{
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
  "version": "2.1.0",
  "runs": [
    {
      "tool": {
        "driver": {
          "name": "SnykCode",
          "semanticVersion": "1.0.0",
          "version": "1.0.0",
          "rules": [
            {
              "id": "javascript/HttpToHttps",
              "name": "HttpToHttps",
              "shortDescription": {
                "text": "Cleartext Transmission of Sensitive Information"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "help": {
                "markdown": "\n## Details\nThis weakness occurs when software transmits sensitive information, such as passwords or credit card numbers, in unencrypted form. This information may then be intercepted by threat actors using sniffer tools or interception techniques such as man-in-the-middle (MITM) attacks (often involving social engineering). Attackers can then use information gleaned to perform a variety of actions, depending on the information type. Possible actions include gaining unauthorized access, impersonating a user, moving laterally within the organization's network, or retrieving and potentially modifying files. This weakness is almost completely avoidable through intelligent architecture and design.\n\n### Best practices for prevention\n* Build web applications around a security mindset and the awareness that sniffers may be present at any time.\n* Ensure that all sensitive data transmission uses reliable encryption.\n* Implement security measures so that sensitive results are never returned in plain text.\n* Implement multiple-factor authentication methods to validate remote instances.\n* Use SSL not only at logon but throughout communications.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "http"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/Rocket1184/qq-bot-rebown/commit/5255a8398cf1d80f60e182c53e8532c7562e76c2?diff=split#diff-62a4be7247c4abe75f2cc11746422b86L12",
                    "lines": [
                      {
                        "line": "'use strict';",
                        "lineNumber": 9,
                        "lineChange": "none"
                      },
                      {
                        "line": "const http = require('http');",
                        "lineNumber": 11,
                        "lineChange": "removed"
                      },
                      {
                        "line": "const https = require('https');",
                        "lineNumber": 11,
                        "lineChange": "added"
                      },
                      {
                        "line": "function http2https(link) {",
                        "lineNumber": 13,
                        "lineChange": "added"
                      },
                      {
                        "line": " ",
                        "lineNumber": 20,
                        "lineChange": "none"
                      },
                      {
                        "line": "function shortenUrl(url) {",
                        "lineNumber": 21,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/qmachine/qmachine/commit/1f9f08b5b1f9be78dd6625d93ec934befb255df7?diff=split#diff-54387be96a26d96583a0c7585e8607c5L56",
                    "lines": [
                      {
                        "line": "};",
                        "lineNumber": 57,
                        "lineChange": "none"
                      },
                      {
                        "line": "http = require('http');",
                        "lineNumber": 55,
                        "lineChange": "removed"
                      },
                      {
                        "line": "https = require('https');",
                        "lineNumber": 59,
                        "lineChange": "added"
                      },
                      {
                        "line": "http_GET = function (x) {",
                        "lineNumber": 57,
                        "lineChange": "removed"
                      },
                      {
                        "line": "https_GET = function (x) {",
                        "lineNumber": 61,
                        "lineChange": "added"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/vmware-samples/vmware-blockchain-samples/commit/92bf99244de7b145eb4b22e36575d9fef376600b?diff=split#diff-21a000feb5ae912714215842b628c63cL3",
                    "lines": [
                      {
                        "line": "const fs = require(\"fs\");",
                        "lineNumber": 7,
                        "lineChange": "none"
                      },
                      {
                        "line": "const http = require(\"http\");",
                        "lineNumber": 2,
                        "lineChange": "removed"
                      },
                      {
                        "line": "const https = require(\"https\");",
                        "lineNumber": 8,
                        "lineChange": "added"
                      },
                      {
                        "line": "verifyMigrations();",
                        "lineNumber": 10,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "Added https imposter tests;"
                ],
                "precision": "very-high",
                "repoDatasetSize": 689,
                "cwe": [
                  "CWE-319"
                ]
              }
            },
            {
              "id": "javascript/WebCookieSecureDisabledByDefault",
              "name": "WebCookieSecureDisabledByDefault",
              "shortDescription": {
                "text": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "help": {
                "markdown": "\n## Details\n\nIn a session hijacking attack, if a cookie containing sensitive data is set without the `secure` attribute, an attacker might be able to intercept that cookie. Once the attacker has this information, they can potentially impersonate a user, accessing confidential data and performing actions that they would not normally be authorized to do. Attackers often gain access to this sensitive cookie data when it is transmitted insecurely in plain text over a standard HTTP session, rather than being encrypted and sent over an HTTPS session. This type of attack is highly preventable by following best practices when setting sensitive session cookies.\n\n### Best practices for prevention\n* Set the `secure` attribute in the response header when setting cookies on the client side, and use a test tool to verify that secure cookie transmission is in place.\n* Always use HTTPS for all login pages and never redirect from HTTP to HTTPS, which leaves secure session data open to interception.\n* Follow other best practices when it comes to session cookies, such as setting the HttpOnly flag and maintaining highly time-limited sessions.\n* Consider implementing browser checks and providing secure data only within a browser that supports tight cookie security.\n* Generate session IDs in a way that is not easily predictable, invalidate sessions upon logout, and never reuse session IDs.\n* Educate developers to use built-in secure session-management functionality within the development environment instead of taking a DIY approach.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "cookie",
                  "session"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/SLaks/csrf-crypto/commit/c01f29046c1b6e263198bedfdc65eca70d3de8da?diff=split#diff-3dd5c8a7bb0c10a5d2fcb6d46f1f38dbL53",
                    "lines": [
                      {
                        "line": "// Private function that adds a new cookie token to the response and returns its salt value",
                        "lineNumber": 51,
                        "lineChange": "none"
                      },
                      {
                        "line": "function createCookie(res) {",
                        "lineNumber": 52,
                        "lineChange": "none"
                      },
                      {
                        "line": "  var salt = base64Random(saltSize);",
                        "lineNumber": 53,
                        "lineChange": "none"
                      },
                      {
                        "line": "  var cookie = salt + \"|\" + userData + \"|\" + hash;",
                        "lineNumber": 64,
                        "lineChange": "none"
                      },
                      {
                        "line": "  res.cookie(options.cookieName, cookie, {});",
                        "lineNumber": 65,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  res.cookie(options.cookieName, cookie, { httpOnly: true, secure: options.secure });",
                        "lineNumber": 65,
                        "lineChange": "added"
                      },
                      {
                        "line": "  return salt;",
                        "lineNumber": 66,
                        "lineChange": "none"
                      },
                      {
                        "line": "}",
                        "lineNumber": 67,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/xCss/bing/commit/49599704a5418f4c94ec046fdea597b2e86abad7?diff=split#diff-0364f57fbff2fabbe941ed20c328ef1aL45",
                    "lines": [
                      {
                        "line": "}));",
                        "lineNumber": 42,
                        "lineChange": "none"
                      },
                      {
                        "line": "app.use(cookieParser('bing.ioliu.cn'));",
                        "lineNumber": 43,
                        "lineChange": "none"
                      },
                      {
                        "line": "app.use(session({",
                        "lineNumber": 44,
                        "lineChange": "none"
                      },
                      {
                        "line": "    secret: 'bing app', //secret的值建议使用随机字符串",
                        "lineNumber": 45,
                        "lineChange": "none"
                      },
                      {
                        "line": "    cookie: {",
                        "lineNumber": 46,
                        "lineChange": "none"
                      },
                      {
                        "line": "        secure: true,",
                        "lineNumber": 47,
                        "lineChange": "added"
                      },
                      {
                        "line": "        maxAge: 60 * 30 * 1000 // 过期时间(毫秒)",
                        "lineNumber": 48,
                        "lineChange": "none"
                      },
                      {
                        "line": "    },",
                        "lineNumber": 49,
                        "lineChange": "added"
                      },
                      {
                        "line": "    resave: false,",
                        "lineNumber": 50,
                        "lineChange": "added"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/rafaelalmeidatk/i-need-ideas/commit/996fd36706b1d3c046994bf878e94beb23de8fb6?diff=split#diff-5b799c64ad01cad68d3e23d0b1d04a9bL33",
                    "lines": [
                      {
                        "line": "app.use(",
                        "lineNumber": 36,
                        "lineChange": "none"
                      },
                      {
                        "line": "  session({",
                        "lineNumber": 37,
                        "lineChange": "none"
                      },
                      {
                        "line": "    secret: 'hey, shhh!',",
                        "lineNumber": 38,
                        "lineChange": "none"
                      },
                      {
                        "line": "    resave: false,",
                        "lineNumber": 39,
                        "lineChange": "none"
                      },
                      {
                        "line": "    saveUninitialized: true,",
                        "lineNumber": 40,
                        "lineChange": "none"
                      },
                      {
                        "line": "    cookie: {",
                        "lineNumber": 41,
                        "lineChange": "none"
                      },
                      {
                        "line": "      httpOnly: true,",
                        "lineNumber": 42,
                        "lineChange": "none"
                      },
                      {
                        "line": "      secure: IS_PRODUCTION,",
                        "lineNumber": 43,
                        "lineChange": "added"
                      },
                      {
                        "line": "    },",
                        "lineNumber": 44,
                        "lineChange": "none"
                      },
                      {
                        "line": "  })",
                        "lineNumber": 45,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "Use new (tested) accessToken utils to set and remove cookies",
                  "Introduced support for cookie sessions;"
                ],
                "precision": "very-high",
                "repoDatasetSize": 108,
                "cwe": [
                  "CWE-614"
                ]
              }
            },
            {
              "id": "javascript/NoHardcodedPasswords/test",
              "name": "NoHardcodedPasswords/test",
              "shortDescription": {
                "text": "Use of Hard-coded Credentials"
              },
              "defaultConfiguration": {
                "level": "note"
              },
              "help": {
                "markdown": "\n## Details\n\nDevelopers may use hard-coded credentials for convenience when coding in order to simplify their workflow. While they are responsible for removing these before production, occasionally this task may fall through the cracks. This also becomes a maintenance challenge when credentials are re-used across multiple applications.\n\nOnce attackers gain access, they may take advantage of privilege level to remove or alter data, take down a site or app, or hold any of the above for ransom. The risk across multiple similar projects is even greater. If code containing the credentials is reused across multiple projects, they will all be compromised.\n\n### Best practices for prevention\n* Plan software architecture such that keys and passwords are always stored outside the code, wherever possible.\n* Plan encryption into software architecture for all credential information and ensure proper handling of keys, credentials, and passwords.\n* Prompt for a secure password on first login rather than hard-code a default password.\n* If a hard-coded password or credential must be used, limit its use, for example, to system console users rather than via the network.\n* Use strong hashes for inbound password authentication, ideally with randomly assigned salts to increase the difficulty level in case of brute-force attack.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "usability",
                  "room",
                  "mock"
                ],
                "categories": [
                  "Security",
                  "InTest"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/kbrsh/snip/commit/67f9fb8e117583da57af1bbac7ad31e02e360b08?diff=split#diff-783b3c178e66001d7fc3799c08ec6a30L107",
                    "lines": [
                      {
                        "line": "// Users",
                        "lineNumber": 104,
                        "lineChange": "none"
                      },
                      {
                        "line": "User.create({",
                        "lineNumber": 106,
                        "lineChange": "none"
                      },
                      {
                        "line": "  username: \"test\",",
                        "lineNumber": 107,
                        "lineChange": "none"
                      },
                      {
                        "line": "  password: \"123\",",
                        "lineNumber": 108,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  salt: \"WquZ012C\",",
                        "lineNumber": 108,
                        "lineChange": "added"
                      },
                      {
                        "line": "  hash: \"c5e635ec235a51e89f6ed7d4857afe58663d54f5\",",
                        "lineNumber": 109,
                        "lineChange": "added"
                      },
                      {
                        "line": "  links: \"\"",
                        "lineNumber": 110,
                        "lineChange": "none"
                      },
                      {
                        "line": "});",
