From 5467f72bd78a3a62cc7dccdb1b17ea8c10a4e5bf Mon Sep 17 00:00:00 2001
From: yv1ing <me@yvling.cn>
Date: Mon, 10 Feb 2025 12:55:01 +0800
Subject: [PATCH] Abandon the Fortify rule base, update prompt words, and
 optimize the data structure of the items to be audited

---
 README.md                 |     6 +
 app/__init__.py           |     2 +-
 assets/img-01.png         |   Bin 66038 -> 123671 bytes
 assets/img-02.png         |   Bin 0 -> 61561 bytes
 audit/__init__.py         |   130 +-
 audit/prompt.py           |    42 +-
 audit/rules.py            | 10845 ------------------------------------
 rules/__init__.py         |     0
 rules/fortify/__init__.py |     0
 rules/fortify/fortify.py  |    44 -
 10 files changed, 115 insertions(+), 10954 deletions(-)
 create mode 100644 assets/img-02.png
 delete mode 100644 audit/rules.py
 delete mode 100644 rules/__init__.py
 delete mode 100644 rules/fortify/__init__.py
 delete mode 100644 rules/fortify/fortify.py
diff --git a/README.md b/README.md
index b675dc4..d9afc05 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,12 @@
 
 An automated code auditing tool powered by langchain.
 
+Tool interface:
+
 ![](assets/img-01.png)
 
+Result Export:
+
+![](assets/img-02.png)
+
 I welcome your suggestions for interesting tools :smile:
\ No newline at end of file
diff --git a/app/__init__.py b/app/__init__.py
index 753a2b9..d2f8043 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -44,5 +44,5 @@ def update_config(key, value):
 def audit_code(base_url, api_key, src_root, language, reasoning_model, embedding_model, process_output_callback,
                result_output_callback, event):
     audit = Audit(base_url, api_key, reasoning_model, embedding_model, process_output_callback, result_output_callback)
-    audit.load_source_files(src_root, language)
+    audit.build_directory_tree(src_root, language)
     audit.audit(event)
diff --git a/assets/img-01.png b/assets/img-01.png
index 308b03f1ff7d92f65dbb0e7683eef1dbd1c0f25a..dd71248b75325d9a74cef73ea872588f68305336 100644
GIT binary patch
literal 123671
zcmb@u1yoe;_b!f!81Mn4OOftI+Mv6;lxFB=hEkLck#3dl9BLR)kuG6iVCY6-KyqYY
z;2zY^{eACRzx%)cb=Q5@(ix72bN1Qqe)sb{d%wp>O?8EPx2bRA;o;p=Qk2!k!^3}u
zhj;z)t*gKhn$w5~;Df+T(Z~}IkMP^&pDW3ngfw_~5Ac*^pX&N$ZO;ZfnXIS(I8jg%
z$MI(qCvFT4s7o+%k7(7Jb-vTS!r4*t;h(#Xa$T}=X=TE1o|IZTRE>bX!{V+OMcsM)
z{>I}gvVM2DnL?A_-EMnLrMm-VJj&?5rFsK$rDzl?+#H$rC_~}&T3RzI%@MI7<lKQ<
zK3jO`uc%cU^!*qUdiCM3|2(EOy!&zB-Vd>1b|sd?OS?n+SEn}E?+YIVpLeQjJd8b%
z2?{PM(%fF!`=zdN1vmjy`i74O_`DqV>lA#zm%nv6LIQ3r|NZ_%3&J%K7w>wpRS}Fm
z%M3pMA*eThHq_YOlI{8L>1o@b<#R-MJ5FOa2%8$bmzKmNb8)6oMUS0sKb2r?{&P{h
zsIi`&2=wvL&=5MSgDB`{sB7Ss3DvX=?huiS+qT09ke+_JJ#juf-hQ$rqoTY&qQG#1
zouD^rI`V(jF&h~pyE7T2)C~I>2OX5S<Li0X$9Itqc4dc0wzg&E@mPij?MqTh!4}xh
zA;le?>woT9tt4LObZ{NG7lY~f$uMv$ovkhn;A4L{_&k*1Y{6V!owM|3CqvuWuz}1e
zj-uB!V0onde5<Ow@_bJ;H~55NKH$*z0=pWF`(e?J9e=-XX2Hu|LuIp=oj{XIWs#zg
zq63NH)ffYFrgW6ZZ#cWys|D~%tSNj=kzyoiXh^#4T4ZP7eR8I_qF!V-fz_b+W7y}=
z&Vi0W#h%%7zMaOlql(n?MFyUWvvpovhm5^gv+>=Dvz8YQFJ>%oo1)PS=f@)oDs2a7
znbY;)^CgT0Q~R%_{@_#5lLOa)qy6Ly7Dh;E+sV?a_CERo?COvsF>x~~Rb(>F6=Xdx
zqjrVxrBhm$ZR!RkA~RCU7$!1j5?CDrOR6?@cv=N{85v=cbCZBeeOK)bbm>Kdfx!Mf
zOc*6zW|nn*)vuHHkh9i#+4M5Z{qoM!xo13kTQX>mK-|Ib#jj3=_sonJ`@9z0zyb9$
z-{6CJ9IEkRr)>ULS6=Y1P_>6<Wo9`;X2z)Nd#$GE4ONviIH^*>R2&y*qj5YZ^~kJd
zUwydJY|0>;KaRd4uoY_)?@tSo_-h3lp)HevtO#=$r!6Js0^1%OY-7xe`k7pn6tF&R
zak|Wq$hbc}f4;|Q;lF~h2spVoYj3AWP+&+nd0U0ly^veu^QD+0DBxg;h)`7IOn$%!
z{(QU#*rToizFJ9K3_Yy72|;w1{PY3)P$_^vAu-!_AFI`HVF3j2W9@Juq8if|G48Aa
z`(><L*KBu_ZyU9NocMhtxCUh)4Tw4wn&RU<8qpNQx;;HEa%!sEl}n~(sQ20*<0T#i
zcWoU{2>FF<yf95Y00p0<#^bOP!S@qn&K{m*&Y$g7oo{k7Gq#@}<(}{J(hHkhY^V^l
zV^9}A4|9Xjpp9L56<)e`334D8RXH%!qv<lxoYt(v9#<?=l9AC@1vS@UcfLvx6H9S%
zy*F!rA(hg>UnTNAyGQY{_S{BEP{UGJ)sk-+L$K+Jx>NI#QT(bZ{qWTE1~Ju0<4i1X
zu>Rh5e|$6=f{=#oq3W`;>4Ej7&Q`ksZpQ9OBqUV(Nl5r^w7=^ir4hsb^GKG{fX{4@
z9m#6Er9Xe<G4s-$Ay<O2uI(p-xw0#Wi(R6Ef_OdM02~mq=fApFc7rfBN=ixs>A*AN
zl+I5q+T2nCxdXGdy-Za^D#=sF8R5Q+j}~FJ9GkOm4=FMtBYNya%hOwtPBXFDdCarp
zJP7Dl(3@c2@iA%QsM)>kDLr#y<WjBg%YL%eoI^qpNGvyr#d-M>Dr;ng)e+<q86mk-
z>i5z}7I@;5NaNf&^E>~zZqr^SJYeLb684*@c7^)=mQi5^=I+PYuE9saVrOX7kJ<S%
zti}ZvCWAZ2SOlG)<OW@Irjo5%Tx{3LoZ)=ijI|jz``TA2yWht_d>@h+wQ<H9_(>Y^
zBP0?mq_j+G0v-v~X2JHK&N<E8tF}gy&lD6M8zlTPGdMHoCmXgs8k{Rr@G-09g3|O8
z-27urb$Wx0(c?#9oExr^uvEnzD<tnlHzb$)EOl6JB|%}OpZ6%%B4BTI_8Y@4%Xw4(
z5mbSJ{e+?Ybls?=iQU-7(Dm(^av!q*i9gc##{v)t?clEmwN^pRNK7r~`H<p@QLY)m
ztJihzyTC%<^*b@|DD1D1$T2h43hjv<=4h2~E0<kc@08}qg!>w(p{p1V4j9RDj_x<i
z0!}6zo-aAJ@4grpkR$tJZphJ8!nbKBnN!s8WlFVv1A;2<3<n+8K?pdD-nw6Gbj&+4
z3{dWfUYr5Rd%S-kXisimvw!~5dyX=rKvenxGh(scA3twqNbauNKI6|SAV7jl1nu(3
zN<)rq;<bd2_cl`{<Yax|T#WCl<8(DecI-r-Jrd<;%|<rnIjg??CNKYWN}-C%C#V&R
z>Q?yb3j#Ui)uJE_zIr{eH1UuLvQ9G8>fU%8>F9YfFfAqzMdVoin2)!jE6EJ@99%J(
z$0DWF1-N5Ononsi4lRN~LAWy3wtX}Z3&^GQDTAT|Q1i>CuILtlexmJtFCXw_q7>L~
zYD65=s@YttE8HQ43d`rFq6zo>paqbnx?wKj3CIWhL@D~yPj@tQoAzaG5SYUDRW%=f
zabKf2OVlUVKvdy;wj#$Js=vm_%E|`2r>_wOE1svC<X&9H9Cm}^0yiH7{j{`2!Fqmj
zFn_Kj+jo8ry4YE5KkqY8_Hikl-U4R%<8aO(8OKn&Z(un8*0cO}+`WIV$@C~D6OC!V
z&^9`s&5KXbl|G4mAI|ay!YV*wo??2^c7mzQOpkXeVfnip@Ct>$HvRqOknE!#b&bD2
z;JqVyVfyzwo8uezzvq7_mTG8eX+Z!)=+9V@75SeO;=eAXIrbj};!(_<zbDJZ{ukf)
ze{nLzsfe{YeJDo?hS2$Qizmcl?n|=AU5ZS#I6)LWeY{;!k(&nnf=c3i2F1>++sjdk
z!NC`Q=nwE4avzI|SSKoX19u_QVu|RzFZc}GhxbLkT=RF>=Un-!rTed&qNx9SZ&V1z
z&>TzDo^*)$iqR5=`?94pLOwdzcS!2mwkWsQ%E}UKbE9Z9eZb<Mt{*#+a*%ZGCSw1X
zS{=Le#n#S~&m~|dNBANUr8>Vl@P6E{Y*r<JS7e1DDpJv@$HefAM`Q(h^Bg&hy(2S&
zBwRM;&9%51Da)9UCZjV=u1tB=9A09R`QlvF8S4gW*t=Ov%|sHZIW0frQdsuw9cN#W
z0*hUXz*4@l<u3UR^+p-;QU)!+rW&@wrXrg#2gKCqJjYgs>s*uEFVf$j6~eu+nWh`h
zaWwd)X@D>{r+sqG3kkY#7tbCV_?1^?B>*m6`<~`VDZvzOZa;~2a4`<3I_rtf9sAXx
z9mJF+6(*tzW@}nox!3GoyY^yueC94F+#UW(_9b8<I{ieJQS+nR6i9uJ^1yk7$dzFL
z6I<b%m0tP&y?na*rg@7KO|4ELPwxT<U*yHy+o>Mn*>g}YC<wzsTZ1@zT3F!jxfGN6
zkK^olS+$LAi}uB4N={JdlRqIy)EaihyLMUKH`9L62=u|Hwu8BDw&c4Dro7B*|81GE
zpKrso{}3JBWEk6yZ5O8X)d}l7U6cc{<Q8QY+cA3vRn6SjW^tDBUcw1+jbBge&!?K8
zc59x@qsBa$!b>@}gCbzQ3;H^DyB2B%@uI{ITl=4%tIcS=)&{Nil@apGc{Ex=3X*(T
zrqrfRTw#xwk1tqE<eTA!b~p2Zr|2M(b)x<~^^>E~OhWj}qkJFMZuN-V&3^{Fc8_uN
zySK9XghaNpK!eU+FC=O=nSp?oomYlLo#~l#$*c0b6^`Zww;7XHZ%+{wCXKge(&lek
zxRcZDPswiVHWxn|!qO1Vrya-ll-)R;Xju|WRoL7fl@N>?7&4_VF_8$eXP39UDWyX+
zMAPA*R3d2B#R4;5BSx(ABlKz;8@p?n>&RU=7QGA0tX&^`PY$x*3OK%bbpv{JKPwNm
zk=&BdFW5Z9*3E8+@rIA+)t*jzQ#lC1jBXp{gN=f+wij>1ZZ`-H%sbJcy3&g>d~Rr4
z?Bf_28J8-{TY|RLGR+zid4I<Ie)=cw9^R^@o0AWT)6pWJS>tF9Yu&c-j<#-VO+7um
zz{O2Mz3%aHnYN;EJGi_+r7M>n?^BI|Bf?G(8wVB=AoK(BXDCamBU~gWoz9=6OnsfL
zd#@!bdc<6ZQpcVh3<qNox#n>2c+1}Ac$o}tLj%wv2j2IfU-)*&dsSN+!VVEUM{8-#
zlA|YBW9aRq&t=`EG1}LSJyul>dTBIxH;9JXJscXTMra&b&$I>7Ti1N24{Pa1(82Hn
zYymqnw5Cc1Dwp2kC58D`$#D9kz*->Plsd_(>gIi=;CC0!%|f+1p7m0Bv_&68=L0vA
z3#>hU9WAbmT4sBxvnEcQxukD!IGEC!){Z$V%1InCu%@f3`^Fj8h6vg|9<?u-hn-Fy
zNeb4>BxI5Hs1dZXyA}-&f?o~vC(Lq9zgpZFO6ZE=t3t0J3S0Kx|G|<Ew}kE*Zn4ME
zm5Py#_i?1Lw@^%H4K3~~!N;CSPR>Y`d24$X?2+g0KYAfmm?@}9Bdy)0hickesHVTr
z?<O>J+R7m_=pK1~pp(!Pp(rUJ9Q?yRyuT1|=bC8y$uh&mV_L$@gqbpfs<4hlhKpa_
z^Ji<K6T)MKVeX=N#m}62Ko#BYR{IoK=)KdU!BvH?G;wRj(E}W>MCHXTj1NBg`r0JN
z2-&Xu>^ri8>AdRdoW`~dIXs$4pXFSRz&988`bIDn8oNervpISsNh&xRGpklLMs-jl
z-E#ph!V!DM93Sq`+F3(xGkO@^p`Jz-H%V%X{%UAm{tOB&akA)-x0=ln?$AA&vleI;
zGPH}!S{CJXx|-r-lNsc4QEgE#J1zg{mW!v@c7{!SfaT+KRi1l1g)f^M5{J_`eure!
