecure Repository Releases</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Security Testing</name>\n    <description>An example of secure download and upload of dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>insecure-releases</id>\n            <name>Secure Repository Releases</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </repository>\n        <snapshotRepository>\n            <id>insecure-snapshots</id>\n            <name>Secure Repository Snapshots</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>insecure</id>\n            <name>Secure Repository</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>insecure-plugins</id>\n            <name>Secure Repository Releases</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n## References\n* Research: [ Want to take over the Java ecosystem? All you need is a MITM! ](https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb?source=friends_link&sk=3c99970c55a899ad9ef41f126efcde0e)\n* Research: [ How to take over the computer of any Java (or Closure or Scala) Developer. ](https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/)\n* Proof of Concept: [ mveytsman/dilettante ](https://github.com/mveytsman/dilettante)\n* Additional Gradle &amp; Maven plugin: [ Announcing nohttp ](https://spring.io/blog/2019/06/10/announcing-nohttp)\n* Java Ecosystem Announcement: [ HTTP Decommission Artifact Server Announcements ](https://gist.github.com/JLLeitschuh/789e49e3d34092a005031a0a1880af99)\n* Common Weakness Enumeration: [CWE-300](https://cwe.mitre.org/data/definitions/300.html).\n* Common Weakness Enumeration: [CWE-319](https://cwe.mitre.org/data/definitions/319.html).\n* Common Weakness Enumeration: [CWE-494](https://cwe.mitre.org/data/definitions/494.html).\n* Common Weakness Enumeration: [CWE-829](https://cwe.mitre.org/data/definitions/829.html).\n"},"properties":{"tags":["security","external/cwe/cwe-300","external/cwe/cwe-319","external/cwe/cwe-494","external/cwe/cwe-829","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Non-HTTPS connections can be intercepted by third parties.","id":"java/maven/non-https-url","kind":"problem","name":"Failure to use HTTPS or SFTP URL in Maven artifact upload/download","precision":"very-high","problem.severity":"error","security-severity":"8.1"}},{"id":"java/sql-injection","name":"java/sql-injection","shortDescription":{"text":"Query built from user-controlled sources"},"fullDescription":{"text":"Building a SQL or Java Persistence query from user-controlled sources is vulnerable to insertion of malicious code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Query built from user-controlled sources\nIf a database query is built using string concatenation, and the components of the concatenation include user input, a user is likely to be able to run malicious database queries. This applies to various database query languages, including SQL and the Java Persistence Query Language.\n\n\n## Recommendation\nUsually, it is better to use a SQL prepared statement than to build a complete SQL query with string concatenation. A prepared statement can include a wildcard, written as a question mark (?), for each part of the SQL query that is expected to be filled in by a different value each time it is run. When the query is later executed, a value must be supplied for each wildcard in the query.\n\nIn the Java Persistence Query Language, it is better to use queries with parameters than to build a complete query with string concatenation. A Java Persistence query can include a parameter placeholder for each part of the query that is expected to be filled in by a different value when run. A parameter placeholder may be indicated by a colon (:) followed by a parameter name, or by a question mark (?) followed by an integer position. When the query is later executed, a value must be supplied for each parameter in the query, using the `setParameter` method. Specifying the query using the `@NamedQuery` annotation introduces an additional level of safety: the query must be a constant string literal, preventing construction by string concatenation, and the only way to fill in values for parts of the query is by setting positional parameters.\n\nIt is good practice to use prepared statements (in SQL) or query parameters (in the Java Persistence Query Language) for supplying parameter values to a query, whether or not any of the parameters are directly traceable to user input. Doing so avoids any need to worry about quoting and escaping.\n\n\n## Example\nIn the following example, the code runs a simple SQL query in two different ways.\n\nThe first way involves building a query, `query1`, by concatenating an environment variable with some string literals. The environment variable can include special characters, so this code allows for SQL injection attacks.\n\nThe second way, which shows good practice, involves building a query, `query2`, with a single string literal that includes a wildcard (`?`). The wildcard is then given a value by calling `setString`. This version is immune to injection attacks, because any special characters in the environment variable are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have SQL special characters in it\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='\"\n        + category + \"' ORDER BY PRICE\";\n    ResultSet results = statement.executeQuery(query1);\n}\n\n{\n    // GOOD: use a prepared query\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query2 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=? ORDER BY PRICE\";\n    PreparedStatement statement = connection.prepareStatement(query2);\n    statement.setString(1, category);\n    ResultSet results = statement.executeQuery();\n}\n```\n\n## Example\nThe following code shows several different ways to run a Java Persistence query.\n\nThe first example involves building a query, `query1`, by concatenating an environment variable with some string literals. Just like the SQL example, the environment variable can include special characters, so this code allows for Java Persistence query injection attacks.\n\nThe remaining examples demonstrate different methods for safely building a Java Persistence query with user-supplied values:\n\n1. `query2` uses a single string literal that includes a placeholder for a parameter, indicated by a colon (`:`) and parameter name (`category`).\n1. `query3` uses a single string literal that includes a placeholder for a parameter, indicated by a question mark (`?`) and position number (`1`).\n1. `namedQuery1` is defined using the `@NamedQuery` annotation, whose `query` attribute is a string literal that includes a placeholder for a parameter, indicated by a colon (`:`) and parameter name (`category`).\n1. `namedQuery2` is defined using the `@NamedQuery` annotation, whose `query` attribute includes a placeholder for a parameter, indicated by a question mark (`?`) and position number (`1`).\nThe parameter is then given a value by calling `setParameter`. These versions are immune to injection attacks, because any special characters in the environment variable or user-supplied value are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have Java Persistence Query Language special characters in it\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT p FROM Product p WHERE p.category LIKE '\"\n        + category + \"' ORDER BY p.price\";\n    Query q = entityManager.createQuery(query1);\n}\n\n{\n    // GOOD: use a named parameter and set its value\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query2 = \"SELECT p FROM Product p WHERE p.category LIKE :category ORDER BY p.price\"\n    Query q = entityManager.createQuery(query2);\n    q.setParameter(\"category\", category);\n}\n\n{\n    // GOOD: use a positional parameter and set its value\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query3 = \"SELECT p FROM Product p WHERE p.category LIKE ?1 ORDER BY p.price\"\n    Query q = entityManager.createQuery(query3);\n    q.setParameter(1, category);\n}\n\n{\n    // GOOD: use a named query with a named parameter and set its value\n    @NamedQuery(\n            name=\"lookupByCategory\",\n            query=\"SELECT p FROM Product p WHERE p.category LIKE :category ORDER BY p.price\")\n    private static class NQ {}\n    ...\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Query namedQuery1 = entityManager.createNamedQuery(\"lookupByCategory\");\n    namedQuery1.setParameter(\"category\", category);\n}\n\n{\n    // GOOD: use a named query with a positional parameter and set its value\n    @NamedQuery(\n            name=\"lookupByCategory\",\n            query=\"SELECT p FROM Product p WHERE p.category LIKE ?1 ORDER BY p.price\")\n    private static class NQ {}\n    ...\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Query namedQuery2 = entityManager.createNamedQuery(\"lookupByCategory\");\n    namedQuery2.setParameter(1, category);\n}\n```\n\n## References\n* OWASP: [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html).\n* SEI CERT Oracle Coding Standard for Java: [IDS00-J. Prevent SQL injection](https://wiki.sei.cmu.edu/confluence/display/java/IDS00-J.+Prevent+SQL+injection).\n* The Java Tutorials: [Using Prepared Statements](https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html).\n* The Java EE Tutorial: [The Java Persistence Query Language](https://docs.oracle.com/javaee/7/tutorial/persistence-querylanguage.htm).\n* Common Weakness Enumeration: [CWE-89](https://cwe.mitre.org/data/definitions/89.html).\n* Common Weakness Enumeration: [CWE-564](https://cwe.mitre.org/data/definitions/564.html).\n","markdown":"# Query built from user-controlled sources\nIf a database query is built using string concatenation, and the components of the concatenation include user input, a user is likely to be able to run malicious database queries. This applies to various database query languages, including SQL and the Java Persistence Query Language.\n\n\n## Recommendation\nUsually, it is better to use a SQL prepared statement than to build a complete SQL query with string concatenation. A prepared statement can include a wildcard, written as a question mark (?), for each part of the SQL query that is expected to be filled in by a different value each time it is run. When the query is later executed, a value must be supplied for each wildcard in the query.\n\nIn the Java Persistence Query Language, it is better to use queries with parameters than to build a complete query with string concatenation. A Java Persistence query can include a parameter placeholder for each part of the query that is expected to be filled in by a different value when run. A parameter placeholder may be indicated by a colon (:) followed by a parameter name, or by a question mark (?) followed by an integer position. When the query is later executed, a value must be supplied for each parameter in the query, using the `setParameter` method. Specifying the query using the `@NamedQuery` annotation introduces an additional level of safety: the query must be a constant string literal, preventing construction by string concatenation, and the only way to fill in values for parts of the query is by setting positional parameters.\n\nIt is good practice to use prepared statements (in SQL) or query parameters (in the Java Persistence Query Language) for supplying parameter values to a query, whether or not any of the parameters are directly traceable to user input. Doing so avoids any need to worry about quoting and escaping.\n\n\n## Example\nIn the following example, the code runs a simple SQL query in two different ways.\n\nThe first way involves building a query, `query1`, by concatenating an environment variable with some string literals. The environment variable can include special characters, so this code allows for SQL injection attacks.\n\nThe second way, which shows good practice, involves building a query, `query2`, with a single string literal that includes a wildcard (`?`). The wildcard is then given a value by calling `setString`. This version is immune to injection attacks, because any special characters in the environment variable are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have SQL special characters in it\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='\"\n        + category + \"' ORDER BY PRICE\";\n    ResultSet results = statement.executeQuery(query1);\n}\n\n{\n    // GOOD: use a prepared query\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query2 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=? ORDER BY PRICE\";\n    PreparedStatement statement = connection.prepareStatement(query2);\n    statement.setString(1, category);\n    ResultSet results = statement.executeQuery();\n}\n```\n\n## Example\nThe following code shows several different ways to run a Java Persistence query.\n\nThe first example involves building a query, `query1`, by concatenating an environment variable with some string literals. Just like the SQL example, the environment variable can include special characters, so this code allows for Java Persistence query injection attacks.\n\nThe remaining examples demonstrate different methods for safely building a Java Persistence query with user-supplied values:\n\n1. `query2` uses a single string literal that includes a placeholder for a parameter, indicated by a colon (`:`) and parameter name (`category`).\n1. `query3` uses a single string literal that includes a placeholder for a parameter, indicated by a question mark (`?`) and position number (`1`).\n1. `namedQuery1` is defined using the `@NamedQuery` annotation, whose `query` attribute is a string literal that includes a placeholder for a parameter, indicated by a colon (`:`) and parameter name (`category`).\n1. `namedQuery2` is defined using the `@NamedQuery` annotation, whose `query` attribute includes a placeholder for a parameter, indicated by a question mark (`?`) and position number (`1`).\nThe parameter is then given a value by calling `setParameter`. These versions are immune to injection attacks, because any special characters in the environment variable or user-supplied value are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have Java Persistence Query Language special characters in it\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT p FROM Product p WHERE p.category LIKE '\"\n        + category + \"' ORDER BY p.price\";\n    Query q = entityManager.createQuery(query1);\n}\n\n{\n    // GOOD: use a named parameter and set its value\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query2 = \"SELECT p FROM Product p WHERE p.category LIKE :category ORDER BY p.price\"\n    Query q = entityManager.createQuery(query2);\n    q.setParameter(\"category\", category);\n}\n\n{\n    // GOOD: use a positional parameter and set its value\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query3 = \"SELECT p FROM Product p WHERE p.category LIKE ?1 ORDER BY p.price\"\n    Query q = entityManager.createQuery(query3);\n    q.setParameter(1, category);\n}\n\n{\n    // GOOD: use a named query with a named parameter and set its value\n    @NamedQuery(\n            name=\"lookupByCategory\",\n            query=\"SELECT p FROM Product p WHERE p.category LIKE :category ORDER BY p.price\")\n    private static class NQ {}\n    ...\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Query namedQuery1 = entityManager.createNamedQuery(\"lookupByCategory\");\n    namedQuery1.setParameter(\"category\", category);\n}\n\n{\n    // GOOD: use a named query with a positional parameter and set its value\n    @NamedQuery(\n            name=\"lookupByCategory\",\n            query=\"SELECT p FROM Product p WHERE p.category LIKE ?1 ORDER BY p.price\")\n    private static class NQ {}\n    ...\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Query namedQuery2 = entityManager.createNamedQuery(\"lookupByCategory\");\n    namedQuery2.setParameter(1, category);\n}\n```\n\n## References\n* OWASP: [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html).\n* SEI CERT Oracle Coding Standard for Java: [IDS00-J. Prevent SQL injection](https://wiki.sei.cmu.edu/confluence/display/java/IDS00-J.+Prevent+SQL+injection).\n* The Java Tutorials: [Using Prepared Statements](https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html).\n* The Java EE Tutorial: [The Java Persistence Query Language](https://docs.oracle.com/javaee/7/tutorial/persistence-querylanguage.htm).\n* Common Weakness Enumeration: [CWE-89](https://cwe.mitre.org/data/definitions/89.html).\n* Common Weakness Enumeration: [CWE-564](https://cwe.mitre.org/data/definitions/564.html).\n"},"properties":{"tags":["security","external/cwe/cwe-089","external/cwe/cwe-564","owasp-top10-2021","A03:2021 - Injection"],"description":"Building a SQL or Java Persistence query from user-controlled sources is vulnerable to insertion of\n              malicious code by the user.","id":"java/sql-injection","kind":"path-problem","name":"Query built from user-controlled sources","precision":"high","problem.severity":"error","security-severity":"8.8"}},{"id":"java/android/implicitly-exported-component","name":"java/android/implicitly-exported-component","shortDescription":{"text":"Implicitly exported Android component"},"fullDescription":{"text":"Android components with an '<intent-filter>' and no 'android:exported' attribute are implicitly exported, which can allow for improper access to the components themselves and to their data."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Implicitly exported Android component\nThe Android manifest file defines configuration settings for Android applications. In this file, components can be declared with intent filters which specify what the components can do and what types of intents the components can respond to. If the `android:exported` attribute is omitted from the component when an intent filter is included, then the component will be implicitly exported.\n\nAn implicitly exported component could allow for improper access to the component and its data.\n\n\n## Recommendation\nExplicitly set the `android:exported` attribute for every component or use permissions to limit access to the component.\n\n\n## Example\nIn the example below, the `android:exported` attribute is omitted when an intent filter is used.\n\n\n```xml\n<manifest ... >\n    <application ...\n        <!-- BAD: this component is implicitly exported -->\n        <activity>\n            android:name=\".Activity\">\n            <intent-filter>\n                <action android:name=\"android.intent.action.VIEW\" />\n            </intent-filter>\n        </activity>\n    </application>\n</manifest>\n\n```\nA corrected version sets the `android:exported` attribute to `false`.\n\n\n```xml\n<manifest ... >\n    <application ...\n        <!-- GOOD: this component is not exported due to 'android:exported' explicitly set to 'false'-->\n        <activity>\n            android:name=\".Activity\">\n            android:exported=\"false\"\n            <intent-filter>\n                <action android:name=\"android.intent.action.VIEW\" />\n            </intent-filter>\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Developers: [App Manifest Overview](https://developer.android.com/guide/topics/manifest/manifest-intro).\n* Android Developers: [The &lt;intent-filter&gt; element](https://developer.android.com/guide/topics/manifest/intent-filter-element).\n* Android Developers: [The android:exported attribute](https://developer.android.com/guide/topics/manifest/activity-element#exported).\n* Android Developers: [The android:permission attribute](https://developer.android.com/guide/topics/manifest/activity-element#prmsn).\n* Android Developers: [Safer component exporting](https://developer.android.com/about/versions/12/behavior-changes-12#exported).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n","markdown":"# Implicitly exported Android component\nThe Android manifest file defines configuration settings for Android applications. In this file, components can be declared with intent filters which specify what the components can do and what types of intents the components can respond to. If the `android:exported` attribute is omitted from the component when an intent filter is included, then the component will be implicitly exported.\n\nAn implicitly exported component could allow for improper access to the component and its data.\n\n\n## Recommendation\nExplicitly set the `android:exported` attribute for every component or use permissions to limit access to the component.\n\n\n## Example\nIn the example below, the `android:exported` attribute is omitted when an intent filter is used.\n\n\n```xml\n<manifest ... >\n    <application ...\n        <!-- BAD: this component is implicitly exported -->\n        <activity>\n            android:name=\".Activity\">\n            <intent-filter>\n                <action android:name=\"android.intent.action.VIEW\" />\n            </intent-filter>\n        </activity>\n    </application>\n</manifest>\n\n```\nA corrected version sets the `android:exported` attribute to `false`.\n\n\n```xml\n<manifest ... >\n    <application ...\n        <!-- GOOD: this component is not exported due to 'android:exported' explicitly set to 'false'-->\n        <activity>\n            android:name=\".Activity\">\n            android:exported=\"false\"\n            <intent-filter>\n                <action android:name=\"android.intent.action.VIEW\" />\n            </intent-filter>\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Developers: [App Manifest Overview](https://developer.android.com/guide/topics/manifest/manifest-intro).\n* Android Developers: [The &lt;intent-filter&gt; element](https://developer.android.com/guide/topics/manifest/intent-filter-element).\n* Android Developers: [The android:exported attribute](https://developer.android.com/guide/topics/manifest/activity-element#exported).\n* Android Developers: [The android:permission attribute](https://developer.android.com/guide/topics/manifest/activity-element#prmsn).\n* Android Developers: [Safer component exporting](https://developer.android.com/about/versions/12/behavior-changes-12#exported).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n"},"properties":{"tags":["security","external/cwe/cwe-926"],"description":"Android components with an '<intent-filter>' and no 'android:exported' attribute are implicitly exported, which can allow for improper access to the components themselves and to their data.","id":"java/android/implicitly-exported-component","kind":"problem","name":"Implicitly exported Android component","precision":"high","problem.severity":"warning","security-severity":"8.2"}},{"id":"java/ssrf","name":"java/ssrf","shortDescription":{"text":"Server-side request forgery"},"fullDescription":{"text":"Making web requests based on unvalidated user-input may cause the server to communicate with malicious servers."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Server-side request forgery\nDirectly incorporating user input into an HTTP request without validating the input can facilitate server-side request forgery (SSRF) attacks. In these attacks, the server may be tricked into making a request and interacting with an attacker-controlled server.\n\n\n## Recommendation\nTo guard against SSRF attacks, you should avoid putting user-provided input directly into a request URL. Instead, maintain a list of authorized URLs on the server; then choose from that list based on the input provided. Alternatively, ensure requests constructed from user input are limited to a particular host or more restrictive URL prefix.\n\n\n## Example\nThe following example shows an HTTP request parameter being used directly to form a new request without validating the input, which facilitates SSRF attacks. It also shows how to remedy the problem by validating the user input against a known fixed string.\n\n\n```java\nimport java.net.http.HttpClient;\n\npublic class SSRF extends HttpServlet {\n\tprivate static final String VALID_URI = \"http://lgtm.com\";\n\tprivate HttpClient client = HttpClient.newHttpClient();\n\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\t\tthrows ServletException, IOException {\n\t\tURI uri = new URI(request.getParameter(\"uri\"));\n\t\t// BAD: a request parameter is incorporated without validation into a Http request\n\t\tHttpRequest r = HttpRequest.newBuilder(uri).build();\n\t\tclient.send(r, null);\n\n\t\t// GOOD: the request parameter is validated against a known fixed string\n\t\tif (VALID_URI.equals(request.getParameter(\"uri\"))) {\n\t\t\tHttpRequest r2 = HttpRequest.newBuilder(uri).build();\n\t\t\tclient.send(r2, null);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* [OWASP SSRF](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery)\n* Common Weakness Enumeration: [CWE-918](https://cwe.mitre.org/data/definitions/918.html).\n","markdown":"# Server-side request forgery\nDirectly incorporating user input into an HTTP request without validating the input can facilitate server-side request forgery (SSRF) attacks. In these attacks, the server may be tricked into making a request and interacting with an attacker-controlled server.\n\n\n## Recommendation\nTo guard against SSRF attacks, you should avoid putting user-provided input directly into a request URL. Instead, maintain a list of authorized URLs on the server; then choose from that list based on the input provided. Alternatively, ensure requests constructed from user input are limited to a particular host or more restrictive URL prefix.\n\n\n## Example\nThe following example shows an HTTP request parameter being used directly to form a new request without validating the input, which facilitates SSRF attacks. It also shows how to remedy the problem by validating the user input against a known fixed string.\n\n\n```java\nimport java.net.http.HttpClient;\n\npublic class SSRF extends HttpServlet {\n\tprivate static final String VALID_URI = \"http://lgtm.com\";\n\tprivate HttpClient client = HttpClient.newHttpClient();\n\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\t\tthrows ServletException, IOException {\n\t\tURI uri = new URI(request.getParameter(\"uri\"));\n\t\t// BAD: a request parameter is incorporated without validation into a Http request\n\t\tHttpRequest r = HttpRequest.newBuilder(uri).build();\n\t\tclient.send(r, null);\n\n\t\t// GOOD: the request parameter is validated against a known fixed string\n\t\tif (VALID_URI.equals(request.getParameter(\"uri\"))) {\n\t\t\tHttpRequest r2 = HttpRequest.newBuilder(uri).build();\n\t\t\tclient.send(r2, null);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* [OWASP SSRF](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery)\n* Common Weakness Enumeration: [CWE-918](https://cwe.mitre.org/data/definitions/918.html).\n"},"properties":{"tags":["security","external/cwe/cwe-918","owasp-top10-2021","A10:2021 - Server-Side Request Forgery (SSRF)"],"description":"Making web requests based on unvalidated user-input\n              may cause the server to communicate with malicious servers.","id":"java/ssrf","kind":"path-problem","name":"Server-side request forgery","precision":"high","problem.severity":"error","security-severity":"9.1"}},{"id":"java/insecure-bean-validation","name":"java/insecure-bean-validation","shortDescription":{"text":"Insecure Bean Validation"},"fullDescription":{"text":"User-controlled data may be evaluated as a Java EL expression, leading to arbitrary code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Insecure Bean Validation\nCustom error messages for constraint validators support different types of interpolation, including [Java EL expressions](https://docs.jboss.org/hibernate/validator/5.1/reference/en-US/html/chapter-message-interpolation.html#section-interpolation-with-message-expressions). Controlling part of the message template being passed to `ConstraintValidatorContext.buildConstraintViolationWithTemplate()` argument can lead to arbitrary Java code execution. Unfortunately, it is common that validated (and therefore, normally untrusted) bean properties flow into the custom error message.\n\n\n## Recommendation\nThere are different approaches to remediate the issue:\n\n* Do not include validated bean properties in the custom error message.\n* Use parameterized messages instead of string concatenation. For example:\n```\nHibernateConstraintValidatorContext context =\n   constraintValidatorContext.unwrap(HibernateConstraintValidatorContext.class);\ncontext.addMessageParameter(\"foo\", \"bar\");\ncontext.buildConstraintViolationWithTemplate(\"My violation message contains a parameter {foo}\")\n   .addConstraintViolation();\n```\n* Sanitize the validated bean properties to make sure that there are no EL expressions. An example of valid sanitization logic can be found [here](https://github.com/hibernate/hibernate-validator/blob/master/engine/src/main/java/org/hibernate/validator/internal/engine/messageinterpolation/util/InterpolationHelper.java#L17).\n* Disable the EL interpolation and only use `ParameterMessageInterpolator`:\n```\nValidator validator = Validation.byDefaultProvider()\n   .configure()\n   .messageInterpolator(new ParameterMessageInterpolator())\n   .buildValidatorFactory()\n   .getValidator();\n```\n* Replace Hibernate Validator with Apache BVal, which in its latest version does not interpolate EL expressions by default. Note that this replacement may not be a simple drop-in replacement.\n\n## Example\nThe following validator could result in arbitrary Java code execution:\n\n\n```java\nimport javax.validation.ConstraintValidator;\nimport javax.validation.ConstraintValidatorContext;\nimport org.hibernate.validator.constraintvalidation.HibernateConstraintValidatorContext;\nimport java.util.regex.Matcher;\nimport java.util.regex.Pattern;\n\npublic class TestValidator implements ConstraintValidator<Object, String> {\n\n    public static class InterpolationHelper {\n\n        public static final char BEGIN_TERM = '{';\n        public static final char END_TERM = '}';\n        public static final char EL_DESIGNATOR = '$';\n        public static final char ESCAPE_CHARACTER = '\\\\';\n\n        private static final Pattern ESCAPE_MESSAGE_PARAMETER_PATTERN = Pattern.compile( \"([\\\\\" + ESCAPE_CHARACTER + BEGIN_TERM + END_TERM + EL_DESIGNATOR + \"])\" );\n\n        private InterpolationHelper() {\n        }\n\n        public static String escapeMessageParameter(String messageParameter) {\n            if ( messageParameter == null ) {\n                return null;\n            }\n            return ESCAPE_MESSAGE_PARAMETER_PATTERN.matcher( messageParameter ).replaceAll( Matcher.quoteReplacement( String.valueOf( ESCAPE_CHARACTER ) ) + \"$1\" );\n        }\n\n    }\n\n    @Override\n    public boolean isValid(String object, ConstraintValidatorContext constraintContext) {\n        String value = object + \" is invalid\";\n\n        // Bad: Bean properties (normally user-controlled) are passed directly to `buildConstraintViolationWithTemplate`\n        constraintContext.buildConstraintViolationWithTemplate(value).addConstraintViolation().disableDefaultConstraintViolation();\n\n        // Good: Bean properties (normally user-controlled) are escaped \n        String escaped = InterpolationHelper.escapeMessageParameter(value);\n        constraintContext.buildConstraintViolationWithTemplate(escaped).addConstraintViolation().disableDefaultConstraintViolation();\n\n        // Good: Bean properties (normally user-controlled) are parameterized\n        HibernateConstraintValidatorContext context = constraintContext.unwrap( HibernateConstraintValidatorContext.class );\n        context.addMessageParameter( \"prop\", object );\n        context.buildConstraintViolationWithTemplate( \"{prop} is invalid\").addConstraintViolation();\n        return false;\n    }\n\n}\n\n```\n\n## References\n* Hibernate Reference Guide: [ConstraintValidatorContext](https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code).\n* GitHub Security Lab research: [Bean validation](https://securitylab.github.com/research/bean-validation-RCE).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Insecure Bean Validation\nCustom error messages for constraint validators support different types of interpolation, including [Java EL expressions](https://docs.jboss.org/hibernate/validator/5.1/reference/en-US/html/chapter-message-interpolation.html#section-interpolation-with-message-expressions). Controlling part of the message template being passed to `ConstraintValidatorContext.buildConstraintViolationWithTemplate()` argument can lead to arbitrary Java code execution. Unfortunately, it is common that validated (and therefore, normally untrusted) bean properties flow into the custom error message.\n\n\n## Recommendation\nThere are different approaches to remediate the issue:\n\n* Do not include validated bean properties in the custom error message.\n* Use parameterized messages instead of string concatenation. For example:\n```\nHibernateConstraintValidatorContext context =\n   constraintValidatorContext.unwrap(HibernateConstraintValidatorContext.class);\ncontext.addMessageParameter(\"foo\", \"bar\");\ncontext.buildConstraintViolationWithTemplate(\"My violation message contains a parameter {foo}\")\n   .addConstraintViolation();\n```\n* Sanitize the validated bean properties to make sure that there are no EL expressions. An example of valid sanitization logic can be found [here](https://github.com/hibernate/hibernate-validator/blob/master/engine/src/main/java/org/hibernate/validator/internal/engine/messageinterpolation/util/InterpolationHelper.java#L17).\n* Disable the EL interpolation and only use `ParameterMessageInterpolator`:\n```\nValidator validator = Validation.byDefaultProvider()\n   .configure()\n   .messageInterpolator(new ParameterMessageInterpolator())\n   .buildValidatorFactory()\n   .getValidator();\n```\n* Replace Hibernate Validator with Apache BVal, which in its latest version does not interpolate EL expressions by default. Note that this replacement may not be a simple drop-in replacement.\n\n## Example\nThe following validator could result in arbitrary Java code execution:\n\n\n```java\nimport javax.validation.ConstraintValidator;\nimport javax.validation.ConstraintValidatorContext;\nimport org.hibernate.validator.constraintvalidation.HibernateConstraintValidatorContext;\nimport java.util.regex.Matcher;\nimport java.util.regex.Pattern;\n\npublic class TestValidator implements ConstraintValidator<Object, String> {\n\n    public static class InterpolationHelper {\n\n        public static final char BEGIN_TERM = '{';\n        public static final char END_TERM = '}';\n        public static final char EL_DESIGNATOR = '$';\n        public static final char ESCAPE_CHARACTER = '\\\\';\n\n        private static final Pattern ESCAPE_MESSAGE_PARAMETER_PATTERN = Pattern.compile( \"([\\\\\" + ESCAPE_CHARACTER + BEGIN_TERM + END_TERM + EL_DESIGNATOR + \"])\" );\n\n        private InterpolationHelper() {\n        }\n\n        public static String escapeMessageParameter(String messageParameter) {\n            if ( messageParameter == null ) {\n                return null;\n            }\n            return ESCAPE_MESSAGE_PARAMETER_PATTERN.matcher( messageParameter ).replaceAll( Matcher.quoteReplacement( String.valueOf( ESCAPE_CHARACTER ) ) + \"$1\" );\n        }\n\n    }\n\n    @Override\n    public boolean isValid(String object, ConstraintValidatorContext constraintContext) {\n        String value = object + \" is invalid\";\n\n        // Bad: Bean properties (normally user-controlled) are passed directly to `buildConstraintViolationWithTemplate`\n        constraintContext.buildConstraintViolationWithTemplate(value).addConstraintViolation().disableDefaultConstraintViolation();\n\n        // Good: Bean properties (normally user-controlled) are escaped \n        String escaped = InterpolationHelper.escapeMessageParameter(value);\n        constraintContext.buildConstraintViolationWithTemplate(escaped).addConstraintViolation().disableDefaultConstraintViolation();\n\n        // Good: Bean properties (normally user-controlled) are parameterized\n        HibernateConstraintValidatorContext context = constraintContext.unwrap( HibernateConstraintValidatorContext.class );\n        context.addMessageParameter( \"prop\", object );\n        context.buildConstraintViolationWithTemplate( \"{prop} is invalid\").addConstraintViolation();\n        return false;\n    }\n\n}\n\n```\n\n## References\n* Hibernate Reference Guide: [ConstraintValidatorContext](https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code).\n* GitHub Security Lab research: [Bean validation](https://securitylab.github.com/research/bean-validation-RCE).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-094"],"description":"User-controlled data may be evaluated as a Java EL expression, leading to arbitrary code execution.","id":"java/insecure-bean-validation","kind":"path-problem","name":"Insecure Bean Validation","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/spel-expression-injection","name":"java/spel-expression-injection","shortDescription":{"text":"Expression language injection (Spring)"},"fullDescription":{"text":"Evaluation of a user-controlled Spring Expression Language (SpEL) expression may lead to remote code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Expression language injection (Spring)\nThe Spring Expression Language (SpEL) is a powerful expression language provided by the Spring Framework. The language offers many features including invocation of methods available in the JVM. If a SpEL expression is built using attacker-controlled data, and then evaluated in a powerful context, then it may allow the attacker to run arbitrary code.\n\nThe `SpelExpressionParser` class parses a SpEL expression string and returns an `Expression` instance that can be then evaluated by calling one of its methods. By default, an expression is evaluated in a powerful `StandardEvaluationContext` that allows the expression to access other methods available in the JVM.\n\n\n## Recommendation\nIn general, including user input in a SpEL expression should be avoided. If user input must be included in the expression, it should be then evaluated in a limited context that doesn't allow arbitrary method invocation.\n\n\n## Example\nThe following example uses untrusted data to build a SpEL expression and then runs it in the default powerful context.\n\n\n```java\npublic Object evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n      new InputStreamReader(socket.getInputStream()))) {\n\n    String string = reader.readLine();\n    ExpressionParser parser = new SpelExpressionParser();\n    Expression expression = parser.parseExpression(string);\n    return expression.getValue();\n  }\n}\n```\nThe next example shows how an untrusted SpEL expression can be run in `SimpleEvaluationContext` that doesn't allow accessing arbitrary methods. However, it's recommended to avoid using untrusted input in SpEL expressions.\n\n\n```java\npublic Object evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n      new InputStreamReader(socket.getInputStream()))) {\n\n    String string = reader.readLine();\n    ExpressionParser parser = new SpelExpressionParser();\n    Expression expression = parser.parseExpression(string);\n    SimpleEvaluationContext context \n        = SimpleEvaluationContext.forReadWriteDataBinding().build();\n    return expression.getValue(context);\n  }\n}\n```\n\n## References\n* Spring Framework Reference Documentation: [Spring Expression Language (SpEL)](https://docs.spring.io/spring/docs/4.2.x/spring-framework-reference/html/expressions.html).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Expression language injection (Spring)\nThe Spring Expression Language (SpEL) is a powerful expression language provided by the Spring Framework. The language offers many features including invocation of methods available in the JVM. If a SpEL expression is built using attacker-controlled data, and then evaluated in a powerful context, then it may allow the attacker to run arbitrary code.\n\nThe `SpelExpressionParser` class parses a SpEL expression string and returns an `Expression` instance that can be then evaluated by calling one of its methods. By default, an expression is evaluated in a powerful `StandardEvaluationContext` that allows the expression to access other methods available in the JVM.\n\n\n## Recommendation\nIn general, including user input in a SpEL expression should be avoided. If user input must be included in the expression, it should be then evaluated in a limited context that doesn't allow arbitrary method invocation.\n\n\n## Example\nThe following example uses untrusted data to build a SpEL expression and then runs it in the default powerful context.\n\n\n```java\npublic Object evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n      new InputStreamReader(socket.getInputStream()))) {\n\n    String string = reader.readLine();\n    ExpressionParser parser = new SpelExpressionParser();\n    Expression expression = parser.parseExpression(string);\n    return expression.getValue();\n  }\n}\n```\nThe next example shows how an untrusted SpEL expression can be run in `SimpleEvaluationContext` that doesn't allow accessing arbitrary methods. However, it's recommended to avoid using untrusted input in SpEL expressions.\n\n\n```java\npublic Object evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n      new InputStreamReader(socket.getInputStream()))) {\n\n    String string = reader.readLine();\n    ExpressionParser parser = new SpelExpressionParser();\n    Expression expression = parser.parseExpression(string);\n    SimpleEvaluationContext context \n        = SimpleEvaluationContext.forReadWriteDataBinding().build();\n    return expression.getValue(context);\n  }\n}\n```\n\n## References\n* Spring Framework Reference Documentation: [Spring Expression Language (SpEL)](https://docs.spring.io/spring/docs/4.2.x/spring-framework-reference/html/expressions.html).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-094"],"description":"Evaluation of a user-controlled Spring Expression Language (SpEL) expression\n              may lead to remote code execution.","id":"java/spel-expression-injection","kind":"path-problem","name":"Expression language injection (Spring)","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/groovy-injection","name":"java/groovy-injection","shortDescription":{"text":"Groovy Language injection"},"fullDescription":{"text":"Evaluation of a user-controlled Groovy script may lead to arbitrary code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Groovy Language injection\nApache Groovy is a powerful, optionally typed and dynamic language, with static-typing and static compilation capabilities. It integrates smoothly with any Java program, and immediately delivers to your application powerful features, including scripting capabilities, Domain-Specific Language authoring, runtime and compile-time meta-programming and functional programming. If a Groovy script is built using attacker-controlled data, and then evaluated, then it may allow the attacker to achieve RCE.\n\n\n## Recommendation\nIt is generally recommended to avoid using untrusted input in a Groovy evaluation. If this is not possible, use a sandbox solution. Developers must also take care that Groovy compile-time metaprogramming can also lead to RCE: it is possible to achieve RCE by compiling a Groovy script (see the article \"Abusing Meta Programming for Unauthenticated RCE!\" linked below). Groovy's `SecureASTCustomizer` allows securing source code by controlling what code constructs are permitted. This is typically done when using Groovy for its scripting or domain specific language (DSL) features. The fundamental problem is that Groovy is a dynamic language, yet `SecureASTCustomizer` works by looking at Groovy AST statically. This makes it very easy for an attacker to bypass many of the intended checks (see \\[Groovy SecureASTCustomizer is harmful\\](https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/)). Therefore, besides `SecureASTCustomizer`, runtime checks are also necessary before calling Groovy methods (see \\[Improved sandboxing of Groovy scripts\\](https://melix.github.io/blog/2015/03/sandboxing.html)). It is also possible to use a block-list method, excluding unwanted classes from being loaded by the JVM. This method is not always recommended, because block-lists can be bypassed by unexpected values.\n\n\n## Example\nThe following example uses untrusted data to evaluate a Groovy script.\n\n\n```java\npublic class GroovyInjection {\n    void injectionViaClassLoader(HttpServletRequest request) {    \n        String script = request.getParameter(\"script\");\n        final GroovyClassLoader classLoader = new GroovyClassLoader();\n        Class groovy = classLoader.parseClass(script);\n        GroovyObject groovyObj = (GroovyObject) groovy.newInstance();\n    }\n\n    void injectionViaEval(HttpServletRequest request) {\n        String script = request.getParameter(\"script\");\n        Eval.me(script);\n    }\n\n    void injectionViaGroovyShell(HttpServletRequest request) {\n        GroovyShell shell = new GroovyShell();\n        String script = request.getParameter(\"script\");\n        shell.evaluate(script);\n    }\n\n    void injectionViaGroovyShellGroovyCodeSource(HttpServletRequest request) {\n        GroovyShell shell = new GroovyShell();\n        String script = request.getParameter(\"script\");\n        GroovyCodeSource gcs = new GroovyCodeSource(script, \"test\", \"Test\");\n        shell.evaluate(gcs);\n    }\n}\n\n\n```\nThe following example uses classloader block-list approach to exclude loading dangerous classes.\n\n\n```java\npublic class SandboxGroovyClassLoader extends ClassLoader {\n    public SandboxGroovyClassLoader(ClassLoader parent) {\n        super(parent);\n    }\n\n    /* override `loadClass` here to prevent loading sensitive classes, such as `java.lang.Runtime`, `java.lang.ProcessBuilder`, `java.lang.System`, etc.  */\n    /* Note we must also block `groovy.transform.ASTTest`, `groovy.lang.GrabConfig` and `org.buildobjects.process.ProcBuilder` to prevent compile-time RCE. */\n\n    static void runWithSandboxGroovyClassLoader() throws Exception {\n        // GOOD: route all class-loading via sand-boxing classloader.\n        SandboxGroovyClassLoader classLoader = new GroovyClassLoader(new SandboxGroovyClassLoader());\n        \n        Class<?> scriptClass = classLoader.parseClass(untrusted.getQueryString());\n        Object scriptInstance = scriptClass.newInstance();\n        Object result = scriptClass.getDeclaredMethod(\"bar\", new Class[]{}).invoke(scriptInstance, new Object[]{});\n    }\n}\n```\n\n## References\n* Orange Tsai: [Abusing Meta Programming for Unauthenticated RCE!](https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html).\n* Cédric Champeau: [Improved sandboxing of Groovy scripts](https://melix.github.io/blog/2015/03/sandboxing.html).\n* Kohsuke Kawaguchi: [Groovy SecureASTCustomizer is harmful](https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/).\n* Welk1n: [Groovy Injection payloads](https://github.com/welk1n/exploiting-groovy-in-Java/).\n* Charles Chan: [Secure Groovy Script Execution in a Sandbox](https://levelup.gitconnected.com/secure-groovy-script-execution-in-a-sandbox-ea39f80ee87/).\n* Eugene: [Scripting and sandboxing in a JVM environment](https://stringconcat.com/en/scripting-and-sandboxing/).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Groovy Language injection\nApache Groovy is a powerful, optionally typed and dynamic language, with static-typing and static compilation capabilities. It integrates smoothly with any Java program, and immediately delivers to your application powerful features, including scripting capabilities, Domain-Specific Language authoring, runtime and compile-time meta-programming and functional programming. If a Groovy script is built using attacker-controlled data, and then evaluated, then it may allow the attacker to achieve RCE.\n\n\n## Recommendation\nIt is generally recommended to avoid using untrusted input in a Groovy evaluation. If this is not possible, use a sandbox solution. Developers must also take care that Groovy compile-time metaprogramming can also lead to RCE: it is possible to achieve RCE by compiling a Groovy script (see the article \"Abusing Meta Programming for Unauthenticated RCE!\" linked below). Groovy's `SecureASTCustomizer` allows securing source code by controlling what code constructs are permitted. This is typically done when using Groovy for its scripting or domain specific language (DSL) features. The fundamental problem is that Groovy is a dynamic language, yet `SecureASTCustomizer` works by looking at Groovy AST statically. This makes it very easy for an attacker to bypass many of the intended checks (see \\[Groovy SecureASTCustomizer is harmful\\](https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/)). Therefore, besides `SecureASTCustomizer`, runtime checks are also necessary before calling Groovy methods (see \\[Improved sandboxing of Groovy scripts\\](https://melix.github.io/blog/2015/03/sandboxing.html)). It is also possible to use a block-list method, excluding unwanted classes from being loaded by the JVM. This method is not always recommended, because block-lists can be bypassed by unexpected values.\n\n\n## Example\nThe following example uses untrusted data to evaluate a Groovy script.\n\n\n```java\npublic class GroovyInjection {\n    void injectionViaClassLoader(HttpServletRequest request) {    \n        String script = request.getParameter(\"script\");\n        final GroovyClassLoader classLoader = new GroovyClassLoader();\n        Class groovy = classLoader.parseClass(script);\n        GroovyObject groovyObj = (GroovyObject) groovy.newInstance();\n    }\n\n    void injectionViaEval(HttpServletRequest request) {\n        String script = request.getParameter(\"script\");\n        Eval.me(script);\n    }\n\n    void injectionViaGroovyShell(HttpServletRequest request) {\n        GroovyShell shell = new GroovyShell();\n        String script = request.getParameter(\"script\");\n        shell.evaluate(script);\n    }\n\n    void injectionViaGroovyShellGroovyCodeSource(HttpServletRequest request) {\n        GroovyShell shell = new GroovyShell();\n        String script = request.getParameter(\"script\");\n        GroovyCodeSource gcs = new GroovyCodeSource(script, \"test\", \"Test\");\n        shell.evaluate(gcs);\n    }\n}\n\n\n```\nThe following example uses classloader block-list approach to exclude loading dangerous classes.\n\n\n```java\npublic class SandboxGroovyClassLoader extends ClassLoader {\n    public SandboxGroovyClassLoader(ClassLoader parent) {\n        super(parent);\n    }\n\n    /* override `loadClass` here to prevent loading sensitive classes, such as `java.lang.Runtime`, `java.lang.ProcessBuilder`, `java.lang.System`, etc.  */\n    /* Note we must also block `groovy.transform.ASTTest`, `groovy.lang.GrabConfig` and `org.buildobjects.process.ProcBuilder` to prevent compile-time RCE. */\n\n    static void runWithSandboxGroovyClassLoader() throws Exception {\n        // GOOD: route all class-loading via sand-boxing classloader.\n        SandboxGroovyClassLoader classLoader = new GroovyClassLoader(new SandboxGroovyClassLoader());\n        \n        Class<?> scriptClass = classLoader.parseClass(untrusted.getQueryString());\n        Object scriptInstance = scriptClass.newInstance();\n        Object result = scriptClass.getDeclaredMethod(\"bar\", new Class[]{}).invoke(scriptInstance, new Object[]{});\n    }\n}\n```\n\n## References\n* Orange Tsai: [Abusing Meta Programming for Unauthenticated RCE!](https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html).\n* Cédric Champeau: [Improved sandboxing of Groovy scripts](https://melix.github.io/blog/2015/03/sandboxing.html).\n* Kohsuke Kawaguchi: [Groovy SecureASTCustomizer is harmful](https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/).\n* Welk1n: [Groovy Injection payloads](https://github.com/welk1n/exploiting-groovy-in-Java/).\n* Charles Chan: [Secure Groovy Script Execution in a Sandbox](https://levelup.gitconnected.com/secure-groovy-script-execution-in-a-sandbox-ea39f80ee87/).\n* Eugene: [Scripting and sandboxing in a JVM environment](https://stringconcat.com/en/scripting-and-sandboxing/).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-094"],"description":"Evaluation of a user-controlled Groovy script\n              may lead to arbitrary code execution.","id":"java/groovy-injection","kind":"path-problem","name":"Groovy Language injection","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/mvel-expression-injection","name":"java/mvel-expression-injection","shortDescription":{"text":"Expression language injection (MVEL)"},"fullDescription":{"text":"Evaluation of a user-controlled MVEL expression may lead to remote code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Expression language injection (MVEL)\nMVEL is an expression language based on Java-syntax, which offers many features including invocation of methods available in the JVM. If a MVEL expression is built using attacker-controlled data, and then evaluated, then it may allow attackers to run arbitrary code.\n\n\n## Recommendation\nIncluding user input in a MVEL expression should be avoided.\n\n\n## Example\nIn the following sample, the first example uses untrusted data to build a MVEL expression and then runs it in the default context. In the second example, the untrusted data is validated with a custom method that checks that the expression does not contain unexpected code before evaluating it.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n    new InputStreamReader(socket.getInputStream()))) {\n  \n    String expression = reader.readLine();\n    // BAD: the user-provided expression is directly evaluated\n    MVEL.eval(expression);\n  }\n}\n\npublic void safeEvaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n    new InputStreamReader(socket.getInputStream()))) {\n  \n    String expression = reader.readLine();\n    // GOOD: the user-provided expression is validated before evaluation\n    validateExpression(expression);\n    MVEL.eval(expression);\n  }\n}\n\nprivate void validateExpression(String expression) {\n  // Validate that the expression does not contain unexpected code.\n  // For instance, this can be done with allow-lists or deny-lists of code patterns.\n}\n```\n\n## References\n* MVEL Documentation: [Language Guide for 2.0](http://mvel.documentnode.com/).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Expression language injection (MVEL)\nMVEL is an expression language based on Java-syntax, which offers many features including invocation of methods available in the JVM. If a MVEL expression is built using attacker-controlled data, and then evaluated, then it may allow attackers to run arbitrary code.\n\n\n## Recommendation\nIncluding user input in a MVEL expression should be avoided.\n\n\n## Example\nIn the following sample, the first example uses untrusted data to build a MVEL expression and then runs it in the default context. In the second example, the untrusted data is validated with a custom method that checks that the expression does not contain unexpected code before evaluating it.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n    new InputStreamReader(socket.getInputStream()))) {\n  \n    String expression = reader.readLine();\n    // BAD: the user-provided expression is directly evaluated\n    MVEL.eval(expression);\n  }\n}\n\npublic void safeEvaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n    new InputStreamReader(socket.getInputStream()))) {\n  \n    String expression = reader.readLine();\n    // GOOD: the user-provided expression is validated before evaluation\n    validateExpression(expression);\n    MVEL.eval(expression);\n  }\n}\n\nprivate void validateExpression(String expression) {\n  // Validate that the expression does not contain unexpected code.\n  // For instance, this can be done with allow-lists or deny-lists of code patterns.\n}\n```\n\n## References\n* MVEL Documentation: [Language Guide for 2.0](http://mvel.documentnode.com/).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-094"],"description":"Evaluation of a user-controlled MVEL expression\n              may lead to remote code execution.","id":"java/mvel-expression-injection","kind":"path-problem","name":"Expression language injection (MVEL)","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/jexl-expression-injection","name":"java/jexl-expression-injection","shortDescription":{"text":"Expression language injection (JEXL)"},"fullDescription":{"text":"Evaluation of a user-controlled JEXL expression may lead to arbitrary code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Expression language injection (JEXL)\nJava EXpression Language (JEXL) is a simple expression language provided by the Apache Commons JEXL library. The syntax is close to a mix of ECMAScript and shell-script. The language allows invocation of methods available in the JVM. If a JEXL expression is built using attacker-controlled data, and then evaluated, then it may allow the attacker to run arbitrary code.\n\n\n## Recommendation\nIt is generally recommended to avoid using untrusted input in a JEXL expression. If it is not possible, JEXL expressions should be run in a sandbox that allows accessing only explicitly allowed classes.\n\n\n## Example\nThe following example uses untrusted data to build and run a JEXL expression.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    String input = reader.readLine();\n    JexlEngine jexl = new JexlBuilder().create();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n}\n```\nThe next example shows how an untrusted JEXL expression can be run in a sandbox that allows accessing only methods in the `java.lang.Math` class. The sandbox is implemented using `JexlSandbox` class that is provided by Apache Commons JEXL 3.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    JexlSandbox onlyMath = new JexlSandbox(false);\n    onlyMath.white(\"java.lang.Math\");\n    JexlEngine jexl = new JexlBuilder().sandbox(onlyMath).create();\n      \n    String input = reader.readLine();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n}\n```\nThe next example shows another way how a sandbox can be implemented. It uses a custom implementation of `JexlUberspect` that checks if callees are instances of allowed classes.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    JexlUberspect sandbox = new JexlUberspectSandbox();\n    JexlEngine jexl = new JexlBuilder().uberspect(sandbox).create();\n      \n    String input = reader.readLine();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n\n  private static class JexlUberspectSandbox implements JexlUberspect {\n\n    private static final List<String> ALLOWED_CLASSES =\n              Arrays.asList(\"java.lang.Math\", \"java.util.Random\");\n\n    private final JexlUberspect uberspect = new JexlBuilder().create().getUberspect();\n\n    private void checkAccess(Object obj) {\n      if (!ALLOWED_CLASSES.contains(obj.getClass().getCanonicalName())) {\n        throw new AccessControlException(\"Not allowed\");\n      }\n    }\n\n    @Override\n    public JexlMethod getMethod(Object obj, String method, Object... args) {\n      checkAccess(obj);\n      return uberspect.getMethod(obj, method, args);\n    }\n\n    @Override\n    public List<PropertyResolver> getResolvers(JexlOperator op, Object obj) {\n      checkAccess(obj);\n      return uberspect.getResolvers(op, obj);\n    }\n\n    @Override\n    public void setClassLoader(ClassLoader loader) {\n      uberspect.setClassLoader(loader);\n    }\n\n    @Override\n    public int getVersion() {\n      return uberspect.getVersion();\n    }\n\n    @Override\n    public JexlMethod getConstructor(Object obj, Object... args) {\n      checkAccess(obj);\n      return uberspect.getConstructor(obj, args);\n    }\n\n    @Override\n    public JexlPropertyGet getPropertyGet(Object obj, Object identifier) {\n      checkAccess(obj);\n      return uberspect.getPropertyGet(obj, identifier);\n    }\n\n    @Override\n    public JexlPropertyGet getPropertyGet(List<PropertyResolver> resolvers, Object obj, Object identifier) {\n      checkAccess(obj);\n      return uberspect.getPropertyGet(resolvers, obj, identifier);\n    }\n\n    @Override\n    public JexlPropertySet getPropertySet(Object obj, Object identifier, Object arg) {\n      checkAccess(obj);\n      return uberspect.getPropertySet(obj, identifier, arg);\n    }\n\n    @Override\n    public JexlPropertySet getPropertySet(List<PropertyResolver> resolvers, Object obj, Object identifier, Object arg) {\n      checkAccess(obj);\n      return uberspect.getPropertySet(resolvers, obj, identifier, arg);\n    }\n\n    @Override\n    public Iterator<?> getIterator(Object obj) {\n      checkAccess(obj);\n      return uberspect.getIterator(obj);\n    }\n\n    @Override\n    public JexlArithmetic.Uberspect getArithmetic(JexlArithmetic arithmetic) {\n      return uberspect.getArithmetic(arithmetic);\n    } \n  }\n}\n```\n\n## References\n* Apache Commons JEXL: [Project page](https://commons.apache.org/proper/commons-jexl/).\n* Apache Commons JEXL documentation: [JEXL 2.1.1 API](https://commons.apache.org/proper/commons-jexl/javadocs/apidocs-2.1.1/).\n* Apache Commons JEXL documentation: [JEXL 3.1 API](https://commons.apache.org/proper/commons-jexl/apidocs/index.html).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Expression language injection (JEXL)\nJava EXpression Language (JEXL) is a simple expression language provided by the Apache Commons JEXL library. The syntax is close to a mix of ECMAScript and shell-script. The language allows invocation of methods available in the JVM. If a JEXL expression is built using attacker-controlled data, and then evaluated, then it may allow the attacker to run arbitrary code.\n\n\n## Recommendation\nIt is generally recommended to avoid using untrusted input in a JEXL expression. If it is not possible, JEXL expressions should be run in a sandbox that allows accessing only explicitly allowed classes.\n\n\n## Example\nThe following example uses untrusted data to build and run a JEXL expression.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    String input = reader.readLine();\n    JexlEngine jexl = new JexlBuilder().create();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n}\n```\nThe next example shows how an untrusted JEXL expression can be run in a sandbox that allows accessing only methods in the `java.lang.Math` class. The sandbox is implemented using `JexlSandbox` class that is provided by Apache Commons JEXL 3.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    JexlSandbox onlyMath = new JexlSandbox(false);\n    onlyMath.white(\"java.lang.Math\");\n    JexlEngine jexl = new JexlBuilder().sandbox(onlyMath).create();\n      \n    String input = reader.readLine();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n}\n```\nThe next example shows another way how a sandbox can be implemented. It uses a custom implementation of `JexlUberspect` that checks if callees are instances of allowed classes.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    JexlUberspect sandbox = new JexlUberspectSandbox();\n    JexlEngine jexl = new JexlBuilder().uberspect(sandbox).create();\n      \n    String input = reader.readLine();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n\n  private static class JexlUberspectSandbox implements JexlUberspect {\n\n    private static final List<String> ALLOWED_CLASSES =\n              Arrays.asList(\"java.lang.Math\", \"java.util.Random\");\n\n    private final JexlUberspect uberspect = new JexlBuilder().create().getUberspect();\n\n    private void checkAccess(Object obj) {\n      if (!ALLOWED_CLASSES.contains(obj.getClass().getCanonicalName())) {\n        throw new AccessControlException(\"Not allowed\");\n      }\n    }\n\n    @Override\n    public JexlMethod getMethod(Object obj, String method, Object... args) {\n      checkAccess(obj);\n      return uberspect.getMethod(obj, method, args);\n    }\n\n    @Override\n    public List<PropertyResolver> getResolvers(JexlOperator op, Object obj) {\n      checkAccess(obj);\n      return uberspect.getResolvers(op, obj);\n    }\n\n    @Override\n    public void setClassLoader(ClassLoader loader) {\n      uberspect.setClassLoader(loader);\n    }\n\n    @Override\n    public int getVersion() {\n      return uberspect.getVersion();\n    }\n\n    @Override\n    public JexlMethod getConstructor(Object obj, Object... args) {\n      checkAccess(obj);\n      return uberspect.getConstructor(obj, args);\n    }\n\n    @Override\n    public JexlPropertyGet getPropertyGet(Object obj, Object identifier) {\n      checkAccess(obj);\n      return uberspect.getPropertyGet(obj, identifier);\n    }\n\n    @Override\n    public JexlPropertyGet getPropertyGet(List<PropertyResolver> resolvers, Object obj, Object identifier) {\n      checkAccess(obj);\n      return uberspect.getPropertyGet(resolvers, obj, identifier);\n    }\n\n    @Override\n    public JexlPropertySet getPropertySet(Object obj, Object identifier, Object arg) {\n      checkAccess(obj);\n      return uberspect.getPropertySet(obj, identifier, arg);\n    }\n\n    @Override\n    public JexlPropertySet getPropertySet(List<PropertyResolver> resolvers, Object obj, Object identifier, Object arg) {\n      checkAccess(obj);\n      return uberspect.getPropertySet(resolvers, obj, identifier, arg);\n    }\n\n    @Override\n    public Iterator<?> getIterator(Object obj) {\n      checkAccess(obj);\n      return uberspect.getIterator(obj);\n    }\n\n    @Override\n    public JexlArithmetic.Uberspect getArithmetic(JexlArithmetic arithmetic) {\n      return uberspect.getArithmetic(arithmetic);\n    } \n  }\n}\n```\n\n## References\n* Apache Commons JEXL: [Project page](https://commons.apache.org/proper/commons-jexl/).\n* Apache Commons JEXL documentation: [JEXL 2.1.1 API](https://commons.apache.org/proper/commons-jexl/javadocs/apidocs-2.1.1/).\n* Apache Commons JEXL documentation: [JEXL 3.1 API](https://commons.apache.org/proper/commons-jexl/apidocs/index.html).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-094"],"description":"Evaluation of a user-controlled JEXL expression\n              may lead to arbitrary code execution.","id":"java/jexl-expression-injection","kind":"path-problem","name":"Expression language injection (JEXL)","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/server-side-template-injection","name":"java/server-side-template-injection","shortDescription":{"text":"Server-side template injection"},"fullDescription":{"text":"Untrusted input interpreted as a template can lead to remote code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Server-side template injection\nTemplate injection occurs when user input is embedded in a template's code in an unsafe manner. An attacker can use native template syntax to inject a malicious payload into a template, which is then executed server-side. This permits the attacker to run arbitrary code in the server's context.\n\n\n## Recommendation\nTo fix this, ensure that untrusted input is not used as part of a template's code. If the application requirements do not allow this, use a sandboxed environment where access to unsafe attributes and methods is prohibited.\n\n\n## Example\nIn the example given below, an untrusted HTTP parameter `code` is used as a Velocity template string. This can lead to remote code execution.\n\n\n```java\n@Controller\npublic class VelocitySSTI {\n\n\t@GetMapping(value = \"bad\")\n\tpublic void bad(HttpServletRequest request) {\n\t\tVelocity.init();\n\n\t\tString code = request.getParameter(\"code\");\n\n\t\tVelocityContext context = new VelocityContext();\n\n\t\tcontext.put(\"name\", \"Velocity\");\n\t\tcontext.put(\"project\", \"Jakarta\");\n\n\t\tStringWriter w = new StringWriter();\n\t\t// evaluate( Context context, Writer out, String logTag, String instring )\n\t\tVelocity.evaluate(context, w, \"mystring\", code);\n\t}\n}\n\n```\nIn the next example, the problem is avoided by using a fixed template string `s`. Since the template's code is not attacker-controlled in this case, this solution prevents the execution of untrusted code.\n\n\n```java\n@Controller\npublic class VelocitySSTI {\n\n\t@GetMapping(value = \"good\")\n\tpublic void good(HttpServletRequest request) {\n\t\tVelocity.init();\n\t\tVelocityContext context = new VelocityContext();\n\n\t\tcontext.put(\"name\", \"Velocity\");\n\t\tcontext.put(\"project\", \"Jakarta\");\n\n\t\tString s = \"We are using $project $name to render this.\";\n\t\tStringWriter w = new StringWriter();\n\t\tVelocity.evaluate(context, w, \"mystring\", s);\n\t\tSystem.out.println(\" string : \" + w);\n\t}\n}\n\n```\n\n## References\n* Portswigger: [Server Side Template Injection](https://portswigger.net/web-security/server-side-template-injection).\n* Common Weakness Enumeration: [CWE-1336](https://cwe.mitre.org/data/definitions/1336.html).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Server-side template injection\nTemplate injection occurs when user input is embedded in a template's code in an unsafe manner. An attacker can use native template syntax to inject a malicious payload into a template, which is then executed server-side. This permits the attacker to run arbitrary code in the server's context.\n\n\n## Recommendation\nTo fix this, ensure that untrusted input is not used as part of a template's code. If the application requirements do not allow this, use a sandboxed environment where access to unsafe attributes and methods is prohibited.\n\n\n## Example\nIn the example given below, an untrusted HTTP parameter `code` is used as a Velocity template string. This can lead to remote code execution.\n\n\n```java\n@Controller\npublic class VelocitySSTI {\n\n\t@GetMapping(value = \"bad\")\n\tpublic void bad(HttpServletRequest request) {\n\t\tVelocity.init();\n\n\t\tString code = request.getParameter(\"code\");\n\n\t\tVelocityContext context = new VelocityContext();\n\n\t\tcontext.put(\"name\", \"Velocity\");\n\t\tcontext.put(\"project\", \"Jakarta\");\n\n\t\tStringWriter w = new StringWriter();\n\t\t// evaluate( Context context, Writer out, String logTag, String instring )\n\t\tVelocity.evaluate(context, w, \"mystring\", code);\n\t}\n}\n\n```\nIn the next example, the problem is avoided by using a fixed template string `s`. Since the template's code is not attacker-controlled in this case, this solution prevents the execution of untrusted code.\n\n\n```java\n@Controller\npublic class VelocitySSTI {\n\n\t@GetMapping(value = \"good\")\n\tpublic void good(HttpServletRequest request) {\n\t\tVelocity.init();\n\t\tVelocityContext context = new VelocityContext();\n\n\t\tcontext.put(\"name\", \"Velocity\");\n\t\tcontext.put(\"project\", \"Jakarta\");\n\n\t\tString s = \"We are using $project $name to render this.\";\n\t\tStringWriter w = new StringWriter();\n\t\tVelocity.evaluate(context, w, \"mystring\", s);\n\t\tSystem.out.println(\" string : \" + w);\n\t}\n}\n\n```\n\n## References\n* Portswigger: [Server Side Template Injection](https://portswigger.net/web-security/server-side-template-injection).\n* Common Weakness Enumeration: [CWE-1336](https://cwe.mitre.org/data/definitions/1336.html).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-1336","external/cwe/cwe-094"],"description":"Untrusted input interpreted as a template can lead to remote code execution.","id":"java/server-side-template-injection","kind":"path-problem","name":"Server-side template injection","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/spring-disabled-csrf-protection","name":"java/spring-disabled-csrf-protection","shortDescription":{"text":"Disabled Spring CSRF protection"},"fullDescription":{"text":"Disabling CSRF protection makes the application vulnerable to a Cross-Site Request Forgery (CSRF) attack."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Disabled Spring CSRF protection\nWhen you set up a web server to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it is vulnerable to attack. An attacker can trick a client into making an unintended request to the web server that will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.\n\n\n## Recommendation\nWhen you use Spring, Cross-Site Request Forgery (CSRF) protection is enabled by default. Spring's recommendation is to use CSRF protection for any request that could be processed by a browser client by normal users.\n\n\n## Example\nThe following example shows the Spring Java configuration with CSRF protection disabled. This type of configuration should only be used if you are creating a service that is used only by non-browser clients.\n\n\n```java\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\nimport org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\n\n@EnableWebSecurity\n@Configuration\npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {\n  @Override\n  protected void configure(HttpSecurity http) throws Exception {\n    http\n      .csrf(csrf ->\n        // BAD - CSRF protection shouldn't be disabled\n        csrf.disable() \n      );\n  }\n}\n\n```\n\n## References\n* OWASP: [Cross-Site Request Forgery (CSRF)](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)).\n* Spring Security Reference: [ Cross Site Request Forgery (CSRF) for Servlet Environments ](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-csrf).\n* Common Weakness Enumeration: [CWE-352](https://cwe.mitre.org/data/definitions/352.html).\n","markdown":"# Disabled Spring CSRF protection\nWhen you set up a web server to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it is vulnerable to attack. An attacker can trick a client into making an unintended request to the web server that will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.\n\n\n## Recommendation\nWhen you use Spring, Cross-Site Request Forgery (CSRF) protection is enabled by default. Spring's recommendation is to use CSRF protection for any request that could be processed by a browser client by normal users.\n\n\n## Example\nThe following example shows the Spring Java configuration with CSRF protection disabled. This type of configuration should only be used if you are creating a service that is used only by non-browser clients.\n\n\n```java\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\nimport org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\n\n@EnableWebSecurity\n@Configuration\npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {\n  @Override\n  protected void configure(HttpSecurity http) throws Exception {\n    http\n      .csrf(csrf ->\n        // BAD - CSRF protection shouldn't be disabled\n        csrf.disable() \n      );\n  }\n}\n\n```\n\n## References\n* OWASP: [Cross-Site Request Forgery (CSRF)](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)).\n* Spring Security Reference: [ Cross Site Request Forgery (CSRF) for Servlet Environments ](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-csrf).\n* Common Weakness Enumeration: [CWE-352](https://cwe.mitre.org/data/definitions/352.html).\n"},"properties":{"tags":["security","external/cwe/cwe-352","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Disabling CSRF protection makes the application vulnerable to\n              a Cross-Site Request Forgery (CSRF) attack.","id":"java/spring-disabled-csrf-protection","kind":"problem","name":"Disabled Spring CSRF protection","precision":"high","problem.severity":"error","security-severity":"8.8"}},{"id":"java/weak-cryptographic-algorithm","name":"java/weak-cryptographic-algorithm","shortDescription":{"text":"Use of a broken or risky cryptographic algorithm"},"fullDescription":{"text":"Using broken or weak cryptographic algorithms can allow an attacker to compromise security."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Use of a broken or risky cryptographic algorithm\nUsing broken or weak cryptographic algorithms can leave data vulnerable to being decrypted.\n\nMany cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that an attacker may be able to easily decrypt the encrypted data.\n\n\n## Recommendation\nEnsure that you use a strong, modern cryptographic algorithm. Use at least AES-128 or RSA-2048. Do not use the ECB encryption mode since it is vulnerable to replay and other attacks.\n\n\n## Example\nThe following code shows an example of using a java `Cipher` to encrypt some data. When creating a `Cipher` instance, you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a strong modern algorithm.\n\n\n```java\n// BAD: DES is a weak algorithm \nCipher des = Cipher.getInstance(\"DES\");\ncipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);\n\nbyte[] encrypted = cipher.doFinal(input.getBytes(\"UTF-8\"));\n\n// ...\n\n// GOOD: AES is a strong algorithm\nCipher aes = Cipher.getInstance(\"AES\");\n\n// ...\n\n```\n\n## References\n* NIST, FIPS 140 Annex a: [ Approved Security Functions](http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf).\n* NIST, SP 800-131A: [ Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf).\n* Common Weakness Enumeration: [CWE-327](https://cwe.mitre.org/data/definitions/327.html).\n* Common Weakness Enumeration: [CWE-328](https://cwe.mitre.org/data/definitions/328.html).\n","markdown":"# Use of a broken or risky cryptographic algorithm\nUsing broken or weak cryptographic algorithms can leave data vulnerable to being decrypted.\n\nMany cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that an attacker may be able to easily decrypt the encrypted data.\n\n\n## Recommendation\nEnsure that you use a strong, modern cryptographic algorithm. Use at least AES-128 or RSA-2048. Do not use the ECB encryption mode since it is vulnerable to replay and other attacks.\n\n\n## Example\nThe following code shows an example of using a java `Cipher` to encrypt some data. When creating a `Cipher` instance, you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a strong modern algorithm.\n\n\n```java\n// BAD: DES is a weak algorithm \nCipher des = Cipher.getInstance(\"DES\");\ncipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);\n\nbyte[] encrypted = cipher.doFinal(input.getBytes(\"UTF-8\"));\n\n// ...\n\n// GOOD: AES is a strong algorithm\nCipher aes = Cipher.getInstance(\"AES\");\n\n// ...\n\n```\n\n## References\n* NIST, FIPS 140 Annex a: [ Approved Security Functions](http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf).\n* NIST, SP 800-131A: [ Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf).\n* Common Weakness Enumeration: [CWE-327](https://cwe.mitre.org/data/definitions/327.html).\n* Common Weakness Enumeration: [CWE-328](https://cwe.mitre.org/data/definitions/328.html).\n"},"properties":{"tags":["security","external/cwe/cwe-327","external/cwe/cwe-328","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using broken or weak cryptographic algorithms can allow an attacker to compromise security.","id":"java/weak-cryptographic-algorithm","kind":"path-problem","name":"Use of a broken or risky cryptographic algorithm","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/jndi-injection","name":"java/jndi-injection","shortDescription":{"text":"JNDI lookup with user-controlled name"},"fullDescription":{"text":"Performing a JNDI lookup with a user-controlled name can lead to the download of an untrusted object and to execution of arbitrary code."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# JNDI lookup with user-controlled name\nThe Java Naming and Directory Interface (JNDI) is a Java API for a directory service that allows Java software clients to discover and look up data and resources (in the form of Java objects) via a name. If the name being used to look up the data is controlled by the user, it can point to a malicious server, which can return an arbitrary object. In the worst case, this can allow remote code execution.\n\n\n## Recommendation\nThe general recommendation is to avoid passing untrusted data to the `InitialContext.lookup ` method. If the name being used to look up the object must be provided by the user, make sure that it's not in the form of an absolute URL or that it's the URL pointing to a trused server.\n\n\n## Example\nIn the following examples, the code accepts a name from the user, which it uses to look up an object.\n\nIn the first example, the user provided name is used to look up an object.\n\nThe second example validates the name before using it to look up an object.\n\n\n```java\nimport javax.naming.Context;\nimport javax.naming.InitialContext;\n\npublic void jndiLookup(HttpServletRequest request) throws NamingException {\n  String name = request.getParameter(\"name\");\n\n  Hashtable<String, String> env = new Hashtable<String, String>();\n  env.put(Context.INITIAL_CONTEXT_FACTORY, \"com.sun.jndi.rmi.registry.RegistryContextFactory\");\n  env.put(Context.PROVIDER_URL, \"rmi://trusted-server:1099\");\n  InitialContext ctx = new InitialContext(env);\n\n  // BAD: User input used in lookup\n  ctx.lookup(name);\n\n  // GOOD: The name is validated before being used in lookup\n  if (isValid(name)) {\n    ctx.lookup(name);\n  } else {\n    // Reject the request\n  }\n}\n```\n\n## References\n* Oracle: [Java Naming and Directory Interface (JNDI)](https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/).\n* Black Hat materials: [A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land](https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf).\n* Veracode: [Exploiting JNDI Injections in Java](https://www.veracode.com/blog/research/exploiting-jndi-injections-java).\n* Common Weakness Enumeration: [CWE-74](https://cwe.mitre.org/data/definitions/74.html).\n","markdown":"# JNDI lookup with user-controlled name\nThe Java Naming and Directory Interface (JNDI) is a Java API for a directory service that allows Java software clients to discover and look up data and resources (in the form of Java objects) via a name. If the name being used to look up the data is controlled by the user, it can point to a malicious server, which can return an arbitrary object. In the worst case, this can allow remote code execution.\n\n\n## Recommendation\nThe general recommendation is to avoid passing untrusted data to the `InitialContext.lookup ` method. If the name being used to look up the object must be provided by the user, make sure that it's not in the form of an absolute URL or that it's the URL pointing to a trused server.\n\n\n## Example\nIn the following examples, the code accepts a name from the user, which it uses to look up an object.\n\nIn the first example, the user provided name is used to look up an object.\n\nThe second example validates the name before using it to look up an object.\n\n\n```java\nimport javax.naming.Context;\nimport javax.naming.InitialContext;\n\npublic void jndiLookup(HttpServletRequest request) throws NamingException {\n  String name = request.getParameter(\"name\");\n\n  Hashtable<String, String> env = new Hashtable<String, String>();\n  env.put(Context.INITIAL_CONTEXT_FACTORY, \"com.sun.jndi.rmi.registry.RegistryContextFactory\");\n  env.put(Context.PROVIDER_URL, \"rmi://trusted-server:1099\");\n  InitialContext ctx = new InitialContext(env);\n\n  // BAD: User input used in lookup\n  ctx.lookup(name);\n\n  // GOOD: The name is validated before being used in lookup\n  if (isValid(name)) {\n    ctx.lookup(name);\n  } else {\n    // Reject the request\n  }\n}\n```\n\n## References\n* Oracle: [Java Naming and Directory Interface (JNDI)](https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/).\n* Black Hat materials: [A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land](https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf).\n* Veracode: [Exploiting JNDI Injections in Java](https://www.veracode.com/blog/research/exploiting-jndi-injections-java).\n* Common Weakness Enumeration: [CWE-74](https://cwe.mitre.org/data/definitions/74.html).\n"},"properties":{"tags":["security","external/cwe/cwe-074"],"description":"Performing a JNDI lookup with a user-controlled name can lead to the download of an untrusted\n              object and to execution of arbitrary code.","id":"java/jndi-injection","kind":"path-problem","name":"JNDI lookup with user-controlled name","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/xslt-injection","name":"java/xslt-injection","shortDescription":{"text":"XSLT transformation with user-controlled stylesheet"},"fullDescription":{"text":"Performing an XSLT transformation with user-controlled stylesheets can lead to information disclosure or execution of arbitrary code."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# XSLT transformation with user-controlled stylesheet\nXSLT (Extensible Stylesheet Language Transformations) is a language for transforming XML documents into other XML documents or other formats. Processing unvalidated XSLT stylesheets can allow attackers to read arbitrary files from the filesystem or to execute arbitrary code.\n\n\n## Recommendation\nThe general recommendation is to not process untrusted XSLT stylesheets. If user-provided stylesheets must be processed, enable the secure processing mode.\n\n\n## Example\nIn the following examples, the code accepts an XSLT stylesheet from the user and processes it.\n\nIn the first example, the user-provided XSLT stylesheet is parsed and processed.\n\nIn the second example, secure processing mode is enabled.\n\n\n```java\nimport javax.xml.XMLConstants;\nimport javax.xml.transform.TransformerFactory;\nimport javax.xml.transform.stream.StreamResult;\nimport javax.xml.transform.stream.StreamSource;\n\npublic void transform(Socket socket, String inputXml) throws Exception {\n  StreamSource xslt = new StreamSource(socket.getInputStream());\n  StreamSource xml = new StreamSource(new StringReader(inputXml));\n  StringWriter result = new StringWriter();\n  TransformerFactory factory = TransformerFactory.newInstance();\n\n  // BAD: User provided XSLT stylesheet is processed\n  factory.newTransformer(xslt).transform(xml, new StreamResult(result));\n\n  // GOOD: The secure processing mode is enabled\n  factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);\n  factory.newTransformer(xslt).transform(xml, new StreamResult(result));\n}  \n```\n\n## References\n* Wikipedia: [XSLT](https://en.wikipedia.org/wiki/XSLT).\n* The Java Tutorials: [Transforming XML Data with XSLT](https://docs.oracle.com/javase/tutorial/jaxp/xslt/transformingXML.html).\n* [XSLT Injection Basics](https://blog.hunniccyber.com/ektron-cms-remote-code-execution-xslt-transform-injection-java/).\n* Common Weakness Enumeration: [CWE-74](https://cwe.mitre.org/data/definitions/74.html).\n","markdown":"# XSLT transformation with user-controlled stylesheet\nXSLT (Extensible Stylesheet Language Transformations) is a language for transforming XML documents into other XML documents or other formats. Processing unvalidated XSLT stylesheets can allow attackers to read arbitrary files from the filesystem or to execute arbitrary code.\n\n\n## Recommendation\nThe general recommendation is to not process untrusted XSLT stylesheets. If user-provided stylesheets must be processed, enable the secure processing mode.\n\n\n## Example\nIn the following examples, the code accepts an XSLT stylesheet from the user and processes it.\n\nIn the first example, the user-provided XSLT stylesheet is parsed and processed.\n\nIn the second example, secure processing mode is enabled.\n\n\n```java\nimport javax.xml.XMLConstants;\nimport javax.xml.transform.TransformerFactory;\nimport javax.xml.transform.stream.StreamResult;\nimport javax.xml.transform.stream.StreamSource;\n\npublic void transform(Socket socket, String inputXml) throws Exception {\n  StreamSource xslt = new StreamSource(socket.getInputStream());\n  StreamSource xml = new StreamSource(new StringReader(inputXml));\n  StringWriter result = new StringWriter();\n  TransformerFactory factory = TransformerFactory.newInstance();\n\n  // BAD: User provided XSLT stylesheet is processed\n  factory.newTransformer(xslt).transform(xml, new StreamResult(result));\n\n  // GOOD: The secure processing mode is enabled\n  factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);\n  factory.newTransformer(xslt).transform(xml, new StreamResult(result));\n}  \n```\n\n## References\n* Wikipedia: [XSLT](https://en.wikipedia.org/wiki/XSLT).\n* The Java Tutorials: [Transforming XML Data with XSLT](https://docs.oracle.com/javase/tutorial/jaxp/xslt/transformingXML.html).\n* [XSLT Injection Basics](https://blog.hunniccyber.com/ektron-cms-remote-code-execution-xslt-transform-injection-java/).\n* Common Weakness Enumeration: [CWE-74](https://cwe.mitre.org/data/definitions/74.html).\n"},"properties":{"tags":["security","external/cwe/cwe-074"],"description":"Performing an XSLT transformation with user-controlled stylesheets can lead to\n              information disclosure or execution of arbitrary code.","id":"java/xslt-injection","kind":"path-problem","name":"XSLT transformation with user-controlled stylesheet","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/unreleased-lock","name":"java/unreleased-lock","shortDescription":{"text":"Unreleased lock"},"fullDescription":{"text":"A lock that is acquired one or more times without a matching number of unlocks may cause a deadlock."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Unreleased lock\nWhen a thread acquires a lock it must make sure to unlock it again; failing to do so can lead to deadlocks. If a lock allows a thread to acquire it multiple times, for example `java.util.concurrent.locks.ReentrantLock`, then the number of locks must match the number of unlocks in order to fully release the lock.\n\n\n## Recommendation\nIt is recommended practice always to immediately follow a call to `lock` with a `try` block and place the call to `unlock` inside the `finally` block. Beware of calls inside the `finally` block that could cause exceptions, as this may result in skipping the call to `unlock`.\n\n\n## Example\nThe typical pattern for using locks safely looks like this:\n\n\n```java\npublic void m() {\n   lock.lock();\n   // A\n   try {\n      // ... method body\n   } finally {\n      // B\n      lock.unlock();\n   }\n}\n```\nIf any code that can cause a premature method exit (for example by throwing an exception) is inserted at either point `A` or `B` then the method might not unlock, so this should be avoided.\n\n\n## References\n* Java API Specification: [java.util.concurrent.locks.Lock](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/locks/Lock.html), [java.util.concurrent.locks.ReentrantLock](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/locks/ReentrantLock.html).\n* Common Weakness Enumeration: [CWE-764](https://cwe.mitre.org/data/definitions/764.html).\n* Common Weakness Enumeration: [CWE-833](https://cwe.mitre.org/data/definitions/833.html).\n","markdown":"# Unreleased lock\nWhen a thread acquires a lock it must make sure to unlock it again; failing to do so can lead to deadlocks. If a lock allows a thread to acquire it multiple times, for example `java.util.concurrent.locks.ReentrantLock`, then the number of locks must match the number of unlocks in order to fully release the lock.\n\n\n## Recommendation\nIt is recommended practice always to immediately follow a call to `lock` with a `try` block and place the call to `unlock` inside the `finally` block. Beware of calls inside the `finally` block that could cause exceptions, as this may result in skipping the call to `unlock`.\n\n\n## Example\nThe typical pattern for using locks safely looks like this:\n\n\n```java\npublic void m() {\n   lock.lock();\n   // A\n   try {\n      // ... method body\n   } finally {\n      // B\n      lock.unlock();\n   }\n}\n```\nIf any code that can cause a premature method exit (for example by throwing an exception) is inserted at either point `A` or `B` then the method might not unlock, so this should be avoided.\n\n\n## References\n* Java API Specification: [java.util.concurrent.locks.Lock](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/locks/Lock.html), [java.util.concurrent.locks.ReentrantLock](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/locks/ReentrantLock.html).\n* Common Weakness Enumeration: [CWE-764](https://cwe.mitre.org/data/definitions/764.html).\n* Common Weakness Enumeration: [CWE-833](https://cwe.mitre.org/data/definitions/833.html).\n"},"properties":{"tags":["reliability","security","external/cwe/cwe-764","external/cwe/cwe-833"],"description":"A lock that is acquired one or more times without a matching number of unlocks\n              may cause a deadlock.","id":"java/unreleased-lock","kind":"problem","name":"Unreleased lock","precision":"medium","problem.severity":"error","security-severity":"5.0"}},{"id":"java/unsafe-cert-trust","name":"java/unsafe-cert-trust","shortDescription":{"text":"Unsafe certificate trust"},"fullDescription":{"text":"SSLSocket/SSLEngine ignores all SSL certificate validation errors when establishing an HTTPS connection, thereby making the app vulnerable to man-in-the-middle attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Unsafe certificate trust\nJava offers two mechanisms for SSL authentication - trust manager and hostname verifier (the later is checked by the `java/insecure-hostname-verifier` query). The trust manager validates the peer's certificate chain while hostname verification establishes that the hostname in the URL matches the hostname in the server's identification.\n\nWhen `SSLSocket` or `SSLEngine` are created without a secure `setEndpointIdentificationAlgorithm`, hostname verification is disabled by default.\n\nThis query checks whether `setEndpointIdentificationAlgorithm` is missing, thereby making the application vulnerable to man-in-the-middle attacks. The query also covers insecure configurations of `com.rabbitmq.client.ConnectionFactory`.\n\n\n## Recommendation\nValidate SSL certificates in SSL authentication.\n\n\n## Example\nThe following two examples show two ways of configuring SSLSocket/SSLEngine. In the 'BAD' case, `setEndpointIdentificationAlgorithm` is not called, thus no hostname verification takes place. In the 'GOOD' case, `setEndpointIdentificationAlgorithm` is called.\n\n\n```java\npublic static void main(String[] args) {\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tSSLEngine sslEngine = sslContext.createSSLEngine();\n\t\tSSLParameters sslParameters = sslEngine.getSSLParameters();\n\t\tsslParameters.setEndpointIdentificationAlgorithm(\"HTTPS\"); //GOOD: Set a valid endpointIdentificationAlgorithm for SSL engine to trigger hostname verification\n\t\tsslEngine.setSSLParameters(sslParameters);\n\t}\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tSSLEngine sslEngine = sslContext.createSSLEngine();  //BAD: No endpointIdentificationAlgorithm set\n\t}\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tfinal SSLSocketFactory socketFactory = sslContext.getSocketFactory();\n\t\tSSLSocket socket = (SSLSocket) socketFactory.createSocket(\"www.example.com\", 443); \n\t\tSSLParameters sslParameters = sslEngine.getSSLParameters();\n\t\tsslParameters.setEndpointIdentificationAlgorithm(\"HTTPS\"); //GOOD: Set a valid endpointIdentificationAlgorithm for SSL socket to trigger hostname verification\n\t\tsocket.setSSLParameters(sslParameters);\n\t}\n\n\t{\n\t\tcom.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();\n\t\tconnectionFactory.useSslProtocol();\n\t\tconnectionFactory.enableHostnameVerification();  //GOOD: Enable hostname verification for rabbitmq ConnectionFactory\n\t}\n\n\t{\n\t\tcom.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();\n\t\tconnectionFactory.useSslProtocol(); //BAD: Hostname verification for rabbitmq ConnectionFactory is not enabled\n\t}\n}\n```\n\n## References\n* [Testing Endpoint Identify Verification (MSTG-NETWORK-3)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md).\n* [SSLParameters.setEndpointIdentificationAlgorithm documentation](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm(java.lang.String)).\n* RabbitMQ: [ConnectionFactory.enableHostnameVerification documentation](https://rabbitmq.github.io/rabbitmq-java-client/api/current/com/rabbitmq/client/ConnectionFactory.html#enableHostnameVerification()).\n* RabbitMQ: [Using TLS in the Java Client](https://www.rabbitmq.com/ssl.html#java-client).\n* [CVE-2018-17187: Apache Qpid Proton-J transport issue with hostname verification](https://github.com/advisories/GHSA-xvch-r4wf-h8w9).\n* [CVE-2018-8034: Apache Tomcat - host name verification when using TLS with the WebSocket client](https://github.com/advisories/GHSA-46j3-r4pj-4835).\n* [CVE-2018-11087: Pivotal Spring AMQP vulnerability due to lack of hostname validation](https://github.com/advisories/GHSA-w4g2-9hj6-5472).\n* [CVE-2018-11775: TLS hostname verification issue when using the Apache ActiveMQ Client](https://github.com/advisories/GHSA-m9w8-v359-9ffr).\n* Common Weakness Enumeration: [CWE-273](https://cwe.mitre.org/data/definitions/273.html).\n","markdown":"# Unsafe certificate trust\nJava offers two mechanisms for SSL authentication - trust manager and hostname verifier (the later is checked by the `java/insecure-hostname-verifier` query). The trust manager validates the peer's certificate chain while hostname verification establishes that the hostname in the URL matches the hostname in the server's identification.\n\nWhen `SSLSocket` or `SSLEngine` are created without a secure `setEndpointIdentificationAlgorithm`, hostname verification is disabled by default.\n\nThis query checks whether `setEndpointIdentificationAlgorithm` is missing, thereby making the application vulnerable to man-in-the-middle attacks. The query also covers insecure configurations of `com.rabbitmq.client.ConnectionFactory`.\n\n\n## Recommendation\nValidate SSL certificates in SSL authentication.\n\n\n## Example\nThe following two examples show two ways of configuring SSLSocket/SSLEngine. In the 'BAD' case, `setEndpointIdentificationAlgorithm` is not called, thus no hostname verification takes place. In the 'GOOD' case, `setEndpointIdentificationAlgorithm` is called.\n\n\n```java\npublic static void main(String[] args) {\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tSSLEngine sslEngine = sslContext.createSSLEngine();\n\t\tSSLParameters sslParameters = sslEngine.getSSLParameters();\n\t\tsslParameters.setEndpointIdentificationAlgorithm(\"HTTPS\"); //GOOD: Set a valid endpointIdentificationAlgorithm for SSL engine to trigger hostname verification\n\t\tsslEngine.setSSLParameters(sslParameters);\n\t}\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tSSLEngine sslEngine = sslContext.createSSLEngine();  //BAD: No endpointIdentificationAlgorithm set\n\t}\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tfinal SSLSocketFactory socketFactory = sslContext.getSocketFactory();\n\t\tSSLSocket socket = (SSLSocket) socketFactory.createSocket(\"www.example.com\", 443); \n\t\tSSLParameters sslParameters = sslEngine.getSSLParameters();\n\t\tsslParameters.setEndpointIdentificationAlgorithm(\"HTTPS\"); //GOOD: Set a valid endpointIdentificationAlgorithm for SSL socket to trigger hostname verification\n\t\tsocket.setSSLParameters(sslParameters);\n\t}\n\n\t{\n\t\tcom.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();\n\t\tconnectionFactory.useSslProtocol();\n\t\tconnectionFactory.enableHostnameVerification();  //GOOD: Enable hostname verification for rabbitmq ConnectionFactory\n\t}\n\n\t{\n\t\tcom.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();\n\t\tconnectionFactory.useSslProtocol(); //BAD: Hostname verification for rabbitmq ConnectionFactory is not enabled\n\t}\n}\n```\n\n## References\n* [Testing Endpoint Identify Verification (MSTG-NETWORK-3)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md).\n* [SSLParameters.setEndpointIdentificationAlgorithm documentation](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm(java.lang.String)).\n* RabbitMQ: [ConnectionFactory.enableHostnameVerification documentation](https://rabbitmq.github.io/rabbitmq-java-client/api/current/com/rabbitmq/client/ConnectionFactory.html#enableHostnameVerification()).\n* RabbitMQ: [Using TLS in the Java Client](https://www.rabbitmq.com/ssl.html#java-client).\n* [CVE-2018-17187: Apache Qpid Proton-J transport issue with hostname verification](https://github.com/advisories/GHSA-xvch-r4wf-h8w9).\n* [CVE-2018-8034: Apache Tomcat - host name verification when using TLS with the WebSocket client](https://github.com/advisories/GHSA-46j3-r4pj-4835).\n* [CVE-2018-11087: Pivotal Spring AMQP vulnerability due to lack of hostname validation](https://github.com/advisories/GHSA-w4g2-9hj6-5472).\n* [CVE-2018-11775: TLS hostname verification issue when using the Apache ActiveMQ Client](https://github.com/advisories/GHSA-m9w8-v359-9ffr).\n* Common Weakness Enumeration: [CWE-273](https://cwe.mitre.org/data/definitions/273.html).\n"},"properties":{"tags":["security","external/cwe/cwe-273"],"description":"SSLSocket/SSLEngine ignores all SSL certificate validation\n              errors when establishing an HTTPS connection, thereby making\n              the app vulnerable to man-in-the-middle attacks.","id":"java/unsafe-cert-trust","kind":"problem","name":"Unsafe certificate trust","precision":"medium","problem.severity":"warning","security-severity":"9.8"}},{"id":"java/user-controlled-bypass","name":"java/user-controlled-bypass","shortDescription":{"text":"User-controlled bypass of sensitive method"},"fullDescription":{"text":"User-controlled bypassing of sensitive methods may allow attackers to avoid passing through authentication systems."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# User-controlled bypass of sensitive method\nMany Java constructs enable code statements to be executed conditionally, for example `if` statements and `for` statements. If these statements contain important authentication or login code, and the decision about whether to execute this code is based on user-controlled data, it may be possible for an attacker to bypass security systems by preventing this code from executing.\n\n\n## Recommendation\nNever decide whether to authenticate a user based on data that may be controlled by that user. If necessary, ensure that the data is validated extensively when it is input before any authentication checks are performed.\n\nIt is still possible to have a system that \"remembers\" users, thus not requiring the user to login on every interaction. For example, personalization settings can be applied without authentication because this is not sensitive information. However, users should be allowed to take sensitive actions only when they have been fully authenticated.\n\n\n## Example\nThis example shows two ways of deciding whether to authenticate a user. The first way shows a decision that is based on the value of a cookie. Cookies can be easily controlled by the user, and so this allows a user to become authenticated without providing valid credentials. The second, more secure way shows a decision that is based on looking up the user in a security database.\n\n\n```java\npublic boolean doLogin(String user, String password) {\n\tCookie adminCookie = getCookies()[0];\n\n\t// BAD: login is executed only if the value of 'adminCookie' is 'false', \n\t// but 'adminCookie' is controlled by the user\n\tif(adminCookie.getValue()==\"false\")\n\t\treturn login(user, password);\n\t\n\treturn true;\n}\n\npublic boolean doLogin(String user, String password) {\n\tCookie adminCookie = getCookies()[0];\n\t\n\t// GOOD: use server-side information based on the credentials to decide\n\t// whether user has privileges\n\tboolean isAdmin = queryDbForAdminStatus(user, password);\n\tif(!isAdmin)\n\t\treturn login(user, password);\n\t\n\treturn true;\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SEC02-J. Do not base security checks on untrusted sources](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources).\n* Common Weakness Enumeration: [CWE-807](https://cwe.mitre.org/data/definitions/807.html).\n* Common Weakness Enumeration: [CWE-290](https://cwe.mitre.org/data/definitions/290.html).\n","markdown":"# User-controlled bypass of sensitive method\nMany Java constructs enable code statements to be executed conditionally, for example `if` statements and `for` statements. If these statements contain important authentication or login code, and the decision about whether to execute this code is based on user-controlled data, it may be possible for an attacker to bypass security systems by preventing this code from executing.\n\n\n## Recommendation\nNever decide whether to authenticate a user based on data that may be controlled by that user. If necessary, ensure that the data is validated extensively when it is input before any authentication checks are performed.\n\nIt is still possible to have a system that \"remembers\" users, thus not requiring the user to login on every interaction. For example, personalization settings can be applied without authentication because this is not sensitive information. However, users should be allowed to take sensitive actions only when they have been fully authenticated.\n\n\n## Example\nThis example shows two ways of deciding whether to authenticate a user. The first way shows a decision that is based on the value of a cookie. Cookies can be easily controlled by the user, and so this allows a user to become authenticated without providing valid credentials. The second, more secure way shows a decision that is based on looking up the user in a security database.\n\n\n```java\npublic boolean doLogin(String user, String password) {\n\tCookie adminCookie = getCookies()[0];\n\n\t// BAD: login is executed only if the value of 'adminCookie' is 'false', \n\t// but 'adminCookie' is controlled by the user\n\tif(adminCookie.getValue()==\"false\")\n\t\treturn login(user, password);\n\t\n\treturn true;\n}\n\npublic boolean doLogin(String user, String password) {\n\tCookie adminCookie = getCookies()[0];\n\t\n\t// GOOD: use server-side information based on the credentials to decide\n\t// whether user has privileges\n\tboolean isAdmin = queryDbForAdminStatus(user, password);\n\tif(!isAdmin)\n\t\treturn login(user, password);\n\t\n\treturn true;\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SEC02-J. Do not base security checks on untrusted sources](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources).\n* Common Weakness Enumeration: [CWE-807](https://cwe.mitre.org/data/definitions/807.html).\n* Common Weakness Enumeration: [CWE-290](https://cwe.mitre.org/data/definitions/290.html).\n"},"properties":{"tags":["security","external/cwe/cwe-807","external/cwe/cwe-290","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"User-controlled bypassing of sensitive methods may allow attackers to avoid\n              passing through authentication systems.","id":"java/user-controlled-bypass","kind":"path-problem","name":"User-controlled bypass of sensitive method","precision":"medium","problem.severity":"error","security-severity":"7.8"}},{"id":"java/cleartext-storage-in-properties","name":"java/cleartext-storage-in-properties","shortDescription":{"text":"Cleartext storage of sensitive information using 'Properties' class"},"fullDescription":{"text":"Storing sensitive information in cleartext can expose it to an attacker."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Cleartext storage of sensitive information using 'Properties' class\nSensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.\n\n\n## Recommendation\nEnsure that sensitive information is always encrypted before being stored. It may be wise to encrypt information before it is put into a heap data structure (such as `Java.util.Properties`) that may be written to disk later. Objects that are serializable or marshallable should also always contain encrypted information unless you are certain that they are not ever going to be serialized.\n\nIn general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.\n\n\n## Example\nThe following example shows two ways of storing user credentials in a cookie. In the 'BAD' case, the credentials are simply stored in cleartext. In the 'GOOD' case, the credentials are hashed before storing them.\n\n\n```java\npublic static void main(String[] args) {\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"BP@ssw0rd\".toCharArray());\n\t\tdata = credentials.getUserName() + \":\" + new String(credentials.getPassword());\n\t\n\t\t// BAD: store data in a cookie in cleartext form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n\t\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"GP@ssw0rd\".toCharArray());\n\t\tString salt = \"ThisIsMySalt\";\n\t\tMessageDigest messageDigest = MessageDigest.getInstance(\"SHA-512\");\n\t\tmessageDigest.reset();\n\t\tString credentialsToHash =\n\t\t\t\tcredentials.getUserName() + \":\" + credentials.getPassword();\n\t\tbyte[] hashedCredsAsBytes =\n\t\t\t\tmessageDigest.digest((salt+credentialsToHash).getBytes(\"UTF-8\"));\n\t\tdata = bytesToString(hashedCredsAsBytes);\n\t\t\n\t\t// GOOD: store data in a cookie in encrypted form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n}\n\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* M. Dowd, J. McDonald and J. Schuhm, *The Art of Software Security Assessment*, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.\n* M. Howard and D. LeBlanc, *Writing Secure Code*, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.\n* Common Weakness Enumeration: [CWE-313](https://cwe.mitre.org/data/definitions/313.html).\n","markdown":"# Cleartext storage of sensitive information using 'Properties' class\nSensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.\n\n\n## Recommendation\nEnsure that sensitive information is always encrypted before being stored. It may be wise to encrypt information before it is put into a heap data structure (such as `Java.util.Properties`) that may be written to disk later. Objects that are serializable or marshallable should also always contain encrypted information unless you are certain that they are not ever going to be serialized.\n\nIn general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.\n\n\n## Example\nThe following example shows two ways of storing user credentials in a cookie. In the 'BAD' case, the credentials are simply stored in cleartext. In the 'GOOD' case, the credentials are hashed before storing them.\n\n\n```java\npublic static void main(String[] args) {\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"BP@ssw0rd\".toCharArray());\n\t\tdata = credentials.getUserName() + \":\" + new String(credentials.getPassword());\n\t\n\t\t// BAD: store data in a cookie in cleartext form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n\t\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"GP@ssw0rd\".toCharArray());\n\t\tString salt = \"ThisIsMySalt\";\n\t\tMessageDigest messageDigest = MessageDigest.getInstance(\"SHA-512\");\n\t\tmessageDigest.reset();\n\t\tString credentialsToHash =\n\t\t\t\tcredentials.getUserName() + \":\" + credentials.getPassword();\n\t\tbyte[] hashedCredsAsBytes =\n\t\t\t\tmessageDigest.digest((salt+credentialsToHash).getBytes(\"UTF-8\"));\n\t\tdata = bytesToString(hashedCredsAsBytes);\n\t\t\n\t\t// GOOD: store data in a cookie in encrypted form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n}\n\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* M. Dowd, J. McDonald and J. Schuhm, *The Art of Software Security Assessment*, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.\n* M. Howard and D. LeBlanc, *Writing Secure Code*, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.\n* Common Weakness Enumeration: [CWE-313](https://cwe.mitre.org/data/definitions/313.html).\n"},"properties":{"tags":["security","external/cwe/cwe-313","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Storing sensitive information in cleartext can expose it to an attacker.","id":"java/cleartext-storage-in-properties","kind":"problem","name":"Cleartext storage of sensitive information using 'Properties' class","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/android/cleartext-storage-filesystem","name":"java/android/cleartext-storage-filesystem","shortDescription":{"text":"Cleartext storage of sensitive information in the Android filesystem"},"fullDescription":{"text":"Cleartext storage of sensitive information in the Android filesystem allows access for users with root privileges or unexpected exposure from chained vulnerabilities."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Cleartext storage of sensitive information in the Android filesystem\nAndroid applications with the appropriate permissions can write files either to the device external storage or the application internal storage, depending on the application's needs. However, sensitive information should not be saved in cleartext. Otherwise it can be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nConsider using the `EncryptedFile` class to work with files containing sensitive data. Alternatively, use encryption algorithms to encrypt the sensitive data being stored.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext using a local file.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the filesystem.\n\n\n```java\npublic void fileSystemStorageUnsafe(String name, String password) {\n\t// BAD - sensitive data stored in cleartext\n    FileWriter fw = new FileWriter(\"some_file.txt\");\n    fw.write(name + \":\" + password);\n    fw.close();\n}\n\npublic void filesystemStorageEncryptedFileSafe(Context context, String name, String password) {\n\t// GOOD - the whole file is encrypted with androidx.security.crypto.EncryptedFile\n    File file = new File(\"some_file.txt\");\n    String masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);\n    EncryptedFile encryptedFile = new EncryptedFile.Builder(\n        file,\n        context,\n        masterKeyAlias,\n        EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB\n    ).build();\n\tFileOutputStream encryptedOutputStream = encryptedFile.openFileOutput();\n\tencryptedOutputStream.write(name + \":\" + password);\n}\n\npublic void fileSystemStorageSafe(String name, String password) {\n\t// GOOD - sensitive data is encrypted using a custom method\n    FileWriter fw = new FileWriter(\"some_file.txt\");\n    fw.write(name + \":\" + encrypt(password));\n    fw.close();\n}\n\nprivate static String encrypt(String cleartext) {\n    // Use an encryption or strong hashing algorithm in the real world.\n    // The example below just returns a SHA-256 hash.\n    MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n    byte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n    String encoded = Base64.getEncoder().encodeToString(hash);\n    return encoded;\n}\n\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* Android Developers: [EncryptedFile](https://developer.android.com/reference/androidx/security/crypto/EncryptedFile)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n","markdown":"# Cleartext storage of sensitive information in the Android filesystem\nAndroid applications with the appropriate permissions can write files either to the device external storage or the application internal storage, depending on the application's needs. However, sensitive information should not be saved in cleartext. Otherwise it can be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nConsider using the `EncryptedFile` class to work with files containing sensitive data. Alternatively, use encryption algorithms to encrypt the sensitive data being stored.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext using a local file.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the filesystem.\n\n\n```java\npublic void fileSystemStorageUnsafe(String name, String password) {\n\t// BAD - sensitive data stored in cleartext\n    FileWriter fw = new FileWriter(\"some_file.txt\");\n    fw.write(name + \":\" + password);\n    fw.close();\n}\n\npublic void filesystemStorageEncryptedFileSafe(Context context, String name, String password) {\n\t// GOOD - the whole file is encrypted with androidx.security.crypto.EncryptedFile\n    File file = new File(\"some_file.txt\");\n    String masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);\n    EncryptedFile encryptedFile = new EncryptedFile.Builder(\n        file,\n        context,\n        masterKeyAlias,\n        EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB\n    ).build();\n\tFileOutputStream encryptedOutputStream = encryptedFile.openFileOutput();\n\tencryptedOutputStream.write(name + \":\" + password);\n}\n\npublic void fileSystemStorageSafe(String name, String password) {\n\t// GOOD - sensitive data is encrypted using a custom method\n    FileWriter fw = new FileWriter(\"some_file.txt\");\n    fw.write(name + \":\" + encrypt(password));\n    fw.close();\n}\n\nprivate static String encrypt(String cleartext) {\n    // Use an encryption or strong hashing algorithm in the real world.\n    // The example below just returns a SHA-256 hash.\n    MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n    byte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n    String encoded = Base64.getEncoder().encodeToString(hash);\n    return encoded;\n}\n\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* Android Developers: [EncryptedFile](https://developer.android.com/reference/androidx/security/crypto/EncryptedFile)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n"},"properties":{"tags":["security","external/cwe/cwe-312","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Cleartext storage of sensitive information in the Android filesystem\n              allows access for users with root privileges or unexpected exposure\n              from chained vulnerabilities.","id":"java/android/cleartext-storage-filesystem","kind":"problem","name":"Cleartext storage of sensitive information in the Android filesystem","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/android/cleartext-storage-shared-prefs","name":"java/android/cleartext-storage-shared-prefs","shortDescription":{"text":"Cleartext storage of sensitive information using `SharedPreferences` on Android"},"fullDescription":{"text":"Cleartext Storage of Sensitive Information using SharedPreferences on Android allows access for users with root privileges or unexpected exposure from chained vulnerabilities."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Cleartext storage of sensitive information using `SharedPreferences` on Android\n`SharedPreferences` is an Android API that stores application preferences using simple sets of data values. It allows you to easily save, alter, and retrieve the values stored in a user's profile. However, sensitive information should not be saved in cleartext. Otherwise it can be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nUse the `EncryptedSharedPreferences` API or other encryption algorithms for storing sensitive information.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the device.\n\n\n```java\npublic void testSetSharedPrefs(Context context, String name, String password)\n{\n\t{\n\t\t// BAD - sensitive information saved in cleartext.\n\t\tSharedPreferences sharedPrefs = context.getSharedPreferences(\"user_prefs\", Context.MODE_PRIVATE);\n\t\tEditor editor = sharedPrefs.edit();\n\t\teditor.putString(\"name\", name);\n\t\teditor.putString(\"password\", password);\n\t\teditor.commit();\n\t}\n\n\t{\n\t\t// GOOD - save sensitive information encrypted with a custom method.\n\t\tSharedPreferences sharedPrefs = context.getSharedPreferences(\"user_prefs\", Context.MODE_PRIVATE);\n\t\tEditor editor = sharedPrefs.edit();\n\t\teditor.putString(\"name\", encrypt(name));\n\t\teditor.putString(\"password\", encrypt(password));\n\t\teditor.commit();\n\t}\n\n\t{\n\t\t// GOOD - sensitive information saved using the built-in `EncryptedSharedPreferences` class in androidx.\n\t\tMasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)\n\t\t\t.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)\n\t\t\t.build();\n\n\t\tSharedPreferences sharedPreferences = EncryptedSharedPreferences.create(\n\t\t\tcontext,\n\t\t\t\"secret_shared_prefs\",\n\t\t\tmasterKey,\n\t\t\tEncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,\n\t\t\tEncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);\n\n\t\tSharedPreferences.Editor editor = sharedPreferences.edit();\n\t\teditor.putString(\"name\", name);\n\t\teditor.putString(\"password\", password);\n\t\teditor.commit();\n\t}\n}\n\nprivate static String encrypt(String cleartext) throws Exception {\n\t// Use an encryption or hashing algorithm in real world. The demo below just returns its\n\t// hash.\n\tMessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n\tbyte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n\tString encoded = Base64.getEncoder().encodeToString(hash);\n\treturn encoded;\n}\n\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* ProAndroidDev: [Encrypted Preferences in Android](https://proandroiddev.com/encrypted-preferences-in-android-af57a89af7c8)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n","markdown":"# Cleartext storage of sensitive information using `SharedPreferences` on Android\n`SharedPreferences` is an Android API that stores application preferences using simple sets of data values. It allows you to easily save, alter, and retrieve the values stored in a user's profile. However, sensitive information should not be saved in cleartext. Otherwise it can be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nUse the `EncryptedSharedPreferences` API or other encryption algorithms for storing sensitive information.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the device.\n\n\n```java\npublic void testSetSharedPrefs(Context context, String name, String password)\n{\n\t{\n\t\t// BAD - sensitive information saved in cleartext.\n\t\tSharedPreferences sharedPrefs = context.getSharedPreferences(\"user_prefs\", Context.MODE_PRIVATE);\n\t\tEditor editor = sharedPrefs.edit();\n\t\teditor.putString(\"name\", name);\n\t\teditor.putString(\"password\", password);\n\t\teditor.commit();\n\t}\n\n\t{\n\t\t// GOOD - save sensitive information encrypted with a custom method.\n\t\tSharedPreferences sharedPrefs = context.getSharedPreferences(\"user_prefs\", Context.MODE_PRIVATE);\n\t\tEditor editor = sharedPrefs.edit();\n\t\teditor.putString(\"name\", encrypt(name));\n\t\teditor.putString(\"password\", encrypt(password));\n\t\teditor.commit();\n\t}\n\n\t{\n\t\t// GOOD - sensitive information saved using the built-in `EncryptedSharedPreferences` class in androidx.\n\t\tMasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)\n\t\t\t.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)\n\t\t\t.build();\n\n\t\tSharedPreferences sharedPreferences = EncryptedSharedPreferences.create(\n\t\t\tcontext,\n\t\t\t\"secret_shared_prefs\",\n\t\t\tmasterKey,\n\t\t\tEncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,\n\t\t\tEncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);\n\n\t\tSharedPreferences.Editor editor = sharedPreferences.edit();\n\t\teditor.putString(\"name\", name);\n\t\teditor.putString(\"password\", password);\n\t\teditor.commit();\n\t}\n}\n\nprivate static String encrypt(String cleartext) throws Exception {\n\t// Use an encryption or hashing algorithm in real world. The demo below just returns its\n\t// hash.\n\tMessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n\tbyte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n\tString encoded = Base64.getEncoder().encodeToString(hash);\n\treturn encoded;\n}\n\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* ProAndroidDev: [Encrypted Preferences in Android](https://proandroiddev.com/encrypted-preferences-in-android-af57a89af7c8)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n"},"properties":{"tags":["security","external/cwe/cwe-312","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Cleartext Storage of Sensitive Information using\n              SharedPreferences on Android allows access for users with root\n              privileges or unexpected exposure from chained vulnerabilities.","id":"java/android/cleartext-storage-shared-prefs","kind":"problem","name":"Cleartext storage of sensitive information using `SharedPreferences` on Android","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/android/cleartext-storage-database","name":"java/android/cleartext-storage-database","shortDescription":{"text":"Cleartext storage of sensitive information using a local database on Android"},"fullDescription":{"text":"Cleartext Storage of Sensitive Information using a local database on Android allows access for users with root privileges or unexpected exposure from chained vulnerabilities."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Cleartext storage of sensitive information using a local database on Android\nSQLite is a lightweight database engine commonly used in Android devices to store data. By itself, SQLite does not offer any encryption mechanism by default and stores all data in cleartext, which introduces a risk if sensitive data like credentials, authentication tokens or personal identifiable information (PII) are directly stored in a SQLite database. The information could be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nUse `SQLCipher` or similar libraries to add encryption capabilities to SQLite. Alternatively, encrypt sensitive data using cryptographically secure algorithms before storing it in the database.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the database.\n\n\n```java\npublic void sqliteStorageUnsafe(Context ctx, String name, String password) {\n\t// BAD - sensitive information saved in cleartext.\n\tSQLiteDatabase db = ctx.openOrCreateDatabase(\"test\", Context.MODE_PRIVATE, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, password});\n}\n\npublic void sqliteStorageSafe(Context ctx, String name, String password) {\n\t// GOOD - sensitive information encrypted with a custom method.\n\tSQLiteDatabase db = ctx.openOrCreateDatabase(\"test\", Context.MODE_PRIVATE, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, encrypt(password)});\n}\n\npublic void sqlCipherStorageSafe(String name, String password, String databasePassword) {\n\t// GOOD - sensitive information saved using SQLCipher.\n\tnet.sqlcipher.database.SQLiteDatabase db = \n\t\tnet.sqlcipher.database.SQLiteDatabase.openOrCreateDatabase(\"test\", databasePassword, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, password});\n}\n\nprivate static String encrypt(String cleartext) {\n    // Use an encryption or strong hashing algorithm in the real world.\n    // The example below just returns a SHA-256 hash.\n    MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n    byte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n    String encoded = Base64.getEncoder().encodeToString(hash);\n    return encoded;\n}\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* SQLCipher: [Android Application Integration](https://www.zetetic.net/sqlcipher/sqlcipher-for-android/)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n","markdown":"# Cleartext storage of sensitive information using a local database on Android\nSQLite is a lightweight database engine commonly used in Android devices to store data. By itself, SQLite does not offer any encryption mechanism by default and stores all data in cleartext, which introduces a risk if sensitive data like credentials, authentication tokens or personal identifiable information (PII) are directly stored in a SQLite database. The information could be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nUse `SQLCipher` or similar libraries to add encryption capabilities to SQLite. Alternatively, encrypt sensitive data using cryptographically secure algorithms before storing it in the database.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the database.\n\n\n```java\npublic void sqliteStorageUnsafe(Context ctx, String name, String password) {\n\t// BAD - sensitive information saved in cleartext.\n\tSQLiteDatabase db = ctx.openOrCreateDatabase(\"test\", Context.MODE_PRIVATE, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, password});\n}\n\npublic void sqliteStorageSafe(Context ctx, String name, String password) {\n\t// GOOD - sensitive information encrypted with a custom method.\n\tSQLiteDatabase db = ctx.openOrCreateDatabase(\"test\", Context.MODE_PRIVATE, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, encrypt(password)});\n}\n\npublic void sqlCipherStorageSafe(String name, String password, String databasePassword) {\n\t// GOOD - sensitive information saved using SQLCipher.\n\tnet.sqlcipher.database.SQLiteDatabase db = \n\t\tnet.sqlcipher.database.SQLiteDatabase.openOrCreateDatabase(\"test\", databasePassword, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, password});\n}\n\nprivate static String encrypt(String cleartext) {\n    // Use an encryption or strong hashing algorithm in the real world.\n    // The example below just returns a SHA-256 hash.\n    MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n    byte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n    String encoded = Base64.getEncoder().encodeToString(hash);\n    return encoded;\n}\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* SQLCipher: [Android Application Integration](https://www.zetetic.net/sqlcipher/sqlcipher-for-android/)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n"},"properties":{"tags":["security","external/cwe/cwe-312","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Cleartext Storage of Sensitive Information using\n              a local database on Android allows access for users with root\n              privileges or unexpected exposure from chained vulnerabilities.","id":"java/android/cleartext-storage-database","kind":"problem","name":"Cleartext storage of sensitive information using a local database on Android","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/socket-auth-race-condition","name":"java/socket-auth-race-condition","shortDescription":{"text":"Race condition in socket authentication"},"fullDescription":{"text":"Opening a socket after authenticating via a different channel may allow an attacker to connect to the port first."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Race condition in socket authentication\nA common pattern is to have a channel of communication open with a user, and then to open another channel, for example to transfer data. However, if user authentication is done over the original channel rather than the alternate channel, then an attacker may be able to connect to the alternate channel before the legitimate user does. This allows the attacker to impersonate the user by \"piggybacking\" on any previous authentication.\n\n\n## Recommendation\nWhen opening an alternate channel for an authenticated user (for example, a Java `Socket`), always authenticate the user over the new channel.\n\n\n## Example\nThis example shows two ways of opening a connection for a user. In the first example, authentication is determined based on materials that the user has already provided (for example, their username and/or password), and then a new channel is opened. However, no authentication is done over the new channel, and so an attacker could connect to it before the user connects.\n\nIn the second example, authentication is done over the socket channel itself, which verifies that the newly connected user is in fact the user that was expected.\n\n\n```java\npublic void doConnect(int desiredPort, String username) {\n\tServerSocket listenSocket = new ServerSocket(desiredPort);\n\n\tif (isAuthenticated(username)) {\n\t\tSocket connection1 = listenSocket.accept();\n\t\t// BAD: no authentication over the socket connection\n\t\tconnection1.getOutputStream().write(secretData);\n\t}\n}\n\npublic void doConnect(int desiredPort, String username) {\n\tServerSocket listenSocket = new ServerSocket(desiredPort);\n\n\tSocket connection2 = listenSocket.accept();\n\t// GOOD: authentication happens over the socket\n\tif (doAuthenticate(connection2, username)) {\n\t\tconnection2.getOutputStream().write(secretData);\n\t}\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-421](https://cwe.mitre.org/data/definitions/421.html).\n","markdown":"# Race condition in socket authentication\nA common pattern is to have a channel of communication open with a user, and then to open another channel, for example to transfer data. However, if user authentication is done over the original channel rather than the alternate channel, then an attacker may be able to connect to the alternate channel before the legitimate user does. This allows the attacker to impersonate the user by \"piggybacking\" on any previous authentication.\n\n\n## Recommendation\nWhen opening an alternate channel for an authenticated user (for example, a Java `Socket`), always authenticate the user over the new channel.\n\n\n## Example\nThis example shows two ways of opening a connection for a user. In the first example, authentication is determined based on materials that the user has already provided (for example, their username and/or password), and then a new channel is opened. However, no authentication is done over the new channel, and so an attacker could connect to it before the user connects.\n\nIn the second example, authentication is done over the socket channel itself, which verifies that the newly connected user is in fact the user that was expected.\n\n\n```java\npublic void doConnect(int desiredPort, String username) {\n\tServerSocket listenSocket = new ServerSocket(desiredPort);\n\n\tif (isAuthenticated(username)) {\n\t\tSocket connection1 = listenSocket.accept();\n\t\t// BAD: no authentication over the socket connection\n\t\tconnection1.getOutputStream().write(secretData);\n\t}\n}\n\npublic void doConnect(int desiredPort, String username) {\n\tServerSocket listenSocket = new ServerSocket(desiredPort);\n\n\tSocket connection2 = listenSocket.accept();\n\t// GOOD: authentication happens over the socket\n\tif (doAuthenticate(connection2, username)) {\n\t\tconnection2.getOutputStream().write(secretData);\n\t}\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-421](https://cwe.mitre.org/data/definitions/421.html).\n"},"properties":{"tags":["security","external/cwe/cwe-421"],"description":"Opening a socket after authenticating via a different channel may allow an attacker to connect to the port first.","id":"java/socket-auth-race-condition","kind":"problem","name":"Race condition in socket authentication","precision":"medium","problem.severity":"warning","security-severity":"7.2"}},{"id":"java/android/websettings-allow-content-access","name":"java/android/websettings-allow-content-access","shortDescription":{"text":"Android WebView settings allows access to content links"},"fullDescription":{"text":"Access to content providers in a WebView can allow access to protected information by loading content:// links."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android WebView settings allows access to content links\nAndroid can provide access to content providers within a WebView using the `setAllowContentAccess` setting.\n\nAllowing access to content providers via `content://` URLs may allow JavaScript to access protected content.\n\n\n## Recommendation\nIf your app does not require access to the `content://` URL functionality, you should explicitly disable the setting by calling `setAllowContentAccess(false)` on the settings of the WebView.\n\n\n## Example\nIn the following (bad) example, access to `content://` URLs is explicitly allowed.\n\n\n```java\nWebSettings settings = webview.getSettings();\n\nsettings.setAllowContentAccess(true);\n\n```\nIn the following (good) example, access to `content://` URLs is explicitly denied.\n\n\n```java\nWebSettings settings = webview.getSettings();\n\nsettings.setAllowContentAccess(false);\n\n```\n\n## References\n* Android Documentation: [setAllowContentAccess](https://developer.android.com/reference/android/webkit/WebSettings#setAllowContentAccess(boolean)).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n","markdown":"# Android WebView settings allows access to content links\nAndroid can provide access to content providers within a WebView using the `setAllowContentAccess` setting.\n\nAllowing access to content providers via `content://` URLs may allow JavaScript to access protected content.\n\n\n## Recommendation\nIf your app does not require access to the `content://` URL functionality, you should explicitly disable the setting by calling `setAllowContentAccess(false)` on the settings of the WebView.\n\n\n## Example\nIn the following (bad) example, access to `content://` URLs is explicitly allowed.\n\n\n```java\nWebSettings settings = webview.getSettings();\n\nsettings.setAllowContentAccess(true);\n\n```\nIn the following (good) example, access to `content://` URLs is explicitly denied.\n\n\n```java\nWebSettings settings = webview.getSettings();\n\nsettings.setAllowContentAccess(false);\n\n```\n\n## References\n* Android Documentation: [setAllowContentAccess](https://developer.android.com/reference/android/webkit/WebSettings#setAllowContentAccess(boolean)).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n"},"properties":{"tags":["security","external/cwe/cwe-200","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Access to content providers in a WebView can allow access to protected information by loading content:// links.","id":"java/android/websettings-allow-content-access","kind":"problem","name":"Android WebView settings allows access to content links","precision":"medium","problem.severity":"warning","security-severity":"6.5"}},{"id":"java/local-temp-file-or-directory-information-disclosure","name":"java/local-temp-file-or-directory-information-disclosure","shortDescription":{"text":"Local information disclosure in a temporary directory"},"fullDescription":{"text":"Writing information without explicit permissions to a shared temporary directory may disclose it to other users."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Local information disclosure in a temporary directory\nLocal information disclosure can occur when files/directories are written into directories that are shared between all users on the system.\n\nOn most [unix-like](https://en.wikipedia.org/wiki/Unix-like) systems, the system temporary directory is shared between local users. If files/directories are created within the system temporary directory without using APIs that explicitly set the correct file permissions, local information disclosure can occur.\n\nDepending upon the particular file contents exposed, this vulnerability can have a [CVSSv3.1 base score of 6.2/10](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1).\n\n\n## Recommendation\nUse JDK methods that specifically protect against this vulnerability:\n\n* [java.nio.file.Files.createTempDirectory](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempDirectory-java.nio.file.Path-java.lang.String-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createTempFile](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempFile-java.nio.file.Path-java.lang.String-java.lang.String-java.nio.file.attribute.FileAttribute...-)\nOtherwise, create the file/directory by manually specifying the expected posix file permissions. For example: `PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))`\n\n* [java.nio.file.Files.createFile](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createFile-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createDirectory](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createDirectory-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createDirectories](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createDirectories-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n\n## Example\nIn the following example, files and directories are created with file permissions that allow other local users to read their contents.\n\n\n```java\nimport java.io.File;\n\npublic class TempDirUsageVulnerable {\n    void exampleVulnerable() {\n        File temp1 = File.createTempFile(\"random\", \".txt\"); // BAD: File has permissions `-rw-r--r--`\n\n        File temp2 = File.createTempFile(\"random\", \"file\", null); // BAD: File has permissions `-rw-r--r--`\n\n        File systemTempDir = new File(System.getProperty(\"java.io.tmpdir\"));\n        File temp3 = File.createTempFile(\"random\", \"file\", systemTempDir); // BAD: File has permissions `-rw-r--r--`\n\n        File tempDir = com.google.common.io.Files.createTempDir(); // BAD: CVE-2020-8908: Directory has permissions `drwxr-xr-x`\n\n        new File(System.getProperty(\"java.io.tmpdir\"), \"/child\").mkdir(); // BAD: Directory has permissions `-rw-r--r--`\n\n        File tempDirChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        Files.createFile(tempDirChildFile.toPath()); // BAD: File has permissions `-rw-r--r--`\n\n        File tempDirChildDir = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-dir\");\n        tempDirChildDir.mkdir(); // BAD: Directory has permissions `drwxr-xr-x`\n        Files.createDirectory(tempDirChildDir.toPath()); // BAD: Directory has permissions `drwxr-xr-x`\n    }\n}\n\n```\nIn the following example, files and directories are created with file permissions that protect their contents.\n\n\n```java\nimport java.io.File;\nimport java.io.IOException;\nimport java.io.UncheckedIOException;\nimport java.nio.file.Files;\nimport java.nio.file.Path;\nimport java.nio.file.attribute.PosixFilePermission;\nimport java.nio.file.attribute.PosixFilePermissions;\n\nimport java.util.EnumSet;\n\n\npublic class TempDirUsageSafe {\n    void exampleSafe() throws IOException {\n        Path temp1 = Files.createTempFile(\"random\", \".txt\"); // GOOD: File has permissions `-rw-------`\n\n        Path temp2 = Files.createTempDirectory(\"random-directory\"); // GOOD: File has permissions `drwx------`\n\n        // Creating a temporary file with a non-randomly generated name\n        File tempChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        // Warning: This will fail on windows as it doesn't support PosixFilePermissions.\n        // See `exampleSafeWithWindowsSupportFile` if your code needs to support windows and unix-like systems.\n        Files.createFile(\n            tempChildFile.toPath(),\n            PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))\n        ); // GOOD: Good has permissions `-rw-------`\n    }\n\n    /*\n     * An example of a safe use of createFile or createDirectory if your code must support windows and unix-like systems.\n     */\n    void exampleSafeWithWindowsSupportFile() {\n        // Creating a temporary file with a non-randomly generated name\n        File tempChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        createTempFile(tempChildFile.toPath()); // GOOD: Good has permissions `-rw-------`\n    }\n\n    static void createTempFile(Path tempDirChild) {\n        try {\n            if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains(\"posix\")) {\n                // Explicit permissions setting is only required on unix-like systems because\n                // the temporary directory is shared between all users.\n                // This is not necessary on Windows, each user has their own temp directory\n                final EnumSet<PosixFilePermission> posixFilePermissions =\n                        EnumSet.of(\n                            PosixFilePermission.OWNER_READ,\n                            PosixFilePermission.OWNER_WRITE\n                        );\n                if (!Files.exists(tempDirChild)) {\n                    Files.createFile(\n                        tempDirChild,\n                        PosixFilePermissions.asFileAttribute(posixFilePermissions)\n                    ); // GOOD: Directory has permissions `-rw-------`\n                } else {\n                    Files.setPosixFilePermissions(\n                            tempDirChild,\n                            posixFilePermissions\n                    ); // GOOD: Good has permissions `-rw-------`, or will throw an exception if this fails\n                }\n            } else if (!Files.exists(tempDirChild)) {\n                // On Windows, we still need to create the directory, when it doesn't already exist.\n                Files.createDirectory(tempDirChild); // GOOD: Windows doesn't share the temp directory between users\n            }\n        } catch (IOException exception) {\n            throw new UncheckedIOException(\"Failed to create temp file\", exception);\n        }\n    }\n\n    void exampleSafeWithWindowsSupportDirectory() {\n        File tempDirChildDir = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-dir\");\n        createTempDirectories(tempDirChildDir.toPath()); // GOOD: Directory has permissions `drwx------`\n    }\n\n    static void createTempDirectories(Path tempDirChild) {\n        try {\n            if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains(\"posix\")) {\n                // Explicit permissions setting is only required on unix-like systems because\n                // the temporary directory is shared between all users.\n                // This is not necessary on Windows, each user has their own temp directory\n                final EnumSet<PosixFilePermission> posixFilePermissions =\n                        EnumSet.of(\n                            PosixFilePermission.OWNER_READ,\n                            PosixFilePermission.OWNER_WRITE,\n                            PosixFilePermission.OWNER_EXECUTE\n                        );\n                if (!Files.exists(tempDirChild)) {\n                    Files.createDirectories(\n                        tempDirChild,\n                        PosixFilePermissions.asFileAttribute(posixFilePermissions)\n                    ); // GOOD: Directory has permissions `drwx------`\n                } else {\n                    Files.setPosixFilePermissions(\n                            tempDirChild,\n                            posixFilePermissions\n                    ); // GOOD: Good has permissions `drwx------`, or will throw an exception if this fails\n                }\n            } else if (!Files.exists(tempDirChild)) {\n                // On Windows, we still need to create the directory, when it doesn't already exist.\n                Files.createDirectories(tempDirChild); // GOOD: Windows doesn't share the temp directory between users\n            }\n        } catch (IOException exception) {\n            throw new UncheckedIOException(\"Failed to create temp dir\", exception);\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Insecure Temporary File](https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File).\n* CERT: [FIO00-J. Do not operate on files in shared directories](https://wiki.sei.cmu.edu/confluence/display/java/FIO00-J.+Do+not+operate+on+files+in+shared+directories).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n* Common Weakness Enumeration: [CWE-732](https://cwe.mitre.org/data/definitions/732.html).\n","markdown":"# Local information disclosure in a temporary directory\nLocal information disclosure can occur when files/directories are written into directories that are shared between all users on the system.\n\nOn most [unix-like](https://en.wikipedia.org/wiki/Unix-like) systems, the system temporary directory is shared between local users. If files/directories are created within the system temporary directory without using APIs that explicitly set the correct file permissions, local information disclosure can occur.\n\nDepending upon the particular file contents exposed, this vulnerability can have a [CVSSv3.1 base score of 6.2/10](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1).\n\n\n## Recommendation\nUse JDK methods that specifically protect against this vulnerability:\n\n* [java.nio.file.Files.createTempDirectory](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempDirectory-java.nio.file.Path-java.lang.String-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createTempFile](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempFile-java.nio.file.Path-java.lang.String-java.lang.String-java.nio.file.attribute.FileAttribute...-)\nOtherwise, create the file/directory by manually specifying the expected posix file permissions. For example: `PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))`\n\n* [java.nio.file.Files.createFile](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createFile-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createDirectory](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createDirectory-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createDirectories](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createDirectories-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n\n## Example\nIn the following example, files and directories are created with file permissions that allow other local users to read their contents.\n\n\n```java\nimport java.io.File;\n\npublic class TempDirUsageVulnerable {\n    void exampleVulnerable() {\n        File temp1 = File.createTempFile(\"random\", \".txt\"); // BAD: File has permissions `-rw-r--r--`\n\n        File temp2 = File.createTempFile(\"random\", \"file\", null); // BAD: File has permissions `-rw-r--r--`\n\n        File systemTempDir = new File(System.getProperty(\"java.io.tmpdir\"));\n        File temp3 = File.createTempFile(\"random\", \"file\", systemTempDir); // BAD: File has permissions `-rw-r--r--`\n\n        File tempDir = com.google.common.io.Files.createTempDir(); // BAD: CVE-2020-8908: Directory has permissions `drwxr-xr-x`\n\n        new File(System.getProperty(\"java.io.tmpdir\"), \"/child\").mkdir(); // BAD: Directory has permissions `-rw-r--r--`\n\n        File tempDirChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        Files.createFile(tempDirChildFile.toPath()); // BAD: File has permissions `-rw-r--r--`\n\n        File tempDirChildDir = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-dir\");\n        tempDirChildDir.mkdir(); // BAD: Directory has permissions `drwxr-xr-x`\n        Files.createDirectory(tempDirChildDir.toPath()); // BAD: Directory has permissions `drwxr-xr-x`\n    }\n}\n\n```\nIn the following example, files and directories are created with file permissions that protect their contents.\n\n\n```java\nimport java.io.File;\nimport java.io.IOException;\nimport java.io.UncheckedIOException;\nimport java.nio.file.Files;\nimport java.nio.file.Path;\nimport java.nio.file.attribute.PosixFilePermission;\nimport java.nio.file.attribute.PosixFilePermissions;\n\nimport java.util.EnumSet;\n\n\npublic class TempDirUsageSafe {\n    void exampleSafe() throws IOException {\n        Path temp1 = Files.createTempFile(\"random\", \".txt\"); // GOOD: File has permissions `-rw-------`\n\n        Path temp2 = Files.createTempDirectory(\"random-directory\"); // GOOD: File has permissions `drwx------`\n\n        // Creating a temporary file with a non-randomly generated name\n        File tempChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        // Warning: This will fail on windows as it doesn't support PosixFilePermissions.\n        // See `exampleSafeWithWindowsSupportFile` if your code needs to support windows and unix-like systems.\n        Files.createFile(\n            tempChildFile.toPath(),\n            PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))\n        ); // GOOD: Good has permissions `-rw-------`\n    }\n\n    /*\n     * An example of a safe use of createFile or createDirectory if your code must support windows and unix-like systems.\n     */\n    void exampleSafeWithWindowsSupportFile() {\n        // Creating a temporary file with a non-randomly generated name\n        File tempChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        createTempFile(tempChildFile.toPath()); // GOOD: Good has permissions `-rw-------`\n    }\n\n    static void createTempFile(Path tempDirChild) {\n        try {\n            if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains(\"posix\")) {\n                // Explicit permissions setting is only required on unix-like systems because\n                // the temporary directory is shared between all users.\n                // This is not necessary on Windows, each user has their own temp directory\n                final EnumSet<PosixFilePermission> posixFilePermissions =\n                        EnumSet.of(\n                            PosixFilePermission.OWNER_READ,\n                            PosixFilePermission.OWNER_WRITE\n                        );\n                if (!Files.exists(tempDirChild)) {\n                    Files.createFile(\n                        tempDirChild,\n                        PosixFilePermissions.asFileAttribute(posixFilePermissions)\n                    ); // GOOD: Directory has permissions `-rw-------`\n                } else {\n                    Files.setPosixFilePermissions(\n                            tempDirChild,\n                            posixFilePermissions\n                    ); // GOOD: Good has permissions `-rw-------`, or will throw an exception if this fails\n                }\n            } else if (!Files.exists(tempDirChild)) {\n                // On Windows, we still need to create the directory, when it doesn't already exist.\n                Files.createDirectory(tempDirChild); // GOOD: Windows doesn't share the temp directory between users\n            }\n        } catch (IOException exception) {\n            throw new UncheckedIOException(\"Failed to create temp file\", exception);\n        }\n    }\n\n    void exampleSafeWithWindowsSupportDirectory() {\n        File tempDirChildDir = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-dir\");\n        createTempDirectories(tempDirChildDir.toPath()); // GOOD: Directory has permissions `drwx------`\n    }\n\n    static void createTempDirectories(Path tempDirChild) {\n        try {\n            if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains(\"posix\")) {\n                // Explicit permissions setting is only required on unix-like systems because\n                // the temporary directory is shared between all users.\n                // This is not necessary on Windows, each user has their own temp directory\n                final EnumSet<PosixFilePermission> posixFilePermissions =\n                        EnumSet.of(\n                            PosixFilePermission.OWNER_READ,\n                            PosixFilePermission.OWNER_WRITE,\n                            PosixFilePermission.OWNER_EXECUTE\n                        );\n                if (!Files.exists(tempDirChild)) {\n                    Files.createDirectories(\n                        tempDirChild,\n                        PosixFilePermissions.asFileAttribute(posixFilePermissions)\n                    ); // GOOD: Directory has permissions `drwx------`\n                } else {\n                    Files.setPosixFilePermissions(\n                            tempDirChild,\n                            posixFilePermissions\n                    ); // GOOD: Good has permissions `drwx------`, or will throw an exception if this fails\n                }\n            } else if (!Files.exists(tempDirChild)) {\n                // On Windows, we still need to create the directory, when it doesn't already exist.\n                Files.createDirectories(tempDirChild); // GOOD: Windows doesn't share the temp directory between users\n            }\n        } catch (IOException exception) {\n            throw new UncheckedIOException(\"Failed to create temp dir\", exception);\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Insecure Temporary File](https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File).\n* CERT: [FIO00-J. Do not operate on files in shared directories](https://wiki.sei.cmu.edu/confluence/display/java/FIO00-J.+Do+not+operate+on+files+in+shared+directories).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n* Common Weakness Enumeration: [CWE-732](https://cwe.mitre.org/data/definitions/732.html).\n"},"properties":{"tags":["security","external/cwe/cwe-200","external/cwe/cwe-732","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Writing information without explicit permissions to a shared temporary directory may disclose it to other users.","id":"java/local-temp-file-or-directory-information-disclosure","kind":"path-problem","name":"Local information disclosure in a temporary directory","precision":"medium","problem.severity":"warning","security-severity":"6.5"}},{"id":"java/android/websettings-file-access","name":"java/android/websettings-file-access","shortDescription":{"text":"Android WebSettings file access"},"fullDescription":{"text":"Enabling access to the file system in a WebView allows attackers to view sensitive information."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android WebSettings file access\nAllowing file access in an Android WebView can expose a device's file system to the JavaScript running in that WebView. If the JavaScript contains vulnerabilities or the WebView loads untrusted content, file access allows an attacker to steal the user's data.\n\n\n## Recommendation\nWhen possible, do not allow file access. The file access settings are disabled by default. You can explicitly disable file access by setting the following settings to `false`:\n\n* `setAllowFileAccess`\n* `setAllowFileAccessFromFileURLs`\n* `setAllowUniversalAccessFromFileURLs`\nIf your application requires access to the file system, it is best to avoid using `file://` URLs. Instead, use an alternative that loads files via HTTPS, such as `androidx.webkit.WebViewAssetLoader`.\n\n\n## Example\nIn the following (bad) example, the WebView is configured with settings that allow local file access.\n\n\n```java\nWebSettings settings = view.getSettings();\n\nsettings.setAllowFileAccess(true);\nsettings.setAllowFileAccessFromURLs(true);\nsettings.setAllowUniversalAccessFromURLs(true);\n\n```\nIn the following (good) example, the WebView is configured to disallow file access.\n\n\n```java\nWebSettings settings = view.getSettings();\n\nsettings.setAllowFileAccess(false);\nsettings.setAllowFileAccessFromURLs(false);\nsettings.setAllowUniversalAccessFromURLs(false);\n\n```\nAs mentioned previously, asset loaders can load files without file system access. In the following (good) example, an asset loader is configured to load assets over HTTPS.\n\n\n```java\nWebViewAssetLoader loader = new WebViewAssetLoader.Builder()\n    // Replace the domain with a domain you control, or use the default\n    // appassets.androidplatform.com\n    .setDomain(\"appassets.example.com\")\n    .addPathHandler(\"/resources\", new AssetsPathHandler(this))\n    .build();\n\nwebView.setWebViewClient(new WebViewClientCompat() {\n    @Override\n    public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {\n        return assetLoader.shouldInterceptRequest(request.getUrl());\n    }\n});\n\nwebView.loadUrl(\"https://appassets.example.com/resources/www/index.html\");\n\n```\n\n## References\n* Android documentation: [WebSettings.setAllowFileAccess](https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)).\n* Android documentation: [WebSettings.setAllowFileAccessFromFileURLs](https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccessFromFileURLs(boolean)).\n* Android documentation: [WebSettings.setAllowUniversalAccessFromFileURLs](https://developer.android.com/reference/android/webkit/WebSettings#setAllowUniversalAccessFromFileURLs(boolean)).\n* Android documentation: [WebViewAssetLoader](https://developer.android.com/reference/androidx/webkit/WebViewAssetLoader).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n","markdown":"# Android WebSettings file access\nAllowing file access in an Android WebView can expose a device's file system to the JavaScript running in that WebView. If the JavaScript contains vulnerabilities or the WebView loads untrusted content, file access allows an attacker to steal the user's data.\n\n\n## Recommendation\nWhen possible, do not allow file access. The file access settings are disabled by default. You can explicitly disable file access by setting the following settings to `false`:\n\n* `setAllowFileAccess`\n* `setAllowFileAccessFromFileURLs`\n* `setAllowUniversalAccessFromFileURLs`\nIf your application requires access to the file system, it is best to avoid using `file://` URLs. Instead, use an alternative that loads files via HTTPS, such as `androidx.webkit.WebViewAssetLoader`.\n\n\n## Example\nIn the following (bad) example, the WebView is configured with settings that allow local file access.\n\n\n```java\nWebSettings settings = view.getSettings();\n\nsettings.setAllowFileAccess(true);\nsettings.setAllowFileAccessFromURLs(true);\nsettings.setAllowUniversalAccessFromURLs(true);\n\n```\nIn the following (good) example, the WebView is configured to disallow file access.\n\n\n```java\nWebSettings settings = view.getSettings();\n\nsettings.setAllowFileAccess(false);\nsettings.setAllowFileAccessFromURLs(false);\nsettings.setAllowUniversalAccessFromURLs(false);\n\n```\nAs mentioned previously, asset loaders can load files without file system access. In the following (good) example, an asset loader is configured to load assets over HTTPS.\n\n\n```java\nWebViewAssetLoader loader = new WebViewAssetLoader.Builder()\n    // Replace the domain with a domain you control, or use the default\n    // appassets.androidplatform.com\n    .setDomain(\"appassets.example.com\")\n    .addPathHandler(\"/resources\", new AssetsPathHandler(this))\n    .build();\n\nwebView.setWebViewClient(new WebViewClientCompat() {\n    @Override\n    public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {\n        return assetLoader.shouldInterceptRequest(request.getUrl());\n    }\n});\n\nwebView.loadUrl(\"https://appassets.example.com/resources/www/index.html\");\n\n```\n\n## References\n* Android documentation: [WebSettings.setAllowFileAccess](https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)).\n* Android documentation: [WebSettings.setAllowFileAccessFromFileURLs](https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccessFromFileURLs(boolean)).\n* Android documentation: [WebSettings.setAllowUniversalAccessFromFileURLs](https://developer.android.com/reference/android/webkit/WebSettings#setAllowUniversalAccessFromFileURLs(boolean)).\n* Android documentation: [WebViewAssetLoader](https://developer.android.com/reference/androidx/webkit/WebViewAssetLoader).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n"},"properties":{"tags":["security","external/cwe/cwe-200","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Enabling access to the file system in a WebView allows attackers to view sensitive information.","id":"java/android/websettings-file-access","kind":"problem","name":"Android WebSettings file access","precision":"medium","problem.severity":"warning","security-severity":"6.5"}},{"id":"java/android/webview-addjavascriptinterface","name":"java/android/webview-addjavascriptinterface","shortDescription":{"text":"Access Java object methods through JavaScript exposure"},"fullDescription":{"text":"Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Access Java object methods through JavaScript exposure\nCalling the `addJavascriptInterface` method of the `android.webkit.WebView` class allows the web pages of a WebView to access a Java object's methods via JavaScript.\n\nObjects exposed to JavaScript are available in all frames of the WebView.\n\n\n## Recommendation\nIf you need to expose Java objects to JavaScript, guarantee that no untrusted third-party content is loaded into the WebView.\n\n\n## Example\nIn the following (bad) example, a Java object is exposed to JavaScript.\n\n\n```java\nimport android.webkit.JavascriptInterface;\nimport android.database.sqlite.SQLiteOpenHelper;\n\nclass ExposedObject extends SQLiteOpenHelper {\n    @JavascriptInterface\n    public String studentEmail(String studentName) {\n        // SQL injection\n        String query = \"SELECT email FROM students WHERE studentname = '\" + studentName + \"'\";\n\n        Cursor cursor = db.rawQuery(query, null);\n        cursor.moveToFirst();\n        String email = cursor.getString(0);\n\n        return email;\n    }\n}\n\nwebview.getSettings().setJavaScriptEnabled(true);\nwebview.addJavaScriptInterface(new ExposedObject(), \"exposedObject\");\nwebview.loadData(\"\", \"text/html\", null);\n\nString name = \"Robert'; DROP TABLE students; --\";\nwebview.loadUrl(\"javascript:alert(exposedObject.studentEmail(\\\"\"+ name +\"\\\"))\");\n\n```\n\n## References\n* Android Documentation: [addJavascriptInterface](https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String))\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n","markdown":"# Access Java object methods through JavaScript exposure\nCalling the `addJavascriptInterface` method of the `android.webkit.WebView` class allows the web pages of a WebView to access a Java object's methods via JavaScript.\n\nObjects exposed to JavaScript are available in all frames of the WebView.\n\n\n## Recommendation\nIf you need to expose Java objects to JavaScript, guarantee that no untrusted third-party content is loaded into the WebView.\n\n\n## Example\nIn the following (bad) example, a Java object is exposed to JavaScript.\n\n\n```java\nimport android.webkit.JavascriptInterface;\nimport android.database.sqlite.SQLiteOpenHelper;\n\nclass ExposedObject extends SQLiteOpenHelper {\n    @JavascriptInterface\n    public String studentEmail(String studentName) {\n        // SQL injection\n        String query = \"SELECT email FROM students WHERE studentname = '\" + studentName + \"'\";\n\n        Cursor cursor = db.rawQuery(query, null);\n        cursor.moveToFirst();\n        String email = cursor.getString(0);\n\n        return email;\n    }\n}\n\nwebview.getSettings().setJavaScriptEnabled(true);\nwebview.addJavaScriptInterface(new ExposedObject(), \"exposedObject\");\nwebview.loadData(\"\", \"text/html\", null);\n\nString name = \"Robert'; DROP TABLE students; --\";\nwebview.loadUrl(\"javascript:alert(exposedObject.studentEmail(\\\"\"+ name +\"\\\"))\");\n\n```\n\n## References\n* Android Documentation: [addJavascriptInterface](https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String))\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n"},"properties":{"tags":["security","external/cwe/cwe-079"],"description":"Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application.","id":"java/android/webview-addjavascriptinterface","kind":"problem","name":"Access Java object methods through JavaScript exposure","precision":"medium","problem.severity":"warning","security-severity":"6.1"}},{"id":"java/android/websettings-javascript-enabled","name":"java/android/websettings-javascript-enabled","shortDescription":{"text":"Android WebView JavaScript settings"},"fullDescription":{"text":"Enabling JavaScript execution in a WebView can result in cross-site scripting attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android WebView JavaScript settings\nEnabling JavaScript in an Android WebView allows the execution of JavaScript code in the context of the running application. This creates a cross-site scripting vulnerability.\n\nFor example, if your application's WebView allows for visiting web pages that you do not trust, it is possible for an attacker to lead the user to a page which loads malicious JavaScript.\n\nYou can enable or disable Javascript execution using the `setJavaScriptEnabled` method of the settings of a WebView.\n\n\n## Recommendation\nJavaScript execution is disabled by default. You can explicitly disable it by calling `setJavaScriptEnabled(false)` on the settings of the WebView.\n\nIf JavaScript is necessary, only load content from trusted servers using encrypted channels, such as HTTPS with certificate verification.\n\n\n## Example\nIn the following (bad) example, a WebView has JavaScript enabled in its settings:\n\n\n```java\nWebSettings settings = webview.getSettings();\nsettings.setJavaScriptEnabled(true);\n\n```\nIn the following (good) example, a WebView explicitly disallows JavaScript execution:\n\n\n```java\nWebSettings settings = webview.getSettings();\nsettings.setJavaScriptEnabled(false);\n\n```\n\n## References\n* Android documentation: [setJavaScriptEnabled](https://developer.android.com/reference/android/webkit/WebSettings#setJavaScriptEnabled(boolean))\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n","markdown":"# Android WebView JavaScript settings\nEnabling JavaScript in an Android WebView allows the execution of JavaScript code in the context of the running application. This creates a cross-site scripting vulnerability.\n\nFor example, if your application's WebView allows for visiting web pages that you do not trust, it is possible for an attacker to lead the user to a page which loads malicious JavaScript.\n\nYou can enable or disable Javascript execution using the `setJavaScriptEnabled` method of the settings of a WebView.\n\n\n## Recommendation\nJavaScript execution is disabled by default. You can explicitly disable it by calling `setJavaScriptEnabled(false)` on the settings of the WebView.\n\nIf JavaScript is necessary, only load content from trusted servers using encrypted channels, such as HTTPS with certificate verification.\n\n\n## Example\nIn the following (bad) example, a WebView has JavaScript enabled in its settings:\n\n\n```java\nWebSettings settings = webview.getSettings();\nsettings.setJavaScriptEnabled(true);\n\n```\nIn the following (good) example, a WebView explicitly disallows JavaScript execution:\n\n\n```java\nWebSettings settings = webview.getSettings();\nsettings.setJavaScriptEnabled(false);\n\n```\n\n## References\n* Android documentation: [setJavaScriptEnabled](https://developer.android.com/reference/android/webkit/WebSettings#setJavaScriptEnabled(boolean))\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n"},"properties":{"tags":["security","external/cwe/cwe-079"],"description":"Enabling JavaScript execution in a WebView can result in cross-site scripting attacks.","id":"java/android/websettings-javascript-enabled","kind":"problem","name":"Android WebView JavaScript settings","precision":"medium","problem.severity":"warning","security-severity":"6.1"}},{"id":"java/android/missing-certificate-pinning","name":"java/android/missing-certificate-pinning","shortDescription":{"text":"Android missing certificate pinning"},"fullDescription":{"text":"Network connections that do not use certificate pinning may allow attackers to eavesdrop on communications."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android missing certificate pinning\nCertificate pinning is the practice of only trusting a specific set of SSL certificates, rather than those that the device trusts by default. In Android applications, it is reccomended to use certificate pinning when communicating over the network, in order to minimize the risk of machine-in-the-middle attacks from a compromised CA.\n\n\n## Recommendation\nThe easiest way to implement certificate pinning is to declare your pins in a `network-security-config` XML file. This will automatically provide certificate pinning for any network connection made by the app.\n\nAnother way to implement certificate pinning is to use the \\`CertificatePinner\\` class from the \\`okhttp\\` library.\n\nA final way to implement certificate pinning is to use a `TrustManager`, initialized from a `KeyStore` loaded with only the necessary certificates.\n\n\n## Example\nIn the first (bad) case below, a network call is performed with no certificate pinning implemented. The other (good) cases demonstrate the different ways to implement certificate pinning.\n\n\n```java\n// BAD - By default, this network call does not use certificate pinning\nURLConnection conn = new URL(\"https://example.com\").openConnection();\n```\n\n```xml\n<!-- GOOD: Certificate pinning implemented via a Network Security Config file -->\n\n<!-- In AndroidManifest.xml -->\n<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\"\n    package=\"com.example.app\">\n\n    <application android:networkSecurityConfig=\"@xml/NetworkSecurityConfig\">\n        ...\n    </application>\n\n</manifest>\n\n<!-- In res/xml/NetworkSecurityConfig.xml -->\n<network-security-config>\n    <domain-config>\n        <domain>good.example.com</domain>\n        <pin-set expiration=\"2038/1/19\">\n            <pin digest=\"SHA-256\">...</pin>\n        </pin-set>\n    </domain-config>\n</network-security-config>\n```\n\n```java\n// GOOD: Certificate pinning implemented via okhttp3.CertificatePinner \nCertificatePinner certificatePinner = new CertificatePinner.Builder()\n    .add(\"example.com\", \"sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\")\n    .build();\nOkHttpClient client = new OkHttpClient.Builder()\n    .certificatePinner(certificatePinner)\n    .build();\n\nclient.newCall(new Request.Builder().url(\"https://example.com\").build()).execute();\n\n\n\n// GOOD: Certificate pinning implemented via a TrustManager\nKeyStore keyStore = KeyStore.getInstance(\"BKS\");\nkeyStore.load(resources.openRawResource(R.raw.cert), null);\n\nTrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());\ntmf.init(keyStore);\n\nSSLContext sslContext = SSLContext.getInstance(\"TLS\");\nsslContext.init(null, tmf.getTrustManagers(), null);\n\nURL url = new URL(\"http://www.example.com/\");\nHttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); \n\nurlConnection.setSSLSocketFactory(sslContext.getSocketFactory());\n```\n\n## References\n* OWASP Mobile Security: [Testing Custom Certificate Stores and Certificate Pinning (MSTG-NETWORK-4)](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05g-testing-network-communication#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4).\n* Android Developers: [Network security configuration](https://developer.android.com/training/articles/security-config).\n* OkHttp: [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n","markdown":"# Android missing certificate pinning\nCertificate pinning is the practice of only trusting a specific set of SSL certificates, rather than those that the device trusts by default. In Android applications, it is reccomended to use certificate pinning when communicating over the network, in order to minimize the risk of machine-in-the-middle attacks from a compromised CA.\n\n\n## Recommendation\nThe easiest way to implement certificate pinning is to declare your pins in a `network-security-config` XML file. This will automatically provide certificate pinning for any network connection made by the app.\n\nAnother way to implement certificate pinning is to use the \\`CertificatePinner\\` class from the \\`okhttp\\` library.\n\nA final way to implement certificate pinning is to use a `TrustManager`, initialized from a `KeyStore` loaded with only the necessary certificates.\n\n\n## Example\nIn the first (bad) case below, a network call is performed with no certificate pinning implemented. The other (good) cases demonstrate the different ways to implement certificate pinning.\n\n\n```java\n// BAD - By default, this network call does not use certificate pinning\nURLConnection conn = new URL(\"https://example.com\").openConnection();\n```\n\n```xml\n<!-- GOOD: Certificate pinning implemented via a Network Security Config file -->\n\n<!-- In AndroidManifest.xml -->\n<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\"\n    package=\"com.example.app\">\n\n    <application android:networkSecurityConfig=\"@xml/NetworkSecurityConfig\">\n        ...\n    </application>\n\n</manifest>\n\n<!-- In res/xml/NetworkSecurityConfig.xml -->\n<network-security-config>\n    <domain-config>\n        <domain>good.example.com</domain>\n        <pin-set expiration=\"2038/1/19\">\n            <pin digest=\"SHA-256\">...</pin>\n        </pin-set>\n    </domain-config>\n</network-security-config>\n```\n\n```java\n// GOOD: Certificate pinning implemented via okhttp3.CertificatePinner \nCertificatePinner certificatePinner = new CertificatePinner.Builder()\n    .add(\"example.com\", \"sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\")\n    .build();\nOkHttpClient client = new OkHttpClient.Builder()\n    .certificatePinner(certificatePinner)\n    .build();\n\nclient.newCall(new Request.Builder().url(\"https://example.com\").build()).execute();\n\n\n\n// GOOD: Certificate pinning implemented via a TrustManager\nKeyStore keyStore = KeyStore.getInstance(\"BKS\");\nkeyStore.load(resources.openRawResource(R.raw.cert), null);\n\nTrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());\ntmf.init(keyStore);\n\nSSLContext sslContext = SSLContext.getInstance(\"TLS\");\nsslContext.init(null, tmf.getTrustManagers(), null);\n\nURL url = new URL(\"http://www.example.com/\");\nHttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); \n\nurlConnection.setSSLSocketFactory(sslContext.getSocketFactory());\n```\n\n## References\n* OWASP Mobile Security: [Testing Custom Certificate Stores and Certificate Pinning (MSTG-NETWORK-4)](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05g-testing-network-communication#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4).\n* Android Developers: [Network security configuration](https://developer.android.com/training/articles/security-config).\n* OkHttp: [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n"},"properties":{"tags":["security","external/cwe/cwe-295","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Network connections that do not use certificate pinning may allow attackers to eavesdrop on communications.","id":"java/android/missing-certificate-pinning","kind":"problem","name":"Android missing certificate pinning","precision":"medium","problem.severity":"warning","security-severity":"5.9"}},{"id":"java/insecure-basic-auth","name":"java/insecure-basic-auth","shortDescription":{"text":"Insecure basic authentication"},"fullDescription":{"text":"Basic authentication only obfuscates username/password in Base64 encoding, which can be easily recognized and reversed. Transmitting sensitive information without using HTTPS makes the data vulnerable to packet sniffing."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Insecure basic authentication\nBasic authentication only obfuscates usernames and passwords in Base64 encoding, which can be easily recognized and reversed, thus it must not be transmitted over the cleartext HTTP channel. Transmitting sensitive information without using HTTPS makes the data vulnerable to packet sniffing.\n\n\n## Recommendation\nEither use a more secure authentication mechanism like digest authentication or federated authentication, or use the HTTPS communication protocol.\n\n\n## Example\nThe following example shows two ways of using basic authentication. In the 'BAD' case, the credentials are transmitted over HTTP. In the 'GOOD' case, the credentials are transmitted over HTTPS.\n\n\n```java\npublic class InsecureBasicAuth {\n  /**\n   * Test basic authentication with Apache HTTP request.\n   */\n  public void testApacheHttpRequest(String username, String password) {\n\n    // BAD: basic authentication over HTTP\n    String url = \"http://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    // GOOD: basic authentication over HTTPS\n    url = \"https://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    HttpPost post = new HttpPost(url);\n    post.setHeader(\"Accept\", \"application/json\");\n    post.setHeader(\"Content-type\", \"application/json\");\n\n    String authString = username + \":\" + password;\n    byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());\n    String authStringEnc = new String(authEncBytes);\n\n    post.addHeader(\"Authorization\", \"Basic \" + authStringEnc);\n  }\n\n  /**\n   * Test basic authentication with Java HTTP URL connection.\n   */\n  public void testHttpUrlConnection(String username, String password) {\n\n    // BAD: basic authentication over HTTP\n    String urlStr = \"http://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    // GOOD: basic authentication over HTTPS\n    urlStr = \"https://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    String authString = username + \":\" + password;\n    String encoding = Base64.getEncoder().encodeToString(authString.getBytes(\"UTF-8\"));\n    URL url = new URL(urlStr);\n    HttpURLConnection conn = (HttpURLConnection) url.openConnection();\n    conn.setRequestMethod(\"POST\");\n    conn.setDoOutput(true);\n    conn.setRequestProperty(\"Authorization\", \"Basic \" + encoding);\n  }\n}\n\n```\n\n## References\n* SonarSource rule: [Basic authentication should not be used](https://rules.sonarsource.com/java/tag/owasp/RSPEC-2647).\n* Acunetix: [WEB VULNERABILITIES INDEX - Basic authentication over HTTP](https://www.acunetix.com/vulnerabilities/web/basic-authentication-over-http/).\n* Common Weakness Enumeration: [CWE-522](https://cwe.mitre.org/data/definitions/522.html).\n* Common Weakness Enumeration: [CWE-319](https://cwe.mitre.org/data/definitions/319.html).\n","markdown":"# Insecure basic authentication\nBasic authentication only obfuscates usernames and passwords in Base64 encoding, which can be easily recognized and reversed, thus it must not be transmitted over the cleartext HTTP channel. Transmitting sensitive information without using HTTPS makes the data vulnerable to packet sniffing.\n\n\n## Recommendation\nEither use a more secure authentication mechanism like digest authentication or federated authentication, or use the HTTPS communication protocol.\n\n\n## Example\nThe following example shows two ways of using basic authentication. In the 'BAD' case, the credentials are transmitted over HTTP. In the 'GOOD' case, the credentials are transmitted over HTTPS.\n\n\n```java\npublic class InsecureBasicAuth {\n  /**\n   * Test basic authentication with Apache HTTP request.\n   */\n  public void testApacheHttpRequest(String username, String password) {\n\n    // BAD: basic authentication over HTTP\n    String url = \"http://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    // GOOD: basic authentication over HTTPS\n    url = \"https://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    HttpPost post = new HttpPost(url);\n    post.setHeader(\"Accept\", \"application/json\");\n    post.setHeader(\"Content-type\", \"application/json\");\n\n    String authString = username + \":\" + password;\n    byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());\n    String authStringEnc = new String(authEncBytes);\n\n    post.addHeader(\"Authorization\", \"Basic \" + authStringEnc);\n  }\n\n  /**\n   * Test basic authentication with Java HTTP URL connection.\n   */\n  public void testHttpUrlConnection(String username, String password) {\n\n    // BAD: basic authentication over HTTP\n    String urlStr = \"http://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    // GOOD: basic authentication over HTTPS\n    urlStr = \"https://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    String authString = username + \":\" + password;\n    String encoding = Base64.getEncoder().encodeToString(authString.getBytes(\"UTF-8\"));\n    URL url = new URL(urlStr);\n    HttpURLConnection conn = (HttpURLConnection) url.openConnection();\n    conn.setRequestMethod(\"POST\");\n    conn.setDoOutput(true);\n    conn.setRequestProperty(\"Authorization\", \"Basic \" + encoding);\n  }\n}\n\n```\n\n## References\n* SonarSource rule: [Basic authentication should not be used](https://rules.sonarsource.com/java/tag/owasp/RSPEC-2647).\n* Acunetix: [WEB VULNERABILITIES INDEX - Basic authentication over HTTP](https://www.acunetix.com/vulnerabilities/web/basic-authentication-over-http/).\n* Common Weakness Enumeration: [CWE-522](https://cwe.mitre.org/data/definitions/522.html).\n* Common Weakness Enumeration: [CWE-319](https://cwe.mitre.org/data/definitions/319.html).\n"},"properties":{"tags":["security","external/cwe/cwe-522","external/cwe/cwe-319","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Basic authentication only obfuscates username/password in\n              Base64 encoding, which can be easily recognized and reversed.\n              Transmitting sensitive information without using HTTPS makes\n              the data vulnerable to packet sniffing.","id":"java/insecure-basic-auth","kind":"path-problem","name":"Insecure basic authentication","precision":"medium","problem.severity":"warning","security-severity":"8.8"}},{"id":"java/log-injection","name":"java/log-injection","shortDescription":{"text":"Log Injection"},"fullDescription":{"text":"Building log entries from user-controlled data may allow insertion of forged log entries by malicious users."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Log Injection\nIf unsanitized user input is written to a log entry, a malicious user may be able to forge new log entries.\n\nForgery can occur if a user provides some input creating the appearance of multiple log entries. This can include unescaped new-line characters, or HTML or other markup.\n\n\n## Recommendation\nUser input should be suitably sanitized before it is logged.\n\nIf the log entries are plain text then line breaks should be removed from user input, using for example `String replace(char oldChar, char newChar)` or similar. Care should also be taken that user input is clearly marked in log entries, and that a malicious user cannot cause confusion in other ways.\n\nFor log entries that will be displayed in HTML, user input should be HTML encoded before being logged, to prevent forgery and other forms of HTML injection.\n\n\n## Example\nIn the first example, a username, provided by the user, is logged using `logger.warn` (from `org.slf4j.Logger`). In the first case (`/bad` endpoint), the username is logged without any sanitization. If a malicious user provides `Guest'%0AUser:'Admin` as a username parameter, the log entry will be split into two separate lines, where the first line will be `User:'Guest'` and the second one will be `User:'Admin'`.\n\n\n```java\npackage com.example.restservice;\n\nimport org.slf4j.Logger;\nimport org.slf4j.LoggerFactory;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestParam;\nimport org.springframework.web.bind.annotation.RestController;\n\n@RestController\npublic class LogInjection {\n\n    private final Logger log = LoggerFactory.getLogger(LogInjection.class);\n\n    // /bad?username=Guest'%0AUser:'Admin\n    @GetMapping(\"/bad\")\n    public String bad(@RequestParam(value = \"username\", defaultValue = \"name\") String username) {\n        log.warn(\"User:'{}'\", username);\n        // The logging call above would result in multiple log entries as shown below:\n        // User:'Guest'\n        // User:'Admin'\n        return username;\n    }\n}\n\n\n```\nIn the second example (`/good` endpoint), `matches()` is used to ensure the user input only has alphanumeric characters. If a malicious user provides \\`Guest'%0AUser:'Admin\\` as a username parameter, the log entry will not be logged at all, preventing the injection.\n\n\n```java\npackage com.example.restservice;\n\nimport org.slf4j.Logger;\nimport org.slf4j.LoggerFactory;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestParam;\nimport org.springframework.web.bind.annotation.RestController;\n\n@RestController\npublic class LogInjection {\n\n    private final Logger log = LoggerFactory.getLogger(LogInjection.class);\n\n    // /good?username=Guest'%0AUser:'Admin\n    @GetMapping(\"/good\")\n    public String good(@RequestParam(value = \"username\", defaultValue = \"name\") String username) {\n        // The regex check here, allows only alphanumeric characters to pass.\n        // Hence, does not result in log injection\n        if (username.matches(\"\\\\w*\")) {\n            log.warn(\"User:'{}'\", username);\n\n            return username;\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Log Injection](https://owasp.org/www-community/attacks/Log_Injection).\n* Common Weakness Enumeration: [CWE-117](https://cwe.mitre.org/data/definitions/117.html).\n","markdown":"# Log Injection\nIf unsanitized user input is written to a log entry, a malicious user may be able to forge new log entries.\n\nForgery can occur if a user provides some input creating the appearance of multiple log entries. This can include unescaped new-line characters, or HTML or other markup.\n\n\n## Recommendation\nUser input should be suitably sanitized before it is logged.\n\nIf the log entries are plain text then line breaks should be removed from user input, using for example `String replace(char oldChar, char newChar)` or similar. Care should also be taken that user input is clearly marked in log entries, and that a malicious user cannot cause confusion in other ways.\n\nFor log entries that will be displayed in HTML, user input should be HTML encoded before being logged, to prevent forgery and other forms of HTML injection.\n\n\n## Example\nIn the first example, a username, provided by the user, is logged using `logger.warn` (from `org.slf4j.Logger`). In the first case (`/bad` endpoint), the username is logged without any sanitization. If a malicious user provides `Guest'%0AUser:'Admin` as a username parameter, the log entry will be split into two separate lines, where the first line will be `User:'Guest'` and the second one will be `User:'Admin'`.\n\n\n```java\npackage com.example.restservice;\n\nimport org.slf4j.Logger;\nimport org.slf4j.LoggerFactory;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestParam;\nimport org.springframework.web.bind.annotation.RestController;\n\n@RestController\npublic class LogInjection {\n\n    private final Logger log = LoggerFactory.getLogger(LogInjection.class);\n\n    // /bad?username=Guest'%0AUser:'Admin\n    @GetMapping(\"/bad\")\n    public String bad(@RequestParam(value = \"username\", defaultValue = \"name\") String username) {\n        log.warn(\"User:'{}'\", username);\n        // The logging call above would result in multiple log entries as shown below:\n        // User:'Guest'\n        // User:'Admin'\n        return username;\n    }\n}\n\n\n```\nIn the second example (`/good` endpoint), `matches()` is used to ensure the user input only has alphanumeric characters. If a malicious user provides \\`Guest'%0AUser:'Admin\\` as a username parameter, the log entry will not be logged at all, preventing the injection.\n\n\n```java\npackage com.example.restservice;\n\nimport org.slf4j.Logger;\nimport org.slf4j.LoggerFactory;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestParam;\nimport org.springframework.web.bind.annotation.RestController;\n\n@RestController\npublic class LogInjection {\n\n    private final Logger log = LoggerFactory.getLogger(LogInjection.class);\n\n    // /good?username=Guest'%0AUser:'Admin\n    @GetMapping(\"/good\")\n    public String good(@RequestParam(value = \"username\", defaultValue = \"name\") String username) {\n        // The regex check here, allows only alphanumeric characters to pass.\n        // Hence, does not result in log injection\n        if (username.matches(\"\\\\w*\")) {\n            log.warn(\"User:'{}'\", username);\n\n            return username;\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Log Injection](https://owasp.org/www-community/attacks/Log_Injection).\n* Common Weakness Enumeration: [CWE-117](https://cwe.mitre.org/data/definitions/117.html).\n"},"properties":{"tags":["security","external/cwe/cwe-117","owasp-top10-2021","A09:2021 - Security Logging and Monitoring Failures"],"description":"Building log entries from user-controlled data may allow\n              insertion of forged log entries by malicious users.","id":"java/log-injection","kind":"path-problem","name":"Log Injection","precision":"medium","problem.severity":"error","security-severity":"7.8"}},{"id":"java/sensitive-log","name":"java/sensitive-log","shortDescription":{"text":"Insertion of sensitive information into log files"},"fullDescription":{"text":"Writing sensitive information to log files can allow that information to be leaked to an attacker more easily."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Insertion of sensitive information into log files\nInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Third-party logging utilities like Log4J and SLF4J are widely used in Java projects. When sensitive information is written to logs without properly set logging levels, it is accessible to potential attackers who can use it to gain access to file storage.\n\n\n## Recommendation\nDo not write secrets into the log files and enforce proper logging level control.\n\n\n## Example\nThe following example shows two ways of logging sensitive information. In the 'BAD' case, the credentials are simply written to a debug log. In the 'GOOD' case, the credentials are never written to debug logs.\n\n\n```java\npublic static void main(String[] args) {\n    {\n        private static final Logger logger = LogManager.getLogger(SensitiveInfoLog.class);\n\n        String password = \"Pass@0rd\";\n\n        // BAD: user password is written to debug log\n        logger.debug(\"User password is \"+password);\n    }\n\t\n    {\n        private static final Logger logger = LogManager.getLogger(SensitiveInfoLog.class);\n  \n        String password = \"Pass@0rd\";\n\n        // GOOD: user password is never written to debug log\n        logger.debug(\"User password changed\")\n    }\n}\n\n```\n\n## References\n* [OWASP Logging Guide](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\n* Common Weakness Enumeration: [CWE-532](https://cwe.mitre.org/data/definitions/532.html).\n","markdown":"# Insertion of sensitive information into log files\nInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Third-party logging utilities like Log4J and SLF4J are widely used in Java projects. When sensitive information is written to logs without properly set logging levels, it is accessible to potential attackers who can use it to gain access to file storage.\n\n\n## Recommendation\nDo not write secrets into the log files and enforce proper logging level control.\n\n\n## Example\nThe following example shows two ways of logging sensitive information. In the 'BAD' case, the credentials are simply written to a debug log. In the 'GOOD' case, the credentials are never written to debug logs.\n\n\n```java\npublic static void main(String[] args) {\n    {\n        private static final Logger logger = LogManager.getLogger(SensitiveInfoLog.class);\n\n        String password = \"Pass@0rd\";\n\n        // BAD: user password is written to debug log\n        logger.debug(\"User password is \"+password);\n    }\n\t\n    {\n        private static final Logger logger = LogManager.getLogger(SensitiveInfoLog.class);\n  \n        String password = \"Pass@0rd\";\n\n        // GOOD: user password is never written to debug log\n        logger.debug(\"User password changed\")\n    }\n}\n\n```\n\n## References\n* [OWASP Logging Guide](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\n* Common Weakness Enumeration: [CWE-532](https://cwe.mitre.org/data/definitions/532.html).\n"},"properties":{"tags":["security","external/cwe/cwe-532","owasp-top10-2021","A09:2021 - Security Logging and Monitoring Failures"],"description":"Writing sensitive information to log files can allow that\n              information to be leaked to an attacker more easily.","id":"java/sensitive-log","kind":"path-problem","name":"Insertion of sensitive information into log files","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/hardcoded-credential-api-call","name":"java/hardcoded-credential-api-call","shortDescription":{"text":"Hard-coded credential in API call"},"fullDescription":{"text":"Using a hard-coded credential in a call to a sensitive Java API may compromise security."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Hard-coded credential in API call\nIncluding unencrypted hard-coded authentication credentials in source code is dangerous because the credentials may be easily discovered. For example, the code may be open source, or it may be leaked or accidentally revealed, making the credentials visible to an attacker. This, in turn, might enable them to gain unauthorized access, or to obtain privileged information.\n\n\n## Recommendation\nRemove hard-coded credentials, such as user names, passwords and certificates, from source code. Instead, place them in configuration files, environment variables or other data stores if necessary. If possible, store configuration files including credential data separately from the source code, in a secure location with restricted access.\n\n\n## Example\nThe following code example connects to a database using a hard-coded user name and password:\n\n\n```java\nprivate static final String p = \"123456\"; // hard-coded credential\n\npublic static void main(String[] args) throws SQLException {\n    String url = \"jdbc:mysql://localhost/test\";\n    String u = \"admin\"; // hard-coded credential\n\n    getConn(url, u, p);\n}\n\npublic static void getConn(String url, String v, String q) throws SQLException {\n    DriverManager.getConnection(url, v, q); // sensitive call\n}\n\n```\nInstead, the user name and password could be supplied through environment variables, which can be set externally without hard-coding credentials in the source code.\n\n\n## References\n* OWASP: [Use of hard-coded password](https://www.owasp.org/index.php/Use_of_hard-coded_password).\n* Common Weakness Enumeration: [CWE-798](https://cwe.mitre.org/data/definitions/798.html).\n","markdown":"# Hard-coded credential in API call\nIncluding unencrypted hard-coded authentication credentials in source code is dangerous because the credentials may be easily discovered. For example, the code may be open source, or it may be leaked or accidentally revealed, making the credentials visible to an attacker. This, in turn, might enable them to gain unauthorized access, or to obtain privileged information.\n\n\n## Recommendation\nRemove hard-coded credentials, such as user names, passwords and certificates, from source code. Instead, place them in configuration files, environment variables or other data stores if necessary. If possible, store configuration files including credential data separately from the source code, in a secure location with restricted access.\n\n\n## Example\nThe following code example connects to a database using a hard-coded user name and password:\n\n\n```java\nprivate static final String p = \"123456\"; // hard-coded credential\n\npublic static void main(String[] args) throws SQLException {\n    String url = \"jdbc:mysql://localhost/test\";\n    String u = \"admin\"; // hard-coded credential\n\n    getConn(url, u, p);\n}\n\npublic static void getConn(String url, String v, String q) throws SQLException {\n    DriverManager.getConnection(url, v, q); // sensitive call\n}\n\n```\nInstead, the user name and password could be supplied through environment variables, which can be set externally without hard-coding credentials in the source code.\n\n\n## References\n* OWASP: [Use of hard-coded password](https://www.owasp.org/index.php/Use_of_hard-coded_password).\n* Common Weakness Enumeration: [CWE-798](https://cwe.mitre.org/data/definitions/798.html).\n"},"properties":{"tags":["security","external/cwe/cwe-798","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Using a hard-coded credential in a call to a sensitive Java API may compromise security.","id":"java/hardcoded-credential-api-call","kind":"path-problem","name":"Hard-coded credential in API call","precision":"medium","problem.severity":"error","security-severity":"9.8"}},{"id":"java/toctou-race-condition","name":"java/toctou-race-condition","shortDescription":{"text":"Time-of-check time-of-use race condition"},"fullDescription":{"text":"Using a resource after an unsynchronized state check can lead to a race condition, if the state may be changed between the check and use."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Time-of-check time-of-use race condition\nOften it is necessary to check the state of a resource before using it. If the resource is accessed concurrently, then the check and the use need to be performed atomically, otherwise the state of the resource may change between the check and the use. This can lead to a \"time-of-check/time-of-use\" (TOCTOU) race condition.\n\nIn Java, classes may present state inspection methods and operation methods which are synchronized. This prevents multiple threads from executing those methods simultaneously, but it does not prevent a state change in between separate method invocations.\n\n\n## Recommendation\nWhen calling a series of methods which require a consistent view of an object, make sure to synchronize on a monitor that will prevent any other access to the object during your operations.\n\nIf the class that you are using has a well-designed interface, then synchronizing on the object itself will prevent its state being changed inappropriately.\n\n\n## Example\nThe following example shows a resource which has a readiness state, and an action that is only valid if the resource is ready.\n\nIn the bad case, the caller checks the readiness state and then acts, but does not synchronize around the two calls, so the readiness state may be changed by another thread.\n\nIn the good case, the caller jointly synchronizes the check and the use on the resource, so no other thread can modify the state before the use.\n\n\n```java\nclass Resource {\n\tpublic synchronized boolean isReady() { ... }\n\n\tpublic synchronized void setReady(boolean ready) { ... }\n\t\n\tpublic synchronized void act() { \n\t\tif (!isReady())\n\t\t\tthrow new IllegalStateException();\n\t\t...\n\t}\n}\n\t\npublic synchronized void bad(Resource r) {\n\tif (r.isReady()) {\n\t\t// r might no longer be ready, another thread might\n\t\t// have called setReady(false)\n\t\tr.act();\n\t}\n}\n\npublic synchronized void good(Resource r) {\n\tsynchronized(r) {\n\t\tif (r.isReady()) {\n\t\t\tr.act();\n\t\t}\n\t}\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-367](https://cwe.mitre.org/data/definitions/367.html).\n","markdown":"# Time-of-check time-of-use race condition\nOften it is necessary to check the state of a resource before using it. If the resource is accessed concurrently, then the check and the use need to be performed atomically, otherwise the state of the resource may change between the check and the use. This can lead to a \"time-of-check/time-of-use\" (TOCTOU) race condition.\n\nIn Java, classes may present state inspection methods and operation methods which are synchronized. This prevents multiple threads from executing those methods simultaneously, but it does not prevent a state change in between separate method invocations.\n\n\n## Recommendation\nWhen calling a series of methods which require a consistent view of an object, make sure to synchronize on a monitor that will prevent any other access to the object during your operations.\n\nIf the class that you are using has a well-designed interface, then synchronizing on the object itself will prevent its state being changed inappropriately.