                        "lineNumber": 111,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/spmjs/spm/commit/68f545853f7234f829f17e4e807a26c39721c747?diff=split#diff-ee71e8c29e7bc68ca4bd61bf722a5c56L10",
                    "lines": [
                      {
                        "line": "  var service = yuan();",
                        "lineNumber": 7,
                        "lineChange": "none"
                      },
                      {
                        "line": "  var stub = sinon.stub(service, 'request');",
                        "lineNumber": 8,
                        "lineChange": "none"
                      },
                      {
                        "line": "  service.login({username: 'spm', password: 'spm'}, function() {});",
                        "lineNumber": 9,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  service.login({username: 'spm', token: 'spm'}, function() {});",
                        "lineNumber": 9,
                        "lineChange": "added"
                      },
                      {
                        "line": "  stub.callCount.should.eql(1);",
                        "lineNumber": 10,
                        "lineChange": "none"
                      },
                      {
                        "line": "});",
                        "lineNumber": 11,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/codefordenver/Comrad/commit/a0485e6701869c0f0b558fefa946c6eca2d54022?diff=split#diff-aee85098e751c8ecb7298387b9364bd7L12",
                    "lines": [
                      {
                        "line": "},",
                        "lineNumber": 9,
                        "lineChange": "none"
                      },
                      {
                        "line": "create: (req, res) => {",
                        "lineNumber": 11,
                        "lineChange": "none"
                      },
                      {
                        "line": "  const { username, password } = req.body;",
                        "lineNumber": 12,
                        "lineChange": "added"
                      },
                      {
                        "line": "  db.User",
                        "lineNumber": 14,
                        "lineChange": "none"
                      },
                      {
                        "line": "    .create({ username: 'UserOne', password: 'password' })",
                        "lineNumber": 12,
                        "lineChange": "removed"
                      },
                      {
                        "line": "    .create({ username, password })",
                        "lineNumber": 15,
                        "lineChange": "added"
                      },
                      {
                        "line": "    .then(dbNote => res.json(dbNote))",
                        "lineNumber": 16,
                        "lineChange": "none"
                      },
                      {
                        "line": "    .catch(err => res.json(err));",
                        "lineNumber": 17,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "- Join room e2e tests added",
                  "Mock api() tests"
                ],
                "precision": "very-high",
                "repoDatasetSize": 189,
                "cwe": [
                  "CWE-798",
                  "CWE-259"
                ]
              }
            },
            {
              "id": "javascript/NoHardcodedPasswords",
              "name": "NoHardcodedPasswords",
              "shortDescription": {
                "text": "Use of Hard-coded Credentials"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "help": {
                "markdown": "\n## Details\n\nDevelopers may use hard-coded credentials for convenience when coding in order to simplify their workflow. While they are responsible for removing these before production, occasionally this task may fall through the cracks. This also becomes a maintenance challenge when credentials are re-used across multiple applications.\n\nOnce attackers gain access, they may take advantage of privilege level to remove or alter data, take down a site or app, or hold any of the above for ransom. The risk across multiple similar projects is even greater. If code containing the credentials is reused across multiple projects, they will all be compromised.\n\n### Best practices for prevention\n* Plan software architecture such that keys and passwords are always stored outside the code, wherever possible.\n* Plan encryption into software architecture for all credential information and ensure proper handling of keys, credentials, and passwords.\n* Prompt for a secure password on first login rather than hard-code a default password.\n* If a hard-coded password or credential must be used, limit its use, for example, to system console users rather than via the network.\n* Use strong hashes for inbound password authentication, ideally with randomly assigned salts to increase the difficulty level in case of brute-force attack.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "usability",
                  "room",
                  "mock"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/kbrsh/snip/commit/67f9fb8e117583da57af1bbac7ad31e02e360b08?diff=split#diff-783b3c178e66001d7fc3799c08ec6a30L107",
                    "lines": [
                      {
                        "line": "// Users",
                        "lineNumber": 104,
                        "lineChange": "none"
                      },
                      {
                        "line": "User.create({",
                        "lineNumber": 106,
                        "lineChange": "none"
                      },
                      {
                        "line": "  username: \"test\",",
                        "lineNumber": 107,
                        "lineChange": "none"
                      },
                      {
                        "line": "  password: \"123\",",
                        "lineNumber": 108,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  salt: \"WquZ012C\",",
                        "lineNumber": 108,
                        "lineChange": "added"
                      },
                      {
                        "line": "  hash: \"c5e635ec235a51e89f6ed7d4857afe58663d54f5\",",
                        "lineNumber": 109,
                        "lineChange": "added"
                      },
                      {
                        "line": "  links: \"\"",
                        "lineNumber": 110,
                        "lineChange": "none"
                      },
                      {
                        "line": "});",
                        "lineNumber": 111,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/spmjs/spm/commit/68f545853f7234f829f17e4e807a26c39721c747?diff=split#diff-ee71e8c29e7bc68ca4bd61bf722a5c56L10",
                    "lines": [
                      {
                        "line": "  var service = yuan();",
                        "lineNumber": 7,
                        "lineChange": "none"
                      },
                      {
                        "line": "  var stub = sinon.stub(service, 'request');",
                        "lineNumber": 8,
                        "lineChange": "none"
                      },
                      {
                        "line": "  service.login({username: 'spm', password: 'spm'}, function() {});",
                        "lineNumber": 9,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  service.login({username: 'spm', token: 'spm'}, function() {});",
                        "lineNumber": 9,
                        "lineChange": "added"
                      },
                      {
                        "line": "  stub.callCount.should.eql(1);",
                        "lineNumber": 10,
                        "lineChange": "none"
                      },
                      {
                        "line": "});",
                        "lineNumber": 11,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/codefordenver/Comrad/commit/a0485e6701869c0f0b558fefa946c6eca2d54022?diff=split#diff-aee85098e751c8ecb7298387b9364bd7L12",
                    "lines": [
                      {
                        "line": "},",
                        "lineNumber": 9,
                        "lineChange": "none"
                      },
                      {
                        "line": "create: (req, res) => {",
                        "lineNumber": 11,
                        "lineChange": "none"
                      },
                      {
                        "line": "  const { username, password } = req.body;",
                        "lineNumber": 12,
                        "lineChange": "added"
                      },
                      {
                        "line": "  db.User",
                        "lineNumber": 14,
                        "lineChange": "none"
                      },
                      {
                        "line": "    .create({ username: 'UserOne', password: 'password' })",
                        "lineNumber": 12,
                        "lineChange": "removed"
                      },
                      {
                        "line": "    .create({ username, password })",
                        "lineNumber": 15,
                        "lineChange": "added"
                      },
                      {
                        "line": "    .then(dbNote => res.json(dbNote))",
                        "lineNumber": 16,
                        "lineChange": "none"
                      },
                      {
                        "line": "    .catch(err => res.json(err));",
                        "lineNumber": 17,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "- Join room e2e tests added",
                  "Mock api() tests"
                ],
                "precision": "very-high",
                "repoDatasetSize": 189,
                "cwe": [
                  "CWE-798",
                  "CWE-259"
                ]
              }
            },
            {
              "id": "javascript/NoHardcodedCredentials",
              "name": "NoHardcodedCredentials",
              "shortDescription": {
                "text": "Use of Hard-coded Credentials"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "help": {
                "markdown": "\n## Details\n\nDevelopers may use hard-coded credentials for convenience when coding in order to simplify their workflow. While they are responsible for removing these before production, occasionally this task may fall through the cracks. This also becomes a maintenance challenge when credentials are re-used across multiple applications.\n\nOnce attackers gain access, they may take advantage of privilege level to remove or alter data, take down a site or app, or hold any of the above for ransom. The risk across multiple similar projects is even greater. If code containing the credentials is reused across multiple projects, they will all be compromised.\n\n### Best practices for prevention\n* Plan software architecture such that keys and passwords are always stored outside the code, wherever possible.\n* Plan encryption into software architecture for all credential information and ensure proper handling of keys, credentials, and passwords.\n* Prompt for a secure password on first login rather than hard-code a default password.\n* If a hard-coded password or credential must be used, limit its use, for example, to system console users rather than via the network.\n* Use strong hashes for inbound password authentication, ideally with randomly assigned salts to increase the difficulty level in case of brute-force attack.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "tests",
                  "user",
                  "login"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/dfoderick/fullcyclereact/commit/a6abd97bd776ce56da8ac321ad0e1b500f67721d?diff=split#diff-ca64812ac15b141271f726a5a95a3402L9",
                    "lines": [
                      {
                        "line": "const SSE = require('sse');",
                        "lineNumber": 6,
                        "lineChange": "none"
                      },
                      {
                        "line": "const bodyParser = require('body-parser');",
                        "lineNumber": 7,
                        "lineChange": "none"
                      },
                      {
                        "line": "const redis = require('redis');",
                        "lineNumber": 8,
                        "lineChange": "none"
                      },
                      {
                        "line": "const amqp = require('amqplib/callback_api');",
                        "lineNumber": 9,
                        "lineChange": "none"
                      },
                      {
                        "line": "const redis_port = 6379",
                        "lineNumber": 19,
                        "lineChange": "removed"
                      },
                      {
                        "line": "const redis_host = serverhost",
                        "lineNumber": 20,
                        "lineChange": "removed"
                      },
                      {
                        "line": "const redis_password = ''",
                        "lineNumber": 21,
                        "lineChange": "removed"
                      },
                      {
                        "line": "//Message envelope for putting messages on the bus",
                        "lineNumber": 23,
                        "lineChange": "removed"
                      },
                      {
                        "line": "function redisclient(){",
                        "lineNumber": 98,
                        "lineChange": "none"
                      },
                      {
                        "line": "  var client = redis.createClient(redis_port, redis_host, {no_ready_check: true});",
                        "lineNumber": 99,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  client.auth(redis_password, function (err) {",
                        "lineNumber": 100,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  var client = redis.createClient(services.redis.port, services.redis.host, {no_ready_check: true});",
                        "lineNumber": 54,
                        "lineChange": "added"
                      },
                      {
                        "line": "  client.auth(services.redis.password, function (err) {",
                        "lineNumber": 55,
                        "lineChange": "added"
                      },
                      {
                        "line": "     if (err) throw err;",
                        "lineNumber": 101,
                        "lineChange": "none"
                      },
                      {
                        "line": "  });",
                        "lineNumber": 102,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/foxhound87/mobx-react-form/commit/3120097eb35365742aaa55914461f3702c4c0b9e?diff=split#diff-4cd745890a2a3a4ed716894e77383749L38",
                    "lines": [
                      {
                        "line": " ",
                        "lineNumber": 35,
                        "lineChange": "none"
                      },
                      {
                        "line": "  onInit(form) {",
                        "lineNumber": 36,
                        "lineChange": "none"
                      },
                      {
                        "line": "    // form.update({ user: { email: 'notAnEmail' } }); // TO FIX",
                        "lineNumber": 36,
                        "lineChange": "removed"
                      },
                      {
                        "line": "    form.$('user').update({ email: 'notAnEmail' });",
                        "lineNumber": 37,
                        "lineChange": "removed"
                      },
                      {
                        "line": "    form.update({ user: { email: 'notAnEmail' } });",
                        "lineNumber": 37,
                        "lineChange": "added"
                      },
                      {
                        "line": "  }",
                        "lineNumber": 38,
                        "lineChange": "none"
                      },
                      {
                        "line": "}",
                        "lineNumber": 39,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/DAVFoundation/community/commit/22bfd8d1c7bdad79421868ace378731ccc76c6f3?diff=split#diff-ffbabba1d71222fff38a087e3cb7d372L13",
                    "lines": [
                      {
                        "line": "// restrict.canPostDavUpdates();",
                        "lineNumber": 10,
                        "lineChange": "removed"
                      },
                      {