z#jMsEqHWkm0>=7!P~8r<aq`@%RJ^*shZI`4z2nzqpYd!7!uXP=O!#Fz$Zpw%scn6e
z^2a}Dd?#43E6DF@{BqYLor9_ArR@wf8;HrbgWuFhffCczOC8<;*&#(w@3Zb(%jsuA
zcuF5&ZG!g9!smB=f6bEtITFN1ek?(2mz%}gdhX7ln4tr%_QD{%CuEFkx6QFVJ=di8
z%59q490|t9(+P5$wb`A)1q^$@lY2NQ*Sz6BQgU57ZA0F=Wda(V%1W4xjE>>rL9X8V
zG*totW26T7ob!c)4<t#y4>4EddO);FIc7hlD*NfF)C*thMx{PdsM}7EJB7Rww($*3
z{6q0E@u;1Kcn$9YJ0!B{q9{&DFE*!?m>7Qh`5NSV122_t-4dk1xuU{@Lfx#pe@x(8
z=%B6C?PZM6a?@T<l6^Zou#V1F-b0kOBl+3arWfrUTAur`j{s!d!oRxsGhx4aUessV
zI@Xs>KZvQd(zl<CrQz^nOyIATfCae{DbF<+D`+loL|gsihbbz2bDAV87^3gp&OJ6H
zN72UKb6*6fcS`pPkb`5v70M6z9x=LHKntF7k3kj+)KzeZbRJmvRvpAfjthvQo&wSN
z`fpA|ts=$FM)Rj_qicEB=lDqF4!RVfc37yF=Coj~*bU-@p@}Lp6Y%P&3(WBbzWHWr
zB?b7O-T?3P^whHJ=2C^jWeaRB58F?SNfnD!%~~qE(^92dT$s8zbW&q}1|nB`Mz{jU
zKF`&cj7z~Kx>pb)L)VLAf0LfiIClC|!}^6qF<;$a8x&7tR;90awljmMziCNf^X(rQ
zt7eS@h25C1K^MIHB0XG5r4t&$J{0CO6J84GRbs-EizM7f$jKQ1916q2i)1fKJcXv+
zjekcNvA@$G`P>smV#UCFr*v&K4VsLL<4c>)AK&<Y><);l*}md9Y}j5g!XmO#A?E*_
z#)659ah`~&O=iXW@lZ~>g+?iKI+)uCrB@4ENjrvnii>TN3+flDn!W$hNR$uFJul9$
zk&S<ayvMV_p6C+1n#s%@+w}lncIETW(S^BLX6CieKH<aL$=<T=rxsPebDF?%%ub=f
z%4ALH#tQbmaK%9h4efT4%JDiI<0GV?Dk02So^PmU?VFBZdrJ8>2RnPh(8h`zFr(en
zD)O5*Q!7ux6A>FSV2<5-9UhY~8tHddVK=g@;^s|3DUhp$08Qv3?jO2Vb+4_)WJ_lP
zWn|aT-$dJ-VbqLsm4Qz@Ry(-Wkl5%l5cur(y8e(h=rfU<l97R3%qtalaPbC!hYl4>
zb5qy*$tfj~2vMqriwXVCS{KG8t6U6X8)Vp`Zd(tnZ*i~fav!y2aprY7q@`|A&n~O-
z%^^?7cpk3p(7>aSm?e!HOWW+5F2CjUIHZhSiHYQGL+m|&kh(HhNEq<;$%-uFLUQ%|
z-cEGnz+|9P&opy~d^~h2?X)8(+*MVU>8Psb?$5RJgU_fsyVKLtJ7Q$$Y@O*7Cm5Qz
z(VDvJgUWPJTr>MCI7|jCwJhf#;r2&>eSTh0RJ8srk`y)lD4_?_hJiyEf*W9B$O3px
z`FXwb+WN;Deg_bYO}HpV*Nhld%eRBi5U{Z4w-0Sv|CNJc5?PUIoPOU8awa>5q{i8@
zT2B$>@*Io;EBL5y<aAxwji&DSt%(I?;}0_0F77zC%0MU2Ye}EyL^-P*mhGV=QCv}=
z;8NK?YTz?+YLm~UhMkGpa7BPeO>)vyW;}`fYVbc~9*anx(w`5+`Lbq`3?iJ*BBnfX
zRM6WZ9B8GWJlZ#q>0x(x!^NN6i?<-nKaF;Rv3c0527b0`x&eON(Im0^+08?+>|+aV
z;{Ev`jSHd~_#z?ow*)aG!&UI+A!GdZ;omYJ9^Q$hJ*r7cN=icN#_yTOyALCh{$*KI
zga<LDHX$109Qtz@Z{f>xt-q(>{V%$Pxa;rXkWccIf2(wO|2x_*)qo(KRJ9w<ncZLq
zE^OJI_1OJoQBk!!mkpp8=xsqfHVnmll@W&+%<kcR;Ed{PU@+JRd>a#0z=enRxufJ=
z0oT8(8t+5#e}8l17cXWe-%T(yxZFCWoBL?km13&R-4UdKeQb0sT5&R$-^-~dv&P0*
z(2N;!tq+Tp3`zQI9t1e)=Q|Y>RcaNrt*-62<-Tl%yr$@sGGn65L5D%B=W~ZooqyNX
zZWvjJR5pJ*itUX}6sFReYS8>DUpyG}0pE(Q?D}zv*We1)_zf~`QPqIJ-2%AilhLoG
zZT!w;CZ79Y$6qAwAKV0#MrK3W_&Go*az-Si#<plksSa#ddEN|Xw|;cS5ONoB$FC2M
z?R*vkq{YIk8Xrp0ZQsX^^+(0N8}@)8sA#6omeDbR*h)i^VbZ%;K@XpMG`(L3`>DUq
zWQCLocq`qska)MeHRO3(#awkVTXL`2t{5;aDakZt$T^c1@MH?jeg^S$hKBm3>@h*7
z`+GjjRGgG`^8B7b<9{0)Wk@3*KN5zM<|pr4d_-pAZw^d`-()#m*U?Q9`E8MaeAB-8
zyE6Vr2J(dJ_O(RP8&wdi=jP!ZqAXU@xL39OxhXgKMOYp_vJ>6bC{XkZPZ13=p0@tY
z_!A|%Cm56L!T|iS77#ld_0b>zLg5Y_0qffEnB&9AkY9DR?zk6%Dh4Jw)E7tXnbPk>
z|CtLMS|sWYYdx<Pedo7l);_=M=GE)=OVR%%;qvcavqT`7L!&!vh9o|KNHUxsuxn8k
zqS8>V$woWbo#JZg@Tz;aHy>D!d~Ir`zfmS7=sKv>!%_OK&-6RB!*c!Gfmhrc{~!sw
z<on%0!vjV7OGfHBlIde=zRI%;9}<kF#IjY@i$+zq#7(qw@l)TcgnEyPWjlTstB9`^
zGE8l7cBobd^6)6(%OJtFLeWtXM+L=urGe_1`N&Rz6|W+(#DGvkYjx4G^x3-yxun1Z
z;FeZ;6B{^<;NJ{PdMYPVYeIw#^431-UsxJd8n=Z{9kv}D9IREwK&y@(HXOPmP5X>f
zy_@xmoa`i~QRZXQSMavpgV;fOZq76Oxyv&<)it-&?w~3gOP`%2R1Z>PVX%Xkm*w6Q
zp2b_;(qQ&<RhHD7Tk><a*zm&!KdeC)FVe8(skD>;SATz8r{)_c<TDr%LE?90n7nuK
zv;+0_mMu@bS6fc0p=E&gsl{$<5I~ziiFWTjw#P#lVY!vC^O5&R&zee?y@pTsv>Sa=
zs!05F=7t{MI3+N#D+bU$$2Sa!8BE>ecN7r_1R8#mBe@kU`Y0qrnfz9+1pDB;hKW7+
zT4adm5%f&)G4W68PS^QB{shJAt&IKaEnzE)e&)fZ&WUU~sg)+}@uoR1fae}MK6RA9
zvplGv>l(ik1$|4x+m;Dt8o(-tLrm-1wtzLF-k10`g@{vzgoiE5q-Y|<TNJL{sBe-0
z@McZO0`$wJAY<I=<Dhb=m!^2hEnIeej&dV_U5|WX|LC)de3I8%EmZAFqL(QA6J5aC
z{t~BayScZ6GV$v1%PU%@?x*26l1US7ZSB#=FYD%g!urMvwodGB;o-S4+{u+VnO(Cb
zE_qBs*qR1bay9-KT0PJDvHYmuSX<C4y)@a}t@U*2EZtZIdVM~8aGsZfU512EHy{3N
zP~tFJ!)5Zm9-9~YCH=`al8AvYIazc3(DSGeCaD*&niIzFUGIFtn4oCi*%jm54=l9{
z3XIS;%VWMQRhC58{xT7{Ac3Xa4GVy?v85I!#VEQyodM(k_nf{h4{zJ(${eoVG$SLu
zMOU%YjJdioe?^a*L3Fu>97g5nKJy8}3N$Z1uYvamMs{g(;jae1;!iz8X83L0qfCd&
zZ~aX0NchQX{di0tvR2$^YC*U4{7rmPIBxD^8u<scSUTxi32uz2fxm!By2Gt5#yDWj
zNlfpiqVYnwt8Gy?0#PM;T4_Yk@u-NgoOB{+L51p_irBIvX+(-SjVP2{os72**)?c-
zjY6MBR1c?jnpM`c4G6!<03&MJ0sE}dN10k)B4xVhQA;y3JG*Rte3dK4{a>6|0RdTF
zR#qk$y@wn(^06j*=~90;rOiMBX)IWOx(Il3=aJZ*sEuf)%u;h~i%0^<qV#E3Es_WN
zW#8s}AYHR-(=QO}o|r-*VO>5rIpot&hYLax;<1@Ngt|{qbqVViVb!K;MF#7Rp{+#&
z=dncKiv~@wy&s~ZNj}AKc0qe;z2J-Z#`Zu^NBSz%zQnM21ceROq_P-nONq68?F1NW
zHpk~;tSg4QVJ#AxuaJU1&e&Usp(?ylRe@N$0AB$Tfqey^i{rQvgvG0H&_~RnUDM1H
zo+;g`hz9KIXF@Vu0_^9Gymx#qN{k6TRKaA#3Dxt9G>KD!2OXmY6Nip>sD`uO;t1!%
z?bbRJ`Z|KTVZ2l02DeV(DhhSCLpsA+<zH2gZHkU_KpM@;F3}ggyE_~#?gJ2%Sq8WZ
zhP;jzsJhMhfqRSJXPyWTcV%nqCIWaoc^hB`tm;|SC}Ns@pWdI58jb;0FDtDFS8b<d
za!!8AO!7$T?DITDq`+RZFK;IvEbd->g}C@WULfm#wNF&LcZu0}I}owdT5_P6wfktA
ztc&|W6l|yGX9{B!5a{#)Z_5LtsV+-|A>sNDRZ!gxb{s@0*E)KyHMjSv8YnGC0NOtq
zsPm%)|56q=hKDhnm(pd0h0qt!q_lJ2_JEsQ4#_ck)CK@0f5yK5_gZ(zZ}I>f_$*(Y
z1i0}D&;J`r6OTT;E`k6^s4w`k_dUrEcxiHj-HBGk=<-oe87e4z4!}+v4)=#yZHMIK
z<Yec3g}=O9;6L3stl3rmk9<ns5Wsy5VP}1O&BLk=h7@4diD+P#Fx$I}kr1GQ17AHK
zcxrBSx#?T%YO2cU1H49jr9t~DMCJHq(mnKSj8$q<lGosXSF+b&dET<>1lHDOA}Cfz
z=PIObtsdGAv{OE}6jYdS_fH)bl(c<Gu!H;O^4N&>xD*(CFx}GhJjFG>6iQv%GD`%Q
zh*QRq?Q+;~_L&RY0-5UrCTS~nW1w`YIFMW7e21AN@^dt!^G8|7j<fWsn5XsCRj%8=
zg*+f*|AY4+Elyp3DW2G7tq(oc=A-*}FF@J`$H=O2?;47e@e?2&^@X!lS;C2&(5jcb
z(9%l!QKe(~6S^r5A-K^=!q2lrJH&Gsiaw)YJMgoqI;k-*w?u8wjwZk%>6;AH;u5x8
zp@C~f+XXvm8YT$p3$j3X8LuZuS}Z{kC<_ABNhn{{@kjgA=F3PDZim1jb}hgHxP-~X
z-i=Z#m>_wovZd?t(t>szyrm$%azYAzYQCO}FjgWz(Fmw(0cPEa+4aE-UJ2Bb{Iedn
z18W21rcY*SEltlGc=!qm-6+N>&s>e!SD7+~dFJo6iTMMOanJa7V&~FX&&`tbe{ND(
zs9)It($937*?+Y74S<FcDZyOD>)&#dzb+7EmfSO@ocvXFG0QD>P~mGiX_`&%SE57i
zYNF$kT%s}|VKH&c;OAWJvLe6<v>!saEy?xxwitfgAnuEQ<NUI!KX<0decx0b7aH!y
zZgMtr4#JXxP#|aERQzG_D2_M7YC(+^NWZ&-`%f}tXpb{{8|OYUPdk|sC#-6?^Z?{m
ztp7DtCsjRO&7Q3BLg%4A5Qb`3-9%J+Uxz@Y4SWhh0bvP$MOAUjS!qJGG;;1i@(drM
zAl9~Bbl8+9UQw?=c-e9zZ!4RZDw$*^Sx<y>__q>m4s!Bcvw8`J&(yDXZ#P7$uKEu-
z0R>b{&6dEZJ^SXn5$TIaJB<=hVF*uirONT)C{H5EBq*m#HT76a!myNCi4q8#=aaeM
zFxBWLY{#N6cQTnk^kUdN9Z14+t)mWAHi$Ovv*jH{no_`D)K&J=dS>5QD342do8r7!
zJ=O)N;b~&+X;J4+`}#IXZH#iFvyUs1u{nga(ZUc2^zG_r9ZjO@$X{J;rz?ps6Ju$9
zg0I=`JOAq0p@q6zJ-3r7uc(kB1@D(%n0aOmC`^4_S64p3AVwKmU&(%k4IN|vrOG6S
ziceprJsiH(&X#*sANDcVrF=QEa_yPMk{U5HPc0j%gnDcbmM2diSuvzTEVzFR-o1=C
z#dR-Zf0NbYr3@V5UDhIr0v9)SxKQOKxl%8bk+DU7S2N!FQCMg!x-XB^CA!NB(7Jq2
zaR*66N_*fAY3>FG>auvceY*{1=3$n4S0uF;-7YdKwlDuAA-%Gz^9%E`;iFh=hnJ)p
zpm=Kiuh~A)BdWQ%Vn#qUf&`R6B3a5>&Br<`XI^?Sk0n?-LGyHD(x72JSuGD(3S?#n
z-Mdje`>fwbXp5RxY}P@l9_>?huZmJ<582PVT0HU&l#sRi4NX1`ED*U5-=~_Uu367h
z)C_j1ZM|#O9cM83UuY6r%Kcj^T`rTmiJHg`=P8w75WwHaru;xi`po9bVr52~wkN<o
zRh=hBO;nVXm3<gsE^D8W_uA0D(Z{kWBM4~)<jnM;ve}weorO^$&?|a46mzQxR@>(@
z2WmT1{f1^Zj&86P7NiE^Phd0+#R(}r=^plUY{r-)Q&0_@>*bdr*7eQ9wD4L7La*B=
zRfuPkLPb_qd(YhwXpV)@4mg=6So|86_Sdy2>k1nRN+b8W2k=+BIIvu+f*^@Uqc=MU
zn&X{-Dtec!_wbHo=Gzpsy#q*6?B{zMv@=X<P~ITs)A*zskXTZA?Cf}U@3A#g^q#2C
zxYPjcN6qWED`G)G(7`Tf!$j$8qbLr_ggMq>T3p*mj~_yIjScxvwJ6`kic#?7C|Jjw
zR!g+lj)*ByX*%F-tOQ?{^d?Yz--$OL_J22a+o%~{JZ{=U`z7p>qwbfcFjfoMU)P1k
z0rc?X`R5xk?dp%BqrEdVqqsmXP5jb<<o~>Tpo{Dz=s`ff<Z*N_jVMd-!;Mb&j-YwN
zX#(fx{<hC{2zhKK;5<`H$>VVq2oD|`qPrTt=IufS){X3L2~IECCjktZ^xrCug*EW!
zb}ZsLF&%3No2e)xlSy!V8m9p_^TS6)6Cd>mRM09!*E8?kE{z2$jze2(2bRhUvBWU6
z00Np!q{RM8R6vE@e(NjzirmU)Pzfv2c21I|MDndLSD@Fd;seb>9y8Ifdjk;>)4_n)
z+QBNQWcreWHUe-{&;kP<G*7vkVdd8QDx*yS2aS8S_r3WJT$6zo1=mp+fFK?Oxf1?)