\n\n\n## Example\nThe following example shows a resource which has a readiness state, and an action that is only valid if the resource is ready.\n\nIn the bad case, the caller checks the readiness state and then acts, but does not synchronize around the two calls, so the readiness state may be changed by another thread.\n\nIn the good case, the caller jointly synchronizes the check and the use on the resource, so no other thread can modify the state before the use.\n\n\n```java\nclass Resource {\n\tpublic synchronized boolean isReady() { ... }\n\n\tpublic synchronized void setReady(boolean ready) { ... }\n\t\n\tpublic synchronized void act() { \n\t\tif (!isReady())\n\t\t\tthrow new IllegalStateException();\n\t\t...\n\t}\n}\n\t\npublic synchronized void bad(Resource r) {\n\tif (r.isReady()) {\n\t\t// r might no longer be ready, another thread might\n\t\t// have called setReady(false)\n\t\tr.act();\n\t}\n}\n\npublic synchronized void good(Resource r) {\n\tsynchronized(r) {\n\t\tif (r.isReady()) {\n\t\t\tr.act();\n\t\t}\n\t}\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-367](https://cwe.mitre.org/data/definitions/367.html).\n"},"properties":{"tags":["security","external/cwe/cwe-367"],"description":"Using a resource after an unsynchronized state check can lead to a race condition,\n              if the state may be changed between the check and use.","id":"java/toctou-race-condition","kind":"problem","name":"Time-of-check time-of-use race condition","precision":"medium","problem.severity":"warning","security-severity":"7.7"}},{"id":"java/potentially-dangerous-function","name":"java/potentially-dangerous-function","shortDescription":{"text":"Use of a potentially dangerous function"},"fullDescription":{"text":"Certain standard library routines are dangerous to call."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Use of a potentially dangerous function\nThis rule finds calls to methods that are dangerous to use. Currently, it checks for calls to `Thread.stop`.\n\nStopping a thread with `Thread.stop` causes it to receive a `ThreadDeath` exception. That exception propagates up the stack, releasing all monitors that the thread was holding. In some cases the relevant code will be protected by catching the `ThreadDeath` exception and cleaning up, but because the exception can potentially be thrown from so very many locations, it is impractical to catch all such cases. As a result, calling `Thread.stop` is likely to result in corrupt data.\n\n\n## Recommendation\nThe best solution is usually to provide an alternate communication mechanism for the thread that might need to be interrupted early. For example, Oracle gives the following example of using a volatile variable to communicate whether the worker thread should exit:\n\n\n```java\nprivate volatile Thread blinker;\n\npublic void stop() {\n    blinker = null;\n}\n\npublic void run() {\n    Thread thisThread = Thread.currentThread();\n    while (blinker == thisThread) {\n        try {\n            Thread.sleep(interval);\n        } catch (InterruptedException e){\n        }\n        repaint();\n    }\n}\n\n```\nIt is also possible to use `Thread.interrupt` and to catch and handle `InterruptedException` when it occurs. However, it can be difficult to handle an `InterruptedException` everywhere it might occur; for example, the sample code above simply discards the exception rather than actually exiting the thread.\n\nAnother strategy is to use message passing, for example via a `BlockingQueue`. In addition to passing the worker thread its ordinary work via such a message queue, the worker can be asked to exit by a particular kind of message being sent on the queue.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [THI05-J. Do not use Thread.stop() to terminate threads](https://wiki.sei.cmu.edu/confluence/display/java/THI05-J.+Do+not+use+Thread.stop()+to+terminate+threads).\n* Java API Specification: [Java Thread Primitive Deprecation](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/doc-files/threadPrimitiveDeprecation.html).\n* Java API Specification: [Thread.interrupt](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Thread.html#interrupt()), [BlockingQueue](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/BlockingQueue.html).\n* Common Weakness Enumeration: [CWE-676](https://cwe.mitre.org/data/definitions/676.html).\n","markdown":"# Use of a potentially dangerous function\nThis rule finds calls to methods that are dangerous to use. Currently, it checks for calls to `Thread.stop`.\n\nStopping a thread with `Thread.stop` causes it to receive a `ThreadDeath` exception. That exception propagates up the stack, releasing all monitors that the thread was holding. In some cases the relevant code will be protected by catching the `ThreadDeath` exception and cleaning up, but because the exception can potentially be thrown from so very many locations, it is impractical to catch all such cases. As a result, calling `Thread.stop` is likely to result in corrupt data.\n\n\n## Recommendation\nThe best solution is usually to provide an alternate communication mechanism for the thread that might need to be interrupted early. For example, Oracle gives the following example of using a volatile variable to communicate whether the worker thread should exit:\n\n\n```java\nprivate volatile Thread blinker;\n\npublic void stop() {\n    blinker = null;\n}\n\npublic void run() {\n    Thread thisThread = Thread.currentThread();\n    while (blinker == thisThread) {\n        try {\n            Thread.sleep(interval);\n        } catch (InterruptedException e){\n        }\n        repaint();\n    }\n}\n\n```\nIt is also possible to use `Thread.interrupt` and to catch and handle `InterruptedException` when it occurs. However, it can be difficult to handle an `InterruptedException` everywhere it might occur; for example, the sample code above simply discards the exception rather than actually exiting the thread.\n\nAnother strategy is to use message passing, for example via a `BlockingQueue`. In addition to passing the worker thread its ordinary work via such a message queue, the worker can be asked to exit by a particular kind of message being sent on the queue.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [THI05-J. Do not use Thread.stop() to terminate threads](https://wiki.sei.cmu.edu/confluence/display/java/THI05-J.+Do+not+use+Thread.stop()+to+terminate+threads).\n* Java API Specification: [Java Thread Primitive Deprecation](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/doc-files/threadPrimitiveDeprecation.html).\n* Java API Specification: [Thread.interrupt](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Thread.html#interrupt()), [BlockingQueue](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/BlockingQueue.html).\n* Common Weakness Enumeration: [CWE-676](https://cwe.mitre.org/data/definitions/676.html).\n"},"properties":{"tags":["reliability","security","external/cwe/cwe-676"],"description":"Certain standard library routines are dangerous to call.","id":"java/potentially-dangerous-function","kind":"problem","name":"Use of a potentially dangerous function","precision":"medium","problem.severity":"warning","security-severity":"10.0"}},{"id":"java/improper-validation-of-array-index","name":"java/improper-validation-of-array-index","shortDescription":{"text":"Improper validation of user-provided array index"},"fullDescription":{"text":"Using external input as an index to an array, without proper validation, can lead to index out of bound exceptions."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Improper validation of user-provided array index\nUsing unvalidated input as part of an index into the array can cause the array access to throw an `ArrayIndexOutOfBoundsException`. This is because there is no guarantee that the index provided is within the bounds of the array.\n\nThis problem occurs when user input is used as an array index, either directly or following one or more calculations. If the user input is unsanitized, it may be any value, which could result in either a negative index, or an index which is larger than the size of the array, either of which would result in an `ArrayIndexOutOfBoundsException`.\n\n\n## Recommendation\nThe index used in the array access should be checked against the bounds of the array before being used. The index should be smaller than the array size, and it should not be negative.\n\n\n## Example\nThe following program accesses an element from a fixed size constant array:\n\n\n```java\npublic class ImproperValidationOfArrayIndex extends HttpServlet {\n\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    String[] productDescriptions = new String[] { \"Chocolate bar\", \"Fizzy drink\" };\n\n    // User provided value\n    String productID = request.getParameter(\"productID\");\n    try {\n        int productID = Integer.parseInt(userProperty.trim());\n\n        /*\n         * BAD Array is accessed without checking if the user provided value is out of\n         * bounds.\n         */\n        String productDescription = productDescriptions[productID];\n\n        if (productID >= 0 && productID < productDescriptions.length) {\n          // GOOD We have checked that the array index is valid first\n          productDescription = productDescriptions[productID];\n        } else {\n          productDescription = \"No product for that ID\";\n        }\n\n        response.getWriter().write(productDescription);\n\n    } catch (NumberFormatException e) { }\n  }\n}\n```\nThe first access of the `productDescriptions` array uses the user-provided value as the index without performing any checks. If the user provides a negative value, or a value larger than the size of the array, then an `ArrayIndexOutOfBoundsException` may be thrown.\n\nThe second access of the `productDescriptions` array is contained within a conditional expression that verifies the user-provided value is a valid index into the array. This ensures that the access operation never throws an `ArrayIndexOutOfBoundsException`.\n\n\n## References\n* Java API Specification: [ArrayIndexOutOfBoundsException](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html).\n* Common Weakness Enumeration: [CWE-129](https://cwe.mitre.org/data/definitions/129.html).\n","markdown":"# Improper validation of user-provided array index\nUsing unvalidated input as part of an index into the array can cause the array access to throw an `ArrayIndexOutOfBoundsException`. This is because there is no guarantee that the index provided is within the bounds of the array.\n\nThis problem occurs when user input is used as an array index, either directly or following one or more calculations. If the user input is unsanitized, it may be any value, which could result in either a negative index, or an index which is larger than the size of the array, either of which would result in an `ArrayIndexOutOfBoundsException`.\n\n\n## Recommendation\nThe index used in the array access should be checked against the bounds of the array before being used. The index should be smaller than the array size, and it should not be negative.\n\n\n## Example\nThe following program accesses an element from a fixed size constant array:\n\n\n```java\npublic class ImproperValidationOfArrayIndex extends HttpServlet {\n\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    String[] productDescriptions = new String[] { \"Chocolate bar\", \"Fizzy drink\" };\n\n    // User provided value\n    String productID = request.getParameter(\"productID\");\n    try {\n        int productID = Integer.parseInt(userProperty.trim());\n\n        /*\n         * BAD Array is accessed without checking if the user provided value is out of\n         * bounds.\n         */\n        String productDescription = productDescriptions[productID];\n\n        if (productID >= 0 && productID < productDescriptions.length) {\n          // GOOD We have checked that the array index is valid first\n          productDescription = productDescriptions[productID];\n        } else {\n          productDescription = \"No product for that ID\";\n        }\n\n        response.getWriter().write(productDescription);\n\n    } catch (NumberFormatException e) { }\n  }\n}\n```\nThe first access of the `productDescriptions` array uses the user-provided value as the index without performing any checks. If the user provides a negative value, or a value larger than the size of the array, then an `ArrayIndexOutOfBoundsException` may be thrown.\n\nThe second access of the `productDescriptions` array is contained within a conditional expression that verifies the user-provided value is a valid index into the array. This ensures that the access operation never throws an `ArrayIndexOutOfBoundsException`.\n\n\n## References\n* Java API Specification: [ArrayIndexOutOfBoundsException](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html).\n* Common Weakness Enumeration: [CWE-129](https://cwe.mitre.org/data/definitions/129.html).\n"},"properties":{"tags":["security","external/cwe/cwe-129"],"description":"Using external input as an index to an array, without proper validation, can lead to index out of bound exceptions.","id":"java/improper-validation-of-array-index","kind":"path-problem","name":"Improper validation of user-provided array index","precision":"medium","problem.severity":"warning","security-severity":"8.8"}},{"id":"java/improper-validation-of-array-construction","name":"java/improper-validation-of-array-construction","shortDescription":{"text":"Improper validation of user-provided size used for array construction"},"fullDescription":{"text":"Using unvalidated external input as the argument to a construction of an array can lead to index out of bound exceptions."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Improper validation of user-provided size used for array construction\nUsing unvalidated input when specifying the size of a newly created array can result in the creation of an array with size zero. If this array is subsequently accessed without further checks, an `ArrayIndexOutOfBoundsException` may be thrown, because there is no guarantee that the array is not empty.\n\nThis problem occurs when user input is used as the size during array initialization, either directly or following one or more calculations. If the user input is unvalidated, it may cause the size of the array to be zero.\n\n\n## Recommendation\nThe size used in the array initialization should be verified to be greater than zero before being used. Alternatively, the array access may be protected by a conditional check that ensures it is only accessed if the index is less than the array size.\n\n\n## Example\nThe following program constructs an array with the size specified by some user input:\n\n\n```java\npublic class ImproperValidationOfArrayIndex extends HttpServlet {\n\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    try {\n      // User provided value\n      int numberOfItems = Integer.parseInt(request.getParameter(\"numberOfItems\").trim());\n\n      if (numberOfItems >= 0) {\n        /*\n         * BAD numberOfItems may be zero, which would cause the array indexing operation to\n         * throw an ArrayIndexOutOfBoundsException\n         */\n        String items = new String[numberOfItems];\n        items[0] = \"Item 1\";\n      }\n\n      if (numberOfItems > 0) {\n        /*\n         * GOOD numberOfItems must be greater than zero, so the indexing succeeds.\n         */\n        String items = new String[numberOfItems];\n        items[0] = \"Item 1\";\n      }\n\n    } catch (NumberFormatException e) { }\n  }\n}\n```\nThe first array construction is protected by a condition that checks if the user input is zero or more. However, if the user provides `0` as the `numberOfItems` parameter, then an empty array is created, and any array access would fail with an `ArrayIndexOutOfBoundsException`.\n\nThe second array construction is protected by a condition that checks if the user input is greater than zero. The array will therefore never be empty, and the following array access will not throw an `ArrayIndexOutOfBoundsException`.\n\n\n## References\n* Java API Specification: [ArrayIndexOutOfBoundsException](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html).\n* Common Weakness Enumeration: [CWE-129](https://cwe.mitre.org/data/definitions/129.html).\n","markdown":"# Improper validation of user-provided size used for array construction\nUsing unvalidated input when specifying the size of a newly created array can result in the creation of an array with size zero. If this array is subsequently accessed without further checks, an `ArrayIndexOutOfBoundsException` may be thrown, because there is no guarantee that the array is not empty.\n\nThis problem occurs when user input is used as the size during array initialization, either directly or following one or more calculations. If the user input is unvalidated, it may cause the size of the array to be zero.\n\n\n## Recommendation\nThe size used in the array initialization should be verified to be greater than zero before being used. Alternatively, the array access may be protected by a conditional check that ensures it is only accessed if the index is less than the array size.\n\n\n## Example\nThe following program constructs an array with the size specified by some user input:\n\n\n```java\npublic class ImproperValidationOfArrayIndex extends HttpServlet {\n\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    try {\n      // User provided value\n      int numberOfItems = Integer.parseInt(request.getParameter(\"numberOfItems\").trim());\n\n      if (numberOfItems >= 0) {\n        /*\n         * BAD numberOfItems may be zero, which would cause the array indexing operation to\n         * throw an ArrayIndexOutOfBoundsException\n         */\n        String items = new String[numberOfItems];\n        items[0] = \"Item 1\";\n      }\n\n      if (numberOfItems > 0) {\n        /*\n         * GOOD numberOfItems must be greater than zero, so the indexing succeeds.\n         */\n        String items = new String[numberOfItems];\n        items[0] = \"Item 1\";\n      }\n\n    } catch (NumberFormatException e) { }\n  }\n}\n```\nThe first array construction is protected by a condition that checks if the user input is zero or more. However, if the user provides `0` as the `numberOfItems` parameter, then an empty array is created, and any array access would fail with an `ArrayIndexOutOfBoundsException`.\n\nThe second array construction is protected by a condition that checks if the user input is greater than zero. The array will therefore never be empty, and the following array access will not throw an `ArrayIndexOutOfBoundsException`.\n\n\n## References\n* Java API Specification: [ArrayIndexOutOfBoundsException](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html).\n* Common Weakness Enumeration: [CWE-129](https://cwe.mitre.org/data/definitions/129.html).\n"},"properties":{"tags":["security","external/cwe/cwe-129"],"description":"Using unvalidated external input as the argument to a construction of an array can lead to index out of bound exceptions.","id":"java/improper-validation-of-array-construction","kind":"path-problem","name":"Improper validation of user-provided size used for array construction","precision":"medium","problem.severity":"warning","security-severity":"8.8"}},{"id":"java/android/sensitive-result-receiver","name":"java/android/sensitive-result-receiver","shortDescription":{"text":"Leaking sensitive information through a ResultReceiver"},"fullDescription":{"text":"Sending sensitive data to a 'ResultReceiver' obtained from an untrusted source can allow malicious actors access to your information."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Leaking sensitive information through a ResultReceiver\nIf a `ResultReceiver` is obtained from an untrusted source, such as an `Intent` received by an exported component, do not send it sensitive data. Otherwise, the information may be leaked to a malicious application.\n\n\n## Recommendation\nDo not send sensitive data to an untrusted `ResultReceiver`.\n\n\n## Example\nIn the following (bad) example, sensitive data is sent to an untrusted `ResultReceiver`.\n\n\n```java\n// BAD: Sensitive data is sent to an untrusted result receiver \nvoid bad(String password) {\n    Intent intent = getIntent();\n    ResultReceiver rec = intent.getParcelableExtra(\"Receiver\");\n    Bundle b = new Bundle();\n    b.putCharSequence(\"pass\", password);\n    rec.send(0, b); \n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n","markdown":"# Leaking sensitive information through a ResultReceiver\nIf a `ResultReceiver` is obtained from an untrusted source, such as an `Intent` received by an exported component, do not send it sensitive data. Otherwise, the information may be leaked to a malicious application.\n\n\n## Recommendation\nDo not send sensitive data to an untrusted `ResultReceiver`.\n\n\n## Example\nIn the following (bad) example, sensitive data is sent to an untrusted `ResultReceiver`.\n\n\n```java\n// BAD: Sensitive data is sent to an untrusted result receiver \nvoid bad(String password) {\n    Intent intent = getIntent();\n    ResultReceiver rec = intent.getParcelableExtra(\"Receiver\");\n    Bundle b = new Bundle();\n    b.putCharSequence(\"pass\", password);\n    rec.send(0, b); \n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n"},"properties":{"tags":["security","external/cwe/cwe-927","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Sending sensitive data to a 'ResultReceiver' obtained from an untrusted source\n              can allow malicious actors access to your information.","id":"java/android/sensitive-result-receiver","kind":"path-problem","name":"Leaking sensitive information through a ResultReceiver","precision":"medium","problem.severity":"error","security-severity":"8.2"}},{"id":"java/android/sensitive-communication","name":"java/android/sensitive-communication","shortDescription":{"text":"Leaking sensitive information through an implicit Intent"},"fullDescription":{"text":"An Android application uses implicit Intents containing sensitive data in a way that exposes it to arbitrary applications on the device."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Leaking sensitive information through an implicit Intent\nWhen an implicit Intent is used with a method such as `startActivity`, `startService`, or `sendBroadcast`, it may be read by other applications on the device.\n\nThis means that sensitive data in these Intents may be leaked.\n\n\n## Recommendation\nFor `sendBroadcast` methods, a receiver permission may be specified so that only applications with a certain permission may receive the Intent; or a `LocalBroadcastManager` may be used. Otherwise, ensure that Intents containing sensitive data have an explicit receiver class set.\n\n\n## Example\nThe following example shows two ways of broadcasting Intents. In the 'BAD' case, no \"receiver permission\" is specified. In the 'GOOD' case, \"receiver permission\" or \"receiver application\" is specified.\n\n\n```java\npublic void sendBroadcast1(Context context, String token, String refreshToken) \n{\n    {\n        // BAD: broadcast sensitive information to all listeners\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent);\n    }\n\n    {\n        // GOOD: broadcast sensitive information only to those with permission\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent, \"com.example.user_permission\");\n    }\n\n    {\n        // GOOD: broadcast sensitive information to a specific application\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.setClassName(\"com.example2\", \"com.example2.UserInfoHandler\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent);\n    }\n}\n```\n\n## References\n* Android Developers: [Security considerations and best practices for sending and receiving broadcasts](https://developer.android.com/guide/components/broadcasts)\n* SonarSource: [Broadcasting intents is security-sensitive](https://rules.sonarsource.com/java/type/Security%20Hotspot/RSPEC-5320)\n* Android Developer Fundamentals: [Restricting broadcasts](https://google-developer-training.github.io/android-developer-fundamentals-course-concepts-v2/unit-3-working-in-the-background/lesson-7-background-tasks/7-3-c-broadcasts/7-3-c-broadcasts.html)\n* Carnegie Mellon University: [DRD03-J. Do not broadcast sensitive information using an implicit intent](https://wiki.sei.cmu.edu/confluence/display/android/DRD03-J.+Do+not+broadcast+sensitive+information+using+an+implicit+intent)\n* Android Developers: [Android LiveData Overview](https://developer.android.com/topic/libraries/architecture/livedata)\n* Oversecured: [Interception of Android implicit intents](https://blog.oversecured.com/Interception-of-Android-implicit-intents/)\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n","markdown":"# Leaking sensitive information through an implicit Intent\nWhen an implicit Intent is used with a method such as `startActivity`, `startService`, or `sendBroadcast`, it may be read by other applications on the device.\n\nThis means that sensitive data in these Intents may be leaked.\n\n\n## Recommendation\nFor `sendBroadcast` methods, a receiver permission may be specified so that only applications with a certain permission may receive the Intent; or a `LocalBroadcastManager` may be used. Otherwise, ensure that Intents containing sensitive data have an explicit receiver class set.\n\n\n## Example\nThe following example shows two ways of broadcasting Intents. In the 'BAD' case, no \"receiver permission\" is specified. In the 'GOOD' case, \"receiver permission\" or \"receiver application\" is specified.\n\n\n```java\npublic void sendBroadcast1(Context context, String token, String refreshToken) \n{\n    {\n        // BAD: broadcast sensitive information to all listeners\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent);\n    }\n\n    {\n        // GOOD: broadcast sensitive information only to those with permission\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent, \"com.example.user_permission\");\n    }\n\n    {\n        // GOOD: broadcast sensitive information to a specific application\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.setClassName(\"com.example2\", \"com.example2.UserInfoHandler\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent);\n    }\n}\n```\n\n## References\n* Android Developers: [Security considerations and best practices for sending and receiving broadcasts](https://developer.android.com/guide/components/broadcasts)\n* SonarSource: [Broadcasting intents is security-sensitive](https://rules.sonarsource.com/java/type/Security%20Hotspot/RSPEC-5320)\n* Android Developer Fundamentals: [Restricting broadcasts](https://google-developer-training.github.io/android-developer-fundamentals-course-concepts-v2/unit-3-working-in-the-background/lesson-7-background-tasks/7-3-c-broadcasts/7-3-c-broadcasts.html)\n* Carnegie Mellon University: [DRD03-J. Do not broadcast sensitive information using an implicit intent](https://wiki.sei.cmu.edu/confluence/display/android/DRD03-J.+Do+not+broadcast+sensitive+information+using+an+implicit+intent)\n* Android Developers: [Android LiveData Overview](https://developer.android.com/topic/libraries/architecture/livedata)\n* Oversecured: [Interception of Android implicit intents](https://blog.oversecured.com/Interception-of-Android-implicit-intents/)\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n"},"properties":{"tags":["security","external/cwe/cwe-927","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"An Android application uses implicit Intents containing sensitive data\n              in a way that exposes it to arbitrary applications on the device.","id":"java/android/sensitive-communication","kind":"path-problem","name":"Leaking sensitive information through an implicit Intent","precision":"medium","problem.severity":"warning","security-severity":"8.2"}},{"id":"java/partial-path-traversal","name":"java/partial-path-traversal","shortDescription":{"text":"Partial path traversal vulnerability"},"fullDescription":{"text":"A prefix used to check that a canonicalised path falls within another must be slash-terminated."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Partial path traversal vulnerability\nA common way to check that a user-supplied path `SUBDIR` falls inside a directory `DIR` is to use `getCanonicalPath()` to remove any path-traversal elements and then check that `DIR` is a prefix. However, if `DIR` is not slash-terminated, this can unexpectedly allow access to siblings of `DIR`.\n\nSee also `java/partial-path-traversal-from-remote`, which is similar to this query but only flags instances with evidence of remote exploitability.\n\n\n## Recommendation\nIf the user should only access items within a certain directory `DIR`, ensure that `DIR` is slash-terminated before checking that `DIR` is a prefix of the user-provided path, `SUBDIR`. Note, Java's `getCanonicalPath()` returns a **non**-slash-terminated path string, so a slash must be added to `DIR` if that method is used.\n\n\n## Example\nIn this example, the `if` statement checks if `parent.getCanonicalPath()` is a prefix of `dir.getCanonicalPath()`. However, `parent.getCanonicalPath()` is not slash-terminated. This means that users that supply `dir` may be also allowed to access siblings of `parent` and not just children of `parent`, which is a security issue.\n\n\n```java\npublic class PartialPathTraversalBad {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\nIn this example, the `if` statement checks if `parent.getCanonicalPath() + File.separator ` is a prefix of `dir.getCanonicalPath()`. Because `parent.getCanonicalPath() + File.separator` is indeed slash-terminated, the user supplying `dir` can only access children of `parent`, as desired.\n\n\n```java\npublic class PartialPathTraversalGood {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Partial Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* CVE-2022-23457: [ ESAPI Vulnerability Report](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n","markdown":"# Partial path traversal vulnerability\nA common way to check that a user-supplied path `SUBDIR` falls inside a directory `DIR` is to use `getCanonicalPath()` to remove any path-traversal elements and then check that `DIR` is a prefix. However, if `DIR` is not slash-terminated, this can unexpectedly allow access to siblings of `DIR`.\n\nSee also `java/partial-path-traversal-from-remote`, which is similar to this query but only flags instances with evidence of remote exploitability.\n\n\n## Recommendation\nIf the user should only access items within a certain directory `DIR`, ensure that `DIR` is slash-terminated before checking that `DIR` is a prefix of the user-provided path, `SUBDIR`. Note, Java's `getCanonicalPath()` returns a **non**-slash-terminated path string, so a slash must be added to `DIR` if that method is used.\n\n\n## Example\nIn this example, the `if` statement checks if `parent.getCanonicalPath()` is a prefix of `dir.getCanonicalPath()`. However, `parent.getCanonicalPath()` is not slash-terminated. This means that users that supply `dir` may be also allowed to access siblings of `parent` and not just children of `parent`, which is a security issue.\n\n\n```java\npublic class PartialPathTraversalBad {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\nIn this example, the `if` statement checks if `parent.getCanonicalPath() + File.separator ` is a prefix of `dir.getCanonicalPath()`. Because `parent.getCanonicalPath() + File.separator` is indeed slash-terminated, the user supplying `dir` can only access children of `parent`, as desired.\n\n\n```java\npublic class PartialPathTraversalGood {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Partial Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* CVE-2022-23457: [ ESAPI Vulnerability Report](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n"},"properties":{"tags":["security","external/cwe/cwe-023"],"description":"A prefix used to check that a canonicalised path falls within another must be slash-terminated.","id":"java/partial-path-traversal","kind":"problem","name":"Partial path traversal vulnerability","precision":"medium","problem.severity":"error","security-severity":"9.3"}},{"id":"java/uncontrolled-arithmetic","name":"java/uncontrolled-arithmetic","shortDescription":{"text":"Uncontrolled data in arithmetic expression"},"fullDescription":{"text":"Arithmetic operations on uncontrolled data that is not validated can cause overflows."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Uncontrolled data in arithmetic expression\nPerforming calculations on uncontrolled data can result in integer overflows unless the input is validated.\n\nIf the data is not under your control, and can take extremely large values, even arithmetic operations that would usually result in a small change in magnitude may result in overflows.\n\n\n## Recommendation\nAlways guard against overflow in arithmetic operations on uncontrolled data by doing one of the following:\n\n* Validate the data.\n* Define a guard on the arithmetic expression, so that the operation is performed only if the result can be known to be less than, or equal to, the maximum value for the type, for example `MAX_VALUE`.\n* Use a wider type, so that larger input values do not cause overflow.\n\n## Example\nIn this example, a random integer is generated. Because the value is not controlled by the programmer, it could be extremely large. Performing arithmetic operations on this value could therefore cause an overflow. To avoid this happening, the example shows how to perform a check before performing a multiplication.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t{\n\t\t\tint data = (new java.security.SecureRandom()).nextInt();\n\n\t\t\t// BAD: may overflow if data is large\n\t\t\tint scaled = data * 10;\n\n\t\t\t// ...\n\n\t\t\t// GOOD: use a guard to ensure no overflows occur\n\t\t\tint scaled2;\n\t\t\tif (data < Integer.MAX_VALUE/10)\n\t\t\t\tscaled2 = data * 10;\n\t\t\telse \n\t\t\t\tscaled2 = Integer.MAX_VALUE;\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-191](https://cwe.mitre.org/data/definitions/191.html).\n","markdown":"# Uncontrolled data in arithmetic expression\nPerforming calculations on uncontrolled data can result in integer overflows unless the input is validated.\n\nIf the data is not under your control, and can take extremely large values, even arithmetic operations that would usually result in a small change in magnitude may result in overflows.\n\n\n## Recommendation\nAlways guard against overflow in arithmetic operations on uncontrolled data by doing one of the following:\n\n* Validate the data.\n* Define a guard on the arithmetic expression, so that the operation is performed only if the result can be known to be less than, or equal to, the maximum value for the type, for example `MAX_VALUE`.\n* Use a wider type, so that larger input values do not cause overflow.\n\n## Example\nIn this example, a random integer is generated. Because the value is not controlled by the programmer, it could be extremely large. Performing arithmetic operations on this value could therefore cause an overflow. To avoid this happening, the example shows how to perform a check before performing a multiplication.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t{\n\t\t\tint data = (new java.security.SecureRandom()).nextInt();\n\n\t\t\t// BAD: may overflow if data is large\n\t\t\tint scaled = data * 10;\n\n\t\t\t// ...\n\n\t\t\t// GOOD: use a guard to ensure no overflows occur\n\t\t\tint scaled2;\n\t\t\tif (data < Integer.MAX_VALUE/10)\n\t\t\t\tscaled2 = data * 10;\n\t\t\telse \n\t\t\t\tscaled2 = Integer.MAX_VALUE;\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-191](https://cwe.mitre.org/data/definitions/191.html).\n"},"properties":{"tags":["security","external/cwe/cwe-190","external/cwe/cwe-191"],"description":"Arithmetic operations on uncontrolled data that is not validated can cause\n              overflows.","id":"java/uncontrolled-arithmetic","kind":"path-problem","name":"Uncontrolled data in arithmetic expression","precision":"medium","problem.severity":"warning","security-severity":"8.6"}},{"id":"java/tainted-arithmetic","name":"java/tainted-arithmetic","shortDescription":{"text":"User-controlled data in arithmetic expression"},"fullDescription":{"text":"Arithmetic operations on user-controlled data that is not validated can cause overflows."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# User-controlled data in arithmetic expression\nPerforming calculations on user-controlled data can result in integer overflows unless the input is validated.\n\nIf the user is free to enter very large numbers, even arithmetic operations that would usually result in a small change in magnitude may result in overflows.\n\n\n## Recommendation\nAlways guard against overflow in arithmetic operations on user-controlled data by doing one of the following:\n\n* Validate the user input.\n* Define a guard on the arithmetic expression, so that the operation is performed only if the result can be known to be less than, or equal to, the maximum value for the type, for example `MAX_VALUE`.\n* Use a wider type, so that larger input values do not cause overflow.\n\n## Example\nIn this example, a value is read from standard input into an `int`. Because the value is a user-controlled value, it could be extremely large. Performing arithmetic operations on this value could therefore cause an overflow. To avoid this happening, the example shows how to perform a check before performing a multiplication.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t{\n\t\t\tint data;\n\n\t\t\tBufferedReader readerBuffered = new BufferedReader(\n\t\t\t\t\tnew InputStreamReader(System.in, \"UTF-8\"));\n\t\t\tString stringNumber = readerBuffered.readLine();\n\t\t\tif (stringNumber != null) {\n\t\t\t\tdata = Integer.parseInt(stringNumber.trim());\n\t\t\t} else {\n\t\t\t\tdata = 0;\n\t\t\t}\n\n\t\t\t// BAD: may overflow if input data is very large, for example\n\t\t\t// 'Integer.MAX_VALUE'\n\t\t\tint scaled = data * 10;\n\n\t\t\t//...\n\t\t\t\n\t\t\t// GOOD: use a guard to ensure no overflows occur\n\t\t\tint scaled2;\n\t\t\tif (data < Integer.MAX_VALUE / 10)\n\t\t\t\tscaled2 = data * 10;\n\t\t\telse\n\t\t\t\tscaled2 = Integer.MAX_VALUE;\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-191](https://cwe.mitre.org/data/definitions/191.html).\n","markdown":"# User-controlled data in arithmetic expression\nPerforming calculations on user-controlled data can result in integer overflows unless the input is validated.\n\nIf the user is free to enter very large numbers, even arithmetic operations that would usually result in a small change in magnitude may result in overflows.\n\n\n## Recommendation\nAlways guard against overflow in arithmetic operations on user-controlled data by doing one of the following:\n\n* Validate the user input.\n* Define a guard on the arithmetic expression, so that the operation is performed only if the result can be known to be less than, or equal to, the maximum value for the type, for example `MAX_VALUE`.\n* Use a wider type, so that larger input values do not cause overflow.\n\n## Example\nIn this example, a value is read from standard input into an `int`. Because the value is a user-controlled value, it could be extremely large. Performing arithmetic operations on this value could therefore cause an overflow. To avoid this happening, the example shows how to perform a check before performing a multiplication.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t{\n\t\t\tint data;\n\n\t\t\tBufferedReader readerBuffered = new BufferedReader(\n\t\t\t\t\tnew InputStreamReader(System.in, \"UTF-8\"));\n\t\t\tString stringNumber = readerBuffered.readLine();\n\t\t\tif (stringNumber != null) {\n\t\t\t\tdata = Integer.parseInt(stringNumber.trim());\n\t\t\t} else {\n\t\t\t\tdata = 0;\n\t\t\t}\n\n\t\t\t// BAD: may overflow if input data is very large, for example\n\t\t\t// 'Integer.MAX_VALUE'\n\t\t\tint scaled = data * 10;\n\n\t\t\t//...\n\t\t\t\n\t\t\t// GOOD: use a guard to ensure no overflows occur\n\t\t\tint scaled2;\n\t\t\tif (data < Integer.MAX_VALUE / 10)\n\t\t\t\tscaled2 = data * 10;\n\t\t\telse\n\t\t\t\tscaled2 = Integer.MAX_VALUE;\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-191](https://cwe.mitre.org/data/definitions/191.html).\n"},"properties":{"tags":["security","external/cwe/cwe-190","external/cwe/cwe-191"],"description":"Arithmetic operations on user-controlled data that is not validated can cause\n              overflows.","id":"java/tainted-arithmetic","kind":"path-problem","name":"User-controlled data in arithmetic expression","precision":"medium","problem.severity":"warning","security-severity":"8.6"}},{"id":"java/comparison-with-wider-type","name":"java/comparison-with-wider-type","shortDescription":{"text":"Comparison of narrow type with wide type in loop condition"},"fullDescription":{"text":"Comparisons between types of different widths in a loop condition can cause the loop to behave unexpectedly."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Comparison of narrow type with wide type in loop condition\nIn a loop condition, comparison of a value of a narrow type with a value of a wide type may always evaluate to `true` if the wider value is sufficiently large (or small). This is because the narrower value may overflow. This can lead to an infinite loop.\n\n\n## Recommendation\nChange the types of the compared values so that the value on the narrower side of the comparison is at least as wide as the value it is being compared with.\n\n\n## Example\nIn this example, `bytesReceived` is compared against `MAXGET` in a `while` loop. However, `bytesReceived` is a `short`, and `MAXGET` is a `long`. Because `MAXGET` is larger than `Short.MAX_VALUE`, the loop condition is always `true`, so the loop never terminates.\n\nThis problem is avoided in the 'GOOD' case because `bytesReceived2` is a `long`, which is as wide as the type of `MAXGET`.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t\n\t\t{\t\t\n\t\t\tint BIGNUM = Integer.MAX_VALUE;\n\t\t\tlong MAXGET = Short.MAX_VALUE + 1;\n\t\t\t\n\t\t\tchar[] buf = new char[BIGNUM];\n\n\t\t\tshort bytesReceived = 0;\n\t\t\t\n\t\t\t// BAD: 'bytesReceived' is compared with a value of wider type.\n\t\t\t// 'bytesReceived' overflows before reaching MAXGET,\n\t\t\t// causing an infinite loop.\n\t\t\twhile (bytesReceived < MAXGET) {\n\t\t\t\tbytesReceived += getFromInput(buf, bytesReceived);\n\t\t\t}\n\t\t}\n\t\t\n\t\t{\n\t\t\tlong bytesReceived2 = 0;\n\t\t\t\n\t\t\t// GOOD: 'bytesReceived2' has a type at least as wide as MAXGET.\n\t\t\twhile (bytesReceived2 < MAXGET) {\n\t\t\t\tbytesReceived2 += getFromInput(buf, bytesReceived2);\n\t\t\t}\n\t\t}\n\t\t\n\t}\n\t\n\tpublic static int getFromInput(char[] buf, short pos) {\n\t\t// write to buf\n\t\t// ...\n\t\treturn 1;\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n","markdown":"# Comparison of narrow type with wide type in loop condition\nIn a loop condition, comparison of a value of a narrow type with a value of a wide type may always evaluate to `true` if the wider value is sufficiently large (or small). This is because the narrower value may overflow. This can lead to an infinite loop.\n\n\n## Recommendation\nChange the types of the compared values so that the value on the narrower side of the comparison is at least as wide as the value it is being compared with.\n\n\n## Example\nIn this example, `bytesReceived` is compared against `MAXGET` in a `while` loop. However, `bytesReceived` is a `short`, and `MAXGET` is a `long`. Because `MAXGET` is larger than `Short.MAX_VALUE`, the loop condition is always `true`, so the loop never terminates.\n\nThis problem is avoided in the 'GOOD' case because `bytesReceived2` is a `long`, which is as wide as the type of `MAXGET`.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t\n\t\t{\t\t\n\t\t\tint BIGNUM = Integer.MAX_VALUE;\n\t\t\tlong MAXGET = Short.MAX_VALUE + 1;\n\t\t\t\n\t\t\tchar[] buf = new char[BIGNUM];\n\n\t\t\tshort bytesReceived = 0;\n\t\t\t\n\t\t\t// BAD: 'bytesReceived' is compared with a value of wider type.\n\t\t\t// 'bytesReceived' overflows before reaching MAXGET,\n\t\t\t// causing an infinite loop.\n\t\t\twhile (bytesReceived < MAXGET) {\n\t\t\t\tbytesReceived += getFromInput(buf, bytesReceived);\n\t\t\t}\n\t\t}\n\t\t\n\t\t{\n\t\t\tlong bytesReceived2 = 0;\n\t\t\t\n\t\t\t// GOOD: 'bytesReceived2' has a type at least as wide as MAXGET.\n\t\t\twhile (bytesReceived2 < MAXGET) {\n\t\t\t\tbytesReceived2 += getFromInput(buf, bytesReceived2);\n\t\t\t}\n\t\t}\n\t\t\n\t}\n\t\n\tpublic static int getFromInput(char[] buf, short pos) {\n\t\t// write to buf\n\t\t// ...\n\t\treturn 1;\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n"},"properties":{"tags":["reliability","security","external/cwe/cwe-190","external/cwe/cwe-197"],"description":"Comparisons between types of different widths in a loop condition can cause the loop\n              to behave unexpectedly.","id":"java/comparison-with-wider-type","kind":"problem","name":"Comparison of narrow type with wide type in loop condition","precision":"medium","problem.severity":"warning","security-severity":"8.1"}},{"id":"java/android/sensitive-keyboard-cache","name":"java/android/sensitive-keyboard-cache","shortDescription":{"text":"Android sensitive keyboard cache"},"fullDescription":{"text":"Allowing the keyboard to cache sensitive information may result in information leaks to other applications."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android sensitive keyboard cache\nWhen a user enters information in a text input field on an Android application, their input is saved to a keyboard cache which provides autocomplete suggestions and predictions. There is a risk that sensitive user data, such as passwords or banking information, may be leaked to other applications via the keyboard cache.\n\n\n## Recommendation\nFor input fields expected to accept sensitive information, use input types such as `\"textNoSuggestions\"` (or `\"textPassword\"` for a password) to ensure the input does not get stored in the keyboard cache.\n\nOptionally, instead of declaring an input type through XML, you can set the input type in your code using `TextView.setInputType()`.\n\n\n## Example\nIn the following example, the field labeled BAD allows the password to be saved to the keyboard cache, whereas the field labeled GOOD uses the `\"textPassword\"` input type to ensure the password is not cached.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<LinearLayout\n    xmlns:android=\"http://schemas.android.com/apk/res/android\"\n    xmlns:app=\"http://schemas.android.com/apk/res-auto\">\n\n    <!-- BAD: This password field uses the `text` input type, which allows the input to be saved to the keyboard cache. -->\n    <EditText\n        android:id=\"@+id/password_bad\"\n        android:inputType=\"text\"/> \n\n    <!-- GOOD: This password field uses the `textPassword` input type, which ensures that the input is not saved to the keyboard cache. -->\n    <EditText\n        android:id=\"@+id/password_good\"\n        android:inputType=\"textPassword\"/>  \n</LinearLayout>\n```\n\n## References\n* OWASP Mobile Application Security Testing Guide: [Determining Whether the Keyboard Cache Is Disabled for Text Input Fields](https://github.com/OWASP/owasp-mastg/blob/b7a93a2e5e0557cc9a12e55fc3f6675f6986bb86/Document/0x05d-Testing-Data-Storage.md#determining-whether-the-keyboard-cache-is-disabled-for-text-input-fields-mstg-storage-5).\n* Android Developers: [android:inputType attribute documentation.](https://developer.android.com/reference/android/widget/TextView#attr_android:inputType)\n* Common Weakness Enumeration: [CWE-524](https://cwe.mitre.org/data/definitions/524.html).\n","markdown":"# Android sensitive keyboard cache\nWhen a user enters information in a text input field on an Android application, their input is saved to a keyboard cache which provides autocomplete suggestions and predictions. There is a risk that sensitive user data, such as passwords or banking information, may be leaked to other applications via the keyboard cache.\n\n\n## Recommendation\nFor input fields expected to accept sensitive information, use input types such as `\"textNoSuggestions\"` (or `\"textPassword\"` for a password) to ensure the input does not get stored in the keyboard cache.\n\nOptionally, instead of declaring an input type through XML, you can set the input type in your code using `TextView.setInputType()`.\n\n\n## Example\nIn the following example, the field labeled BAD allows the password to be saved to the keyboard cache, whereas the field labeled GOOD uses the `\"textPassword\"` input type to ensure the password is not cached.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<LinearLayout\n    xmlns:android=\"http://schemas.android.com/apk/res/android\"\n    xmlns:app=\"http://schemas.android.com/apk/res-auto\">\n\n    <!-- BAD: This password field uses the `text` input type, which allows the input to be saved to the keyboard cache. -->\n    <EditText\n        android:id=\"@+id/password_bad\"\n        android:inputType=\"text\"/> \n\n    <!-- GOOD: This password field uses the `textPassword` input type, which ensures that the input is not saved to the keyboard cache. -->\n    <EditText\n        android:id=\"@+id/password_good\"\n        android:inputType=\"textPassword\"/>  \n</LinearLayout>\n```\n\n## References\n* OWASP Mobile Application Security Testing Guide: [Determining Whether the Keyboard Cache Is Disabled for Text Input Fields](https://github.com/OWASP/owasp-mastg/blob/b7a93a2e5e0557cc9a12e55fc3f6675f6986bb86/Document/0x05d-Testing-Data-Storage.md#determining-whether-the-keyboard-cache-is-disabled-for-text-input-fields-mstg-storage-5).\n* Android Developers: [android:inputType attribute documentation.](https://developer.android.com/reference/android/widget/TextView#attr_android:inputType)\n* Common Weakness Enumeration: [CWE-524](https://cwe.mitre.org/data/definitions/524.html).\n"},"properties":{"tags":["security","external/cwe/cwe-524"],"description":"Allowing the keyboard to cache sensitive information may result in information leaks to other applications.","id":"java/android/sensitive-keyboard-cache","kind":"problem","name":"Android sensitive keyboard cache","precision":"medium","problem.severity":"warning","security-severity":"8.1"}},{"id":"java/insecure-smtp-ssl","name":"java/insecure-smtp-ssl","shortDescription":{"text":"Insecure JavaMail SSL Configuration"},"fullDescription":{"text":"Configuring a Java application to use authenticated mail session over SSL without certificate validation makes the session susceptible to a man-in-the-middle attack."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Insecure JavaMail SSL Configuration\nJavaMail is commonly used in Java applications to send emails. There are popular third-party libraries like Apache Commons Email which are built on JavaMail and facilitate integration. Authenticated mail sessions require user credentials and mail sessions can require SSL/TLS authentication. It is a common security vulnerability that host-specific certificate data is not validated or is incorrectly validated. Failing to validate the certificate makes the SSL session susceptible to a man-in-the-middle attack.\n\nThis query checks whether the SSL certificate is validated when credentials are used and SSL is enabled in email communications.\n\nThe query has code for both plain JavaMail invocation and mailing through Apache SimpleMail to make it more comprehensive.\n\n\n## Recommendation\nValidate SSL certificate when sensitive information is sent in email communications.\n\n\n## Example\nThe following two examples show two ways of configuring secure emails through JavaMail or Apache SimpleMail. In the 'BAD' case, credentials are sent in an SSL session without certificate validation. In the 'GOOD' case, the certificate is validated.\n\n\n```java\nimport java.util.Properties;\n\nimport javax.activation.DataSource;\nimport javax.mail.Authenticator;\nimport javax.mail.Message;\nimport javax.mail.MessagingException;\nimport javax.mail.PasswordAuthentication;\nimport javax.mail.Session;\n\nimport org.apache.logging.log4j.util.PropertiesUtil;\n\nclass JavaMail {\n    public static void main(String[] args) {\n      // BAD: Don't have server certificate check\n      {\n\t\tfinal Properties properties = PropertiesUtil.getSystemProperties();\n\t\tproperties.put(\"mail.transport.protocol\", \"protocol\");\n\t\tproperties.put(\"mail.smtp.host\", \"hostname\");\n\t\tproperties.put(\"mail.smtp.socketFactory.class\", \"classname\");\n\n\t\tfinal Authenticator authenticator = buildAuthenticator(\"username\", \"password\");\n\t\tif (null != authenticator) {\n\t\t\tproperties.put(\"mail.smtp.auth\", \"true\");\n\t\t}\n\t\tfinal Session session = Session.getInstance(properties, authenticator);\n      }\n\n      // GOOD: Have server certificate check\n      {\n\t\tfinal Properties properties = PropertiesUtil.getSystemProperties();\n\t\tproperties.put(\"mail.transport.protocol\", \"protocol\");\n\t\tproperties.put(\"mail.smtp.host\", \"hostname\");\n\t\tproperties.put(\"mail.smtp.socketFactory.class\", \"classname\");\n\n\t\tfinal Authenticator authenticator = buildAuthenticator(\"username\", \"password\");\n\t\tif (null != authenticator) {\n\t\t\tproperties.put(\"mail.smtp.auth\", \"true\");\n\t\t\tproperties.put(\"mail.smtp.ssl.checkserveridentity\", \"true\");\n\t\t}\n\t\tfinal Session session = Session.getInstance(properties, authenticator);\n      }\n    }\n}\n```\n\n```java\nimport org.apache.commons.mail.DefaultAuthenticator;\nimport org.apache.commons.mail.Email;\nimport org.apache.commons.mail.EmailException;\nimport org.apache.commons.mail.SimpleEmail;\n\nclass SimpleMail {\n    public static void main(String[] args) throws EmailException {\n      // BAD: Don't have setSSLCheckServerIdentity set or set as false    \n      {\n        Email email = new SimpleEmail();\n        email.setHostName(\"hostName\");\n        email.setSmtpPort(25);\n        email.setAuthenticator(new DefaultAuthenticator(\"username\", \"password\"));\n        email.setSSLOnConnect(true);\n        \n        //email.setSSLCheckServerIdentity(false);\n        email.setFrom(\"fromAddress\");\n        email.setSubject(\"subject\");\n        email.setMsg(\"body\");\n        email.addTo(\"toAddress\");\n        email.send();\n      }\n\n      // GOOD: Have setSSLCheckServerIdentity set to true\n      {\n        Email email = new SimpleEmail();\n        email.setHostName(\"hostName\");\n        email.setSmtpPort(25);\n        email.setAuthenticator(new DefaultAuthenticator(\"username\", \"password\"));\n        email.setSSLOnConnect(true);\n\n        email.setSSLCheckServerIdentity(true);\n        email.setFrom(\"fromAddress\");\n        email.setSubject(\"subject\");\n        email.setMsg(\"body\");\n        email.addTo(\"toAddress\");\n        email.send();\n      }\n    }\n}\n```\n\n## References\n* Jakarta Mail: [SSL Notes](https://eclipse-ee4j.github.io/mail/docs/SSLNOTES.txt).\n* Apache Commons: [Email security](https://commons.apache.org/proper/commons-email/userguide.html#Security).\n* Log4j2: [Add support for specifying an SSL configuration for SmtpAppender (CVE-2020-9488)](https://issues.apache.org/jira/browse/LOG4J2-2819).\n* Common Weakness Enumeration: [CWE-297](https://cwe.mitre.org/data/definitions/297.html).\n","markdown":"# Insecure JavaMail SSL Configuration\nJavaMail is commonly used in Java applications to send emails. There are popular third-party libraries like Apache Commons Email which are built on JavaMail and facilitate integration. Authenticated mail sessions require user credentials and mail sessions can require SSL/TLS authentication. It is a common security vulnerability that host-specific certificate data is not validated or is incorrectly validated. Failing to validate the certificate makes the SSL session susceptible to a man-in-the-middle attack.\n\nThis query checks whether the SSL certificate is validated when credentials are used and SSL is enabled in email communications.\n\nThe query has code for both plain JavaMail invocation and mailing through Apache SimpleMail to make it more comprehensive.\n\n\n## Recommendation\nValidate SSL certificate when sensitive information is sent in email communications.\n\n\n## Example\nThe following two examples show two ways of configuring secure emails through JavaMail or Apache SimpleMail. In the 'BAD' case, credentials are sent in an SSL session without certificate validation. In the 'GOOD' case, the certificate is validated.\n\n\n```java\nimport java.util.Properties;\n\nimport javax.activation.DataSource;\nimport javax.mail.Authenticator;\nimport javax.mail.Message;\nimport javax.mail.MessagingException;\nimport javax.mail.PasswordAuthentication;\nimport javax.mail.Session;\n\nimport org.apache.logging.log4j.util.PropertiesUtil;\n\nclass JavaMail {\n    public static void main(String[] args) {\n      // BAD: Don't have server certificate check\n      {\n\t\tfinal Properties properties = PropertiesUtil.getSystemProperties();\n\t\tproperties.put(\"mail.transport.protocol\", \"protocol\");\n\t\tproperties.put(\"mail.smtp.host\", \"hostname\");\n\t\tproperties.put(\"mail.smtp.socketFactory.class\", \"classname\");\n\n\t\tfinal Authenticator authenticator = buildAuthenticator(\"username\", \"password\");\n\t\tif (null != authenticator) {\n\t\t\tproperties.put(\"mail.smtp.auth\", \"true\");\n\t\t}\n\t\tfinal Session session = Session.getInstance(properties, authenticator);\n      }\n\n      // GOOD: Have server certificate check\n      {\n\t\tfinal Properties properties = PropertiesUtil.getSystemProperties();\n\t\tproperties.put(\"mail.transport.protocol\", \"protocol\");\n\t\tproperties.put(\"mail.smtp.host\", \"hostname\");\n\t\tproperties.put(\"mail.smtp.socketFactory.class\", \"classname\");\n\n\t\tfinal Authenticator authenticator = buildAuthenticator(\"username\", \"password\");\n\t\tif (null != authenticator) {\n\t\t\tproperties.put(\"mail.smtp.auth\", \"true\");\n\t\t\tproperties.put(\"mail.smtp.ssl.checkserveridentity\", \"true\");\n\t\t}\n\t\tfinal Session session = Session.getInstance(properties, authenticator);\n      }\n    }\n}\n```\n\n```java\nimport org.apache.commons.mail.DefaultAuthenticator;\nimport org.apache.commons.mail.Email;\nimport org.apache.commons.mail.EmailException;\nimport org.apache.commons.mail.SimpleEmail;\n\nclass SimpleMail {\n    public static void main(String[] args) throws EmailException {\n      // BAD: Don't have setSSLCheckServerIdentity set or set as false    \n      {\n        Email email = new SimpleEmail();\n        email.setHostName(\"hostName\");\n        email.setSmtpPort(25);\n        email.setAuthenticator(new DefaultAuthenticator(\"username\", \"password\"));\n        email.setSSLOnConnect(true);\n        \n        //email.setSSLCheckServerIdentity(false);\n        email.setFrom(\"fromAddress\");\n        email.setSubject(\"subject\");\n        email.setMsg(\"body\");\n        email.addTo(\"toAddress\");\n        email.send();\n      }\n\n      // GOOD: Have setSSLCheckServerIdentity set to true\n      {\n        Email email = new SimpleEmail();\n        email.setHostName(\"hostName\");\n        email.setSmtpPort(25);\n        email.setAuthenticator(new DefaultAuthenticator(\"username\", \"password\"));\n        email.setSSLOnConnect(true);\n\n        email.setSSLCheckServerIdentity(true);\n        email.setFrom(\"fromAddress\");\n        email.setSubject(\"subject\");\n        email.setMsg(\"body\");\n        email.addTo(\"toAddress\");\n        email.send();\n      }\n    }\n}\n```\n\n## References\n* Jakarta Mail: [SSL Notes](https://eclipse-ee4j.github.io/mail/docs/SSLNOTES.txt).\n* Apache Commons: [Email security](https://commons.apache.org/proper/commons-email/userguide.html#Security).\n* Log4j2: [Add support for specifying an SSL configuration for SmtpAppender (CVE-2020-9488)](https://issues.apache.org/jira/browse/LOG4J2-2819).\n* Common Weakness Enumeration: [CWE-297](https://cwe.mitre.org/data/definitions/297.html).\n"},"properties":{"tags":["security","external/cwe/cwe-297","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Configuring a Java application to use authenticated mail session\n              over SSL without certificate validation\n              makes the session susceptible to a man-in-the-middle attack.","id":"java/insecure-smtp-ssl","kind":"problem","name":"Insecure JavaMail SSL Configuration","precision":"medium","problem.severity":"warning","security-severity":"5.9"}},{"id":"java/relative-path-command","name":"java/relative-path-command","shortDescription":{"text":"Executing a command with a relative path"},"fullDescription":{"text":"Executing a command with a relative path is vulnerable to malicious changes in the PATH environment variable."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Executing a command with a relative path\nWhen a command is executed with a relative path, the runtime uses the PATH environment variable to find which executable to run. Therefore, any user who can change the PATH environment variable can cause the software to run a different, malicious executable.\n\n\n## Recommendation\nIn most cases, simply use a command that has an absolute path instead of a relative path.\n\nIn some cases, the location of the executable might be different on different installations. In such cases, consider specifying the location of key executables with some form of configuration. When using this approach, be careful that the configuration system is not itself vulnerable to malicious modifications.\n\n\n## Example\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        // BAD: relative path\n        Runtime.getRuntime().exec(\"make\");\n        \n        // GOOD: absolute path\n        Runtime.getRuntime().exec(\"/usr/bin/make\");\n\n        // GOOD: build an absolute path from known values\n        Runtime.getRuntime().exec(Paths.MAKE_PREFIX + \"/bin/make\");\n    }\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n","markdown":"# Executing a command with a relative path\nWhen a command is executed with a relative path, the runtime uses the PATH environment variable to find which executable to run. Therefore, any user who can change the PATH environment variable can cause the software to run a different, malicious executable.\n\n\n## Recommendation\nIn most cases, simply use a command that has an absolute path instead of a relative path.\n\nIn some cases, the location of the executable might be different on different installations. In such cases, consider specifying the location of key executables with some form of configuration. When using this approach, be careful that the configuration system is not itself vulnerable to malicious modifications.\n\n\n## Example\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        // BAD: relative path\n        Runtime.getRuntime().exec(\"make\");\n        \n        // GOOD: absolute path\n        Runtime.getRuntime().exec(\"/usr/bin/make\");\n\n        // GOOD: build an absolute path from known values\n        Runtime.getRuntime().exec(Paths.MAKE_PREFIX + \"/bin/make\");\n    }\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n"},"properties":{"tags":["security","external/cwe/cwe-078","external/cwe/cwe-088"],"description":"Executing a command with a relative path is vulnerable to\n              malicious changes in the PATH environment variable.","id":"java/relative-path-command","kind":"problem","name":"Executing a command with a relative path","precision":"medium","problem.severity":"warning","security-severity":"9.8"}},{"id":"java/android/unsafe-android-webview-fetch","name":"java/android/unsafe-android-webview-fetch","shortDescription":{"text":"Unsafe resource fetching in Android WebView"},"fullDescription":{"text":"JavaScript rendered inside WebViews can access protected application files and web resources from any origin exposing them to attack."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Unsafe resource fetching in Android WebView\nAndroid WebViews that allow externally controlled URLs to be loaded, and whose JavaScript interface is enabled, are potentially vulnerable to cross-site scripting and sensitive resource disclosure attacks.\n\nA `WebView` whose `WebSettings` object has called `setAllowFileAccessFromFileURLs(true)` or `setAllowUniversalAccessFromFileURLs(true)` must not load any untrusted web content.\n\nEnabling these settings allows malicious scripts loaded in a `file://` context to launch cross-site scripting attacks, accessing arbitrary local files including WebView cookies, session tokens, private app data or even credentials used on arbitrary web sites.\n\nThis query detects the following two scenarios:\n\n1. A vulnerability introduced by WebViews when JavaScript is enabled and remote inputs are allowed.\n1. A more severe vulnerability when \"allow cross-origin resource access\" is also enabled. This setting was deprecated in API level 30 (Android 11), but most devices are still affected, especially since some Android phones are updated slowly or no longer updated at all.\n\n## Recommendation\nOnly allow trusted web content to be displayed in WebViews when JavaScript is enabled. Disallow cross-origin resource access in WebSettings to reduce the attack surface.\n\n\n## Example\nThe following example shows both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, JavaScript and the allow access setting are enabled and URLs are loaded from externally controlled inputs. In the 'GOOD' configuration, JavaScript is disabled or only trusted web content is allowed to be loaded.\n\n\n```java\npublic class UnsafeAndroidAccess extends Activity {\n\tpublic void onCreate(Bundle savedInstanceState) {\n\t\tsuper.onCreate(savedInstanceState);\n\t\tsetContentView(R.layout.webview);\n\n\t\t// BAD: Have both JavaScript and cross-origin resource access enabled in webview while\n\t\t// taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(R.id.my_webview);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\t\t\twebSettings.setAllowUniversalAccessFromFileURLs(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getExtras().getString(\"url\"); // dangerous remote input from  the intent's Bundle of extras\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// BAD: Have both JavaScript and cross-origin resource access enabled in webview while\n\t\t// taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(R.id.my_webview);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\t\t\twebSettings.setAllowUniversalAccessFromFileURLs(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getStringExtra(\"url\"); //dangerous remote input from intent extra\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// GOOD: Have JavaScript and cross-origin resource access disabled by default on modern Android (Jellybean+) while taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(-1);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getExtras().getString(\"url\"); // remote input\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// GOOD: Have JavaScript enabled in webview but remote user input is not allowed\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(-1);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\twv.loadUrl(\"https://www.mycorp.com\");\n\t\t}\n\t}\n}\n```\n\n## References\n* Google Help: [Fixing a File-based XSS Vulnerability](https://support.google.com/faqs/answer/7668153?hl=en)\n* OWASP: [Testing JavaScript Execution in WebViews (MSTG-PLATFORM-5)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5)\n* OWASP: [Testing WebView Protocol Handlers (MSTG-PLATFORM-6)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-webview-protocol-handlers-mstg-platform-6)\n* Common Weakness Enumeration: [CWE-749](https://cwe.mitre.org/data/definitions/749.html).\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n","markdown":"# Unsafe resource fetching in Android WebView\nAndroid WebViews that allow externally controlled URLs to be loaded, and whose JavaScript interface is enabled, are potentially vulnerable to cross-site scripting and sensitive resource disclosure attacks.\n\nA `WebView` whose `WebSettings` object has called `setAllowFileAccessFromFileURLs(true)` or `setAllowUniversalAccessFromFileURLs(true)` must not load any untrusted web content.\n\nEnabling these settings allows malicious scripts loaded in a `file://` context to launch cross-site scripting attacks, accessing arbitrary local files including WebView cookies, session tokens, private app data or even credentials used on arbitrary web sites.\n\nThis query detects the following two scenarios:\n\n1. A vulnerability introduced by WebViews when JavaScript is enabled and remote inputs are allowed.\n1. A more severe vulnerability when \"allow cross-origin resource access\" is also enabled. This setting was deprecated in API level 30 (Android 11), but most devices are still affected, especially since some Android phones are updated slowly or no longer updated at all.\n\n## Recommendation\nOnly allow trusted web content to be displayed in WebViews when JavaScript is enabled. Disallow cross-origin resource access in WebSettings to reduce the attack surface.\n\n\n## Example\nThe following example shows both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, JavaScript and the allow access setting are enabled and URLs are loaded from externally controlled inputs. In the 'GOOD' configuration, JavaScript is disabled or only trusted web content is allowed to be loaded.\n\n\n```java\npublic class UnsafeAndroidAccess extends Activity {\n\tpublic void onCreate(Bundle savedInstanceState) {\n\t\tsuper.onCreate(savedInstanceState);\n\t\tsetContentView(R.layout.webview);\n\n\t\t// BAD: Have both JavaScript and cross-origin resource access enabled in webview while\n\t\t// taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(R.id.my_webview);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\t\t\twebSettings.setAllowUniversalAccessFromFileURLs(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getExtras().getString(\"url\"); // dangerous remote input from  the intent's Bundle of extras\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// BAD: Have both JavaScript and cross-origin resource access enabled in webview while\n\t\t// taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(R.id.my_webview);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\t\t\twebSettings.setAllowUniversalAccessFromFileURLs(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getStringExtra(\"url\"); //dangerous remote input from intent extra\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// GOOD: Have JavaScript and cross-origin resource access disabled by default on modern Android (Jellybean+) while taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(-1);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getExtras().getString(\"url\"); // remote input\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// GOOD: Have JavaScript enabled in webview but remote user input is not allowed\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(-1);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\twv.loadUrl(\"https://www.mycorp.com\");\n\t\t}\n\t}\n}\n```\n\n## References\n* Google Help: [Fixing a File-based XSS Vulnerability](https://support.google.com/faqs/answer/7668153?hl=en)\n* OWASP: [Testing JavaScript Execution in WebViews (MSTG-PLATFORM-5)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5)\n* OWASP: [Testing WebView Protocol Handlers (MSTG-PLATFORM-6)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-webview-protocol-handlers-mstg-platform-6)\n* Common Weakness Enumeration: [CWE-749](https://cwe.mitre.org/data/definitions/749.html).\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n"},"properties":{"tags":["security","external/cwe/cwe-749","external/cwe/cwe-079"],"description":"JavaScript rendered inside WebViews can access protected\n              application files and web resources from any origin exposing them to attack.","id":"java/android/unsafe-android-webview-fetch","kind":"path-problem","name":"Unsafe resource fetching in Android WebView","precision":"medium","problem.severity":"warning","security-severity":"6.1"}},{"id":"java/concatenated-sql-query","name":"java/concatenated-sql-query","shortDescription":{"text":"Query built by concatenation with a possibly-untrusted string"},"fullDescription":{"text":"Building a SQL or Java Persistence query by concatenating a possibly-untrusted string is vulnerable to insertion of malicious code."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Query built by concatenation with a possibly-untrusted string\nEven when the components of a SQL query are not fully controlled by a user, it is a vulnerability to build the query by directly concatenating those components. Perhaps a separate vulnerability will allow the user to gain control of the component. As well, a user who cannot gain full control of an input might influence it enough to cause the SQL query to fail to run.\n\n\n## Recommendation\nUsually, it is better to use a SQL prepared statement than to build a complete SQL query with string concatenation. A prepared statement can include a wildcard, written as a question mark (?), for each part of the SQL query that is expected to be filled in by a different value each time it is run. When the query is later executed, a value must be supplied for each wildcard in the query.\n\nIn the Java Persistence Query Language, it is better to use queries with parameters than to build a complete query with string concatenation. A Java Persistence query can include a parameter placeholder for each part of the query that is expected to be filled in by a different value when run. A parameter placeholder may be indicated by a colon (:) followed by a parameter name, or by a question mark (?) followed by an integer position. When the query is later executed, a value must be supplied for each parameter in the query, using the `setParameter` method. Specifying the query using the `@NamedQuery` annotation introduces an additional level of safety: the query must be a constant string literal, preventing construction by string concatenation, and the only way to fill in values for parts of the query is by setting positional parameters.\n\nIt is good practice to use prepared statements (in SQL) or query parameters (in the Java Persistence Query Language) for supplying parameter values to a query, whether or not any of the parameters are directly traceable to user input. Doing so avoids any need to worry about quoting and escaping.\n\n\n## Example\nIn the following example, the code runs a simple SQL query in two different ways.\n\nThe first way involves building a query, `query1`, by concatenating the result of `getCategory` with some string literals. The result of `getCategory` can include special characters, or it might be refactored later so that it may return something that contains special characters.\n\nThe second way, which shows good practice, involves building a query, `query2`, with a single string literal that includes a wildcard (`?`). The wildcard is then given a value by calling `setString`. This version is immune to injection attacks, because any special characters in the result of `getCategory` are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have SQL special characters in it\n    String category = getCategory();\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='\"\n        + category + \"' ORDER BY PRICE\";\n    ResultSet results = statement.executeQuery(query1);\n}\n\n{\n    // GOOD: use a prepared query\n    String category = getCategory();\n    String query2 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=? ORDER BY PRICE\";\n    PreparedStatement statement = connection.prepareStatement(query2);\n    statement.setString(1, category);\n    ResultSet results = statement.executeQuery();\n}\n```\n\n## References\n* OWASP: [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html).\n* SEI CERT Oracle Coding Standard for Java: [IDS00-J. Prevent SQL injection](https://wiki.sei.cmu.edu/confluence/display/java/IDS00-J.+Prevent+SQL+injection).\n* The Java Tutorials: [Using Prepared Statements](https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html).\n* Common Weakness Enumeration: [CWE-89](https://cwe.mitre.org/data/definitions/89.html).\n* Common Weakness Enumeration: [CWE-564](https://cwe.mitre.org/data/definitions/564.html).\n","markdown":"# Query built by concatenation with a possibly-untrusted string\nEven when the components of a SQL query are not fully controlled by a user, it is a vulnerability to build the query by directly concatenating those components. Perhaps a separate vulnerability will allow the user to gain control of the component. As well, a user who cannot gain full control of an input might influence it enough to cause the SQL query to fail to run.\n\n\n## Recommendation\nUsually, it is better to use a SQL prepared statement than to build a complete SQL query with string concatenation. A prepared statement can include a wildcard, written as a question mark (?), for each part of the SQL query that is expected to be filled in by a different value each time it is run. When the query is later executed, a value must be supplied for each wildcard in the query.\n\nIn the Java Persistence Query Language, it is better to use queries with parameters than to build a complete query with string concatenation. A Java Persistence query can include a parameter placeholder for each part of the query that is expected to be filled in by a different value when run. A parameter placeholder may be indicated by a colon (:) followed by a parameter name, or by a question mark (?) followed by an integer position. When the query is later executed, a value must be supplied for each parameter in the query, using the `setParameter` method. Specifying the query using the `@NamedQuery` annotation introduces an additional level of safety: the query must be a constant string literal, preventing construction by string concatenation, and the only way to fill in values for parts of the query is by setting positional parameters.\n\nIt is good practice to use prepared statements (in SQL) or query parameters (in the Java Persistence Query Language) for supplying parameter values to a query, whether or not any of the parameters are directly traceable to user input. Doing so avoids any need to worry about quoting and escaping.\n\n\n## Example\nIn the following example, the code runs a simple SQL query in two different ways.\n\nThe first way involves building a query, `query1`, by concatenating the result of `getCategory` with some string literals. The result of `getCategory` can include special characters, or it might be refactored later so that it may return something that contains special characters.\n\nThe second way, which shows good practice, involves building a query, `query2`, with a single string literal that includes a wildcard (`?`). The wildcard is then given a value by calling `setString`. This version is immune to injection attacks, because any special characters in the result of `getCategory` are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have SQL special characters in it\n    String category = getCategory();\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='\"\n        + category + \"' ORDER BY PRICE\";\n    ResultSet results = statement.executeQuery(query1);\n}\n\n{\n    // GOOD: use a prepared query\n    String category = getCategory();\n    String query2 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=? ORDER BY PRICE\";\n    PreparedStatement statement = connection.prepareStatement(query2);\n    statement.setString(1, category);\n    ResultSet results = statement.executeQuery();\n}\n```\n\n## References\n* OWASP: [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html).\n* SEI CERT Oracle Coding Standard for Java: [IDS00-J. Prevent SQL injection](https://wiki.sei.cmu.edu/confluence/display/java/IDS00-J.+Prevent+SQL+injection).\n* The Java Tutorials: [Using Prepared Statements](https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html).\n* Common Weakness Enumeration: [CWE-89](https://cwe.mitre.org/data/definitions/89.html).\n* Common Weakness Enumeration: [CWE-564](https://cwe.mitre.org/data/definitions/564.html).\n"},"properties":{"tags":["security","external/cwe/cwe-089","external/cwe/cwe-564","owasp-top10-2021","A03:2021 - Injection"],"description":"Building a SQL or Java Persistence query by concatenating a possibly-untrusted string\n              is vulnerable to insertion of malicious code.","id":"java/concatenated-sql-query","kind":"problem","name":"Query built by concatenation with a possibly-untrusted string","precision":"medium","problem.severity":"error","security-severity":"8.8"}},{"id":"java/unreachable-exit-in-loop","name":"java/unreachable-exit-in-loop","shortDescription":{"text":"Loop with unreachable exit condition"},"fullDescription":{"text":"An iteration or loop with an exit condition that cannot be reached is an indication of faulty logic and can likely lead to infinite looping."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Loop with unreachable exit condition\nLoops can contain multiple exit conditions, either directly in the loop condition or as guards around `break` or `return` statements. If an exit condition cannot be satisfied, then the code is misleading at best, and the loop might not terminate.\n\n\n## Recommendation\nWhen writing a loop that is intended to terminate, make sure that all the necessary exit conditions can be satisfied and that loop termination is clear.\n\n\n## Example\nThe following example shows a potentially infinite loop, since the inner loop condition is constantly true. Of course, the loop may or may not be infinite depending on the behavior of `shouldBreak`, but if this was intended as the only exit condition the loop should be rewritten to make this clear.\n\n\n```java\nfor (int i=0; i<10; i++) {\n    for (int j=0; i<10; j++) {\n        // do stuff\n        if (shouldBreak()) break;\n    }\n}\n\n```\nTo fix the loop the condition is corrected to check the right variable.\n\n\n```java\nfor (int i=0; i<10; i++) {\n    for (int j=0; j<10; j++) {\n        // do stuff\n        if (shouldBreak()) break;\n    }\n}\n\n```\n\n## References\n* Java Language Specification: [Blocks and Statements](https://docs.oracle.com/javase/specs/jls/se11/html/jls-14.html).\n* Common Weakness Enumeration: [CWE-835](https://cwe.mitre.org/data/definitions/835.html).\n","markdown":"# Loop with unreachable exit condition\nLoops can contain multiple exit conditions, either directly in the loop condition or as guards around `break` or `return` statements. If an exit condition cannot be satisfied, then the code is misleading at best, and the loop might not terminate.\n\n\n## Recommendation\nWhen writing a loop that is intended to terminate, make sure that all the necessary exit conditions can be satisfied and that loop termination is clear.\n\n\n## Example\nThe following example shows a potentially infinite loop, since the inner loop condition is constantly true. Of course, the loop may or may not be infinite depending on the behavior of `shouldBreak`, but if this was intended as the only exit condition the loop should be rewritten to make this clear.\n\n\n```java\nfor (int i=0; i<10; i++) {\n    for (int j=0; i<10; j++) {\n        // do stuff\n        if (shouldBreak()) break;\n    }\n}\n\n```\nTo fix the loop the condition is corrected to check the right variable.\n\n\n```java\nfor (int i=0; i<10; i++) {\n    for (int j=0; j<10; j++) {\n        // do stuff\n        if (shouldBreak()) break;\n    }\n}\n\n```\n\n## References\n* Java Language Specification: [Blocks and Statements](https://docs.oracle.com/javase/specs/jls/se11/html/jls-14.html).\n* Common Weakness Enumeration: [CWE-835](https://cwe.mitre.org/data/definitions/835.html).\n"},"properties":{"tags":["security","external/cwe/cwe-835"],"description":"An iteration or loop with an exit condition that cannot be\n              reached is an indication of faulty logic and can likely lead to infinite\n              looping.","id":"java/unreachable-exit-in-loop","kind":"problem","name":"Loop with unreachable exit condition","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/android/incomplete-provider-permissions","name":"java/android/incomplete-provider-permissions","shortDescription":{"text":"Missing read or write permission in a content provider"},"fullDescription":{"text":"Android content providers which do not configure both read and write permissions can allow permission bypass."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Missing read or write permission in a content provider\nThe Android manifest file specifies the content providers for the application using `provider` elements. The `provider` element specifies the explicit permissions an application requires in order to access a resource using that provider. You specify the permissions using the `android:readPermission`, `android:writePermission`, or `android:permission` attributes. If you do not specify the permission required to perform an operation, the application will implicitly have access to perform that operation. For example, if you specify only `android:readPermission`, the application must have explicit permission to read data, but requires no permission to write data.\n\n\n## Recommendation\nTo prevent permission bypass, you should create `provider` elements that either specify both the `android:readPermission` and `android:writePermission` attributes, or specify the `android:permission` attribute.\n\n\n## Example\nIn the following two (bad) examples, the provider is configured with only read or write permissions. This allows a malicious application to bypass the permission check by requesting access to the unrestricted operation.\n\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- BAD: only 'android:readPermission' is set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:readPermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- BAD: only 'android:writePermission' is set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:writePermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\nIn the following (good) examples, the provider is configured with full permissions, protecting it from a permissions bypass.\n\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- Good: both 'android:readPermission' and 'android:writePermission' are set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:writePermission=\"android.permission.MANAGE_DOCUMENTS\"\n          android:readPermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- Good: 'android:permission' is set  -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:permission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Documentation: [Provider element](https://developer.android.com/guide/topics/manifest/provider-element)\n* CVE-2021-41166: [Insufficient permission control in Nextcloud Android app](https://nvd.nist.gov/vuln/detail/CVE-2021-41166)\n* GitHub Security Lab Research: [Insufficient permission control in Nextcloud Android app](https://securitylab.github.com/advisories/GHSL-2021-1007-Nextcloud_Android_app/#issue-2-permission-bypass-in-disklruimagecachefileprovider-ghsl-2021-1008)\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n","markdown":"# Missing read or write permission in a content provider\nThe Android manifest file specifies the content providers for the application using `provider` elements. The `provider` element specifies the explicit permissions an application requires in order to access a resource using that provider. You specify the permissions using the `android:readPermission`, `android:writePermission`, or `android:permission` attributes. If you do not specify the permission required to perform an operation, the application will implicitly have access to perform that operation. For example, if you specify only `android:readPermission`, the application must have explicit permission to read data, but requires no permission to write data.\n\n\n## Recommendation\nTo prevent permission bypass, you should create `provider` elements that either specify both the `android:readPermission` and `android:writePermission` attributes, or specify the `android:permission` attribute.\n\n\n## Example\nIn the following two (bad) examples, the provider is configured with only read or write permissions. This allows a malicious application to bypass the permission check by requesting access to the unrestricted operation.\n\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- BAD: only 'android:readPermission' is set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:readPermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- BAD: only 'android:writePermission' is set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:writePermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\nIn the following (good) examples, the provider is configured with full permissions, protecting it from a permissions bypass.\n\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- Good: both 'android:readPermission' and 'android:writePermission' are set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:writePermission=\"android.permission.MANAGE_DOCUMENTS\"\n          android:readPermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- Good: 'android:permission' is set  -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:permission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Documentation: [Provider element](https://developer.android.com/guide/topics/manifest/provider-element)\n* CVE-2021-41166: [Insufficient permission control in Nextcloud Android app](https://nvd.nist.gov/vuln/detail/CVE-2021-41166)\n* GitHub Security Lab Research: [Insufficient permission control in Nextcloud Android app](https://securitylab.github.com/advisories/GHSL-2021-1007-Nextcloud_Android_app/#issue-2-permission-bypass-in-disklruimagecachefileprovider-ghsl-2021-1008)\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n"},"properties":{"tags":["security","external/cwe/cwe-926"],"description":"Android content providers which do not configure both read and write permissions can allow permission bypass.","id":"java/android/incomplete-provider-permissions","kind":"problem","name":"Missing read or write permission in a content provider","precision":"medium","problem.severity":"warning","security-severity":"8.2"}},{"id":"java/potentially-weak-cryptographic-algorithm","name":"java/potentially-weak-cryptographic-algorithm","shortDescription":{"text":"Use of a potentially broken or risky cryptographic algorithm"},"fullDescription":{"text":"Using broken or weak cryptographic algorithms can allow an attacker to compromise security."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Use of a potentially broken or risky cryptographic algorithm\nUsing broken or weak cryptographic algorithms can leave data vulnerable to being decrypted.\n\nMany cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that an attacker may be able to easily decrypt the encrypted data.\n\n\n## Recommendation\nEnsure that you use a strong, modern cryptographic algorithm. Use at least AES-128 or RSA-2048. Do not use the ECB encryption mode since it is vulnerable to replay and other attacks.\n\n\n## Example\nThe following code shows an example of using a java `Cipher` to encrypt some data. When creating a `Cipher` instance, you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a strong modern algorithm.\n\n\n```java\n// BAD: DES is a weak algorithm \nCipher des = Cipher.getInstance(\"DES\");\ncipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);\n\nbyte[] encrypted = cipher.doFinal(input.getBytes(\"UTF-8\"));\n\n// ...\n\n// GOOD: AES is a strong algorithm\nCipher aes = Cipher.getInstance(\"AES\");\n\n// ...\n\n```\n\n## References\n* NIST, FIPS 140 Annex a: [ Approved Security Functions](http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf).\n* NIST, SP 800-131A: [ Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf).\n* Common Weakness Enumeration: [CWE-327](https://cwe.mitre.org/data/definitions/327.html).\n* Common Weakness Enumeration: [CWE-328](https://cwe.mitre.org/data/definitions/328.html).\n","markdown":"# Use of a potentially broken or risky cryptographic algorithm\nUsing broken or weak cryptographic algorithms can leave data vulnerable to being decrypted.\n\nMany cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that an attacker may be able to easily decrypt the encrypted data.\n\n\n## Recommendation\nEnsure that you use a strong, modern cryptographic algorithm. Use at least AES-128 or RSA-2048. Do not use the ECB encryption mode since it is vulnerable to replay and other attacks.\n\n\n## Example\nThe following code shows an example of using a java `Cipher` to encrypt some data. When creating a `Cipher` instance, you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a strong modern algorithm.\n\n\n```java\n// BAD: DES is a weak algorithm \nCipher des = Cipher.getInstance(\"DES\");\ncipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);\n\nbyte[] encrypted = cipher.doFinal(input.getBytes(\"UTF-8\"));\n\n// ...\n\n// GOOD: AES is a strong algorithm\nCipher aes = Cipher.getInstance(\"AES\");\n\n// ...\n\n```\n\n## References\n* NIST, FIPS 140 Annex a: [ Approved Security Functions](http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf).\n* NIST, SP 800-131A: [ Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf).\n* Common Weakness Enumeration: [CWE-327](https://cwe.mitre.org/data/definitions/327.html).\n* Common Weakness Enumeration: [CWE-328](https://cwe.mitre.org/data/definitions/328.html).\n"},"properties":{"tags":["security","external/cwe/cwe-327","external/cwe/cwe-328","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using broken or weak cryptographic algorithms can allow an attacker to compromise security.","id":"java/potentially-weak-cryptographic-algorithm","kind":"path-problem","name":"Use of a potentially broken or risky cryptographic algorithm","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/summary/lines-of-code","name":"java/summary/lines-of-code","shortDescription":{"text":"Total lines of Java code in the database"},"fullDescription":{"text":"The total number of lines of code across all files. This is a useful metric of the size of a database. For all files that were seen during the build, this query counts the lines of code, excluding whitespace or comments."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","lines-of-code"],"description":"The total number of lines of code across all files. This is a useful metric of the size of a database.\n              For all files that were seen during the build, this query counts the lines of code, excluding whitespace\n              or comments.","id":"java/summary/lines-of-code","kind":"metric","name":"Total lines of Java code in the database"}},{"id":"java/telemetry/supported-external-api","name":"java/telemetry/supported-external-api","shortDescription":{"text":"Usage of supported APIs coming from external libraries"},"fullDescription":{"text":"A list of supported 3rd party APIs used in the codebase. Excludes test and generated code."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of supported 3rd party APIs used in the codebase. Excludes test and generated code.","id":"java/telemetry/supported-external-api","kind":"metric","name":"Usage of supported APIs coming from external libraries"}},{"id":"java/telemetry/supported-external-api-taint","name":"java/telemetry/supported-external-api-taint","shortDescription":{"text":"Supported flow steps in external libraries"},"fullDescription":{"text":"A list of 3rd party APIs detected as flow steps. Excludes test and generated code."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of 3rd party APIs detected as flow steps. Excludes test and generated code.","id":"java/telemetry/supported-external-api-taint","kind":"metric","name":"Supported flow steps in external libraries"}},{"id":"java/telemetry/supported-external-api-sinks","name":"java/telemetry/supported-external-api-sinks","shortDescription":{"text":"Supported sinks in external libraries"},"fullDescription":{"text":"A list of 3rd party APIs detected as sinks. Excludes test and generated code."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of 3rd party APIs detected as sinks. Excludes test and generated code.","id":"java/telemetry/supported-external-api-sinks","kind":"metric","name":"Supported sinks in external libraries"}},{"id":"java/telemetry/external-libs","name":"java/telemetry/external-libs","shortDescription":{"text":"External libraries"},"fullDescription":{"text":"A list of external libraries used in the code"},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of external libraries used in the code","id":"java/telemetry/external-libs","kind":"metric","name":"External libraries"}},{"id":"java/telemetry/unsupported-external-api","name":"java/telemetry/unsupported-external-api","shortDescription":{"text":"Usage of unsupported APIs coming from external libraries"},"fullDescription":{"text":"A list of 3rd party APIs used in the codebase. Excludes test and generated code."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of 3rd party APIs used in the codebase. Excludes test and generated code.","id":"java/telemetry/unsupported-external-api","kind":"metric","name":"Usage of unsupported APIs coming from external libraries"}},{"id":"java/telemetry/extraction-information","name":"java/telemetry/extraction-information","shortDescription":{"text":"Java extraction information"},"fullDescription":{"text":"Information about the extraction for a Java database"},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"Information about the extraction for a Java database","id":"java/telemetry/extraction-information","kind":"metric","name":"Java extraction information"}},{"id":"java/telemetry/supported-external-api-sources","name":"java/telemetry/supported-external-api-sources","shortDescription":{"text":"Supported sources in external libraries"},"fullDescription":{"text":"A list of 3rd party APIs detected as sources. Excludes test and generated code."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of 3rd party APIs detected as sources. Excludes test and generated code.","id":"java/telemetry/supported-external-api-sources","kind":"metric","name":"Supported sources in external libraries"}}],"locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-queries/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-queries/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/python-all","semanticVersion":"0.7.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-all/0.7.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-all/0.7.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/cpp-queries","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-queries/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-queries/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/go-queries","semanticVersion":"0.4.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-queries/0.4.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-queries/0.4.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/suite-helpers","semanticVersion":"0.4.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/suite-helpers/0.4.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/suite-helpers/0.4.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/python-queries","semanticVersion":"0.6.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-queries/0.6.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-queries/0.6.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/cpp-all","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-all/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-all/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/ruby-queries","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-queries/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-queries/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/swift-all","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/swift-all/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/swift-all/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/typetracking","semanticVersion":"0.0.3+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/typetracking/0.0.3/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/typetracking/0.0.3/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/go-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/swift-queries","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/swift-queries/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/swift-queries/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/javascript-queries","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-queries/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-queries/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]}]},"invocations":[{"toolExecutionNotifications":[{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java","uriBaseId":"%SRCROOT%","index":54}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/SimpleXXETest.java","uriBaseId":"%SRCROOT%","index":55}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java","uriBaseId":"%SRCROOT%","index":56}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/StoredXssCommentsTest.java","uriBaseId":"%SRCROOT%","index":57}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignmentTest.java","uriBaseId":"%SRCROOT%","index":58}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":59}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6aTest.java","uriBaseId":"%SRCROOT%","index":60}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/session/LessonTrackerTest.java","uriBaseId":"%SRCROOT%","index":61}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/IDORIntegrationTest.java","uriBaseId":"%SRCROOT%","index":62}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrievalTest.java","uriBaseId":"%SRCROOT%","index":63}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java","uriBaseId":"%SRCROOT%","index":64}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequestTest.java","uriBaseId":"%SRCROOT%","index":65}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java","uriBaseId":"%SRCROOT%","index":66}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProviderTest.java","uriBaseId":"%SRCROOT%","index":67}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13Test.java","uriBaseId":"%SRCROOT%","index":68}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java","uriBaseId":"%SRCROOT%","index":69}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java","uriBaseId":"%SRCROOT%","index":70}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/authbypass/BypassVerificationTest.java","uriBaseId":"%SRCROOT%","index":71}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxControllerTest.java","uriBaseId":"%SRCROOT%","index":72}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java","uriBaseId":"%SRCROOT%","index":73}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":74}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java","uriBaseId":"%SRCROOT%","index":75}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFixTest.java","uriBaseId":"%SRCROOT%","index":76}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/XSSIntegrationTest.java","uriBaseId":"%SRCROOT%","index":77}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":3}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java","uriBaseId":"%SRCROOT%","index":78}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/ReportCardServiceTest.java","uriBaseId":"%SRCROOT%","index":79}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/plugins/LessonTest.java","uriBaseId":"%SRCROOT%","index":80}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/cia/CIAQuizTest.java","uriBaseId":"%SRCROOT%","index":81}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":82}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/csrf/CSRFFeedbackTest.java","uriBaseId":"%SRCROOT%","index":83}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java","uriBaseId":"%SRCROOT%","index":84}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java","uriBaseId":"%SRCROOT%","index":85}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationTest.java","uriBaseId":"%SRCROOT%","index":86}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5Test.java","uriBaseId":"%SRCROOT%","index":87}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java","uriBaseId":"%SRCROOT%","index":88}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1Test.java","uriBaseId":"%SRCROOT%","index":89}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java","uriBaseId":"%SRCROOT%","index":90}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest2.java","uriBaseId":"%SRCROOT%","index":91}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":92}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserValidatorTest.java","uriBaseId":"%SRCROOT%","index":93}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/WebGoatApplication.java","uriBaseId":"%SRCROOT%","index":94}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":95}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignmentTest.java","uriBaseId":"%SRCROOT%","index":96}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5aTest.java","uriBaseId":"%SRCROOT%","index":97}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java","uriBaseId":"%SRCROOT%","index":98}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/SqlLessonTest.java","uriBaseId":"%SRCROOT%","index":99}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/user/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":100}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java","uriBaseId":"%SRCROOT%","index":101}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":102}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java","uriBaseId":"%SRCROOT%","index":103}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignmentTest.java","uriBaseId":"%SRCROOT%","index":104}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInputTest.java","uriBaseId":"%SRCROOT%","index":105}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingTest.java","uriBaseId":"%SRCROOT%","index":106}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevToolsTest.java","uriBaseId":"%SRCROOT%","index":107}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java","uriBaseId":"%SRCROOT%","index":108}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10Test.java","uriBaseId":"%SRCROOT%","index":109}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonProgressServiceTest.java","uriBaseId":"%SRCROOT%","index":110}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6bTest.java","uriBaseId":"%SRCROOT%","index":111}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2Test.java","uriBaseId":"%SRCROOT%","index":112}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":113}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":114}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpointTest.java","uriBaseId":"%SRCROOT%","index":115}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/cryptography/CryptoUtilTest.java","uriBaseId":"%SRCROOT%","index":116}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java","uriBaseId":"%SRCROOT%","index":117}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpointTest.java","uriBaseId":"%SRCROOT%","index":118}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/session/LabelDebuggerTest.java","uriBaseId":"%SRCROOT%","index":119}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpointTest.java","uriBaseId":"%SRCROOT%","index":120}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDecTest.java","uriBaseId":"%SRCROOT%","index":121}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":122}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidationTest.java","uriBaseId":"%SRCROOT%","index":123}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java","uriBaseId":"%SRCROOT%","index":124}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java","uriBaseId":"%SRCROOT%","index":125}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":126}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepositoryTest.java","uriBaseId":"%SRCROOT%","index":127}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserRepositoryTest.java","uriBaseId":"%SRCROOT%","index":128}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentTest.java","uriBaseId":"%SRCROOT%","index":129}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/deserialization/DeserializeTest.java","uriBaseId":"%SRCROOT%","index":130}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":131}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/challenges/Assignment1Test.java","uriBaseId":"%SRCROOT%","index":132}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9Test.java","uriBaseId":"%SRCROOT%","index":133}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest1.java","uriBaseId":"%SRCROOT%","index":134}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java","uriBaseId":"%SRCROOT%","index":135}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadTest.java","uriBaseId":"%SRCROOT%","index":136}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8Test.java","uriBaseId":"%SRCROOT%","index":137}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpointTest.java","uriBaseId":"%SRCROOT%","index":138}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/assignments/AssignmentEndpointTest.java","uriBaseId":"%SRCROOT%","index":139}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java","uriBaseId":"%SRCROOT%","index":140}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/IntegrationTest.java","uriBaseId":"%SRCROOT%","index":141}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/XXEIntegrationTest.java","uriBaseId":"%SRCROOT%","index":142}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java","uriBaseId":"%SRCROOT%","index":143}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":144}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/HintServiceTest.java","uriBaseId":"%SRCROOT%","index":145}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/WebSession.java","uriBaseId":"%SRCROOT%","index":146}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java","uriBaseId":"%SRCROOT%","index":147}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java","uriBaseId":"%SRCROOT%","index":148}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java","uriBaseId":"%SRCROOT%","index":149}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java","uriBaseId":"%SRCROOT%","index":150}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java","uriBaseId":"%SRCROOT%","index":151}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Language.java","uriBaseId":"%SRCROOT%","index":152}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java","uriBaseId":"%SRCROOT%","index":153}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java","uriBaseId":"%SRCROOT%","index":154}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java","uriBaseId":"%SRCROOT%","index":155}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/ParentConfig.java","uriBaseId":"%SRCROOT%","index":156}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java","uriBaseId":"%SRCROOT%","index":157}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/controller/StartLesson.java","uriBaseId":"%SRCROOT%","index":158}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserRepository.java","uriBaseId":"%SRCROOT%","index":159}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":52}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjection.java","uriBaseId":"%SRCROOT%","index":160}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordResetEmail.java","uriBaseId":"%SRCROOT%","index":161}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java","uriBaseId":"%SRCROOT%","index":162}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTController.java","uriBaseId":"%SRCROOT%","index":163}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserService.java","uriBaseId":"%SRCROOT%","index":164}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevTools.java","uriBaseId":"%SRCROOT%","index":165}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":166}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/Salaries.java","uriBaseId":"%SRCROOT%","index":167}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java","uriBaseId":"%SRCROOT%","index":168}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/resetlink/PasswordChangeForm.java","uriBaseId":"%SRCROOT%","index":169}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java","uriBaseId":"%SRCROOT%","index":170}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java","uriBaseId":"%SRCROOT%","index":171}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/SessionService.java","uriBaseId":"%SRCROOT%","index":172}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Ping.java","uriBaseId":"%SRCROOT%","index":173}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java","uriBaseId":"%SRCROOT%","index":174}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java","uriBaseId":"%SRCROOT%","index":175}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java","uriBaseId":"%SRCROOT%","index":176}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java","uriBaseId":"%SRCROOT%","index":177}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java","uriBaseId":"%SRCROOT%","index":178}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/LessonTracker.java","uriBaseId":"%SRCROOT%","index":179}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java","uriBaseId":"%SRCROOT%","index":180}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/Requests.java","uriBaseId":"%SRCROOT%","index":181}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":182}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java","uriBaseId":"%SRCROOT%","index":183}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java","uriBaseId":"%SRCROOT%","index":184}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":41}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java","uriBaseId":"%SRCROOT%","index":185}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java","uriBaseId":"%SRCROOT%","index":186}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebWolf.java","uriBaseId":"%SRCROOT%","index":187}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java","uriBaseId":"%SRCROOT%","index":188}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java","uriBaseId":"%SRCROOT%","index":189}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebGoat.java","uriBaseId":"%SRCROOT%","index":190}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java","uriBaseId":"%SRCROOT%","index":191}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/HammerHead.java","uriBaseId":"%SRCROOT%","index":192}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java","uriBaseId":"%SRCROOT%","index":193}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelService.java","uriBaseId":"%SRCROOT%","index":194}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java","uriBaseId":"%SRCROOT%","index":195}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordReset.java","uriBaseId":"%SRCROOT%","index":196}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java","uriBaseId":"%SRCROOT%","index":197}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java","uriBaseId":"%SRCROOT%","index":198}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java","uriBaseId":"%SRCROOT%","index":199}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java","uriBaseId":"%SRCROOT%","index":200}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java","uriBaseId":"%SRCROOT%","index":201}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Category.java","uriBaseId":"%SRCROOT%","index":202}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java","uriBaseId":"%SRCROOT%","index":203}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepository.java","uriBaseId":"%SRCROOT%","index":204}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/Review.java","uriBaseId":"%SRCROOT%","index":205}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java","uriBaseId":"%SRCROOT%","index":206}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java","uriBaseId":"%SRCROOT%","index":207}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java","uriBaseId":"%SRCROOT%","index":208}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":2}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java","uriBaseId":"%SRCROOT%","index":209}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java","uriBaseId":"%SRCROOT%","index":210}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":211}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java","uriBaseId":"%SRCROOT%","index":212}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java","uriBaseId":"%SRCROOT%","index":213}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java","uriBaseId":"%SRCROOT%","index":214}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":215}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java","uriBaseId":"%SRCROOT%","index":216}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java","uriBaseId":"%SRCROOT%","index":217}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/UserSessionData.java","uriBaseId":"%SRCROOT%","index":218}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":51}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java","uriBaseId":"%SRCROOT%","index":219}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTampering.java","uriBaseId":"%SRCROOT%","index":220}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flags.java","uriBaseId":"%SRCROOT%","index":221}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpProxies.java","uriBaseId":"%SRCROOT%","index":222}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsEndpoint.java","uriBaseId":"%SRCROOT%","index":223}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Hint.java","uriBaseId":"%SRCROOT%","index":224}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/controller/Welcome.java","uriBaseId":"%SRCROOT%","index":225}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":27}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Comment.java","uriBaseId":"%SRCROOT%","index":226}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/PathTraversal.java","uriBaseId":"%SRCROOT%","index":227}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java","uriBaseId":"%SRCROOT%","index":228}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java","uriBaseId":"%SRCROOT%","index":229}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java","uriBaseId":"%SRCROOT%","index":230}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":42}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java","uriBaseId":"%SRCROOT%","index":231}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java","uriBaseId":"%SRCROOT%","index":232}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java","uriBaseId":"%SRCROOT%","index":233}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasics.java","uriBaseId":"%SRCROOT%","index":234}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java","uriBaseId":"%SRCROOT%","index":235}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java","uriBaseId":"%SRCROOT%","index":236}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java","uriBaseId":"%SRCROOT%","index":237}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java","uriBaseId":"%SRCROOT%","index":238}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictions.java","uriBaseId":"%SRCROOT%","index":239}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java","uriBaseId":"%SRCROOT%","index":240}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java","uriBaseId":"%SRCROOT%","index":241}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java","uriBaseId":"%SRCROOT%","index":242}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":243}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/ReportCardService.java","uriBaseId":"%SRCROOT%","index":244}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpoint.java","uriBaseId":"%SRCROOT%","index":245}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":1}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java","uriBaseId":"%SRCROOT%","index":246}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/TriedQuestions.java","uriBaseId":"%SRCROOT%","index":247}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":248}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java","uriBaseId":"%SRCROOT%","index":249}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java","uriBaseId":"%SRCROOT%","index":250}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java","uriBaseId":"%SRCROOT%","index":251}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Email.java","uriBaseId":"%SRCROOT%","index":252}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java","uriBaseId":"%SRCROOT%","index":253}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java","uriBaseId":"%SRCROOT%","index":254}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java","uriBaseId":"%SRCROOT%","index":255}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java","uriBaseId":"%SRCROOT%","index":256}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/Comment.java","uriBaseId":"%SRCROOT%","index":257}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":53}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/WebWolfIntroduction.java","uriBaseId":"%SRCROOT%","index":258}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java","uriBaseId":"%SRCROOT%","index":259}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java","uriBaseId":"%SRCROOT%","index":260}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java","uriBaseId":"%SRCROOT%","index":261}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java","uriBaseId":"%SRCROOT%","index":262}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java","uriBaseId":"%SRCROOT%","index":263}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserValidator.java","uriBaseId":"%SRCROOT%","index":264}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java","uriBaseId":"%SRCROOT%","index":265}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java","uriBaseId":"%SRCROOT%","index":266}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":50}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java","uriBaseId":"%SRCROOT%","index":267}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java","uriBaseId":"%SRCROOT%","index":268}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Assignment.java","uriBaseId":"%SRCROOT%","index":269}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java","uriBaseId":"%SRCROOT%","index":270}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webgoatintroduction/WebGoatIntroduction.java","uriBaseId":"%SRCROOT%","index":271}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java","uriBaseId":"%SRCROOT%","index":272}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java","uriBaseId":"%SRCROOT%","index":273}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java","uriBaseId":"%SRCROOT%","index":274}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java","uriBaseId":"%SRCROOT%","index":275}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":46}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java","uriBaseId":"%SRCROOT%","index":276}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/User.java","uriBaseId":"%SRCROOT%","index":277}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java","uriBaseId":"%SRCROOT%","index":278}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserRepository.java","uriBaseId":"%SRCROOT%","index":279}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java","uriBaseId":"%SRCROOT%","index":280}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java","uriBaseId":"%SRCROOT%","index":281}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java","uriBaseId":"%SRCROOT%","index":282}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java","uriBaseId":"%SRCROOT%","index":283}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":284}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswords.java","uriBaseId":"%SRCROOT%","index":285}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/StartWebGoat.java","uriBaseId":"%SRCROOT%","index":286}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java","uriBaseId":"%SRCROOT%","index":287}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java","uriBaseId":"%SRCROOT%","index":288}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Messages.java","uriBaseId":"%SRCROOT%","index":289}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java","uriBaseId":"%SRCROOT%","index":290}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java","uriBaseId":"%SRCROOT%","index":291}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AuthBypass.java","uriBaseId":"%SRCROOT%","index":292}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Lesson.java","uriBaseId":"%SRCROOT%","index":293}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java","uriBaseId":"%SRCROOT%","index":294}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java","uriBaseId":"%SRCROOT%","index":295}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java","uriBaseId":"%SRCROOT%","index":296}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java","uriBaseId":"%SRCROOT%","index":297}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java","uriBaseId":"%SRCROOT%","index":298}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionAdvanced.java","uriBaseId":"%SRCROOT%","index":299}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java","uriBaseId":"%SRCROOT%","index":300}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIA.java","uriBaseId":"%SRCROOT%","index":301}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java","uriBaseId":"%SRCROOT%","index":302}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java","uriBaseId":"%SRCROOT%","index":303}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLogin.java","uriBaseId":"%SRCROOT%","index":304}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/Email.java","uriBaseId":"%SRCROOT%","index":305}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java","uriBaseId":"%SRCROOT%","index":306}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java","uriBaseId":"%SRCROOT%","index":307}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java","uriBaseId":"%SRCROOT%","index":308}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/LessonTemplate.java","uriBaseId":"%SRCROOT%","index":309}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":310}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java","uriBaseId":"%SRCROOT%","index":311}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java","uriBaseId":"%SRCROOT%","index":312}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/StartupMessage.java","uriBaseId":"%SRCROOT%","index":313}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFiltering.java","uriBaseId":"%SRCROOT%","index":314}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionMitigations.java","uriBaseId":"%SRCROOT%","index":315}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java","uriBaseId":"%SRCROOT%","index":316}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java","uriBaseId":"%SRCROOT%","index":317}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java","uriBaseId":"%SRCROOT%","index":318}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java","uriBaseId":"%SRCROOT%","index":319}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java","uriBaseId":"%SRCROOT%","index":320}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java","uriBaseId":"%SRCROOT%","index":321}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java","uriBaseId":"%SRCROOT%","index":322}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/WebWolfTraceRepository.java","uriBaseId":"%SRCROOT%","index":323}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java","uriBaseId":"%SRCROOT%","index":324}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/HintService.java","uriBaseId":"%SRCROOT%","index":325}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java","uriBaseId":"%SRCROOT%","index":326}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/LessonDataSource.java","uriBaseId":"%SRCROOT%","index":327}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/Scoreboard.java","uriBaseId":"%SRCROOT%","index":328}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AccountVerificationHelper.java","uriBaseId":"%SRCROOT%","index":329}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java","uriBaseId":"%SRCROOT%","index":330}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":331}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java","uriBaseId":"%SRCROOT%","index":332}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTracker.java","uriBaseId":"%SRCROOT%","index":333}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserSession.java","uriBaseId":"%SRCROOT%","index":334}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/Course.java","uriBaseId":"%SRCROOT%","index":335}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java","uriBaseId":"%SRCROOT%","index":336}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java","uriBaseId":"%SRCROOT%","index":337}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java","uriBaseId":"%SRCROOT%","index":338}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java","uriBaseId":"%SRCROOT%","index":339}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java","uriBaseId":"%SRCROOT%","index":340}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java","uriBaseId":"%SRCROOT%","index":341}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java","uriBaseId":"%SRCROOT%","index":342}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java","uriBaseId":"%SRCROOT%","index":343}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java","uriBaseId":"%SRCROOT%","index":344}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java","uriBaseId":"%SRCROOT%","index":345}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java","uriBaseId":"%SRCROOT%","index":346}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/Email.java","uriBaseId":"%SRCROOT%","index":347}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/User.java","uriBaseId":"%SRCROOT%","index":348}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":1}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/HintService.java","uriBaseId":"%SRCROOT%","index":325}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/StartupMessage.java","uriBaseId":"%SRCROOT%","index":349}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java","uriBaseId":"%SRCROOT%","index":332}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpoint.java","uriBaseId":"%SRCROOT%","index":245}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java","uriBaseId":"%SRCROOT%","index":255}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java","uriBaseId":"%SRCROOT%","index":339}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserRepository.java","uriBaseId":"%SRCROOT%","index":279}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasics.java","uriBaseId":"%SRCROOT%","index":234}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Assignment.java","uriBaseId":"%SRCROOT%","index":269}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":350}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java","uriBaseId":"%SRCROOT%","index":157}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/CommentsEndpoint.java","uriBaseId":"%SRCROOT%","index":351}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java","uriBaseId":"%SRCROOT%","index":344}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":182}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxControllerTest.java","uriBaseId":"%SRCROOT%","index":352}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java","uriBaseId":"%SRCROOT%","index":353}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java","uriBaseId":"%SRCROOT%","index":180}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java","uriBaseId":"%SRCROOT%","index":177}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java","uriBaseId":"%SRCROOT%","index":108}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java","uriBaseId":"%SRCROOT%","index":263}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionAdvanced.java","uriBaseId":"%SRCROOT%","index":299}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":354}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":355}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java","uriBaseId":"%SRCROOT%","index":321}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/ReportCardServiceTest.java","uriBaseId":"%SRCROOT%","index":356}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java","uriBaseId":"%SRCROOT%","index":357}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java","uriBaseId":"%SRCROOT%","index":358}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java","uriBaseId":"%SRCROOT%","index":359}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java","uriBaseId":"%SRCROOT%","index":360}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswords.java","uriBaseId":"%SRCROOT%","index":361}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java","uriBaseId":"%SRCROOT%","index":362}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java","uriBaseId":"%SRCROOT%","index":337}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java","uriBaseId":"%SRCROOT%","index":363}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java","uriBaseId":"%SRCROOT%","index":364}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":365}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java","uriBaseId":"%SRCROOT%","index":195}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/HammerHead.java","uriBaseId":"%SRCROOT%","index":366}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/controller/StartLesson.java","uriBaseId":"%SRCROOT%","index":158}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java","uriBaseId":"%SRCROOT%","index":367}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java","uriBaseId":"%SRCROOT%","index":368}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/challenges/Assignment1Test.java","uriBaseId":"%SRCROOT%","index":369}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":370}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIA.java","uriBaseId":"%SRCROOT%","index":301}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2Test.java","uriBaseId":"%SRCROOT%","index":371}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/User.java","uriBaseId":"%SRCROOT%","index":277}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java","uriBaseId":"%SRCROOT%","index":174}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java","uriBaseId":"%SRCROOT%","index":206}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":52}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java","uriBaseId":"%SRCROOT%","index":236}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTController.java","uriBaseId":"%SRCROOT%","index":163}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingTest.java","uriBaseId":"%SRCROOT%","index":106}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Assignment.java","uriBaseId":"%SRCROOT%","index":372}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java","uriBaseId":"%SRCROOT%","index":219}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":373}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFixTest.java","uriBaseId":"%SRCROOT%","index":76}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsEndpoint.java","uriBaseId":"%SRCROOT%","index":223}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/IDORIntegrationTest.java","uriBaseId":"%SRCROOT%","index":62}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":374}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/HintService.java","uriBaseId":"%SRCROOT%","index":375}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flags.java","uriBaseId":"%SRCROOT%","index":221}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/.mvn/wrapper/MavenWrapperDownloader.java","uriBaseId":"%SRCROOT%","index":376}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Hint.java","uriBaseId":"%SRCROOT%","index":377}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserTracker.java","uriBaseId":"%SRCROOT%","index":378}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasics.java","uriBaseId":"%SRCROOT%","index":379}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java","uriBaseId":"%SRCROOT%","index":380}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java","uriBaseId":"%SRCROOT%","index":199}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java","uriBaseId":"%SRCROOT%","index":312}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":381}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java","uriBaseId":"%SRCROOT%","index":382}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/StartWebGoat.java","uriBaseId":"%SRCROOT%","index":383}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java","uriBaseId":"%SRCROOT%","index":84}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java","uriBaseId":"%SRCROOT%","index":384}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java","uriBaseId":"%SRCROOT%","index":275}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java","uriBaseId":"%SRCROOT%","index":385}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java","uriBaseId":"%SRCROOT%","index":386}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordReset.java","uriBaseId":"%SRCROOT%","index":196}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java","uriBaseId":"%SRCROOT%","index":154}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebWolf.java","uriBaseId":"%SRCROOT%","index":187}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java","uriBaseId":"%SRCROOT%","index":316}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/jwt/JWTController.java","uriBaseId":"%SRCROOT%","index":387}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":388}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":389}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":390}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java","uriBaseId":"%SRCROOT%","index":391}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java","uriBaseId":"%SRCROOT%","index":186}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java","uriBaseId":"%SRCROOT%","index":392}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java","uriBaseId":"%SRCROOT%","index":393}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java","uriBaseId":"%SRCROOT%","index":394}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/authbypass/BypassVerificationTest.java","uriBaseId":"%SRCROOT%","index":395}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":396}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java","uriBaseId":"%SRCROOT%","index":295}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java","uriBaseId":"%SRCROOT%","index":397}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java","uriBaseId":"%SRCROOT%","index":398}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/StartupMessage.java","uriBaseId":"%SRCROOT%","index":313}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/authbypass/BypassVerificationTest.java","uriBaseId":"%SRCROOT%","index":71}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java","uriBaseId":"%SRCROOT%","index":98}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Flags.java","uriBaseId":"%SRCROOT%","index":399}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/Review.java","uriBaseId":"%SRCROOT%","index":400}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":401}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":402}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Category.java","uriBaseId":"%SRCROOT%","index":202}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java","uriBaseId":"%SRCROOT%","index":291}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java","uriBaseId":"%SRCROOT%","index":288}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProviderTest.java","uriBaseId":"%SRCROOT%","index":403}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserValidator.java","uriBaseId":"%SRCROOT%","index":404}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java","uriBaseId":"%SRCROOT%","index":405}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java","uriBaseId":"%SRCROOT%","index":406}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadTest.java","uriBaseId":"%SRCROOT%","index":136}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":407}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java","uriBaseId":"%SRCROOT%","index":408}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/TriedQuestions.java","uriBaseId":"%SRCROOT%","index":409}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":410}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":411}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6bTest.java","uriBaseId":"%SRCROOT%","index":111}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java","uriBaseId":"%SRCROOT%","index":412}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":413}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java","uriBaseId":"%SRCROOT%","index":183}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTampering.java","uriBaseId":"%SRCROOT%","index":414}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AccountVerificationHelper.java","uriBaseId":"%SRCROOT%","index":329}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java","uriBaseId":"%SRCROOT%","index":237}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserService.java","uriBaseId":"%SRCROOT%","index":164}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionMitigations.java","uriBaseId":"%SRCROOT%","index":415}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java","uriBaseId":"%SRCROOT%","index":64}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java","uriBaseId":"%SRCROOT%","index":416}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionMitigations.java","uriBaseId":"%SRCROOT%","index":315}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java","uriBaseId":"%SRCROOT%","index":417}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java","uriBaseId":"%SRCROOT%","index":418}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":419}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java","uriBaseId":"%SRCROOT%","index":420}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java","uriBaseId":"%SRCROOT%","index":242}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLogin.java","uriBaseId":"%SRCROOT%","index":304}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":215}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java","uriBaseId":"%SRCROOT%","index":149}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/Email.java","uriBaseId":"%SRCROOT%","index":421}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/cia/CIAQuizTest.java","uriBaseId":"%SRCROOT%","index":81}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java","uriBaseId":"%SRCROOT%","index":283}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":122}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":422}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java","uriBaseId":"%SRCROOT%","index":423}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Comment.java","uriBaseId":"%SRCROOT%","index":226}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java","uriBaseId":"%SRCROOT%","index":326}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/cryptography/CryptoUtilTest.java","uriBaseId":"%SRCROOT%","index":424}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/ReportCardService.java","uriBaseId":"%SRCROOT%","index":425}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webgoatintroduction/WebGoatIntroduction.java","uriBaseId":"%SRCROOT%","index":271}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java","uriBaseId":"%SRCROOT%","index":426}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/session/LessonTrackerTest.java","uriBaseId":"%SRCROOT%","index":61}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java","uriBaseId":"%SRCROOT%","index":427}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":428}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/Email.java","uriBaseId":"%SRCROOT%","index":429}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8Test.java","uriBaseId":"%SRCROOT%","index":137}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java","uriBaseId":"%SRCROOT%","index":69}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java","uriBaseId":"%SRCROOT%","index":148}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":430}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":431}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java","uriBaseId":"%SRCROOT%","index":432}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/user/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":100}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/ParentConfig.java","uriBaseId":"%SRCROOT%","index":156}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java","uriBaseId":"%SRCROOT%","index":260}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/controller/StartLesson.java","uriBaseId":"%SRCROOT%","index":433}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java","uriBaseId":"%SRCROOT%","index":434}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequestTest.java","uriBaseId":"%SRCROOT%","index":65}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6aTest.java","uriBaseId":"%SRCROOT%","index":435}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/WebWolfTraceRepository.java","uriBaseId":"%SRCROOT%","index":323}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java","uriBaseId":"%SRCROOT%","index":436}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java","uriBaseId":"%SRCROOT%","index":437}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java","uriBaseId":"%SRCROOT%","index":311}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java","uriBaseId":"%SRCROOT%","index":438}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/WebGoatApplication.java","uriBaseId":"%SRCROOT%","index":439}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevTools.java","uriBaseId":"%SRCROOT%","index":440}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDecTest.java","uriBaseId":"%SRCROOT%","index":121}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java","uriBaseId":"%SRCROOT%","index":300}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFixTest.java","uriBaseId":"%SRCROOT%","index":441}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":92}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/XSSIntegrationTest.java","uriBaseId":"%SRCROOT%","index":442}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java","uriBaseId":"%SRCROOT%","index":443}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java","uriBaseId":"%SRCROOT%","index":261}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":53}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/Language.java","uriBaseId":"%SRCROOT%","index":444}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java","uriBaseId":"%SRCROOT%","index":445}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java","uriBaseId":"%SRCROOT%","index":446}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java","uriBaseId":"%SRCROOT%","index":266}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/Course.java","uriBaseId":"%SRCROOT%","index":335}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":447}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepository.java","uriBaseId":"%SRCROOT%","index":204}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":131}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java","uriBaseId":"%SRCROOT%","index":448}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Messages.java","uriBaseId":"%SRCROOT%","index":289}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/LessonTracker.java","uriBaseId":"%SRCROOT%","index":179}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":449}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/WebGoatApplication.java","uriBaseId":"%SRCROOT%","index":94}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5aTest.java","uriBaseId":"%SRCROOT%","index":97}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":144}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java","uriBaseId":"%SRCROOT%","index":273}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/Salaries.java","uriBaseId":"%SRCROOT%","index":450}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java","uriBaseId":"%SRCROOT%","index":317}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java","uriBaseId":"%SRCROOT%","index":451}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java","uriBaseId":"%SRCROOT%","index":336}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java","uriBaseId":"%SRCROOT%","index":338}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/WebWolfIntroduction.java","uriBaseId":"%SRCROOT%","index":258}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/deserialization/DeserializeTest.java","uriBaseId":"%SRCROOT%","index":452}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java","uriBaseId":"%SRCROOT%","index":453}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":126}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java","uriBaseId":"%SRCROOT%","index":454}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java","uriBaseId":"%SRCROOT%","index":455}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java","uriBaseId":"%SRCROOT%","index":203}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java","uriBaseId":"%SRCROOT%","index":233}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserRepository.java","uriBaseId":"%SRCROOT%","index":456}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":457}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":27}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/csrf/CSRFFeedbackTest.java","uriBaseId":"%SRCROOT%","index":83}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":211}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6aTest.java","uriBaseId":"%SRCROOT%","index":60}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/Messages.java","uriBaseId":"%SRCROOT%","index":458}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":459}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java","uriBaseId":"%SRCROOT%","index":460}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java","uriBaseId":"%SRCROOT%","index":125}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrievalTest.java","uriBaseId":"%SRCROOT%","index":461}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":462}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java","uriBaseId":"%SRCROOT%","index":463}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":82}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java","uriBaseId":"%SRCROOT%","index":464}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":465}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest2.java","uriBaseId":"%SRCROOT%","index":466}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java","uriBaseId":"%SRCROOT%","index":467}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":468}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/XXEIntegrationTest.java","uriBaseId":"%SRCROOT%","index":469}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrievalTest.java","uriBaseId":"%SRCROOT%","index":63}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java","uriBaseId":"%SRCROOT%","index":470}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/LessonDataSource.java","uriBaseId":"%SRCROOT%","index":327}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserValidatorTest.java","uriBaseId":"%SRCROOT%","index":93}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8Test.java","uriBaseId":"%SRCROOT%","index":471}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java","uriBaseId":"%SRCROOT%","index":472}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cia/CIA.java","uriBaseId":"%SRCROOT%","index":473}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5aTest.java","uriBaseId":"%SRCROOT%","index":474}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":475}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java","uriBaseId":"%SRCROOT%","index":217}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java","uriBaseId":"%SRCROOT%","index":476}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/plugins/LessonTest.java","uriBaseId":"%SRCROOT%","index":477}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Email.java","uriBaseId":"%SRCROOT%","index":478}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/UserService.java","uriBaseId":"%SRCROOT%","index":479}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java","uriBaseId":"%SRCROOT%","index":246}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/UserSessionData.java","uriBaseId":"%SRCROOT%","index":480}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java","uriBaseId":"%SRCROOT%","index":280}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTracker.java","uriBaseId":"%SRCROOT%","index":333}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":284}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpoint.java","uriBaseId":"%SRCROOT%","index":481}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java","uriBaseId":"%SRCROOT%","index":70}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/ParentConfig.java","uriBaseId":"%SRCROOT%","index":482}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java","uriBaseId":"%SRCROOT%","index":302}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":59}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":248}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java","uriBaseId":"%SRCROOT%","index":483}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":484}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java","uriBaseId":"%SRCROOT%","index":485}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java","uriBaseId":"%SRCROOT%","index":486}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java","uriBaseId":"%SRCROOT%","index":487}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/UserRepository.java","uriBaseId":"%SRCROOT%","index":488}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java","uriBaseId":"%SRCROOT%","index":272}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java","uriBaseId":"%SRCROOT%","index":290}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignmentTest.java","uriBaseId":"%SRCROOT%","index":489}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/csrf/CSRFFeedbackTest.java","uriBaseId":"%SRCROOT%","index":490}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6bTest.java","uriBaseId":"%SRCROOT%","index":491}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":492}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java","uriBaseId":"%SRCROOT%","index":493}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java","uriBaseId":"%SRCROOT%","index":262}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java","uriBaseId":"%SRCROOT%","index":494}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/user/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":495}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/LessonDataSource.java","uriBaseId":"%SRCROOT%","index":496}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java","uriBaseId":"%SRCROOT%","index":497}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9Test.java","uriBaseId":"%SRCROOT%","index":133}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest2.java","uriBaseId":"%SRCROOT%","index":91}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpointTest.java","uriBaseId":"%SRCROOT%","index":498}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java","uriBaseId":"%SRCROOT%","index":175}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java","uriBaseId":"%SRCROOT%","index":207}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java","uriBaseId":"%SRCROOT%","index":188}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationTest.java","uriBaseId":"%SRCROOT%","index":86}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java","uriBaseId":"%SRCROOT%","index":297}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java","uriBaseId":"%SRCROOT%","index":499}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/IntegrationTest.java","uriBaseId":"%SRCROOT%","index":500}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1Test.java","uriBaseId":"%SRCROOT%","index":89}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java","uriBaseId":"%SRCROOT%","index":78}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/LessonTemplate.java","uriBaseId":"%SRCROOT%","index":309}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java","uriBaseId":"%SRCROOT%","index":230}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserValidator.java","uriBaseId":"%SRCROOT%","index":264}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10Test.java","uriBaseId":"%SRCROOT%","index":501}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevToolsTest.java","uriBaseId":"%SRCROOT%","index":502}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java","uriBaseId":"%SRCROOT%","index":503}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/session/LessonTrackerTest.java","uriBaseId":"%SRCROOT%","index":504}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":113}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java","uriBaseId":"%SRCROOT%","index":505}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java","uriBaseId":"%SRCROOT%","index":506}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidationTest.java","uriBaseId":"%SRCROOT%","index":123}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java","uriBaseId":"%SRCROOT%","index":507}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java","uriBaseId":"%SRCROOT%","index":232}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/cryptography/CryptoUtilTest.java","uriBaseId":"%SRCROOT%","index":116}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":508}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpointTest.java","uriBaseId":"%SRCROOT%","index":115}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTampering.java","uriBaseId":"%SRCROOT%","index":220}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java","uriBaseId":"%SRCROOT%","index":318}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/TriedQuestions.java","uriBaseId":"%SRCROOT%","index":247}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/PathTraversal.java","uriBaseId":"%SRCROOT%","index":227}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/Email.java","uriBaseId":"%SRCROOT%","index":305}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Lesson.java","uriBaseId":"%SRCROOT%","index":509}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":102}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Hint.java","uriBaseId":"%SRCROOT%","index":224}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java","uriBaseId":"%SRCROOT%","index":162}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepository.java","uriBaseId":"%SRCROOT%","index":510}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java","uriBaseId":"%SRCROOT%","index":511}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":74}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java","uriBaseId":"%SRCROOT%","index":512}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/Requests.java","uriBaseId":"%SRCROOT%","index":181}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/Course.java","uriBaseId":"%SRCROOT%","index":513}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentTest.java","uriBaseId":"%SRCROOT%","index":129}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java","uriBaseId":"%SRCROOT%","index":90}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LabelService.java","uriBaseId":"%SRCROOT%","index":514}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java","uriBaseId":"%SRCROOT%","index":189}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Lesson.java","uriBaseId":"%SRCROOT%","index":293}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":515}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java","uriBaseId":"%SRCROOT%","index":214}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/AccountVerificationHelper.java","uriBaseId":"%SRCROOT%","index":516}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepositoryTest.java","uriBaseId":"%SRCROOT%","index":517}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java","uriBaseId":"%SRCROOT%","index":518}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/WebSession.java","uriBaseId":"%SRCROOT%","index":519}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/Salaries.java","uriBaseId":"%SRCROOT%","index":167}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordResetEmail.java","uriBaseId":"%SRCROOT%","index":520}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10Test.java","uriBaseId":"%SRCROOT%","index":109}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java","uriBaseId":"%SRCROOT%","index":521}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebGoat.java","uriBaseId":"%SRCROOT%","index":190}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java","uriBaseId":"%SRCROOT%","index":191}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java","uriBaseId":"%SRCROOT%","index":522}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java","uriBaseId":"%SRCROOT%","index":523}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":524}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictions.java","uriBaseId":"%SRCROOT%","index":239}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":525}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/session/LabelDebuggerTest.java","uriBaseId":"%SRCROOT%","index":526}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java","uriBaseId":"%SRCROOT%","index":184}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java","uriBaseId":"%SRCROOT%","index":208}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignmentTest.java","uriBaseId":"%SRCROOT%","index":104}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":527}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":528}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":529}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java","uriBaseId":"%SRCROOT%","index":530}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java","uriBaseId":"%SRCROOT%","index":193}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java","uriBaseId":"%SRCROOT%","index":322}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java","uriBaseId":"%SRCROOT%","index":345}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java","uriBaseId":"%SRCROOT%","index":147}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserValidatorTest.java","uriBaseId":"%SRCROOT%","index":531}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":532}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java","uriBaseId":"%SRCROOT%","index":240}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java","uriBaseId":"%SRCROOT%","index":178}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignmentTest.java","uriBaseId":"%SRCROOT%","index":58}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java","uriBaseId":"%SRCROOT%","index":265}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java","uriBaseId":"%SRCROOT%","index":155}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java","uriBaseId":"%SRCROOT%","index":168}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java","uriBaseId":"%SRCROOT%","index":533}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java","uriBaseId":"%SRCROOT%","index":101}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java","uriBaseId":"%SRCROOT%","index":534}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxControllerTest.java","uriBaseId":"%SRCROOT%","index":72}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":535}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/cia/CIAQuizTest.java","uriBaseId":"%SRCROOT%","index":536}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java","uriBaseId":"%SRCROOT%","index":537}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepositoryTest.java","uriBaseId":"%SRCROOT%","index":127}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java","uriBaseId":"%SRCROOT%","index":324}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java","uriBaseId":"%SRCROOT%","index":538}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java","uriBaseId":"%SRCROOT%","index":539}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java","uriBaseId":"%SRCROOT%","index":540}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java","uriBaseId":"%SRCROOT%","index":256}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java","uriBaseId":"%SRCROOT%","index":541}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java","uriBaseId":"%SRCROOT%","index":542}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java","uriBaseId":"%SRCROOT%","index":241}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":543}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java","uriBaseId":"%SRCROOT%","index":342}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/Email.java","uriBaseId":"%SRCROOT%","index":347}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":544}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java","uriBaseId":"%SRCROOT%","index":259}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java","uriBaseId":"%SRCROOT%","index":253}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":95}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpointTest.java","uriBaseId":"%SRCROOT%","index":545}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":546}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java","uriBaseId":"%SRCROOT%","index":153}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":547}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5Test.java","uriBaseId":"%SRCROOT%","index":548}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/Review.java","uriBaseId":"%SRCROOT%","index":205}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java","uriBaseId":"%SRCROOT%","index":229}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java","uriBaseId":"%SRCROOT%","index":549}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/ReportCardServiceTest.java","uriBaseId":"%SRCROOT%","index":79}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/User.java","uriBaseId":"%SRCROOT%","index":348}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java","uriBaseId":"%SRCROOT%","index":550}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java","uriBaseId":"%SRCROOT%","index":151}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":42}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":551}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":2}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingTest.java","uriBaseId":"%SRCROOT%","index":552}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/WebWolfTraceRepository.java","uriBaseId":"%SRCROOT%","index":553}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java","uriBaseId":"%SRCROOT%","index":554}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest1.java","uriBaseId":"%SRCROOT%","index":555}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpointTest.java","uriBaseId":"%SRCROOT%","index":556}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/SqlLessonTest.java","uriBaseId":"%SRCROOT%","index":99}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationTest.java","uriBaseId":"%SRCROOT%","index":557}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java","uriBaseId":"%SRCROOT%","index":558}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/UserSessionData.java","uriBaseId":"%SRCROOT%","index":218}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":559}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java","uriBaseId":"%SRCROOT%","index":560}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/SessionService.java","uriBaseId":"%SRCROOT%","index":561}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":562}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInputTest.java","uriBaseId":"%SRCROOT%","index":105}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java","uriBaseId":"%SRCROOT%","index":251}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java","uriBaseId":"%SRCROOT%","index":563}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java","uriBaseId":"%SRCROOT%","index":88}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Email.java","uriBaseId":"%SRCROOT%","index":252}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java","uriBaseId":"%SRCROOT%","index":564}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/WebWolfIntroduction.java","uriBaseId":"%SRCROOT%","index":565}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java","uriBaseId":"%SRCROOT%","index":566}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java","uriBaseId":"%SRCROOT%","index":150}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java","uriBaseId":"%SRCROOT%","index":176}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java","uriBaseId":"%SRCROOT%","index":281}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswords.java","uriBaseId":"%SRCROOT%","index":285}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/LessonProgressServiceTest.java","uriBaseId":"%SRCROOT%","index":567}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":568}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AuthBypass.java","uriBaseId":"%SRCROOT%","index":292}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java","uriBaseId":"%SRCROOT%","index":569}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java","uriBaseId":"%SRCROOT%","index":75}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java","uriBaseId":"%SRCROOT%","index":143}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/controller/Welcome.java","uriBaseId":"%SRCROOT%","index":570}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java","uriBaseId":"%SRCROOT%","index":571}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/StoredXssCommentsTest.java","uriBaseId":"%SRCROOT%","index":57}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":572}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1Test.java","uriBaseId":"%SRCROOT%","index":573}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserSession.java","uriBaseId":"%SRCROOT%","index":334}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java","uriBaseId":"%SRCROOT%","index":574}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/lessontemplate/LessonTemplate.java","uriBaseId":"%SRCROOT%","index":575}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/plugins/LessonTest.java","uriBaseId":"%SRCROOT%","index":80}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/User.java","uriBaseId":"%SRCROOT%","index":576}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":3}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/assignments/AssignmentEndpointTest.java","uriBaseId":"%SRCROOT%","index":139}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java","uriBaseId":"%SRCROOT%","index":577}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":578}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java","uriBaseId":"%SRCROOT%","index":579}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/Comment.java","uriBaseId":"%SRCROOT%","index":580}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/controller/Welcome.java","uriBaseId":"%SRCROOT%","index":225}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/SessionService.java","uriBaseId":"%SRCROOT%","index":172}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInputTest.java","uriBaseId":"%SRCROOT%","index":581}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpointTest.java","uriBaseId":"%SRCROOT%","index":120}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/challenges/Assignment1Test.java","uriBaseId":"%SRCROOT%","index":132}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevToolsTest.java","uriBaseId":"%SRCROOT%","index":107}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserSession.java","uriBaseId":"%SRCROOT%","index":582}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/HintServiceTest.java","uriBaseId":"%SRCROOT%","index":145}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java","uriBaseId":"%SRCROOT%","index":583}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java","uriBaseId":"%SRCROOT%","index":584}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProviderTest.java","uriBaseId":"%SRCROOT%","index":67}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/StartWebGoat.java","uriBaseId":"%SRCROOT%","index":286}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDecTest.java","uriBaseId":"%SRCROOT%","index":585}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/AuthBypass.java","uriBaseId":"%SRCROOT%","index":586}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Language.java","uriBaseId":"%SRCROOT%","index":152}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionAdvanced.java","uriBaseId":"%SRCROOT%","index":587}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserRepository.java","uriBaseId":"%SRCROOT%","index":159}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjection.java","uriBaseId":"%SRCROOT%","index":588}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java","uriBaseId":"%SRCROOT%","index":343}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java","uriBaseId":"%SRCROOT%","index":66}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignmentTest.java","uriBaseId":"%SRCROOT%","index":589}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpProxies.java","uriBaseId":"%SRCROOT%","index":590}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/PathTraversal.java","uriBaseId":"%SRCROOT%","index":591}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java","uriBaseId":"%SRCROOT%","index":592}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":593}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java","uriBaseId":"%SRCROOT%","index":594}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java","uriBaseId":"%SRCROOT%","index":595}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadTest.java","uriBaseId":"%SRCROOT%","index":596}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java","uriBaseId":"%SRCROOT%","index":597}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java","uriBaseId":"%SRCROOT%","index":598}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":599}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Ping.java","uriBaseId":"%SRCROOT%","index":173}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":600}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":601}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":51}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFiltering.java","uriBaseId":"%SRCROOT%","index":314}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java","uriBaseId":"%SRCROOT%","index":602}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java","uriBaseId":"%SRCROOT%","index":296}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/HammerHead.java","uriBaseId":"%SRCROOT%","index":192}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/Requests.java","uriBaseId":"%SRCROOT%","index":603}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java","uriBaseId":"%SRCROOT%","index":117}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java","uriBaseId":"%SRCROOT%","index":604}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjection.java","uriBaseId":"%SRCROOT%","index":160}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java","uriBaseId":"%SRCROOT%","index":605}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java","uriBaseId":"%SRCROOT%","index":606}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/SimpleXXETest.java","uriBaseId":"%SRCROOT%","index":607}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":608}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java","uriBaseId":"%SRCROOT%","index":609}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java","uriBaseId":"%SRCROOT%","index":56}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":114}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java","uriBaseId":"%SRCROOT%","index":610}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/IDORIntegrationTest.java","uriBaseId":"%SRCROOT%","index":611}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/HintServiceTest.java","uriBaseId":"%SRCROOT%","index":612}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java","uriBaseId":"%SRCROOT%","index":613}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/session/LabelDebuggerTest.java","uriBaseId":"%SRCROOT%","index":119}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java","uriBaseId":"%SRCROOT%","index":614}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java","uriBaseId":"%SRCROOT%","index":298}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonProgressServiceTest.java","uriBaseId":"%SRCROOT%","index":110}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":615}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpointTest.java","uriBaseId":"%SRCROOT%","index":616}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java","uriBaseId":"%SRCROOT%","index":617}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java","uriBaseId":"%SRCROOT%","index":618}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java","uriBaseId":"%SRCROOT%","index":103}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java","uriBaseId":"%SRCROOT%","index":619}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Category.java","uriBaseId":"%SRCROOT%","index":620}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java","uriBaseId":"%SRCROOT%","index":294}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java","uriBaseId":"%SRCROOT%","index":621}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java","uriBaseId":"%SRCROOT%","index":622}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java","uriBaseId":"%SRCROOT%","index":623}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java","uriBaseId":"%SRCROOT%","index":270}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":41}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/assignments/AssignmentEndpointTest.java","uriBaseId":"%SRCROOT%","index":624}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":625}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/IntegrationTest.java","uriBaseId":"%SRCROOT%","index":141}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java","uriBaseId":"%SRCROOT%","index":197}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java","uriBaseId":"%SRCROOT%","index":626}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java","uriBaseId":"%SRCROOT%","index":282}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java","uriBaseId":"%SRCROOT%","index":627}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13Test.java","uriBaseId":"%SRCROOT%","index":68}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java","uriBaseId":"%SRCROOT%","index":628}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java","uriBaseId":"%SRCROOT%","index":303}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java","uriBaseId":"%SRCROOT%","index":274}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java","uriBaseId":"%SRCROOT%","index":320}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java","uriBaseId":"%SRCROOT%","index":629}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFiltering.java","uriBaseId":"%SRCROOT%","index":630}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/Comment.java","uriBaseId":"%SRCROOT%","index":631}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpProxies.java","uriBaseId":"%SRCROOT%","index":222}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequestTest.java","uriBaseId":"%SRCROOT%","index":632}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/WebSession.java","uriBaseId":"%SRCROOT%","index":146}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserRepositoryTest.java","uriBaseId":"%SRCROOT%","index":128}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java","uriBaseId":"%SRCROOT%","index":268}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java","uriBaseId":"%SRCROOT%","index":633}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java","uriBaseId":"%SRCROOT%","index":307}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java","uriBaseId":"%SRCROOT%","index":308}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java","uriBaseId":"%SRCROOT%","index":634}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":635}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java","uriBaseId":"%SRCROOT%","index":213}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java","uriBaseId":"%SRCROOT%","index":636}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/XXEIntegrationTest.java","uriBaseId":"%SRCROOT%","index":142}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":637}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/Ping.java","uriBaseId":"%SRCROOT%","index":638}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java","uriBaseId":"%SRCROOT%","index":639}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java","uriBaseId":"%SRCROOT%","index":198}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java","uriBaseId":"%SRCROOT%","index":640}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java","uriBaseId":"%SRCROOT%","index":238}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java","uriBaseId":"%SRCROOT%","index":641}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/LessonTracker.java","uriBaseId":"%SRCROOT%","index":642}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":50}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":331}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java","uriBaseId":"%SRCROOT%","index":643}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":644}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/deserialization/DeserializeTest.java","uriBaseId":"%SRCROOT%","index":130}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java","uriBaseId":"%SRCROOT%","index":200}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":645}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java","uriBaseId":"%SRCROOT%","index":170}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/User.java","uriBaseId":"%SRCROOT%","index":646}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java","uriBaseId":"%SRCROOT%","index":647}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java","uriBaseId":"%SRCROOT%","index":124}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":648}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java","uriBaseId":"%SRCROOT%","index":649}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpointTest.java","uriBaseId":"%SRCROOT%","index":118}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordReset.java","uriBaseId":"%SRCROOT%","index":650}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java","uriBaseId":"%SRCROOT%","index":651}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5Test.java","uriBaseId":"%SRCROOT%","index":87}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":243}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignmentTest.java","uriBaseId":"%SRCROOT%","index":96}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java","uriBaseId":"%SRCROOT%","index":652}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java","uriBaseId":"%SRCROOT%","index":135}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java","uriBaseId":"%SRCROOT%","index":287}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordResetEmail.java","uriBaseId":"%SRCROOT%","index":161}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/StoredXssCommentsTest.java","uriBaseId":"%SRCROOT%","index":653}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java","uriBaseId":"%SRCROOT%","index":654}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java","uriBaseId":"%SRCROOT%","index":267}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java","uriBaseId":"%SRCROOT%","index":655}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java","uriBaseId":"%SRCROOT%","index":73}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java","uriBaseId":"%SRCROOT%","index":254}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":166}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java","uriBaseId":"%SRCROOT%","index":346}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2Test.java","uriBaseId":"%SRCROOT%","index":112}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":656}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java","uriBaseId":"%SRCROOT%","index":210}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java","uriBaseId":"%SRCROOT%","index":657}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java","uriBaseId":"%SRCROOT%","index":658}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/Comment.java","uriBaseId":"%SRCROOT%","index":257}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java","uriBaseId":"%SRCROOT%","index":659}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java","uriBaseId":"%SRCROOT%","index":306}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java","uriBaseId":"%SRCROOT%","index":660}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/resetlink/PasswordChangeForm.java","uriBaseId":"%SRCROOT%","index":169}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java","uriBaseId":"%SRCROOT%","index":661}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/WebWolf.java","uriBaseId":"%SRCROOT%","index":662}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java","uriBaseId":"%SRCROOT%","index":663}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/SqlLessonTest.java","uriBaseId":"%SRCROOT%","index":664}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/resetlink/PasswordChangeForm.java","uriBaseId":"%SRCROOT%","index":665}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java","uriBaseId":"%SRCROOT%","index":319}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":666}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java","uriBaseId":"%SRCROOT%","index":667}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java","uriBaseId":"%SRCROOT%","index":54}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webgoatintroduction/WebGoatIntroduction.java","uriBaseId":"%SRCROOT%","index":668}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":669}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java","uriBaseId":"%SRCROOT%","index":228}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java","uriBaseId":"%SRCROOT%","index":670}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java","uriBaseId":"%SRCROOT%","index":185}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebGoat.java","uriBaseId":"%SRCROOT%","index":671}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserRepositoryTest.java","uriBaseId":"%SRCROOT%","index":672}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java","uriBaseId":"%SRCROOT%","index":171}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/ReportCardService.java","uriBaseId":"%SRCROOT%","index":244}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java","uriBaseId":"%SRCROOT%","index":341}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":673}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":674}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9Test.java","uriBaseId":"%SRCROOT%","index":675}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidationTest.java","uriBaseId":"%SRCROOT%","index":676}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":310}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java","uriBaseId":"%SRCROOT%","index":330}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java","uriBaseId":"%SRCROOT%","index":677}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLogin.java","uriBaseId":"%SRCROOT%","index":678}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/Scoreboard.java","uriBaseId":"%SRCROOT%","index":679}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java","uriBaseId":"%SRCROOT%","index":680}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java","uriBaseId":"%SRCROOT%","index":681}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignmentTest.java","uriBaseId":"%SRCROOT%","index":682}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java","uriBaseId":"%SRCROOT%","index":683}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java","uriBaseId":"%SRCROOT%","index":276}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java","uriBaseId":"%SRCROOT%","index":201}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java","uriBaseId":"%SRCROOT%","index":684}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java","uriBaseId":"%SRCROOT%","index":209}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":".mvn/wrapper/MavenWrapperDownloader.java","uriBaseId":"%SRCROOT%","index":685}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java","uriBaseId":"%SRCROOT%","index":249}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":686}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java","uriBaseId":"%SRCROOT%","index":340}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":687}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13Test.java","uriBaseId":"%SRCROOT%","index":688}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java","uriBaseId":"%SRCROOT%","index":689}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java","uriBaseId":"%SRCROOT%","index":690}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java","uriBaseId":"%SRCROOT%","index":278}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelService.java","uriBaseId":"%SRCROOT%","index":194}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":691}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":692}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java","uriBaseId":"%SRCROOT%","index":693}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java","uriBaseId":"%SRCROOT%","index":212}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpointTest.java","uriBaseId":"%SRCROOT%","index":138}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/Scoreboard.java","uriBaseId":"%SRCROOT%","index":328}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java","uriBaseId":"%SRCROOT%","index":231}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentTest.java","uriBaseId":"%SRCROOT%","index":694}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":46}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest1.java","uriBaseId":"%SRCROOT%","index":134}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/XSSIntegrationTest.java","uriBaseId":"%SRCROOT%","index":77}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java","uriBaseId":"%SRCROOT%","index":250}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":695}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java","uriBaseId":"%SRCROOT%","index":140}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java","uriBaseId":"%SRCROOT%","index":216}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java","uriBaseId":"%SRCROOT%","index":696}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevTools.java","uriBaseId":"%SRCROOT%","index":165}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/SimpleXXETest.java","uriBaseId":"%SRCROOT%","index":55}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java","uriBaseId":"%SRCROOT%","index":85}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictions.java","uriBaseId":"%SRCROOT%","index":697}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java","uriBaseId":"%SRCROOT%","index":698}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java","uriBaseId":"%SRCROOT%","index":235}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":699}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/scoreboardApp.js","uriBaseId":"%SRCROOT%","index":700}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/assignment3.js","uriBaseId":"%SRCROOT%","index":701}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/csrf/js/csrf-review.js","uriBaseId":"%SRCROOT%","index":702}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/xxe/js/xxe.js","uriBaseId":"%SRCROOT%","index":703}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/jwt/js/jwt-buy.js","uriBaseId":"%SRCROOT%","index":704}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/challenges/js/challenge8.js","uriBaseId":"%SRCROOT%","index":705}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/mode-java.js","uriBaseId":"%SRCROOT%","index":706}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/assignment10b.js","uriBaseId":"%SRCROOT%","index":707}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/TitleView.js","uriBaseId":"%SRCROOT%","index":708}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/idor/js/idor.js","uriBaseId":"%SRCROOT%","index":709}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery_form/jquery.form.js","uriBaseId":"%SRCROOT%","index":710}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/pathtraversal/js/path_traversal.js","uriBaseId":"%SRCROOT%","index":711}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/controller/MenuController.js","uriBaseId":"%SRCROOT%","index":712}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ErrorNotificationView.js","uriBaseId":"%SRCROOT%","index":713}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuButtonView.js","uriBaseId":"%SRCROOT%","index":714}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuData.js","uriBaseId":"%SRCROOT%","index":715}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js","uriBaseId":"%SRCROOT%","index":716}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-slider/js/bootstrap-slider.js","uriBaseId":"%SRCROOT%","index":717}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/UserAndInfoView.js","uriBaseId":"%SRCROOT%","index":718}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/text.js","uriBaseId":"%SRCROOT%","index":719}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuModel.js","uriBaseId":"%SRCROOT%","index":720}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-base.js","uriBaseId":"%SRCROOT%","index":721}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js","uriBaseId":"%SRCROOT%","index":722}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/jwt/js/jwt-refresh.js","uriBaseId":"%SRCROOT%","index":723}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-ui-1.10.4.js","uriBaseId":"%SRCROOT%","index":724}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/challenge.js","uriBaseId":"%SRCROOT%","index":725}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/theme-monokai.js","uriBaseId":"%SRCROOT%","index":726}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/AssignmentStatusModel.js","uriBaseId":"%SRCROOT%","index":727}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonOverviewCollection.js","uriBaseId":"%SRCROOT%","index":728}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HTMLContentModel.js","uriBaseId":"%SRCROOT%","index":729}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/ssrf/js/credentials.js","uriBaseId":"%SRCROOT%","index":730}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/clientsidefiltering/js/clientSideFilteringFree.js","uriBaseId":"%SRCROOT%","index":731}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/authbypass/js/bypass.js","uriBaseId":"%SRCROOT%","index":732}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuCollection.js","uriBaseId":"%SRCROOT%","index":733}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js","uriBaseId":"%SRCROOT%","index":734}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonInfoModel.js","uriBaseId":"%SRCROOT%","index":735}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/idor/js/idor.js","uriBaseId":"%SRCROOT%","index":736}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/TitleView.js","uriBaseId":"%SRCROOT%","index":737}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/PaginationControlView.js","uriBaseId":"%SRCROOT%","index":738}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonContentModel.js","uriBaseId":"%SRCROOT%","index":739}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HintModel.js","uriBaseId":"%SRCROOT%","index":740}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/jwt/js/jwt-voting.js","uriBaseId":"%SRCROOT%","index":741}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/goatApp.js","uriBaseId":"%SRCROOT%","index":742}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuModel.js","uriBaseId":"%SRCROOT%","index":743}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/FlagModel.js","uriBaseId":"%SRCROOT%","index":744}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/PaginationControlView.js","uriBaseId":"%SRCROOT%","index":745}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/jwt.js","uriBaseId":"%SRCROOT%","index":746}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webwolf/static/js/jwt.js","uriBaseId":"%SRCROOT%","index":747}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/csrf/js/csrf-review.js","uriBaseId":"%SRCROOT%","index":748}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/csrf/js/feedback.js","uriBaseId":"%SRCROOT%","index":749}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/quiz.js","uriBaseId":"%SRCROOT%","index":750}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/search.js","uriBaseId":"%SRCROOT%","index":751}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/jquery_form/jquery.form.js","uriBaseId":"%SRCROOT%","index":752}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-final.js","uriBaseId":"%SRCROOT%","index":753}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/challenges/js/challenge6.js","uriBaseId":"%SRCROOT%","index":754}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/underscore-min.js","uriBaseId":"%SRCROOT%","index":755}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/xss/js/assignment4.js","uriBaseId":"%SRCROOT%","index":756}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/sqlinjection/js/assignment10b.js","uriBaseId":"%SRCROOT%","index":757}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-refresh.js","uriBaseId":"%SRCROOT%","index":758}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/nanoScroller/jquery.nanoscroller.min.js","uriBaseId":"%SRCROOT%","index":759}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LabelDebugModel.js","uriBaseId":"%SRCROOT%","index":760}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuView.js","uriBaseId":"%SRCROOT%","index":761}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/pathtraversal/js/path_traversal.js","uriBaseId":"%SRCROOT%","index":762}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/GoatRouter.js","uriBaseId":"%SRCROOT%","index":763}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/insecurelogin/js/credentials.js","uriBaseId":"%SRCROOT%","index":764}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuData.js","uriBaseId":"%SRCROOT%","index":765}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ScoreboardView.js","uriBaseId":"%SRCROOT%","index":766}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webwolf/static/js/mail.js","uriBaseId":"%SRCROOT%","index":767}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-weak-keys.js","uriBaseId":"%SRCROOT%","index":768}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-ui.min.js","uriBaseId":"%SRCROOT%","index":769}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/controller/LessonController.js","uriBaseId":"%SRCROOT%","index":770}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/passwordreset/js/password-reset-simple.js","uriBaseId":"%SRCROOT%","index":771}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/controller/MenuController.js","uriBaseId":"%SRCROOT%","index":772}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonInfoModel.js","uriBaseId":"%SRCROOT%","index":773}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HTMLContentModel.js","uriBaseId":"%SRCROOT%","index":774}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/clientsidefiltering/js/clientSideFilteringFree.js","uriBaseId":"%SRCROOT%","index":775}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/CustomGoat.js","uriBaseId":"%SRCROOT%","index":776}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/toggle.js","uriBaseId":"%SRCROOT%","index":777}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/theme-monokai.js","uriBaseId":"%SRCROOT%","index":778}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/ssrf/js/credentials.js","uriBaseId":"%SRCROOT%","index":779}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webwolf/static/js/fileUpload.js","uriBaseId":"%SRCROOT%","index":780}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery.min.js","uriBaseId":"%SRCROOT%","index":781}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/GoatRouter.js","uriBaseId":"%SRCROOT%","index":782}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/goatConstants.js","uriBaseId":"%SRCROOT%","index":783}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-ui.min.js","uriBaseId":"%SRCROOT%","index":784}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/plugins/nanoScroller/jquery.nanoscroller.min.js","uriBaseId":"%SRCROOT%","index":785}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/goatAsyncErrorHandler.js","uriBaseId":"%SRCROOT%","index":786}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js","uriBaseId":"%SRCROOT%","index":787}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/polyglot.min.js","uriBaseId":"%SRCROOT%","index":788}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js","uriBaseId":"%SRCROOT%","index":789}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/ReportCardModel.js","uriBaseId":"%SRCROOT%","index":790}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/FlagsCollection.js","uriBaseId":"%SRCROOT%","index":791}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/ace.js","uriBaseId":"%SRCROOT%","index":792}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":793}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/insecurelogin/js/credentials.js","uriBaseId":"%SRCROOT%","index":794}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-buy.js","uriBaseId":"%SRCROOT%","index":795}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/goatApp.js","uriBaseId":"%SRCROOT%","index":796}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/AssignmentStatusModel.js","uriBaseId":"%SRCROOT%","index":797}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery.form.js","uriBaseId":"%SRCROOT%","index":798}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/ace.js","uriBaseId":"%SRCROOT%","index":799}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/backbone-min.js","uriBaseId":"%SRCROOT%","index":800}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuView.js","uriBaseId":"%SRCROOT%","index":801}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/LessonContentView.js","uriBaseId":"%SRCROOT%","index":802}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/authbypass/js/bypass.js","uriBaseId":"%SRCROOT%","index":803}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HintCollection.js","uriBaseId":"%SRCROOT%","index":804}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/sqlinjection/js/assignment13.js","uriBaseId":"%SRCROOT%","index":805}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/csrf/js/feedback.js","uriBaseId":"%SRCROOT%","index":806}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/application.js","uriBaseId":"%SRCROOT%","index":807}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/main.js","uriBaseId":"%SRCROOT%","index":808}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuCollection.js","uriBaseId":"%SRCROOT%","index":809}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js","uriBaseId":"%SRCROOT%","index":810}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js","uriBaseId":"%SRCROOT%","index":811}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js","uriBaseId":"%SRCROOT%","index":812}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/polyglot.min.js","uriBaseId":"%SRCROOT%","index":813}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/jwt/js/jwt-final.js","uriBaseId":"%SRCROOT%","index":814}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/HelpControlsView.js","uriBaseId":"%SRCROOT%","index":815}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/lessontemplate/js/idor.js","uriBaseId":"%SRCROOT%","index":816}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/require.min.js","uriBaseId":"%SRCROOT%","index":817}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HintModel.js","uriBaseId":"%SRCROOT%","index":818}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/ReportCardModel.js","uriBaseId":"%SRCROOT%","index":819}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/assignment4.js","uriBaseId":"%SRCROOT%","index":820}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/challenge8.js","uriBaseId":"%SRCROOT%","index":821}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/spoofcookie/js/handler.js","uriBaseId":"%SRCROOT%","index":822}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuItemView.js","uriBaseId":"%SRCROOT%","index":823}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/underscore-min.js","uriBaseId":"%SRCROOT%","index":824}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/search.js","uriBaseId":"%SRCROOT%","index":825}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonContentModel.js","uriBaseId":"%SRCROOT%","index":826}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/HintView.js","uriBaseId":"%SRCROOT%","index":827}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuItemView.js","uriBaseId":"%SRCROOT%","index":828}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-vuln.js","uriBaseId":"%SRCROOT%","index":829}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ScoreboardView.js","uriBaseId":"%SRCROOT%","index":830}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/assignment13.js","uriBaseId":"%SRCROOT%","index":831}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/lessontemplate/js/idor.js","uriBaseId":"%SRCROOT%","index":832}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/HelpControlsView.js","uriBaseId":"%SRCROOT%","index":833}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-slider/js/bootstrap-slider.js","uriBaseId":"%SRCROOT%","index":834}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/xss/js/stored-xss.js","uriBaseId":"%SRCROOT%","index":835}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/UserAndInfoView.js","uriBaseId":"%SRCROOT%","index":836}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery.min.js","uriBaseId":"%SRCROOT%","index":837}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":838}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js","uriBaseId":"%SRCROOT%","index":839}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/text.js","uriBaseId":"%SRCROOT%","index":840}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/backbone-min.js","uriBaseId":"%SRCROOT%","index":841}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/toggle.js","uriBaseId":"%SRCROOT%","index":842}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/fileUpload.js","uriBaseId":"%SRCROOT%","index":843}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-base.js","uriBaseId":"%SRCROOT%","index":844}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js","uriBaseId":"%SRCROOT%","index":845}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/jwt/js/jwt-weak-keys.js","uriBaseId":"%SRCROOT%","index":846}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HintCollection.js","uriBaseId":"%SRCROOT%","index":847}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js","uriBaseId":"%SRCROOT%","index":848}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/goatConstants.js","uriBaseId":"%SRCROOT%","index":849}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-voting.js","uriBaseId":"%SRCROOT%","index":850}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js","uriBaseId":"%SRCROOT%","index":851}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ReportCardView.js","uriBaseId":"%SRCROOT%","index":852}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LabelDebugModel.js","uriBaseId":"%SRCROOT%","index":853}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/challenges/js/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":854}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/scoreboardApp.js","uriBaseId":"%SRCROOT%","index":855}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/controller/LessonController.js","uriBaseId":"%SRCROOT%","index":856}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/sqlinjection/js/challenge.js","uriBaseId":"%SRCROOT%","index":857}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js","uriBaseId":"%SRCROOT%","index":858}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/FlagsCollection.js","uriBaseId":"%SRCROOT%","index":859}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonOverviewCollection.js","uriBaseId":"%SRCROOT%","index":860}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/xxe/js/xxe.js","uriBaseId":"%SRCROOT%","index":861}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/FlagModel.js","uriBaseId":"%SRCROOT%","index":862}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/passwordreset/js/password-reset-simple.js","uriBaseId":"%SRCROOT%","index":863}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ReportCardView.js","uriBaseId":"%SRCROOT%","index":864}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/scoreboard.js","uriBaseId":"%SRCROOT%","index":865}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":866}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js","uriBaseId":"%SRCROOT%","index":867}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/CustomGoat.js","uriBaseId":"%SRCROOT%","index":868}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/scoreboard.js","uriBaseId":"%SRCROOT%","index":869}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/modernizr.min.js","uriBaseId":"%SRCROOT%","index":870}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/mode-java.js","uriBaseId":"%SRCROOT%","index":871}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ErrorNotificationView.js","uriBaseId":"%SRCROOT%","index":872}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/HintView.js","uriBaseId":"%SRCROOT%","index":873}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/stored-xss.js","uriBaseId":"%SRCROOT%","index":874}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/challenge6.js","uriBaseId":"%SRCROOT%","index":875}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/spoofcookie/js/handler.js","uriBaseId":"%SRCROOT%","index":876}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/main.js","uriBaseId":"%SRCROOT%","index":877}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/application.js","uriBaseId":"%SRCROOT%","index":878}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuButtonView.js","uriBaseId":"%SRCROOT%","index":879}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/xss/js/assignment3.js","uriBaseId":"%SRCROOT%","index":880}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/mail.js","uriBaseId":"%SRCROOT%","index":881}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/LessonContentView.js","uriBaseId":"%SRCROOT%","index":882}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/require.min.js","uriBaseId":"%SRCROOT%","index":883}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-vuln.js","uriBaseId":"%SRCROOT%","index":884}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/quiz.js","uriBaseId":"%SRCROOT%","index":885}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-ui-1.10.4.js","uriBaseId":"%SRCROOT%","index":886}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/goatAsyncErrorHandler.js","uriBaseId":"%SRCROOT%","index":887}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery.form.js","uriBaseId":"%SRCROOT%","index":888}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/modernizr.min.js","uriBaseId":"%SRCROOT%","index":889}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}}],"executionSuccessful":true}],"artifacts":[{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":1}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":2}},{"location":{"uri":"src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":3}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":27}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":41}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":42}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":46}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":50}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":51}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":52}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":53}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java","uriBaseId":"%SRCROOT%","index":54}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/SimpleXXETest.java","uriBaseId":"%SRCROOT%","index":55}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java","uriBaseId":"%SRCROOT%","index":56}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/StoredXssCommentsTest.java","uriBaseId":"%SRCROOT%","index":57}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignmentTest.java","uriBaseId":"%SRCROOT%","index":58}},{"location":{"uri":"src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":59}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6aTest.java","uriBaseId":"%SRCROOT%","index":60}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/session/LessonTrackerTest.java","uriBaseId":"%SRCROOT%","index":61}},{"location":{"uri":"src/it/java/org/owasp/webgoat/IDORIntegrationTest.java","uriBaseId":"%SRCROOT%","index":62}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrievalTest.java","uriBaseId":"%SRCROOT%","index":63}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java","uriBaseId":"%SRCROOT%","index":64}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequestTest.java","uriBaseId":"%SRCROOT%","index":65}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java","uriBaseId":"%SRCROOT%","index":66}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProviderTest.java","uriBaseId":"%SRCROOT%","index":67}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13Test.java","uriBaseId":"%SRCROOT%","index":68}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java","uriBaseId":"%SRCROOT%","index":69}},{"location":{"uri":"src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java","uriBaseId":"%SRCROOT%","index":70}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/authbypass/BypassVerificationTest.java","uriBaseId":"%SRCROOT%","index":71}},{"location":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxControllerTest.java","uriBaseId":"%SRCROOT%","index":72}},{"location":{"uri":"src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java","uriBaseId":"%SRCROOT%","index":73}},{"location":{"uri":"src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":74}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java","uriBaseId":"%SRCROOT%","index":75}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFixTest.java","uriBaseId":"%SRCROOT%","index":76}},{"location":{"uri":"src/it/java/org/owasp/webgoat/XSSIntegrationTest.java","uriBaseId":"%SRCROOT%","index":77}},{"location":{"uri":"src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java","uriBaseId":"%SRCROOT%","index":78}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/service/ReportCardServiceTest.java","uriBaseId":"%SRCROOT%","index":79}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/plugins/LessonTest.java","uriBaseId":"%SRCROOT%","index":80}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/cia/CIAQuizTest.java","uriBaseId":"%SRCROOT%","index":81}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":82}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/csrf/CSRFFeedbackTest.java","uriBaseId":"%SRCROOT%","index":83}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java","uriBaseId":"%SRCROOT%","index":84}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java","uriBaseId":"%SRCROOT%","index":85}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationTest.java","uriBaseId":"%SRCROOT%","index":86}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5Test.java","uriBaseId":"%SRCROOT%","index":87}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java","uriBaseId":"%SRCROOT%","index":88}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1Test.java","uriBaseId":"%SRCROOT%","index":89}},{"location":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java","uriBaseId":"%SRCROOT%","index":90}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest2.java","uriBaseId":"%SRCROOT%","index":91}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":92}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserValidatorTest.java","uriBaseId":"%SRCROOT%","index":93}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/WebGoatApplication.java","uriBaseId":"%SRCROOT%","index":94}},{"location":{"uri":"src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":95}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignmentTest.java","uriBaseId":"%SRCROOT%","index":96}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5aTest.java","uriBaseId":"%SRCROOT%","index":97}},{"location":{"uri":"src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java","uriBaseId":"%SRCROOT%","index":98}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/SqlLessonTest.java","uriBaseId":"%SRCROOT%","index":99}},{"location":{"uri":"src/test/java/org/owasp/webgoat/webwolf/user/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":100}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java","uriBaseId":"%SRCROOT%","index":101}},{"location":{"uri":"src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":102}},{"location":{"uri":"src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java","uriBaseId":"%SRCROOT%","index":103}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignmentTest.java","uriBaseId":"%SRCROOT%","index":104}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInputTest.java","uriBaseId":"%SRCROOT%","index":105}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingTest.java","uriBaseId":"%SRCROOT%","index":106}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevToolsTest.java","uriBaseId":"%SRCROOT%","index":107}},{"location":{"uri":"src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java","uriBaseId":"%SRCROOT%","index":108}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10Test.java","uriBaseId":"%SRCROOT%","index":109}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonProgressServiceTest.java","uriBaseId":"%SRCROOT%","index":110}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6bTest.java","uriBaseId":"%SRCROOT%","index":111}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2Test.java","uriBaseId":"%SRCROOT%","index":112}},{"location":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":113}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":114}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpointTest.java","uriBaseId":"%SRCROOT%","index":115}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/cryptography/CryptoUtilTest.java","uriBaseId":"%SRCROOT%","index":116}},{"location":{"uri":"src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java","uriBaseId":"%SRCROOT%","index":117}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpointTest.java","uriBaseId":"%SRCROOT%","index":118}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/session/LabelDebuggerTest.java","uriBaseId":"%SRCROOT%","index":119}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpointTest.java","uriBaseId":"%SRCROOT%","index":120}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDecTest.java","uriBaseId":"%SRCROOT%","index":121}},{"location":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":122}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidationTest.java","uriBaseId":"%SRCROOT%","index":123}},{"location":{"uri":"src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java","uriBaseId":"%SRCROOT%","index":124}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java","uriBaseId":"%SRCROOT%","index":125}},{"location":{"uri":"src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":126}},{"location":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepositoryTest.java","uriBaseId":"%SRCROOT%","index":127}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserRepositoryTest.java","uriBaseId":"%SRCROOT%","index":128}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentTest.java","uriBaseId":"%SRCROOT%","index":129}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/deserialization/DeserializeTest.java","uriBaseId":"%SRCROOT%","index":130}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":131}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/challenges/Assignment1Test.java","uriBaseId":"%SRCROOT%","index":132}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9Test.java","uriBaseId":"%SRCROOT%","index":133}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest1.java","uriBaseId":"%SRCROOT%","index":134}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java","uriBaseId":"%SRCROOT%","index":135}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadTest.java","uriBaseId":"%SRCROOT%","index":136}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8Test.java","uriBaseId":"%SRCROOT%","index":137}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpointTest.java","uriBaseId":"%SRCROOT%","index":138}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/assignments/AssignmentEndpointTest.java","uriBaseId":"%SRCROOT%","index":139}},{"location":{"uri":"src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java","uriBaseId":"%SRCROOT%","index":140}},{"location":{"uri":"src/it/java/org/owasp/webgoat/IntegrationTest.java","uriBaseId":"%SRCROOT%","index":141}},{"location":{"uri":"src/it/java/org/owasp/webgoat/XXEIntegrationTest.java","uriBaseId":"%SRCROOT%","index":142}},{"location":{"uri":"src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java","uriBaseId":"%SRCROOT%","index":143}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":144}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/service/HintServiceTest.java","uriBaseId":"%SRCROOT%","index":145}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/session/WebSession.java","uriBaseId":"%SRCROOT%","index":146}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java","uriBaseId":"%SRCROOT%","index":147}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java","uriBaseId":"%SRCROOT%","index":148}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java","uriBaseId":"%SRCROOT%","index":149}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java","uriBaseId":"%SRCROOT%","index":150}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java","uriBaseId":"%SRCROOT%","index":151}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Language.java","uriBaseId":"%SRCROOT%","index":152}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java","uriBaseId":"%SRCROOT%","index":153}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java","uriBaseId":"%SRCROOT%","index":154}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java","uriBaseId":"%SRCROOT%","index":155}},{"location":{"uri":"src/main/java/org/owasp/webgoat/server/ParentConfig.java","uriBaseId":"%SRCROOT%","index":156}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java","uriBaseId":"%SRCROOT%","index":157}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/controller/StartLesson.java","uriBaseId":"%SRCROOT%","index":158}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserRepository.java","uriBaseId":"%SRCROOT%","index":159}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjection.java","uriBaseId":"%SRCROOT%","index":160}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordResetEmail.java","uriBaseId":"%SRCROOT%","index":161}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java","uriBaseId":"%SRCROOT%","index":162}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTController.java","uriBaseId":"%SRCROOT%","index":163}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserService.java","uriBaseId":"%SRCROOT%","index":164}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevTools.java","uriBaseId":"%SRCROOT%","index":165}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":166}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/Salaries.java","uriBaseId":"%SRCROOT%","index":167}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java","uriBaseId":"%SRCROOT%","index":168}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/resetlink/PasswordChangeForm.java","uriBaseId":"%SRCROOT%","index":169}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java","uriBaseId":"%SRCROOT%","index":170}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java","uriBaseId":"%SRCROOT%","index":171}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/SessionService.java","uriBaseId":"%SRCROOT%","index":172}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Ping.java","uriBaseId":"%SRCROOT%","index":173}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java","uriBaseId":"%SRCROOT%","index":174}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java","uriBaseId":"%SRCROOT%","index":175}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java","uriBaseId":"%SRCROOT%","index":176}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java","uriBaseId":"%SRCROOT%","index":177}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java","uriBaseId":"%SRCROOT%","index":178}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/LessonTracker.java","uriBaseId":"%SRCROOT%","index":179}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java","uriBaseId":"%SRCROOT%","index":180}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/Requests.java","uriBaseId":"%SRCROOT%","index":181}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":182}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java","uriBaseId":"%SRCROOT%","index":183}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java","uriBaseId":"%SRCROOT%","index":184}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java","uriBaseId":"%SRCROOT%","index":185}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java","uriBaseId":"%SRCROOT%","index":186}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebWolf.java","uriBaseId":"%SRCROOT%","index":187}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java","uriBaseId":"%SRCROOT%","index":188}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java","uriBaseId":"%SRCROOT%","index":189}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/WebGoat.java","uriBaseId":"%SRCROOT%","index":190}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java","uriBaseId":"%SRCROOT%","index":191}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/HammerHead.java","uriBaseId":"%SRCROOT%","index":192}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java","uriBaseId":"%SRCROOT%","index":193}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelService.java","uriBaseId":"%SRCROOT%","index":194}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java","uriBaseId":"%SRCROOT%","index":195}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordReset.java","uriBaseId":"%SRCROOT%","index":196}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java","uriBaseId":"%SRCROOT%","index":197}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java","uriBaseId":"%SRCROOT%","index":198}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java","uriBaseId":"%SRCROOT%","index":199}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java","uriBaseId":"%SRCROOT%","index":200}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java","uriBaseId":"%SRCROOT%","index":201}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Category.java","uriBaseId":"%SRCROOT%","index":202}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java","uriBaseId":"%SRCROOT%","index":203}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepository.java","uriBaseId":"%SRCROOT%","index":204}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/Review.java","uriBaseId":"%SRCROOT%","index":205}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java","uriBaseId":"%SRCROOT%","index":206}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java","uriBaseId":"%SRCROOT%","index":207}},{"location":{"uri":"src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java","uriBaseId":"%SRCROOT%","index":208}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java","uriBaseId":"%SRCROOT%","index":209}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java","uriBaseId":"%SRCROOT%","index":210}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":211}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java","uriBaseId":"%SRCROOT%","index":212}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java","uriBaseId":"%SRCROOT%","index":213}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java","uriBaseId":"%SRCROOT%","index":214}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":215}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java","uriBaseId":"%SRCROOT%","index":216}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java","uriBaseId":"%SRCROOT%","index":217}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/session/UserSessionData.java","uriBaseId":"%SRCROOT%","index":218}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java","uriBaseId":"%SRCROOT%","index":219}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTampering.java","uriBaseId":"%SRCROOT%","index":220}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flags.java","uriBaseId":"%SRCROOT%","index":221}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpProxies.java","uriBaseId":"%SRCROOT%","index":222}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsEndpoint.java","uriBaseId":"%SRCROOT%","index":223}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Hint.java","uriBaseId":"%SRCROOT%","index":224}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/controller/Welcome.java","uriBaseId":"%SRCROOT%","index":225}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Comment.java","uriBaseId":"%SRCROOT%","index":226}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/PathTraversal.java","uriBaseId":"%SRCROOT%","index":227}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java","uriBaseId":"%SRCROOT%","index":228}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java","uriBaseId":"%SRCROOT%","index":229}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java","uriBaseId":"%SRCROOT%","index":230}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java","uriBaseId":"%SRCROOT%","index":231}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java","uriBaseId":"%SRCROOT%","index":232}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java","uriBaseId":"%SRCROOT%","index":233}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasics.java","uriBaseId":"%SRCROOT%","index":234}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java","uriBaseId":"%SRCROOT%","index":235}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java","uriBaseId":"%SRCROOT%","index":236}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java","uriBaseId":"%SRCROOT%","index":237}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java","uriBaseId":"%SRCROOT%","index":238}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictions.java","uriBaseId":"%SRCROOT%","index":239}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java","uriBaseId":"%SRCROOT%","index":240}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java","uriBaseId":"%SRCROOT%","index":241}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java","uriBaseId":"%SRCROOT%","index":242}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":243}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/ReportCardService.java","uriBaseId":"%SRCROOT%","index":244}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpoint.java","uriBaseId":"%SRCROOT%","index":245}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java","uriBaseId":"%SRCROOT%","index":246}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/TriedQuestions.java","uriBaseId":"%SRCROOT%","index":247}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":248}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java","uriBaseId":"%SRCROOT%","index":249}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java","uriBaseId":"%SRCROOT%","index":250}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java","uriBaseId":"%SRCROOT%","index":251}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Email.java","uriBaseId":"%SRCROOT%","index":252}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java","uriBaseId":"%SRCROOT%","index":253}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java","uriBaseId":"%SRCROOT%","index":254}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java","uriBaseId":"%SRCROOT%","index":255}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java","uriBaseId":"%SRCROOT%","index":256}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/Comment.java","uriBaseId":"%SRCROOT%","index":257}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/WebWolfIntroduction.java","uriBaseId":"%SRCROOT%","index":258}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java","uriBaseId":"%SRCROOT%","index":259}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java","uriBaseId":"%SRCROOT%","index":260}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java","uriBaseId":"%SRCROOT%","index":261}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java","uriBaseId":"%SRCROOT%","index":262}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java","uriBaseId":"%SRCROOT%","index":263}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserValidator.java","uriBaseId":"%SRCROOT%","index":264}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java","uriBaseId":"%SRCROOT%","index":265}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java","uriBaseId":"%SRCROOT%","index":266}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java","uriBaseId":"%SRCROOT%","index":267}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java","uriBaseId":"%SRCROOT%","index":268}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Assignment.java","uriBaseId":"%SRCROOT%","index":269}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java","uriBaseId":"%SRCROOT%","index":270}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/webgoatintroduction/WebGoatIntroduction.java","uriBaseId":"%SRCROOT%","index":271}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java","uriBaseId":"%SRCROOT%","index":272}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java","uriBaseId":"%SRCROOT%","index":273}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java","uriBaseId":"%SRCROOT%","index":274}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java","uriBaseId":"%SRCROOT%","index":275}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java","uriBaseId":"%SRCROOT%","index":276}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/User.java","uriBaseId":"%SRCROOT%","index":277}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java","uriBaseId":"%SRCROOT%","index":278}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserRepository.java","uriBaseId":"%SRCROOT%","index":279}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java","uriBaseId":"%SRCROOT%","index":280}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java","uriBaseId":"%SRCROOT%","index":281}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java","uriBaseId":"%SRCROOT%","index":282}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java","uriBaseId":"%SRCROOT%","index":283}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":284}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswords.java","uriBaseId":"%SRCROOT%","index":285}},{"location":{"uri":"src/main/java/org/owasp/webgoat/server/StartWebGoat.java","uriBaseId":"%SRCROOT%","index":286}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java","uriBaseId":"%SRCROOT%","index":287}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java","uriBaseId":"%SRCROOT%","index":288}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Messages.java","uriBaseId":"%SRCROOT%","index":289}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java","uriBaseId":"%SRCROOT%","index":290}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java","uriBaseId":"%SRCROOT%","index":291}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AuthBypass.java","uriBaseId":"%SRCROOT%","index":292}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Lesson.java","uriBaseId":"%SRCROOT%","index":293}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java","uriBaseId":"%SRCROOT%","index":294}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java","uriBaseId":"%SRCROOT%","index":295}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java","uriBaseId":"%SRCROOT%","index":296}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java","uriBaseId":"%SRCROOT%","index":297}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java","uriBaseId":"%SRCROOT%","index":298}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionAdvanced.java","uriBaseId":"%SRCROOT%","index":299}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java","uriBaseId":"%SRCROOT%","index":300}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIA.java","uriBaseId":"%SRCROOT%","index":301}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java","uriBaseId":"%SRCROOT%","index":302}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java","uriBaseId":"%SRCROOT%","index":303}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLogin.java","uriBaseId":"%SRCROOT%","index":304}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/Email.java","uriBaseId":"%SRCROOT%","index":305}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java","uriBaseId":"%SRCROOT%","index":306}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java","uriBaseId":"%SRCROOT%","index":307}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java","uriBaseId":"%SRCROOT%","index":308}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/LessonTemplate.java","uriBaseId":"%SRCROOT%","index":309}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":310}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java","uriBaseId":"%SRCROOT%","index":311}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java","uriBaseId":"%SRCROOT%","index":312}},{"location":{"uri":"src/main/java/org/owasp/webgoat/server/StartupMessage.java","uriBaseId":"%SRCROOT%","index":313}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFiltering.java","uriBaseId":"%SRCROOT%","index":314}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionMitigations.java","uriBaseId":"%SRCROOT%","index":315}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java","uriBaseId":"%SRCROOT%","index":316}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java","uriBaseId":"%SRCROOT%","index":317}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java","uriBaseId":"%SRCROOT%","index":318}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java","uriBaseId":"%SRCROOT%","index":319}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java","uriBaseId":"%SRCROOT%","index":320}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java","uriBaseId":"%SRCROOT%","index":321}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java","uriBaseId":"%SRCROOT%","index":322}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/WebWolfTraceRepository.java","uriBaseId":"%SRCROOT%","index":323}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java","uriBaseId":"%SRCROOT%","index":324}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/HintService.java","uriBaseId":"%SRCROOT%","index":325}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java","uriBaseId":"%SRCROOT%","index":326}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/LessonDataSource.java","uriBaseId":"%SRCROOT%","index":327}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/Scoreboard.java","uriBaseId":"%SRCROOT%","index":328}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AccountVerificationHelper.java","uriBaseId":"%SRCROOT%","index":329}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java","uriBaseId":"%SRCROOT%","index":330}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":331}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java","uriBaseId":"%SRCROOT%","index":332}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTracker.java","uriBaseId":"%SRCROOT%","index":333}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserSession.java","uriBaseId":"%SRCROOT%","index":334}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/session/Course.java","uriBaseId":"%SRCROOT%","index":335}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java","uriBaseId":"%SRCROOT%","index":336}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java","uriBaseId":"%SRCROOT%","index":337}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java","uriBaseId":"%SRCROOT%","index":338}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java","uriBaseId":"%SRCROOT%","index":339}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java","uriBaseId":"%SRCROOT%","index":340}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java","uriBaseId":"%SRCROOT%","index":341}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java","uriBaseId":"%SRCROOT%","index":342}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java","uriBaseId":"%SRCROOT%","index":343}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java","uriBaseId":"%SRCROOT%","index":344}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java","uriBaseId":"%SRCROOT%","index":345}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java","uriBaseId":"%SRCROOT%","index":346}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/Email.java","uriBaseId":"%SRCROOT%","index":347}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/User.java","uriBaseId":"%SRCROOT%","index":348}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/StartupMessage.java","uriBaseId":"%SRCROOT%","index":349}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":350}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/CommentsEndpoint.java","uriBaseId":"%SRCROOT%","index":351}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxControllerTest.java","uriBaseId":"%SRCROOT%","index":352}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java","uriBaseId":"%SRCROOT%","index":353}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":354}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":355}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/ReportCardServiceTest.java","uriBaseId":"%SRCROOT%","index":356}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java","uriBaseId":"%SRCROOT%","index":357}},{"location":{"uri":"src-delomboked/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java","uriBaseId":"%SRCROOT%","index":358}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java","uriBaseId":"%SRCROOT%","index":359}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java","uriBaseId":"%SRCROOT%","index":360}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswords.java","uriBaseId":"%SRCROOT%","index":361}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java","uriBaseId":"%SRCROOT%","index":362}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java","uriBaseId":"%SRCROOT%","index":363}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java","uriBaseId":"%SRCROOT%","index":364}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":365}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/HammerHead.java","uriBaseId":"%SRCROOT%","index":366}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java","uriBaseId":"%SRCROOT%","index":367}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java","uriBaseId":"%SRCROOT%","index":368}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/challenges/Assignment1Test.java","uriBaseId":"%SRCROOT%","index":369}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":370}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2Test.java","uriBaseId":"%SRCROOT%","index":371}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Assignment.java","uriBaseId":"%SRCROOT%","index":372}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":373}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":374}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/HintService.java","uriBaseId":"%SRCROOT%","index":375}},{"location":{"uri":"src-delomboked/.mvn/wrapper/MavenWrapperDownloader.java","uriBaseId":"%SRCROOT%","index":376}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Hint.java","uriBaseId":"%SRCROOT%","index":377}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserTracker.java","uriBaseId":"%SRCROOT%","index":378}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasics.java","uriBaseId":"%SRCROOT%","index":379}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java","uriBaseId":"%SRCROOT%","index":380}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":381}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java","uriBaseId":"%SRCROOT%","index":382}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/StartWebGoat.java","uriBaseId":"%SRCROOT%","index":383}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java","uriBaseId":"%SRCROOT%","index":384}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java","uriBaseId":"%SRCROOT%","index":385}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java","uriBaseId":"%SRCROOT%","index":386}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/jwt/JWTController.java","uriBaseId":"%SRCROOT%","index":387}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":388}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":389}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":390}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java","uriBaseId":"%SRCROOT%","index":391}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java","uriBaseId":"%SRCROOT%","index":392}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java","uriBaseId":"%SRCROOT%","index":393}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java","uriBaseId":"%SRCROOT%","index":394}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/authbypass/BypassVerificationTest.java","uriBaseId":"%SRCROOT%","index":395}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":396}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java","uriBaseId":"%SRCROOT%","index":397}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java","uriBaseId":"%SRCROOT%","index":398}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Flags.java","uriBaseId":"%SRCROOT%","index":399}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/Review.java","uriBaseId":"%SRCROOT%","index":400}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":401}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":402}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProviderTest.java","uriBaseId":"%SRCROOT%","index":403}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserValidator.java","uriBaseId":"%SRCROOT%","index":404}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java","uriBaseId":"%SRCROOT%","index":405}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java","uriBaseId":"%SRCROOT%","index":406}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":407}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java","uriBaseId":"%SRCROOT%","index":408}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/TriedQuestions.java","uriBaseId":"%SRCROOT%","index":409}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":410}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":411}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java","uriBaseId":"%SRCROOT%","index":412}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":413}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTampering.java","uriBaseId":"%SRCROOT%","index":414}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionMitigations.java","uriBaseId":"%SRCROOT%","index":415}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java","uriBaseId":"%SRCROOT%","index":416}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java","uriBaseId":"%SRCROOT%","index":417}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java","uriBaseId":"%SRCROOT%","index":418}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":419}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java","uriBaseId":"%SRCROOT%","index":420}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/Email.java","uriBaseId":"%SRCROOT%","index":421}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":422}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java","uriBaseId":"%SRCROOT%","index":423}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/cryptography/CryptoUtilTest.java","uriBaseId":"%SRCROOT%","index":424}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/ReportCardService.java","uriBaseId":"%SRCROOT%","index":425}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java","uriBaseId":"%SRCROOT%","index":426}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java","uriBaseId":"%SRCROOT%","index":427}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":428}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/Email.java","uriBaseId":"%SRCROOT%","index":429}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":430}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":431}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java","uriBaseId":"%SRCROOT%","index":432}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/controller/StartLesson.java","uriBaseId":"%SRCROOT%","index":433}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java","uriBaseId":"%SRCROOT%","index":434}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6aTest.java","uriBaseId":"%SRCROOT%","index":435}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java","uriBaseId":"%SRCROOT%","index":436}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java","uriBaseId":"%SRCROOT%","index":437}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java","uriBaseId":"%SRCROOT%","index":438}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/WebGoatApplication.java","uriBaseId":"%SRCROOT%","index":439}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevTools.java","uriBaseId":"%SRCROOT%","index":440}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFixTest.java","uriBaseId":"%SRCROOT%","index":441}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/XSSIntegrationTest.java","uriBaseId":"%SRCROOT%","index":442}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java","uriBaseId":"%SRCROOT%","index":443}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/Language.java","uriBaseId":"%SRCROOT%","index":444}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java","uriBaseId":"%SRCROOT%","index":445}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java","uriBaseId":"%SRCROOT%","index":446}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":447}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java","uriBaseId":"%SRCROOT%","index":448}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":449}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/Salaries.java","uriBaseId":"%SRCROOT%","index":450}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java","uriBaseId":"%SRCROOT%","index":451}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/deserialization/DeserializeTest.java","uriBaseId":"%SRCROOT%","index":452}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java","uriBaseId":"%SRCROOT%","index":453}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java","uriBaseId":"%SRCROOT%","index":454}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java","uriBaseId":"%SRCROOT%","index":455}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserRepository.java","uriBaseId":"%SRCROOT%","index":456}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":457}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/Messages.java","uriBaseId":"%SRCROOT%","index":458}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":459}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java","uriBaseId":"%SRCROOT%","index":460}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrievalTest.java","uriBaseId":"%SRCROOT%","index":461}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":462}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java","uriBaseId":"%SRCROOT%","index":463}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java","uriBaseId":"%SRCROOT%","index":464}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":465}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest2.java","uriBaseId":"%SRCROOT%","index":466}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java","uriBaseId":"%SRCROOT%","index":467}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":468}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/XXEIntegrationTest.java","uriBaseId":"%SRCROOT%","index":469}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java","uriBaseId":"%SRCROOT%","index":470}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8Test.java","uriBaseId":"%SRCROOT%","index":471}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java","uriBaseId":"%SRCROOT%","index":472}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cia/CIA.java","uriBaseId":"%SRCROOT%","index":473}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5aTest.java","uriBaseId":"%SRCROOT%","index":474}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":475}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java","uriBaseId":"%SRCROOT%","index":476}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/plugins/LessonTest.java","uriBaseId":"%SRCROOT%","index":477}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Email.java","uriBaseId":"%SRCROOT%","index":478}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/UserService.java","uriBaseId":"%SRCROOT%","index":479}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/UserSessionData.java","uriBaseId":"%SRCROOT%","index":480}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpoint.java","uriBaseId":"%SRCROOT%","index":481}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/ParentConfig.java","uriBaseId":"%SRCROOT%","index":482}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java","uriBaseId":"%SRCROOT%","index":483}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":484}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java","uriBaseId":"%SRCROOT%","index":485}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java","uriBaseId":"%SRCROOT%","index":486}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java","uriBaseId":"%SRCROOT%","index":487}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/UserRepository.java","uriBaseId":"%SRCROOT%","index":488}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignmentTest.java","uriBaseId":"%SRCROOT%","index":489}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/csrf/CSRFFeedbackTest.java","uriBaseId":"%SRCROOT%","index":490}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6bTest.java","uriBaseId":"%SRCROOT%","index":491}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":492}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java","uriBaseId":"%SRCROOT%","index":493}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java","uriBaseId":"%SRCROOT%","index":494}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/user/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":495}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/LessonDataSource.java","uriBaseId":"%SRCROOT%","index":496}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java","uriBaseId":"%SRCROOT%","index":497}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpointTest.java","uriBaseId":"%SRCROOT%","index":498}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java","uriBaseId":"%SRCROOT%","index":499}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/IntegrationTest.java","uriBaseId":"%SRCROOT%","index":500}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10Test.java","uriBaseId":"%SRCROOT%","index":501}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevToolsTest.java","uriBaseId":"%SRCROOT%","index":502}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java","uriBaseId":"%SRCROOT%","index":503}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/session/LessonTrackerTest.java","uriBaseId":"%SRCROOT%","index":504}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java","uriBaseId":"%SRCROOT%","index":505}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java","uriBaseId":"%SRCROOT%","index":506}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java","uriBaseId":"%SRCROOT%","index":507}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":508}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Lesson.java","uriBaseId":"%SRCROOT%","index":509}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepository.java","uriBaseId":"%SRCROOT%","index":510}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java","uriBaseId":"%SRCROOT%","index":511}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java","uriBaseId":"%SRCROOT%","index":512}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/Course.java","uriBaseId":"%SRCROOT%","index":513}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LabelService.java","uriBaseId":"%SRCROOT%","index":514}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":515}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/AccountVerificationHelper.java","uriBaseId":"%SRCROOT%","index":516}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepositoryTest.java","uriBaseId":"%SRCROOT%","index":517}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java","uriBaseId":"%SRCROOT%","index":518}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/WebSession.java","uriBaseId":"%SRCROOT%","index":519}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordResetEmail.java","uriBaseId":"%SRCROOT%","index":520}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java","uriBaseId":"%SRCROOT%","index":521}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java","uriBaseId":"%SRCROOT%","index":522}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java","uriBaseId":"%SRCROOT%","index":523}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":524}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":525}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/session/LabelDebuggerTest.java","uriBaseId":"%SRCROOT%","index":526}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":527}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":528}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":529}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java","uriBaseId":"%SRCROOT%","index":530}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserValidatorTest.java","uriBaseId":"%SRCROOT%","index":531}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":532}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java","uriBaseId":"%SRCROOT%","index":533}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java","uriBaseId":"%SRCROOT%","index":534}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":535}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/cia/CIAQuizTest.java","uriBaseId":"%SRCROOT%","index":536}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java","uriBaseId":"%SRCROOT%","index":537}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java","uriBaseId":"%SRCROOT%","index":538}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java","uriBaseId":"%SRCROOT%","index":539}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java","uriBaseId":"%SRCROOT%","index":540}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java","uriBaseId":"%SRCROOT%","index":541}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java","uriBaseId":"%SRCROOT%","index":542}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":543}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":544}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpointTest.java","uriBaseId":"%SRCROOT%","index":545}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":546}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":547}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5Test.java","uriBaseId":"%SRCROOT%","index":548}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java","uriBaseId":"%SRCROOT%","index":549}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java","uriBaseId":"%SRCROOT%","index":550}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":551}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingTest.java","uriBaseId":"%SRCROOT%","index":552}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/WebWolfTraceRepository.java","uriBaseId":"%SRCROOT%","index":553}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java","uriBaseId":"%SRCROOT%","index":554}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest1.java","uriBaseId":"%SRCROOT%","index":555}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpointTest.java","uriBaseId":"%SRCROOT%","index":556}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationTest.java","uriBaseId":"%SRCROOT%","index":557}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java","uriBaseId":"%SRCROOT%","index":558}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":559}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java","uriBaseId":"%SRCROOT%","index":560}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/SessionService.java","uriBaseId":"%SRCROOT%","index":561}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":562}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java","uriBaseId":"%SRCROOT%","index":563}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java","uriBaseId":"%SRCROOT%","index":564}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/WebWolfIntroduction.java","uriBaseId":"%SRCROOT%","index":565}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java","uriBaseId":"%SRCROOT%","index":566}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/LessonProgressServiceTest.java","uriBaseId":"%SRCROOT%","index":567}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":568}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java","uriBaseId":"%SRCROOT%","index":569}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/controller/Welcome.java","uriBaseId":"%SRCROOT%","index":570}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java","uriBaseId":"%SRCROOT%","index":571}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":572}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1Test.java","uriBaseId":"%SRCROOT%","index":573}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java","uriBaseId":"%SRCROOT%","index":574}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/lessontemplate/LessonTemplate.java","uriBaseId":"%SRCROOT%","index":575}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/User.java","uriBaseId":"%SRCROOT%","index":576}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java","uriBaseId":"%SRCROOT%","index":577}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":578}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java","uriBaseId":"%SRCROOT%","index":579}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/Comment.java","uriBaseId":"%SRCROOT%","index":580}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInputTest.java","uriBaseId":"%SRCROOT%","index":581}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserSession.java","uriBaseId":"%SRCROOT%","index":582}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java","uriBaseId":"%SRCROOT%","index":583}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java","uriBaseId":"%SRCROOT%","index":584}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDecTest.java","uriBaseId":"%SRCROOT%","index":585}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/AuthBypass.java","uriBaseId":"%SRCROOT%","index":586}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionAdvanced.java","uriBaseId":"%SRCROOT%","index":587}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjection.java","uriBaseId":"%SRCROOT%","index":588}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignmentTest.java","uriBaseId":"%SRCROOT%","index":589}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpProxies.java","uriBaseId":"%SRCROOT%","index":590}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/PathTraversal.java","uriBaseId":"%SRCROOT%","index":591}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java","uriBaseId":"%SRCROOT%","index":592}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":593}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java","uriBaseId":"%SRCROOT%","index":594}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java","uriBaseId":"%SRCROOT%","index":595}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadTest.java","uriBaseId":"%SRCROOT%","index":596}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java","uriBaseId":"%SRCROOT%","index":597}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java","uriBaseId":"%SRCROOT%","index":598}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":599}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":600}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":601}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java","uriBaseId":"%SRCROOT%","index":602}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/Requests.java","uriBaseId":"%SRCROOT%","index":603}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java","uriBaseId":"%SRCROOT%","index":604}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java","uriBaseId":"%SRCROOT%","index":605}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java","uriBaseId":"%SRCROOT%","index":606}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/SimpleXXETest.java","uriBaseId":"%SRCROOT%","index":607}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":608}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java","uriBaseId":"%SRCROOT%","index":609}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java","uriBaseId":"%SRCROOT%","index":610}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/IDORIntegrationTest.java","uriBaseId":"%SRCROOT%","index":611}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/HintServiceTest.java","uriBaseId":"%SRCROOT%","index":612}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java","uriBaseId":"%SRCROOT%","index":613}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java","uriBaseId":"%SRCROOT%","index":614}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":615}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpointTest.java","uriBaseId":"%SRCROOT%","index":616}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java","uriBaseId":"%SRCROOT%","index":617}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java","uriBaseId":"%SRCROOT%","index":618}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java","uriBaseId":"%SRCROOT%","index":619}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Category.java","uriBaseId":"%SRCROOT%","index":620}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java","uriBaseId":"%SRCROOT%","index":621}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java","uriBaseId":"%SRCROOT%","index":622}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java","uriBaseId":"%SRCROOT%","index":623}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/assignments/AssignmentEndpointTest.java","uriBaseId":"%SRCROOT%","index":624}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":625}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java","uriBaseId":"%SRCROOT%","index":626}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java","uriBaseId":"%SRCROOT%","index":627}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java","uriBaseId":"%SRCROOT%","index":628}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java","uriBaseId":"%SRCROOT%","index":629}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFiltering.java","uriBaseId":"%SRCROOT%","index":630}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/Comment.java","uriBaseId":"%SRCROOT%","index":631}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequestTest.java","uriBaseId":"%SRCROOT%","index":632}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java","uriBaseId":"%SRCROOT%","index":633}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java","uriBaseId":"%SRCROOT%","index":634}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":635}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java","uriBaseId":"%SRCROOT%","index":636}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":637}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/Ping.java","uriBaseId":"%SRCROOT%","index":638}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java","uriBaseId":"%SRCROOT%","index":639}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java","uriBaseId":"%SRCROOT%","index":640}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java","uriBaseId":"%SRCROOT%","index":641}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/LessonTracker.java","uriBaseId":"%SRCROOT%","index":642}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java","uriBaseId":"%SRCROOT%","index":643}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":644}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":645}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/User.java","uriBaseId":"%SRCROOT%","index":646}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java","uriBaseId":"%SRCROOT%","index":647}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":648}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java","uriBaseId":"%SRCROOT%","index":649}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordReset.java","uriBaseId":"%SRCROOT%","index":650}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java","uriBaseId":"%SRCROOT%","index":651}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java","uriBaseId":"%SRCROOT%","index":652}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/StoredXssCommentsTest.java","uriBaseId":"%SRCROOT%","index":653}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java","uriBaseId":"%SRCROOT%","index":654}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java","uriBaseId":"%SRCROOT%","index":655}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":656}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java","uriBaseId":"%SRCROOT%","index":657}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java","uriBaseId":"%SRCROOT%","index":658}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java","uriBaseId":"%SRCROOT%","index":659}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java","uriBaseId":"%SRCROOT%","index":660}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java","uriBaseId":"%SRCROOT%","index":661}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/WebWolf.java","uriBaseId":"%SRCROOT%","index":662}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java","uriBaseId":"%SRCROOT%","index":663}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/SqlLessonTest.java","uriBaseId":"%SRCROOT%","index":664}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/resetlink/PasswordChangeForm.java","uriBaseId":"%SRCROOT%","index":665}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":666}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java","uriBaseId":"%SRCROOT%","index":667}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webgoatintroduction/WebGoatIntroduction.java","uriBaseId":"%SRCROOT%","index":668}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":669}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java","uriBaseId":"%SRCROOT%","index":670}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebGoat.java","uriBaseId":"%SRCROOT%","index":671}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserRepositoryTest.java","uriBaseId":"%SRCROOT%","index":672}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":673}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":674}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9Test.java","uriBaseId":"%SRCROOT%","index":675}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidationTest.java","uriBaseId":"%SRCROOT%","index":676}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java","uriBaseId":"%SRCROOT%","index":677}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLogin.java","uriBaseId":"%SRCROOT%","index":678}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/Scoreboard.java","uriBaseId":"%SRCROOT%","index":679}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java","uriBaseId":"%SRCROOT%","index":680}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java","uriBaseId":"%SRCROOT%","index":681}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignmentTest.java","uriBaseId":"%SRCROOT%","index":682}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java","uriBaseId":"%SRCROOT%","index":683}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java","uriBaseId":"%SRCROOT%","index":684}},{"location":{"uri":".mvn/wrapper/MavenWrapperDownloader.java","uriBaseId":"%SRCROOT%","index":685}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":686}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":687}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13Test.java","uriBaseId":"%SRCROOT%","index":688}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java","uriBaseId":"%SRCROOT%","index":689}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java","uriBaseId":"%SRCROOT%","index":690}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":691}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":692}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java","uriBaseId":"%SRCROOT%","index":693}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentTest.java","uriBaseId":"%SRCROOT%","index":694}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":695}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java","uriBaseId":"%SRCROOT%","index":696}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictions.java","uriBaseId":"%SRCROOT%","index":697}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java","uriBaseId":"%SRCROOT%","index":698}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":699}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/scoreboardApp.js","uriBaseId":"%SRCROOT%","index":700}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/assignment3.js","uriBaseId":"%SRCROOT%","index":701}},{"location":{"uri":"src/main/resources/lessons/csrf/js/csrf-review.js","uriBaseId":"%SRCROOT%","index":702}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/xxe/js/xxe.js","uriBaseId":"%SRCROOT%","index":703}},{"location":{"uri":"src/main/resources/lessons/jwt/js/jwt-buy.js","uriBaseId":"%SRCROOT%","index":704}},{"location":{"uri":"src/main/resources/lessons/challenges/js/challenge8.js","uriBaseId":"%SRCROOT%","index":705}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/mode-java.js","uriBaseId":"%SRCROOT%","index":706}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/assignment10b.js","uriBaseId":"%SRCROOT%","index":707}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/TitleView.js","uriBaseId":"%SRCROOT%","index":708}},{"location":{"uri":"src/main/resources/lessons/idor/js/idor.js","uriBaseId":"%SRCROOT%","index":709}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery_form/jquery.form.js","uriBaseId":"%SRCROOT%","index":710}},{"location":{"uri":"src/main/resources/lessons/pathtraversal/js/path_traversal.js","uriBaseId":"%SRCROOT%","index":711}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/controller/MenuController.js","uriBaseId":"%SRCROOT%","index":712}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ErrorNotificationView.js","uriBaseId":"%SRCROOT%","index":713}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuButtonView.js","uriBaseId":"%SRCROOT%","index":714}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuData.js","uriBaseId":"%SRCROOT%","index":715}},{"location":{"uri":"src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js","uriBaseId":"%SRCROOT%","index":716}},{"location":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-slider/js/bootstrap-slider.js","uriBaseId":"%SRCROOT%","index":717}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/UserAndInfoView.js","uriBaseId":"%SRCROOT%","index":718}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/text.js","uriBaseId":"%SRCROOT%","index":719}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuModel.js","uriBaseId":"%SRCROOT%","index":720}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-base.js","uriBaseId":"%SRCROOT%","index":721}},{"location":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js","uriBaseId":"%SRCROOT%","index":722}},{"location":{"uri":"src/main/resources/lessons/jwt/js/jwt-refresh.js","uriBaseId":"%SRCROOT%","index":723}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-ui-1.10.4.js","uriBaseId":"%SRCROOT%","index":724}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/challenge.js","uriBaseId":"%SRCROOT%","index":725}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/theme-monokai.js","uriBaseId":"%SRCROOT%","index":726}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/AssignmentStatusModel.js","uriBaseId":"%SRCROOT%","index":727}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonOverviewCollection.js","uriBaseId":"%SRCROOT%","index":728}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HTMLContentModel.js","uriBaseId":"%SRCROOT%","index":729}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/ssrf/js/credentials.js","uriBaseId":"%SRCROOT%","index":730}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/clientsidefiltering/js/clientSideFilteringFree.js","uriBaseId":"%SRCROOT%","index":731}},{"location":{"uri":"src/main/resources/lessons/authbypass/js/bypass.js","uriBaseId":"%SRCROOT%","index":732}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuCollection.js","uriBaseId":"%SRCROOT%","index":733}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js","uriBaseId":"%SRCROOT%","index":734}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonInfoModel.js","uriBaseId":"%SRCROOT%","index":735}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/idor/js/idor.js","uriBaseId":"%SRCROOT%","index":736}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/TitleView.js","uriBaseId":"%SRCROOT%","index":737}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/PaginationControlView.js","uriBaseId":"%SRCROOT%","index":738}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonContentModel.js","uriBaseId":"%SRCROOT%","index":739}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HintModel.js","uriBaseId":"%SRCROOT%","index":740}},{"location":{"uri":"src/main/resources/lessons/jwt/js/jwt-voting.js","uriBaseId":"%SRCROOT%","index":741}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/goatApp.js","uriBaseId":"%SRCROOT%","index":742}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuModel.js","uriBaseId":"%SRCROOT%","index":743}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/FlagModel.js","uriBaseId":"%SRCROOT%","index":744}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/PaginationControlView.js","uriBaseId":"%SRCROOT%","index":745}},{"location":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/jwt.js","uriBaseId":"%SRCROOT%","index":746}},{"location":{"uri":"src/main/resources/webwolf/static/js/jwt.js","uriBaseId":"%SRCROOT%","index":747}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/csrf/js/csrf-review.js","uriBaseId":"%SRCROOT%","index":748}},{"location":{"uri":"src/main/resources/lessons/csrf/js/feedback.js","uriBaseId":"%SRCROOT%","index":749}},{"location":{"uri":"src/main/resources/webgoat/static/js/quiz.js","uriBaseId":"%SRCROOT%","index":750}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/search.js","uriBaseId":"%SRCROOT%","index":751}},{"location":{"uri":"src/main/resources/webgoat/static/js/jquery_form/jquery.form.js","uriBaseId":"%SRCROOT%","index":752}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-final.js","uriBaseId":"%SRCROOT%","index":753}},{"location":{"uri":"src/main/resources/lessons/challenges/js/challenge6.js","uriBaseId":"%SRCROOT%","index":754}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/underscore-min.js","uriBaseId":"%SRCROOT%","index":755}},{"location":{"uri":"src/main/resources/lessons/xss/js/assignment4.js","uriBaseId":"%SRCROOT%","index":756}},{"location":{"uri":"src/main/resources/lessons/sqlinjection/js/assignment10b.js","uriBaseId":"%SRCROOT%","index":757}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-refresh.js","uriBaseId":"%SRCROOT%","index":758}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/nanoScroller/jquery.nanoscroller.min.js","uriBaseId":"%SRCROOT%","index":759}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LabelDebugModel.js","uriBaseId":"%SRCROOT%","index":760}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuView.js","uriBaseId":"%SRCROOT%","index":761}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/pathtraversal/js/path_traversal.js","uriBaseId":"%SRCROOT%","index":762}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/GoatRouter.js","uriBaseId":"%SRCROOT%","index":763}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/insecurelogin/js/credentials.js","uriBaseId":"%SRCROOT%","index":764}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuData.js","uriBaseId":"%SRCROOT%","index":765}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ScoreboardView.js","uriBaseId":"%SRCROOT%","index":766}},{"location":{"uri":"src/main/resources/webwolf/static/js/mail.js","uriBaseId":"%SRCROOT%","index":767}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-weak-keys.js","uriBaseId":"%SRCROOT%","index":768}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-ui.min.js","uriBaseId":"%SRCROOT%","index":769}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/controller/LessonController.js","uriBaseId":"%SRCROOT%","index":770}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/passwordreset/js/password-reset-simple.js","uriBaseId":"%SRCROOT%","index":771}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/controller/MenuController.js","uriBaseId":"%SRCROOT%","index":772}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonInfoModel.js","uriBaseId":"%SRCROOT%","index":773}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HTMLContentModel.js","uriBaseId":"%SRCROOT%","index":774}},{"location":{"uri":"src/main/resources/lessons/clientsidefiltering/js/clientSideFilteringFree.js","uriBaseId":"%SRCROOT%","index":775}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/CustomGoat.js","uriBaseId":"%SRCROOT%","index":776}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/toggle.js","uriBaseId":"%SRCROOT%","index":777}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/theme-monokai.js","uriBaseId":"%SRCROOT%","index":778}},{"location":{"uri":"src/main/resources/lessons/ssrf/js/credentials.js","uriBaseId":"%SRCROOT%","index":779}},{"location":{"uri":"src/main/resources/webwolf/static/js/fileUpload.js","uriBaseId":"%SRCROOT%","index":780}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery.min.js","uriBaseId":"%SRCROOT%","index":781}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/GoatRouter.js","uriBaseId":"%SRCROOT%","index":782}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/goatConstants.js","uriBaseId":"%SRCROOT%","index":783}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-ui.min.js","uriBaseId":"%SRCROOT%","index":784}},{"location":{"uri":"src/main/resources/webgoat/static/plugins/nanoScroller/jquery.nanoscroller.min.js","uriBaseId":"%SRCROOT%","index":785}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/goatAsyncErrorHandler.js","uriBaseId":"%SRCROOT%","index":786}},{"location":{"uri":"src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js","uriBaseId":"%SRCROOT%","index":787}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/polyglot.min.js","uriBaseId":"%SRCROOT%","index":788}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js","uriBaseId":"%SRCROOT%","index":789}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/ReportCardModel.js","uriBaseId":"%SRCROOT%","index":790}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/FlagsCollection.js","uriBaseId":"%SRCROOT%","index":791}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/ace.js","uriBaseId":"%SRCROOT%","index":792}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":793}},{"location":{"uri":"src/main/resources/lessons/insecurelogin/js/credentials.js","uriBaseId":"%SRCROOT%","index":794}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-buy.js","uriBaseId":"%SRCROOT%","index":795}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/goatApp.js","uriBaseId":"%SRCROOT%","index":796}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/AssignmentStatusModel.js","uriBaseId":"%SRCROOT%","index":797}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery.form.js","uriBaseId":"%SRCROOT%","index":798}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/ace.js","uriBaseId":"%SRCROOT%","index":799}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/backbone-min.js","uriBaseId":"%SRCROOT%","index":800}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuView.js","uriBaseId":"%SRCROOT%","index":801}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/LessonContentView.js","uriBaseId":"%SRCROOT%","index":802}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/authbypass/js/bypass.js","uriBaseId":"%SRCROOT%","index":803}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HintCollection.js","uriBaseId":"%SRCROOT%","index":804}},{"location":{"uri":"src/main/resources/lessons/sqlinjection/js/assignment13.js","uriBaseId":"%SRCROOT%","index":805}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/csrf/js/feedback.js","uriBaseId":"%SRCROOT%","index":806}},{"location":{"uri":"src/main/resources/webgoat/static/js/application.js","uriBaseId":"%SRCROOT%","index":807}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/main.js","uriBaseId":"%SRCROOT%","index":808}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuCollection.js","uriBaseId":"%SRCROOT%","index":809}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js","uriBaseId":"%SRCROOT%","index":810}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js","uriBaseId":"%SRCROOT%","index":811}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js","uriBaseId":"%SRCROOT%","index":812}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/polyglot.min.js","uriBaseId":"%SRCROOT%","index":813}},{"location":{"uri":"src/main/resources/lessons/jwt/js/jwt-final.js","uriBaseId":"%SRCROOT%","index":814}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/HelpControlsView.js","uriBaseId":"%SRCROOT%","index":815}},{"location":{"uri":"src/main/resources/lessons/lessontemplate/js/idor.js","uriBaseId":"%SRCROOT%","index":816}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/require.min.js","uriBaseId":"%SRCROOT%","index":817}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HintModel.js","uriBaseId":"%SRCROOT%","index":818}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/ReportCardModel.js","uriBaseId":"%SRCROOT%","index":819}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/assignment4.js","uriBaseId":"%SRCROOT%","index":820}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/challenge8.js","uriBaseId":"%SRCROOT%","index":821}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/spoofcookie/js/handler.js","uriBaseId":"%SRCROOT%","index":822}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuItemView.js","uriBaseId":"%SRCROOT%","index":823}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/underscore-min.js","uriBaseId":"%SRCROOT%","index":824}},{"location":{"uri":"src/main/resources/webgoat/static/js/search.js","uriBaseId":"%SRCROOT%","index":825}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonContentModel.js","uriBaseId":"%SRCROOT%","index":826}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/HintView.js","uriBaseId":"%SRCROOT%","index":827}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuItemView.js","uriBaseId":"%SRCROOT%","index":828}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-vuln.js","uriBaseId":"%SRCROOT%","index":829}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ScoreboardView.js","uriBaseId":"%SRCROOT%","index":830}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/assignment13.js","uriBaseId":"%SRCROOT%","index":831}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/lessontemplate/js/idor.js","uriBaseId":"%SRCROOT%","index":832}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/HelpControlsView.js","uriBaseId":"%SRCROOT%","index":833}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-slider/js/bootstrap-slider.js","uriBaseId":"%SRCROOT%","index":834}},{"location":{"uri":"src/main/resources/lessons/xss/js/stored-xss.js","uriBaseId":"%SRCROOT%","index":835}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/UserAndInfoView.js","uriBaseId":"%SRCROOT%","index":836}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery.min.js","uriBaseId":"%SRCROOT%","index":837}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":838}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js","uriBaseId":"%SRCROOT%","index":839}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/text.js","uriBaseId":"%SRCROOT%","index":840}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/backbone-min.js","uriBaseId":"%SRCROOT%","index":841}},{"location":{"uri":"src/main/resources/webgoat/static/js/toggle.js","uriBaseId":"%SRCROOT%","index":842}},{"location":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/fileUpload.js","uriBaseId":"%SRCROOT%","index":843}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-base.js","uriBaseId":"%SRCROOT%","index":844}},{"location":{"uri":"src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js","uriBaseId":"%SRCROOT%","index":845}},{"location":{"uri":"src/main/resources/lessons/jwt/js/jwt-weak-keys.js","uriBaseId":"%SRCROOT%","index":846}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HintCollection.js","uriBaseId":"%SRCROOT%","index":847}},{"location":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js","uriBaseId":"%SRCROOT%","index":848}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/goatConstants.js","uriBaseId":"%SRCROOT%","index":849}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-voting.js","uriBaseId":"%SRCROOT%","index":850}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js","uriBaseId":"%SRCROOT%","index":851}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ReportCardView.js","uriBaseId":"%SRCROOT%","index":852}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LabelDebugModel.js","uriBaseId":"%SRCROOT%","index":853}},{"location":{"uri":"src/main/resources/lessons/challenges/js/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":854}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/scoreboardApp.js","uriBaseId":"%SRCROOT%","index":855}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/controller/LessonController.js","uriBaseId":"%SRCROOT%","index":856}},{"location":{"uri":"src/main/resources/lessons/sqlinjection/js/challenge.js","uriBaseId":"%SRCROOT%","index":857}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js","uriBaseId":"%SRCROOT%","index":858}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/FlagsCollection.js","uriBaseId":"%SRCROOT%","index":859}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonOverviewCollection.js","uriBaseId":"%SRCROOT%","index":860}},{"location":{"uri":"src/main/resources/lessons/xxe/js/xxe.js","uriBaseId":"%SRCROOT%","index":861}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/FlagModel.js","uriBaseId":"%SRCROOT%","index":862}},{"location":{"uri":"src/main/resources/lessons/passwordreset/js/password-reset-simple.js","uriBaseId":"%SRCROOT%","index":863}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ReportCardView.js","uriBaseId":"%SRCROOT%","index":864}},{"location":{"uri":"src/main/resources/webgoat/static/js/scoreboard.js","uriBaseId":"%SRCROOT%","index":865}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":866}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js","uriBaseId":"%SRCROOT%","index":867}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/CustomGoat.js","uriBaseId":"%SRCROOT%","index":868}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/scoreboard.js","uriBaseId":"%SRCROOT%","index":869}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/modernizr.min.js","uriBaseId":"%SRCROOT%","index":870}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/mode-java.js","uriBaseId":"%SRCROOT%","index":871}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ErrorNotificationView.js","uriBaseId":"%SRCROOT%","index":872}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/HintView.js","uriBaseId":"%SRCROOT%","index":873}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/stored-xss.js","uriBaseId":"%SRCROOT%","index":874}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/challenge6.js","uriBaseId":"%SRCROOT%","index":875}},{"location":{"uri":"src/main/resources/lessons/spoofcookie/js/handler.js","uriBaseId":"%SRCROOT%","index":876}},{"location":{"uri":"src/main/resources/webgoat/static/js/main.js","uriBaseId":"%SRCROOT%","index":877}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/application.js","uriBaseId":"%SRCROOT%","index":878}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuButtonView.js","uriBaseId":"%SRCROOT%","index":879}},{"location":{"uri":"src/main/resources/lessons/xss/js/assignment3.js","uriBaseId":"%SRCROOT%","index":880}},{"location":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/mail.js","uriBaseId":"%SRCROOT%","index":881}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/LessonContentView.js","uriBaseId":"%SRCROOT%","index":882}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/require.min.js","uriBaseId":"%SRCROOT%","index":883}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-vuln.js","uriBaseId":"%SRCROOT%","index":884}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/quiz.js","uriBaseId":"%SRCROOT%","index":885}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-ui-1.10.4.js","uriBaseId":"%SRCROOT%","index":886}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/goatAsyncErrorHandler.js","uriBaseId":"%SRCROOT%","index":887}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery.form.js","uriBaseId":"%SRCROOT%","index":888}},{"location":{"uri":"src/main/resources/webgoat/static/js/modernizr.min.js","uriBaseId":"%SRCROOT%","index":889}}],"results":[{"ruleId":"java/insecure-cookie","rule":{"id":"java/insecure-cookie","index":10,"toolComponent":{"index":18}},"message":{"text":"Cookie is added to response without the 'secure' flag being set."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":131,"startColumn":7,"endColumn":33}}}],"partialFingerprints":{"primaryLocationLineHash":"84a4c92c523d81a1:1","primaryLocationStartColumnFingerprint":"0"}},{"ruleId":"java/insecure-cookie","rule":{"id":"java/insecure-cookie","index":10,"toolComponent":{"index":18}},"message":{"text":"Cookie is added to response without the 'secure' flag being set."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":136,"startColumn":7,"endColumn":33}}}],"partialFingerprints":{"primaryLocationLineHash":"178a5d22f3f4ca47:1","primaryLocationStartColumnFingerprint":"0"}},{"ruleId":"java/insecure-cookie","rule":{"id":"java/insecure-cookie","index":10,"toolComponent":{"index":18}},"message":{"text":"Cookie is added to response without the 'secure' flag being set."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":1},"region":{"startLine":78,"startColumn":5,"endColumn":31}}}],"partialFingerprints":{"primaryLocationLineHash":"598c4a4ab35135b9:1","primaryLocationStartColumnFingerprint":"0"}},{"ruleId":"java/stack-trace-exposure","rule":{"id":"java/stack-trace-exposure","index":13,"toolComponent":{"index":18}},"message":{"text":"[Error information](1) can be exposed to an external user."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":2},"region":{"startLine":54,"startColumn":31,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"69b1bde9108b11cf:1","primaryLocationStartColumnFingerprint":"24"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":2},"region":{"startLine":54,"startColumn":31,"endColumn":57}},"message":{"text":"Error information"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":3},"region":{"startLine":68,"startColumn":19,"endColumn":76}}}],"partialFingerprints":{"primaryLocationLineHash":"31eaf1239ab18658:1","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":3},"region":{"startLine":68,"startColumn":19,"endColumn":76}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4},"region":{"startLine":107,"startColumn":17,"endColumn":58}}}],"partialFingerprints":{"primaryLocationLineHash":"25e8034b7fe5b633:1","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4},"region":{"startLine":107,"startColumn":17,"endColumn":58}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4},"region":{"startLine":137,"startColumn":11,"endColumn":52}}}],"partialFingerprints":{"primaryLocationLineHash":"c1626ca7a4cc054e:1","primaryLocationStartColumnFingerprint":"0"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4},"region":{"startLine":137,"startColumn":11,"endColumn":52}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":155,"startColumn":19,"endColumn":60}}}],"partialFingerprints":{"primaryLocationLineHash":"55fa3c43091de850:1","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":155,"startColumn":19,"endColumn":60}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":180,"startColumn":19,"endColumn":60}}}],"partialFingerprints":{"primaryLocationLineHash":"55fa3c43091de850:2","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":180,"startColumn":19,"endColumn":60}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":203,"startColumn":19,"endColumn":60}}}],"partialFingerprints":{"primaryLocationLineHash":"55fa3c43091de850:3","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":203,"startColumn":19,"endColumn":60}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5},"region":{"startLine":55,"startColumn":15,"endColumn":62}}}],"partialFingerprints":{"primaryLocationLineHash":"ea6a64ef5a45e8bd:1","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5},"region":{"startLine":55,"startColumn":15,"endColumn":62}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5},"region":{"startLine":59,"startColumn":12,"endLine":65,"endColumn":8}}}],"partialFingerprints":{"primaryLocationLineHash":"43c8407c9464bbdd:1","primaryLocationStartColumnFingerprint":"6"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5},"region":{"startLine":59,"startColumn":12,"endLine":65,"endColumn":8}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/path-injection","rule":{"id":"java/path-injection","index":24,"toolComponent":{"index":18}},"message":{"text":"This path depends on a [user-provided value](1).\nThis path depends on a [user-provided value](2).\nThis path depends on a [user-provided value](3).\nThis path depends on a [user-provided value](4)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":42,"startColumn":26,"endColumn":61}}}],"partialFingerprints":{"primaryLocationLineHash":"f9dec27c2aee101b:1","primaryLocationStartColumnFingerprint":"19"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7},"region":{"startLine":38,"startColumn":7,"endColumn":77}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7},"region":{"startLine":39,"startColumn":51,"endColumn":59}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7},"region":{"startLine":39,"startColumn":51,"endColumn":78}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7},"region":{"startLine":39,"startColumn":32,"endColumn":83}},"message":{"text":"...?...:... : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":31,"startColumn":54,"endColumn":69}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":42,"startColumn":52,"endColumn":60}},"message":{"text":"fullName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":35,"startColumn":7,"endColumn":70}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":36,"startColumn":32,"endColumn":36}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":36,"startColumn":32,"endColumn":58}},"message":{"text":"getOriginalFilename(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":31,"startColumn":54,"endColumn":69}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":42,"startColumn":52,"endColumn":60}},"message":{"text":"fullName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9},"region":{"startLine":38,"startColumn":7,"endColumn":74}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9},"region":{"startLine":39,"startColumn":32,"endColumn":40}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":31,"startColumn":54,"endColumn":69}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":42,"startColumn":52,"endColumn":60}},"message":{"text":"fullName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":36,"startColumn":32,"endColumn":58}},"message":{"text":"getOriginalFilename(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":31,"startColumn":54,"endColumn":69}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":42,"startColumn":52,"endColumn":60}},"message":{"text":"fullName"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7},"region":{"startLine":38,"startColumn":7,"endColumn":77}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":35,"startColumn":7,"endColumn":70}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9},"region":{"startLine":38,"startColumn":7,"endColumn":74}},"message":{"text":"user-provided value"}},{"id":4,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":36,"startColumn":32,"endColumn":58}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/path-injection","rule":{"id":"java/path-injection","index":24,"toolComponent":{"index":18}},"message":{"text":"This path depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":93,"startColumn":25,"endColumn":112}}}],"partialFingerprints":{"primaryLocationLineHash":"45dae355bcc6e27f:1","primaryLocationStartColumnFingerprint":"17"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":90,"startColumn":16,"endColumn":42}},"message":{"text":"getParameter(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":93,"startColumn":56,"endColumn":111}},"message":{"text":"... + ..."}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":90,"startColumn":16,"endColumn":42}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/path-injection","rule":{"id":"java/path-injection","index":24,"toolComponent":{"index":18}},"message":{"text":"This path depends on a [user-provided value](1).\nThis path depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":66,"startColumn":29,"endColumn":80}}}],"partialFingerprints":{"primaryLocationLineHash":"f91d2819131b20b6:1","primaryLocationStartColumnFingerprint":"22"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":51,"startColumn":41,"endColumn":96}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":55,"startColumn":31,"endColumn":35}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":60,"startColumn":41,"endColumn":59}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":66,"startColumn":53,"endColumn":57}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":66,"startColumn":53,"endColumn":79}},"message":{"text":"getOriginalFilename(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":51,"startColumn":41,"endColumn":96}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":66,"startColumn":53,"endColumn":79}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/path-injection","rule":{"id":"java/path-injection","index":24,"toolComponent":{"index":18}},"message":{"text":"This path depends on a [user-provided value](1).\nThis path depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":78,"startColumn":23,"endColumn":77}}}],"partialFingerprints":{"primaryLocationLineHash":"79bc479a53e1b374:1","primaryLocationStartColumnFingerprint":"18"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":78,"startColumn":48,"endColumn":54}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":78,"startColumn":48,"endColumn":76}},"message":{"text":"getOriginalFilename(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":78,"startColumn":48,"endColumn":76}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/path-injection","rule":{"id":"java/path-injection","index":24,"toolComponent":{"index":18}},"message":{"text":"This path depends on a [user-provided value](1).\nThis path depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":35,"endColumn":89}}}],"partialFingerprints":{"primaryLocationLineHash":"ef803e80edfe5b1e:1","primaryLocationStartColumnFingerprint":"30"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":66}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":88}},"message":{"text":"getOriginalFilename(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":88}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/zipslip","rule":{"id":"java/zipslip","index":25,"toolComponent":{"index":18}},"message":{"text":"Unsanitized archive entry, which may contain '..', is used in a [file system operation](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":73,"startColumn":53,"endColumn":64}}}],"partialFingerprints":{"primaryLocationLineHash":"a67d7aacb4287388:1","primaryLocationStartColumnFingerprint":"44"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":73,"startColumn":53,"endColumn":64}},"message":{"text":"getName(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":73,"startColumn":18,"endColumn":65}},"message":{"text":"new File(...) : File"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":75,"startColumn":24,"endColumn":25}},"message":{"text":"f : File"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":75,"startColumn":24,"endColumn":34}},"message":{"text":"toPath(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":75,"startColumn":24,"endColumn":34}},"message":{"text":"file system operation"}}]},{"ruleId":"java/xxe","rule":{"id":"java/xxe","index":37,"toolComponent":{"index":18}},"message":{"text":"XML parsing depends on a [user-provided value](1) without guarding against external entity expansion.\nXML parsing depends on a [user-provided value](2) without guarding against external entity expansion.\nXML parsing depends on a [user-provided value](3) without guarding against external entity expansion."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":41,"endColumn":62}}}],"partialFingerprints":{"primaryLocationLineHash":"1c93f3ad0a8f54:1","primaryLocationStartColumnFingerprint":"36"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14},"region":{"startLine":87,"startColumn":34,"endColumn":64}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14},"region":{"startLine":96,"startColumn":43,"endColumn":53}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":96,"startColumn":30,"endColumn":40}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":58,"endColumn":61}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":41,"endColumn":62}},"message":{"text":"new StringReader(...)"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15},"region":{"startLine":62,"startColumn":7,"endColumn":37}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15},"region":{"startLine":75,"startColumn":45,"endColumn":55}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":96,"startColumn":30,"endColumn":40}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":58,"endColumn":61}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":41,"endColumn":62}},"message":{"text":"new StringReader(...)"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16},"region":{"startLine":73,"startColumn":68,"endColumn":98}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16},"region":{"startLine":76,"startColumn":39,"endColumn":49}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":96,"startColumn":30,"endColumn":40}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":58,"endColumn":61}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":41,"endColumn":62}},"message":{"text":"new StringReader(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14},"region":{"startLine":87,"startColumn":34,"endColumn":64}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15},"region":{"startLine":62,"startColumn":7,"endColumn":37}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16},"region":{"startLine":73,"startColumn":68,"endColumn":98}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/unsafe-deserialization","rule":{"id":"java/unsafe-deserialization","index":41,"toolComponent":{"index":18}},"message":{"text":"Unsafe deserialization depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":60,"startColumn":18,"endColumn":34}}}],"partialFingerprints":{"primaryLocationLineHash":"6c850a3d150d9bb4:1","primaryLocationStartColumnFingerprint":"11"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":49,"startColumn":33,"endColumn":59}},"message":{"text":"token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":21}},"message":{"text":"token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":57}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":58,"startColumn":83,"endColumn":91}},"message":{"text":"b64token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":58,"startColumn":56,"endColumn":92}},"message":{"text":"decode(...) : byte[]"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":60,"startColumn":18,"endColumn":21}},"message":{"text":"ois"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":49,"startColumn":33,"endColumn":59}},"message":{"text":"token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":21}},"message":{"text":"token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":57}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":58,"startColumn":83,"endColumn":91}},"message":{"text":"b64token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":58,"startColumn":56,"endColumn":92}},"message":{"text":"decode(...) : byte[]"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":58,"startColumn":31,"endColumn":93}},"message":{"text":"new ByteArrayInputStream(...) : ByteArrayInputStream"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":60,"startColumn":18,"endColumn":21}},"message":{"text":"ois"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":49,"startColumn":33,"endColumn":59}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/unsafe-deserialization","rule":{"id":"java/unsafe-deserialization","index":41,"toolComponent":{"index":18}},"message":{"text":"Unsafe deserialization depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":57,"startColumn":27,"endColumn":51}}}],"partialFingerprints":{"primaryLocationLineHash":"350c8895428d29a7:1","primaryLocationStartColumnFingerprint":"20"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":40,"startColumn":47,"endColumn":75}},"message":{"text":"payload : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":57,"startColumn":43,"endColumn":50}},"message":{"text":"payload"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":40,"startColumn":47,"endColumn":75}},"message":{"text":"payload : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endColumn":20}},"message":{"text":"payload : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endLine":51,"endColumn":34}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endLine":52,"endColumn":35}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endLine":53,"endColumn":35}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endLine":54,"endColumn":36}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endLine":55,"endColumn":36}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":57,"startColumn":43,"endColumn":50}},"message":{"text":"payload"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":40,"startColumn":47,"endColumn":75}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/polynomial-redos","rule":{"id":"java/polynomial-redos","index":45,"toolComponent":{"index":18}},"message":{"text":"This [regular expression](1) that depends on a [user-provided value](2) may run slow on strings with many repetitions of ' '.\nThis [regular expression](3) that depends on a [user-provided value](2) may run slow on strings starting with 'union' and with many repetitions of 'union('.\nThis [regular expression](1) that depends on a [user-provided value](4) may run slow on strings with many repetitions of ' '.\nThis [regular expression](3) that depends on a [user-provided value](4) may run slow on strings starting with 'union' and with many repetitions of 'union('.\nThis [regular expression](1) that depends on a [user-provided value](5) may run slow on strings with many repetitions of ' '.\nThis [regular expression](3) that depends on a [user-provided value](5) may run slow on strings starting with 'union' and with many repetitions of 'union('."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}}}],"partialFingerprints":{"primaryLocationLineHash":"f222904dc5afe3ce:1","primaryLocationStartColumnFingerprint":"5"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":56,"startColumn":33,"endColumn":81}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":57,"startColumn":28,"endColumn":34}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":56,"startColumn":33,"endColumn":81}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":57,"startColumn":28,"endColumn":34}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":47,"startColumn":30,"endColumn":93}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":51,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":47,"startColumn":30,"endColumn":93}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":51,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":52,"startColumn":7,"endColumn":82}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":20}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":34}},"message":{"text":"toUpperCase(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":54}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":76}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":57,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":52,"startColumn":7,"endColumn":82}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":20}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":34}},"message":{"text":"toUpperCase(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":54}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":76}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":57,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":50,"endColumn":54}},"message":{"text":"regular expression"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":56,"startColumn":33,"endColumn":81}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":61,"endColumn":63}},"message":{"text":"regular expression"}},{"id":4,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":47,"startColumn":30,"endColumn":93}},"message":{"text":"user-provided value"}},{"id":5,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":52,"startColumn":7,"endColumn":82}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/polynomial-redos","rule":{"id":"java/polynomial-redos","index":45,"toolComponent":{"index":18}},"message":{"text":"This [regular expression](1) that depends on a [user-provided value](2) may run slow on strings starting with '<' and with many repetitions of '<'."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22},"region":{"startLine":63,"startColumn":16,"endColumn":22}}}],"partialFingerprints":{"primaryLocationLineHash":"c108af4381cebe6f:1","primaryLocationStartColumnFingerprint":"9"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22},"region":{"startLine":59,"startColumn":33,"endColumn":60}},"message":{"text":"editor : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22},"region":{"startLine":63,"startColumn":16,"endColumn":22}},"message":{"text":"editor"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22},"region":{"startLine":63,"startColumn":38,"endColumn":41}},"message":{"text":"regular expression"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22},"region":{"startLine":59,"startColumn":33,"endColumn":60}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/polynomial-redos","rule":{"id":"java/polynomial-redos","index":45,"toolComponent":{"index":18}},"message":{"text":"This [regular expression](1) that depends on a [user-provided value](2) may run slow on strings starting with '<script>alert(' and with many repetitions of '<script>alert('.\nThis [regular expression](3) that depends on a [user-provided value](2) may run slow on strings starting with '<script>alert()</script>' and with many repetitions of ')</script>'."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":63,"startColumn":26,"endColumn":32}}}],"partialFingerprints":{"primaryLocationLineHash":"113b34bd21123106:1","primaryLocationStartColumnFingerprint":"21"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":61,"startColumn":7,"endColumn":34}},"message":{"text":"field2 : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":63,"startColumn":26,"endColumn":32}},"message":{"text":"field2"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":61,"startColumn":7,"endColumn":34}},"message":{"text":"field2 : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":63,"startColumn":26,"endColumn":32}},"message":{"text":"field2"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":49,"startColumn":50,"endColumn":52}},"message":{"text":"regular expression"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":61,"startColumn":7,"endColumn":34}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":49,"startColumn":66,"endColumn":68}},"message":{"text":"regular expression"}}]},{"ruleId":"java/polynomial-redos","rule":{"id":"java/polynomial-redos","index":45,"toolComponent":{"index":18}},"message":{"text":"This [regular expression](1) that depends on a [user-provided value](2) may run slow on strings starting with '<script>alert(' and with many repetitions of '<script>alert('.\nThis [regular expression](3) that depends on a [user-provided value](2) may run slow on strings starting with '<script>alert()</script>' and with many repetitions of ')</script>'."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":85,"startColumn":26,"endColumn":32}}}],"partialFingerprints":{"primaryLocationLineHash":"de4f1e66fe5d59eb:1","primaryLocationStartColumnFingerprint":"21"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":60,"startColumn":7,"endColumn":34}},"message":{"text":"field1 : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":85,"startColumn":26,"endColumn":32}},"message":{"text":"field1"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":60,"startColumn":7,"endColumn":34}},"message":{"text":"field1 : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":85,"startColumn":26,"endColumn":32}},"message":{"text":"field1"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":49,"startColumn":50,"endColumn":52}},"message":{"text":"regular expression"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":60,"startColumn":7,"endColumn":34}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":49,"startColumn":66,"endColumn":68}},"message":{"text":"regular expression"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":26,"endColumn":97}}}],"partialFingerprints":{"primaryLocationLineHash":"c375853e645b5747:1","primaryLocationStartColumnFingerprint":"21"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":38,"startColumn":31,"endColumn":83}},"message":{"text":"userForm : UserForm"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":44,"startColumn":25,"endColumn":47}},"message":{"text":"getUsername(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":39,"startColumn":23,"endColumn":38}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":59,"endColumn":67}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":32,"startColumn":22,"endColumn":37}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":33,"startColumn":10,"endColumn":18}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":36,"startColumn":22,"endColumn":37}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":37,"startColumn":21,"endColumn":29}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":37,"startColumn":5,"endColumn":9}},"message":{"text":"this [post update] [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":33,"startColumn":5,"endColumn":41}},"message":{"text":"this <constr(this)> [post update] [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":43,"endColumn":78}},"message":{"text":"new WebGoatUser(...) [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":23,"endColumn":79}},"message":{"text":"save(...) [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":47,"startColumn":28,"endColumn":39}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":51,"startColumn":37,"endColumn":60}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":47,"endColumn":58}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":55,"startColumn":17,"endColumn":28}},"message":{"text":"parameter this [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":56,"startColumn":12,"endColumn":16}},"message":{"text":"this [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":56,"startColumn":12,"endColumn":25}},"message":{"text":"this.username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":47,"endColumn":72}},"message":{"text":"getUsername(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":26,"endColumn":97}},"message":{"text":"... + ..."}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":38,"startColumn":31,"endColumn":83}},"message":{"text":"userForm : UserForm"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":44,"startColumn":25,"endColumn":33}},"message":{"text":"userForm : UserForm"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":27},"region":{"startLine":30,"startColumn":18,"endColumn":29}},"message":{"text":"parameter this : UserForm"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":27},"region":{"startLine":30,"startColumn":45,"endColumn":58}},"message":{"text":"this.username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":44,"startColumn":25,"endColumn":47}},"message":{"text":"getUsername(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":39,"startColumn":23,"endColumn":38}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":59,"endColumn":67}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":32,"startColumn":22,"endColumn":37}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":33,"startColumn":10,"endColumn":18}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":36,"startColumn":22,"endColumn":37}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":37,"startColumn":21,"endColumn":29}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":37,"startColumn":5,"endColumn":9}},"message":{"text":"this [post update] [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":33,"startColumn":5,"endColumn":41}},"message":{"text":"this <constr(this)> [post update] [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":43,"endColumn":78}},"message":{"text":"new WebGoatUser(...) [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":23,"endColumn":79}},"message":{"text":"save(...) [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":47,"startColumn":28,"endColumn":39}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":51,"startColumn":37,"endColumn":60}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":47,"endColumn":58}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":55,"startColumn":17,"endColumn":28}},"message":{"text":"parameter this [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":56,"startColumn":12,"endColumn":16}},"message":{"text":"this [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":56,"startColumn":12,"endColumn":25}},"message":{"text":"this.username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":47,"endColumn":72}},"message":{"text":"getUsername(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":26,"endColumn":97}},"message":{"text":"... + ..."}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":38,"startColumn":31,"endColumn":83}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":64,"startColumn":66,"endColumn":188}}}],"partialFingerprints":{"primaryLocationLineHash":"1a0c1f7d5956e4f8:1","primaryLocationStartColumnFingerprint":"58"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":50,"startColumn":30,"endColumn":65}},"message":{"text":"username_login : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":64,"startColumn":66,"endColumn":188}},"message":{"text":"... + ..."}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":50,"startColumn":67,"endColumn":102}},"message":{"text":"password_login : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":64,"startColumn":66,"endColumn":188}},"message":{"text":"... + ..."}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":50,"startColumn":30,"endColumn":65}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":50,"startColumn":67,"endColumn":102}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29},"region":{"startLine":69,"startColumn":54,"endColumn":68}}}],"partialFingerprints":{"primaryLocationLineHash":"f774d9651c9c378c:1","primaryLocationStartColumnFingerprint":"45"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29},"region":{"startLine":60,"startColumn":40,"endColumn":73}},"message":{"text":"username_reg : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29},"region":{"startLine":69,"startColumn":54,"endColumn":68}},"message":{"text":"checkUserQuery"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29},"region":{"startLine":60,"startColumn":40,"endColumn":73}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2).\nThis query depends on a [user-provided value](3)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":74,"startColumn":52,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"5e5ec10e89273e98:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":56,"startColumn":33,"endColumn":81}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":57,"startColumn":28,"endColumn":34}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":74,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":47,"startColumn":30,"endColumn":93}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":51,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":74,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":52,"startColumn":7,"endColumn":82}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":20}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":34}},"message":{"text":"toUpperCase(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":54}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":76}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":57,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":74,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":56,"startColumn":33,"endColumn":81}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":47,"startColumn":30,"endColumn":93}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":52,"startColumn":7,"endColumn":82}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":71,"startColumn":52,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"983b99783dada75a:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":58,"startColumn":33,"endColumn":67}},"message":{"text":"action_string : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":59,"startColumn":40,"endColumn":53}},"message":{"text":"action_string : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":62,"startColumn":54,"endColumn":67}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":71,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":58,"startColumn":33,"endColumn":67}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":65,"startColumn":50,"endColumn":55}}}],"partialFingerprints":{"primaryLocationLineHash":"67dc1330c3a571f7:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":58,"startColumn":33,"endColumn":59}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":59,"startColumn":28,"endColumn":33}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":62,"startColumn":42,"endColumn":54}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":65,"startColumn":50,"endColumn":55}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":58,"startColumn":33,"endColumn":59}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":62,"startColumn":33,"endColumn":38}}}],"partialFingerprints":{"primaryLocationLineHash":"70e3ff06f7af756a:1","primaryLocationStartColumnFingerprint":"24"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":54,"startColumn":33,"endColumn":59}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":55,"startColumn":28,"endColumn":33}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":58,"startColumn":42,"endColumn":54}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":62,"startColumn":33,"endColumn":38}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":54,"startColumn":33,"endColumn":59}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":80,"startColumn":32,"endColumn":37}}}],"partialFingerprints":{"primaryLocationLineHash":"31dcbb8961cbab44:1","primaryLocationStartColumnFingerprint":"23"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":70,"startColumn":33,"endColumn":45}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":72,"startColumn":28,"endColumn":33}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":75,"startColumn":42,"endColumn":54}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":80,"startColumn":32,"endColumn":37}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":70,"startColumn":33,"endColumn":45}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":63,"startColumn":33,"endColumn":38}}}],"partialFingerprints":{"primaryLocationLineHash":"d339c823409c314d:1","primaryLocationStartColumnFingerprint":"24"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":53,"startColumn":33,"endColumn":59}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":54,"startColumn":28,"endColumn":33}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":57,"startColumn":42,"endColumn":54}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":63,"startColumn":33,"endColumn":38}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":53,"startColumn":33,"endColumn":59}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2).\nThis query depends on a [user-provided value](3)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":67,"startColumn":52,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"2b95e3c48ba92cd0:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":7,"endColumn":35}},"message":{"text":"account : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":56,"startColumn":28,"endColumn":70}},"message":{"text":"... + ... : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":59,"startColumn":42,"endColumn":60}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":67,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":37,"endColumn":66}},"message":{"text":"operator : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":56,"startColumn":28,"endColumn":70}},"message":{"text":"... + ... : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":59,"startColumn":42,"endColumn":60}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":67,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":68,"endColumn":98}},"message":{"text":"injection : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":56,"startColumn":28,"endColumn":70}},"message":{"text":"... + ... : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":59,"startColumn":42,"endColumn":60}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":67,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":7,"endColumn":35}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":37,"endColumn":66}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":68,"endColumn":98}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":66,"startColumn":15,"endColumn":26}}}],"partialFingerprints":{"primaryLocationLineHash":"ba7f4a519474e8ae:1","primaryLocationStartColumnFingerprint":"0"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":56,"startColumn":7,"endColumn":34}},"message":{"text":"userid : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":58,"startColumn":41,"endColumn":47}},"message":{"text":"userid : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":61,"startColumn":62,"endColumn":80}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":66,"startColumn":15,"endColumn":26}},"message":{"text":"queryString"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":56,"startColumn":7,"endColumn":34}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":78,"startColumn":52,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"615295edb2bddc7:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":33,"endColumn":58}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":60,"startColumn":43,"endColumn":47}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":63,"startColumn":57,"endColumn":68}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":78,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":60,"endColumn":89}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":60,"startColumn":49,"endColumn":57}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":63,"startColumn":70,"endColumn":85}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":78,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":33,"endColumn":58}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":60,"endColumn":89}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":76,"startColumn":52,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"c3579bd895056390:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":33,"endColumn":58}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":61,"startColumn":37,"endColumn":41}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":64,"startColumn":51,"endColumn":62}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":76,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":60,"endColumn":89}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":61,"startColumn":43,"endColumn":51}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":64,"startColumn":64,"endColumn":79}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":76,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":33,"endColumn":58}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":60,"endColumn":89}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2).\nThis query depends on a [user-provided value](3).\nThis query depends on a [user-provided value](4)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":158,"startColumn":31,"endColumn":39}}}],"partialFingerprints":{"primaryLocationLineHash":"86ab9021267dc726:1","primaryLocationStartColumnFingerprint":"24"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":33,"endColumn":58}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":60,"startColumn":43,"endColumn":47}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":63,"startColumn":57,"endColumn":68}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":77,"startColumn":25,"endColumn":30}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":147,"startColumn":49,"endColumn":62}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":20}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":158,"startColumn":31,"endColumn":39}},"message":{"text":"logQuery"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":60,"endColumn":89}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":60,"startColumn":49,"endColumn":57}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":63,"startColumn":70,"endColumn":85}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":77,"startColumn":25,"endColumn":30}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":147,"startColumn":49,"endColumn":62}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":20}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":158,"startColumn":31,"endColumn":39}},"message":{"text":"logQuery"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":33,"endColumn":58}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":61,"startColumn":37,"endColumn":41}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":64,"startColumn":51,"endColumn":62}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":75,"startColumn":45,"endColumn":50}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":147,"startColumn":49,"endColumn":62}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":20}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":158,"startColumn":31,"endColumn":39}},"message":{"text":"logQuery"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":60,"endColumn":89}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":61,"startColumn":43,"endColumn":51}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":64,"startColumn":64,"endColumn":79}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":75,"startColumn":45,"endColumn":50}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":147,"startColumn":49,"endColumn":62}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":20}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":158,"startColumn":31,"endColumn":39}},"message":{"text":"logQuery"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":33,"endColumn":58}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":60,"endColumn":89}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":33,"endColumn":58}},"message":{"text":"user-provided value"}},{"id":4,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":60,"endColumn":89}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39},"region":{"startLine":75,"startColumn":57,"endColumn":178}}}],"partialFingerprints":{"primaryLocationLineHash":"7cc0e97ef836b73a:1","primaryLocationStartColumnFingerprint":"49"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39},"region":{"startLine":67,"startColumn":28,"endColumn":55}},"message":{"text":"column : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39},"region":{"startLine":75,"startColumn":57,"endColumn":178}},"message":{"text":"... + ..."}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39},"region":{"startLine":67,"startColumn":28,"endColumn":55}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/ssrf","rule":{"id":"java/ssrf","index":49,"toolComponent":{"index":18}},"message":{"text":"Potential server-side request forgery due to a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":51,"startColumn":29,"endColumn":41}}}],"partialFingerprints":{"primaryLocationLineHash":"6be77af73d304fec:1","primaryLocationStartColumnFingerprint":"22"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":44,"startColumn":33,"endColumn":57}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":45,"startColumn":20,"endColumn":23}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":48,"startColumn":34,"endColumn":44}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":51,"startColumn":29,"endColumn":41}},"message":{"text":"new URL(...)"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":44,"startColumn":33,"endColumn":57}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":45,"startColumn":20,"endColumn":23}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":48,"startColumn":34,"endColumn":44}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":51,"startColumn":37,"endColumn":40}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":51,"startColumn":29,"endColumn":41}},"message":{"text":"new URL(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":44,"startColumn":33,"endColumn":57}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/spring-disabled-csrf-protection","rule":{"id":"java/spring-disabled-csrf-protection","index":56,"toolComponent":{"index":18}},"message":{"text":"CSRF vulnerability due to protection being disabled."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":41},"region":{"startLine":80,"startColumn":5,"endColumn":36}}}],"partialFingerprints":{"primaryLocationLineHash":"5a3b59dcf16b392d:1","primaryLocationStartColumnFingerprint":"0"}},{"ruleId":"java/spring-disabled-csrf-protection","rule":{"id":"java/spring-disabled-csrf-protection","index":56,"toolComponent":{"index":18}},"message":{"text":"CSRF vulnerability due to protection being disabled."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":42},"region":{"startLine":60,"startColumn":5,"endColumn":36}}}],"partialFingerprints":{"primaryLocationLineHash":"25bab9a440f2318b:1","primaryLocationStartColumnFingerprint":"0"}},{"ruleId":"java/weak-cryptographic-algorithm","rule":{"id":"java/weak-cryptographic-algorithm","index":57,"toolComponent":{"index":18}},"message":{"text":"Cryptographic algorithm [MD5](1) is weak and should not be used."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":55,"startColumn":26,"endColumn":58}}}],"partialFingerprints":{"primaryLocationLineHash":"99e2d6034d1626c0:1","primaryLocationStartColumnFingerprint":"19"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":55,"startColumn":52,"endColumn":57}},"message":{"text":"MD5"}}]},{"ruleId":"java/log-injection","rule":{"id":"java/log-injection","index":75,"toolComponent":{"index":18}},"message":{"text":"This log entry depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44},"region":{"startLine":164,"startColumn":40,"endColumn":50}}}],"partialFingerprints":{"primaryLocationLineHash":"6e872ef1bcf9d5da:1","primaryLocationStartColumnFingerprint":"31"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44},"region":{"startLine":162,"startColumn":27,"endColumn":76}},"message":{"text":"getHeader(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44},"region":{"startLine":164,"startColumn":40,"endColumn":50}},"message":{"text":"langHeader"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44},"region":{"startLine":162,"startColumn":27,"endColumn":76}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/log-injection","rule":{"id":"java/log-injection","index":75,"toolComponent":{"index":18}},"message":{"text":"This log entry depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45},"region":{"startLine":81,"startColumn":40,"endColumn":47}}}],"partialFingerprints":{"primaryLocationLineHash":"c60f6a54a39c911a:1","primaryLocationStartColumnFingerprint":"33"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45},"region":{"startLine":73,"startColumn":62,"endColumn":90}},"message":{"text":"modulus : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45},"region":{"startLine":81,"startColumn":40,"endColumn":47}},"message":{"text":"modulus"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45},"region":{"startLine":73,"startColumn":62,"endColumn":90}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/log-injection","rule":{"id":"java/log-injection","index":75,"toolComponent":{"index":18}},"message":{"text":"This log entry depends on a [user-provided value](1).\nThis log entry depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":35,"endColumn":89}}}],"partialFingerprints":{"primaryLocationLineHash":"ef803e80edfe5b1e:1","primaryLocationStartColumnFingerprint":"30"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":66}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":88}},"message":{"text":"getOriginalFilename(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":35,"endColumn":89}},"message":{"text":"new File(...)"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":88}},"message":{"text":"getOriginalFilename(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":35,"endColumn":89}},"message":{"text":"new File(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":88}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/log-injection","rule":{"id":"java/log-injection","index":75,"toolComponent":{"index":18}},"message":{"text":"This log entry depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":46},"region":{"startLine":48,"startColumn":45,"endColumn":68}}}],"partialFingerprints":{"primaryLocationLineHash":"27ba78a11a332dd5:1","primaryLocationStartColumnFingerprint":"38"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":46},"region":{"startLine":48,"startColumn":45,"endColumn":68}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sensitive-log","rule":{"id":"java/sensitive-log","index":76,"toolComponent":{"index":18}},"message":{"text":"This [potentially sensitive information](1) is written to a log file."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47},"region":{"startLine":50,"startColumn":9,"endColumn":86}}}],"partialFingerprints":{"primaryLocationLineHash":"fb9ac546c80284d7:1","primaryLocationStartColumnFingerprint":"0"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47},"region":{"startLine":50,"startColumn":44,"endColumn":52}},"message":{"text":"password : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47},"region":{"startLine":50,"startColumn":44,"endColumn":85}},"message":{"text":"getBytes(...) : byte[]"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47},"region":{"startLine":50,"startColumn":9,"endColumn":86}},"message":{"text":"encodeToString(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47},"region":{"startLine":50,"startColumn":44,"endColumn":52}},"message":{"text":"potentially sensitive information"}}]},{"ruleId":"java/sensitive-log","rule":{"id":"java/sensitive-log","index":76,"toolComponent":{"index":18}},"message":{"text":"This [potentially sensitive information](1) is written to a log file."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":68,"startColumn":50,"endColumn":65}}}],"partialFingerprints":{"primaryLocationLineHash":"7ccb022cc5fb1739:1","primaryLocationStartColumnFingerprint":"43"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":68,"startColumn":50,"endColumn":65}},"message":{"text":"potentially sensitive information"}}]},{"ruleId":"java/tainted-arithmetic","rule":{"id":"java/tainted-arithmetic","index":86,"toolComponent":{"index":18}},"message":{"text":"This arithmetic expression depends on a [user-provided value](1), potentially causing an overflow."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":283,"startColumn":10,"endColumn":25}}}],"partialFingerprints":{"primaryLocationLineHash":"ff289147dde00d14:1","primaryLocationStartColumnFingerprint":"5"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49},"region":{"startLine":75,"startColumn":46,"endColumn":72}},"message":{"text":"email : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49},"region":{"startLine":77,"startColumn":25,"endColumn":30}},"message":{"text":"email : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49},"region":{"startLine":77,"startColumn":25,"endColumn":63}},"message":{"text":"substring(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49},"region":{"startLine":91,"startColumn":207,"endColumn":215}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":50},"region":{"startLine":13,"startColumn":37,"endColumn":52}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":50},"region":{"startLine":19,"startColumn":81,"endColumn":89}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":207,"startColumn":38,"endColumn":46}},"message":{"text":"s : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":209,"startColumn":16,"endColumn":17}},"message":{"text":"s : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":371,"startColumn":22,"endColumn":30}},"message":{"text":"s : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":372,"startColumn":12,"endColumn":13}},"message":{"text":"s : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":372,"startColumn":12,"endColumn":24}},"message":{"text":"getBytes(...) : byte[]"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":348,"startColumn":22,"endColumn":35}},"message":{"text":"buffer : byte[]"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":349,"startColumn":23,"endColumn":36}},"message":{"text":"buffer.length : Number"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":325,"startColumn":49,"endColumn":59}},"message":{"text":"length : Number"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":326,"startColumn":42,"endColumn":48}},"message":{"text":"length : Number"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":278,"startColumn":66,"endColumn":76}},"message":{"text":"length : Number"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":283,"startColumn":10,"endColumn":16}},"message":{"text":"length"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49},"region":{"startLine":75,"startColumn":46,"endColumn":72}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/concatenated-sql-query","rule":{"id":"java/concatenated-sql-query","index":92,"toolComponent":{"index":18}},"message":{"text":"Query built by concatenation with [this expression](1), which may be untrusted."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":51},"region":{"startLine":90,"startColumn":39,"endColumn":90}}}],"partialFingerprints":{"primaryLocationLineHash":"b977808836279b6e:1","primaryLocationStartColumnFingerprint":"0"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":51},"region":{"startLine":90,"startColumn":81,"endColumn":84}},"message":{"text":"this expression"}}]},{"ruleId":"java/potentially-weak-cryptographic-algorithm","rule":{"id":"java/potentially-weak-cryptographic-algorithm","index":95,"toolComponent":{"index":18}},"message":{"text":"Cryptographic algorithm [SHA-256](1) may not be secure, consider using a different algorithm.\nCryptographic algorithm [SHA-256](2) may not be secure, consider using a different algorithm."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":100,"startColumn":24,"endColumn":60}}}],"partialFingerprints":{"primaryLocationLineHash":"2b5742fe12aaef84:1","primaryLocationStartColumnFingerprint":"19"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":72,"startColumn":32,"endColumn":41}},"message":{"text":"\"SHA-256\" : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":99,"startColumn":47,"endColumn":63}},"message":{"text":"algorithm : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":100,"startColumn":50,"endColumn":59}},"message":{"text":"algorithm"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":52},"region":{"startLine":49,"startColumn":52,"endColumn":61}},"message":{"text":"\"SHA-256\" : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":99,"startColumn":47,"endColumn":63}},"message":{"text":"algorithm : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":100,"startColumn":50,"endColumn":59}},"message":{"text":"algorithm"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":72,"startColumn":32,"endColumn":41}},"message":{"text":"SHA-256"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":52},"region":{"startLine":49,"startColumn":52,"endColumn":61}},"message":{"text":"SHA-256"}}]},{"ruleId":"java/potentially-weak-cryptographic-algorithm","rule":{"id":"java/potentially-weak-cryptographic-algorithm","index":95,"toolComponent":{"index":18}},"message":{"text":"Cryptographic algorithm [SHA-256](1) may not be secure, consider using a different algorithm."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":53},"region":{"startLine":55,"startColumn":24,"endColumn":60}}}],"partialFingerprints":{"primaryLocationLineHash":"555233fa65523009:1","primaryLocationStartColumnFingerprint":"19"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":53},"region":{"startLine":55,"startColumn":50,"endColumn":59}},"message":{"text":"SHA-256"}}]}],"columnKind":"utf16CodeUnits","properties":{"metricResults":[{"rule":{"id":"java/summary/lines-of-code","index":96,"toolComponent":{"index":18}},"ruleId":"java/summary/lines-of-code","value":16389,"baseline":34524},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":231,"message":{"text":"java.util.Map#put(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":125,"message":{"text":"java.lang.String#equals(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":63,"message":{"text":"java.lang.StringBuilder#append(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":60,"message":{"text":"java.util.Map#clear()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":60,"message":{"text":"java.util.Map#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":58,"message":{"text":"java.lang.String#contains(CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":49,"message":{"text":"java.lang.String#replace(CharSequence,CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":48,"message":{"text":"java.lang.Throwable#getMessage()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":39,"message":{"text":"java.lang.Object#equals(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":37,"message":{"text":"java.lang.StringBuilder#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":33,"message":{"text":"java.lang.Object#hashCode()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":33,"message":{"text":"java.util.Collection#stream()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":24,"message":{"text":"java.lang.String#getBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":24,"message":{"text":"java.lang.String#length()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":23,"message":{"text":"java.lang.String#indexOf(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":22,"message":{"text":"java.util.List#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":20,"message":{"text":"java.lang.String#substring(int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":20,"message":{"text":"java.lang.Object#getClass()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":19,"message":{"text":"java.lang.String#toLowerCase()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":17,"message":{"text":"java.util.Map#of(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":16,"message":{"text":"javax.servlet.http.Cookie#Cookie(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":16,"message":{"text":"org.springframework.http.HeadersBuilder#build()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":16,"message":{"text":"java.lang.String#concat(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"java.io.PrintStream#println(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"java.util.stream.Stream#filter(Predicate)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"javax.servlet.http.HttpServletRequest#getHeader(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"java.util.Map#of(Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"org.slf4j.Logger#debug(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"java.lang.String#format(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":14,"message":{"text":"java.sql.Statement#executeQuery(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":13,"message":{"text":"java.util.stream.Stream#map(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":13,"message":{"text":"java.lang.String#String(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":12,"message":{"text":"java.io.File#File(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":12,"message":{"text":"org.slf4j.Logger#debug(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":12,"message":{"text":"java.lang.String#matches(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"org.springframework.http.ResponseEntity#ok(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"java.util.Map#getOrDefault(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"java.util.List#size()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"java.lang.Object#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"java.lang.String#getBytes(Charset)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#writeValueAsString(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"java.sql.ResultSet#next()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"java.io.File#File(File,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"org.springframework.data.repository.CrudRepository#save(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"org.slf4j.Logger#error(String,Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"java.util.Map#isEmpty()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"java.lang.String#equalsIgnoreCase(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"java.util.stream.Stream#toList()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#readValue(String,Class)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"java.lang.String#substring(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":9,"message":{"text":"java.util.Encoder#encode(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":9,"message":{"text":"java.io.File#toPath()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":9,"message":{"text":"java.sql.PreparedStatement#setString(int,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.io.File#exists()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.lang.Class#getName()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.sql.Connection#prepareStatement(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"org.springframework.http.BodyBuilder#body(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.time.Instant#now()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.lang.String#split(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"org.apache.commons.lang3.StringUtils#reverse(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.util.stream.Stream#findFirst()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.net.URI#URI(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.nio.file.Path#toFile()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.util.Arrays#asList(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.lang.String#String(byte\\[\\],Charset)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.io.File#getName()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.util.Decoder#decode(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.util.Optional#orElse(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.util.List#contains(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"org.slf4j.Logger#info(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.Class#getSimpleName()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.nio.file.Paths#get(String,String\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.System#currentTimeMillis()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.String#startsWith(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.String#trim()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.util.stream.Collectors#toList()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.String#replaceAll(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.String#replaceFirst(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.util.ArrayList#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.Encoder#encodeToString(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.sql.ResultSet#getString(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.List#get(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.lang.String#formatted(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.lang.Class#getClassLoader()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"org.springframework.web.multipart.MultipartFile#getOriginalFilename()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.lang.Integer#intValue()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.Set#size()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.Map#values()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.Collection#toArray(IntFunction)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.math.BigInteger#valueOf(long)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.HashMap#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.lang.String#toUpperCase()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"javax.servlet.http.HttpServletResponse#addCookie(Cookie)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.lang.String#endsWith(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"org.springframework.util.MultiValueMap#getFirst(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.nio.file.Path#resolve(Path)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.math.BigInteger#toByteArray()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"org.springframework.web.client.RestTemplate#postForEntity(String,Object,Class,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Entry#getValue()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Entry#getKey()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.lang.StringBuffer#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.List#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"javax.servlet.ServletRequest#getParameter(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Decoder#decode(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"javax.servlet.http.HttpServletRequest#getRequestURL()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"org.apache.commons.lang3.ArrayUtils#addAll(Object\\[\\],Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Map#entrySet()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"org.slf4j.Logger#error(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Optional#ifPresent(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.lang.String#charAt(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.stream.Stream#of(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.UUID#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.UUID#randomUUID()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Set#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.lang.Iterable#forEach(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.io.File#File(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.io.InputStream#readAllBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.String#replace(char,char)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.nio.file.Path#resolve(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"org.springframework.validation.Errors#rejectValue(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.List#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.Optional#ofNullable(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.stream.Stream#sorted(Comparator)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.io.File#getCanonicalPath()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.HashMap#put(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.Date#Date(long)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.Properties#putAll(Map)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.sql.Statement#executeUpdate(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.Map#remove(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.List#of(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.Map#size()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"org.springframework.http.ResponseEntity#ResponseEntity(Object,HttpStatus)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.String#String(char\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.System#arraycopy(Object,int,Object,int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.IllegalStateException#IllegalStateException(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.String#getBytes(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.io.FileOutputStream#FileOutputStream(File)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.StringBuilder#StringBuilder(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"org.springframework.http.BodyBuilder#contentType(MediaType)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.stream.Stream#anyMatch(Predicate)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.slf4j.Logger#warn(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.InputStreamReader#InputStreamReader(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.ObjectInputStream#readObject()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.Enum#Enum(String,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.stream.Stream#flatMap(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.stream.Stream#mapToInt(ToIntFunction)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.String#toCharArray()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.ObjectInputStream#ObjectInputStream(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"com.google.common.collect.Lists#newArrayList(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.Integer#valueOf(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.ByteArrayInputStream#ByteArrayInputStream(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.ByteArrayOutputStream#toByteArray()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Objects#requireNonNull(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.File#toURI()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Arrays#stream(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.Float#parseFloat(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.net.URI#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Map#containsKey(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copyToByteArray(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copy(InputStream,OutputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copyToByteArray(File)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copy(byte\\[\\],File)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.web.multipart.MultipartFile#getBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.util.Base64Utils#decodeFromUrlSafeString(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Set#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.slf4j.Logger#warn(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.String#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.StringBuilder#reverse()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Collections#emptyList()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.String#isEmpty()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Map#of(Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractMessageSource#getMessage(String,Object\\[\\],Locale)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractMessageSource#getMessage(String,Object\\[\\],String,Locale)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.core.NestedRuntimeException#getMessage()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Optional#isPresent()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Collection#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.validation.Errors#getFieldError(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.ArrayList#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.http.HeadersBuilder#location(URI)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Collection#size()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.Throwable#getCause()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Optional#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.List#of(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Optional#map(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.function.Predicate#test(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.regex.Pattern#compile(String,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.InputStream#read(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.regex.Pattern#matcher(CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Queue#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Set#of(Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Set#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Set#contains(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Arrays#copyOfRange(byte\\[\\],int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Collections#list(Enumeration)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Collections#singleton(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Enumeration#nextElement()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Optional#stream()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Optional#get()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Optional#empty()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Properties#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Properties#getProperty(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.Enum#name()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.IllegalArgumentException#IllegalArgumentException(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.Integer#parseInt(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.Integer#toHexString(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.Long#intValue()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.Math#min(int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.List#isEmpty()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.RuntimeException#RuntimeException(Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.String#valueOf(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Collection#parallelStream()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.HashMap#entrySet()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.StringBuilder#append(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.StringBuilder#StringBuilder(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.HashMap#replace(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#writeValueAsBytes(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#readValue(byte\\[\\],Class)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectWriter#writeValueAsString(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.stream.Stream#reduce(Object,BiFunction,BinaryOperator)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.stream.Stream#forEach(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.stream.Stream#sorted()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.stream.Stream#distinct()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"com.google.common.collect.EvictingQueue#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.BufferedReader#readLine()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.BufferedReader#BufferedReader(Reader)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.File#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.File#getCanonicalFile()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.File#getAbsoluteFile()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.FilterOutputStream#write(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.ObjectOutputStream#writeObject(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.PrintWriter#println(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.PrintWriter#PrintWriter(File)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.StringReader#StringReader(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.StringWriter#getBuffer()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.net.URL#openStream()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.net.URL#URL(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#writeString(Path,CharSequence,Charset,OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#writeString(Path,CharSequence,OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#write(Path,byte\\[\\],OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#copy(InputStream,Path,CopyOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#createTempDirectory(String,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#createDirectories(Path,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#createFile(Path,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.sql.Connection#prepareStatement(String,int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.sql.PreparedStatement#setInt(int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.xml.sax.InputSource#InputSource(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.sql.Statement#execute(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Map#putAll(Map)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.text.DateFormat#format(Date)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.text.SimpleDateFormat#SimpleDateFormat(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.regex.Pattern#asMatchPredicate()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.regex.Pattern#compile(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.regex.Matcher#matches()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.regex.Matcher#group(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.servlet.ServletRequest#getParameterNames()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.servlet.http.Cookie#getValue()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.servlet.http.Cookie#getName()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Map#keySet()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.servlet.http.HttpServletRequest#getQueryString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.servlet.http.HttpServletResponse#sendError(int,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.xml.xpath.XPath#evaluate(String,InputSource,QName)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.apache.commons.io.FileUtils#byteCountToDisplaySize(long)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.apache.commons.io.FilenameUtils#isExtension(String,Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.apache.commons.logging.Log#error(Object,Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.http.HttpEntity#HttpEntity(MultiValueMap)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.http.HeadersBuilder#header(String,String\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.util.StringUtils#arrayToCommaDelimitedString(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.slf4j.Logger#error(String,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.slf4j.Logger#error(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.slf4j.Logger#info(String,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.slf4j.Logger#info(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Map#forEach(BiConsumer)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Map#of()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.slf4j.Logger#trace(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.jdbc.core.JdbcTemplate#execute(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.jdbc.datasource.AbstractDriverBasedDataSource#setUrl(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.ui.Model#addAttribute(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.ui.ModelMap#addAttribute(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.web.client.RestTemplate#exchange(String,HttpMethod,HttpEntity,Class,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.ArrayList#ArrayList(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Queue#remove()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":231,"message":{"text":"java.util.Map#put(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":125,"message":{"text":"java.lang.String#equals(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":63,"message":{"text":"java.lang.StringBuilder#append(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":60,"message":{"text":"java.util.Map#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":49,"message":{"text":"java.lang.String#replace(CharSequence,CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":48,"message":{"text":"java.lang.Throwable#getMessage()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":39,"message":{"text":"java.lang.Object#equals(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":37,"message":{"text":"java.lang.StringBuilder#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":33,"message":{"text":"java.util.Collection#stream()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":24,"message":{"text":"java.lang.String#getBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":22,"message":{"text":"java.util.List#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":20,"message":{"text":"java.lang.String#substring(int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":19,"message":{"text":"java.lang.String#toLowerCase()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":17,"message":{"text":"java.util.Map#of(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":16,"message":{"text":"org.springframework.http.HeadersBuilder#build()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":16,"message":{"text":"javax.servlet.http.Cookie#Cookie(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":16,"message":{"text":"java.lang.String#concat(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":15,"message":{"text":"java.util.Map#of(Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":15,"message":{"text":"java.util.stream.Stream#filter(Predicate)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":15,"message":{"text":"java.lang.String#format(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":13,"message":{"text":"java.util.stream.Stream#map(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":13,"message":{"text":"java.lang.String#String(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":12,"message":{"text":"java.io.File#File(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":11,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#writeValueAsString(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":11,"message":{"text":"java.util.Map#getOrDefault(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":11,"message":{"text":"java.lang.String#getBytes(Charset)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":11,"message":{"text":"org.springframework.http.ResponseEntity#ok(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":10,"message":{"text":"java.lang.String#substring(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":10,"message":{"text":"java.io.File#File(File,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":10,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#readValue(String,Class)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":10,"message":{"text":"java.util.stream.Stream#toList()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":10,"message":{"text":"org.springframework.data.repository.CrudRepository#save(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":9,"message":{"text":"java.sql.PreparedStatement#setString(int,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":9,"message":{"text":"java.util.Encoder#encode(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":9,"message":{"text":"java.io.File#toPath()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":8,"message":{"text":"org.apache.commons.lang3.StringUtils#reverse(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":8,"message":{"text":"java.util.stream.Stream#findFirst()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":8,"message":{"text":"org.springframework.http.BodyBuilder#body(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":8,"message":{"text":"java.lang.String#split(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.nio.file.Path#toFile()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.util.Arrays#asList(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.net.URI#URI(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.util.Optional#orElse(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.io.File#getName()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.lang.String#String(byte\\[\\],Charset)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.util.Decoder#decode(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":6,"message":{"text":"java.lang.String#replaceAll(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":6,"message":{"text":"java.lang.String#trim()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":6,"message":{"text":"java.util.ArrayList#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":6,"message":{"text":"java.lang.String#replaceFirst(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":6,"message":{"text":"java.nio.file.Paths#get(String,String\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.lang.String#formatted(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.util.Collection#toArray(IntFunction)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.lang.String#toUpperCase()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"org.springframework.web.multipart.MultipartFile#getOriginalFilename()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.util.List#get(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.math.BigInteger#valueOf(long)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.util.HashMap#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"org.springframework.util.MultiValueMap#getFirst(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.util.Map#values()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.util.Encoder#encodeToString(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.lang.Integer#intValue()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.sql.ResultSet#getString(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.lang.Iterable#forEach(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"org.apache.commons.lang3.ArrayUtils#addAll(Object\\[\\],Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Map#entrySet()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Optional#ifPresent(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.io.InputStream#readAllBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.lang.StringBuffer#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.nio.file.Path#resolve(Path)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Entry#getValue()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.lang.String#charAt(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Set#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Decoder#decode(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.List#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.math.BigInteger#toByteArray()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.io.File#File(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Entry#getKey()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.stream.Stream#of(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"org.springframework.validation.Errors#rejectValue(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.HashMap#put(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.nio.file.Path#resolve(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"org.springframework.http.BodyBuilder#contentType(MediaType)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"org.springframework.http.ResponseEntity#ResponseEntity(Object,HttpStatus)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.Optional#ofNullable(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.Properties#putAll(Map)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.IllegalStateException#IllegalStateException(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.List#of(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.String#replace(char,char)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.String#getBytes(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.List#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.StringBuilder#StringBuilder(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.String#String(char\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.System#arraycopy(Object,int,Object,int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.Map#remove(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.stream.Stream#sorted(Comparator)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.io.File#getCanonicalPath()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copy(InputStream,OutputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Optional#map(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.ByteArrayOutputStream#toByteArray()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.ObjectInputStream#ObjectInputStream(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.web.multipart.MultipartFile#getBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.ObjectInputStream#readObject()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.File#toURI()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.Throwable#getCause()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.validation.Errors#getFieldError(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.ArrayList#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Collection#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.core.NestedRuntimeException#getMessage()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.context.support.AbstractMessageSource#getMessage(String,Object\\[\\],String,Locale)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.InputStreamReader#InputStreamReader(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.context.support.AbstractMessageSource#getMessage(String,Object\\[\\],Locale)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Objects#requireNonNull(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.stream.Stream#anyMatch(Predicate)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copy(byte\\[\\],File)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copyToByteArray(File)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Optional#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.InputStream#read(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copyToByteArray(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Set#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.stream.Stream#flatMap(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.stream.Stream#mapToInt(ToIntFunction)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.util.Base64Utils#decodeFromUrlSafeString(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.http.HeadersBuilder#location(URI)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.regex.Pattern#matcher(CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"com.google.common.collect.Lists#newArrayList(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.net.URI#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Arrays#stream(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.String#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.String#toCharArray()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.Integer#valueOf(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.ByteArrayInputStream#ByteArrayInputStream(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Map#of(Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.StringBuilder#reverse()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.Float#parseFloat(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.List#of(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Map#of()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Map#forEach(BiConsumer)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Map#keySet()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Map#putAll(Map)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.HashMap#replace(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.HashMap#entrySet()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Collection#parallelStream()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.ArrayList#ArrayList(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Queue#remove()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Queue#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Set#of(Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Set#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Arrays#copyOfRange(byte\\[\\],int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Collections#list(Enumeration)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Collections#singleton(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Enumeration#nextElement()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Optional#stream()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Optional#get()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Properties#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Properties#getProperty(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.IllegalArgumentException#IllegalArgumentException(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.Integer#parseInt(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.Integer#toHexString(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.Long#intValue()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.RuntimeException#RuntimeException(Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.StringBuilder#append(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.StringBuilder#StringBuilder(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#writeValueAsBytes(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#readValue(byte\\[\\],Class)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectWriter#writeValueAsString(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.stream.Stream#reduce(Object,BiFunction,BinaryOperator)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.stream.Stream#forEach(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.stream.Stream#sorted()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.stream.Stream#distinct()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"com.google.common.collect.EvictingQueue#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.BufferedReader#readLine()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.BufferedReader#BufferedReader(Reader)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.File#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.File#getCanonicalFile()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.File#getAbsoluteFile()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.FilterOutputStream#write(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.ObjectOutputStream#writeObject(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.StringReader#StringReader(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.StringWriter#getBuffer()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.net.URL#URL(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.regex.Matcher#group(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.springframework.http.HttpEntity#HttpEntity(MultiValueMap)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.springframework.http.HeadersBuilder#header(String,String\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.springframework.util.StringUtils#arrayToCommaDelimitedString(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.springframework.ui.Model#addAttribute(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.springframework.ui.ModelMap#addAttribute(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.xml.sax.InputSource#InputSource(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":15,"message":{"text":"org.slf4j.Logger#debug(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":15,"message":{"text":"java.io.PrintStream#println(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":14,"message":{"text":"java.sql.Statement#executeQuery(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":12,"message":{"text":"org.slf4j.Logger#debug(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":12,"message":{"text":"java.lang.String#matches(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":10,"message":{"text":"org.slf4j.Logger#error(String,Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":8,"message":{"text":"java.lang.String#split(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":8,"message":{"text":"java.sql.Connection#prepareStatement(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":6,"message":{"text":"java.lang.String#replaceFirst(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":6,"message":{"text":"java.lang.String#replaceAll(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":6,"message":{"text":"org.slf4j.Logger#info(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":5,"message":{"text":"javax.servlet.http.HttpServletResponse#addCookie(Cookie)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":4,"message":{"text":"org.springframework.web.client.RestTemplate#postForEntity(String,Object,Class,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":4,"message":{"text":"org.slf4j.Logger#error(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":3,"message":{"text":"java.io.FileOutputStream#FileOutputStream(File)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":3,"message":{"text":"java.sql.Statement#executeUpdate(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":2,"message":{"text":"java.util.regex.Pattern#compile(String,int)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":2,"message":{"text":"java.util.regex.Pattern#matcher(CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":2,"message":{"text":"java.util.function.Predicate#test(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":2,"message":{"text":"org.slf4j.Logger#warn(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":2,"message":{"text":"org.slf4j.Logger#warn(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.util.regex.Pattern#asMatchPredicate()"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.util.regex.Pattern#compile(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.util.regex.Matcher#matches()"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"javax.servlet.http.HttpServletResponse#sendError(int,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#writeString(Path,CharSequence,Charset,OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"javax.xml.xpath.XPath#evaluate(String,InputSource,QName)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#createTempDirectory(String,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.net.URL#openStream()"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.slf4j.Logger#error(String,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.slf4j.Logger#error(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.slf4j.Logger#info(String,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.io.PrintWriter#PrintWriter(File)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.slf4j.Logger#info(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.io.PrintWriter#println(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.slf4j.Logger#trace(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.springframework.jdbc.core.JdbcTemplate#execute(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.springframework.jdbc.datasource.AbstractDriverBasedDataSource#setUrl(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.springframework.web.client.RestTemplate#exchange(String,HttpMethod,HttpEntity,Class,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#copy(InputStream,Path,CopyOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.apache.commons.logging.Log#error(Object,Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#createDirectories(Path,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#createFile(Path,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.sql.Connection#prepareStatement(String,int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#write(Path,byte\\[\\],OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.sql.Statement#execute(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#writeString(Path,CharSequence,OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":4104,"message":{"text":"rt.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":792,"message":{"text":"rest-assured-4.5.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":162,"message":{"text":"jjwt-0.9.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":110,"message":{"text":"spring-web-5.3.21.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":100,"message":{"text":"jakarta.servlet-api-4.0.4.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":97,"message":{"text":"slf4j-api-1.7.36.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":77,"message":{"text":"spring-webmvc-5.3.21.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":74,"message":{"text":"spring-core-5.3.21.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":51,"message":{"text":"spring-security-config-5.7.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":47,"message":{"text":"jackson-databind-2.13.3.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":42,"message":{"text":"spring-security-core-5.7.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":40,"message":{"text":"spring-context-5.3.21.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":31,"message":{"text":"commons-lang3-3.12.0.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":25,"message":{"text":"asciidoctorj-api-2.5.3.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":20,"message":{"text":"thymeleaf-3.0.15.RELEASE.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":17,"message":{"text":"json-path-4.5.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":17,"message":{"text":"zxcvbn-1.5.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":16,"message":{"text":"jose4j-0.9.3.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":16,"message":{"text":"xstream-1.4.5.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":16,"message":{"text":"flyway-core-8.5.13.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":13,"message":{"text":"spring-boot-2.7.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":13,"message":{"text":"spring-jdbc-5.3.21.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":12,"message":{"text":"spring-boot-actuator-2.7.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":11,"message":{"text":"spring-data-commons-2.7.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":9,"message":{"text":"guava-30.1-jre.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":9,"message":{"text":"jaxb-api-2.3.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":8,"message":{"text":"lombok-1.18.24.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":8,"message":{"text":"jsoup-1.15.4.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":6,"message":{"text":"spring-boot-autoconfigure-2.7.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":6,"message":{"text":"spring-data-jpa-2.7.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":6,"message":{"text":"jcommander-1.81.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":4,"message":{"text":"commons-exec-1.3.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":4,"message":{"text":"spring-security-crypto-5.7.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":4,"message":{"text":"thymeleaf-spring5-3.0.15.RELEASE.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":3,"message":{"text":"log4j-api-2.17.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":2,"message":{"text":"commons-text-1.9.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":2,"message":{"text":"commons-io-2.6.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":2,"message":{"text":"spring-security-web-5.7.