                        "line": "restrict.canPostDavUpdates();",
                        "lineNumber": 10,
                        "lineChange": "added"
                      },
                      {
                        "line": "let person = await Person.findOne({email:\"a@3.com\"}).exec();",
                        "lineNumber": 12,
                        "lineChange": "removed"
                      },
                      {
                        "line": "let person = await Person.findOne({email:config.dav.email}).exec();",
                        "lineNumber": 12,
                        "lineChange": "added"
                      },
                      {
                        "line": "let account = await DavAccount.findById(person.account.id).exec();",
                        "lineNumber": 14,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "get users test",
                  "updated login unit test"
                ],
                "precision": "very-high",
                "repoDatasetSize": 256,
                "cwe": [
                  "CWE-798"
                ]
              }
            },
            {
              "id": "javascript/DisablePoweredBy",
              "name": "DisablePoweredBy",
              "shortDescription": {
                "text": "Information Exposure"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "help": {
                "markdown": "## Details\n\nSensitive data includes: personally identifiable information (PII) of employees, customers, users, or other third parties; financial information; code; intellectual property; or protected network information such as passwords. Exposure of sensitive information to an unauthorized actor occurs when any party who does not require this information for business purposes can remove this information from the secure network.\nConsequences of exposure can include holding it for ransom payment, identity theft, or access to other internal network resources-along with financial loss due to regulatory fines, court settlements, or cost to restore compromised systems. As most attackers aim to extract sensitive information, this CWE only describes exploits that take advantage of vulnerabilities related to how data is handled: the management, storage, transfer, or removal of sensitive information.\n\n### Best practices for prevention\n- Encrypt data at all times, whether in transit or at rest.\n- When transporting data, always use a secure protocol such as TLS.\n- Before collecting PII or financial information, consider whether there is a true business need for this information; similarly, before storing the data, ensure that there is an ongoing business need.\n- Classify all incoming data according to privacy and security guidelines to improve awareness of sensitive data.\n- Ensure that caching is disabled for all transactions involving sensitive information.\n- Store passwords with secure, salted hashing functions.\n- Apply a network-wide least-privilege policy so sensitive data is provided only to users with business need to know.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "express",
                  "helmet",
                  "security"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/eclipse/orion.client/commit/ad8f3bce33a1ea9d1e2144e6c42f075ad25829d6?diff=split#diff-16594450dc1f06f7d9cf4a47859cfa52L175",
                    "lines": [
                      {
                        "line": "}",
                        "lineNumber": 172,
                        "lineChange": "none"
                      },
                      {
                        "line": "return express()",
                        "lineNumber": 174,
                        "lineChange": "removed"
                      },
                      {
                        "line": "return express.Router()",
                        "lineNumber": 174,
                        "lineChange": "added"
                      },
                      {
                        "line": ".use(bodyParser.json())",
                        "lineNumber": 175,
                        "lineChange": "none"
                      },
                      {
                        "line": ".use(resource(workspaceRoot, {",
                        "lineNumber": 176,
                        "lineChange": "removed"
                      },
                      {
                        "line": ".use(apiPath(root))",
                        "lineNumber": 176,
                        "lineChange": "added"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/flowgrammable/flowsim/commit/1681245625230c6d71e1e74b0ada6551cbf2d935?diff=split#diff-4cb60403ef79ea471c0c046e9873a1e2L6",
                    "lines": [
                      {
                        "line": "var cookieSession = require('cookie-session');",
                        "lineNumber": 3,
                        "lineChange": "none"
                      },
                      {
                        "line": "express()",
                        "lineNumber": 5,
                        "lineChange": "removed"
                      },
                      {
                        "line": "connect()",
                        "lineNumber": 5,
                        "lineChange": "added"
                      },
                      {
                        "line": "  .use(cookieParser())",
                        "lineNumber": 6,
                        "lineChange": "none"
                      },
                      {
                        "line": "  .use(cookieSession({ secret: 'testsecret' }))",
                        "lineNumber": 7,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/ajmueller/express-auth-session/commit/74209d7901e8b3cf4cf0e6f532d03f8e54e97381?diff=split#diff-0364f57fbff2fabbe941ed20c328ef1aL22",
                    "lines": [
                      {
                        "line": "var authentication = require('./authentication');",
                        "lineNumber": 20,
                        "lineChange": "none"
                      },
                      {
                        "line": "var app = express();",
                        "lineNumber": 22,
                        "lineChange": "none"
                      },
                      {
                        "line": "app.use(sslRedirect());",
                        "lineNumber": 24,
                        "lineChange": "none"
                      },
                      {
                        "line": "app.use(helmet());",
                        "lineNumber": 25,
                        "lineChange": "added"
                      },
                      {
                        "line": "mongoose.connect(config.db.uri);",
                        "lineNumber": 27,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "Test without express",
                  "secure the api with helmet",
                  "Fix some security vulnerabilities, refactor the error constants a little"
                ],
                "precision": "very-high",
                "repoDatasetSize": 835,
                "cwe": [
                  "CWE-200"
                ]
              }
            },
            {
              "id": "javascript/Sqli",
              "name": "Sqli",
              "shortDescription": {
                "text": "SQL Injection"
              },
              "defaultConfiguration": {
                "level": "error"
              },
              "help": {
                "markdown": "## Details\n\nIn an SQL injection attack, the user can submit an SQL query directly to the database, gaining access without providing appropriate credentials. Attackers can then view, export, modify, and delete confidential information; change passwords and other authentication information; and possibly gain access to other systems within the network. This is one of the most commonly exploited categories of vulnerability, but can largely be avoided through good coding practices.\n\n### Best practices for prevention\n* Avoid passing user-entered parameters directly to the SQL server.\n* When coding, define SQL code first, then pass in parameters. Use prepared statements with parameterized queries. Examples include `SqlCommand()` in .NET and `bindParam()` in PHP.\n* Use strong typing for all parameters so unexpected user data will be rejected.\n* Where direct user input cannot be avoided for performance reasons, validate input against a very strict allowlist of permitted characters, avoiding special characters such as `? & / < > ; -` and spaces. Use a vendor-supplied escaping routine if possible.\n* Develop your application in an environment and/or using libraries that provide protection against SQL injection.\n* Harden your entire environment around a least-privilege model, ideally with isolated accounts with privileges only for particular tasks.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "tests",
                  "database",
                  "adapter"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/mozilla/napkin/commit/b48aa5071e69bfe5fb22a7955514ff1fa0d9ca75?diff=split#diff-8c3093706848cad6938fd91248441eafL53",
                    "lines": [
                      {
                        "line": " * Returns: A screen object if found, error if not found",
                        "lineNumber": 50,
                        "lineChange": "none"
                      },
                      {
                        "line": " */",
                        "lineNumber": 51,
                        "lineChange": "none"
                      },
                      {
                        "line": "exports.get = function(req, db, identifier, callback) {",
                        "lineNumber": 52,
                        "lineChange": "none"
                      },
                      {
                        "line": "  db.get('project:' + req.params.id + ':screen:' + identifier, function(err, screen) {",
                        "lineNumber": 53,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  crud.get(req, 'project:' + req.params.id + ':screen:' + identifier, db, function(err, screen) {",
                        "lineNumber": 28,
                        "lineChange": "added"
                      },
                      {
                        "line": "    if (err) {",
                        "lineNumber": 54,
                        "lineChange": "none"
                      },
                      {
                        "line": "      return callback(err);",
                        "lineNumber": 55,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/usecanvas/livedb-postgresql/commit/fb13af89f39ca2112089378385c2481675b11428?diff=split#diff-168726dbe96b3ce427e7fedce31bb0bcL86",
                    "lines": [
                      {
                        "line": "var dataColumn = this.dataColumn;",
                        "lineNumber": 83,
                        "lineChange": "none"
                      },
                      {
                        "line": "this.db(this.table)",
                        "lineNumber": 85,
                        "lineChange": "none"
                      },
                      {
                        "line": "  .where(where)",
                        "lineNumber": 86,
                        "lineChange": "none"
                      },
                      {
                        "line": "  .select(dataColumn)",
                        "lineNumber": 87,
                        "lineChange": "none"
                      },
                      {
                        "line": "  .limit(1)",
                        "lineNumber": 88,
                        "lineChange": "none"
                      },
                      {
                        "line": "  .exec(function onResult(err, rows) {",
                        "lineNumber": 89,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  .asCallback(function onResult(err, rows) {",
                        "lineNumber": 89,
                        "lineChange": "added"
                      },
                      {
                        "line": "    if (err) return cb(err, null);",
                        "lineNumber": 90,
                        "lineChange": "none"
                      },
                      {
                        "line": "    cb(null, rows.length ? rows[0][dataColumn] : null);",
                        "lineNumber": 91,
                        "lineChange": "none"
                      },
                      {
                        "line": "  });",
                        "lineNumber": 92,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/ireapps/census/commit/7626bcc9577e279dd4f91b86760110347cb6f846?diff=split#diff-5933928215d2295a1a08721bd88a70f2L95",
                    "lines": [
                      {
                        "line": "success: function(states) {",
                        "lineNumber": 94,
                        "lineChange": "none"
                      },
                      {
                        "line": "    _.each(states, function(state) {",
                        "lineNumber": 95,
                        "lineChange": "none"
                      },
                      {
                        "line": "        query.mappings.states.push([state, STATES[state]]);",
                        "lineNumber": 96,
                        "lineChange": "none"
                      },
                      {
                        "line": "    });",
                        "lineNumber": 97,
                        "lineChange": "none"
                      },
                      {
                        "line": "}",
                        "lineNumber": 98,
                        "lineChange": "none"
                      },
                      {
                        "line": "// Remove this section to enable \"go button\" prompt:",
                        "lineNumber": 220,
                        "lineChange": "none"
                      },
                      {
                        "line": "var q = window.query;",
                        "lineNumber": 221,
                        "lineChange": "none"
                      },
                      {
                        "line": "if (query.get('summarylevel') && query.get(query.get(\"summarylevel\")))",
                        "lineNumber": 215,
                        "lineChange": "removed"
                      },
                      {
                        "line": "if (this.get('summarylevel') && this.get(this.get(\"summarylevel\")))",
                        "lineNumber": 222,
                        "lineChange": "added"
                      },
                      {
                        "line": "    // The item we just selected is of the same type as our",
                        "lineNumber": 223,
                        "lineChange": "none"
                      },
                      {
                        "line": "    // target datatype. We just picked the value we wanted.",
                        "lineNumber": 224,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "* Additional tests",
                  "* Added more indepth error handling to connections on all database adapters.",
                  "* Adapt deletion + fix dependencies errors from yarn control"
                ],
                "precision": "very-high",
                "repoDatasetSize": 255,
                "cwe": [
                  "CWE-89"
                ]
              }
            },
            {
              "id": "javascript/XSS",
              "name": "XSS",
              "shortDescription": {
                "text": "Cross-site Scripting (XSS)"
              },
              "defaultConfiguration": {
                "level": "error"
              },
              "help": {
                "markdown": "## Details\n\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\n\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser's Same Origin Policy.\n\nInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\n\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as  `&lt`; and `>` can be coded as `&gt`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they've been correctly escaped in the application code and in this way the attempted attack is diverted.\n\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.\n\n### Types of attacks\nThere are a few methods by which XSS can be manipulated:\n\n|Type|Origin|Description|\n|--|--|--|\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user's browser.|\n|**DOM-based**|Client|The attacker forces the user's browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\n\n### Affected environments\nThe following environments are susceptible to an XSS attack:\n\n* Web servers\n* Application servers\n* Web application environments\n\n### How to prevent\nThis section describes the top best practices designed to specifically protect your code:\n\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents.\n* Give users the option to disable client-side scripts.\n* Redirect invalid requests.\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "API",
