{"id":983,"date":"2019-07-10T21:39:13","date_gmt":"2019-07-10T12:39:13","guid":{"rendered":"\/blog\/?p=983"},"modified":"2023-09-21T09:26:51","modified_gmt":"2023-09-21T00:26:51","slug":"fortify-custom-rule-dataflowcleanserule%ed%95%a8%ec%88%98%ec%98%88%ec%99%b8%ec%b2%98%eb%a6%ac-%ec%83%98%ed%94%8c","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=983","title":{"rendered":"[Fortify] Custom Rule-DataflowCleanseRule(\ud568\uc218\uc608\uc678\ucc98\ub9ac) \uc0d8\ud50c"},"content":{"rendered":"\n
<!--?xml version=\"1.0\" encoding=\"UTF-8\"?-->\n<rulepack xmlns=\"xmlns:\/\/www.fortifysoftware.com\/schema\/rules\">\n    <rulepackid>71533521-60C3-4277-884C-F477991F7F2F<\/rulepackid>\n    <sku>SKU-D:\\esvali_sca_custom-rules<\/sku>\n    <name><!--[CDATA[D:\\esvalii_sca_cleanse_rules]]--><\/name>\n    <version>1.0<\/version>\n    <description><!--[CDATA[]]--><\/description>\n    <rules version=\"16.10\">\n        <ruledefinitions>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>688C602B-84E2-4D07-9559-30A1AC1402F3<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>StringUtils<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>headerFilter<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>4EAEF0E2-E29D-4340-A510-3CF9A01979C4<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>StringUtils<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>XSSFilter<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>CC8F1BA4-061F-464C-AE03-79F1312C84D7<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>StringUtils<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>filePathFilter<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>DD48C1E6-1D53-4C98-B71A-C4F146BB30FE<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>StringUtils<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>headerFilter<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>58AEEAF9-4886-4C58-A94C-376F54456840<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>StringUtils<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>fileNameFilter<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>B3453EB6-244B-45D7-BDCC-4A677EA451C9<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>DownloadUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>fileNameReplaceAll<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>FC30CED0-E3C8-44E4-B5ED-C7D1C43A7CF2<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>DownloadUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>headerReplaceAll<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>58B194A3-BFA0-409C-A1F0-1F4AA9DF2E7B<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>XssUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>XSSFilter<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>DC10D86E-BFAE-497E-9D0D-814D0A06A047<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>EgovWebUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>filePathReplaceAll<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>56A7473C-04C6-465F-A3E8-AF9CCBE6C870<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>StringUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>xssReplace<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>3B647ADC-CC1C-4C2F-815C-9B929F60CAB4<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>StringUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>CRLFFilter<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>ABB74890-7846-4725-9B81-10439B3B3D3A<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>SecureUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>XSSFilter<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>60B6FE54-9791-4873-BEAD-0375655D2819<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>SecureUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>fileNameFilter<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>B52135E7-150B-4CDE-9230-D024A05E2B91<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>SecureUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>filePathFilter<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>EA50C70C-D0EB-41F6-9628-07064E665722<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>StringUtils<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>fileNameFilterExtLink<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.10\" language=\"java\">\n                <ruleid>5D94E993-C459-4F6A-B6CE-9A1891AAD498<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>.*<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>fn_xss<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.20\" language=\"java\">\n                <ruleid>D249DD01-343C-46DE-8AC8-C9D108D56F6A<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>XssUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>cleanXSS<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.20\" language=\"java\">\n                <ruleid>0F94075F-D0F5-41CD-A13A-76B2449A6075<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>XssUtil<\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>cleanXSSForFileName<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n            <dataflowcleanserule formatversion=\"16.20\" language=\"java\">\n                <ruleid>772D7DA1-C989-4E33-B298-1CD0D994AFCC<\/ruleid>\n                <notes><!--[CDATA[\uace0\uac1d\uc0ac \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \uc815\ud655\uc131 \uac1c\uc120\uc744 \uc704\ud574 \uace0\uac1d\uc0ac\uc758 \uc2dc\ud050\uc5b4 \uba54\uc368\ub4dc\ub97c \uc608\uc678\uc870\uce58 \ud558\ub294 MicroFocus Fortify SCA \ucee4\uc2a4\ud140 \ub8f0.]]--><\/notes>\n                <taintflags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION,+VALIDATED_PATH_MANIPULATION,+VALIDATED_HEADER_MANIPULATION<\/taintflags>\n                <functionidentifier>\n                    <namespacename>\n                        <pattern>.*<\/pattern>\n                    <\/namespacename>\n                    <classname>\n                        <pattern>XssUtil    <\/pattern>\n                    <\/classname>\n                    <functionname>\n                        <pattern>xssCheck<\/pattern>\n                    <\/functionname>\n                    <applyto implements=\"true\" overrides=\"true\" extends=\"true\">\n                <\/applyto><\/functionidentifier>\n                <outarguments>return<\/outarguments>\n            <\/dataflowcleanserule>\n        <\/ruledefinitions>\n    <\/rules>\n<\/rulepack><\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[66],"tags":[],"class_list":["post-983","post","type-post","status-publish","format-standard","hentry","category-computing_fortify"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=983"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/983\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}