z72J6)&n9<Ie+~q2$b6x>6*+9`<+7!Xbd=iq<Q=Pd>-WsvsDOJ`;r7)Y`|<)bxqq~$
z;qlH*^4^B%%e={0y~9_jrgfv62xlIix3=Q@{6-<w4|al&A|+C!;s{$Net;Gijgkpm
z`?96_;xS*VP}5|wl-5yc>!?E`d}UuHz0*__F{&^HVNu;sv2DC?wql7DF!Q7Ccr|fT
zE;tT79$&f{^M!+#CcZ(>CM?d=6Ob>dr+Sn(E|q*yLCw3=Co3&H{uvvo4uvYgj^EM2
z5Y4!Bxmoc}k2Rxlf8bG>DvDo!3v0bBYd)|fKy-z*#%+Ud&3z6yuvXI_@TN(rMamh!
z+WI89)e_4af+ja^$fKh~ZVuR1!O@ND29r@h!{&5DR2xxertWH)-~_vzV79BwKm#fG
z4*IAKz)pZ<0_6}Ms-ec~K=m$m$<m=5rxBpNOhcLg)KV9qUJj?-f(+;Qupy)6l}Z2O
zZPfXBP$u0}CZ(T1`{c})x7JmNZ}6dbjR}y(8AlNa&!umX+h~A8&QcsX;@3QM9kljz
zl%hJ87?M7TpO-p0PHaY|rO-=2lLC8c-UDfi=#{C8Q5k^u7~=jZ1A^_qy8R6DdBi@M
z;VD_@Ae`s2@BT#jA!z=kJmth^WqN=ddfhhalWvgGLHW2`Ol$0Nvpd`;P7v1*>U_Ng
z?8gf^Gvo(8CjB%!nvB2b1D)=xMj{6-O+fi9Q|Ph~6?K#I62Q5(f;y>yA1{Zcgw%f)
z&nzDq_5qi8kcz)aX7}d|yq^mni-BXm$Nm57&OJS6z7`V+YSSN(0iT!mCSBG=?%-kK
zAY6D(>@Ib9)!rVnRu#8_9{r!vX69Wy$!+Oh3!##b=E19<;S2P4@JynnfwQyEFovZ6
zpXIX#eaXq~ZJ<171U&31<qOm8dX$TuIo87$D3?+;dPU=BB1H3hYt-ZLVRhI6pSn*s
ze}1l;+q~V3UTyEb-DrgOovbN|%-x$-%4^RNiFRw4-q_B8(iBQiI*GK~V^*4MR8r0w
zo$;D127T=27M8xONtX5dRf~1g@z>@0=nVQ}27)Oq74BoB1TD*i?iO!`L=5<dcDJxd
zm`))NT^aW#yB*-R;YArYS<R5#vqKHh4$f0q$ldU+u~%Vn6!+~g<>KF~(}4+)<Dr+t
z?3H}ELJTxaU4S|%zjvslkp6;N0^ka3!IavT0pW6>Z8vEe3^qRv81dIy`97Iezu`Lu
z^suHLFy1Q_e^56&RK^?AE9MyyN9d^=$cHYZ`(6De6tb5Zdvy~;is$zMFcS89aPUiE
zk$P@JxzwQdkB|IEZ_CpA$4<cO8)Kq@aEJnNqrx-^kqA&z*U{4R9`upOp6z-)*$TIf
zz|V~Dwd_LEO$NPjcc1qwov{hXLQAjHXL;GosDRYvJZJTmzpT9=CU&5tgiX=Lh`M2J
z{QQ|l2UOCv^nlxr9*%9qgB%Iz#>tEJEIr}-ubWkcL$5TuW!?yJLb6pvM3@R$;ZHdu
z#`*mmm5J^ECF}0|vZrB!7ZJASCEG7EMP%blb~?u_zQ+(@E!G^>y`4AxuRIxX^Hx=l
zQd9^(wyP^Q+}a+O>>oq9tdEaX7`Mw!jEzMM<RU}i;e=-1;=|cd>OM|re>_YKA5T<n
zbE&ua{Sq-UsnQ=$O^FS<Ep-lRKG@ZEjPvn17!lZ=RSb;tJLD_nH(m?DH<R>J?_!~`
zg$)bSIcKzpi-@84fSPt2Sdqs(fJ1|&vbmB>>Yp#p<ai#6Z;7~o)~n?Ke_(r=)%V#M
z+8JTC?xeiLYdkf9${1kgvZB4|^x`_r?K8yf5MRgnOEUPwOxdmQem<y~*&4lYv^`_r
z`kp3k$s+?e6ueq|9P_$P4TzeX4wT>N!4b*_HS7s2r&&{1q@J}x?XJymer=jG+7Mle
zMy}Hj$RuV*m1_AOxSgzguCzR;DY0@sIH2MVx0AR@UCZ!GP3{3<Y{|8IT{VvCa=;!C
zWXc+%)BpSpJ|3n3wTL*N==85y)Ag$TGCuNvvCe?Euhlf^xz)*1g^#E#u!1eSvEfyR
zPNp?HzFS*zvRM?X-#<P_)*D~Ck%O`3kmIE<*Vamgjv30K{iT1gp)6911s`vRW>q6_
zX3a^OEPI>pBFW~|t{hma)14VQTHc?TKP9)OqkY7uV@#|h1&(xe5ZyX2;k+~|I$IGG
zh|Mq~*Krfbrza0@Ex)uY@VLD{-W7{qlmmXDZLObB_@%f0eG{X=G+L5k+wq5+(b6@f
z5dX54g+X`z)W=mh!_u^hlYjW}W`?P6>Owgu>Gr&uV%WAn^6Sxkx7c)Z$$p^+Jk&ex
z3HV-GgiSNZXnx4YB8lJo!$YV;g9%TLw3#QzCW+0t*K{j6@Apt5<3*FpE59%ZNR{9Y
z!A~uFVJWcbB27-f;ZWeNvp1fhW0xx)xb&&*E7XxvbNrQGH3~%=P1u*z6yMivTlB-a
zJ9}p>&Bv8qh{(==^9%JfRMPUwHq+N8Hj?yRJ{3;||IN3A34YtlMSW(d$XnrEx`Eu8
zIk#V^kxs8{T>Ttq)o?mF)_qWvT|^XHQY!udz9UMWz5RXZN{X-e{gBIS(eLd#rrkJd
z;qGHxmSfq`Q$VLVUU}&E)EJs^7+L^scjLWGII6s{CY7cGzoL`L?a}t{;({m0oPZf{
z5}(M5Dox}`N9W|WPm1s|9u4+AOm8>bm4wHYE@AJ7WCM*8xurOPi?KVEv=TJt{}dtE
z838L345ywquYtT}k&2|(Lc&M3$D<E4VoOqPJ?VHNgf!ii<i5;$SM<z=?PqMSJP0j2
zV=r;&3*wqko%Qg~a8#G^)(u>AJkTTdf8k+iP~F^>O(w1w94Cs~FjFCMiOUc*5IxAk
z`;hiSgH~}ZR+}kV#ZoB`TG4E2y+)t-MM)$7#7dAxR4u1;`IzWA-t^`2ekSR+v-C0V
znixj(Zn4#p6YQ5e7Y}SdM#n9Ka`z41&uaVcSE1ND4CYOnPB1@v)ofh}>xOBR6l}=O
z4FIDjg<)6pTC#`Mbga~LigLvr&)f$TXQS}r)r93(X{?V+n_w*c;hCX3MfoND$zpK@
zwa#k@7;+ui({<zLyL32s@B5u=jCDrLpGDuP@CCQbiRtMG%CxsRnSN0Gr>k=afTt~J
zr?WcNge9+L4eKJ7+zeKeBf70jnki$pD;a3db(CWP<m>|Y&yP>_EPf#A-QGR7+5~r$
z0}lKw-|^&7*E4Y1f!JYdh)p|lkIALuvt{{-A>sok=pR6&$6L8OxE07W%8T%Xghvy1
zlJ%y>!fw{JstuO>$Y&i5DDUm*a;8jkdgte+Q*_sf3dkTY<nM|O*AW1T3+QB{-6Dll
zO93FzKvC!^a?+$MZKkQNp3G^j`G@m{ghw3zV?1?-A!Z^TK!~G>^UYmp(uC-gf|?^D
zTjR0IK+G51%@r>CRJu7TYSb@CPpyORv#}WZ+zRkX2jI?9VYSrsSXe)T>8PvX*LOpM
zYE((`B-}nVmXjiz0?pWp=N6m^2lMNNu_%bRIC6uO?_e%3!ZJ>{l}Fg;R(G&;_Oa#)
z+;y;|xZ%+wZKsoGn><lZfU=`u9l$_N<}huI_v)^M;7|T(k2?9f126;mCPj|daKF)L
zTL>=e5}JQ;&pGovK+f6JsX`KC$XWY$52WS*_00jWWmkvIH25&U`@t*c{r}yz$+zTs
z0DU29@S+D=a?1eOF$stKOLp$v2LBfWE7JTw?lk=GTZI3)Eit|VwX}_@o8}|>%hdcH
zXFqml3=ReOCF6bv!?~Lv%kM3Iz&|S<B<7x34~pE^`+M&HpRVVBm~cF)u3>3Xe%Laf
z+f&yL)?m_I6>2NV)9GGq)`XNen|OO|KJ(YHz)^?Si$ou*cM{65c2{v-6bt8B)%&(S
zKjsXyanPxlBPG!5gmg=IXtXd-P8qa|Z>q#nq3MVqg54BGbVp|CE|Qdv7K3|_9)lUx
z(CV2$mF@S4`YQjmX++Fd!SoxM?y&=ZhyAW!w=;-Ih)kqnM=Xt#K4XqEI5hyGv;2d!
zKTaj(h`l0k!%W~&&gQ3KPtS)(xG0#6Ra?X2(74uoa!{Q~e^7x2*U0D|0kH#$;XX0D
zGZ9oC(hVtqR+*2DuxkWAlb|brkDYNW-KN&@K8A9v<&VqFyZiT(fXD*}Li5`8%pK5)
z&2a<?k$d$|oPn!Vl}mYP1{eg?7LB%AZ+_Z+=D<cK0qBp*q4`ZDEq3}7>pRE2?iBJ=
zZ@YSozFfYZdsL5d)v2<pzfV+gM2lb0v;3A1JSWG--6iuyY&P&66B@Bcc6y2>B*c+J
z%^fyT&Jj9hhs{vUDspb`8_A`*eg<ZTX8#CUI}LW}DY(8}W>hcP1qrjxk*G>^m;bC+
zyIIp6D0n2-e!T$w5eIK;Hc$94YMh%9yivTH>R~7mJ$kGOf|Va0R~hGx?+{G?`~DA`
z0LD=F3u-REK3aC2#id9Di4msS>lJW~&Wf*44wV1k=6%>SHMwk@##5}a15aOGNyuA!
z5;i_^5Si0>jPiBYf1AW%wY*vE$`5O2uF{XOckQxM(8%BLPl$|j7i|B<J>6`mB4us8
zy!p_ITTpz2G+^fht6h|mCb?K#83%)4I6t!Fy-M>(P<507@pW(kh@juYXNG*D%Zxxn
z(WZJ#`y*6Wc5KAr*g!fjsmdD3-80J!swx*Aq8?x?H6*b*y0ZIGvz&e+CD|MkHE}D)
zHWi^a7%IOWz)zg;HV8z84_H*f%e46;2`2N9ky{EPy8@rvJ0}QqE!JQXUzfI^);bom
zDVPYfd6v&?KlUPGsCjl5^p-biA!}NSLO14Y>1`&md~P!*Huths0E`fHb@GcDAihpX
zxlfa0u225RvYVnJNLKPH_|DS+If$)mh{?Fg$hf(*cP^_^&E*)_IQh*lE~B-qUmM%1
zs49TZUq-Ilv<z&aynU0d(W*?FH?Pg2&*XTQ6wx(&>lgLYOD;{3Q0fDUoW}+#!(}1e
zQe95YRtW8O4J}z~=5mHer@tGx7uss|UYL51tT(eu;gd-nmL%JeB_z+q$!b{Vsxb-L
zQB1>|yHOv;N0vn?WI5zEV|}Ah<1Y+jXMJ>OhooZaIPMeAza9O)I6emYHr9Ets25pj
zs1wL7M^;)JuEaZJ*&nc)F$kL&8!5T7MgcdjRP-)U0f6q0BX&ehNV>+iY8q_U$4c`W
zS(qN?xYq@RbXOe9W=t)M!6pgQJhSeFd*?+XV(~+h4ZecvP0Y;Q{0``u!Ha8O-<)6N
z$Gkb_sU7W`ZVVue)3pgb{B(P7RklF1BEZd<zS7L-CJoh*=ip$CthZdUECnk^KQ_ze
zVS%!>u!cF`9~(lJYHt9OF><h%Vk!Rw$>jx#RCg>ed#<N$L?@L~6m3oPqn=@%er)&7
zxJtcmh3!akWJ+yYtJ<Npx%Y_g$HR&!lN=jj_KJT>BDTvYBLCzwg!W#F|4g!ZV}GWU
zz1PqzabrMZ8{c5^F;YM+!24q@*Qr7Tugdb`=#RI4fMq|}yYM-IuoA;~q>mb;jQ`EV
zPxw($d^`Kkj1%;^>5k}ICU<5N7V^w{pUTRb!7E%<4>Og%aGydiGMI_uFtoZ@eaNgq
zzTGf-IeIu;xr3B&cQN^3DWLyW6X07HjHDe6^$=Sc4LUoD&c)HUG7d{VC~_32c2q0A
z2^(!+uy;^un%z|~UY$?=`KANnw|Dj?k6)W(r1^jh|M`&s*nH(AkT`umHl=Xl?C<<(
zT8ps8n6wY?YuDCF7YIwRrR)C?sWUj|DQJLr($3144sE|-CU?R)ar4rs55H0q_B=a%
z<N;f6mR<+)8IB-fGbdCXWC8f`i*|=-?Gj9r8XVNQZjMXPC;SvJgl=Q!K0RIHTx3Ys
z3pC(Sm6*RxMynX;IyB2b;eJC-_Aos{QKee%lo%UR+O|WOkb>)59G@O92wyH6JuroF
zVZYjZ?BJBf4Bl|Rk-g*;TshK6={&5w{jc?s$|R9zyrb{y?1s;OhRf8uj4&KGLMnsp
zHc0FISO4ATb3ZTlY=sqQe)Y`TK0-Aeo!+;Z53{ZBjPiN;CxY;*U;HoIjsE#JyhA=U
zh*dr2^eHiTg#w|f4wECx53%}0;iUt$Et@~a-2HjRa`w(^fJDH%T2bgzRGg<n(U*y}
z9-=54%`AzQ9v-~mxj;VgO?GB<qR^#ETzu6iNPdH}Us8Fu?;udm!8y-!$1S~J74T&s
zLBsL53AI;*+2GP|;6jl)=}KS`Q4bppVSmGk?HLWhvMqdxYf56y9iqWRhNt#ctqekF
z`}S$<i&60E?t7@Hlrab6XsyLw<%(aYkx}mG6f2{aN~<2zlmwZClS4`6oVv`9w+`zj
zAIp2oI1xZ_i3bJhEuU~oi%~lAlKsY@%T*yXX28N27+B%~ADI(#k1{hn32Z!q{06^S
z*yfH|@9kaNtcfpL^M0;Q!|3y|s*%OGt=v+K?A-h1oXk6n++Xwy%*V9GsT*UD<H9}T
z3IBNd1Dg{cje&**nYULTBG=x*-N;uS;;JWWOeSUSU(h(iGp}PNDf3X<Op^iz*Lzsd
zHwn-NSnW1<B33|-eam}(YEmpRLN_I25oNzy5!INHWhB--az~Uicq}7F(`1TXoUN_X
z9!5W*KX2kJX=*c|rZG!qM4)1ni_Dv%J{mf+380Xb%@4BRlN2sZflfCH63qhsGG_+3
zLmf7+TzBT3wp<hWA7h*1XRVw~?I4Mt>W}>q05+zxSK7>xH`AF6ZZ?X8O`W&h$tG=L
zujEDJl23PQ1fJCU&Y+u{`S#kTrFM?FOD`ARumiq#gUrNZT)&ncsEH)UO_!3?H$}oF
zd_7>tz427};#q4)V{ueOxoH|tpfnl8I|-DV$JxkPZ|G)}D;!qFgFTF!`k?pl(X|PW
zB@uwHG@|$c$l`I`;0Ll3CQ0N4;7K(7ZrVEla2s9uc?3rIcYL-kwt5U4{?_!KxKA!k
zHE}Kyl-x~mB&b8gf}z*F4^wf;!)&XZxEsE`Q<+nv(+NK!xBF?ko~clYv~|uR^VDN7
z(GdVMt4N3{xwEPkSP5{VBR_?g5A#;vCLg!e+V7r{F8zo!Q4w!?tz0G?RvtH(VW_Cu
z<f?p>qgd=^q?|j^&`pxOx;7xV#o;$2dZYm$Wt)K2P+U%rU_U*mzey|T%Lu81cHjEU
zPP1kHVSs|9^FPFU1Ie7Ho70&|K4`;A%i>b=(xhWanSb9<TdMm{*p)>6C+s$3E&<3m
zM{7Ts?jK;%=wSl}G``+mQ;YW^Wep1Unl){eE?rhJ(lx#@U751^rYYt<Awb`nnnq2`
ze`x4pXzxO+j<Nc3vg9ttpURd=ZN+XJgtq*U;BigQ<xTT6r#r$4=uH~bTDY?;%@naQ
zG9HzXkfw-XD#tJY@*nv?>xELn6ev1yqJpGu2T8tvlZ)ov296kDA|*u&)<1meR#lmP
zUV&z`-7i<0;k!iVjB!jMDYs1D0ZH}Yqi-b5zLh)%DNq`*x($L>MqnW!k7c;}O!Pd?
