<!--?xml version="1.0" encoding="UTF-8"?-->
<rulepack xmlns="xmlns://www.fortifysoftware.com/schema/rules">
<rulepackid>71533521-60C3-4277-884C-F477991F7F2F</rulepackid>
<sku>SKU-D:\esvali_sca_custom-rules</sku>
<name><!--[CDATA[D:\esvalii_sca_cleanse_rules]]--></name>
<version>1.0</version>
<description><!--[CDATA[]]--></description>
<rules version="16.10">
<ruledefinitions>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>688C602B-84E2-4D07-9559-30A1AC1402F3</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>StringUtils</pattern>
</classname>
<functionname>
<pattern>headerFilter</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>4EAEF0E2-E29D-4340-A510-3CF9A01979C4</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>StringUtils</pattern>
</classname>
<functionname>
<pattern>XSSFilter</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>CC8F1BA4-061F-464C-AE03-79F1312C84D7</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>StringUtils</pattern>
</classname>
<functionname>
<pattern>filePathFilter</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>DD48C1E6-1D53-4C98-B71A-C4F146BB30FE</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>StringUtils</pattern>
</classname>
<functionname>
<pattern>headerFilter</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>58AEEAF9-4886-4C58-A94C-376F54456840</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>StringUtils</pattern>
</classname>
<functionname>
<pattern>fileNameFilter</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>B3453EB6-244B-45D7-BDCC-4A677EA451C9</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>DownloadUtil</pattern>
</classname>
<functionname>
<pattern>fileNameReplaceAll</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>FC30CED0-E3C8-44E4-B5ED-C7D1C43A7CF2</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>DownloadUtil</pattern>
</classname>
<functionname>
<pattern>headerReplaceAll</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>58B194A3-BFA0-409C-A1F0-1F4AA9DF2E7B</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>XssUtil</pattern>
</classname>
<functionname>
<pattern>XSSFilter</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>DC10D86E-BFAE-497E-9D0D-814D0A06A047</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>EgovWebUtil</pattern>
</classname>
<functionname>
<pattern>filePathReplaceAll</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>56A7473C-04C6-465F-A3E8-AF9CCBE6C870</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>StringUtil</pattern>
</classname>
<functionname>
<pattern>xssReplace</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>3B647ADC-CC1C-4C2F-815C-9B929F60CAB4</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>StringUtil</pattern>
</classname>
<functionname>
<pattern>CRLFFilter</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>ABB74890-7846-4725-9B81-10439B3B3D3A</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>SecureUtil</pattern>
</classname>
<functionname>
<pattern>XSSFilter</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>60B6FE54-9791-4873-BEAD-0375655D2819</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>SecureUtil</pattern>
</classname>
<functionname>
<pattern>fileNameFilter</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>B52135E7-150B-4CDE-9230-D024A05E2B91</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>SecureUtil</pattern>
</classname>
<functionname>
<pattern>filePathFilter</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>EA50C70C-D0EB-41F6-9628-07064E665722</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>StringUtils</pattern>
</classname>
<functionname>
<pattern>fileNameFilterExtLink</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.10" language="java">
<ruleid>5D94E993-C459-4F6A-B6CE-9A1891AAD498</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>.*</pattern>
</classname>
<functionname>
<pattern>fn_xss</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.20" language="java">
<ruleid>D249DD01-343C-46DE-8AC8-C9D108D56F6A</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>XssUtil</pattern>
</classname>
<functionname>
<pattern>cleanXSS</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.20" language="java">
<ruleid>0F94075F-D0F5-41CD-A13A-76B2449A6075</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>XssUtil</pattern>
</classname>
<functionname>
<pattern>cleanXSSForFileName</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
<dataflowcleanserule formatversion="16.20" language="java">
<ruleid>772D7DA1-C989-4E33-B298-1CD0D994AFCC</ruleid>
<notes><!--[CDATA[고객사 소스코드 보안취약점 진단의 정확성 개선을 위해 고객사의 시큐어 메써드를 예외조치 하는 MicroFocus Fortify SCA 커스텀 룰.]]--></notes>
<taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION</taintflags>
<functionidentifier>
<namespacename>
<pattern>.*</pattern>
</namespacename>
<classname>
<pattern>XssUtil </pattern>
</classname>
<functionname>
<pattern>xssCheck</pattern>
</functionname>
<applyto implements="true" overrides="true" extends="true">
</applyto></functionidentifier>
<outarguments>return</outarguments>
</dataflowcleanserule>
</ruledefinitions>
</rules>
</rulepack>