                  "server",
                  "error"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/mattdesl/budo/commit/e20ad86032547f0ab93f31c6e932bd78a4fb88dd?diff=split#diff-d7dfcb350720309421bbb465055aafdfL97",
                    "lines": [
                      {
                        "line": "// Handle errors",
                        "lineNumber": 96,
                        "lineChange": "none"
                      },
                      {
                        "line": "handler.use(function (req, res) {",
                        "lineNumber": 97,
                        "lineChange": "none"
                      },
                      {
                        "line": "  res.statusCode = 404",
                        "lineNumber": 98,
                        "lineChange": "none"
                      },
                      {
                        "line": "  res.end('404 not found: ' + req.url)",
                        "lineNumber": 98,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  res.end('404 not found: ' + escapeHtml(req.url))",
                        "lineNumber": 99,
                        "lineChange": "added"
                      },
                      {
                        "line": "})",
                        "lineNumber": 100,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/remoteinterview/zero/commit/e836fea5fd9584331a4502f3cf76aff901eaf415?diff=split#diff-25f18e5efad94034604bba086d2568d5L3",
                    "lines": [
                      {
                        "line": "const underscore = require(\"underscore\")",
                        "lineNumber": 1,
                        "lineChange": "none"
                      },
                      {
                        "line": "module.exports = (req, res)=>{",
                        "lineNumber": 2,
                        "lineChange": "removed"
                      },
                      {
                        "line": "module.exports = ({req, res, fetch})=>{",
                        "lineNumber": 2,
                        "lineChange": "added"
                      },
                      {
                        "line": "  res.end(\"login api here\\n\"+req.url )",
                        "lineNumber": 3,
                        "lineChange": "none"
                      },
                      {
                        "line": "  console.log(fetch)",
                        "lineNumber": 4,
                        "lineChange": "added"
                      },
                      {
                        "line": "}",
                        "lineNumber": 5,
                        "lineChange": "none"
                      },
                      {
                        "line": "\\ No newline at end of file",
                        "lineNumber": 6,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/softwerkskammer/Agora/commit/c5c8850efe367aff5de0544b7ac6d2ec790bbd00?diff=split#diff-708c4934bc671f6c08a782057ac08622L10",
                    "lines": [
                      {
                        "line": "});",
                        "lineNumber": 7,
                        "lineChange": "none"
                      },
                      {
                        "line": "app.get('/:id', function (req, res) {",
                        "lineNumber": 9,
                        "lineChange": "none"
                      },
                      {
                        "line": "  res.send('Event ' + req.params.id);",
                        "lineNumber": 10,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  res.render('index', { title: 'Event ' + req.params.id });",
                        "lineNumber": 10,
                        "lineChange": "added"
                      },
                      {
                        "line": "});",
                        "lineNumber": 11,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "Adding api tests for consumer",
                  "Refactored to ensure the server is running before the test runs",
                  "* fixing linting error"
                ],
                "precision": "very-high",
                "repoDatasetSize": 1046,
                "cwe": [
                  "CWE-79"
                ]
              }
            },
            {
              "id": "javascript/CommandInjection",
              "name": "CommandInjection",
              "shortDescription": {
                "text": "Command Injection"
              },
              "defaultConfiguration": {
                "level": "error"
              },
              "help": {
                "markdown": "## Details\n\nWith an OS command injection attack a web application user can pass commands directly to the system shell, attached to a legitimate request. These commands can then be executed on the application server, potentially leading to harmful consequences, including data exposure or deletion. Like code injection attacks, command injection attacks are essentially a failure of data validation. Unlike code injection attacks, which introduce new code, command injection attacks use existing system functions, often taking advantage of the application's unnecessarily high privilege level, increasing the risk of serious harm and reputational damage.\n\n### Best practices for prevention\n- Never trust user input. Assume any input may transmit harmful values.\n- Adopt the principle of least privilege: No application should have a greater access level than needed to run its required tasks.\n- Control user access policies on a task-by-task basis.\n- Don't pass user input directly to the system; use libraries or APIs that lack system access.\n- Where shell commands must be passed, escape values using functions like shlex for Python, or escapeshellarg() for PHP.\n- Sanitize user input with regular expressions to define permitted characters along with maximum string length.\n- Convert special characters such as `& |  ; $ > < \\ !` before passing to the server.\n- Whitelist permitted commands and validate user responses against these expectations.\n- Remember that code injection can take place on multiple fronts: GET and POST requests, but also cookies and HTTP headers.\n- Ensure up-to-date patching across all systems to remediate known vulnerabilities.\n- Educate all team members on safer data handling procedures to prevent attacks.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "synclet",
                  "spawn",
                  "command"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/chaitin/passionfruit/commit/40dd558be3ead073bcc97a0ee4ae864a29f832ba?diff=split#diff-0364f57fbff2fabbe941ed20c328ef1aL212",
                    "lines": [
                      {
                        "line": "})",
                        "lineNumber": 210,
                        "lineChange": "none"
                      },
                      {
                        "line": ".post('/spawn', async ctx => {",
                        "lineNumber": 211,
                        "lineChange": "none"
                      },
                      {
                        "line": "  let pid = await state.device.spawn([ctx.request.body.bundle])",
                        "lineNumber": 212,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  let { device, bundle } = ctx.request.body",
                        "lineNumber": 122,
                        "lineChange": "added"
                      },
                      {
                        "line": "  let dev = await FridaUtil.getDevice(ctx.params.device)",
                        "lineNumber": 124,
                        "lineChange": "added"
                      },
                      {
                        "line": "  let pid = await dev.spawn([ctx.request.body.bundle])",
                        "lineNumber": 125,
                        "lineChange": "added"
                      },
                      {
                        "line": "  // todo: attach",
                        "lineNumber": 213,
                        "lineChange": "none"
                      },
                      {
                        "line": "  ctx.body = { status: 'ok'}",
                        "lineNumber": 214,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/raphael-group/magi/commit/c3a8ce20a9b6137beacd605bd3d0074fdfab8340?diff=split#diff-79ebb237c38dc62bd81e097e4fb92c61L12",
                    "lines": [
                      {
                        "line": "// Compute enrichment given a JSON object. Expected to be called from AJAX",
                        "lineNumber": 9,
                        "lineChange": "none"
                      },
                      {
                        "line": "// as it returns a JSON object.",
                        "lineNumber": 10,
                        "lineChange": "none"
                      },
                      {
                        "line": "exports.stats = function stats(req, res){",
                        "lineNumber": 11,
                        "lineChange": "none"
                      },
                      {
                        "line": "  console.log('/enrichments/stats');",
                        "lineNumber": 12,
                        "lineChange": "none"
                      },
                      {
                        "line": "  // Parse the given data",
                        "lineNumber": 14,
                        "lineChange": "none"
                      },
                      {
                        "line": "  var pathToScript = 'stats/computeEnrichments.py'",
                        "lineNumber": 15,
                        "lineChange": "none"
                      },
                      {
                        "line": "  var command = pathToScript + \" -r '\" +  JSON.stringify(req.body) + \"'\";",
                        "lineNumber": 16,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  var command = pathToScript;// + \" -r '\" +  JSON.stringify(req.body) + \"'\";",
                        "lineNumber": 16,
                        "lineChange": "added"
                      },
                      {
                        "line": "  // Spawn the child process to compute the enrichments. The only output",
                        "lineNumber": 18,
                        "lineChange": "none"
                      },
                      {
                        "line": "  // to stdout is a JSON dump of the response",
                        "lineNumber": 19,
                        "lineChange": "none"
                      },
                      {
                        "line": "  require('child_process').exec(command, function(err, stdout, stderr){",
                        "lineNumber": 20,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  var child = require('child_process').execFile(command, function(err, stdout, stderr){",
                        "lineNumber": 20,
                        "lineChange": "added"
                      },
                      {
                        "line": "    if (err){",
                        "lineNumber": 21,
                        "lineChange": "none"
                      },
                      {
                        "line": "      error = 'return code: ' + err.code + ', signal: ' + err.signal;",
                        "lineNumber": 22,
                        "lineChange": "none"
                      },
                      {
                        "line": "\t\t}",
                        "lineNumber": 30,
                        "lineChange": "none"
                      },
                      {
                        "line": "\t});",
                        "lineNumber": 31,
                        "lineChange": "none"
                      },
                      {
                        "line": " child.stdin.write(JSON.stringify(req.body) + '\\n');",
                        "lineNumber": 32,
                        "lineChange": "added"
                      },
                      {
                        "line": " child.stdin.end();",
                        "lineNumber": 33,
                        "lineChange": "added"
                      },
                      {
                        "line": "}",
                        "lineNumber": 34,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/jupitex/sisyphe/commit/e20429a0dace6de8ce88a48aebb3548f0df16d21?diff=split#diff-78c12f5adc1848d13b1c6f07055d996eL2",
                    "lines": [
                      {
                        "line": "const cp = require('child_process');",
                        "lineNumber": 1,
                        "lineChange": "none"
                      },
                      {
                        "line": "var express = require('express');",
                        "lineNumber": 2,
                        "lineChange": "none"
                      },
                      {
                        "line": "var serveStatic = require('serve-static');",
                        "lineNumber": 3,
                        "lineChange": "none"
                      },
                      {
                        "line": "const { spawn } = require('child_process');",
                        "lineNumber": 8,
                        "lineChange": "none"
                      },
                      {
                        "line": "let sisyphe = null;",
                        "lineNumber": 9,
                        "lineChange": "none"
                      },
                      {
                        "line": "var app = express();",
                        "lineNumber": 10,
                        "lineChange": "none"
                      },
                      {
                        "line": "app.use(serveStatic(path.join(__dirname, 'out')));",
                        "lineNumber": 11,
                        "lineChange": "none"
                      },
                      {
                        "line": "app.use(bodyParser.json());",
                        "lineNumber": 12,
                        "lineChange": "none"
                      },
                      {
                        "line": "  res.send('stop');",
                        "lineNumber": 34,
                        "lineChange": "none"
                      },
                      {
                        "line": "});",
                        "lineNumber": 35,
                        "lineChange": "none"
                      },
                      {
                        "line": "app.post('/launch', async function (req, res) {",
                        "lineNumber": 36,
                        "lineChange": "none"
                      },
                      {
                        "line": "  if (!sisyphe) {",
                        "lineNumber": 37,
                        "lineChange": "none"
                      },
                      {
                        "line": "    console.log(`launch: ${req.body.command}`);",
                        "lineNumber": 38,
                        "lineChange": "none"
                      },
                      {
                        "line": "    res.send(true);",
                        "lineNumber": 39,
                        "lineChange": "none"
                      },
                      {
                        "line": "    sisyphe = cp.exec(`./app ${req.body.command}`, (error, stdout, stderr) => (sisyphe = null));",
                        "lineNumber": 40,
                        "lineChange": "removed"
                      },
                      {
                        "line": "    sisyphe = cp.spawn(`./app`, req.body.command.split(' '));",
                        "lineNumber": 40,
                        "lineChange": "added"
                      },
                      {
                        "line": "    sisyphe.stdout.pipe(process.stdout);",
                        "lineNumber": 41,
                        "lineChange": "added"
                      },
                      {
                        "line": "    sisyphe.on('exit', _=>{",
                        "lineNumber": 42,
                        "lineChange": "added"
                      },
                      {
                        "line": "} else {",
                        "lineNumber": 45,
                        "lineChange": "none"
                      },
                      {
                        "line": "  console.log('Already launch');",
                        "lineNumber": 46,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "Support multiple synclets for a provider.",
                  "Handle errors in spawn",
                  "Refactoring log command."