zQcEg^YUPb$qVv^RTNoXZUvob-M04>_uKFUr!W>XdH*(@4A^_HI(Aw7qmU;%C+A@)%
z<$w$~8q!ZqOt3PN#41@8aHSgfcX)nM>!N=AFJ)b6V2Yv1_ViVhFS!yc4hB6VS)vl{
zC-a+e1bCBFPMu2IWr)|ZYP;#p{POrTYLa1Pmu}EC>q6{)gDfFU7n8p!cA5EP^V>?z
z^c4``<P?Lhj*-BlHQG(gQEwJ+VKAi1w^b(jeDlYKJ68n%t5#IgTWtf^#-yXwNX@e7
z7wiXpgEk4+w!o1&_dJ$R`o|49EPuQg^0NNFz`bXj%WFERbdWmRGnY5^O=(uGI9O7H
zqJ~COmWevfK$M<Ks6ZFUAB$Kmiy_=mV8v6a-898-V=>|cCu0yZx^)Vo2?H@3?=g&u
ze_5|F<oKiw>9a+g=ZWj@S_j^v90xegs#?RYo6fvW!IGGgTrtA@oE(rW7wDX*(1Mq=
z0|yJhE~-EOFF<`;mEOi9n!g~^ROKW`>FfWLMZ8N#srWL~&rWhqV3RxCq(-r`DKjYO
z#+Y2Lf^&?}YVQn?5`BAum}@r=29)Bt4lQchmdcsa@=S1TmVPq`lhVW9{ns5^_akWn
z%P_P<X>wc-UnYgHvC)W*>{9KzqH>qv)@8eDtQ^6*0Jz5y7<^}WhAw_=IKGo)zf<?`
ztZx5B_Nkgf$Lg^9XN~FbeP4FyY#G@ww>?<?Zljd%af!INciS`GRvK+ty6lW0p3-;E
z11&(+KpG==KvfM2qRH$S89CuQ7*<(XS}9`Sl}aQ<Els}>nR52#=KgEW;_ZGau)aYd
zg{cfl#nKz7k%PZYYX=>LQZ(B3{+aN8FrAct@V}i1iE^fdo`We~;)MSR*MQiOSYq^l
z6eIC0m(pG7?}EWZ{@>&EarGPbak*UJRg7SxjU(>TsqP<H5>PW);Q97rE7!0YNCO7X
zf(e1w02cei19>ugOIU{HLQvj>?no_m^O{n<!Ku@1)BAB>N8R!Gf;jafV^(;ezCz&g
zhK%AOWH<SI`nVEc;}hQ4kvX75R*9o7DvVQah8Q5n|FROcvETZ&5i&!Ki#d*i4K5T$
z2wzWUjY+=Lt>y5|PrQ%%P_UP(Tx9fWmkO%3dYbwixPL6H!$uh!J(YzX);+$^W_T#R
zZWP2aX6`6+0U%uH>1IJWFB_fwtzkg0vEf5X&7KzMZE%vh-$>SHt}SY@Y5!C&52mFG
zwg1=~7b)9rH-l~)ZT}FMMy=P6O+s2m*Izdwvk8uFdfgX@n`;mTUO$CQVDa;K=y!c7
z+yCy@{>g{x;T)39w`nI=(@`jr#6|vhDi&lBh`hDAbOP|d*DaIiiregZUFVmq#l|&#
zER|i^sOnTdPAL^o<|$QxB1ImL@vqI$?Tx7q`?a65@8o=!eteE2KA8_EVH8+wLygw0
zAHU&JjnT*#_B@mocwMna*eG2tqV64kp0}X@L?WBb$Xv<fVxiCaCLn0{_4&g=h~WCy
zn6>t{%^$kmXer`?zVvklRe+hdjCofb3@ZWC%_Wm4A)j^eO|<Oy%Njr{%r5kWX=oi>
z$$=trNNq;lxqKHS@W~B;bTI~#WNgeEBp{L;t>Qs10C5hwOKG-UHB)7cf6ny@zD!5z
zV8SvZIyemE<2GzyRIO`l9ofnJ`9!k${N|!23ev_&Iu2p{$WatQ{053%yv=dC36v4u
zj%r$@1B=Y`bR@^((0{B;Q3nQupOo}NMpF5ONx?Q+Cn;LNXK?v^zpr$u<Ocm2I$X;B
zRSTOCL}Utsu$Y`|A0g(k<YICgSlb2Yn_i9%sWA76T9TZ1eU>FDd=j&Mnw**+;?8T^
z_o)g33fdQVj37EDU<neb1YyQ%APFkx;&_0H&Fcv3w_t!QhUHl7(WN#%)7y)A;_T(#
zGO8!#j<D)_ee|H5lQM~ryKI84Y6qp`0F>hxNi59XeS2+JX<8F+AbttTf?~b}6YwRy
z<MDpw-EYdah#y(7=dU*k9tvbq7U|E{71df)@M(wX6lL93iqEZ@oPUf9x_F)9$$gna
zwC@4y$RH(nY|5YtI-`RMM)<h8pbXr+{lBaVw><8r6M&aS<;!)(nmWXv+NxBKgEk~C
zh0O!TlDqC&6oEOJ*oF^c=>Ucg5)eyOyIh>M?&i21%4YOAPp!+ib2=+me$XZ}DN_Mj
z><<qFe)Df-^jJ*UF7;(JkS1Y{Qr4>ecrgV3vwqu>695J0vi;`+AI!am1ko{*-Dw_P
zy>J6MxbVpSfUVv`dx8cI<+4xp98V2~<nM?|(e3p`X_w5AY8jIi2u}k1$DR%|KCvqZ
zS`M31@f_<iqm#-luJk#)t}=|NOk1|UP#GVN<vET%IH}j+-0G*Pgp#4@cHiNq7F;96
zU!a28mOcc1mmjxE!kGPNXLf~h^qr?fVrF;9szytJCBCxuw!ATl`>-kl5>Ii+!wcIg
ztDGA`&1tr45VX`YaNst1`%I>G8`^D_aC5~G<#F`wMh>P5b?%O(<9i22Iu*O1*u%%b
zVt#r5!O*-kCbH_VrAk$lUbmJ<$0yZvf;n{1#zX(@>&nQ3=+ZsWyEsGA-EcV7<&L|{
zL4V66Ire`tm-W#M?`KD!6V+yfFKG)k+W+ioEg?5m2Fmy~HawEB4q2g#(X|mmfTl92
z5^z4KCWk#(ZQG%>i5)~oQTCH3E_o<ty0oeES>Pq4NTu8+>I%>YOE48%TZ1zq)8ld?
zYD$7~Kdp!z0QxnLRohl|AwA{Xq|3+X9jA-nqZY8<xW-wtPm%pNk&A)ucyvTkib0>3
zlisLR;<yxcZk>h>;Q%T3FO-*t;>hm1r|3uFRE7l<dX}8#Co2C3Z*LtI_1d=kyIf*`
zinN5HbR!^L3mv+oV`wCYZWux&q>&mLl<uL14yC&px|<=S8}=8MuH_T&^X~Vz_x{a4
z9LF4r-?-yC&+~KLGM!F}Y~`~IUxw^Vtko80#(A9cWx}A_5^!FougH&@pZLFz8<rxa
ziO$8m8G`$v&`J3z+rr*+>hOS2h4?><>DjNvl)4%hLfgvm1o6SsaUZ>x(Ddf5bNRzE
z4xM_KPHqP=9d;&(JzvX~LDBcKW~31)JwmY^_j7AAK!Ogb(%sTWjG9PB@`B@^@;b!J
zRzoGB52M?y8BNuZnWcwoqItzlIQh?Ki|g8Q;Ew5aa0Xd>zk^Qq=kZOPCaYb}%a_#8
z$;kX;=niDCu-IWAJ6JRQY&Y370XKCm8dwCC;43=ZrPo^<^{zL-tVaX%fPd4bDOS8h
zA1XrN`riH|RNsB*#K%=qeZo&_dC!nfv5se*_$aslnBraQzqRP^N^kbKYTDeVA;W&q
znoHct!SaRuT2_QsPc5iZBB77AtwPVH=`l=<OmUUoL@KAlrPg!1vNTFL?VEfq=}(Q0
zhO+3e6WQuQs`)tysHSDzhKW{RcU4Z=R+4^V-YcUxWnM+Y8R`e)I80FTlt=Z>uGH5V
ze1JB^w0HQpuW@VWJX{0Hi`12TU^&gAAH--WOr<BAH?s`b=fa0!&>j?ut0&#_dB`E7
zZGB`o%v=_Rs#=7=s-%EwXaY(W#(yOUwcH-BIov!8xmeh@ff996yjOI854|GuvtEdg
zyoqN~Dir_~w;tnU;1Wyk@)bT@#$TRpaLTrR9@24~!Sb-JvsN5vQo&}p_<iCO)8g|H
zXFacMQf(cnJlAf5eh~L^;d@cvmb5KxIf~Vg`VWWmpR2LsX_|jj0Kn8ahBw^Hv7QQb
zPT~E{Uj<fGCt!UMIqBF5+FIe&d|96DYIkm1g?=}lE-lx3EJybd-f&h=i8S7-2ae=b
zavj-D2Wy!`%1L_kauABe3wGwL8M@9iR%L)DT0VyHx%V;jiF$KxdGWU<YY>S2M4o~d
zI>p<)@z(6_J>^p)V}CAVOHF6>x`-JfEd$4VGGt9)kX_kq1uYhq(rq;AHUnMwm^!C>
z)0q2<@O}XWUlP&z*+bXOz7#h#pv#-ew#7M7T-7CVQ$*jvaF`xMF%U!SP~+)!aHspn
z76jbjJM91uwR~li==n}7Y5m0^_&k7np~V0KkDOn##@*U<jsDPQZaySfE$7S{HCHjF
z>@2uK|8Sgc+q6N!QO11`Y};ZFle3(><MMK#7NYNMtKihzRvq_^fdBH?Sjs*Cd+>9W
zM}*2%YPGx3Ar$FuboGvTuFtIqA-Ay5>Ug2}6IcPRMDG%444?71a=VD(AFN0;SmuIT
zzO#Jn;!kyVZ)ovJ^1)X5KAK?k!WPEB&(kn~8>pw7NV7gN$@$Xy^zcgA72N1fm$%<*
ztJ~&`IWh9F@q$SQXp8#!`BIkfiIeHr0(f39_cE+!jVwn#Q5JdR{(oP_jhPUSbF-fj
z%%6WTZ(%#U1wn9=lkGyAL|AonTGF;fc*Nh&%$&m5q96XYhpYLXyMOz06&#VcCl91d
zyTTt^(oLg|g+=FlHRg@d#zGpprO3d<w9P5?&&xOhPRyxEd?a}|+@^-Tb@f8)_%m4d
z%a~pNek(V=@En@teB_>Iu>B(<)k-1J&(Cx>|2fNv9(D;*w!H?z?A?Om69Cl|$H~lL
z8JP_ilK2pZ+%X>(jP4%x&fIE_GN6?4(Mu;KnA9FW2yViTEoo`Rl$0h)mF4C?Bt9al
zVQ8lfj_`TLKnH;)jgM#bYhq!oH5NE#vuwzVCrxH4S7+aE?Jn!!MPGTD&m$Wm&wx(i
zmwlg?2P^C`+F#f^@N{P0@k18^RAA~E&oF2MqK@M;b{zyvzzkU2=tpS@OO(wU!m`vk
z=IoT)Q#rayUPqeJPN&8&e`c_<+T1jH5L2!)?;)g^Eju~>q46zoCH33l6XAT7Vd%1Q
zw(N88efF}`Q6hfhB}HW(i75_W&7F?ojtth*n(8oB6`V^zg+DxfVP-ybd_1=~vX*hq
z7c!`eM2ajJPRQ4a#jtyM$o+itz|U`c+~54zl&gv;$ZRv}MG2e_sKh*@;>ivKH0KqD
z5e0`j<%=EX&bhS2x8eeUM~L7+;p40OHsu)Cu6L%Kn@RKq5l1s3qz+#>eG*OWh+~^8
zF%=7XJNfnlv!JrAo34a^!ZZ3Q)e(%(y5&@y*eIIGH<=*zt=3O&M}$gi>vdlxvFYax
zalQ%^4g{~)&Ucd4x{WuHvd8}L)UL1e%Oy!n%ak`8a!v1x6Iw|xV?FqN{>5<Zv2G&w
zRDR~$>EHsI#3;V8kDg1zW$DZH29Q(%ECcyk_7h}<18{8DKrT$v1+QAyjfoxC@Q=>Q
zy2bM-P%za^2z_zQx(QRVDNd2yN@*OYp%K8M(E}GNubMy%$@yf&(-p^7@Y?JBdcTgG
zg3J+A8q}GmDHBBZeW3Y_h<r(~esU_<ymXbAApeZ*;~#J78mCW`P|o9t(5Uf6&aYX`
zVDl!b+ryKU12nY+a^(Rvr~)cJx5;v)X|{#kl(QTHvE24(0?ji%OSz&YZkOQ1#fN@~
z-ETz9W<^#iI7wA|`#HZ1|4~nc3~Np4n037j8Ds)`(wM&-6&rL}>1*V?qxq&ZfrqLn
zT|!V?3h)lt_Bgc5Z%1aeC}qPnq!-KYoMt|+4475cYjm4P+r1M_*Jh8H&QYdEY{e$c
zYf#uG>Z-?f2}jGHG!>gh`O~a4!EZVt__;%QC}KJa9o->nTC8qEZyrnL6a5~IV%&1d
zm{DtwAokCnNh07-YKwS7mEwGq&u#+F1E!@6{C-}U1aPAV-8tLxZahz&+U-Q=G9=if
zyfV^bI|^S5_38oZqw?qVNtE@n=8?dgO+<-bZ!tp7ORPtRJYY9}KFVN`3aq&~cc9nD
z5&pH(eXgwRQ)?lqU%lxsBiCU;(L@9K{H2z79papBsL(T8n=d}Xkuf3stl-1hZVmQ!