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":1,"message":{"text":"spring-jcl-5.3.21.jar"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":83,"message":{"text":"io.restassured.RestAssured#given()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":82,"message":{"text":"io.restassured.specification.RequestSpecification#relaxedHTTPSValidation()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":82,"message":{"text":"io.restassured.specification.RequestSpecification#when()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":81,"message":{"text":"io.restassured.response.Validatable#then()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":79,"message":{"text":"io.restassured.specification.RequestSpecification#cookie(String,Object,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":66,"message":{"text":"io.restassured.response.ValidatableResponseOptions#extract()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":59,"message":{"text":"io.restassured.response.ValidatableResponseOptions#statusCode(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":48,"message":{"text":"io.restassured.specification.RequestSenderOptions#get(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":40,"message":{"text":"org.slf4j.LoggerFactory#getLogger(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":32,"message":{"text":"io.restassured.specification.RequestSenderOptions#post(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":25,"message":{"text":"java.time.LocalDateTime#now()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":23,"message":{"text":"io.restassured.response.ResponseBodyExtractionOptions#path(String,String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":22,"message":{"text":"io.restassured.response.ResponseBodyData#asString()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":19,"message":{"text":"io.jsonwebtoken.JwtBuilder#compact()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":19,"message":{"text":"io.jsonwebtoken.Jwts#builder()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":18,"message":{"text":"io.restassured.specification.RequestSpecification#contentType(ContentType)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":18,"message":{"text":"io.restassured.specification.RequestSpecification#header(String,Object,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":17,"message":{"text":"javax.servlet.http.HttpServletRequest#getSession()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":16,"message":{"text":"io.restassured.specification.RequestSpecification#formParam(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":15,"message":{"text":"io.jsonwebtoken.JwtBuilder#signWith(SignatureAlgorithm,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":14,"message":{"text":"java.sql.Connection#createStatement(int,int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":14,"message":{"text":"java.time.LocalDateTime#format(DateTimeFormatter)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":14,"message":{"text":"io.restassured.response.ResponseBodyExtractionOptions#jsonPath()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":14,"message":{"text":"org.springframework.web.servlet.ModelAndView#addObject(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":13,"message":{"text":"org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry#addResourceHandler(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":13,"message":{"text":"org.springframework.web.servlet.config.annotation.ResourceHandlerRegistration#addResourceLocations(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":12,"message":{"text":"org.springframework.http.ResponseEntity#status(HttpStatus)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":12,"message":{"text":"org.springframework.util.StringUtils#hasText(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":12,"message":{"text":"io.jsonwebtoken.JwtBuilder#setClaims(Claims)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":12,"message":{"text":"java.lang.reflect.Method#getAnnotation(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":12,"message":{"text":"io.restassured.response.ExtractableResponse#response()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":11,"message":{"text":"java.sql.ResultSet#first()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":11,"message":{"text":"java.sql.ResultSet#getString(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":11,"message":{"text":"io.restassured.response.ResponseOptions#getBody()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":11,"message":{"text":"org.springframework.web.servlet.ModelAndView#setViewName(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":11,"message":{"text":"java.util.stream.Stream#collect(Collector)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":10,"message":{"text":"io.jsonwebtoken.Jwts#parser()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":10,"message":{"text":"java.util.Random#nextInt(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":10,"message":{"text":"java.util.Base64#getEncoder()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":10,"message":{"text":"javax.servlet.http.HttpSession#getAttribute(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":10,"message":{"text":"org.springframework.core.io.ResourceLoader#getResource(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":9,"message":{"text":"org.apache.commons.lang3.StringUtils#isEmpty(CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":9,"message":{"text":"io.jsonwebtoken.JwtBuilder#claim(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":9,"message":{"text":"io.restassured.path.json.JsonPath#getString(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"java.util.Date#from(Instant)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"io.jsonwebtoken.JwtParser#setSigningKey(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"javax.servlet.http.HttpSession#setAttribute(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"java.lang.System#getProperty(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"io.restassured.specification.RequestSpecification#formParams(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"org.springframework.boot.actuate.trace.http.Request#getUri()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"io.jsonwebtoken.JwtParser#parse(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"lombok.Lombok#sneakyThrow(Throwable)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"org.springframework.security.core.context.SecurityContext#getAuthentication()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"io.jsonwebtoken.Jwts#claims()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"org.springframework.core.env.PropertyResolver#getProperty(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"org.springframework.security.config.annotation.web.configurers.ExpressionInterceptUrlRegistry#and()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"org.springframework.security.core.Authentication#getPrincipal()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"java.lang.Throwable#printStackTrace()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"java.util.Base64#getDecoder()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"java.lang.String#lastIndexOf(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"io.jsonwebtoken.Jwt#getBody()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"org.springframework.security.core.context.SecurityContextHolder#getContext()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"java.sql.PreparedStatement#executeQuery()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"com.beust.jcommander.internal.Lists#newArrayList(Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"javax.xml.bind.DatatypeConverter#printHexBinary(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"io.restassured.specification.RequestSpecification#multiPart(String,String,byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"org.asciidoctor.extension.JavaExtensionRegistry#inlineMacro(String,Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"org.springframework.web.servlet.config.annotation.ViewControllerRegistration#setViewName(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"org.springframework.web.servlet.config.annotation.ViewControllerRegistry#addViewController(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"java.util.HashMap#containsKey(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#enable(DeserializationFeature)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"io.jsonwebtoken.JwtBuilder#setIssuedAt(Date)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"org.springframework.http.ResponseEntity#ok()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"java.util.List#of()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"org.springframework.data.jpa.repository.JpaRepository#saveAndFlush(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"org.asciidoctor.extension.InlineMacroProcessor#InlineMacroProcessor(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"java.io.File#getParentFile()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"org.springframework.web.servlet.ModelAndView#ModelAndView(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"com.nulabinc.zxcvbn.Strength#getScore()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"java.net.URI#getPath()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"io.restassured.response.ExtractableResponse#cookie(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"java.time.format.DateTimeFormatter#ofPattern(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"java.sql.ResultSet#getMetaData()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"org.springframework.validation.Errors#hasErrors()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"org.asciidoctor.extension.InlineMacroProcessor#InlineMacroProcessor(String,Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"io.jsonwebtoken.JwtBuilder#setHeaderParam(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"java.time.Duration#ofDays(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.security.interfaces.RSAKey#getModulus()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"io.jsonwebtoken.impl.TextCodec#encode(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.util.function.Supplier#get()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.util.Base64#getUrlDecoder()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"io.restassured.response.ValidatableResponseOptions#cookie(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"io.restassured.path.json.JsonPath#get(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.util.Base64#getUrlEncoder()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.asciidoctor.extension.BaseProcessor#createPhraseNode(ContentNode,String,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"io.restassured.specification.RequestSpecification#body(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.io.File#mkdirs()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.http.HttpStatus#value()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.io.FileInputStream#FileInputStream(File)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.util.StringUtils#isEmpty(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.util.Calendar#getTime()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.google.common.collect.Lists#newArrayList()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.nulabinc.zxcvbn.Strength#getFeedback()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.core.io.ClassPathResource#ClassPathResource(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.core.io.InputStreamSource#getInputStream()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.nio.charset.Charset#defaultCharset()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.http.converter.json.MappingJacksonValue#setSerializationView(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.nio.file.Files#readAllBytes(Path)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.jdbc.core.namedparam.MapSqlParameterSource#addValue(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.util.Calendar#getInstance()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.thoughtworks.xstream.XStream#ignoreUnknownElements()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.security.KeyPair#getPublic()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.thoughtworks.xstream.XStream#setClassLoader(ClassLoader)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.thoughtworks.xstream.XStream#alias(String,Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.thoughtworks.xstream.XStream#fromXML(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.sql.ResultSet#getRow()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.sql.ResultSet#last()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.sql.ResultSet#beforeFirst()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.web.servlet.ModelAndView#getViewName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.thymeleaf.templateresolver.AbstractTemplateResolver#setOrder(Integer)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.thymeleaf.templateresource.StringTemplateResource#StringTemplateResource(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.JwtBuilder#setSubject(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"com.fasterxml.jackson.databind.JsonNode#toString()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.apache.commons.lang3.RandomStringUtils#randomAlphabetic(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AuthorizedUrl#authenticated()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.validation.BeanPropertyBindingResult#BeanPropertyBindingResult(Object,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#readTree(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.sql.Connection#createStatement()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.sql.PreparedStatement#execute()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.restassured.path.json.JsonPath#getList(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.core.io.ClassPathResource#getInputStream()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.sql.ResultSetMetaData#getColumnCount()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.sql.ResultSet#getStatement()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.time.Instant#plus(TemporalAmount)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.security.MessageDigest#getInstance(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.web.context.request.RequestContextHolder#currentRequestAttributes()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.web.context.request.ServletRequestAttributes#getRequest()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.JwtBuilder#setExpiration(Date)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer#loginPage(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.JwtBuilder#setAudience(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.util.function.Function#apply(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.JwtBuilder#setClaims(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.Claims#setIssuedAt(Date)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.util.Locale#getLanguage()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.lang.Class#getPackageName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.core.env.EnvironmentCapable#getEnvironment()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver#setCharacterEncoding(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.boot.autoconfigure.jdbc.DataSourceProperties#getDriverClassName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.nio.charset.Charset#forName(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.boot.context.event.ApplicationReadyEvent#getApplicationContext()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.http.MediaType#parseMediaType(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#formLogin()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#web(WebApplicationType)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.context.support.PropertiesHolder#getProperties()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.time.Instant#plusSeconds(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.JwtBuilder#setIssuer(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.core.userdetails.UserDetails#getUsername()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.net.URI#getQuery()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.flywaydb.core.Flyway#migrate()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.apache.logging.log4j.util.Strings#isEmpty(CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.restassured.specification.RequestSpecification#formParams(String,Object,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.util.stream.Collectors#toMap(Function,Function)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.apache.commons.lang3.exception.ExceptionUtils#getStackTrace(Throwable)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"com.fasterxml.jackson.databind.node.ObjectNode#put(String,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.boot.actuate.trace.http.HttpTrace#getRequest()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.util.concurrent.TimeUnit#toDays(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.core.token.Sha512DigestUtils#shaHex(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.lang.Throwable#toString()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.restassured.specification.RequestSpecification#queryParams(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.UsernameNotFoundException#UsernameNotFoundException(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.apache.commons.text.StringEscapeUtils#escapeJson(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.apache.commons.lang3.StringUtils#contains(CharSequence,CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.restassured.specification.RequestSenderOptions#put(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.crypto.password.NoOpPasswordEncoder#getInstance()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.apache.commons.exec.OS#isFamilyMac()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.apache.commons.exec.OS#isFamilyUnix()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.sql.ResultSetMetaData#getColumnName(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.time.format.DateTimeFormatter#format(TemporalAccessor)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.xml.stream.XMLInputFactory#setProperty(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.jsonwebtoken.JwtParser#parseClaimsJws(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.util.Properties#stringPropertyNames()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.util.Comparator#reversed()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.http.HttpServletResponse#setStatus(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.http.HttpServletRequest#getMethod()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.util.stream.IntStream#range(int,int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.http.ResponseEntity#badRequest()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.http.ResponseEntity#accepted()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.jsoup.select.Elements#first()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.lang.String#isBlank()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.jsoup.nodes.Element#select(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.jsoup.nodes.Element#text()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.http.HttpServletRequest#getUserPrincipal()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.util.CollectionUtils#isEmpty(Collection)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.lang.String#lastIndexOf(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.io.File#listFiles()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.jsonwebtoken.impl.TextCodec#decode(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.jose4j.keys.HmacKey#HmacKey(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.http.Cookie#setPath(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.ConfigurableApplicationContext#getEnvironment()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.restassured.specification.RequestSpecification#param(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.http.Cookie#setSecure(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.api.configuration.FluentConfiguration#configuration(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#bannerMode(Mode)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"com.fasterxml.jackson.databind.JsonNode#size()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"com.nulabinc.zxcvbn.Feedback#getSuggestions()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"com.nulabinc.zxcvbn.Feedback#getWarning()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractResourceBasedMessageSource#setFallbackToSystemLocale(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractResourceBasedMessageSource#setDefaultEncoding(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractResourceBasedMessageSource#setBasenames(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractResourceBasedMessageSource#setBasename(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.DefaultMessageSourceResolvable#getCode()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.ServletResponse#setContentType(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.ReloadableResourceBundleMessageSource#getMergedProperties(Locale)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.api.configuration.FluentConfiguration#load()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.core.io.Resource#isReadable()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.api.configuration.FluentConfiguration#locations(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.core.io.support.ResourcePatternResolver#getResources(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.jsonwebtoken.JwtParser#setSigningKeyResolver(SigningKeyResolver)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.util.Comparator#comparing(Function)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.nio.file.Files#delete(Path)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#reader()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.thymeleaf.templateresolver.AbstractTemplateResolver#setResolvablePatterns(Set)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.lang.reflect.Method#getGenericReturnType()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver#setCacheable(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.time.Instant#minus(TemporalAmount)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder#userDetailsService(UserDetailsService)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#antMatchers(HttpMethod,String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#anyRequest()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#logout()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#csrf()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"com.fasterxml.jackson.databind.ObjectReader#readTree(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer#disable()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.security.MessageDigest#digest()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer#permitAll()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer#defaultSuccessUrl(String,boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.security.MessageDigest#update(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AuthorizedUrl#permitAll()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.api.configuration.FluentConfiguration#schemas(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.security.Principal#getName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.security.Signature#update(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.jsonwebtoken.Claims#setExpiration(Date)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.api.configuration.FluentConfiguration#dataSource(DataSource)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#authenticationManager()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.security.Signature#getInstance(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.Flyway#configure()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.User#isCredentialsNonExpired()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.User#isAccountNonLocked()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.User#isAccountNonExpired()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.User#isEnabled()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.User#User(String,String,Collection)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver#setTemplateMode(TemplateMode)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver#setSuffix(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver#setPrefix(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.w3c.dom.NodeList#getLength()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.w3c.dom.NodeList#item(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.w3c.dom.Node#getTextContent()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.w3c.dom.Node#getNodeName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.time.LocalDateTime#isBefore(ChronoLocalDateTime)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.HashMap#size()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Collection#contains(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.List#sort(Comparator)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.List#remove(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.ArrayList#sort(Comparator)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.ArrayList#clear()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Set#clear()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Set#containsAll(Collection)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Comparator#comparingLong(ToLongFunction)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Arrays#equals(byte\\[\\],byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Collections#reverse(List)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Enumeration#hasMoreElements()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Locale#getDefault()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Properties#containsKey(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Properties#load(InputStream)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Random#nextLong()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Random#nextInt()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Random#setSeed(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Boolean#valueOf(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Class#getAnnotationsByType(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Class#isAnnotationPresent(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Class#getResourceAsStream(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Class#getMethods()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.IllegalStateException#IllegalStateException(Throwable)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Integer#sum(int,int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Math#round(double)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Math#ceil(double)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Process#getInputStream()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Runtime#exec(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Runtime#getRuntime()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.String#valueOf(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.String#indexOf(String,int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.System#exit(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#writerWithDefaultPrettyPrinter()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#addMixIn(Class,Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.reflect.InvocationTargetException#getTargetException()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.reflect.Method#invoke(Object,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.reflect.Method#getReturnType()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.reflect.ParameterizedType#getActualTypeArguments()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.reflect.Proxy#newProxyInstance(ClassLoader,Class\\[\\],InvocationHandler)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.function.DoublePredicate#test(double)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.concurrent.Future#get()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.concurrent.ExecutorService#invokeAll(Collection)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.concurrent.Executors#newWorkStealingPool(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.concurrent.ThreadLocalRandom#nextDouble()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.concurrent.ThreadLocalRandom#current()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.Collectors#groupingBy(Function)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.Collectors#counting()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.IntStream#sum()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.IntStream#reduce(int,IntBinaryOperator)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.IntStream#forEach(IntConsumer)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.IntStream#mapToObj(IntFunction)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.Stream#count()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.google.common.collect.EvictingQueue#create(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.google.common.collect.Maps#newHashMap()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.nulabinc.zxcvbn.CrackTimeSeconds#getOnlineNoThrottling10perSecond()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.nulabinc.zxcvbn.Strength#getCrackTimeSeconds()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.nulabinc.zxcvbn.Strength#getGuesses()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.nulabinc.zxcvbn.Zxcvbn#measure(CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.ClaimJwtException#getClaims()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.Claims#setAudience(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.Claims#setSubject(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.Claims#setIssuer(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.Jwt#getHeader()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.JwtBuilder#addClaims(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.JwtBuilder#setHeader(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ExtractableResponse#header(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ResponseOptions#getStatusCode()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ResponseOptions#andReturn()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ResponseBodyData#asByteArray()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ValidatableResponseOptions#body(String,Matcher,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ValidatableResponseOptions#body(Matcher,Matcher\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.path.json.JsonPath#getObject(String,Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.specification.RequestSenderOptions#delete(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.specification.RequestSpecification#urlEncodingEnabled(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.specification.RequestSpecification#params(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.DataOutputStream#writeLong(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.DataOutputStream#DataOutputStream(OutputStream)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#mkdir()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#listFiles(FileFilter)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#delete()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#createNewFile()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#length()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#isFile()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.FileInputStream#FileInputStream(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.FilterOutputStream#close()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.ObjectInputStream#close()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.ObjectInputStream#defaultReadObject()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.ObjectOutputStream#close()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.ObjectOutputStream#ObjectOutputStream(OutputStream)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.PrintStream#println()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.net.InetAddress#getLocalHost()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.net.InetAddress#getHostAddress()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.net.URI#getHost()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.net.URI#getScheme()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.net.URL#toString()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.nio.charset.Charset#displayName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.Key#getEncoded()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyFactory#generatePrivate(KeySpec)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyFactory#getInstance(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyPair#getPrivate()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyPairGenerator#generateKeyPair()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyPairGenerator#initialize(AlgorithmParameterSpec)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyPairGenerator#getInstance(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.MessageDigest#digest(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.Signature#verify(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.Signature#sign()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.Signature#initSign(PrivateKey)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.Signature#initVerify(PublicKey)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.interfaces.RSAPublicKey#getPublicExponent()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.spec.PKCS8EncodedKeySpec#PKCS8EncodedKeySpec(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.spec.RSAKeyGenParameterSpec#RSAKeyGenParameterSpec(int,BigInteger)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.sql.Connection#commit()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.sql.ResultSet#getBoolean(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.sql.Wrapper#isWrapperFor(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.sql.Wrapper#unwrap(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.text.DecimalFormatSymbols#getInstance(Locale)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.text.DecimalFormat#setMaximumFractionDigits(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.text.DecimalFormat#DecimalFormat(String,DecimalFormatSymbols)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.text.NumberFormat#format(double)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.time.Instant#toEpochMilli()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.time.LocalDateTime#isAfter(ChronoLocalDateTime)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.time.LocalDateTime#minusMinutes(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.regex.Matcher#find()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipEntry#getName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipEntry#ZipEntry(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipFile#entries()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipFile#getInputStream(ZipEntry)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipFile#ZipFile(File)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipOutputStream#putNextEntry(ZipEntry)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipOutputStream#ZipOutputStream(OutputStream)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.servlet.ServletRequest#getContentType()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.servlet.http.Cookie#setMaxAge(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.servlet.http.HttpServletRequest#login(String,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.servlet.http.HttpServletRequest#getCookies()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.CommonDataSource#getParentLogger()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#getLoginTimeout()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#setLoginTimeout(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#setLogWriter(PrintWriter)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#getLogWriter()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#getConnection(String,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#getConnection()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.Diagnostic#getMessage(Locale)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.DiagnosticCollector#getDiagnostics()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.CompilationTask#call()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.SimpleJavaFileObject#SimpleJavaFileObject(URI,Kind)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.JavaCompiler#getStandardFileManager(DiagnosticListener,Locale,Charset)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.JavaCompiler#getTask(Writer,JavaFileManager,DiagnosticListener,Iterable,Iterable,Iterable)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.ToolProvider#getSystemJavaCompiler()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.bind.JAXBContext#createUnmarshaller()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.bind.JAXBContext#newInstance(Class\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.bind.Unmarshaller#unmarshal(XMLStreamReader)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.stream.XMLInputFactory#createXMLStreamReader(Reader)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.stream.XMLInputFactory#newInstance()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.xpath.XPathFactory#newXPath()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.xpath.XPathFactory#newInstance()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.apache.commons.lang3.RandomUtils#nextInt(int,int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.apache.commons.lang3.StringUtils#isNotEmpty(CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.asciidoctor.Factory#create()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.asciidoctor.Asciidoctor#javaExtensionRegistry()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.asciidoctor.Asciidoctor#convert(Reader,Writer,Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.asciidoctor.ast.PhraseNode#convert()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.asciidoctor.extension.BaseProcessor#createPhraseNode(ContentNode,String,String,Map,Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.flywaydb.core.Flyway#clean()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jws.JsonWebSignature#getEncodedPayload()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jws.JsonWebSignature#getCompactSerialization()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jws.JsonWebSignature#setPayload(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwt.consumer.JwtConsumer#processToClaims(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwt.consumer.JwtConsumerBuilder#build()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwt.consumer.JwtConsumerBuilder#setRelaxVerificationKeyValidation()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwt.consumer.JwtConsumerBuilder#setVerificationKey(Key)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwt.consumer.JwtConsumerBuilder#setSkipAllValidators()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.CompactSerializer#serialize(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.Headers#getEncodedHeader()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.JsonWebStructure#setDoKeyValidation(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.JsonWebStructure#setKey(Key)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.JsonWebStructure#setHeader(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.JsonWebStructure#getHeaders()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jsoup.Jsoup#parse(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jsoup.parser.Parser#unescapeEntities(String,boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.http.HttpMethod#matches(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.http.ResponseEntity#notFound()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.http.ResponseEntity#status(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.data.repository.CrudRepository#deleteAll()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.owasp.webgoat.lessons.challenges.Flag#number()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.util.FileSystemUtils#deleteRecursively(File)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.slf4j.LoggerFactory#getLogger(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.context.ApplicationContext#getApplicationName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.actuate.trace.http.HttpTrace#getTimestamp()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.autoconfigure.jdbc.DataSourceProperties#getPassword()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.autoconfigure.jdbc.DataSourceProperties#getUsername()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.autoconfigure.jdbc.DataSourceProperties#getUrl()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#sibling(Class\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#parent(Class\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#child(Class\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#run(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#SpringApplicationBuilder(Class\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.context.support.AbstractMessageSource#setParentMessageSource(MessageSource)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.context.support.PropertiesHolder#PropertiesHolder(Properties,long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.context.support.ReloadableResourceBundleMessageSource#refreshProperties(String,PropertiesHolder)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.core.io.Resource#getURI()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.core.io.Resource#getURL()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.http.converter.json.MappingJacksonValue#MappingJacksonValue(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate#update(String,SqlParameterSource)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate#query(String,RowMapper)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate#query(String,SqlParameterSource,RowMapper)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate#NamedParameterJdbcTemplate(DataSource)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.datasource.AbstractDriverBasedDataSource#setPassword(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.datasource.AbstractDriverBasedDataSource#setUsername(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.datasource.DriverManagerDataSource#setDriverClassName(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#antMatchers(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#exceptionHandling()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#headers()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer#failureUrl(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer#authenticationEntryPoint(AuthenticationEntryPoint)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer#passwordParameter(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer#usernameParameter(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.CacheControlConfig#disable()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.HeadersConfigurer#cacheControl()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.LogoutConfigurer#deleteCookies(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.LogoutConfigurer#permitAll()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.LogoutConfigurer#invalidateHttpSession(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.core.userdetails.User#hashCode()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.core.userdetails.User#equals(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.core.authority.SimpleGrantedAuthority#SimpleGrantedAuthority(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.crypto.codec.Hex#decode(CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.crypto.codec.Hex#encode(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint#commence(HttpServletRequest,HttpServletResponse,AuthenticationException)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint#LoginUrlAuthenticationEntryPoint(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.RequestMapping#path()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.RequestMapping#value()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.GetMapping#value()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.GetMapping#path()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.PostMapping#value()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.PostMapping#path()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.PutMapping#path()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.PutMapping#value()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.multipart.MultipartFile#transferTo(File)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.multipart.MultipartFile#isEmpty()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.servlet.LocaleResolver#resolveLocale(HttpServletRequest)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.servlet.ModelAndView#ModelAndView(View,Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.servlet.config.annotation.InterceptorRegistry#addInterceptor(HandlerInterceptor)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.servlet.i18n.LocaleChangeInterceptor#setParamName(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.servlet.view.RedirectView#RedirectView(String,boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.TemplateEngine#setTemplateResolvers(Set)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.TemplateEngine#addDialect(IDialect)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.spring5.SpringTemplateEngine#setEnableSpringELCompiler(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.spring5.templateresolver.SpringResourceTemplateResolver#setApplicationContext(ApplicationContext)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.spring5.view.ThymeleafViewResolver#setCharacterEncoding(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.spring5.view.ThymeleafViewResolver#setTemplateEngine(ISpringTemplateEngine)"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":5571,"message":{"text":"Number of files"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":31145,"message":{"text":"Total number of lines"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":20314,"message":{"text":"Number of lines of code"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":15,"message":{"text":"Number of files with extension xml"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":75,"message":{"text":"Number of files with extension jar"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":349,"message":{"text":"Number of files with extension java"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":5131,"message":{"text":"Number of files with extension class"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":3925,"message":{"text":"Total number of lines with extension xml"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":27220,"message":{"text":"Total number of lines with extension java"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":3925,"message":{"text":"Number of lines of code with extension xml"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":16389,"message":{"text":"Number of lines of code with extension java"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":2,"message":{"text":"Number of diagnostics from CodeQL Java extractor with severity 2"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":75,"message":{"text":"Number of diagnostics from CodeQL Java extractor with severity 3"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":3,"message":{"text":"Number of diagnostics from CodeQL Java extractor with severity 4"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":80,"message":{"text":"Total number of diagnostics from CodeQL Java extractor"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":15,"message":{"text":"javax.servlet.http.HttpServletRequest#getHeader(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":5,"message":{"text":"org.springframework.web.multipart.MultipartFile#getOriginalFilename()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":4,"message":{"text":"org.springframework.web.client.RestTemplate#postForEntity(String,Object,Class,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":4,"message":{"text":"javax.servlet.http.HttpServletRequest#getRequestURL()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":4,"message":{"text":"javax.servlet.ServletRequest#getParameter(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":2,"message":{"text":"org.springframework.web.multipart.MultipartFile#getBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":1,"message":{"text":"javax.servlet.ServletRequest#getParameterNames()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":1,"message":{"text":"javax.servlet.http.Cookie#getValue()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":1,"message":{"text":"javax.servlet.http.Cookie#getName()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":1,"message":{"text":"javax.servlet.http.HttpServletRequest#getQueryString()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":1,"message":{"text":"org.springframework.web.client.RestTemplate#exchange(String,HttpMethod,HttpEntity,Class,Object\\[\\])"}}],"semmle.formatSpecifier":"sarif-latest"}}]}
\ No newline at end of file
+{"$schema":"https://json.schemastore.org/sarif-2.1.0.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"CodeQL","organization":"GitHub","semanticVersion":"2.12.2","notifications":[{"id":"java/baseline/expected-extracted-files","name":"java/baseline/expected-extracted-files","shortDescription":{"text":"Expected extracted files"},"fullDescription":{"text":"Files appearing in the source archive that are expected to be extracted."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["expected-extracted-files","telemetry"]}},{"id":"js/baseline/expected-extracted-files","name":"js/baseline/expected-extracted-files","shortDescription":{"text":"Expected extracted files"},"fullDescription":{"text":"Files appearing in the source archive that are expected to be extracted."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["expected-extracted-files","telemetry"]}}],"rules":[]},"extensions":[{"name":"codeql/java-all","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-all/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-all/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/javascript-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/java-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/cpp-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/regex","semanticVersion":"0.0.6+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/regex/0.0.6/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/regex/0.0.6/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/csharp-queries","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-queries/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-queries/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/tutorial","semanticVersion":"0.0.3+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/tutorial/0.0.3/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/tutorial/0.0.3/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/ssa","semanticVersion":"0.0.10+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ssa/0.0.10/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ssa/0.0.10/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/util","semanticVersion":"0.0.3+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/util/0.0.3/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/util/0.0.3/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/ruby-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/typos","semanticVersion":"0.0.10+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/typos/0.0.10/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/typos/0.0.10/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/ruby-all","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-all/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-all/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/csharp-all","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-all/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-all/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/javascript-all","semanticVersion":"0.4.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-all/0.4.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-all/0.4.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/python-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/csharp-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/csharp-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"legacy-upgrades","semanticVersion":"0.0.0","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/legacy-upgrades/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/legacy-upgrades/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/go-all","semanticVersion":"0.4.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-all/0.4.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-all/0.4.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/java-queries","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","notifications":[{"id":"java/diagnostics/extraction-errors","name":"java/diagnostics/extraction-errors","shortDescription":{"text":"Extraction errors"},"fullDescription":{"text":"A list of extraction errors for files in the source code directory."},"defaultConfiguration":{"enabled":true},"properties":{"description":"A list of extraction errors for files in the source code directory.","id":"java/diagnostics/extraction-errors","kind":"diagnostic","name":"Extraction errors"}},{"id":"java/diagnostics/successfully-extracted-files","name":"java/diagnostics/successfully-extracted-files","shortDescription":{"text":"Successfully extracted files"},"fullDescription":{"text":"A list of all files in the source code directory that were extracted without encountering an error in the file."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["successfully-extracted-files"],"description":"A list of all files in the source code directory that\n              were extracted without encountering an error in the file.","id":"java/diagnostics/successfully-extracted-files","kind":"diagnostic","name":"Successfully extracted files"}},{"id":"java/diagnostics/extraction-warnings","name":"java/diagnostics/extraction-warnings","shortDescription":{"text":"Extraction warnings"},"fullDescription":{"text":"A list of extraction warnings for files in the source code directory."},"defaultConfiguration":{"enabled":true},"properties":{"description":"A list of extraction warnings for files in the source code directory.","id":"java/diagnostics/extraction-warnings","kind":"diagnostic","name":"Extraction warnings"}}],"rules":[{"id":"java/implicit-cast-in-compound-assignment","name":"java/implicit-cast-in-compound-assignment","shortDescription":{"text":"Implicit narrowing conversion in compound assignment"},"fullDescription":{"text":"Compound assignment statements (for example 'intvar += longvar') that implicitly cast a value of a wider type to a narrower type may result in information loss and numeric errors such as overflows."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Implicit narrowing conversion in compound assignment\nCompound assignment statements of the form `x += y` or `x *= y` perform an implicit narrowing conversion if the type of `x` is narrower than the type of `y`. For example, `x += y` is equivalent to `x = (T)(x + y)`, where `T` is the type of `x`. This can result in information loss and numeric errors such as overflows.\n\n\n## Recommendation\nEnsure that the type of the left-hand side of the compound assignment statement is at least as wide as the type of the right-hand side.\n\n\n## Example\nIf `x` is of type `short` and `y` is of type `int`, the expression `x + y` is of type `int`. However, the expression `x += y` is equivalent to `x = (short) (x + y)`. The expression `x + y` is cast to the type of the left-hand side of the assignment: `short`, possibly leading to information loss.\n\nTo avoid implicitly narrowing the type of `x + y`, change the type of `x` to `int`. Then the types of `x` and `x + y` are both `int` and there is no need for an implicit cast.\n\n\n## References\n* J. Bloch and N. Gafter, *Java Puzzlers: Traps, Pitfalls, and Corner Cases*, Puzzle 9. Addison-Wesley, 2005.\n* Java Language Specification: [Compound Assignment Operators](https://docs.oracle.com/javase/specs/jls/se11/html/jls-15.html#jls-15.26.2), [Narrowing Primitive Conversion](https://docs.oracle.com/javase/specs/jls/se11/html/jls-5.html#jls-5.1.3).\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-192](https://cwe.mitre.org/data/definitions/192.html).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n* Common Weakness Enumeration: [CWE-681](https://cwe.mitre.org/data/definitions/681.html).\n","markdown":"# Implicit narrowing conversion in compound assignment\nCompound assignment statements of the form `x += y` or `x *= y` perform an implicit narrowing conversion if the type of `x` is narrower than the type of `y`. For example, `x += y` is equivalent to `x = (T)(x + y)`, where `T` is the type of `x`. This can result in information loss and numeric errors such as overflows.\n\n\n## Recommendation\nEnsure that the type of the left-hand side of the compound assignment statement is at least as wide as the type of the right-hand side.\n\n\n## Example\nIf `x` is of type `short` and `y` is of type `int`, the expression `x + y` is of type `int`. However, the expression `x += y` is equivalent to `x = (short) (x + y)`. The expression `x + y` is cast to the type of the left-hand side of the assignment: `short`, possibly leading to information loss.\n\nTo avoid implicitly narrowing the type of `x + y`, change the type of `x` to `int`. Then the types of `x` and `x + y` are both `int` and there is no need for an implicit cast.\n\n\n## References\n* J. Bloch and N. Gafter, *Java Puzzlers: Traps, Pitfalls, and Corner Cases*, Puzzle 9. Addison-Wesley, 2005.\n* Java Language Specification: [Compound Assignment Operators](https://docs.oracle.com/javase/specs/jls/se11/html/jls-15.html#jls-15.26.2), [Narrowing Primitive Conversion](https://docs.oracle.com/javase/specs/jls/se11/html/jls-5.html#jls-5.1.3).\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-192](https://cwe.mitre.org/data/definitions/192.html).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n* Common Weakness Enumeration: [CWE-681](https://cwe.mitre.org/data/definitions/681.html).\n"},"properties":{"tags":["reliability","security","external/cwe/cwe-190","external/cwe/cwe-192","external/cwe/cwe-197","external/cwe/cwe-681"],"description":"Compound assignment statements (for example 'intvar += longvar') that implicitly\n              cast a value of a wider type to a narrower type may result in information loss and\n              numeric errors such as overflows.","id":"java/implicit-cast-in-compound-assignment","kind":"problem","name":"Implicit narrowing conversion in compound assignment","precision":"very-high","problem.severity":"warning","security-severity":"8.1"}},{"id":"java/predictable-seed","name":"java/predictable-seed","shortDescription":{"text":"Use of a predictable seed in a secure random number generator"},"fullDescription":{"text":"Using a predictable seed in a pseudo-random number generator can lead to predictability of the numbers generated by it."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Use of a predictable seed in a secure random number generator\nUsing a predictable seed in a pseudo-random number generator can lead to predictability of the numbers generated by it.\n\n\n## Recommendation\nIf the predictability of the pseudo-random number generator does not matter then consider using the faster `Random` class from `java.util`. If it is important that the pseudo-random number generator produces completely unpredictable values then either let the generator securely seed itself by not specifying a seed or specify a randomly generated, unpredictable seed.\n\n\n## Example\nIn the first example shown here, a constant value is used as a seed. Depending on the implementation of ` SecureRandom`, this could lead to the same random number being generated each time the code is executed.\n\nIn the second example shown here, the system time is used as a seed. Depending on the implementation of ` SecureRandom`, if an attacker knows what time the code was run, they could predict the generated random number.\n\nIn the third example shown here, the random number generator is allowed to generate its own seed, which it will do in a secure way.\n\n\n```java\nSecureRandom prng = new SecureRandom();\nint randomData = 0;\n\n// BAD: Using a constant value as a seed for a random number generator means all numbers it generates are predictable.\nprng.setSeed(12345L);\nrandomData = prng.next(32);\n\n// BAD: System.currentTimeMillis() returns the system time which is predictable.\nprng.setSeed(System.currentTimeMillis());\nrandomData = prng.next(32);\n\n// GOOD: SecureRandom implementations seed themselves securely by default.\nprng = new SecureRandom();\nrandomData = prng.next(32);\n\n```\n\n## References\n* Common Weakness Enumeration: [CWE-335](https://cwe.mitre.org/data/definitions/335.html).\n* Common Weakness Enumeration: [CWE-337](https://cwe.mitre.org/data/definitions/337.html).\n","markdown":"# Use of a predictable seed in a secure random number generator\nUsing a predictable seed in a pseudo-random number generator can lead to predictability of the numbers generated by it.\n\n\n## Recommendation\nIf the predictability of the pseudo-random number generator does not matter then consider using the faster `Random` class from `java.util`. If it is important that the pseudo-random number generator produces completely unpredictable values then either let the generator securely seed itself by not specifying a seed or specify a randomly generated, unpredictable seed.\n\n\n## Example\nIn the first example shown here, a constant value is used as a seed. Depending on the implementation of ` SecureRandom`, this could lead to the same random number being generated each time the code is executed.\n\nIn the second example shown here, the system time is used as a seed. Depending on the implementation of ` SecureRandom`, if an attacker knows what time the code was run, they could predict the generated random number.\n\nIn the third example shown here, the random number generator is allowed to generate its own seed, which it will do in a secure way.\n\n\n```java\nSecureRandom prng = new SecureRandom();\nint randomData = 0;\n\n// BAD: Using a constant value as a seed for a random number generator means all numbers it generates are predictable.\nprng.setSeed(12345L);\nrandomData = prng.next(32);\n\n// BAD: System.currentTimeMillis() returns the system time which is predictable.\nprng.setSeed(System.currentTimeMillis());\nrandomData = prng.next(32);\n\n// GOOD: SecureRandom implementations seed themselves securely by default.\nprng = new SecureRandom();\nrandomData = prng.next(32);\n\n```\n\n## References\n* Common Weakness Enumeration: [CWE-335](https://cwe.mitre.org/data/definitions/335.html).\n* Common Weakness Enumeration: [CWE-337](https://cwe.mitre.org/data/definitions/337.html).\n"},"properties":{"tags":["security","external/cwe/cwe-335","external/cwe/cwe-337","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using a predictable seed in a pseudo-random number generator can lead to predictability of the numbers generated by it.","id":"java/predictable-seed","kind":"problem","name":"Use of a predictable seed in a secure random number generator","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/android/intent-uri-permission-manipulation","name":"java/android/intent-uri-permission-manipulation","shortDescription":{"text":"Intent URI permission manipulation"},"fullDescription":{"text":"Returning an externally provided Intent via 'setResult' may allow a malicious application to access arbitrary content providers of the vulnerable application."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Intent URI permission manipulation\nWhen an Android component expects a result from an Activity, `startActivityForResult` can be used. The started Activity can then use `setResult` to return the appropriate data to the calling component.\n\nIf an Activity obtains the incoming, user-provided Intent and directly returns it via `setResult` without any checks, the application may be unintentionally giving arbitrary access to its content providers, even if they are not exported, as long as they are configured with the attribute `android:grantUriPermissions=\"true\"`. This happens because the attacker adds the appropriate URI permission flags to the provided Intent, which take effect once the Intent is reflected back.\n\n\n## Recommendation\nAvoid returning user-provided or untrusted Intents via `setResult`. Use a new Intent instead.\n\nIf it is required to use the received Intent, make sure that it does not contain URI permission flags, either by checking them with `Intent.getFlags` or removing them with `Intent.removeFlags`.\n\n\n## Example\nThe following sample contains three examples. In the first example, a user-provided Intent is obtained and directly returned back with `setResult`, which is dangerous. In the second example, a new Intent is created to safely return the desired data. The third example shows how the obtained Intent can be sanitized by removing dangerous flags before using it to return data to the calling component.\n\n\n```java\npublic class IntentUriPermissionManipulation extends Activity {\n\n    // BAD: the user-provided Intent is returned as-is\n    public void dangerous() {\n        Intent intent = getIntent();\n        intent.putExtra(\"result\", \"resultData\");\n        setResult(intent);\n    }\n\n    // GOOD: a new Intent is created and returned\n    public void safe() {\n        Intent intent = new Intent();\n        intent.putExtra(\"result\", \"resultData\");\n        setResult(intent);\n    }\n\n    // GOOD: the user-provided Intent is sanitized before being returned\n    public void sanitized() {\n        Intent intent = getIntent();\n        intent.putExtra(\"result\", \"resultData\");\n        intent.removeFlags(\n                Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_READ_URI_PERMISSION);\n        setResult(intent);\n    }\n}\n\n```\n\n## References\n* Google Help: [Remediation for Intent Redirection Vulnerability](https://support.google.com/faqs/answer/9267555?hl=en).\n* Common Weakness Enumeration: [CWE-266](https://cwe.mitre.org/data/definitions/266.html).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n","markdown":"# Intent URI permission manipulation\nWhen an Android component expects a result from an Activity, `startActivityForResult` can be used. The started Activity can then use `setResult` to return the appropriate data to the calling component.\n\nIf an Activity obtains the incoming, user-provided Intent and directly returns it via `setResult` without any checks, the application may be unintentionally giving arbitrary access to its content providers, even if they are not exported, as long as they are configured with the attribute `android:grantUriPermissions=\"true\"`. This happens because the attacker adds the appropriate URI permission flags to the provided Intent, which take effect once the Intent is reflected back.\n\n\n## Recommendation\nAvoid returning user-provided or untrusted Intents via `setResult`. Use a new Intent instead.\n\nIf it is required to use the received Intent, make sure that it does not contain URI permission flags, either by checking them with `Intent.getFlags` or removing them with `Intent.removeFlags`.\n\n\n## Example\nThe following sample contains three examples. In the first example, a user-provided Intent is obtained and directly returned back with `setResult`, which is dangerous. In the second example, a new Intent is created to safely return the desired data. The third example shows how the obtained Intent can be sanitized by removing dangerous flags before using it to return data to the calling component.\n\n\n```java\npublic class IntentUriPermissionManipulation extends Activity {\n\n    // BAD: the user-provided Intent is returned as-is\n    public void dangerous() {\n        Intent intent = getIntent();\n        intent.putExtra(\"result\", \"resultData\");\n        setResult(intent);\n    }\n\n    // GOOD: a new Intent is created and returned\n    public void safe() {\n        Intent intent = new Intent();\n        intent.putExtra(\"result\", \"resultData\");\n        setResult(intent);\n    }\n\n    // GOOD: the user-provided Intent is sanitized before being returned\n    public void sanitized() {\n        Intent intent = getIntent();\n        intent.putExtra(\"result\", \"resultData\");\n        intent.removeFlags(\n                Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_READ_URI_PERMISSION);\n        setResult(intent);\n    }\n}\n\n```\n\n## References\n* Google Help: [Remediation for Intent Redirection Vulnerability](https://support.google.com/faqs/answer/9267555?hl=en).\n* Common Weakness Enumeration: [CWE-266](https://cwe.mitre.org/data/definitions/266.html).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n"},"properties":{"tags":["security","external/cwe/cwe-266","external/cwe/cwe-926","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Returning an externally provided Intent via 'setResult' may allow a malicious\n              application to access arbitrary content providers of the vulnerable application.","id":"java/android/intent-uri-permission-manipulation","kind":"path-problem","name":"Intent URI permission manipulation","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"java/android/debuggable-attribute-enabled","name":"java/android/debuggable-attribute-enabled","shortDescription":{"text":"Android debuggable attribute enabled"},"fullDescription":{"text":"An enabled debugger can allow for entry points in the application or reveal sensitive information."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android debuggable attribute enabled\nThe Android manifest file defines configuration settings for Android applications. In this file, the `android:debuggable` attribute of the `application` element can be used to define whether or not the application can be debugged. When set to `true`, this attribute will allow the application to be debugged even when running on a device in user mode.\n\nWhen a debugger is enabled, it could allow for entry points in the application or reveal sensitive information. As a result, `android:debuggable` should only be enabled during development and should be disabled in production builds.\n\n\n## Recommendation\nIn Android applications, either set the `android:debuggable` attribute to `false`, or do not include it in the manifest. The default value, when not included, is `false`.\n\n\n## Example\nIn the example below, the `android:debuggable` attribute is set to `true`.\n\n\n```xml\n<manifest ... >\n    <!-- BAD: 'android:debuggable' set to 'true' -->\n    <application\n        android:debuggable=\"true\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\nThe corrected version sets the `android:debuggable` attribute to `false`.\n\n\n```xml\n<manifest ... >\n    <!-- GOOD: 'android:debuggable' set to 'false' -->\n    <application\n        android:debuggable=\"false\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Developers: [App Manifest Overview](https://developer.android.com/guide/topics/manifest/manifest-intro).\n* Android Developers: [The android:debuggable attribute](https://developer.android.com/guide/topics/manifest/application-element#debug).\n* Android Developers: [Enable debugging](https://developer.android.com/studio/debug#enable-debug).\n* Common Weakness Enumeration: [CWE-489](https://cwe.mitre.org/data/definitions/489.html).\n","markdown":"# Android debuggable attribute enabled\nThe Android manifest file defines configuration settings for Android applications. In this file, the `android:debuggable` attribute of the `application` element can be used to define whether or not the application can be debugged. When set to `true`, this attribute will allow the application to be debugged even when running on a device in user mode.\n\nWhen a debugger is enabled, it could allow for entry points in the application or reveal sensitive information. As a result, `android:debuggable` should only be enabled during development and should be disabled in production builds.\n\n\n## Recommendation\nIn Android applications, either set the `android:debuggable` attribute to `false`, or do not include it in the manifest. The default value, when not included, is `false`.\n\n\n## Example\nIn the example below, the `android:debuggable` attribute is set to `true`.\n\n\n```xml\n<manifest ... >\n    <!-- BAD: 'android:debuggable' set to 'true' -->\n    <application\n        android:debuggable=\"true\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\nThe corrected version sets the `android:debuggable` attribute to `false`.\n\n\n```xml\n<manifest ... >\n    <!-- GOOD: 'android:debuggable' set to 'false' -->\n    <application\n        android:debuggable=\"false\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Developers: [App Manifest Overview](https://developer.android.com/guide/topics/manifest/manifest-intro).\n* Android Developers: [The android:debuggable attribute](https://developer.android.com/guide/topics/manifest/application-element#debug).\n* Android Developers: [Enable debugging](https://developer.android.com/studio/debug#enable-debug).\n* Common Weakness Enumeration: [CWE-489](https://cwe.mitre.org/data/definitions/489.html).\n"},"properties":{"tags":["security","external/cwe/cwe-489"],"description":"An enabled debugger can allow for entry points in the application or reveal sensitive information.","id":"java/android/debuggable-attribute-enabled","kind":"problem","name":"Android debuggable attribute enabled","precision":"very-high","problem.severity":"warning","security-severity":"7.2"}},{"id":"java/android/webview-debugging-enabled","name":"java/android/webview-debugging-enabled","shortDescription":{"text":"Android Webview debugging enabled"},"fullDescription":{"text":"Enabling Webview debugging in production builds can expose entry points or leak sensitive information."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android Webview debugging enabled\nThe `WebView.setWebContentsDebuggingEnabled` method enables or disables the contents of any `WebView` in the application to be debugged.\n\nYou should only enable debugging features during development. When you create a production build, you should disable it. If you enable debugging features, this can make your code vulnerable by adding entry points, or leaking sensitive information.\n\n\n## Recommendation\nEnsure that debugging features are not enabled in production builds, such as by guarding calls to `WebView.setWebContentsDebuggingEnabled(true)` by a flag that is only enabled in debug builds.\n\n\n## Example\nIn the first (bad) example, WebView debugging is always enabled. whereas the GOOD case only enables it if the `android:debuggable` attribute is set to `true`.\n\n\n```java\n// BAD - debugging is always enabled \nWebView.setWebContentsDebuggingEnabled(true);\n\n// GOOD - debugging is only enabled when this is a debug build, as indicated by the debuggable flag being set.\nif (0 != (getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE)) {\n    WebView.setWebContentsDebuggingEnabled(true);\n}\n```\n\n## References\n* Android Developers: [setWebContentsDebuggingEnabled](https://developer.android.com/reference/android/webkit/WebView.html#setWebContentsDebuggingEnabled(boolean)).\n* Android Developers: [Remote debugging WebViews](https://developer.chrome.com/docs/devtools/remote-debugging/webviews/).\n* Common Weakness Enumeration: [CWE-489](https://cwe.mitre.org/data/definitions/489.html).\n","markdown":"# Android Webview debugging enabled\nThe `WebView.setWebContentsDebuggingEnabled` method enables or disables the contents of any `WebView` in the application to be debugged.\n\nYou should only enable debugging features during development. When you create a production build, you should disable it. If you enable debugging features, this can make your code vulnerable by adding entry points, or leaking sensitive information.\n\n\n## Recommendation\nEnsure that debugging features are not enabled in production builds, such as by guarding calls to `WebView.setWebContentsDebuggingEnabled(true)` by a flag that is only enabled in debug builds.\n\n\n## Example\nIn the first (bad) example, WebView debugging is always enabled. whereas the GOOD case only enables it if the `android:debuggable` attribute is set to `true`.\n\n\n```java\n// BAD - debugging is always enabled \nWebView.setWebContentsDebuggingEnabled(true);\n\n// GOOD - debugging is only enabled when this is a debug build, as indicated by the debuggable flag being set.\nif (0 != (getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE)) {\n    WebView.setWebContentsDebuggingEnabled(true);\n}\n```\n\n## References\n* Android Developers: [setWebContentsDebuggingEnabled](https://developer.android.com/reference/android/webkit/WebView.html#setWebContentsDebuggingEnabled(boolean)).\n* Android Developers: [Remote debugging WebViews](https://developer.chrome.com/docs/devtools/remote-debugging/webviews/).\n* Common Weakness Enumeration: [CWE-489](https://cwe.mitre.org/data/definitions/489.html).\n"},"properties":{"tags":["security","external/cwe/cwe-489"],"description":"Enabling Webview debugging in production builds can expose entry points or leak sensitive information.","id":"java/android/webview-debugging-enabled","kind":"path-problem","name":"Android Webview debugging enabled","precision":"high","problem.severity":"warning","security-severity":"7.2"}},{"id":"java/tainted-permissions-check","name":"java/tainted-permissions-check","shortDescription":{"text":"User-controlled data used in permissions check"},"fullDescription":{"text":"Using user-controlled data in a permissions check may result in inappropriate permissions being granted."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# User-controlled data used in permissions check\nUsing user-controlled data in a permissions check may allow a user to gain unauthorized access to protected functionality or data.\n\n\n## Recommendation\nWhen checking whether a user is authorized for a particular activity, do not use data that is controlled by that user in the permissions check. If necessary, always validate the input, ideally against a fixed list of expected values.\n\nSimilarly, do not decide which permission to check for based on user data. In particular, avoid using computation to decide which permissions to check for. Use fixed permissions for particular actions, rather than generating the permission to check for.\n\n\n## Example\nThis example, using the Apache Shiro security framework, shows two ways to specify the permissions to check. The first way uses a string, `whatDoTheyWantToDo`, to specify the permissions to check. However, this string is built from user input. This can allow an attacker to force a check against a permission that they know they have, rather than the permission that should be checked. For example, while trying to access the account details of another user, the attacker could force the system to check whether they had permissions to access their *own* account details, which is incorrect, and would allow them to perform the action. The second, more secure way uses a fixed check that does not depend on data that is controlled by the user.\n\n\n```java\npublic static void main(String[] args) {\n\tString whatDoTheyWantToDo = args[0];\n\tSubject subject = SecurityUtils.getSubject();\n\n\t// BAD: permissions decision made using tainted data\n\tif(subject.isPermitted(\"domain:sublevel:\" + whatDoTheyWantToDo))\n\t\tdoIt();\n\n\t// GOOD: use fixed checks\n\tif(subject.isPermitted(\"domain:sublevel:whatTheMethodDoes\"))\n\t\tdoIt();\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SEC02-J. Do not base security checks on untrusted sources](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources).\n* Common Weakness Enumeration: [CWE-807](https://cwe.mitre.org/data/definitions/807.html).\n* Common Weakness Enumeration: [CWE-290](https://cwe.mitre.org/data/definitions/290.html).\n","markdown":"# User-controlled data used in permissions check\nUsing user-controlled data in a permissions check may allow a user to gain unauthorized access to protected functionality or data.\n\n\n## Recommendation\nWhen checking whether a user is authorized for a particular activity, do not use data that is controlled by that user in the permissions check. If necessary, always validate the input, ideally against a fixed list of expected values.\n\nSimilarly, do not decide which permission to check for based on user data. In particular, avoid using computation to decide which permissions to check for. Use fixed permissions for particular actions, rather than generating the permission to check for.\n\n\n## Example\nThis example, using the Apache Shiro security framework, shows two ways to specify the permissions to check. The first way uses a string, `whatDoTheyWantToDo`, to specify the permissions to check. However, this string is built from user input. This can allow an attacker to force a check against a permission that they know they have, rather than the permission that should be checked. For example, while trying to access the account details of another user, the attacker could force the system to check whether they had permissions to access their *own* account details, which is incorrect, and would allow them to perform the action. The second, more secure way uses a fixed check that does not depend on data that is controlled by the user.\n\n\n```java\npublic static void main(String[] args) {\n\tString whatDoTheyWantToDo = args[0];\n\tSubject subject = SecurityUtils.getSubject();\n\n\t// BAD: permissions decision made using tainted data\n\tif(subject.isPermitted(\"domain:sublevel:\" + whatDoTheyWantToDo))\n\t\tdoIt();\n\n\t// GOOD: use fixed checks\n\tif(subject.isPermitted(\"domain:sublevel:whatTheMethodDoes\"))\n\t\tdoIt();\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SEC02-J. Do not base security checks on untrusted sources](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources).\n* Common Weakness Enumeration: [CWE-807](https://cwe.mitre.org/data/definitions/807.html).\n* Common Weakness Enumeration: [CWE-290](https://cwe.mitre.org/data/definitions/290.html).\n"},"properties":{"tags":["security","external/cwe/cwe-807","external/cwe/cwe-290","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Using user-controlled data in a permissions check may result in inappropriate\n              permissions being granted.","id":"java/tainted-permissions-check","kind":"path-problem","name":"User-controlled data used in permissions check","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"java/static-initialization-vector","name":"java/static-initialization-vector","shortDescription":{"text":"Using a static initialization vector for encryption"},"fullDescription":{"text":"An initialization vector (IV) used for ciphers of certain modes (such as CBC or GCM) should be unique and unpredictable, to maximize encryption and prevent dictionary attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Using a static initialization vector for encryption\nWhen a cipher is used in certain modes such as CBC or GCM, it requires an initialization vector (IV). Under the same secret key, IVs should be unique and ideally unpredictable. If the same IV is used with the same secret key, then the same plaintext results in the same ciphertext. This can let an attacker learn if the same data pieces are transferred or stored, or help the attacker run a dictionary attack.\n\n\n## Recommendation\nUse a random IV generated by `SecureRandom`.\n\n\n## Example\nThe following example initializes a cipher with a static IV, which is unsafe:\n\n\n```java\nbyte[] iv = new byte[16]; // all zeroes\nGCMParameterSpec params = new GCMParameterSpec(128, iv);\nCipher cipher = Cipher.getInstance(\"AES/GCM/PKCS5PADDING\");\ncipher.init(Cipher.ENCRYPT_MODE, key, params);\n```\nThe next example initializes a cipher with a random IV:\n\n\n```java\nbyte[] iv = new byte[16];\nSecureRandom random = SecureRandom.getInstanceStrong();\nrandom.nextBytes(iv);\nGCMParameterSpec params = new GCMParameterSpec(128, iv);\nCipher cipher = Cipher.getInstance(\"AES/GCM/PKCS5PADDING\");\ncipher.init(Cipher.ENCRYPT_MODE, key, params);\n```\n\n## References\n* Wikipedia: [Initialization vector](https://en.wikipedia.org/wiki/Initialization_vector).\n* National Institute of Standards and Technology: [Recommendation for Block Cipher Modes of Operation](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf).\n* National Institute of Standards and Technology: [FIPS 140-2: Security Requirements for Cryptographic Modules](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf).\n* Common Weakness Enumeration: [CWE-329](https://cwe.mitre.org/data/definitions/329.html).\n* Common Weakness Enumeration: [CWE-1204](https://cwe.mitre.org/data/definitions/1204.html).\n","markdown":"# Using a static initialization vector for encryption\nWhen a cipher is used in certain modes such as CBC or GCM, it requires an initialization vector (IV). Under the same secret key, IVs should be unique and ideally unpredictable. If the same IV is used with the same secret key, then the same plaintext results in the same ciphertext. This can let an attacker learn if the same data pieces are transferred or stored, or help the attacker run a dictionary attack.\n\n\n## Recommendation\nUse a random IV generated by `SecureRandom`.\n\n\n## Example\nThe following example initializes a cipher with a static IV, which is unsafe:\n\n\n```java\nbyte[] iv = new byte[16]; // all zeroes\nGCMParameterSpec params = new GCMParameterSpec(128, iv);\nCipher cipher = Cipher.getInstance(\"AES/GCM/PKCS5PADDING\");\ncipher.init(Cipher.ENCRYPT_MODE, key, params);\n```\nThe next example initializes a cipher with a random IV:\n\n\n```java\nbyte[] iv = new byte[16];\nSecureRandom random = SecureRandom.getInstanceStrong();\nrandom.nextBytes(iv);\nGCMParameterSpec params = new GCMParameterSpec(128, iv);\nCipher cipher = Cipher.getInstance(\"AES/GCM/PKCS5PADDING\");\ncipher.init(Cipher.ENCRYPT_MODE, key, params);\n```\n\n## References\n* Wikipedia: [Initialization vector](https://en.wikipedia.org/wiki/Initialization_vector).\n* National Institute of Standards and Technology: [Recommendation for Block Cipher Modes of Operation](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf).\n* National Institute of Standards and Technology: [FIPS 140-2: Security Requirements for Cryptographic Modules](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf).\n* Common Weakness Enumeration: [CWE-329](https://cwe.mitre.org/data/definitions/329.html).\n* Common Weakness Enumeration: [CWE-1204](https://cwe.mitre.org/data/definitions/1204.html).\n"},"properties":{"tags":["security","external/cwe/cwe-329","external/cwe/cwe-1204","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"An initialization vector (IV) used for ciphers of certain modes (such as CBC or GCM) should be unique and unpredictable, to maximize encryption and prevent dictionary attacks.","id":"java/static-initialization-vector","kind":"path-problem","name":"Using a static initialization vector for encryption","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/cleartext-storage-in-cookie","name":"java/cleartext-storage-in-cookie","shortDescription":{"text":"Cleartext storage of sensitive information in cookie"},"fullDescription":{"text":"Storing sensitive information in cleartext can expose it to an attacker."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Cleartext storage of sensitive information in cookie\nSensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.\n\n\n## Recommendation\nEnsure that sensitive information is always encrypted before being stored. It may be wise to encrypt information before it is put into a heap data structure (such as `Java.util.Properties`) that may be written to disk later. Objects that are serializable or marshallable should also always contain encrypted information unless you are certain that they are not ever going to be serialized.\n\nIn general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.\n\n\n## Example\nThe following example shows two ways of storing user credentials in a cookie. In the 'BAD' case, the credentials are simply stored in cleartext. In the 'GOOD' case, the credentials are hashed before storing them.\n\n\n```java\npublic static void main(String[] args) {\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"BP@ssw0rd\".toCharArray());\n\t\tdata = credentials.getUserName() + \":\" + new String(credentials.getPassword());\n\t\n\t\t// BAD: store data in a cookie in cleartext form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n\t\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"GP@ssw0rd\".toCharArray());\n\t\tString salt = \"ThisIsMySalt\";\n\t\tMessageDigest messageDigest = MessageDigest.getInstance(\"SHA-512\");\n\t\tmessageDigest.reset();\n\t\tString credentialsToHash =\n\t\t\t\tcredentials.getUserName() + \":\" + credentials.getPassword();\n\t\tbyte[] hashedCredsAsBytes =\n\t\t\t\tmessageDigest.digest((salt+credentialsToHash).getBytes(\"UTF-8\"));\n\t\tdata = bytesToString(hashedCredsAsBytes);\n\t\t\n\t\t// GOOD: store data in a cookie in encrypted form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n}\n\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* M. Dowd, J. McDonald and J. Schuhm, *The Art of Software Security Assessment*, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.\n* M. Howard and D. LeBlanc, *Writing Secure Code*, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.\n* Common Weakness Enumeration: [CWE-315](https://cwe.mitre.org/data/definitions/315.html).\n","markdown":"# Cleartext storage of sensitive information in cookie\nSensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.\n\n\n## Recommendation\nEnsure that sensitive information is always encrypted before being stored. It may be wise to encrypt information before it is put into a heap data structure (such as `Java.util.Properties`) that may be written to disk later. Objects that are serializable or marshallable should also always contain encrypted information unless you are certain that they are not ever going to be serialized.\n\nIn general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.\n\n\n## Example\nThe following example shows two ways of storing user credentials in a cookie. In the 'BAD' case, the credentials are simply stored in cleartext. In the 'GOOD' case, the credentials are hashed before storing them.\n\n\n```java\npublic static void main(String[] args) {\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"BP@ssw0rd\".toCharArray());\n\t\tdata = credentials.getUserName() + \":\" + new String(credentials.getPassword());\n\t\n\t\t// BAD: store data in a cookie in cleartext form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n\t\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"GP@ssw0rd\".toCharArray());\n\t\tString salt = \"ThisIsMySalt\";\n\t\tMessageDigest messageDigest = MessageDigest.getInstance(\"SHA-512\");\n\t\tmessageDigest.reset();\n\t\tString credentialsToHash =\n\t\t\t\tcredentials.getUserName() + \":\" + credentials.getPassword();\n\t\tbyte[] hashedCredsAsBytes =\n\t\t\t\tmessageDigest.digest((salt+credentialsToHash).getBytes(\"UTF-8\"));\n\t\tdata = bytesToString(hashedCredsAsBytes);\n\t\t\n\t\t// GOOD: store data in a cookie in encrypted form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n}\n\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* M. Dowd, J. McDonald and J. Schuhm, *The Art of Software Security Assessment*, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.\n* M. Howard and D. LeBlanc, *Writing Secure Code*, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.\n* Common Weakness Enumeration: [CWE-315](https://cwe.mitre.org/data/definitions/315.html).\n"},"properties":{"tags":["security","external/cwe/cwe-315","owasp-top10-2021","A05:2021 - Security Misconfiguration"],"description":"Storing sensitive information in cleartext can expose it to an attacker.","id":"java/cleartext-storage-in-cookie","kind":"problem","name":"Cleartext storage of sensitive information in cookie","precision":"high","problem.severity":"error","security-severity":"5.0"}},{"id":"java/android/backup-enabled","name":"java/android/backup-enabled","shortDescription":{"text":"Application backup allowed"},"fullDescription":{"text":"Allowing application backups may allow an attacker to extract sensitive data."},"defaultConfiguration":{"enabled":true,"level":"note"},"help":{"text":"# Application backup allowed\nIn the Android manifest file, you can use the `android:allowBackup` attribute of the `application` element to define whether the application will have automatic backups or not.\n\nIf your application uses any sensitive data, you should disable automatic backups to prevent attackers from extracting it.\n\n\n## Recommendation\nFor Android applications which process sensitive data, set `android:allowBackup` to `false` in the manifest file.\n\nNote: Since Android 6.0 (Marshmallow), automatic backups for applications are switched on by default.\n\n\n## Example\nIn the following two (bad) examples, the `android:allowBackup` setting is enabled:\n\n\n```xml\n<manifest ... >\n    <!-- BAD: 'android:allowBackup' set to 'true' -->\n    <application\n        android:allowBackup=\"true\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <!-- BAD: no 'android:allowBackup' set, defaults to 'true' -->\n    <application>\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\nIn the following (good) example, `android:allowBackup` is set to `false`:\n\n\n```xml\n<manifest ... >\n    <!-- GOOD: 'android:allowBackup' set to 'false' -->\n    <application\n        android:allowBackup=\"false\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Documentation: [Back up user data with Auto Backup](https://developer.android.com/guide/topics/data/autobackup#EnablingAutoBackup)\n* OWASP Mobile Security Testing Guide: [ Android Backups ](https://github.com/OWASP/owasp-mstg/blob/b7a93a2e5e0557cc9a12e55fc3f6675f6986bb86/Document/0x05d-Testing-Data-Storage.md#backups)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n","markdown":"# Application backup allowed\nIn the Android manifest file, you can use the `android:allowBackup` attribute of the `application` element to define whether the application will have automatic backups or not.\n\nIf your application uses any sensitive data, you should disable automatic backups to prevent attackers from extracting it.\n\n\n## Recommendation\nFor Android applications which process sensitive data, set `android:allowBackup` to `false` in the manifest file.\n\nNote: Since Android 6.0 (Marshmallow), automatic backups for applications are switched on by default.\n\n\n## Example\nIn the following two (bad) examples, the `android:allowBackup` setting is enabled:\n\n\n```xml\n<manifest ... >\n    <!-- BAD: 'android:allowBackup' set to 'true' -->\n    <application\n        android:allowBackup=\"true\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <!-- BAD: no 'android:allowBackup' set, defaults to 'true' -->\n    <application>\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\nIn the following (good) example, `android:allowBackup` is set to `false`:\n\n\n```xml\n<manifest ... >\n    <!-- GOOD: 'android:allowBackup' set to 'false' -->\n    <application\n        android:allowBackup=\"false\">\n        <activity ... >\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Documentation: [Back up user data with Auto Backup](https://developer.android.com/guide/topics/data/autobackup#EnablingAutoBackup)\n* OWASP Mobile Security Testing Guide: [ Android Backups ](https://github.com/OWASP/owasp-mstg/blob/b7a93a2e5e0557cc9a12e55fc3f6675f6986bb86/Document/0x05d-Testing-Data-Storage.md#backups)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n"},"properties":{"tags":["security","external/cwe/cwe-312","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Allowing application backups may allow an attacker to extract sensitive data.","id":"java/android/backup-enabled","kind":"problem","name":"Application backup allowed","precision":"very-high","problem.severity":"recommendation","security-severity":"7.5"}},{"id":"java/android/intent-redirection","name":"java/android/intent-redirection","shortDescription":{"text":"Android Intent redirection"},"fullDescription":{"text":"Starting Android components with user-provided Intents can provide access to internal components of the application, increasing the attack surface and potentially causing unintended effects."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Android Intent redirection\nAn exported Android component that obtains a user-provided Intent and uses it to launch another component can be exploited to obtain access to private, unexported components of the same app or to launch other apps' components on behalf of the victim app.\n\n\n## Recommendation\nDo not export components that start other components from a user-provided Intent. They can be made private by setting the `android:exported` property to `false` in the app's Android Manifest.\n\nIf this is not possible, restrict either which apps can send Intents to the affected component, or which components can be started from it.\n\n\n## Example\nThe following snippet contains three examples. In the first example, an arbitrary component can be started from the externally provided `forward_intent` Intent. In the second example, the destination component of the Intent is first checked to make sure it is safe. In the third example, the component that created the Intent is first checked to make sure it comes from a trusted origin.\n\n\n```java\n// BAD: A user-provided Intent is used to launch an arbitrary component\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nstartActivity(forwardIntent);\n\n// GOOD: The destination component is checked before launching it\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nComponentName destinationComponent = forwardIntent.resolveActivity(getPackageManager());\nif (destinationComponent.getPackageName().equals(\"safe.package\") && \n    destinationComponent.getClassName().equals(\"SafeClass\")) {\n    startActivity(forwardIntent);\n}\n\n// GOOD: The component that sent the Intent is checked before launching the destination component\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nComponentName originComponent = getCallingActivity();\nif (originComponent.getPackageName().equals(\"trusted.package\") && originComponent.getClassName().equals(\"TrustedClass\")) {\n    startActivity(forwardIntent);\n}\n\n```\n\n## References\n* Google: [Remediation for Intent Redirection Vulnerability](https://support.google.com/faqs/answer/9267555?hl=en).\n* OWASP Mobile Security Testing Guide: [Intents](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05a-platform-overview#intents).\n* Android Developers: [The android:exported attribute](https://developer.android.com/guide/topics/manifest/activity-element#exported).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n* Common Weakness Enumeration: [CWE-940](https://cwe.mitre.org/data/definitions/940.html).\n","markdown":"# Android Intent redirection\nAn exported Android component that obtains a user-provided Intent and uses it to launch another component can be exploited to obtain access to private, unexported components of the same app or to launch other apps' components on behalf of the victim app.\n\n\n## Recommendation\nDo not export components that start other components from a user-provided Intent. They can be made private by setting the `android:exported` property to `false` in the app's Android Manifest.\n\nIf this is not possible, restrict either which apps can send Intents to the affected component, or which components can be started from it.\n\n\n## Example\nThe following snippet contains three examples. In the first example, an arbitrary component can be started from the externally provided `forward_intent` Intent. In the second example, the destination component of the Intent is first checked to make sure it is safe. In the third example, the component that created the Intent is first checked to make sure it comes from a trusted origin.\n\n\n```java\n// BAD: A user-provided Intent is used to launch an arbitrary component\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nstartActivity(forwardIntent);\n\n// GOOD: The destination component is checked before launching it\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nComponentName destinationComponent = forwardIntent.resolveActivity(getPackageManager());\nif (destinationComponent.getPackageName().equals(\"safe.package\") && \n    destinationComponent.getClassName().equals(\"SafeClass\")) {\n    startActivity(forwardIntent);\n}\n\n// GOOD: The component that sent the Intent is checked before launching the destination component\nIntent forwardIntent = (Intent) getIntent().getParcelableExtra(\"forward_intent\");\nComponentName originComponent = getCallingActivity();\nif (originComponent.getPackageName().equals(\"trusted.package\") && originComponent.getClassName().equals(\"TrustedClass\")) {\n    startActivity(forwardIntent);\n}\n\n```\n\n## References\n* Google: [Remediation for Intent Redirection Vulnerability](https://support.google.com/faqs/answer/9267555?hl=en).\n* OWASP Mobile Security Testing Guide: [Intents](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05a-platform-overview#intents).\n* Android Developers: [The android:exported attribute](https://developer.android.com/guide/topics/manifest/activity-element#exported).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n* Common Weakness Enumeration: [CWE-940](https://cwe.mitre.org/data/definitions/940.html).\n"},"properties":{"tags":["security","external/cwe/cwe-926","external/cwe/cwe-940","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Starting Android components with user-provided Intents\n              can provide access to internal components of the application,\n              increasing the attack surface and potentially causing unintended effects.","id":"java/android/intent-redirection","kind":"path-problem","name":"Android Intent redirection","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/insecure-cookie","name":"java/insecure-cookie","shortDescription":{"text":"Failure to use secure cookies"},"fullDescription":{"text":"Insecure cookies may be sent in cleartext, which makes them vulnerable to interception."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Failure to use secure cookies\nFailing to set the 'secure' flag on a cookie can cause it to be sent in cleartext. This makes it easier for an attacker to intercept.\n\n\n## Recommendation\nAlways use `setSecure` to set the 'secure' flag on a cookie before adding it to an `HttpServletResponse`.\n\n\n## Example\nThis example shows two ways of adding a cookie to an `HttpServletResponse`. The first way leaves out the setting of the 'secure' flag; the second way includes the setting of the flag.\n\n\n```java\npublic static void test(HttpServletRequest request, HttpServletResponse response) {\n\t{\n\t\tCookie cookie = new Cookie(\"secret\", \"fakesecret\");\n\t\t\n\t\t// BAD: 'secure' flag not set\n\t\tresponse.addCookie(cookie);\n\t}\n\n\t{\n\t\tCookie cookie = new Cookie(\"secret\", \"fakesecret\");\n\t\t\n\t\t// GOOD: set 'secure' flag\n\t\tcookie.setSecure(true);\n\t\tresponse.addCookie(cookie);\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* Java Platform, Enterprise Edition (Java EE) 7, API Specification: [Class Cookie](https://docs.oracle.com/javaee/7/api/javax/servlet/http/Cookie.html).\n* Common Weakness Enumeration: [CWE-614](https://cwe.mitre.org/data/definitions/614.html).\n","markdown":"# Failure to use secure cookies\nFailing to set the 'secure' flag on a cookie can cause it to be sent in cleartext. This makes it easier for an attacker to intercept.\n\n\n## Recommendation\nAlways use `setSecure` to set the 'secure' flag on a cookie before adding it to an `HttpServletResponse`.\n\n\n## Example\nThis example shows two ways of adding a cookie to an `HttpServletResponse`. The first way leaves out the setting of the 'secure' flag; the second way includes the setting of the flag.\n\n\n```java\npublic static void test(HttpServletRequest request, HttpServletResponse response) {\n\t{\n\t\tCookie cookie = new Cookie(\"secret\", \"fakesecret\");\n\t\t\n\t\t// BAD: 'secure' flag not set\n\t\tresponse.addCookie(cookie);\n\t}\n\n\t{\n\t\tCookie cookie = new Cookie(\"secret\", \"fakesecret\");\n\t\t\n\t\t// GOOD: set 'secure' flag\n\t\tcookie.setSecure(true);\n\t\tresponse.addCookie(cookie);\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* Java Platform, Enterprise Edition (Java EE) 7, API Specification: [Class Cookie](https://docs.oracle.com/javaee/7/api/javax/servlet/http/Cookie.html).\n* Common Weakness Enumeration: [CWE-614](https://cwe.mitre.org/data/definitions/614.html).\n"},"properties":{"tags":["security","external/cwe/cwe-614","owasp-top10-2021","A05:2021 - Security Misconfiguration"],"description":"Insecure cookies may be sent in cleartext, which makes them vulnerable to\n              interception.","id":"java/insecure-cookie","kind":"problem","name":"Failure to use secure cookies","precision":"high","problem.severity":"error","security-severity":"5.0"}},{"id":"java/jhipster-prng","name":"java/jhipster-prng","shortDescription":{"text":"Detect JHipster Generator Vulnerability CVE-2019-16303"},"fullDescription":{"text":"Using a vulnerable version of JHipster to generate random numbers makes it easier for attackers to take over accounts."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Detect JHipster Generator Vulnerability CVE-2019-16303\nThis query detects instances of `RandomUtil.java` that were generated by a [JHipster](https://www.jhipster.tech/) version that is vulnerable to [CVE-2019-16303](https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84).\n\nIf an app uses `RandomUtil.java` generated by a vulnerable version of JHipster, attackers can request a password reset token and use this to predict the value of future reset tokens generated by this server. Using this information, they can create a reset link that allows them to take over any account.\n\nThis vulnerability has a [ CVSS v3.0 Base Score of 9.8/10 ](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-16303&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST).\n\n\n## Example\nThe example below shows the vulnerable `RandomUtil` class generated by [JHipster prior to version 6.3.0](https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html).\n\n\n```java\nimport org.apache.commons.lang3.RandomStringUtils;\n\n/**\n * Utility class for generating random Strings.\n */\npublic final class RandomUtil {\n\n    private static final int DEF_COUNT = 20;\n\n    private RandomUtil() {\n    }\n\n    /**\n     * Generate a password.\n     *\n     * @return the generated password.\n     */\n    public static String generatePassword() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate an activation key.\n     *\n     * @return the generated activation key.\n     */\n    public static String generateActivationKey() {\n        return RandomStringUtils.randomNumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a reset key.\n     *\n     * @return the generated reset key.\n     */\n    public static String generateResetKey() {\n        return RandomStringUtils.randomNumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a unique series to validate a persistent token, used in the\n     * authentication remember-me mechanism.\n     *\n     * @return the generated series data.\n     */\n    public static String generateSeriesData() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a persistent token, used in the authentication remember-me mechanism.\n     *\n     * @return the generated token data.\n     */\n    public static String generateTokenData() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n}\n\n```\nBelow is a fixed version of the `RandomUtil` class.\n\n\n```java\nimport org.apache.commons.lang3.RandomStringUtils;\n\nimport java.security.SecureRandom;\n\n/**\n * Utility class for generating random Strings.\n */\npublic final class RandomUtil {\n    private static final SecureRandom SECURE_RANDOM = new SecureRandom(); // GOOD: Using SecureRandom\n\n    private static final int DEF_COUNT = 20;\n\n    static {\n        SECURE_RANDOM.nextBytes(new byte[64]);\n    }\n\n    private RandomUtil() {\n    }\n\n    private static String generateRandomAlphanumericString() {\n        // GOOD: Passing Secure Random to RandomStringUtils::random\n        return RandomStringUtils.random(DEF_COUNT, 0, 0, true, true, null, SECURE_RANDOM);\n    }\n\n    /**\n     * Generate a password.\n     *\n     * @return the generated password.\n     */\n    public static String generatePassword() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate an activation key.\n     *\n     * @return the generated activation key.\n     */\n    public static String generateActivationKey() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a reset key.\n     *\n     * @return the generated reset key.\n     */\n    public static String generateResetKey() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a unique series to validate a persistent token, used in the\n     * authentication remember-me mechanism.\n     *\n     * @return the generated series data.\n     */\n    public static String generateSeriesData() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a persistent token, used in the authentication remember-me mechanism.\n     *\n     * @return the generated token data.\n     */\n    public static String generateTokenData() {\n        return generateRandomAlphanumericString();\n    }\n}\n\n```\n\n## Recommendation\nYou should refactor the `RandomUtil` class and replace every call to `RandomStringUtils.randomAlphaNumeric`. You could regenerate the class using the latest version of JHipster, or use an automated refactoring. For example, using the [Patching JHipster CWE-338](https://github.com/moderneinc/jhipster-cwe-338) for the [Rewrite project](https://github.com/openrewrite/rewrite).\n\n\n## References\n* Cloudflare Blog: [ Why secure systems require random numbers ](https://blog.cloudflare.com/why-randomness-matters/)\n* Hacker News: [ How I Hacked Hacker News (with arc security advisory) ](https://news.ycombinator.com/item?id=639976)\n* Posts by Pucara Information Security Team: [ The Java Soothsayer: A practical application for insecure randomness. (Includes free 0day) ](https://blog.pucarasec.com/2020/05/09/the-java-soothsayer-a-practical-application-for-insecure-randomness-includes-free-0day/)\n* Common Weakness Enumeration: [CWE-338](https://cwe.mitre.org/data/definitions/338.html).\n","markdown":"# Detect JHipster Generator Vulnerability CVE-2019-16303\nThis query detects instances of `RandomUtil.java` that were generated by a [JHipster](https://www.jhipster.tech/) version that is vulnerable to [CVE-2019-16303](https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84).\n\nIf an app uses `RandomUtil.java` generated by a vulnerable version of JHipster, attackers can request a password reset token and use this to predict the value of future reset tokens generated by this server. Using this information, they can create a reset link that allows them to take over any account.\n\nThis vulnerability has a [ CVSS v3.0 Base Score of 9.8/10 ](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-16303&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST).\n\n\n## Example\nThe example below shows the vulnerable `RandomUtil` class generated by [JHipster prior to version 6.3.0](https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html).\n\n\n```java\nimport org.apache.commons.lang3.RandomStringUtils;\n\n/**\n * Utility class for generating random Strings.\n */\npublic final class RandomUtil {\n\n    private static final int DEF_COUNT = 20;\n\n    private RandomUtil() {\n    }\n\n    /**\n     * Generate a password.\n     *\n     * @return the generated password.\n     */\n    public static String generatePassword() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate an activation key.\n     *\n     * @return the generated activation key.\n     */\n    public static String generateActivationKey() {\n        return RandomStringUtils.randomNumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a reset key.\n     *\n     * @return the generated reset key.\n     */\n    public static String generateResetKey() {\n        return RandomStringUtils.randomNumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a unique series to validate a persistent token, used in the\n     * authentication remember-me mechanism.\n     *\n     * @return the generated series data.\n     */\n    public static String generateSeriesData() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n\n    /**\n     * Generate a persistent token, used in the authentication remember-me mechanism.\n     *\n     * @return the generated token data.\n     */\n    public static String generateTokenData() {\n        return RandomStringUtils.randomAlphanumeric(DEF_COUNT); // BAD: RandomStringUtils does not use SecureRandom\n    }\n}\n\n```\nBelow is a fixed version of the `RandomUtil` class.\n\n\n```java\nimport org.apache.commons.lang3.RandomStringUtils;\n\nimport java.security.SecureRandom;\n\n/**\n * Utility class for generating random Strings.\n */\npublic final class RandomUtil {\n    private static final SecureRandom SECURE_RANDOM = new SecureRandom(); // GOOD: Using SecureRandom\n\n    private static final int DEF_COUNT = 20;\n\n    static {\n        SECURE_RANDOM.nextBytes(new byte[64]);\n    }\n\n    private RandomUtil() {\n    }\n\n    private static String generateRandomAlphanumericString() {\n        // GOOD: Passing Secure Random to RandomStringUtils::random\n        return RandomStringUtils.random(DEF_COUNT, 0, 0, true, true, null, SECURE_RANDOM);\n    }\n\n    /**\n     * Generate a password.\n     *\n     * @return the generated password.\n     */\n    public static String generatePassword() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate an activation key.\n     *\n     * @return the generated activation key.\n     */\n    public static String generateActivationKey() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a reset key.\n     *\n     * @return the generated reset key.\n     */\n    public static String generateResetKey() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a unique series to validate a persistent token, used in the\n     * authentication remember-me mechanism.\n     *\n     * @return the generated series data.\n     */\n    public static String generateSeriesData() {\n        return generateRandomAlphanumericString();\n    }\n\n    /**\n     * Generate a persistent token, used in the authentication remember-me mechanism.\n     *\n     * @return the generated token data.\n     */\n    public static String generateTokenData() {\n        return generateRandomAlphanumericString();\n    }\n}\n\n```\n\n## Recommendation\nYou should refactor the `RandomUtil` class and replace every call to `RandomStringUtils.randomAlphaNumeric`. You could regenerate the class using the latest version of JHipster, or use an automated refactoring. For example, using the [Patching JHipster CWE-338](https://github.com/moderneinc/jhipster-cwe-338) for the [Rewrite project](https://github.com/openrewrite/rewrite).\n\n\n## References\n* Cloudflare Blog: [ Why secure systems require random numbers ](https://blog.cloudflare.com/why-randomness-matters/)\n* Hacker News: [ How I Hacked Hacker News (with arc security advisory) ](https://news.ycombinator.com/item?id=639976)\n* Posts by Pucara Information Security Team: [ The Java Soothsayer: A practical application for insecure randomness. (Includes free 0day) ](https://blog.pucarasec.com/2020/05/09/the-java-soothsayer-a-practical-application-for-insecure-randomness-includes-free-0day/)\n* Common Weakness Enumeration: [CWE-338](https://cwe.mitre.org/data/definitions/338.html).\n"},"properties":{"tags":["security","external/cwe/cwe-338","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using a vulnerable version of JHipster to generate random numbers makes it easier for attackers to take over accounts.","id":"java/jhipster-prng","kind":"problem","name":"Detect JHipster Generator Vulnerability CVE-2019-16303","precision":"very-high","problem.severity":"error","security-severity":"7.8"}},{"id":"java/maven/dependency-upon-bintray","name":"java/maven/dependency-upon-bintray","shortDescription":{"text":"Depending upon JCenter/Bintray as an artifact repository"},"fullDescription":{"text":"Using a deprecated artifact repository may eventually give attackers access for a supply chain attack."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Depending upon JCenter/Bintray as an artifact repository\n[Bintray and JCenter are shutting down on February 1st, 2022](https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/). Relying upon repositories that are deprecated or scheduled to be shutdown can have unintended consequences; for example, artifacts being resolved from a different artifact server or a total failure of the CI build.\n\nWhen artifact repositories are left unmaintained for a long period of time, vulnerabilities may emerge. Theoretically, this could allow attackers to inject malicious code into the artifacts that you are resolving and infect build artifacts that are being produced. This can be used by attackers to perform a [supply chain attack](https://en.wikipedia.org/wiki/Supply_chain_attack) against your project's users.\n\n\n## Recommendation\nAlways use the canonical repository for resolving your dependencies.\n\n\n## Example\nThe following example shows locations in a Maven POM file where artifact repository upload/download is configured. The use of Bintray in any of these locations is not advised.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Bintray Usage</name>\n    <description>An example of using bintray to download and upload dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </repository>\n        <snapshotRepository>\n            <id>jcenter-snapshots</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </repository>\n    </repositories>\n    <repositories>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use Bintray -->\n            <url>https://dl.bintray.com/groovy/maven</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>jcenter-plugins</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n## References\n* JFrog blog: [ Into the Sunset on May 1st: Bintray, JCenter, GoCenter, and ChartCenter ](https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/)\n* Common Weakness Enumeration: [CWE-1104](https://cwe.mitre.org/data/definitions/1104.html).\n","markdown":"# Depending upon JCenter/Bintray as an artifact repository\n[Bintray and JCenter are shutting down on February 1st, 2022](https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/). Relying upon repositories that are deprecated or scheduled to be shutdown can have unintended consequences; for example, artifacts being resolved from a different artifact server or a total failure of the CI build.\n\nWhen artifact repositories are left unmaintained for a long period of time, vulnerabilities may emerge. Theoretically, this could allow attackers to inject malicious code into the artifacts that you are resolving and infect build artifacts that are being produced. This can be used by attackers to perform a [supply chain attack](https://en.wikipedia.org/wiki/Supply_chain_attack) against your project's users.\n\n\n## Recommendation\nAlways use the canonical repository for resolving your dependencies.\n\n\n## Example\nThe following example shows locations in a Maven POM file where artifact repository upload/download is configured. The use of Bintray in any of these locations is not advised.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Bintray Usage</name>\n    <description>An example of using bintray to download and upload dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </repository>\n        <snapshotRepository>\n            <id>jcenter-snapshots</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </repository>\n    </repositories>\n    <repositories>\n        <repository>\n            <id>jcenter</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use Bintray -->\n            <url>https://dl.bintray.com/groovy/maven</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>jcenter-plugins</id>\n            <name>JCenter</name>\n            <!-- BAD! Don't use JCenter -->\n            <url>https://jcenter.bintray.com</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n## References\n* JFrog blog: [ Into the Sunset on May 1st: Bintray, JCenter, GoCenter, and ChartCenter ](https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/)\n* Common Weakness Enumeration: [CWE-1104](https://cwe.mitre.org/data/definitions/1104.html).\n"},"properties":{"tags":["security","external/cwe/cwe-1104","owasp-top10-2021","A06:2021 - Vulnerable and Outdated Components"],"description":"Using a deprecated artifact repository may eventually give attackers access for a supply chain attack.","id":"java/maven/dependency-upon-bintray","kind":"problem","name":"Depending upon JCenter/Bintray as an artifact repository","precision":"very-high","problem.severity":"error","security-severity":"6.5"}},{"id":"java/stack-trace-exposure","name":"java/stack-trace-exposure","shortDescription":{"text":"Information exposure through a stack trace"},"fullDescription":{"text":"Information from a stack trace propagates to an external user. Stack traces can unintentionally reveal implementation details that are useful to an attacker for developing a subsequent exploit."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Information exposure through a stack trace\nSoftware developers often add stack traces to error messages, as a debugging aid. Whenever that error message occurs for an end user, the developer can use the stack trace to help identify how to fix the problem. In particular, stack traces can tell the developer more about the sequence of events that led to a failure, as opposed to merely the final state of the software when the error occurred.\n\nUnfortunately, the same information can be useful to an attacker. The sequence of class names in a stack trace can reveal the structure of the application as well as any internal components it relies on. Furthermore, the error message at the top of a stack trace can include information such as server-side file names and SQL code that the application relies on, allowing an attacker to fine-tune a subsequent injection attack.\n\n\n## Recommendation\nSend the user a more generic error message that reveals less information. Either suppress the stack trace entirely, or log it only on the server.\n\n\n## Example\nIn the following example, an exception is handled in two different ways. In the first version, labeled BAD, the exception is sent back to the remote user using the `sendError()` method. As such, the user is able to see a detailed stack trace, which may contain sensitive information. In the second version, the error message is logged only on the server. That way, the developers can still access and use the error log, but remote users will not see the information.\n\n\n```java\nprotected void doGet(HttpServletRequest request, HttpServletResponse response) {\n\ttry {\n\t\tdoSomeWork();\n\t} catch (NullPointerException ex) {\n\t\t// BAD: printing a stack trace back to the response\n\t\tex.printStackTrace(response.getWriter());\n\t\treturn;\n\t}\n\n\ttry {\n\t\tdoSomeWork();\n\t} catch (NullPointerException ex) {\n\t\t// GOOD: log the stack trace, and send back a non-revealing response\n\t\tlog(\"Exception occurred\", ex);\n\t\tresponse.sendError(\n\t\t\tHttpServletResponse.SC_INTERNAL_SERVER_ERROR,\n\t\t\t\"Exception occurred\");\n\t\treturn;\n\t}\n}\n\n```\n\n## References\n* OWASP: [Improper Error Handling](https://owasp.org/www-community/Improper_Error_Handling).\n* CERT Java Coding Standard: [ERR01-J. Do not allow exceptions to expose sensitive information](https://www.securecoding.cert.org/confluence/display/java/ERR01-J.+Do+not+allow+exceptions+to+expose+sensitive+information).\n* Common Weakness Enumeration: [CWE-209](https://cwe.mitre.org/data/definitions/209.html).\n* Common Weakness Enumeration: [CWE-497](https://cwe.mitre.org/data/definitions/497.html).\n","markdown":"# Information exposure through a stack trace\nSoftware developers often add stack traces to error messages, as a debugging aid. Whenever that error message occurs for an end user, the developer can use the stack trace to help identify how to fix the problem. In particular, stack traces can tell the developer more about the sequence of events that led to a failure, as opposed to merely the final state of the software when the error occurred.\n\nUnfortunately, the same information can be useful to an attacker. The sequence of class names in a stack trace can reveal the structure of the application as well as any internal components it relies on. Furthermore, the error message at the top of a stack trace can include information such as server-side file names and SQL code that the application relies on, allowing an attacker to fine-tune a subsequent injection attack.\n\n\n## Recommendation\nSend the user a more generic error message that reveals less information. Either suppress the stack trace entirely, or log it only on the server.\n\n\n## Example\nIn the following example, an exception is handled in two different ways. In the first version, labeled BAD, the exception is sent back to the remote user using the `sendError()` method. As such, the user is able to see a detailed stack trace, which may contain sensitive information. In the second version, the error message is logged only on the server. That way, the developers can still access and use the error log, but remote users will not see the information.\n\n\n```java\nprotected void doGet(HttpServletRequest request, HttpServletResponse response) {\n\ttry {\n\t\tdoSomeWork();\n\t} catch (NullPointerException ex) {\n\t\t// BAD: printing a stack trace back to the response\n\t\tex.printStackTrace(response.getWriter());\n\t\treturn;\n\t}\n\n\ttry {\n\t\tdoSomeWork();\n\t} catch (NullPointerException ex) {\n\t\t// GOOD: log the stack trace, and send back a non-revealing response\n\t\tlog(\"Exception occurred\", ex);\n\t\tresponse.sendError(\n\t\t\tHttpServletResponse.SC_INTERNAL_SERVER_ERROR,\n\t\t\t\"Exception occurred\");\n\t\treturn;\n\t}\n}\n\n```\n\n## References\n* OWASP: [Improper Error Handling](https://owasp.org/www-community/Improper_Error_Handling).\n* CERT Java Coding Standard: [ERR01-J. Do not allow exceptions to expose sensitive information](https://www.securecoding.cert.org/confluence/display/java/ERR01-J.+Do+not+allow+exceptions+to+expose+sensitive+information).\n* Common Weakness Enumeration: [CWE-209](https://cwe.mitre.org/data/definitions/209.html).\n* Common Weakness Enumeration: [CWE-497](https://cwe.mitre.org/data/definitions/497.html).\n"},"properties":{"tags":["security","external/cwe/cwe-209","external/cwe/cwe-497","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Information from a stack trace propagates to an external user.\n              Stack traces can unintentionally reveal implementation details\n              that are useful to an attacker for developing a subsequent exploit.","id":"java/stack-trace-exposure","kind":"problem","name":"Information exposure through a stack trace","precision":"high","problem.severity":"error","security-severity":"5.4"}},{"id":"java/tainted-numeric-cast","name":"java/tainted-numeric-cast","shortDescription":{"text":"User-controlled data in numeric cast"},"fullDescription":{"text":"Casting user-controlled numeric data to a narrower type without validation can cause unexpected truncation."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# User-controlled data in numeric cast\nCasting a user-controlled numeric value to a narrower type can result in truncated values unless the input is validated.\n\nNarrowing conversions may cause potentially unintended results. For example, casting the positive integer value `128` to type `byte` yields the negative value `-128`.\n\n\n## Recommendation\nGuard against unexpected truncation of user-controlled arithmetic data by doing one of the following:\n\n* Validate the user input.\n* Define a guard on the cast expression, so that the cast is performed only if the input is known to be within the range of the resulting type.\n* Avoid casting to a narrower type, and instead continue to use a wider type.\n\n## Example\nIn this example, a value is read from standard input into a `long`. Because the value is a user-controlled value, it could be extremely large. Casting this value to a narrower type could therefore cause unexpected truncation. The `scaled2` example uses a guard to avoid this problem and checks the range of the input before performing the cast. If the value is too large to cast to type `int` it is rejected as invalid.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) throws IOException {\n\t\t{\n\t\t\tlong data;\n\n\t\t\tBufferedReader readerBuffered = new BufferedReader(\n\t\t\t\t\tnew InputStreamReader(System.in, \"UTF-8\"));\n\t\t\tString stringNumber = readerBuffered.readLine();\n\t\t\tif (stringNumber != null) {\n\t\t\t\tdata = Long.parseLong(stringNumber.trim());\n\t\t\t} else {\n\t\t\t\tdata = 0;\n\t\t\t}\n\n\t\t\t// AVOID: potential truncation if input data is very large,\n\t\t\t// for example 'Long.MAX_VALUE'\n\t\t\tint scaled = (int)data;\n\n\t\t\t//...\n\n\t\t\t// GOOD: use a guard to ensure no truncation occurs\n\t\t\tint scaled2;\n\t\t\tif (data > Integer.MIN_VALUE && data < Integer.MAX_VALUE)\n\t\t\t\tscaled2 = (int)data;\n\t\t\telse\n\t\t\t\tthrow new IllegalArgumentException(\"Invalid input\");\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data](https://wiki.sei.cmu.edu/confluence/display/java/NUM12-J.+Ensure+conversions+of+numeric+types+to+narrower+types+do+not+result+in+lost+or+misinterpreted+data).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n* Common Weakness Enumeration: [CWE-681](https://cwe.mitre.org/data/definitions/681.html).\n","markdown":"# User-controlled data in numeric cast\nCasting a user-controlled numeric value to a narrower type can result in truncated values unless the input is validated.\n\nNarrowing conversions may cause potentially unintended results. For example, casting the positive integer value `128` to type `byte` yields the negative value `-128`.\n\n\n## Recommendation\nGuard against unexpected truncation of user-controlled arithmetic data by doing one of the following:\n\n* Validate the user input.\n* Define a guard on the cast expression, so that the cast is performed only if the input is known to be within the range of the resulting type.\n* Avoid casting to a narrower type, and instead continue to use a wider type.\n\n## Example\nIn this example, a value is read from standard input into a `long`. Because the value is a user-controlled value, it could be extremely large. Casting this value to a narrower type could therefore cause unexpected truncation. The `scaled2` example uses a guard to avoid this problem and checks the range of the input before performing the cast. If the value is too large to cast to type `int` it is rejected as invalid.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) throws IOException {\n\t\t{\n\t\t\tlong data;\n\n\t\t\tBufferedReader readerBuffered = new BufferedReader(\n\t\t\t\t\tnew InputStreamReader(System.in, \"UTF-8\"));\n\t\t\tString stringNumber = readerBuffered.readLine();\n\t\t\tif (stringNumber != null) {\n\t\t\t\tdata = Long.parseLong(stringNumber.trim());\n\t\t\t} else {\n\t\t\t\tdata = 0;\n\t\t\t}\n\n\t\t\t// AVOID: potential truncation if input data is very large,\n\t\t\t// for example 'Long.MAX_VALUE'\n\t\t\tint scaled = (int)data;\n\n\t\t\t//...\n\n\t\t\t// GOOD: use a guard to ensure no truncation occurs\n\t\t\tint scaled2;\n\t\t\tif (data > Integer.MIN_VALUE && data < Integer.MAX_VALUE)\n\t\t\t\tscaled2 = (int)data;\n\t\t\telse\n\t\t\t\tthrow new IllegalArgumentException(\"Invalid input\");\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data](https://wiki.sei.cmu.edu/confluence/display/java/NUM12-J.+Ensure+conversions+of+numeric+types+to+narrower+types+do+not+result+in+lost+or+misinterpreted+data).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n* Common Weakness Enumeration: [CWE-681](https://cwe.mitre.org/data/definitions/681.html).\n"},"properties":{"tags":["security","external/cwe/cwe-197","external/cwe/cwe-681"],"description":"Casting user-controlled numeric data to a narrower type without validation\n              can cause unexpected truncation.","id":"java/tainted-numeric-cast","kind":"path-problem","name":"User-controlled data in numeric cast","precision":"high","problem.severity":"error","security-severity":"9.0"}},{"id":"java/xss","name":"java/xss","shortDescription":{"text":"Cross-site scripting"},"fullDescription":{"text":"Writing user input directly to a web page allows for a cross-site scripting vulnerability."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Cross-site scripting\nDirectly writing user input (for example, an HTTP request parameter) to a web page, without properly sanitizing the input first, allows for a cross-site scripting vulnerability.\n\n\n## Recommendation\nTo guard against cross-site scripting, consider using contextual output encoding/escaping before writing user input to the page, or one of the other solutions that are mentioned in the reference.\n\n\n## Example\nThe following example shows the `page` parameter being written directly to the page, leaving the website vulnerable to cross-site scripting.\n\n\n```java\npublic class XSS extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: a request parameter is written directly to the Servlet response stream\n\t\tresponse.getWriter().print(\n\t\t\t\t\"The page \\\"\" + request.getParameter(\"page\") + \"\\\" was not found.\");\n\n\t}\n}\n\n```\n\n## References\n* OWASP: [XSS (Cross Site Scripting) Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html).\n* Wikipedia: [Cross-site scripting](http://en.wikipedia.org/wiki/Cross-site_scripting).\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n","markdown":"# Cross-site scripting\nDirectly writing user input (for example, an HTTP request parameter) to a web page, without properly sanitizing the input first, allows for a cross-site scripting vulnerability.\n\n\n## Recommendation\nTo guard against cross-site scripting, consider using contextual output encoding/escaping before writing user input to the page, or one of the other solutions that are mentioned in the reference.\n\n\n## Example\nThe following example shows the `page` parameter being written directly to the page, leaving the website vulnerable to cross-site scripting.\n\n\n```java\npublic class XSS extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: a request parameter is written directly to the Servlet response stream\n\t\tresponse.getWriter().print(\n\t\t\t\t\"The page \\\"\" + request.getParameter(\"page\") + \"\\\" was not found.\");\n\n\t}\n}\n\n```\n\n## References\n* OWASP: [XSS (Cross Site Scripting) Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html).\n* Wikipedia: [Cross-site scripting](http://en.wikipedia.org/wiki/Cross-site_scripting).\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n"},"properties":{"tags":["security","external/cwe/cwe-079","owasp-top10-2021","A03:2021 - Injection"],"description":"Writing user input directly to a web page\n              allows for a cross-site scripting vulnerability.","id":"java/xss","kind":"path-problem","name":"Cross-site scripting","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"java/rsa-without-oaep","name":"java/rsa-without-oaep","shortDescription":{"text":"Use of RSA algorithm without OAEP"},"fullDescription":{"text":"Using RSA encryption without OAEP padding can result in a padding oracle attack, leading to a weaker encryption."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Use of RSA algorithm without OAEP\nCryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP (Optimal Asymmetric Encryption Padding) scheme should be used with RSA encryption. Using an outdated padding scheme such as PKCS1, or no padding at all, can weaken the encryption by making it vulnerable to a padding oracle attack.\n\n\n## Recommendation\nUse the OAEP scheme when using RSA encryption.\n\n\n## Example\nIn the following example, the BAD case shows no padding being used, whereas the GOOD case shows an OAEP scheme being used.\n\n\n```java\n// BAD: No padding scheme is used\nCipher rsa = Cipher.getInstance(\"RSA/ECB/NoPadding\");\n...\n\n//GOOD: OAEP padding is used\nCipher rsa = Cipher.getInstance(\"RSA/ECB/OAEPWithSHA-1AndMGF1Padding\");\n...\n```\n\n## References\n* [Mobile Security Testing Guide](https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#padding-oracle-attacks-due-to-weaker-padding-or-block-operation-implementations).\n* [The Padding Oracle Attack](https://robertheaton.com/2013/07/29/padding-oracle-attack/).\n* Common Weakness Enumeration: [CWE-780](https://cwe.mitre.org/data/definitions/780.html).\n","markdown":"# Use of RSA algorithm without OAEP\nCryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP (Optimal Asymmetric Encryption Padding) scheme should be used with RSA encryption. Using an outdated padding scheme such as PKCS1, or no padding at all, can weaken the encryption by making it vulnerable to a padding oracle attack.\n\n\n## Recommendation\nUse the OAEP scheme when using RSA encryption.\n\n\n## Example\nIn the following example, the BAD case shows no padding being used, whereas the GOOD case shows an OAEP scheme being used.\n\n\n```java\n// BAD: No padding scheme is used\nCipher rsa = Cipher.getInstance(\"RSA/ECB/NoPadding\");\n...\n\n//GOOD: OAEP padding is used\nCipher rsa = Cipher.getInstance(\"RSA/ECB/OAEPWithSHA-1AndMGF1Padding\");\n...\n```\n\n## References\n* [Mobile Security Testing Guide](https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#padding-oracle-attacks-due-to-weaker-padding-or-block-operation-implementations).\n* [The Padding Oracle Attack](https://robertheaton.com/2013/07/29/padding-oracle-attack/).\n* Common Weakness Enumeration: [CWE-780](https://cwe.mitre.org/data/definitions/780.html).\n"},"properties":{"tags":["security","external/cwe/cwe-780","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using RSA encryption without OAEP padding can result in a padding oracle attack, leading to a weaker encryption.","id":"java/rsa-without-oaep","kind":"path-problem","name":"Use of RSA algorithm without OAEP","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/missing-jwt-signature-check","name":"java/missing-jwt-signature-check","shortDescription":{"text":"Missing JWT signature check"},"fullDescription":{"text":"Failing to check the Json Web Token (JWT) signature may allow an attacker to forge their own tokens."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Missing JWT signature check\nA JSON Web Token (JWT) consists of three parts: header, payload, and signature. The `io.jsonwebtoken.jjwt` library is one of many libraries used for working with JWTs. It offers different methods for parsing tokens like `parse`, `parseClaimsJws`, and `parsePlaintextJws`. The last two correctly verify that the JWT is properly signed. This is done by computing the signature of the combination of header and payload and comparing the locally computed signature with the signature part of the JWT.\n\nTherefore it is necessary to provide the `JwtParser` with a key that is used for signature validation. Unfortunately the `parse` method **accepts** a JWT whose signature is empty although a signing key has been set for the parser. This means that an attacker can create arbitrary JWTs that will be accepted if this method is used.\n\n\n## Recommendation\nAlways verify the signature by using either the `parseClaimsJws` and `parsePlaintextJws` methods or by overriding the `onPlaintextJws` or `onClaimsJws` of `JwtHandlerAdapter`.\n\n\n## Example\nThe following example shows four cases where a signing key is set for a parser. In the first 'BAD' case the `parse` method is used, which will not validate the signature. The second 'BAD' case uses a `JwtHandlerAdapter` where the `onPlaintextJwt` method is overriden, so it will not validate the signature. The third and fourth 'GOOD' cases use `parseClaimsJws` method or override the `onPlaintextJws` method.\n\n\n```java\npublic void badJwt(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(token); // BAD: Does not verify the signature\n}\n\npublic void badJwtHandler(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(plaintextJwt, new JwtHandlerAdapter<Jwt<Header, String>>() {\n                    @Override\n                    public Jwt<Header, String> onPlaintextJwt(Jwt<Header, String> jwt) {\n                        return jwt;\n                    }\n                }); // BAD: The handler is called on an unverified JWT\n}\n\npublic void goodJwt(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parseClaimsJws(token) // GOOD: Verify the signature\n                .getBody();\n}\n\npublic void goodJwtHandler(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(plaintextJwt, new JwtHandlerAdapter<Jws<String>>() {\n                    @Override\n                    public Jws<String> onPlaintextJws(Jws<String> jws) {\n                        return jws;\n                    }\n                }); // GOOD: The handler is called on a verified JWS\n}\n```\n\n## References\n* zofrex: [How I Found An alg=none JWT Vulnerability in the NHS Contact Tracing App](https://www.zofrex.com/blog/2020/10/20/alg-none-jwt-nhs-contact-tracing-app/).\n* Common Weakness Enumeration: [CWE-347](https://cwe.mitre.org/data/definitions/347.html).\n","markdown":"# Missing JWT signature check\nA JSON Web Token (JWT) consists of three parts: header, payload, and signature. The `io.jsonwebtoken.jjwt` library is one of many libraries used for working with JWTs. It offers different methods for parsing tokens like `parse`, `parseClaimsJws`, and `parsePlaintextJws`. The last two correctly verify that the JWT is properly signed. This is done by computing the signature of the combination of header and payload and comparing the locally computed signature with the signature part of the JWT.\n\nTherefore it is necessary to provide the `JwtParser` with a key that is used for signature validation. Unfortunately the `parse` method **accepts** a JWT whose signature is empty although a signing key has been set for the parser. This means that an attacker can create arbitrary JWTs that will be accepted if this method is used.\n\n\n## Recommendation\nAlways verify the signature by using either the `parseClaimsJws` and `parsePlaintextJws` methods or by overriding the `onPlaintextJws` or `onClaimsJws` of `JwtHandlerAdapter`.\n\n\n## Example\nThe following example shows four cases where a signing key is set for a parser. In the first 'BAD' case the `parse` method is used, which will not validate the signature. The second 'BAD' case uses a `JwtHandlerAdapter` where the `onPlaintextJwt` method is overriden, so it will not validate the signature. The third and fourth 'GOOD' cases use `parseClaimsJws` method or override the `onPlaintextJws` method.\n\n\n```java\npublic void badJwt(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(token); // BAD: Does not verify the signature\n}\n\npublic void badJwtHandler(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(plaintextJwt, new JwtHandlerAdapter<Jwt<Header, String>>() {\n                    @Override\n                    public Jwt<Header, String> onPlaintextJwt(Jwt<Header, String> jwt) {\n                        return jwt;\n                    }\n                }); // BAD: The handler is called on an unverified JWT\n}\n\npublic void goodJwt(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parseClaimsJws(token) // GOOD: Verify the signature\n                .getBody();\n}\n\npublic void goodJwtHandler(String token) {\n    Jwts.parserBuilder()\n                .setSigningKey(\"someBase64EncodedKey\").build()\n                .parse(plaintextJwt, new JwtHandlerAdapter<Jws<String>>() {\n                    @Override\n                    public Jws<String> onPlaintextJws(Jws<String> jws) {\n                        return jws;\n                    }\n                }); // GOOD: The handler is called on a verified JWS\n}\n```\n\n## References\n* zofrex: [How I Found An alg=none JWT Vulnerability in the NHS Contact Tracing App](https://www.zofrex.com/blog/2020/10/20/alg-none-jwt-nhs-contact-tracing-app/).\n* Common Weakness Enumeration: [CWE-347](https://cwe.mitre.org/data/definitions/347.html).\n"},"properties":{"tags":["security","external/cwe/cwe-347","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Failing to check the Json Web Token (JWT) signature may allow an attacker to forge their own tokens.","id":"java/missing-jwt-signature-check","kind":"path-problem","name":"Missing JWT signature check","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"java/insecure-trustmanager","name":"java/insecure-trustmanager","shortDescription":{"text":"`TrustManager` that accepts all certificates"},"fullDescription":{"text":"Trusting all certificates allows an attacker to perform a machine-in-the-middle attack."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# `TrustManager` that accepts all certificates\nIf the `checkServerTrusted` method of a `TrustManager` never throws a `CertificateException`, it trusts every certificate. This allows an attacker to perform a machine-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.\n\nAn attack might look like this:\n\n1. The vulnerable program connects to `https://example.com`.\n1. The attacker intercepts this connection and presents a valid, self-signed certificate for `https://example.com`.\n1. The vulnerable program calls the `checkServerTrusted` method to check whether it should trust the certificate.\n1. The `checkServerTrusted` method of your `TrustManager` does not throw a `CertificateException`.\n1. The vulnerable program accepts the certificate and proceeds with the connection since your `TrustManager` implicitly trusted it by not throwing an exception.\n1. The attacker can now read the data your program sends to `https://example.com` and/or alter its replies while the program thinks the connection is secure.\n\n## Recommendation\nDo not use a custom `TrustManager` that trusts any certificate. If you have to use a self-signed certificate, don't trust every certificate, but instead only trust this specific certificate. See below for an example of how to do this.\n\n\n## Example\nIn the first (bad) example, the `TrustManager` never throws a `CertificateException` and therefore implicitly trusts any certificate. This allows an attacker to perform a machine-in-the-middle attack. In the second (good) example, the self-signed certificate that should be trusted is loaded into a `KeyStore`. This explicitly defines the certificate as trusted and there is no need to create a custom `TrustManager`.\n\n\n```java\npublic static void main(String[] args) throws Exception {\n    {\n        class InsecureTrustManager implements X509TrustManager {\n            @Override\n            public X509Certificate[] getAcceptedIssuers() {\n                return null;\n            }\n\n            @Override\n            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {\n                // BAD: Does not verify the certificate chain, allowing any certificate.\n            }\n\n            @Override\n            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {\n\n            }\n        }\n        SSLContext context = SSLContext.getInstance(\"TLS\");\n        TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };\n        context.init(null, trustManager, null);\n    }\n    {\n        SSLContext context = SSLContext.getInstance(\"TLS\");\n        File certificateFile = new File(\"path/to/self-signed-certificate\");\n        // Create a `KeyStore` with default type\n        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());\n        // `keyStore` is initially empty\n        keyStore.load(null, null);\n        X509Certificate generatedCertificate;\n        try (InputStream cert = new FileInputStream(certificateFile)) {\n            generatedCertificate = (X509Certificate) CertificateFactory.getInstance(\"X509\")\n                    .generateCertificate(cert);\n        }\n        // Add the self-signed certificate to the key store\n        keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);\n        // Get default `TrustManagerFactory`\n        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());\n        // Use it with our key store that trusts our self-signed certificate\n        tmf.init(keyStore);\n        TrustManager[] trustManagers = tmf.getTrustManagers();\n        context.init(null, trustManagers, null);\n        // GOOD, we are not using a custom `TrustManager` but instead have\n        // added the self-signed certificate we want to trust to the key\n        // store. Note, the `trustManagers` will **only** trust this one\n        // certificate.\n        \n        URL url = new URL(\"https://self-signed.badssl.com/\");\n        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();\n        conn.setSSLSocketFactory(context.getSocketFactory());\n    }\n}\n\n```\n\n## References\n* Android Developers: [Security with HTTPS and SSL](https://developer.android.com/training/articles/security-ssl).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n","markdown":"# `TrustManager` that accepts all certificates\nIf the `checkServerTrusted` method of a `TrustManager` never throws a `CertificateException`, it trusts every certificate. This allows an attacker to perform a machine-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.\n\nAn attack might look like this:\n\n1. The vulnerable program connects to `https://example.com`.\n1. The attacker intercepts this connection and presents a valid, self-signed certificate for `https://example.com`.\n1. The vulnerable program calls the `checkServerTrusted` method to check whether it should trust the certificate.\n1. The `checkServerTrusted` method of your `TrustManager` does not throw a `CertificateException`.\n1. The vulnerable program accepts the certificate and proceeds with the connection since your `TrustManager` implicitly trusted it by not throwing an exception.\n1. The attacker can now read the data your program sends to `https://example.com` and/or alter its replies while the program thinks the connection is secure.\n\n## Recommendation\nDo not use a custom `TrustManager` that trusts any certificate. If you have to use a self-signed certificate, don't trust every certificate, but instead only trust this specific certificate. See below for an example of how to do this.\n\n\n## Example\nIn the first (bad) example, the `TrustManager` never throws a `CertificateException` and therefore implicitly trusts any certificate. This allows an attacker to perform a machine-in-the-middle attack. In the second (good) example, the self-signed certificate that should be trusted is loaded into a `KeyStore`. This explicitly defines the certificate as trusted and there is no need to create a custom `TrustManager`.\n\n\n```java\npublic static void main(String[] args) throws Exception {\n    {\n        class InsecureTrustManager implements X509TrustManager {\n            @Override\n            public X509Certificate[] getAcceptedIssuers() {\n                return null;\n            }\n\n            @Override\n            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {\n                // BAD: Does not verify the certificate chain, allowing any certificate.\n            }\n\n            @Override\n            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {\n\n            }\n        }\n        SSLContext context = SSLContext.getInstance(\"TLS\");\n        TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };\n        context.init(null, trustManager, null);\n    }\n    {\n        SSLContext context = SSLContext.getInstance(\"TLS\");\n        File certificateFile = new File(\"path/to/self-signed-certificate\");\n        // Create a `KeyStore` with default type\n        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());\n        // `keyStore` is initially empty\n        keyStore.load(null, null);\n        X509Certificate generatedCertificate;\n        try (InputStream cert = new FileInputStream(certificateFile)) {\n            generatedCertificate = (X509Certificate) CertificateFactory.getInstance(\"X509\")\n                    .generateCertificate(cert);\n        }\n        // Add the self-signed certificate to the key store\n        keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);\n        // Get default `TrustManagerFactory`\n        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());\n        // Use it with our key store that trusts our self-signed certificate\n        tmf.init(keyStore);\n        TrustManager[] trustManagers = tmf.getTrustManagers();\n        context.init(null, trustManagers, null);\n        // GOOD, we are not using a custom `TrustManager` but instead have\n        // added the self-signed certificate we want to trust to the key\n        // store. Note, the `trustManagers` will **only** trust this one\n        // certificate.\n        \n        URL url = new URL(\"https://self-signed.badssl.com/\");\n        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();\n        conn.setSSLSocketFactory(context.getSocketFactory());\n    }\n}\n\n```\n\n## References\n* Android Developers: [Security with HTTPS and SSL](https://developer.android.com/training/articles/security-ssl).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n"},"properties":{"tags":["security","external/cwe/cwe-295","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Trusting all certificates allows an attacker to perform a machine-in-the-middle attack.","id":"java/insecure-trustmanager","kind":"path-problem","name":"`TrustManager` that accepts all certificates","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/improper-webview-certificate-validation","name":"java/improper-webview-certificate-validation","shortDescription":{"text":"Android `WebView` that accepts all certificates"},"fullDescription":{"text":"Trusting all certificates allows an attacker to perform a machine-in-the-middle attack."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Android `WebView` that accepts all certificates\nIf the `onReceivedSslError` method of an Android `WebViewClient` always calls `proceed` on the given `SslErrorHandler`, it trusts any certificate. This allows an attacker to perform a machine-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.\n\nAn attack might look like this:\n\n1. The vulnerable application connects to `https://example.com`.\n1. The attacker intercepts this connection and presents a valid, self-signed certificate for `https://example.com`.\n1. The vulnerable application calls the `onReceivedSslError` method to check whether it should trust the certificate.\n1. The `onReceivedSslError` method of your `WebViewClient` calls `SslErrorHandler.proceed`.\n1. The vulnerable application accepts the certificate and proceeds with the connection since your `WevViewClient` trusted it by proceeding.\n1. The attacker can now read the data your application sends to `https://example.com` and/or alter its replies while the application thinks the connection is secure.\n\n## Recommendation\nDo not use a call `SslerrorHandler.proceed` unconditionally. If you have to use a self-signed certificate, only accept that certificate, not all certificates.\n\n\n## Example\nIn the first (bad) example, the `WebViewClient` trusts all certificates by always calling `SslErrorHandler.proceed`. In the second (good) example, only certificates signed by a certain public key are accepted.\n\n\n```java\nclass Bad extends WebViewClient {\n    // BAD: All certificates are trusted.\n    public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult\n        handler.proceed(); \n    }\n}\n\nclass Good extends WebViewClient {\n    PublicKey myPubKey = ...;\n\n    // GOOD: Only certificates signed by a certain public key are trusted.\n    public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult\n        try {\n            X509Certificate cert = error.getCertificate().getX509Certificate();\n            cert.verify(this.myPubKey);\n            handler.proceed();\n        }\n        catch (CertificateException|NoSuchAlgorithmException|InvalidKeyException|NoSuchProviderException|SignatureException e) {\n            handler.cancel();\n        }\n    }    \n}\n```\n\n## References\n* [WebViewClient.onReceivedSslError documentation](https://developer.android.com/reference/android/webkit/WebViewClient?hl=en#onReceivedSslError(android.webkit.WebView,%20android.webkit.SslErrorHandler,%20android.net.http.SslError)).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n","markdown":"# Android `WebView` that accepts all certificates\nIf the `onReceivedSslError` method of an Android `WebViewClient` always calls `proceed` on the given `SslErrorHandler`, it trusts any certificate. This allows an attacker to perform a machine-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.\n\nAn attack might look like this:\n\n1. The vulnerable application connects to `https://example.com`.\n1. The attacker intercepts this connection and presents a valid, self-signed certificate for `https://example.com`.\n1. The vulnerable application calls the `onReceivedSslError` method to check whether it should trust the certificate.\n1. The `onReceivedSslError` method of your `WebViewClient` calls `SslErrorHandler.proceed`.\n1. The vulnerable application accepts the certificate and proceeds with the connection since your `WevViewClient` trusted it by proceeding.\n1. The attacker can now read the data your application sends to `https://example.com` and/or alter its replies while the application thinks the connection is secure.\n\n## Recommendation\nDo not use a call `SslerrorHandler.proceed` unconditionally. If you have to use a self-signed certificate, only accept that certificate, not all certificates.\n\n\n## Example\nIn the first (bad) example, the `WebViewClient` trusts all certificates by always calling `SslErrorHandler.proceed`. In the second (good) example, only certificates signed by a certain public key are accepted.\n\n\n```java\nclass Bad extends WebViewClient {\n    // BAD: All certificates are trusted.\n    public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult\n        handler.proceed(); \n    }\n}\n\nclass Good extends WebViewClient {\n    PublicKey myPubKey = ...;\n\n    // GOOD: Only certificates signed by a certain public key are trusted.\n    public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult\n        try {\n            X509Certificate cert = error.getCertificate().getX509Certificate();\n            cert.verify(this.myPubKey);\n            handler.proceed();\n        }\n        catch (CertificateException|NoSuchAlgorithmException|InvalidKeyException|NoSuchProviderException|SignatureException e) {\n            handler.cancel();\n        }\n    }    \n}\n```\n\n## References\n* [WebViewClient.onReceivedSslError documentation](https://developer.android.com/reference/android/webkit/WebViewClient?hl=en#onReceivedSslError(android.webkit.WebView,%20android.webkit.SslErrorHandler,%20android.net.http.SslError)).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n"},"properties":{"tags":["security","external/cwe/cwe-295","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Trusting all certificates allows an attacker to perform a machine-in-the-middle attack.","id":"java/improper-webview-certificate-validation","kind":"problem","name":"Android `WebView` that accepts all certificates","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/ognl-injection","name":"java/ognl-injection","shortDescription":{"text":"OGNL Expression Language statement with user-controlled input"},"fullDescription":{"text":"Evaluation of OGNL Expression Language statement with user-controlled input can lead to execution of arbitrary code."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# OGNL Expression Language statement with user-controlled input\nObject-Graph Navigation Language (OGNL) is an open-source Expression Language (EL) for Java. OGNL can create or change executable code, consequently it can introduce critical security flaws to any application that uses it. Evaluation of unvalidated expressions is a common flaw in OGNL. This exposes the properties of Java objects to modification by an attacker and may allow them to execute arbitrary code.\n\n\n## Recommendation\nThe general recommendation is to avoid evaluating untrusted ONGL expressions. If user-provided OGNL expressions must be evaluated, do this in a sandbox and validate the expressions before evaluation.\n\n\n## Example\nIn the following examples, the code accepts an OGNL expression from the user and evaluates it.\n\nIn the first example, the user-provided OGNL expression is parsed and evaluated.\n\nThe second example validates the expression and evaluates it inside a sandbox. You can add a sandbox by setting a system property, as shown in the example, or by adding `-Dognl.security.manager` to JVM arguments.\n\n\n```java\nimport ognl.Ognl;\nimport ognl.OgnlException;\n\npublic void evaluate(HttpServletRequest request, Object root) throws OgnlException {\n  String expression = request.getParameter(\"expression\");\n\n  // BAD: User provided expression is evaluated\n  Ognl.getValue(expression, root);\n  \n  // GOOD: The name is validated and expression is evaluated in sandbox\n  System.setProperty(\"ognl.security.manager\", \"\"); // Or add -Dognl.security.manager to JVM args\n  if (isValid(expression)) {\n    Ognl.getValue(expression, root);\n  } else {\n    // Reject the request\n  }\n}\n\npublic void isValid(Strig expression) {\n  // Custom method to validate the expression.\n  // For instance, make sure it doesn't include unexpected code.\n}\n\n```\n\n## References\n* Apache Commons: [Apache Commons OGNL](https://commons.apache.org/proper/commons-ognl/).\n* Struts security: [Proactively protect from OGNL Expression Injections attacks](https://struts.apache.org/security/#proactively-protect-from-ognl-expression-injections-attacks-if-easily-applicable).\n* Common Weakness Enumeration: [CWE-917](https://cwe.mitre.org/data/definitions/917.html).\n","markdown":"# OGNL Expression Language statement with user-controlled input\nObject-Graph Navigation Language (OGNL) is an open-source Expression Language (EL) for Java. OGNL can create or change executable code, consequently it can introduce critical security flaws to any application that uses it. Evaluation of unvalidated expressions is a common flaw in OGNL. This exposes the properties of Java objects to modification by an attacker and may allow them to execute arbitrary code.\n\n\n## Recommendation\nThe general recommendation is to avoid evaluating untrusted ONGL expressions. If user-provided OGNL expressions must be evaluated, do this in a sandbox and validate the expressions before evaluation.\n\n\n## Example\nIn the following examples, the code accepts an OGNL expression from the user and evaluates it.\n\nIn the first example, the user-provided OGNL expression is parsed and evaluated.\n\nThe second example validates the expression and evaluates it inside a sandbox. You can add a sandbox by setting a system property, as shown in the example, or by adding `-Dognl.security.manager` to JVM arguments.\n\n\n```java\nimport ognl.Ognl;\nimport ognl.OgnlException;\n\npublic void evaluate(HttpServletRequest request, Object root) throws OgnlException {\n  String expression = request.getParameter(\"expression\");\n\n  // BAD: User provided expression is evaluated\n  Ognl.getValue(expression, root);\n  \n  // GOOD: The name is validated and expression is evaluated in sandbox\n  System.setProperty(\"ognl.security.manager\", \"\"); // Or add -Dognl.security.manager to JVM args\n  if (isValid(expression)) {\n    Ognl.getValue(expression, root);\n  } else {\n    // Reject the request\n  }\n}\n\npublic void isValid(Strig expression) {\n  // Custom method to validate the expression.\n  // For instance, make sure it doesn't include unexpected code.\n}\n\n```\n\n## References\n* Apache Commons: [Apache Commons OGNL](https://commons.apache.org/proper/commons-ognl/).\n* Struts security: [Proactively protect from OGNL Expression Injections attacks](https://struts.apache.org/security/#proactively-protect-from-ognl-expression-injections-attacks-if-easily-applicable).\n* Common Weakness Enumeration: [CWE-917](https://cwe.mitre.org/data/definitions/917.html).\n"},"properties":{"tags":["security","external/cwe/cwe-917","owasp-top10-2021","A03:2021 - Injection"],"description":"Evaluation of OGNL Expression Language statement with user-controlled input can\n                lead to execution of arbitrary code.","id":"java/ognl-injection","kind":"path-problem","name":"OGNL Expression Language statement with user-controlled input","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/netty-http-request-or-response-splitting","name":"java/netty-http-request-or-response-splitting","shortDescription":{"text":"Disabled Netty HTTP header validation"},"fullDescription":{"text":"Disabling HTTP header validation makes code vulnerable to attack by header splitting if user input is written directly to an HTTP header."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Disabled Netty HTTP header validation\nDirectly writing user input (for example, an HTTP request parameter) to an HTTP header can lead to an HTTP request-splitting or response-splitting vulnerability.\n\nHTTP response splitting can lead to vulnerabilities such as XSS and cache poisoning.\n\nHTTP request splitting can allow an attacker to inject an additional HTTP request into a client's outgoing socket connection. This can allow an attacker to perform an SSRF-like attack.\n\nIn the context of a servlet container, if the user input includes blank lines and the servlet container does not escape the blank lines, then a remote user can cause the response to turn into two separate responses. The remote user can then control one or more responses, which is also HTTP response splitting.\n\n\n## Recommendation\nGuard against HTTP header splitting in the same way as guarding against cross-site scripting. Before passing any data into HTTP headers, either check the data for special characters, or escape any special characters that are present.\n\nIf the code calls Netty API's directly, ensure that the `validateHeaders` parameter is set to `true`.\n\n\n## Example\nThe following example shows the 'name' parameter being written to a cookie in two different ways. The first way writes it directly to the cookie, and thus is vulnerable to response-splitting attacks. The second way first removes all special characters, thus avoiding the potential problem.\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: setting a cookie with an unvalidated parameter\n\t\tCookie cookie = new Cookie(\"name\", request.getParameter(\"name\"));\n\t\tresponse.addCookie(cookie);\n\n\t\t// GOOD: remove special characters before putting them in the header\n\t\tString name = removeSpecial(request.getParameter(\"name\"));\n\t\tCookie cookie2 = new Cookie(\"name\", name);\n\t\tresponse.addCookie(cookie2);\n\t}\n\n\tprivate static String removeSpecial(String str) {\n\t\treturn str.replaceAll(\"[^a-zA-Z ]\", \"\");\n\t}\n}\n\n```\n\n## Example\nThe following example shows the use of the library 'netty' with HTTP response-splitting verification configurations. The second way will verify the parameters before using them to build the HTTP response.\n\n\n```java\nimport io.netty.handler.codec.http.DefaultHttpHeaders;\n\npublic class ResponseSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpResponse badResponse = new DefaultHttpResponse(version, httpResponseStatus, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpResponse goodResponse = new DefaultHttpResponse(version, httpResponseStatus);\n}\n\n```\n\n## Example\nThe following example shows the use of the netty library with configurations for verification of HTTP request splitting. The second recommended approach in the example verifies the parameters before using them to build the HTTP request.\n\n\n```java\npublic class NettyRequestSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpRequest badRequest = new DefaultHttpRequest(httpVersion, method, uri, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpRequest goodResponse = new DefaultHttpRequest(httpVersion, method, uri);\n}\n\n```\n\n## References\n* SecLists.org: [HTTP response splitting](https://seclists.org/bugtraq/2005/Apr/187).\n* OWASP: [HTTP Response Splitting](https://www.owasp.org/index.php/HTTP_Response_Splitting).\n* Wikipedia: [HTTP response splitting](http://en.wikipedia.org/wiki/HTTP_response_splitting).\n* CAPEC: [CAPEC-105: HTTP Request Splitting](https://capec.mitre.org/data/definitions/105.html)\n* Common Weakness Enumeration: [CWE-93](https://cwe.mitre.org/data/definitions/93.html).\n* Common Weakness Enumeration: [CWE-113](https://cwe.mitre.org/data/definitions/113.html).\n","markdown":"# Disabled Netty HTTP header validation\nDirectly writing user input (for example, an HTTP request parameter) to an HTTP header can lead to an HTTP request-splitting or response-splitting vulnerability.\n\nHTTP response splitting can lead to vulnerabilities such as XSS and cache poisoning.\n\nHTTP request splitting can allow an attacker to inject an additional HTTP request into a client's outgoing socket connection. This can allow an attacker to perform an SSRF-like attack.\n\nIn the context of a servlet container, if the user input includes blank lines and the servlet container does not escape the blank lines, then a remote user can cause the response to turn into two separate responses. The remote user can then control one or more responses, which is also HTTP response splitting.\n\n\n## Recommendation\nGuard against HTTP header splitting in the same way as guarding against cross-site scripting. Before passing any data into HTTP headers, either check the data for special characters, or escape any special characters that are present.\n\nIf the code calls Netty API's directly, ensure that the `validateHeaders` parameter is set to `true`.\n\n\n## Example\nThe following example shows the 'name' parameter being written to a cookie in two different ways. The first way writes it directly to the cookie, and thus is vulnerable to response-splitting attacks. The second way first removes all special characters, thus avoiding the potential problem.\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: setting a cookie with an unvalidated parameter\n\t\tCookie cookie = new Cookie(\"name\", request.getParameter(\"name\"));\n\t\tresponse.addCookie(cookie);\n\n\t\t// GOOD: remove special characters before putting them in the header\n\t\tString name = removeSpecial(request.getParameter(\"name\"));\n\t\tCookie cookie2 = new Cookie(\"name\", name);\n\t\tresponse.addCookie(cookie2);\n\t}\n\n\tprivate static String removeSpecial(String str) {\n\t\treturn str.replaceAll(\"[^a-zA-Z ]\", \"\");\n\t}\n}\n\n```\n\n## Example\nThe following example shows the use of the library 'netty' with HTTP response-splitting verification configurations. The second way will verify the parameters before using them to build the HTTP response.\n\n\n```java\nimport io.netty.handler.codec.http.DefaultHttpHeaders;\n\npublic class ResponseSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpResponse badResponse = new DefaultHttpResponse(version, httpResponseStatus, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpResponse goodResponse = new DefaultHttpResponse(version, httpResponseStatus);\n}\n\n```\n\n## Example\nThe following example shows the use of the netty library with configurations for verification of HTTP request splitting. The second recommended approach in the example verifies the parameters before using them to build the HTTP request.\n\n\n```java\npublic class NettyRequestSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpRequest badRequest = new DefaultHttpRequest(httpVersion, method, uri, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpRequest goodResponse = new DefaultHttpRequest(httpVersion, method, uri);\n}\n\n```\n\n## References\n* SecLists.org: [HTTP response splitting](https://seclists.org/bugtraq/2005/Apr/187).\n* OWASP: [HTTP Response Splitting](https://www.owasp.org/index.php/HTTP_Response_Splitting).\n* Wikipedia: [HTTP response splitting](http://en.wikipedia.org/wiki/HTTP_response_splitting).\n* CAPEC: [CAPEC-105: HTTP Request Splitting](https://capec.mitre.org/data/definitions/105.html)\n* Common Weakness Enumeration: [CWE-93](https://cwe.mitre.org/data/definitions/93.html).\n* Common Weakness Enumeration: [CWE-113](https://cwe.mitre.org/data/definitions/113.html).\n"},"properties":{"tags":["security","external/cwe/cwe-93","external/cwe/cwe-113","owasp-top10-2021","A03:2021 - Injection"],"description":"Disabling HTTP header validation makes code vulnerable to\n              attack by header splitting if user input is written directly to\n              an HTTP header.","id":"java/netty-http-request-or-response-splitting","kind":"problem","name":"Disabled Netty HTTP header validation","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"java/http-response-splitting","name":"java/http-response-splitting","shortDescription":{"text":"HTTP response splitting"},"fullDescription":{"text":"Writing user input directly to an HTTP header makes code vulnerable to attack by header splitting."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# HTTP response splitting\nDirectly writing user input (for example, an HTTP request parameter) to an HTTP header can lead to an HTTP request-splitting or response-splitting vulnerability.\n\nHTTP response splitting can lead to vulnerabilities such as XSS and cache poisoning.\n\nHTTP request splitting can allow an attacker to inject an additional HTTP request into a client's outgoing socket connection. This can allow an attacker to perform an SSRF-like attack.\n\nIn the context of a servlet container, if the user input includes blank lines and the servlet container does not escape the blank lines, then a remote user can cause the response to turn into two separate responses. The remote user can then control one or more responses, which is also HTTP response splitting.\n\n\n## Recommendation\nGuard against HTTP header splitting in the same way as guarding against cross-site scripting. Before passing any data into HTTP headers, either check the data for special characters, or escape any special characters that are present.\n\nIf the code calls Netty API's directly, ensure that the `validateHeaders` parameter is set to `true`.\n\n\n## Example\nThe following example shows the 'name' parameter being written to a cookie in two different ways. The first way writes it directly to the cookie, and thus is vulnerable to response-splitting attacks. The second way first removes all special characters, thus avoiding the potential problem.\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: setting a cookie with an unvalidated parameter\n\t\tCookie cookie = new Cookie(\"name\", request.getParameter(\"name\"));\n\t\tresponse.addCookie(cookie);\n\n\t\t// GOOD: remove special characters before putting them in the header\n\t\tString name = removeSpecial(request.getParameter(\"name\"));\n\t\tCookie cookie2 = new Cookie(\"name\", name);\n\t\tresponse.addCookie(cookie2);\n\t}\n\n\tprivate static String removeSpecial(String str) {\n\t\treturn str.replaceAll(\"[^a-zA-Z ]\", \"\");\n\t}\n}\n\n```\n\n## Example\nThe following example shows the use of the library 'netty' with HTTP response-splitting verification configurations. The second way will verify the parameters before using them to build the HTTP response.\n\n\n```java\nimport io.netty.handler.codec.http.DefaultHttpHeaders;\n\npublic class ResponseSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpResponse badResponse = new DefaultHttpResponse(version, httpResponseStatus, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpResponse goodResponse = new DefaultHttpResponse(version, httpResponseStatus);\n}\n\n```\n\n## Example\nThe following example shows the use of the netty library with configurations for verification of HTTP request splitting. The second recommended approach in the example verifies the parameters before using them to build the HTTP request.\n\n\n```java\npublic class NettyRequestSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpRequest badRequest = new DefaultHttpRequest(httpVersion, method, uri, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpRequest goodResponse = new DefaultHttpRequest(httpVersion, method, uri);\n}\n\n```\n\n## References\n* SecLists.org: [HTTP response splitting](https://seclists.org/bugtraq/2005/Apr/187).\n* OWASP: [HTTP Response Splitting](https://www.owasp.org/index.php/HTTP_Response_Splitting).\n* Wikipedia: [HTTP response splitting](http://en.wikipedia.org/wiki/HTTP_response_splitting).\n* CAPEC: [CAPEC-105: HTTP Request Splitting](https://capec.mitre.org/data/definitions/105.html)\n* Common Weakness Enumeration: [CWE-113](https://cwe.mitre.org/data/definitions/113.html).\n","markdown":"# HTTP response splitting\nDirectly writing user input (for example, an HTTP request parameter) to an HTTP header can lead to an HTTP request-splitting or response-splitting vulnerability.\n\nHTTP response splitting can lead to vulnerabilities such as XSS and cache poisoning.\n\nHTTP request splitting can allow an attacker to inject an additional HTTP request into a client's outgoing socket connection. This can allow an attacker to perform an SSRF-like attack.\n\nIn the context of a servlet container, if the user input includes blank lines and the servlet container does not escape the blank lines, then a remote user can cause the response to turn into two separate responses. The remote user can then control one or more responses, which is also HTTP response splitting.\n\n\n## Recommendation\nGuard against HTTP header splitting in the same way as guarding against cross-site scripting. Before passing any data into HTTP headers, either check the data for special characters, or escape any special characters that are present.\n\nIf the code calls Netty API's directly, ensure that the `validateHeaders` parameter is set to `true`.\n\n\n## Example\nThe following example shows the 'name' parameter being written to a cookie in two different ways. The first way writes it directly to the cookie, and thus is vulnerable to response-splitting attacks. The second way first removes all special characters, thus avoiding the potential problem.\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: setting a cookie with an unvalidated parameter\n\t\tCookie cookie = new Cookie(\"name\", request.getParameter(\"name\"));\n\t\tresponse.addCookie(cookie);\n\n\t\t// GOOD: remove special characters before putting them in the header\n\t\tString name = removeSpecial(request.getParameter(\"name\"));\n\t\tCookie cookie2 = new Cookie(\"name\", name);\n\t\tresponse.addCookie(cookie2);\n\t}\n\n\tprivate static String removeSpecial(String str) {\n\t\treturn str.replaceAll(\"[^a-zA-Z ]\", \"\");\n\t}\n}\n\n```\n\n## Example\nThe following example shows the use of the library 'netty' with HTTP response-splitting verification configurations. The second way will verify the parameters before using them to build the HTTP response.\n\n\n```java\nimport io.netty.handler.codec.http.DefaultHttpHeaders;\n\npublic class ResponseSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpResponse badResponse = new DefaultHttpResponse(version, httpResponseStatus, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpResponse goodResponse = new DefaultHttpResponse(version, httpResponseStatus);\n}\n\n```\n\n## Example\nThe following example shows the use of the netty library with configurations for verification of HTTP request splitting. The second recommended approach in the example verifies the parameters before using them to build the HTTP request.\n\n\n```java\npublic class NettyRequestSplitting {\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpHeaders badHeaders = new DefaultHttpHeaders(false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpHeaders goodHeaders = new DefaultHttpHeaders();\n\n    // BAD: Disables the internal response splitting verification\n    private final DefaultHttpRequest badRequest = new DefaultHttpRequest(httpVersion, method, uri, false);\n\n    // GOOD: Verifies headers passed don't contain CRLF characters\n    private final DefaultHttpRequest goodResponse = new DefaultHttpRequest(httpVersion, method, uri);\n}\n\n```\n\n## References\n* SecLists.org: [HTTP response splitting](https://seclists.org/bugtraq/2005/Apr/187).\n* OWASP: [HTTP Response Splitting](https://www.owasp.org/index.php/HTTP_Response_Splitting).\n* Wikipedia: [HTTP response splitting](http://en.wikipedia.org/wiki/HTTP_response_splitting).\n* CAPEC: [CAPEC-105: HTTP Request Splitting](https://capec.mitre.org/data/definitions/105.html)\n* Common Weakness Enumeration: [CWE-113](https://cwe.mitre.org/data/definitions/113.html).\n"},"properties":{"tags":["security","external/cwe/cwe-113","owasp-top10-2021","A03:2021 - Injection"],"description":"Writing user input directly to an HTTP header\n              makes code vulnerable to attack by header splitting.","id":"java/http-response-splitting","kind":"path-problem","name":"HTTP response splitting","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"java/overly-large-range","name":"java/overly-large-range","shortDescription":{"text":"Overly permissive regular expression range"},"fullDescription":{"text":"Overly permissive regular expression ranges match a wider range of characters than intended. This may allow an attacker to bypass a filter or sanitizer."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Overly permissive regular expression range\nIt's easy to write a regular expression range that matches a wider range of characters than you intended. For example, `/[a-zA-z]/` matches all lowercase and all uppercase letters, as you would expect, but it also matches the characters: `` [ \\ ] ^ _ ` ``.\n\nAnother common problem is failing to escape the dash character in a regular expression. An unescaped dash is interpreted as part of a range. For example, in the character class `[a-zA-Z0-9%=.,-_]` the last character range matches the 55 characters between `,` and `_` (both included), which overlaps with the range `[0-9]` and is clearly not intended by the writer.\n\n\n## Recommendation\nAvoid any confusion about which characters are included in the range by writing unambiguous regular expressions. Always check that character ranges match only the expected characters.\n\n\n## Example\nThe following example code is intended to check whether a string is a valid 6 digit hex color.\n\n```java\n\nimport java.util.regex.Pattern\npublic class Tester {\n    public static boolean is_valid_hex_color(String color) {\n        return Pattern.matches(\"#[0-9a-fA-f]{6}\", color);\n    }\n}\n\n```\nHowever, the `A-f` range is overly large and matches every uppercase character. It would parse a \"color\" like `#XXYYZZ` as valid.\n\nThe fix is to use an uppercase `A-F` range instead.\n\n```javascript\n\nimport java.util.regex.Pattern\npublic class Tester {\n    public static boolean is_valid_hex_color(String color) {\n        return Pattern.matches(\"#[0-9a-fA-F]{6}\", color);\n    }\n}\n\n```\n\n## References\n* GitHub Advisory Database: [CVE-2021-42740: Improper Neutralization of Special Elements used in a Command in Shell-quote](https://github.com/advisories/GHSA-g4rg-993r-mgx7)\n* wh0.github.io: [Exploiting CVE-2021-42740](https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html)\n* Yosuke Ota: [no-obscure-range](https://ota-meshi.github.io/eslint-plugin-regexp/rules/no-obscure-range.html)\n* Paul Boyd: [The regex \\[,-.\\]](https://pboyd.io/posts/comma-dash-dot/)\n* Common Weakness Enumeration: [CWE-20](https://cwe.mitre.org/data/definitions/20.html).\n","markdown":"# Overly permissive regular expression range\nIt's easy to write a regular expression range that matches a wider range of characters than you intended. For example, `/[a-zA-z]/` matches all lowercase and all uppercase letters, as you would expect, but it also matches the characters: `` [ \\ ] ^ _ ` ``.\n\nAnother common problem is failing to escape the dash character in a regular expression. An unescaped dash is interpreted as part of a range. For example, in the character class `[a-zA-Z0-9%=.,-_]` the last character range matches the 55 characters between `,` and `_` (both included), which overlaps with the range `[0-9]` and is clearly not intended by the writer.\n\n\n## Recommendation\nAvoid any confusion about which characters are included in the range by writing unambiguous regular expressions. Always check that character ranges match only the expected characters.\n\n\n## Example\nThe following example code is intended to check whether a string is a valid 6 digit hex color.\n\n```java\n\nimport java.util.regex.Pattern\npublic class Tester {\n    public static boolean is_valid_hex_color(String color) {\n        return Pattern.matches(\"#[0-9a-fA-f]{6}\", color);\n    }\n}\n\n```\nHowever, the `A-f` range is overly large and matches every uppercase character. It would parse a \"color\" like `#XXYYZZ` as valid.\n\nThe fix is to use an uppercase `A-F` range instead.\n\n```javascript\n\nimport java.util.regex.Pattern\npublic class Tester {\n    public static boolean is_valid_hex_color(String color) {\n        return Pattern.matches(\"#[0-9a-fA-F]{6}\", color);\n    }\n}\n\n```\n\n## References\n* GitHub Advisory Database: [CVE-2021-42740: Improper Neutralization of Special Elements used in a Command in Shell-quote](https://github.com/advisories/GHSA-g4rg-993r-mgx7)\n* wh0.github.io: [Exploiting CVE-2021-42740](https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html)\n* Yosuke Ota: [no-obscure-range](https://ota-meshi.github.io/eslint-plugin-regexp/rules/no-obscure-range.html)\n* Paul Boyd: [The regex \\[,-.\\]](https://pboyd.io/posts/comma-dash-dot/)\n* Common Weakness Enumeration: [CWE-20](https://cwe.mitre.org/data/definitions/20.html).\n"},"properties":{"tags":["correctness","security","external/cwe/cwe-020","owasp-top10-2021","A03:2021 - Injection"],"description":"Overly permissive regular expression ranges match a wider range of characters than intended.\n              This may allow an attacker to bypass a filter or sanitizer.","id":"java/overly-large-range","kind":"problem","name":"Overly permissive regular expression range","precision":"high","problem.severity":"warning","security-severity":"5.0"}},{"id":"java/path-injection","name":"java/path-injection","shortDescription":{"text":"Uncontrolled data used in path expression"},"fullDescription":{"text":"Accessing paths influenced by users can allow an attacker to access unexpected resources."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Uncontrolled data used in path expression\nAccessing paths controlled by users can allow an attacker to access unexpected resources. This can result in sensitive information being revealed or deleted, or an attacker being able to influence behavior by modifying unexpected files.\n\nPaths that are naively constructed from data controlled by a user may contain unexpected special characters, such as \"..\". Such a path may potentially point to any directory on the file system.\n\n\n## Recommendation\nValidate user input before using it to construct a file path. Ideally, follow these rules:\n\n* Do not allow more than a single \".\" character.\n* Do not allow directory separators such as \"/\" or \"\\\\\" (depending on the file system).\n* Do not rely on simply replacing problematic sequences such as \"../\". For example, after applying this filter to \".../...//\" the resulting string would still be \"../\".\n* Ideally use a whitelist of known good patterns.\n\n## Example\nIn this example, a file name is read from a `java.net.Socket` and then used to access a file in the user's home directory and send it back over the socket. However, a malicious user could enter a file name which contains special characters. For example, the string \"../../etc/passwd\" will result in the code reading the file located at \"/home/\\[user\\]/../../etc/passwd\", which is the system's password file. This file would then be sent back to the user, giving them access to all the system's passwords.\n\n\n```java\npublic void sendUserFile(Socket sock, String user) {\n\tBufferedReader filenameReader = new BufferedReader(\n\t\t\tnew InputStreamReader(sock.getInputStream(), \"UTF-8\"));\n\tString filename = filenameReader.readLine();\n\t// BAD: read from a file using a path controlled by the user\n\tBufferedReader fileReader = new BufferedReader(\n\t\t\tnew FileReader(\"/home/\" + user + \"/\" + filename));\n\tString fileLine = fileReader.readLine();\n\twhile(fileLine != null) {\n\t\tsock.getOutputStream().write(fileLine.getBytes());\n\t\tfileLine = fileReader.readLine();\n\t}\n}\n\npublic void sendUserFileFixed(Socket sock, String user) {\n\t// ...\n\t\n\t// GOOD: remove all dots and directory delimiters from the filename before using\n\tString filename = filenameReader.readLine().replaceAll(\"\\\\.\", \"\").replaceAll(\"/\", \"\");\n\tBufferedReader fileReader = new BufferedReader(\n\t\t\tnew FileReader(\"/home/\" + user + \"/\" + filename));\n\n\t// ...\n}\n\n```\n\n## References\n* OWASP: [Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* Common Weakness Enumeration: [CWE-22](https://cwe.mitre.org/data/definitions/22.html).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n* Common Weakness Enumeration: [CWE-36](https://cwe.mitre.org/data/definitions/36.html).\n* Common Weakness Enumeration: [CWE-73](https://cwe.mitre.org/data/definitions/73.html).\n","markdown":"# Uncontrolled data used in path expression\nAccessing paths controlled by users can allow an attacker to access unexpected resources. This can result in sensitive information being revealed or deleted, or an attacker being able to influence behavior by modifying unexpected files.\n\nPaths that are naively constructed from data controlled by a user may contain unexpected special characters, such as \"..\". Such a path may potentially point to any directory on the file system.\n\n\n## Recommendation\nValidate user input before using it to construct a file path. Ideally, follow these rules:\n\n* Do not allow more than a single \".\" character.\n* Do not allow directory separators such as \"/\" or \"\\\\\" (depending on the file system).\n* Do not rely on simply replacing problematic sequences such as \"../\". For example, after applying this filter to \".../...//\" the resulting string would still be \"../\".\n* Ideally use a whitelist of known good patterns.\n\n## Example\nIn this example, a file name is read from a `java.net.Socket` and then used to access a file in the user's home directory and send it back over the socket. However, a malicious user could enter a file name which contains special characters. For example, the string \"../../etc/passwd\" will result in the code reading the file located at \"/home/\\[user\\]/../../etc/passwd\", which is the system's password file. This file would then be sent back to the user, giving them access to all the system's passwords.\n\n\n```java\npublic void sendUserFile(Socket sock, String user) {\n\tBufferedReader filenameReader = new BufferedReader(\n\t\t\tnew InputStreamReader(sock.getInputStream(), \"UTF-8\"));\n\tString filename = filenameReader.readLine();\n\t// BAD: read from a file using a path controlled by the user\n\tBufferedReader fileReader = new BufferedReader(\n\t\t\tnew FileReader(\"/home/\" + user + \"/\" + filename));\n\tString fileLine = fileReader.readLine();\n\twhile(fileLine != null) {\n\t\tsock.getOutputStream().write(fileLine.getBytes());\n\t\tfileLine = fileReader.readLine();\n\t}\n}\n\npublic void sendUserFileFixed(Socket sock, String user) {\n\t// ...\n\t\n\t// GOOD: remove all dots and directory delimiters from the filename before using\n\tString filename = filenameReader.readLine().replaceAll(\"\\\\.\", \"\").replaceAll(\"/\", \"\");\n\tBufferedReader fileReader = new BufferedReader(\n\t\t\tnew FileReader(\"/home/\" + user + \"/\" + filename));\n\n\t// ...\n}\n\n```\n\n## References\n* OWASP: [Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* Common Weakness Enumeration: [CWE-22](https://cwe.mitre.org/data/definitions/22.html).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n* Common Weakness Enumeration: [CWE-36](https://cwe.mitre.org/data/definitions/36.html).\n* Common Weakness Enumeration: [CWE-73](https://cwe.mitre.org/data/definitions/73.html).\n"},"properties":{"tags":["security","external/cwe/cwe-022","external/cwe/cwe-023","external/cwe/cwe-036","external/cwe/cwe-073","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Accessing paths influenced by users can allow an attacker to access unexpected resources.","id":"java/path-injection","kind":"path-problem","name":"Uncontrolled data used in path expression","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/zipslip","name":"java/zipslip","shortDescription":{"text":"Arbitrary file write during archive extraction (\"Zip Slip\")"},"fullDescription":{"text":"Extracting files from a malicious archive without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Arbitrary file write during archive extraction (\"Zip Slip\")\nExtracting files from a malicious zip archive (or another archive format) without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten, due to the possible presence of directory traversal elements (`..`) in archive paths.\n\nZip archives contain archive entries representing each file in the archive. These entries include a file path for the entry, but these file paths are not restricted and may contain unexpected special elements such as the directory traversal element (`..`). If these file paths are used to determine an output file to write the contents of the archive item to, then the file may be written to an unexpected location. This can result in sensitive information being revealed or deleted, or an attacker being able to influence behavior by modifying unexpected files.\n\nFor example, if a zip file contains a file entry `..\\sneaky-file`, and the zip file is extracted to the directory `c:\\output`, then naively combining the paths would result in an output file path of `c:\\output\\..\\sneaky-file`, which would cause the file to be written to `c:\\sneaky-file`.\n\n\n## Recommendation\nEnsure that output paths constructed from zip archive entries are validated to prevent writing files to unexpected locations.\n\nThe recommended way of writing an output file from a zip archive entry is to verify that the normalized full path of the output file starts with a prefix that matches the destination directory. Path normalization can be done with either `java.io.File.getCanonicalFile()` or `java.nio.file.Path.normalize()`. Prefix checking can be done with `String.startsWith(..)`, but it is better to use `java.nio.file.Path.startsWith(..)`, as the latter works on complete path segments.\n\nAnother alternative is to validate archive entries against a whitelist of expected files.\n\n\n## Example\nIn this example, a file path taken from a zip archive item entry is combined with a destination directory. The result is used as the destination file path without verifying that the result is within the destination directory. If provided with a zip file containing an archive path like `..\\sneaky-file`, then this file would be written outside the destination directory.\n\n\n```java\nvoid writeZipEntry(ZipEntry entry, File destinationDir) {\n    File file = new File(destinationDir, entry.getName());\n    FileOutputStream fos = new FileOutputStream(file); // BAD\n    // ... write entry to fos ...\n}\n\n```\nTo fix this vulnerability, we need to verify that the normalized `file` still has `destinationDir` as its prefix, and throw an exception if this is not the case.\n\n\n```java\nvoid writeZipEntry(ZipEntry entry, File destinationDir) {\n    File file = new File(destinationDir, entry.getName());\n    if (!file.toPath().normalize().startsWith(destinationDir.toPath()))\n        throw new Exception(\"Bad zip entry\");\n    FileOutputStream fos = new FileOutputStream(file); // OK\n    // ... write entry to fos ...\n}\n\n```\n\n## References\n* Snyk: [Zip Slip Vulnerability](https://snyk.io/research/zip-slip-vulnerability).\n* OWASP: [Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* Common Weakness Enumeration: [CWE-22](https://cwe.mitre.org/data/definitions/22.html).\n","markdown":"# Arbitrary file write during archive extraction (\"Zip Slip\")\nExtracting files from a malicious zip archive (or another archive format) without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten, due to the possible presence of directory traversal elements (`..`) in archive paths.\n\nZip archives contain archive entries representing each file in the archive. These entries include a file path for the entry, but these file paths are not restricted and may contain unexpected special elements such as the directory traversal element (`..`). If these file paths are used to determine an output file to write the contents of the archive item to, then the file may be written to an unexpected location. This can result in sensitive information being revealed or deleted, or an attacker being able to influence behavior by modifying unexpected files.\n\nFor example, if a zip file contains a file entry `..\\sneaky-file`, and the zip file is extracted to the directory `c:\\output`, then naively combining the paths would result in an output file path of `c:\\output\\..\\sneaky-file`, which would cause the file to be written to `c:\\sneaky-file`.\n\n\n## Recommendation\nEnsure that output paths constructed from zip archive entries are validated to prevent writing files to unexpected locations.\n\nThe recommended way of writing an output file from a zip archive entry is to verify that the normalized full path of the output file starts with a prefix that matches the destination directory. Path normalization can be done with either `java.io.File.getCanonicalFile()` or `java.nio.file.Path.normalize()`. Prefix checking can be done with `String.startsWith(..)`, but it is better to use `java.nio.file.Path.startsWith(..)`, as the latter works on complete path segments.\n\nAnother alternative is to validate archive entries against a whitelist of expected files.\n\n\n## Example\nIn this example, a file path taken from a zip archive item entry is combined with a destination directory. The result is used as the destination file path without verifying that the result is within the destination directory. If provided with a zip file containing an archive path like `..\\sneaky-file`, then this file would be written outside the destination directory.\n\n\n```java\nvoid writeZipEntry(ZipEntry entry, File destinationDir) {\n    File file = new File(destinationDir, entry.getName());\n    FileOutputStream fos = new FileOutputStream(file); // BAD\n    // ... write entry to fos ...\n}\n\n```\nTo fix this vulnerability, we need to verify that the normalized `file` still has `destinationDir` as its prefix, and throw an exception if this is not the case.\n\n\n```java\nvoid writeZipEntry(ZipEntry entry, File destinationDir) {\n    File file = new File(destinationDir, entry.getName());\n    if (!file.toPath().normalize().startsWith(destinationDir.toPath()))\n        throw new Exception(\"Bad zip entry\");\n    FileOutputStream fos = new FileOutputStream(file); // OK\n    // ... write entry to fos ...\n}\n\n```\n\n## References\n* Snyk: [Zip Slip Vulnerability](https://snyk.io/research/zip-slip-vulnerability).\n* OWASP: [Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* Common Weakness Enumeration: [CWE-22](https://cwe.mitre.org/data/definitions/22.html).\n"},"properties":{"tags":["security","external/cwe/cwe-022","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Extracting files from a malicious archive without validating that the\n              destination file path is within the destination directory can cause files outside\n              the destination directory to be overwritten.","id":"java/zipslip","kind":"path-problem","name":"Arbitrary file write during archive extraction (\"Zip Slip\")","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/android/unsafe-content-uri-resolution","name":"java/android/unsafe-content-uri-resolution","shortDescription":{"text":"Uncontrolled data used in content resolution"},"fullDescription":{"text":"Resolving externally-provided content URIs without validation can allow an attacker to access unexpected resources."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Uncontrolled data used in content resolution\nWhen an Android application wants to access data in a content provider, it uses the `ContentResolver` object. `ContentResolver`s communicate with an instance of a class that implements the `ContentProvider` interface via URIs with the `content://` scheme. The authority part (the first path segment) of the URI, passed as parameter to the `ContentResolver`, determines which content provider is contacted for the operation. Specific operations that act on files also support the `file://` scheme, in which case the local filesystem is queried instead. If an external component, like a malicious or compromised application, controls the URI for a `ContentResolver` operation, it can trick the vulnerable application into accessing its own private files or non-exported content providers. The attacking application might be able to get access to the file by forcing it to be copied to a public directory, like external storage, or tamper with the contents by making the application overwrite the file with unexpected data.\n\n\n## Recommendation\nIf possible, avoid using externally-provided data to determine the URI for a `ContentResolver` to use. If that is not an option, validate that the incoming URI can only reference trusted components, like an allow list of content providers and/or applications, or alternatively make sure that the URI does not reference private directories like `/data/`.\n\n\n## Example\nThis example shows three ways of opening a file using a `ContentResolver`. In the first case, externally-provided data from an intent is used directly in the file-reading operation. This allows an attacker to provide a URI of the form `/data/data/(vulnerable app package)/(private file)` to trick the application into reading it and copying it to the external storage. In the second case, an insufficient check is performed on the externally-provided URI, still leaving room for exploitation. In the third case, the URI is correctly validated before being used, making sure it does not reference any internal application files.\n\n\n```java\nimport android.content.ContentResolver;\nimport android.net.Uri;\n\npublic class Example extends Activity {\n    public void onCreate() {\n        // BAD: Externally-provided URI directly used in content resolution\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n        // BAD: input URI is not normalized, and check can be bypassed with \"..\" characters\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            String path = uri.getPath();\n            if (path.startsWith(\"/data\"))\n                throw new SecurityException();\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n        // GOOD: URI is properly validated to block access to internal files\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            String path = uri.getPath();\n            java.nio.file.Path normalized =\n                    java.nio.file.FileSystems.getDefault().getPath(path).normalize();\n            if (normalized.startsWith(\"/data\"))\n                throw new SecurityException();\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n    }\n\n    private void copyToExternalCache(InputStream is) {\n        // Reads the contents of is and writes a file in the app's external\n        // cache directory, which can be read publicly by applications in the same device.\n    }\n}\n\n```\n\n## References\n* Android developers: [Content provider basics](https://developer.android.com/guide/topics/providers/content-provider-basics)\n* [The ContentResolver class](https://developer.android.com/reference/android/content/ContentResolver)\n* Common Weakness Enumeration: [CWE-441](https://cwe.mitre.org/data/definitions/441.html).\n* Common Weakness Enumeration: [CWE-610](https://cwe.mitre.org/data/definitions/610.html).\n","markdown":"# Uncontrolled data used in content resolution\nWhen an Android application wants to access data in a content provider, it uses the `ContentResolver` object. `ContentResolver`s communicate with an instance of a class that implements the `ContentProvider` interface via URIs with the `content://` scheme. The authority part (the first path segment) of the URI, passed as parameter to the `ContentResolver`, determines which content provider is contacted for the operation. Specific operations that act on files also support the `file://` scheme, in which case the local filesystem is queried instead. If an external component, like a malicious or compromised application, controls the URI for a `ContentResolver` operation, it can trick the vulnerable application into accessing its own private files or non-exported content providers. The attacking application might be able to get access to the file by forcing it to be copied to a public directory, like external storage, or tamper with the contents by making the application overwrite the file with unexpected data.\n\n\n## Recommendation\nIf possible, avoid using externally-provided data to determine the URI for a `ContentResolver` to use. If that is not an option, validate that the incoming URI can only reference trusted components, like an allow list of content providers and/or applications, or alternatively make sure that the URI does not reference private directories like `/data/`.\n\n\n## Example\nThis example shows three ways of opening a file using a `ContentResolver`. In the first case, externally-provided data from an intent is used directly in the file-reading operation. This allows an attacker to provide a URI of the form `/data/data/(vulnerable app package)/(private file)` to trick the application into reading it and copying it to the external storage. In the second case, an insufficient check is performed on the externally-provided URI, still leaving room for exploitation. In the third case, the URI is correctly validated before being used, making sure it does not reference any internal application files.\n\n\n```java\nimport android.content.ContentResolver;\nimport android.net.Uri;\n\npublic class Example extends Activity {\n    public void onCreate() {\n        // BAD: Externally-provided URI directly used in content resolution\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n        // BAD: input URI is not normalized, and check can be bypassed with \"..\" characters\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            String path = uri.getPath();\n            if (path.startsWith(\"/data\"))\n                throw new SecurityException();\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n        // GOOD: URI is properly validated to block access to internal files\n        {\n            ContentResolver contentResolver = getContentResolver();\n            Uri uri = (Uri) getIntent().getParcelableExtra(\"URI_EXTRA\");\n            String path = uri.getPath();\n            java.nio.file.Path normalized =\n                    java.nio.file.FileSystems.getDefault().getPath(path).normalize();\n            if (normalized.startsWith(\"/data\"))\n                throw new SecurityException();\n            InputStream is = contentResolver.openInputStream(uri);\n            copyToExternalCache(is);\n        }\n    }\n\n    private void copyToExternalCache(InputStream is) {\n        // Reads the contents of is and writes a file in the app's external\n        // cache directory, which can be read publicly by applications in the same device.