                ],
                "precision": "very-high",
                "repoDatasetSize": 54,
                "cwe": [
                  "CWE-78"
                ]
              }
            },
            {
              "id": "javascript/HardcodedNonCryptoSecret",
              "name": "HardcodedNonCryptoSecret",
              "shortDescription": {
                "text": "Hardcoded Secret"
              },
              "defaultConfiguration": {
                "level": "error"
              },
              "help": {
                "markdown": "## Details\n\nWhen constants are hard-coded into applications, this information could easily be reverse-engineered and become known to attackers. For example, if a breached authentication token is hard-coded in multiple places in the application, it may lead to components of the application remaining vulnerable if not all instances are changed.\nAnother negative effect of hard-coding constants is potential unpredictability in the application's performance if the development team fails to update every single instance of the hard-coded constant throughout the code. For these reasons, hard-coding security-relevant constants is considered bad coding practice and should be remedied if present and avoided in future.\n\n### Best practices for prevention\n- Never hard code security-related constants; use symbolic names or configuration lookup files.\n- As hard coding is often done by coders working alone on a small scale, examine all legacy code components and test carefully when scaling.\n- Adopt a \"future-proof code\" mindset: While use of constants may save a little time now and make development simpler in the short term, it could cost time and money adapting to scale or other unforeseen circumstances (such as new hardware) in the future.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "secret",
                  "config",
                  "session"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/krakenjs/lusca/commit/a871c0a7f2b6641fb882d2b902b0910f6ac60b7b?diff=split#diff-398ed3b014436a5204583323ea29320bL7",
                    "lines": [
                      {
                        "line": " ",
                        "lineNumber": 3,
                        "lineChange": "none"
                      },
                      {
                        "line": "var crypto = require('crypto');",
                        "lineNumber": 4,
                        "lineChange": "none"
                      },
                      {
                        "line": "var SECRET = '_csrfSecret';",
                        "lineNumber": 6,
                        "lineChange": "removed"
                      },
                      {
                        "line": "var SECRET;",
                        "lineNumber": 5,
                        "lineChange": "added"
                      },
                      {
                        "line": "var LENGTH = 10;",
                        "lineNumber": 7,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/TokenChingy/_api/commit/106bf1ec05469fe2de95798103053633460e114e?diff=split#diff-616fbd4ce6b2e7c62d261950deac3266L5",
                    "lines": [
                      {
                        "line": "const DB_CONFIG = {",
                        "lineNumber": 2,
                        "lineChange": "none"
                      },
                      {
                        "line": "  LOCATION: 'src/collections',",
                        "lineNumber": 3,
                        "lineChange": "none"
                      },
                      {
                        "line": "  SECRET: 'MY_SUPER_SECRET_KEY',",
                        "lineNumber": 4,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  SECRET: '',",
                        "lineNumber": 4,
                        "lineChange": "added"
                      },
                      {
                        "line": "  COLLECTIONS: [",
                        "lineNumber": 5,
                        "lineChange": "none"
                      },
                      {
                        "line": "    {",
                        "lineNumber": 6,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/spacecloud-io/space-cloud/commit/5aefde98ebe6d5c79b75bd1155cc620d0dae1b47?diff=split#diff-e70f3fa4bf814493fc8e99f3b7fb54c6L116",
                    "lines": [
                      {
                        "line": "name: name,",
                        "lineNumber": 128,
                        "lineChange": "none"
                      },
                      {
                        "line": "id: generateProjectId(name),",
                        "lineNumber": 129,
                        "lineChange": "none"
                      },
                      {
                        "line": "secret: 'some-secret',",
                        "lineNumber": 115,
                        "lineChange": "removed"
                      },
                      {
                        "line": "secret: generateId(),",
                        "lineNumber": 130,
                        "lineChange": "added"
                      },
                      {
                        "line": "modules: {",
                        "lineNumber": 131,
                        "lineChange": "none"
                      },
                      {
                        "line": "  crud: {",
                        "lineNumber": 132,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "Update tests so dev's can run without secret ()",
                  "use config for tests",
                  "More session support"
                ],
                "precision": "very-high",
                "repoDatasetSize": 615,
                "cwe": [
                  "CWE-547"
                ]
              }
            },
            {
              "id": "javascript/NoRateLimitingForExpensiveWebOperation",
              "name": "NoRateLimitingForExpensiveWebOperation",
              "shortDescription": {
                "text": "Allocation of Resources Without Limits or Throttling"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "help": {
                "markdown": "\n## Details\n\nWithout unlimited resources, software operating in the real world is inherently limited in the resources it may consume; similarly, servers are limited by the number of simultaneous sessions they can handle. Therefore, it is important for developers to design software that considers these real-world physical (or virtual) limitations and limits user sessions accordingly, both in terms of the number of user sessions and in the quantity of resources each user may demand. Software with this weakness does not include such limitations and as a result, individual user sessions may consume too many resources, leading to unintended software behavior including, potentially, denial of service. This can be compared to a single restaurant customer emptying out the entire buffet, leaving no food for other customers--or an entire busload mobbing the buffet all at once, with a similar effect. This may happen inadvertently or as a result of an attack by a malicious user.\n\n### Best practices for prevention\n* Test extensively to obtain baseline values indicating how the software performs in the real world under various conditions (normal and peak); use these values to determine reasonable software limits.\n* Set clear limits for all flexible parameters such as maximum allocable memory, number of processes within a given timeframe, file descriptors, requests per client, number of records per request, etc. This is particularly true for any parameters within user control.\n* Release all resources when no longer in use, including incorporating timeouts for inactive users, processes, and resources.\n* Familiarize Dev, Ops, and IT teams with best practices for recognizing and preventing DoS attacks and out-of-control resource allocation to prevent catastrophic failures.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "server",
                  "file",
                  "page"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/davidmerfield/Blot/commit/f2bcb51b129075c8ebe5c1c23fac36dee35e800c?diff=split#diff-c484f00c3bf8aafe373978f0aa951528L20",
                    "lines": [
                      {
                        "line": "var form = login.route('/');",
                        "lineNumber": 26,
                        "lineChange": "none"
                      },
                      {
                        "line": " ",
                        "lineNumber": 27,
                        "lineChange": "none"
                      },
                      {
                        "line": "form.all(limiter.prevent);",
                        "lineNumber": 28,
                        "lineChange": "added"
                      },
                      {
                        "line": "form.get(checkToken, function(req, res){",
                        "lineNumber": 30,
                        "lineChange": "none"
                      },
                      {
                        "line": "  res.render('log-in-email');",
                        "lineNumber": 31,
                        "lineChange": "none"
                      },
                      {
                        "line": "});",
                        "lineNumber": 32,
                        "lineChange": "none"
                      },
                      {
                        "line": "form.post(parse, checkEmail, checkReset, checkPassword);",
                        "lineNumber": 34,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/joelseq/SourceGrade/commit/d5e3f547a705162b51fa195747962ecf728a3e37?diff=split#diff-ea75b530d74f94670cea053feb8b961bL59",
                    "lines": [
                      {
                        "line": "} else {",
                        "lineNumber": 80,
                        "lineChange": "none"
                      },
                      {
                        "line": "  app.use(express.static(path.resolve(__dirname, '../dist')));",
                        "lineNumber": 81,
                        "lineChange": "none"
                      },
                      {
                        "line": "  app.get('*', function (req, res) {",
                        "lineNumber": 58,
                        "lineChange": "removed"
                      },
                      {
                        "line": "  app.get('*', (req, res) => {",
                        "lineNumber": 82,
                        "lineChange": "added"
                      },
                      {
                        "line": "    res.sendFile(path.resolve(__dirname, '../dist/index.html'));",
                        "lineNumber": 83,
                        "lineChange": "none"
                      },
                      {
                        "line": "    res.end();",
                        "lineNumber": 84,
                        "lineChange": "none"
                      },
                      {
                        "line": "  });",
                        "lineNumber": 85,
                        "lineChange": "none"
                      },
                      {
                        "line": "}",
                        "lineNumber": 86,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/gayanvoice/nodejs-graphql/commit/f97d733118ee13ef7eb716c3f3343a7ebc4fd648?diff=split#diff-78c12f5adc1848d13b1c6f07055d996eL140",
                    "lines": [
                      {
                        "line": "app.use(express.static(path.join(__dirname, 'client/build')));",
                        "lineNumber": 138,
                        "lineChange": "removed"
                      },
                      {
                        "line": "app.use(limiter, express.static(path.join(__dirname, 'client/build')));",
                        "lineNumber": 144,
                        "lineChange": "added"
                      },
                      {
                        "line": "app.get('*', function(req, res) {",
                        "lineNumber": 145,
                        "lineChange": "none"
                      },
                      {
                        "line": "    try{",
                        "lineNumber": 146,
                        "lineChange": "none"
                      },
                      {
                        "line": "        res.sendFile(path.join(__dirname, 'client/build', 'index.html'));",
                        "lineNumber": 147,
                        "lineChange": "none"
                      },
                      {
                        "line": "    } catch (e) {",
                        "lineNumber": 148,
                        "lineChange": "none"
                      },
                      {
                        "line": "        console.log(e);",
                        "lineNumber": 149,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "WIP Fix server tests.",
                  "* Fixed tests failing due to a renamed file.",
                  "* The end-to-end test now works up to the your-claims page."