zd6rezQ-A!|B*)DAJumVO^4f>b`+=1K(MhnhdA{YVHSO1ioSp_>1?6|HIf^Gm`mf5k
zL;VOAfsu|zUq7LkO_Y;rH7JtT_*y44)y`NaJya9}T~czFqM~Vp5ppq49?`<nz2=XR
z`w3DY-L!k~)oFA#i)tpP8Bq=lzK@d{_dtpfSF}Zo_O(ue@Ldq7YYdJ5!;=?HxzD`R
z>LMhAi&A$Zsk;eLl)aW9tw1j&9oMacTkK;hZc}vpMutTLm_=u>awe((PTLl1%j^yV
zOW+sS^EMtWV!5ISdL-=IweD)XX#`iW|MFaLZNpy{T*Y|suIR9BN@pr<++Z=aD&yNZ
z#aonBqwdqNTeB&ab|xnl#AY;*e{)e)L^MKbho`)tmCMOcIlgBq^N^5JWb&m!PN0fb
z><jvf3NhS8)?Llmr#0tBYKZY1co9)2=BZElCCZ<k<{=z5V)tP*<Xqq$M9kFAmXaaV
zM7B)ii~`ps9FEzfyWJc`LB-y3HjES@DbH!ob|9^+i2F8_-swMVSi6kbT0;8wm7fP6
zx9$j6saw)Ml+Rb!lzxmJ*D1jX8$R^7jhCY-lSk~Y$(jDgGpsOfEu{Jqc@iky(U*jC
zvEuoNngwsGhTRI@&OE}hg}H}kI~s=__TkAJQPtz_N5`fy6)&U27HZBG>z761HluuQ
zZ*yp^oW49ACVsR!U!kVq%(9eGv3}^qm(8uv6@!S7T)#{=Umbb#OqbZMl@!AKw2Hn+
zjp-w-!Wd#H<Yw1@@Z>&I(voQd!%KK(wED;xZho%GL#(2KZV*$q;3Q*dHR)dXxvGJG
zn?q7y&evaNuxjr=)=d__)=iwspzslxoivi!EaziEi$SihP-G5AFuT$-=yN;R{HOd~
z10P}&VAfHBiP@{t?F4Vt37n9y-wG)InqEjXlwi$o*k>aMN6DGcfy?t|S2>{1_X+jk
zzZZ`}%8(Cw=oKst=KL3GhP6&|YB>lP_&Xd@S$Ip<U0o$urF)Dh&HTmmEk<{=ZoBtH
zwdAUht?*V-X$J_=&!(VI{<$<s&0?WJkJy;uI<a9r_#~W^WGNk=X3eT7mUvI{=Z2F;
z==98qp}*W~+c)N1C7BQXTpmCXWm$iLU$575u3uM29@0>oxIMu61u1e-LcCp(Z(WkV
z>)xY6QmQ1tbr?YRdv1?{&F0}N<I#Mv=u|7ql`G}-OIfO@++dU`UkOfXM|kc%kN$<w
z&=$o^8kQ$HXPnLlf>kI-!<ECkI-%eG9!@uAOV3YMlIyQ7&rVsO8P>d=G$ki)-yXbn
z#{qepxa@|oL+cqNihn6;zTu2g1y{=|pa~onUX{;J5Z!iv`lD>x#5Qf4`@0@`r~MIU
zzXfd;{8dZ@d^#rb%fDJEcy&DXLu3B<TD5hCA{au)#^z>_6?5VRoD(SL?IT@4l}ET7
zEIwx{VP_qIPiBK_(U$JP2eF+YvYC9-H`(AbiXmh@Ky{D2yQl8g-*=9_F{t?5wn=Sy
zkp@^-d9bjC7s0RfcAF^-&13ZF8bf426hJMi{VeU+kL@x9%UgIU>?sj^?^}+*{!9FF
zDFccHi8+xt<`=B2;a_V->W7%9MU+gd66RG+V}ZIP(>bg8HBdr598nXgS2t&O##RYR
zuw67W-+y#byjrU*ki(s^qR&*-B-8igN0xMboA0#!e$+fvKuyP9MK71vH1jg5d{2C0
zcP~k{Lyb2gk%GBd9Fd<fI&M5^2F{7jN@UOHNzRRfe=mD%?i=O;91zCvgIpqGl8|^7
z#=}>BMo#`TNh#*{s}%`V?T1azXccU!Tv-Wv?cC>*vfHKTwMm0S<GTC2rs7J2oqC3}
z?z;8%<WQXphXR#`X+t53{t%}wTk(LX>k`%M7XP3IOKau4%X-b@N^te+!b5o)J83Bw
zxfi}X<d>P`mH*e748Z-kDm>(y4~nv2@NY|4+wK?Es=XKfaVbNrRyO)r(LO(yf0VJ3
z)nnQeoqp=LU7?O)U?NkRFCOlapKb52A?>v8+df_>qg+!wWEwL^Nk%4$HCa80tqEUN
zsVP>JPnv=tCRcnD-;OcBr$4fi%#;u3uWR8fHI{L#i&`@BPO|cTrh>jE;ICqJf(sla
z!<wB4d<68HSWB)(>Uq$Q90V%4QJBztaHrp<Pqgx{qr=tcq11v!10l+eMaK`g5EqM+
zDQvS%_*OF}s%y=Hzq!?Jf4qnPw{r<4_=0CYj88n<RAU$2X6oz(F|WsFyiyc3*$6yA
zvnR#y?&(mj(=hk8BlC><$@MIA)ifUlHXPMCa5y#Rz(Ascd!WDBX_Oz5Q|ZMS+%}Ob
z5va$lH=FFxhAXtv^Ve2EtXS}}lOfiT(O+iSjbo|=R$wwWC=$T)6p03YR5F8O4ic)u
z^jc~yJx^|^uC;`d2wO$B_xvu$UZ9N$W@iwcGsJx>b1*$0VstvWuUW^gN>*l}X0Jf#
zHk}ULZsDCkAHjHTrbS%J@FJ>zrNF`Ry~+e~>J?a-GRaSVxCv|7NgOoQveA{Zr$y>3
z#A|1@Nn-Nzn851+T*sLyu`rJDc}HS5e`#cZRfsSz)lPXgElJ@Gn2YjoJi&Sre0Zyb
zF<XoiIVN?S*Fx_aVKN4kOBbnKrqR325HI@n2t`Y8rE-=oBvzmoUzAWklbm=R`8c<E
zRYCTvKFlM8B*jCEUTBd!R-L#x0+>uHP2=n5MSRL6mpz;PQF3ZD>S~N!F29t%H@?+!
zi4%<gbtaMO<_3#q*<r?DfSyU;ZKF;cxVF$`<SkdXXAhyw1$KX++f2L7W2>nOeqEm^
zxX<fipraW!tCd^6e>t?tE1xnVL>n(E!%-SsR6yi749qA*fS8>ONHV&o#HR%nM|V8s
z>86n%{dgn3G!3aA_4JaAE;lFlUQewYWeP75tzn-v(DC=z=UXDT5Yfo6i=_2Oi8kM0
z3;kG8+m?eEe>sEp;ipKc=hCVPg!XVaM3xyrbtftexj13RUU1Z*bvJk<P-sHlzl{(F
zizVDzvH^!$LndXRr!2RHoq%Xbap4r>=%IKZ5r|7dpF1=Ck8<Bq1qXIBPHWngx?UAZ
z8+H%Ro;_FY&<?2RijB#gp9tXfb-hb&pdF|nwH@Hqolt|5*}Ki#U*L+kyuAf%YSV<J
zN2shnK+GL}J(4HD;FK9NHG0bi=-n>D*6td06|IBa8c1wCM~ezF@r*=q!6oKmNw`GD
zb*dPs{jbIR{3r9Bw{)*V0tto-AUQg~DytPvZ5~L;oE%S-(8Ex&c3D}*amw`?^0!NJ
zJ)~O27j_RuKfg5?HZ|HyC=w|jQ;W}dyBms@6Ie8LbV5H>t`x_=qP*a1v*FX{l!z1N
zgcl2xmh@REnxY0e!zby)4#(_#Sp7{M&x&NO6@eXLMrf@<r}t_M!d@DW_1;oV2D&p)
zqo;mQKr#XG-Cv(?gD26$rU>^YQegj`u&i%}AB(pq++UDw;bh2kG<TJ<YKr}?p-p#u
zf0eE`zWMyUYn~}CWVqaPB`sqKf)hg|-~F<^-<XB&geC(WS-*VV*+2X9?5LmL&BWCM
zqgT<;@U-I%%ibLvtgzI(81Wj?s%%}v5e>tUt9qXJDmcFHm$A9gITvl*0iz&fUwdL)
zjK#kz_ETluW9aiHL)wnKKiXz|zD#_Eda#yp%;T;Yfw8be7BXh<Oq3`Tx<$85h7Y0@
zW}BftFk_6vuk1(`-0gKh7ka<_ye|*OL-B<;t*RFiL2(@)B`IE}ZY;*Z{o2)tGh!q@
z=5@J#4Ou+)T}op<;mx3C*ifA=NsXAk$C|`Friuxi<ClelE@hyZd3uh(swZPG(@V>k
z_+~?Tm_jfze?jvQi=41Le}!7e)*mQc%+<^xHflI<hHV5MNxva)Z<AJQul7RjR}fj5
zX%khBDSym#S>E9v42hdgR^Zje<7KLyz42HEsYnX}4iwuO^^h?n^|-|?v&N{a0R-Dj
ztFwt5JlB5~P{q&Y`vHE6p|^ocCu4L7r{T_@A4+}*CdQkg{`pqk;S}~_8G$IY)J$Um
z7iMU+091tSF{n7*b3IbYMCXzsOUgQoC`JR5WE3Y%1M-7gy35kBW7!JWAnNu4Di5{G
z^NJg4mmYU1lY&bKa)_1L`?yFr_0_+RO={}3$=s_PzzP8dW~xGeSM0ZT4Zgt>A7};=
z2ep9m+7T-ubSVT!lwtLz1MBE^tsX@xV_2%)RE4PwHCax3xo^{>urZI?3QOvUBETUC
zFML6%oqaK1wpAlsdF_q4(CQdTEonZqvc<Ik#0O02&;t)2FEy^`_lX`hO@ZA~lI>@w
z&u#`+&z>CW1SiWSoDrU{j$HidnhDv=<6q7LGvT%S&=@d)I=PPm4mNO}i$)e|7M{>O
zh6z4n-7|P9sgbnUc$0y8sDAeLu5j|hqor6=#L{Tq-Uo}XJx94Q`k2)tPk4UPx?e_Y
zbQI74b0n{9TuNhc_)|<|hjiGqV98Ho1f~G&RI*#&48oL?9X=-@GLV$WVecAKjpiMC
zaB4Drkps85#yuN^R`+(rhJiYKc$Z6|t|OPz=pr-p%t}tYORXx1J_AA){XVxxl{xWF
zpnk8!_CoBJ2i#lPyxI=u=z5t~T}>VKUg#Qw&Voi|)`6B`tiw3m9mR3obJ(#LDyC76
zc{}`mmZ?Q~>gBs<`@BPo?zOTqzGo*|;oIj~fdb3bRu!CeUy?K5So4&42)Aozzi;!9
znct~P39XkKx$dj`{<&)AwzkwT${TDZj9C9_bc`p!^OFUDc-S+$iy84s?XWzl#b+l}
zrKfK2;F(4_>3H+s5hJ-ptIq6Z!tCwjV1GG&<Z+MZw$r`Io^U_0<lEACKy}(*-1vao
z!thoVohdlK2|5z;GTwNt$KMYQ{(YUo-lv<8Xez2+*&qj}pY_pzT917d=3s|N6lF1j
zv%biyu(18&S;jo$iLJdgzT|=-POC|>=ve9FY(}dVmu&l5T3!;A1{M{6>YWv@OT20F
z-VAIfDof?8exykIC2^|9Rp=-l^f^V+QD{;UN7Uy}jFD2PpuVR<U<xQ&o*KFB6rGP+
z{6+ve>``o!bx9JdnVm|SY$KAiNCdw>FUGcb>UP<Lj|RpF=EP@f(Ej$L-m<3K!V_Un
zVV>O8s`h8xmP<s*jx5W;L05w;W#aF%@1u3^m@6k_`AfXys!r+tim!m>QE>GKDOJO>
z>Vir0DLqe<_Iq+HzjL(I$KE>#S}YWmE*9(+5;_Bh;#qTsa_mxP$|e3Ze}F(4M6f4v
z{qQ3T!;>50t@vHimM#{m19HD(|9D|v*2YS*8<Z>JUJL`Cm6EPe4^i(%6HP?y1-9x7
zpX&;=$G?fb^KNl4YLP-GomkQa_p7F9>I-oRP#UKFl@j1*ihXxT<K^Bs<sRWX@(r$J
zZ13iO#V)e%%!%(<-DA=;gg{a+W3?q|G?=|V%m#mI8denXH*!6xGQbL35Cm&fC)^r_
zmvOi}BZKxs;eH4_r5tziyU^!+Zzw+_*Bn)@JrE6HEB_ihtG>JMeO;tBuwFdTJl8dU
zv|@@0C-5r6nh;VTJnXS#41B(At>d$^w|r{HXAGvps*L-X6xBy_@u=F8*+EIqEAUF<
zs{KS|g8<5O`9ifr`c+T$R_(BIJ7DYH$u|>|S{J&!9ab|zWUJEjmf-0u&2@o@xbK_g
z4t>gRVnNr~bGFp9d)Ovd@tO55ksGMT8dzbxAN(PYzpfx7OM^3V##i$3)$ajC2sD0Q
z#y1%fCHXBJG?O6-x`gdDE|fM3GSn;?oFm6+*>g8vSuWnv8VD{GzlqgfbB2s7WkkwV
z&}ORK7Fyiz&grn!lH(XHrVCkUjOp5_LYkpY(Uw)?2|j?E1!s~HsDVsG^T|n0rjoNi
z_p3hl{>;WT$82_8znBcJ&Dx4^T#ArDfimHd5fh4zU>x=>Rh5Yb#uMGxML*KNtgp=Z
zUwkjiAYDuW(Y3rqaeit!<sWrwJm3|N>Tx$KrV*pes9cp7X7qoQsv<=Q$&-1+*QiBt
zuymH1J#nLjNCj7$0^t&t#O@O;xo(ubPEUpPn7qHKl#l$HN=`dS(v)9$Z4NGm3%2Oj
z6UQCX<B43A&<IgK3Lp6py>sVGZ9&uD(lhq}Ht*)P5Ltq;?%=yE1l5MuxX8$AtQN<i
zRGj=(gwUVy(x(@ZWJq@H$eSVkX)0bZ_tNjw6%Lz87wm$x7&l8SWyO=cF?X*XRqL`X
zbwlzJ+0f|eRv10~NPNKZLN1PZ(Tn0S#k4c+=`EvjCpH7zJ19a7octHSP(S@fNpS4S
z`@59EsCb!4NaJ^3EMcZkjUvGOP3aToMjG<UJoRhs68u~=%2R1&FIYB~C=WQk!QyW7
zRE6AoqhUcx*g2AE#eFeBvu`g`k}sk<g)3I4Q_i{qGlI1QrB0xNB8VZ@iRDVuoc9RM
zEg|jldVkm{@MQY+a~znTpQSPne=F?0?g{C{JPP#^8}IfP8H@G@oi9J2QT&*&K*B>|
