SE OR PERFORMANCE OF THIS SOFTWARE.









//**
MIT License
https://spdx.org/licenses/MIT.json
https://opensource.org/licenses/MIT
https://fedoraproject.org/wiki/Licensing:MIT
**//
(( MIT License))??
//**Copyright**//


Permission is hereby granted,
((free of charge))??
to any person obtaining a copy of
__7__ //** (allow parenthetical descriptions) **//
((and associated documentation files))??
the
((Software || Materials))
to deal in the
((Software || Materials))
((under the copyrights))??
((without restriction))??
including
((without limitation))??
the rights
((to))??
use, copy, modify, merge, publish, distribute,
((sublicense))??
and/or
((sell))??
((modified))??
copies of the
((Software || Materials))
and to permit persons to whom the
((Software is || Materials are))
furnished to do so,

subject to
((the following || all))
conditions:


__1__
((
	The above
	((copyright || authorship))
	notice
	(( and this permission notice
		((including the next paragraph))??
	|| as well as this permission notice
	|| this permission notice, and the below disclaimer
	|| and every other copyright notice found in this software,
		and all the attributions in every file, and this permission notice
	|| and this permission notice (or reference to this permission notice) ))
||
	This permission notice
))
((must || shall))
be included in all
copies
or
((substantial || any))??
portions of the
((Software || Materials))


((DISCLAIMER))??
((2.))??

THE
((SOFTWARE || MATERIALS))
IS PROVIDED "AS IS",
WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO
THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT.
IN NO EVENT
((SHALL || WILL))
__5__ BE LIABLE
FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT,
((TORT || FART))
OR OTHERWISE,
ARISING FROM, OUT OF OR
((IN || I))
CONNECTION WITH
((TE || THE))
((SOFTWARE || MATERIALS))
OR THE USE OR OTHER DEALINGS IN
((THE
	((SOFTWARE || MATERIALS))
))??









//**
Universal Permissive License v1.0
https://spdx.org/licenses/UPL-1.0.json
https://opensource.org/licenses/UPL
**//

//** Copyright **//

(( The Universal Permissive License (UPL), Version 1.0 ))??

Subject to the condition set forth below, permission is hereby granted to any
person obtaining a copy of this software, associated documentation and/or data
(collectively the "Software"), free of charge and under any and all copyright
rights in the Software, and any and all patent rights owned or freely licensable
by each licensor hereunder covering either (i) the unmodified Software as
contributed to or provided by such licensor, or (ii) the Larger Works (as
defined below), to deal in both

   (( (a) ))??
   the Software, and

   (( (b) ))??
   any piece of software and/or hardware listed in the lrgrwrks.txt file if one
   is included with the Software (each a "Larger Work" to which the Software is
   contributed by such licensors),

without restriction, including without limitation the rights to copy, create
derivative works of, display, perform, and distribute the Software and make,
use, sell, offer for sale, import, export, have made, and have sold the Software
and the Larger Work(s), and to sublicense the foregoing rights on either these
or other terms.

This license is subject to the following condition:

The above copyright notice and either this complete permission notice or at a
minimum a reference to the UPL must be included in all copies or substantial
portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.



Permission is hereby granted,
((free of charge))??
to any person obtaining a copy of
__7__ //** (allow parenthetical descriptions) **//
((and associated documentation files))??
the
((Software || Materials))
to deal in the
((Software || Materials))
((under the copyrights))??
((without restriction))??
including
((without limitation))??
the rights
((to))??
use, copy, modify, merge, publish, distribute,
((sublicense))??
and/or
((sell))??
((modified))??
copies of the
((Software || Materials))
and to permit persons to whom the
((Software is || Materials are))
furnished to do so,

subject to
((the following || all))
conditions:


__1__
((
	The above
	((copyright || authorship))
	notice
	(( and this permission notice
		((including the next paragraph))??
	|| as well as this permission notice
	|| this permission notice, and the below disclaimer
	|| and every other copyright notice found in this software,
		and all the attributions in every file, and this permission notice
	|| and this permission notice (or reference to this permission notice) ))
||
	This permission notice
))
((must || shall))
be included in all
copies
or
((substantial || any))??
portions of the
((Software || Materials))


Except as contained in this notice, the
((name || names))
__10__
shall not be used in advertising or otherwise
to promote the sale, use or other dealings in this Software
without prior written authorization
((
	((of || from))
	__10__
))??