\n    }\n}\n\n```\n\n## References\n* Android developers: [Content provider basics](https://developer.android.com/guide/topics/providers/content-provider-basics)\n* [The ContentResolver class](https://developer.android.com/reference/android/content/ContentResolver)\n* Common Weakness Enumeration: [CWE-441](https://cwe.mitre.org/data/definitions/441.html).\n* Common Weakness Enumeration: [CWE-610](https://cwe.mitre.org/data/definitions/610.html).\n"},"properties":{"tags":["security","external/cwe/cwe-441","external/cwe/cwe-610","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Resolving externally-provided content URIs without validation can allow an attacker\n              to access unexpected resources.","id":"java/android/unsafe-content-uri-resolution","kind":"path-problem","name":"Uncontrolled data used in content resolution","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/insufficient-key-size","name":"java/insufficient-key-size","shortDescription":{"text":"Use of a cryptographic algorithm with insufficient key size"},"fullDescription":{"text":"Using cryptographic algorithms with too small a key size can allow an attacker to compromise security."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Use of a cryptographic algorithm with insufficient key size\nModern encryption relies on the computational infeasibility of breaking a cipher and decoding its message without the key. As computational power increases, the ability to break ciphers grows, and key sizes need to become larger as a result. Cryptographic algorithms that use too small of a key size are vulnerable to brute force attacks, which can reveal sensitive data.\n\n\n## Recommendation\nUse a key of the recommended size or larger. The key size should be at least 128 bits for AES encryption, 256 bits for elliptic-curve cryptography (ECC), and 2048 bits for RSA, DSA, or DH encryption.\n\n\n## Example\nThe following code uses cryptographic algorithms with insufficient key sizes.\n\n\n```java\n    KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance(\"RSA\");\n    keyPairGen1.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance(\"DSA\");\n    keyPairGen2.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance(\"DH\");\n    keyPairGen3.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance(\"EC\");\n    ECGenParameterSpec ecSpec = new ECGenParameterSpec(\"secp112r1\"); // BAD: Key size is less than 256\n    keyPairGen4.initialize(ecSpec);\n\n    KeyGenerator keyGen = KeyGenerator.getInstance(\"AES\");\n    keyGen.init(64); // BAD: Key size is less than 128\n\n```\nTo fix the code, change the key sizes to be the recommended size or larger for each algorithm.\n\n\n## References\n* Wikipedia: [Key size](http://en.wikipedia.org/wiki/Key_size).\n* Wikipedia: [Strong cryptography](https://en.wikipedia.org/wiki/Strong_cryptography).\n* OWASP: [ Cryptographic Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms).\n* OWASP: [ Testing for Weak Encryption](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption).\n* NIST: [ Transitioning the Use of Cryptographic Algorithms and Key Lengths](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf).\n* Common Weakness Enumeration: [CWE-326](https://cwe.mitre.org/data/definitions/326.html).\n","markdown":"# Use of a cryptographic algorithm with insufficient key size\nModern encryption relies on the computational infeasibility of breaking a cipher and decoding its message without the key. As computational power increases, the ability to break ciphers grows, and key sizes need to become larger as a result. Cryptographic algorithms that use too small of a key size are vulnerable to brute force attacks, which can reveal sensitive data.\n\n\n## Recommendation\nUse a key of the recommended size or larger. The key size should be at least 128 bits for AES encryption, 256 bits for elliptic-curve cryptography (ECC), and 2048 bits for RSA, DSA, or DH encryption.\n\n\n## Example\nThe following code uses cryptographic algorithms with insufficient key sizes.\n\n\n```java\n    KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance(\"RSA\");\n    keyPairGen1.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance(\"DSA\");\n    keyPairGen2.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance(\"DH\");\n    keyPairGen3.initialize(1024); // BAD: Key size is less than 2048\n\n    KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance(\"EC\");\n    ECGenParameterSpec ecSpec = new ECGenParameterSpec(\"secp112r1\"); // BAD: Key size is less than 256\n    keyPairGen4.initialize(ecSpec);\n\n    KeyGenerator keyGen = KeyGenerator.getInstance(\"AES\");\n    keyGen.init(64); // BAD: Key size is less than 128\n\n```\nTo fix the code, change the key sizes to be the recommended size or larger for each algorithm.\n\n\n## References\n* Wikipedia: [Key size](http://en.wikipedia.org/wiki/Key_size).\n* Wikipedia: [Strong cryptography](https://en.wikipedia.org/wiki/Strong_cryptography).\n* OWASP: [ Cryptographic Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms).\n* OWASP: [ Testing for Weak Encryption](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption).\n* NIST: [ Transitioning the Use of Cryptographic Algorithms and Key Lengths](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf).\n* Common Weakness Enumeration: [CWE-326](https://cwe.mitre.org/data/definitions/326.html).\n"},"properties":{"tags":["security","external/cwe/cwe-326","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using cryptographic algorithms with too small a key size can\n              allow an attacker to compromise security.","id":"java/insufficient-key-size","kind":"path-problem","name":"Use of a cryptographic algorithm with insufficient key size","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/android/implicit-pendingintents","name":"java/android/implicit-pendingintents","shortDescription":{"text":"Use of implicit PendingIntents"},"fullDescription":{"text":"Sending an implicit and mutable 'PendingIntent' to an unspecified third party component may provide an attacker with access to internal components of the application or cause other unintended effects."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Use of implicit PendingIntents\nA `PendingIntent` is used to wrap an `Intent` that will be supplied and executed by another application. When the `Intent` is executed, it behaves as if it were run directly by the supplying application, using the privileges of that application.\n\nIf a `PendingIntent` is configured to be mutable, the fields of its internal `Intent` can be changed by the receiving application if they were not previously set. This means that a mutable `PendingIntent` that has not defined a destination component (that is, an implicit `PendingIntent`) can be altered to execute an arbitrary action with the privileges of the application that created it.\n\nA malicious application can access an implicit `PendingIntent` as follows:\n\n* It is wrapped and sent as an extra of another implicit `Intent`.\n* It is sent as the action of a `Slide`.\n* It is sent as the action of a `Notification`.\n\n\nOn gaining access, the attacker can modify the underlying `Intent` and execute an arbitrary action with elevated privileges. This could give the malicious application access to private components of the victim application, or the ability to perform actions without having the necessary permissions.\n\n\n## Recommendation\nAvoid creating implicit `PendingIntent`s. This means that the underlying `Intent` should always have an explicit destination component.\n\nWhen you add the `PendingIntent` as an extra of another `Intent`, make sure that this second `Intent` also has an explicit destination component, so that it is not delivered to untrusted applications.\n\nCreate the `PendingIntent` using the flag `FLAG_IMMUTABLE` whenever possible, to prevent the destination component from modifying empty fields of the underlying `Intent`.\n\n\n## Example\nIn the following examples, a `PendingIntent` is created and wrapped as an extra of another `Intent`.\n\nIn the first example, both the `PendingIntent` and the `Intent` it is wrapped in are implicit, making them vulnerable to attack.\n\nIn the second example, the issue is avoided by adding explicit destination components to the `PendingIntent` and the wrapping `Intent`.\n\nThe third example uses the `FLAG_IMMUTABLE` flag to prevent the underlying `Intent` from being modified by the destination component.\n\n\n```java\nimport android.app.Activity;\nimport android.app.PendingIntent;\nimport android.content.Intent;\nimport android.os.Bundle;\n\npublic class ImplicitPendingIntents extends Activity {\n\n\tpublic void onCreate(Bundle savedInstance) {\n\t\t{\n\t\t\t// BAD: an implicit Intent is used to create a PendingIntent.\n\t\t\t// The PendingIntent is then added to another implicit Intent\n\t\t\t// and started.\n\t\t\tIntent baseIntent = new Intent();\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, baseIntent, PendingIntent.FLAG_ONE_SHOT);\n\t\t\tIntent fwdIntent = new Intent(\"SOME_ACTION\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tsendBroadcast(fwdIntent);\n\t\t}\n\n\t\t{\n\t\t\t// GOOD: both the PendingIntent and the wrapping Intent are explicit.\n\t\t\tIntent safeIntent = new Intent(this, AnotherActivity.class);\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, safeIntent, PendingIntent.FLAG_ONE_SHOT);\n\t\t\tIntent fwdIntent = new Intent();\n\t\t\tfwdIntent.setClassName(\"destination.package\", \"DestinationClass\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tstartActivity(fwdIntent);\n\t\t}\n\n\t\t{\n\t\t\t// GOOD: The PendingIntent is created with FLAG_IMMUTABLE.\n\t\t\tIntent baseIntent = new Intent(\"SOME_ACTION\");\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, baseIntent, PendingIntent.FLAG_IMMUTABLE);\n\t\t\tIntent fwdIntent = new Intent();\n\t\t\tfwdIntent.setClassName(\"destination.package\", \"DestinationClass\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tstartActivity(fwdIntent);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* Google Help: [ Remediation for Implicit PendingIntent Vulnerability ](https://support.google.com/faqs/answer/10437428?hl=en)\n* University of Potsdam: [ PIAnalyzer: A precise approach for PendingIntent vulnerability analysis ](https://www.cs.uni-potsdam.de/se/papers/esorics18.pdf)\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n","markdown":"# Use of implicit PendingIntents\nA `PendingIntent` is used to wrap an `Intent` that will be supplied and executed by another application. When the `Intent` is executed, it behaves as if it were run directly by the supplying application, using the privileges of that application.\n\nIf a `PendingIntent` is configured to be mutable, the fields of its internal `Intent` can be changed by the receiving application if they were not previously set. This means that a mutable `PendingIntent` that has not defined a destination component (that is, an implicit `PendingIntent`) can be altered to execute an arbitrary action with the privileges of the application that created it.\n\nA malicious application can access an implicit `PendingIntent` as follows:\n\n* It is wrapped and sent as an extra of another implicit `Intent`.\n* It is sent as the action of a `Slide`.\n* It is sent as the action of a `Notification`.\n\n\nOn gaining access, the attacker can modify the underlying `Intent` and execute an arbitrary action with elevated privileges. This could give the malicious application access to private components of the victim application, or the ability to perform actions without having the necessary permissions.\n\n\n## Recommendation\nAvoid creating implicit `PendingIntent`s. This means that the underlying `Intent` should always have an explicit destination component.\n\nWhen you add the `PendingIntent` as an extra of another `Intent`, make sure that this second `Intent` also has an explicit destination component, so that it is not delivered to untrusted applications.\n\nCreate the `PendingIntent` using the flag `FLAG_IMMUTABLE` whenever possible, to prevent the destination component from modifying empty fields of the underlying `Intent`.\n\n\n## Example\nIn the following examples, a `PendingIntent` is created and wrapped as an extra of another `Intent`.\n\nIn the first example, both the `PendingIntent` and the `Intent` it is wrapped in are implicit, making them vulnerable to attack.\n\nIn the second example, the issue is avoided by adding explicit destination components to the `PendingIntent` and the wrapping `Intent`.\n\nThe third example uses the `FLAG_IMMUTABLE` flag to prevent the underlying `Intent` from being modified by the destination component.\n\n\n```java\nimport android.app.Activity;\nimport android.app.PendingIntent;\nimport android.content.Intent;\nimport android.os.Bundle;\n\npublic class ImplicitPendingIntents extends Activity {\n\n\tpublic void onCreate(Bundle savedInstance) {\n\t\t{\n\t\t\t// BAD: an implicit Intent is used to create a PendingIntent.\n\t\t\t// The PendingIntent is then added to another implicit Intent\n\t\t\t// and started.\n\t\t\tIntent baseIntent = new Intent();\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, baseIntent, PendingIntent.FLAG_ONE_SHOT);\n\t\t\tIntent fwdIntent = new Intent(\"SOME_ACTION\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tsendBroadcast(fwdIntent);\n\t\t}\n\n\t\t{\n\t\t\t// GOOD: both the PendingIntent and the wrapping Intent are explicit.\n\t\t\tIntent safeIntent = new Intent(this, AnotherActivity.class);\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, safeIntent, PendingIntent.FLAG_ONE_SHOT);\n\t\t\tIntent fwdIntent = new Intent();\n\t\t\tfwdIntent.setClassName(\"destination.package\", \"DestinationClass\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tstartActivity(fwdIntent);\n\t\t}\n\n\t\t{\n\t\t\t// GOOD: The PendingIntent is created with FLAG_IMMUTABLE.\n\t\t\tIntent baseIntent = new Intent(\"SOME_ACTION\");\n\t\t\tPendingIntent pi =\n\t\t\t\t\tPendingIntent.getActivity(this, 0, baseIntent, PendingIntent.FLAG_IMMUTABLE);\n\t\t\tIntent fwdIntent = new Intent();\n\t\t\tfwdIntent.setClassName(\"destination.package\", \"DestinationClass\");\n\t\t\tfwdIntent.putExtra(\"fwdIntent\", pi);\n\t\t\tstartActivity(fwdIntent);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* Google Help: [ Remediation for Implicit PendingIntent Vulnerability ](https://support.google.com/faqs/answer/10437428?hl=en)\n* University of Potsdam: [ PIAnalyzer: A precise approach for PendingIntent vulnerability analysis ](https://www.cs.uni-potsdam.de/se/papers/esorics18.pdf)\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n"},"properties":{"tags":["security","external/cwe/cwe-927","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Sending an implicit and mutable 'PendingIntent' to an unspecified third party\n              component may provide an attacker with access to internal components of the\n              application or cause other unintended effects.","id":"java/android/implicit-pendingintents","kind":"path-problem","name":"Use of implicit PendingIntents","precision":"high","problem.severity":"error","security-severity":"8.2"}},{"id":"java/ldap-injection","name":"java/ldap-injection","shortDescription":{"text":"LDAP query built from user-controlled sources"},"fullDescription":{"text":"Building an LDAP query from user-controlled sources is vulnerable to insertion of malicious LDAP code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# LDAP query built from user-controlled sources\nIf an LDAP query is built using string concatenation, and the components of the concatenation include user input, a user is likely to be able to run malicious LDAP queries.\n\n\n## Recommendation\nIf user input must be included in an LDAP query, it should be escaped to avoid a malicious user providing special characters that change the meaning of the query. If possible build the LDAP query using framework helper methods, for example from Spring's `LdapQueryBuilder` and `LdapNameBuilder`, instead of string concatenation. Alternatively, escape user input using an appropriate LDAP encoding method, for example: `encodeForLDAP` or `encodeForDN` from OWASP ESAPI, `LdapEncoder.filterEncode` or `LdapEncoder.nameEncode` from Spring LDAP, or `Filter.encodeValue` from UnboundID library.\n\n\n## Example\nIn the following examples, the code accepts an \"organization name\" and a \"username\" from the user, which it uses to query LDAP.\n\nThe first example concatenates the unvalidated and unencoded user input directly into both the DN (Distinguished Name) and the search filter used for the LDAP query. A malicious user could provide special characters to change the meaning of these queries, and search for a completely different set of values. The LDAP query is executed using Java JNDI API.\n\nThe second example uses the OWASP ESAPI library to encode the user values before they are included in the DN and search filters. This ensures the meaning of the query cannot be changed by a malicious user.\n\n\n```java\nimport javax.naming.directory.DirContext;\nimport org.owasp.esapi.Encoder;\nimport org.owasp.esapi.reference.DefaultEncoder;\n\npublic void ldapQueryBad(HttpServletRequest request, DirContext ctx) throws NamingException {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // BAD: User input used in DN (Distinguished Name) without encoding\n  String dn = \"OU=People,O=\" + organizationName;\n\n  // BAD: User input used in search filter without encoding\n  String filter = \"username=\" + userName;\n\n  ctx.search(dn, filter, new SearchControls());\n}\n\npublic void ldapQueryGood(HttpServletRequest request, DirContext ctx) throws NamingException {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // ESAPI encoder\n  Encoder encoder = DefaultEncoder.getInstance();\n\n  // GOOD: Organization name is encoded before being used in DN\n  String safeOrganizationName = encoder.encodeForDN(organizationName);\n  String safeDn = \"OU=People,O=\" + safeOrganizationName;\n\n  // GOOD: User input is encoded before being used in search filter\n  String safeUsername = encoder.encodeForLDAP(username);\n  String safeFilter = \"username=\" + safeUsername;\n  \n  ctx.search(safeDn, safeFilter, new SearchControls());\n}\n```\nThe third example uses Spring `LdapQueryBuilder` to build an LDAP query. In addition to simplifying the building of complex search parameters, it also provides proper escaping of any unsafe characters in search filters. The DN is built using `LdapNameBuilder`, which also provides proper escaping.\n\n\n```java\nimport static org.springframework.ldap.query.LdapQueryBuilder.query;\nimport org.springframework.ldap.support.LdapNameBuilder;\n\npublic void ldapQueryGood(@RequestParam String organizationName, @RequestParam String username) {\n  // GOOD: Organization name is encoded before being used in DN\n  String safeDn = LdapNameBuilder.newInstance()\n    .add(\"O\", organizationName)\n    .add(\"OU=People\")\n    .build().toString();\n\n  // GOOD: User input is encoded before being used in search filter\n  LdapQuery query = query()\n    .base(safeDn)\n    .where(\"username\").is(username);\n\n  ldapTemplate.search(query, new AttributeCheckAttributesMapper());\n}\n```\nThe fourth example uses `UnboundID` classes, `Filter` and `DN`, to construct a safe filter and base DN.\n\n\n```java\nimport com.unboundid.ldap.sdk.LDAPConnection;\nimport com.unboundid.ldap.sdk.DN;\nimport com.unboundid.ldap.sdk.RDN;\nimport com.unboundid.ldap.sdk.Filter;\n\npublic void ldapQueryGood(HttpServletRequest request, LDAPConnection c) {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // GOOD: Organization name is encoded before being used in DN\n  DN safeDn = new DN(new RDN(\"OU\", \"People\"), new RDN(\"O\", organizationName));\n\n  // GOOD: User input is encoded before being used in search filter\n  Filter safeFilter = Filter.createEqualityFilter(\"username\", username);\n  \n  c.search(safeDn.toString(), SearchScope.ONE, safeFilter);\n}\n```\nThe fifth example shows how to build a safe filter and DN using the Apache LDAP API.\n\n\n```java\nimport org.apache.directory.ldap.client.api.LdapConnection;\nimport org.apache.directory.api.ldap.model.name.Dn;\nimport org.apache.directory.api.ldap.model.name.Rdn;\nimport org.apache.directory.api.ldap.model.message.SearchRequest;\nimport org.apache.directory.api.ldap.model.message.SearchRequestImpl;\nimport static org.apache.directory.ldap.client.api.search.FilterBuilder.equal;\n\npublic void ldapQueryGood(HttpServletRequest request, LdapConnection c) {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // GOOD: Organization name is encoded before being used in DN\n  Dn safeDn = new Dn(new Rdn(\"OU\", \"People\"), new Rdn(\"O\", organizationName));\n\n  // GOOD: User input is encoded before being used in search filter\n  String safeFilter = equal(\"username\", username);\n  \n  SearchRequest searchRequest = new SearchRequestImpl();\n  searchRequest.setBase(safeDn);\n  searchRequest.setFilter(safeFilter);\n  c.search(searchRequest);\n}\n```\n\n## References\n* OWASP: [LDAP Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html).\n* OWASP ESAPI: [OWASP ESAPI](https://owasp.org/www-project-enterprise-security-api/).\n* Spring LdapQueryBuilder doc: [LdapQueryBuilder](https://docs.spring.io/spring-ldap/docs/current/apidocs/org/springframework/ldap/query/LdapQueryBuilder.html).\n* Spring LdapNameBuilder doc: [LdapNameBuilder](https://docs.spring.io/spring-ldap/docs/current/apidocs/org/springframework/ldap/support/LdapNameBuilder.html).\n* UnboundID: [Understanding and Defending Against LDAP Injection Attacks](https://ldap.com/2018/05/04/understanding-and-defending-against-ldap-injection-attacks/).\n* Common Weakness Enumeration: [CWE-90](https://cwe.mitre.org/data/definitions/90.html).\n","markdown":"# LDAP query built from user-controlled sources\nIf an LDAP query is built using string concatenation, and the components of the concatenation include user input, a user is likely to be able to run malicious LDAP queries.\n\n\n## Recommendation\nIf user input must be included in an LDAP query, it should be escaped to avoid a malicious user providing special characters that change the meaning of the query. If possible build the LDAP query using framework helper methods, for example from Spring's `LdapQueryBuilder` and `LdapNameBuilder`, instead of string concatenation. Alternatively, escape user input using an appropriate LDAP encoding method, for example: `encodeForLDAP` or `encodeForDN` from OWASP ESAPI, `LdapEncoder.filterEncode` or `LdapEncoder.nameEncode` from Spring LDAP, or `Filter.encodeValue` from UnboundID library.\n\n\n## Example\nIn the following examples, the code accepts an \"organization name\" and a \"username\" from the user, which it uses to query LDAP.\n\nThe first example concatenates the unvalidated and unencoded user input directly into both the DN (Distinguished Name) and the search filter used for the LDAP query. A malicious user could provide special characters to change the meaning of these queries, and search for a completely different set of values. The LDAP query is executed using Java JNDI API.\n\nThe second example uses the OWASP ESAPI library to encode the user values before they are included in the DN and search filters. This ensures the meaning of the query cannot be changed by a malicious user.\n\n\n```java\nimport javax.naming.directory.DirContext;\nimport org.owasp.esapi.Encoder;\nimport org.owasp.esapi.reference.DefaultEncoder;\n\npublic void ldapQueryBad(HttpServletRequest request, DirContext ctx) throws NamingException {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // BAD: User input used in DN (Distinguished Name) without encoding\n  String dn = \"OU=People,O=\" + organizationName;\n\n  // BAD: User input used in search filter without encoding\n  String filter = \"username=\" + userName;\n\n  ctx.search(dn, filter, new SearchControls());\n}\n\npublic void ldapQueryGood(HttpServletRequest request, DirContext ctx) throws NamingException {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // ESAPI encoder\n  Encoder encoder = DefaultEncoder.getInstance();\n\n  // GOOD: Organization name is encoded before being used in DN\n  String safeOrganizationName = encoder.encodeForDN(organizationName);\n  String safeDn = \"OU=People,O=\" + safeOrganizationName;\n\n  // GOOD: User input is encoded before being used in search filter\n  String safeUsername = encoder.encodeForLDAP(username);\n  String safeFilter = \"username=\" + safeUsername;\n  \n  ctx.search(safeDn, safeFilter, new SearchControls());\n}\n```\nThe third example uses Spring `LdapQueryBuilder` to build an LDAP query. In addition to simplifying the building of complex search parameters, it also provides proper escaping of any unsafe characters in search filters. The DN is built using `LdapNameBuilder`, which also provides proper escaping.\n\n\n```java\nimport static org.springframework.ldap.query.LdapQueryBuilder.query;\nimport org.springframework.ldap.support.LdapNameBuilder;\n\npublic void ldapQueryGood(@RequestParam String organizationName, @RequestParam String username) {\n  // GOOD: Organization name is encoded before being used in DN\n  String safeDn = LdapNameBuilder.newInstance()\n    .add(\"O\", organizationName)\n    .add(\"OU=People\")\n    .build().toString();\n\n  // GOOD: User input is encoded before being used in search filter\n  LdapQuery query = query()\n    .base(safeDn)\n    .where(\"username\").is(username);\n\n  ldapTemplate.search(query, new AttributeCheckAttributesMapper());\n}\n```\nThe fourth example uses `UnboundID` classes, `Filter` and `DN`, to construct a safe filter and base DN.\n\n\n```java\nimport com.unboundid.ldap.sdk.LDAPConnection;\nimport com.unboundid.ldap.sdk.DN;\nimport com.unboundid.ldap.sdk.RDN;\nimport com.unboundid.ldap.sdk.Filter;\n\npublic void ldapQueryGood(HttpServletRequest request, LDAPConnection c) {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // GOOD: Organization name is encoded before being used in DN\n  DN safeDn = new DN(new RDN(\"OU\", \"People\"), new RDN(\"O\", organizationName));\n\n  // GOOD: User input is encoded before being used in search filter\n  Filter safeFilter = Filter.createEqualityFilter(\"username\", username);\n  \n  c.search(safeDn.toString(), SearchScope.ONE, safeFilter);\n}\n```\nThe fifth example shows how to build a safe filter and DN using the Apache LDAP API.\n\n\n```java\nimport org.apache.directory.ldap.client.api.LdapConnection;\nimport org.apache.directory.api.ldap.model.name.Dn;\nimport org.apache.directory.api.ldap.model.name.Rdn;\nimport org.apache.directory.api.ldap.model.message.SearchRequest;\nimport org.apache.directory.api.ldap.model.message.SearchRequestImpl;\nimport static org.apache.directory.ldap.client.api.search.FilterBuilder.equal;\n\npublic void ldapQueryGood(HttpServletRequest request, LdapConnection c) {\n  String organizationName = request.getParameter(\"organization_name\");\n  String username = request.getParameter(\"username\");\n\n  // GOOD: Organization name is encoded before being used in DN\n  Dn safeDn = new Dn(new Rdn(\"OU\", \"People\"), new Rdn(\"O\", organizationName));\n\n  // GOOD: User input is encoded before being used in search filter\n  String safeFilter = equal(\"username\", username);\n  \n  SearchRequest searchRequest = new SearchRequestImpl();\n  searchRequest.setBase(safeDn);\n  searchRequest.setFilter(safeFilter);\n  c.search(searchRequest);\n}\n```\n\n## References\n* OWASP: [LDAP Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html).\n* OWASP ESAPI: [OWASP ESAPI](https://owasp.org/www-project-enterprise-security-api/).\n* Spring LdapQueryBuilder doc: [LdapQueryBuilder](https://docs.spring.io/spring-ldap/docs/current/apidocs/org/springframework/ldap/query/LdapQueryBuilder.html).\n* Spring LdapNameBuilder doc: [LdapNameBuilder](https://docs.spring.io/spring-ldap/docs/current/apidocs/org/springframework/ldap/support/LdapNameBuilder.html).\n* UnboundID: [Understanding and Defending Against LDAP Injection Attacks](https://ldap.com/2018/05/04/understanding-and-defending-against-ldap-injection-attacks/).\n* Common Weakness Enumeration: [CWE-90](https://cwe.mitre.org/data/definitions/90.html).\n"},"properties":{"tags":["security","external/cwe/cwe-090","owasp-top10-2021","A03:2021 - Injection"],"description":"Building an LDAP query from user-controlled sources is vulnerable to insertion of\n              malicious LDAP code by the user.","id":"java/ldap-injection","kind":"path-problem","name":"LDAP query built from user-controlled sources","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/android/fragment-injection","name":"java/android/fragment-injection","shortDescription":{"text":"Android fragment injection"},"fullDescription":{"text":"Instantiating an Android fragment from a user-provided value may allow a malicious application to bypass access controls, exposing the application to unintended effects."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Android fragment injection\nWhen fragments are instantiated with externally provided names, this exposes any exported activity that dynamically creates and hosts the fragment to fragment injection. A malicious application could provide the name of an arbitrary fragment, even one not designed to be externally accessible, and inject it into the activity. This can bypass access controls and expose the application to unintended effects.\n\nFragments are reusable parts of an Android application's user interface. Even though a fragment controls its own lifecycle and layout, and handles its input events, it cannot exist on its own: it must be hosted either by an activity or another fragment. This means that, normally, a fragment will be accessible by third-party applications (that is, exported) only if its hosting activity is itself exported.\n\n\n## Recommendation\nIn general, do not instantiate classes (including fragments) with user-provided names unless the name has been properly validated. Also, if an exported activity is extending the `PreferenceActivity` class, make sure that the `isValidFragment` method is overriden and only returns `true` when the provided `fragmentName` points to an intended fragment.\n\n\n## Example\nThe following example shows two cases: in the first one, untrusted data is used to instantiate and add a fragment to an activity, while in the second one, a fragment is safely added with a static name.\n\n\n```java\npublic class MyActivity extends FragmentActivity {\n\n    @Override\n    protected void onCreate(Bundle savedInstance) {\n        try {\n            super.onCreate(savedInstance);\n            // BAD: Fragment instantiated from user input without validation\n            {\n                String fName = getIntent().getStringExtra(\"fragmentName\");\n                getFragmentManager().beginTransaction().replace(com.android.internal.R.id.prefs,\n                        Fragment.instantiate(this, fName, null)).commit();\n            }\n            // GOOD: Fragment instantiated statically\n            {\n                getFragmentManager().beginTransaction()\n                        .replace(com.android.internal.R.id.prefs, new MyFragment()).commit();\n            }\n        } catch (Exception e) {\n        }\n    }\n\n}\n\n```\nThe next example shows two activities that extend `PreferenceActivity`. The first activity overrides `isValidFragment`, but it wrongly returns `true` unconditionally. The second activity correctly overrides `isValidFragment` so that it only returns `true` when `fragmentName` is a trusted fragment name.\n\n\n```java\nclass UnsafeActivity extends PreferenceActivity {\n\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // BAD: any Fragment name can be provided.\n        return true;\n    }\n}\n\n\nclass SafeActivity extends PreferenceActivity {\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // Good: only trusted Fragment names are allowed.\n        return SafeFragment1.class.getName().equals(fragmentName)\n                || SafeFragment2.class.getName().equals(fragmentName)\n                || SafeFragment3.class.getName().equals(fragmentName);\n    }\n\n}\n\n\n```\n\n## References\n* Google Help: [How to fix Fragment Injection vulnerability](https://support.google.com/faqs/answer/7188427?hl=en).\n* IBM Security Systems: [Android collapses into Fragments](https://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf).\n* Android Developers: [Fragments](https://developer.android.com/guide/fragments)\n* Common Weakness Enumeration: [CWE-470](https://cwe.mitre.org/data/definitions/470.html).\n","markdown":"# Android fragment injection\nWhen fragments are instantiated with externally provided names, this exposes any exported activity that dynamically creates and hosts the fragment to fragment injection. A malicious application could provide the name of an arbitrary fragment, even one not designed to be externally accessible, and inject it into the activity. This can bypass access controls and expose the application to unintended effects.\n\nFragments are reusable parts of an Android application's user interface. Even though a fragment controls its own lifecycle and layout, and handles its input events, it cannot exist on its own: it must be hosted either by an activity or another fragment. This means that, normally, a fragment will be accessible by third-party applications (that is, exported) only if its hosting activity is itself exported.\n\n\n## Recommendation\nIn general, do not instantiate classes (including fragments) with user-provided names unless the name has been properly validated. Also, if an exported activity is extending the `PreferenceActivity` class, make sure that the `isValidFragment` method is overriden and only returns `true` when the provided `fragmentName` points to an intended fragment.\n\n\n## Example\nThe following example shows two cases: in the first one, untrusted data is used to instantiate and add a fragment to an activity, while in the second one, a fragment is safely added with a static name.\n\n\n```java\npublic class MyActivity extends FragmentActivity {\n\n    @Override\n    protected void onCreate(Bundle savedInstance) {\n        try {\n            super.onCreate(savedInstance);\n            // BAD: Fragment instantiated from user input without validation\n            {\n                String fName = getIntent().getStringExtra(\"fragmentName\");\n                getFragmentManager().beginTransaction().replace(com.android.internal.R.id.prefs,\n                        Fragment.instantiate(this, fName, null)).commit();\n            }\n            // GOOD: Fragment instantiated statically\n            {\n                getFragmentManager().beginTransaction()\n                        .replace(com.android.internal.R.id.prefs, new MyFragment()).commit();\n            }\n        } catch (Exception e) {\n        }\n    }\n\n}\n\n```\nThe next example shows two activities that extend `PreferenceActivity`. The first activity overrides `isValidFragment`, but it wrongly returns `true` unconditionally. The second activity correctly overrides `isValidFragment` so that it only returns `true` when `fragmentName` is a trusted fragment name.\n\n\n```java\nclass UnsafeActivity extends PreferenceActivity {\n\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // BAD: any Fragment name can be provided.\n        return true;\n    }\n}\n\n\nclass SafeActivity extends PreferenceActivity {\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // Good: only trusted Fragment names are allowed.\n        return SafeFragment1.class.getName().equals(fragmentName)\n                || SafeFragment2.class.getName().equals(fragmentName)\n                || SafeFragment3.class.getName().equals(fragmentName);\n    }\n\n}\n\n\n```\n\n## References\n* Google Help: [How to fix Fragment Injection vulnerability](https://support.google.com/faqs/answer/7188427?hl=en).\n* IBM Security Systems: [Android collapses into Fragments](https://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf).\n* Android Developers: [Fragments](https://developer.android.com/guide/fragments)\n* Common Weakness Enumeration: [CWE-470](https://cwe.mitre.org/data/definitions/470.html).\n"},"properties":{"tags":["security","external/cwe/cwe-470","owasp-top10-2021","A03:2021 - Injection"],"description":"Instantiating an Android fragment from a user-provided value\n              may allow a malicious application to bypass access controls,  exposing the application to unintended effects.","id":"java/android/fragment-injection","kind":"path-problem","name":"Android fragment injection","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/android/fragment-injection-preference-activity","name":"java/android/fragment-injection-preference-activity","shortDescription":{"text":"Android fragment injection in PreferenceActivity"},"fullDescription":{"text":"An insecure implementation of the 'isValidFragment' method of the 'PreferenceActivity' class may allow a malicious application to bypass access controls, exposing the application to unintended effects."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Android fragment injection in PreferenceActivity\nWhen fragments are instantiated with externally provided names, this exposes any exported activity that dynamically creates and hosts the fragment to fragment injection. A malicious application could provide the name of an arbitrary fragment, even one not designed to be externally accessible, and inject it into the activity. This can bypass access controls and expose the application to unintended effects.\n\nFragments are reusable parts of an Android application's user interface. Even though a fragment controls its own lifecycle and layout, and handles its input events, it cannot exist on its own: it must be hosted either by an activity or another fragment. This means that, normally, a fragment will be accessible by third-party applications (that is, exported) only if its hosting activity is itself exported.\n\n\n## Recommendation\nIn general, do not instantiate classes (including fragments) with user-provided names unless the name has been properly validated. Also, if an exported activity is extending the `PreferenceActivity` class, make sure that the `isValidFragment` method is overriden and only returns `true` when the provided `fragmentName` points to an intended fragment.\n\n\n## Example\nThe following example shows two cases: in the first one, untrusted data is used to instantiate and add a fragment to an activity, while in the second one, a fragment is safely added with a static name.\n\n\n```java\npublic class MyActivity extends FragmentActivity {\n\n    @Override\n    protected void onCreate(Bundle savedInstance) {\n        try {\n            super.onCreate(savedInstance);\n            // BAD: Fragment instantiated from user input without validation\n            {\n                String fName = getIntent().getStringExtra(\"fragmentName\");\n                getFragmentManager().beginTransaction().replace(com.android.internal.R.id.prefs,\n                        Fragment.instantiate(this, fName, null)).commit();\n            }\n            // GOOD: Fragment instantiated statically\n            {\n                getFragmentManager().beginTransaction()\n                        .replace(com.android.internal.R.id.prefs, new MyFragment()).commit();\n            }\n        } catch (Exception e) {\n        }\n    }\n\n}\n\n```\nThe next example shows two activities that extend `PreferenceActivity`. The first activity overrides `isValidFragment`, but it wrongly returns `true` unconditionally. The second activity correctly overrides `isValidFragment` so that it only returns `true` when `fragmentName` is a trusted fragment name.\n\n\n```java\nclass UnsafeActivity extends PreferenceActivity {\n\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // BAD: any Fragment name can be provided.\n        return true;\n    }\n}\n\n\nclass SafeActivity extends PreferenceActivity {\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // Good: only trusted Fragment names are allowed.\n        return SafeFragment1.class.getName().equals(fragmentName)\n                || SafeFragment2.class.getName().equals(fragmentName)\n                || SafeFragment3.class.getName().equals(fragmentName);\n    }\n\n}\n\n\n```\n\n## References\n* Google Help: [How to fix Fragment Injection vulnerability](https://support.google.com/faqs/answer/7188427?hl=en).\n* IBM Security Systems: [Android collapses into Fragments](https://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf).\n* Android Developers: [Fragments](https://developer.android.com/guide/fragments)\n* Common Weakness Enumeration: [CWE-470](https://cwe.mitre.org/data/definitions/470.html).\n","markdown":"# Android fragment injection in PreferenceActivity\nWhen fragments are instantiated with externally provided names, this exposes any exported activity that dynamically creates and hosts the fragment to fragment injection. A malicious application could provide the name of an arbitrary fragment, even one not designed to be externally accessible, and inject it into the activity. This can bypass access controls and expose the application to unintended effects.\n\nFragments are reusable parts of an Android application's user interface. Even though a fragment controls its own lifecycle and layout, and handles its input events, it cannot exist on its own: it must be hosted either by an activity or another fragment. This means that, normally, a fragment will be accessible by third-party applications (that is, exported) only if its hosting activity is itself exported.\n\n\n## Recommendation\nIn general, do not instantiate classes (including fragments) with user-provided names unless the name has been properly validated. Also, if an exported activity is extending the `PreferenceActivity` class, make sure that the `isValidFragment` method is overriden and only returns `true` when the provided `fragmentName` points to an intended fragment.\n\n\n## Example\nThe following example shows two cases: in the first one, untrusted data is used to instantiate and add a fragment to an activity, while in the second one, a fragment is safely added with a static name.\n\n\n```java\npublic class MyActivity extends FragmentActivity {\n\n    @Override\n    protected void onCreate(Bundle savedInstance) {\n        try {\n            super.onCreate(savedInstance);\n            // BAD: Fragment instantiated from user input without validation\n            {\n                String fName = getIntent().getStringExtra(\"fragmentName\");\n                getFragmentManager().beginTransaction().replace(com.android.internal.R.id.prefs,\n                        Fragment.instantiate(this, fName, null)).commit();\n            }\n            // GOOD: Fragment instantiated statically\n            {\n                getFragmentManager().beginTransaction()\n                        .replace(com.android.internal.R.id.prefs, new MyFragment()).commit();\n            }\n        } catch (Exception e) {\n        }\n    }\n\n}\n\n```\nThe next example shows two activities that extend `PreferenceActivity`. The first activity overrides `isValidFragment`, but it wrongly returns `true` unconditionally. The second activity correctly overrides `isValidFragment` so that it only returns `true` when `fragmentName` is a trusted fragment name.\n\n\n```java\nclass UnsafeActivity extends PreferenceActivity {\n\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // BAD: any Fragment name can be provided.\n        return true;\n    }\n}\n\n\nclass SafeActivity extends PreferenceActivity {\n    @Override\n    protected boolean isValidFragment(String fragmentName) {\n        // Good: only trusted Fragment names are allowed.\n        return SafeFragment1.class.getName().equals(fragmentName)\n                || SafeFragment2.class.getName().equals(fragmentName)\n                || SafeFragment3.class.getName().equals(fragmentName);\n    }\n\n}\n\n\n```\n\n## References\n* Google Help: [How to fix Fragment Injection vulnerability](https://support.google.com/faqs/answer/7188427?hl=en).\n* IBM Security Systems: [Android collapses into Fragments](https://securityintelligence.com/wp-content/uploads/2013/12/android-collapses-into-fragments.pdf).\n* Android Developers: [Fragments](https://developer.android.com/guide/fragments)\n* Common Weakness Enumeration: [CWE-470](https://cwe.mitre.org/data/definitions/470.html).\n"},"properties":{"tags":["security","external/cwe/cwe-470","owasp-top10-2021","A03:2021 - Injection"],"description":"An insecure implementation of the 'isValidFragment' method\n              of the 'PreferenceActivity' class may allow a malicious application to bypass access controls,\n              exposing the application to unintended effects.","id":"java/android/fragment-injection-preference-activity","kind":"problem","name":"Android fragment injection in PreferenceActivity","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/partial-path-traversal-from-remote","name":"java/partial-path-traversal-from-remote","shortDescription":{"text":"Partial path traversal vulnerability from remote"},"fullDescription":{"text":"A prefix used to check that a canonicalised path falls within another must be slash-terminated."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Partial path traversal vulnerability from remote\nA common way to check that a user-supplied path `SUBDIR` falls inside a directory `DIR` is to use `getCanonicalPath()` to remove any path-traversal elements and then check that `DIR` is a prefix. However, if `DIR` is not slash-terminated, this can unexpectedly allow accessing siblings of `DIR`.\n\nSee also `java/partial-path-traversal`, which is similar to this query, but may also flag non-remotely-exploitable instances of partial path traversal vulnerabilities.\n\n\n## Recommendation\nIf the user should only access items within a certain directory `DIR`, ensure that `DIR` is slash-terminated before checking that `DIR` is a prefix of the user-provided path, `SUBDIR`. Note, Java's `getCanonicalPath()` returns a **non**-slash-terminated path string, so a slash must be added to `DIR` if that method is used.\n\n\n## Example\nIn this example, the `if` statement checks if `parent.getCanonicalPath()` is a prefix of `dir.getCanonicalPath()`. However, `parent.getCanonicalPath()` is not slash-terminated. This means that users that supply `dir` may be also allowed to access siblings of `parent` and not just children of `parent`, which is a security issue.\n\n\n```java\npublic class PartialPathTraversalBad {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\nIn this example, the `if` statement checks if `parent.getCanonicalPath() + File.separator ` is a prefix of `dir.getCanonicalPath()`. Because `parent.getCanonicalPath() + File.separator` is indeed slash-terminated, the user supplying `dir` can only access children of `parent`, as desired.\n\n\n```java\npublic class PartialPathTraversalGood {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Partial Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* CVE-2022-23457: [ ESAPI Vulnerability Report](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n","markdown":"# Partial path traversal vulnerability from remote\nA common way to check that a user-supplied path `SUBDIR` falls inside a directory `DIR` is to use `getCanonicalPath()` to remove any path-traversal elements and then check that `DIR` is a prefix. However, if `DIR` is not slash-terminated, this can unexpectedly allow accessing siblings of `DIR`.\n\nSee also `java/partial-path-traversal`, which is similar to this query, but may also flag non-remotely-exploitable instances of partial path traversal vulnerabilities.\n\n\n## Recommendation\nIf the user should only access items within a certain directory `DIR`, ensure that `DIR` is slash-terminated before checking that `DIR` is a prefix of the user-provided path, `SUBDIR`. Note, Java's `getCanonicalPath()` returns a **non**-slash-terminated path string, so a slash must be added to `DIR` if that method is used.\n\n\n## Example\nIn this example, the `if` statement checks if `parent.getCanonicalPath()` is a prefix of `dir.getCanonicalPath()`. However, `parent.getCanonicalPath()` is not slash-terminated. This means that users that supply `dir` may be also allowed to access siblings of `parent` and not just children of `parent`, which is a security issue.\n\n\n```java\npublic class PartialPathTraversalBad {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\nIn this example, the `if` statement checks if `parent.getCanonicalPath() + File.separator ` is a prefix of `dir.getCanonicalPath()`. Because `parent.getCanonicalPath() + File.separator` is indeed slash-terminated, the user supplying `dir` can only access children of `parent`, as desired.\n\n\n```java\npublic class PartialPathTraversalGood {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Partial Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* CVE-2022-23457: [ ESAPI Vulnerability Report](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n"},"properties":{"tags":["security","external/cwe/cwe-023","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"A prefix used to check that a canonicalised path falls within another must be slash-terminated.","id":"java/partial-path-traversal-from-remote","kind":"path-problem","name":"Partial path traversal vulnerability from remote","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/tainted-format-string","name":"java/tainted-format-string","shortDescription":{"text":"Use of externally-controlled format string"},"fullDescription":{"text":"Using external input in format strings can lead to exceptions or information leaks."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Use of externally-controlled format string\nThe `String.format` method and related methods, like `PrintStream.printf` and `Formatter.format`, all accept a format string that is used to format the trailing arguments to the format call by providing inline format specifiers. If the format string contains unsanitized input from an untrusted source, then that string may contain extra format specifiers that cause an exception to be thrown or information to be leaked.\n\nThe Java standard library implementation for the format methods throws an exception if either the format specifier does not match the type of the argument, or if there are too few or too many arguments. If unsanitized input is used in the format string, it may contain invalid extra format specifiers which cause an exception to be thrown.\n\nPositional format specifiers may be used to access an argument to the format call by position. Unsanitized input in the format string may use a positional format specifier to access information that was not intended to be visible. For example, when formatting a Calendar instance we may intend to print only the year, but a user-specified format string may include a specifier to access the month and day.\n\n\n## Recommendation\nIf the argument passed as a format string is meant to be a plain string rather than a format string, then pass `%s` as the format string, and pass the original argument as the sole trailing argument.\n\n\n## Example\nThe following program is meant to check a card security code for a stored credit card:\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    Calendar expirationDate = new GregorianCalendar(2017, GregorianCalendar.SEPTEMBER, 1);\n    // User provided value\n    String cardSecurityCode = request.getParameter(\"cardSecurityCode\");\n    \n    if (notValid(cardSecurityCode)) {\n      \n      /*\n       * BAD: user provided value is included in the format string.\n       * A malicious user could provide an extra format specifier, which causes an\n       * exception to be thrown. Or they could provide a %1$tm or %1$te format specifier to\n       * access the month or day of the expiration date.\n       */\n      System.out.format(cardSecurityCode +\n                          \" is not the right value. Hint: the card expires in %1$ty.\",\n                        expirationDate);\n      \n      // GOOD: %s is used to include the user-provided cardSecurityCode in the output\n      System.out.format(\"%s is not the right value. Hint: the card expires in %2$ty.\",\n                        cardSecurityCode,\n                        expirationDate);\n    }\n\n  }\n}\n```\nHowever, in the first format call it uses the cardSecurityCode provided by the user in a format string. If the user includes a format specifier in the cardSecurityCode field, they may be able to cause an exception to be thrown, or to be able to access extra information about the stored card expiration date.\n\nThe second format call shows the correct approach. The user-provided value is passed as an argument to the format call. This prevents any format specifiers in the user provided value from being evaluated.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [IDS06-J. Exclude unsanitized user input from format strings](https://wiki.sei.cmu.edu/confluence/display/java/IDS06-J.+Exclude+unsanitized+user+input+from+format+strings).\n* The Java Tutorials: [Formatting Numeric Print Output](https://docs.oracle.com/javase/tutorial/java/data/numberformat.html).\n* Java API Specification: [Formatter](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/Formatter.html).\n* Common Weakness Enumeration: [CWE-134](https://cwe.mitre.org/data/definitions/134.html).\n","markdown":"# Use of externally-controlled format string\nThe `String.format` method and related methods, like `PrintStream.printf` and `Formatter.format`, all accept a format string that is used to format the trailing arguments to the format call by providing inline format specifiers. If the format string contains unsanitized input from an untrusted source, then that string may contain extra format specifiers that cause an exception to be thrown or information to be leaked.\n\nThe Java standard library implementation for the format methods throws an exception if either the format specifier does not match the type of the argument, or if there are too few or too many arguments. If unsanitized input is used in the format string, it may contain invalid extra format specifiers which cause an exception to be thrown.\n\nPositional format specifiers may be used to access an argument to the format call by position. Unsanitized input in the format string may use a positional format specifier to access information that was not intended to be visible. For example, when formatting a Calendar instance we may intend to print only the year, but a user-specified format string may include a specifier to access the month and day.\n\n\n## Recommendation\nIf the argument passed as a format string is meant to be a plain string rather than a format string, then pass `%s` as the format string, and pass the original argument as the sole trailing argument.\n\n\n## Example\nThe following program is meant to check a card security code for a stored credit card:\n\n\n```java\npublic class ResponseSplitting extends HttpServlet {\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    Calendar expirationDate = new GregorianCalendar(2017, GregorianCalendar.SEPTEMBER, 1);\n    // User provided value\n    String cardSecurityCode = request.getParameter(\"cardSecurityCode\");\n    \n    if (notValid(cardSecurityCode)) {\n      \n      /*\n       * BAD: user provided value is included in the format string.\n       * A malicious user could provide an extra format specifier, which causes an\n       * exception to be thrown. Or they could provide a %1$tm or %1$te format specifier to\n       * access the month or day of the expiration date.\n       */\n      System.out.format(cardSecurityCode +\n                          \" is not the right value. Hint: the card expires in %1$ty.\",\n                        expirationDate);\n      \n      // GOOD: %s is used to include the user-provided cardSecurityCode in the output\n      System.out.format(\"%s is not the right value. Hint: the card expires in %2$ty.\",\n                        cardSecurityCode,\n                        expirationDate);\n    }\n\n  }\n}\n```\nHowever, in the first format call it uses the cardSecurityCode provided by the user in a format string. If the user includes a format specifier in the cardSecurityCode field, they may be able to cause an exception to be thrown, or to be able to access extra information about the stored card expiration date.\n\nThe second format call shows the correct approach. The user-provided value is passed as an argument to the format call. This prevents any format specifiers in the user provided value from being evaluated.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [IDS06-J. Exclude unsanitized user input from format strings](https://wiki.sei.cmu.edu/confluence/display/java/IDS06-J.+Exclude+unsanitized+user+input+from+format+strings).\n* The Java Tutorials: [Formatting Numeric Print Output](https://docs.oracle.com/javase/tutorial/java/data/numberformat.html).\n* Java API Specification: [Formatter](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/Formatter.html).\n* Common Weakness Enumeration: [CWE-134](https://cwe.mitre.org/data/definitions/134.html).\n"},"properties":{"tags":["security","external/cwe/cwe-134"],"description":"Using external input in format strings can lead to exceptions or information leaks.","id":"java/tainted-format-string","kind":"path-problem","name":"Use of externally-controlled format string","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/xml/xpath-injection","name":"java/xml/xpath-injection","shortDescription":{"text":"XPath injection"},"fullDescription":{"text":"Building an XPath expression from user-controlled sources is vulnerable to insertion of malicious code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# XPath injection\nIf an XPath expression is built using string concatenation, and the components of the concatenation include user input, it makes it very easy for a user to create a malicious XPath expression.\n\n\n## Recommendation\nIf user input must be included in an XPath expression, either sanitize the data or pre-compile the query and use variable references to include the user input.\n\nXPath injection can also be prevented by using XQuery.\n\n\n## Example\nIn the first three examples, the code accepts a name and password specified by the user, and uses this unvalidated and unsanitized value in an XPath expression. This is vulnerable to the user providing special characters or string sequences that change the meaning of the XPath expression to search for different values.\n\nIn the fourth example, the code uses `setXPathVariableResolver` which prevents XPath injection.\n\nThe final two examples are for dom4j. They show an example of XPath injection and one method of preventing it.\n\n\n```java\nfinal String xmlStr = \"<users>\" + \n                        \"   <user name=\\\"aaa\\\" pass=\\\"pass1\\\"></user>\" + \n                        \"   <user name=\\\"bbb\\\" pass=\\\"pass2\\\"></user>\" + \n                        \"</users>\";\ntry {\n    DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();\n    domFactory.setNamespaceAware(true);\n    DocumentBuilder builder = domFactory.newDocumentBuilder();\n    //Document doc = builder.parse(\"user.xml\");\n    Document doc = builder.parse(new InputSource(new StringReader(xmlStr)));\n\n    XPathFactory factory = XPathFactory.newInstance();\n    XPath xpath = factory.newXPath();\n\n    // Injectable data\n    String user = request.getParameter(\"user\");\n    String pass = request.getParameter(\"pass\");\n    if (user != null && pass != null) {\n        boolean isExist = false;\n\n        // Bad expression\n        String expression1 = \"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\";\n        isExist = (boolean)xpath.evaluate(expression1, doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Bad expression\n        XPathExpression expression2 = xpath.compile(\"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\");\n        isExist = (boolean)expression2.evaluate(doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Bad expression\n        StringBuffer sb = new StringBuffer(\"/users/user[@name=\");\n        sb.append(user);\n        sb.append(\"' and @pass='\");\n        sb.append(pass);\n        sb.append(\"']\");\n        String query = sb.toString();\n        XPathExpression expression3 = xpath.compile(query);\n        isExist = (boolean)expression3.evaluate(doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Good expression\n        String expression4 = \"/users/user[@name=$user and @pass=$pass]\";\n        xpath.setXPathVariableResolver(v -> {\n        switch (v.getLocalPart()) {\n            case \"user\":\n                return user;\n            case \"pass\":\n                return pass;\n            default:\n                throw new IllegalArgumentException();\n            }\n        });\n        isExist = (boolean)xpath.evaluate(expression4, doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n\n        // Bad Dom4j \n        org.dom4j.io.SAXReader reader = new org.dom4j.io.SAXReader();\n        org.dom4j.Document document = reader.read(new InputSource(new StringReader(xmlStr)));\n        isExist = document.selectSingleNode(\"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\") != null;\n        // or document.selectNodes\n        System.out.println(isExist);\n\n        // Good Dom4j\n        org.jaxen.SimpleVariableContext svc = new org.jaxen.SimpleVariableContext();\n        svc.setVariableValue(\"user\", user);\n        svc.setVariableValue(\"pass\", pass);\n        String xpathString = \"/users/user[@name=$user and @pass=$pass]\";\n        org.dom4j.XPath safeXPath = document.createXPath(xpathString);\n        safeXPath.setVariableContext(svc);\n        isExist = safeXPath.selectSingleNode(document) != null;\n        System.out.println(isExist);\n    }\n} catch (ParserConfigurationException e) {\n\n} catch (SAXException e) {\n\n} catch (XPathExpressionException e) {\n\n} catch (org.dom4j.DocumentException e) {\n\n}\n```\n\n## References\n* OWASP: [Testing for XPath Injection](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection).\n* OWASP: [XPath Injection](https://owasp.org/www-community/attacks/XPATH_Injection).\n* Common Weakness Enumeration: [CWE-643](https://cwe.mitre.org/data/definitions/643.html).\n","markdown":"# XPath injection\nIf an XPath expression is built using string concatenation, and the components of the concatenation include user input, it makes it very easy for a user to create a malicious XPath expression.\n\n\n## Recommendation\nIf user input must be included in an XPath expression, either sanitize the data or pre-compile the query and use variable references to include the user input.\n\nXPath injection can also be prevented by using XQuery.\n\n\n## Example\nIn the first three examples, the code accepts a name and password specified by the user, and uses this unvalidated and unsanitized value in an XPath expression. This is vulnerable to the user providing special characters or string sequences that change the meaning of the XPath expression to search for different values.\n\nIn the fourth example, the code uses `setXPathVariableResolver` which prevents XPath injection.\n\nThe final two examples are for dom4j. They show an example of XPath injection and one method of preventing it.\n\n\n```java\nfinal String xmlStr = \"<users>\" + \n                        \"   <user name=\\\"aaa\\\" pass=\\\"pass1\\\"></user>\" + \n                        \"   <user name=\\\"bbb\\\" pass=\\\"pass2\\\"></user>\" + \n                        \"</users>\";\ntry {\n    DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();\n    domFactory.setNamespaceAware(true);\n    DocumentBuilder builder = domFactory.newDocumentBuilder();\n    //Document doc = builder.parse(\"user.xml\");\n    Document doc = builder.parse(new InputSource(new StringReader(xmlStr)));\n\n    XPathFactory factory = XPathFactory.newInstance();\n    XPath xpath = factory.newXPath();\n\n    // Injectable data\n    String user = request.getParameter(\"user\");\n    String pass = request.getParameter(\"pass\");\n    if (user != null && pass != null) {\n        boolean isExist = false;\n\n        // Bad expression\n        String expression1 = \"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\";\n        isExist = (boolean)xpath.evaluate(expression1, doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Bad expression\n        XPathExpression expression2 = xpath.compile(\"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\");\n        isExist = (boolean)expression2.evaluate(doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Bad expression\n        StringBuffer sb = new StringBuffer(\"/users/user[@name=\");\n        sb.append(user);\n        sb.append(\"' and @pass='\");\n        sb.append(pass);\n        sb.append(\"']\");\n        String query = sb.toString();\n        XPathExpression expression3 = xpath.compile(query);\n        isExist = (boolean)expression3.evaluate(doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n        // Good expression\n        String expression4 = \"/users/user[@name=$user and @pass=$pass]\";\n        xpath.setXPathVariableResolver(v -> {\n        switch (v.getLocalPart()) {\n            case \"user\":\n                return user;\n            case \"pass\":\n                return pass;\n            default:\n                throw new IllegalArgumentException();\n            }\n        });\n        isExist = (boolean)xpath.evaluate(expression4, doc, XPathConstants.BOOLEAN);\n        System.out.println(isExist);\n\n\n        // Bad Dom4j \n        org.dom4j.io.SAXReader reader = new org.dom4j.io.SAXReader();\n        org.dom4j.Document document = reader.read(new InputSource(new StringReader(xmlStr)));\n        isExist = document.selectSingleNode(\"/users/user[@name='\" + user + \"' and @pass='\" + pass + \"']\") != null;\n        // or document.selectNodes\n        System.out.println(isExist);\n\n        // Good Dom4j\n        org.jaxen.SimpleVariableContext svc = new org.jaxen.SimpleVariableContext();\n        svc.setVariableValue(\"user\", user);\n        svc.setVariableValue(\"pass\", pass);\n        String xpathString = \"/users/user[@name=$user and @pass=$pass]\";\n        org.dom4j.XPath safeXPath = document.createXPath(xpathString);\n        safeXPath.setVariableContext(svc);\n        isExist = safeXPath.selectSingleNode(document) != null;\n        System.out.println(isExist);\n    }\n} catch (ParserConfigurationException e) {\n\n} catch (SAXException e) {\n\n} catch (XPathExpressionException e) {\n\n} catch (org.dom4j.DocumentException e) {\n\n}\n```\n\n## References\n* OWASP: [Testing for XPath Injection](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection).\n* OWASP: [XPath Injection](https://owasp.org/www-community/attacks/XPATH_Injection).\n* Common Weakness Enumeration: [CWE-643](https://cwe.mitre.org/data/definitions/643.html).\n"},"properties":{"tags":["security","external/cwe/cwe-643","owasp-top10-2021","A03:2021 - Injection"],"description":"Building an XPath expression from user-controlled sources is vulnerable to insertion of\n              malicious code by the user.","id":"java/xml/xpath-injection","kind":"path-problem","name":"XPath injection","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/improper-intent-verification","name":"java/improper-intent-verification","shortDescription":{"text":"Improper verification of intent by broadcast receiver"},"fullDescription":{"text":"A broadcast receiver that does not verify intents it receives may be susceptible to unintended behavior by third party applications sending it explicit intents."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Improper verification of intent by broadcast receiver\nWhen an Android application uses a `BroadcastReceiver` to receive intents, it is also able to receive explicit intents that are sent directly to it, regardless of its filter. Certain intent actions are only able to be sent by the operating system, not third-party applications. However, a `BroadcastReceiver` that is registered to receive system intents is still able to receive intents from a third-party application, so it should check that the intent received has the expected action. Otherwise, a third-party application could impersonate the system this way to cause unintended behavior, such as a denial of service.\n\n\n## Example\nIn the following code, the `ShutdownReceiver` initiates a shutdown procedure upon receiving an intent, without checking that the received action is indeed `ACTION_SHUTDOWN`. This allows third-party applications to send explicit intents to this receiver to cause a denial of service.\n\n\n```java\npublic class ShutdownReceiver extends BroadcastReceiver {\n    @Override\n    public void onReceive(final Context context, final Intent intent) {\n        mainActivity.saveLocalData();\n        mainActivity.stopActivity();\n    }\n}\n```\n\n```xml\n<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\" package=\"test\">\n    <application>\n        <receiver android:name=\".BootReceiverXml\">\n            <intent-filter>\n                <action android:name=\"android.intent.action.BOOT_COMPLETED\" />\n            </intent-filter>\n        </receiver>\n    </application>\n</manifest>\n```\n\n## Recommendation\nIn the `onReceive` method of a `BroadcastReceiver`, the action of the received Intent should be checked. The following code demonstrates this.\n\n\n```java\npublic class ShutdownReceiver extends BroadcastReceiver {\n    @Override\n    public void onReceive(final Context context, final Intent intent) {\n        if (!intent.getAction().equals(Intent.ACTION_SHUTDOWN)) {\n            return;\n        }\n        mainActivity.saveLocalData();\n        mainActivity.stopActivity();\n    }\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-925](https://cwe.mitre.org/data/definitions/925.html).\n","markdown":"# Improper verification of intent by broadcast receiver\nWhen an Android application uses a `BroadcastReceiver` to receive intents, it is also able to receive explicit intents that are sent directly to it, regardless of its filter. Certain intent actions are only able to be sent by the operating system, not third-party applications. However, a `BroadcastReceiver` that is registered to receive system intents is still able to receive intents from a third-party application, so it should check that the intent received has the expected action. Otherwise, a third-party application could impersonate the system this way to cause unintended behavior, such as a denial of service.\n\n\n## Example\nIn the following code, the `ShutdownReceiver` initiates a shutdown procedure upon receiving an intent, without checking that the received action is indeed `ACTION_SHUTDOWN`. This allows third-party applications to send explicit intents to this receiver to cause a denial of service.\n\n\n```java\npublic class ShutdownReceiver extends BroadcastReceiver {\n    @Override\n    public void onReceive(final Context context, final Intent intent) {\n        mainActivity.saveLocalData();\n        mainActivity.stopActivity();\n    }\n}\n```\n\n```xml\n<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\" package=\"test\">\n    <application>\n        <receiver android:name=\".BootReceiverXml\">\n            <intent-filter>\n                <action android:name=\"android.intent.action.BOOT_COMPLETED\" />\n            </intent-filter>\n        </receiver>\n    </application>\n</manifest>\n```\n\n## Recommendation\nIn the `onReceive` method of a `BroadcastReceiver`, the action of the received Intent should be checked. The following code demonstrates this.\n\n\n```java\npublic class ShutdownReceiver extends BroadcastReceiver {\n    @Override\n    public void onReceive(final Context context, final Intent intent) {\n        if (!intent.getAction().equals(Intent.ACTION_SHUTDOWN)) {\n            return;\n        }\n        mainActivity.saveLocalData();\n        mainActivity.stopActivity();\n    }\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-925](https://cwe.mitre.org/data/definitions/925.html).\n"},"properties":{"tags":["security","external/cwe/cwe-925"],"description":"A broadcast receiver that does not verify intents it receives may be susceptible to unintended behavior by third party applications sending it explicit intents.","id":"java/improper-intent-verification","kind":"problem","name":"Improper verification of intent by broadcast receiver","precision":"high","problem.severity":"warning","security-severity":"8.2"}},{"id":"java/unsafe-hostname-verification","name":"java/unsafe-hostname-verification","shortDescription":{"text":"Unsafe hostname verification"},"fullDescription":{"text":"Marking a certificate as valid for a host without checking the certificate hostname allows an attacker to perform a machine-in-the-middle attack."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Unsafe hostname verification\nIf a `HostnameVerifier` always returns `true` it will not verify the hostname at all. This stops Transport Layer Security (TLS) providing any security and allows an attacker to perform a man-in-the-middle attack against the application.\n\nAn attack might look like this:\n\n1. The program connects to `https://example.com`.\n1. The attacker intercepts this connection and presents an apparently-valid certificate of their choosing.\n1. The `TrustManager` of the program verifies that the certificate has been issued by a trusted certificate authority.\n1. The Java HTTPS library checks whether the certificate has been issued for the host `example.com`. This check fails because the certificate has been issued for a domain controlled by the attacker, for example: `malicious.domain`.\n1. The HTTPS library wants to reject the certificate because the hostname does not match. Before doing this it checks whether a `HostnameVerifier` exists.\n1. Your `HostnameVerifier` is called which returns `true` for any certificate so also for this one.\n1. The program proceeds with the connection since your `HostnameVerifier` accepted it.\n1. The attacker can now read the data your program sends to `https://example.com` and/or alter its replies while the program thinks the connection is secure.\n\n## Recommendation\nDo not use an open `HostnameVerifier`. If you have a configuration problem with TLS/HTTPS, you should always solve the configuration problem instead of using an open verifier.\n\n\n## Example\nIn the first (bad) example, the `HostnameVerifier` always returns `true`. This allows an attacker to perform a man-in-the-middle attack, because any certificate is accepted despite an incorrect hostname. In the second (good) example, the `HostnameVerifier` only returns `true` when the certificate has been correctly checked.\n\n\n```java\npublic static void main(String[] args) {\n\n\t{\n\t\tHostnameVerifier verifier = new HostnameVerifier() {\n\t\t\t@Override\n\t\t\tpublic boolean verify(String hostname, SSLSession session) {\n\t\t\t\treturn true; // BAD: accept even if the hostname doesn't match\n\t\t\t}\n\t\t};\n\t\tHttpsURLConnection.setDefaultHostnameVerifier(verifier);\n\t}\n\n\t{\n\t\tHostnameVerifier verifier = new HostnameVerifier() {\n\t\t\t@Override\n\t\t\tpublic boolean verify(String hostname, SSLSession session) {\n\t\t\t\ttry { // GOOD: verify the certificate\n\t\t\t\t\tCertificate[] certs = session.getPeerCertificates();\n\t\t\t\t\tX509Certificate x509 = (X509Certificate) certs[0];\n\t\t\t\t\tcheck(new String[]{host}, x509);\n\t\t\t\t\treturn true;\n\t\t\t\t} catch (SSLException e) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t}\n\t\t};\n\t\tHttpsURLConnection.setDefaultHostnameVerifier(verifier);\n\t}\n\n}\n```\n\n## References\n* Android developers: [Security with HTTPS and SSL](https://developer.android.com/training/articles/security-ssl).\n* Terse systems blog: [Fixing Hostname Verification](https://tersesystems.com/blog/2014/03/23/fixing-hostname-verification/).\n* Common Weakness Enumeration: [CWE-297](https://cwe.mitre.org/data/definitions/297.html).\n","markdown":"# Unsafe hostname verification\nIf a `HostnameVerifier` always returns `true` it will not verify the hostname at all. This stops Transport Layer Security (TLS) providing any security and allows an attacker to perform a man-in-the-middle attack against the application.\n\nAn attack might look like this:\n\n1. The program connects to `https://example.com`.\n1. The attacker intercepts this connection and presents an apparently-valid certificate of their choosing.\n1. The `TrustManager` of the program verifies that the certificate has been issued by a trusted certificate authority.\n1. The Java HTTPS library checks whether the certificate has been issued for the host `example.com`. This check fails because the certificate has been issued for a domain controlled by the attacker, for example: `malicious.domain`.\n1. The HTTPS library wants to reject the certificate because the hostname does not match. Before doing this it checks whether a `HostnameVerifier` exists.\n1. Your `HostnameVerifier` is called which returns `true` for any certificate so also for this one.\n1. The program proceeds with the connection since your `HostnameVerifier` accepted it.\n1. The attacker can now read the data your program sends to `https://example.com` and/or alter its replies while the program thinks the connection is secure.\n\n## Recommendation\nDo not use an open `HostnameVerifier`. If you have a configuration problem with TLS/HTTPS, you should always solve the configuration problem instead of using an open verifier.\n\n\n## Example\nIn the first (bad) example, the `HostnameVerifier` always returns `true`. This allows an attacker to perform a man-in-the-middle attack, because any certificate is accepted despite an incorrect hostname. In the second (good) example, the `HostnameVerifier` only returns `true` when the certificate has been correctly checked.\n\n\n```java\npublic static void main(String[] args) {\n\n\t{\n\t\tHostnameVerifier verifier = new HostnameVerifier() {\n\t\t\t@Override\n\t\t\tpublic boolean verify(String hostname, SSLSession session) {\n\t\t\t\treturn true; // BAD: accept even if the hostname doesn't match\n\t\t\t}\n\t\t};\n\t\tHttpsURLConnection.setDefaultHostnameVerifier(verifier);\n\t}\n\n\t{\n\t\tHostnameVerifier verifier = new HostnameVerifier() {\n\t\t\t@Override\n\t\t\tpublic boolean verify(String hostname, SSLSession session) {\n\t\t\t\ttry { // GOOD: verify the certificate\n\t\t\t\t\tCertificate[] certs = session.getPeerCertificates();\n\t\t\t\t\tX509Certificate x509 = (X509Certificate) certs[0];\n\t\t\t\t\tcheck(new String[]{host}, x509);\n\t\t\t\t\treturn true;\n\t\t\t\t} catch (SSLException e) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\t\t\t}\n\t\t};\n\t\tHttpsURLConnection.setDefaultHostnameVerifier(verifier);\n\t}\n\n}\n```\n\n## References\n* Android developers: [Security with HTTPS and SSL](https://developer.android.com/training/articles/security-ssl).\n* Terse systems blog: [Fixing Hostname Verification](https://tersesystems.com/blog/2014/03/23/fixing-hostname-verification/).\n* Common Weakness Enumeration: [CWE-297](https://cwe.mitre.org/data/definitions/297.html).\n"},"properties":{"tags":["security","external/cwe/cwe-297","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Marking a certificate as valid for a host without checking the certificate hostname allows an attacker to perform a machine-in-the-middle attack.","id":"java/unsafe-hostname-verification","kind":"path-problem","name":"Unsafe hostname verification","precision":"high","problem.severity":"error","security-severity":"5.9"}},{"id":"java/xxe","name":"java/xxe","shortDescription":{"text":"Resolving XML external entity in user-controlled data"},"fullDescription":{"text":"Parsing user-controlled XML documents and allowing expansion of external entity references may lead to disclosure of confidential data or denial of service."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Resolving XML external entity in user-controlled data\nParsing untrusted XML files with a weakly configured XML parser may lead to an XML External Entity (XXE) attack. This type of attack uses external entity references to access arbitrary files on a system, carry out denial of service, or server side request forgery. Even when the result of parsing is not returned to the user, out-of-band data retrieval techniques may allow attackers to steal sensitive data. Denial of services can also be carried out in this situation.\n\nThere are many XML parsers for Java, and most of them are vulnerable to XXE because their default settings enable parsing of external entities. This query currently identifies vulnerable XML parsing from the following parsers: `javax.xml.parsers.DocumentBuilder`, `javax.xml.stream.XMLStreamReader`, `org.jdom.input.SAXBuilder`/`org.jdom2.input.SAXBuilder`, `javax.xml.parsers.SAXParser`,`org.dom4j.io.SAXReader`, `org.xml.sax.XMLReader`, `javax.xml.transform.sax.SAXSource`, `javax.xml.transform.TransformerFactory`, `javax.xml.transform.sax.SAXTransformerFactory`, `javax.xml.validation.SchemaFactory`, `javax.xml.bind.Unmarshaller` and `javax.xml.xpath.XPathExpression`.\n\n\n## Recommendation\nThe best way to prevent XXE attacks is to disable the parsing of any Document Type Declarations (DTDs) in untrusted data. If this is not possible you should disable the parsing of external general entities and external parameter entities. This improves security but the code will still be at risk of denial of service and server side request forgery attacks. Protection against denial of service attacks may also be implemented by setting entity expansion limits, which is done by default in recent JDK and JRE implementations. Because there are many different ways to disable external entity retrieval with varying support between different providers, in this query we choose to specifically check for the [OWASP recommended way](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java) to disable external entity retrieval for a particular parser. There may be other ways of making a particular parser safe which deviate from these guidelines, in which case this query will continue to flag the parser as potentially dangerous.\n\n\n## Example\nThe following example calls `parse` on a `DocumentBuilder` that is not safely configured on untrusted data, and is therefore inherently unsafe.\n\n\n```java\npublic void parse(Socket sock) throws Exception {\n  DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();\n  DocumentBuilder builder = factory.newDocumentBuilder();\n  builder.parse(sock.getInputStream()); //unsafe\n}\n\n```\nIn this example, the `DocumentBuilder` is created with DTD disabled, securing it against XXE attack.\n\n\n```java\npublic void disableDTDParse(Socket sock) throws Exception {\n  DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();\n  factory.setFeature(\"http://apache.org/xml/features/disallow-doctype-decl\", true);\n  DocumentBuilder builder = factory.newDocumentBuilder();\n  builder.parse(sock.getInputStream()); //safe\n}\n\n```\n\n## References\n* OWASP vulnerability description: [XML External Entity (XXE) Processing](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing).\n* OWASP guidance on parsing xml files: [XXE Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java).\n* Paper by Timothy Morgen: [XML Schema, DTD, and Entity Attacks](https://research.nccgroup.com/2014/05/19/xml-schema-dtd-and-entity-attacks-a-compendium-of-known-techniques/)\n* Out-of-band data retrieval: Timur Yunusov &amp; Alexey Osipov, Black hat EU 2013: [XML Out-Of-Band Data Retrieval](https://www.slideshare.net/qqlan/bh-ready-v4).\n* Denial of service attack (Billion laughs): [Billion Laughs.](https://en.wikipedia.org/wiki/Billion_laughs)\n* The Java Tutorials: [Processing Limit Definitions.](https://docs.oracle.com/javase/tutorial/jaxp/limits/limits.html)\n* Common Weakness Enumeration: [CWE-611](https://cwe.mitre.org/data/definitions/611.html).\n* Common Weakness Enumeration: [CWE-776](https://cwe.mitre.org/data/definitions/776.html).\n* Common Weakness Enumeration: [CWE-827](https://cwe.mitre.org/data/definitions/827.html).\n","markdown":"# Resolving XML external entity in user-controlled data\nParsing untrusted XML files with a weakly configured XML parser may lead to an XML External Entity (XXE) attack. This type of attack uses external entity references to access arbitrary files on a system, carry out denial of service, or server side request forgery. Even when the result of parsing is not returned to the user, out-of-band data retrieval techniques may allow attackers to steal sensitive data. Denial of services can also be carried out in this situation.\n\nThere are many XML parsers for Java, and most of them are vulnerable to XXE because their default settings enable parsing of external entities. This query currently identifies vulnerable XML parsing from the following parsers: `javax.xml.parsers.DocumentBuilder`, `javax.xml.stream.XMLStreamReader`, `org.jdom.input.SAXBuilder`/`org.jdom2.input.SAXBuilder`, `javax.xml.parsers.SAXParser`,`org.dom4j.io.SAXReader`, `org.xml.sax.XMLReader`, `javax.xml.transform.sax.SAXSource`, `javax.xml.transform.TransformerFactory`, `javax.xml.transform.sax.SAXTransformerFactory`, `javax.xml.validation.SchemaFactory`, `javax.xml.bind.Unmarshaller` and `javax.xml.xpath.XPathExpression`.\n\n\n## Recommendation\nThe best way to prevent XXE attacks is to disable the parsing of any Document Type Declarations (DTDs) in untrusted data. If this is not possible you should disable the parsing of external general entities and external parameter entities. This improves security but the code will still be at risk of denial of service and server side request forgery attacks. Protection against denial of service attacks may also be implemented by setting entity expansion limits, which is done by default in recent JDK and JRE implementations. Because there are many different ways to disable external entity retrieval with varying support between different providers, in this query we choose to specifically check for the [OWASP recommended way](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java) to disable external entity retrieval for a particular parser. There may be other ways of making a particular parser safe which deviate from these guidelines, in which case this query will continue to flag the parser as potentially dangerous.\n\n\n## Example\nThe following example calls `parse` on a `DocumentBuilder` that is not safely configured on untrusted data, and is therefore inherently unsafe.\n\n\n```java\npublic void parse(Socket sock) throws Exception {\n  DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();\n  DocumentBuilder builder = factory.newDocumentBuilder();\n  builder.parse(sock.getInputStream()); //unsafe\n}\n\n```\nIn this example, the `DocumentBuilder` is created with DTD disabled, securing it against XXE attack.\n\n\n```java\npublic void disableDTDParse(Socket sock) throws Exception {\n  DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();\n  factory.setFeature(\"http://apache.org/xml/features/disallow-doctype-decl\", true);\n  DocumentBuilder builder = factory.newDocumentBuilder();\n  builder.parse(sock.getInputStream()); //safe\n}\n\n```\n\n## References\n* OWASP vulnerability description: [XML External Entity (XXE) Processing](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing).\n* OWASP guidance on parsing xml files: [XXE Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java).\n* Paper by Timothy Morgen: [XML Schema, DTD, and Entity Attacks](https://research.nccgroup.com/2014/05/19/xml-schema-dtd-and-entity-attacks-a-compendium-of-known-techniques/)\n* Out-of-band data retrieval: Timur Yunusov &amp; Alexey Osipov, Black hat EU 2013: [XML Out-Of-Band Data Retrieval](https://www.slideshare.net/qqlan/bh-ready-v4).\n* Denial of service attack (Billion laughs): [Billion Laughs.](https://en.wikipedia.org/wiki/Billion_laughs)\n* The Java Tutorials: [Processing Limit Definitions.](https://docs.oracle.com/javase/tutorial/jaxp/limits/limits.html)\n* Common Weakness Enumeration: [CWE-611](https://cwe.mitre.org/data/definitions/611.html).\n* Common Weakness Enumeration: [CWE-776](https://cwe.mitre.org/data/definitions/776.html).\n* Common Weakness Enumeration: [CWE-827](https://cwe.mitre.org/data/definitions/827.html).\n"},"properties":{"tags":["security","external/cwe/cwe-611","external/cwe/cwe-776","external/cwe/cwe-827","owasp-top10-2021","A05:2021 - Security Misconfiguration"],"description":"Parsing user-controlled XML documents and allowing expansion of external entity\n references may lead to disclosure of confidential data or denial of service.","id":"java/xxe","kind":"path-problem","name":"Resolving XML external entity in user-controlled data","precision":"high","problem.severity":"error","security-severity":"9.1"}},{"id":"java/unvalidated-url-redirection","name":"java/unvalidated-url-redirection","shortDescription":{"text":"URL redirection from remote source"},"fullDescription":{"text":"URL redirection based on unvalidated user-input may cause redirection to malicious web sites."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# URL redirection from remote source\nDirectly incorporating user input into a URL redirect request without validating the input can facilitate phishing attacks. In these attacks, unsuspecting users can be redirected to a malicious site that looks very similar to the real site they intend to visit, but which is controlled by the attacker.\n\n\n## Recommendation\nTo guard against untrusted URL redirection, it is advisable to avoid putting user input directly into a redirect URL. Instead, maintain a list of authorized redirects on the server; then choose from that list based on the user input provided.\n\n\n## Example\nThe following example shows an HTTP request parameter being used directly in a URL redirect without validating the input, which facilitates phishing attacks. It also shows how to remedy the problem by validating the user input against a known fixed string.\n\n\n```java\npublic class UrlRedirect extends HttpServlet {\n\tprivate static final String VALID_REDIRECT = \"http://cwe.mitre.org/data/definitions/601.html\";\n\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: a request parameter is incorporated without validation into a URL redirect\n\t\tresponse.sendRedirect(request.getParameter(\"target\"));\n\n\t\t// GOOD: the request parameter is validated against a known fixed string\n\t\tif (VALID_REDIRECT.equals(request.getParameter(\"target\"))) {\n\t\t\tresponse.sendRedirect(VALID_REDIRECT);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* Common Weakness Enumeration: [CWE-601](https://cwe.mitre.org/data/definitions/601.html).\n","markdown":"# URL redirection from remote source\nDirectly incorporating user input into a URL redirect request without validating the input can facilitate phishing attacks. In these attacks, unsuspecting users can be redirected to a malicious site that looks very similar to the real site they intend to visit, but which is controlled by the attacker.\n\n\n## Recommendation\nTo guard against untrusted URL redirection, it is advisable to avoid putting user input directly into a redirect URL. Instead, maintain a list of authorized redirects on the server; then choose from that list based on the user input provided.\n\n\n## Example\nThe following example shows an HTTP request parameter being used directly in a URL redirect without validating the input, which facilitates phishing attacks. It also shows how to remedy the problem by validating the user input against a known fixed string.\n\n\n```java\npublic class UrlRedirect extends HttpServlet {\n\tprivate static final String VALID_REDIRECT = \"http://cwe.mitre.org/data/definitions/601.html\";\n\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\tthrows ServletException, IOException {\n\t\t// BAD: a request parameter is incorporated without validation into a URL redirect\n\t\tresponse.sendRedirect(request.getParameter(\"target\"));\n\n\t\t// GOOD: the request parameter is validated against a known fixed string\n\t\tif (VALID_REDIRECT.equals(request.getParameter(\"target\"))) {\n\t\t\tresponse.sendRedirect(VALID_REDIRECT);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* Common Weakness Enumeration: [CWE-601](https://cwe.mitre.org/data/definitions/601.html).\n"},"properties":{"tags":["security","external/cwe/cwe-601","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"URL redirection based on unvalidated user-input\n              may cause redirection to malicious web sites.","id":"java/unvalidated-url-redirection","kind":"path-problem","name":"URL redirection from remote source","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"java/command-line-injection","name":"java/command-line-injection","shortDescription":{"text":"Uncontrolled command line"},"fullDescription":{"text":"Using externally controlled strings in a command line is vulnerable to malicious changes in the strings."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Uncontrolled command line\nCode that passes user input directly to `Runtime.exec`, or some other library routine that executes a command, allows the user to execute malicious code.\n\n\n## Recommendation\nIf possible, use hard-coded string literals to specify the command to run or library to load. Instead of passing the user input directly to the process or library function, examine the user input and then choose among hard-coded string literals.\n\nIf the applicable libraries or commands cannot be determined at compile time, then add code to verify that the user input string is safe before using it.\n\n\n## Example\nThe following example shows code that takes a shell script that can be changed maliciously by a user, and passes it straight to `Runtime.exec` without examining it first.\n\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        String script = System.getenv(\"SCRIPTNAME\");\n        if (script != null) {\n            // BAD: The script to be executed is controlled by the user.\n            Runtime.getRuntime().exec(script);\n        }\n    }\n}\n```\n\n## References\n* OWASP: [Command Injection](https://www.owasp.org/index.php/Command_Injection).\n* SEI CERT Oracle Coding Standard for Java: [IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method](https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method).\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n","markdown":"# Uncontrolled command line\nCode that passes user input directly to `Runtime.exec`, or some other library routine that executes a command, allows the user to execute malicious code.\n\n\n## Recommendation\nIf possible, use hard-coded string literals to specify the command to run or library to load. Instead of passing the user input directly to the process or library function, examine the user input and then choose among hard-coded string literals.\n\nIf the applicable libraries or commands cannot be determined at compile time, then add code to verify that the user input string is safe before using it.\n\n\n## Example\nThe following example shows code that takes a shell script that can be changed maliciously by a user, and passes it straight to `Runtime.exec` without examining it first.\n\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        String script = System.getenv(\"SCRIPTNAME\");\n        if (script != null) {\n            // BAD: The script to be executed is controlled by the user.\n            Runtime.getRuntime().exec(script);\n        }\n    }\n}\n```\n\n## References\n* OWASP: [Command Injection](https://www.owasp.org/index.php/Command_Injection).\n* SEI CERT Oracle Coding Standard for Java: [IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method](https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method).\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n"},"properties":{"tags":["security","external/cwe/cwe-078","external/cwe/cwe-088","owasp-top10-2021","A03:2021 - Injection"],"description":"Using externally controlled strings in a command line is vulnerable to malicious\n              changes in the strings.","id":"java/command-line-injection","kind":"path-problem","name":"Uncontrolled command line","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/concatenated-command-line","name":"java/concatenated-command-line","shortDescription":{"text":"Building a command line with string concatenation"},"fullDescription":{"text":"Using concatenated strings in a command line is vulnerable to malicious insertion of special characters in the strings."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Building a command line with string concatenation\nCode that builds a command line by concatenating strings that have been entered by a user allows the user to execute malicious code.\n\n\n## Recommendation\nExecute external commands using an array of strings rather than a single string. By using an array, many possible vulnerabilities in the formatting of the string are avoided.\n\n\n## Example\nIn the following example, `latlonCoords` contains a string that has been entered by a user but not validated by the program. This allows the user to, for example, append an ampersand (&amp;) followed by the command for a malicious program to the end of the string. The ampersand instructs Windows to execute another program. In the block marked 'BAD', `latlonCoords` is passed to `exec` as part of a concatenated string, which allows more than one command to be executed. However, in the block marked 'GOOD', `latlonCoords` is passed as part of an array, which means that `exec` treats it only as an argument.\n\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        // BAD: user input might include special characters such as ampersands\n        {\n            String latlonCoords = args[1];\n            Runtime rt = Runtime.getRuntime();\n            Process exec = rt.exec(\"cmd.exe /C latlon2utm.exe \" + latlonCoords);\n        }\n\n        // GOOD: use an array of arguments instead of executing a string\n        {\n            String latlonCoords = args[1];\n            Runtime rt = Runtime.getRuntime();\n            Process exec = rt.exec(new String[] {\n                    \"c:\\\\path\\to\\latlon2utm.exe\",\n                    latlonCoords });\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Command Injection](https://www.owasp.org/index.php/Command_Injection).\n* SEI CERT Oracle Coding Standard for Java: [IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method](https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method).\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n","markdown":"# Building a command line with string concatenation\nCode that builds a command line by concatenating strings that have been entered by a user allows the user to execute malicious code.\n\n\n## Recommendation\nExecute external commands using an array of strings rather than a single string. By using an array, many possible vulnerabilities in the formatting of the string are avoided.\n\n\n## Example\nIn the following example, `latlonCoords` contains a string that has been entered by a user but not validated by the program. This allows the user to, for example, append an ampersand (&amp;) followed by the command for a malicious program to the end of the string. The ampersand instructs Windows to execute another program. In the block marked 'BAD', `latlonCoords` is passed to `exec` as part of a concatenated string, which allows more than one command to be executed. However, in the block marked 'GOOD', `latlonCoords` is passed as part of an array, which means that `exec` treats it only as an argument.\n\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        // BAD: user input might include special characters such as ampersands\n        {\n            String latlonCoords = args[1];\n            Runtime rt = Runtime.getRuntime();\n            Process exec = rt.exec(\"cmd.exe /C latlon2utm.exe \" + latlonCoords);\n        }\n\n        // GOOD: use an array of arguments instead of executing a string\n        {\n            String latlonCoords = args[1];\n            Runtime rt = Runtime.getRuntime();\n            Process exec = rt.exec(new String[] {\n                    \"c:\\\\path\\to\\latlon2utm.exe\",\n                    latlonCoords });\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Command Injection](https://www.owasp.org/index.php/Command_Injection).\n* SEI CERT Oracle Coding Standard for Java: [IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method](https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method).\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n"},"properties":{"tags":["security","external/cwe/cwe-078","external/cwe/cwe-088","owasp-top10-2021","A03:2021 - Injection"],"description":"Using concatenated strings in a command line is vulnerable to malicious\n              insertion of special characters in the strings.","id":"java/concatenated-command-line","kind":"problem","name":"Building a command line with string concatenation","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/unsafe-deserialization","name":"java/unsafe-deserialization","shortDescription":{"text":"Deserialization of user-controlled data"},"fullDescription":{"text":"Deserializing user-controlled data may allow attackers to execute arbitrary code."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Deserialization of user-controlled data\nDeserializing untrusted data using any deserialization framework that allows the construction of arbitrary serializable objects is easily exploitable and in many cases allows an attacker to execute arbitrary code. Even before a deserialized object is returned to the caller of a deserialization method a lot of code may have been executed, including static initializers, constructors, and finalizers. Automatic deserialization of fields means that an attacker may craft a nested combination of objects on which the executed initialization code may have unforeseen effects, such as the execution of arbitrary code.\n\nThere are many different serialization frameworks. This query currently supports Kryo, XmlDecoder, XStream, SnakeYaml, JYaml, JsonIO, YAMLBeans, HessianBurlap, Castor, Burlap, Jackson, Jabsorb, Jodd JSON, Flexjson, Gson and Java IO serialization through `ObjectInputStream`/`ObjectOutputStream`.\n\n\n## Recommendation\nAvoid deserialization of untrusted data if at all possible. If the architecture permits it then use other formats instead of serialized objects, for example JSON or XML. However, these formats should not be deserialized into complex objects because this provides further opportunities for attack. For example, XML-based deserialization attacks are possible through libraries such as XStream and XmlDecoder.\n\nAlternatively, a tightly controlled whitelist can limit the vulnerability of code, but be aware of the existence of so-called Bypass Gadgets, which can circumvent such protection measures.\n\nRecommendations specific to particular frameworks supported by this query:\n\n**FastJson** - `com.alibaba:fastjson`\n\n* **Secure by Default**: Partially\n* **Recommendation**: Call `com.alibaba.fastjson.parser.ParserConfig#setSafeMode` with the argument `true` before deserializing untrusted data.\n\n\n**FasterXML** - `com.fasterxml.jackson.core:jackson-databind`\n\n* **Secure by Default**: Yes\n* **Recommendation**: Don't call `com.fasterxml.jackson.databind.ObjectMapper#enableDefaultTyping` and don't annotate any object fields with `com.fasterxml.jackson.annotation.JsonTypeInfo` passing either the `CLASS` or `MINIMAL_CLASS` values to the annotation. Read [this guide](https://cowtowncoder.medium.com/jackson-2-10-safe-default-typing-2d018f0ce2ba).\n\n\n**Kryo** - `com.esotericsoftware:kryo` and `com.esotericsoftware:kryo5`\n\n* **Secure by Default**: Yes for `com.esotericsoftware:kryo5` and for `com.esotericsoftware:kryo` &gt;= v5.0.0\n* **Recommendation**: Don't call `com.esotericsoftware.kryo(5).Kryo#setRegistrationRequired` with the argument `false` on any `Kryo` instance that may deserialize untrusted data.\n\n\n**ObjectInputStream** - `Java Standard Library`\n\n* **Secure by Default**: No\n* **Recommendation**: Use a validating input stream, such as `org.apache.commons.io.serialization.ValidatingObjectInputStream`.\n\n\n**SnakeYAML** - `org.yaml:snakeyaml`\n\n* **Secure by Default**: No\n* **Recommendation**: Pass an instance of `org.yaml.snakeyaml.constructor.SafeConstructor` to `org.yaml.snakeyaml.Yaml`'s constructor before using it to deserialize untrusted data.\n\n\n**XML Decoder** - `Standard Java Library`\n\n* **Secure by Default**: No\n* **Recommendation**: Do not use with untrusted user input.\n\n\n\n## Example\nThe following example calls `readObject` directly on an `ObjectInputStream` that is constructed from untrusted data, and is therefore inherently unsafe.\n\n\n```java\npublic MyObject {\n  public int field;\n  MyObject(int field) {\n    this.field = field;\n  }\n}\n\npublic MyObject deserialize(Socket sock) {\n  try(ObjectInputStream in = new ObjectInputStream(sock.getInputStream())) {\n    return (MyObject)in.readObject(); // unsafe\n  }\n}\n\n```\nRewriting the communication protocol to only rely on reading primitive types from the input stream removes the vulnerability.\n\n\n```java\npublic MyObject deserialize(Socket sock) {\n  try(DataInputStream in = new DataInputStream(sock.getInputStream())) {\n    return new MyObject(in.readInt());\n  }\n}\n\n```\n\n## References\n* OWASP vulnerability description: [Deserialization of untrusted data](https://www.owasp.org/index.php/Deserialization_of_untrusted_data).\n* OWASP guidance on deserializing objects: [Deserialization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html).\n* Talks by Chris Frohoff &amp; Gabriel Lawrence: [ AppSecCali 2015: Marshalling Pickles - how deserializing objects will ruin your day](http://frohoff.github.io/appseccali-marshalling-pickles/), [OWASP SD: Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization](http://frohoff.github.io/owaspsd-deserialize-my-shorts/).\n* Alvaro Muñoz &amp; Christian Schneider, RSAConference 2016: [Serial Killer: Silently Pwning Your Java Endpoints](https://speakerdeck.com/pwntester/serial-killer-silently-pwning-your-java-endpoints).\n* SnakeYaml documentation on deserialization: [SnakeYaml deserialization](https://bitbucket.org/snakeyaml/snakeyaml/wiki/Documentation#markdown-header-loading-yaml).\n* Hessian deserialization and related gadget chains: [Hessian deserialization](https://paper.seebug.org/1137/).\n* Castor and Hessian java deserialization vulnerabilities: [Castor and Hessian deserialization](https://securitylab.github.com/research/hessian-java-deserialization-castor-vulnerabilities/).\n* Remote code execution in JYaml library: [JYaml deserialization](https://www.cybersecurity-help.cz/vdb/SB2020022512).\n* JsonIO deserialization vulnerabilities: [JsonIO deserialization](https://klezvirus.github.io/Advanced-Web-Hacking/Serialisation/).\n* Research by Moritz Bechler: [Java Unmarshaller Security - Turning your data into code execution](https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true)\n* Blog posts by the developer of Jackson libraries: [On Jackson CVEs: Don’t Panic — Here is what you need to know](https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062) [Jackson 2.10: Safe Default Typing](https://cowtowncoder.medium.com/jackson-2-10-safe-default-typing-2d018f0ce2ba)\n* Jabsorb documentation on deserialization: [Jabsorb JSON Serializer](https://github.com/Servoy/jabsorb/blob/master/src/org/jabsorb/).\n* Jodd JSON documentation on deserialization: [JoddJson Parser](https://json.jodd.org/parser).\n* RCE in Flexjson: [Flexjson deserialization](https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html).\n* Android Intent deserialization vulnerabilities with GSON parser: [Insecure use of JSON parsers](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/#insecure-use-of-json-parsers).\n* Common Weakness Enumeration: [CWE-502](https://cwe.mitre.org/data/definitions/502.html).\n","markdown":"# Deserialization of user-controlled data\nDeserializing untrusted data using any deserialization framework that allows the construction of arbitrary serializable objects is easily exploitable and in many cases allows an attacker to execute arbitrary code. Even before a deserialized object is returned to the caller of a deserialization method a lot of code may have been executed, including static initializers, constructors, and finalizers. Automatic deserialization of fields means that an attacker may craft a nested combination of objects on which the executed initialization code may have unforeseen effects, such as the execution of arbitrary code.\n\nThere are many different serialization frameworks. This query currently supports Kryo, XmlDecoder, XStream, SnakeYaml, JYaml, JsonIO, YAMLBeans, HessianBurlap, Castor, Burlap, Jackson, Jabsorb, Jodd JSON, Flexjson, Gson and Java IO serialization through `ObjectInputStream`/`ObjectOutputStream`.\n\n\n## Recommendation\nAvoid deserialization of untrusted data if at all possible. If the architecture permits it then use other formats instead of serialized objects, for example JSON or XML. However, these formats should not be deserialized into complex objects because this provides further opportunities for attack. For example, XML-based deserialization attacks are possible through libraries such as XStream and XmlDecoder.\n\nAlternatively, a tightly controlled whitelist can limit the vulnerability of code, but be aware of the existence of so-called Bypass Gadgets, which can circumvent such protection measures.\n\nRecommendations specific to particular frameworks supported by this query:\n\n**FastJson** - `com.alibaba:fastjson`\n\n* **Secure by Default**: Partially\n* **Recommendation**: Call `com.alibaba.fastjson.parser.ParserConfig#setSafeMode` with the argument `true` before deserializing untrusted data.\n\n\n**FasterXML** - `com.fasterxml.jackson.core:jackson-databind`\n\n* **Secure by Default**: Yes\n* **Recommendation**: Don't call `com.fasterxml.jackson.databind.ObjectMapper#enableDefaultTyping` and don't annotate any object fields with `com.fasterxml.jackson.annotation.JsonTypeInfo` passing either the `CLASS` or `MINIMAL_CLASS` values to the annotation. Read [this guide](https://cowtowncoder.medium.com/jackson-2-10-safe-default-typing-2d018f0ce2ba).\n\n\n**Kryo** - `com.esotericsoftware:kryo` and `com.esotericsoftware:kryo5`\n\n* **Secure by Default**: Yes for `com.esotericsoftware:kryo5` and for `com.esotericsoftware:kryo` &gt;= v5.0.0\n* **Recommendation**: Don't call `com.esotericsoftware.kryo(5).Kryo#setRegistrationRequired` with the argument `false` on any `Kryo` instance that may deserialize untrusted data.\n\n\n**ObjectInputStream** - `Java Standard Library`\n\n* **Secure by Default**: No\n* **Recommendation**: Use a validating input stream, such as `org.apache.commons.io.serialization.ValidatingObjectInputStream`.\n\n\n**SnakeYAML** - `org.yaml:snakeyaml`\n\n* **Secure by Default**: No\n* **Recommendation**: Pass an instance of `org.yaml.snakeyaml.constructor.SafeConstructor` to `org.yaml.snakeyaml.Yaml`'s constructor before using it to deserialize untrusted data.\n\n\n**XML Decoder** - `Standard Java Library`\n\n* **Secure by Default**: No\n* **Recommendation**: Do not use with untrusted user input.\n\n\n\n## Example\nThe following example calls `readObject` directly on an `ObjectInputStream` that is constructed from untrusted data, and is therefore inherently unsafe.\n\n\n```java\npublic MyObject {\n  public int field;\n  MyObject(int field) {\n    this.field = field;\n  }\n}\n\npublic MyObject deserialize(Socket sock) {\n  try(ObjectInputStream in = new ObjectInputStream(sock.getInputStream())) {\n    return (MyObject)in.readObject(); // unsafe\n  }\n}\n\n```\nRewriting the communication protocol to only rely on reading primitive types from the input stream removes the vulnerability.\n\n\n```java\npublic MyObject deserialize(Socket sock) {\n  try(DataInputStream in = new DataInputStream(sock.getInputStream())) {\n    return new MyObject(in.readInt());\n  }\n}\n\n```\n\n## References\n* OWASP vulnerability description: [Deserialization of untrusted data](https://www.owasp.org/index.php/Deserialization_of_untrusted_data).\n* OWASP guidance on deserializing objects: [Deserialization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html).\n* Talks by Chris Frohoff &amp; Gabriel Lawrence: [ AppSecCali 2015: Marshalling Pickles - how deserializing objects will ruin your day](http://frohoff.github.io/appseccali-marshalling-pickles/), [OWASP SD: Deserialize My Shorts: Or How I Learned to Start Worrying and Hate Java Object Deserialization](http://frohoff.github.io/owaspsd-deserialize-my-shorts/).\n* Alvaro Muñoz &amp; Christian Schneider, RSAConference 2016: [Serial Killer: Silently Pwning Your Java Endpoints](https://speakerdeck.com/pwntester/serial-killer-silently-pwning-your-java-endpoints).\n* SnakeYaml documentation on deserialization: [SnakeYaml deserialization](https://bitbucket.org/snakeyaml/snakeyaml/wiki/Documentation#markdown-header-loading-yaml).\n* Hessian deserialization and related gadget chains: [Hessian deserialization](https://paper.seebug.org/1137/).\n* Castor and Hessian java deserialization vulnerabilities: [Castor and Hessian deserialization](https://securitylab.github.com/research/hessian-java-deserialization-castor-vulnerabilities/).\n* Remote code execution in JYaml library: [JYaml deserialization](https://www.cybersecurity-help.cz/vdb/SB2020022512).\n* JsonIO deserialization vulnerabilities: [JsonIO deserialization](https://klezvirus.github.io/Advanced-Web-Hacking/Serialisation/).\n* Research by Moritz Bechler: [Java Unmarshaller Security - Turning your data into code execution](https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true)\n* Blog posts by the developer of Jackson libraries: [On Jackson CVEs: Don’t Panic — Here is what you need to know](https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062) [Jackson 2.10: Safe Default Typing](https://cowtowncoder.medium.com/jackson-2-10-safe-default-typing-2d018f0ce2ba)\n* Jabsorb documentation on deserialization: [Jabsorb JSON Serializer](https://github.com/Servoy/jabsorb/blob/master/src/org/jabsorb/).\n* Jodd JSON documentation on deserialization: [JoddJson Parser](https://json.jodd.org/parser).\n* RCE in Flexjson: [Flexjson deserialization](https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html).\n* Android Intent deserialization vulnerabilities with GSON parser: [Insecure use of JSON parsers](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/#insecure-use-of-json-parsers).\n* Common Weakness Enumeration: [CWE-502](https://cwe.mitre.org/data/definitions/502.html).\n"},"properties":{"tags":["security","external/cwe/cwe-502","owasp-top10-2021","A08:2021 - Software and Data Integrity Failures"],"description":"Deserializing user-controlled data may allow attackers to\n              execute arbitrary code.","id":"java/unsafe-deserialization","kind":"path-problem","name":"Deserialization of user-controlled data","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/world-writable-file-read","name":"java/world-writable-file-read","shortDescription":{"text":"Reading from a world writable file"},"fullDescription":{"text":"Reading from a file which is set as world writable is dangerous because the file may be modified or removed by external actors."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Reading from a world writable file\nReading from a world-writable file is dangerous on a multi-user system because other users may be able to affect program execution by modifying or deleting the file.\n\n\n## Recommendation\nDo not make files explicitly world writable unless the file is intended to be written by multiple users on a multi-user system. In many cases, the file may only need to be writable for the current user.\n\nFor some file systems, there may be alternatives to setting the file to be world writable. For example, POSIX file systems support \"groups\" which may be used to ensure that only subset of all the users can write to the file. Access Control Lists (ACLs) are available for many operating system and file system combinations, and can provide fine-grained read and write support without resorting to world writable permissions.\n\n\n## Example\nIn the following example, we are loading some configuration parameters from a file:\n\n```java\n\nprivate void readConfig(File configFile) {\n  if (!configFile.exists()) {\n    // Create an empty config file\n    configFile.createNewFile();\n    // Make the file writable for all\n    configFile.setWritable(true, false);\n  }\n  // Now read the config\n  loadConfig(configFile);\n}\n\n```\nIf the configuration file does not yet exist, an empty file is created. Creating an empty file can simplify the later code and is a convenience for the user. However, by setting the file to be world writable, we allow any user on the system to modify the configuration, not just the current user. If there may be untrusted users on the system, this is potentially dangerous.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [FIO01-J. Create files with appropriate access permissions](https://wiki.sei.cmu.edu/confluence/display/java/FIO01-J.+Create+files+with+appropriate+access+permissions).\n* Common Weakness Enumeration: [CWE-732](https://cwe.mitre.org/data/definitions/732.html).\n","markdown":"# Reading from a world writable file\nReading from a world-writable file is dangerous on a multi-user system because other users may be able to affect program execution by modifying or deleting the file.\n\n\n## Recommendation\nDo not make files explicitly world writable unless the file is intended to be written by multiple users on a multi-user system. In many cases, the file may only need to be writable for the current user.\n\nFor some file systems, there may be alternatives to setting the file to be world writable. For example, POSIX file systems support \"groups\" which may be used to ensure that only subset of all the users can write to the file. Access Control Lists (ACLs) are available for many operating system and file system combinations, and can provide fine-grained read and write support without resorting to world writable permissions.\n\n\n## Example\nIn the following example, we are loading some configuration parameters from a file:\n\n```java\n\nprivate void readConfig(File configFile) {\n  if (!configFile.exists()) {\n    // Create an empty config file\n    configFile.createNewFile();\n    // Make the file writable for all\n    configFile.setWritable(true, false);\n  }\n  // Now read the config\n  loadConfig(configFile);\n}\n\n```\nIf the configuration file does not yet exist, an empty file is created. Creating an empty file can simplify the later code and is a convenience for the user. However, by setting the file to be world writable, we allow any user on the system to modify the configuration, not just the current user. If there may be untrusted users on the system, this is potentially dangerous.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [FIO01-J. Create files with appropriate access permissions](https://wiki.sei.cmu.edu/confluence/display/java/FIO01-J.+Create+files+with+appropriate+access+permissions).\n* Common Weakness Enumeration: [CWE-732](https://cwe.mitre.org/data/definitions/732.html).\n"},"properties":{"tags":["security","external/cwe/cwe-732"],"description":"Reading from a file which is set as world writable is dangerous because\n              the file may be modified or removed by external actors.","id":"java/world-writable-file-read","kind":"problem","name":"Reading from a world writable file","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"java/regex-injection","name":"java/regex-injection","shortDescription":{"text":"Regular expression injection"},"fullDescription":{"text":"User input should not be used in regular expressions without first being escaped, otherwise a malicious user may be able to provide a regex that could require exponential time on certain inputs."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Regular expression injection\nConstructing a regular expression with unsanitized user input is dangerous as a malicious user may be able to modify the meaning of the expression. In particular, such a user may be able to provide a regular expression fragment that takes exponential time in the worst case, and use that to perform a Denial of Service attack.\n\n\n## Recommendation\nBefore embedding user input into a regular expression, use a sanitization function such as `Pattern.quote` to escape meta-characters that have special meaning.\n\n\n## Example\nThe following example shows an HTTP request parameter that is used to construct a regular expression.\n\nIn the first case the user-provided regex is not escaped. If a malicious user provides a regex whose worst-case performance is exponential, then this could lead to a Denial of Service.\n\nIn the second case, the user input is escaped using `Pattern.quote` before being included in the regular expression. This ensures that the user cannot insert characters which have a special meaning in regular expressions.\n\n\n```java\nimport java.util.regex.Pattern;\nimport javax.servlet.http.HttpServlet;\nimport javax.servlet.http.HttpServletRequest;\n\npublic class RegexInjectionDemo extends HttpServlet {\n\n  public boolean badExample(javax.servlet.http.HttpServletRequest request) {\n    String regex = request.getParameter(\"regex\");\n    String input = request.getParameter(\"input\");\n\n    // BAD: Unsanitized user input is used to construct a regular expression\n    return input.matches(regex);\n  }\n\n  public boolean goodExample(javax.servlet.http.HttpServletRequest request) {\n    String regex = request.getParameter(\"regex\");\n    String input = request.getParameter(\"input\");\n\n    // GOOD: User input is sanitized before constructing the regex\n    return input.matches(Pattern.quote(regex));\n  }\n}\n\n```\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Java API Specification: [Pattern.quote](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/regex/Pattern.html#quote(java.lang.String)).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n","markdown":"# Regular expression injection\nConstructing a regular expression with unsanitized user input is dangerous as a malicious user may be able to modify the meaning of the expression. In particular, such a user may be able to provide a regular expression fragment that takes exponential time in the worst case, and use that to perform a Denial of Service attack.\n\n\n## Recommendation\nBefore embedding user input into a regular expression, use a sanitization function such as `Pattern.quote` to escape meta-characters that have special meaning.\n\n\n## Example\nThe following example shows an HTTP request parameter that is used to construct a regular expression.\n\nIn the first case the user-provided regex is not escaped. If a malicious user provides a regex whose worst-case performance is exponential, then this could lead to a Denial of Service.\n\nIn the second case, the user input is escaped using `Pattern.quote` before being included in the regular expression. This ensures that the user cannot insert characters which have a special meaning in regular expressions.\n\n\n```java\nimport java.util.regex.Pattern;\nimport javax.servlet.http.HttpServlet;\nimport javax.servlet.http.HttpServletRequest;\n\npublic class RegexInjectionDemo extends HttpServlet {\n\n  public boolean badExample(javax.servlet.http.HttpServletRequest request) {\n    String regex = request.getParameter(\"regex\");\n    String input = request.getParameter(\"input\");\n\n    // BAD: Unsanitized user input is used to construct a regular expression\n    return input.matches(regex);\n  }\n\n  public boolean goodExample(javax.servlet.http.HttpServletRequest request) {\n    String regex = request.getParameter(\"regex\");\n    String input = request.getParameter(\"input\");\n\n    // GOOD: User input is sanitized before constructing the regex\n    return input.matches(Pattern.quote(regex));\n  }\n}\n\n```\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Java API Specification: [Pattern.quote](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/regex/Pattern.html#quote(java.lang.String)).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n"},"properties":{"tags":["security","external/cwe/cwe-730","external/cwe/cwe-400"],"description":"User input should not be used in regular expressions without first being escaped,\n              otherwise a malicious user may be able to provide a regex that could require\n              exponential time on certain inputs.","id":"java/regex-injection","kind":"path-problem","name":"Regular expression injection","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/redos","name":"java/redos","shortDescription":{"text":"Inefficient regular expression"},"fullDescription":{"text":"A regular expression that requires exponential time to match certain inputs can be a performance bottleneck, and may be vulnerable to denial-of-service attacks."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Inefficient regular expression\nSome regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length *n* is proportional to *n<sup>k</sup>* or even *2<sup>n</sup>*. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service (\"DoS\") attack by crafting an expensive input string for the regular expression to match.\n\nThe regular expression engine provided by Java uses a backtracking non-deterministic finite automata to implement regular expression matching. While this approach is space-efficient and allows supporting advanced features like capture groups, it is not time-efficient in general. The worst-case time complexity of such an automaton can be polynomial or even exponential, meaning that for strings of a certain shape, increasing the input length by ten characters may make the automaton about 1000 times slower.\n\nTypically, a regular expression is affected by this problem if it contains a repetition of the form `r*` or `r+` where the sub-expression `r` is ambiguous in the sense that it can match some string in multiple ways. More information about the precise circumstances can be found in the references.\n\nNote that Java versions 9 and above have some mitigations against ReDoS; however they aren't perfect and more complex regular expressions can still be affected by this problem.\n\n\n## Recommendation\nModify the regular expression to remove the ambiguity, or ensure that the strings matched with the regular expression are short enough that the time-complexity does not matter. Alternatively, an alternate regex library that guarantees linear time execution, such as Google's RE2J, may be used.\n\n\n## Example\nConsider this regular expression:\n\n```java\n\n\t\t\t^_(__|.)+_$\n\t\t\n```\nIts sub-expression `\"(__|.)+?\"` can match the string `\"__\"` either by the first alternative `\"__\"` to the left of the `\"|\"` operator, or by two repetitions of the second alternative `\".\"` to the right. Thus, a string consisting of an odd number of underscores followed by some other character will cause the regular expression engine to run for an exponential amount of time before rejecting the input.\n\nThis problem can be avoided by rewriting the regular expression to remove the ambiguity between the two branches of the alternative inside the repetition:\n\n```java\n\n\t\t\t^_(__|[^_])+_$\n\t\t\n```\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity).\n* James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf).\n* Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n","markdown":"# Inefficient regular expression\nSome regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length *n* is proportional to *n<sup>k</sup>* or even *2<sup>n</sup>*. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service (\"DoS\") attack by crafting an expensive input string for the regular expression to match.\n\nThe regular expression engine provided by Java uses a backtracking non-deterministic finite automata to implement regular expression matching. While this approach is space-efficient and allows supporting advanced features like capture groups, it is not time-efficient in general. The worst-case time complexity of such an automaton can be polynomial or even exponential, meaning that for strings of a certain shape, increasing the input length by ten characters may make the automaton about 1000 times slower.\n\nTypically, a regular expression is affected by this problem if it contains a repetition of the form `r*` or `r+` where the sub-expression `r` is ambiguous in the sense that it can match some string in multiple ways. More information about the precise circumstances can be found in the references.\n\nNote that Java versions 9 and above have some mitigations against ReDoS; however they aren't perfect and more complex regular expressions can still be affected by this problem.\n\n\n## Recommendation\nModify the regular expression to remove the ambiguity, or ensure that the strings matched with the regular expression are short enough that the time-complexity does not matter. Alternatively, an alternate regex library that guarantees linear time execution, such as Google's RE2J, may be used.\n\n\n## Example\nConsider this regular expression:\n\n```java\n\n\t\t\t^_(__|.)+_$\n\t\t\n```\nIts sub-expression `\"(__|.)+?\"` can match the string `\"__\"` either by the first alternative `\"__\"` to the left of the `\"|\"` operator, or by two repetitions of the second alternative `\".\"` to the right. Thus, a string consisting of an odd number of underscores followed by some other character will cause the regular expression engine to run for an exponential amount of time before rejecting the input.\n\nThis problem can be avoided by rewriting the regular expression to remove the ambiguity between the two branches of the alternative inside the repetition:\n\n```java\n\n\t\t\t^_(__|[^_])+_$\n\t\t\n```\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity).\n* James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf).\n* Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n"},"properties":{"tags":["security","external/cwe/cwe-1333","external/cwe/cwe-730","external/cwe/cwe-400"],"description":"A regular expression that requires exponential time to match certain inputs\n              can be a performance bottleneck, and may be vulnerable to denial-of-service\n              attacks.","id":"java/redos","kind":"problem","name":"Inefficient regular expression","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"java/polynomial-redos","name":"java/polynomial-redos","shortDescription":{"text":"Polynomial regular expression used on uncontrolled data"},"fullDescription":{"text":"A regular expression that can require polynomial time to match may be vulnerable to denial-of-service attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Polynomial regular expression used on uncontrolled data\nSome regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length *n* is proportional to *n<sup>k</sup>* or even *2<sup>n</sup>*. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service (\"DoS\") attack by crafting an expensive input string for the regular expression to match.\n\nThe regular expression engine provided by Java uses a backtracking non-deterministic finite automata to implement regular expression matching. While this approach is space-efficient and allows supporting advanced features like capture groups, it is not time-efficient in general. The worst-case time complexity of such an automaton can be polynomial or even exponential, meaning that for strings of a certain shape, increasing the input length by ten characters may make the automaton about 1000 times slower.\n\nTypically, a regular expression is affected by this problem if it contains a repetition of the form `r*` or `r+` where the sub-expression `r` is ambiguous in the sense that it can match some string in multiple ways. More information about the precise circumstances can be found in the references.\n\nNote that Java versions 9 and above have some mitigations against ReDoS; however they aren't perfect and more complex regular expressions can still be affected by this problem.\n\n\n## Recommendation\nModify the regular expression to remove the ambiguity, or ensure that the strings matched with the regular expression are short enough that the time-complexity does not matter. Alternatively, an alternate regex library that guarantees linear time execution, such as Google's RE2J, may be used.\n\n\n## Example\nConsider this use of a regular expression, which removes all leading and trailing whitespace in a string:\n\n```java\n\n\t\t\tPattern.compile(\"^\\\\s+|\\\\s+$\").matcher(text).replaceAll(\"\") // BAD\n\t\t\n```\nThe sub-expression `\"\\\\s+$\"` will match the whitespace characters in `text` from left to right, but it can start matching anywhere within a whitespace sequence. This is problematic for strings that do **not** end with a whitespace character. Such a string will force the regular expression engine to process each whitespace sequence once per whitespace character in the sequence.\n\nThis ultimately means that the time cost of trimming a string is quadratic in the length of the string. So a string like `\"a b\"` will take milliseconds to process, but a similar string with a million spaces instead of just one will take several minutes.\n\nAvoid this problem by rewriting the regular expression to not contain the ambiguity about when to start matching whitespace sequences. For instance, by using a negative look-behind (`\"^\\\\s+|(?<!\\\\s)\\\\s+$\"`), or just by using the built-in trim method (`text.trim()`).\n\nNote that the sub-expression `\"^\\\\s+\"` is **not** problematic as the `^` anchor restricts when that sub-expression can start matching, and as the regular expression engine matches from left to right.\n\n\n## Example\nAs a similar, but slightly subtler problem, consider the regular expression that matches lines with numbers, possibly written using scientific notation:\n\n```java\n\n\t\t\t\"^0\\\\.\\\\d+E?\\\\d+$\"\" \n\t\t\n```\nThe problem with this regular expression is in the sub-expression `\\d+E?\\d+` because the second `\\d+` can start matching digits anywhere after the first match of the first `\\d+` if there is no `E` in the input string.\n\nThis is problematic for strings that do **not** end with a digit. Such a string will force the regular expression engine to process each digit sequence once per digit in the sequence, again leading to a quadratic time complexity.\n\nTo make the processing faster, the regular expression should be rewritten such that the two `\\d+` sub-expressions do not have overlapping matches: `\"^0\\\\.\\\\d+(E\\\\d+)?$\"`.\n\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity).\n* James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf).\n* Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n","markdown":"# Polynomial regular expression used on uncontrolled data\nSome regular expressions take a long time to match certain input strings to the point where the time it takes to match a string of length *n* is proportional to *n<sup>k</sup>* or even *2<sup>n</sup>*. Such regular expressions can negatively affect performance, or even allow a malicious user to perform a Denial of Service (\"DoS\") attack by crafting an expensive input string for the regular expression to match.\n\nThe regular expression engine provided by Java uses a backtracking non-deterministic finite automata to implement regular expression matching. While this approach is space-efficient and allows supporting advanced features like capture groups, it is not time-efficient in general. The worst-case time complexity of such an automaton can be polynomial or even exponential, meaning that for strings of a certain shape, increasing the input length by ten characters may make the automaton about 1000 times slower.\n\nTypically, a regular expression is affected by this problem if it contains a repetition of the form `r*` or `r+` where the sub-expression `r` is ambiguous in the sense that it can match some string in multiple ways. More information about the precise circumstances can be found in the references.\n\nNote that Java versions 9 and above have some mitigations against ReDoS; however they aren't perfect and more complex regular expressions can still be affected by this problem.\n\n\n## Recommendation\nModify the regular expression to remove the ambiguity, or ensure that the strings matched with the regular expression are short enough that the time-complexity does not matter. Alternatively, an alternate regex library that guarantees linear time execution, such as Google's RE2J, may be used.\n\n\n## Example\nConsider this use of a regular expression, which removes all leading and trailing whitespace in a string:\n\n```java\n\n\t\t\tPattern.compile(\"^\\\\s+|\\\\s+$\").matcher(text).replaceAll(\"\") // BAD\n\t\t\n```\nThe sub-expression `\"\\\\s+$\"` will match the whitespace characters in `text` from left to right, but it can start matching anywhere within a whitespace sequence. This is problematic for strings that do **not** end with a whitespace character. Such a string will force the regular expression engine to process each whitespace sequence once per whitespace character in the sequence.\n\nThis ultimately means that the time cost of trimming a string is quadratic in the length of the string. So a string like `\"a b\"` will take milliseconds to process, but a similar string with a million spaces instead of just one will take several minutes.\n\nAvoid this problem by rewriting the regular expression to not contain the ambiguity about when to start matching whitespace sequences. For instance, by using a negative look-behind (`\"^\\\\s+|(?<!\\\\s)\\\\s+$\"`), or just by using the built-in trim method (`text.trim()`).\n\nNote that the sub-expression `\"^\\\\s+\"` is **not** problematic as the `^` anchor restricts when that sub-expression can start matching, and as the regular expression engine matches from left to right.\n\n\n## Example\nAs a similar, but slightly subtler problem, consider the regular expression that matches lines with numbers, possibly written using scientific notation:\n\n```java\n\n\t\t\t\"^0\\\\.\\\\d+E?\\\\d+$\"\" \n\t\t\n```\nThe problem with this regular expression is in the sub-expression `\\d+E?\\d+` because the second `\\d+` can start matching digits anywhere after the first match of the first `\\d+` if there is no `E` in the input string.\n\nThis is problematic for strings that do **not** end with a digit. Such a string will force the regular expression engine to process each digit sequence once per digit in the sequence, again leading to a quadratic time complexity.\n\nTo make the processing faster, the regular expression should be rewritten such that the two `\\d+` sub-expressions do not have overlapping matches: `\"^0\\\\.\\\\d+(E\\\\d+)?$\"`.\n\n\n## References\n* OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS).\n* Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS).\n* Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity).\n* James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf).\n* Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html).\n* Common Weakness Enumeration: [CWE-730](https://cwe.mitre.org/data/definitions/730.html).\n* Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).\n"},"properties":{"tags":["security","external/cwe/cwe-1333","external/cwe/cwe-730","external/cwe/cwe-400"],"description":"A regular expression that can require polynomial time\n              to match may be vulnerable to denial-of-service attacks.","id":"java/polynomial-redos","kind":"path-problem","name":"Polynomial regular expression used on uncontrolled data","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/maven/non-https-url","name":"java/maven/non-https-url","shortDescription":{"text":"Failure to use HTTPS or SFTP URL in Maven artifact upload/download"},"fullDescription":{"text":"Non-HTTPS connections can be intercepted by third parties."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Failure to use HTTPS or SFTP URL in Maven artifact upload/download\nUsing an insecure protocol like HTTP or FTP to download your dependencies leaves your Maven build vulnerable to a [Man in the Middle (MITM)](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). This can allow attackers to inject malicious code into the artifacts that you are resolving and infect build artifacts that are being produced. This can be used by attackers to perform a [Supply chain attack](https://en.wikipedia.org/wiki/Supply_chain_attack) against your project's users.\n\nThis vulnerability has a [ CVSS v3.1 base score of 8.1/10 ](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1).\n\n\n## Recommendation\nAlways use HTTPS or SFTP to download artifacts from artifact servers.\n\n\n## Example\nThese examples show examples of locations in Maven POM files where artifact repository upload/download is configured. The first shows the use of HTTP, the second shows the use of HTTPS.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Security Testing</name>\n    <description>An example of insecure download and upload of dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>insecure-releases</id>\n            <name>Insecure Repository Releases</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </repository>\n        <snapshotRepository>\n            <id>insecure-snapshots</id>\n            <name>Insecure Repository Snapshots</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>insecure</id>\n            <name>Insecure Repository</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>insecure-plugins</id>\n            <name>Insecure Repository Releases</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Security Testing</name>\n    <description>An example of secure download and upload of dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>insecure-releases</id>\n            <name>Secure Repository Releases</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </repository>\n        <snapshotRepository>\n            <id>insecure-snapshots</id>\n            <name>Secure Repository Snapshots</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>insecure</id>\n            <name>Secure Repository</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>insecure-plugins</id>\n            <name>Secure Repository Releases</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n## References\n* Research: [ Want to take over the Java ecosystem? All you need is a MITM! ](https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb?source=friends_link&sk=3c99970c55a899ad9ef41f126efcde0e)\n* Research: [ How to take over the computer of any Java (or Closure or Scala) Developer. ](https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/)\n* Proof of Concept: [ mveytsman/dilettante ](https://github.com/mveytsman/dilettante)\n* Additional Gradle &amp; Maven plugin: [ Announcing nohttp ](https://spring.io/blog/2019/06/10/announcing-nohttp)\n* Java Ecosystem Announcement: [ HTTP Decommission Artifact Server Announcements ](https://gist.github.com/JLLeitschuh/789e49e3d34092a005031a0a1880af99)\n* Common Weakness Enumeration: [CWE-300](https://cwe.mitre.org/data/definitions/300.html).\n* Common Weakness Enumeration: [CWE-319](https://cwe.mitre.org/data/definitions/319.html).\n* Common Weakness Enumeration: [CWE-494](https://cwe.mitre.org/data/definitions/494.html).\n* Common Weakness Enumeration: [CWE-829](https://cwe.mitre.org/data/definitions/829.html).\n","markdown":"# Failure to use HTTPS or SFTP URL in Maven artifact upload/download\nUsing an insecure protocol like HTTP or FTP to download your dependencies leaves your Maven build vulnerable to a [Man in the Middle (MITM)](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). This can allow attackers to inject malicious code into the artifacts that you are resolving and infect build artifacts that are being produced. This can be used by attackers to perform a [Supply chain attack](https://en.wikipedia.org/wiki/Supply_chain_attack) against your project's users.\n\nThis vulnerability has a [ CVSS v3.1 base score of 8.1/10 ](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1).\n\n\n## Recommendation\nAlways use HTTPS or SFTP to download artifacts from artifact servers.\n\n\n## Example\nThese examples show examples of locations in Maven POM files where artifact repository upload/download is configured. The first shows the use of HTTP, the second shows the use of HTTPS.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Security Testing</name>\n    <description>An example of insecure download and upload of dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>insecure-releases</id>\n            <name>Insecure Repository Releases</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </repository>\n        <snapshotRepository>\n            <id>insecure-snapshots</id>\n            <name>Insecure Repository Snapshots</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>insecure</id>\n            <name>Insecure Repository</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>insecure-plugins</id>\n            <name>Insecure Repository Releases</name>\n            <!-- BAD! Use HTTPS -->\n            <url>http://insecure-repository.example</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n```xml\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project xmlns=\"http://maven.apache.org/POM/4.0.0\"\n         xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n         xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n\n    <modelVersion>4.0.0</modelVersion>\n\n    <groupId>com.semmle</groupId>\n    <artifactId>parent</artifactId>\n    <version>1.0</version>\n    <packaging>pom</packaging>\n\n    <name>Security Testing</name>\n    <description>An example of secure download and upload of dependencies</description>\n\n    <distributionManagement>\n        <repository>\n            <id>insecure-releases</id>\n            <name>Secure Repository Releases</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </repository>\n        <snapshotRepository>\n            <id>insecure-snapshots</id>\n            <name>Secure Repository Snapshots</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </snapshotRepository>\n    </distributionManagement>\n    <repositories>\n        <repository>\n            <id>insecure</id>\n            <name>Secure Repository</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </repository>\n    </repositories>\n    <pluginRepositories>\n        <pluginRepository>\n            <id>insecure-plugins</id>\n            <name>Secure Repository Releases</name>\n            <!-- GOOD! Use HTTPS -->\n            <url>https://insecure-repository.example</url>\n        </pluginRepository>\n    </pluginRepositories>\n</project>\n\n```\n\n## References\n* Research: [ Want to take over the Java ecosystem? All you need is a MITM! ](https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb?source=friends_link&sk=3c99970c55a899ad9ef41f126efcde0e)\n* Research: [ How to take over the computer of any Java (or Closure or Scala) Developer. ](https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/)\n* Proof of Concept: [ mveytsman/dilettante ](https://github.com/mveytsman/dilettante)\n* Additional Gradle &amp; Maven plugin: [ Announcing nohttp ](https://spring.io/blog/2019/06/10/announcing-nohttp)\n* Java Ecosystem Announcement: [ HTTP Decommission Artifact Server Announcements ](https://gist.github.com/JLLeitschuh/789e49e3d34092a005031a0a1880af99)\n* Common Weakness Enumeration: [CWE-300](https://cwe.mitre.org/data/definitions/300.html).\n* Common Weakness Enumeration: [CWE-319](https://cwe.mitre.org/data/definitions/319.html).\n* Common Weakness Enumeration: [CWE-494](https://cwe.mitre.org/data/definitions/494.html).\n* Common Weakness Enumeration: [CWE-829](https://cwe.mitre.org/data/definitions/829.html).\n"},"properties":{"tags":["security","external/cwe/cwe-300","external/cwe/cwe-319","external/cwe/cwe-494","external/cwe/cwe-829","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Non-HTTPS connections can be intercepted by third parties.","id":"java/maven/non-https-url","kind":"problem","name":"Failure to use HTTPS or SFTP URL in Maven artifact upload/download","precision":"very-high","problem.severity":"error","security-severity":"8.1"}},{"id":"java/sql-injection","name":"java/sql-injection","shortDescription":{"text":"Query built from user-controlled sources"},"fullDescription":{"text":"Building a SQL or Java Persistence query from user-controlled sources is vulnerable to insertion of malicious code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Query built from user-controlled sources\nIf a database query is built using string concatenation, and the components of the concatenation include user input, a user is likely to be able to run malicious database queries. This applies to various database query languages, including SQL and the Java Persistence Query Language.\n\n\n## Recommendation\nUsually, it is better to use a SQL prepared statement than to build a complete SQL query with string concatenation. A prepared statement can include a wildcard, written as a question mark (?), for each part of the SQL query that is expected to be filled in by a different value each time it is run. When the query is later executed, a value must be supplied for each wildcard in the query.\n\nIn the Java Persistence Query Language, it is better to use queries with parameters than to build a complete query with string concatenation. A Java Persistence query can include a parameter placeholder for each part of the query that is expected to be filled in by a different value when run. A parameter placeholder may be indicated by a colon (:) followed by a parameter name, or by a question mark (?) followed by an integer position. When the query is later executed, a value must be supplied for each parameter in the query, using the `setParameter` method. Specifying the query using the `@NamedQuery` annotation introduces an additional level of safety: the query must be a constant string literal, preventing construction by string concatenation, and the only way to fill in values for parts of the query is by setting positional parameters.\n\nIt is good practice to use prepared statements (in SQL) or query parameters (in the Java Persistence Query Language) for supplying parameter values to a query, whether or not any of the parameters are directly traceable to user input. Doing so avoids any need to worry about quoting and escaping.\n\n\n## Example\nIn the following example, the code runs a simple SQL query in two different ways.\n\nThe first way involves building a query, `query1`, by concatenating an environment variable with some string literals. The environment variable can include special characters, so this code allows for SQL injection attacks.\n\nThe second way, which shows good practice, involves building a query, `query2`, with a single string literal that includes a wildcard (`?`). The wildcard is then given a value by calling `setString`. This version is immune to injection attacks, because any special characters in the environment variable are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have SQL special characters in it\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='\"\n        + category + \"' ORDER BY PRICE\";\n    ResultSet results = statement.executeQuery(query1);\n}\n\n{\n    // GOOD: use a prepared query\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query2 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=? ORDER BY PRICE\";\n    PreparedStatement statement = connection.prepareStatement(query2);\n    statement.setString(1, category);\n    ResultSet results = statement.executeQuery();\n}\n```\n\n## Example\nThe following code shows several different ways to run a Java Persistence query.\n\nThe first example involves building a query, `query1`, by concatenating an environment variable with some string literals. Just like the SQL example, the environment variable can include special characters, so this code allows for Java Persistence query injection attacks.\n\nThe remaining examples demonstrate different methods for safely building a Java Persistence query with user-supplied values:\n\n1. `query2` uses a single string literal that includes a placeholder for a parameter, indicated by a colon (`:`) and parameter name (`category`).\n1. `query3` uses a single string literal that includes a placeholder for a parameter, indicated by a question mark (`?`) and position number (`1`).\n1. `namedQuery1` is defined using the `@NamedQuery` annotation, whose `query` attribute is a string literal that includes a placeholder for a parameter, indicated by a colon (`:`) and parameter name (`category`).\n1. `namedQuery2` is defined using the `@NamedQuery` annotation, whose `query` attribute includes a placeholder for a parameter, indicated by a question mark (`?`) and position number (`1`).\nThe parameter is then given a value by calling `setParameter`. These versions are immune to injection attacks, because any special characters in the environment variable or user-supplied value are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have Java Persistence Query Language special characters in it\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT p FROM Product p WHERE p.category LIKE '\"\n        + category + \"' ORDER BY p.price\";\n    Query q = entityManager.createQuery(query1);\n}\n\n{\n    // GOOD: use a named parameter and set its value\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query2 = \"SELECT p FROM Product p WHERE p.category LIKE :category ORDER BY p.price\"\n    Query q = entityManager.createQuery(query2);\n    q.setParameter(\"category\", category);\n}\n\n{\n    // GOOD: use a positional parameter and set its value\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query3 = \"SELECT p FROM Product p WHERE p.category LIKE ?1 ORDER BY p.price\"\n    Query q = entityManager.createQuery(query3);\n    q.setParameter(1, category);\n}\n\n{\n    // GOOD: use a named query with a named parameter and set its value\n    @NamedQuery(\n            name=\"lookupByCategory\",\n            query=\"SELECT p FROM Product p WHERE p.category LIKE :category ORDER BY p.price\")\n    private static class NQ {}\n    ...\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Query namedQuery1 = entityManager.createNamedQuery(\"lookupByCategory\");\n    namedQuery1.setParameter(\"category\", category);\n}\n\n{\n    // GOOD: use a named query with a positional parameter and set its value\n    @NamedQuery(\n            name=\"lookupByCategory\",\n            query=\"SELECT p FROM Product p WHERE p.category LIKE ?1 ORDER BY p.price\")\n    private static class NQ {}\n    ...\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Query namedQuery2 = entityManager.createNamedQuery(\"lookupByCategory\");\n    namedQuery2.setParameter(1, category);\n}\n```\n\n## References\n* OWASP: [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html).\n* SEI CERT Oracle Coding Standard for Java: [IDS00-J. Prevent SQL injection](https://wiki.sei.cmu.edu/confluence/display/java/IDS00-J.+Prevent+SQL+injection).\n* The Java Tutorials: [Using Prepared Statements](https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html).\n* The Java EE Tutorial: [The Java Persistence Query Language](https://docs.oracle.com/javaee/7/tutorial/persistence-querylanguage.htm).\n* Common Weakness Enumeration: [CWE-89](https://cwe.mitre.org/data/definitions/89.html).\n* Common Weakness Enumeration: [CWE-564](https://cwe.mitre.org/data/definitions/564.html).\n","markdown":"# Query built from user-controlled sources\nIf a database query is built using string concatenation, and the components of the concatenation include user input, a user is likely to be able to run malicious database queries. This applies to various database query languages, including SQL and the Java Persistence Query Language.\n\n\n## Recommendation\nUsually, it is better to use a SQL prepared statement than to build a complete SQL query with string concatenation. A prepared statement can include a wildcard, written as a question mark (?), for each part of the SQL query that is expected to be filled in by a different value each time it is run. When the query is later executed, a value must be supplied for each wildcard in the query.\n\nIn the Java Persistence Query Language, it is better to use queries with parameters than to build a complete query with string concatenation. A Java Persistence query can include a parameter placeholder for each part of the query that is expected to be filled in by a different value when run. A parameter placeholder may be indicated by a colon (:) followed by a parameter name, or by a question mark (?) followed by an integer position. When the query is later executed, a value must be supplied for each parameter in the query, using the `setParameter` method. Specifying the query using the `@NamedQuery` annotation introduces an additional level of safety: the query must be a constant string literal, preventing construction by string concatenation, and the only way to fill in values for parts of the query is by setting positional parameters.\n\nIt is good practice to use prepared statements (in SQL) or query parameters (in the Java Persistence Query Language) for supplying parameter values to a query, whether or not any of the parameters are directly traceable to user input. Doing so avoids any need to worry about quoting and escaping.\n\n\n## Example\nIn the following example, the code runs a simple SQL query in two different ways.\n\nThe first way involves building a query, `query1`, by concatenating an environment variable with some string literals. The environment variable can include special characters, so this code allows for SQL injection attacks.\n\nThe second way, which shows good practice, involves building a query, `query2`, with a single string literal that includes a wildcard (`?`). The wildcard is then given a value by calling `setString`. This version is immune to injection attacks, because any special characters in the environment variable are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have SQL special characters in it\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='\"\n        + category + \"' ORDER BY PRICE\";\n    ResultSet results = statement.executeQuery(query1);\n}\n\n{\n    // GOOD: use a prepared query\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query2 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=? ORDER BY PRICE\";\n    PreparedStatement statement = connection.prepareStatement(query2);\n    statement.setString(1, category);\n    ResultSet results = statement.executeQuery();\n}\n```\n\n## Example\nThe following code shows several different ways to run a Java Persistence query.\n\nThe first example involves building a query, `query1`, by concatenating an environment variable with some string literals. Just like the SQL example, the environment variable can include special characters, so this code allows for Java Persistence query injection attacks.\n\nThe remaining examples demonstrate different methods for safely building a Java Persistence query with user-supplied values:\n\n1. `query2` uses a single string literal that includes a placeholder for a parameter, indicated by a colon (`:`) and parameter name (`category`).\n1. `query3` uses a single string literal that includes a placeholder for a parameter, indicated by a question mark (`?`) and position number (`1`).\n1. `namedQuery1` is defined using the `@NamedQuery` annotation, whose `query` attribute is a string literal that includes a placeholder for a parameter, indicated by a colon (`:`) and parameter name (`category`).\n1. `namedQuery2` is defined using the `@NamedQuery` annotation, whose `query` attribute includes a placeholder for a parameter, indicated by a question mark (`?`) and position number (`1`).\nThe parameter is then given a value by calling `setParameter`. These versions are immune to injection attacks, because any special characters in the environment variable or user-supplied value are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have Java Persistence Query Language special characters in it\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT p FROM Product p WHERE p.category LIKE '\"\n        + category + \"' ORDER BY p.price\";\n    Query q = entityManager.createQuery(query1);\n}\n\n{\n    // GOOD: use a named parameter and set its value\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query2 = \"SELECT p FROM Product p WHERE p.category LIKE :category ORDER BY p.price\"\n    Query q = entityManager.createQuery(query2);\n    q.setParameter(\"category\", category);\n}\n\n{\n    // GOOD: use a positional parameter and set its value\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    String query3 = \"SELECT p FROM Product p WHERE p.category LIKE ?1 ORDER BY p.price\"\n    Query q = entityManager.createQuery(query3);\n    q.setParameter(1, category);\n}\n\n{\n    // GOOD: use a named query with a named parameter and set its value\n    @NamedQuery(\n            name=\"lookupByCategory\",\n            query=\"SELECT p FROM Product p WHERE p.category LIKE :category ORDER BY p.price\")\n    private static class NQ {}\n    ...\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Query namedQuery1 = entityManager.createNamedQuery(\"lookupByCategory\");\n    namedQuery1.setParameter(\"category\", category);\n}\n\n{\n    // GOOD: use a named query with a positional parameter and set its value\n    @NamedQuery(\n            name=\"lookupByCategory\",\n            query=\"SELECT p FROM Product p WHERE p.category LIKE ?1 ORDER BY p.price\")\n    private static class NQ {}\n    ...\n    String category = System.getenv(\"ITEM_CATEGORY\");\n    Query namedQuery2 = entityManager.createNamedQuery(\"lookupByCategory\");\n    namedQuery2.setParameter(1, category);\n}\n```\n\n## References\n* OWASP: [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html).\n* SEI CERT Oracle Coding Standard for Java: [IDS00-J. Prevent SQL injection](https://wiki.sei.cmu.edu/confluence/display/java/IDS00-J.+Prevent+SQL+injection).\n* The Java Tutorials: [Using Prepared Statements](https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html).\n* The Java EE Tutorial: [The Java Persistence Query Language](https://docs.oracle.com/javaee/7/tutorial/persistence-querylanguage.htm).\n* Common Weakness Enumeration: [CWE-89](https://cwe.mitre.org/data/definitions/89.html).\n* Common Weakness Enumeration: [CWE-564](https://cwe.mitre.org/data/definitions/564.html).\n"},"properties":{"tags":["security","external/cwe/cwe-089","external/cwe/cwe-564","owasp-top10-2021","A03:2021 - Injection"],"description":"Building a SQL or Java Persistence query from user-controlled sources is vulnerable to insertion of\n              malicious code by the user.","id":"java/sql-injection","kind":"path-problem","name":"Query built from user-controlled sources","precision":"high","problem.severity":"error","security-severity":"8.8"}},{"id":"java/android/implicitly-exported-component","name":"java/android/implicitly-exported-component","shortDescription":{"text":"Implicitly exported Android component"},"fullDescription":{"text":"Android components with an '<intent-filter>' and no 'android:exported' attribute are implicitly exported, which can allow for improper access to the components themselves and to their data."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Implicitly exported Android component\nThe Android manifest file defines configuration settings for Android applications. In this file, components can be declared with intent filters which specify what the components can do and what types of intents the components can respond to. If the `android:exported` attribute is omitted from the component when an intent filter is included, then the component will be implicitly exported.\n\nAn implicitly exported component could allow for improper access to the component and its data.\n\n\n## Recommendation\nExplicitly set the `android:exported` attribute for every component or use permissions to limit access to the component.\n\n\n## Example\nIn the example below, the `android:exported` attribute is omitted when an intent filter is used.\n\n\n```xml\n<manifest ... >\n    <application ...\n        <!-- BAD: this component is implicitly exported -->\n        <activity>\n            android:name=\".Activity\">\n            <intent-filter>\n                <action android:name=\"android.intent.action.VIEW\" />\n            </intent-filter>\n        </activity>\n    </application>\n</manifest>\n\n```\nA corrected version sets the `android:exported` attribute to `false`.\n\n\n```xml\n<manifest ... >\n    <application ...\n        <!-- GOOD: this component is not exported due to 'android:exported' explicitly set to 'false'-->\n        <activity>\n            android:name=\".Activity\">\n            android:exported=\"false\"\n            <intent-filter>\n                <action android:name=\"android.intent.action.VIEW\" />\n            </intent-filter>\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Developers: [App Manifest Overview](https://developer.android.com/guide/topics/manifest/manifest-intro).\n* Android Developers: [The &lt;intent-filter&gt; element](https://developer.android.com/guide/topics/manifest/intent-filter-element).\n* Android Developers: [The android:exported attribute](https://developer.android.com/guide/topics/manifest/activity-element#exported).\n* Android Developers: [The android:permission attribute](https://developer.android.com/guide/topics/manifest/activity-element#prmsn).\n* Android Developers: [Safer component exporting](https://developer.android.com/about/versions/12/behavior-changes-12#exported).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n","markdown":"# Implicitly exported Android component\nThe Android manifest file defines configuration settings for Android applications. In this file, components can be declared with intent filters which specify what the components can do and what types of intents the components can respond to. If the `android:exported` attribute is omitted from the component when an intent filter is included, then the component will be implicitly exported.\n\nAn implicitly exported component could allow for improper access to the component and its data.\n\n\n## Recommendation\nExplicitly set the `android:exported` attribute for every component or use permissions to limit access to the component.\n\n\n## Example\nIn the example below, the `android:exported` attribute is omitted when an intent filter is used.\n\n\n```xml\n<manifest ... >\n    <application ...\n        <!-- BAD: this component is implicitly exported -->\n        <activity>\n            android:name=\".Activity\">\n            <intent-filter>\n                <action android:name=\"android.intent.action.VIEW\" />\n            </intent-filter>\n        </activity>\n    </application>\n</manifest>\n\n```\nA corrected version sets the `android:exported` attribute to `false`.\n\n\n```xml\n<manifest ... >\n    <application ...\n        <!-- GOOD: this component is not exported due to 'android:exported' explicitly set to 'false'-->\n        <activity>\n            android:name=\".Activity\">\n            android:exported=\"false\"\n            <intent-filter>\n                <action android:name=\"android.intent.action.VIEW\" />\n            </intent-filter>\n        </activity>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Developers: [App Manifest Overview](https://developer.android.com/guide/topics/manifest/manifest-intro).\n* Android Developers: [The &lt;intent-filter&gt; element](https://developer.android.com/guide/topics/manifest/intent-filter-element).\n* Android Developers: [The android:exported attribute](https://developer.android.com/guide/topics/manifest/activity-element#exported).\n* Android Developers: [The android:permission attribute](https://developer.android.com/guide/topics/manifest/activity-element#prmsn).\n* Android Developers: [Safer component exporting](https://developer.android.com/about/versions/12/behavior-changes-12#exported).\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n"},"properties":{"tags":["security","external/cwe/cwe-926"],"description":"Android components with an '<intent-filter>' and no 'android:exported' attribute are implicitly exported, which can allow for improper access to the components themselves and to their data.","id":"java/android/implicitly-exported-component","kind":"problem","name":"Implicitly exported Android component","precision":"high","problem.severity":"warning","security-severity":"8.2"}},{"id":"java/ssrf","name":"java/ssrf","shortDescription":{"text":"Server-side request forgery"},"fullDescription":{"text":"Making web requests based on unvalidated user-input may cause the server to communicate with malicious servers."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Server-side request forgery\nDirectly incorporating user input into an HTTP request without validating the input can facilitate server-side request forgery (SSRF) attacks. In these attacks, the server may be tricked into making a request and interacting with an attacker-controlled server.\n\n\n## Recommendation\nTo guard against SSRF attacks, you should avoid putting user-provided input directly into a request URL. Instead, maintain a list of authorized URLs on the server; then choose from that list based on the input provided. Alternatively, ensure requests constructed from user input are limited to a particular host or more restrictive URL prefix.\n\n\n## Example\nThe following example shows an HTTP request parameter being used directly to form a new request without validating the input, which facilitates SSRF attacks. It also shows how to remedy the problem by validating the user input against a known fixed string.\n\n\n```java\nimport java.net.http.HttpClient;\n\npublic class SSRF extends HttpServlet {\n\tprivate static final String VALID_URI = \"http://lgtm.com\";\n\tprivate HttpClient client = HttpClient.newHttpClient();\n\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\t\tthrows ServletException, IOException {\n\t\tURI uri = new URI(request.getParameter(\"uri\"));\n\t\t// BAD: a request parameter is incorporated without validation into a Http request\n\t\tHttpRequest r = HttpRequest.newBuilder(uri).build();\n\t\tclient.send(r, null);\n\n\t\t// GOOD: the request parameter is validated against a known fixed string\n\t\tif (VALID_URI.equals(request.getParameter(\"uri\"))) {\n\t\t\tHttpRequest r2 = HttpRequest.newBuilder(uri).build();\n\t\t\tclient.send(r2, null);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* [OWASP SSRF](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery)\n* Common Weakness Enumeration: [CWE-918](https://cwe.mitre.org/data/definitions/918.html).\n","markdown":"# Server-side request forgery\nDirectly incorporating user input into an HTTP request without validating the input can facilitate server-side request forgery (SSRF) attacks. In these attacks, the server may be tricked into making a request and interacting with an attacker-controlled server.\n\n\n## Recommendation\nTo guard against SSRF attacks, you should avoid putting user-provided input directly into a request URL. Instead, maintain a list of authorized URLs on the server; then choose from that list based on the input provided. Alternatively, ensure requests constructed from user input are limited to a particular host or more restrictive URL prefix.\n\n\n## Example\nThe following example shows an HTTP request parameter being used directly to form a new request without validating the input, which facilitates SSRF attacks. It also shows how to remedy the problem by validating the user input against a known fixed string.\n\n\n```java\nimport java.net.http.HttpClient;\n\npublic class SSRF extends HttpServlet {\n\tprivate static final String VALID_URI = \"http://lgtm.com\";\n\tprivate HttpClient client = HttpClient.newHttpClient();\n\n\tprotected void doGet(HttpServletRequest request, HttpServletResponse response)\n\t\tthrows ServletException, IOException {\n\t\tURI uri = new URI(request.getParameter(\"uri\"));\n\t\t// BAD: a request parameter is incorporated without validation into a Http request\n\t\tHttpRequest r = HttpRequest.newBuilder(uri).build();\n\t\tclient.send(r, null);\n\n\t\t// GOOD: the request parameter is validated against a known fixed string\n\t\tif (VALID_URI.equals(request.getParameter(\"uri\"))) {\n\t\t\tHttpRequest r2 = HttpRequest.newBuilder(uri).build();\n\t\t\tclient.send(r2, null);\n\t\t}\n\t}\n}\n\n```\n\n## References\n* [OWASP SSRF](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery)\n* Common Weakness Enumeration: [CWE-918](https://cwe.mitre.org/data/definitions/918.html).\n"},"properties":{"tags":["security","external/cwe/cwe-918","owasp-top10-2021","A10:2021 - Server-Side Request Forgery (SSRF)"],"description":"Making web requests based on unvalidated user-input\n              may cause the server to communicate with malicious servers.","id":"java/ssrf","kind":"path-problem","name":"Server-side request forgery","precision":"high","problem.severity":"error","security-severity":"9.1"}},{"id":"java/insecure-bean-validation","name":"java/insecure-bean-validation","shortDescription":{"text":"Insecure Bean Validation"},"fullDescription":{"text":"User-controlled data may be evaluated as a Java EL expression, leading to arbitrary code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Insecure Bean Validation\nCustom error messages for constraint validators support different types of interpolation, including [Java EL expressions](https://docs.jboss.org/hibernate/validator/5.1/reference/en-US/html/chapter-message-interpolation.html#section-interpolation-with-message-expressions). Controlling part of the message template being passed to `ConstraintValidatorContext.buildConstraintViolationWithTemplate()` argument can lead to arbitrary Java code execution. Unfortunately, it is common that validated (and therefore, normally untrusted) bean properties flow into the custom error message.\n\n\n## Recommendation\nThere are different approaches to remediate the issue:\n\n* Do not include validated bean properties in the custom error message.\n* Use parameterized messages instead of string concatenation. For example:\n```\nHibernateConstraintValidatorContext context =\n   constraintValidatorContext.unwrap(HibernateConstraintValidatorContext.class);\ncontext.addMessageParameter(\"foo\", \"bar\");\ncontext.buildConstraintViolationWithTemplate(\"My violation message contains a parameter {foo}\")\n   .addConstraintViolation();\n```\n* Sanitize the validated bean properties to make sure that there are no EL expressions. An example of valid sanitization logic can be found [here](https://github.com/hibernate/hibernate-validator/blob/master/engine/src/main/java/org/hibernate/validator/internal/engine/messageinterpolation/util/InterpolationHelper.java#L17).\n* Disable the EL interpolation and only use `ParameterMessageInterpolator`:\n```\nValidator validator = Validation.byDefaultProvider()\n   .configure()\n   .messageInterpolator(new ParameterMessageInterpolator())\n   .buildValidatorFactory()\n   .getValidator();\n```\n* Replace Hibernate Validator with Apache BVal, which in its latest version does not interpolate EL expressions by default. Note that this replacement may not be a simple drop-in replacement.\n\n## Example\nThe following validator could result in arbitrary Java code execution:\n\n\n```java\nimport javax.validation.ConstraintValidator;\nimport javax.validation.ConstraintValidatorContext;\nimport org.hibernate.validator.constraintvalidation.HibernateConstraintValidatorContext;\nimport java.util.regex.Matcher;\nimport java.util.regex.Pattern;\n\npublic class TestValidator implements ConstraintValidator<Object, String> {\n\n    public static class InterpolationHelper {\n\n        public static final char BEGIN_TERM = '{';\n        public static final char END_TERM = '}';\n        public static final char EL_DESIGNATOR = '$';\n        public static final char ESCAPE_CHARACTER = '\\\\';\n\n        private static final Pattern ESCAPE_MESSAGE_PARAMETER_PATTERN = Pattern.compile( \"([\\\\\" + ESCAPE_CHARACTER + BEGIN_TERM + END_TERM + EL_DESIGNATOR + \"])\" );\n\n        private InterpolationHelper() {\n        }\n\n        public static String escapeMessageParameter(String messageParameter) {\n            if ( messageParameter == null ) {\n                return null;\n            }\n            return ESCAPE_MESSAGE_PARAMETER_PATTERN.matcher( messageParameter ).replaceAll( Matcher.quoteReplacement( String.valueOf( ESCAPE_CHARACTER ) ) + \"$1\" );\n        }\n\n    }\n\n    @Override\n    public boolean isValid(String object, ConstraintValidatorContext constraintContext) {\n        String value = object + \" is invalid\";\n\n        // Bad: Bean properties (normally user-controlled) are passed directly to `buildConstraintViolationWithTemplate`\n        constraintContext.buildConstraintViolationWithTemplate(value).addConstraintViolation().disableDefaultConstraintViolation();\n\n        // Good: Bean properties (normally user-controlled) are escaped \n        String escaped = InterpolationHelper.escapeMessageParameter(value);\n        constraintContext.buildConstraintViolationWithTemplate(escaped).addConstraintViolation().disableDefaultConstraintViolation();\n\n        // Good: Bean properties (normally user-controlled) are parameterized\n        HibernateConstraintValidatorContext context = constraintContext.unwrap( HibernateConstraintValidatorContext.class );\n        context.addMessageParameter( \"prop\", object );\n        context.buildConstraintViolationWithTemplate( \"{prop} is invalid\").addConstraintViolation();\n        return false;\n    }\n\n}\n\n```\n\n## References\n* Hibernate Reference Guide: [ConstraintValidatorContext](https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code).\n* GitHub Security Lab research: [Bean validation](https://securitylab.github.com/research/bean-validation-RCE).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Insecure Bean Validation\nCustom error messages for constraint validators support different types of interpolation, including [Java EL expressions](https://docs.jboss.org/hibernate/validator/5.1/reference/en-US/html/chapter-message-interpolation.html#section-interpolation-with-message-expressions). Controlling part of the message template being passed to `ConstraintValidatorContext.buildConstraintViolationWithTemplate()` argument can lead to arbitrary Java code execution. Unfortunately, it is common that validated (and therefore, normally untrusted) bean properties flow into the custom error message.\n\n\n## Recommendation\nThere are different approaches to remediate the issue:\n\n* Do not include validated bean properties in the custom error message.\n* Use parameterized messages instead of string concatenation. For example:\n```\nHibernateConstraintValidatorContext context =\n   constraintValidatorContext.unwrap(HibernateConstraintValidatorContext.class);\ncontext.addMessageParameter(\"foo\", \"bar\");\ncontext.buildConstraintViolationWithTemplate(\"My violation message contains a parameter {foo}\")\n   .addConstraintViolation();\n```\n* Sanitize the validated bean properties to make sure that there are no EL expressions. An example of valid sanitization logic can be found [here](https://github.com/hibernate/hibernate-validator/blob/master/engine/src/main/java/org/hibernate/validator/internal/engine/messageinterpolation/util/InterpolationHelper.java#L17).\n* Disable the EL interpolation and only use `ParameterMessageInterpolator`:\n```\nValidator validator = Validation.byDefaultProvider()\n   .configure()\n   .messageInterpolator(new ParameterMessageInterpolator())\n   .buildValidatorFactory()\n   .getValidator();\n```\n* Replace Hibernate Validator with Apache BVal, which in its latest version does not interpolate EL expressions by default. Note that this replacement may not be a simple drop-in replacement.\n\n## Example\nThe following validator could result in arbitrary Java code execution:\n\n\n```java\nimport javax.validation.ConstraintValidator;\nimport javax.validation.ConstraintValidatorContext;\nimport org.hibernate.validator.constraintvalidation.HibernateConstraintValidatorContext;\nimport java.util.regex.Matcher;\nimport java.util.regex.Pattern;\n\npublic class TestValidator implements ConstraintValidator<Object, String> {\n\n    public static class InterpolationHelper {\n\n        public static final char BEGIN_TERM = '{';\n        public static final char END_TERM = '}';\n        public static final char EL_DESIGNATOR = '$';\n        public static final char ESCAPE_CHARACTER = '\\\\';\n\n        private static final Pattern ESCAPE_MESSAGE_PARAMETER_PATTERN = Pattern.compile( \"([\\\\\" + ESCAPE_CHARACTER + BEGIN_TERM + END_TERM + EL_DESIGNATOR + \"])\" );\n\n        private InterpolationHelper() {\n        }\n\n        public static String escapeMessageParameter(String messageParameter) {\n            if ( messageParameter == null ) {\n                return null;\n            }\n            return ESCAPE_MESSAGE_PARAMETER_PATTERN.matcher( messageParameter ).replaceAll( Matcher.quoteReplacement( String.valueOf( ESCAPE_CHARACTER ) ) + \"$1\" );\n        }\n\n    }\n\n    @Override\n    public boolean isValid(String object, ConstraintValidatorContext constraintContext) {\n        String value = object + \" is invalid\";\n\n        // Bad: Bean properties (normally user-controlled) are passed directly to `buildConstraintViolationWithTemplate`\n        constraintContext.buildConstraintViolationWithTemplate(value).addConstraintViolation().disableDefaultConstraintViolation();\n\n        // Good: Bean properties (normally user-controlled) are escaped \n        String escaped = InterpolationHelper.escapeMessageParameter(value);\n        constraintContext.buildConstraintViolationWithTemplate(escaped).addConstraintViolation().disableDefaultConstraintViolation();\n\n        // Good: Bean properties (normally user-controlled) are parameterized\n        HibernateConstraintValidatorContext context = constraintContext.unwrap( HibernateConstraintValidatorContext.class );\n        context.addMessageParameter( \"prop\", object );\n        context.buildConstraintViolationWithTemplate( \"{prop} is invalid\").addConstraintViolation();\n        return false;\n    }\n\n}\n\n```\n\n## References\n* Hibernate Reference Guide: [ConstraintValidatorContext](https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code).\n* GitHub Security Lab research: [Bean validation](https://securitylab.github.com/research/bean-validation-RCE).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-094","owasp-top10-2021","A03:2021 - Injection"],"description":"User-controlled data may be evaluated as a Java EL expression, leading to arbitrary code execution.","id":"java/insecure-bean-validation","kind":"path-problem","name":"Insecure Bean Validation","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/spel-expression-injection","name":"java/spel-expression-injection","shortDescription":{"text":"Expression language injection (Spring)"},"fullDescription":{"text":"Evaluation of a user-controlled Spring Expression Language (SpEL) expression may lead to remote code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Expression language injection (Spring)\nThe Spring Expression Language (SpEL) is a powerful expression language provided by the Spring Framework. The language offers many features including invocation of methods available in the JVM. If a SpEL expression is built using attacker-controlled data, and then evaluated in a powerful context, then it may allow the attacker to run arbitrary code.\n\nThe `SpelExpressionParser` class parses a SpEL expression string and returns an `Expression` instance that can be then evaluated by calling one of its methods. By default, an expression is evaluated in a powerful `StandardEvaluationContext` that allows the expression to access other methods available in the JVM.\n\n\n## Recommendation\nIn general, including user input in a SpEL expression should be avoided. If user input must be included in the expression, it should be then evaluated in a limited context that doesn't allow arbitrary method invocation.\n\n\n## Example\nThe following example uses untrusted data to build a SpEL expression and then runs it in the default powerful context.\n\n\n```java\npublic Object evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n      new InputStreamReader(socket.getInputStream()))) {\n\n    String string = reader.readLine();\n    ExpressionParser parser = new SpelExpressionParser();\n    Expression expression = parser.parseExpression(string);\n    return expression.getValue();\n  }\n}\n```\nThe next example shows how an untrusted SpEL expression can be run in `SimpleEvaluationContext` that doesn't allow accessing arbitrary methods. However, it's recommended to avoid using untrusted input in SpEL expressions.\n\n\n```java\npublic Object evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n      new InputStreamReader(socket.getInputStream()))) {\n\n    String string = reader.readLine();\n    ExpressionParser parser = new SpelExpressionParser();\n    Expression expression = parser.parseExpression(string);\n    SimpleEvaluationContext context \n        = SimpleEvaluationContext.forReadWriteDataBinding().build();\n    return expression.getValue(context);\n  }\n}\n```\n\n## References\n* Spring Framework Reference Documentation: [Spring Expression Language (SpEL)](https://docs.spring.io/spring/docs/4.2.x/spring-framework-reference/html/expressions.html).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Expression language injection (Spring)\nThe Spring Expression Language (SpEL) is a powerful expression language provided by the Spring Framework. The language offers many features including invocation of methods available in the JVM. If a SpEL expression is built using attacker-controlled data, and then evaluated in a powerful context, then it may allow the attacker to run arbitrary code.\n\nThe `SpelExpressionParser` class parses a SpEL expression string and returns an `Expression` instance that can be then evaluated by calling one of its methods. By default, an expression is evaluated in a powerful `StandardEvaluationContext` that allows the expression to access other methods available in the JVM.\n\n\n## Recommendation\nIn general, including user input in a SpEL expression should be avoided. If user input must be included in the expression, it should be then evaluated in a limited context that doesn't allow arbitrary method invocation.\n\n\n## Example\nThe following example uses untrusted data to build a SpEL expression and then runs it in the default powerful context.\n\n\n```java\npublic Object evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n      new InputStreamReader(socket.getInputStream()))) {\n\n    String string = reader.readLine();\n    ExpressionParser parser = new SpelExpressionParser();\n    Expression expression = parser.parseExpression(string);\n    return expression.getValue();\n  }\n}\n```\nThe next example shows how an untrusted SpEL expression can be run in `SimpleEvaluationContext` that doesn't allow accessing arbitrary methods. However, it's recommended to avoid using untrusted input in SpEL expressions.\n\n\n```java\npublic Object evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n      new InputStreamReader(socket.getInputStream()))) {\n\n    String string = reader.readLine();\n    ExpressionParser parser = new SpelExpressionParser();\n    Expression expression = parser.parseExpression(string);\n    SimpleEvaluationContext context \n        = SimpleEvaluationContext.forReadWriteDataBinding().build();\n    return expression.getValue(context);\n  }\n}\n```\n\n## References\n* Spring Framework Reference Documentation: [Spring Expression Language (SpEL)](https://docs.spring.io/spring/docs/4.2.x/spring-framework-reference/html/expressions.html).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-094","owasp-top10-2021","A03:2021 - Injection"],"description":"Evaluation of a user-controlled Spring Expression Language (SpEL) expression\n              may lead to remote code execution.","id":"java/spel-expression-injection","kind":"path-problem","name":"Expression language injection (Spring)","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/groovy-injection","name":"java/groovy-injection","shortDescription":{"text":"Groovy Language injection"},"fullDescription":{"text":"Evaluation of a user-controlled Groovy script may lead to arbitrary code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Groovy Language injection\nApache Groovy is a powerful, optionally typed and dynamic language, with static-typing and static compilation capabilities. It integrates smoothly with any Java program, and immediately delivers to your application powerful features, including scripting capabilities, Domain-Specific Language authoring, runtime and compile-time meta-programming and functional programming. If a Groovy script is built using attacker-controlled data, and then evaluated, then it may allow the attacker to achieve RCE.\n\n\n## Recommendation\nIt is generally recommended to avoid using untrusted input in a Groovy evaluation. If this is not possible, use a sandbox solution. Developers must also take care that Groovy compile-time metaprogramming can also lead to RCE: it is possible to achieve RCE by compiling a Groovy script (see the article \"Abusing Meta Programming for Unauthenticated RCE!\" linked below). Groovy's `SecureASTCustomizer` allows securing source code by controlling what code constructs are permitted. This is typically done when using Groovy for its scripting or domain specific language (DSL) features. The fundamental problem is that Groovy is a dynamic language, yet `SecureASTCustomizer` works by looking at Groovy AST statically. This makes it very easy for an attacker to bypass many of the intended checks (see \\[Groovy SecureASTCustomizer is harmful\\](https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/)). Therefore, besides `SecureASTCustomizer`, runtime checks are also necessary before calling Groovy methods (see \\[Improved sandboxing of Groovy scripts\\](https://melix.github.io/blog/2015/03/sandboxing.html)). It is also possible to use a block-list method, excluding unwanted classes from being loaded by the JVM. This method is not always recommended, because block-lists can be bypassed by unexpected values.\n\n\n## Example\nThe following example uses untrusted data to evaluate a Groovy script.\n\n\n```java\npublic class GroovyInjection {\n    void injectionViaClassLoader(HttpServletRequest request) {    \n        String script = request.getParameter(\"script\");\n        final GroovyClassLoader classLoader = new GroovyClassLoader();\n        Class groovy = classLoader.parseClass(script);\n        GroovyObject groovyObj = (GroovyObject) groovy.newInstance();\n    }\n\n    void injectionViaEval(HttpServletRequest request) {\n        String script = request.getParameter(\"script\");\n        Eval.me(script);\n    }\n\n    void injectionViaGroovyShell(HttpServletRequest request) {\n        GroovyShell shell = new GroovyShell();\n        String script = request.getParameter(\"script\");\n        shell.evaluate(script);\n    }\n\n    void injectionViaGroovyShellGroovyCodeSource(HttpServletRequest request) {\n        GroovyShell shell = new GroovyShell();\n        String script = request.getParameter(\"script\");\n        GroovyCodeSource gcs = new GroovyCodeSource(script, \"test\", \"Test\");\n        shell.evaluate(gcs);\n    }\n}\n\n\n```\nThe following example uses classloader block-list approach to exclude loading dangerous classes.\n\n\n```java\npublic class SandboxGroovyClassLoader extends ClassLoader {\n    public SandboxGroovyClassLoader(ClassLoader parent) {\n        super(parent);\n    }\n\n    /* override `loadClass` here to prevent loading sensitive classes, such as `java.lang.Runtime`, `java.lang.ProcessBuilder`, `java.lang.System`, etc.  */\n    /* Note we must also block `groovy.transform.ASTTest`, `groovy.lang.GrabConfig` and `org.buildobjects.process.ProcBuilder` to prevent compile-time RCE. */\n\n    static void runWithSandboxGroovyClassLoader() throws Exception {\n        // GOOD: route all class-loading via sand-boxing classloader.\n        SandboxGroovyClassLoader classLoader = new GroovyClassLoader(new SandboxGroovyClassLoader());\n        \n        Class<?> scriptClass = classLoader.parseClass(untrusted.getQueryString());\n        Object scriptInstance = scriptClass.newInstance();\n        Object result = scriptClass.getDeclaredMethod(\"bar\", new Class[]{}).invoke(scriptInstance, new Object[]{});\n    }\n}\n```\n\n## References\n* Orange Tsai: [Abusing Meta Programming for Unauthenticated RCE!](https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html).\n* Cédric Champeau: [Improved sandboxing of Groovy scripts](https://melix.github.io/blog/2015/03/sandboxing.html).\n* Kohsuke Kawaguchi: [Groovy SecureASTCustomizer is harmful](https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/).\n* Welk1n: [Groovy Injection payloads](https://github.com/welk1n/exploiting-groovy-in-Java/).\n* Charles Chan: [Secure Groovy Script Execution in a Sandbox](https://levelup.gitconnected.com/secure-groovy-script-execution-in-a-sandbox-ea39f80ee87/).\n* Eugene: [Scripting and sandboxing in a JVM environment](https://stringconcat.com/en/scripting-and-sandboxing/).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Groovy Language injection\nApache Groovy is a powerful, optionally typed and dynamic language, with static-typing and static compilation capabilities. It integrates smoothly with any Java program, and immediately delivers to your application powerful features, including scripting capabilities, Domain-Specific Language authoring, runtime and compile-time meta-programming and functional programming. If a Groovy script is built using attacker-controlled data, and then evaluated, then it may allow the attacker to achieve RCE.\n\n\n## Recommendation\nIt is generally recommended to avoid using untrusted input in a Groovy evaluation. If this is not possible, use a sandbox solution. Developers must also take care that Groovy compile-time metaprogramming can also lead to RCE: it is possible to achieve RCE by compiling a Groovy script (see the article \"Abusing Meta Programming for Unauthenticated RCE!\" linked below). Groovy's `SecureASTCustomizer` allows securing source code by controlling what code constructs are permitted. This is typically done when using Groovy for its scripting or domain specific language (DSL) features. The fundamental problem is that Groovy is a dynamic language, yet `SecureASTCustomizer` works by looking at Groovy AST statically. This makes it very easy for an attacker to bypass many of the intended checks (see \\[Groovy SecureASTCustomizer is harmful\\](https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/)). Therefore, besides `SecureASTCustomizer`, runtime checks are also necessary before calling Groovy methods (see \\[Improved sandboxing of Groovy scripts\\](https://melix.github.io/blog/2015/03/sandboxing.html)). It is also possible to use a block-list method, excluding unwanted classes from being loaded by the JVM. This method is not always recommended, because block-lists can be bypassed by unexpected values.\n\n\n## Example\nThe following example uses untrusted data to evaluate a Groovy script.\n\n\n```java\npublic class GroovyInjection {\n    void injectionViaClassLoader(HttpServletRequest request) {    \n        String script = request.getParameter(\"script\");\n        final GroovyClassLoader classLoader = new GroovyClassLoader();\n        Class groovy = classLoader.parseClass(script);\n        GroovyObject groovyObj = (GroovyObject) groovy.newInstance();\n    }\n\n    void injectionViaEval(HttpServletRequest request) {\n        String script = request.getParameter(\"script\");\n        Eval.me(script);\n    }\n\n    void injectionViaGroovyShell(HttpServletRequest request) {\n        GroovyShell shell = new GroovyShell();\n        String script = request.getParameter(\"script\");\n        shell.evaluate(script);\n    }\n\n    void injectionViaGroovyShellGroovyCodeSource(HttpServletRequest request) {\n        GroovyShell shell = new GroovyShell();\n        String script = request.getParameter(\"script\");\n        GroovyCodeSource gcs = new GroovyCodeSource(script, \"test\", \"Test\");\n        shell.evaluate(gcs);\n    }\n}\n\n\n```\nThe following example uses classloader block-list approach to exclude loading dangerous classes.\n\n\n```java\npublic class SandboxGroovyClassLoader extends ClassLoader {\n    public SandboxGroovyClassLoader(ClassLoader parent) {\n        super(parent);\n    }\n\n    /* override `loadClass` here to prevent loading sensitive classes, such as `java.lang.Runtime`, `java.lang.ProcessBuilder`, `java.lang.System`, etc.  */\n    /* Note we must also block `groovy.transform.ASTTest`, `groovy.lang.GrabConfig` and `org.buildobjects.process.ProcBuilder` to prevent compile-time RCE. */\n\n    static void runWithSandboxGroovyClassLoader() throws Exception {\n        // GOOD: route all class-loading via sand-boxing classloader.\n        SandboxGroovyClassLoader classLoader = new GroovyClassLoader(new SandboxGroovyClassLoader());\n        \n        Class<?> scriptClass = classLoader.parseClass(untrusted.getQueryString());\n        Object scriptInstance = scriptClass.newInstance();\n        Object result = scriptClass.getDeclaredMethod(\"bar\", new Class[]{}).invoke(scriptInstance, new Object[]{});\n    }\n}\n```\n\n## References\n* Orange Tsai: [Abusing Meta Programming for Unauthenticated RCE!](https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html).\n* Cédric Champeau: [Improved sandboxing of Groovy scripts](https://melix.github.io/blog/2015/03/sandboxing.html).\n* Kohsuke Kawaguchi: [Groovy SecureASTCustomizer is harmful](https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/).\n* Welk1n: [Groovy Injection payloads](https://github.com/welk1n/exploiting-groovy-in-Java/).\n* Charles Chan: [Secure Groovy Script Execution in a Sandbox](https://levelup.gitconnected.com/secure-groovy-script-execution-in-a-sandbox-ea39f80ee87/).\n* Eugene: [Scripting and sandboxing in a JVM environment](https://stringconcat.com/en/scripting-and-sandboxing/).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-094","owasp-top10-2021","A03:2021 - Injection"],"description":"Evaluation of a user-controlled Groovy script\n              may lead to arbitrary code execution.","id":"java/groovy-injection","kind":"path-problem","name":"Groovy Language injection","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/mvel-expression-injection","name":"java/mvel-expression-injection","shortDescription":{"text":"Expression language injection (MVEL)"},"fullDescription":{"text":"Evaluation of a user-controlled MVEL expression may lead to remote code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Expression language injection (MVEL)\nMVEL is an expression language based on Java-syntax, which offers many features including invocation of methods available in the JVM. If a MVEL expression is built using attacker-controlled data, and then evaluated, then it may allow attackers to run arbitrary code.\n\n\n## Recommendation\nIncluding user input in a MVEL expression should be avoided.\n\n\n## Example\nIn the following sample, the first example uses untrusted data to build a MVEL expression and then runs it in the default context. In the second example, the untrusted data is validated with a custom method that checks that the expression does not contain unexpected code before evaluating it.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n    new InputStreamReader(socket.getInputStream()))) {\n  \n    String expression = reader.readLine();\n    // BAD: the user-provided expression is directly evaluated\n    MVEL.eval(expression);\n  }\n}\n\npublic void safeEvaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n    new InputStreamReader(socket.getInputStream()))) {\n  \n    String expression = reader.readLine();\n    // GOOD: the user-provided expression is validated before evaluation\n    validateExpression(expression);\n    MVEL.eval(expression);\n  }\n}\n\nprivate void validateExpression(String expression) {\n  // Validate that the expression does not contain unexpected code.\n  // For instance, this can be done with allow-lists or deny-lists of code patterns.\n}\n```\n\n## References\n* MVEL Documentation: [Language Guide for 2.0](http://mvel.documentnode.com/).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Expression language injection (MVEL)\nMVEL is an expression language based on Java-syntax, which offers many features including invocation of methods available in the JVM. If a MVEL expression is built using attacker-controlled data, and then evaluated, then it may allow attackers to run arbitrary code.\n\n\n## Recommendation\nIncluding user input in a MVEL expression should be avoided.\n\n\n## Example\nIn the following sample, the first example uses untrusted data to build a MVEL expression and then runs it in the default context. In the second example, the untrusted data is validated with a custom method that checks that the expression does not contain unexpected code before evaluating it.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n    new InputStreamReader(socket.getInputStream()))) {\n  \n    String expression = reader.readLine();\n    // BAD: the user-provided expression is directly evaluated\n    MVEL.eval(expression);\n  }\n}\n\npublic void safeEvaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n    new InputStreamReader(socket.getInputStream()))) {\n  \n    String expression = reader.readLine();\n    // GOOD: the user-provided expression is validated before evaluation\n    validateExpression(expression);\n    MVEL.eval(expression);\n  }\n}\n\nprivate void validateExpression(String expression) {\n  // Validate that the expression does not contain unexpected code.\n  // For instance, this can be done with allow-lists or deny-lists of code patterns.\n}\n```\n\n## References\n* MVEL Documentation: [Language Guide for 2.0](http://mvel.documentnode.com/).