zq5;&B#yW_SSb8vY&_uZCrLkAZQhRVILqhnwKkc&GjGNrxH2amQQ39uw7yrJNSI&)8
zdJ9Q)FDQO*s&Qtk#0w9v>|^er19Rk=?!IFs%aJIOpeG~K>tPC~UjJqvW%%mZkuae{
z>Oe_2L-cZ~0d&%)DuW?#ldqTl$aB5J+2nFgo?_-AX0XyIa=c6t9_FJ$D|PZzGN89h
zPoC(cx^vn~Ut2*IKA8*By}1+@;?SocukTxUtG8PdD_-*^)>`fnQCKqhgp|3P=)wd1
zmi8j6O2lu|4irk&+lr<x_V5OUXeMgq_+WYcu}zxCuqY`Iu=M0)ux`*8NOrRez~=?<
zo>yLK_ddL2(CF8qd$>CnVu)iNl=}c_IL3477~%S+&wVVjk%ZYqX2+vO7||ta2>*yN
z>M$6HXHNX_#{<4m=L>i;fUhl2GITN|tV?5D;7Ad7#g_GE(?)MfY@>=6R6upB8)s7(
zP$dPiz+)a$iLlha6OFi|D->4ysA8^ykheSNaeGD7OlCXmeXa$$sZflmF|jUFY5K^k
z5kWb|o?S2XksxlZQ|I3(jo%!zf(NZWS}N~rjlN)+?vL_YRSza@bBHh|toh8zwBr~(
z<OX<iO5Q$CP{EM;QQIOCi$~CI<UY`=KmT%7ZNoI~H7L)HEv#12vXZvtG&!!M=62qg
znn`dI4E*-!jN>HA0OYE4Sg_%cBG>Q~48?Gy%4hK$dHg)@ZC3$}(LE4o9<#B+oL_Ls
z98yVJP=zTMfpm{fDNCxtX*qxGNXgL|&%mIe@7c>q__4{oXhmy@tMX50vRyI(jeKB2
z?gfL;MyfQ(eV%sYxJg(6JZfTzdtCp8+8LXpxI16~H;b$7gLv$i{bpf)e15loBQW;8
zNasn2O0^HxfDJegUN!vG5BG^3?5If7v3B$Y@Edr&CuQQ3HhDdoFn^lT?;@;$aeAaL
z<6`u9iLsepQZpH(D(DmTl+Y81UL9|5G7citv?8$*qjz(yy9r11sg!xi<HLf=fC$lo
zqj23-j$1e21fuV1Fjd*>pXt)R!OR?Izx~_j@>B}ozvB3IscoMlXT?!inj_RNv0qZv
z!#=_>TN-^ERO#HhB&A`-gt!DFOxxl5o4t5)y1AY&fzkKa2ZLV$FqL2p+b3I{Z0(^-
zO~;;{K45(IIfJwkv{vcgpBs?P4};a5=DEmr9XN6Yc<EEa9<S9k*(>i-pa-Gw?W@y0
z5pMm2=^NSY(J9)53BxfP{#dB|u=11yA5j?bCYwQ<HQ>apvx8AG+_e<478D5nH@>=R
z+GJ(IM6G&SOBf83dckM{N4|K(kMw#fdcw0<zfD-cwinBNRqkr%`XP*C+c#;5@TqtD
zsdhRbS>X`Z^As-Q+(pxSmU%lKA+o!`33c&!=``cTuU%tcv1$ZG6J{tFa=B@)Y^PV`
z^QG)~!|(^RO%*pDDbdW1XE4U)c)WG44E2IHb=Ah*2YQV)`CY*g-uj%tnE)ZjpMUyD
zR;-r>h>oE!s*{CKLHD!G@?*SuIO=dM6y79PQNCy9h;|*jFyA(hLLRjoi1yG9tMn7E
zFO?wQ01tFpD%Vds?|vSSCA0S(ml{V>f!r1Z`99%74;~TRww^O9_g)}dBNWTB<Pj0y
z#;T`t9g_;yBriGNq+t%uk^ol?wN}WPUuODd<_?A7t=~${ciHjvA?+of`Rd#W>exO&
z7ckCamFG+w23s$5GhZe4Y-r2vs^pA<E?divPdR5F|0VloY5rESQ00a7Y1);8?SswU
zUKng~1AM&#fk6FxB|=pt4&1tXB8GD)7-A=gnXE2JpqGw4ET8B$R@he@x#2hdetHsw
z?OAu2Eo_=vJ3ZYrgG{}*sWEwYZ!bHkL8jad+$m&J9o^;1G+c}T-6dGP!%C3BIt+=%
zfpuM~z^zq&y>eaN-aYwT8^zex1(nG2D7s4wo1k|;oyTwX8w$Y~UkDZ`S4$51q4NMw
zFap_ljPN=Zab4KuFC@Jb3`X+3!F0EG2W-1rKlc__wzBLNVWOWsA>S87cOn1*xY}XQ
z__;iO|2Z1^|F0rXeq0Jj_KN43=WuPvNbyG9M{R~TKLqRSc7uS4#-JpDh`*cyp^d+{
zVPvAlp3)0$NF%Poz3`}hPG=RIa0S;!n}O)_CxbZn4h-94{o>oV2zwLE^6romstnyj
z%P1~TaJwA$)5gN*V38j*cdEpM_6I_C+;Knng#}F@_aZ)3f}%W!%ks+DEAs$a<!HPr
zti~a~Y)@*#zQ&$j`vH|pW|1(C65^?pC0H5y4A$eYaYDqyT~{f7UgJQ8fs-B|+I=c@
zdXN3I5|fG8NiZ?S$Dd(B+-->_^Q83;TzjbDeN62Gf~HYg#f0yJu}En&@Pmbk4ubKZ
zemiHp+Wzg;$Jh>mE6s`dvKp8h{?8a;7Q8!i7>`fF0R+|}j+Fn(2|P*BV|L+@GtZ?h
z;~?UkfUQ5VX9tveQk!B@6@dy&j>-mii+S@@WF7@mQm!Z`@fus#haA4LZ_K$(^kKnJ
zDzNqu;QKF9Btj3g*?l#0?&npRB9uHXrH<b+C9Rz|@GGGF4|agmGHvWW|7gDWgx`w%
zrcd9I77O5vwaHakXs~DE{FyHJwQbaEO_oQrtBSB%h^xkg!-w3h!H&}@8q&vsPit`t
z*)odb7W~LaeB#%E_%`Z7+eerZdKkUQH@HMD+qv^F1(U3=0wc*16L~CN^m-T|Gi+M9
z^f&LWJZWY;Z)S<o{cxUDf(X-tISN>rB;Vyu@!ovjt@5?-{I{@J<~`N<T?$fs9q!MU
zXq+GQD-G6qAW}ZYAI`)lEfLuKyk)r6J}w@+4*Jy-yDo>SZJy<CevW$T`7ashd3O40
z=7`vewp<|=S^#dS^)SqZXl{PBXpdsd1i*vj$+=Fld;xPZn-&-Gy1lwd*!Ei&_pxuc
zXy}J2Ip}7k6&L72w8w}pH2e{r;`0(8a}P}2TMd{8UGibAu{^X|wcIE{x5*EI5_&xY
z_DU?8IF+~>_AM@Jd{)>{Wf#)kTNZ8BvQsC;3o4IzFN~;^3y2kG<9g1xOQxUS3yjQ8
zYLkNv*Sz%{^GH{AZY7%WI_4ni%(17hm#u#-y)|;S__iW>doGjfkY&cFv33XTlFuh#
zF!q98;!*++oL#2_-X9O0V%i{xUzD___MDi4{j`M6HM#zl^$4SXkn%7y)<-X{XrvZS
zWm}<7FoOzLZuomW6GpkomJz(-tLDM1_rCMw_nKQ4M&h6}S+5Lq0Jt$8n*$<Owws!G
zh<xSwT8L<zbgA76sA(ksH~a9ahUNRgTOHcDti%4sgm>2%R(Pg9m>8sXV2_Q*&x{JG
zjxM@?RIwL6Tv?xIfVFf}g$xRW7MrlhgJ**d<WVjP4qV7eGAS34UbH(G^fkUW`W0H7
zOI`(+aY!7_Jia*dXet=Rc)pWmv#*E%l(zZjx9UdThj+)x#^`mriDFU8;-tL7^mMAP
z-eR|QyL1%xYlaCtNX`%8XL-^cz)d}2u2ZeqhOoLQd_p7&x_Y={CTRw!gEd{kn36!H
z^5i|`f*of9{pq%2!6*9h0Qm5xk7UNM**`7|<W)jHPGZJ_x3hAAxvxuhzZlgqg=EB!
zfh9b`W7E+;kB@!REA|jNL~*u9f?Eo$rmVCE*fxgRiDEsfs+VSND4n#kfa$=7yqWZG
zQ}1hK2sP}$0tc^FvplcQuDt%tI&F+8>e6cfbjN&DR8AqAQLvGNUSxZh`xt%9D*&dj
zUje0z2z&a)?2YG4I8q>_7Wb>^>6mQw{z=+<ebA8HT@=yF^<AQw40_)Ht}U-vh!x;;
zi?)0K^UDV-PbrEdJFc;U!Ndo>=jyNKT%PmYvb=>*%wUz^`_whU80bfGH8wxKL_t$h
zjOhOzYb<aYDx8;}C4WFHG>S3jNp}w+Q(t{;=PlB`mt0Ku@)CLUa!6k<^xfL(JSN18
zO9kpw`?xfC^kLke=*WHNUN!olWX_Syh40q?u=jqRx5(OuQ8#E&E;g~oxyq?*PrV*c
zAn$zmDsO>pGi|?}{~aLVH#T^!Cy%+y>9;tAjHxE0s{VEZNIU_T!r%qyU}A4o+*X0m
zVVap5RxTRS@E}U4Z<X981aP$}&2EGjze%=fr$#g%2=p?f^}W+GGZzZg#fZ!vFv~4^
zfL=~+1gvCmE&s{LLGhq9K!li>R=n#Y=Jt%XBR3EK1N3sc4nbueXpd{ru@)uth}*3s
zXE$CY@<CZ%z{2qhDz@qZ_K7NYPj2LL^PKWdZ#nf!dj`6RifG-siISFH$fMG;YD$E)
zJ>(CK(AdXHFpYeIh{B6}FXq5RlSkZ^)79u$SVhjzM3#ydgf8Pg6x{P4{xTguC(s37
zBS!S?<*?{BKbK8z2_s6`b#DLS2HK*L<)DS>#rEJP)^O{Cug=_g;S4IKrIi9jWK*g}
z0DQHcsp8irSt#;nG!^3gi{6i^Ugz+g3bL~Pn915v9JR<xmJ&CD0wAV^;&g0hO$?m>
zOM2hNU*)UH#YSFai;Y6Up_YcY-v62CNBpzs@6`ZU%KbS>rf(+>w*kvH!fcS_L)3bB
z?IW)G&n05G6Q7KEcYWnVY_4$?U=Ms9a!nPi5GS*;t6DAwPd*B$wobj(o8uwDaFVat
zbJ50K{b@xu+KI|h*qZe#EOp+Bl*+(x1i@5*WPZW<h1FWDy6K8Y#Yiyb4%()!MZ1MY
z*!rgBlO^8Dp>LN2qm<6_AqIve&_v>7NEcWCs{s=HtUqV<jT<2y;sX`HTG02!)QC;x
zm-sG%*hGzs@;7Z#zt_x(1ik8U9p6$aSsGW_wp&=yK)UavZpuBWWi2cavw{zUT|CfD
z-Sro!orfzbJJ55iH+z*fYb2Im)zjpfjTPp!|K8!3MHiM!`Ig0qptDGACDo<8N`meA
z$Fr3C)pELq;xNfQM)?U4u538|!=l6$=OuwRn%vCYf*Jvf)ugsOM?vyHalu~vjn0R5
zMqhj<R!vHR+{1AUYPA7bUyFi9{V+J{GE$%HM-Ih&{nN9WoWv^{qkI%r=K{w%;V$kT
zLOQ;j*3nHM!H5PE&zg(MBhF;fGgOY~`0Uqg^blh-)(KM~?{(GMK~2gJa!r8@O}=bM
zV_}aDM*%Awb#<^Y+uMM*nLhuFbjz5dzolYa#~hZw;KA7rJoS51#bGyx-G}p)2Ot|1
zl?99z+Tcmp?;&L$0gL5Fd(Vw`3pVekD+-X{056{8DjL9yJqQ8q{X!4<v<-WIa!#pT
zH6ZqiD*;TwDdfyFWY>ISw)pTF14%IevjTZXX6$vQvwQY(EX#V>9OQOS;eolnGUGp+
z0500~(v-%aYZpNEqor>*zL!HSOTqB5rx~X|vXR(j0o%h-d@9q4SOb7#i>50M1NjL$
zKZlM%$}(j2&G9n<3{GW`giJ3z-hU(ArBj*(c{P-<#IDobBLSf(n<T5ADQ{=yB%jYM
zb~Gr*3C2Dg9S2vinFQafX}POQsqY}nE%}TL+v9PIIqHPg65J_mJ?z%Doh1J6)xX!?
z765FEyXO@z8o=LUtzG*t&kp;k$OMU_Ag=Q%*^C>doapD;vk`pvh{p_tP0$rd78}z5
z57S{3*?lc3nRe>GVp>0ZFg{pGInuCc@#Gqsa)_RH%jn{$9pT<lvjPiDy(+#~4L#Nc
z4ha1Iv3fzB)nYHWoaX2&H!Tm)5C__<BeJ?_q9U`tPqq_<Cg?|s8%4^&j_=&$MC`OW
z;4SP%z=El|8AKw&Iv&owP%-u;XHR&^n|2u<yc1==B0!zwOkGl6V~ngdQjd2GOwuxy
ze#~lAy9f57&KI@QOzsowivhN^I)TTS#OV6j`z*}tYAFV9G&HJfBtsB_Dj=Wy+XID4
zje59D`%*xXrG{SLTg}`{Aqc}+xWhzXp;n6a9Va(=mL>(NaiPbMB@qQp_ZSWv85z99
zCZCF~=#fYQd0J1USd_mkbjSq-PAEh$3)i!9<+6<7kR!q5mcrZ^p$wekMjam)#7Ihq
z0s1P@#^u^?H-&z>-{?-HYleg6|1zYxrh`DWqL~Q8b?X5=$FnA0N+3b3ConpZafdje
z9UuZ!17Wd~At}1n*revz@ETvb%9d8<054!`gnervx>`A=kZlktQ<DowVdQQ4U=kZ^
zk5%1WW?^D3Lt;UEWrn+cmBy&yrrMX(!+3&kQDN_`u*C$an&=YW$*|N`^TM#`%mj<U
z$lXVOR*NKE^?Ay%JOdPeAzSlD_EQ2EJ5gK!bCTrDIs&PIvKZ%<)^QdH+Q?)Vq)xwK
zPDc240Po09UD!+yc%IIH{ol7xd-hF@z2FG|^E(y*x%OGDkmfZKFdgU=@6$J{D~j2*
zXAkhG(}Z*WoC=9FNB5TacWfp_`54UwgQ;1_@5U@e!;2n+C6gX3?Hp7Cw812?_H1t{
zIuL;iY+>?Vtl1e}1%%hj3&(9cp+*BYNW1lK{j~}t9`E%EdR$!`9q1qCwG7uP^q^)?