((DISCLAIMER))??
((2.))??

THE
((SOFTWARE || MATERIALS))
IS PROVIDED "AS IS",
WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO
THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT.
IN NO EVENT
((SHALL || WILL))
__5__ BE LIABLE
FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT,
((TORT || FART))
OR OTHERWISE,
ARISING FROM, OUT OF OR
((IN || I))
CONNECTION WITH
((TE || THE))
((SOFTWARE || MATERIALS))
OR THE USE OR OTHER DEALINGS IN
((THE
	((SOFTWARE || MATERIALS))
))??

//**
W3C Software Notice and Document License (2015-05-13)
https://spdx.org/licenses/W3C-20150513.json
https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document
**//

This work is being provided by the copyright holders under the following
license.

License

By obtaining and/or copying this work, you (the licensee) agree that you have
read, understood, and will comply with the following terms and conditions.

Permission to copy, modify, and distribute this work, with or without
modification, for any purpose and without fee or royalty is hereby granted,
provided that you include the following on ALL copies of the work or portions
thereof, including modifications:

   •
   The full text of this NOTICE in a location viewable to users of the
   redistributed or derivative work.

   •
   Any pre-existing intellectual property disclaimers, notices, or terms and
   conditions. If none exist, the W3C Software and Document Short Notice should
   be included.

   •
   Notice of any changes or modifications, through a copyright statement on the
   new code or document such as "This software or document includes material
   copied from or derived from [title and URI of the W3C document]. Copyright
   (c) [YEAR] W3C® (MIT, ERCIM, Keio, Beihang)."

Disclaimers

THIS WORK IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO REPRESENTATIONS OR
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE
SOFTWARE OR DOCUMENT WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS,
TRADEMARKS OR OTHER RIGHTS.

COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE SOFTWARE OR DOCUMENT.

The name and trademarks of copyright holders may NOT be used in advertising or
publicity pertaining to the work without specific, written prior permission.
Title to copyright in this work will at all times remain with copyright holders.
Checkmarx Static Application Security Testing (SAST) detected the %s vulnerability within the provided %s code snippet. 
The attack vector is presented by code snippets annotated by comments in the form `//SAST Node #X: element (element-type)` where X is 
the node index in the result, `element` is the name of the element through which the data flows, and the `element-type` is it's type. 
The first and last nodes are indicated by `(input ...)` and `(output ...)` respectively:
```
%s
```
Please review the code above and provide a confidence score ranging from 0 to 100. 
A score of 0 means you believe the result is completely incorrect, unexploitable, and a false positive. 
A score of 100 means you believe the result is completely correct, exploitable, and a true positive.
 
Instructions for confidence score computation:
 
1. The confidence score of a vulnerability which can be done from the Internet is much higher than from the local console.
2. The confidence score of a vulnerability which can be done by anonymous user is much higher than of an authenticated user.
3. The confidence score of a vulnerability with a vector starting with a stored input (like from files/db etc) cannot be more than 50. 
This is also known as a second-order vulnerability
4. Pay your special attention to the first and last code snippet - whether a specific vulnerability found by Checkmarx SAST can start/occur here, 
or it's a false positive.
5. If you don't find enough evidence about a vulnerability, just lower the score.
6. If you are not sure, just lower the confidence - we don't want to have false positive results with a high confidence score.
 
Please provide a brief explanation for your confidence score, don't mention all the instruction above.

Next, please provide code that remediates the vulnerability so that a developer can copy paste instead of the snippet above.
 
Your analysis MUST be presented in the following format:
**CONFIDENCE:**number

**EXPLANATION:**short_text

**PROPOSED REMEDIATION:**:fixed_snippet