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-094","owasp-top10-2021","A03:2021 - Injection"],"description":"Evaluation of a user-controlled MVEL expression\n              may lead to remote code execution.","id":"java/mvel-expression-injection","kind":"path-problem","name":"Expression language injection (MVEL)","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/jexl-expression-injection","name":"java/jexl-expression-injection","shortDescription":{"text":"Expression language injection (JEXL)"},"fullDescription":{"text":"Evaluation of a user-controlled JEXL expression may lead to arbitrary code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Expression language injection (JEXL)\nJava EXpression Language (JEXL) is a simple expression language provided by the Apache Commons JEXL library. The syntax is close to a mix of ECMAScript and shell-script. The language allows invocation of methods available in the JVM. If a JEXL expression is built using attacker-controlled data, and then evaluated, then it may allow the attacker to run arbitrary code.\n\n\n## Recommendation\nIt is generally recommended to avoid using untrusted input in a JEXL expression. If it is not possible, JEXL expressions should be run in a sandbox that allows accessing only explicitly allowed classes.\n\n\n## Example\nThe following example uses untrusted data to build and run a JEXL expression.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    String input = reader.readLine();\n    JexlEngine jexl = new JexlBuilder().create();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n}\n```\nThe next example shows how an untrusted JEXL expression can be run in a sandbox that allows accessing only methods in the `java.lang.Math` class. The sandbox is implemented using `JexlSandbox` class that is provided by Apache Commons JEXL 3.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    JexlSandbox onlyMath = new JexlSandbox(false);\n    onlyMath.white(\"java.lang.Math\");\n    JexlEngine jexl = new JexlBuilder().sandbox(onlyMath).create();\n      \n    String input = reader.readLine();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n}\n```\nThe next example shows another way how a sandbox can be implemented. It uses a custom implementation of `JexlUberspect` that checks if callees are instances of allowed classes.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    JexlUberspect sandbox = new JexlUberspectSandbox();\n    JexlEngine jexl = new JexlBuilder().uberspect(sandbox).create();\n      \n    String input = reader.readLine();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n\n  private static class JexlUberspectSandbox implements JexlUberspect {\n\n    private static final List<String> ALLOWED_CLASSES =\n              Arrays.asList(\"java.lang.Math\", \"java.util.Random\");\n\n    private final JexlUberspect uberspect = new JexlBuilder().create().getUberspect();\n\n    private void checkAccess(Object obj) {\n      if (!ALLOWED_CLASSES.contains(obj.getClass().getCanonicalName())) {\n        throw new AccessControlException(\"Not allowed\");\n      }\n    }\n\n    @Override\n    public JexlMethod getMethod(Object obj, String method, Object... args) {\n      checkAccess(obj);\n      return uberspect.getMethod(obj, method, args);\n    }\n\n    @Override\n    public List<PropertyResolver> getResolvers(JexlOperator op, Object obj) {\n      checkAccess(obj);\n      return uberspect.getResolvers(op, obj);\n    }\n\n    @Override\n    public void setClassLoader(ClassLoader loader) {\n      uberspect.setClassLoader(loader);\n    }\n\n    @Override\n    public int getVersion() {\n      return uberspect.getVersion();\n    }\n\n    @Override\n    public JexlMethod getConstructor(Object obj, Object... args) {\n      checkAccess(obj);\n      return uberspect.getConstructor(obj, args);\n    }\n\n    @Override\n    public JexlPropertyGet getPropertyGet(Object obj, Object identifier) {\n      checkAccess(obj);\n      return uberspect.getPropertyGet(obj, identifier);\n    }\n\n    @Override\n    public JexlPropertyGet getPropertyGet(List<PropertyResolver> resolvers, Object obj, Object identifier) {\n      checkAccess(obj);\n      return uberspect.getPropertyGet(resolvers, obj, identifier);\n    }\n\n    @Override\n    public JexlPropertySet getPropertySet(Object obj, Object identifier, Object arg) {\n      checkAccess(obj);\n      return uberspect.getPropertySet(obj, identifier, arg);\n    }\n\n    @Override\n    public JexlPropertySet getPropertySet(List<PropertyResolver> resolvers, Object obj, Object identifier, Object arg) {\n      checkAccess(obj);\n      return uberspect.getPropertySet(resolvers, obj, identifier, arg);\n    }\n\n    @Override\n    public Iterator<?> getIterator(Object obj) {\n      checkAccess(obj);\n      return uberspect.getIterator(obj);\n    }\n\n    @Override\n    public JexlArithmetic.Uberspect getArithmetic(JexlArithmetic arithmetic) {\n      return uberspect.getArithmetic(arithmetic);\n    } \n  }\n}\n```\n\n## References\n* Apache Commons JEXL: [Project page](https://commons.apache.org/proper/commons-jexl/).\n* Apache Commons JEXL documentation: [JEXL 2.1.1 API](https://commons.apache.org/proper/commons-jexl/javadocs/apidocs-2.1.1/).\n* Apache Commons JEXL documentation: [JEXL 3.1 API](https://commons.apache.org/proper/commons-jexl/apidocs/index.html).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Expression language injection (JEXL)\nJava EXpression Language (JEXL) is a simple expression language provided by the Apache Commons JEXL library. The syntax is close to a mix of ECMAScript and shell-script. The language allows invocation of methods available in the JVM. If a JEXL expression is built using attacker-controlled data, and then evaluated, then it may allow the attacker to run arbitrary code.\n\n\n## Recommendation\nIt is generally recommended to avoid using untrusted input in a JEXL expression. If it is not possible, JEXL expressions should be run in a sandbox that allows accessing only explicitly allowed classes.\n\n\n## Example\nThe following example uses untrusted data to build and run a JEXL expression.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    String input = reader.readLine();\n    JexlEngine jexl = new JexlBuilder().create();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n}\n```\nThe next example shows how an untrusted JEXL expression can be run in a sandbox that allows accessing only methods in the `java.lang.Math` class. The sandbox is implemented using `JexlSandbox` class that is provided by Apache Commons JEXL 3.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    JexlSandbox onlyMath = new JexlSandbox(false);\n    onlyMath.white(\"java.lang.Math\");\n    JexlEngine jexl = new JexlBuilder().sandbox(onlyMath).create();\n      \n    String input = reader.readLine();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n}\n```\nThe next example shows another way how a sandbox can be implemented. It uses a custom implementation of `JexlUberspect` that checks if callees are instances of allowed classes.\n\n\n```java\npublic void evaluate(Socket socket) throws IOException {\n  try (BufferedReader reader = new BufferedReader(\n        new InputStreamReader(socket.getInputStream()))) {\n    \n    JexlUberspect sandbox = new JexlUberspectSandbox();\n    JexlEngine jexl = new JexlBuilder().uberspect(sandbox).create();\n      \n    String input = reader.readLine();\n    JexlExpression expression = jexl.createExpression(input);\n    JexlContext context = new MapContext();\n    expression.evaluate(context);\n  }\n\n  private static class JexlUberspectSandbox implements JexlUberspect {\n\n    private static final List<String> ALLOWED_CLASSES =\n              Arrays.asList(\"java.lang.Math\", \"java.util.Random\");\n\n    private final JexlUberspect uberspect = new JexlBuilder().create().getUberspect();\n\n    private void checkAccess(Object obj) {\n      if (!ALLOWED_CLASSES.contains(obj.getClass().getCanonicalName())) {\n        throw new AccessControlException(\"Not allowed\");\n      }\n    }\n\n    @Override\n    public JexlMethod getMethod(Object obj, String method, Object... args) {\n      checkAccess(obj);\n      return uberspect.getMethod(obj, method, args);\n    }\n\n    @Override\n    public List<PropertyResolver> getResolvers(JexlOperator op, Object obj) {\n      checkAccess(obj);\n      return uberspect.getResolvers(op, obj);\n    }\n\n    @Override\n    public void setClassLoader(ClassLoader loader) {\n      uberspect.setClassLoader(loader);\n    }\n\n    @Override\n    public int getVersion() {\n      return uberspect.getVersion();\n    }\n\n    @Override\n    public JexlMethod getConstructor(Object obj, Object... args) {\n      checkAccess(obj);\n      return uberspect.getConstructor(obj, args);\n    }\n\n    @Override\n    public JexlPropertyGet getPropertyGet(Object obj, Object identifier) {\n      checkAccess(obj);\n      return uberspect.getPropertyGet(obj, identifier);\n    }\n\n    @Override\n    public JexlPropertyGet getPropertyGet(List<PropertyResolver> resolvers, Object obj, Object identifier) {\n      checkAccess(obj);\n      return uberspect.getPropertyGet(resolvers, obj, identifier);\n    }\n\n    @Override\n    public JexlPropertySet getPropertySet(Object obj, Object identifier, Object arg) {\n      checkAccess(obj);\n      return uberspect.getPropertySet(obj, identifier, arg);\n    }\n\n    @Override\n    public JexlPropertySet getPropertySet(List<PropertyResolver> resolvers, Object obj, Object identifier, Object arg) {\n      checkAccess(obj);\n      return uberspect.getPropertySet(resolvers, obj, identifier, arg);\n    }\n\n    @Override\n    public Iterator<?> getIterator(Object obj) {\n      checkAccess(obj);\n      return uberspect.getIterator(obj);\n    }\n\n    @Override\n    public JexlArithmetic.Uberspect getArithmetic(JexlArithmetic arithmetic) {\n      return uberspect.getArithmetic(arithmetic);\n    } \n  }\n}\n```\n\n## References\n* Apache Commons JEXL: [Project page](https://commons.apache.org/proper/commons-jexl/).\n* Apache Commons JEXL documentation: [JEXL 2.1.1 API](https://commons.apache.org/proper/commons-jexl/javadocs/apidocs-2.1.1/).\n* Apache Commons JEXL documentation: [JEXL 3.1 API](https://commons.apache.org/proper/commons-jexl/apidocs/index.html).\n* OWASP: [Expression Language Injection](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-094","owasp-top10-2021","A03:2021 - Injection"],"description":"Evaluation of a user-controlled JEXL expression\n              may lead to arbitrary code execution.","id":"java/jexl-expression-injection","kind":"path-problem","name":"Expression language injection (JEXL)","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/server-side-template-injection","name":"java/server-side-template-injection","shortDescription":{"text":"Server-side template injection"},"fullDescription":{"text":"Untrusted input interpreted as a template can lead to remote code execution."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Server-side template injection\nTemplate injection occurs when user input is embedded in a template's code in an unsafe manner. An attacker can use native template syntax to inject a malicious payload into a template, which is then executed server-side. This permits the attacker to run arbitrary code in the server's context.\n\n\n## Recommendation\nTo fix this, ensure that untrusted input is not used as part of a template's code. If the application requirements do not allow this, use a sandboxed environment where access to unsafe attributes and methods is prohibited.\n\n\n## Example\nIn the example given below, an untrusted HTTP parameter `code` is used as a Velocity template string. This can lead to remote code execution.\n\n\n```java\n@Controller\npublic class VelocitySSTI {\n\n\t@GetMapping(value = \"bad\")\n\tpublic void bad(HttpServletRequest request) {\n\t\tVelocity.init();\n\n\t\tString code = request.getParameter(\"code\");\n\n\t\tVelocityContext context = new VelocityContext();\n\n\t\tcontext.put(\"name\", \"Velocity\");\n\t\tcontext.put(\"project\", \"Jakarta\");\n\n\t\tStringWriter w = new StringWriter();\n\t\t// evaluate( Context context, Writer out, String logTag, String instring )\n\t\tVelocity.evaluate(context, w, \"mystring\", code);\n\t}\n}\n\n```\nIn the next example, the problem is avoided by using a fixed template string `s`. Since the template's code is not attacker-controlled in this case, this solution prevents the execution of untrusted code.\n\n\n```java\n@Controller\npublic class VelocitySSTI {\n\n\t@GetMapping(value = \"good\")\n\tpublic void good(HttpServletRequest request) {\n\t\tVelocity.init();\n\t\tVelocityContext context = new VelocityContext();\n\n\t\tcontext.put(\"name\", \"Velocity\");\n\t\tcontext.put(\"project\", \"Jakarta\");\n\n\t\tString s = \"We are using $project $name to render this.\";\n\t\tStringWriter w = new StringWriter();\n\t\tVelocity.evaluate(context, w, \"mystring\", s);\n\t\tSystem.out.println(\" string : \" + w);\n\t}\n}\n\n```\n\n## References\n* Portswigger: [Server Side Template Injection](https://portswigger.net/web-security/server-side-template-injection).\n* Common Weakness Enumeration: [CWE-1336](https://cwe.mitre.org/data/definitions/1336.html).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n","markdown":"# Server-side template injection\nTemplate injection occurs when user input is embedded in a template's code in an unsafe manner. An attacker can use native template syntax to inject a malicious payload into a template, which is then executed server-side. This permits the attacker to run arbitrary code in the server's context.\n\n\n## Recommendation\nTo fix this, ensure that untrusted input is not used as part of a template's code. If the application requirements do not allow this, use a sandboxed environment where access to unsafe attributes and methods is prohibited.\n\n\n## Example\nIn the example given below, an untrusted HTTP parameter `code` is used as a Velocity template string. This can lead to remote code execution.\n\n\n```java\n@Controller\npublic class VelocitySSTI {\n\n\t@GetMapping(value = \"bad\")\n\tpublic void bad(HttpServletRequest request) {\n\t\tVelocity.init();\n\n\t\tString code = request.getParameter(\"code\");\n\n\t\tVelocityContext context = new VelocityContext();\n\n\t\tcontext.put(\"name\", \"Velocity\");\n\t\tcontext.put(\"project\", \"Jakarta\");\n\n\t\tStringWriter w = new StringWriter();\n\t\t// evaluate( Context context, Writer out, String logTag, String instring )\n\t\tVelocity.evaluate(context, w, \"mystring\", code);\n\t}\n}\n\n```\nIn the next example, the problem is avoided by using a fixed template string `s`. Since the template's code is not attacker-controlled in this case, this solution prevents the execution of untrusted code.\n\n\n```java\n@Controller\npublic class VelocitySSTI {\n\n\t@GetMapping(value = \"good\")\n\tpublic void good(HttpServletRequest request) {\n\t\tVelocity.init();\n\t\tVelocityContext context = new VelocityContext();\n\n\t\tcontext.put(\"name\", \"Velocity\");\n\t\tcontext.put(\"project\", \"Jakarta\");\n\n\t\tString s = \"We are using $project $name to render this.\";\n\t\tStringWriter w = new StringWriter();\n\t\tVelocity.evaluate(context, w, \"mystring\", s);\n\t\tSystem.out.println(\" string : \" + w);\n\t}\n}\n\n```\n\n## References\n* Portswigger: [Server Side Template Injection](https://portswigger.net/web-security/server-side-template-injection).\n* Common Weakness Enumeration: [CWE-1336](https://cwe.mitre.org/data/definitions/1336.html).\n* Common Weakness Enumeration: [CWE-94](https://cwe.mitre.org/data/definitions/94.html).\n"},"properties":{"tags":["security","external/cwe/cwe-1336","external/cwe/cwe-094","owasp-top10-2021","A03:2021 - Injection"],"description":"Untrusted input interpreted as a template can lead to remote code execution.","id":"java/server-side-template-injection","kind":"path-problem","name":"Server-side template injection","precision":"high","problem.severity":"error","security-severity":"9.3"}},{"id":"java/spring-disabled-csrf-protection","name":"java/spring-disabled-csrf-protection","shortDescription":{"text":"Disabled Spring CSRF protection"},"fullDescription":{"text":"Disabling CSRF protection makes the application vulnerable to a Cross-Site Request Forgery (CSRF) attack."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Disabled Spring CSRF protection\nWhen you set up a web server to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it is vulnerable to attack. An attacker can trick a client into making an unintended request to the web server that will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.\n\n\n## Recommendation\nWhen you use Spring, Cross-Site Request Forgery (CSRF) protection is enabled by default. Spring's recommendation is to use CSRF protection for any request that could be processed by a browser client by normal users.\n\n\n## Example\nThe following example shows the Spring Java configuration with CSRF protection disabled. This type of configuration should only be used if you are creating a service that is used only by non-browser clients.\n\n\n```java\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\nimport org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\n\n@EnableWebSecurity\n@Configuration\npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {\n  @Override\n  protected void configure(HttpSecurity http) throws Exception {\n    http\n      .csrf(csrf ->\n        // BAD - CSRF protection shouldn't be disabled\n        csrf.disable() \n      );\n  }\n}\n\n```\n\n## References\n* OWASP: [Cross-Site Request Forgery (CSRF)](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)).\n* Spring Security Reference: [ Cross Site Request Forgery (CSRF) for Servlet Environments ](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-csrf).\n* Common Weakness Enumeration: [CWE-352](https://cwe.mitre.org/data/definitions/352.html).\n","markdown":"# Disabled Spring CSRF protection\nWhen you set up a web server to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it is vulnerable to attack. An attacker can trick a client into making an unintended request to the web server that will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.\n\n\n## Recommendation\nWhen you use Spring, Cross-Site Request Forgery (CSRF) protection is enabled by default. Spring's recommendation is to use CSRF protection for any request that could be processed by a browser client by normal users.\n\n\n## Example\nThe following example shows the Spring Java configuration with CSRF protection disabled. This type of configuration should only be used if you are creating a service that is used only by non-browser clients.\n\n\n```java\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\nimport org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\n\n@EnableWebSecurity\n@Configuration\npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {\n  @Override\n  protected void configure(HttpSecurity http) throws Exception {\n    http\n      .csrf(csrf ->\n        // BAD - CSRF protection shouldn't be disabled\n        csrf.disable() \n      );\n  }\n}\n\n```\n\n## References\n* OWASP: [Cross-Site Request Forgery (CSRF)](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)).\n* Spring Security Reference: [ Cross Site Request Forgery (CSRF) for Servlet Environments ](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-csrf).\n* Common Weakness Enumeration: [CWE-352](https://cwe.mitre.org/data/definitions/352.html).\n"},"properties":{"tags":["security","external/cwe/cwe-352","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Disabling CSRF protection makes the application vulnerable to\n              a Cross-Site Request Forgery (CSRF) attack.","id":"java/spring-disabled-csrf-protection","kind":"problem","name":"Disabled Spring CSRF protection","precision":"high","problem.severity":"error","security-severity":"8.8"}},{"id":"java/weak-cryptographic-algorithm","name":"java/weak-cryptographic-algorithm","shortDescription":{"text":"Use of a broken or risky cryptographic algorithm"},"fullDescription":{"text":"Using broken or weak cryptographic algorithms can allow an attacker to compromise security."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Use of a broken or risky cryptographic algorithm\nUsing broken or weak cryptographic algorithms can leave data vulnerable to being decrypted.\n\nMany cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that an attacker may be able to easily decrypt the encrypted data.\n\n\n## Recommendation\nEnsure that you use a strong, modern cryptographic algorithm. Use at least AES-128 or RSA-2048. Do not use the ECB encryption mode since it is vulnerable to replay and other attacks.\n\n\n## Example\nThe following code shows an example of using a java `Cipher` to encrypt some data. When creating a `Cipher` instance, you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a strong modern algorithm.\n\n\n```java\n// BAD: DES is a weak algorithm \nCipher des = Cipher.getInstance(\"DES\");\ncipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);\n\nbyte[] encrypted = cipher.doFinal(input.getBytes(\"UTF-8\"));\n\n// ...\n\n// GOOD: AES is a strong algorithm\nCipher aes = Cipher.getInstance(\"AES\");\n\n// ...\n\n```\n\n## References\n* NIST, FIPS 140 Annex a: [ Approved Security Functions](http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf).\n* NIST, SP 800-131A: [ Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf).\n* Common Weakness Enumeration: [CWE-327](https://cwe.mitre.org/data/definitions/327.html).\n* Common Weakness Enumeration: [CWE-328](https://cwe.mitre.org/data/definitions/328.html).\n","markdown":"# Use of a broken or risky cryptographic algorithm\nUsing broken or weak cryptographic algorithms can leave data vulnerable to being decrypted.\n\nMany cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that an attacker may be able to easily decrypt the encrypted data.\n\n\n## Recommendation\nEnsure that you use a strong, modern cryptographic algorithm. Use at least AES-128 or RSA-2048. Do not use the ECB encryption mode since it is vulnerable to replay and other attacks.\n\n\n## Example\nThe following code shows an example of using a java `Cipher` to encrypt some data. When creating a `Cipher` instance, you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a strong modern algorithm.\n\n\n```java\n// BAD: DES is a weak algorithm \nCipher des = Cipher.getInstance(\"DES\");\ncipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);\n\nbyte[] encrypted = cipher.doFinal(input.getBytes(\"UTF-8\"));\n\n// ...\n\n// GOOD: AES is a strong algorithm\nCipher aes = Cipher.getInstance(\"AES\");\n\n// ...\n\n```\n\n## References\n* NIST, FIPS 140 Annex a: [ Approved Security Functions](http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf).\n* NIST, SP 800-131A: [ Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf).\n* Common Weakness Enumeration: [CWE-327](https://cwe.mitre.org/data/definitions/327.html).\n* Common Weakness Enumeration: [CWE-328](https://cwe.mitre.org/data/definitions/328.html).\n"},"properties":{"tags":["security","external/cwe/cwe-327","external/cwe/cwe-328","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using broken or weak cryptographic algorithms can allow an attacker to compromise security.","id":"java/weak-cryptographic-algorithm","kind":"path-problem","name":"Use of a broken or risky cryptographic algorithm","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/jndi-injection","name":"java/jndi-injection","shortDescription":{"text":"JNDI lookup with user-controlled name"},"fullDescription":{"text":"Performing a JNDI lookup with a user-controlled name can lead to the download of an untrusted object and to execution of arbitrary code."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# JNDI lookup with user-controlled name\nThe Java Naming and Directory Interface (JNDI) is a Java API for a directory service that allows Java software clients to discover and look up data and resources (in the form of Java objects) via a name. If the name being used to look up the data is controlled by the user, it can point to a malicious server, which can return an arbitrary object. In the worst case, this can allow remote code execution.\n\n\n## Recommendation\nThe general recommendation is to avoid passing untrusted data to the `InitialContext.lookup ` method. If the name being used to look up the object must be provided by the user, make sure that it's not in the form of an absolute URL or that it's the URL pointing to a trused server.\n\n\n## Example\nIn the following examples, the code accepts a name from the user, which it uses to look up an object.\n\nIn the first example, the user provided name is used to look up an object.\n\nThe second example validates the name before using it to look up an object.\n\n\n```java\nimport javax.naming.Context;\nimport javax.naming.InitialContext;\n\npublic void jndiLookup(HttpServletRequest request) throws NamingException {\n  String name = request.getParameter(\"name\");\n\n  Hashtable<String, String> env = new Hashtable<String, String>();\n  env.put(Context.INITIAL_CONTEXT_FACTORY, \"com.sun.jndi.rmi.registry.RegistryContextFactory\");\n  env.put(Context.PROVIDER_URL, \"rmi://trusted-server:1099\");\n  InitialContext ctx = new InitialContext(env);\n\n  // BAD: User input used in lookup\n  ctx.lookup(name);\n\n  // GOOD: The name is validated before being used in lookup\n  if (isValid(name)) {\n    ctx.lookup(name);\n  } else {\n    // Reject the request\n  }\n}\n```\n\n## References\n* Oracle: [Java Naming and Directory Interface (JNDI)](https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/).\n* Black Hat materials: [A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land](https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf).\n* Veracode: [Exploiting JNDI Injections in Java](https://www.veracode.com/blog/research/exploiting-jndi-injections-java).\n* Common Weakness Enumeration: [CWE-74](https://cwe.mitre.org/data/definitions/74.html).\n","markdown":"# JNDI lookup with user-controlled name\nThe Java Naming and Directory Interface (JNDI) is a Java API for a directory service that allows Java software clients to discover and look up data and resources (in the form of Java objects) via a name. If the name being used to look up the data is controlled by the user, it can point to a malicious server, which can return an arbitrary object. In the worst case, this can allow remote code execution.\n\n\n## Recommendation\nThe general recommendation is to avoid passing untrusted data to the `InitialContext.lookup ` method. If the name being used to look up the object must be provided by the user, make sure that it's not in the form of an absolute URL or that it's the URL pointing to a trused server.\n\n\n## Example\nIn the following examples, the code accepts a name from the user, which it uses to look up an object.\n\nIn the first example, the user provided name is used to look up an object.\n\nThe second example validates the name before using it to look up an object.\n\n\n```java\nimport javax.naming.Context;\nimport javax.naming.InitialContext;\n\npublic void jndiLookup(HttpServletRequest request) throws NamingException {\n  String name = request.getParameter(\"name\");\n\n  Hashtable<String, String> env = new Hashtable<String, String>();\n  env.put(Context.INITIAL_CONTEXT_FACTORY, \"com.sun.jndi.rmi.registry.RegistryContextFactory\");\n  env.put(Context.PROVIDER_URL, \"rmi://trusted-server:1099\");\n  InitialContext ctx = new InitialContext(env);\n\n  // BAD: User input used in lookup\n  ctx.lookup(name);\n\n  // GOOD: The name is validated before being used in lookup\n  if (isValid(name)) {\n    ctx.lookup(name);\n  } else {\n    // Reject the request\n  }\n}\n```\n\n## References\n* Oracle: [Java Naming and Directory Interface (JNDI)](https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/).\n* Black Hat materials: [A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land](https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf).\n* Veracode: [Exploiting JNDI Injections in Java](https://www.veracode.com/blog/research/exploiting-jndi-injections-java).\n* Common Weakness Enumeration: [CWE-74](https://cwe.mitre.org/data/definitions/74.html).\n"},"properties":{"tags":["security","external/cwe/cwe-074","owasp-top10-2021","A03:2021 - Injection"],"description":"Performing a JNDI lookup with a user-controlled name can lead to the download of an untrusted\n              object and to execution of arbitrary code.","id":"java/jndi-injection","kind":"path-problem","name":"JNDI lookup with user-controlled name","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/xslt-injection","name":"java/xslt-injection","shortDescription":{"text":"XSLT transformation with user-controlled stylesheet"},"fullDescription":{"text":"Performing an XSLT transformation with user-controlled stylesheets can lead to information disclosure or execution of arbitrary code."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# XSLT transformation with user-controlled stylesheet\nXSLT (Extensible Stylesheet Language Transformations) is a language for transforming XML documents into other XML documents or other formats. Processing unvalidated XSLT stylesheets can allow attackers to read arbitrary files from the filesystem or to execute arbitrary code.\n\n\n## Recommendation\nThe general recommendation is to not process untrusted XSLT stylesheets. If user-provided stylesheets must be processed, enable the secure processing mode.\n\n\n## Example\nIn the following examples, the code accepts an XSLT stylesheet from the user and processes it.\n\nIn the first example, the user-provided XSLT stylesheet is parsed and processed.\n\nIn the second example, secure processing mode is enabled.\n\n\n```java\nimport javax.xml.XMLConstants;\nimport javax.xml.transform.TransformerFactory;\nimport javax.xml.transform.stream.StreamResult;\nimport javax.xml.transform.stream.StreamSource;\n\npublic void transform(Socket socket, String inputXml) throws Exception {\n  StreamSource xslt = new StreamSource(socket.getInputStream());\n  StreamSource xml = new StreamSource(new StringReader(inputXml));\n  StringWriter result = new StringWriter();\n  TransformerFactory factory = TransformerFactory.newInstance();\n\n  // BAD: User provided XSLT stylesheet is processed\n  factory.newTransformer(xslt).transform(xml, new StreamResult(result));\n\n  // GOOD: The secure processing mode is enabled\n  factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);\n  factory.newTransformer(xslt).transform(xml, new StreamResult(result));\n}  \n```\n\n## References\n* Wikipedia: [XSLT](https://en.wikipedia.org/wiki/XSLT).\n* The Java Tutorials: [Transforming XML Data with XSLT](https://docs.oracle.com/javase/tutorial/jaxp/xslt/transformingXML.html).\n* [XSLT Injection Basics](https://blog.hunniccyber.com/ektron-cms-remote-code-execution-xslt-transform-injection-java/).\n* Common Weakness Enumeration: [CWE-74](https://cwe.mitre.org/data/definitions/74.html).\n","markdown":"# XSLT transformation with user-controlled stylesheet\nXSLT (Extensible Stylesheet Language Transformations) is a language for transforming XML documents into other XML documents or other formats. Processing unvalidated XSLT stylesheets can allow attackers to read arbitrary files from the filesystem or to execute arbitrary code.\n\n\n## Recommendation\nThe general recommendation is to not process untrusted XSLT stylesheets. If user-provided stylesheets must be processed, enable the secure processing mode.\n\n\n## Example\nIn the following examples, the code accepts an XSLT stylesheet from the user and processes it.\n\nIn the first example, the user-provided XSLT stylesheet is parsed and processed.\n\nIn the second example, secure processing mode is enabled.\n\n\n```java\nimport javax.xml.XMLConstants;\nimport javax.xml.transform.TransformerFactory;\nimport javax.xml.transform.stream.StreamResult;\nimport javax.xml.transform.stream.StreamSource;\n\npublic void transform(Socket socket, String inputXml) throws Exception {\n  StreamSource xslt = new StreamSource(socket.getInputStream());\n  StreamSource xml = new StreamSource(new StringReader(inputXml));\n  StringWriter result = new StringWriter();\n  TransformerFactory factory = TransformerFactory.newInstance();\n\n  // BAD: User provided XSLT stylesheet is processed\n  factory.newTransformer(xslt).transform(xml, new StreamResult(result));\n\n  // GOOD: The secure processing mode is enabled\n  factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);\n  factory.newTransformer(xslt).transform(xml, new StreamResult(result));\n}  \n```\n\n## References\n* Wikipedia: [XSLT](https://en.wikipedia.org/wiki/XSLT).\n* The Java Tutorials: [Transforming XML Data with XSLT](https://docs.oracle.com/javase/tutorial/jaxp/xslt/transformingXML.html).\n* [XSLT Injection Basics](https://blog.hunniccyber.com/ektron-cms-remote-code-execution-xslt-transform-injection-java/).\n* Common Weakness Enumeration: [CWE-74](https://cwe.mitre.org/data/definitions/74.html).\n"},"properties":{"tags":["security","external/cwe/cwe-074","owasp-top10-2021","A03:2021 - Injection"],"description":"Performing an XSLT transformation with user-controlled stylesheets can lead to\n              information disclosure or execution of arbitrary code.","id":"java/xslt-injection","kind":"path-problem","name":"XSLT transformation with user-controlled stylesheet","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"java/unreleased-lock","name":"java/unreleased-lock","shortDescription":{"text":"Unreleased lock"},"fullDescription":{"text":"A lock that is acquired one or more times without a matching number of unlocks may cause a deadlock."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Unreleased lock\nWhen a thread acquires a lock it must make sure to unlock it again; failing to do so can lead to deadlocks. If a lock allows a thread to acquire it multiple times, for example `java.util.concurrent.locks.ReentrantLock`, then the number of locks must match the number of unlocks in order to fully release the lock.\n\n\n## Recommendation\nIt is recommended practice always to immediately follow a call to `lock` with a `try` block and place the call to `unlock` inside the `finally` block. Beware of calls inside the `finally` block that could cause exceptions, as this may result in skipping the call to `unlock`.\n\n\n## Example\nThe typical pattern for using locks safely looks like this:\n\n\n```java\npublic void m() {\n   lock.lock();\n   // A\n   try {\n      // ... method body\n   } finally {\n      // B\n      lock.unlock();\n   }\n}\n```\nIf any code that can cause a premature method exit (for example by throwing an exception) is inserted at either point `A` or `B` then the method might not unlock, so this should be avoided.\n\n\n## References\n* Java API Specification: [java.util.concurrent.locks.Lock](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/locks/Lock.html), [java.util.concurrent.locks.ReentrantLock](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/locks/ReentrantLock.html).\n* Common Weakness Enumeration: [CWE-764](https://cwe.mitre.org/data/definitions/764.html).\n* Common Weakness Enumeration: [CWE-833](https://cwe.mitre.org/data/definitions/833.html).\n","markdown":"# Unreleased lock\nWhen a thread acquires a lock it must make sure to unlock it again; failing to do so can lead to deadlocks. If a lock allows a thread to acquire it multiple times, for example `java.util.concurrent.locks.ReentrantLock`, then the number of locks must match the number of unlocks in order to fully release the lock.\n\n\n## Recommendation\nIt is recommended practice always to immediately follow a call to `lock` with a `try` block and place the call to `unlock` inside the `finally` block. Beware of calls inside the `finally` block that could cause exceptions, as this may result in skipping the call to `unlock`.\n\n\n## Example\nThe typical pattern for using locks safely looks like this:\n\n\n```java\npublic void m() {\n   lock.lock();\n   // A\n   try {\n      // ... method body\n   } finally {\n      // B\n      lock.unlock();\n   }\n}\n```\nIf any code that can cause a premature method exit (for example by throwing an exception) is inserted at either point `A` or `B` then the method might not unlock, so this should be avoided.\n\n\n## References\n* Java API Specification: [java.util.concurrent.locks.Lock](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/locks/Lock.html), [java.util.concurrent.locks.ReentrantLock](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/locks/ReentrantLock.html).\n* Common Weakness Enumeration: [CWE-764](https://cwe.mitre.org/data/definitions/764.html).\n* Common Weakness Enumeration: [CWE-833](https://cwe.mitre.org/data/definitions/833.html).\n"},"properties":{"tags":["reliability","security","external/cwe/cwe-764","external/cwe/cwe-833"],"description":"A lock that is acquired one or more times without a matching number of unlocks\n              may cause a deadlock.","id":"java/unreleased-lock","kind":"problem","name":"Unreleased lock","precision":"medium","problem.severity":"error","security-severity":"5.0"}},{"id":"java/unsafe-cert-trust","name":"java/unsafe-cert-trust","shortDescription":{"text":"Unsafe certificate trust"},"fullDescription":{"text":"SSLSocket/SSLEngine ignores all SSL certificate validation errors when establishing an HTTPS connection, thereby making the app vulnerable to man-in-the-middle attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Unsafe certificate trust\nJava offers two mechanisms for SSL authentication - trust manager and hostname verifier (the later is checked by the `java/insecure-hostname-verifier` query). The trust manager validates the peer's certificate chain while hostname verification establishes that the hostname in the URL matches the hostname in the server's identification.\n\nWhen `SSLSocket` or `SSLEngine` are created without a secure `setEndpointIdentificationAlgorithm`, hostname verification is disabled by default.\n\nThis query checks whether `setEndpointIdentificationAlgorithm` is missing, thereby making the application vulnerable to man-in-the-middle attacks. The query also covers insecure configurations of `com.rabbitmq.client.ConnectionFactory`.\n\n\n## Recommendation\nValidate SSL certificates in SSL authentication.\n\n\n## Example\nThe following two examples show two ways of configuring SSLSocket/SSLEngine. In the 'BAD' case, `setEndpointIdentificationAlgorithm` is not called, thus no hostname verification takes place. In the 'GOOD' case, `setEndpointIdentificationAlgorithm` is called.\n\n\n```java\npublic static void main(String[] args) {\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tSSLEngine sslEngine = sslContext.createSSLEngine();\n\t\tSSLParameters sslParameters = sslEngine.getSSLParameters();\n\t\tsslParameters.setEndpointIdentificationAlgorithm(\"HTTPS\"); //GOOD: Set a valid endpointIdentificationAlgorithm for SSL engine to trigger hostname verification\n\t\tsslEngine.setSSLParameters(sslParameters);\n\t}\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tSSLEngine sslEngine = sslContext.createSSLEngine();  //BAD: No endpointIdentificationAlgorithm set\n\t}\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tfinal SSLSocketFactory socketFactory = sslContext.getSocketFactory();\n\t\tSSLSocket socket = (SSLSocket) socketFactory.createSocket(\"www.example.com\", 443); \n\t\tSSLParameters sslParameters = sslEngine.getSSLParameters();\n\t\tsslParameters.setEndpointIdentificationAlgorithm(\"HTTPS\"); //GOOD: Set a valid endpointIdentificationAlgorithm for SSL socket to trigger hostname verification\n\t\tsocket.setSSLParameters(sslParameters);\n\t}\n\n\t{\n\t\tcom.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();\n\t\tconnectionFactory.useSslProtocol();\n\t\tconnectionFactory.enableHostnameVerification();  //GOOD: Enable hostname verification for rabbitmq ConnectionFactory\n\t}\n\n\t{\n\t\tcom.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();\n\t\tconnectionFactory.useSslProtocol(); //BAD: Hostname verification for rabbitmq ConnectionFactory is not enabled\n\t}\n}\n```\n\n## References\n* [Testing Endpoint Identify Verification (MSTG-NETWORK-3)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md).\n* [SSLParameters.setEndpointIdentificationAlgorithm documentation](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm(java.lang.String)).\n* RabbitMQ: [ConnectionFactory.enableHostnameVerification documentation](https://rabbitmq.github.io/rabbitmq-java-client/api/current/com/rabbitmq/client/ConnectionFactory.html#enableHostnameVerification()).\n* RabbitMQ: [Using TLS in the Java Client](https://www.rabbitmq.com/ssl.html#java-client).\n* [CVE-2018-17187: Apache Qpid Proton-J transport issue with hostname verification](https://github.com/advisories/GHSA-xvch-r4wf-h8w9).\n* [CVE-2018-8034: Apache Tomcat - host name verification when using TLS with the WebSocket client](https://github.com/advisories/GHSA-46j3-r4pj-4835).\n* [CVE-2018-11087: Pivotal Spring AMQP vulnerability due to lack of hostname validation](https://github.com/advisories/GHSA-w4g2-9hj6-5472).\n* [CVE-2018-11775: TLS hostname verification issue when using the Apache ActiveMQ Client](https://github.com/advisories/GHSA-m9w8-v359-9ffr).\n* Common Weakness Enumeration: [CWE-273](https://cwe.mitre.org/data/definitions/273.html).\n","markdown":"# Unsafe certificate trust\nJava offers two mechanisms for SSL authentication - trust manager and hostname verifier (the later is checked by the `java/insecure-hostname-verifier` query). The trust manager validates the peer's certificate chain while hostname verification establishes that the hostname in the URL matches the hostname in the server's identification.\n\nWhen `SSLSocket` or `SSLEngine` are created without a secure `setEndpointIdentificationAlgorithm`, hostname verification is disabled by default.\n\nThis query checks whether `setEndpointIdentificationAlgorithm` is missing, thereby making the application vulnerable to man-in-the-middle attacks. The query also covers insecure configurations of `com.rabbitmq.client.ConnectionFactory`.\n\n\n## Recommendation\nValidate SSL certificates in SSL authentication.\n\n\n## Example\nThe following two examples show two ways of configuring SSLSocket/SSLEngine. In the 'BAD' case, `setEndpointIdentificationAlgorithm` is not called, thus no hostname verification takes place. In the 'GOOD' case, `setEndpointIdentificationAlgorithm` is called.\n\n\n```java\npublic static void main(String[] args) {\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tSSLEngine sslEngine = sslContext.createSSLEngine();\n\t\tSSLParameters sslParameters = sslEngine.getSSLParameters();\n\t\tsslParameters.setEndpointIdentificationAlgorithm(\"HTTPS\"); //GOOD: Set a valid endpointIdentificationAlgorithm for SSL engine to trigger hostname verification\n\t\tsslEngine.setSSLParameters(sslParameters);\n\t}\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tSSLEngine sslEngine = sslContext.createSSLEngine();  //BAD: No endpointIdentificationAlgorithm set\n\t}\n\n\t{\n\t\tSSLContext sslContext = SSLContext.getInstance(\"TLS\");\n\t\tfinal SSLSocketFactory socketFactory = sslContext.getSocketFactory();\n\t\tSSLSocket socket = (SSLSocket) socketFactory.createSocket(\"www.example.com\", 443); \n\t\tSSLParameters sslParameters = sslEngine.getSSLParameters();\n\t\tsslParameters.setEndpointIdentificationAlgorithm(\"HTTPS\"); //GOOD: Set a valid endpointIdentificationAlgorithm for SSL socket to trigger hostname verification\n\t\tsocket.setSSLParameters(sslParameters);\n\t}\n\n\t{\n\t\tcom.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();\n\t\tconnectionFactory.useSslProtocol();\n\t\tconnectionFactory.enableHostnameVerification();  //GOOD: Enable hostname verification for rabbitmq ConnectionFactory\n\t}\n\n\t{\n\t\tcom.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();\n\t\tconnectionFactory.useSslProtocol(); //BAD: Hostname verification for rabbitmq ConnectionFactory is not enabled\n\t}\n}\n```\n\n## References\n* [Testing Endpoint Identify Verification (MSTG-NETWORK-3)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md).\n* [SSLParameters.setEndpointIdentificationAlgorithm documentation](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm(java.lang.String)).\n* RabbitMQ: [ConnectionFactory.enableHostnameVerification documentation](https://rabbitmq.github.io/rabbitmq-java-client/api/current/com/rabbitmq/client/ConnectionFactory.html#enableHostnameVerification()).\n* RabbitMQ: [Using TLS in the Java Client](https://www.rabbitmq.com/ssl.html#java-client).\n* [CVE-2018-17187: Apache Qpid Proton-J transport issue with hostname verification](https://github.com/advisories/GHSA-xvch-r4wf-h8w9).\n* [CVE-2018-8034: Apache Tomcat - host name verification when using TLS with the WebSocket client](https://github.com/advisories/GHSA-46j3-r4pj-4835).\n* [CVE-2018-11087: Pivotal Spring AMQP vulnerability due to lack of hostname validation](https://github.com/advisories/GHSA-w4g2-9hj6-5472).\n* [CVE-2018-11775: TLS hostname verification issue when using the Apache ActiveMQ Client](https://github.com/advisories/GHSA-m9w8-v359-9ffr).\n* Common Weakness Enumeration: [CWE-273](https://cwe.mitre.org/data/definitions/273.html).\n"},"properties":{"tags":["security","external/cwe/cwe-273"],"description":"SSLSocket/SSLEngine ignores all SSL certificate validation\n              errors when establishing an HTTPS connection, thereby making\n              the app vulnerable to man-in-the-middle attacks.","id":"java/unsafe-cert-trust","kind":"problem","name":"Unsafe certificate trust","precision":"medium","problem.severity":"warning","security-severity":"9.8"}},{"id":"java/user-controlled-bypass","name":"java/user-controlled-bypass","shortDescription":{"text":"User-controlled bypass of sensitive method"},"fullDescription":{"text":"User-controlled bypassing of sensitive methods may allow attackers to avoid passing through authentication systems."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# User-controlled bypass of sensitive method\nMany Java constructs enable code statements to be executed conditionally, for example `if` statements and `for` statements. If these statements contain important authentication or login code, and the decision about whether to execute this code is based on user-controlled data, it may be possible for an attacker to bypass security systems by preventing this code from executing.\n\n\n## Recommendation\nNever decide whether to authenticate a user based on data that may be controlled by that user. If necessary, ensure that the data is validated extensively when it is input before any authentication checks are performed.\n\nIt is still possible to have a system that \"remembers\" users, thus not requiring the user to login on every interaction. For example, personalization settings can be applied without authentication because this is not sensitive information. However, users should be allowed to take sensitive actions only when they have been fully authenticated.\n\n\n## Example\nThis example shows two ways of deciding whether to authenticate a user. The first way shows a decision that is based on the value of a cookie. Cookies can be easily controlled by the user, and so this allows a user to become authenticated without providing valid credentials. The second, more secure way shows a decision that is based on looking up the user in a security database.\n\n\n```java\npublic boolean doLogin(String user, String password) {\n\tCookie adminCookie = getCookies()[0];\n\n\t// BAD: login is executed only if the value of 'adminCookie' is 'false', \n\t// but 'adminCookie' is controlled by the user\n\tif(adminCookie.getValue()==\"false\")\n\t\treturn login(user, password);\n\t\n\treturn true;\n}\n\npublic boolean doLogin(String user, String password) {\n\tCookie adminCookie = getCookies()[0];\n\t\n\t// GOOD: use server-side information based on the credentials to decide\n\t// whether user has privileges\n\tboolean isAdmin = queryDbForAdminStatus(user, password);\n\tif(!isAdmin)\n\t\treturn login(user, password);\n\t\n\treturn true;\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SEC02-J. Do not base security checks on untrusted sources](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources).\n* Common Weakness Enumeration: [CWE-807](https://cwe.mitre.org/data/definitions/807.html).\n* Common Weakness Enumeration: [CWE-290](https://cwe.mitre.org/data/definitions/290.html).\n","markdown":"# User-controlled bypass of sensitive method\nMany Java constructs enable code statements to be executed conditionally, for example `if` statements and `for` statements. If these statements contain important authentication or login code, and the decision about whether to execute this code is based on user-controlled data, it may be possible for an attacker to bypass security systems by preventing this code from executing.\n\n\n## Recommendation\nNever decide whether to authenticate a user based on data that may be controlled by that user. If necessary, ensure that the data is validated extensively when it is input before any authentication checks are performed.\n\nIt is still possible to have a system that \"remembers\" users, thus not requiring the user to login on every interaction. For example, personalization settings can be applied without authentication because this is not sensitive information. However, users should be allowed to take sensitive actions only when they have been fully authenticated.\n\n\n## Example\nThis example shows two ways of deciding whether to authenticate a user. The first way shows a decision that is based on the value of a cookie. Cookies can be easily controlled by the user, and so this allows a user to become authenticated without providing valid credentials. The second, more secure way shows a decision that is based on looking up the user in a security database.\n\n\n```java\npublic boolean doLogin(String user, String password) {\n\tCookie adminCookie = getCookies()[0];\n\n\t// BAD: login is executed only if the value of 'adminCookie' is 'false', \n\t// but 'adminCookie' is controlled by the user\n\tif(adminCookie.getValue()==\"false\")\n\t\treturn login(user, password);\n\t\n\treturn true;\n}\n\npublic boolean doLogin(String user, String password) {\n\tCookie adminCookie = getCookies()[0];\n\t\n\t// GOOD: use server-side information based on the credentials to decide\n\t// whether user has privileges\n\tboolean isAdmin = queryDbForAdminStatus(user, password);\n\tif(!isAdmin)\n\t\treturn login(user, password);\n\t\n\treturn true;\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SEC02-J. Do not base security checks on untrusted sources](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources).\n* Common Weakness Enumeration: [CWE-807](https://cwe.mitre.org/data/definitions/807.html).\n* Common Weakness Enumeration: [CWE-290](https://cwe.mitre.org/data/definitions/290.html).\n"},"properties":{"tags":["security","external/cwe/cwe-807","external/cwe/cwe-290","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"User-controlled bypassing of sensitive methods may allow attackers to avoid\n              passing through authentication systems.","id":"java/user-controlled-bypass","kind":"path-problem","name":"User-controlled bypass of sensitive method","precision":"medium","problem.severity":"error","security-severity":"7.8"}},{"id":"java/cleartext-storage-in-properties","name":"java/cleartext-storage-in-properties","shortDescription":{"text":"Cleartext storage of sensitive information using 'Properties' class"},"fullDescription":{"text":"Storing sensitive information in cleartext can expose it to an attacker."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Cleartext storage of sensitive information using 'Properties' class\nSensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.\n\n\n## Recommendation\nEnsure that sensitive information is always encrypted before being stored. It may be wise to encrypt information before it is put into a heap data structure (such as `Java.util.Properties`) that may be written to disk later. Objects that are serializable or marshallable should also always contain encrypted information unless you are certain that they are not ever going to be serialized.\n\nIn general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.\n\n\n## Example\nThe following example shows two ways of storing user credentials in a cookie. In the 'BAD' case, the credentials are simply stored in cleartext. In the 'GOOD' case, the credentials are hashed before storing them.\n\n\n```java\npublic static void main(String[] args) {\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"BP@ssw0rd\".toCharArray());\n\t\tdata = credentials.getUserName() + \":\" + new String(credentials.getPassword());\n\t\n\t\t// BAD: store data in a cookie in cleartext form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n\t\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"GP@ssw0rd\".toCharArray());\n\t\tString salt = \"ThisIsMySalt\";\n\t\tMessageDigest messageDigest = MessageDigest.getInstance(\"SHA-512\");\n\t\tmessageDigest.reset();\n\t\tString credentialsToHash =\n\t\t\t\tcredentials.getUserName() + \":\" + credentials.getPassword();\n\t\tbyte[] hashedCredsAsBytes =\n\t\t\t\tmessageDigest.digest((salt+credentialsToHash).getBytes(\"UTF-8\"));\n\t\tdata = bytesToString(hashedCredsAsBytes);\n\t\t\n\t\t// GOOD: store data in a cookie in encrypted form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n}\n\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* M. Dowd, J. McDonald and J. Schuhm, *The Art of Software Security Assessment*, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.\n* M. Howard and D. LeBlanc, *Writing Secure Code*, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.\n* Common Weakness Enumeration: [CWE-313](https://cwe.mitre.org/data/definitions/313.html).\n","markdown":"# Cleartext storage of sensitive information using 'Properties' class\nSensitive information that is stored unencrypted is accessible to an attacker who gains access to the storage.\n\n\n## Recommendation\nEnsure that sensitive information is always encrypted before being stored. It may be wise to encrypt information before it is put into a heap data structure (such as `Java.util.Properties`) that may be written to disk later. Objects that are serializable or marshallable should also always contain encrypted information unless you are certain that they are not ever going to be serialized.\n\nIn general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext.\n\n\n## Example\nThe following example shows two ways of storing user credentials in a cookie. In the 'BAD' case, the credentials are simply stored in cleartext. In the 'GOOD' case, the credentials are hashed before storing them.\n\n\n```java\npublic static void main(String[] args) {\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"BP@ssw0rd\".toCharArray());\n\t\tdata = credentials.getUserName() + \":\" + new String(credentials.getPassword());\n\t\n\t\t// BAD: store data in a cookie in cleartext form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n\t\n\t{\n\t\tString data;\n\t\tPasswordAuthentication credentials =\n\t\t\t\tnew PasswordAuthentication(\"user\", \"GP@ssw0rd\".toCharArray());\n\t\tString salt = \"ThisIsMySalt\";\n\t\tMessageDigest messageDigest = MessageDigest.getInstance(\"SHA-512\");\n\t\tmessageDigest.reset();\n\t\tString credentialsToHash =\n\t\t\t\tcredentials.getUserName() + \":\" + credentials.getPassword();\n\t\tbyte[] hashedCredsAsBytes =\n\t\t\t\tmessageDigest.digest((salt+credentialsToHash).getBytes(\"UTF-8\"));\n\t\tdata = bytesToString(hashedCredsAsBytes);\n\t\t\n\t\t// GOOD: store data in a cookie in encrypted form\n\t\tresponse.addCookie(new Cookie(\"auth\", data));\n\t}\n}\n\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [SER03-J. Do not serialize unencrypted, sensitive data](https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data).\n* M. Dowd, J. McDonald and J. Schuhm, *The Art of Software Security Assessment*, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.\n* M. Howard and D. LeBlanc, *Writing Secure Code*, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.\n* Common Weakness Enumeration: [CWE-313](https://cwe.mitre.org/data/definitions/313.html).\n"},"properties":{"tags":["security","external/cwe/cwe-313","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Storing sensitive information in cleartext can expose it to an attacker.","id":"java/cleartext-storage-in-properties","kind":"problem","name":"Cleartext storage of sensitive information using 'Properties' class","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/android/cleartext-storage-filesystem","name":"java/android/cleartext-storage-filesystem","shortDescription":{"text":"Cleartext storage of sensitive information in the Android filesystem"},"fullDescription":{"text":"Cleartext storage of sensitive information in the Android filesystem allows access for users with root privileges or unexpected exposure from chained vulnerabilities."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Cleartext storage of sensitive information in the Android filesystem\nAndroid applications with the appropriate permissions can write files either to the device external storage or the application internal storage, depending on the application's needs. However, sensitive information should not be saved in cleartext. Otherwise it can be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nConsider using the `EncryptedFile` class to work with files containing sensitive data. Alternatively, use encryption algorithms to encrypt the sensitive data being stored.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext using a local file.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the filesystem.\n\n\n```java\npublic void fileSystemStorageUnsafe(String name, String password) {\n\t// BAD - sensitive data stored in cleartext\n    FileWriter fw = new FileWriter(\"some_file.txt\");\n    fw.write(name + \":\" + password);\n    fw.close();\n}\n\npublic void filesystemStorageEncryptedFileSafe(Context context, String name, String password) {\n\t// GOOD - the whole file is encrypted with androidx.security.crypto.EncryptedFile\n    File file = new File(\"some_file.txt\");\n    String masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);\n    EncryptedFile encryptedFile = new EncryptedFile.Builder(\n        file,\n        context,\n        masterKeyAlias,\n        EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB\n    ).build();\n\tFileOutputStream encryptedOutputStream = encryptedFile.openFileOutput();\n\tencryptedOutputStream.write(name + \":\" + password);\n}\n\npublic void fileSystemStorageSafe(String name, String password) {\n\t// GOOD - sensitive data is encrypted using a custom method\n    FileWriter fw = new FileWriter(\"some_file.txt\");\n    fw.write(name + \":\" + encrypt(password));\n    fw.close();\n}\n\nprivate static String encrypt(String cleartext) {\n    // Use an encryption or strong hashing algorithm in the real world.\n    // The example below just returns a SHA-256 hash.\n    MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n    byte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n    String encoded = Base64.getEncoder().encodeToString(hash);\n    return encoded;\n}\n\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* Android Developers: [EncryptedFile](https://developer.android.com/reference/androidx/security/crypto/EncryptedFile)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n","markdown":"# Cleartext storage of sensitive information in the Android filesystem\nAndroid applications with the appropriate permissions can write files either to the device external storage or the application internal storage, depending on the application's needs. However, sensitive information should not be saved in cleartext. Otherwise it can be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nConsider using the `EncryptedFile` class to work with files containing sensitive data. Alternatively, use encryption algorithms to encrypt the sensitive data being stored.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext using a local file.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the filesystem.\n\n\n```java\npublic void fileSystemStorageUnsafe(String name, String password) {\n\t// BAD - sensitive data stored in cleartext\n    FileWriter fw = new FileWriter(\"some_file.txt\");\n    fw.write(name + \":\" + password);\n    fw.close();\n}\n\npublic void filesystemStorageEncryptedFileSafe(Context context, String name, String password) {\n\t// GOOD - the whole file is encrypted with androidx.security.crypto.EncryptedFile\n    File file = new File(\"some_file.txt\");\n    String masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);\n    EncryptedFile encryptedFile = new EncryptedFile.Builder(\n        file,\n        context,\n        masterKeyAlias,\n        EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB\n    ).build();\n\tFileOutputStream encryptedOutputStream = encryptedFile.openFileOutput();\n\tencryptedOutputStream.write(name + \":\" + password);\n}\n\npublic void fileSystemStorageSafe(String name, String password) {\n\t// GOOD - sensitive data is encrypted using a custom method\n    FileWriter fw = new FileWriter(\"some_file.txt\");\n    fw.write(name + \":\" + encrypt(password));\n    fw.close();\n}\n\nprivate static String encrypt(String cleartext) {\n    // Use an encryption or strong hashing algorithm in the real world.\n    // The example below just returns a SHA-256 hash.\n    MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n    byte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n    String encoded = Base64.getEncoder().encodeToString(hash);\n    return encoded;\n}\n\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* Android Developers: [EncryptedFile](https://developer.android.com/reference/androidx/security/crypto/EncryptedFile)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n"},"properties":{"tags":["security","external/cwe/cwe-312","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Cleartext storage of sensitive information in the Android filesystem\n              allows access for users with root privileges or unexpected exposure\n              from chained vulnerabilities.","id":"java/android/cleartext-storage-filesystem","kind":"problem","name":"Cleartext storage of sensitive information in the Android filesystem","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/android/cleartext-storage-shared-prefs","name":"java/android/cleartext-storage-shared-prefs","shortDescription":{"text":"Cleartext storage of sensitive information using `SharedPreferences` on Android"},"fullDescription":{"text":"Cleartext Storage of Sensitive Information using SharedPreferences on Android allows access for users with root privileges or unexpected exposure from chained vulnerabilities."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Cleartext storage of sensitive information using `SharedPreferences` on Android\n`SharedPreferences` is an Android API that stores application preferences using simple sets of data values. It allows you to easily save, alter, and retrieve the values stored in a user's profile. However, sensitive information should not be saved in cleartext. Otherwise it can be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nUse the `EncryptedSharedPreferences` API or other encryption algorithms for storing sensitive information.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the device.\n\n\n```java\npublic void testSetSharedPrefs(Context context, String name, String password)\n{\n\t{\n\t\t// BAD - sensitive information saved in cleartext.\n\t\tSharedPreferences sharedPrefs = context.getSharedPreferences(\"user_prefs\", Context.MODE_PRIVATE);\n\t\tEditor editor = sharedPrefs.edit();\n\t\teditor.putString(\"name\", name);\n\t\teditor.putString(\"password\", password);\n\t\teditor.commit();\n\t}\n\n\t{\n\t\t// GOOD - save sensitive information encrypted with a custom method.\n\t\tSharedPreferences sharedPrefs = context.getSharedPreferences(\"user_prefs\", Context.MODE_PRIVATE);\n\t\tEditor editor = sharedPrefs.edit();\n\t\teditor.putString(\"name\", encrypt(name));\n\t\teditor.putString(\"password\", encrypt(password));\n\t\teditor.commit();\n\t}\n\n\t{\n\t\t// GOOD - sensitive information saved using the built-in `EncryptedSharedPreferences` class in androidx.\n\t\tMasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)\n\t\t\t.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)\n\t\t\t.build();\n\n\t\tSharedPreferences sharedPreferences = EncryptedSharedPreferences.create(\n\t\t\tcontext,\n\t\t\t\"secret_shared_prefs\",\n\t\t\tmasterKey,\n\t\t\tEncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,\n\t\t\tEncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);\n\n\t\tSharedPreferences.Editor editor = sharedPreferences.edit();\n\t\teditor.putString(\"name\", name);\n\t\teditor.putString(\"password\", password);\n\t\teditor.commit();\n\t}\n}\n\nprivate static String encrypt(String cleartext) throws Exception {\n\t// Use an encryption or hashing algorithm in real world. The demo below just returns its\n\t// hash.\n\tMessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n\tbyte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n\tString encoded = Base64.getEncoder().encodeToString(hash);\n\treturn encoded;\n}\n\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* ProAndroidDev: [Encrypted Preferences in Android](https://proandroiddev.com/encrypted-preferences-in-android-af57a89af7c8)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n","markdown":"# Cleartext storage of sensitive information using `SharedPreferences` on Android\n`SharedPreferences` is an Android API that stores application preferences using simple sets of data values. It allows you to easily save, alter, and retrieve the values stored in a user's profile. However, sensitive information should not be saved in cleartext. Otherwise it can be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nUse the `EncryptedSharedPreferences` API or other encryption algorithms for storing sensitive information.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the device.\n\n\n```java\npublic void testSetSharedPrefs(Context context, String name, String password)\n{\n\t{\n\t\t// BAD - sensitive information saved in cleartext.\n\t\tSharedPreferences sharedPrefs = context.getSharedPreferences(\"user_prefs\", Context.MODE_PRIVATE);\n\t\tEditor editor = sharedPrefs.edit();\n\t\teditor.putString(\"name\", name);\n\t\teditor.putString(\"password\", password);\n\t\teditor.commit();\n\t}\n\n\t{\n\t\t// GOOD - save sensitive information encrypted with a custom method.\n\t\tSharedPreferences sharedPrefs = context.getSharedPreferences(\"user_prefs\", Context.MODE_PRIVATE);\n\t\tEditor editor = sharedPrefs.edit();\n\t\teditor.putString(\"name\", encrypt(name));\n\t\teditor.putString(\"password\", encrypt(password));\n\t\teditor.commit();\n\t}\n\n\t{\n\t\t// GOOD - sensitive information saved using the built-in `EncryptedSharedPreferences` class in androidx.\n\t\tMasterKey masterKey = new MasterKey.Builder(context, MasterKey.DEFAULT_MASTER_KEY_ALIAS)\n\t\t\t.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)\n\t\t\t.build();\n\n\t\tSharedPreferences sharedPreferences = EncryptedSharedPreferences.create(\n\t\t\tcontext,\n\t\t\t\"secret_shared_prefs\",\n\t\t\tmasterKey,\n\t\t\tEncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,\n\t\t\tEncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);\n\n\t\tSharedPreferences.Editor editor = sharedPreferences.edit();\n\t\teditor.putString(\"name\", name);\n\t\teditor.putString(\"password\", password);\n\t\teditor.commit();\n\t}\n}\n\nprivate static String encrypt(String cleartext) throws Exception {\n\t// Use an encryption or hashing algorithm in real world. The demo below just returns its\n\t// hash.\n\tMessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n\tbyte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n\tString encoded = Base64.getEncoder().encodeToString(hash);\n\treturn encoded;\n}\n\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* ProAndroidDev: [Encrypted Preferences in Android](https://proandroiddev.com/encrypted-preferences-in-android-af57a89af7c8)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n"},"properties":{"tags":["security","external/cwe/cwe-312","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Cleartext Storage of Sensitive Information using\n              SharedPreferences on Android allows access for users with root\n              privileges or unexpected exposure from chained vulnerabilities.","id":"java/android/cleartext-storage-shared-prefs","kind":"problem","name":"Cleartext storage of sensitive information using `SharedPreferences` on Android","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/android/cleartext-storage-database","name":"java/android/cleartext-storage-database","shortDescription":{"text":"Cleartext storage of sensitive information using a local database on Android"},"fullDescription":{"text":"Cleartext Storage of Sensitive Information using a local database on Android allows access for users with root privileges or unexpected exposure from chained vulnerabilities."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Cleartext storage of sensitive information using a local database on Android\nSQLite is a lightweight database engine commonly used in Android devices to store data. By itself, SQLite does not offer any encryption mechanism by default and stores all data in cleartext, which introduces a risk if sensitive data like credentials, authentication tokens or personal identifiable information (PII) are directly stored in a SQLite database. The information could be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nUse `SQLCipher` or similar libraries to add encryption capabilities to SQLite. Alternatively, encrypt sensitive data using cryptographically secure algorithms before storing it in the database.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the database.\n\n\n```java\npublic void sqliteStorageUnsafe(Context ctx, String name, String password) {\n\t// BAD - sensitive information saved in cleartext.\n\tSQLiteDatabase db = ctx.openOrCreateDatabase(\"test\", Context.MODE_PRIVATE, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, password});\n}\n\npublic void sqliteStorageSafe(Context ctx, String name, String password) {\n\t// GOOD - sensitive information encrypted with a custom method.\n\tSQLiteDatabase db = ctx.openOrCreateDatabase(\"test\", Context.MODE_PRIVATE, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, encrypt(password)});\n}\n\npublic void sqlCipherStorageSafe(String name, String password, String databasePassword) {\n\t// GOOD - sensitive information saved using SQLCipher.\n\tnet.sqlcipher.database.SQLiteDatabase db = \n\t\tnet.sqlcipher.database.SQLiteDatabase.openOrCreateDatabase(\"test\", databasePassword, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, password});\n}\n\nprivate static String encrypt(String cleartext) {\n    // Use an encryption or strong hashing algorithm in the real world.\n    // The example below just returns a SHA-256 hash.\n    MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n    byte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n    String encoded = Base64.getEncoder().encodeToString(hash);\n    return encoded;\n}\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* SQLCipher: [Android Application Integration](https://www.zetetic.net/sqlcipher/sqlcipher-for-android/)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n","markdown":"# Cleartext storage of sensitive information using a local database on Android\nSQLite is a lightweight database engine commonly used in Android devices to store data. By itself, SQLite does not offer any encryption mechanism by default and stores all data in cleartext, which introduces a risk if sensitive data like credentials, authentication tokens or personal identifiable information (PII) are directly stored in a SQLite database. The information could be accessed by any process or user in rooted devices, or can be disclosed through chained vulnerabilities, like unexpected access to the private storage through exposed components.\n\n\n## Recommendation\nUse `SQLCipher` or similar libraries to add encryption capabilities to SQLite. Alternatively, encrypt sensitive data using cryptographically secure algorithms before storing it in the database.\n\n\n## Example\nIn the first example, sensitive user information is stored in cleartext.\n\nIn the second and third examples, the code encrypts sensitive information before saving it to the database.\n\n\n```java\npublic void sqliteStorageUnsafe(Context ctx, String name, String password) {\n\t// BAD - sensitive information saved in cleartext.\n\tSQLiteDatabase db = ctx.openOrCreateDatabase(\"test\", Context.MODE_PRIVATE, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, password});\n}\n\npublic void sqliteStorageSafe(Context ctx, String name, String password) {\n\t// GOOD - sensitive information encrypted with a custom method.\n\tSQLiteDatabase db = ctx.openOrCreateDatabase(\"test\", Context.MODE_PRIVATE, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, encrypt(password)});\n}\n\npublic void sqlCipherStorageSafe(String name, String password, String databasePassword) {\n\t// GOOD - sensitive information saved using SQLCipher.\n\tnet.sqlcipher.database.SQLiteDatabase db = \n\t\tnet.sqlcipher.database.SQLiteDatabase.openOrCreateDatabase(\"test\", databasePassword, null);\n\tdb.execSQL(\"INSERT INTO users VALUES (?, ?)\", new String[] {name, password});\n}\n\nprivate static String encrypt(String cleartext) {\n    // Use an encryption or strong hashing algorithm in the real world.\n    // The example below just returns a SHA-256 hash.\n    MessageDigest digest = MessageDigest.getInstance(\"SHA-256\");\n    byte[] hash = digest.digest(cleartext.getBytes(StandardCharsets.UTF_8));\n    String encoded = Base64.getEncoder().encodeToString(hash);\n    return encoded;\n}\n```\n\n## References\n* Android Developers: [Work with data more securely](https://developer.android.com/topic/security/data)\n* SQLCipher: [Android Application Integration](https://www.zetetic.net/sqlcipher/sqlcipher-for-android/)\n* Common Weakness Enumeration: [CWE-312](https://cwe.mitre.org/data/definitions/312.html).\n"},"properties":{"tags":["security","external/cwe/cwe-312","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Cleartext Storage of Sensitive Information using\n              a local database on Android allows access for users with root\n              privileges or unexpected exposure from chained vulnerabilities.","id":"java/android/cleartext-storage-database","kind":"problem","name":"Cleartext storage of sensitive information using a local database on Android","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/socket-auth-race-condition","name":"java/socket-auth-race-condition","shortDescription":{"text":"Race condition in socket authentication"},"fullDescription":{"text":"Opening a socket after authenticating via a different channel may allow an attacker to connect to the port first."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Race condition in socket authentication\nA common pattern is to have a channel of communication open with a user, and then to open another channel, for example to transfer data. However, if user authentication is done over the original channel rather than the alternate channel, then an attacker may be able to connect to the alternate channel before the legitimate user does. This allows the attacker to impersonate the user by \"piggybacking\" on any previous authentication.\n\n\n## Recommendation\nWhen opening an alternate channel for an authenticated user (for example, a Java `Socket`), always authenticate the user over the new channel.\n\n\n## Example\nThis example shows two ways of opening a connection for a user. In the first example, authentication is determined based on materials that the user has already provided (for example, their username and/or password), and then a new channel is opened. However, no authentication is done over the new channel, and so an attacker could connect to it before the user connects.\n\nIn the second example, authentication is done over the socket channel itself, which verifies that the newly connected user is in fact the user that was expected.\n\n\n```java\npublic void doConnect(int desiredPort, String username) {\n\tServerSocket listenSocket = new ServerSocket(desiredPort);\n\n\tif (isAuthenticated(username)) {\n\t\tSocket connection1 = listenSocket.accept();\n\t\t// BAD: no authentication over the socket connection\n\t\tconnection1.getOutputStream().write(secretData);\n\t}\n}\n\npublic void doConnect(int desiredPort, String username) {\n\tServerSocket listenSocket = new ServerSocket(desiredPort);\n\n\tSocket connection2 = listenSocket.accept();\n\t// GOOD: authentication happens over the socket\n\tif (doAuthenticate(connection2, username)) {\n\t\tconnection2.getOutputStream().write(secretData);\n\t}\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-421](https://cwe.mitre.org/data/definitions/421.html).\n","markdown":"# Race condition in socket authentication\nA common pattern is to have a channel of communication open with a user, and then to open another channel, for example to transfer data. However, if user authentication is done over the original channel rather than the alternate channel, then an attacker may be able to connect to the alternate channel before the legitimate user does. This allows the attacker to impersonate the user by \"piggybacking\" on any previous authentication.\n\n\n## Recommendation\nWhen opening an alternate channel for an authenticated user (for example, a Java `Socket`), always authenticate the user over the new channel.\n\n\n## Example\nThis example shows two ways of opening a connection for a user. In the first example, authentication is determined based on materials that the user has already provided (for example, their username and/or password), and then a new channel is opened. However, no authentication is done over the new channel, and so an attacker could connect to it before the user connects.\n\nIn the second example, authentication is done over the socket channel itself, which verifies that the newly connected user is in fact the user that was expected.\n\n\n```java\npublic void doConnect(int desiredPort, String username) {\n\tServerSocket listenSocket = new ServerSocket(desiredPort);\n\n\tif (isAuthenticated(username)) {\n\t\tSocket connection1 = listenSocket.accept();\n\t\t// BAD: no authentication over the socket connection\n\t\tconnection1.getOutputStream().write(secretData);\n\t}\n}\n\npublic void doConnect(int desiredPort, String username) {\n\tServerSocket listenSocket = new ServerSocket(desiredPort);\n\n\tSocket connection2 = listenSocket.accept();\n\t// GOOD: authentication happens over the socket\n\tif (doAuthenticate(connection2, username)) {\n\t\tconnection2.getOutputStream().write(secretData);\n\t}\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-421](https://cwe.mitre.org/data/definitions/421.html).\n"},"properties":{"tags":["security","external/cwe/cwe-421"],"description":"Opening a socket after authenticating via a different channel may allow an attacker to connect to the port first.","id":"java/socket-auth-race-condition","kind":"problem","name":"Race condition in socket authentication","precision":"medium","problem.severity":"warning","security-severity":"7.2"}},{"id":"java/android/websettings-allow-content-access","name":"java/android/websettings-allow-content-access","shortDescription":{"text":"Android WebView settings allows access to content links"},"fullDescription":{"text":"Access to content providers in a WebView can allow access to protected information by loading content:// links."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android WebView settings allows access to content links\nAndroid can provide access to content providers within a WebView using the `setAllowContentAccess` setting.\n\nAllowing access to content providers via `content://` URLs may allow JavaScript to access protected content.\n\n\n## Recommendation\nIf your app does not require access to the `content://` URL functionality, you should explicitly disable the setting by calling `setAllowContentAccess(false)` on the settings of the WebView.\n\n\n## Example\nIn the following (bad) example, access to `content://` URLs is explicitly allowed.\n\n\n```java\nWebSettings settings = webview.getSettings();\n\nsettings.setAllowContentAccess(true);\n\n```\nIn the following (good) example, access to `content://` URLs is explicitly denied.\n\n\n```java\nWebSettings settings = webview.getSettings();\n\nsettings.setAllowContentAccess(false);\n\n```\n\n## References\n* Android Documentation: [setAllowContentAccess](https://developer.android.com/reference/android/webkit/WebSettings#setAllowContentAccess(boolean)).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n","markdown":"# Android WebView settings allows access to content links\nAndroid can provide access to content providers within a WebView using the `setAllowContentAccess` setting.\n\nAllowing access to content providers via `content://` URLs may allow JavaScript to access protected content.\n\n\n## Recommendation\nIf your app does not require access to the `content://` URL functionality, you should explicitly disable the setting by calling `setAllowContentAccess(false)` on the settings of the WebView.\n\n\n## Example\nIn the following (bad) example, access to `content://` URLs is explicitly allowed.\n\n\n```java\nWebSettings settings = webview.getSettings();\n\nsettings.setAllowContentAccess(true);\n\n```\nIn the following (good) example, access to `content://` URLs is explicitly denied.\n\n\n```java\nWebSettings settings = webview.getSettings();\n\nsettings.setAllowContentAccess(false);\n\n```\n\n## References\n* Android Documentation: [setAllowContentAccess](https://developer.android.com/reference/android/webkit/WebSettings#setAllowContentAccess(boolean)).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n"},"properties":{"tags":["security","external/cwe/cwe-200","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Access to content providers in a WebView can allow access to protected information by loading content:// links.","id":"java/android/websettings-allow-content-access","kind":"problem","name":"Android WebView settings allows access to content links","precision":"medium","problem.severity":"warning","security-severity":"6.5"}},{"id":"java/local-temp-file-or-directory-information-disclosure","name":"java/local-temp-file-or-directory-information-disclosure","shortDescription":{"text":"Local information disclosure in a temporary directory"},"fullDescription":{"text":"Writing information without explicit permissions to a shared temporary directory may disclose it to other users."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Local information disclosure in a temporary directory\nLocal information disclosure can occur when files/directories are written into directories that are shared between all users on the system.\n\nOn most [unix-like](https://en.wikipedia.org/wiki/Unix-like) systems, the system temporary directory is shared between local users. If files/directories are created within the system temporary directory without using APIs that explicitly set the correct file permissions, local information disclosure can occur.\n\nDepending upon the particular file contents exposed, this vulnerability can have a [CVSSv3.1 base score of 6.2/10](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1).\n\n\n## Recommendation\nUse JDK methods that specifically protect against this vulnerability:\n\n* [java.nio.file.Files.createTempDirectory](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempDirectory-java.nio.file.Path-java.lang.String-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createTempFile](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempFile-java.nio.file.Path-java.lang.String-java.lang.String-java.nio.file.attribute.FileAttribute...-)\nOtherwise, create the file/directory by manually specifying the expected posix file permissions. For example: `PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))`\n\n* [java.nio.file.Files.createFile](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createFile-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createDirectory](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createDirectory-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createDirectories](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createDirectories-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n\n## Example\nIn the following example, files and directories are created with file permissions that allow other local users to read their contents.\n\n\n```java\nimport java.io.File;\n\npublic class TempDirUsageVulnerable {\n    void exampleVulnerable() {\n        File temp1 = File.createTempFile(\"random\", \".txt\"); // BAD: File has permissions `-rw-r--r--`\n\n        File temp2 = File.createTempFile(\"random\", \"file\", null); // BAD: File has permissions `-rw-r--r--`\n\n        File systemTempDir = new File(System.getProperty(\"java.io.tmpdir\"));\n        File temp3 = File.createTempFile(\"random\", \"file\", systemTempDir); // BAD: File has permissions `-rw-r--r--`\n\n        File tempDir = com.google.common.io.Files.createTempDir(); // BAD: CVE-2020-8908: Directory has permissions `drwxr-xr-x`\n\n        new File(System.getProperty(\"java.io.tmpdir\"), \"/child\").mkdir(); // BAD: Directory has permissions `-rw-r--r--`\n\n        File tempDirChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        Files.createFile(tempDirChildFile.toPath()); // BAD: File has permissions `-rw-r--r--`\n\n        File tempDirChildDir = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-dir\");\n        tempDirChildDir.mkdir(); // BAD: Directory has permissions `drwxr-xr-x`\n        Files.createDirectory(tempDirChildDir.toPath()); // BAD: Directory has permissions `drwxr-xr-x`\n    }\n}\n\n```\nIn the following example, files and directories are created with file permissions that protect their contents.\n\n\n```java\nimport java.io.File;\nimport java.io.IOException;\nimport java.io.UncheckedIOException;\nimport java.nio.file.Files;\nimport java.nio.file.Path;\nimport java.nio.file.attribute.PosixFilePermission;\nimport java.nio.file.attribute.PosixFilePermissions;\n\nimport java.util.EnumSet;\n\n\npublic class TempDirUsageSafe {\n    void exampleSafe() throws IOException {\n        Path temp1 = Files.createTempFile(\"random\", \".txt\"); // GOOD: File has permissions `-rw-------`\n\n        Path temp2 = Files.createTempDirectory(\"random-directory\"); // GOOD: File has permissions `drwx------`\n\n        // Creating a temporary file with a non-randomly generated name\n        File tempChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        // Warning: This will fail on windows as it doesn't support PosixFilePermissions.\n        // See `exampleSafeWithWindowsSupportFile` if your code needs to support windows and unix-like systems.\n        Files.createFile(\n            tempChildFile.toPath(),\n            PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))\n        ); // GOOD: Good has permissions `-rw-------`\n    }\n\n    /*\n     * An example of a safe use of createFile or createDirectory if your code must support windows and unix-like systems.\n     */\n    void exampleSafeWithWindowsSupportFile() {\n        // Creating a temporary file with a non-randomly generated name\n        File tempChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        createTempFile(tempChildFile.toPath()); // GOOD: Good has permissions `-rw-------`\n    }\n\n    static void createTempFile(Path tempDirChild) {\n        try {\n            if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains(\"posix\")) {\n                // Explicit permissions setting is only required on unix-like systems because\n                // the temporary directory is shared between all users.\n                // This is not necessary on Windows, each user has their own temp directory\n                final EnumSet<PosixFilePermission> posixFilePermissions =\n                        EnumSet.of(\n                            PosixFilePermission.OWNER_READ,\n                            PosixFilePermission.OWNER_WRITE\n                        );\n                if (!Files.exists(tempDirChild)) {\n                    Files.createFile(\n                        tempDirChild,\n                        PosixFilePermissions.asFileAttribute(posixFilePermissions)\n                    ); // GOOD: Directory has permissions `-rw-------`\n                } else {\n                    Files.setPosixFilePermissions(\n                            tempDirChild,\n                            posixFilePermissions\n                    ); // GOOD: Good has permissions `-rw-------`, or will throw an exception if this fails\n                }\n            } else if (!Files.exists(tempDirChild)) {\n                // On Windows, we still need to create the directory, when it doesn't already exist.\n                Files.createDirectory(tempDirChild); // GOOD: Windows doesn't share the temp directory between users\n            }\n        } catch (IOException exception) {\n            throw new UncheckedIOException(\"Failed to create temp file\", exception);\n        }\n    }\n\n    void exampleSafeWithWindowsSupportDirectory() {\n        File tempDirChildDir = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-dir\");\n        createTempDirectories(tempDirChildDir.toPath()); // GOOD: Directory has permissions `drwx------`\n    }\n\n    static void createTempDirectories(Path tempDirChild) {\n        try {\n            if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains(\"posix\")) {\n                // Explicit permissions setting is only required on unix-like systems because\n                // the temporary directory is shared between all users.\n                // This is not necessary on Windows, each user has their own temp directory\n                final EnumSet<PosixFilePermission> posixFilePermissions =\n                        EnumSet.of(\n                            PosixFilePermission.OWNER_READ,\n                            PosixFilePermission.OWNER_WRITE,\n                            PosixFilePermission.OWNER_EXECUTE\n                        );\n                if (!Files.exists(tempDirChild)) {\n                    Files.createDirectories(\n                        tempDirChild,\n                        PosixFilePermissions.asFileAttribute(posixFilePermissions)\n                    ); // GOOD: Directory has permissions `drwx------`\n                } else {\n                    Files.setPosixFilePermissions(\n                            tempDirChild,\n                            posixFilePermissions\n                    ); // GOOD: Good has permissions `drwx------`, or will throw an exception if this fails\n                }\n            } else if (!Files.exists(tempDirChild)) {\n                // On Windows, we still need to create the directory, when it doesn't already exist.\n                Files.createDirectories(tempDirChild); // GOOD: Windows doesn't share the temp directory between users\n            }\n        } catch (IOException exception) {\n            throw new UncheckedIOException(\"Failed to create temp dir\", exception);\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Insecure Temporary File](https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File).\n* CERT: [FIO00-J. Do not operate on files in shared directories](https://wiki.sei.cmu.edu/confluence/display/java/FIO00-J.+Do+not+operate+on+files+in+shared+directories).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n* Common Weakness Enumeration: [CWE-732](https://cwe.mitre.org/data/definitions/732.html).\n","markdown":"# Local information disclosure in a temporary directory\nLocal information disclosure can occur when files/directories are written into directories that are shared between all users on the system.\n\nOn most [unix-like](https://en.wikipedia.org/wiki/Unix-like) systems, the system temporary directory is shared between local users. If files/directories are created within the system temporary directory without using APIs that explicitly set the correct file permissions, local information disclosure can occur.\n\nDepending upon the particular file contents exposed, this vulnerability can have a [CVSSv3.1 base score of 6.2/10](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1).\n\n\n## Recommendation\nUse JDK methods that specifically protect against this vulnerability:\n\n* [java.nio.file.Files.createTempDirectory](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempDirectory-java.nio.file.Path-java.lang.String-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createTempFile](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createTempFile-java.nio.file.Path-java.lang.String-java.lang.String-java.nio.file.attribute.FileAttribute...-)\nOtherwise, create the file/directory by manually specifying the expected posix file permissions. For example: `PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))`\n\n* [java.nio.file.Files.createFile](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createFile-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createDirectory](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createDirectory-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n* [java.nio.file.Files.createDirectories](https://docs.oracle.com/javase/8/docs/api/java/nio/file/Files.html#createDirectories-java.nio.file.Path-java.nio.file.attribute.FileAttribute...-)\n\n## Example\nIn the following example, files and directories are created with file permissions that allow other local users to read their contents.\n\n\n```java\nimport java.io.File;\n\npublic class TempDirUsageVulnerable {\n    void exampleVulnerable() {\n        File temp1 = File.createTempFile(\"random\", \".txt\"); // BAD: File has permissions `-rw-r--r--`\n\n        File temp2 = File.createTempFile(\"random\", \"file\", null); // BAD: File has permissions `-rw-r--r--`\n\n        File systemTempDir = new File(System.getProperty(\"java.io.tmpdir\"));\n        File temp3 = File.createTempFile(\"random\", \"file\", systemTempDir); // BAD: File has permissions `-rw-r--r--`\n\n        File tempDir = com.google.common.io.Files.createTempDir(); // BAD: CVE-2020-8908: Directory has permissions `drwxr-xr-x`\n\n        new File(System.getProperty(\"java.io.tmpdir\"), \"/child\").mkdir(); // BAD: Directory has permissions `-rw-r--r--`\n\n        File tempDirChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        Files.createFile(tempDirChildFile.toPath()); // BAD: File has permissions `-rw-r--r--`\n\n        File tempDirChildDir = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-dir\");\n        tempDirChildDir.mkdir(); // BAD: Directory has permissions `drwxr-xr-x`\n        Files.createDirectory(tempDirChildDir.toPath()); // BAD: Directory has permissions `drwxr-xr-x`\n    }\n}\n\n```\nIn the following example, files and directories are created with file permissions that protect their contents.\n\n\n```java\nimport java.io.File;\nimport java.io.IOException;\nimport java.io.UncheckedIOException;\nimport java.nio.file.Files;\nimport java.nio.file.Path;\nimport java.nio.file.attribute.PosixFilePermission;\nimport java.nio.file.attribute.PosixFilePermissions;\n\nimport java.util.EnumSet;\n\n\npublic class TempDirUsageSafe {\n    void exampleSafe() throws IOException {\n        Path temp1 = Files.createTempFile(\"random\", \".txt\"); // GOOD: File has permissions `-rw-------`\n\n        Path temp2 = Files.createTempDirectory(\"random-directory\"); // GOOD: File has permissions `drwx------`\n\n        // Creating a temporary file with a non-randomly generated name\n        File tempChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        // Warning: This will fail on windows as it doesn't support PosixFilePermissions.\n        // See `exampleSafeWithWindowsSupportFile` if your code needs to support windows and unix-like systems.\n        Files.createFile(\n            tempChildFile.toPath(),\n            PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))\n        ); // GOOD: Good has permissions `-rw-------`\n    }\n\n    /*\n     * An example of a safe use of createFile or createDirectory if your code must support windows and unix-like systems.\n     */\n    void exampleSafeWithWindowsSupportFile() {\n        // Creating a temporary file with a non-randomly generated name\n        File tempChildFile = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-create-file.txt\");\n        createTempFile(tempChildFile.toPath()); // GOOD: Good has permissions `-rw-------`\n    }\n\n    static void createTempFile(Path tempDirChild) {\n        try {\n            if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains(\"posix\")) {\n                // Explicit permissions setting is only required on unix-like systems because\n                // the temporary directory is shared between all users.\n                // This is not necessary on Windows, each user has their own temp directory\n                final EnumSet<PosixFilePermission> posixFilePermissions =\n                        EnumSet.of(\n                            PosixFilePermission.OWNER_READ,\n                            PosixFilePermission.OWNER_WRITE\n                        );\n                if (!Files.exists(tempDirChild)) {\n                    Files.createFile(\n                        tempDirChild,\n                        PosixFilePermissions.asFileAttribute(posixFilePermissions)\n                    ); // GOOD: Directory has permissions `-rw-------`\n                } else {\n                    Files.setPosixFilePermissions(\n                            tempDirChild,\n                            posixFilePermissions\n                    ); // GOOD: Good has permissions `-rw-------`, or will throw an exception if this fails\n                }\n            } else if (!Files.exists(tempDirChild)) {\n                // On Windows, we still need to create the directory, when it doesn't already exist.\n                Files.createDirectory(tempDirChild); // GOOD: Windows doesn't share the temp directory between users\n            }\n        } catch (IOException exception) {\n            throw new UncheckedIOException(\"Failed to create temp file\", exception);\n        }\n    }\n\n    void exampleSafeWithWindowsSupportDirectory() {\n        File tempDirChildDir = new File(System.getProperty(\"java.io.tmpdir\"), \"/child-dir\");\n        createTempDirectories(tempDirChildDir.toPath()); // GOOD: Directory has permissions `drwx------`\n    }\n\n    static void createTempDirectories(Path tempDirChild) {\n        try {\n            if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains(\"posix\")) {\n                // Explicit permissions setting is only required on unix-like systems because\n                // the temporary directory is shared between all users.\n                // This is not necessary on Windows, each user has their own temp directory\n                final EnumSet<PosixFilePermission> posixFilePermissions =\n                        EnumSet.of(\n                            PosixFilePermission.OWNER_READ,\n                            PosixFilePermission.OWNER_WRITE,\n                            PosixFilePermission.OWNER_EXECUTE\n                        );\n                if (!Files.exists(tempDirChild)) {\n                    Files.createDirectories(\n                        tempDirChild,\n                        PosixFilePermissions.asFileAttribute(posixFilePermissions)\n                    ); // GOOD: Directory has permissions `drwx------`\n                } else {\n                    Files.setPosixFilePermissions(\n                            tempDirChild,\n                            posixFilePermissions\n                    ); // GOOD: Good has permissions `drwx------`, or will throw an exception if this fails\n                }\n            } else if (!Files.exists(tempDirChild)) {\n                // On Windows, we still need to create the directory, when it doesn't already exist.\n                Files.createDirectories(tempDirChild); // GOOD: Windows doesn't share the temp directory between users\n            }\n        } catch (IOException exception) {\n            throw new UncheckedIOException(\"Failed to create temp dir\", exception);\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Insecure Temporary File](https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File).\n* CERT: [FIO00-J. Do not operate on files in shared directories](https://wiki.sei.cmu.edu/confluence/display/java/FIO00-J.+Do+not+operate+on+files+in+shared+directories).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n* Common Weakness Enumeration: [CWE-732](https://cwe.mitre.org/data/definitions/732.html).\n"},"properties":{"tags":["security","external/cwe/cwe-200","external/cwe/cwe-732","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Writing information without explicit permissions to a shared temporary directory may disclose it to other users.","id":"java/local-temp-file-or-directory-information-disclosure","kind":"path-problem","name":"Local information disclosure in a temporary directory","precision":"medium","problem.severity":"warning","security-severity":"6.5"}},{"id":"java/android/websettings-file-access","name":"java/android/websettings-file-access","shortDescription":{"text":"Android WebSettings file access"},"fullDescription":{"text":"Enabling access to the file system in a WebView allows attackers to view sensitive information."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android WebSettings file access\nAllowing file access in an Android WebView can expose a device's file system to the JavaScript running in that WebView. If the JavaScript contains vulnerabilities or the WebView loads untrusted content, file access allows an attacker to steal the user's data.\n\n\n## Recommendation\nWhen possible, do not allow file access. The file access settings are disabled by default. You can explicitly disable file access by setting the following settings to `false`:\n\n* `setAllowFileAccess`\n* `setAllowFileAccessFromFileURLs`\n* `setAllowUniversalAccessFromFileURLs`\nIf your application requires access to the file system, it is best to avoid using `file://` URLs. Instead, use an alternative that loads files via HTTPS, such as `androidx.webkit.WebViewAssetLoader`.\n\n\n## Example\nIn the following (bad) example, the WebView is configured with settings that allow local file access.\n\n\n```java\nWebSettings settings = view.getSettings();\n\nsettings.setAllowFileAccess(true);\nsettings.setAllowFileAccessFromURLs(true);\nsettings.setAllowUniversalAccessFromURLs(true);\n\n```\nIn the following (good) example, the WebView is configured to disallow file access.\n\n\n```java\nWebSettings settings = view.getSettings();\n\nsettings.setAllowFileAccess(false);\nsettings.setAllowFileAccessFromURLs(false);\nsettings.setAllowUniversalAccessFromURLs(false);\n\n```\nAs mentioned previously, asset loaders can load files without file system access. In the following (good) example, an asset loader is configured to load assets over HTTPS.\n\n\n```java\nWebViewAssetLoader loader = new WebViewAssetLoader.Builder()\n    // Replace the domain with a domain you control, or use the default\n    // appassets.androidplatform.com\n    .setDomain(\"appassets.example.com\")\n    .addPathHandler(\"/resources\", new AssetsPathHandler(this))\n    .build();\n\nwebView.setWebViewClient(new WebViewClientCompat() {\n    @Override\n    public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {\n        return assetLoader.shouldInterceptRequest(request.getUrl());\n    }\n});\n\nwebView.loadUrl(\"https://appassets.example.com/resources/www/index.html\");\n\n```\n\n## References\n* Android documentation: [WebSettings.setAllowFileAccess](https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)).\n* Android documentation: [WebSettings.setAllowFileAccessFromFileURLs](https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccessFromFileURLs(boolean)).\n* Android documentation: [WebSettings.setAllowUniversalAccessFromFileURLs](https://developer.android.com/reference/android/webkit/WebSettings#setAllowUniversalAccessFromFileURLs(boolean)).\n* Android documentation: [WebViewAssetLoader](https://developer.android.com/reference/androidx/webkit/WebViewAssetLoader).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n","markdown":"# Android WebSettings file access\nAllowing file access in an Android WebView can expose a device's file system to the JavaScript running in that WebView. If the JavaScript contains vulnerabilities or the WebView loads untrusted content, file access allows an attacker to steal the user's data.\n\n\n## Recommendation\nWhen possible, do not allow file access. The file access settings are disabled by default. You can explicitly disable file access by setting the following settings to `false`:\n\n* `setAllowFileAccess`\n* `setAllowFileAccessFromFileURLs`\n* `setAllowUniversalAccessFromFileURLs`\nIf your application requires access to the file system, it is best to avoid using `file://` URLs. Instead, use an alternative that loads files via HTTPS, such as `androidx.webkit.WebViewAssetLoader`.\n\n\n## Example\nIn the following (bad) example, the WebView is configured with settings that allow local file access.\n\n\n```java\nWebSettings settings = view.getSettings();\n\nsettings.setAllowFileAccess(true);\nsettings.setAllowFileAccessFromURLs(true);\nsettings.setAllowUniversalAccessFromURLs(true);\n\n```\nIn the following (good) example, the WebView is configured to disallow file access.\n\n\n```java\nWebSettings settings = view.getSettings();\n\nsettings.setAllowFileAccess(false);\nsettings.setAllowFileAccessFromURLs(false);\nsettings.setAllowUniversalAccessFromURLs(false);\n\n```\nAs mentioned previously, asset loaders can load files without file system access. In the following (good) example, an asset loader is configured to load assets over HTTPS.\n\n\n```java\nWebViewAssetLoader loader = new WebViewAssetLoader.Builder()\n    // Replace the domain with a domain you control, or use the default\n    // appassets.androidplatform.com\n    .setDomain(\"appassets.example.com\")\n    .addPathHandler(\"/resources\", new AssetsPathHandler(this))\n    .build();\n\nwebView.setWebViewClient(new WebViewClientCompat() {\n    @Override\n    public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {\n        return assetLoader.shouldInterceptRequest(request.getUrl());\n    }\n});\n\nwebView.loadUrl(\"https://appassets.example.com/resources/www/index.html\");\n\n```\n\n## References\n* Android documentation: [WebSettings.setAllowFileAccess](https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)).\n* Android documentation: [WebSettings.setAllowFileAccessFromFileURLs](https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccessFromFileURLs(boolean)).\n* Android documentation: [WebSettings.setAllowUniversalAccessFromFileURLs](https://developer.android.com/reference/android/webkit/WebSettings#setAllowUniversalAccessFromFileURLs(boolean)).\n* Android documentation: [WebViewAssetLoader](https://developer.android.com/reference/androidx/webkit/WebViewAssetLoader).\n* Common Weakness Enumeration: [CWE-200](https://cwe.mitre.org/data/definitions/200.html).\n"},"properties":{"tags":["security","external/cwe/cwe-200","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"Enabling access to the file system in a WebView allows attackers to view sensitive information.","id":"java/android/websettings-file-access","kind":"problem","name":"Android WebSettings file access","precision":"medium","problem.severity":"warning","security-severity":"6.5"}},{"id":"java/android/webview-addjavascriptinterface","name":"java/android/webview-addjavascriptinterface","shortDescription":{"text":"Access Java object methods through JavaScript exposure"},"fullDescription":{"text":"Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Access Java object methods through JavaScript exposure\nCalling the `addJavascriptInterface` method of the `android.webkit.WebView` class allows the web pages of a WebView to access a Java object's methods via JavaScript.\n\nObjects exposed to JavaScript are available in all frames of the WebView.\n\n\n## Recommendation\nIf you need to expose Java objects to JavaScript, guarantee that no untrusted third-party content is loaded into the WebView.\n\n\n## Example\nIn the following (bad) example, a Java object is exposed to JavaScript.\n\n\n```java\nimport android.webkit.JavascriptInterface;\nimport android.database.sqlite.SQLiteOpenHelper;\n\nclass ExposedObject extends SQLiteOpenHelper {\n    @JavascriptInterface\n    public String studentEmail(String studentName) {\n        // SQL injection\n        String query = \"SELECT email FROM students WHERE studentname = '\" + studentName + \"'\";\n\n        Cursor cursor = db.rawQuery(query, null);\n        cursor.moveToFirst();\n        String email = cursor.getString(0);\n\n        return email;\n    }\n}\n\nwebview.getSettings().setJavaScriptEnabled(true);\nwebview.addJavaScriptInterface(new ExposedObject(), \"exposedObject\");\nwebview.loadData(\"\", \"text/html\", null);\n\nString name = \"Robert'; DROP TABLE students; --\";\nwebview.loadUrl(\"javascript:alert(exposedObject.studentEmail(\\\"\"+ name +\"\\\"))\");\n\n```\n\n## References\n* Android Documentation: [addJavascriptInterface](https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String))\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n","markdown":"# Access Java object methods through JavaScript exposure\nCalling the `addJavascriptInterface` method of the `android.webkit.WebView` class allows the web pages of a WebView to access a Java object's methods via JavaScript.\n\nObjects exposed to JavaScript are available in all frames of the WebView.\n\n\n## Recommendation\nIf you need to expose Java objects to JavaScript, guarantee that no untrusted third-party content is loaded into the WebView.\n\n\n## Example\nIn the following (bad) example, a Java object is exposed to JavaScript.\n\n\n```java\nimport android.webkit.JavascriptInterface;\nimport android.database.sqlite.SQLiteOpenHelper;\n\nclass ExposedObject extends SQLiteOpenHelper {\n    @JavascriptInterface\n    public String studentEmail(String studentName) {\n        // SQL injection\n        String query = \"SELECT email FROM students WHERE studentname = '\" + studentName + \"'\";\n\n        Cursor cursor = db.rawQuery(query, null);\n        cursor.moveToFirst();\n        String email = cursor.getString(0);\n\n        return email;\n    }\n}\n\nwebview.getSettings().setJavaScriptEnabled(true);\nwebview.addJavaScriptInterface(new ExposedObject(), \"exposedObject\");\nwebview.loadData(\"\", \"text/html\", null);\n\nString name = \"Robert'; DROP TABLE students; --\";\nwebview.loadUrl(\"javascript:alert(exposedObject.studentEmail(\\\"\"+ name +\"\\\"))\");\n\n```\n\n## References\n* Android Documentation: [addJavascriptInterface](https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String))\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n"},"properties":{"tags":["security","external/cwe/cwe-079","owasp-top10-2021","A03:2021 - Injection"],"description":"Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application.","id":"java/android/webview-addjavascriptinterface","kind":"problem","name":"Access Java object methods through JavaScript exposure","precision":"medium","problem.severity":"warning","security-severity":"6.1"}},{"id":"java/android/websettings-javascript-enabled","name":"java/android/websettings-javascript-enabled","shortDescription":{"text":"Android WebView JavaScript settings"},"fullDescription":{"text":"Enabling JavaScript execution in a WebView can result in cross-site scripting attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android WebView JavaScript settings\nEnabling JavaScript in an Android WebView allows the execution of JavaScript code in the context of the running application. This creates a cross-site scripting vulnerability.\n\nFor example, if your application's WebView allows for visiting web pages that you do not trust, it is possible for an attacker to lead the user to a page which loads malicious JavaScript.\n\nYou can enable or disable Javascript execution using the `setJavaScriptEnabled` method of the settings of a WebView.\n\n\n## Recommendation\nJavaScript execution is disabled by default. You can explicitly disable it by calling `setJavaScriptEnabled(false)` on the settings of the WebView.\n\nIf JavaScript is necessary, only load content from trusted servers using encrypted channels, such as HTTPS with certificate verification.\n\n\n## Example\nIn the following (bad) example, a WebView has JavaScript enabled in its settings:\n\n\n```java\nWebSettings settings = webview.getSettings();\nsettings.setJavaScriptEnabled(true);\n\n```\nIn the following (good) example, a WebView explicitly disallows JavaScript execution:\n\n\n```java\nWebSettings settings = webview.getSettings();\nsettings.setJavaScriptEnabled(false);\n\n```\n\n## References\n* Android documentation: [setJavaScriptEnabled](https://developer.android.com/reference/android/webkit/WebSettings#setJavaScriptEnabled(boolean))\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n","markdown":"# Android WebView JavaScript settings\nEnabling JavaScript in an Android WebView allows the execution of JavaScript code in the context of the running application. This creates a cross-site scripting vulnerability.\n\nFor example, if your application's WebView allows for visiting web pages that you do not trust, it is possible for an attacker to lead the user to a page which loads malicious JavaScript.\n\nYou can enable or disable Javascript execution using the `setJavaScriptEnabled` method of the settings of a WebView.\n\n\n## Recommendation\nJavaScript execution is disabled by default. You can explicitly disable it by calling `setJavaScriptEnabled(false)` on the settings of the WebView.\n\nIf JavaScript is necessary, only load content from trusted servers using encrypted channels, such as HTTPS with certificate verification.\n\n\n## Example\nIn the following (bad) example, a WebView has JavaScript enabled in its settings:\n\n\n```java\nWebSettings settings = webview.getSettings();\nsettings.setJavaScriptEnabled(true);\n\n```\nIn the following (good) example, a WebView explicitly disallows JavaScript execution:\n\n\n```java\nWebSettings settings = webview.getSettings();\nsettings.setJavaScriptEnabled(false);\n\n```\n\n## References\n* Android documentation: [setJavaScriptEnabled](https://developer.android.com/reference/android/webkit/WebSettings#setJavaScriptEnabled(boolean))\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n"},"properties":{"tags":["security","external/cwe/cwe-079","owasp-top10-2021","A03:2021 - Injection"],"description":"Enabling JavaScript execution in a WebView can result in cross-site scripting attacks.","id":"java/android/websettings-javascript-enabled","kind":"problem","name":"Android WebView JavaScript settings","precision":"medium","problem.severity":"warning","security-severity":"6.1"}},{"id":"java/android/missing-certificate-pinning","name":"java/android/missing-certificate-pinning","shortDescription":{"text":"Android missing certificate pinning"},"fullDescription":{"text":"Network connections that do not use certificate pinning may allow attackers to eavesdrop on communications."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android missing certificate pinning\nCertificate pinning is the practice of only trusting a specific set of SSL certificates, rather than those that the device trusts by default. In Android applications, it is reccomended to use certificate pinning when communicating over the network, in order to minimize the risk of machine-in-the-middle attacks from a compromised CA.\n\n\n## Recommendation\nThe easiest way to implement certificate pinning is to declare your pins in a `network-security-config` XML file. This will automatically provide certificate pinning for any network connection made by the app.\n\nAnother way to implement certificate pinning is to use the \\`CertificatePinner\\` class from the \\`okhttp\\` library.\n\nA final way to implement certificate pinning is to use a `TrustManager`, initialized from a `KeyStore` loaded with only the necessary certificates.\n\n\n## Example\nIn the first (bad) case below, a network call is performed with no certificate pinning implemented. The other (good) cases demonstrate the different ways to implement certificate pinning.\n\n\n```java\n// BAD - By default, this network call does not use certificate pinning\nURLConnection conn = new URL(\"https://example.com\").openConnection();\n```\n\n```xml\n<!-- GOOD: Certificate pinning implemented via a Network Security Config file -->\n\n<!-- In AndroidManifest.xml -->\n<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\"\n    package=\"com.example.app\">\n\n    <application android:networkSecurityConfig=\"@xml/NetworkSecurityConfig\">\n        ...\n    </application>\n\n</manifest>\n\n<!-- In res/xml/NetworkSecurityConfig.xml -->\n<network-security-config>\n    <domain-config>\n        <domain>good.example.com</domain>\n        <pin-set expiration=\"2038/1/19\">\n            <pin digest=\"SHA-256\">...</pin>\n        </pin-set>\n    </domain-config>\n</network-security-config>\n```\n\n```java\n// GOOD: Certificate pinning implemented via okhttp3.CertificatePinner \nCertificatePinner certificatePinner = new CertificatePinner.Builder()\n    .add(\"example.com\", \"sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\")\n    .build();\nOkHttpClient client = new OkHttpClient.Builder()\n    .certificatePinner(certificatePinner)\n    .build();\n\nclient.newCall(new Request.Builder().url(\"https://example.com\").build()).execute();\n\n\n\n// GOOD: Certificate pinning implemented via a TrustManager\nKeyStore keyStore = KeyStore.getInstance(\"BKS\");\nkeyStore.load(resources.openRawResource(R.raw.cert), null);\n\nTrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());\ntmf.init(keyStore);\n\nSSLContext sslContext = SSLContext.getInstance(\"TLS\");\nsslContext.init(null, tmf.getTrustManagers(), null);\n\nURL url = new URL(\"http://www.example.com/\");\nHttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); \n\nurlConnection.setSSLSocketFactory(sslContext.getSocketFactory());\n```\n\n## References\n* OWASP Mobile Security: [Testing Custom Certificate Stores and Certificate Pinning (MSTG-NETWORK-4)](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05g-testing-network-communication#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4).\n* Android Developers: [Network security configuration](https://developer.android.com/training/articles/security-config).\n* OkHttp: [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n","markdown":"# Android missing certificate pinning\nCertificate pinning is the practice of only trusting a specific set of SSL certificates, rather than those that the device trusts by default. In Android applications, it is reccomended to use certificate pinning when communicating over the network, in order to minimize the risk of machine-in-the-middle attacks from a compromised CA.\n\n\n## Recommendation\nThe easiest way to implement certificate pinning is to declare your pins in a `network-security-config` XML file. This will automatically provide certificate pinning for any network connection made by the app.\n\nAnother way to implement certificate pinning is to use the \\`CertificatePinner\\` class from the \\`okhttp\\` library.\n\nA final way to implement certificate pinning is to use a `TrustManager`, initialized from a `KeyStore` loaded with only the necessary certificates.\n\n\n## Example\nIn the first (bad) case below, a network call is performed with no certificate pinning implemented. The other (good) cases demonstrate the different ways to implement certificate pinning.\n\n\n```java\n// BAD - By default, this network call does not use certificate pinning\nURLConnection conn = new URL(\"https://example.com\").openConnection();\n```\n\n```xml\n<!-- GOOD: Certificate pinning implemented via a Network Security Config file -->\n\n<!-- In AndroidManifest.xml -->\n<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\"\n    package=\"com.example.app\">\n\n    <application android:networkSecurityConfig=\"@xml/NetworkSecurityConfig\">\n        ...\n    </application>\n\n</manifest>\n\n<!-- In res/xml/NetworkSecurityConfig.xml -->\n<network-security-config>\n    <domain-config>\n        <domain>good.example.com</domain>\n        <pin-set expiration=\"2038/1/19\">\n            <pin digest=\"SHA-256\">...</pin>\n        </pin-set>\n    </domain-config>\n</network-security-config>\n```\n\n```java\n// GOOD: Certificate pinning implemented via okhttp3.CertificatePinner \nCertificatePinner certificatePinner = new CertificatePinner.Builder()\n    .add(\"example.com\", \"sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\")\n    .build();\nOkHttpClient client = new OkHttpClient.Builder()\n    .certificatePinner(certificatePinner)\n    .build();\n\nclient.newCall(new Request.Builder().url(\"https://example.com\").build()).execute();\n\n\n\n// GOOD: Certificate pinning implemented via a TrustManager\nKeyStore keyStore = KeyStore.getInstance(\"BKS\");\nkeyStore.load(resources.openRawResource(R.raw.cert), null);\n\nTrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());\ntmf.init(keyStore);\n\nSSLContext sslContext = SSLContext.getInstance(\"TLS\");\nsslContext.init(null, tmf.getTrustManagers(), null);\n\nURL url = new URL(\"http://www.example.com/\");\nHttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); \n\nurlConnection.setSSLSocketFactory(sslContext.getSocketFactory());\n```\n\n## References\n* OWASP Mobile Security: [Testing Custom Certificate Stores and Certificate Pinning (MSTG-NETWORK-4)](https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05g-testing-network-communication#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4).\n* Android Developers: [Network security configuration](https://developer.android.com/training/articles/security-config).\n* OkHttp: [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/).\n* Common Weakness Enumeration: [CWE-295](https://cwe.mitre.org/data/definitions/295.html).\n"},"properties":{"tags":["security","external/cwe/cwe-295","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Network connections that do not use certificate pinning may allow attackers to eavesdrop on communications.","id":"java/android/missing-certificate-pinning","kind":"problem","name":"Android missing certificate pinning","precision":"medium","problem.severity":"warning","security-severity":"5.9"}},{"id":"java/insecure-basic-auth","name":"java/insecure-basic-auth","shortDescription":{"text":"Insecure basic authentication"},"fullDescription":{"text":"Basic authentication only obfuscates username/password in Base64 encoding, which can be easily recognized and reversed. Transmitting sensitive information without using HTTPS makes the data vulnerable to packet sniffing."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Insecure basic authentication\nBasic authentication only obfuscates usernames and passwords in Base64 encoding, which can be easily recognized and reversed, thus it must not be transmitted over the cleartext HTTP channel. Transmitting sensitive information without using HTTPS makes the data vulnerable to packet sniffing.\n\n\n## Recommendation\nEither use a more secure authentication mechanism like digest authentication or federated authentication, or use the HTTPS communication protocol.\n\n\n## Example\nThe following example shows two ways of using basic authentication. In the 'BAD' case, the credentials are transmitted over HTTP. In the 'GOOD' case, the credentials are transmitted over HTTPS.\n\n\n```java\npublic class InsecureBasicAuth {\n  /**\n   * Test basic authentication with Apache HTTP request.\n   */\n  public void testApacheHttpRequest(String username, String password) {\n\n    // BAD: basic authentication over HTTP\n    String url = \"http://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    // GOOD: basic authentication over HTTPS\n    url = \"https://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    HttpPost post = new HttpPost(url);\n    post.setHeader(\"Accept\", \"application/json\");\n    post.setHeader(\"Content-type\", \"application/json\");\n\n    String authString = username + \":\" + password;\n    byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());\n    String authStringEnc = new String(authEncBytes);\n\n    post.addHeader(\"Authorization\", \"Basic \" + authStringEnc);\n  }\n\n  /**\n   * Test basic authentication with Java HTTP URL connection.\n   */\n  public void testHttpUrlConnection(String username, String password) {\n\n    // BAD: basic authentication over HTTP\n    String urlStr = \"http://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    // GOOD: basic authentication over HTTPS\n    urlStr = \"https://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    String authString = username + \":\" + password;\n    String encoding = Base64.getEncoder().encodeToString(authString.getBytes(\"UTF-8\"));\n    URL url = new URL(urlStr);\n    HttpURLConnection conn = (HttpURLConnection) url.openConnection();\n    conn.setRequestMethod(\"POST\");\n    conn.setDoOutput(true);\n    conn.setRequestProperty(\"Authorization\", \"Basic \" + encoding);\n  }\n}\n\n```\n\n## References\n* SonarSource rule: [Basic authentication should not be used](https://rules.sonarsource.com/java/tag/owasp/RSPEC-2647).\n* Acunetix: [WEB VULNERABILITIES INDEX - Basic authentication over HTTP](https://www.acunetix.com/vulnerabilities/web/basic-authentication-over-http/).\n* Common Weakness Enumeration: [CWE-522](https://cwe.mitre.org/data/definitions/522.html).\n* Common Weakness Enumeration: [CWE-319](https://cwe.mitre.org/data/definitions/319.html).\n","markdown":"# Insecure basic authentication\nBasic authentication only obfuscates usernames and passwords in Base64 encoding, which can be easily recognized and reversed, thus it must not be transmitted over the cleartext HTTP channel. Transmitting sensitive information without using HTTPS makes the data vulnerable to packet sniffing.\n\n\n## Recommendation\nEither use a more secure authentication mechanism like digest authentication or federated authentication, or use the HTTPS communication protocol.\n\n\n## Example\nThe following example shows two ways of using basic authentication. In the 'BAD' case, the credentials are transmitted over HTTP. In the 'GOOD' case, the credentials are transmitted over HTTPS.\n\n\n```java\npublic class InsecureBasicAuth {\n  /**\n   * Test basic authentication with Apache HTTP request.\n   */\n  public void testApacheHttpRequest(String username, String password) {\n\n    // BAD: basic authentication over HTTP\n    String url = \"http://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    // GOOD: basic authentication over HTTPS\n    url = \"https://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    HttpPost post = new HttpPost(url);\n    post.setHeader(\"Accept\", \"application/json\");\n    post.setHeader(\"Content-type\", \"application/json\");\n\n    String authString = username + \":\" + password;\n    byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());\n    String authStringEnc = new String(authEncBytes);\n\n    post.addHeader(\"Authorization\", \"Basic \" + authStringEnc);\n  }\n\n  /**\n   * Test basic authentication with Java HTTP URL connection.\n   */\n  public void testHttpUrlConnection(String username, String password) {\n\n    // BAD: basic authentication over HTTP\n    String urlStr = \"http://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    // GOOD: basic authentication over HTTPS\n    urlStr = \"https://www.example.com/rest/getuser.do?uid=abcdx\";\n\n    String authString = username + \":\" + password;\n    String encoding = Base64.getEncoder().encodeToString(authString.getBytes(\"UTF-8\"));\n    URL url = new URL(urlStr);\n    HttpURLConnection conn = (HttpURLConnection) url.openConnection();\n    conn.setRequestMethod(\"POST\");\n    conn.setDoOutput(true);\n    conn.setRequestProperty(\"Authorization\", \"Basic \" + encoding);\n  }\n}\n\n```\n\n## References\n* SonarSource rule: [Basic authentication should not be used](https://rules.sonarsource.com/java/tag/owasp/RSPEC-2647).\n* Acunetix: [WEB VULNERABILITIES INDEX - Basic authentication over HTTP](https://www.acunetix.com/vulnerabilities/web/basic-authentication-over-http/).\n* Common Weakness Enumeration: [CWE-522](https://cwe.mitre.org/data/definitions/522.html).\n* Common Weakness Enumeration: [CWE-319](https://cwe.mitre.org/data/definitions/319.html).\n"},"properties":{"tags":["security","external/cwe/cwe-522","external/cwe/cwe-319","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Basic authentication only obfuscates username/password in\n              Base64 encoding, which can be easily recognized and reversed.\n              Transmitting sensitive information without using HTTPS makes\n              the data vulnerable to packet sniffing.","id":"java/insecure-basic-auth","kind":"path-problem","name":"Insecure basic authentication","precision":"medium","problem.severity":"warning","security-severity":"8.8"}},{"id":"java/log-injection","name":"java/log-injection","shortDescription":{"text":"Log Injection"},"fullDescription":{"text":"Building log entries from user-controlled data may allow insertion of forged log entries by malicious users."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Log Injection\nIf unsanitized user input is written to a log entry, a malicious user may be able to forge new log entries.\n\nForgery can occur if a user provides some input creating the appearance of multiple log entries. This can include unescaped new-line characters, or HTML or other markup.\n\n\n## Recommendation\nUser input should be suitably sanitized before it is logged.\n\nIf the log entries are plain text then line breaks should be removed from user input, using for example `String replace(char oldChar, char newChar)` or similar. Care should also be taken that user input is clearly marked in log entries, and that a malicious user cannot cause confusion in other ways.\n\nFor log entries that will be displayed in HTML, user input should be HTML encoded before being logged, to prevent forgery and other forms of HTML injection.\n\n\n## Example\nIn the first example, a username, provided by the user, is logged using `logger.warn` (from `org.slf4j.Logger`). In the first case (`/bad` endpoint), the username is logged without any sanitization. If a malicious user provides `Guest'%0AUser:'Admin` as a username parameter, the log entry will be split into two separate lines, where the first line will be `User:'Guest'` and the second one will be `User:'Admin'`.\n\n\n```java\npackage com.example.restservice;\n\nimport org.slf4j.Logger;\nimport org.slf4j.LoggerFactory;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestParam;\nimport org.springframework.web.bind.annotation.RestController;\n\n@RestController\npublic class LogInjection {\n\n    private final Logger log = LoggerFactory.getLogger(LogInjection.class);\n\n    // /bad?username=Guest'%0AUser:'Admin\n    @GetMapping(\"/bad\")\n    public String bad(@RequestParam(value = \"username\", defaultValue = \"name\") String username) {\n        log.warn(\"User:'{}'\", username);\n        // The logging call above would result in multiple log entries as shown below:\n        // User:'Guest'\n        // User:'Admin'\n        return username;\n    }\n}\n\n\n```\nIn the second example (`/good` endpoint), `matches()` is used to ensure the user input only has alphanumeric characters. If a malicious user provides \\`Guest'%0AUser:'Admin\\` as a username parameter, the log entry will not be logged at all, preventing the injection.\n\n\n```java\npackage com.example.restservice;\n\nimport org.slf4j.Logger;\nimport org.slf4j.LoggerFactory;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestParam;\nimport org.springframework.web.bind.annotation.RestController;\n\n@RestController\npublic class LogInjection {\n\n    private final Logger log = LoggerFactory.getLogger(LogInjection.class);\n\n    // /good?username=Guest'%0AUser:'Admin\n    @GetMapping(\"/good\")\n    public String good(@RequestParam(value = \"username\", defaultValue = \"name\") String username) {\n        // The regex check here, allows only alphanumeric characters to pass.\n        // Hence, does not result in log injection\n        if (username.matches(\"\\\\w*\")) {\n            log.warn(\"User:'{}'\", username);\n\n            return username;\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Log Injection](https://owasp.org/www-community/attacks/Log_Injection).\n* Common Weakness Enumeration: [CWE-117](https://cwe.mitre.org/data/definitions/117.html).\n","markdown":"# Log Injection\nIf unsanitized user input is written to a log entry, a malicious user may be able to forge new log entries.\n\nForgery can occur if a user provides some input creating the appearance of multiple log entries. This can include unescaped new-line characters, or HTML or other markup.\n\n\n## Recommendation\nUser input should be suitably sanitized before it is logged.\n\nIf the log entries are plain text then line breaks should be removed from user input, using for example `String replace(char oldChar, char newChar)` or similar. Care should also be taken that user input is clearly marked in log entries, and that a malicious user cannot cause confusion in other ways.\n\nFor log entries that will be displayed in HTML, user input should be HTML encoded before being logged, to prevent forgery and other forms of HTML injection.\n\n\n## Example\nIn the first example, a username, provided by the user, is logged using `logger.warn` (from `org.slf4j.Logger`). In the first case (`/bad` endpoint), the username is logged without any sanitization. If a malicious user provides `Guest'%0AUser:'Admin` as a username parameter, the log entry will be split into two separate lines, where the first line will be `User:'Guest'` and the second one will be `User:'Admin'`.\n\n\n```java\npackage com.example.restservice;\n\nimport org.slf4j.Logger;\nimport org.slf4j.LoggerFactory;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestParam;\nimport org.springframework.web.bind.annotation.RestController;\n\n@RestController\npublic class LogInjection {\n\n    private final Logger log = LoggerFactory.getLogger(LogInjection.class);\n\n    // /bad?username=Guest'%0AUser:'Admin\n    @GetMapping(\"/bad\")\n    public String bad(@RequestParam(value = \"username\", defaultValue = \"name\") String username) {\n        log.warn(\"User:'{}'\", username);\n        // The logging call above would result in multiple log entries as shown below:\n        // User:'Guest'\n        // User:'Admin'\n        return username;\n    }\n}\n\n\n```\nIn the second example (`/good` endpoint), `matches()` is used to ensure the user input only has alphanumeric characters. If a malicious user provides \\`Guest'%0AUser:'Admin\\` as a username parameter, the log entry will not be logged at all, preventing the injection.\n\n\n```java\npackage com.example.restservice;\n\nimport org.slf4j.Logger;\nimport org.slf4j.LoggerFactory;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestParam;\nimport org.springframework.web.bind.annotation.RestController;\n\n@RestController\npublic class LogInjection {\n\n    private final Logger log = LoggerFactory.getLogger(LogInjection.class);\n\n    // /good?username=Guest'%0AUser:'Admin\n    @GetMapping(\"/good\")\n    public String good(@RequestParam(value = \"username\", defaultValue = \"name\") String username) {\n        // The regex check here, allows only alphanumeric characters to pass.\n        // Hence, does not result in log injection\n        if (username.matches(\"\\\\w*\")) {\n            log.warn(\"User:'{}'\", username);\n\n            return username;\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Log Injection](https://owasp.org/www-community/attacks/Log_Injection).\n* Common Weakness Enumeration: [CWE-117](https://cwe.mitre.org/data/definitions/117.html).\n"},"properties":{"tags":["security","external/cwe/cwe-117","owasp-top10-2021","A09:2021 - Security Logging and Monitoring Failures"],"description":"Building log entries from user-controlled data may allow\n              insertion of forged log entries by malicious users.","id":"java/log-injection","kind":"path-problem","name":"Log Injection","precision":"medium","problem.severity":"error","security-severity":"7.8"}},{"id":"java/sensitive-log","name":"java/sensitive-log","shortDescription":{"text":"Insertion of sensitive information into log files"},"fullDescription":{"text":"Writing sensitive information to log files can allow that information to be leaked to an attacker more easily."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Insertion of sensitive information into log files\nInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Third-party logging utilities like Log4J and SLF4J are widely used in Java projects. When sensitive information is written to logs without properly set logging levels, it is accessible to potential attackers who can use it to gain access to file storage.\n\n\n## Recommendation\nDo not write secrets into the log files and enforce proper logging level control.\n\n\n## Example\nThe following example shows two ways of logging sensitive information. In the 'BAD' case, the credentials are simply written to a debug log. In the 'GOOD' case, the credentials are never written to debug logs.\n\n\n```java\npublic static void main(String[] args) {\n    {\n        private static final Logger logger = LogManager.getLogger(SensitiveInfoLog.class);\n\n        String password = \"Pass@0rd\";\n\n        // BAD: user password is written to debug log\n        logger.debug(\"User password is \"+password);\n    }\n\t\n    {\n        private static final Logger logger = LogManager.getLogger(SensitiveInfoLog.class);\n  \n        String password = \"Pass@0rd\";\n\n        // GOOD: user password is never written to debug log\n        logger.debug(\"User password changed\")\n    }\n}\n\n```\n\n## References\n* [OWASP Logging Guide](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\n* Common Weakness Enumeration: [CWE-532](https://cwe.mitre.org/data/definitions/532.html).\n","markdown":"# Insertion of sensitive information into log files\nInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Third-party logging utilities like Log4J and SLF4J are widely used in Java projects. When sensitive information is written to logs without properly set logging levels, it is accessible to potential attackers who can use it to gain access to file storage.\n\n\n## Recommendation\nDo not write secrets into the log files and enforce proper logging level control.\n\n\n## Example\nThe following example shows two ways of logging sensitive information. In the 'BAD' case, the credentials are simply written to a debug log. In the 'GOOD' case, the credentials are never written to debug logs.\n\n\n```java\npublic static void main(String[] args) {\n    {\n        private static final Logger logger = LogManager.getLogger(SensitiveInfoLog.class);\n\n        String password = \"Pass@0rd\";\n\n        // BAD: user password is written to debug log\n        logger.debug(\"User password is \"+password);\n    }\n\t\n    {\n        private static final Logger logger = LogManager.getLogger(SensitiveInfoLog.class);\n  \n        String password = \"Pass@0rd\";\n\n        // GOOD: user password is never written to debug log\n        logger.debug(\"User password changed\")\n    }\n}\n\n```\n\n## References\n* [OWASP Logging Guide](https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html)\n* Common Weakness Enumeration: [CWE-532](https://cwe.mitre.org/data/definitions/532.html).\n"},"properties":{"tags":["security","external/cwe/cwe-532","owasp-top10-2021","A09:2021 - Security Logging and Monitoring Failures"],"description":"Writing sensitive information to log files can allow that\n              information to be leaked to an attacker more easily.","id":"java/sensitive-log","kind":"path-problem","name":"Insertion of sensitive information into log files","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/hardcoded-credential-api-call","name":"java/hardcoded-credential-api-call","shortDescription":{"text":"Hard-coded credential in API call"},"fullDescription":{"text":"Using a hard-coded credential in a call to a sensitive Java API may compromise security."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Hard-coded credential in API call\nIncluding unencrypted hard-coded authentication credentials in source code is dangerous because the credentials may be easily discovered. For example, the code may be open source, or it may be leaked or accidentally revealed, making the credentials visible to an attacker. This, in turn, might enable them to gain unauthorized access, or to obtain privileged information.\n\n\n## Recommendation\nRemove hard-coded credentials, such as user names, passwords and certificates, from source code. Instead, place them in configuration files, environment variables or other data stores if necessary. If possible, store configuration files including credential data separately from the source code, in a secure location with restricted access.\n\n\n## Example\nThe following code example connects to a database using a hard-coded user name and password:\n\n\n```java\nprivate static final String p = \"123456\"; // hard-coded credential\n\npublic static void main(String[] args) throws SQLException {\n    String url = \"jdbc:mysql://localhost/test\";\n    String u = \"admin\"; // hard-coded credential\n\n    getConn(url, u, p);\n}\n\npublic static void getConn(String url, String v, String q) throws SQLException {\n    DriverManager.getConnection(url, v, q); // sensitive call\n}\n\n```\nInstead, the user name and password could be supplied through environment variables, which can be set externally without hard-coding credentials in the source code.\n\n\n## References\n* OWASP: [Use of hard-coded password](https://www.owasp.org/index.php/Use_of_hard-coded_password).\n* Common Weakness Enumeration: [CWE-798](https://cwe.mitre.org/data/definitions/798.html).\n","markdown":"# Hard-coded credential in API call\nIncluding unencrypted hard-coded authentication credentials in source code is dangerous because the credentials may be easily discovered. For example, the code may be open source, or it may be leaked or accidentally revealed, making the credentials visible to an attacker. This, in turn, might enable them to gain unauthorized access, or to obtain privileged information.\n\n\n## Recommendation\nRemove hard-coded credentials, such as user names, passwords and certificates, from source code. Instead, place them in configuration files, environment variables or other data stores if necessary. If possible, store configuration files including credential data separately from the source code, in a secure location with restricted access.\n\n\n## Example\nThe following code example connects to a database using a hard-coded user name and password:\n\n\n```java\nprivate static final String p = \"123456\"; // hard-coded credential\n\npublic static void main(String[] args) throws SQLException {\n    String url = \"jdbc:mysql://localhost/test\";\n    String u = \"admin\"; // hard-coded credential\n\n    getConn(url, u, p);\n}\n\npublic static void getConn(String url, String v, String q) throws SQLException {\n    DriverManager.getConnection(url, v, q); // sensitive call\n}\n\n```\nInstead, the user name and password could be supplied through environment variables, which can be set externally without hard-coding credentials in the source code.\n\n\n## References\n* OWASP: [Use of hard-coded password](https://www.owasp.org/index.php/Use_of_hard-coded_password).\n* Common Weakness Enumeration: [CWE-798](https://cwe.mitre.org/data/definitions/798.html).\n"},"properties":{"tags":["security","external/cwe/cwe-798","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Using a hard-coded credential in a call to a sensitive Java API may compromise security.","id":"java/hardcoded-credential-api-call","kind":"path-problem","name":"Hard-coded credential in API call","precision":"medium","problem.severity":"error","security-severity":"9.8"}},{"id":"java/toctou-race-condition","name":"java/toctou-race-condition","shortDescription":{"text":"Time-of-check time-of-use race condition"},"fullDescription":{"text":"Using a resource after an unsynchronized state check can lead to a race condition, if the state may be changed between the check and use."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Time-of-check time-of-use race condition\nOften it is necessary to check the state of a resource before using it. If the resource is accessed concurrently, then the check and the use need to be performed atomically, otherwise the state of the resource may change between the check and the use. This can lead to a \"time-of-check/time-of-use\" (TOCTOU) race condition.\n\nIn Java, classes may present state inspection methods and operation methods which are synchronized. This prevents multiple threads from executing those methods simultaneously, but it does not prevent a state change in between separate method invocations.\n\n\n## Recommendation\nWhen calling a series of methods which require a consistent view of an object, make sure to synchronize on a monitor that will prevent any other access to the object during your operations.\n\nIf the class that you are using has a well-designed interface, then synchronizing on the object itself will prevent its state being changed inappropriately.\n\n\n## Example\nThe following example shows a resource which has a readiness state, and an action that is only valid if the resource is ready.\n\nIn the bad case, the caller checks the readiness state and then acts, but does not synchronize around the two calls, so the readiness state may be changed by another thread.\n\nIn the good case, the caller jointly synchronizes the check and the use on the resource, so no other thread can modify the state before the use.\n\n\n```java\nclass Resource {\n\tpublic synchronized boolean isReady() { ... }\n\n\tpublic synchronized void setReady(boolean ready) { ... }\n\t\n\tpublic synchronized void act() { \n\t\tif (!isReady())\n\t\t\tthrow new IllegalStateException();\n\t\t...\n\t}\n}\n\t\npublic synchronized void bad(Resource r) {\n\tif (r.isReady()) {\n\t\t// r might no longer be ready, another thread might\n\t\t// have called setReady(false)\n\t\tr.act();\n\t}\n}\n\npublic synchronized void good(Resource r) {\n\tsynchronized(r) {\n\t\tif (r.isReady()) {\n\t\t\tr.act();\n\t\t}\n\t}\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-367](https://cwe.mitre.org/data/definitions/367.html).\n","markdown":"# Time-of-check time-of-use race condition\nOften it is necessary to check the state of a resource before using it. If the resource is accessed concurrently, then the check and the use need to be performed atomically, otherwise the state of the resource may change between the check and the use. This can lead to a \"time-of-check/time-of-use\" (TOCTOU) race condition.\n\nIn Java, classes may present state inspection methods and operation methods which are synchronized. This prevents multiple threads from executing those methods simultaneously, but it does not prevent a state change in between separate method invocations.\n\n\n## Recommendation\nWhen calling a series of methods which require a consistent view of an object, make sure to synchronize on a monitor that will prevent any other access to the object during your operations.\n\nIf the class that you are using has a well-designed interface, then synchronizing on the object itself will prevent its state being changed inappropriately.\n\n\n## Example\nThe following example shows a resource which has a readiness state, and an action that is only valid if the resource is ready.\n\nIn the bad case, the caller checks the readiness state and then acts, but does not synchronize around the two calls, so the readiness state may be changed by another thread.\n\nIn the good case, the caller jointly synchronizes the check and the use on the resource, so no other thread can modify the state before the use.\n\n\n```java\nclass Resource {\n\tpublic synchronized boolean isReady() { ... }\n\n\tpublic synchronized void setReady(boolean ready) { ... }\n\t\n\tpublic synchronized void act() { \n\t\tif (!isReady())\n\t\t\tthrow new IllegalStateException();\n\t\t...\n\t}\n}\n\t\npublic synchronized void bad(Resource r) {\n\tif (r.isReady()) {\n\t\t// r might no longer be ready, another thread might\n\t\t// have called setReady(false)\n\t\tr.act();\n\t}\n}\n\npublic synchronized void good(Resource r) {\n\tsynchronized(r) {\n\t\tif (r.isReady()) {\n\t\t\tr.act();\n\t\t}\n\t}\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-367](https://cwe.mitre.org/data/definitions/367.html).\n"},"properties":{"tags":["security","external/cwe/cwe-367"],"description":"Using a resource after an unsynchronized state check can lead to a race condition,\n              if the state may be changed between the check and use.","id":"java/toctou-race-condition","kind":"problem","name":"Time-of-check time-of-use race condition","precision":"medium","problem.severity":"warning","security-severity":"7.7"}},{"id":"java/potentially-dangerous-function","name":"java/potentially-dangerous-function","shortDescription":{"text":"Use of a potentially dangerous function"},"fullDescription":{"text":"Certain standard library routines are dangerous to call."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Use of a potentially dangerous function\nThis rule finds calls to methods that are dangerous to use. Currently, it checks for calls to `Thread.stop`.\n\nStopping a thread with `Thread.stop` causes it to receive a `ThreadDeath` exception. That exception propagates up the stack, releasing all monitors that the thread was holding. In some cases the relevant code will be protected by catching the `ThreadDeath` exception and cleaning up, but because the exception can potentially be thrown from so very many locations, it is impractical to catch all such cases. As a result, calling `Thread.stop` is likely to result in corrupt data.\n\n\n## Recommendation\nThe best solution is usually to provide an alternate communication mechanism for the thread that might need to be interrupted early. For example, Oracle gives the following example of using a volatile variable to communicate whether the worker thread should exit:\n\n\n```java\nprivate volatile Thread blinker;\n\npublic void stop() {\n    blinker = null;\n}\n\npublic void run() {\n    Thread thisThread = Thread.currentThread();\n    while (blinker == thisThread) {\n        try {\n            Thread.sleep(interval);\n        } catch (InterruptedException e){\n        }\n        repaint();\n    }\n}\n\n```\nIt is also possible to use `Thread.interrupt` and to catch and handle `InterruptedException` when it occurs. However, it can be difficult to handle an `InterruptedException` everywhere it might occur; for example, the sample code above simply discards the exception rather than actually exiting the thread.\n\nAnother strategy is to use message passing, for example via a `BlockingQueue`. In addition to passing the worker thread its ordinary work via such a message queue, the worker can be asked to exit by a particular kind of message being sent on the queue.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [THI05-J. Do not use Thread.stop() to terminate threads](https://wiki.sei.cmu.edu/confluence/display/java/THI05-J.+Do+not+use+Thread.stop()+to+terminate+threads).\n* Java API Specification: [Java Thread Primitive Deprecation](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/doc-files/threadPrimitiveDeprecation.html).\n* Java API Specification: [Thread.interrupt](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Thread.html#interrupt()), [BlockingQueue](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/BlockingQueue.html).\n* Common Weakness Enumeration: [CWE-676](https://cwe.mitre.org/data/definitions/676.html).\n","markdown":"# Use of a potentially dangerous function\nThis rule finds calls to methods that are dangerous to use. Currently, it checks for calls to `Thread.stop`.\n\nStopping a thread with `Thread.stop` causes it to receive a `ThreadDeath` exception. That exception propagates up the stack, releasing all monitors that the thread was holding. In some cases the relevant code will be protected by catching the `ThreadDeath` exception and cleaning up, but because the exception can potentially be thrown from so very many locations, it is impractical to catch all such cases. As a result, calling `Thread.stop` is likely to result in corrupt data.\n\n\n## Recommendation\nThe best solution is usually to provide an alternate communication mechanism for the thread that might need to be interrupted early. For example, Oracle gives the following example of using a volatile variable to communicate whether the worker thread should exit:\n\n\n```java\nprivate volatile Thread blinker;\n\npublic void stop() {\n    blinker = null;\n}\n\npublic void run() {\n    Thread thisThread = Thread.currentThread();\n    while (blinker == thisThread) {\n        try {\n            Thread.sleep(interval);\n        } catch (InterruptedException e){\n        }\n        repaint();\n    }\n}\n\n```\nIt is also possible to use `Thread.interrupt` and to catch and handle `InterruptedException` when it occurs. However, it can be difficult to handle an `InterruptedException` everywhere it might occur; for example, the sample code above simply discards the exception rather than actually exiting the thread.\n\nAnother strategy is to use message passing, for example via a `BlockingQueue`. In addition to passing the worker thread its ordinary work via such a message queue, the worker can be asked to exit by a particular kind of message being sent on the queue.\n\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [THI05-J. Do not use Thread.stop() to terminate threads](https://wiki.sei.cmu.edu/confluence/display/java/THI05-J.+Do+not+use+Thread.stop()+to+terminate+threads).\n* Java API Specification: [Java Thread Primitive Deprecation](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/doc-files/threadPrimitiveDeprecation.html).\n* Java API Specification: [Thread.interrupt](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Thread.html#interrupt()), [BlockingQueue](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/BlockingQueue.html).\n* Common Weakness Enumeration: [CWE-676](https://cwe.mitre.org/data/definitions/676.html).\n"},"properties":{"tags":["reliability","security","external/cwe/cwe-676"],"description":"Certain standard library routines are dangerous to call.","id":"java/potentially-dangerous-function","kind":"problem","name":"Use of a potentially dangerous function","precision":"medium","problem.severity":"warning","security-severity":"10.0"}},{"id":"java/improper-validation-of-array-index","name":"java/improper-validation-of-array-index","shortDescription":{"text":"Improper validation of user-provided array index"},"fullDescription":{"text":"Using external input as an index to an array, without proper validation, can lead to index out of bound exceptions."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Improper validation of user-provided array index\nUsing unvalidated input as part of an index into the array can cause the array access to throw an `ArrayIndexOutOfBoundsException`. This is because there is no guarantee that the index provided is within the bounds of the array.\n\nThis problem occurs when user input is used as an array index, either directly or following one or more calculations. If the user input is unsanitized, it may be any value, which could result in either a negative index, or an index which is larger than the size of the array, either of which would result in an `ArrayIndexOutOfBoundsException`.\n\n\n## Recommendation\nThe index used in the array access should be checked against the bounds of the array before being used. The index should be smaller than the array size, and it should not be negative.\n\n\n## Example\nThe following program accesses an element from a fixed size constant array:\n\n\n```java\npublic class ImproperValidationOfArrayIndex extends HttpServlet {\n\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    String[] productDescriptions = new String[] { \"Chocolate bar\", \"Fizzy drink\" };\n\n    // User provided value\n    String productID = request.getParameter(\"productID\");\n    try {\n        int productID = Integer.parseInt(userProperty.trim());\n\n        /*\n         * BAD Array is accessed without checking if the user provided value is out of\n         * bounds.\n         */\n        String productDescription = productDescriptions[productID];\n\n        if (productID >= 0 && productID < productDescriptions.length) {\n          // GOOD We have checked that the array index is valid first\n          productDescription = productDescriptions[productID];\n        } else {\n          productDescription = \"No product for that ID\";\n        }\n\n        response.getWriter().write(productDescription);\n\n    } catch (NumberFormatException e) { }\n  }\n}\n```\nThe first access of the `productDescriptions` array uses the user-provided value as the index without performing any checks. If the user provides a negative value, or a value larger than the size of the array, then an `ArrayIndexOutOfBoundsException` may be thrown.\n\nThe second access of the `productDescriptions` array is contained within a conditional expression that verifies the user-provided value is a valid index into the array. This ensures that the access operation never throws an `ArrayIndexOutOfBoundsException`.\n\n\n## References\n* Java API Specification: [ArrayIndexOutOfBoundsException](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html).\n* Common Weakness Enumeration: [CWE-129](https://cwe.mitre.org/data/definitions/129.html).\n","markdown":"# Improper validation of user-provided array index\nUsing unvalidated input as part of an index into the array can cause the array access to throw an `ArrayIndexOutOfBoundsException`. This is because there is no guarantee that the index provided is within the bounds of the array.\n\nThis problem occurs when user input is used as an array index, either directly or following one or more calculations. If the user input is unsanitized, it may be any value, which could result in either a negative index, or an index which is larger than the size of the array, either of which would result in an `ArrayIndexOutOfBoundsException`.\n\n\n## Recommendation\nThe index used in the array access should be checked against the bounds of the array before being used. The index should be smaller than the array size, and it should not be negative.\n\n\n## Example\nThe following program accesses an element from a fixed size constant array:\n\n\n```java\npublic class ImproperValidationOfArrayIndex extends HttpServlet {\n\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    String[] productDescriptions = new String[] { \"Chocolate bar\", \"Fizzy drink\" };\n\n    // User provided value\n    String productID = request.getParameter(\"productID\");\n    try {\n        int productID = Integer.parseInt(userProperty.trim());\n\n        /*\n         * BAD Array is accessed without checking if the user provided value is out of\n         * bounds.\n         */\n        String productDescription = productDescriptions[productID];\n\n        if (productID >= 0 && productID < productDescriptions.length) {\n          // GOOD We have checked that the array index is valid first\n          productDescription = productDescriptions[productID];\n        } else {\n          productDescription = \"No product for that ID\";\n        }\n\n        response.getWriter().write(productDescription);\n\n    } catch (NumberFormatException e) { }\n  }\n}\n```\nThe first access of the `productDescriptions` array uses the user-provided value as the index without performing any checks. If the user provides a negative value, or a value larger than the size of the array, then an `ArrayIndexOutOfBoundsException` may be thrown.\n\nThe second access of the `productDescriptions` array is contained within a conditional expression that verifies the user-provided value is a valid index into the array. This ensures that the access operation never throws an `ArrayIndexOutOfBoundsException`.\n\n\n## References\n* Java API Specification: [ArrayIndexOutOfBoundsException](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html).\n* Common Weakness Enumeration: [CWE-129](https://cwe.mitre.org/data/definitions/129.html).\n"},"properties":{"tags":["security","external/cwe/cwe-129"],"description":"Using external input as an index to an array, without proper validation, can lead to index out of bound exceptions.","id":"java/improper-validation-of-array-index","kind":"path-problem","name":"Improper validation of user-provided array index","precision":"medium","problem.severity":"warning","security-severity":"8.8"}},{"id":"java/improper-validation-of-array-construction","name":"java/improper-validation-of-array-construction","shortDescription":{"text":"Improper validation of user-provided size used for array construction"},"fullDescription":{"text":"Using unvalidated external input as the argument to a construction of an array can lead to index out of bound exceptions."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Improper validation of user-provided size used for array construction\nUsing unvalidated input when specifying the size of a newly created array can result in the creation of an array with size zero. If this array is subsequently accessed without further checks, an `ArrayIndexOutOfBoundsException` may be thrown, because there is no guarantee that the array is not empty.\n\nThis problem occurs when user input is used as the size during array initialization, either directly or following one or more calculations. If the user input is unvalidated, it may cause the size of the array to be zero.\n\n\n## Recommendation\nThe size used in the array initialization should be verified to be greater than zero before being used. Alternatively, the array access may be protected by a conditional check that ensures it is only accessed if the index is less than the array size.\n\n\n## Example\nThe following program constructs an array with the size specified by some user input:\n\n\n```java\npublic class ImproperValidationOfArrayIndex extends HttpServlet {\n\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    try {\n      // User provided value\n      int numberOfItems = Integer.parseInt(request.getParameter(\"numberOfItems\").trim());\n\n      if (numberOfItems >= 0) {\n        /*\n         * BAD numberOfItems may be zero, which would cause the array indexing operation to\n         * throw an ArrayIndexOutOfBoundsException\n         */\n        String items = new String[numberOfItems];\n        items[0] = \"Item 1\";\n      }\n\n      if (numberOfItems > 0) {\n        /*\n         * GOOD numberOfItems must be greater than zero, so the indexing succeeds.\n         */\n        String items = new String[numberOfItems];\n        items[0] = \"Item 1\";\n      }\n\n    } catch (NumberFormatException e) { }\n  }\n}\n```\nThe first array construction is protected by a condition that checks if the user input is zero or more. However, if the user provides `0` as the `numberOfItems` parameter, then an empty array is created, and any array access would fail with an `ArrayIndexOutOfBoundsException`.\n\nThe second array construction is protected by a condition that checks if the user input is greater than zero. The array will therefore never be empty, and the following array access will not throw an `ArrayIndexOutOfBoundsException`.\n\n\n## References\n* Java API Specification: [ArrayIndexOutOfBoundsException](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html).\n* Common Weakness Enumeration: [CWE-129](https://cwe.mitre.org/data/definitions/129.html).\n","markdown":"# Improper validation of user-provided size used for array construction\nUsing unvalidated input when specifying the size of a newly created array can result in the creation of an array with size zero. If this array is subsequently accessed without further checks, an `ArrayIndexOutOfBoundsException` may be thrown, because there is no guarantee that the array is not empty.\n\nThis problem occurs when user input is used as the size during array initialization, either directly or following one or more calculations. If the user input is unvalidated, it may cause the size of the array to be zero.\n\n\n## Recommendation\nThe size used in the array initialization should be verified to be greater than zero before being used. Alternatively, the array access may be protected by a conditional check that ensures it is only accessed if the index is less than the array size.\n\n\n## Example\nThe following program constructs an array with the size specified by some user input:\n\n\n```java\npublic class ImproperValidationOfArrayIndex extends HttpServlet {\n\n  protected void doGet(HttpServletRequest request, HttpServletResponse response)\n  throws ServletException, IOException {\n    try {\n      // User provided value\n      int numberOfItems = Integer.parseInt(request.getParameter(\"numberOfItems\").trim());\n\n      if (numberOfItems >= 0) {\n        /*\n         * BAD numberOfItems may be zero, which would cause the array indexing operation to\n         * throw an ArrayIndexOutOfBoundsException\n         */\n        String items = new String[numberOfItems];\n        items[0] = \"Item 1\";\n      }\n\n      if (numberOfItems > 0) {\n        /*\n         * GOOD numberOfItems must be greater than zero, so the indexing succeeds.\n         */\n        String items = new String[numberOfItems];\n        items[0] = \"Item 1\";\n      }\n\n    } catch (NumberFormatException e) { }\n  }\n}\n```\nThe first array construction is protected by a condition that checks if the user input is zero or more. However, if the user provides `0` as the `numberOfItems` parameter, then an empty array is created, and any array access would fail with an `ArrayIndexOutOfBoundsException`.\n\nThe second array construction is protected by a condition that checks if the user input is greater than zero. The array will therefore never be empty, and the following array access will not throw an `ArrayIndexOutOfBoundsException`.\n\n\n## References\n* Java API Specification: [ArrayIndexOutOfBoundsException](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html).\n* Common Weakness Enumeration: [CWE-129](https://cwe.mitre.org/data/definitions/129.html).\n"},"properties":{"tags":["security","external/cwe/cwe-129"],"description":"Using unvalidated external input as the argument to a construction of an array can lead to index out of bound exceptions.","id":"java/improper-validation-of-array-construction","kind":"path-problem","name":"Improper validation of user-provided size used for array construction","precision":"medium","problem.severity":"warning","security-severity":"8.8"}},{"id":"java/android/sensitive-result-receiver","name":"java/android/sensitive-result-receiver","shortDescription":{"text":"Leaking sensitive information through a ResultReceiver"},"fullDescription":{"text":"Sending sensitive data to a 'ResultReceiver' obtained from an untrusted source can allow malicious actors access to your information."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Leaking sensitive information through a ResultReceiver\nIf a `ResultReceiver` is obtained from an untrusted source, such as an `Intent` received by an exported component, do not send it sensitive data. Otherwise, the information may be leaked to a malicious application.\n\n\n## Recommendation\nDo not send sensitive data to an untrusted `ResultReceiver`.\n\n\n## Example\nIn the following (bad) example, sensitive data is sent to an untrusted `ResultReceiver`.\n\n\n```java\n// BAD: Sensitive data is sent to an untrusted result receiver \nvoid bad(String password) {\n    Intent intent = getIntent();\n    ResultReceiver rec = intent.getParcelableExtra(\"Receiver\");\n    Bundle b = new Bundle();\n    b.putCharSequence(\"pass\", password);\n    rec.send(0, b); \n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n","markdown":"# Leaking sensitive information through a ResultReceiver\nIf a `ResultReceiver` is obtained from an untrusted source, such as an `Intent` received by an exported component, do not send it sensitive data. Otherwise, the information may be leaked to a malicious application.\n\n\n## Recommendation\nDo not send sensitive data to an untrusted `ResultReceiver`.\n\n\n## Example\nIn the following (bad) example, sensitive data is sent to an untrusted `ResultReceiver`.\n\n\n```java\n// BAD: Sensitive data is sent to an untrusted result receiver \nvoid bad(String password) {\n    Intent intent = getIntent();\n    ResultReceiver rec = intent.getParcelableExtra(\"Receiver\");\n    Bundle b = new Bundle();\n    b.putCharSequence(\"pass\", password);\n    rec.send(0, b); \n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n"},"properties":{"tags":["security","external/cwe/cwe-927","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"Sending sensitive data to a 'ResultReceiver' obtained from an untrusted source\n              can allow malicious actors access to your information.","id":"java/android/sensitive-result-receiver","kind":"path-problem","name":"Leaking sensitive information through a ResultReceiver","precision":"medium","problem.severity":"error","security-severity":"8.2"}},{"id":"java/android/sensitive-communication","name":"java/android/sensitive-communication","shortDescription":{"text":"Leaking sensitive information through an implicit Intent"},"fullDescription":{"text":"An Android application uses implicit Intents containing sensitive data in a way that exposes it to arbitrary applications on the device."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Leaking sensitive information through an implicit Intent\nWhen an implicit Intent is used with a method such as `startActivity`, `startService`, or `sendBroadcast`, it may be read by other applications on the device.\n\nThis means that sensitive data in these Intents may be leaked.\n\n\n## Recommendation\nFor `sendBroadcast` methods, a receiver permission may be specified so that only applications with a certain permission may receive the Intent; or a `LocalBroadcastManager` may be used. Otherwise, ensure that Intents containing sensitive data have an explicit receiver class set.\n\n\n## Example\nThe following example shows two ways of broadcasting Intents. In the 'BAD' case, no \"receiver permission\" is specified. In the 'GOOD' case, \"receiver permission\" or \"receiver application\" is specified.\n\n\n```java\npublic void sendBroadcast1(Context context, String token, String refreshToken) \n{\n    {\n        // BAD: broadcast sensitive information to all listeners\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent);\n    }\n\n    {\n        // GOOD: broadcast sensitive information only to those with permission\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent, \"com.example.user_permission\");\n    }\n\n    {\n        // GOOD: broadcast sensitive information to a specific application\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.setClassName(\"com.example2\", \"com.example2.UserInfoHandler\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent);\n    }\n}\n```\n\n## References\n* Android Developers: [Security considerations and best practices for sending and receiving broadcasts](https://developer.android.com/guide/components/broadcasts)\n* SonarSource: [Broadcasting intents is security-sensitive](https://rules.sonarsource.com/java/type/Security%20Hotspot/RSPEC-5320)\n* Android Developer Fundamentals: [Restricting broadcasts](https://google-developer-training.github.io/android-developer-fundamentals-course-concepts-v2/unit-3-working-in-the-background/lesson-7-background-tasks/7-3-c-broadcasts/7-3-c-broadcasts.html)\n* Carnegie Mellon University: [DRD03-J. Do not broadcast sensitive information using an implicit intent](https://wiki.sei.cmu.edu/confluence/display/android/DRD03-J.+Do+not+broadcast+sensitive+information+using+an+implicit+intent)\n* Android Developers: [Android LiveData Overview](https://developer.android.com/topic/libraries/architecture/livedata)\n* Oversecured: [Interception of Android implicit intents](https://blog.oversecured.com/Interception-of-Android-implicit-intents/)\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n","markdown":"# Leaking sensitive information through an implicit Intent\nWhen an implicit Intent is used with a method such as `startActivity`, `startService`, or `sendBroadcast`, it may be read by other applications on the device.\n\nThis means that sensitive data in these Intents may be leaked.\n\n\n## Recommendation\nFor `sendBroadcast` methods, a receiver permission may be specified so that only applications with a certain permission may receive the Intent; or a `LocalBroadcastManager` may be used. Otherwise, ensure that Intents containing sensitive data have an explicit receiver class set.\n\n\n## Example\nThe following example shows two ways of broadcasting Intents. In the 'BAD' case, no \"receiver permission\" is specified. In the 'GOOD' case, \"receiver permission\" or \"receiver application\" is specified.\n\n\n```java\npublic void sendBroadcast1(Context context, String token, String refreshToken) \n{\n    {\n        // BAD: broadcast sensitive information to all listeners\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent);\n    }\n\n    {\n        // GOOD: broadcast sensitive information only to those with permission\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent, \"com.example.user_permission\");\n    }\n\n    {\n        // GOOD: broadcast sensitive information to a specific application\n        Intent intent = new Intent();\n        intent.setAction(\"com.example.custom_action\");\n        intent.setClassName(\"com.example2\", \"com.example2.UserInfoHandler\");\n        intent.putExtra(\"token\", token);\n        intent.putExtra(\"refreshToken\", refreshToken);\n        context.sendBroadcast(intent);\n    }\n}\n```\n\n## References\n* Android Developers: [Security considerations and best practices for sending and receiving broadcasts](https://developer.android.com/guide/components/broadcasts)\n* SonarSource: [Broadcasting intents is security-sensitive](https://rules.sonarsource.com/java/type/Security%20Hotspot/RSPEC-5320)\n* Android Developer Fundamentals: [Restricting broadcasts](https://google-developer-training.github.io/android-developer-fundamentals-course-concepts-v2/unit-3-working-in-the-background/lesson-7-background-tasks/7-3-c-broadcasts/7-3-c-broadcasts.html)\n* Carnegie Mellon University: [DRD03-J. Do not broadcast sensitive information using an implicit intent](https://wiki.sei.cmu.edu/confluence/display/android/DRD03-J.+Do+not+broadcast+sensitive+information+using+an+implicit+intent)\n* Android Developers: [Android LiveData Overview](https://developer.android.com/topic/libraries/architecture/livedata)\n* Oversecured: [Interception of Android implicit intents](https://blog.oversecured.com/Interception-of-Android-implicit-intents/)\n* Common Weakness Enumeration: [CWE-927](https://cwe.mitre.org/data/definitions/927.html).\n"},"properties":{"tags":["security","external/cwe/cwe-927","owasp-top10-2021","A04:2021 - Insecure Design"],"description":"An Android application uses implicit Intents containing sensitive data\n              in a way that exposes it to arbitrary applications on the device.","id":"java/android/sensitive-communication","kind":"path-problem","name":"Leaking sensitive information through an implicit Intent","precision":"medium","problem.severity":"warning","security-severity":"8.2"}},{"id":"java/partial-path-traversal","name":"java/partial-path-traversal","shortDescription":{"text":"Partial path traversal vulnerability"},"fullDescription":{"text":"A prefix used to check that a canonicalised path falls within another must be slash-terminated."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Partial path traversal vulnerability\nA common way to check that a user-supplied path `SUBDIR` falls inside a directory `DIR` is to use `getCanonicalPath()` to remove any path-traversal elements and then check that `DIR` is a prefix. However, if `DIR` is not slash-terminated, this can unexpectedly allow access to siblings of `DIR`.\n\nSee also `java/partial-path-traversal-from-remote`, which is similar to this query but only flags instances with evidence of remote exploitability.\n\n\n## Recommendation\nIf the user should only access items within a certain directory `DIR`, ensure that `DIR` is slash-terminated before checking that `DIR` is a prefix of the user-provided path, `SUBDIR`. Note, Java's `getCanonicalPath()` returns a **non**-slash-terminated path string, so a slash must be added to `DIR` if that method is used.\n\n\n## Example\nIn this example, the `if` statement checks if `parent.getCanonicalPath()` is a prefix of `dir.getCanonicalPath()`. However, `parent.getCanonicalPath()` is not slash-terminated. This means that users that supply `dir` may be also allowed to access siblings of `parent` and not just children of `parent`, which is a security issue.\n\n\n```java\npublic class PartialPathTraversalBad {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\nIn this example, the `if` statement checks if `parent.getCanonicalPath() + File.separator ` is a prefix of `dir.getCanonicalPath()`. Because `parent.getCanonicalPath() + File.separator` is indeed slash-terminated, the user supplying `dir` can only access children of `parent`, as desired.\n\n\n```java\npublic class PartialPathTraversalGood {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Partial Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* CVE-2022-23457: [ ESAPI Vulnerability Report](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n","markdown":"# Partial path traversal vulnerability\nA common way to check that a user-supplied path `SUBDIR` falls inside a directory `DIR` is to use `getCanonicalPath()` to remove any path-traversal elements and then check that `DIR` is a prefix. However, if `DIR` is not slash-terminated, this can unexpectedly allow access to siblings of `DIR`.\n\nSee also `java/partial-path-traversal-from-remote`, which is similar to this query but only flags instances with evidence of remote exploitability.\n\n\n## Recommendation\nIf the user should only access items within a certain directory `DIR`, ensure that `DIR` is slash-terminated before checking that `DIR` is a prefix of the user-provided path, `SUBDIR`. Note, Java's `getCanonicalPath()` returns a **non**-slash-terminated path string, so a slash must be added to `DIR` if that method is used.\n\n\n## Example\nIn this example, the `if` statement checks if `parent.getCanonicalPath()` is a prefix of `dir.getCanonicalPath()`. However, `parent.getCanonicalPath()` is not slash-terminated. This means that users that supply `dir` may be also allowed to access siblings of `parent` and not just children of `parent`, which is a security issue.\n\n\n```java\npublic class PartialPathTraversalBad {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\nIn this example, the `if` statement checks if `parent.getCanonicalPath() + File.separator ` is a prefix of `dir.getCanonicalPath()`. Because `parent.getCanonicalPath() + File.separator` is indeed slash-terminated, the user supplying `dir` can only access children of `parent`, as desired.\n\n\n```java\npublic class PartialPathTraversalGood {\n    public void example(File dir, File parent) throws IOException {\n        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {\n            throw new IOException(\"Invalid directory: \" + dir.getCanonicalPath());\n        }\n    }\n}\n\n```\n\n## References\n* OWASP: [Partial Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal).\n* CVE-2022-23457: [ ESAPI Vulnerability Report](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md).\n* Common Weakness Enumeration: [CWE-23](https://cwe.mitre.org/data/definitions/23.html).\n"},"properties":{"tags":["security","external/cwe/cwe-023","owasp-top10-2021","A01:2021 - Broken Access Control"],"description":"A prefix used to check that a canonicalised path falls within another must be slash-terminated.","id":"java/partial-path-traversal","kind":"problem","name":"Partial path traversal vulnerability","precision":"medium","problem.severity":"error","security-severity":"9.3"}},{"id":"java/uncontrolled-arithmetic","name":"java/uncontrolled-arithmetic","shortDescription":{"text":"Uncontrolled data in arithmetic expression"},"fullDescription":{"text":"Arithmetic operations on uncontrolled data that is not validated can cause overflows."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Uncontrolled data in arithmetic expression\nPerforming calculations on uncontrolled data can result in integer overflows unless the input is validated.\n\nIf the data is not under your control, and can take extremely large values, even arithmetic operations that would usually result in a small change in magnitude may result in overflows.\n\n\n## Recommendation\nAlways guard against overflow in arithmetic operations on uncontrolled data by doing one of the following:\n\n* Validate the data.\n* Define a guard on the arithmetic expression, so that the operation is performed only if the result can be known to be less than, or equal to, the maximum value for the type, for example `MAX_VALUE`.\n* Use a wider type, so that larger input values do not cause overflow.\n\n## Example\nIn this example, a random integer is generated. Because the value is not controlled by the programmer, it could be extremely large. Performing arithmetic operations on this value could therefore cause an overflow. To avoid this happening, the example shows how to perform a check before performing a multiplication.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t{\n\t\t\tint data = (new java.security.SecureRandom()).nextInt();\n\n\t\t\t// BAD: may overflow if data is large\n\t\t\tint scaled = data * 10;\n\n\t\t\t// ...\n\n\t\t\t// GOOD: use a guard to ensure no overflows occur\n\t\t\tint scaled2;\n\t\t\tif (data < Integer.MAX_VALUE/10)\n\t\t\t\tscaled2 = data * 10;\n\t\t\telse \n\t\t\t\tscaled2 = Integer.MAX_VALUE;\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-191](https://cwe.mitre.org/data/definitions/191.html).\n","markdown":"# Uncontrolled data in arithmetic expression\nPerforming calculations on uncontrolled data can result in integer overflows unless the input is validated.\n\nIf the data is not under your control, and can take extremely large values, even arithmetic operations that would usually result in a small change in magnitude may result in overflows.\n\n\n## Recommendation\nAlways guard against overflow in arithmetic operations on uncontrolled data by doing one of the following:\n\n* Validate the data.\n* Define a guard on the arithmetic expression, so that the operation is performed only if the result can be known to be less than, or equal to, the maximum value for the type, for example `MAX_VALUE`.\n* Use a wider type, so that larger input values do not cause overflow.\n\n## Example\nIn this example, a random integer is generated. Because the value is not controlled by the programmer, it could be extremely large. Performing arithmetic operations on this value could therefore cause an overflow. To avoid this happening, the example shows how to perform a check before performing a multiplication.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t{\n\t\t\tint data = (new java.security.SecureRandom()).nextInt();\n\n\t\t\t// BAD: may overflow if data is large\n\t\t\tint scaled = data * 10;\n\n\t\t\t// ...\n\n\t\t\t// GOOD: use a guard to ensure no overflows occur\n\t\t\tint scaled2;\n\t\t\tif (data < Integer.MAX_VALUE/10)\n\t\t\t\tscaled2 = data * 10;\n\t\t\telse \n\t\t\t\tscaled2 = Integer.MAX_VALUE;\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-191](https://cwe.mitre.org/data/definitions/191.html).\n"},"properties":{"tags":["security","external/cwe/cwe-190","external/cwe/cwe-191"],"description":"Arithmetic operations on uncontrolled data that is not validated can cause\n              overflows.","id":"java/uncontrolled-arithmetic","kind":"path-problem","name":"Uncontrolled data in arithmetic expression","precision":"medium","problem.severity":"warning","security-severity":"8.6"}},{"id":"java/tainted-arithmetic","name":"java/tainted-arithmetic","shortDescription":{"text":"User-controlled data in arithmetic expression"},"fullDescription":{"text":"Arithmetic operations on user-controlled data that is not validated can cause overflows."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# User-controlled data in arithmetic expression\nPerforming calculations on user-controlled data can result in integer overflows unless the input is validated.\n\nIf the user is free to enter very large numbers, even arithmetic operations that would usually result in a small change in magnitude may result in overflows.\n\n\n## Recommendation\nAlways guard against overflow in arithmetic operations on user-controlled data by doing one of the following:\n\n* Validate the user input.\n* Define a guard on the arithmetic expression, so that the operation is performed only if the result can be known to be less than, or equal to, the maximum value for the type, for example `MAX_VALUE`.\n* Use a wider type, so that larger input values do not cause overflow.\n\n## Example\nIn this example, a value is read from standard input into an `int`. Because the value is a user-controlled value, it could be extremely large. Performing arithmetic operations on this value could therefore cause an overflow. To avoid this happening, the example shows how to perform a check before performing a multiplication.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t{\n\t\t\tint data;\n\n\t\t\tBufferedReader readerBuffered = new BufferedReader(\n\t\t\t\t\tnew InputStreamReader(System.in, \"UTF-8\"));\n\t\t\tString stringNumber = readerBuffered.readLine();\n\t\t\tif (stringNumber != null) {\n\t\t\t\tdata = Integer.parseInt(stringNumber.trim());\n\t\t\t} else {\n\t\t\t\tdata = 0;\n\t\t\t}\n\n\t\t\t// BAD: may overflow if input data is very large, for example\n\t\t\t// 'Integer.MAX_VALUE'\n\t\t\tint scaled = data * 10;\n\n\t\t\t//...\n\t\t\t\n\t\t\t// GOOD: use a guard to ensure no overflows occur\n\t\t\tint scaled2;\n\t\t\tif (data < Integer.MAX_VALUE / 10)\n\t\t\t\tscaled2 = data * 10;\n\t\t\telse\n\t\t\t\tscaled2 = Integer.MAX_VALUE;\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-191](https://cwe.mitre.org/data/definitions/191.html).\n","markdown":"# User-controlled data in arithmetic expression\nPerforming calculations on user-controlled data can result in integer overflows unless the input is validated.\n\nIf the user is free to enter very large numbers, even arithmetic operations that would usually result in a small change in magnitude may result in overflows.\n\n\n## Recommendation\nAlways guard against overflow in arithmetic operations on user-controlled data by doing one of the following:\n\n* Validate the user input.\n* Define a guard on the arithmetic expression, so that the operation is performed only if the result can be known to be less than, or equal to, the maximum value for the type, for example `MAX_VALUE`.\n* Use a wider type, so that larger input values do not cause overflow.\n\n## Example\nIn this example, a value is read from standard input into an `int`. Because the value is a user-controlled value, it could be extremely large. Performing arithmetic operations on this value could therefore cause an overflow. To avoid this happening, the example shows how to perform a check before performing a multiplication.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t{\n\t\t\tint data;\n\n\t\t\tBufferedReader readerBuffered = new BufferedReader(\n\t\t\t\t\tnew InputStreamReader(System.in, \"UTF-8\"));\n\t\t\tString stringNumber = readerBuffered.readLine();\n\t\t\tif (stringNumber != null) {\n\t\t\t\tdata = Integer.parseInt(stringNumber.trim());\n\t\t\t} else {\n\t\t\t\tdata = 0;\n\t\t\t}\n\n\t\t\t// BAD: may overflow if input data is very large, for example\n\t\t\t// 'Integer.MAX_VALUE'\n\t\t\tint scaled = data * 10;\n\n\t\t\t//...\n\t\t\t\n\t\t\t// GOOD: use a guard to ensure no overflows occur\n\t\t\tint scaled2;\n\t\t\tif (data < Integer.MAX_VALUE / 10)\n\t\t\t\tscaled2 = data * 10;\n\t\t\telse\n\t\t\t\tscaled2 = Integer.MAX_VALUE;\n\t\t}\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-191](https://cwe.mitre.org/data/definitions/191.html).\n"},"properties":{"tags":["security","external/cwe/cwe-190","external/cwe/cwe-191"],"description":"Arithmetic operations on user-controlled data that is not validated can cause\n              overflows.","id":"java/tainted-arithmetic","kind":"path-problem","name":"User-controlled data in arithmetic expression","precision":"medium","problem.severity":"warning","security-severity":"8.6"}},{"id":"java/comparison-with-wider-type","name":"java/comparison-with-wider-type","shortDescription":{"text":"Comparison of narrow type with wide type in loop condition"},"fullDescription":{"text":"Comparisons between types of different widths in a loop condition can cause the loop to behave unexpectedly."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Comparison of narrow type with wide type in loop condition\nIn a loop condition, comparison of a value of a narrow type with a value of a wide type may always evaluate to `true` if the wider value is sufficiently large (or small). This is because the narrower value may overflow. This can lead to an infinite loop.\n\n\n## Recommendation\nChange the types of the compared values so that the value on the narrower side of the comparison is at least as wide as the value it is being compared with.\n\n\n## Example\nIn this example, `bytesReceived` is compared against `MAXGET` in a `while` loop. However, `bytesReceived` is a `short`, and `MAXGET` is a `long`. Because `MAXGET` is larger than `Short.MAX_VALUE`, the loop condition is always `true`, so the loop never terminates.\n\nThis problem is avoided in the 'GOOD' case because `bytesReceived2` is a `long`, which is as wide as the type of `MAXGET`.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t\n\t\t{\t\t\n\t\t\tint BIGNUM = Integer.MAX_VALUE;\n\t\t\tlong MAXGET = Short.MAX_VALUE + 1;\n\t\t\t\n\t\t\tchar[] buf = new char[BIGNUM];\n\n\t\t\tshort bytesReceived = 0;\n\t\t\t\n\t\t\t// BAD: 'bytesReceived' is compared with a value of wider type.\n\t\t\t// 'bytesReceived' overflows before reaching MAXGET,\n\t\t\t// causing an infinite loop.\n\t\t\twhile (bytesReceived < MAXGET) {\n\t\t\t\tbytesReceived += getFromInput(buf, bytesReceived);\n\t\t\t}\n\t\t}\n\t\t\n\t\t{\n\t\t\tlong bytesReceived2 = 0;\n\t\t\t\n\t\t\t// GOOD: 'bytesReceived2' has a type at least as wide as MAXGET.\n\t\t\twhile (bytesReceived2 < MAXGET) {\n\t\t\t\tbytesReceived2 += getFromInput(buf, bytesReceived2);\n\t\t\t}\n\t\t}\n\t\t\n\t}\n\t\n\tpublic static int getFromInput(char[] buf, short pos) {\n\t\t// write to buf\n\t\t// ...\n\t\treturn 1;\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n","markdown":"# Comparison of narrow type with wide type in loop condition\nIn a loop condition, comparison of a value of a narrow type with a value of a wide type may always evaluate to `true` if the wider value is sufficiently large (or small). This is because the narrower value may overflow. This can lead to an infinite loop.\n\n\n## Recommendation\nChange the types of the compared values so that the value on the narrower side of the comparison is at least as wide as the value it is being compared with.\n\n\n## Example\nIn this example, `bytesReceived` is compared against `MAXGET` in a `while` loop. However, `bytesReceived` is a `short`, and `MAXGET` is a `long`. Because `MAXGET` is larger than `Short.MAX_VALUE`, the loop condition is always `true`, so the loop never terminates.\n\nThis problem is avoided in the 'GOOD' case because `bytesReceived2` is a `long`, which is as wide as the type of `MAXGET`.\n\n\n```java\nclass Test {\n\tpublic static void main(String[] args) {\n\t\t\n\t\t{\t\t\n\t\t\tint BIGNUM = Integer.MAX_VALUE;\n\t\t\tlong MAXGET = Short.MAX_VALUE + 1;\n\t\t\t\n\t\t\tchar[] buf = new char[BIGNUM];\n\n\t\t\tshort bytesReceived = 0;\n\t\t\t\n\t\t\t// BAD: 'bytesReceived' is compared with a value of wider type.\n\t\t\t// 'bytesReceived' overflows before reaching MAXGET,\n\t\t\t// causing an infinite loop.\n\t\t\twhile (bytesReceived < MAXGET) {\n\t\t\t\tbytesReceived += getFromInput(buf, bytesReceived);\n\t\t\t}\n\t\t}\n\t\t\n\t\t{\n\t\t\tlong bytesReceived2 = 0;\n\t\t\t\n\t\t\t// GOOD: 'bytesReceived2' has a type at least as wide as MAXGET.\n\t\t\twhile (bytesReceived2 < MAXGET) {\n\t\t\t\tbytesReceived2 += getFromInput(buf, bytesReceived2);\n\t\t\t}\n\t\t}\n\t\t\n\t}\n\t\n\tpublic static int getFromInput(char[] buf, short pos) {\n\t\t// write to buf\n\t\t// ...\n\t\treturn 1;\n\t}\n}\n```\n\n## References\n* SEI CERT Oracle Coding Standard for Java: [NUM00-J. Detect or prevent integer overflow](https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow).\n* Common Weakness Enumeration: [CWE-190](https://cwe.mitre.org/data/definitions/190.html).\n* Common Weakness Enumeration: [CWE-197](https://cwe.mitre.org/data/definitions/197.html).\n"},"properties":{"tags":["reliability","security","external/cwe/cwe-190","external/cwe/cwe-197"],"description":"Comparisons between types of different widths in a loop condition can cause the loop\n              to behave unexpectedly.","id":"java/comparison-with-wider-type","kind":"problem","name":"Comparison of narrow type with wide type in loop condition","precision":"medium","problem.severity":"warning","security-severity":"8.1"}},{"id":"java/android/sensitive-keyboard-cache","name":"java/android/sensitive-keyboard-cache","shortDescription":{"text":"Android sensitive keyboard cache"},"fullDescription":{"text":"Allowing the keyboard to cache sensitive information may result in information leaks to other applications."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Android sensitive keyboard cache\nWhen a user enters information in a text input field on an Android application, their input is saved to a keyboard cache which provides autocomplete suggestions and predictions. There is a risk that sensitive user data, such as passwords or banking information, may be leaked to other applications via the keyboard cache.\n\n\n## Recommendation\nFor input fields expected to accept sensitive information, use input types such as `\"textNoSuggestions\"` (or `\"textPassword\"` for a password) to ensure the input does not get stored in the keyboard cache.\n\nOptionally, instead of declaring an input type through XML, you can set the input type in your code using `TextView.setInputType()`.\n\n\n## Example\nIn the following example, the field labeled BAD allows the password to be saved to the keyboard cache, whereas the field labeled GOOD uses the `\"textPassword\"` input type to ensure the password is not cached.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<LinearLayout\n    xmlns:android=\"http://schemas.android.com/apk/res/android\"\n    xmlns:app=\"http://schemas.android.com/apk/res-auto\">\n\n    <!-- BAD: This password field uses the `text` input type, which allows the input to be saved to the keyboard cache. -->\n    <EditText\n        android:id=\"@+id/password_bad\"\n        android:inputType=\"text\"/> \n\n    <!-- GOOD: This password field uses the `textPassword` input type, which ensures that the input is not saved to the keyboard cache. -->\n    <EditText\n        android:id=\"@+id/password_good\"\n        android:inputType=\"textPassword\"/>  \n</LinearLayout>\n```\n\n## References\n* OWASP Mobile Application Security Testing Guide: [Determining Whether the Keyboard Cache Is Disabled for Text Input Fields](https://github.com/OWASP/owasp-mastg/blob/b7a93a2e5e0557cc9a12e55fc3f6675f6986bb86/Document/0x05d-Testing-Data-Storage.md#determining-whether-the-keyboard-cache-is-disabled-for-text-input-fields-mstg-storage-5).\n* Android Developers: [android:inputType attribute documentation.](https://developer.android.com/reference/android/widget/TextView#attr_android:inputType)\n* Common Weakness Enumeration: [CWE-524](https://cwe.mitre.org/data/definitions/524.html).\n","markdown":"# Android sensitive keyboard cache\nWhen a user enters information in a text input field on an Android application, their input is saved to a keyboard cache which provides autocomplete suggestions and predictions. There is a risk that sensitive user data, such as passwords or banking information, may be leaked to other applications via the keyboard cache.\n\n\n## Recommendation\nFor input fields expected to accept sensitive information, use input types such as `\"textNoSuggestions\"` (or `\"textPassword\"` for a password) to ensure the input does not get stored in the keyboard cache.\n\nOptionally, instead of declaring an input type through XML, you can set the input type in your code using `TextView.setInputType()`.\n\n\n## Example\nIn the following example, the field labeled BAD allows the password to be saved to the keyboard cache, whereas the field labeled GOOD uses the `\"textPassword\"` input type to ensure the password is not cached.\n\n\n```xml\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<LinearLayout\n    xmlns:android=\"http://schemas.android.com/apk/res/android\"\n    xmlns:app=\"http://schemas.android.com/apk/res-auto\">\n\n    <!-- BAD: This password field uses the `text` input type, which allows the input to be saved to the keyboard cache. -->\n    <EditText\n        android:id=\"@+id/password_bad\"\n        android:inputType=\"text\"/> \n\n    <!-- GOOD: This password field uses the `textPassword` input type, which ensures that the input is not saved to the keyboard cache. -->\n    <EditText\n        android:id=\"@+id/password_good\"\n        android:inputType=\"textPassword\"/>  \n</LinearLayout>\n```\n\n## References\n* OWASP Mobile Application Security Testing Guide: [Determining Whether the Keyboard Cache Is Disabled for Text Input Fields](https://github.com/OWASP/owasp-mastg/blob/b7a93a2e5e0557cc9a12e55fc3f6675f6986bb86/Document/0x05d-Testing-Data-Storage.md#determining-whether-the-keyboard-cache-is-disabled-for-text-input-fields-mstg-storage-5).\n* Android Developers: [android:inputType attribute documentation.](https://developer.android.com/reference/android/widget/TextView#attr_android:inputType)\n* Common Weakness Enumeration: [CWE-524](https://cwe.mitre.org/data/definitions/524.html).\n"},"properties":{"tags":["security","external/cwe/cwe-524"],"description":"Allowing the keyboard to cache sensitive information may result in information leaks to other applications.","id":"java/android/sensitive-keyboard-cache","kind":"problem","name":"Android sensitive keyboard cache","precision":"medium","problem.severity":"warning","security-severity":"8.1"}},{"id":"java/insecure-smtp-ssl","name":"java/insecure-smtp-ssl","shortDescription":{"text":"Insecure JavaMail SSL Configuration"},"fullDescription":{"text":"Configuring a Java application to use authenticated mail session over SSL without certificate validation makes the session susceptible to a man-in-the-middle attack."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Insecure JavaMail SSL Configuration\nJavaMail is commonly used in Java applications to send emails. There are popular third-party libraries like Apache Commons Email which are built on JavaMail and facilitate integration. Authenticated mail sessions require user credentials and mail sessions can require SSL/TLS authentication. It is a common security vulnerability that host-specific certificate data is not validated or is incorrectly validated. Failing to validate the certificate makes the SSL session susceptible to a man-in-the-middle attack.\n\nThis query checks whether the SSL certificate is validated when credentials are used and SSL is enabled in email communications.\n\nThe query has code for both plain JavaMail invocation and mailing through Apache SimpleMail to make it more comprehensive.\n\n\n## Recommendation\nValidate SSL certificate when sensitive information is sent in email communications.\n\n\n## Example\nThe following two examples show two ways of configuring secure emails through JavaMail or Apache SimpleMail. In the 'BAD' case, credentials are sent in an SSL session without certificate validation. In the 'GOOD' case, the certificate is validated.\n\n\n```java\nimport java.util.Properties;\n\nimport javax.activation.DataSource;\nimport javax.mail.Authenticator;\nimport javax.mail.Message;\nimport javax.mail.MessagingException;\nimport javax.mail.PasswordAuthentication;\nimport javax.mail.Session;\n\nimport org.apache.logging.log4j.util.PropertiesUtil;\n\nclass JavaMail {\n    public static void main(String[] args) {\n      // BAD: Don't have server certificate check\n      {\n\t\tfinal Properties properties = PropertiesUtil.getSystemProperties();\n\t\tproperties.put(\"mail.transport.protocol\", \"protocol\");\n\t\tproperties.put(\"mail.smtp.host\", \"hostname\");\n\t\tproperties.put(\"mail.smtp.socketFactory.class\", \"classname\");\n\n\t\tfinal Authenticator authenticator = buildAuthenticator(\"username\", \"password\");\n\t\tif (null != authenticator) {\n\t\t\tproperties.put(\"mail.smtp.auth\", \"true\");\n\t\t}\n\t\tfinal Session session = Session.getInstance(properties, authenticator);\n      }\n\n      // GOOD: Have server certificate check\n      {\n\t\tfinal Properties properties = PropertiesUtil.getSystemProperties();\n\t\tproperties.put(\"mail.transport.protocol\", \"protocol\");\n\t\tproperties.put(\"mail.smtp.host\", \"hostname\");\n\t\tproperties.put(\"mail.smtp.socketFactory.class\", \"classname\");\n\n\t\tfinal Authenticator authenticator = buildAuthenticator(\"username\", \"password\");\n\t\tif (null != authenticator) {\n\t\t\tproperties.put(\"mail.smtp.auth\", \"true\");\n\t\t\tproperties.put(\"mail.smtp.ssl.checkserveridentity\", \"true\");\n\t\t}\n\t\tfinal Session session = Session.getInstance(properties, authenticator);\n      }\n    }\n}\n```\n\n```java\nimport org.apache.commons.mail.DefaultAuthenticator;\nimport org.apache.commons.mail.Email;\nimport org.apache.commons.mail.EmailException;\nimport org.apache.commons.mail.SimpleEmail;\n\nclass SimpleMail {\n    public static void main(String[] args) throws EmailException {\n      // BAD: Don't have setSSLCheckServerIdentity set or set as false    \n      {\n        Email email = new SimpleEmail();\n        email.setHostName(\"hostName\");\n        email.setSmtpPort(25);\n        email.setAuthenticator(new DefaultAuthenticator(\"username\", \"password\"));\n        email.setSSLOnConnect(true);\n        \n        //email.setSSLCheckServerIdentity(false);\n        email.setFrom(\"fromAddress\");\n        email.setSubject(\"subject\");\n        email.setMsg(\"body\");\n        email.addTo(\"toAddress\");\n        email.send();\n      }\n\n      // GOOD: Have setSSLCheckServerIdentity set to true\n      {\n        Email email = new SimpleEmail();\n        email.setHostName(\"hostName\");\n        email.setSmtpPort(25);\n        email.setAuthenticator(new DefaultAuthenticator(\"username\", \"password\"));\n        email.setSSLOnConnect(true);\n\n        email.setSSLCheckServerIdentity(true);\n        email.setFrom(\"fromAddress\");\n        email.setSubject(\"subject\");\n        email.setMsg(\"body\");\n        email.addTo(\"toAddress\");\n        email.send();\n      }\n    }\n}\n```\n\n## References\n* Jakarta Mail: [SSL Notes](https://eclipse-ee4j.github.io/mail/docs/SSLNOTES.txt).