z;G|?m#wC)fZeZz=0O9gy5vTD&qWuee=Gqv5n7?fGOXtYoids5Vu~OqRGFB(D93na_
zIVoCl!h_jn>5yY5?m~E=T=2JxMIocsFC@&6{0X>}{G!SJL#z&%<aSVg@Tn1}mT!Y%
zhRdc+L-^R$I{Q|~$aaI{vX!N)r{Ex+*^0B4sZt2tp40jDm7`r0mxnM^V))m(dH?Yf
z8nALb%m%2kz#Z)UvC~z4YxcQp6uZ@A6?v;lxOOmxyY9IMk&oNGFYtE9dV4eJ{#TEF
zZZzK_Ml*;A{sCyYacp81(Q?r`67y4VexH&$f|pb#8Va$oYxJ+1yGW%#pb#L`wqe)p
zeqkwvuA-0<h^DS_&0b0_(oBBrJRvl3;2Q8Shmbc@uo}HzKGoasc@&>cQ*!gU2f<Ct
z4_g=QqvL)G3CZTdpvS@S?@7&iWxgJ2lG#ei5PZof&L?%(>l+{UTkuWTt*>((sS}VP
zp*)7}9946l>m^J4xk`MQiE|sM$cSbN!cNU#UBtfEO~YHcJRxU;WXbq{kjoQUe9z_2
zn0JSDQXGlEFXfa_U-!!l5O?&}%vxK5GqA^FdtB}uJ8w$iQ%P`=#vjD)<CyM8aOuL%
ziPJgs@TrQ;s1KAPSGk$whBjka_*{pzAL;)LSX-5K0bn#8a2$rN>T=f=uCA6Lg2xaR
zqh=5Ozb0DzRoP7GY$5GGk#c(eKtx5o#IRk63+*5DH*HOn|CdNUM&RE^@=Ce+r+Y>X
z)V4cPD+F7y>aveJNA4_y8M5u`lvA0LTi-l>wF-qlZZ`(rt0reb+@SxT-4md<huX|r
z6YXyqfK88rL8@KFw7w#r*HW(FnxoS~A0<>!>$V1Ag)~UpUpE?D!W&Y;`M<O}B(3d+
zWiC10>A!<zJc-s@eg|@%Hu~8VD8wuE6N((X7drnbk>@4NE0y&ok!x`Hx}2+{dik!c
zE83aC+BqB(qcGvk)qCQ$qRC>r750o*rHvPh#-v@1TRJoT%mVq=%=TCIHNa8L*PmlJ
za8wH(5W5$To3dGlsd(wh({T#BTy-grRE>L0h0{|fg|i}<iVCO}mHv}z-&Ojl+VQDa
zjMi*MVha2<&<l9<Ywe!q#qiVDh8o=j;Nr|J*RdVQr-Vy39Qu(5bXL+U7YS<HAH9V;
z6lE7_I!&jaZx~)hsV~9#5-ui;8FG>N=K>cG*(<fTBO>P9>!KHV1=m&A3|C0DSZe-J
zxX--#%OI~uquvTe1=&||>C11f{7LJrZLBKn?j(mC@jQL3+xr{#9iafEr1m(*^CZp0
z`ojzD_aVP&-7GJmAREXOQt-)^0hMl8y$*>d^ehM%SEk>YMv!+?saM&O&7+X-c*Hez
zZGA-?mo(X;fIr#!hnNxf$eMr@J+TrDAmGni9yT;k9eLI4vJ?xd-23nrh}rLmT*vGg
zo;|9F`MT7fEC3Lka2kBjPo!^1GuoeZ{dTM1NTV?OR#JOBo@psUt~j=3b>@oPp;_y$
z|H?(GXppo4jWGu0AP;$|XdiyN)^8AGn?||B=_swb+*fR}2rdhxf^YCvz&<Sj3KY9J
z@yJ%DY~qVU^+(9usV?u!5WmYO^JB14pqw9QWChNX$h8n$$p<P%rk0wp9S@!s4)GU2
zsLx&39e~3w=YQKsrIdSAk8U2bo^-Vl^!V*aRCPX>;RPf2b2`H>EytW}pOeB!4zt7$
zSGZ}6j~paz7P<&W)LhC9nx#q^Mp4M3o@GAIiCaoo+`pCVaI~FxGzXY7RasKs$t-=V
zuS4vKa$q!4E*-F6-`y@Su_WE@`DvJE>h@-!g8@(aJJRTr$PKwBm8A?1&w6(<n*KR`
z_u4L?bhaTcQfdU4UlF0X{Auvyj#P4dU1#}i$tEOYt_59cZ?#=){`H>X&iL7?_R-V#
zobRz!6bLDwmM)=S!k~~VGwV$oY{mNV@l{X14dLxtGNiI%_G$354WDm+M0u-c&S+j!
z!8UkbDR&3H3X$I>T4yN|{bFag^8q20kjr1Ab$?vMj2B2udFv4jzBM1T@LGD~QG+|5
z%(Fp@rmtL-U#0H9-l(e`Rq}tpbV+|fy`o*Dy-|7Gs6)$nk9)i7NEu8C?8Z+^i=VS(
z-#H-$?OH&(G_fKyo!$X06OJcH*2gKQo6h^AaG*g7;PE>r$br7Ej%UXESlq3071`Jv
zH^kMlWGmm^6w%n;>w1O$fTjhBzyJ7<EtamkjA-JM6|ar20ma^WRGTz+VpGht#zI7f
zFUH;4FdQdwP5_Grf%dk5|2eWu6>tO+v<Pp74RYqv)jJE1>2&6Bg<$Gmr?w^eKx(UR
zu0>*jcjXGTNpfxA-&}7~;m_}o?818Q;8C8&QDE`F55@8wD?iY~KCH6G&DNrR@k}ra
zUEo;ww~|W^F+jcL(X`_qnWrqND-46~n~}e89O39jSB{e_Z=PcRinVR_=gM@$3R@-$
z=!ko@5VZ*IJnJDuB-=&;)#8wC-R4u>j@xtt!S)<D0=d4paQ47VgU%eKL*iy6(^BBb
zZ503}Wd97k<}wNA=AX$L>>E^5%m8F}jn<vz>jtZ+Hb{MpSiQV7mAX8tNCMMCIAzo(
z5MMH-4S(=6NM+t;s4BWfpe9Igw3ldGqQ>OYzXtNkKLdFJPC%fS&-@30PN?@kO63b_
z{vW3D0*wE|RQ^TzTh0QpgQw*oWW$OKFUV%f&N1EPzL-@!z}Cj6jcS=%uB%PV=DpiB
zg$OPQca-VCQ?hfEwi?a+iPp&U{;k>TX#nq1hCU!&h&X{!)*@|*B{R=xI@pbx0v#u>
zZW916Rc<5k?rkAlB)4U!>c}Yr8fpfnBE$YuI1j{kYF%T^HfG3^tm*uM0jax-bu^6@
zipfghO9KgIW}(EC;us%Bd-iH<NV5tOqL)dTgm<Sxxf7ux+2)c5L~2e^4UyYLX~$g*
zROw;$)f@a=hwKOY9kmjmCQkaqBz^6{{)a9Srd_l9)kASFKo(m8qZ`<MV%oJMe&-}(
zhNdW9BFn-TG9f;l`47I8k!O#)Wy%lcLh%5+l)Gr$jKL#v?BD71Bn=s1v4X3S5-&jv
zmD1<{FV~9HF%a>BsTV@6EaYm6f)uxu+OAXNP_g!N^4Zn~UW$)dou!BWm(<uIlWNSf
zpKYyQ2(12-Oy@^N=4Z8+7kPD#dlkZ3wC+w?O$H?ziU7!9$M)b`g$AW^Ec;1G_R`=N
z1mgpc&%FCGih(8PpOEbOA<@$Wk_z`+_G-J3`{N7oc(p5P*rljo>--kXx7FhNSkryP
z(Z|)2>jKRavvds&AqOo8U{O<jSlg{t!tO?dBH$i|Y#^c+{##vsO!lWP*Z29~(&c_}
zrH9qH2gso(GqQj7Q!h#5;};ZtS&6?dc5QvaZ4xH`S)P9x_6DgUdtz@c;1Ecg>t@!<
z&0gJ1UKAf~<Di#N_yqVQ-(9N4GK(?}>W7a0R}b9%Y>ltwUM0ST8%kB*_VX9FF#!-~
z&a@40nGvxkS~ZN9e*0l8KEk3}A#r9c%aP;9%Ek5IFP+{$@@l6;o>TEFiHXEq#KF^_
z%rvkJvf$(<ir;1Zflc35PGqK|mSXWR4}$0M9&wvQjcIGWL{0A{byr^_7F73ROQuiq
zzeXU*s|sX|DU7Au8J`0U8y_C{6e*s@M8`4ov(hjXXiihMjwjQnJb37@lk3||qp=zb
z=*befqL{N?sa<_;7WY}3&sV8bHUCDIa~S-CEcZ^*EdUQ~!fqoiDDADGrn~8@(GCXe
zR8YMp7sz5hjnQ1#lE|49p$&<@SD8yUvPwaQ8E9h^H^+?B9hH4eQkt5=7S=LZh@+u$
zaucIm6+kCyb(?Q{JGJu58O%DyGR(AFK7jMoDPuwUStBOoUNSr+=VyIYC<UnVEt>xm
zb-rbTqB&0^xH}pD<kd?vNzF8u&P`R!_=+iW{FrhGTFEY1#MJIqT<<S?4bgwh=)2fr
zv<RjGg}~_twbmD5wjG@qXD4~=ioi?b9Hi63p$81n3Bb*Nx;^!w7cdm>y0ui;0*wHZ
z+Yi=F8|J&dX*EqSc;Ck4b<s(JcPiaF>bcu%vlH^9*BRelwua;gOIC71c0s)B?oGp!
zB?v<cGTi93v+D&D(0+2%LU7EM-vFR_p=XT`K|G0L^(l*R#jxeo@{sp}TF+izKCzJv
z*~$KqdB1Bs`DeL)v}R)U>fFqP7CKr!;u_&c<MNSB%n`{%Z8rT~taBvo2sizY)p{4>
zKdJTUXa|MZbwuYqNyDq$kqUb4dW@Oa@9~;cZXw{3W-D>$bS><BPuc9=gGCGe_?Awx
zpzxC_*KQIRuDIdKqV?WAu#Rv7sQwg2P$u8AdJ+WkzU!T9u`cW3r5%wv!&7%wy9%{Q
z<E0RY`g6*?+iv0*t`PfqSnc;OzsTyxzuXe6YxxVy{r>gY4kv)GcXUZ<6Ve%8>W~4g
zV!FB!x%VKx&ie8daoCy+eE=x%rcVPvynQu#dc{f_!!98}V?9+EH_pou0)1xhQ3l~y
zyt^mWkDPezwq;w8A_?>7X7pqY#*?_`I#37nvTf{GuuatsjwthsZy0EsM=$I<AD=b9
z!uqj3+~{}z*Q8#Ug&T52>rb)V6?DH-Tzl71N)|9WX`dwS%e>&HCPsY~Yr(UB<(Zv_
zQcSMrm{$RM-hzhgh_$vFwf5)LYe<`)>rpI}9h_4bGszhMX?d=>G!tY#YN@vDePf6D
zO6(}gsTx#AB(*Q2ANUXG{HRgCV)$j(*ItNG@e8@ClhM51wB$Fb`N8wVM~U)cEEqUy
zWf7+xax#0No;2%+U5}sEtuy--DP(c|7>m~E0RlrmZ|#pS9ut=8R-=*m!2pU(qdadJ
z*D-ODW?lpW43G#Ln4`O2?dlo`ago_KkeJ!y4PYYwU(@z``X{G4d;?~_PdAWh=1sQQ
zhyOP<x#fSa$s3*jS(7KT|2LXEY;t$F_5Rb%*R@Mi+lBEzkrSZZCdp*-#y=b!aEz^K
z5ioRS=Wi6gr|~^qKiRuf@bhDe*+faJWivI0qEVB%WkH#n=q2-g3AL_A^4Ho<e$L4R
z>qJU`&5-CQf#$=`CJSFjdE!ypIv@B(&K=j~FOM7bR6J~MZSAEgNA$neX#`OD8MMRX
zsOeU=&n5fa1m7Ev)&$uc`$u*@-5jx-?p^2{dzUSB017G2BXVv$g%4F3_`@aw1%loz
zL}Qss;U~eAP=^{$@?FUu8P1+Q^<-NsP;vMD)Q~6(hm%&X-Z`vYG!_SRyiB$;yWb80
z=m1`?PvUd+>Te8}dZDS-I<ZKGz(^_wC;9t%1kV$nyllSI2osoE_H?{ja{?OduntL{
zSwAX$_H7^<XlLZaiTNqr2YvrbMt(vd=-)8%j@^m?P0#rI^TZ{M%(FuC_i_gQW}DrX
z8_xjuPS7v=R!=2Y;L_J_HS6SCy(^R_OkhXYdh+UZvL4rdU$T-{-M)gk-)m3k3VnM_
zSK%IC1SkD<x5?Y9;QsonR+=#_^2-{J|J`W)U>>PL1bK_~FTuJ~r~m)MT)oJec3}i<
zAVao$8LXYuTdrX_?PeDLE-lrU?8kI|2cQ39I*Itn#n&4D#l_QAG~(7jim7qGOKy(6
zAJP2<=q+EQd0#ywq8lDbqZ};xt0+&*`?sRJl<7J)x2WNf26FRT2c>fgC)c?-L+8)j
z+>E`T_IqDn0G&{5At2nd!r!3wt8?RAAz}q&6(B7hF5_E5ula}V=Kqiq1&(YWZmJw_
zL^XdhZ*u5U^aXN^PQ5m$qMGh`O{KsS%yF0m0IjAOQNENAY}%R#)QlRPov$D8u(`xL
zYfcIjybrS(q}?lkS|XHe*yq-S=!vl-Tt3zdQEZpBOyaSO`P|_`zmEPHy`JaHB#B}|
z;yViW+_{Tt_yOx7>;8MwnKo{~*o!LsO|0XUTgTcxgL#)^BYb(|KUlsWxq#N8Xi_#j
zdfR6rjE#XjRs{|M;&6(V{bi!$m+TsUtOh51k*o^i5PwD%=QyJtQP#|Z&bhST@ysuw
zPEF~go4(^VSh?BS^>IY3=182mX8jiu$lknF?(xb*#NJ!&_ocby+6Sd{%q*gJ$1kSB
zC%M>lYigN3BHc{ODh`%TT&oWXszcEh@4O8scTf0fo+iK)(yakZ$%*m=xm(Zan|Mr;
zUJ_1ykYJeymD<tCJ(`CArw;7arMCRls#)JnHCSvgOm`Nn2l>ZV%?(5E>sC!USpIjp
z-Ba7u^IdLdwJ6d=xu?fT{pf}aU@VzTX%43;ZnmT8kE$R+Y*E57E&J>mzRPWolz)}m
zfAQ}l&H(>T_MLy9#Lb+>k6%b1&BKwi^3h6CnRnC0=#0}?@~=@JH=0Qb=etL`c=g<&
z(Xb<aM3vVFU0JaQd=oe|rabNa{+23GtiI@0{Bdr?Qkw1j2pc|?x-M{_!v7=;@7b0D
zK+=vOo!T%?o7Xg3Ey37)xtFv>(>ALYlc5PE7%rE<3T~r<OO0d3P51CfSKiP;6E$yo
zants92AmJ2lIL)1`$I41H+@f+VH+)!wD;2%TRF_vTfo{OMrB}TyqQ)q4mhgs&0kQX
zPXa|S>d4*vUlQ=jvq-mGDS&l9GX1YucbdG&VT=FBy8l;lI!5hUPICyl$bxn#Oy(X<
zI47xW{XQJEH*nsVE>?HOl4;vZgD}t5BFBKs$L#XMaFb)3(_Zd6M%UhHt;<N#s#Nj!