                ],
                "precision": "very-high",
                "repoDatasetSize": 1163,
                "cwe": [
                  "CWE-770"
                ]
              }
            },
            {
              "id": "javascript/OR",
              "name": "OR",
              "shortDescription": {
                "text": "Open Redirect"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "help": {
                "markdown": "\n## Details\nAn open redirect attack takes place when a web application redirects the user to an unauthorized and untrusted site. In general, URL redirection refers to the ability of a website or application to redirect users to another site. This is often a benign and useful feature. For example, if a resource has moved to a new location, URL redirection can transfer the user to that location rather than displaying an error message.\nHowever, this ability can be exploited through social engineering, tricking the user into believing they are accessing one site when, in reality, they are being redirected to a dangerous site, such as a phishing site. Once there, the user may be further tricked into entering credentials or personally identifiable information (PII), believing they are still within the original, trusted domain. Attackers can then use these credentials to gain unauthorized access or leverage the user's PII for sale or ransom.\n\n### Best practices for prevention\n* When developing a site or web app, consider implementing a disclaimer page to remind users that they are leaving a secure site.\n* Adopt a zero-trust approach in which all input is treated with suspicion.\n* Validate all input against deny-lists to ensure it does not contain code to redirect the user. This method is good but inherently incomplete.\n* Be aware of all sources of untrusted input being sent to the server that could be used to redirect the user, such as cookies, URL components, filenames, query results, request headers, and more.\n* In particular, be aware of potential API calls that could send input indirectly to redirect the user.\n* To protect end users, use a firewall to block known malicious sites, train users to recognize basic signs of a phishing attack, and ensure that all network endpoints are patched with the most current updates.",
                "text": ""
              },
              "properties": {
                "tags": [
                  "javascript",
                  "maintenance",
                  "bug",
                  "news",
                  "redirect",
                  "pro"
                ],
                "categories": [
                  "Security"
                ],
                "exampleCommitFixes": [
                  {
                    "commitURL": "https://github.com/mobify/mobifyjs/commit/5ff57cb91175b64acfc11dc47ff6a3dd2632f15e?diff=split#diff-c522f931e200edb387e8e8ea6d630a80R6",
                    "lines": [
                      {
                        "line": "Mobify.points = [Date.now()];",
                        "lineNumber": 3,
                        "lineChange": "added"
                      },
                      {
                        "line": "Mobify.userAgent = window.navigator.userAgent;",
                        "lineNumber": 5,
                        "lineChange": "added"
                      },
                      {
                        "line": "Mobify.debug = function(line) {",
                        "lineNumber": 7,
                        "lineChange": "added"
                      },
                      {
                        "line": "    // Reload the page (location.reload has problems in FF)",
                        "lineNumber": 60,
                        "lineChange": "none"
                      },
                      {
                        "line": "    window.location = window.location.href;",
                        "lineNumber": 61,
                        "lineChange": "none"
                      },
                      {
                        "line": "};",
                        "lineNumber": 62,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/mayeaux/nodetube/commit/a10415070dea30826a673fbff4de0d9e87d49d54?diff=split#diff-a9a8d893a8463ac387317e02eec99c96L115",
                    "lines": [
                      {
                        "line": " // app.get(/\\/user\\/(.+)\\/live/, livestreamController.getLive);",
                        "lineNumber": 111,
                        "lineChange": "none"
                      },
                      {
                        "line": "/** redirect all routes to the pewtube.com equivalent **/",
                        "lineNumber": 113,
                        "lineChange": "removed"
                      },
                      {
                        "line": "app.get('*', function(req, res, next){",
                        "lineNumber": 114,
                        "lineChange": "none"
                      },
                      {
                        "line": "    return res.redirect(frontendAppUrl + req.path);",
                        "lineNumber": 118,
                        "lineChange": "none"
                      },
                      {
                        "line": "  });",
                        "lineNumber": 119,
                        "lineChange": "none"
                      },
                      {
                        "line": "}",
                        "lineNumber": 120,
                        "lineChange": "none"
                      }
                    ]
                  },
                  {
                    "commitURL": "https://github.com/bluemir/node-wikinote/commit/12378ee06830db457a9eac45399a18d3e721af5d?diff=split#diff-d199589ae6d729b34c26ac4aa837922dL32",
                    "lines": [
                      {
                        "line": "  })",
                        "lineNumber": 29,
                        "lineChange": "none"
                      },
                      {
                        "line": "}",
                        "lineNumber": 30,
                        "lineChange": "none"
                      },
                      {
                        "line": "wikiApp.save = function(req, res){",
                        "lineNumber": 31,
                        "lineChange": "none"
                      },
                      {
                        "line": "  var data = req.body.data;",
                        "lineNumber": 32,
                        "lineChange": "none"
                      },
                      {
                        "line": "  wikiFS.writeWiki(req.wikipath, data, req.user).then(function(){",
                        "lineNumber": 34,
                        "lineChange": "none"
                      },
                      {
                        "line": "    res.redirect(req.path);",
                        "lineNumber": 35,
                        "lineChange": "removed"
                      },
                      {
                        "line": "    res.redirect(303, req.path);",
                        "lineNumber": 35,
                        "lineChange": "added"
                      },
                      {
                        "line": "  }).fail(function(err){",
                        "lineNumber": 36,
                        "lineChange": "none"
                      },
                      {
                        "line": "    console.log(err);",
                        "lineNumber": 37,
                        "lineChange": "none"
                      }
                    ]
                  }
                ],
                "exampleCommitDescriptions": [
                  "added news files / cpagination chevron in own file",
                  "support absolute path redirection + adjustment of server-side redirection",
                  "added pro page folder"
                ],
                "precision": "very-high",
                "repoDatasetSize": 230,
                "cwe": [
                  "CWE-601"
                ]
              }
            }
          ]
        }
      },
      "results": [
        {
          "ruleId": "javascript/HttpToHttps",
          "ruleIndex": 1,
          "level": "warning",
          "message": {
            "text": "http (used in require) is an insecure protocol and should not be used in new code.",
            "markdown": "{0} (used in {1}) is an insecure protocol and should not be used in new code.",
            "arguments": [
              "[http](0)",
              "[require](1)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "app.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 12,
                  "endLine": 12,
                  "startColumn": 12,
                  "endColumn": 26
                }
              }
            }
          ],
          "fingerprints": {
            "0": "65c97aa4d6e154bd67e57be8f5e716753e24e81eb81f7e6a4a8566f586b55496",
            "1": "7a85a498.4773f344.607187b5.d7919eeb.f7b6c27c.5fce695c.fee35010.89d75565.7a85a498.4773f344.607187b5.d7919eeb.f7b6c27c.5fce695c.fee35010.89d75565"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "app.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 12,
                            "endLine": 12,
                            "startColumn": 20,
                            "endColumn": 25
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "app.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 12,
                            "endLine": 12,
                            "startColumn": 12,
                            "endColumn": 26
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 554,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/WebCookieSecureDisabledByDefault",
          "ruleIndex": 2,
          "level": "warning",
          "message": {
            "text": "Cookie misses the Secure attribute (it is false by default). Set it to true to protect the cookie from man-in-the-middle attacks.",
            "markdown": "{0} misses the Secure attribute (it is false by default). Set it to true to protect the cookie from man-in-the-middle attacks.",
            "arguments": [
              "[Cookie](0)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "app.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 45,
                  "endLine": 45,
                  "startColumn": 3,
                  "endColumn": 8
                }
              }
            }
          ],
          "fingerprints": {
            "0": "1149b3ac40e73cfe7c2612def2d5fb4f5daf79f943978c91a9caf0269a385a52",
            "1": "12567ef6.4773f344.126beb45.e052b9a9.79a7d027.fcf3002d.4d89694d.f5919d50.fc3065be.4773f344.44eded10.d7919eeb.79a7d027.5fce695c.df7e59ba.f5919d50"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "app.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 45,
                            "endLine": 45,
                            "startColumn": 3,
                            "endColumn": 8
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 554,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoHardcodedPasswords/test",
          "ruleIndex": 3,
          "level": "note",
          "message": {
            "text": "Do not hardcode passwords in code. Found hardcoded password used in changePassword.",
            "markdown": "Do not hardcode passwords in code. Found hardcoded password used in {0}.",
            "arguments": [
              "[changePassword](0)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "tests/authentication.component.spec.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 35,
                  "endLine": 35,
                  "startColumn": 28,
                  "endColumn": 42
                }
              }
            }
          ],
          "fingerprints": {
            "0": "3f872652a1efd77a0131906f9304901d81685660255b5b87185344a7782ac7e4",
            "1": "43e940cd.45cfe696.f0420b1d.0de66e91.ef9f7d82.bd719ca7.692e8c37.aad72eb6.2bfff803.4773f344.bd65d204.0de66e91.5bcab2b0.47912b0b.c8832359.aad72eb6"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "tests/authentication.component.spec.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 14,
                            "endLine": 14,
                            "startColumn": 7,
                            "endColumn": 25
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 408,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoHardcodedPasswords/test",
          "ruleIndex": 3,
          "level": "note",
          "message": {
            "text": "Do not hardcode passwords in code. Found hardcoded password used in changePassword.",
            "markdown": "Do not hardcode passwords in code. Found hardcoded password used in {0}.",
            "arguments": [
              "[changePassword](0)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "tests/authentication.component.spec.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 48,
                  "endLine": 48,
                  "startColumn": 28,
                  "endColumn": 42
                }
              }
            }
          ],
          "fingerprints": {
            "0": "452a522d40c16de2ebd3b56235eb1efaddcaa6ddcf09da513c965d522c4d13bc",
            "1": "43e940cd.45cfe696.f0420b1d.0de66e91.ef9f7d82.bd719ca7.692e8c37.aad72eb6.2bfff803.4773f344.bd65d204.0de66e91.5bcab2b0.47912b0b.c8832359.3b5775a7"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "tests/authentication.component.spec.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 14,
                            "endLine": 14,
                            "startColumn": 7,
                            "endColumn": 25
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 408,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoHardcodedPasswords",
          "ruleIndex": 5,
          "level": "warning",
          "message": {
            "text": "Do not hardcode passwords in code. Found hardcoded password used in typeorm.createConnection.",
            "markdown": "Do not hardcode passwords in code. Found hardcoded password used in {0}.",
            "arguments": [
              "[typeorm.createConnection](0)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "typeorm-db.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 12,
                  "endLine": 12,
                  "startColumn": 3,
                  "endColumn": 10
                }
              }
            }
          ],
          "fingerprints": {
            "0": "714f86014c4086a83e6ec5960f6b9e15a6bcbc65618ec26be52f928c28e1e54e",
            "1": "12567ef6.4773f344.bd65d204.e052b9a9.79a7d027.fcf3002d.ce4a9d89.2036d596.0d9a312e.4773f344.bd65d204.93494013.79a7d027.34a4d81a.3cc2afb5.7a8e32e9"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "typeorm-db.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 6,
                            "endLine": 6,
                            "startColumn": 1,
                            "endColumn": 24
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 558,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoHardcodedPasswords",
          "ruleIndex": 5,
          "level": "warning",
          "message": {
            "text": "Do not hardcode passwords in code. Found hardcoded password used in password.",
            "markdown": "Do not hardcode passwords in code. Found hardcoded password used in {0}.",
            "arguments": [
              "[password](0)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "mongoose-db.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 52,
                  "endLine": 52,
                  "startColumn": 43,
                  "endColumn": 50
                }
              }
            }
          ],
          "fingerprints": {
            "0": "bb47b7d48852e26400b10ea5fd18a79dda541ca243f28818319392ef255ca0c1",
            "1": "12567ef6.6d936dbf.bd65d204.fd94bb7c.79a7d027.fcf3002d.81d021f5.91c60b7d.12567ef6.6d936dbf.bd65d204.fd94bb7c.79a7d027.fcf3002d.81d021f5.91c60b7d"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "mongoose-db.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 52,
                            "endLine": 52,
                            "startColumn": 43,
                            "endColumn": 50
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 508,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileCodeFlow"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoHardcodedCredentials",
          "ruleIndex": 8,
          "level": "warning",
          "message": {
            "text": "Do not hardcode credentials in code. Found hardcoded credential used in typeorm.createConnection.",
            "markdown": "Do not hardcode credentials in code. Found hardcoded credential used in {0}.",
            "arguments": [
              "[typeorm.createConnection](0)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "typeorm-db.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 11,