\n* Apache Commons: [Email security](https://commons.apache.org/proper/commons-email/userguide.html#Security).\n* Log4j2: [Add support for specifying an SSL configuration for SmtpAppender (CVE-2020-9488)](https://issues.apache.org/jira/browse/LOG4J2-2819).\n* Common Weakness Enumeration: [CWE-297](https://cwe.mitre.org/data/definitions/297.html).\n","markdown":"# Insecure JavaMail SSL Configuration\nJavaMail is commonly used in Java applications to send emails. There are popular third-party libraries like Apache Commons Email which are built on JavaMail and facilitate integration. Authenticated mail sessions require user credentials and mail sessions can require SSL/TLS authentication. It is a common security vulnerability that host-specific certificate data is not validated or is incorrectly validated. Failing to validate the certificate makes the SSL session susceptible to a man-in-the-middle attack.\n\nThis query checks whether the SSL certificate is validated when credentials are used and SSL is enabled in email communications.\n\nThe query has code for both plain JavaMail invocation and mailing through Apache SimpleMail to make it more comprehensive.\n\n\n## Recommendation\nValidate SSL certificate when sensitive information is sent in email communications.\n\n\n## Example\nThe following two examples show two ways of configuring secure emails through JavaMail or Apache SimpleMail. In the 'BAD' case, credentials are sent in an SSL session without certificate validation. In the 'GOOD' case, the certificate is validated.\n\n\n```java\nimport java.util.Properties;\n\nimport javax.activation.DataSource;\nimport javax.mail.Authenticator;\nimport javax.mail.Message;\nimport javax.mail.MessagingException;\nimport javax.mail.PasswordAuthentication;\nimport javax.mail.Session;\n\nimport org.apache.logging.log4j.util.PropertiesUtil;\n\nclass JavaMail {\n    public static void main(String[] args) {\n      // BAD: Don't have server certificate check\n      {\n\t\tfinal Properties properties = PropertiesUtil.getSystemProperties();\n\t\tproperties.put(\"mail.transport.protocol\", \"protocol\");\n\t\tproperties.put(\"mail.smtp.host\", \"hostname\");\n\t\tproperties.put(\"mail.smtp.socketFactory.class\", \"classname\");\n\n\t\tfinal Authenticator authenticator = buildAuthenticator(\"username\", \"password\");\n\t\tif (null != authenticator) {\n\t\t\tproperties.put(\"mail.smtp.auth\", \"true\");\n\t\t}\n\t\tfinal Session session = Session.getInstance(properties, authenticator);\n      }\n\n      // GOOD: Have server certificate check\n      {\n\t\tfinal Properties properties = PropertiesUtil.getSystemProperties();\n\t\tproperties.put(\"mail.transport.protocol\", \"protocol\");\n\t\tproperties.put(\"mail.smtp.host\", \"hostname\");\n\t\tproperties.put(\"mail.smtp.socketFactory.class\", \"classname\");\n\n\t\tfinal Authenticator authenticator = buildAuthenticator(\"username\", \"password\");\n\t\tif (null != authenticator) {\n\t\t\tproperties.put(\"mail.smtp.auth\", \"true\");\n\t\t\tproperties.put(\"mail.smtp.ssl.checkserveridentity\", \"true\");\n\t\t}\n\t\tfinal Session session = Session.getInstance(properties, authenticator);\n      }\n    }\n}\n```\n\n```java\nimport org.apache.commons.mail.DefaultAuthenticator;\nimport org.apache.commons.mail.Email;\nimport org.apache.commons.mail.EmailException;\nimport org.apache.commons.mail.SimpleEmail;\n\nclass SimpleMail {\n    public static void main(String[] args) throws EmailException {\n      // BAD: Don't have setSSLCheckServerIdentity set or set as false    \n      {\n        Email email = new SimpleEmail();\n        email.setHostName(\"hostName\");\n        email.setSmtpPort(25);\n        email.setAuthenticator(new DefaultAuthenticator(\"username\", \"password\"));\n        email.setSSLOnConnect(true);\n        \n        //email.setSSLCheckServerIdentity(false);\n        email.setFrom(\"fromAddress\");\n        email.setSubject(\"subject\");\n        email.setMsg(\"body\");\n        email.addTo(\"toAddress\");\n        email.send();\n      }\n\n      // GOOD: Have setSSLCheckServerIdentity set to true\n      {\n        Email email = new SimpleEmail();\n        email.setHostName(\"hostName\");\n        email.setSmtpPort(25);\n        email.setAuthenticator(new DefaultAuthenticator(\"username\", \"password\"));\n        email.setSSLOnConnect(true);\n\n        email.setSSLCheckServerIdentity(true);\n        email.setFrom(\"fromAddress\");\n        email.setSubject(\"subject\");\n        email.setMsg(\"body\");\n        email.addTo(\"toAddress\");\n        email.send();\n      }\n    }\n}\n```\n\n## References\n* Jakarta Mail: [SSL Notes](https://eclipse-ee4j.github.io/mail/docs/SSLNOTES.txt).\n* Apache Commons: [Email security](https://commons.apache.org/proper/commons-email/userguide.html#Security).\n* Log4j2: [Add support for specifying an SSL configuration for SmtpAppender (CVE-2020-9488)](https://issues.apache.org/jira/browse/LOG4J2-2819).\n* Common Weakness Enumeration: [CWE-297](https://cwe.mitre.org/data/definitions/297.html).\n"},"properties":{"tags":["security","external/cwe/cwe-297","owasp-top10-2021","A07:2021 - Identification and Authentication Failures"],"description":"Configuring a Java application to use authenticated mail session\n              over SSL without certificate validation\n              makes the session susceptible to a man-in-the-middle attack.","id":"java/insecure-smtp-ssl","kind":"problem","name":"Insecure JavaMail SSL Configuration","precision":"medium","problem.severity":"warning","security-severity":"5.9"}},{"id":"java/relative-path-command","name":"java/relative-path-command","shortDescription":{"text":"Executing a command with a relative path"},"fullDescription":{"text":"Executing a command with a relative path is vulnerable to malicious changes in the PATH environment variable."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Executing a command with a relative path\nWhen a command is executed with a relative path, the runtime uses the PATH environment variable to find which executable to run. Therefore, any user who can change the PATH environment variable can cause the software to run a different, malicious executable.\n\n\n## Recommendation\nIn most cases, simply use a command that has an absolute path instead of a relative path.\n\nIn some cases, the location of the executable might be different on different installations. In such cases, consider specifying the location of key executables with some form of configuration. When using this approach, be careful that the configuration system is not itself vulnerable to malicious modifications.\n\n\n## Example\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        // BAD: relative path\n        Runtime.getRuntime().exec(\"make\");\n        \n        // GOOD: absolute path\n        Runtime.getRuntime().exec(\"/usr/bin/make\");\n\n        // GOOD: build an absolute path from known values\n        Runtime.getRuntime().exec(Paths.MAKE_PREFIX + \"/bin/make\");\n    }\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n","markdown":"# Executing a command with a relative path\nWhen a command is executed with a relative path, the runtime uses the PATH environment variable to find which executable to run. Therefore, any user who can change the PATH environment variable can cause the software to run a different, malicious executable.\n\n\n## Recommendation\nIn most cases, simply use a command that has an absolute path instead of a relative path.\n\nIn some cases, the location of the executable might be different on different installations. In such cases, consider specifying the location of key executables with some form of configuration. When using this approach, be careful that the configuration system is not itself vulnerable to malicious modifications.\n\n\n## Example\n\n```java\nclass Test {\n    public static void main(String[] args) {\n        // BAD: relative path\n        Runtime.getRuntime().exec(\"make\");\n        \n        // GOOD: absolute path\n        Runtime.getRuntime().exec(\"/usr/bin/make\");\n\n        // GOOD: build an absolute path from known values\n        Runtime.getRuntime().exec(Paths.MAKE_PREFIX + \"/bin/make\");\n    }\n}\n```\n\n## References\n* Common Weakness Enumeration: [CWE-78](https://cwe.mitre.org/data/definitions/78.html).\n* Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).\n"},"properties":{"tags":["security","external/cwe/cwe-078","external/cwe/cwe-088","owasp-top10-2021","A03:2021 - Injection"],"description":"Executing a command with a relative path is vulnerable to\n              malicious changes in the PATH environment variable.","id":"java/relative-path-command","kind":"problem","name":"Executing a command with a relative path","precision":"medium","problem.severity":"warning","security-severity":"9.8"}},{"id":"java/android/unsafe-android-webview-fetch","name":"java/android/unsafe-android-webview-fetch","shortDescription":{"text":"Unsafe resource fetching in Android WebView"},"fullDescription":{"text":"JavaScript rendered inside WebViews can access protected application files and web resources from any origin exposing them to attack."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Unsafe resource fetching in Android WebView\nAndroid WebViews that allow externally controlled URLs to be loaded, and whose JavaScript interface is enabled, are potentially vulnerable to cross-site scripting and sensitive resource disclosure attacks.\n\nA `WebView` whose `WebSettings` object has called `setAllowFileAccessFromFileURLs(true)` or `setAllowUniversalAccessFromFileURLs(true)` must not load any untrusted web content.\n\nEnabling these settings allows malicious scripts loaded in a `file://` context to launch cross-site scripting attacks, accessing arbitrary local files including WebView cookies, session tokens, private app data or even credentials used on arbitrary web sites.\n\nThis query detects the following two scenarios:\n\n1. A vulnerability introduced by WebViews when JavaScript is enabled and remote inputs are allowed.\n1. A more severe vulnerability when \"allow cross-origin resource access\" is also enabled. This setting was deprecated in API level 30 (Android 11), but most devices are still affected, especially since some Android phones are updated slowly or no longer updated at all.\n\n## Recommendation\nOnly allow trusted web content to be displayed in WebViews when JavaScript is enabled. Disallow cross-origin resource access in WebSettings to reduce the attack surface.\n\n\n## Example\nThe following example shows both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, JavaScript and the allow access setting are enabled and URLs are loaded from externally controlled inputs. In the 'GOOD' configuration, JavaScript is disabled or only trusted web content is allowed to be loaded.\n\n\n```java\npublic class UnsafeAndroidAccess extends Activity {\n\tpublic void onCreate(Bundle savedInstanceState) {\n\t\tsuper.onCreate(savedInstanceState);\n\t\tsetContentView(R.layout.webview);\n\n\t\t// BAD: Have both JavaScript and cross-origin resource access enabled in webview while\n\t\t// taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(R.id.my_webview);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\t\t\twebSettings.setAllowUniversalAccessFromFileURLs(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getExtras().getString(\"url\"); // dangerous remote input from  the intent's Bundle of extras\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// BAD: Have both JavaScript and cross-origin resource access enabled in webview while\n\t\t// taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(R.id.my_webview);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\t\t\twebSettings.setAllowUniversalAccessFromFileURLs(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getStringExtra(\"url\"); //dangerous remote input from intent extra\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// GOOD: Have JavaScript and cross-origin resource access disabled by default on modern Android (Jellybean+) while taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(-1);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getExtras().getString(\"url\"); // remote input\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// GOOD: Have JavaScript enabled in webview but remote user input is not allowed\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(-1);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\twv.loadUrl(\"https://www.mycorp.com\");\n\t\t}\n\t}\n}\n```\n\n## References\n* Google Help: [Fixing a File-based XSS Vulnerability](https://support.google.com/faqs/answer/7668153?hl=en)\n* OWASP: [Testing JavaScript Execution in WebViews (MSTG-PLATFORM-5)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5)\n* OWASP: [Testing WebView Protocol Handlers (MSTG-PLATFORM-6)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-webview-protocol-handlers-mstg-platform-6)\n* Common Weakness Enumeration: [CWE-749](https://cwe.mitre.org/data/definitions/749.html).\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n","markdown":"# Unsafe resource fetching in Android WebView\nAndroid WebViews that allow externally controlled URLs to be loaded, and whose JavaScript interface is enabled, are potentially vulnerable to cross-site scripting and sensitive resource disclosure attacks.\n\nA `WebView` whose `WebSettings` object has called `setAllowFileAccessFromFileURLs(true)` or `setAllowUniversalAccessFromFileURLs(true)` must not load any untrusted web content.\n\nEnabling these settings allows malicious scripts loaded in a `file://` context to launch cross-site scripting attacks, accessing arbitrary local files including WebView cookies, session tokens, private app data or even credentials used on arbitrary web sites.\n\nThis query detects the following two scenarios:\n\n1. A vulnerability introduced by WebViews when JavaScript is enabled and remote inputs are allowed.\n1. A more severe vulnerability when \"allow cross-origin resource access\" is also enabled. This setting was deprecated in API level 30 (Android 11), but most devices are still affected, especially since some Android phones are updated slowly or no longer updated at all.\n\n## Recommendation\nOnly allow trusted web content to be displayed in WebViews when JavaScript is enabled. Disallow cross-origin resource access in WebSettings to reduce the attack surface.\n\n\n## Example\nThe following example shows both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, JavaScript and the allow access setting are enabled and URLs are loaded from externally controlled inputs. In the 'GOOD' configuration, JavaScript is disabled or only trusted web content is allowed to be loaded.\n\n\n```java\npublic class UnsafeAndroidAccess extends Activity {\n\tpublic void onCreate(Bundle savedInstanceState) {\n\t\tsuper.onCreate(savedInstanceState);\n\t\tsetContentView(R.layout.webview);\n\n\t\t// BAD: Have both JavaScript and cross-origin resource access enabled in webview while\n\t\t// taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(R.id.my_webview);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\t\t\twebSettings.setAllowUniversalAccessFromFileURLs(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getExtras().getString(\"url\"); // dangerous remote input from  the intent's Bundle of extras\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// BAD: Have both JavaScript and cross-origin resource access enabled in webview while\n\t\t// taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(R.id.my_webview);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\t\t\twebSettings.setAllowUniversalAccessFromFileURLs(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getStringExtra(\"url\"); //dangerous remote input from intent extra\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// GOOD: Have JavaScript and cross-origin resource access disabled by default on modern Android (Jellybean+) while taking remote user inputs\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(-1);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tString thisUrl = getIntent().getExtras().getString(\"url\"); // remote input\n\t\t\twv.loadUrl(thisUrl);\n\t\t}\n\n\t\t// GOOD: Have JavaScript enabled in webview but remote user input is not allowed\n\t\t{\n\t\t\tWebView wv = (WebView) findViewById(-1);\n\t\t\tWebSettings webSettings = wv.getSettings();\n\n\t\t\twebSettings.setJavaScriptEnabled(true);\n\n\t\t\twv.setWebViewClient(new WebViewClient() {\n\t\t\t\t@Override\n\t\t\t\tpublic boolean shouldOverrideUrlLoading(WebView view, String url) {\n\t\t\t\t\tview.loadUrl(url);\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t});\n\n\t\t\twv.loadUrl(\"https://www.mycorp.com\");\n\t\t}\n\t}\n}\n```\n\n## References\n* Google Help: [Fixing a File-based XSS Vulnerability](https://support.google.com/faqs/answer/7668153?hl=en)\n* OWASP: [Testing JavaScript Execution in WebViews (MSTG-PLATFORM-5)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5)\n* OWASP: [Testing WebView Protocol Handlers (MSTG-PLATFORM-6)](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-webview-protocol-handlers-mstg-platform-6)\n* Common Weakness Enumeration: [CWE-749](https://cwe.mitre.org/data/definitions/749.html).\n* Common Weakness Enumeration: [CWE-79](https://cwe.mitre.org/data/definitions/79.html).\n"},"properties":{"tags":["security","external/cwe/cwe-749","external/cwe/cwe-079","owasp-top10-2021","A03:2021 - Injection"],"description":"JavaScript rendered inside WebViews can access protected\n              application files and web resources from any origin exposing them to attack.","id":"java/android/unsafe-android-webview-fetch","kind":"path-problem","name":"Unsafe resource fetching in Android WebView","precision":"medium","problem.severity":"warning","security-severity":"6.1"}},{"id":"java/concatenated-sql-query","name":"java/concatenated-sql-query","shortDescription":{"text":"Query built by concatenation with a possibly-untrusted string"},"fullDescription":{"text":"Building a SQL or Java Persistence query by concatenating a possibly-untrusted string is vulnerable to insertion of malicious code."},"defaultConfiguration":{"enabled":true,"level":"error"},"help":{"text":"# Query built by concatenation with a possibly-untrusted string\nEven when the components of a SQL query are not fully controlled by a user, it is a vulnerability to build the query by directly concatenating those components. Perhaps a separate vulnerability will allow the user to gain control of the component. As well, a user who cannot gain full control of an input might influence it enough to cause the SQL query to fail to run.\n\n\n## Recommendation\nUsually, it is better to use a SQL prepared statement than to build a complete SQL query with string concatenation. A prepared statement can include a wildcard, written as a question mark (?), for each part of the SQL query that is expected to be filled in by a different value each time it is run. When the query is later executed, a value must be supplied for each wildcard in the query.\n\nIn the Java Persistence Query Language, it is better to use queries with parameters than to build a complete query with string concatenation. A Java Persistence query can include a parameter placeholder for each part of the query that is expected to be filled in by a different value when run. A parameter placeholder may be indicated by a colon (:) followed by a parameter name, or by a question mark (?) followed by an integer position. When the query is later executed, a value must be supplied for each parameter in the query, using the `setParameter` method. Specifying the query using the `@NamedQuery` annotation introduces an additional level of safety: the query must be a constant string literal, preventing construction by string concatenation, and the only way to fill in values for parts of the query is by setting positional parameters.\n\nIt is good practice to use prepared statements (in SQL) or query parameters (in the Java Persistence Query Language) for supplying parameter values to a query, whether or not any of the parameters are directly traceable to user input. Doing so avoids any need to worry about quoting and escaping.\n\n\n## Example\nIn the following example, the code runs a simple SQL query in two different ways.\n\nThe first way involves building a query, `query1`, by concatenating the result of `getCategory` with some string literals. The result of `getCategory` can include special characters, or it might be refactored later so that it may return something that contains special characters.\n\nThe second way, which shows good practice, involves building a query, `query2`, with a single string literal that includes a wildcard (`?`). The wildcard is then given a value by calling `setString`. This version is immune to injection attacks, because any special characters in the result of `getCategory` are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have SQL special characters in it\n    String category = getCategory();\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='\"\n        + category + \"' ORDER BY PRICE\";\n    ResultSet results = statement.executeQuery(query1);\n}\n\n{\n    // GOOD: use a prepared query\n    String category = getCategory();\n    String query2 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=? ORDER BY PRICE\";\n    PreparedStatement statement = connection.prepareStatement(query2);\n    statement.setString(1, category);\n    ResultSet results = statement.executeQuery();\n}\n```\n\n## References\n* OWASP: [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html).\n* SEI CERT Oracle Coding Standard for Java: [IDS00-J. Prevent SQL injection](https://wiki.sei.cmu.edu/confluence/display/java/IDS00-J.+Prevent+SQL+injection).\n* The Java Tutorials: [Using Prepared Statements](https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html).\n* Common Weakness Enumeration: [CWE-89](https://cwe.mitre.org/data/definitions/89.html).\n* Common Weakness Enumeration: [CWE-564](https://cwe.mitre.org/data/definitions/564.html).\n","markdown":"# Query built by concatenation with a possibly-untrusted string\nEven when the components of a SQL query are not fully controlled by a user, it is a vulnerability to build the query by directly concatenating those components. Perhaps a separate vulnerability will allow the user to gain control of the component. As well, a user who cannot gain full control of an input might influence it enough to cause the SQL query to fail to run.\n\n\n## Recommendation\nUsually, it is better to use a SQL prepared statement than to build a complete SQL query with string concatenation. A prepared statement can include a wildcard, written as a question mark (?), for each part of the SQL query that is expected to be filled in by a different value each time it is run. When the query is later executed, a value must be supplied for each wildcard in the query.\n\nIn the Java Persistence Query Language, it is better to use queries with parameters than to build a complete query with string concatenation. A Java Persistence query can include a parameter placeholder for each part of the query that is expected to be filled in by a different value when run. A parameter placeholder may be indicated by a colon (:) followed by a parameter name, or by a question mark (?) followed by an integer position. When the query is later executed, a value must be supplied for each parameter in the query, using the `setParameter` method. Specifying the query using the `@NamedQuery` annotation introduces an additional level of safety: the query must be a constant string literal, preventing construction by string concatenation, and the only way to fill in values for parts of the query is by setting positional parameters.\n\nIt is good practice to use prepared statements (in SQL) or query parameters (in the Java Persistence Query Language) for supplying parameter values to a query, whether or not any of the parameters are directly traceable to user input. Doing so avoids any need to worry about quoting and escaping.\n\n\n## Example\nIn the following example, the code runs a simple SQL query in two different ways.\n\nThe first way involves building a query, `query1`, by concatenating the result of `getCategory` with some string literals. The result of `getCategory` can include special characters, or it might be refactored later so that it may return something that contains special characters.\n\nThe second way, which shows good practice, involves building a query, `query2`, with a single string literal that includes a wildcard (`?`). The wildcard is then given a value by calling `setString`. This version is immune to injection attacks, because any special characters in the result of `getCategory` are not given any special treatment.\n\n\n```java\n{\n    // BAD: the category might have SQL special characters in it\n    String category = getCategory();\n    Statement statement = connection.createStatement();\n    String query1 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='\"\n        + category + \"' ORDER BY PRICE\";\n    ResultSet results = statement.executeQuery(query1);\n}\n\n{\n    // GOOD: use a prepared query\n    String category = getCategory();\n    String query2 = \"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=? ORDER BY PRICE\";\n    PreparedStatement statement = connection.prepareStatement(query2);\n    statement.setString(1, category);\n    ResultSet results = statement.executeQuery();\n}\n```\n\n## References\n* OWASP: [SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html).\n* SEI CERT Oracle Coding Standard for Java: [IDS00-J. Prevent SQL injection](https://wiki.sei.cmu.edu/confluence/display/java/IDS00-J.+Prevent+SQL+injection).\n* The Java Tutorials: [Using Prepared Statements](https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html).\n* Common Weakness Enumeration: [CWE-89](https://cwe.mitre.org/data/definitions/89.html).\n* Common Weakness Enumeration: [CWE-564](https://cwe.mitre.org/data/definitions/564.html).\n"},"properties":{"tags":["security","external/cwe/cwe-089","external/cwe/cwe-564","owasp-top10-2021","A03:2021 - Injection"],"description":"Building a SQL or Java Persistence query by concatenating a possibly-untrusted string\n              is vulnerable to insertion of malicious code.","id":"java/concatenated-sql-query","kind":"problem","name":"Query built by concatenation with a possibly-untrusted string","precision":"medium","problem.severity":"error","security-severity":"8.8"}},{"id":"java/unreachable-exit-in-loop","name":"java/unreachable-exit-in-loop","shortDescription":{"text":"Loop with unreachable exit condition"},"fullDescription":{"text":"An iteration or loop with an exit condition that cannot be reached is an indication of faulty logic and can likely lead to infinite looping."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Loop with unreachable exit condition\nLoops can contain multiple exit conditions, either directly in the loop condition or as guards around `break` or `return` statements. If an exit condition cannot be satisfied, then the code is misleading at best, and the loop might not terminate.\n\n\n## Recommendation\nWhen writing a loop that is intended to terminate, make sure that all the necessary exit conditions can be satisfied and that loop termination is clear.\n\n\n## Example\nThe following example shows a potentially infinite loop, since the inner loop condition is constantly true. Of course, the loop may or may not be infinite depending on the behavior of `shouldBreak`, but if this was intended as the only exit condition the loop should be rewritten to make this clear.\n\n\n```java\nfor (int i=0; i<10; i++) {\n    for (int j=0; i<10; j++) {\n        // do stuff\n        if (shouldBreak()) break;\n    }\n}\n\n```\nTo fix the loop the condition is corrected to check the right variable.\n\n\n```java\nfor (int i=0; i<10; i++) {\n    for (int j=0; j<10; j++) {\n        // do stuff\n        if (shouldBreak()) break;\n    }\n}\n\n```\n\n## References\n* Java Language Specification: [Blocks and Statements](https://docs.oracle.com/javase/specs/jls/se11/html/jls-14.html).\n* Common Weakness Enumeration: [CWE-835](https://cwe.mitre.org/data/definitions/835.html).\n","markdown":"# Loop with unreachable exit condition\nLoops can contain multiple exit conditions, either directly in the loop condition or as guards around `break` or `return` statements. If an exit condition cannot be satisfied, then the code is misleading at best, and the loop might not terminate.\n\n\n## Recommendation\nWhen writing a loop that is intended to terminate, make sure that all the necessary exit conditions can be satisfied and that loop termination is clear.\n\n\n## Example\nThe following example shows a potentially infinite loop, since the inner loop condition is constantly true. Of course, the loop may or may not be infinite depending on the behavior of `shouldBreak`, but if this was intended as the only exit condition the loop should be rewritten to make this clear.\n\n\n```java\nfor (int i=0; i<10; i++) {\n    for (int j=0; i<10; j++) {\n        // do stuff\n        if (shouldBreak()) break;\n    }\n}\n\n```\nTo fix the loop the condition is corrected to check the right variable.\n\n\n```java\nfor (int i=0; i<10; i++) {\n    for (int j=0; j<10; j++) {\n        // do stuff\n        if (shouldBreak()) break;\n    }\n}\n\n```\n\n## References\n* Java Language Specification: [Blocks and Statements](https://docs.oracle.com/javase/specs/jls/se11/html/jls-14.html).\n* Common Weakness Enumeration: [CWE-835](https://cwe.mitre.org/data/definitions/835.html).\n"},"properties":{"tags":["security","external/cwe/cwe-835"],"description":"An iteration or loop with an exit condition that cannot be\n              reached is an indication of faulty logic and can likely lead to infinite\n              looping.","id":"java/unreachable-exit-in-loop","kind":"problem","name":"Loop with unreachable exit condition","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/android/incomplete-provider-permissions","name":"java/android/incomplete-provider-permissions","shortDescription":{"text":"Missing read or write permission in a content provider"},"fullDescription":{"text":"Android content providers which do not configure both read and write permissions can allow permission bypass."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Missing read or write permission in a content provider\nThe Android manifest file specifies the content providers for the application using `provider` elements. The `provider` element specifies the explicit permissions an application requires in order to access a resource using that provider. You specify the permissions using the `android:readPermission`, `android:writePermission`, or `android:permission` attributes. If you do not specify the permission required to perform an operation, the application will implicitly have access to perform that operation. For example, if you specify only `android:readPermission`, the application must have explicit permission to read data, but requires no permission to write data.\n\n\n## Recommendation\nTo prevent permission bypass, you should create `provider` elements that either specify both the `android:readPermission` and `android:writePermission` attributes, or specify the `android:permission` attribute.\n\n\n## Example\nIn the following two (bad) examples, the provider is configured with only read or write permissions. This allows a malicious application to bypass the permission check by requesting access to the unrestricted operation.\n\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- BAD: only 'android:readPermission' is set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:readPermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- BAD: only 'android:writePermission' is set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:writePermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\nIn the following (good) examples, the provider is configured with full permissions, protecting it from a permissions bypass.\n\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- Good: both 'android:readPermission' and 'android:writePermission' are set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:writePermission=\"android.permission.MANAGE_DOCUMENTS\"\n          android:readPermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- Good: 'android:permission' is set  -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:permission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Documentation: [Provider element](https://developer.android.com/guide/topics/manifest/provider-element)\n* CVE-2021-41166: [Insufficient permission control in Nextcloud Android app](https://nvd.nist.gov/vuln/detail/CVE-2021-41166)\n* GitHub Security Lab Research: [Insufficient permission control in Nextcloud Android app](https://securitylab.github.com/advisories/GHSL-2021-1007-Nextcloud_Android_app/#issue-2-permission-bypass-in-disklruimagecachefileprovider-ghsl-2021-1008)\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n","markdown":"# Missing read or write permission in a content provider\nThe Android manifest file specifies the content providers for the application using `provider` elements. The `provider` element specifies the explicit permissions an application requires in order to access a resource using that provider. You specify the permissions using the `android:readPermission`, `android:writePermission`, or `android:permission` attributes. If you do not specify the permission required to perform an operation, the application will implicitly have access to perform that operation. For example, if you specify only `android:readPermission`, the application must have explicit permission to read data, but requires no permission to write data.\n\n\n## Recommendation\nTo prevent permission bypass, you should create `provider` elements that either specify both the `android:readPermission` and `android:writePermission` attributes, or specify the `android:permission` attribute.\n\n\n## Example\nIn the following two (bad) examples, the provider is configured with only read or write permissions. This allows a malicious application to bypass the permission check by requesting access to the unrestricted operation.\n\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- BAD: only 'android:readPermission' is set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:readPermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- BAD: only 'android:writePermission' is set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:writePermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\nIn the following (good) examples, the provider is configured with full permissions, protecting it from a permissions bypass.\n\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- Good: both 'android:readPermission' and 'android:writePermission' are set -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:writePermission=\"android.permission.MANAGE_DOCUMENTS\"\n          android:readPermission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n```xml\n<manifest ... >\n    <application ...>\n      <!-- Good: 'android:permission' is set  -->\n      <provider\n          android:name=\".MyContentProvider\"\n          android:authorities=\"table\"\n          android:enabled=\"true\"\n          android:exported=\"true\"\n          android:permission=\"android.permission.MANAGE_DOCUMENTS\">\n      </provider>\n    </application>\n</manifest>\n\n```\n\n## References\n* Android Documentation: [Provider element](https://developer.android.com/guide/topics/manifest/provider-element)\n* CVE-2021-41166: [Insufficient permission control in Nextcloud Android app](https://nvd.nist.gov/vuln/detail/CVE-2021-41166)\n* GitHub Security Lab Research: [Insufficient permission control in Nextcloud Android app](https://securitylab.github.com/advisories/GHSL-2021-1007-Nextcloud_Android_app/#issue-2-permission-bypass-in-disklruimagecachefileprovider-ghsl-2021-1008)\n* Common Weakness Enumeration: [CWE-926](https://cwe.mitre.org/data/definitions/926.html).\n"},"properties":{"tags":["security","external/cwe/cwe-926"],"description":"Android content providers which do not configure both read and write permissions can allow permission bypass.","id":"java/android/incomplete-provider-permissions","kind":"problem","name":"Missing read or write permission in a content provider","precision":"medium","problem.severity":"warning","security-severity":"8.2"}},{"id":"java/potentially-weak-cryptographic-algorithm","name":"java/potentially-weak-cryptographic-algorithm","shortDescription":{"text":"Use of a potentially broken or risky cryptographic algorithm"},"fullDescription":{"text":"Using broken or weak cryptographic algorithms can allow an attacker to compromise security."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Use of a potentially broken or risky cryptographic algorithm\nUsing broken or weak cryptographic algorithms can leave data vulnerable to being decrypted.\n\nMany cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that an attacker may be able to easily decrypt the encrypted data.\n\n\n## Recommendation\nEnsure that you use a strong, modern cryptographic algorithm. Use at least AES-128 or RSA-2048. Do not use the ECB encryption mode since it is vulnerable to replay and other attacks.\n\n\n## Example\nThe following code shows an example of using a java `Cipher` to encrypt some data. When creating a `Cipher` instance, you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a strong modern algorithm.\n\n\n```java\n// BAD: DES is a weak algorithm \nCipher des = Cipher.getInstance(\"DES\");\ncipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);\n\nbyte[] encrypted = cipher.doFinal(input.getBytes(\"UTF-8\"));\n\n// ...\n\n// GOOD: AES is a strong algorithm\nCipher aes = Cipher.getInstance(\"AES\");\n\n// ...\n\n```\n\n## References\n* NIST, FIPS 140 Annex a: [ Approved Security Functions](http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf).\n* NIST, SP 800-131A: [ Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf).\n* Common Weakness Enumeration: [CWE-327](https://cwe.mitre.org/data/definitions/327.html).\n* Common Weakness Enumeration: [CWE-328](https://cwe.mitre.org/data/definitions/328.html).\n","markdown":"# Use of a potentially broken or risky cryptographic algorithm\nUsing broken or weak cryptographic algorithms can leave data vulnerable to being decrypted.\n\nMany cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that an attacker may be able to easily decrypt the encrypted data.\n\n\n## Recommendation\nEnsure that you use a strong, modern cryptographic algorithm. Use at least AES-128 or RSA-2048. Do not use the ECB encryption mode since it is vulnerable to replay and other attacks.\n\n\n## Example\nThe following code shows an example of using a java `Cipher` to encrypt some data. When creating a `Cipher` instance, you must specify the encryption algorithm to use. The first example uses DES, which is an older algorithm that is now considered weak. The second example uses AES, which is a strong modern algorithm.\n\n\n```java\n// BAD: DES is a weak algorithm \nCipher des = Cipher.getInstance(\"DES\");\ncipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);\n\nbyte[] encrypted = cipher.doFinal(input.getBytes(\"UTF-8\"));\n\n// ...\n\n// GOOD: AES is a strong algorithm\nCipher aes = Cipher.getInstance(\"AES\");\n\n// ...\n\n```\n\n## References\n* NIST, FIPS 140 Annex a: [ Approved Security Functions](http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf).\n* NIST, SP 800-131A: [ Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf).\n* Common Weakness Enumeration: [CWE-327](https://cwe.mitre.org/data/definitions/327.html).\n* Common Weakness Enumeration: [CWE-328](https://cwe.mitre.org/data/definitions/328.html).\n"},"properties":{"tags":["security","external/cwe/cwe-327","external/cwe/cwe-328","owasp-top10-2021","A02:2021 - Cryptographic Failures"],"description":"Using broken or weak cryptographic algorithms can allow an attacker to compromise security.","id":"java/potentially-weak-cryptographic-algorithm","kind":"path-problem","name":"Use of a potentially broken or risky cryptographic algorithm","precision":"medium","problem.severity":"warning","security-severity":"7.5"}},{"id":"java/summary/lines-of-code","name":"java/summary/lines-of-code","shortDescription":{"text":"Total lines of Java code in the database"},"fullDescription":{"text":"The total number of lines of code across all files. This is a useful metric of the size of a database. For all files that were seen during the build, this query counts the lines of code, excluding whitespace or comments."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","lines-of-code"],"description":"The total number of lines of code across all files. This is a useful metric of the size of a database.\n              For all files that were seen during the build, this query counts the lines of code, excluding whitespace\n              or comments.","id":"java/summary/lines-of-code","kind":"metric","name":"Total lines of Java code in the database"}},{"id":"java/telemetry/supported-external-api","name":"java/telemetry/supported-external-api","shortDescription":{"text":"Usage of supported APIs coming from external libraries"},"fullDescription":{"text":"A list of supported 3rd party APIs used in the codebase. Excludes test and generated code."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of supported 3rd party APIs used in the codebase. Excludes test and generated code.","id":"java/telemetry/supported-external-api","kind":"metric","name":"Usage of supported APIs coming from external libraries"}},{"id":"java/telemetry/supported-external-api-taint","name":"java/telemetry/supported-external-api-taint","shortDescription":{"text":"Supported flow steps in external libraries"},"fullDescription":{"text":"A list of 3rd party APIs detected as flow steps. Excludes test and generated code."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of 3rd party APIs detected as flow steps. Excludes test and generated code.","id":"java/telemetry/supported-external-api-taint","kind":"metric","name":"Supported flow steps in external libraries"}},{"id":"java/telemetry/supported-external-api-sinks","name":"java/telemetry/supported-external-api-sinks","shortDescription":{"text":"Supported sinks in external libraries"},"fullDescription":{"text":"A list of 3rd party APIs detected as sinks. Excludes test and generated code."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of 3rd party APIs detected as sinks. Excludes test and generated code.","id":"java/telemetry/supported-external-api-sinks","kind":"metric","name":"Supported sinks in external libraries"}},{"id":"java/telemetry/external-libs","name":"java/telemetry/external-libs","shortDescription":{"text":"External libraries"},"fullDescription":{"text":"A list of external libraries used in the code"},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of external libraries used in the code","id":"java/telemetry/external-libs","kind":"metric","name":"External libraries"}},{"id":"java/telemetry/unsupported-external-api","name":"java/telemetry/unsupported-external-api","shortDescription":{"text":"Usage of unsupported APIs coming from external libraries"},"fullDescription":{"text":"A list of 3rd party APIs used in the codebase. Excludes test and generated code."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of 3rd party APIs used in the codebase. Excludes test and generated code.","id":"java/telemetry/unsupported-external-api","kind":"metric","name":"Usage of unsupported APIs coming from external libraries"}},{"id":"java/telemetry/extraction-information","name":"java/telemetry/extraction-information","shortDescription":{"text":"Java extraction information"},"fullDescription":{"text":"Information about the extraction for a Java database"},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"Information about the extraction for a Java database","id":"java/telemetry/extraction-information","kind":"metric","name":"Java extraction information"}},{"id":"java/telemetry/supported-external-api-sources","name":"java/telemetry/supported-external-api-sources","shortDescription":{"text":"Supported sources in external libraries"},"fullDescription":{"text":"A list of 3rd party APIs detected as sources. Excludes test and generated code."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","telemetry"],"description":"A list of 3rd party APIs detected as sources. Excludes test and generated code.","id":"java/telemetry/supported-external-api-sources","kind":"metric","name":"Supported sources in external libraries"}}],"locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-queries/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/java-queries/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/python-all","semanticVersion":"0.7.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-all/0.7.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-all/0.7.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/cpp-queries","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-queries/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-queries/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/go-queries","semanticVersion":"0.4.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-queries/0.4.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-queries/0.4.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/suite-helpers","semanticVersion":"0.4.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/suite-helpers/0.4.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/suite-helpers/0.4.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/python-queries","semanticVersion":"0.6.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-queries/0.6.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/python-queries/0.6.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/cpp-all","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-all/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/cpp-all/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/ruby-queries","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-queries/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/ruby-queries/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/swift-all","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/swift-all/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/swift-all/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/typetracking","semanticVersion":"0.0.3+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/typetracking/0.0.3/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/typetracking/0.0.3/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/go-examples","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-examples/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/go-examples/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/swift-queries","semanticVersion":"0.0.0+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/swift-queries/0.0.0/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/swift-queries/0.0.0/qlpack.yml","description":{"text":"The QL pack definition file."}}]},{"name":"codeql/javascript-queries","semanticVersion":"0.5.2+aef66c462abe817e33aad91d97aa782a1e2ad2c7","locations":[{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-queries/0.5.2/","description":{"text":"The QL pack root directory."}},{"uri":"file:///opt/hostedtoolcache/CodeQL/2.12.2-20230207/x64/codeql/qlpacks/codeql/javascript-queries/0.5.2/qlpack.yml","description":{"text":"The QL pack definition file."}}]}]},"invocations":[{"toolExecutionNotifications":[{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java","uriBaseId":"%SRCROOT%","index":54}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/SimpleXXETest.java","uriBaseId":"%SRCROOT%","index":55}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java","uriBaseId":"%SRCROOT%","index":56}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/StoredXssCommentsTest.java","uriBaseId":"%SRCROOT%","index":57}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignmentTest.java","uriBaseId":"%SRCROOT%","index":58}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":59}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6aTest.java","uriBaseId":"%SRCROOT%","index":60}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/session/LessonTrackerTest.java","uriBaseId":"%SRCROOT%","index":61}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/IDORIntegrationTest.java","uriBaseId":"%SRCROOT%","index":62}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrievalTest.java","uriBaseId":"%SRCROOT%","index":63}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java","uriBaseId":"%SRCROOT%","index":64}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequestTest.java","uriBaseId":"%SRCROOT%","index":65}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java","uriBaseId":"%SRCROOT%","index":66}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProviderTest.java","uriBaseId":"%SRCROOT%","index":67}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13Test.java","uriBaseId":"%SRCROOT%","index":68}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java","uriBaseId":"%SRCROOT%","index":69}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java","uriBaseId":"%SRCROOT%","index":70}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/authbypass/BypassVerificationTest.java","uriBaseId":"%SRCROOT%","index":71}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxControllerTest.java","uriBaseId":"%SRCROOT%","index":72}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java","uriBaseId":"%SRCROOT%","index":73}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":74}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java","uriBaseId":"%SRCROOT%","index":75}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFixTest.java","uriBaseId":"%SRCROOT%","index":76}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/XSSIntegrationTest.java","uriBaseId":"%SRCROOT%","index":77}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":3}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java","uriBaseId":"%SRCROOT%","index":78}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/ReportCardServiceTest.java","uriBaseId":"%SRCROOT%","index":79}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/plugins/LessonTest.java","uriBaseId":"%SRCROOT%","index":80}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/cia/CIAQuizTest.java","uriBaseId":"%SRCROOT%","index":81}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":82}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/csrf/CSRFFeedbackTest.java","uriBaseId":"%SRCROOT%","index":83}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java","uriBaseId":"%SRCROOT%","index":84}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java","uriBaseId":"%SRCROOT%","index":85}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationTest.java","uriBaseId":"%SRCROOT%","index":86}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5Test.java","uriBaseId":"%SRCROOT%","index":87}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java","uriBaseId":"%SRCROOT%","index":88}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1Test.java","uriBaseId":"%SRCROOT%","index":89}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java","uriBaseId":"%SRCROOT%","index":90}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest2.java","uriBaseId":"%SRCROOT%","index":91}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":92}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserValidatorTest.java","uriBaseId":"%SRCROOT%","index":93}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/WebGoatApplication.java","uriBaseId":"%SRCROOT%","index":94}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":95}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignmentTest.java","uriBaseId":"%SRCROOT%","index":96}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5aTest.java","uriBaseId":"%SRCROOT%","index":97}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java","uriBaseId":"%SRCROOT%","index":98}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/SqlLessonTest.java","uriBaseId":"%SRCROOT%","index":99}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/user/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":100}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java","uriBaseId":"%SRCROOT%","index":101}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":102}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java","uriBaseId":"%SRCROOT%","index":103}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignmentTest.java","uriBaseId":"%SRCROOT%","index":104}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInputTest.java","uriBaseId":"%SRCROOT%","index":105}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingTest.java","uriBaseId":"%SRCROOT%","index":106}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevToolsTest.java","uriBaseId":"%SRCROOT%","index":107}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java","uriBaseId":"%SRCROOT%","index":108}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10Test.java","uriBaseId":"%SRCROOT%","index":109}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonProgressServiceTest.java","uriBaseId":"%SRCROOT%","index":110}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6bTest.java","uriBaseId":"%SRCROOT%","index":111}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2Test.java","uriBaseId":"%SRCROOT%","index":112}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":113}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":114}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpointTest.java","uriBaseId":"%SRCROOT%","index":115}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/cryptography/CryptoUtilTest.java","uriBaseId":"%SRCROOT%","index":116}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java","uriBaseId":"%SRCROOT%","index":117}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpointTest.java","uriBaseId":"%SRCROOT%","index":118}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/session/LabelDebuggerTest.java","uriBaseId":"%SRCROOT%","index":119}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpointTest.java","uriBaseId":"%SRCROOT%","index":120}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDecTest.java","uriBaseId":"%SRCROOT%","index":121}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":122}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidationTest.java","uriBaseId":"%SRCROOT%","index":123}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java","uriBaseId":"%SRCROOT%","index":124}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java","uriBaseId":"%SRCROOT%","index":125}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":126}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepositoryTest.java","uriBaseId":"%SRCROOT%","index":127}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserRepositoryTest.java","uriBaseId":"%SRCROOT%","index":128}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentTest.java","uriBaseId":"%SRCROOT%","index":129}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/deserialization/DeserializeTest.java","uriBaseId":"%SRCROOT%","index":130}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":131}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/challenges/Assignment1Test.java","uriBaseId":"%SRCROOT%","index":132}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9Test.java","uriBaseId":"%SRCROOT%","index":133}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest1.java","uriBaseId":"%SRCROOT%","index":134}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java","uriBaseId":"%SRCROOT%","index":135}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadTest.java","uriBaseId":"%SRCROOT%","index":136}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8Test.java","uriBaseId":"%SRCROOT%","index":137}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpointTest.java","uriBaseId":"%SRCROOT%","index":138}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/assignments/AssignmentEndpointTest.java","uriBaseId":"%SRCROOT%","index":139}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java","uriBaseId":"%SRCROOT%","index":140}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/IntegrationTest.java","uriBaseId":"%SRCROOT%","index":141}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/XXEIntegrationTest.java","uriBaseId":"%SRCROOT%","index":142}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java","uriBaseId":"%SRCROOT%","index":143}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":144}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/HintServiceTest.java","uriBaseId":"%SRCROOT%","index":145}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/WebSession.java","uriBaseId":"%SRCROOT%","index":146}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java","uriBaseId":"%SRCROOT%","index":147}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java","uriBaseId":"%SRCROOT%","index":148}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java","uriBaseId":"%SRCROOT%","index":149}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java","uriBaseId":"%SRCROOT%","index":150}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java","uriBaseId":"%SRCROOT%","index":151}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Language.java","uriBaseId":"%SRCROOT%","index":152}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java","uriBaseId":"%SRCROOT%","index":153}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java","uriBaseId":"%SRCROOT%","index":154}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java","uriBaseId":"%SRCROOT%","index":155}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/ParentConfig.java","uriBaseId":"%SRCROOT%","index":156}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java","uriBaseId":"%SRCROOT%","index":157}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/controller/StartLesson.java","uriBaseId":"%SRCROOT%","index":158}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserRepository.java","uriBaseId":"%SRCROOT%","index":159}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":52}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjection.java","uriBaseId":"%SRCROOT%","index":160}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordResetEmail.java","uriBaseId":"%SRCROOT%","index":161}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java","uriBaseId":"%SRCROOT%","index":162}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTController.java","uriBaseId":"%SRCROOT%","index":163}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserService.java","uriBaseId":"%SRCROOT%","index":164}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevTools.java","uriBaseId":"%SRCROOT%","index":165}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":166}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/Salaries.java","uriBaseId":"%SRCROOT%","index":167}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java","uriBaseId":"%SRCROOT%","index":168}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/resetlink/PasswordChangeForm.java","uriBaseId":"%SRCROOT%","index":169}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java","uriBaseId":"%SRCROOT%","index":170}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java","uriBaseId":"%SRCROOT%","index":171}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/SessionService.java","uriBaseId":"%SRCROOT%","index":172}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Ping.java","uriBaseId":"%SRCROOT%","index":173}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java","uriBaseId":"%SRCROOT%","index":174}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java","uriBaseId":"%SRCROOT%","index":175}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java","uriBaseId":"%SRCROOT%","index":176}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java","uriBaseId":"%SRCROOT%","index":177}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java","uriBaseId":"%SRCROOT%","index":178}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/LessonTracker.java","uriBaseId":"%SRCROOT%","index":179}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java","uriBaseId":"%SRCROOT%","index":180}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/Requests.java","uriBaseId":"%SRCROOT%","index":181}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":182}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java","uriBaseId":"%SRCROOT%","index":183}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java","uriBaseId":"%SRCROOT%","index":184}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":41}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java","uriBaseId":"%SRCROOT%","index":185}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java","uriBaseId":"%SRCROOT%","index":186}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebWolf.java","uriBaseId":"%SRCROOT%","index":187}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java","uriBaseId":"%SRCROOT%","index":188}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java","uriBaseId":"%SRCROOT%","index":189}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebGoat.java","uriBaseId":"%SRCROOT%","index":190}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java","uriBaseId":"%SRCROOT%","index":191}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/HammerHead.java","uriBaseId":"%SRCROOT%","index":192}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java","uriBaseId":"%SRCROOT%","index":193}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelService.java","uriBaseId":"%SRCROOT%","index":194}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java","uriBaseId":"%SRCROOT%","index":195}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordReset.java","uriBaseId":"%SRCROOT%","index":196}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java","uriBaseId":"%SRCROOT%","index":197}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java","uriBaseId":"%SRCROOT%","index":198}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java","uriBaseId":"%SRCROOT%","index":199}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java","uriBaseId":"%SRCROOT%","index":200}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java","uriBaseId":"%SRCROOT%","index":201}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Category.java","uriBaseId":"%SRCROOT%","index":202}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java","uriBaseId":"%SRCROOT%","index":203}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepository.java","uriBaseId":"%SRCROOT%","index":204}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/Review.java","uriBaseId":"%SRCROOT%","index":205}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java","uriBaseId":"%SRCROOT%","index":206}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java","uriBaseId":"%SRCROOT%","index":207}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java","uriBaseId":"%SRCROOT%","index":208}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":2}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java","uriBaseId":"%SRCROOT%","index":209}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java","uriBaseId":"%SRCROOT%","index":210}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":211}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java","uriBaseId":"%SRCROOT%","index":212}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java","uriBaseId":"%SRCROOT%","index":213}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java","uriBaseId":"%SRCROOT%","index":214}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":215}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java","uriBaseId":"%SRCROOT%","index":216}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java","uriBaseId":"%SRCROOT%","index":217}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/UserSessionData.java","uriBaseId":"%SRCROOT%","index":218}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":51}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java","uriBaseId":"%SRCROOT%","index":219}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTampering.java","uriBaseId":"%SRCROOT%","index":220}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flags.java","uriBaseId":"%SRCROOT%","index":221}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpProxies.java","uriBaseId":"%SRCROOT%","index":222}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsEndpoint.java","uriBaseId":"%SRCROOT%","index":223}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Hint.java","uriBaseId":"%SRCROOT%","index":224}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/controller/Welcome.java","uriBaseId":"%SRCROOT%","index":225}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":27}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Comment.java","uriBaseId":"%SRCROOT%","index":226}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/PathTraversal.java","uriBaseId":"%SRCROOT%","index":227}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java","uriBaseId":"%SRCROOT%","index":228}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java","uriBaseId":"%SRCROOT%","index":229}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java","uriBaseId":"%SRCROOT%","index":230}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":42}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java","uriBaseId":"%SRCROOT%","index":231}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java","uriBaseId":"%SRCROOT%","index":232}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java","uriBaseId":"%SRCROOT%","index":233}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasics.java","uriBaseId":"%SRCROOT%","index":234}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java","uriBaseId":"%SRCROOT%","index":235}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java","uriBaseId":"%SRCROOT%","index":236}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java","uriBaseId":"%SRCROOT%","index":237}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java","uriBaseId":"%SRCROOT%","index":238}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictions.java","uriBaseId":"%SRCROOT%","index":239}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java","uriBaseId":"%SRCROOT%","index":240}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java","uriBaseId":"%SRCROOT%","index":241}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java","uriBaseId":"%SRCROOT%","index":242}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":243}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/ReportCardService.java","uriBaseId":"%SRCROOT%","index":244}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpoint.java","uriBaseId":"%SRCROOT%","index":245}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":1}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java","uriBaseId":"%SRCROOT%","index":246}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/TriedQuestions.java","uriBaseId":"%SRCROOT%","index":247}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":248}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java","uriBaseId":"%SRCROOT%","index":249}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java","uriBaseId":"%SRCROOT%","index":250}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java","uriBaseId":"%SRCROOT%","index":251}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Email.java","uriBaseId":"%SRCROOT%","index":252}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java","uriBaseId":"%SRCROOT%","index":253}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java","uriBaseId":"%SRCROOT%","index":254}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java","uriBaseId":"%SRCROOT%","index":255}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java","uriBaseId":"%SRCROOT%","index":256}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/Comment.java","uriBaseId":"%SRCROOT%","index":257}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":53}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/WebWolfIntroduction.java","uriBaseId":"%SRCROOT%","index":258}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java","uriBaseId":"%SRCROOT%","index":259}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java","uriBaseId":"%SRCROOT%","index":260}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java","uriBaseId":"%SRCROOT%","index":261}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java","uriBaseId":"%SRCROOT%","index":262}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java","uriBaseId":"%SRCROOT%","index":263}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserValidator.java","uriBaseId":"%SRCROOT%","index":264}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java","uriBaseId":"%SRCROOT%","index":265}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java","uriBaseId":"%SRCROOT%","index":266}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":50}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java","uriBaseId":"%SRCROOT%","index":267}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java","uriBaseId":"%SRCROOT%","index":268}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Assignment.java","uriBaseId":"%SRCROOT%","index":269}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java","uriBaseId":"%SRCROOT%","index":270}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webgoatintroduction/WebGoatIntroduction.java","uriBaseId":"%SRCROOT%","index":271}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java","uriBaseId":"%SRCROOT%","index":272}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java","uriBaseId":"%SRCROOT%","index":273}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java","uriBaseId":"%SRCROOT%","index":274}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java","uriBaseId":"%SRCROOT%","index":275}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":46}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java","uriBaseId":"%SRCROOT%","index":276}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/User.java","uriBaseId":"%SRCROOT%","index":277}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java","uriBaseId":"%SRCROOT%","index":278}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserRepository.java","uriBaseId":"%SRCROOT%","index":279}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java","uriBaseId":"%SRCROOT%","index":280}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java","uriBaseId":"%SRCROOT%","index":281}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java","uriBaseId":"%SRCROOT%","index":282}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java","uriBaseId":"%SRCROOT%","index":283}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":284}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswords.java","uriBaseId":"%SRCROOT%","index":285}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/StartWebGoat.java","uriBaseId":"%SRCROOT%","index":286}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java","uriBaseId":"%SRCROOT%","index":287}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java","uriBaseId":"%SRCROOT%","index":288}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Messages.java","uriBaseId":"%SRCROOT%","index":289}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java","uriBaseId":"%SRCROOT%","index":290}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java","uriBaseId":"%SRCROOT%","index":291}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AuthBypass.java","uriBaseId":"%SRCROOT%","index":292}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Lesson.java","uriBaseId":"%SRCROOT%","index":293}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java","uriBaseId":"%SRCROOT%","index":294}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java","uriBaseId":"%SRCROOT%","index":295}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java","uriBaseId":"%SRCROOT%","index":296}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java","uriBaseId":"%SRCROOT%","index":297}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java","uriBaseId":"%SRCROOT%","index":298}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionAdvanced.java","uriBaseId":"%SRCROOT%","index":299}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java","uriBaseId":"%SRCROOT%","index":300}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIA.java","uriBaseId":"%SRCROOT%","index":301}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java","uriBaseId":"%SRCROOT%","index":302}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java","uriBaseId":"%SRCROOT%","index":303}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLogin.java","uriBaseId":"%SRCROOT%","index":304}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/Email.java","uriBaseId":"%SRCROOT%","index":305}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java","uriBaseId":"%SRCROOT%","index":306}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java","uriBaseId":"%SRCROOT%","index":307}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java","uriBaseId":"%SRCROOT%","index":308}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/LessonTemplate.java","uriBaseId":"%SRCROOT%","index":309}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":310}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java","uriBaseId":"%SRCROOT%","index":311}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java","uriBaseId":"%SRCROOT%","index":312}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/StartupMessage.java","uriBaseId":"%SRCROOT%","index":313}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFiltering.java","uriBaseId":"%SRCROOT%","index":314}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionMitigations.java","uriBaseId":"%SRCROOT%","index":315}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java","uriBaseId":"%SRCROOT%","index":316}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java","uriBaseId":"%SRCROOT%","index":317}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java","uriBaseId":"%SRCROOT%","index":318}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java","uriBaseId":"%SRCROOT%","index":319}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java","uriBaseId":"%SRCROOT%","index":320}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java","uriBaseId":"%SRCROOT%","index":321}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java","uriBaseId":"%SRCROOT%","index":322}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/WebWolfTraceRepository.java","uriBaseId":"%SRCROOT%","index":323}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java","uriBaseId":"%SRCROOT%","index":324}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/HintService.java","uriBaseId":"%SRCROOT%","index":325}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java","uriBaseId":"%SRCROOT%","index":326}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/LessonDataSource.java","uriBaseId":"%SRCROOT%","index":327}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/Scoreboard.java","uriBaseId":"%SRCROOT%","index":328}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AccountVerificationHelper.java","uriBaseId":"%SRCROOT%","index":329}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java","uriBaseId":"%SRCROOT%","index":330}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":331}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java","uriBaseId":"%SRCROOT%","index":332}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTracker.java","uriBaseId":"%SRCROOT%","index":333}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserSession.java","uriBaseId":"%SRCROOT%","index":334}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/Course.java","uriBaseId":"%SRCROOT%","index":335}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java","uriBaseId":"%SRCROOT%","index":336}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java","uriBaseId":"%SRCROOT%","index":337}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java","uriBaseId":"%SRCROOT%","index":338}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java","uriBaseId":"%SRCROOT%","index":339}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java","uriBaseId":"%SRCROOT%","index":340}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java","uriBaseId":"%SRCROOT%","index":341}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java","uriBaseId":"%SRCROOT%","index":342}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java","uriBaseId":"%SRCROOT%","index":343}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java","uriBaseId":"%SRCROOT%","index":344}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java","uriBaseId":"%SRCROOT%","index":345}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java","uriBaseId":"%SRCROOT%","index":346}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/Email.java","uriBaseId":"%SRCROOT%","index":347}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/User.java","uriBaseId":"%SRCROOT%","index":348}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/diagnostics/successfully-extracted-files","index":1,"toolComponent":{"index":18}},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":1}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/HintService.java","uriBaseId":"%SRCROOT%","index":325}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/StartupMessage.java","uriBaseId":"%SRCROOT%","index":349}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java","uriBaseId":"%SRCROOT%","index":332}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpoint.java","uriBaseId":"%SRCROOT%","index":245}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java","uriBaseId":"%SRCROOT%","index":255}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java","uriBaseId":"%SRCROOT%","index":339}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserRepository.java","uriBaseId":"%SRCROOT%","index":279}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasics.java","uriBaseId":"%SRCROOT%","index":234}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Assignment.java","uriBaseId":"%SRCROOT%","index":269}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":350}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java","uriBaseId":"%SRCROOT%","index":157}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/CommentsEndpoint.java","uriBaseId":"%SRCROOT%","index":351}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java","uriBaseId":"%SRCROOT%","index":344}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":182}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxControllerTest.java","uriBaseId":"%SRCROOT%","index":352}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java","uriBaseId":"%SRCROOT%","index":353}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java","uriBaseId":"%SRCROOT%","index":180}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java","uriBaseId":"%SRCROOT%","index":177}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java","uriBaseId":"%SRCROOT%","index":108}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java","uriBaseId":"%SRCROOT%","index":263}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionAdvanced.java","uriBaseId":"%SRCROOT%","index":299}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":354}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":355}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java","uriBaseId":"%SRCROOT%","index":321}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/ReportCardServiceTest.java","uriBaseId":"%SRCROOT%","index":356}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java","uriBaseId":"%SRCROOT%","index":357}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java","uriBaseId":"%SRCROOT%","index":358}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java","uriBaseId":"%SRCROOT%","index":359}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java","uriBaseId":"%SRCROOT%","index":360}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswords.java","uriBaseId":"%SRCROOT%","index":361}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java","uriBaseId":"%SRCROOT%","index":362}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java","uriBaseId":"%SRCROOT%","index":337}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java","uriBaseId":"%SRCROOT%","index":363}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java","uriBaseId":"%SRCROOT%","index":364}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":365}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java","uriBaseId":"%SRCROOT%","index":195}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/HammerHead.java","uriBaseId":"%SRCROOT%","index":366}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/controller/StartLesson.java","uriBaseId":"%SRCROOT%","index":158}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java","uriBaseId":"%SRCROOT%","index":367}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java","uriBaseId":"%SRCROOT%","index":368}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/challenges/Assignment1Test.java","uriBaseId":"%SRCROOT%","index":369}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":370}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIA.java","uriBaseId":"%SRCROOT%","index":301}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2Test.java","uriBaseId":"%SRCROOT%","index":371}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/User.java","uriBaseId":"%SRCROOT%","index":277}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java","uriBaseId":"%SRCROOT%","index":174}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java","uriBaseId":"%SRCROOT%","index":206}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":52}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java","uriBaseId":"%SRCROOT%","index":236}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTController.java","uriBaseId":"%SRCROOT%","index":163}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingTest.java","uriBaseId":"%SRCROOT%","index":106}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Assignment.java","uriBaseId":"%SRCROOT%","index":372}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java","uriBaseId":"%SRCROOT%","index":219}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":373}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFixTest.java","uriBaseId":"%SRCROOT%","index":76}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsEndpoint.java","uriBaseId":"%SRCROOT%","index":223}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/IDORIntegrationTest.java","uriBaseId":"%SRCROOT%","index":62}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":374}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/HintService.java","uriBaseId":"%SRCROOT%","index":375}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flags.java","uriBaseId":"%SRCROOT%","index":221}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/.mvn/wrapper/MavenWrapperDownloader.java","uriBaseId":"%SRCROOT%","index":376}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Hint.java","uriBaseId":"%SRCROOT%","index":377}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserTracker.java","uriBaseId":"%SRCROOT%","index":378}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasics.java","uriBaseId":"%SRCROOT%","index":379}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java","uriBaseId":"%SRCROOT%","index":380}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java","uriBaseId":"%SRCROOT%","index":199}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java","uriBaseId":"%SRCROOT%","index":312}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":381}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java","uriBaseId":"%SRCROOT%","index":382}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/StartWebGoat.java","uriBaseId":"%SRCROOT%","index":383}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java","uriBaseId":"%SRCROOT%","index":84}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java","uriBaseId":"%SRCROOT%","index":384}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java","uriBaseId":"%SRCROOT%","index":275}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java","uriBaseId":"%SRCROOT%","index":385}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java","uriBaseId":"%SRCROOT%","index":386}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordReset.java","uriBaseId":"%SRCROOT%","index":196}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java","uriBaseId":"%SRCROOT%","index":154}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebWolf.java","uriBaseId":"%SRCROOT%","index":187}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java","uriBaseId":"%SRCROOT%","index":316}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/jwt/JWTController.java","uriBaseId":"%SRCROOT%","index":387}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":388}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":389}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":390}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java","uriBaseId":"%SRCROOT%","index":391}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java","uriBaseId":"%SRCROOT%","index":186}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java","uriBaseId":"%SRCROOT%","index":392}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java","uriBaseId":"%SRCROOT%","index":393}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java","uriBaseId":"%SRCROOT%","index":394}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/authbypass/BypassVerificationTest.java","uriBaseId":"%SRCROOT%","index":395}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":396}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java","uriBaseId":"%SRCROOT%","index":295}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java","uriBaseId":"%SRCROOT%","index":397}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java","uriBaseId":"%SRCROOT%","index":398}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/StartupMessage.java","uriBaseId":"%SRCROOT%","index":313}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/authbypass/BypassVerificationTest.java","uriBaseId":"%SRCROOT%","index":71}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java","uriBaseId":"%SRCROOT%","index":98}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Flags.java","uriBaseId":"%SRCROOT%","index":399}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/Review.java","uriBaseId":"%SRCROOT%","index":400}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":401}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":402}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Category.java","uriBaseId":"%SRCROOT%","index":202}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java","uriBaseId":"%SRCROOT%","index":291}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java","uriBaseId":"%SRCROOT%","index":288}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProviderTest.java","uriBaseId":"%SRCROOT%","index":403}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserValidator.java","uriBaseId":"%SRCROOT%","index":404}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java","uriBaseId":"%SRCROOT%","index":405}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java","uriBaseId":"%SRCROOT%","index":406}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadTest.java","uriBaseId":"%SRCROOT%","index":136}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":407}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java","uriBaseId":"%SRCROOT%","index":408}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/TriedQuestions.java","uriBaseId":"%SRCROOT%","index":409}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":410}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":411}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6bTest.java","uriBaseId":"%SRCROOT%","index":111}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java","uriBaseId":"%SRCROOT%","index":412}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":413}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java","uriBaseId":"%SRCROOT%","index":183}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTampering.java","uriBaseId":"%SRCROOT%","index":414}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AccountVerificationHelper.java","uriBaseId":"%SRCROOT%","index":329}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java","uriBaseId":"%SRCROOT%","index":237}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserService.java","uriBaseId":"%SRCROOT%","index":164}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionMitigations.java","uriBaseId":"%SRCROOT%","index":415}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java","uriBaseId":"%SRCROOT%","index":64}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java","uriBaseId":"%SRCROOT%","index":416}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionMitigations.java","uriBaseId":"%SRCROOT%","index":315}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java","uriBaseId":"%SRCROOT%","index":417}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java","uriBaseId":"%SRCROOT%","index":418}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":419}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java","uriBaseId":"%SRCROOT%","index":420}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java","uriBaseId":"%SRCROOT%","index":242}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLogin.java","uriBaseId":"%SRCROOT%","index":304}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":215}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java","uriBaseId":"%SRCROOT%","index":149}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/Email.java","uriBaseId":"%SRCROOT%","index":421}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/cia/CIAQuizTest.java","uriBaseId":"%SRCROOT%","index":81}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java","uriBaseId":"%SRCROOT%","index":283}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":122}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":422}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java","uriBaseId":"%SRCROOT%","index":423}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Comment.java","uriBaseId":"%SRCROOT%","index":226}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java","uriBaseId":"%SRCROOT%","index":326}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/cryptography/CryptoUtilTest.java","uriBaseId":"%SRCROOT%","index":424}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/ReportCardService.java","uriBaseId":"%SRCROOT%","index":425}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webgoatintroduction/WebGoatIntroduction.java","uriBaseId":"%SRCROOT%","index":271}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java","uriBaseId":"%SRCROOT%","index":426}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/session/LessonTrackerTest.java","uriBaseId":"%SRCROOT%","index":61}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java","uriBaseId":"%SRCROOT%","index":427}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":428}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/Email.java","uriBaseId":"%SRCROOT%","index":429}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8Test.java","uriBaseId":"%SRCROOT%","index":137}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java","uriBaseId":"%SRCROOT%","index":69}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java","uriBaseId":"%SRCROOT%","index":148}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":430}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":431}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java","uriBaseId":"%SRCROOT%","index":432}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/user/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":100}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/ParentConfig.java","uriBaseId":"%SRCROOT%","index":156}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java","uriBaseId":"%SRCROOT%","index":260}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/controller/StartLesson.java","uriBaseId":"%SRCROOT%","index":433}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java","uriBaseId":"%SRCROOT%","index":434}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequestTest.java","uriBaseId":"%SRCROOT%","index":65}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6aTest.java","uriBaseId":"%SRCROOT%","index":435}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/WebWolfTraceRepository.java","uriBaseId":"%SRCROOT%","index":323}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java","uriBaseId":"%SRCROOT%","index":436}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java","uriBaseId":"%SRCROOT%","index":437}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java","uriBaseId":"%SRCROOT%","index":311}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java","uriBaseId":"%SRCROOT%","index":438}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/WebGoatApplication.java","uriBaseId":"%SRCROOT%","index":439}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevTools.java","uriBaseId":"%SRCROOT%","index":440}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDecTest.java","uriBaseId":"%SRCROOT%","index":121}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java","uriBaseId":"%SRCROOT%","index":300}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFixTest.java","uriBaseId":"%SRCROOT%","index":441}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":92}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/XSSIntegrationTest.java","uriBaseId":"%SRCROOT%","index":442}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java","uriBaseId":"%SRCROOT%","index":443}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java","uriBaseId":"%SRCROOT%","index":261}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":53}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/Language.java","uriBaseId":"%SRCROOT%","index":444}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java","uriBaseId":"%SRCROOT%","index":445}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java","uriBaseId":"%SRCROOT%","index":446}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java","uriBaseId":"%SRCROOT%","index":266}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/Course.java","uriBaseId":"%SRCROOT%","index":335}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":447}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepository.java","uriBaseId":"%SRCROOT%","index":204}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":131}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java","uriBaseId":"%SRCROOT%","index":448}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Messages.java","uriBaseId":"%SRCROOT%","index":289}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/LessonTracker.java","uriBaseId":"%SRCROOT%","index":179}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":449}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/WebGoatApplication.java","uriBaseId":"%SRCROOT%","index":94}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5aTest.java","uriBaseId":"%SRCROOT%","index":97}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":144}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java","uriBaseId":"%SRCROOT%","index":273}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/Salaries.java","uriBaseId":"%SRCROOT%","index":450}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java","uriBaseId":"%SRCROOT%","index":317}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java","uriBaseId":"%SRCROOT%","index":451}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java","uriBaseId":"%SRCROOT%","index":336}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java","uriBaseId":"%SRCROOT%","index":338}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/WebWolfIntroduction.java","uriBaseId":"%SRCROOT%","index":258}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/deserialization/DeserializeTest.java","uriBaseId":"%SRCROOT%","index":452}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java","uriBaseId":"%SRCROOT%","index":453}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":126}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java","uriBaseId":"%SRCROOT%","index":454}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java","uriBaseId":"%SRCROOT%","index":455}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java","uriBaseId":"%SRCROOT%","index":203}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java","uriBaseId":"%SRCROOT%","index":233}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserRepository.java","uriBaseId":"%SRCROOT%","index":456}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":457}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":27}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/csrf/CSRFFeedbackTest.java","uriBaseId":"%SRCROOT%","index":83}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":211}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6aTest.java","uriBaseId":"%SRCROOT%","index":60}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/Messages.java","uriBaseId":"%SRCROOT%","index":458}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":459}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java","uriBaseId":"%SRCROOT%","index":460}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java","uriBaseId":"%SRCROOT%","index":125}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrievalTest.java","uriBaseId":"%SRCROOT%","index":461}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":462}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java","uriBaseId":"%SRCROOT%","index":463}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":82}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java","uriBaseId":"%SRCROOT%","index":464}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":465}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest2.java","uriBaseId":"%SRCROOT%","index":466}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java","uriBaseId":"%SRCROOT%","index":467}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":468}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/XXEIntegrationTest.java","uriBaseId":"%SRCROOT%","index":469}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrievalTest.java","uriBaseId":"%SRCROOT%","index":63}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java","uriBaseId":"%SRCROOT%","index":470}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/LessonDataSource.java","uriBaseId":"%SRCROOT%","index":327}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserValidatorTest.java","uriBaseId":"%SRCROOT%","index":93}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8Test.java","uriBaseId":"%SRCROOT%","index":471}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java","uriBaseId":"%SRCROOT%","index":472}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cia/CIA.java","uriBaseId":"%SRCROOT%","index":473}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5aTest.java","uriBaseId":"%SRCROOT%","index":474}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":475}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java","uriBaseId":"%SRCROOT%","index":217}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java","uriBaseId":"%SRCROOT%","index":476}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/plugins/LessonTest.java","uriBaseId":"%SRCROOT%","index":477}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Email.java","uriBaseId":"%SRCROOT%","index":478}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/UserService.java","uriBaseId":"%SRCROOT%","index":479}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java","uriBaseId":"%SRCROOT%","index":246}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/UserSessionData.java","uriBaseId":"%SRCROOT%","index":480}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java","uriBaseId":"%SRCROOT%","index":280}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTracker.java","uriBaseId":"%SRCROOT%","index":333}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":284}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpoint.java","uriBaseId":"%SRCROOT%","index":481}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java","uriBaseId":"%SRCROOT%","index":70}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/ParentConfig.java","uriBaseId":"%SRCROOT%","index":482}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java","uriBaseId":"%SRCROOT%","index":302}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":59}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":248}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java","uriBaseId":"%SRCROOT%","index":483}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":484}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java","uriBaseId":"%SRCROOT%","index":485}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java","uriBaseId":"%SRCROOT%","index":486}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java","uriBaseId":"%SRCROOT%","index":487}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/UserRepository.java","uriBaseId":"%SRCROOT%","index":488}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java","uriBaseId":"%SRCROOT%","index":272}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java","uriBaseId":"%SRCROOT%","index":290}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignmentTest.java","uriBaseId":"%SRCROOT%","index":489}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/csrf/CSRFFeedbackTest.java","uriBaseId":"%SRCROOT%","index":490}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6bTest.java","uriBaseId":"%SRCROOT%","index":491}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":492}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java","uriBaseId":"%SRCROOT%","index":493}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java","uriBaseId":"%SRCROOT%","index":262}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java","uriBaseId":"%SRCROOT%","index":494}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/user/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":495}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/LessonDataSource.java","uriBaseId":"%SRCROOT%","index":496}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java","uriBaseId":"%SRCROOT%","index":497}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9Test.java","uriBaseId":"%SRCROOT%","index":133}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest2.java","uriBaseId":"%SRCROOT%","index":91}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpointTest.java","uriBaseId":"%SRCROOT%","index":498}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java","uriBaseId":"%SRCROOT%","index":175}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java","uriBaseId":"%SRCROOT%","index":207}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java","uriBaseId":"%SRCROOT%","index":188}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationTest.java","uriBaseId":"%SRCROOT%","index":86}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java","uriBaseId":"%SRCROOT%","index":297}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java","uriBaseId":"%SRCROOT%","index":499}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/IntegrationTest.java","uriBaseId":"%SRCROOT%","index":500}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1Test.java","uriBaseId":"%SRCROOT%","index":89}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java","uriBaseId":"%SRCROOT%","index":78}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/LessonTemplate.java","uriBaseId":"%SRCROOT%","index":309}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java","uriBaseId":"%SRCROOT%","index":230}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserValidator.java","uriBaseId":"%SRCROOT%","index":264}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10Test.java","uriBaseId":"%SRCROOT%","index":501}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevToolsTest.java","uriBaseId":"%SRCROOT%","index":502}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java","uriBaseId":"%SRCROOT%","index":503}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/session/LessonTrackerTest.java","uriBaseId":"%SRCROOT%","index":504}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":113}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java","uriBaseId":"%SRCROOT%","index":505}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java","uriBaseId":"%SRCROOT%","index":506}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidationTest.java","uriBaseId":"%SRCROOT%","index":123}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java","uriBaseId":"%SRCROOT%","index":507}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java","uriBaseId":"%SRCROOT%","index":232}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/cryptography/CryptoUtilTest.java","uriBaseId":"%SRCROOT%","index":116}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":508}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpointTest.java","uriBaseId":"%SRCROOT%","index":115}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTampering.java","uriBaseId":"%SRCROOT%","index":220}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java","uriBaseId":"%SRCROOT%","index":318}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/TriedQuestions.java","uriBaseId":"%SRCROOT%","index":247}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/PathTraversal.java","uriBaseId":"%SRCROOT%","index":227}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/Email.java","uriBaseId":"%SRCROOT%","index":305}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Lesson.java","uriBaseId":"%SRCROOT%","index":509}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":102}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Hint.java","uriBaseId":"%SRCROOT%","index":224}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java","uriBaseId":"%SRCROOT%","index":162}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepository.java","uriBaseId":"%SRCROOT%","index":510}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java","uriBaseId":"%SRCROOT%","index":511}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":74}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java","uriBaseId":"%SRCROOT%","index":512}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/Requests.java","uriBaseId":"%SRCROOT%","index":181}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/Course.java","uriBaseId":"%SRCROOT%","index":513}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentTest.java","uriBaseId":"%SRCROOT%","index":129}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java","uriBaseId":"%SRCROOT%","index":90}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LabelService.java","uriBaseId":"%SRCROOT%","index":514}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java","uriBaseId":"%SRCROOT%","index":189}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Lesson.java","uriBaseId":"%SRCROOT%","index":293}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":515}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java","uriBaseId":"%SRCROOT%","index":214}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/AccountVerificationHelper.java","uriBaseId":"%SRCROOT%","index":516}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepositoryTest.java","uriBaseId":"%SRCROOT%","index":517}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java","uriBaseId":"%SRCROOT%","index":518}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/WebSession.java","uriBaseId":"%SRCROOT%","index":519}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/Salaries.java","uriBaseId":"%SRCROOT%","index":167}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordResetEmail.java","uriBaseId":"%SRCROOT%","index":520}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10Test.java","uriBaseId":"%SRCROOT%","index":109}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java","uriBaseId":"%SRCROOT%","index":521}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebGoat.java","uriBaseId":"%SRCROOT%","index":190}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java","uriBaseId":"%SRCROOT%","index":191}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java","uriBaseId":"%SRCROOT%","index":522}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java","uriBaseId":"%SRCROOT%","index":523}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":524}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictions.java","uriBaseId":"%SRCROOT%","index":239}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":525}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/session/LabelDebuggerTest.java","uriBaseId":"%SRCROOT%","index":526}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java","uriBaseId":"%SRCROOT%","index":184}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java","uriBaseId":"%SRCROOT%","index":208}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignmentTest.java","uriBaseId":"%SRCROOT%","index":104}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":527}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":528}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":529}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java","uriBaseId":"%SRCROOT%","index":530}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java","uriBaseId":"%SRCROOT%","index":193}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java","uriBaseId":"%SRCROOT%","index":322}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java","uriBaseId":"%SRCROOT%","index":345}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java","uriBaseId":"%SRCROOT%","index":147}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserValidatorTest.java","uriBaseId":"%SRCROOT%","index":531}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":532}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java","uriBaseId":"%SRCROOT%","index":240}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java","uriBaseId":"%SRCROOT%","index":178}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignmentTest.java","uriBaseId":"%SRCROOT%","index":58}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java","uriBaseId":"%SRCROOT%","index":265}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java","uriBaseId":"%SRCROOT%","index":155}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java","uriBaseId":"%SRCROOT%","index":168}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java","uriBaseId":"%SRCROOT%","index":533}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java","uriBaseId":"%SRCROOT%","index":101}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java","uriBaseId":"%SRCROOT%","index":534}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxControllerTest.java","uriBaseId":"%SRCROOT%","index":72}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":535}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/cia/CIAQuizTest.java","uriBaseId":"%SRCROOT%","index":536}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java","uriBaseId":"%SRCROOT%","index":537}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepositoryTest.java","uriBaseId":"%SRCROOT%","index":127}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java","uriBaseId":"%SRCROOT%","index":324}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java","uriBaseId":"%SRCROOT%","index":538}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java","uriBaseId":"%SRCROOT%","index":539}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java","uriBaseId":"%SRCROOT%","index":540}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java","uriBaseId":"%SRCROOT%","index":256}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java","uriBaseId":"%SRCROOT%","index":541}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java","uriBaseId":"%SRCROOT%","index":542}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java","uriBaseId":"%SRCROOT%","index":241}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":543}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java","uriBaseId":"%SRCROOT%","index":342}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/Email.java","uriBaseId":"%SRCROOT%","index":347}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":544}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java","uriBaseId":"%SRCROOT%","index":259}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java","uriBaseId":"%SRCROOT%","index":253}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":95}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpointTest.java","uriBaseId":"%SRCROOT%","index":545}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":546}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java","uriBaseId":"%SRCROOT%","index":153}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":547}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5Test.java","uriBaseId":"%SRCROOT%","index":548}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/Review.java","uriBaseId":"%SRCROOT%","index":205}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java","uriBaseId":"%SRCROOT%","index":229}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java","uriBaseId":"%SRCROOT%","index":549}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/ReportCardServiceTest.java","uriBaseId":"%SRCROOT%","index":79}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/User.java","uriBaseId":"%SRCROOT%","index":348}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java","uriBaseId":"%SRCROOT%","index":550}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java","uriBaseId":"%SRCROOT%","index":151}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":42}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":551}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":2}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingTest.java","uriBaseId":"%SRCROOT%","index":552}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/WebWolfTraceRepository.java","uriBaseId":"%SRCROOT%","index":553}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java","uriBaseId":"%SRCROOT%","index":554}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest1.java","uriBaseId":"%SRCROOT%","index":555}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpointTest.java","uriBaseId":"%SRCROOT%","index":556}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/SqlLessonTest.java","uriBaseId":"%SRCROOT%","index":99}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationTest.java","uriBaseId":"%SRCROOT%","index":557}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java","uriBaseId":"%SRCROOT%","index":558}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/UserSessionData.java","uriBaseId":"%SRCROOT%","index":218}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":559}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java","uriBaseId":"%SRCROOT%","index":560}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/SessionService.java","uriBaseId":"%SRCROOT%","index":561}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":562}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInputTest.java","uriBaseId":"%SRCROOT%","index":105}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java","uriBaseId":"%SRCROOT%","index":251}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java","uriBaseId":"%SRCROOT%","index":563}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java","uriBaseId":"%SRCROOT%","index":88}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Email.java","uriBaseId":"%SRCROOT%","index":252}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java","uriBaseId":"%SRCROOT%","index":564}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/WebWolfIntroduction.java","uriBaseId":"%SRCROOT%","index":565}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java","uriBaseId":"%SRCROOT%","index":566}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java","uriBaseId":"%SRCROOT%","index":150}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java","uriBaseId":"%SRCROOT%","index":176}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java","uriBaseId":"%SRCROOT%","index":281}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswords.java","uriBaseId":"%SRCROOT%","index":285}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/LessonProgressServiceTest.java","uriBaseId":"%SRCROOT%","index":567}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":568}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AuthBypass.java","uriBaseId":"%SRCROOT%","index":292}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java","uriBaseId":"%SRCROOT%","index":569}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java","uriBaseId":"%SRCROOT%","index":75}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java","uriBaseId":"%SRCROOT%","index":143}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/controller/Welcome.java","uriBaseId":"%SRCROOT%","index":570}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java","uriBaseId":"%SRCROOT%","index":571}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/StoredXssCommentsTest.java","uriBaseId":"%SRCROOT%","index":57}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":572}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1Test.java","uriBaseId":"%SRCROOT%","index":573}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserSession.java","uriBaseId":"%SRCROOT%","index":334}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java","uriBaseId":"%SRCROOT%","index":574}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/lessontemplate/LessonTemplate.java","uriBaseId":"%SRCROOT%","index":575}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/plugins/LessonTest.java","uriBaseId":"%SRCROOT%","index":80}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/User.java","uriBaseId":"%SRCROOT%","index":576}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":3}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/assignments/AssignmentEndpointTest.java","uriBaseId":"%SRCROOT%","index":139}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java","uriBaseId":"%SRCROOT%","index":577}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":578}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java","uriBaseId":"%SRCROOT%","index":579}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/Comment.java","uriBaseId":"%SRCROOT%","index":580}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/controller/Welcome.java","uriBaseId":"%SRCROOT%","index":225}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/SessionService.java","uriBaseId":"%SRCROOT%","index":172}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInputTest.java","uriBaseId":"%SRCROOT%","index":581}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpointTest.java","uriBaseId":"%SRCROOT%","index":120}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/challenges/Assignment1Test.java","uriBaseId":"%SRCROOT%","index":132}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevToolsTest.java","uriBaseId":"%SRCROOT%","index":107}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserSession.java","uriBaseId":"%SRCROOT%","index":582}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/HintServiceTest.java","uriBaseId":"%SRCROOT%","index":145}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java","uriBaseId":"%SRCROOT%","index":583}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java","uriBaseId":"%SRCROOT%","index":584}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProviderTest.java","uriBaseId":"%SRCROOT%","index":67}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/server/StartWebGoat.java","uriBaseId":"%SRCROOT%","index":286}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDecTest.java","uriBaseId":"%SRCROOT%","index":585}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/AuthBypass.java","uriBaseId":"%SRCROOT%","index":586}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Language.java","uriBaseId":"%SRCROOT%","index":152}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionAdvanced.java","uriBaseId":"%SRCROOT%","index":587}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserRepository.java","uriBaseId":"%SRCROOT%","index":159}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjection.java","uriBaseId":"%SRCROOT%","index":588}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java","uriBaseId":"%SRCROOT%","index":343}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java","uriBaseId":"%SRCROOT%","index":66}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignmentTest.java","uriBaseId":"%SRCROOT%","index":589}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpProxies.java","uriBaseId":"%SRCROOT%","index":590}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/PathTraversal.java","uriBaseId":"%SRCROOT%","index":591}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java","uriBaseId":"%SRCROOT%","index":592}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":593}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java","uriBaseId":"%SRCROOT%","index":594}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java","uriBaseId":"%SRCROOT%","index":595}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadTest.java","uriBaseId":"%SRCROOT%","index":596}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java","uriBaseId":"%SRCROOT%","index":597}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java","uriBaseId":"%SRCROOT%","index":598}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":599}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Ping.java","uriBaseId":"%SRCROOT%","index":173}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":600}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":601}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":51}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFiltering.java","uriBaseId":"%SRCROOT%","index":314}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java","uriBaseId":"%SRCROOT%","index":602}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java","uriBaseId":"%SRCROOT%","index":296}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/HammerHead.java","uriBaseId":"%SRCROOT%","index":192}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/Requests.java","uriBaseId":"%SRCROOT%","index":603}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java","uriBaseId":"%SRCROOT%","index":117}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java","uriBaseId":"%SRCROOT%","index":604}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjection.java","uriBaseId":"%SRCROOT%","index":160}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java","uriBaseId":"%SRCROOT%","index":605}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java","uriBaseId":"%SRCROOT%","index":606}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/SimpleXXETest.java","uriBaseId":"%SRCROOT%","index":607}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":608}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java","uriBaseId":"%SRCROOT%","index":609}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java","uriBaseId":"%SRCROOT%","index":56}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":114}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java","uriBaseId":"%SRCROOT%","index":610}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/IDORIntegrationTest.java","uriBaseId":"%SRCROOT%","index":611}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/HintServiceTest.java","uriBaseId":"%SRCROOT%","index":612}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java","uriBaseId":"%SRCROOT%","index":613}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/session/LabelDebuggerTest.java","uriBaseId":"%SRCROOT%","index":119}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java","uriBaseId":"%SRCROOT%","index":614}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java","uriBaseId":"%SRCROOT%","index":298}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonProgressServiceTest.java","uriBaseId":"%SRCROOT%","index":110}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":615}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpointTest.java","uriBaseId":"%SRCROOT%","index":616}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java","uriBaseId":"%SRCROOT%","index":617}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java","uriBaseId":"%SRCROOT%","index":618}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java","uriBaseId":"%SRCROOT%","index":103}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java","uriBaseId":"%SRCROOT%","index":619}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Category.java","uriBaseId":"%SRCROOT%","index":620}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java","uriBaseId":"%SRCROOT%","index":294}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java","uriBaseId":"%SRCROOT%","index":621}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java","uriBaseId":"%SRCROOT%","index":622}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java","uriBaseId":"%SRCROOT%","index":623}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java","uriBaseId":"%SRCROOT%","index":270}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":41}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/assignments/AssignmentEndpointTest.java","uriBaseId":"%SRCROOT%","index":624}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":625}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/IntegrationTest.java","uriBaseId":"%SRCROOT%","index":141}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java","uriBaseId":"%SRCROOT%","index":197}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java","uriBaseId":"%SRCROOT%","index":626}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java","uriBaseId":"%SRCROOT%","index":282}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java","uriBaseId":"%SRCROOT%","index":627}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13Test.java","uriBaseId":"%SRCROOT%","index":68}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java","uriBaseId":"%SRCROOT%","index":628}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java","uriBaseId":"%SRCROOT%","index":303}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java","uriBaseId":"%SRCROOT%","index":274}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java","uriBaseId":"%SRCROOT%","index":320}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java","uriBaseId":"%SRCROOT%","index":629}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFiltering.java","uriBaseId":"%SRCROOT%","index":630}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/Comment.java","uriBaseId":"%SRCROOT%","index":631}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpProxies.java","uriBaseId":"%SRCROOT%","index":222}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequestTest.java","uriBaseId":"%SRCROOT%","index":632}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/WebSession.java","uriBaseId":"%SRCROOT%","index":146}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserRepositoryTest.java","uriBaseId":"%SRCROOT%","index":128}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java","uriBaseId":"%SRCROOT%","index":268}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java","uriBaseId":"%SRCROOT%","index":633}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java","uriBaseId":"%SRCROOT%","index":307}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java","uriBaseId":"%SRCROOT%","index":308}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java","uriBaseId":"%SRCROOT%","index":634}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":635}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java","uriBaseId":"%SRCROOT%","index":213}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java","uriBaseId":"%SRCROOT%","index":636}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/XXEIntegrationTest.java","uriBaseId":"%SRCROOT%","index":142}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":637}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/Ping.java","uriBaseId":"%SRCROOT%","index":638}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java","uriBaseId":"%SRCROOT%","index":639}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java","uriBaseId":"%SRCROOT%","index":198}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java","uriBaseId":"%SRCROOT%","index":640}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java","uriBaseId":"%SRCROOT%","index":238}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java","uriBaseId":"%SRCROOT%","index":641}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/LessonTracker.java","uriBaseId":"%SRCROOT%","index":642}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":50}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":331}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java","uriBaseId":"%SRCROOT%","index":643}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":644}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/deserialization/DeserializeTest.java","uriBaseId":"%SRCROOT%","index":130}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java","uriBaseId":"%SRCROOT%","index":200}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":645}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java","uriBaseId":"%SRCROOT%","index":170}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/User.java","uriBaseId":"%SRCROOT%","index":646}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java","uriBaseId":"%SRCROOT%","index":647}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java","uriBaseId":"%SRCROOT%","index":124}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":648}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java","uriBaseId":"%SRCROOT%","index":649}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpointTest.java","uriBaseId":"%SRCROOT%","index":118}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordReset.java","uriBaseId":"%SRCROOT%","index":650}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java","uriBaseId":"%SRCROOT%","index":651}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5Test.java","uriBaseId":"%SRCROOT%","index":87}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":243}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignmentTest.java","uriBaseId":"%SRCROOT%","index":96}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java","uriBaseId":"%SRCROOT%","index":652}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java","uriBaseId":"%SRCROOT%","index":135}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java","uriBaseId":"%SRCROOT%","index":287}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordResetEmail.java","uriBaseId":"%SRCROOT%","index":161}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/StoredXssCommentsTest.java","uriBaseId":"%SRCROOT%","index":653}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java","uriBaseId":"%SRCROOT%","index":654}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java","uriBaseId":"%SRCROOT%","index":267}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java","uriBaseId":"%SRCROOT%","index":655}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java","uriBaseId":"%SRCROOT%","index":73}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java","uriBaseId":"%SRCROOT%","index":254}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":166}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java","uriBaseId":"%SRCROOT%","index":346}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2Test.java","uriBaseId":"%SRCROOT%","index":112}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":656}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java","uriBaseId":"%SRCROOT%","index":210}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java","uriBaseId":"%SRCROOT%","index":657}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java","uriBaseId":"%SRCROOT%","index":658}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/Comment.java","uriBaseId":"%SRCROOT%","index":257}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java","uriBaseId":"%SRCROOT%","index":659}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java","uriBaseId":"%SRCROOT%","index":306}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java","uriBaseId":"%SRCROOT%","index":660}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/resetlink/PasswordChangeForm.java","uriBaseId":"%SRCROOT%","index":169}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java","uriBaseId":"%SRCROOT%","index":661}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/WebWolf.java","uriBaseId":"%SRCROOT%","index":662}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java","uriBaseId":"%SRCROOT%","index":663}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/SqlLessonTest.java","uriBaseId":"%SRCROOT%","index":664}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/resetlink/PasswordChangeForm.java","uriBaseId":"%SRCROOT%","index":665}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java","uriBaseId":"%SRCROOT%","index":319}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":666}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java","uriBaseId":"%SRCROOT%","index":667}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java","uriBaseId":"%SRCROOT%","index":54}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webgoatintroduction/WebGoatIntroduction.java","uriBaseId":"%SRCROOT%","index":668}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":669}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java","uriBaseId":"%SRCROOT%","index":228}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java","uriBaseId":"%SRCROOT%","index":670}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java","uriBaseId":"%SRCROOT%","index":185}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebGoat.java","uriBaseId":"%SRCROOT%","index":671}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserRepositoryTest.java","uriBaseId":"%SRCROOT%","index":672}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java","uriBaseId":"%SRCROOT%","index":171}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/ReportCardService.java","uriBaseId":"%SRCROOT%","index":244}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java","uriBaseId":"%SRCROOT%","index":341}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":673}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":674}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9Test.java","uriBaseId":"%SRCROOT%","index":675}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidationTest.java","uriBaseId":"%SRCROOT%","index":676}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":310}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java","uriBaseId":"%SRCROOT%","index":330}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java","uriBaseId":"%SRCROOT%","index":677}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLogin.java","uriBaseId":"%SRCROOT%","index":678}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/Scoreboard.java","uriBaseId":"%SRCROOT%","index":679}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java","uriBaseId":"%SRCROOT%","index":680}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java","uriBaseId":"%SRCROOT%","index":681}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignmentTest.java","uriBaseId":"%SRCROOT%","index":682}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java","uriBaseId":"%SRCROOT%","index":683}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java","uriBaseId":"%SRCROOT%","index":276}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java","uriBaseId":"%SRCROOT%","index":201}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java","uriBaseId":"%SRCROOT%","index":684}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java","uriBaseId":"%SRCROOT%","index":209}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":".mvn/wrapper/MavenWrapperDownloader.java","uriBaseId":"%SRCROOT%","index":685}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java","uriBaseId":"%SRCROOT%","index":249}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":686}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java","uriBaseId":"%SRCROOT%","index":340}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":687}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13Test.java","uriBaseId":"%SRCROOT%","index":688}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java","uriBaseId":"%SRCROOT%","index":689}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java","uriBaseId":"%SRCROOT%","index":690}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java","uriBaseId":"%SRCROOT%","index":278}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelService.java","uriBaseId":"%SRCROOT%","index":194}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":691}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":692}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java","uriBaseId":"%SRCROOT%","index":693}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java","uriBaseId":"%SRCROOT%","index":212}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpointTest.java","uriBaseId":"%SRCROOT%","index":138}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/Scoreboard.java","uriBaseId":"%SRCROOT%","index":328}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java","uriBaseId":"%SRCROOT%","index":231}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentTest.java","uriBaseId":"%SRCROOT%","index":694}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":46}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest1.java","uriBaseId":"%SRCROOT%","index":134}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/XSSIntegrationTest.java","uriBaseId":"%SRCROOT%","index":77}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java","uriBaseId":"%SRCROOT%","index":250}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":695}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java","uriBaseId":"%SRCROOT%","index":140}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java","uriBaseId":"%SRCROOT%","index":216}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java","uriBaseId":"%SRCROOT%","index":696}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevTools.java","uriBaseId":"%SRCROOT%","index":165}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/SimpleXXETest.java","uriBaseId":"%SRCROOT%","index":55}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java","uriBaseId":"%SRCROOT%","index":85}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictions.java","uriBaseId":"%SRCROOT%","index":697}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java","uriBaseId":"%SRCROOT%","index":698}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java","uriBaseId":"%SRCROOT%","index":235}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":699}}}],"message":{"text":""},"level":"none","descriptor":{"id":"java/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/scoreboardApp.js","uriBaseId":"%SRCROOT%","index":700}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/assignment3.js","uriBaseId":"%SRCROOT%","index":701}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/csrf/js/csrf-review.js","uriBaseId":"%SRCROOT%","index":702}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/xxe/js/xxe.js","uriBaseId":"%SRCROOT%","index":703}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/jwt/js/jwt-buy.js","uriBaseId":"%SRCROOT%","index":704}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/challenges/js/challenge8.js","uriBaseId":"%SRCROOT%","index":705}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/mode-java.js","uriBaseId":"%SRCROOT%","index":706}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/assignment10b.js","uriBaseId":"%SRCROOT%","index":707}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/TitleView.js","uriBaseId":"%SRCROOT%","index":708}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/idor/js/idor.js","uriBaseId":"%SRCROOT%","index":709}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery_form/jquery.form.js","uriBaseId":"%SRCROOT%","index":710}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/pathtraversal/js/path_traversal.js","uriBaseId":"%SRCROOT%","index":711}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/controller/MenuController.js","uriBaseId":"%SRCROOT%","index":712}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ErrorNotificationView.js","uriBaseId":"%SRCROOT%","index":713}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuButtonView.js","uriBaseId":"%SRCROOT%","index":714}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuData.js","uriBaseId":"%SRCROOT%","index":715}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js","uriBaseId":"%SRCROOT%","index":716}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-slider/js/bootstrap-slider.js","uriBaseId":"%SRCROOT%","index":717}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/UserAndInfoView.js","uriBaseId":"%SRCROOT%","index":718}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/text.js","uriBaseId":"%SRCROOT%","index":719}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuModel.js","uriBaseId":"%SRCROOT%","index":720}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-base.js","uriBaseId":"%SRCROOT%","index":721}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js","uriBaseId":"%SRCROOT%","index":722}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/jwt/js/jwt-refresh.js","uriBaseId":"%SRCROOT%","index":723}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-ui-1.10.4.js","uriBaseId":"%SRCROOT%","index":724}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/challenge.js","uriBaseId":"%SRCROOT%","index":725}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/theme-monokai.js","uriBaseId":"%SRCROOT%","index":726}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/AssignmentStatusModel.js","uriBaseId":"%SRCROOT%","index":727}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonOverviewCollection.js","uriBaseId":"%SRCROOT%","index":728}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HTMLContentModel.js","uriBaseId":"%SRCROOT%","index":729}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/ssrf/js/credentials.js","uriBaseId":"%SRCROOT%","index":730}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/clientsidefiltering/js/clientSideFilteringFree.js","uriBaseId":"%SRCROOT%","index":731}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/authbypass/js/bypass.js","uriBaseId":"%SRCROOT%","index":732}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuCollection.js","uriBaseId":"%SRCROOT%","index":733}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js","uriBaseId":"%SRCROOT%","index":734}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonInfoModel.js","uriBaseId":"%SRCROOT%","index":735}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/idor/js/idor.js","uriBaseId":"%SRCROOT%","index":736}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/TitleView.js","uriBaseId":"%SRCROOT%","index":737}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/PaginationControlView.js","uriBaseId":"%SRCROOT%","index":738}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonContentModel.js","uriBaseId":"%SRCROOT%","index":739}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HintModel.js","uriBaseId":"%SRCROOT%","index":740}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/jwt/js/jwt-voting.js","uriBaseId":"%SRCROOT%","index":741}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/goatApp.js","uriBaseId":"%SRCROOT%","index":742}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuModel.js","uriBaseId":"%SRCROOT%","index":743}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/FlagModel.js","uriBaseId":"%SRCROOT%","index":744}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/PaginationControlView.js","uriBaseId":"%SRCROOT%","index":745}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/jwt.js","uriBaseId":"%SRCROOT%","index":746}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webwolf/static/js/jwt.js","uriBaseId":"%SRCROOT%","index":747}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/csrf/js/csrf-review.js","uriBaseId":"%SRCROOT%","index":748}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/csrf/js/feedback.js","uriBaseId":"%SRCROOT%","index":749}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/quiz.js","uriBaseId":"%SRCROOT%","index":750}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/search.js","uriBaseId":"%SRCROOT%","index":751}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/jquery_form/jquery.form.js","uriBaseId":"%SRCROOT%","index":752}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-final.js","uriBaseId":"%SRCROOT%","index":753}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/challenges/js/challenge6.js","uriBaseId":"%SRCROOT%","index":754}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/underscore-min.js","uriBaseId":"%SRCROOT%","index":755}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/xss/js/assignment4.js","uriBaseId":"%SRCROOT%","index":756}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/sqlinjection/js/assignment10b.js","uriBaseId":"%SRCROOT%","index":757}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-refresh.js","uriBaseId":"%SRCROOT%","index":758}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/nanoScroller/jquery.nanoscroller.min.js","uriBaseId":"%SRCROOT%","index":759}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LabelDebugModel.js","uriBaseId":"%SRCROOT%","index":760}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuView.js","uriBaseId":"%SRCROOT%","index":761}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/pathtraversal/js/path_traversal.js","uriBaseId":"%SRCROOT%","index":762}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/GoatRouter.js","uriBaseId":"%SRCROOT%","index":763}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/insecurelogin/js/credentials.js","uriBaseId":"%SRCROOT%","index":764}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuData.js","uriBaseId":"%SRCROOT%","index":765}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ScoreboardView.js","uriBaseId":"%SRCROOT%","index":766}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webwolf/static/js/mail.js","uriBaseId":"%SRCROOT%","index":767}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-weak-keys.js","uriBaseId":"%SRCROOT%","index":768}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-ui.min.js","uriBaseId":"%SRCROOT%","index":769}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/controller/LessonController.js","uriBaseId":"%SRCROOT%","index":770}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/passwordreset/js/password-reset-simple.js","uriBaseId":"%SRCROOT%","index":771}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/controller/MenuController.js","uriBaseId":"%SRCROOT%","index":772}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonInfoModel.js","uriBaseId":"%SRCROOT%","index":773}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HTMLContentModel.js","uriBaseId":"%SRCROOT%","index":774}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/clientsidefiltering/js/clientSideFilteringFree.js","uriBaseId":"%SRCROOT%","index":775}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/CustomGoat.js","uriBaseId":"%SRCROOT%","index":776}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/toggle.js","uriBaseId":"%SRCROOT%","index":777}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/theme-monokai.js","uriBaseId":"%SRCROOT%","index":778}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/ssrf/js/credentials.js","uriBaseId":"%SRCROOT%","index":779}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webwolf/static/js/fileUpload.js","uriBaseId":"%SRCROOT%","index":780}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery.min.js","uriBaseId":"%SRCROOT%","index":781}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/GoatRouter.js","uriBaseId":"%SRCROOT%","index":782}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/goatConstants.js","uriBaseId":"%SRCROOT%","index":783}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-ui.min.js","uriBaseId":"%SRCROOT%","index":784}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/plugins/nanoScroller/jquery.nanoscroller.min.js","uriBaseId":"%SRCROOT%","index":785}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/goatAsyncErrorHandler.js","uriBaseId":"%SRCROOT%","index":786}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js","uriBaseId":"%SRCROOT%","index":787}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/polyglot.min.js","uriBaseId":"%SRCROOT%","index":788}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js","uriBaseId":"%SRCROOT%","index":789}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/ReportCardModel.js","uriBaseId":"%SRCROOT%","index":790}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/FlagsCollection.js","uriBaseId":"%SRCROOT%","index":791}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/ace.js","uriBaseId":"%SRCROOT%","index":792}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":793}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/insecurelogin/js/credentials.js","uriBaseId":"%SRCROOT%","index":794}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-buy.js","uriBaseId":"%SRCROOT%","index":795}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/goatApp.js","uriBaseId":"%SRCROOT%","index":796}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/AssignmentStatusModel.js","uriBaseId":"%SRCROOT%","index":797}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery.form.js","uriBaseId":"%SRCROOT%","index":798}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/ace.js","uriBaseId":"%SRCROOT%","index":799}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/backbone-min.js","uriBaseId":"%SRCROOT%","index":800}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuView.js","uriBaseId":"%SRCROOT%","index":801}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/LessonContentView.js","uriBaseId":"%SRCROOT%","index":802}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/authbypass/js/bypass.js","uriBaseId":"%SRCROOT%","index":803}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HintCollection.js","uriBaseId":"%SRCROOT%","index":804}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/sqlinjection/js/assignment13.js","uriBaseId":"%SRCROOT%","index":805}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/csrf/js/feedback.js","uriBaseId":"%SRCROOT%","index":806}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/application.js","uriBaseId":"%SRCROOT%","index":807}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/main.js","uriBaseId":"%SRCROOT%","index":808}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuCollection.js","uriBaseId":"%SRCROOT%","index":809}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js","uriBaseId":"%SRCROOT%","index":810}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js","uriBaseId":"%SRCROOT%","index":811}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js","uriBaseId":"%SRCROOT%","index":812}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/polyglot.min.js","uriBaseId":"%SRCROOT%","index":813}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/jwt/js/jwt-final.js","uriBaseId":"%SRCROOT%","index":814}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/HelpControlsView.js","uriBaseId":"%SRCROOT%","index":815}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/lessontemplate/js/idor.js","uriBaseId":"%SRCROOT%","index":816}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/require.min.js","uriBaseId":"%SRCROOT%","index":817}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HintModel.js","uriBaseId":"%SRCROOT%","index":818}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/ReportCardModel.js","uriBaseId":"%SRCROOT%","index":819}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/assignment4.js","uriBaseId":"%SRCROOT%","index":820}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/challenge8.js","uriBaseId":"%SRCROOT%","index":821}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/spoofcookie/js/handler.js","uriBaseId":"%SRCROOT%","index":822}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuItemView.js","uriBaseId":"%SRCROOT%","index":823}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/underscore-min.js","uriBaseId":"%SRCROOT%","index":824}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/search.js","uriBaseId":"%SRCROOT%","index":825}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonContentModel.js","uriBaseId":"%SRCROOT%","index":826}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/HintView.js","uriBaseId":"%SRCROOT%","index":827}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuItemView.js","uriBaseId":"%SRCROOT%","index":828}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-vuln.js","uriBaseId":"%SRCROOT%","index":829}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ScoreboardView.js","uriBaseId":"%SRCROOT%","index":830}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/assignment13.js","uriBaseId":"%SRCROOT%","index":831}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/lessontemplate/js/idor.js","uriBaseId":"%SRCROOT%","index":832}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/HelpControlsView.js","uriBaseId":"%SRCROOT%","index":833}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-slider/js/bootstrap-slider.js","uriBaseId":"%SRCROOT%","index":834}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/xss/js/stored-xss.js","uriBaseId":"%SRCROOT%","index":835}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/UserAndInfoView.js","uriBaseId":"%SRCROOT%","index":836}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery.min.js","uriBaseId":"%SRCROOT%","index":837}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":838}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js","uriBaseId":"%SRCROOT%","index":839}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/text.js","uriBaseId":"%SRCROOT%","index":840}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/backbone-min.js","uriBaseId":"%SRCROOT%","index":841}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/toggle.js","uriBaseId":"%SRCROOT%","index":842}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/fileUpload.js","uriBaseId":"%SRCROOT%","index":843}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-base.js","uriBaseId":"%SRCROOT%","index":844}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js","uriBaseId":"%SRCROOT%","index":845}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/jwt/js/jwt-weak-keys.js","uriBaseId":"%SRCROOT%","index":846}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HintCollection.js","uriBaseId":"%SRCROOT%","index":847}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js","uriBaseId":"%SRCROOT%","index":848}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/goatConstants.js","uriBaseId":"%SRCROOT%","index":849}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-voting.js","uriBaseId":"%SRCROOT%","index":850}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js","uriBaseId":"%SRCROOT%","index":851}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ReportCardView.js","uriBaseId":"%SRCROOT%","index":852}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LabelDebugModel.js","uriBaseId":"%SRCROOT%","index":853}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/challenges/js/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":854}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/scoreboardApp.js","uriBaseId":"%SRCROOT%","index":855}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/controller/LessonController.js","uriBaseId":"%SRCROOT%","index":856}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/sqlinjection/js/challenge.js","uriBaseId":"%SRCROOT%","index":857}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js","uriBaseId":"%SRCROOT%","index":858}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/FlagsCollection.js","uriBaseId":"%SRCROOT%","index":859}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonOverviewCollection.js","uriBaseId":"%SRCROOT%","index":860}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/xxe/js/xxe.js","uriBaseId":"%SRCROOT%","index":861}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/FlagModel.js","uriBaseId":"%SRCROOT%","index":862}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/passwordreset/js/password-reset-simple.js","uriBaseId":"%SRCROOT%","index":863}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ReportCardView.js","uriBaseId":"%SRCROOT%","index":864}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/scoreboard.js","uriBaseId":"%SRCROOT%","index":865}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":866}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js","uriBaseId":"%SRCROOT%","index":867}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/CustomGoat.js","uriBaseId":"%SRCROOT%","index":868}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/scoreboard.js","uriBaseId":"%SRCROOT%","index":869}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/modernizr.min.js","uriBaseId":"%SRCROOT%","index":870}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/mode-java.js","uriBaseId":"%SRCROOT%","index":871}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ErrorNotificationView.js","uriBaseId":"%SRCROOT%","index":872}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/HintView.js","uriBaseId":"%SRCROOT%","index":873}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/stored-xss.js","uriBaseId":"%SRCROOT%","index":874}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/challenge6.js","uriBaseId":"%SRCROOT%","index":875}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/spoofcookie/js/handler.js","uriBaseId":"%SRCROOT%","index":876}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/main.js","uriBaseId":"%SRCROOT%","index":877}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/application.js","uriBaseId":"%SRCROOT%","index":878}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuButtonView.js","uriBaseId":"%SRCROOT%","index":879}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/lessons/xss/js/assignment3.js","uriBaseId":"%SRCROOT%","index":880}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/mail.js","uriBaseId":"%SRCROOT%","index":881}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/LessonContentView.js","uriBaseId":"%SRCROOT%","index":882}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/require.min.js","uriBaseId":"%SRCROOT%","index":883}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-vuln.js","uriBaseId":"%SRCROOT%","index":884}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/quiz.js","uriBaseId":"%SRCROOT%","index":885}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-ui-1.10.4.js","uriBaseId":"%SRCROOT%","index":886}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/goatAsyncErrorHandler.js","uriBaseId":"%SRCROOT%","index":887}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery.form.js","uriBaseId":"%SRCROOT%","index":888}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/resources/webgoat/static/js/modernizr.min.js","uriBaseId":"%SRCROOT%","index":889}}}],"message":{"text":""},"level":"none","descriptor":{"id":"js/baseline/expected-extracted-files","index":1},"properties":{"formattedMessage":{"text":""},"relatedLocations":[]}}],"executionSuccessful":true}],"artifacts":[{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":1}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":2}},{"location":{"uri":"src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":3}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":27}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":41}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":42}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":46}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":50}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":51}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":52}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":53}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java","uriBaseId":"%SRCROOT%","index":54}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/SimpleXXETest.java","uriBaseId":"%SRCROOT%","index":55}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java","uriBaseId":"%SRCROOT%","index":56}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/StoredXssCommentsTest.java","uriBaseId":"%SRCROOT%","index":57}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignmentTest.java","uriBaseId":"%SRCROOT%","index":58}},{"location":{"uri":"src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":59}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6aTest.java","uriBaseId":"%SRCROOT%","index":60}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/session/LessonTrackerTest.java","uriBaseId":"%SRCROOT%","index":61}},{"location":{"uri":"src/it/java/org/owasp/webgoat/IDORIntegrationTest.java","uriBaseId":"%SRCROOT%","index":62}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrievalTest.java","uriBaseId":"%SRCROOT%","index":63}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java","uriBaseId":"%SRCROOT%","index":64}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequestTest.java","uriBaseId":"%SRCROOT%","index":65}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java","uriBaseId":"%SRCROOT%","index":66}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProviderTest.java","uriBaseId":"%SRCROOT%","index":67}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13Test.java","uriBaseId":"%SRCROOT%","index":68}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java","uriBaseId":"%SRCROOT%","index":69}},{"location":{"uri":"src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java","uriBaseId":"%SRCROOT%","index":70}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/authbypass/BypassVerificationTest.java","uriBaseId":"%SRCROOT%","index":71}},{"location":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxControllerTest.java","uriBaseId":"%SRCROOT%","index":72}},{"location":{"uri":"src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java","uriBaseId":"%SRCROOT%","index":73}},{"location":{"uri":"src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":74}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java","uriBaseId":"%SRCROOT%","index":75}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFixTest.java","uriBaseId":"%SRCROOT%","index":76}},{"location":{"uri":"src/it/java/org/owasp/webgoat/XSSIntegrationTest.java","uriBaseId":"%SRCROOT%","index":77}},{"location":{"uri":"src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java","uriBaseId":"%SRCROOT%","index":78}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/service/ReportCardServiceTest.java","uriBaseId":"%SRCROOT%","index":79}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/plugins/LessonTest.java","uriBaseId":"%SRCROOT%","index":80}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/cia/CIAQuizTest.java","uriBaseId":"%SRCROOT%","index":81}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":82}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/csrf/CSRFFeedbackTest.java","uriBaseId":"%SRCROOT%","index":83}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java","uriBaseId":"%SRCROOT%","index":84}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java","uriBaseId":"%SRCROOT%","index":85}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationTest.java","uriBaseId":"%SRCROOT%","index":86}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5Test.java","uriBaseId":"%SRCROOT%","index":87}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java","uriBaseId":"%SRCROOT%","index":88}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1Test.java","uriBaseId":"%SRCROOT%","index":89}},{"location":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java","uriBaseId":"%SRCROOT%","index":90}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest2.java","uriBaseId":"%SRCROOT%","index":91}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":92}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserValidatorTest.java","uriBaseId":"%SRCROOT%","index":93}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/WebGoatApplication.java","uriBaseId":"%SRCROOT%","index":94}},{"location":{"uri":"src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":95}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignmentTest.java","uriBaseId":"%SRCROOT%","index":96}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5aTest.java","uriBaseId":"%SRCROOT%","index":97}},{"location":{"uri":"src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java","uriBaseId":"%SRCROOT%","index":98}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/SqlLessonTest.java","uriBaseId":"%SRCROOT%","index":99}},{"location":{"uri":"src/test/java/org/owasp/webgoat/webwolf/user/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":100}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java","uriBaseId":"%SRCROOT%","index":101}},{"location":{"uri":"src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":102}},{"location":{"uri":"src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java","uriBaseId":"%SRCROOT%","index":103}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignmentTest.java","uriBaseId":"%SRCROOT%","index":104}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInputTest.java","uriBaseId":"%SRCROOT%","index":105}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingTest.java","uriBaseId":"%SRCROOT%","index":106}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevToolsTest.java","uriBaseId":"%SRCROOT%","index":107}},{"location":{"uri":"src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java","uriBaseId":"%SRCROOT%","index":108}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10Test.java","uriBaseId":"%SRCROOT%","index":109}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/service/LessonProgressServiceTest.java","uriBaseId":"%SRCROOT%","index":110}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6bTest.java","uriBaseId":"%SRCROOT%","index":111}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2Test.java","uriBaseId":"%SRCROOT%","index":112}},{"location":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":113}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":114}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpointTest.java","uriBaseId":"%SRCROOT%","index":115}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/cryptography/CryptoUtilTest.java","uriBaseId":"%SRCROOT%","index":116}},{"location":{"uri":"src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java","uriBaseId":"%SRCROOT%","index":117}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpointTest.java","uriBaseId":"%SRCROOT%","index":118}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/session/LabelDebuggerTest.java","uriBaseId":"%SRCROOT%","index":119}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpointTest.java","uriBaseId":"%SRCROOT%","index":120}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDecTest.java","uriBaseId":"%SRCROOT%","index":121}},{"location":{"uri":"src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":122}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidationTest.java","uriBaseId":"%SRCROOT%","index":123}},{"location":{"uri":"src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java","uriBaseId":"%SRCROOT%","index":124}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java","uriBaseId":"%SRCROOT%","index":125}},{"location":{"uri":"src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":126}},{"location":{"uri":"src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepositoryTest.java","uriBaseId":"%SRCROOT%","index":127}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserRepositoryTest.java","uriBaseId":"%SRCROOT%","index":128}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentTest.java","uriBaseId":"%SRCROOT%","index":129}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/deserialization/DeserializeTest.java","uriBaseId":"%SRCROOT%","index":130}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/users/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":131}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/challenges/Assignment1Test.java","uriBaseId":"%SRCROOT%","index":132}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9Test.java","uriBaseId":"%SRCROOT%","index":133}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest1.java","uriBaseId":"%SRCROOT%","index":134}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java","uriBaseId":"%SRCROOT%","index":135}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadTest.java","uriBaseId":"%SRCROOT%","index":136}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8Test.java","uriBaseId":"%SRCROOT%","index":137}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpointTest.java","uriBaseId":"%SRCROOT%","index":138}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/assignments/AssignmentEndpointTest.java","uriBaseId":"%SRCROOT%","index":139}},{"location":{"uri":"src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java","uriBaseId":"%SRCROOT%","index":140}},{"location":{"uri":"src/it/java/org/owasp/webgoat/IntegrationTest.java","uriBaseId":"%SRCROOT%","index":141}},{"location":{"uri":"src/it/java/org/owasp/webgoat/XXEIntegrationTest.java","uriBaseId":"%SRCROOT%","index":142}},{"location":{"uri":"src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java","uriBaseId":"%SRCROOT%","index":143}},{"location":{"uri":"src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":144}},{"location":{"uri":"src/test/java/org/owasp/webgoat/container/service/HintServiceTest.java","uriBaseId":"%SRCROOT%","index":145}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/session/WebSession.java","uriBaseId":"%SRCROOT%","index":146}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java","uriBaseId":"%SRCROOT%","index":147}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java","uriBaseId":"%SRCROOT%","index":148}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java","uriBaseId":"%SRCROOT%","index":149}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java","uriBaseId":"%SRCROOT%","index":150}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java","uriBaseId":"%SRCROOT%","index":151}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Language.java","uriBaseId":"%SRCROOT%","index":152}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java","uriBaseId":"%SRCROOT%","index":153}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java","uriBaseId":"%SRCROOT%","index":154}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java","uriBaseId":"%SRCROOT%","index":155}},{"location":{"uri":"src/main/java/org/owasp/webgoat/server/ParentConfig.java","uriBaseId":"%SRCROOT%","index":156}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java","uriBaseId":"%SRCROOT%","index":157}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/controller/StartLesson.java","uriBaseId":"%SRCROOT%","index":158}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserRepository.java","uriBaseId":"%SRCROOT%","index":159}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjection.java","uriBaseId":"%SRCROOT%","index":160}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordResetEmail.java","uriBaseId":"%SRCROOT%","index":161}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java","uriBaseId":"%SRCROOT%","index":162}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTController.java","uriBaseId":"%SRCROOT%","index":163}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserService.java","uriBaseId":"%SRCROOT%","index":164}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevTools.java","uriBaseId":"%SRCROOT%","index":165}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":166}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/Salaries.java","uriBaseId":"%SRCROOT%","index":167}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java","uriBaseId":"%SRCROOT%","index":168}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/resetlink/PasswordChangeForm.java","uriBaseId":"%SRCROOT%","index":169}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java","uriBaseId":"%SRCROOT%","index":170}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java","uriBaseId":"%SRCROOT%","index":171}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/SessionService.java","uriBaseId":"%SRCROOT%","index":172}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Ping.java","uriBaseId":"%SRCROOT%","index":173}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java","uriBaseId":"%SRCROOT%","index":174}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java","uriBaseId":"%SRCROOT%","index":175}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java","uriBaseId":"%SRCROOT%","index":176}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java","uriBaseId":"%SRCROOT%","index":177}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java","uriBaseId":"%SRCROOT%","index":178}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/LessonTracker.java","uriBaseId":"%SRCROOT%","index":179}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java","uriBaseId":"%SRCROOT%","index":180}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/Requests.java","uriBaseId":"%SRCROOT%","index":181}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":182}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java","uriBaseId":"%SRCROOT%","index":183}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java","uriBaseId":"%SRCROOT%","index":184}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java","uriBaseId":"%SRCROOT%","index":185}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java","uriBaseId":"%SRCROOT%","index":186}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebWolf.java","uriBaseId":"%SRCROOT%","index":187}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java","uriBaseId":"%SRCROOT%","index":188}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java","uriBaseId":"%SRCROOT%","index":189}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/WebGoat.java","uriBaseId":"%SRCROOT%","index":190}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java","uriBaseId":"%SRCROOT%","index":191}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/HammerHead.java","uriBaseId":"%SRCROOT%","index":192}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java","uriBaseId":"%SRCROOT%","index":193}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LabelService.java","uriBaseId":"%SRCROOT%","index":194}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java","uriBaseId":"%SRCROOT%","index":195}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordReset.java","uriBaseId":"%SRCROOT%","index":196}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java","uriBaseId":"%SRCROOT%","index":197}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java","uriBaseId":"%SRCROOT%","index":198}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java","uriBaseId":"%SRCROOT%","index":199}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java","uriBaseId":"%SRCROOT%","index":200}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java","uriBaseId":"%SRCROOT%","index":201}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Category.java","uriBaseId":"%SRCROOT%","index":202}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java","uriBaseId":"%SRCROOT%","index":203}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepository.java","uriBaseId":"%SRCROOT%","index":204}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/Review.java","uriBaseId":"%SRCROOT%","index":205}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java","uriBaseId":"%SRCROOT%","index":206}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java","uriBaseId":"%SRCROOT%","index":207}},{"location":{"uri":"src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java","uriBaseId":"%SRCROOT%","index":208}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java","uriBaseId":"%SRCROOT%","index":209}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java","uriBaseId":"%SRCROOT%","index":210}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":211}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java","uriBaseId":"%SRCROOT%","index":212}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java","uriBaseId":"%SRCROOT%","index":213}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java","uriBaseId":"%SRCROOT%","index":214}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":215}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java","uriBaseId":"%SRCROOT%","index":216}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java","uriBaseId":"%SRCROOT%","index":217}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/session/UserSessionData.java","uriBaseId":"%SRCROOT%","index":218}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java","uriBaseId":"%SRCROOT%","index":219}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTampering.java","uriBaseId":"%SRCROOT%","index":220}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flags.java","uriBaseId":"%SRCROOT%","index":221}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpProxies.java","uriBaseId":"%SRCROOT%","index":222}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsEndpoint.java","uriBaseId":"%SRCROOT%","index":223}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Hint.java","uriBaseId":"%SRCROOT%","index":224}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/controller/Welcome.java","uriBaseId":"%SRCROOT%","index":225}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/Comment.java","uriBaseId":"%SRCROOT%","index":226}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/PathTraversal.java","uriBaseId":"%SRCROOT%","index":227}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java","uriBaseId":"%SRCROOT%","index":228}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java","uriBaseId":"%SRCROOT%","index":229}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java","uriBaseId":"%SRCROOT%","index":230}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java","uriBaseId":"%SRCROOT%","index":231}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java","uriBaseId":"%SRCROOT%","index":232}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java","uriBaseId":"%SRCROOT%","index":233}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasics.java","uriBaseId":"%SRCROOT%","index":234}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java","uriBaseId":"%SRCROOT%","index":235}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java","uriBaseId":"%SRCROOT%","index":236}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java","uriBaseId":"%SRCROOT%","index":237}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java","uriBaseId":"%SRCROOT%","index":238}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictions.java","uriBaseId":"%SRCROOT%","index":239}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java","uriBaseId":"%SRCROOT%","index":240}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java","uriBaseId":"%SRCROOT%","index":241}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java","uriBaseId":"%SRCROOT%","index":242}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":243}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/ReportCardService.java","uriBaseId":"%SRCROOT%","index":244}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpoint.java","uriBaseId":"%SRCROOT%","index":245}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java","uriBaseId":"%SRCROOT%","index":246}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/TriedQuestions.java","uriBaseId":"%SRCROOT%","index":247}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":248}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java","uriBaseId":"%SRCROOT%","index":249}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java","uriBaseId":"%SRCROOT%","index":250}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java","uriBaseId":"%SRCROOT%","index":251}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Email.java","uriBaseId":"%SRCROOT%","index":252}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java","uriBaseId":"%SRCROOT%","index":253}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java","uriBaseId":"%SRCROOT%","index":254}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java","uriBaseId":"%SRCROOT%","index":255}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java","uriBaseId":"%SRCROOT%","index":256}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/Comment.java","uriBaseId":"%SRCROOT%","index":257}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/WebWolfIntroduction.java","uriBaseId":"%SRCROOT%","index":258}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java","uriBaseId":"%SRCROOT%","index":259}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java","uriBaseId":"%SRCROOT%","index":260}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java","uriBaseId":"%SRCROOT%","index":261}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java","uriBaseId":"%SRCROOT%","index":262}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java","uriBaseId":"%SRCROOT%","index":263}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserValidator.java","uriBaseId":"%SRCROOT%","index":264}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java","uriBaseId":"%SRCROOT%","index":265}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java","uriBaseId":"%SRCROOT%","index":266}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java","uriBaseId":"%SRCROOT%","index":267}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java","uriBaseId":"%SRCROOT%","index":268}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Assignment.java","uriBaseId":"%SRCROOT%","index":269}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java","uriBaseId":"%SRCROOT%","index":270}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/webgoatintroduction/WebGoatIntroduction.java","uriBaseId":"%SRCROOT%","index":271}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java","uriBaseId":"%SRCROOT%","index":272}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java","uriBaseId":"%SRCROOT%","index":273}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java","uriBaseId":"%SRCROOT%","index":274}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java","uriBaseId":"%SRCROOT%","index":275}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java","uriBaseId":"%SRCROOT%","index":276}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/User.java","uriBaseId":"%SRCROOT%","index":277}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java","uriBaseId":"%SRCROOT%","index":278}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/user/UserRepository.java","uriBaseId":"%SRCROOT%","index":279}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java","uriBaseId":"%SRCROOT%","index":280}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java","uriBaseId":"%SRCROOT%","index":281}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java","uriBaseId":"%SRCROOT%","index":282}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java","uriBaseId":"%SRCROOT%","index":283}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":284}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswords.java","uriBaseId":"%SRCROOT%","index":285}},{"location":{"uri":"src/main/java/org/owasp/webgoat/server/StartWebGoat.java","uriBaseId":"%SRCROOT%","index":286}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java","uriBaseId":"%SRCROOT%","index":287}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java","uriBaseId":"%SRCROOT%","index":288}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/Messages.java","uriBaseId":"%SRCROOT%","index":289}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java","uriBaseId":"%SRCROOT%","index":290}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java","uriBaseId":"%SRCROOT%","index":291}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AuthBypass.java","uriBaseId":"%SRCROOT%","index":292}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Lesson.java","uriBaseId":"%SRCROOT%","index":293}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java","uriBaseId":"%SRCROOT%","index":294}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java","uriBaseId":"%SRCROOT%","index":295}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java","uriBaseId":"%SRCROOT%","index":296}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java","uriBaseId":"%SRCROOT%","index":297}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java","uriBaseId":"%SRCROOT%","index":298}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionAdvanced.java","uriBaseId":"%SRCROOT%","index":299}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java","uriBaseId":"%SRCROOT%","index":300}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIA.java","uriBaseId":"%SRCROOT%","index":301}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java","uriBaseId":"%SRCROOT%","index":302}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java","uriBaseId":"%SRCROOT%","index":303}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLogin.java","uriBaseId":"%SRCROOT%","index":304}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/mailbox/Email.java","uriBaseId":"%SRCROOT%","index":305}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java","uriBaseId":"%SRCROOT%","index":306}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java","uriBaseId":"%SRCROOT%","index":307}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java","uriBaseId":"%SRCROOT%","index":308}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/lessontemplate/LessonTemplate.java","uriBaseId":"%SRCROOT%","index":309}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":310}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java","uriBaseId":"%SRCROOT%","index":311}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java","uriBaseId":"%SRCROOT%","index":312}},{"location":{"uri":"src/main/java/org/owasp/webgoat/server/StartupMessage.java","uriBaseId":"%SRCROOT%","index":313}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFiltering.java","uriBaseId":"%SRCROOT%","index":314}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionMitigations.java","uriBaseId":"%SRCROOT%","index":315}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java","uriBaseId":"%SRCROOT%","index":316}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java","uriBaseId":"%SRCROOT%","index":317}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java","uriBaseId":"%SRCROOT%","index":318}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java","uriBaseId":"%SRCROOT%","index":319}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java","uriBaseId":"%SRCROOT%","index":320}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java","uriBaseId":"%SRCROOT%","index":321}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java","uriBaseId":"%SRCROOT%","index":322}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/WebWolfTraceRepository.java","uriBaseId":"%SRCROOT%","index":323}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java","uriBaseId":"%SRCROOT%","index":324}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/service/HintService.java","uriBaseId":"%SRCROOT%","index":325}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java","uriBaseId":"%SRCROOT%","index":326}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/LessonDataSource.java","uriBaseId":"%SRCROOT%","index":327}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/Scoreboard.java","uriBaseId":"%SRCROOT%","index":328}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/authbypass/AccountVerificationHelper.java","uriBaseId":"%SRCROOT%","index":329}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java","uriBaseId":"%SRCROOT%","index":330}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":331}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java","uriBaseId":"%SRCROOT%","index":332}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserTracker.java","uriBaseId":"%SRCROOT%","index":333}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserSession.java","uriBaseId":"%SRCROOT%","index":334}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/session/Course.java","uriBaseId":"%SRCROOT%","index":335}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java","uriBaseId":"%SRCROOT%","index":336}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java","uriBaseId":"%SRCROOT%","index":337}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java","uriBaseId":"%SRCROOT%","index":338}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java","uriBaseId":"%SRCROOT%","index":339}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java","uriBaseId":"%SRCROOT%","index":340}},{"location":{"uri":"src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java","uriBaseId":"%SRCROOT%","index":341}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java","uriBaseId":"%SRCROOT%","index":342}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java","uriBaseId":"%SRCROOT%","index":343}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java","uriBaseId":"%SRCROOT%","index":344}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java","uriBaseId":"%SRCROOT%","index":345}},{"location":{"uri":"src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java","uriBaseId":"%SRCROOT%","index":346}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/Email.java","uriBaseId":"%SRCROOT%","index":347}},{"location":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/User.java","uriBaseId":"%SRCROOT%","index":348}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/StartupMessage.java","uriBaseId":"%SRCROOT%","index":349}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":350}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/CommentsEndpoint.java","uriBaseId":"%SRCROOT%","index":351}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxControllerTest.java","uriBaseId":"%SRCROOT%","index":352}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java","uriBaseId":"%SRCROOT%","index":353}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":354}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":355}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/ReportCardServiceTest.java","uriBaseId":"%SRCROOT%","index":356}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java","uriBaseId":"%SRCROOT%","index":357}},{"location":{"uri":"src-delomboked/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java","uriBaseId":"%SRCROOT%","index":358}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java","uriBaseId":"%SRCROOT%","index":359}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java","uriBaseId":"%SRCROOT%","index":360}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswords.java","uriBaseId":"%SRCROOT%","index":361}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java","uriBaseId":"%SRCROOT%","index":362}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java","uriBaseId":"%SRCROOT%","index":363}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java","uriBaseId":"%SRCROOT%","index":364}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":365}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/HammerHead.java","uriBaseId":"%SRCROOT%","index":366}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java","uriBaseId":"%SRCROOT%","index":367}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java","uriBaseId":"%SRCROOT%","index":368}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/challenges/Assignment1Test.java","uriBaseId":"%SRCROOT%","index":369}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":370}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2Test.java","uriBaseId":"%SRCROOT%","index":371}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Assignment.java","uriBaseId":"%SRCROOT%","index":372}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":373}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":374}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/HintService.java","uriBaseId":"%SRCROOT%","index":375}},{"location":{"uri":"src-delomboked/.mvn/wrapper/MavenWrapperDownloader.java","uriBaseId":"%SRCROOT%","index":376}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Hint.java","uriBaseId":"%SRCROOT%","index":377}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserTracker.java","uriBaseId":"%SRCROOT%","index":378}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasics.java","uriBaseId":"%SRCROOT%","index":379}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java","uriBaseId":"%SRCROOT%","index":380}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":381}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java","uriBaseId":"%SRCROOT%","index":382}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/StartWebGoat.java","uriBaseId":"%SRCROOT%","index":383}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java","uriBaseId":"%SRCROOT%","index":384}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java","uriBaseId":"%SRCROOT%","index":385}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java","uriBaseId":"%SRCROOT%","index":386}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/jwt/JWTController.java","uriBaseId":"%SRCROOT%","index":387}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":388}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":389}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":390}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java","uriBaseId":"%SRCROOT%","index":391}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java","uriBaseId":"%SRCROOT%","index":392}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java","uriBaseId":"%SRCROOT%","index":393}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java","uriBaseId":"%SRCROOT%","index":394}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/authbypass/BypassVerificationTest.java","uriBaseId":"%SRCROOT%","index":395}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":396}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java","uriBaseId":"%SRCROOT%","index":397}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java","uriBaseId":"%SRCROOT%","index":398}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Flags.java","uriBaseId":"%SRCROOT%","index":399}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/Review.java","uriBaseId":"%SRCROOT%","index":400}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":401}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":402}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProviderTest.java","uriBaseId":"%SRCROOT%","index":403}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserValidator.java","uriBaseId":"%SRCROOT%","index":404}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java","uriBaseId":"%SRCROOT%","index":405}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java","uriBaseId":"%SRCROOT%","index":406}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":407}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java","uriBaseId":"%SRCROOT%","index":408}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/TriedQuestions.java","uriBaseId":"%SRCROOT%","index":409}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":410}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":411}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java","uriBaseId":"%SRCROOT%","index":412}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":413}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTampering.java","uriBaseId":"%SRCROOT%","index":414}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionMitigations.java","uriBaseId":"%SRCROOT%","index":415}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java","uriBaseId":"%SRCROOT%","index":416}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java","uriBaseId":"%SRCROOT%","index":417}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java","uriBaseId":"%SRCROOT%","index":418}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":419}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java","uriBaseId":"%SRCROOT%","index":420}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/Email.java","uriBaseId":"%SRCROOT%","index":421}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":422}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java","uriBaseId":"%SRCROOT%","index":423}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/cryptography/CryptoUtilTest.java","uriBaseId":"%SRCROOT%","index":424}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/ReportCardService.java","uriBaseId":"%SRCROOT%","index":425}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java","uriBaseId":"%SRCROOT%","index":426}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java","uriBaseId":"%SRCROOT%","index":427}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":428}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/Email.java","uriBaseId":"%SRCROOT%","index":429}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":430}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":431}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java","uriBaseId":"%SRCROOT%","index":432}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/controller/StartLesson.java","uriBaseId":"%SRCROOT%","index":433}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java","uriBaseId":"%SRCROOT%","index":434}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6aTest.java","uriBaseId":"%SRCROOT%","index":435}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java","uriBaseId":"%SRCROOT%","index":436}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java","uriBaseId":"%SRCROOT%","index":437}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java","uriBaseId":"%SRCROOT%","index":438}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/WebGoatApplication.java","uriBaseId":"%SRCROOT%","index":439}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevTools.java","uriBaseId":"%SRCROOT%","index":440}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFixTest.java","uriBaseId":"%SRCROOT%","index":441}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/XSSIntegrationTest.java","uriBaseId":"%SRCROOT%","index":442}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java","uriBaseId":"%SRCROOT%","index":443}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/Language.java","uriBaseId":"%SRCROOT%","index":444}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java","uriBaseId":"%SRCROOT%","index":445}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java","uriBaseId":"%SRCROOT%","index":446}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":447}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java","uriBaseId":"%SRCROOT%","index":448}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":449}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/Salaries.java","uriBaseId":"%SRCROOT%","index":450}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java","uriBaseId":"%SRCROOT%","index":451}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/deserialization/DeserializeTest.java","uriBaseId":"%SRCROOT%","index":452}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java","uriBaseId":"%SRCROOT%","index":453}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java","uriBaseId":"%SRCROOT%","index":454}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java","uriBaseId":"%SRCROOT%","index":455}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserRepository.java","uriBaseId":"%SRCROOT%","index":456}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":457}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/i18n/Messages.java","uriBaseId":"%SRCROOT%","index":458}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":459}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java","uriBaseId":"%SRCROOT%","index":460}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrievalTest.java","uriBaseId":"%SRCROOT%","index":461}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":462}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java","uriBaseId":"%SRCROOT%","index":463}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java","uriBaseId":"%SRCROOT%","index":464}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":465}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest2.java","uriBaseId":"%SRCROOT%","index":466}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java","uriBaseId":"%SRCROOT%","index":467}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":468}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/XXEIntegrationTest.java","uriBaseId":"%SRCROOT%","index":469}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java","uriBaseId":"%SRCROOT%","index":470}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8Test.java","uriBaseId":"%SRCROOT%","index":471}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java","uriBaseId":"%SRCROOT%","index":472}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cia/CIA.java","uriBaseId":"%SRCROOT%","index":473}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5aTest.java","uriBaseId":"%SRCROOT%","index":474}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":475}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java","uriBaseId":"%SRCROOT%","index":476}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/plugins/LessonTest.java","uriBaseId":"%SRCROOT%","index":477}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/Email.java","uriBaseId":"%SRCROOT%","index":478}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/UserService.java","uriBaseId":"%SRCROOT%","index":479}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/UserSessionData.java","uriBaseId":"%SRCROOT%","index