                  "endLine": 11,
                  "startColumn": 3,
                  "endColumn": 10
                }
              }
            }
          ],
          "fingerprints": {
            "0": "4b7c3803820ba34684e825a2b41eff46f61fb0395fd6edba254171183b51c31c",
            "1": "12567ef6.4773f344.5db24211.e052b9a9.79a7d027.fcf3002d.ce4a9d89.5eeba349.0d9a312e.4773f344.bd65d204.93494013.79a7d027.34a4d81a.3cc2afb5.7a8e32e9"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "typeorm-db.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 6,
                            "endLine": 6,
                            "startColumn": 1,
                            "endColumn": 24
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 554,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/DisablePoweredBy",
          "ruleIndex": 9,
          "level": "warning",
          "message": {
            "text": "Disable X-Powered-By header for your Express app (consider using Helmet middleware), because it exposes information about the used framework to potential attackers.",
            "markdown": "Disable X-Powered-By header for your {0} (consider using Helmet middleware), because it exposes information about the used framework to potential attackers.",
            "arguments": [
              "[Express app](0)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "app.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 28,
                  "endLine": 28,
                  "startColumn": 11,
                  "endColumn": 19
                }
              }
            }
          ],
          "fingerprints": {
            "0": "ba401cc8208720acf3341d4840060ae653e0a179f636e3e31163f9c57d749503",
            "1": "ae77ea27.4773f344.607187b5.d7919eeb.a1fb1152.5fce695c.fee35010.89d75565.630e4ed1.4773f344.aa4dda5f.d7919eeb.f30fb760.49b28873.85bdc101.83642794"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "app.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 28,
                            "endLine": 28,
                            "startColumn": 11,
                            "endColumn": 19
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 554,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/Sqli",
          "ruleIndex": 10,
          "level": "error",
          "message": {
            "text": "Unsanitized input from the HTTP request body flows into find, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
            "markdown": "Unsanitized input from {0} {1} into {2}, where it is used in an SQL query. This may result in an SQL Injection vulnerability.",
            "arguments": [
              "[the HTTP request body](0)",
              "[flows](1),(2),(3),(4),(5)",
              "[find](6)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 39,
                  "endLine": 39,
                  "startColumn": 5,
                  "endColumn": 13
                }
              }
            }
          ],
          "fingerprints": {
            "0": "90e45b3929624a1afa5d50d5e2a4b6d662d6c79e155f7b0bf66b7dd7fac306e5",
            "1": "12567ef6.4773f344.7fde84c3.750eb3ec.cea4e9be.8020cfdf.cd61fc56.3cd69235.f759b1f9.4773f344.7fde84c3.08906714.3ee7338e.5fce695c.c0a0d45c.1ce8e212"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 38,
                            "endLine": 38,
                            "startColumn": 25,
                            "endColumn": 32
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 38,
                            "endLine": 38,
                            "startColumn": 25,
                            "endColumn": 32
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 2,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 39,
                            "endLine": 39,
                            "startColumn": 27,
                            "endColumn": 34
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 3,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 39,
                            "endLine": 39,
                            "startColumn": 56,
                            "endColumn": 63
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 4,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 39,
                            "endLine": 39,
                            "startColumn": 46,
                            "endColumn": 53
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 5,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 39,
                            "endLine": 39,
                            "startColumn": 15,
                            "endColumn": 74
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 6,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 39,
                            "endLine": 39,
                            "startColumn": 5,
                            "endColumn": 13
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 804,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/XSS",
          "ruleIndex": 11,
          "level": "error",
          "message": {
            "text": "Unsanitized input from the HTTP request body flows into send, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).",
            "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).",
            "arguments": [
              "[the HTTP request body](0)",
              "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21)",
              "[send](22)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 184,
                  "endLine": 184,
                  "startColumn": 5,
                  "endColumn": 24
                }
              }
            }
          ],
          "fingerprints": {
            "0": "7de190140c9000bab4858906078e2baa6a32b73936cf8ca1574bc639e955469a",
            "1": "f0155d5f.4773f344.a32ed1a1.5e127924.b0f6e810.e9c60572.cd61fc56.7b9afb6b.6849fe68.7f46b8bf.b3570a8d.08906714.3f452f8c.97d5e2e9.f0256597.46608d7c"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 155,
                            "endLine": 155,
                            "startColumn": 14,
                            "endColumn": 21
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 155,
                            "endLine": 155,
                            "startColumn": 14,
                            "endColumn": 21
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 2,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 155,
                            "endLine": 155,
                            "startColumn": 7,
                            "endColumn": 10
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 3,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 157,
                            "endLine": 157,
                            "startColumn": 15,
                            "endColumn": 18
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 4,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 157,
                            "endLine": 157,
                            "startColumn": 36,
                            "endColumn": 39
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 5,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 169,
                            "endLine": 169,
                            "startColumn": 18,
                            "endColumn": 21
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 6,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 130,
                            "endLine": 130,
                            "startColumn": 16,
                            "endColumn": 19
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 7,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 131,
                            "endLine": 131,
                            "startColumn": 11,
                            "endColumn": 14
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 8,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 131,
                            "endLine": 131,
                            "startColumn": 7,
                            "endColumn": 7
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 9,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 134,
                            "endLine": 134,
                            "startColumn": 18,
                            "endColumn": 18
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 10,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 136,
                            "endLine": 136,
                            "startColumn": 16,
                            "endColumn": 16
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 11,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 144,
                            "endLine": 144,
                            "startColumn": 9,
                            "endColumn": 9
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 12,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 144,
                            "endLine": 144,
                            "startColumn": 9,
                            "endColumn": 15
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 13,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 146,
                            "endLine": 146,
                            "startColumn": 7,
                            "endColumn": 7
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 14,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 149,
                            "endLine": 149,
                            "startColumn": 10,
                            "endColumn": 10
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 15,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 173,
                            "endLine": 173,
                            "startColumn": 14,
                            "endColumn": 17
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 16,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 173,
                            "endLine": 173,
                            "startColumn": 5,
                            "endColumn": 11
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 17,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 175,
                            "endLine": 175,
                            "startColumn": 26,
                            "endColumn": 29
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 18,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 184,
                            "endLine": 184,
                            "startColumn": 26,
                            "endColumn": 29
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 19,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 184,
                            "endLine": 184,
                            "startColumn": 26,
                            "endColumn": 37
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 20,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 184,
                            "endLine": 184,
                            "startColumn": 26,
                            "endColumn": 46
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 21,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 184,
                            "endLine": 184,
                            "startColumn": 26,
                            "endColumn": 56
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 22,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 184,
                            "endLine": 184,
                            "startColumn": 5,
                            "endColumn": 24
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 904,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              },
              {
                "label": true,
                "type": "commonlyFixed"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/CommandInjection",
          "ruleIndex": 12,
          "level": "error",
          "message": {
            "text": "Unsanitized input from the HTTP request body flows into child_process.exec, where it is used to build a shell command. This may result in a Command Injection vulnerability.",
            "markdown": "Unsanitized input from {0} {1} into {2}, where it is used to build a shell command. This may result in a Command Injection vulnerability.",
            "arguments": [
              "[the HTTP request body](0)",
              "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11)",
              "[child_process.exec](12)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 161,
                  "endLine": 161,
                  "startColumn": 5,
                  "endColumn": 26
                }
              }
            }
          ],
          "fingerprints": {
            "0": "34506044d505a783d7894916feb606ff72247b357fc7d0f45e90913d2ab2f752",
            "1": "8981fa39.4773f344.c2905f73.7da15f0a.b6be8b13.2f4e1548.cd61fc56.b20a940a.6849fe68.4773f344.b3570a8d.08906714.3f452f8c.97d5e2e9.83265159.f51872e4"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 155,
                            "endLine": 155,
                            "startColumn": 14,
                            "endColumn": 21
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 155,
                            "endLine": 155,
                            "startColumn": 14,
                            "endColumn": 21
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 2,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 155,
                            "endLine": 155,
                            "startColumn": 7,
                            "endColumn": 10
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 3,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 157,
                            "endLine": 157,
                            "startColumn": 15,
                            "endColumn": 18
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 4,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 157,
                            "endLine": 157,
                            "startColumn": 36,
                            "endColumn": 39
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 5,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 158,
                            "endLine": 158,
                            "startColumn": 15,
                            "endColumn": 18
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 6,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 158,
                            "endLine": 158,
                            "startColumn": 15,
                            "endColumn": 24
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 7,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 158,
                            "endLine": 158,
                            "startColumn": 15,
                            "endColumn": 34
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 8,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 158,
                            "endLine": 158,
                            "startColumn": 9,
                            "endColumn": 11
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 9,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 159,
                            "endLine": 159,
                            "startColumn": 33,
                            "endColumn": 35
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 10,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 161,
                            "endLine": 161,
                            "startColumn": 24,
                            "endColumn": 26
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 11,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 161,
                            "endLine": 161,
                            "startColumn": 10,
                            "endColumn": 26
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 12,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 161,
                            "endLine": 161,
                            "startColumn": 5,
                            "endColumn": 26
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 804,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/HardcodedNonCryptoSecret",
          "ruleIndex": 13,
          "level": "error",
          "message": {
            "text": "Avoid hardcoding values that are meant to be secret. Found a hardcoded string used in express-session.",
            "markdown": "Avoid hardcoding values that are meant to be secret. Found {0} used in {1}.",
            "arguments": [
              "[a hardcoded string](0)",
              "[express-session](1)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "app.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 42,
                  "endLine": 42,
                  "startColumn": 9,
                  "endColumn": 15
                }
              }
            }
          ],
          "fingerprints": {
            "0": "260c5be6525ea2ff697cf1389e59aae276a6ab5b8fda6d27e2e2b82b7b89c111",