":480}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpoint.java","uriBaseId":"%SRCROOT%","index":481}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/server/ParentConfig.java","uriBaseId":"%SRCROOT%","index":482}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java","uriBaseId":"%SRCROOT%","index":483}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":484}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java","uriBaseId":"%SRCROOT%","index":485}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java","uriBaseId":"%SRCROOT%","index":486}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java","uriBaseId":"%SRCROOT%","index":487}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/UserRepository.java","uriBaseId":"%SRCROOT%","index":488}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignmentTest.java","uriBaseId":"%SRCROOT%","index":489}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/csrf/CSRFFeedbackTest.java","uriBaseId":"%SRCROOT%","index":490}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson6bTest.java","uriBaseId":"%SRCROOT%","index":491}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":492}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java","uriBaseId":"%SRCROOT%","index":493}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java","uriBaseId":"%SRCROOT%","index":494}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/user/UserServiceTest.java","uriBaseId":"%SRCROOT%","index":495}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/LessonDataSource.java","uriBaseId":"%SRCROOT%","index":496}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java","uriBaseId":"%SRCROOT%","index":497}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpointTest.java","uriBaseId":"%SRCROOT%","index":498}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java","uriBaseId":"%SRCROOT%","index":499}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/IntegrationTest.java","uriBaseId":"%SRCROOT%","index":500}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10Test.java","uriBaseId":"%SRCROOT%","index":501}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/chromedevtools/ChromeDevToolsTest.java","uriBaseId":"%SRCROOT%","index":502}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java","uriBaseId":"%SRCROOT%","index":503}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/session/LessonTrackerTest.java","uriBaseId":"%SRCROOT%","index":504}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java","uriBaseId":"%SRCROOT%","index":505}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java","uriBaseId":"%SRCROOT%","index":506}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/jwt/JWTToken.java","uriBaseId":"%SRCROOT%","index":507}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":508}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Lesson.java","uriBaseId":"%SRCROOT%","index":509}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepository.java","uriBaseId":"%SRCROOT%","index":510}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java","uriBaseId":"%SRCROOT%","index":511}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java","uriBaseId":"%SRCROOT%","index":512}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/Course.java","uriBaseId":"%SRCROOT%","index":513}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LabelService.java","uriBaseId":"%SRCROOT%","index":514}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":515}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/AccountVerificationHelper.java","uriBaseId":"%SRCROOT%","index":516}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/mailbox/MailboxRepositoryTest.java","uriBaseId":"%SRCROOT%","index":517}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java","uriBaseId":"%SRCROOT%","index":518}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/session/WebSession.java","uriBaseId":"%SRCROOT%","index":519}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordResetEmail.java","uriBaseId":"%SRCROOT%","index":520}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java","uriBaseId":"%SRCROOT%","index":521}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java","uriBaseId":"%SRCROOT%","index":522}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java","uriBaseId":"%SRCROOT%","index":523}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":524}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":525}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/session/LabelDebuggerTest.java","uriBaseId":"%SRCROOT%","index":526}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/user/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":527}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":528}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java","uriBaseId":"%SRCROOT%","index":529}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java","uriBaseId":"%SRCROOT%","index":530}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserValidatorTest.java","uriBaseId":"%SRCROOT%","index":531}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":532}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java","uriBaseId":"%SRCROOT%","index":533}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java","uriBaseId":"%SRCROOT%","index":534}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":535}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/cia/CIAQuizTest.java","uriBaseId":"%SRCROOT%","index":536}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java","uriBaseId":"%SRCROOT%","index":537}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java","uriBaseId":"%SRCROOT%","index":538}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java","uriBaseId":"%SRCROOT%","index":539}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java","uriBaseId":"%SRCROOT%","index":540}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java","uriBaseId":"%SRCROOT%","index":541}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java","uriBaseId":"%SRCROOT%","index":542}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignmentTest.java","uriBaseId":"%SRCROOT%","index":543}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":544}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpointTest.java","uriBaseId":"%SRCROOT%","index":545}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":546}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/MvcConfiguration.java","uriBaseId":"%SRCROOT%","index":547}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5Test.java","uriBaseId":"%SRCROOT%","index":548}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java","uriBaseId":"%SRCROOT%","index":549}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java","uriBaseId":"%SRCROOT%","index":550}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":551}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingTest.java","uriBaseId":"%SRCROOT%","index":552}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/WebWolfTraceRepository.java","uriBaseId":"%SRCROOT%","index":553}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java","uriBaseId":"%SRCROOT%","index":554}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/ssrf/SSRFTest1.java","uriBaseId":"%SRCROOT%","index":555}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpointTest.java","uriBaseId":"%SRCROOT%","index":556}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationTest.java","uriBaseId":"%SRCROOT%","index":557}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java","uriBaseId":"%SRCROOT%","index":558}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":559}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java","uriBaseId":"%SRCROOT%","index":560}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/SessionService.java","uriBaseId":"%SRCROOT%","index":561}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":562}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java","uriBaseId":"%SRCROOT%","index":563}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java","uriBaseId":"%SRCROOT%","index":564}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/WebWolfIntroduction.java","uriBaseId":"%SRCROOT%","index":565}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java","uriBaseId":"%SRCROOT%","index":566}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/LessonProgressServiceTest.java","uriBaseId":"%SRCROOT%","index":567}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":568}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java","uriBaseId":"%SRCROOT%","index":569}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/controller/Welcome.java","uriBaseId":"%SRCROOT%","index":570}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java","uriBaseId":"%SRCROOT%","index":571}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":572}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1Test.java","uriBaseId":"%SRCROOT%","index":573}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java","uriBaseId":"%SRCROOT%","index":574}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/lessontemplate/LessonTemplate.java","uriBaseId":"%SRCROOT%","index":575}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/User.java","uriBaseId":"%SRCROOT%","index":576}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java","uriBaseId":"%SRCROOT%","index":577}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":578}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java","uriBaseId":"%SRCROOT%","index":579}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/Comment.java","uriBaseId":"%SRCROOT%","index":580}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInputTest.java","uriBaseId":"%SRCROOT%","index":581}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/UserSession.java","uriBaseId":"%SRCROOT%","index":582}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java","uriBaseId":"%SRCROOT%","index":583}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java","uriBaseId":"%SRCROOT%","index":584}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDecTest.java","uriBaseId":"%SRCROOT%","index":585}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/authbypass/AuthBypass.java","uriBaseId":"%SRCROOT%","index":586}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionAdvanced.java","uriBaseId":"%SRCROOT%","index":587}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjection.java","uriBaseId":"%SRCROOT%","index":588}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignmentTest.java","uriBaseId":"%SRCROOT%","index":589}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpProxies.java","uriBaseId":"%SRCROOT%","index":590}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/PathTraversal.java","uriBaseId":"%SRCROOT%","index":591}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java","uriBaseId":"%SRCROOT%","index":592}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":593}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java","uriBaseId":"%SRCROOT%","index":594}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java","uriBaseId":"%SRCROOT%","index":595}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadTest.java","uriBaseId":"%SRCROOT%","index":596}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java","uriBaseId":"%SRCROOT%","index":597}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java","uriBaseId":"%SRCROOT%","index":598}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java","uriBaseId":"%SRCROOT%","index":599}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java","uriBaseId":"%SRCROOT%","index":600}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":601}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java","uriBaseId":"%SRCROOT%","index":602}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/Requests.java","uriBaseId":"%SRCROOT%","index":603}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java","uriBaseId":"%SRCROOT%","index":604}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java","uriBaseId":"%SRCROOT%","index":605}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java","uriBaseId":"%SRCROOT%","index":606}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/SimpleXXETest.java","uriBaseId":"%SRCROOT%","index":607}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":608}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java","uriBaseId":"%SRCROOT%","index":609}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java","uriBaseId":"%SRCROOT%","index":610}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/IDORIntegrationTest.java","uriBaseId":"%SRCROOT%","index":611}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/service/HintServiceTest.java","uriBaseId":"%SRCROOT%","index":612}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java","uriBaseId":"%SRCROOT%","index":613}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java","uriBaseId":"%SRCROOT%","index":614}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":615}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ShopEndpointTest.java","uriBaseId":"%SRCROOT%","index":616}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java","uriBaseId":"%SRCROOT%","index":617}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java","uriBaseId":"%SRCROOT%","index":618}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java","uriBaseId":"%SRCROOT%","index":619}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/lessons/Category.java","uriBaseId":"%SRCROOT%","index":620}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java","uriBaseId":"%SRCROOT%","index":621}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java","uriBaseId":"%SRCROOT%","index":622}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java","uriBaseId":"%SRCROOT%","index":623}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/assignments/AssignmentEndpointTest.java","uriBaseId":"%SRCROOT%","index":624}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":625}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java","uriBaseId":"%SRCROOT%","index":626}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java","uriBaseId":"%SRCROOT%","index":627}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java","uriBaseId":"%SRCROOT%","index":628}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java","uriBaseId":"%SRCROOT%","index":629}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFiltering.java","uriBaseId":"%SRCROOT%","index":630}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/Comment.java","uriBaseId":"%SRCROOT%","index":631}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequestTest.java","uriBaseId":"%SRCROOT%","index":632}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java","uriBaseId":"%SRCROOT%","index":633}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java","uriBaseId":"%SRCROOT%","index":634}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":635}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java","uriBaseId":"%SRCROOT%","index":636}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java","uriBaseId":"%SRCROOT%","index":637}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/Ping.java","uriBaseId":"%SRCROOT%","index":638}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java","uriBaseId":"%SRCROOT%","index":639}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java","uriBaseId":"%SRCROOT%","index":640}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java","uriBaseId":"%SRCROOT%","index":641}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/LessonTracker.java","uriBaseId":"%SRCROOT%","index":642}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java","uriBaseId":"%SRCROOT%","index":643}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":644}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":645}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xxe/User.java","uriBaseId":"%SRCROOT%","index":646}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java","uriBaseId":"%SRCROOT%","index":647}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":648}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java","uriBaseId":"%SRCROOT%","index":649}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/PasswordReset.java","uriBaseId":"%SRCROOT%","index":650}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java","uriBaseId":"%SRCROOT%","index":651}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java","uriBaseId":"%SRCROOT%","index":652}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xss/StoredXssCommentsTest.java","uriBaseId":"%SRCROOT%","index":653}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java","uriBaseId":"%SRCROOT%","index":654}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java","uriBaseId":"%SRCROOT%","index":655}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":656}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java","uriBaseId":"%SRCROOT%","index":657}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java","uriBaseId":"%SRCROOT%","index":658}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java","uriBaseId":"%SRCROOT%","index":659}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java","uriBaseId":"%SRCROOT%","index":660}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java","uriBaseId":"%SRCROOT%","index":661}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/webwolf/WebWolf.java","uriBaseId":"%SRCROOT%","index":662}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java","uriBaseId":"%SRCROOT%","index":663}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/SqlLessonTest.java","uriBaseId":"%SRCROOT%","index":664}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/passwordreset/resetlink/PasswordChangeForm.java","uriBaseId":"%SRCROOT%","index":665}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java","uriBaseId":"%SRCROOT%","index":666}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java","uriBaseId":"%SRCROOT%","index":667}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webgoatintroduction/WebGoatIntroduction.java","uriBaseId":"%SRCROOT%","index":668}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":669}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java","uriBaseId":"%SRCROOT%","index":670}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/WebGoat.java","uriBaseId":"%SRCROOT%","index":671}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/container/users/UserRepositoryTest.java","uriBaseId":"%SRCROOT%","index":672}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":673}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":674}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9Test.java","uriBaseId":"%SRCROOT%","index":675}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidationTest.java","uriBaseId":"%SRCROOT%","index":676}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java","uriBaseId":"%SRCROOT%","index":677}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLogin.java","uriBaseId":"%SRCROOT%","index":678}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/Scoreboard.java","uriBaseId":"%SRCROOT%","index":679}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java","uriBaseId":"%SRCROOT%","index":680}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java","uriBaseId":"%SRCROOT%","index":681}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignmentTest.java","uriBaseId":"%SRCROOT%","index":682}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java","uriBaseId":"%SRCROOT%","index":683}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java","uriBaseId":"%SRCROOT%","index":684}},{"location":{"uri":".mvn/wrapper/MavenWrapperDownloader.java","uriBaseId":"%SRCROOT%","index":685}},{"location":{"uri":"src-delomboked/src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":686}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":687}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13Test.java","uriBaseId":"%SRCROOT%","index":688}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java","uriBaseId":"%SRCROOT%","index":689}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java","uriBaseId":"%SRCROOT%","index":690}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":691}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":692}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java","uriBaseId":"%SRCROOT%","index":693}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentTest.java","uriBaseId":"%SRCROOT%","index":694}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":695}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java","uriBaseId":"%SRCROOT%","index":696}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictions.java","uriBaseId":"%SRCROOT%","index":697}},{"location":{"uri":"src-delomboked/src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java","uriBaseId":"%SRCROOT%","index":698}},{"location":{"uri":"src-delomboked/src/test/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignmentTest.java","uriBaseId":"%SRCROOT%","index":699}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/scoreboardApp.js","uriBaseId":"%SRCROOT%","index":700}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/assignment3.js","uriBaseId":"%SRCROOT%","index":701}},{"location":{"uri":"src/main/resources/lessons/csrf/js/csrf-review.js","uriBaseId":"%SRCROOT%","index":702}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/xxe/js/xxe.js","uriBaseId":"%SRCROOT%","index":703}},{"location":{"uri":"src/main/resources/lessons/jwt/js/jwt-buy.js","uriBaseId":"%SRCROOT%","index":704}},{"location":{"uri":"src/main/resources/lessons/challenges/js/challenge8.js","uriBaseId":"%SRCROOT%","index":705}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/mode-java.js","uriBaseId":"%SRCROOT%","index":706}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/assignment10b.js","uriBaseId":"%SRCROOT%","index":707}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/TitleView.js","uriBaseId":"%SRCROOT%","index":708}},{"location":{"uri":"src/main/resources/lessons/idor/js/idor.js","uriBaseId":"%SRCROOT%","index":709}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery_form/jquery.form.js","uriBaseId":"%SRCROOT%","index":710}},{"location":{"uri":"src/main/resources/lessons/pathtraversal/js/path_traversal.js","uriBaseId":"%SRCROOT%","index":711}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/controller/MenuController.js","uriBaseId":"%SRCROOT%","index":712}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ErrorNotificationView.js","uriBaseId":"%SRCROOT%","index":713}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuButtonView.js","uriBaseId":"%SRCROOT%","index":714}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuData.js","uriBaseId":"%SRCROOT%","index":715}},{"location":{"uri":"src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js","uriBaseId":"%SRCROOT%","index":716}},{"location":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-slider/js/bootstrap-slider.js","uriBaseId":"%SRCROOT%","index":717}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/UserAndInfoView.js","uriBaseId":"%SRCROOT%","index":718}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/text.js","uriBaseId":"%SRCROOT%","index":719}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuModel.js","uriBaseId":"%SRCROOT%","index":720}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-base.js","uriBaseId":"%SRCROOT%","index":721}},{"location":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js","uriBaseId":"%SRCROOT%","index":722}},{"location":{"uri":"src/main/resources/lessons/jwt/js/jwt-refresh.js","uriBaseId":"%SRCROOT%","index":723}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-ui-1.10.4.js","uriBaseId":"%SRCROOT%","index":724}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/challenge.js","uriBaseId":"%SRCROOT%","index":725}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/theme-monokai.js","uriBaseId":"%SRCROOT%","index":726}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/AssignmentStatusModel.js","uriBaseId":"%SRCROOT%","index":727}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonOverviewCollection.js","uriBaseId":"%SRCROOT%","index":728}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HTMLContentModel.js","uriBaseId":"%SRCROOT%","index":729}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/ssrf/js/credentials.js","uriBaseId":"%SRCROOT%","index":730}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/clientsidefiltering/js/clientSideFilteringFree.js","uriBaseId":"%SRCROOT%","index":731}},{"location":{"uri":"src/main/resources/lessons/authbypass/js/bypass.js","uriBaseId":"%SRCROOT%","index":732}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuCollection.js","uriBaseId":"%SRCROOT%","index":733}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js","uriBaseId":"%SRCROOT%","index":734}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonInfoModel.js","uriBaseId":"%SRCROOT%","index":735}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/idor/js/idor.js","uriBaseId":"%SRCROOT%","index":736}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/TitleView.js","uriBaseId":"%SRCROOT%","index":737}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/PaginationControlView.js","uriBaseId":"%SRCROOT%","index":738}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LessonContentModel.js","uriBaseId":"%SRCROOT%","index":739}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HintModel.js","uriBaseId":"%SRCROOT%","index":740}},{"location":{"uri":"src/main/resources/lessons/jwt/js/jwt-voting.js","uriBaseId":"%SRCROOT%","index":741}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/goatApp.js","uriBaseId":"%SRCROOT%","index":742}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuModel.js","uriBaseId":"%SRCROOT%","index":743}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/FlagModel.js","uriBaseId":"%SRCROOT%","index":744}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/PaginationControlView.js","uriBaseId":"%SRCROOT%","index":745}},{"location":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/jwt.js","uriBaseId":"%SRCROOT%","index":746}},{"location":{"uri":"src/main/resources/webwolf/static/js/jwt.js","uriBaseId":"%SRCROOT%","index":747}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/csrf/js/csrf-review.js","uriBaseId":"%SRCROOT%","index":748}},{"location":{"uri":"src/main/resources/lessons/csrf/js/feedback.js","uriBaseId":"%SRCROOT%","index":749}},{"location":{"uri":"src/main/resources/webgoat/static/js/quiz.js","uriBaseId":"%SRCROOT%","index":750}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/search.js","uriBaseId":"%SRCROOT%","index":751}},{"location":{"uri":"src/main/resources/webgoat/static/js/jquery_form/jquery.form.js","uriBaseId":"%SRCROOT%","index":752}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-final.js","uriBaseId":"%SRCROOT%","index":753}},{"location":{"uri":"src/main/resources/lessons/challenges/js/challenge6.js","uriBaseId":"%SRCROOT%","index":754}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/underscore-min.js","uriBaseId":"%SRCROOT%","index":755}},{"location":{"uri":"src/main/resources/lessons/xss/js/assignment4.js","uriBaseId":"%SRCROOT%","index":756}},{"location":{"uri":"src/main/resources/lessons/sqlinjection/js/assignment10b.js","uriBaseId":"%SRCROOT%","index":757}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-refresh.js","uriBaseId":"%SRCROOT%","index":758}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/nanoScroller/jquery.nanoscroller.min.js","uriBaseId":"%SRCROOT%","index":759}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LabelDebugModel.js","uriBaseId":"%SRCROOT%","index":760}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuView.js","uriBaseId":"%SRCROOT%","index":761}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/pathtraversal/js/path_traversal.js","uriBaseId":"%SRCROOT%","index":762}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/GoatRouter.js","uriBaseId":"%SRCROOT%","index":763}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/insecurelogin/js/credentials.js","uriBaseId":"%SRCROOT%","index":764}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/MenuData.js","uriBaseId":"%SRCROOT%","index":765}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ScoreboardView.js","uriBaseId":"%SRCROOT%","index":766}},{"location":{"uri":"src/main/resources/webwolf/static/js/mail.js","uriBaseId":"%SRCROOT%","index":767}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-weak-keys.js","uriBaseId":"%SRCROOT%","index":768}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-ui.min.js","uriBaseId":"%SRCROOT%","index":769}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/controller/LessonController.js","uriBaseId":"%SRCROOT%","index":770}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/passwordreset/js/password-reset-simple.js","uriBaseId":"%SRCROOT%","index":771}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/controller/MenuController.js","uriBaseId":"%SRCROOT%","index":772}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonInfoModel.js","uriBaseId":"%SRCROOT%","index":773}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HTMLContentModel.js","uriBaseId":"%SRCROOT%","index":774}},{"location":{"uri":"src/main/resources/lessons/clientsidefiltering/js/clientSideFilteringFree.js","uriBaseId":"%SRCROOT%","index":775}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/CustomGoat.js","uriBaseId":"%SRCROOT%","index":776}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/toggle.js","uriBaseId":"%SRCROOT%","index":777}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/theme-monokai.js","uriBaseId":"%SRCROOT%","index":778}},{"location":{"uri":"src/main/resources/lessons/ssrf/js/credentials.js","uriBaseId":"%SRCROOT%","index":779}},{"location":{"uri":"src/main/resources/webwolf/static/js/fileUpload.js","uriBaseId":"%SRCROOT%","index":780}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery.min.js","uriBaseId":"%SRCROOT%","index":781}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/GoatRouter.js","uriBaseId":"%SRCROOT%","index":782}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/goatConstants.js","uriBaseId":"%SRCROOT%","index":783}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-ui.min.js","uriBaseId":"%SRCROOT%","index":784}},{"location":{"uri":"src/main/resources/webgoat/static/plugins/nanoScroller/jquery.nanoscroller.min.js","uriBaseId":"%SRCROOT%","index":785}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/goatAsyncErrorHandler.js","uriBaseId":"%SRCROOT%","index":786}},{"location":{"uri":"src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js","uriBaseId":"%SRCROOT%","index":787}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/polyglot.min.js","uriBaseId":"%SRCROOT%","index":788}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js","uriBaseId":"%SRCROOT%","index":789}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/ReportCardModel.js","uriBaseId":"%SRCROOT%","index":790}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/FlagsCollection.js","uriBaseId":"%SRCROOT%","index":791}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/ace.js","uriBaseId":"%SRCROOT%","index":792}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":793}},{"location":{"uri":"src/main/resources/lessons/insecurelogin/js/credentials.js","uriBaseId":"%SRCROOT%","index":794}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-buy.js","uriBaseId":"%SRCROOT%","index":795}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/goatApp.js","uriBaseId":"%SRCROOT%","index":796}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/AssignmentStatusModel.js","uriBaseId":"%SRCROOT%","index":797}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery.form.js","uriBaseId":"%SRCROOT%","index":798}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/ace.js","uriBaseId":"%SRCROOT%","index":799}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/backbone-min.js","uriBaseId":"%SRCROOT%","index":800}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuView.js","uriBaseId":"%SRCROOT%","index":801}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/LessonContentView.js","uriBaseId":"%SRCROOT%","index":802}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/authbypass/js/bypass.js","uriBaseId":"%SRCROOT%","index":803}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/HintCollection.js","uriBaseId":"%SRCROOT%","index":804}},{"location":{"uri":"src/main/resources/lessons/sqlinjection/js/assignment13.js","uriBaseId":"%SRCROOT%","index":805}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/csrf/js/feedback.js","uriBaseId":"%SRCROOT%","index":806}},{"location":{"uri":"src/main/resources/webgoat/static/js/application.js","uriBaseId":"%SRCROOT%","index":807}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/main.js","uriBaseId":"%SRCROOT%","index":808}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/MenuCollection.js","uriBaseId":"%SRCROOT%","index":809}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js","uriBaseId":"%SRCROOT%","index":810}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js","uriBaseId":"%SRCROOT%","index":811}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js","uriBaseId":"%SRCROOT%","index":812}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/polyglot.min.js","uriBaseId":"%SRCROOT%","index":813}},{"location":{"uri":"src/main/resources/lessons/jwt/js/jwt-final.js","uriBaseId":"%SRCROOT%","index":814}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/HelpControlsView.js","uriBaseId":"%SRCROOT%","index":815}},{"location":{"uri":"src/main/resources/lessons/lessontemplate/js/idor.js","uriBaseId":"%SRCROOT%","index":816}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/require.min.js","uriBaseId":"%SRCROOT%","index":817}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HintModel.js","uriBaseId":"%SRCROOT%","index":818}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/ReportCardModel.js","uriBaseId":"%SRCROOT%","index":819}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/assignment4.js","uriBaseId":"%SRCROOT%","index":820}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/challenge8.js","uriBaseId":"%SRCROOT%","index":821}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/spoofcookie/js/handler.js","uriBaseId":"%SRCROOT%","index":822}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/MenuItemView.js","uriBaseId":"%SRCROOT%","index":823}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/underscore-min.js","uriBaseId":"%SRCROOT%","index":824}},{"location":{"uri":"src/main/resources/webgoat/static/js/search.js","uriBaseId":"%SRCROOT%","index":825}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonContentModel.js","uriBaseId":"%SRCROOT%","index":826}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/HintView.js","uriBaseId":"%SRCROOT%","index":827}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuItemView.js","uriBaseId":"%SRCROOT%","index":828}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-vuln.js","uriBaseId":"%SRCROOT%","index":829}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ScoreboardView.js","uriBaseId":"%SRCROOT%","index":830}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/sqlinjection/js/assignment13.js","uriBaseId":"%SRCROOT%","index":831}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/lessontemplate/js/idor.js","uriBaseId":"%SRCROOT%","index":832}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/HelpControlsView.js","uriBaseId":"%SRCROOT%","index":833}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/plugins/bootstrap-slider/js/bootstrap-slider.js","uriBaseId":"%SRCROOT%","index":834}},{"location":{"uri":"src/main/resources/lessons/xss/js/stored-xss.js","uriBaseId":"%SRCROOT%","index":835}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/UserAndInfoView.js","uriBaseId":"%SRCROOT%","index":836}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery.min.js","uriBaseId":"%SRCROOT%","index":837}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":838}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js","uriBaseId":"%SRCROOT%","index":839}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/text.js","uriBaseId":"%SRCROOT%","index":840}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/backbone-min.js","uriBaseId":"%SRCROOT%","index":841}},{"location":{"uri":"src/main/resources/webgoat/static/js/toggle.js","uriBaseId":"%SRCROOT%","index":842}},{"location":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/fileUpload.js","uriBaseId":"%SRCROOT%","index":843}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-base.js","uriBaseId":"%SRCROOT%","index":844}},{"location":{"uri":"src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js","uriBaseId":"%SRCROOT%","index":845}},{"location":{"uri":"src/main/resources/lessons/jwt/js/jwt-weak-keys.js","uriBaseId":"%SRCROOT%","index":846}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/HintCollection.js","uriBaseId":"%SRCROOT%","index":847}},{"location":{"uri":"src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js","uriBaseId":"%SRCROOT%","index":848}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/goatConstants.js","uriBaseId":"%SRCROOT%","index":849}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/jwt/js/jwt-voting.js","uriBaseId":"%SRCROOT%","index":850}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js","uriBaseId":"%SRCROOT%","index":851}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/view/ReportCardView.js","uriBaseId":"%SRCROOT%","index":852}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/LabelDebugModel.js","uriBaseId":"%SRCROOT%","index":853}},{"location":{"uri":"src/main/resources/lessons/challenges/js/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":854}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/scoreboardApp.js","uriBaseId":"%SRCROOT%","index":855}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/controller/LessonController.js","uriBaseId":"%SRCROOT%","index":856}},{"location":{"uri":"src/main/resources/lessons/sqlinjection/js/challenge.js","uriBaseId":"%SRCROOT%","index":857}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js","uriBaseId":"%SRCROOT%","index":858}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/FlagsCollection.js","uriBaseId":"%SRCROOT%","index":859}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/model/LessonOverviewCollection.js","uriBaseId":"%SRCROOT%","index":860}},{"location":{"uri":"src/main/resources/lessons/xxe/js/xxe.js","uriBaseId":"%SRCROOT%","index":861}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/model/FlagModel.js","uriBaseId":"%SRCROOT%","index":862}},{"location":{"uri":"src/main/resources/lessons/passwordreset/js/password-reset-simple.js","uriBaseId":"%SRCROOT%","index":863}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ReportCardView.js","uriBaseId":"%SRCROOT%","index":864}},{"location":{"uri":"src/main/resources/webgoat/static/js/scoreboard.js","uriBaseId":"%SRCROOT%","index":865}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/bootstrap.min.js","uriBaseId":"%SRCROOT%","index":866}},{"location":{"uri":"src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js","uriBaseId":"%SRCROOT%","index":867}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/CustomGoat.js","uriBaseId":"%SRCROOT%","index":868}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/scoreboard.js","uriBaseId":"%SRCROOT%","index":869}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/modernizr.min.js","uriBaseId":"%SRCROOT%","index":870}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/mode-java.js","uriBaseId":"%SRCROOT%","index":871}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/ErrorNotificationView.js","uriBaseId":"%SRCROOT%","index":872}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/HintView.js","uriBaseId":"%SRCROOT%","index":873}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/xss/js/stored-xss.js","uriBaseId":"%SRCROOT%","index":874}},{"location":{"uri":"src-delomboked/src/main/resources/lessons/challenges/js/challenge6.js","uriBaseId":"%SRCROOT%","index":875}},{"location":{"uri":"src/main/resources/lessons/spoofcookie/js/handler.js","uriBaseId":"%SRCROOT%","index":876}},{"location":{"uri":"src/main/resources/webgoat/static/js/main.js","uriBaseId":"%SRCROOT%","index":877}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/application.js","uriBaseId":"%SRCROOT%","index":878}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/MenuButtonView.js","uriBaseId":"%SRCROOT%","index":879}},{"location":{"uri":"src/main/resources/lessons/xss/js/assignment3.js","uriBaseId":"%SRCROOT%","index":880}},{"location":{"uri":"src-delomboked/src/main/resources/webwolf/static/js/mail.js","uriBaseId":"%SRCROOT%","index":881}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/view/LessonContentView.js","uriBaseId":"%SRCROOT%","index":882}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/require.min.js","uriBaseId":"%SRCROOT%","index":883}},{"location":{"uri":"src/main/resources/webgoat/static/js/libs/jquery-vuln.js","uriBaseId":"%SRCROOT%","index":884}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/quiz.js","uriBaseId":"%SRCROOT%","index":885}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery-ui-1.10.4.js","uriBaseId":"%SRCROOT%","index":886}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/goatApp/support/goatAsyncErrorHandler.js","uriBaseId":"%SRCROOT%","index":887}},{"location":{"uri":"src-delomboked/src/main/resources/webgoat/static/js/libs/jquery.form.js","uriBaseId":"%SRCROOT%","index":888}},{"location":{"uri":"src/main/resources/webgoat/static/js/modernizr.min.js","uriBaseId":"%SRCROOT%","index":889}}],"results":[{"ruleId":"java/insecure-cookie","rule":{"id":"java/insecure-cookie","index":10,"toolComponent":{"index":18}},"message":{"text":"Cookie is added to response without the 'secure' flag being set."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":131,"startColumn":7,"endColumn":33}}}],"partialFingerprints":{"primaryLocationLineHash":"84a4c92c523d81a1:1","primaryLocationStartColumnFingerprint":"0"}},{"ruleId":"java/insecure-cookie","rule":{"id":"java/insecure-cookie","index":10,"toolComponent":{"index":18}},"message":{"text":"Cookie is added to response without the 'secure' flag being set."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":136,"startColumn":7,"endColumn":33}}}],"partialFingerprints":{"primaryLocationLineHash":"178a5d22f3f4ca47:1","primaryLocationStartColumnFingerprint":"0"}},{"ruleId":"java/insecure-cookie","rule":{"id":"java/insecure-cookie","index":10,"toolComponent":{"index":18}},"message":{"text":"Cookie is added to response without the 'secure' flag being set."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java","uriBaseId":"%SRCROOT%","index":1},"region":{"startLine":78,"startColumn":5,"endColumn":31}}}],"partialFingerprints":{"primaryLocationLineHash":"598c4a4ab35135b9:1","primaryLocationStartColumnFingerprint":"0"}},{"ruleId":"java/stack-trace-exposure","rule":{"id":"java/stack-trace-exposure","index":13,"toolComponent":{"index":18}},"message":{"text":"[Error information](1) can be exposed to an external user."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":2},"region":{"startLine":54,"startColumn":31,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"69b1bde9108b11cf:1","primaryLocationStartColumnFingerprint":"24"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java","uriBaseId":"%SRCROOT%","index":2},"region":{"startLine":54,"startColumn":31,"endColumn":57}},"message":{"text":"Error information"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":3},"region":{"startLine":68,"startColumn":19,"endColumn":76}}}],"partialFingerprints":{"primaryLocationLineHash":"31eaf1239ab18658:1","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java","uriBaseId":"%SRCROOT%","index":3},"region":{"startLine":68,"startColumn":19,"endColumn":76}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4},"region":{"startLine":107,"startColumn":17,"endColumn":58}}}],"partialFingerprints":{"primaryLocationLineHash":"25e8034b7fe5b633:1","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4},"region":{"startLine":107,"startColumn":17,"endColumn":58}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4},"region":{"startLine":137,"startColumn":11,"endColumn":52}}}],"partialFingerprints":{"primaryLocationLineHash":"c1626ca7a4cc054e:1","primaryLocationStartColumnFingerprint":"0"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java","uriBaseId":"%SRCROOT%","index":4},"region":{"startLine":137,"startColumn":11,"endColumn":52}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":155,"startColumn":19,"endColumn":60}}}],"partialFingerprints":{"primaryLocationLineHash":"55fa3c43091de850:1","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":155,"startColumn":19,"endColumn":60}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":180,"startColumn":19,"endColumn":60}}}],"partialFingerprints":{"primaryLocationLineHash":"55fa3c43091de850:2","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":180,"startColumn":19,"endColumn":60}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":203,"startColumn":19,"endColumn":60}}}],"partialFingerprints":{"primaryLocationLineHash":"55fa3c43091de850:3","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":203,"startColumn":19,"endColumn":60}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5},"region":{"startLine":55,"startColumn":15,"endColumn":62}}}],"partialFingerprints":{"primaryLocationLineHash":"ea6a64ef5a45e8bd:1","primaryLocationStartColumnFingerprint":"10"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5},"region":{"startLine":55,"startColumn":15,"endColumn":62}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/missing-jwt-signature-check","rule":{"id":"java/missing-jwt-signature-check","index":17,"toolComponent":{"index":18}},"message":{"text":"This parses a [JWT signing key](1), but the signature is not verified."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5},"region":{"startLine":59,"startColumn":12,"endLine":65,"endColumn":8}}}],"partialFingerprints":{"primaryLocationLineHash":"43c8407c9464bbdd:1","primaryLocationStartColumnFingerprint":"6"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/test/java/org/owasp/webgoat/lessons/jwt/TokenTest.java","uriBaseId":"%SRCROOT%","index":5},"region":{"startLine":59,"startColumn":12,"endLine":65,"endColumn":8}},"message":{"text":"JWT signing key"}}]},{"ruleId":"java/path-injection","rule":{"id":"java/path-injection","index":24,"toolComponent":{"index":18}},"message":{"text":"This path depends on a [user-provided value](1).\nThis path depends on a [user-provided value](2).\nThis path depends on a [user-provided value](3).\nThis path depends on a [user-provided value](4)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":42,"startColumn":26,"endColumn":61}}}],"partialFingerprints":{"primaryLocationLineHash":"f9dec27c2aee101b:1","primaryLocationStartColumnFingerprint":"19"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7},"region":{"startLine":38,"startColumn":7,"endColumn":77}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7},"region":{"startLine":39,"startColumn":51,"endColumn":59}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7},"region":{"startLine":39,"startColumn":51,"endColumn":78}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7},"region":{"startLine":39,"startColumn":32,"endColumn":83}},"message":{"text":"...?...:... : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":31,"startColumn":54,"endColumn":69}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":42,"startColumn":52,"endColumn":60}},"message":{"text":"fullName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":35,"startColumn":7,"endColumn":70}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":36,"startColumn":32,"endColumn":36}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":36,"startColumn":32,"endColumn":58}},"message":{"text":"getOriginalFilename(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":31,"startColumn":54,"endColumn":69}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":42,"startColumn":52,"endColumn":60}},"message":{"text":"fullName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9},"region":{"startLine":38,"startColumn":7,"endColumn":74}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9},"region":{"startLine":39,"startColumn":32,"endColumn":40}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":31,"startColumn":54,"endColumn":69}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":42,"startColumn":52,"endColumn":60}},"message":{"text":"fullName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":36,"startColumn":32,"endColumn":58}},"message":{"text":"getOriginalFilename(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":31,"startColumn":54,"endColumn":69}},"message":{"text":"fullName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java","uriBaseId":"%SRCROOT%","index":6},"region":{"startLine":42,"startColumn":52,"endColumn":60}},"message":{"text":"fullName"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java","uriBaseId":"%SRCROOT%","index":7},"region":{"startLine":38,"startColumn":7,"endColumn":77}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":35,"startColumn":7,"endColumn":70}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java","uriBaseId":"%SRCROOT%","index":9},"region":{"startLine":38,"startColumn":7,"endColumn":74}},"message":{"text":"user-provided value"}},{"id":4,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java","uriBaseId":"%SRCROOT%","index":8},"region":{"startLine":36,"startColumn":32,"endColumn":58}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/path-injection","rule":{"id":"java/path-injection","index":24,"toolComponent":{"index":18}},"message":{"text":"This path depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":93,"startColumn":25,"endColumn":112}}}],"partialFingerprints":{"primaryLocationLineHash":"45dae355bcc6e27f:1","primaryLocationStartColumnFingerprint":"17"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":90,"startColumn":16,"endColumn":42}},"message":{"text":"getParameter(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":93,"startColumn":56,"endColumn":111}},"message":{"text":"... + ..."}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":90,"startColumn":16,"endColumn":42}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/path-injection","rule":{"id":"java/path-injection","index":24,"toolComponent":{"index":18}},"message":{"text":"This path depends on a [user-provided value](1).\nThis path depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":66,"startColumn":29,"endColumn":80}}}],"partialFingerprints":{"primaryLocationLineHash":"f91d2819131b20b6:1","primaryLocationStartColumnFingerprint":"22"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":51,"startColumn":41,"endColumn":96}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":55,"startColumn":31,"endColumn":35}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":60,"startColumn":41,"endColumn":59}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":66,"startColumn":53,"endColumn":57}},"message":{"text":"file : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":66,"startColumn":53,"endColumn":79}},"message":{"text":"getOriginalFilename(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":51,"startColumn":41,"endColumn":96}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":66,"startColumn":53,"endColumn":79}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/path-injection","rule":{"id":"java/path-injection","index":24,"toolComponent":{"index":18}},"message":{"text":"This path depends on a [user-provided value](1).\nThis path depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":78,"startColumn":23,"endColumn":77}}}],"partialFingerprints":{"primaryLocationLineHash":"79bc479a53e1b374:1","primaryLocationStartColumnFingerprint":"18"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":78,"startColumn":48,"endColumn":54}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":78,"startColumn":48,"endColumn":76}},"message":{"text":"getOriginalFilename(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":78,"startColumn":48,"endColumn":76}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/path-injection","rule":{"id":"java/path-injection","index":24,"toolComponent":{"index":18}},"message":{"text":"This path depends on a [user-provided value](1).\nThis path depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":35,"endColumn":89}}}],"partialFingerprints":{"primaryLocationLineHash":"ef803e80edfe5b1e:1","primaryLocationStartColumnFingerprint":"30"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":66}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":88}},"message":{"text":"getOriginalFilename(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":88}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/zipslip","rule":{"id":"java/zipslip","index":25,"toolComponent":{"index":18}},"message":{"text":"Unsanitized archive entry, which may contain '..', is used in a [file system operation](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":73,"startColumn":53,"endColumn":64}}}],"partialFingerprints":{"primaryLocationLineHash":"a67d7aacb4287388:1","primaryLocationStartColumnFingerprint":"44"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":73,"startColumn":53,"endColumn":64}},"message":{"text":"getName(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":73,"startColumn":18,"endColumn":65}},"message":{"text":"new File(...) : File"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":75,"startColumn":24,"endColumn":25}},"message":{"text":"f : File"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":75,"startColumn":24,"endColumn":34}},"message":{"text":"toPath(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileZipSlip.java","uriBaseId":"%SRCROOT%","index":11},"region":{"startLine":75,"startColumn":24,"endColumn":34}},"message":{"text":"file system operation"}}]},{"ruleId":"java/xxe","rule":{"id":"java/xxe","index":37,"toolComponent":{"index":18}},"message":{"text":"XML parsing depends on a [user-provided value](1) without guarding against external entity expansion.\nXML parsing depends on a [user-provided value](2) without guarding against external entity expansion.\nXML parsing depends on a [user-provided value](3) without guarding against external entity expansion."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":41,"endColumn":62}}}],"partialFingerprints":{"primaryLocationLineHash":"1c93f3ad0a8f54:1","primaryLocationStartColumnFingerprint":"36"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14},"region":{"startLine":87,"startColumn":34,"endColumn":64}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14},"region":{"startLine":96,"startColumn":43,"endColumn":53}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":96,"startColumn":30,"endColumn":40}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":58,"endColumn":61}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":41,"endColumn":62}},"message":{"text":"new StringReader(...)"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15},"region":{"startLine":62,"startColumn":7,"endColumn":37}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15},"region":{"startLine":75,"startColumn":45,"endColumn":55}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":96,"startColumn":30,"endColumn":40}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":58,"endColumn":61}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":41,"endColumn":62}},"message":{"text":"new StringReader(...)"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16},"region":{"startLine":73,"startColumn":68,"endColumn":98}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16},"region":{"startLine":76,"startColumn":39,"endColumn":49}},"message":{"text":"commentStr : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":96,"startColumn":30,"endColumn":40}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":58,"endColumn":61}},"message":{"text":"xml : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java","uriBaseId":"%SRCROOT%","index":13},"region":{"startLine":105,"startColumn":41,"endColumn":62}},"message":{"text":"new StringReader(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java","uriBaseId":"%SRCROOT%","index":14},"region":{"startLine":87,"startColumn":34,"endColumn":64}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java","uriBaseId":"%SRCROOT%","index":15},"region":{"startLine":62,"startColumn":7,"endColumn":37}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java","uriBaseId":"%SRCROOT%","index":16},"region":{"startLine":73,"startColumn":68,"endColumn":98}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/unsafe-deserialization","rule":{"id":"java/unsafe-deserialization","index":41,"toolComponent":{"index":18}},"message":{"text":"Unsafe deserialization depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":60,"startColumn":18,"endColumn":34}}}],"partialFingerprints":{"primaryLocationLineHash":"6c850a3d150d9bb4:1","primaryLocationStartColumnFingerprint":"11"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":49,"startColumn":33,"endColumn":59}},"message":{"text":"token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":21}},"message":{"text":"token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":57}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":58,"startColumn":83,"endColumn":91}},"message":{"text":"b64token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":58,"startColumn":56,"endColumn":92}},"message":{"text":"decode(...) : byte[]"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":60,"startColumn":18,"endColumn":21}},"message":{"text":"ois"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":49,"startColumn":33,"endColumn":59}},"message":{"text":"token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":21}},"message":{"text":"token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":55,"startColumn":16,"endColumn":57}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":58,"startColumn":83,"endColumn":91}},"message":{"text":"b64token : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":58,"startColumn":56,"endColumn":92}},"message":{"text":"decode(...) : byte[]"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":58,"startColumn":31,"endColumn":93}},"message":{"text":"new ByteArrayInputStream(...) : ByteArrayInputStream"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":60,"startColumn":18,"endColumn":21}},"message":{"text":"ois"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java","uriBaseId":"%SRCROOT%","index":17},"region":{"startLine":49,"startColumn":33,"endColumn":59}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/unsafe-deserialization","rule":{"id":"java/unsafe-deserialization","index":41,"toolComponent":{"index":18}},"message":{"text":"Unsafe deserialization depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":57,"startColumn":27,"endColumn":51}}}],"partialFingerprints":{"primaryLocationLineHash":"350c8895428d29a7:1","primaryLocationStartColumnFingerprint":"20"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":40,"startColumn":47,"endColumn":75}},"message":{"text":"payload : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":57,"startColumn":43,"endColumn":50}},"message":{"text":"payload"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":40,"startColumn":47,"endColumn":75}},"message":{"text":"payload : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endColumn":20}},"message":{"text":"payload : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endLine":51,"endColumn":34}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endLine":52,"endColumn":35}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endLine":53,"endColumn":35}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endLine":54,"endColumn":36}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":50,"startColumn":13,"endLine":55,"endColumn":36}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":57,"startColumn":43,"endColumn":50}},"message":{"text":"payload"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java","uriBaseId":"%SRCROOT%","index":18},"region":{"startLine":40,"startColumn":47,"endColumn":75}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/polynomial-redos","rule":{"id":"java/polynomial-redos","index":45,"toolComponent":{"index":18}},"message":{"text":"This [regular expression](1) that depends on a [user-provided value](2) may run slow on strings with many repetitions of ' '.\nThis [regular expression](3) that depends on a [user-provided value](2) may run slow on strings starting with 'union' and with many repetitions of 'union('.\nThis [regular expression](1) that depends on a [user-provided value](4) may run slow on strings with many repetitions of ' '.\nThis [regular expression](3) that depends on a [user-provided value](4) may run slow on strings starting with 'union' and with many repetitions of 'union('.\nThis [regular expression](1) that depends on a [user-provided value](5) may run slow on strings with many repetitions of ' '.\nThis [regular expression](3) that depends on a [user-provided value](5) may run slow on strings starting with 'union' and with many repetitions of 'union('."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}}}],"partialFingerprints":{"primaryLocationLineHash":"f222904dc5afe3ce:1","primaryLocationStartColumnFingerprint":"5"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":56,"startColumn":33,"endColumn":81}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":57,"startColumn":28,"endColumn":34}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":56,"startColumn":33,"endColumn":81}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":57,"startColumn":28,"endColumn":34}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":47,"startColumn":30,"endColumn":93}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":51,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":47,"startColumn":30,"endColumn":93}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":51,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":52,"startColumn":7,"endColumn":82}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":20}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":34}},"message":{"text":"toUpperCase(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":54}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":76}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":57,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":52,"startColumn":7,"endColumn":82}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":20}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":34}},"message":{"text":"toUpperCase(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":54}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":76}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":57,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":12,"endColumn":23}},"message":{"text":"accountName"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":50,"endColumn":54}},"message":{"text":"regular expression"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":56,"startColumn":33,"endColumn":81}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":68,"startColumn":61,"endColumn":63}},"message":{"text":"regular expression"}},{"id":4,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":47,"startColumn":30,"endColumn":93}},"message":{"text":"user-provided value"}},{"id":5,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":52,"startColumn":7,"endColumn":82}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/polynomial-redos","rule":{"id":"java/polynomial-redos","index":45,"toolComponent":{"index":18}},"message":{"text":"This [regular expression](1) that depends on a [user-provided value](2) may run slow on strings starting with '<' and with many repetitions of '<'."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22},"region":{"startLine":63,"startColumn":16,"endColumn":22}}}],"partialFingerprints":{"primaryLocationLineHash":"c108af4381cebe6f:1","primaryLocationStartColumnFingerprint":"9"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22},"region":{"startLine":59,"startColumn":33,"endColumn":60}},"message":{"text":"editor : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22},"region":{"startLine":63,"startColumn":16,"endColumn":22}},"message":{"text":"editor"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22},"region":{"startLine":63,"startColumn":38,"endColumn":41}},"message":{"text":"regular expression"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java","uriBaseId":"%SRCROOT%","index":22},"region":{"startLine":59,"startColumn":33,"endColumn":60}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/polynomial-redos","rule":{"id":"java/polynomial-redos","index":45,"toolComponent":{"index":18}},"message":{"text":"This [regular expression](1) that depends on a [user-provided value](2) may run slow on strings starting with '<script>alert(' and with many repetitions of '<script>alert('.\nThis [regular expression](3) that depends on a [user-provided value](2) may run slow on strings starting with '<script>alert()</script>' and with many repetitions of ')</script>'."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":63,"startColumn":26,"endColumn":32}}}],"partialFingerprints":{"primaryLocationLineHash":"113b34bd21123106:1","primaryLocationStartColumnFingerprint":"21"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":61,"startColumn":7,"endColumn":34}},"message":{"text":"field2 : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":63,"startColumn":26,"endColumn":32}},"message":{"text":"field2"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":61,"startColumn":7,"endColumn":34}},"message":{"text":"field2 : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":63,"startColumn":26,"endColumn":32}},"message":{"text":"field2"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":49,"startColumn":50,"endColumn":52}},"message":{"text":"regular expression"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":61,"startColumn":7,"endColumn":34}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":49,"startColumn":66,"endColumn":68}},"message":{"text":"regular expression"}}]},{"ruleId":"java/polynomial-redos","rule":{"id":"java/polynomial-redos","index":45,"toolComponent":{"index":18}},"message":{"text":"This [regular expression](1) that depends on a [user-provided value](2) may run slow on strings starting with '<script>alert(' and with many repetitions of '<script>alert('.\nThis [regular expression](3) that depends on a [user-provided value](2) may run slow on strings starting with '<script>alert()</script>' and with many repetitions of ')</script>'."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":85,"startColumn":26,"endColumn":32}}}],"partialFingerprints":{"primaryLocationLineHash":"de4f1e66fe5d59eb:1","primaryLocationStartColumnFingerprint":"21"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":60,"startColumn":7,"endColumn":34}},"message":{"text":"field1 : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":85,"startColumn":26,"endColumn":32}},"message":{"text":"field1"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":60,"startColumn":7,"endColumn":34}},"message":{"text":"field1 : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":85,"startColumn":26,"endColumn":32}},"message":{"text":"field1"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":49,"startColumn":50,"endColumn":52}},"message":{"text":"regular expression"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":60,"startColumn":7,"endColumn":34}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java","uriBaseId":"%SRCROOT%","index":23},"region":{"startLine":49,"startColumn":66,"endColumn":68}},"message":{"text":"regular expression"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":26,"endColumn":97}}}],"partialFingerprints":{"primaryLocationLineHash":"c375853e645b5747:1","primaryLocationStartColumnFingerprint":"21"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":38,"startColumn":31,"endColumn":83}},"message":{"text":"userForm : UserForm"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":44,"startColumn":25,"endColumn":47}},"message":{"text":"getUsername(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":39,"startColumn":23,"endColumn":38}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":59,"endColumn":67}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":32,"startColumn":22,"endColumn":37}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":33,"startColumn":10,"endColumn":18}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":36,"startColumn":22,"endColumn":37}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":37,"startColumn":21,"endColumn":29}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":37,"startColumn":5,"endColumn":9}},"message":{"text":"this [post update] [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":33,"startColumn":5,"endColumn":41}},"message":{"text":"this <constr(this)> [post update] [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":43,"endColumn":78}},"message":{"text":"new WebGoatUser(...) [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":23,"endColumn":79}},"message":{"text":"save(...) [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":47,"startColumn":28,"endColumn":39}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":51,"startColumn":37,"endColumn":60}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":47,"endColumn":58}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":55,"startColumn":17,"endColumn":28}},"message":{"text":"parameter this [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":56,"startColumn":12,"endColumn":16}},"message":{"text":"this [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":56,"startColumn":12,"endColumn":25}},"message":{"text":"this.username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":47,"endColumn":72}},"message":{"text":"getUsername(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":26,"endColumn":97}},"message":{"text":"... + ..."}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":38,"startColumn":31,"endColumn":83}},"message":{"text":"userForm : UserForm"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":44,"startColumn":25,"endColumn":33}},"message":{"text":"userForm : UserForm"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":27},"region":{"startLine":30,"startColumn":18,"endColumn":29}},"message":{"text":"parameter this : UserForm"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserForm.java","uriBaseId":"%SRCROOT%","index":27},"region":{"startLine":30,"startColumn":45,"endColumn":58}},"message":{"text":"this.username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":44,"startColumn":25,"endColumn":47}},"message":{"text":"getUsername(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":39,"startColumn":23,"endColumn":38}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":59,"endColumn":67}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":32,"startColumn":22,"endColumn":37}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":33,"startColumn":10,"endColumn":18}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":36,"startColumn":22,"endColumn":37}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":37,"startColumn":21,"endColumn":29}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":37,"startColumn":5,"endColumn":9}},"message":{"text":"this [post update] [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":33,"startColumn":5,"endColumn":41}},"message":{"text":"this <constr(this)> [post update] [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":43,"endColumn":78}},"message":{"text":"new WebGoatUser(...) [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":42,"startColumn":23,"endColumn":79}},"message":{"text":"save(...) [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":47,"startColumn":28,"endColumn":39}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":51,"startColumn":37,"endColumn":60}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":47,"endColumn":58}},"message":{"text":"webGoatUser [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":55,"startColumn":17,"endColumn":28}},"message":{"text":"parameter this [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":56,"startColumn":12,"endColumn":16}},"message":{"text":"this [username] : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java","uriBaseId":"%SRCROOT%","index":26},"region":{"startLine":56,"startColumn":12,"endColumn":25}},"message":{"text":"this.username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":47,"endColumn":72}},"message":{"text":"getUsername(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/UserService.java","uriBaseId":"%SRCROOT%","index":24},"region":{"startLine":52,"startColumn":26,"endColumn":97}},"message":{"text":"... + ..."}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/users/RegistrationController.java","uriBaseId":"%SRCROOT%","index":25},"region":{"startLine":38,"startColumn":31,"endColumn":83}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":64,"startColumn":66,"endColumn":188}}}],"partialFingerprints":{"primaryLocationLineHash":"1a0c1f7d5956e4f8:1","primaryLocationStartColumnFingerprint":"58"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":50,"startColumn":30,"endColumn":65}},"message":{"text":"username_login : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":64,"startColumn":66,"endColumn":188}},"message":{"text":"... + ..."}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":50,"startColumn":67,"endColumn":102}},"message":{"text":"password_login : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":64,"startColumn":66,"endColumn":188}},"message":{"text":"... + ..."}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":50,"startColumn":30,"endColumn":65}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java","uriBaseId":"%SRCROOT%","index":28},"region":{"startLine":50,"startColumn":67,"endColumn":102}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29},"region":{"startLine":69,"startColumn":54,"endColumn":68}}}],"partialFingerprints":{"primaryLocationLineHash":"f774d9651c9c378c:1","primaryLocationStartColumnFingerprint":"45"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29},"region":{"startLine":60,"startColumn":40,"endColumn":73}},"message":{"text":"username_reg : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29},"region":{"startLine":69,"startColumn":54,"endColumn":68}},"message":{"text":"checkUserQuery"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java","uriBaseId":"%SRCROOT%","index":29},"region":{"startLine":60,"startColumn":40,"endColumn":73}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2).\nThis query depends on a [user-provided value](3)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":74,"startColumn":52,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"5e5ec10e89273e98:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":56,"startColumn":33,"endColumn":81}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":57,"startColumn":28,"endColumn":34}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":74,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":47,"startColumn":30,"endColumn":93}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":51,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":74,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":52,"startColumn":7,"endColumn":82}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":20}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":34}},"message":{"text":"toUpperCase(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":54}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":53,"startColumn":14,"endColumn":76}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":57,"startColumn":58,"endColumn":64}},"message":{"text":"userId : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":62,"startColumn":39,"endColumn":57}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":74,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java","uriBaseId":"%SRCROOT%","index":19},"region":{"startLine":56,"startColumn":33,"endColumn":81}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java","uriBaseId":"%SRCROOT%","index":20},"region":{"startLine":47,"startColumn":30,"endColumn":93}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java","uriBaseId":"%SRCROOT%","index":21},"region":{"startLine":52,"startColumn":7,"endColumn":82}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":71,"startColumn":52,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"983b99783dada75a:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":58,"startColumn":33,"endColumn":67}},"message":{"text":"action_string : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":59,"startColumn":40,"endColumn":53}},"message":{"text":"action_string : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":62,"startColumn":54,"endColumn":67}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":71,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java","uriBaseId":"%SRCROOT%","index":30},"region":{"startLine":58,"startColumn":33,"endColumn":67}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":65,"startColumn":50,"endColumn":55}}}],"partialFingerprints":{"primaryLocationLineHash":"67dc1330c3a571f7:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":58,"startColumn":33,"endColumn":59}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":59,"startColumn":28,"endColumn":33}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":62,"startColumn":42,"endColumn":54}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":65,"startColumn":50,"endColumn":55}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java","uriBaseId":"%SRCROOT%","index":31},"region":{"startLine":58,"startColumn":33,"endColumn":59}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":62,"startColumn":33,"endColumn":38}}}],"partialFingerprints":{"primaryLocationLineHash":"70e3ff06f7af756a:1","primaryLocationStartColumnFingerprint":"24"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":54,"startColumn":33,"endColumn":59}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":55,"startColumn":28,"endColumn":33}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":58,"startColumn":42,"endColumn":54}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":62,"startColumn":33,"endColumn":38}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java","uriBaseId":"%SRCROOT%","index":32},"region":{"startLine":54,"startColumn":33,"endColumn":59}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":80,"startColumn":32,"endColumn":37}}}],"partialFingerprints":{"primaryLocationLineHash":"31dcbb8961cbab44:1","primaryLocationStartColumnFingerprint":"23"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":70,"startColumn":33,"endColumn":45}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":72,"startColumn":28,"endColumn":33}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":75,"startColumn":42,"endColumn":54}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":80,"startColumn":32,"endColumn":37}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java","uriBaseId":"%SRCROOT%","index":33},"region":{"startLine":70,"startColumn":33,"endColumn":45}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":63,"startColumn":33,"endColumn":38}}}],"partialFingerprints":{"primaryLocationLineHash":"d339c823409c314d:1","primaryLocationStartColumnFingerprint":"24"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":53,"startColumn":33,"endColumn":59}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":54,"startColumn":28,"endColumn":33}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":57,"startColumn":42,"endColumn":54}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":63,"startColumn":33,"endColumn":38}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java","uriBaseId":"%SRCROOT%","index":34},"region":{"startLine":53,"startColumn":33,"endColumn":59}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2).\nThis query depends on a [user-provided value](3)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":67,"startColumn":52,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"2b95e3c48ba92cd0:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":7,"endColumn":35}},"message":{"text":"account : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":56,"startColumn":28,"endColumn":70}},"message":{"text":"... + ... : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":59,"startColumn":42,"endColumn":60}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":67,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":37,"endColumn":66}},"message":{"text":"operator : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":56,"startColumn":28,"endColumn":70}},"message":{"text":"... + ... : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":59,"startColumn":42,"endColumn":60}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":67,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":68,"endColumn":98}},"message":{"text":"injection : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":56,"startColumn":28,"endColumn":70}},"message":{"text":"... + ... : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":59,"startColumn":42,"endColumn":60}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":67,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":7,"endColumn":35}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":37,"endColumn":66}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java","uriBaseId":"%SRCROOT%","index":35},"region":{"startLine":55,"startColumn":68,"endColumn":98}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":66,"startColumn":15,"endColumn":26}}}],"partialFingerprints":{"primaryLocationLineHash":"ba7f4a519474e8ae:1","primaryLocationStartColumnFingerprint":"0"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":56,"startColumn":7,"endColumn":34}},"message":{"text":"userid : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":58,"startColumn":41,"endColumn":47}},"message":{"text":"userid : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":61,"startColumn":62,"endColumn":80}},"message":{"text":"accountName : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":66,"startColumn":15,"endColumn":26}},"message":{"text":"queryString"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java","uriBaseId":"%SRCROOT%","index":36},"region":{"startLine":56,"startColumn":7,"endColumn":34}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":78,"startColumn":52,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"615295edb2bddc7:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":33,"endColumn":58}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":60,"startColumn":43,"endColumn":47}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":63,"startColumn":57,"endColumn":68}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":78,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":60,"endColumn":89}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":60,"startColumn":49,"endColumn":57}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":63,"startColumn":70,"endColumn":85}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":78,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":33,"endColumn":58}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":60,"endColumn":89}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":76,"startColumn":52,"endColumn":57}}}],"partialFingerprints":{"primaryLocationLineHash":"c3579bd895056390:1","primaryLocationStartColumnFingerprint":"43"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":33,"endColumn":58}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":61,"startColumn":37,"endColumn":41}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":64,"startColumn":51,"endColumn":62}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":76,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":60,"endColumn":89}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":61,"startColumn":43,"endColumn":51}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":64,"startColumn":64,"endColumn":79}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":76,"startColumn":52,"endColumn":57}},"message":{"text":"query"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":33,"endColumn":58}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":60,"endColumn":89}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1).\nThis query depends on a [user-provided value](2).\nThis query depends on a [user-provided value](3).\nThis query depends on a [user-provided value](4)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":158,"startColumn":31,"endColumn":39}}}],"partialFingerprints":{"primaryLocationLineHash":"86ab9021267dc726:1","primaryLocationStartColumnFingerprint":"24"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":33,"endColumn":58}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":60,"startColumn":43,"endColumn":47}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":63,"startColumn":57,"endColumn":68}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":77,"startColumn":25,"endColumn":30}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":147,"startColumn":49,"endColumn":62}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":20}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":158,"startColumn":31,"endColumn":39}},"message":{"text":"logQuery"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":60,"endColumn":89}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":60,"startColumn":49,"endColumn":57}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":63,"startColumn":70,"endColumn":85}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":77,"startColumn":25,"endColumn":30}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":147,"startColumn":49,"endColumn":62}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":20}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":158,"startColumn":31,"endColumn":39}},"message":{"text":"logQuery"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":33,"endColumn":58}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":61,"startColumn":37,"endColumn":41}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":64,"startColumn":51,"endColumn":62}},"message":{"text":"name : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":75,"startColumn":45,"endColumn":50}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":147,"startColumn":49,"endColumn":62}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":20}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":158,"startColumn":31,"endColumn":39}},"message":{"text":"logQuery"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":60,"endColumn":89}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":61,"startColumn":43,"endColumn":51}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":64,"startColumn":64,"endColumn":79}},"message":{"text":"auth_tan : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":75,"startColumn":45,"endColumn":50}},"message":{"text":"query : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":147,"startColumn":49,"endColumn":62}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":20}},"message":{"text":"action : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":148,"startColumn":14,"endColumn":39}},"message":{"text":"replace(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":158,"startColumn":31,"endColumn":39}},"message":{"text":"logQuery"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":33,"endColumn":58}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java","uriBaseId":"%SRCROOT%","index":37},"region":{"startLine":59,"startColumn":60,"endColumn":89}},"message":{"text":"user-provided value"}},{"id":3,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":33,"endColumn":58}},"message":{"text":"user-provided value"}},{"id":4,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java","uriBaseId":"%SRCROOT%","index":38},"region":{"startLine":60,"startColumn":60,"endColumn":89}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sql-injection","rule":{"id":"java/sql-injection","index":47,"toolComponent":{"index":18}},"message":{"text":"This query depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39},"region":{"startLine":75,"startColumn":57,"endColumn":178}}}],"partialFingerprints":{"primaryLocationLineHash":"7cc0e97ef836b73a:1","primaryLocationStartColumnFingerprint":"49"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39},"region":{"startLine":67,"startColumn":28,"endColumn":55}},"message":{"text":"column : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39},"region":{"startLine":75,"startColumn":57,"endColumn":178}},"message":{"text":"... + ..."}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java","uriBaseId":"%SRCROOT%","index":39},"region":{"startLine":67,"startColumn":28,"endColumn":55}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/ssrf","rule":{"id":"java/ssrf","index":49,"toolComponent":{"index":18}},"message":{"text":"Potential server-side request forgery due to a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":51,"startColumn":29,"endColumn":41}}}],"partialFingerprints":{"primaryLocationLineHash":"6be77af73d304fec:1","primaryLocationStartColumnFingerprint":"22"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":44,"startColumn":33,"endColumn":57}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":45,"startColumn":20,"endColumn":23}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":48,"startColumn":34,"endColumn":44}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":51,"startColumn":29,"endColumn":41}},"message":{"text":"new URL(...)"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":44,"startColumn":33,"endColumn":57}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":45,"startColumn":20,"endColumn":23}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":48,"startColumn":34,"endColumn":44}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":51,"startColumn":37,"endColumn":40}},"message":{"text":"url : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":51,"startColumn":29,"endColumn":41}},"message":{"text":"new URL(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java","uriBaseId":"%SRCROOT%","index":40},"region":{"startLine":44,"startColumn":33,"endColumn":57}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/spring-disabled-csrf-protection","rule":{"id":"java/spring-disabled-csrf-protection","index":56,"toolComponent":{"index":18}},"message":{"text":"CSRF vulnerability due to protection being disabled."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":41},"region":{"startLine":80,"startColumn":5,"endColumn":36}}}],"partialFingerprints":{"primaryLocationLineHash":"5a3b59dcf16b392d:1","primaryLocationStartColumnFingerprint":"0"}},{"ruleId":"java/spring-disabled-csrf-protection","rule":{"id":"java/spring-disabled-csrf-protection","index":56,"toolComponent":{"index":18}},"message":{"text":"CSRF vulnerability due to protection being disabled."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/WebSecurityConfig.java","uriBaseId":"%SRCROOT%","index":42},"region":{"startLine":60,"startColumn":5,"endColumn":36}}}],"partialFingerprints":{"primaryLocationLineHash":"25bab9a440f2318b:1","primaryLocationStartColumnFingerprint":"0"}},{"ruleId":"java/weak-cryptographic-algorithm","rule":{"id":"java/weak-cryptographic-algorithm","index":57,"toolComponent":{"index":18}},"message":{"text":"Cryptographic algorithm [MD5](1) is weak and should not be used."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":55,"startColumn":26,"endColumn":58}}}],"partialFingerprints":{"primaryLocationLineHash":"99e2d6034d1626c0:1","primaryLocationStartColumnFingerprint":"19"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":55,"startColumn":52,"endColumn":57}},"message":{"text":"MD5"}}]},{"ruleId":"java/log-injection","rule":{"id":"java/log-injection","index":75,"toolComponent":{"index":18}},"message":{"text":"This log entry depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44},"region":{"startLine":164,"startColumn":40,"endColumn":50}}}],"partialFingerprints":{"primaryLocationLineHash":"6e872ef1bcf9d5da:1","primaryLocationStartColumnFingerprint":"31"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44},"region":{"startLine":162,"startColumn":27,"endColumn":76}},"message":{"text":"getHeader(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44},"region":{"startLine":164,"startColumn":40,"endColumn":50}},"message":{"text":"langHeader"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java","uriBaseId":"%SRCROOT%","index":44},"region":{"startLine":162,"startColumn":27,"endColumn":76}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/log-injection","rule":{"id":"java/log-injection","index":75,"toolComponent":{"index":18}},"message":{"text":"This log entry depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45},"region":{"startLine":81,"startColumn":40,"endColumn":47}}}],"partialFingerprints":{"primaryLocationLineHash":"c60f6a54a39c911a:1","primaryLocationStartColumnFingerprint":"33"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45},"region":{"startLine":73,"startColumn":62,"endColumn":90}},"message":{"text":"modulus : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45},"region":{"startLine":81,"startColumn":40,"endColumn":47}},"message":{"text":"modulus"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java","uriBaseId":"%SRCROOT%","index":45},"region":{"startLine":73,"startColumn":62,"endColumn":90}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/log-injection","rule":{"id":"java/log-injection","index":75,"toolComponent":{"index":18}},"message":{"text":"This log entry depends on a [user-provided value](1).\nThis log entry depends on a [user-provided value](2)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":35,"endColumn":89}}}],"partialFingerprints":{"primaryLocationLineHash":"ef803e80edfe5b1e:1","primaryLocationStartColumnFingerprint":"30"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":66}},"message":{"text":"myFile : MultipartFile"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":88}},"message":{"text":"getOriginalFilename(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":35,"endColumn":89}},"message":{"text":"new File(...)"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":88}},"message":{"text":"getOriginalFilename(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":35,"endColumn":89}},"message":{"text":"new File(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":74,"startColumn":34,"endColumn":76}},"message":{"text":"user-provided value"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/FileServer.java","uriBaseId":"%SRCROOT%","index":12},"region":{"startLine":79,"startColumn":60,"endColumn":88}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/log-injection","rule":{"id":"java/log-injection","index":75,"toolComponent":{"index":18}},"message":{"text":"This log entry depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":46},"region":{"startLine":48,"startColumn":45,"endColumn":68}}}],"partialFingerprints":{"primaryLocationLineHash":"27ba78a11a332dd5:1","primaryLocationStartColumnFingerprint":"38"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java","uriBaseId":"%SRCROOT%","index":46},"region":{"startLine":48,"startColumn":45,"endColumn":68}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/sensitive-log","rule":{"id":"java/sensitive-log","index":76,"toolComponent":{"index":18}},"message":{"text":"This [potentially sensitive information](1) is written to a log file."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47},"region":{"startLine":50,"startColumn":9,"endColumn":86}}}],"partialFingerprints":{"primaryLocationLineHash":"fb9ac546c80284d7:1","primaryLocationStartColumnFingerprint":"0"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47},"region":{"startLine":50,"startColumn":44,"endColumn":52}},"message":{"text":"password : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47},"region":{"startLine":50,"startColumn":44,"endColumn":85}},"message":{"text":"getBytes(...) : byte[]"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47},"region":{"startLine":50,"startColumn":9,"endColumn":86}},"message":{"text":"encodeToString(...)"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java","uriBaseId":"%SRCROOT%","index":47},"region":{"startLine":50,"startColumn":44,"endColumn":52}},"message":{"text":"potentially sensitive information"}}]},{"ruleId":"java/sensitive-log","rule":{"id":"java/sensitive-log","index":76,"toolComponent":{"index":18}},"message":{"text":"This [potentially sensitive information](1) is written to a log file."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":68,"startColumn":50,"endColumn":65}}}],"partialFingerprints":{"primaryLocationLineHash":"7ccb022cc5fb1739:1","primaryLocationStartColumnFingerprint":"43"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java","uriBaseId":"%SRCROOT%","index":10},"region":{"startLine":68,"startColumn":50,"endColumn":65}},"message":{"text":"potentially sensitive information"}}]},{"ruleId":"java/tainted-arithmetic","rule":{"id":"java/tainted-arithmetic","index":86,"toolComponent":{"index":18}},"message":{"text":"This arithmetic expression depends on a [user-provided value](1), potentially causing an overflow."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":283,"startColumn":10,"endColumn":25}}}],"partialFingerprints":{"primaryLocationLineHash":"ff289147dde00d14:1","primaryLocationStartColumnFingerprint":"5"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49},"region":{"startLine":75,"startColumn":46,"endColumn":72}},"message":{"text":"email : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49},"region":{"startLine":77,"startColumn":25,"endColumn":30}},"message":{"text":"email : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49},"region":{"startLine":77,"startColumn":25,"endColumn":63}},"message":{"text":"substring(...) : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49},"region":{"startLine":91,"startColumn":207,"endColumn":215}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":50},"region":{"startLine":13,"startColumn":37,"endColumn":52}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java","uriBaseId":"%SRCROOT%","index":50},"region":{"startLine":19,"startColumn":81,"endColumn":89}},"message":{"text":"username : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":207,"startColumn":38,"endColumn":46}},"message":{"text":"s : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":209,"startColumn":16,"endColumn":17}},"message":{"text":"s : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":371,"startColumn":22,"endColumn":30}},"message":{"text":"s : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":372,"startColumn":12,"endColumn":13}},"message":{"text":"s : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":372,"startColumn":12,"endColumn":24}},"message":{"text":"getBytes(...) : byte[]"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":348,"startColumn":22,"endColumn":35}},"message":{"text":"buffer : byte[]"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":349,"startColumn":23,"endColumn":36}},"message":{"text":"buffer.length : Number"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":325,"startColumn":49,"endColumn":59}},"message":{"text":"length : Number"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":326,"startColumn":42,"endColumn":48}},"message":{"text":"length : Number"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":278,"startColumn":66,"endColumn":76}},"message":{"text":"length : Number"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java","uriBaseId":"%SRCROOT%","index":48},"region":{"startLine":283,"startColumn":10,"endColumn":16}},"message":{"text":"length"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java","uriBaseId":"%SRCROOT%","index":49},"region":{"startLine":75,"startColumn":46,"endColumn":72}},"message":{"text":"user-provided value"}}]},{"ruleId":"java/concatenated-sql-query","rule":{"id":"java/concatenated-sql-query","index":92,"toolComponent":{"index":18}},"message":{"text":"Query built by concatenation with [this expression](1), which may be untrusted."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":51},"region":{"startLine":90,"startColumn":39,"endColumn":90}}}],"partialFingerprints":{"primaryLocationLineHash":"b977808836279b6e:1","primaryLocationStartColumnFingerprint":"0"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java","uriBaseId":"%SRCROOT%","index":51},"region":{"startLine":90,"startColumn":81,"endColumn":84}},"message":{"text":"this expression"}}]},{"ruleId":"java/potentially-weak-cryptographic-algorithm","rule":{"id":"java/potentially-weak-cryptographic-algorithm","index":95,"toolComponent":{"index":18}},"message":{"text":"Cryptographic algorithm [SHA-256](1) may not be secure, consider using a different algorithm.\nCryptographic algorithm [SHA-256](2) may not be secure, consider using a different algorithm."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":100,"startColumn":24,"endColumn":60}}}],"partialFingerprints":{"primaryLocationLineHash":"2b5742fe12aaef84:1","primaryLocationStartColumnFingerprint":"19"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":72,"startColumn":32,"endColumn":41}},"message":{"text":"\"SHA-256\" : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":99,"startColumn":47,"endColumn":63}},"message":{"text":"algorithm : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":100,"startColumn":50,"endColumn":59}},"message":{"text":"algorithm"}}}]}]},{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":52},"region":{"startLine":49,"startColumn":52,"endColumn":61}},"message":{"text":"\"SHA-256\" : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":99,"startColumn":47,"endColumn":63}},"message":{"text":"algorithm : String"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":100,"startColumn":50,"endColumn":59}},"message":{"text":"algorithm"}}}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java","uriBaseId":"%SRCROOT%","index":43},"region":{"startLine":72,"startColumn":32,"endColumn":41}},"message":{"text":"SHA-256"}},{"id":2,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java","uriBaseId":"%SRCROOT%","index":52},"region":{"startLine":49,"startColumn":52,"endColumn":61}},"message":{"text":"SHA-256"}}]},{"ruleId":"java/potentially-weak-cryptographic-algorithm","rule":{"id":"java/potentially-weak-cryptographic-algorithm","index":95,"toolComponent":{"index":18}},"message":{"text":"Cryptographic algorithm [SHA-256](1) may not be secure, consider using a different algorithm."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":53},"region":{"startLine":55,"startColumn":24,"endColumn":60}}}],"partialFingerprints":{"primaryLocationLineHash":"555233fa65523009:1","primaryLocationStartColumnFingerprint":"19"},"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java","uriBaseId":"%SRCROOT%","index":53},"region":{"startLine":55,"startColumn":50,"endColumn":59}},"message":{"text":"SHA-256"}}]}],"columnKind":"utf16CodeUnits","properties":{"metricResults":[{"rule":{"id":"java/summary/lines-of-code","index":96,"toolComponent":{"index":18}},"ruleId":"java/summary/lines-of-code","value":16389,"baseline":34524},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":231,"message":{"text":"java.util.Map#put(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":125,"message":{"text":"java.lang.String#equals(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":63,"message":{"text":"java.lang.StringBuilder#append(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":60,"message":{"text":"java.util.Map#clear()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":60,"message":{"text":"java.util.Map#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":58,"message":{"text":"java.lang.String#contains(CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":49,"message":{"text":"java.lang.String#replace(CharSequence,CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":48,"message":{"text":"java.lang.Throwable#getMessage()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":39,"message":{"text":"java.lang.Object#equals(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":37,"message":{"text":"java.lang.StringBuilder#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":33,"message":{"text":"java.lang.Object#hashCode()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":33,"message":{"text":"java.util.Collection#stream()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":24,"message":{"text":"java.lang.String#getBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":24,"message":{"text":"java.lang.String#length()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":23,"message":{"text":"java.lang.String#indexOf(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":22,"message":{"text":"java.util.List#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":20,"message":{"text":"java.lang.String#substring(int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":20,"message":{"text":"java.lang.Object#getClass()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":19,"message":{"text":"java.lang.String#toLowerCase()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":17,"message":{"text":"java.util.Map#of(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":16,"message":{"text":"javax.servlet.http.Cookie#Cookie(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":16,"message":{"text":"org.springframework.http.HeadersBuilder#build()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":16,"message":{"text":"java.lang.String#concat(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"java.io.PrintStream#println(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"java.util.stream.Stream#filter(Predicate)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"javax.servlet.http.HttpServletRequest#getHeader(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"java.util.Map#of(Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"org.slf4j.Logger#debug(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":15,"message":{"text":"java.lang.String#format(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":14,"message":{"text":"java.sql.Statement#executeQuery(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":13,"message":{"text":"java.util.stream.Stream#map(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":13,"message":{"text":"java.lang.String#String(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":12,"message":{"text":"java.io.File#File(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":12,"message":{"text":"org.slf4j.Logger#debug(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":12,"message":{"text":"java.lang.String#matches(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"org.springframework.http.ResponseEntity#ok(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"java.util.Map#getOrDefault(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"java.util.List#size()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"java.lang.Object#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"java.lang.String#getBytes(Charset)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#writeValueAsString(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":11,"message":{"text":"java.sql.ResultSet#next()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"java.io.File#File(File,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"org.springframework.data.repository.CrudRepository#save(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"org.slf4j.Logger#error(String,Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"java.util.Map#isEmpty()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"java.lang.String#equalsIgnoreCase(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"java.util.stream.Stream#toList()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#readValue(String,Class)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":10,"message":{"text":"java.lang.String#substring(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":9,"message":{"text":"java.util.Encoder#encode(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":9,"message":{"text":"java.io.File#toPath()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":9,"message":{"text":"java.sql.PreparedStatement#setString(int,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.io.File#exists()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.lang.Class#getName()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.sql.Connection#prepareStatement(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"org.springframework.http.BodyBuilder#body(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.time.Instant#now()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.lang.String#split(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"org.apache.commons.lang3.StringUtils#reverse(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":8,"message":{"text":"java.util.stream.Stream#findFirst()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.net.URI#URI(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.nio.file.Path#toFile()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.util.Arrays#asList(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.lang.String#String(byte\\[\\],Charset)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.io.File#getName()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.util.Decoder#decode(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.util.Optional#orElse(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":7,"message":{"text":"java.util.List#contains(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"org.slf4j.Logger#info(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.Class#getSimpleName()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.nio.file.Paths#get(String,String\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.System#currentTimeMillis()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.String#startsWith(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.String#trim()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.util.stream.Collectors#toList()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.String#replaceAll(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.lang.String#replaceFirst(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":6,"message":{"text":"java.util.ArrayList#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.Encoder#encodeToString(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.sql.ResultSet#getString(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.List#get(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.lang.String#formatted(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.lang.Class#getClassLoader()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"org.springframework.web.multipart.MultipartFile#getOriginalFilename()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.lang.Integer#intValue()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.Set#size()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.Map#values()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.Collection#toArray(IntFunction)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.math.BigInteger#valueOf(long)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.util.HashMap#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.lang.String#toUpperCase()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"javax.servlet.http.HttpServletResponse#addCookie(Cookie)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"java.lang.String#endsWith(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":5,"message":{"text":"org.springframework.util.MultiValueMap#getFirst(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.nio.file.Path#resolve(Path)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.math.BigInteger#toByteArray()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"org.springframework.web.client.RestTemplate#postForEntity(String,Object,Class,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Entry#getValue()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Entry#getKey()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.lang.StringBuffer#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.List#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"javax.servlet.ServletRequest#getParameter(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Decoder#decode(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"javax.servlet.http.HttpServletRequest#getRequestURL()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"org.apache.commons.lang3.ArrayUtils#addAll(Object\\[\\],Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Map#entrySet()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"org.slf4j.Logger#error(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Optional#ifPresent(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.lang.String#charAt(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.stream.Stream#of(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.UUID#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.UUID#randomUUID()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.util.Set#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.lang.Iterable#forEach(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.io.File#File(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":4,"message":{"text":"java.io.InputStream#readAllBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.String#replace(char,char)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.nio.file.Path#resolve(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"org.springframework.validation.Errors#rejectValue(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.List#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.Optional#ofNullable(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.stream.Stream#sorted(Comparator)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.io.File#getCanonicalPath()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.HashMap#put(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.Date#Date(long)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.Properties#putAll(Map)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.sql.Statement#executeUpdate(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.Map#remove(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.List#of(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.util.Map#size()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"org.springframework.http.ResponseEntity#ResponseEntity(Object,HttpStatus)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.String#String(char\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.System#arraycopy(Object,int,Object,int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.IllegalStateException#IllegalStateException(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.String#getBytes(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.io.FileOutputStream#FileOutputStream(File)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"java.lang.StringBuilder#StringBuilder(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":3,"message":{"text":"org.springframework.http.BodyBuilder#contentType(MediaType)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.stream.Stream#anyMatch(Predicate)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.slf4j.Logger#warn(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.InputStreamReader#InputStreamReader(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.ObjectInputStream#readObject()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.Enum#Enum(String,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.stream.Stream#flatMap(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.stream.Stream#mapToInt(ToIntFunction)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.String#toCharArray()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.ObjectInputStream#ObjectInputStream(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"com.google.common.collect.Lists#newArrayList(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.Integer#valueOf(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.ByteArrayInputStream#ByteArrayInputStream(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.ByteArrayOutputStream#toByteArray()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Objects#requireNonNull(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.File#toURI()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Arrays#stream(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.Float#parseFloat(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.net.URI#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Map#containsKey(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copyToByteArray(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copy(InputStream,OutputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copyToByteArray(File)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copy(byte\\[\\],File)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.web.multipart.MultipartFile#getBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.util.Base64Utils#decodeFromUrlSafeString(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Set#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.slf4j.Logger#warn(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.String#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.StringBuilder#reverse()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Collections#emptyList()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.String#isEmpty()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Map#of(Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractMessageSource#getMessage(String,Object\\[\\],Locale)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractMessageSource#getMessage(String,Object\\[\\],String,Locale)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.core.NestedRuntimeException#getMessage()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Optional#isPresent()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Collection#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.validation.Errors#getFieldError(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.ArrayList#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"org.springframework.http.HeadersBuilder#location(URI)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Collection#size()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.lang.Throwable#getCause()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Optional#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.List#of(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.Optional#map(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.function.Predicate#test(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.regex.Pattern#compile(String,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.io.InputStream#read(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":2,"message":{"text":"java.util.regex.Pattern#matcher(CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Queue#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Set#of(Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Set#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Set#contains(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Arrays#copyOfRange(byte\\[\\],int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Collections#list(Enumeration)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Collections#singleton(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Enumeration#nextElement()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Optional#stream()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Optional#get()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Optional#empty()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Properties#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Properties#getProperty(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.Enum#name()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.IllegalArgumentException#IllegalArgumentException(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.Integer#parseInt(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.Integer#toHexString(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.Long#intValue()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.Math#min(int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.List#isEmpty()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.RuntimeException#RuntimeException(Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.String#valueOf(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Collection#parallelStream()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.HashMap#entrySet()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.StringBuilder#append(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.lang.StringBuilder#StringBuilder(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.HashMap#replace(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#writeValueAsBytes(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#readValue(byte\\[\\],Class)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectWriter#writeValueAsString(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.stream.Stream#reduce(Object,BiFunction,BinaryOperator)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.stream.Stream#forEach(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.stream.Stream#sorted()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.stream.Stream#distinct()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"com.google.common.collect.EvictingQueue#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.BufferedReader#readLine()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.BufferedReader#BufferedReader(Reader)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.File#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.File#getCanonicalFile()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.File#getAbsoluteFile()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.FilterOutputStream#write(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.ObjectOutputStream#writeObject(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.PrintWriter#println(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.PrintWriter#PrintWriter(File)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.StringReader#StringReader(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.io.StringWriter#getBuffer()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.net.URL#openStream()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.net.URL#URL(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#writeString(Path,CharSequence,Charset,OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#writeString(Path,CharSequence,OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#write(Path,byte\\[\\],OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#copy(InputStream,Path,CopyOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#createTempDirectory(String,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#createDirectories(Path,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.nio.file.Files#createFile(Path,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.sql.Connection#prepareStatement(String,int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.sql.PreparedStatement#setInt(int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.xml.sax.InputSource#InputSource(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.sql.Statement#execute(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Map#putAll(Map)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.text.DateFormat#format(Date)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.text.SimpleDateFormat#SimpleDateFormat(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.regex.Pattern#asMatchPredicate()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.regex.Pattern#compile(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.regex.Matcher#matches()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.regex.Matcher#group(int)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.servlet.ServletRequest#getParameterNames()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.servlet.http.Cookie#getValue()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.servlet.http.Cookie#getName()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Map#keySet()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.servlet.http.HttpServletRequest#getQueryString()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.servlet.http.HttpServletResponse#sendError(int,String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"javax.xml.xpath.XPath#evaluate(String,InputSource,QName)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.apache.commons.io.FileUtils#byteCountToDisplaySize(long)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.apache.commons.io.FilenameUtils#isExtension(String,Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.apache.commons.logging.Log#error(Object,Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.http.HttpEntity#HttpEntity(MultiValueMap)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.http.HeadersBuilder#header(String,String\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.util.StringUtils#arrayToCommaDelimitedString(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.slf4j.Logger#error(String,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.slf4j.Logger#error(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.slf4j.Logger#info(String,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.slf4j.Logger#info(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Map#forEach(BiConsumer)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Map#of()"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.slf4j.Logger#trace(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.jdbc.core.JdbcTemplate#execute(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.jdbc.datasource.AbstractDriverBasedDataSource#setUrl(String)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.ui.Model#addAttribute(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.ui.ModelMap#addAttribute(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"org.springframework.web.client.RestTemplate#exchange(String,HttpMethod,HttpEntity,Class,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.ArrayList#ArrayList(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api","index":97,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api","value":1,"message":{"text":"java.util.Queue#remove()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":231,"message":{"text":"java.util.Map#put(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":125,"message":{"text":"java.lang.String#equals(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":63,"message":{"text":"java.lang.StringBuilder#append(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":60,"message":{"text":"java.util.Map#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":49,"message":{"text":"java.lang.String#replace(CharSequence,CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":48,"message":{"text":"java.lang.Throwable#getMessage()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":39,"message":{"text":"java.lang.Object#equals(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":37,"message":{"text":"java.lang.StringBuilder#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":33,"message":{"text":"java.util.Collection#stream()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":24,"message":{"text":"java.lang.String#getBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":22,"message":{"text":"java.util.List#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":20,"message":{"text":"java.lang.String#substring(int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":19,"message":{"text":"java.lang.String#toLowerCase()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":17,"message":{"text":"java.util.Map#of(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":16,"message":{"text":"org.springframework.http.HeadersBuilder#build()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":16,"message":{"text":"javax.servlet.http.Cookie#Cookie(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":16,"message":{"text":"java.lang.String#concat(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":15,"message":{"text":"java.util.Map#of(Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":15,"message":{"text":"java.util.stream.Stream#filter(Predicate)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":15,"message":{"text":"java.lang.String#format(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":13,"message":{"text":"java.util.stream.Stream#map(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":13,"message":{"text":"java.lang.String#String(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":12,"message":{"text":"java.io.File#File(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":11,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#writeValueAsString(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":11,"message":{"text":"java.util.Map#getOrDefault(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":11,"message":{"text":"java.lang.String#getBytes(Charset)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":11,"message":{"text":"org.springframework.http.ResponseEntity#ok(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":10,"message":{"text":"java.lang.String#substring(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":10,"message":{"text":"java.io.File#File(File,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":10,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#readValue(String,Class)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":10,"message":{"text":"java.util.stream.Stream#toList()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":10,"message":{"text":"org.springframework.data.repository.CrudRepository#save(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":9,"message":{"text":"java.sql.PreparedStatement#setString(int,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":9,"message":{"text":"java.util.Encoder#encode(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":9,"message":{"text":"java.io.File#toPath()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":8,"message":{"text":"org.apache.commons.lang3.StringUtils#reverse(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":8,"message":{"text":"java.util.stream.Stream#findFirst()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":8,"message":{"text":"org.springframework.http.BodyBuilder#body(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":8,"message":{"text":"java.lang.String#split(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.nio.file.Path#toFile()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.util.Arrays#asList(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.net.URI#URI(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.util.Optional#orElse(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.io.File#getName()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.lang.String#String(byte\\[\\],Charset)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":7,"message":{"text":"java.util.Decoder#decode(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":6,"message":{"text":"java.lang.String#replaceAll(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":6,"message":{"text":"java.lang.String#trim()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":6,"message":{"text":"java.util.ArrayList#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":6,"message":{"text":"java.lang.String#replaceFirst(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":6,"message":{"text":"java.nio.file.Paths#get(String,String\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.lang.String#formatted(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.util.Collection#toArray(IntFunction)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.lang.String#toUpperCase()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"org.springframework.web.multipart.MultipartFile#getOriginalFilename()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.util.List#get(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.math.BigInteger#valueOf(long)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.util.HashMap#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"org.springframework.util.MultiValueMap#getFirst(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.util.Map#values()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.util.Encoder#encodeToString(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.lang.Integer#intValue()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":5,"message":{"text":"java.sql.ResultSet#getString(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.lang.Iterable#forEach(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"org.apache.commons.lang3.ArrayUtils#addAll(Object\\[\\],Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Map#entrySet()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Optional#ifPresent(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.io.InputStream#readAllBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.lang.StringBuffer#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.nio.file.Path#resolve(Path)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Entry#getValue()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.lang.String#charAt(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Set#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Decoder#decode(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.List#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.math.BigInteger#toByteArray()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.io.File#File(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.Entry#getKey()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":4,"message":{"text":"java.util.stream.Stream#of(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"org.springframework.validation.Errors#rejectValue(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.HashMap#put(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.nio.file.Path#resolve(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"org.springframework.http.BodyBuilder#contentType(MediaType)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"org.springframework.http.ResponseEntity#ResponseEntity(Object,HttpStatus)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.Optional#ofNullable(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.Properties#putAll(Map)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.IllegalStateException#IllegalStateException(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.List#of(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.String#replace(char,char)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.String#getBytes(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.List#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.StringBuilder#StringBuilder(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.String#String(char\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.lang.System#arraycopy(Object,int,Object,int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.Map#remove(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.util.stream.Stream#sorted(Comparator)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":3,"message":{"text":"java.io.File#getCanonicalPath()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copy(InputStream,OutputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Optional#map(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.ByteArrayOutputStream#toByteArray()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.ObjectInputStream#ObjectInputStream(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.web.multipart.MultipartFile#getBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.ObjectInputStream#readObject()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.File#toURI()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.Throwable#getCause()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.validation.Errors#getFieldError(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.ArrayList#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Collection#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.core.NestedRuntimeException#getMessage()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.context.support.AbstractMessageSource#getMessage(String,Object\\[\\],String,Locale)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.InputStreamReader#InputStreamReader(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.context.support.AbstractMessageSource#getMessage(String,Object\\[\\],Locale)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Objects#requireNonNull(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.stream.Stream#anyMatch(Predicate)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copy(byte\\[\\],File)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copyToByteArray(File)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Optional#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.InputStream#read(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.util.FileCopyUtils#copyToByteArray(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Set#of(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.stream.Stream#flatMap(Function)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.stream.Stream#mapToInt(ToIntFunction)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.util.Base64Utils#decodeFromUrlSafeString(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"org.springframework.http.HeadersBuilder#location(URI)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.regex.Pattern#matcher(CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"com.google.common.collect.Lists#newArrayList(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.net.URI#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Arrays#stream(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.String#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.String#toCharArray()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.Integer#valueOf(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.io.ByteArrayInputStream#ByteArrayInputStream(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.Map#of(Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.StringBuilder#reverse()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.lang.Float#parseFloat(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":2,"message":{"text":"java.util.List#of(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Map#of()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Map#forEach(BiConsumer)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Map#keySet()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Map#putAll(Map)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.HashMap#replace(Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.HashMap#entrySet()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Collection#parallelStream()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.List#of(Object,Object,Object,Object,Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.ArrayList#ArrayList(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Queue#remove()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Queue#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Set#of(Object,Object,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Set#addAll(Collection)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Arrays#copyOfRange(byte\\[\\],int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Collections#list(Enumeration)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Collections#singleton(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Enumeration#nextElement()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Optional#stream()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Optional#get()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Properties#get(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.Properties#getProperty(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.IllegalArgumentException#IllegalArgumentException(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.Integer#parseInt(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.Integer#toHexString(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.Long#intValue()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.RuntimeException#RuntimeException(Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.StringBuilder#append(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.lang.StringBuilder#StringBuilder(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#writeValueAsBytes(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#readValue(byte\\[\\],Class)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectWriter#writeValueAsString(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.stream.Stream#reduce(Object,BiFunction,BinaryOperator)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.stream.Stream#forEach(Consumer)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.stream.Stream#sorted()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.stream.Stream#distinct()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"com.google.common.collect.EvictingQueue#add(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.BufferedReader#readLine()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.BufferedReader#BufferedReader(Reader)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.File#toString()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.File#getCanonicalFile()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.File#getAbsoluteFile()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.FilterOutputStream#write(byte\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.ObjectOutputStream#writeObject(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.StringReader#StringReader(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.io.StringWriter#getBuffer()"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.net.URL#URL(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"java.util.regex.Matcher#group(int)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.springframework.http.HttpEntity#HttpEntity(MultiValueMap)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.springframework.http.HeadersBuilder#header(String,String\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.springframework.util.StringUtils#arrayToCommaDelimitedString(Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.springframework.ui.Model#addAttribute(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.springframework.ui.ModelMap#addAttribute(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-taint","index":98,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-taint","value":1,"message":{"text":"org.xml.sax.InputSource#InputSource(InputStream)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":15,"message":{"text":"org.slf4j.Logger#debug(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":15,"message":{"text":"java.io.PrintStream#println(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":14,"message":{"text":"java.sql.Statement#executeQuery(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":12,"message":{"text":"org.slf4j.Logger#debug(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":12,"message":{"text":"java.lang.String#matches(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":10,"message":{"text":"org.slf4j.Logger#error(String,Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":8,"message":{"text":"java.lang.String#split(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":8,"message":{"text":"java.sql.Connection#prepareStatement(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":6,"message":{"text":"java.lang.String#replaceFirst(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":6,"message":{"text":"java.lang.String#replaceAll(String,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":6,"message":{"text":"org.slf4j.Logger#info(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":5,"message":{"text":"javax.servlet.http.HttpServletResponse#addCookie(Cookie)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":4,"message":{"text":"org.springframework.web.client.RestTemplate#postForEntity(String,Object,Class,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":4,"message":{"text":"org.slf4j.Logger#error(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":3,"message":{"text":"java.io.FileOutputStream#FileOutputStream(File)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":3,"message":{"text":"java.sql.Statement#executeUpdate(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":2,"message":{"text":"java.util.regex.Pattern#compile(String,int)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":2,"message":{"text":"java.util.regex.Pattern#matcher(CharSequence)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":2,"message":{"text":"java.util.function.Predicate#test(Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":2,"message":{"text":"org.slf4j.Logger#warn(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":2,"message":{"text":"org.slf4j.Logger#warn(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.util.regex.Pattern#asMatchPredicate()"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.util.regex.Pattern#compile(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.util.regex.Matcher#matches()"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"javax.servlet.http.HttpServletResponse#sendError(int,String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#writeString(Path,CharSequence,Charset,OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"javax.xml.xpath.XPath#evaluate(String,InputSource,QName)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#createTempDirectory(String,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.net.URL#openStream()"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.slf4j.Logger#error(String,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.slf4j.Logger#error(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.slf4j.Logger#info(String,Object,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.io.PrintWriter#PrintWriter(File)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.slf4j.Logger#info(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.io.PrintWriter#println(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.slf4j.Logger#trace(String,Object)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.springframework.jdbc.core.JdbcTemplate#execute(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.springframework.jdbc.datasource.AbstractDriverBasedDataSource#setUrl(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.springframework.web.client.RestTemplate#exchange(String,HttpMethod,HttpEntity,Class,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#copy(InputStream,Path,CopyOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"org.apache.commons.logging.Log#error(Object,Throwable)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#createDirectories(Path,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#createFile(Path,FileAttribute\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.sql.Connection#prepareStatement(String,int,int)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#write(Path,byte\\[\\],OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.sql.Statement#execute(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sinks","index":99,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sinks","value":1,"message":{"text":"java.nio.file.Files#writeString(Path,CharSequence,OpenOption\\[\\])"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":4104,"message":{"text":"rt.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":792,"message":{"text":"rest-assured-4.5.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":162,"message":{"text":"jjwt-0.9.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":110,"message":{"text":"spring-web-5.3.21.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":100,"message":{"text":"jakarta.servlet-api-4.0.4.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":97,"message":{"text":"slf4j-api-1.7.36.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":77,"message":{"text":"spring-webmvc-5.3.21.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":74,"message":{"text":"spring-core-5.3.21.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":51,"message":{"text":"spring-security-config-5.7.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":47,"message":{"text":"jackson-databind-2.13.3.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":42,"message":{"text":"spring-security-core-5.7.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":40,"message":{"text":"spring-context-5.3.21.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":31,"message":{"text":"commons-lang3-3.12.0.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":25,"message":{"text":"asciidoctorj-api-2.5.3.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":20,"message":{"text":"thymeleaf-3.0.15.RELEASE.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":17,"message":{"text":"json-path-4.5.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":17,"message":{"text":"zxcvbn-1.5.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":16,"message":{"text":"jose4j-0.9.3.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":16,"message":{"text":"xstream-1.4.5.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":16,"message":{"text":"flyway-core-8.5.13.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":13,"message":{"text":"spring-boot-2.7.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":13,"message":{"text":"spring-jdbc-5.3.21.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":12,"message":{"text":"spring-boot-actuator-2.7.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":11,"message":{"text":"spring-data-commons-2.7.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":9,"message":{"text":"guava-30.1-jre.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":9,"message":{"text":"jaxb-api-2.3.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":8,"message":{"text":"lombok-1.18.24.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":8,"message":{"text":"jsoup-1.15.4.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":6,"message":{"text":"spring-boot-autoconfigure-2.7.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":6,"message":{"text":"spring-data-jpa-2.7.1.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":6,"message":{"text":"jcommander-1.81.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":4,"message":{"text":"commons-exec-1.3.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":4,"message":{"text":"spring-security-crypto-5.7.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":4,"message":{"text":"thymeleaf-spring5-3.0.15.RELEASE.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":3,"message":{"text":"log4j-api-2.17.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":2,"message":{"text":"commons-text-1.9.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":2,"message":{"text":"commons-io-2.6.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":2,"message":{"text":"spring-security-web-5.7.2.jar"}},{"rule":{"id":"java/telemetry/external-libs","index":100,"toolComponent":{"index":18}},"ruleId":"java/telemetry/external-libs","value":1,"message":{"text":"spring-jcl-5.3.21.jar"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":83,"message":{"text":"io.restassured.RestAssured#given()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":82,"message":{"text":"io.restassured.specification.RequestSpecification#relaxedHTTPSValidation()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":82,"message":{"text":"io.restassured.specification.RequestSpecification#when()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":81,"message":{"text":"io.restassured.response.Validatable#then()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":79,"message":{"text":"io.restassured.specification.RequestSpecification#cookie(String,Object,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":66,"message":{"text":"io.restassured.response.ValidatableResponseOptions#extract()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":59,"message":{"text":"io.restassured.response.ValidatableResponseOptions#statusCode(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":48,"message":{"text":"io.restassured.specification.RequestSenderOptions#get(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":40,"message":{"text":"org.slf4j.LoggerFactory#getLogger(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":32,"message":{"text":"io.restassured.specification.RequestSenderOptions#post(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":25,"message":{"text":"java.time.LocalDateTime#now()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":23,"message":{"text":"io.restassured.response.ResponseBodyExtractionOptions#path(String,String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":22,"message":{"text":"io.restassured.response.ResponseBodyData#asString()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":19,"message":{"text":"io.jsonwebtoken.JwtBuilder#compact()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":19,"message":{"text":"io.jsonwebtoken.Jwts#builder()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":18,"message":{"text":"io.restassured.specification.RequestSpecification#contentType(ContentType)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":18,"message":{"text":"io.restassured.specification.RequestSpecification#header(String,Object,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":17,"message":{"text":"javax.servlet.http.HttpServletRequest#getSession()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":16,"message":{"text":"io.restassured.specification.RequestSpecification#formParam(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":15,"message":{"text":"io.jsonwebtoken.JwtBuilder#signWith(SignatureAlgorithm,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":14,"message":{"text":"java.sql.Connection#createStatement(int,int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":14,"message":{"text":"java.time.LocalDateTime#format(DateTimeFormatter)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":14,"message":{"text":"io.restassured.response.ResponseBodyExtractionOptions#jsonPath()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":14,"message":{"text":"org.springframework.web.servlet.ModelAndView#addObject(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":13,"message":{"text":"org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry#addResourceHandler(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":13,"message":{"text":"org.springframework.web.servlet.config.annotation.ResourceHandlerRegistration#addResourceLocations(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":12,"message":{"text":"org.springframework.http.ResponseEntity#status(HttpStatus)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":12,"message":{"text":"org.springframework.util.StringUtils#hasText(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":12,"message":{"text":"io.jsonwebtoken.JwtBuilder#setClaims(Claims)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":12,"message":{"text":"java.lang.reflect.Method#getAnnotation(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":12,"message":{"text":"io.restassured.response.ExtractableResponse#response()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":11,"message":{"text":"java.sql.ResultSet#first()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":11,"message":{"text":"java.sql.ResultSet#getString(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":11,"message":{"text":"io.restassured.response.ResponseOptions#getBody()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":11,"message":{"text":"org.springframework.web.servlet.ModelAndView#setViewName(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":11,"message":{"text":"java.util.stream.Stream#collect(Collector)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":10,"message":{"text":"io.jsonwebtoken.Jwts#parser()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":10,"message":{"text":"java.util.Random#nextInt(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":10,"message":{"text":"java.util.Base64#getEncoder()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":10,"message":{"text":"javax.servlet.http.HttpSession#getAttribute(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":10,"message":{"text":"org.springframework.core.io.ResourceLoader#getResource(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":9,"message":{"text":"org.apache.commons.lang3.StringUtils#isEmpty(CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":9,"message":{"text":"io.jsonwebtoken.JwtBuilder#claim(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":9,"message":{"text":"io.restassured.path.json.JsonPath#getString(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"java.util.Date#from(Instant)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"io.jsonwebtoken.JwtParser#setSigningKey(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"javax.servlet.http.HttpSession#setAttribute(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"java.lang.System#getProperty(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"io.restassured.specification.RequestSpecification#formParams(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"org.springframework.boot.actuate.trace.http.Request#getUri()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"io.jsonwebtoken.JwtParser#parse(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":8,"message":{"text":"lombok.Lombok#sneakyThrow(Throwable)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"org.springframework.security.core.context.SecurityContext#getAuthentication()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"io.jsonwebtoken.Jwts#claims()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"org.springframework.core.env.PropertyResolver#getProperty(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"org.springframework.security.config.annotation.web.configurers.ExpressionInterceptUrlRegistry#and()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"org.springframework.security.core.Authentication#getPrincipal()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"java.lang.Throwable#printStackTrace()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"java.util.Base64#getDecoder()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"java.lang.String#lastIndexOf(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"io.jsonwebtoken.Jwt#getBody()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":7,"message":{"text":"org.springframework.security.core.context.SecurityContextHolder#getContext()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"java.sql.PreparedStatement#executeQuery()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"com.beust.jcommander.internal.Lists#newArrayList(Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"javax.xml.bind.DatatypeConverter#printHexBinary(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"io.restassured.specification.RequestSpecification#multiPart(String,String,byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"org.asciidoctor.extension.JavaExtensionRegistry#inlineMacro(String,Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"org.springframework.web.servlet.config.annotation.ViewControllerRegistration#setViewName(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"org.springframework.web.servlet.config.annotation.ViewControllerRegistry#addViewController(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"java.util.HashMap#containsKey(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#enable(DeserializationFeature)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"io.jsonwebtoken.JwtBuilder#setIssuedAt(Date)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"org.springframework.http.ResponseEntity#ok()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"java.util.List#of()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":6,"message":{"text":"org.springframework.data.jpa.repository.JpaRepository#saveAndFlush(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"org.asciidoctor.extension.InlineMacroProcessor#InlineMacroProcessor(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"java.io.File#getParentFile()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"org.springframework.web.servlet.ModelAndView#ModelAndView(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"com.nulabinc.zxcvbn.Strength#getScore()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"java.net.URI#getPath()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"io.restassured.response.ExtractableResponse#cookie(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"java.time.format.DateTimeFormatter#ofPattern(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"java.sql.ResultSet#getMetaData()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"org.springframework.validation.Errors#hasErrors()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"org.asciidoctor.extension.InlineMacroProcessor#InlineMacroProcessor(String,Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"io.jsonwebtoken.JwtBuilder#setHeaderParam(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":5,"message":{"text":"java.time.Duration#ofDays(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.security.interfaces.RSAKey#getModulus()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"io.jsonwebtoken.impl.TextCodec#encode(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.util.function.Supplier#get()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.util.Base64#getUrlDecoder()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"io.restassured.response.ValidatableResponseOptions#cookie(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"io.restassured.path.json.JsonPath#get(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.util.Base64#getUrlEncoder()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.asciidoctor.extension.BaseProcessor#createPhraseNode(ContentNode,String,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"io.restassured.specification.RequestSpecification#body(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.io.File#mkdirs()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.http.HttpStatus#value()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.io.FileInputStream#FileInputStream(File)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.util.StringUtils#isEmpty(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.util.Calendar#getTime()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.google.common.collect.Lists#newArrayList()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.nulabinc.zxcvbn.Strength#getFeedback()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.core.io.ClassPathResource#ClassPathResource(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.core.io.InputStreamSource#getInputStream()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.nio.charset.Charset#defaultCharset()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.http.converter.json.MappingJacksonValue#setSerializationView(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.nio.file.Files#readAllBytes(Path)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.jdbc.core.namedparam.MapSqlParameterSource#addValue(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.util.Calendar#getInstance()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.thoughtworks.xstream.XStream#ignoreUnknownElements()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.security.KeyPair#getPublic()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.thoughtworks.xstream.XStream#setClassLoader(ClassLoader)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.thoughtworks.xstream.XStream#alias(String,Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"com.thoughtworks.xstream.XStream#fromXML(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.sql.ResultSet#getRow()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.sql.ResultSet#last()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"java.sql.ResultSet#beforeFirst()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.springframework.web.servlet.ModelAndView#getViewName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.thymeleaf.templateresolver.AbstractTemplateResolver#setOrder(Integer)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":4,"message":{"text":"org.thymeleaf.templateresource.StringTemplateResource#StringTemplateResource(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.JwtBuilder#setSubject(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"com.fasterxml.jackson.databind.JsonNode#toString()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.apache.commons.lang3.RandomStringUtils#randomAlphabetic(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AuthorizedUrl#authenticated()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.validation.BeanPropertyBindingResult#BeanPropertyBindingResult(Object,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#readTree(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.sql.Connection#createStatement()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.sql.PreparedStatement#execute()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.restassured.path.json.JsonPath#getList(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.core.io.ClassPathResource#getInputStream()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.sql.ResultSetMetaData#getColumnCount()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.sql.ResultSet#getStatement()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.time.Instant#plus(TemporalAmount)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.security.MessageDigest#getInstance(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.web.context.request.RequestContextHolder#currentRequestAttributes()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.web.context.request.ServletRequestAttributes#getRequest()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.JwtBuilder#setExpiration(Date)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer#loginPage(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.JwtBuilder#setAudience(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.util.function.Function#apply(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.JwtBuilder#setClaims(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.Claims#setIssuedAt(Date)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.util.Locale#getLanguage()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.lang.Class#getPackageName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.core.env.EnvironmentCapable#getEnvironment()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver#setCharacterEncoding(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.boot.autoconfigure.jdbc.DataSourceProperties#getDriverClassName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.nio.charset.Charset#forName(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.boot.context.event.ApplicationReadyEvent#getApplicationContext()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.http.MediaType#parseMediaType(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#formLogin()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#web(WebApplicationType)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.context.support.PropertiesHolder#getProperties()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.time.Instant#plusSeconds(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.jsonwebtoken.JwtBuilder#setIssuer(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.core.userdetails.UserDetails#getUsername()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.net.URI#getQuery()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.flywaydb.core.Flyway#migrate()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.apache.logging.log4j.util.Strings#isEmpty(CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.restassured.specification.RequestSpecification#formParams(String,Object,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.util.stream.Collectors#toMap(Function,Function)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.apache.commons.lang3.exception.ExceptionUtils#getStackTrace(Throwable)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"com.fasterxml.jackson.databind.node.ObjectNode#put(String,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.boot.actuate.trace.http.HttpTrace#getRequest()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.util.concurrent.TimeUnit#toDays(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"org.springframework.security.core.token.Sha512DigestUtils#shaHex(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"java.lang.Throwable#toString()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":3,"message":{"text":"io.restassured.specification.RequestSpecification#queryParams(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.UsernameNotFoundException#UsernameNotFoundException(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.apache.commons.text.StringEscapeUtils#escapeJson(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.apache.commons.lang3.StringUtils#contains(CharSequence,CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.restassured.specification.RequestSenderOptions#put(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.crypto.password.NoOpPasswordEncoder#getInstance()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.apache.commons.exec.OS#isFamilyMac()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.apache.commons.exec.OS#isFamilyUnix()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.sql.ResultSetMetaData#getColumnName(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.time.format.DateTimeFormatter#format(TemporalAccessor)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.xml.stream.XMLInputFactory#setProperty(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.jsonwebtoken.JwtParser#parseClaimsJws(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.util.Properties#stringPropertyNames()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.util.Comparator#reversed()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.http.HttpServletResponse#setStatus(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.http.HttpServletRequest#getMethod()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.util.stream.IntStream#range(int,int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.http.ResponseEntity#badRequest()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.http.ResponseEntity#accepted()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.jsoup.select.Elements#first()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.lang.String#isBlank()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.jsoup.nodes.Element#select(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.jsoup.nodes.Element#text()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.http.HttpServletRequest#getUserPrincipal()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.util.CollectionUtils#isEmpty(Collection)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.lang.String#lastIndexOf(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.io.File#listFiles()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.jsonwebtoken.impl.TextCodec#decode(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.jose4j.keys.HmacKey#HmacKey(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.http.Cookie#setPath(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.ConfigurableApplicationContext#getEnvironment()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.restassured.specification.RequestSpecification#param(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.http.Cookie#setSecure(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.api.configuration.FluentConfiguration#configuration(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#bannerMode(Mode)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"com.fasterxml.jackson.databind.JsonNode#size()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"com.nulabinc.zxcvbn.Feedback#getSuggestions()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"com.nulabinc.zxcvbn.Feedback#getWarning()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractResourceBasedMessageSource#setFallbackToSystemLocale(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractResourceBasedMessageSource#setDefaultEncoding(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractResourceBasedMessageSource#setBasenames(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.AbstractResourceBasedMessageSource#setBasename(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.DefaultMessageSourceResolvable#getCode()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"javax.servlet.ServletResponse#setContentType(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.context.support.ReloadableResourceBundleMessageSource#getMergedProperties(Locale)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.api.configuration.FluentConfiguration#load()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.core.io.Resource#isReadable()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.api.configuration.FluentConfiguration#locations(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.core.io.support.ResourcePatternResolver#getResources(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.jsonwebtoken.JwtParser#setSigningKeyResolver(SigningKeyResolver)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.util.Comparator#comparing(Function)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.nio.file.Files#delete(Path)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#reader()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.thymeleaf.templateresolver.AbstractTemplateResolver#setResolvablePatterns(Set)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.lang.reflect.Method#getGenericReturnType()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver#setCacheable(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.time.Instant#minus(TemporalAmount)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder#userDetailsService(UserDetailsService)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#antMatchers(HttpMethod,String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#anyRequest()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#logout()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#csrf()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"com.fasterxml.jackson.databind.ObjectReader#readTree(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer#disable()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.security.MessageDigest#digest()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer#permitAll()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer#defaultSuccessUrl(String,boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.security.MessageDigest#update(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AuthorizedUrl#permitAll()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.api.configuration.FluentConfiguration#schemas(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.security.Principal#getName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.security.Signature#update(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"io.jsonwebtoken.Claims#setExpiration(Date)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.api.configuration.FluentConfiguration#dataSource(DataSource)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#authenticationManager()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"java.security.Signature#getInstance(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.flywaydb.core.Flyway#configure()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.User#isCredentialsNonExpired()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.User#isAccountNonLocked()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.User#isAccountNonExpired()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.User#isEnabled()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":2,"message":{"text":"org.springframework.security.core.userdetails.User#User(String,String,Collection)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver#setTemplateMode(TemplateMode)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver#setSuffix(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.templateresolver.AbstractConfigurableTemplateResolver#setPrefix(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.w3c.dom.NodeList#getLength()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.w3c.dom.NodeList#item(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.w3c.dom.Node#getTextContent()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.w3c.dom.Node#getNodeName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.time.LocalDateTime#isBefore(ChronoLocalDateTime)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.HashMap#size()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Collection#contains(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.List#sort(Comparator)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.List#remove(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.ArrayList#sort(Comparator)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.ArrayList#clear()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Set#clear()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Set#containsAll(Collection)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Comparator#comparingLong(ToLongFunction)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Arrays#equals(byte\\[\\],byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Collections#reverse(List)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Enumeration#hasMoreElements()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Locale#getDefault()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Properties#containsKey(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Properties#load(InputStream)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Random#nextLong()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Random#nextInt()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.Random#setSeed(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Boolean#valueOf(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Class#getAnnotationsByType(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Class#isAnnotationPresent(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Class#getResourceAsStream(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Class#getMethods()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.IllegalStateException#IllegalStateException(Throwable)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Integer#sum(int,int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Math#round(double)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Math#ceil(double)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Process#getInputStream()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Runtime#exec(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.Runtime#getRuntime()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.String#valueOf(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.String#indexOf(String,int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.System#exit(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#writerWithDefaultPrettyPrinter()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.fasterxml.jackson.databind.ObjectMapper#addMixIn(Class,Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.reflect.InvocationTargetException#getTargetException()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.reflect.Method#invoke(Object,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.reflect.Method#getReturnType()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.reflect.ParameterizedType#getActualTypeArguments()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.lang.reflect.Proxy#newProxyInstance(ClassLoader,Class\\[\\],InvocationHandler)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.function.DoublePredicate#test(double)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.concurrent.Future#get()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.concurrent.ExecutorService#invokeAll(Collection)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.concurrent.Executors#newWorkStealingPool(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.concurrent.ThreadLocalRandom#nextDouble()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.concurrent.ThreadLocalRandom#current()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.Collectors#groupingBy(Function)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.Collectors#counting()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.IntStream#sum()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.IntStream#reduce(int,IntBinaryOperator)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.IntStream#forEach(IntConsumer)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.IntStream#mapToObj(IntFunction)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.stream.Stream#count()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.google.common.collect.EvictingQueue#create(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.google.common.collect.Maps#newHashMap()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.nulabinc.zxcvbn.CrackTimeSeconds#getOnlineNoThrottling10perSecond()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.nulabinc.zxcvbn.Strength#getCrackTimeSeconds()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.nulabinc.zxcvbn.Strength#getGuesses()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"com.nulabinc.zxcvbn.Zxcvbn#measure(CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.ClaimJwtException#getClaims()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.Claims#setAudience(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.Claims#setSubject(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.Claims#setIssuer(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.Jwt#getHeader()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.JwtBuilder#addClaims(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.jsonwebtoken.JwtBuilder#setHeader(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ExtractableResponse#header(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ResponseOptions#getStatusCode()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ResponseOptions#andReturn()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ResponseBodyData#asByteArray()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ValidatableResponseOptions#body(String,Matcher,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.response.ValidatableResponseOptions#body(Matcher,Matcher\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.path.json.JsonPath#getObject(String,Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.specification.RequestSenderOptions#delete(String,Object\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.specification.RequestSpecification#urlEncodingEnabled(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"io.restassured.specification.RequestSpecification#params(Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.DataOutputStream#writeLong(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.DataOutputStream#DataOutputStream(OutputStream)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#mkdir()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#listFiles(FileFilter)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#delete()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#createNewFile()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#length()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.File#isFile()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.FileInputStream#FileInputStream(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.FilterOutputStream#close()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.ObjectInputStream#close()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.ObjectInputStream#defaultReadObject()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.ObjectOutputStream#close()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.ObjectOutputStream#ObjectOutputStream(OutputStream)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.io.PrintStream#println()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.net.InetAddress#getLocalHost()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.net.InetAddress#getHostAddress()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.net.URI#getHost()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.net.URI#getScheme()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.net.URL#toString()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.nio.charset.Charset#displayName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.Key#getEncoded()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyFactory#generatePrivate(KeySpec)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyFactory#getInstance(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyPair#getPrivate()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyPairGenerator#generateKeyPair()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyPairGenerator#initialize(AlgorithmParameterSpec)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.KeyPairGenerator#getInstance(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.MessageDigest#digest(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.Signature#verify(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.Signature#sign()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.Signature#initSign(PrivateKey)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.Signature#initVerify(PublicKey)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.interfaces.RSAPublicKey#getPublicExponent()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.spec.PKCS8EncodedKeySpec#PKCS8EncodedKeySpec(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.security.spec.RSAKeyGenParameterSpec#RSAKeyGenParameterSpec(int,BigInteger)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.sql.Connection#commit()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.sql.ResultSet#getBoolean(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.sql.Wrapper#isWrapperFor(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.sql.Wrapper#unwrap(Class)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.text.DecimalFormatSymbols#getInstance(Locale)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.text.DecimalFormat#setMaximumFractionDigits(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.text.DecimalFormat#DecimalFormat(String,DecimalFormatSymbols)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.text.NumberFormat#format(double)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.time.Instant#toEpochMilli()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.time.LocalDateTime#isAfter(ChronoLocalDateTime)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.time.LocalDateTime#minusMinutes(long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.regex.Matcher#find()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipEntry#getName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipEntry#ZipEntry(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipFile#entries()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipFile#getInputStream(ZipEntry)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipFile#ZipFile(File)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipOutputStream#putNextEntry(ZipEntry)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"java.util.zip.ZipOutputStream#ZipOutputStream(OutputStream)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.servlet.ServletRequest#getContentType()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.servlet.http.Cookie#setMaxAge(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.servlet.http.HttpServletRequest#login(String,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.servlet.http.HttpServletRequest#getCookies()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.CommonDataSource#getParentLogger()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#getLoginTimeout()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#setLoginTimeout(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#setLogWriter(PrintWriter)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#getLogWriter()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#getConnection(String,String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.sql.DataSource#getConnection()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.Diagnostic#getMessage(Locale)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.DiagnosticCollector#getDiagnostics()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.CompilationTask#call()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.SimpleJavaFileObject#SimpleJavaFileObject(URI,Kind)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.JavaCompiler#getStandardFileManager(DiagnosticListener,Locale,Charset)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.JavaCompiler#getTask(Writer,JavaFileManager,DiagnosticListener,Iterable,Iterable,Iterable)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.tools.ToolProvider#getSystemJavaCompiler()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.bind.JAXBContext#createUnmarshaller()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.bind.JAXBContext#newInstance(Class\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.bind.Unmarshaller#unmarshal(XMLStreamReader)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.stream.XMLInputFactory#createXMLStreamReader(Reader)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.stream.XMLInputFactory#newInstance()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.xpath.XPathFactory#newXPath()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"javax.xml.xpath.XPathFactory#newInstance()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.apache.commons.lang3.RandomUtils#nextInt(int,int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.apache.commons.lang3.StringUtils#isNotEmpty(CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.asciidoctor.Factory#create()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.asciidoctor.Asciidoctor#javaExtensionRegistry()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.asciidoctor.Asciidoctor#convert(Reader,Writer,Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.asciidoctor.ast.PhraseNode#convert()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.asciidoctor.extension.BaseProcessor#createPhraseNode(ContentNode,String,String,Map,Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.flywaydb.core.Flyway#clean()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jws.JsonWebSignature#getEncodedPayload()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jws.JsonWebSignature#getCompactSerialization()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jws.JsonWebSignature#setPayload(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwt.consumer.JwtConsumer#processToClaims(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwt.consumer.JwtConsumerBuilder#build()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwt.consumer.JwtConsumerBuilder#setRelaxVerificationKeyValidation()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwt.consumer.JwtConsumerBuilder#setVerificationKey(Key)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwt.consumer.JwtConsumerBuilder#setSkipAllValidators()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.CompactSerializer#serialize(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.Headers#getEncodedHeader()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.JsonWebStructure#setDoKeyValidation(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.JsonWebStructure#setKey(Key)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.JsonWebStructure#setHeader(String,Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jose4j.jwx.JsonWebStructure#getHeaders()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jsoup.Jsoup#parse(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.jsoup.parser.Parser#unescapeEntities(String,boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.http.HttpMethod#matches(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.http.ResponseEntity#notFound()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.http.ResponseEntity#status(int)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.data.repository.CrudRepository#deleteAll()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.owasp.webgoat.lessons.challenges.Flag#number()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.util.FileSystemUtils#deleteRecursively(File)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.slf4j.LoggerFactory#getLogger(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.context.ApplicationContext#getApplicationName()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.actuate.trace.http.HttpTrace#getTimestamp()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.autoconfigure.jdbc.DataSourceProperties#getPassword()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.autoconfigure.jdbc.DataSourceProperties#getUsername()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.autoconfigure.jdbc.DataSourceProperties#getUrl()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#sibling(Class\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#parent(Class\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#child(Class\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#run(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.boot.builder.SpringApplicationBuilder#SpringApplicationBuilder(Class\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.context.support.AbstractMessageSource#setParentMessageSource(MessageSource)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.context.support.PropertiesHolder#PropertiesHolder(Properties,long)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.context.support.ReloadableResourceBundleMessageSource#refreshProperties(String,PropertiesHolder)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.core.io.Resource#getURI()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.core.io.Resource#getURL()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.http.converter.json.MappingJacksonValue#MappingJacksonValue(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate#update(String,SqlParameterSource)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate#query(String,RowMapper)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate#query(String,SqlParameterSource,RowMapper)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate#NamedParameterJdbcTemplate(DataSource)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.datasource.AbstractDriverBasedDataSource#setPassword(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.datasource.AbstractDriverBasedDataSource#setUsername(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.jdbc.datasource.DriverManagerDataSource#setDriverClassName(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#antMatchers(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#exceptionHandling()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.builders.HttpSecurity#headers()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer#failureUrl(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer#authenticationEntryPoint(AuthenticationEntryPoint)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer#passwordParameter(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer#usernameParameter(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.CacheControlConfig#disable()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.HeadersConfigurer#cacheControl()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.LogoutConfigurer#deleteCookies(String\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.LogoutConfigurer#permitAll()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.config.annotation.web.configurers.LogoutConfigurer#invalidateHttpSession(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.core.userdetails.User#hashCode()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.core.userdetails.User#equals(Object)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.core.authority.SimpleGrantedAuthority#SimpleGrantedAuthority(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.crypto.codec.Hex#decode(CharSequence)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.crypto.codec.Hex#encode(byte\\[\\])"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint#commence(HttpServletRequest,HttpServletResponse,AuthenticationException)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint#LoginUrlAuthenticationEntryPoint(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.RequestMapping#path()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.RequestMapping#value()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.GetMapping#value()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.GetMapping#path()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.PostMapping#value()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.PostMapping#path()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.PutMapping#path()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.bind.annotation.PutMapping#value()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.multipart.MultipartFile#transferTo(File)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.multipart.MultipartFile#isEmpty()"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.servlet.LocaleResolver#resolveLocale(HttpServletRequest)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.servlet.ModelAndView#ModelAndView(View,Map)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.servlet.config.annotation.InterceptorRegistry#addInterceptor(HandlerInterceptor)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.servlet.i18n.LocaleChangeInterceptor#setParamName(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.springframework.web.servlet.view.RedirectView#RedirectView(String,boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.TemplateEngine#setTemplateResolvers(Set)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.TemplateEngine#addDialect(IDialect)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.spring5.SpringTemplateEngine#setEnableSpringELCompiler(boolean)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.spring5.templateresolver.SpringResourceTemplateResolver#setApplicationContext(ApplicationContext)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.spring5.view.ThymeleafViewResolver#setCharacterEncoding(String)"}},{"rule":{"id":"java/telemetry/unsupported-external-api","index":101,"toolComponent":{"index":18}},"ruleId":"java/telemetry/unsupported-external-api","value":1,"message":{"text":"org.thymeleaf.spring5.view.ThymeleafViewResolver#setTemplateEngine(ISpringTemplateEngine)"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":5571,"message":{"text":"Number of files"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":31145,"message":{"text":"Total number of lines"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":20314,"message":{"text":"Number of lines of code"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":15,"message":{"text":"Number of files with extension xml"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":75,"message":{"text":"Number of files with extension jar"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":349,"message":{"text":"Number of files with extension java"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":5131,"message":{"text":"Number of files with extension class"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":3925,"message":{"text":"Total number of lines with extension xml"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":27220,"message":{"text":"Total number of lines with extension java"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":3925,"message":{"text":"Number of lines of code with extension xml"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":16389,"message":{"text":"Number of lines of code with extension java"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":2,"message":{"text":"Number of diagnostics from CodeQL Java extractor with severity 2"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":75,"message":{"text":"Number of diagnostics from CodeQL Java extractor with severity 3"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":3,"message":{"text":"Number of diagnostics from CodeQL Java extractor with severity 4"}},{"rule":{"id":"java/telemetry/extraction-information","index":102,"toolComponent":{"index":18}},"ruleId":"java/telemetry/extraction-information","value":80,"message":{"text":"Total number of diagnostics from CodeQL Java extractor"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":15,"message":{"text":"javax.servlet.http.HttpServletRequest#getHeader(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":5,"message":{"text":"org.springframework.web.multipart.MultipartFile#getOriginalFilename()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":4,"message":{"text":"org.springframework.web.client.RestTemplate#postForEntity(String,Object,Class,Object\\[\\])"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":4,"message":{"text":"javax.servlet.http.HttpServletRequest#getRequestURL()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":4,"message":{"text":"javax.servlet.ServletRequest#getParameter(String)"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":2,"message":{"text":"org.springframework.web.multipart.MultipartFile#getBytes()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":1,"message":{"text":"javax.servlet.ServletRequest#getParameterNames()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":1,"message":{"text":"javax.servlet.http.Cookie#getValue()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":1,"message":{"text":"javax.servlet.http.Cookie#getName()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":1,"message":{"text":"javax.servlet.http.HttpServletRequest#getQueryString()"}},{"rule":{"id":"java/telemetry/supported-external-api-sources","index":103,"toolComponent":{"index":18}},"ruleId":"java/telemetry/supported-external-api-sources","value":1,"message":{"text":"org.springframework.web.client.RestTemplate#exchange(String,HttpMethod,HttpEntity,Class,Object\\[\\])"}}],"semmle.formatSpecifier":"sarif-latest"}}]}
\ No newline at end of file