            "1": "fc3065be.4773f344.607187b5.e052b9a9.79a7d027.fcf3002d.a56a8b5b.4a974edb.fc3065be.4773f344.44eded10.d7919eeb.79a7d027.5fce695c.df7e59ba.f5919d50"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "app.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 43,
                            "endLine": 43,
                            "startColumn": 11,
                            "endColumn": 24
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "app.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 42,
                            "endLine": 42,
                            "startColumn": 9,
                            "endColumn": 15
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 808,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/HardcodedNonCryptoSecret",
          "ruleIndex": 13,
          "level": "error",
          "message": {
            "text": "Avoid hardcoding values that are meant to be secret. Found a hardcoded string used in here.",
            "markdown": "Avoid hardcoding values that are meant to be secret. Found {0} used in {1}.",
            "arguments": [
              "[a hardcoded string](0)",
              "[here](1)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "app.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 83,
                  "endLine": 83,
                  "startColumn": 5,
                  "endColumn": 9
                }
              }
            }
          ],
          "fingerprints": {
            "0": "a5e1e90f016405b994489f8ca086788c3cfd8d286b1b264cfab1a20e4b1fb98d",
            "1": "46b7c801.8e456e36.642d3d87.72a8f743.a46de81d.5fce695c.fee35010.89d75565.46b7c801.8e456e36.642d3d87.72a8f743.a46de81d.5fce695c.fee35010.89d75565"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "app.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 83,
                            "endLine": 83,
                            "startColumn": 13,
                            "endColumn": 66
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "app.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 83,
                            "endLine": 83,
                            "startColumn": 5,
                            "endColumn": 9
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 808,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation",
          "ruleIndex": 14,
          "level": "warning",
          "message": {
            "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "arguments": [
              "[endpoint handler](0)",
              "[a file system operation](1)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 67,
                  "endLine": 73,
                  "startColumn": 17,
                  "endColumn": 1
                }
              }
            }
          ],
          "fingerprints": {
            "0": "deaa65f8905ea27db40e9520e38b546e8d6f420bf689cd8f6565a18a9b71e49d",
            "1": "ae77ea27.4773f344.607187b5.c559ebce.e8c4f0e7.5fce695c.83265159.89d75565.ae77ea27.4773f344.607187b5.c559ebce.e8c4f0e7.5fce695c.83265159.89d75565"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 67,
                            "endLine": 73,
                            "startColumn": 17,
                            "endColumn": 1
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 68,
                            "endLine": 68,
                            "startColumn": 21,
                            "endColumn": 27
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 679,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              },
              {
                "label": true,
                "type": "commonlyFixed"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation",
          "ruleIndex": 14,
          "level": "warning",
          "message": {
            "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "arguments": [
              "[endpoint handler](0)",
              "[a file system operation](1)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 75,
                  "endLine": 80,
                  "startColumn": 17,
                  "endColumn": 1
                }
              }
            }
          ],
          "fingerprints": {
            "0": "0b3106c9ce55d4ffd3afe2643805271fdae09c28e5e344022ce2fa9ef31ddb0f",
            "1": "1b97e34f.4773f344.b7ecf34b.c559ebce.fd1fa73f.5fce695c.83265159.89d75565.1b97e34f.4773f344.b7ecf34b.c559ebce.fd1fa73f.5fce695c.83265159.89d75565"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 75,
                            "endLine": 80,
                            "startColumn": 17,
                            "endColumn": 1
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 76,
                            "endLine": 76,
                            "startColumn": 21,
                            "endColumn": 27
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 679,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              },
              {
                "label": true,
                "type": "commonlyFixed"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation",
          "ruleIndex": 14,
          "level": "warning",
          "message": {
            "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "arguments": [
              "[endpoint handler](0)",
              "[a file system operation](1)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 82,
                  "endLine": 87,
                  "startColumn": 31,
                  "endColumn": 1
                }
              }
            }
          ],
          "fingerprints": {
            "0": "32b7daba719f6c158533c93b8745022ed1acd597537d5595594dfbb98ea02589",
            "1": "ae77ea27.4773f344.8b18f948.c559ebce.69933721.5fce695c.83265159.89d75565.ae77ea27.4773f344.8b18f948.c559ebce.69933721.5fce695c.83265159.89d75565"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 82,
                            "endLine": 87,
                            "startColumn": 31,
                            "endColumn": 1
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 86,
                            "endLine": 86,
                            "startColumn": 21,
                            "endColumn": 33
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 679,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              },
              {
                "label": true,
                "type": "commonlyFixed"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation",
          "ruleIndex": 14,
          "level": "warning",
          "message": {
            "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "arguments": [
              "[endpoint handler](0)",
              "[a file system operation](1)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 89,
                  "endLine": 113,
                  "startColumn": 32,
                  "endColumn": 1
                }
              }
            }
          ],
          "fingerprints": {
            "0": "946646546f6c9b27fc3e5a8ade476af08d244fe68fe3315994f120269fb51d65",
            "1": "ae77ea27.9c6e2949.6bb8eed2.c559ebce.fd1fa73f.5fce695c.83265159.89d75565.ae77ea27.4773f344.6bb8eed2.c559ebce.5db1563f.5fce695c.83265159.89d75565"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 89,
                            "endLine": 113,
                            "startColumn": 32,
                            "endColumn": 1
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 111,
                            "endLine": 111,
                            "startColumn": 23,
                            "endColumn": 35
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 679,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              },
              {
                "label": true,
                "type": "commonlyFixed"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation",
          "ruleIndex": 14,
          "level": "warning",
          "message": {
            "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "arguments": [
              "[endpoint handler](0)",
              "[a file system operation](1)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 241,
                  "endLine": 296,
                  "startColumn": 18,
                  "endColumn": 1
                }
              }
            }
          ],
          "fingerprints": {
            "0": "81b799790c8010b8134f7d9376014e496a8616d6b8eb87e155781df27419c60e",
            "1": "ae77ea27.9c6e2949.98501263.c559ebce.fd1fa73f.5fce695c.83265159.89d75565.c3f8dfad.4773f344.1ec824b2.c559ebce.546471fb.5fce695c.83265159.2f05c567"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 241,
                            "endLine": 296,
                            "startColumn": 18,
                            "endColumn": 1
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 259,
                            "endLine": 259,
                            "startColumn": 17,
                            "endColumn": 28
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 679,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              },
              {
                "label": true,
                "type": "commonlyFixed"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation",
          "ruleIndex": 14,
          "level": "warning",
          "message": {
            "text": "This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "arguments": [
              "[endpoint handler](0)",
              "[a file system operation](1)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 298,
                  "endLine": 306,
                  "startColumn": 21,
                  "endColumn": 1
                }
              }
            }
          ],
          "fingerprints": {
            "0": "7027e293ec9264ae98b1c1b6182c6e740ce58355f39d8ee9adad329f7d97ec8b",
            "1": "ae77ea27.4773f344.607187b5.1c17f46e.93e94ad5.5fce695c.83265159.89d75565.ae77ea27.4773f344.607187b5.1c17f46e.93e94ad5.5fce695c.83265159.89d75565"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 298,
                            "endLine": 306,
                            "startColumn": 21,
                            "endColumn": 1
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 300,
                            "endLine": 300,
                            "startColumn": 21,
                            "endColumn": 36
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 679,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              },
              {
                "label": true,
                "type": "commonlyFixed"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/NoRateLimitingForExpensiveWebOperation",
          "ruleIndex": 14,
          "level": "warning",
          "message": {
            "text": "This endpoint handler performs a system command execution and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "markdown": "This {0} performs {1} and does not use a rate-limiting mechanism. It may enable the attackers to perform Denial-of-service attacks. Consider using a rate-limiting middleware such as express-limit.",
            "arguments": [
              "[endpoint handler](0)",
              "[a system command execution](1)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 152,
                  "endLine": 188,
                  "startColumn": 18,
                  "endColumn": 1
                }
              }
            }
          ],
          "fingerprints": {
            "0": "0d61c66c3135e5a7995ac71c65afbb8110287948ec6e5fc22e40b39264cbd244",
            "1": "a3c051e6.9c6e2949.98501263.c559ebce.b5c66366.5fce695c.83265159.89d75565.a3c051e6.4773f344.c2905f73.c559ebce.b6be8b13.5fce695c.83265159.89d75565"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 152,
                            "endLine": 188,
                            "startColumn": 18,
                            "endColumn": 1
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 161,
                            "endLine": 161,
                            "startColumn": 10,
                            "endColumn": 26
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 679,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "multipleOccurrence"
              },
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              },
              {
                "label": true,
                "type": "commonlyFixed"
              }
            ]
          }
        },
        {
          "ruleId": "javascript/OR",
          "ruleIndex": 15,
          "level": "warning",
          "message": {
            "text": "Unsanitized input from the HTTP request body flows into redirect, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.",
            "markdown": "Unsanitized input from {0} {1} into {2}, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.",
            "arguments": [
              "[the HTTP request body](0)",
              "[flows](1),(2),(3),(4),(5),(6),(7)",
              "[redirect](8)"
            ]
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "routes/index.js",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 61,
                  "endLine": 61,
                  "startColumn": 14,
                  "endColumn": 25
                }
              }
            }
          ],
          "fingerprints": {
            "0": "1772dfcbd0355b156b265344af281f40e82f6933db41d9af26b1f1595660469a",
            "1": "3900f8ff.4773f344.1ec824b2.9cb80fc2.ef9f7d82.8020cfdf.83265159.355f69ac.f759b1f9.4773f344.1ec824b2.08906714.3ee7338e.5fce695c.83265159.89d75565"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "id": 0,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 43,
                            "endLine": 43,
                            "startColumn": 26,
                            "endColumn": 33
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 1,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 43,
                            "endLine": 43,
                            "startColumn": 26,
                            "endColumn": 33
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 2,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 41,
                            "endLine": 41,
                            "startColumn": 30,
                            "endColumn": 37
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 3,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 41,
                            "endLine": 41,
                            "startColumn": 15,
                            "endColumn": 26
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 4,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 44,
                            "endLine": 44,
                            "startColumn": 34,
                            "endColumn": 45
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 5,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 54,
                            "endLine": 54,
                            "startColumn": 28,
                            "endColumn": 39
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 6,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 60,
                            "endLine": 60,
                            "startColumn": 7,
                            "endColumn": 18
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 7,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 61,
                            "endLine": 61,
                            "startColumn": 27,
                            "endColumn": 38
                          }
                        }
                      }
                    },
                    {
                      "location": {
                        "id": 8,
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "routes/index.js",
                            "uriBaseId": "%SRCROOT%"
                          },
                          "region": {
                            "startLine": 61,
                            "endLine": 61,
                            "startColumn": 14,
                            "endColumn": 25
                          }
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "properties": {
            "priorityScore": 554,
            "priorityScoreFactors": [
              {
                "label": true,
                "type": "hotFileSource"
              },
              {
                "label": true,
                "type": "fixExamples"
              }
            ]
          }
        }
      ],
      "properties": {
        "coverage": [
          {
            "files": 10,
            "isSupported": true,
            "lang": "JavaScript"
          },
          {
            "files": 2,
            "isSupported": true,
            "lang": "HTML"
          },
          {
            "files": 4,
            "isSupported": true,
            "lang": "EJS"
          }
        ]
      }
    }
  ]
}