zJ2p%owB3O4j0?$%2NNc^U*pDYzhLijGVm4GbB3#=|3JNCxBgq|ef#;AqW9vd2S4v|
ziIp%k8(^(@0i24ZfI~Ij0ChYgy(=UHeO11}Y_ykesa-PFy-+q^`1eDN0uF5|xE^+&
zdNP^NUkll)t+k+6S3jgvJi8jJ_J{!;mU*0yxKVR9mr!|4sNMrn73uN6tVgE|8+|-w
zfsI}^`=~m<jwMsK<1_czO7_Nmqk!}nZwnTVTM<Go%GpvPjX_b}VdA5fUk6<SPp&ZE
zG}(KsTy)?w^|)Sk-{H`JcC-I4-rhPY%C_zIw-pr;5Ger}x}_TwhLn&TYCyWXTLmPC
z?v(EC8l;A9=@`1Zn|*of?fpFaefC~^zrWww`~i!#7}j;2d7Pi`_c%^ff~9ZqE(of$
zoRJfyYDi3>N*1vyuMM8OxGi_SD1n7ZYCS|Y-aCkKX<73qV}p*CBL^#9+zbAt;+f;?
zXB`DIs(UkMe0AwpP+>DP*v<`;c?4D6sw5S6H1fR|1wu5>s-C`9po6vWuJqa*Zn-6u
zdznyqWbIS>K2&*#soIgi7B=SbeerGbQrS@jwGtZLuv*~&=^s9n%6zNxun*>1g{wL4
z)F(~iVh{TEPeeOf__8xIsbkJ`!DkY~4!Zn%;lXfyo*V~L4P5siLSfB&++mCyslimw
z(Xseh;=C_b@{77+$7lkL+N458hVVEil?J<QWgoVc%UCin8heIV2PhpV-`$mE_yG^$
zlsY%%SHB7s3q}8261b}o=+n$&6LMhEWfJR)Q@0|d{3`2u*hlHchZV(GGs97D5qqFj
zz<AY^nWK<GZDc$Zb=+He{Dyg?(R4tvwoW(3`c_}uKwgCJI{m)23AIMGwbMW)^RGRQ
zb{wO`@@SGzEaK}yeo0m8qoD>m{)HDQ{_jVgCVti7@k(k;lHnpugwdRgVP>R;-|2a?
zq?b*5qErEaSe<3r2qaxAB-f|DT3bnUo)P0CFxy@VxX?KXd_W=V($E|{#Vtm}c0ii=
zd~2D@2H`8=K(EOMF=v0wllsVJGH8d)_p73nrQJrmbDk4B$d8tFHmaKi>#P1&gxGL|
z+Mw9!AVY8VIoTX1yrA@$%-V04X$f|_%PwCS100V1ELY7RsEbln(zxxRf8U8T<C3#i
zQFu78o~e7AZ`f$BX1`1+z?o-!U2#An=*jVFzVBR4J~~@!urD`>c_iEEgD%-(bqu?(
zah0fu`QhGo%9O)rU!l^eN(`KnRidU9GR5lH`{*R`+JWfCX0KlI-in*jrV&h$pU&%z
z;mA?P4%j?3$%(ejSgU^}<6X_T#PC#KGR%)#_+3PQW32}5$oo5MDf+A#dG778p5<?b
zc$oKnYjphck{f!y*HLoz=_Xj05nou$TqW65oU`>5|L`}Rz*c`bI*Vqvg7^JEkL5s{
zVqXq4Z@rnVzPt7GS9iTXE*zi?7Fj=9NpiowzS!A@bk`Idc=M}=AxcNrKFUJ~EWC1i
zoW#DZm0R|ZTrB2t8ND)UDa{ZCnp6GQevXS#0b=E7`<-AYs_%Rcno*r=nJIA~y7Cy}
zTFRD1Z{-2Y*z>6E{=z#eEL8GU|2X|1-t9+O(&wQFpXDI4KE0MIja@^-z70#N<|4N4
z-Qg7+Nv!(5uS|8<3JzT_HDC}WX?N_J_Hr|RhGUbgCDaRu$r)>{(pPMJyB2<z5Opn@
zU;6R)C+8c54cDg&L2GS1%=i$dM5{z+Rpjj+14EwE?`El|<me&Rs<~L(-Db9-nj#OD
zto@h{a5cbZ@i&f&aLlk6y)d7w7>X1Lxz`{o+s^Pf&JAym;N|JH?|K>m{blYuuKnZh
zgD0Ceujh;rB27*#g!f)ZM7c33@NiFayqU*lLPnIRCXjYy7V@@bI$h=NM$*CY3X2l2
z>E*ZTh>+6t25}54zn@*`E5SJ@+ersQ5!SD;VYVDNkz&tA;NCv}=yu4w1{%%5T_Q-Z
zdTuW2z(#-B)P2KJvVn1ncGEFQd(7`w$C(fEj8{GSmlOIW%Ymom%@vp6-=PRlbzsF&
z&vZ&7h`vC>e9C;%J|t&H)oWPhcu)JloP2S2?31c)ELyUC`Nq6c6ydWjOj%^56ovO4
zs8unV9(VEW%IkV_0+m;pX%WdAQw~ShMLc^fnQ(Kg>(cboi@{b_)00N$q|HvU3;H!~
zS@nyF>pd|Xk)SDV(x49WgbQ|v?C+=-_`#EiiGWt?jD7`YpXcLZMU27~wYEQfLuBgu
z`uKnr(ymK066aCCTvz9lj1OO8P?HUsQ^7ZkV1)eCl>v3f5zwx<&jVTgrY7I>2e6&(
z7`NhOHKw+L_%{pP7gm9{`AQzMY>Jo;-!0n0TPKs`2`hJRE~vuqra|-F4??faxZhNJ
zU7XP3cCr6v>p2KgHNqPOynUSQ-+}q9TbDL{-3WrXWNDJjat^6#cd9~Y`VK#pUfn)E
zzvYtOgqBAbR!WCUW{dDuR-KGJ_kyWz{NfM<E*S6*BP9G<3e4iG?|Yt$98&<L%q!^*
zL544y_g&<oAPwexZu^0rR7m%<BjYo3W_Vsfz%dascu{JaY;Yp{MF4X~S|j4YR1Rmt
zd2J-l`+EX|#2&>f21Q?*EUndxckXL%gTafJJZGkGu|I`MzW0@Wl<`_bdUqnhG*PnM
zj*K@J2D)A3#|RsYAzv4i>Y6IHDR+q@WRGj7C(0A2^GRPk9dDJk9Ur$%&x{98gxQQ~
zPvc(a*JDWYtI$c$v+vMXmnX+i)e-JY>4&Bz!2OA?Op`E>Z{~|=)_ZQ;UV~CREq06s
zqqev^Sn@YjMoT<>QKcx6ufopZwi4W(`3l308uGWt|EcoWP(n6}7@nXhJNy28ZT`IS
zfJm?W-jQo1+qf*b5gq9zo|PXS{y=Ac`x`nw4&NHNNy{OInbs5cfZh&hQe#g2Y@l<2
zgC9Nzzp8TXek`p_-8#emZU=#h0#ZY)_-BKMApvV3wEG<l#ztZHd|U(4*bz*y65;I`
z0mUzzF`ov4^H&ow6|Fbi>o?fNG~uq7W3P<WCa69c6Eat92)+Khemr1rjw<hdQ$SzP
zHONtTN===o_Hrhj>jXtbW`(D<`;3g_(If_i_fp59U7gkhXDff0g7wFJ)fGNwHRI_J
zMB#>rou+bX9-T75crldQn3avgH{CBR#99X!t1_KKF?L3LoRTY}wjhm1N4aH2WC&s1
z_JRqyk=7%68G))RQl<AR&Mh&|@qLOV93{X7jTfiOOTB;J5(CWPN^@mRwF^cqJ@mU7
zE;rc{;IuvC)b%SngNR8VIW_W_zJ(nM8mBXJ-jamiNRg|tA`Frg^C@@P7x*s+k-qc8
zZ87?>32ZRDM~oBhr*Dm+qlFk3HoT-(UyD;hGi8ft9=+GI8FP|X0e{_eP$9U_PNRL|
zYzp&3BO1y@8qL%^Z}paLYDwUDwdzlK+RpK3N;{}VV*E9w+aX5Zzrh<q4Zs^3#v?Rd
zheb~AN`XR&7}O;R{h6O(l@WUtGH)w5N2;O|U>nAzwp^S~9r5r(>PBjud1!-}bq9s|
z%%fo)MfD{Km3?^TPi#7r=YIH?7qVuG3)Y?E>`bz{XX-8VHjBxUg9cj_q~9vKBDu(<
zsSALicbUY|YG94Q@AOuH{+1tdX#H<5!0+e$&Y*>&sRmUecuC}PTe-GBpJu<xs-pm}
z@7_>rIaTHxBME6d1ziX|4b9#<Z&<u%1+$?05&i{zA`F%o3FB6{7Rf2$;=lu@g#QNA
ziNi+!`3@g&Ids)E+)DW(=;&Z-yh?7q3qd`s1zter40y2Y+m!|p#RcJ23X25U#9vQT
z(yaV3IDJ>G2zaw?8jx0AI2e1>#8JreW~evXu~R$>%1S+nAdxdmRc?KlC-ONzBmx%q
zeA`#cBa?N7d8VM@LPbeC{9z5O^@JSExL)X{4e=#!AUG4oz~{V=v)qXw7#?XDK{!H2
z@&(l|RFr)oz{-UQG}h5h#9_bd+r7s2075+?U@d)$9uh)slD1l)R$_?z=ceCVw`OXh
zP!<9!p=e|WiXP>jFKTRiV=etEoxUH=2;yYs?x?mcKS>=rDwL&FaPL1Yqea&x;>T;)
z^$hh@lIHbnKR!T9S~u1hXBpry?`}HqVFrOpNm3k+W<)<pK047fm1L5naE3I%B>jt*
ziTJ3t<uxAD<h+?tL`=@DNS|T-8B}!yH+V4Np`hO$Ir|eDnyAf*T{=C>*t^bBh;18S
zJHs}`{PXvpu7O>j|N2z>oUyM1;aaL3{~llIdT!VBe%_y5a5iZH$?yE<Be!n7L2deH
znYv{@!A}}MbHF=(BkmE^j7AOu!B!qnuYuT?-Ynn{K^GISNt_0R3L1U6LJ*~>Y>Ry{
zSra0${JHbE4456fQe}zp8P7OIm3ff<28&5eDyGhk?m$qW?YN~M)TFtCP>v&7K1u62
zR<v7=kF5Nx>o#M1>czIjz#<PiU$P_l^;kT)Yz4nUL1+gqmbNZjrh0sxg<0(25lp`p
z107vA*Sm)ab0%OVFFP~qZh^%x`;FE~uD@FDh<$?AGg|enSK(oa5B5c#wxP;utd1Fa
ziyGnZ%8u|luxCt7&5bh;nDpbO4LxvPx+JR|Hq`5M=IS!`3w~{D0g^#(w|<zC@dQ^p
zimLgi=1V$rt$*UyjTLC(w%m#j)tDmb(m$3~c}2k1^^}ZRl5Bxb=DAhD(w59vct-G<
zaO<mFYs-3@5FpKveybdx!tex`&D){y)2J)5Xx_(#kod99z18i!57vn{ki3RvoD6H&
z?y<-GW=wiP#LocpJGZfAZvo9VCH#s%s#X8$v2*w8{F|$NQ+n;Okq6FuU$@YLqs+&V
zt#OW(y&cS(K0#V5Nj&@4g4urCXf%BdpPn={{A$D59tSC$sCXbVp|VYjap^j}TO*U3
ztTn*7;uKb7{$qU>4C?H)@BFay5R}h^%rV`j?70W@Xw>}nJI*Az@Oypg-cLDV&PtHA
z-_+zflrq^ToD0->LbSp#Q|MTX!gFXi-%+6~pYd)7j`L(5X26LZND|M~>Rrimo)Y9<
zB*+f&8rXhMz~g5GPBRjC8bj02QjCy|i)t6A^0VqiSR8Q7B(}U;ZDN<BzIq{oNSi8_
z&zD3Y)*((Y;F*l@<Ms=EbJK|`+t^=`lQ1+A#e+I2ZQw+#7$mKkx7EZuQ+<~Rua9jk
z%Eu!sh2gkn?2)@A6EZ8fdP9CMAPQ4D5YDUbUH9?Hfhk+*6Y?01kNRIL&t!YN%In4+
zJQ-gv+`YXo(6xVOXDIVXAB}rGRcT>-Tk`0GAzrd7bWvq9e*?4Q+9uT5B)Kwqai4ic
z!{1fvcU--pT9hSF;_{7>tT9eC0((>bTZ?*#+4h%8)Ajk{8VyO_xo}AYzU+?)**Yg3
z7Z1r-3Tu~Ih@RvQtAh9+LcMvMA3{WPl#U)cz(Qj(WM$*|xm!0C+YbD&awD8+CqGW2
zkPOz)kWQF*=<*8T?>99f3^$Ig!Rskg2L#duaIWDh=RiZ_kWl=+IJ+QieA>yJBX6wI
zL=QWs-c7Fh7WRN7-7Rv0#Crtd%eA2t!ZFXA2E&$yXeOlVTo7B~pX(zCF~3+T)vv+5
zoYOVjB_o9!YKxJr;j~0NBpz0K!wz0YYQorE_{W7~`^I*~PmhaI`TSs`Q1-WPmX@Vt
z9$$bvDg2hD8FsIKHOD7*osM$L@(OSqen8>VBx>~$HvVw-WnQ6r{E#24G~b0=2F@!(
zG}V9=VEjQBs=QXGB(sVNgKV*xmjP_2d;OEO2;>5ixvY_Qr(F0}B@-zqw1##v;v90n
zw7aROiA||uwCr3Qg^YNq0P0Mh0~V~8297AQnSPapUu@G{&GWkL$v}82F!`^pzI>CK
zOM2vDX?~-jmh|iU!RbtTTs%BtrcFFd&0cFk%J->N<JqcAe1f;Vu}aBb#{8EeqS
zRE{*}keh^0hdUbUHuaV`%eOL*PzmPkZH@y4X*RHIzdJs@&5Z@qg*W=%otZ3m=85N+
z<z11AAt|jTikeXQ5dg}Ved??0OyQFHftjszJbNf`gLZUY>858kdWYIG(BfQkz`Wqr
zN`qiPu_Jx3HRq-G{Wth=sS}3ng#r(O%2dXzcQ$sA+NCPNXAdZhmZKeesGwV~Ud0b=
z_AIYAL5-aoSr1J-X6pnPHeO*KR&E-0vVMxW(0FEY^tQ`R*J35ra8B}KQ+H2|138;%
znx?!HJ5J=9s43$5!W&L_t&y1HK&K0He*{8mfDcn@e~X0bt<3(^-9p&a1@coeF1T;4
z3M~>hSujZ-Haz^A6iQ1(iRejM|3rfmVH9IyC(k|HDey&<J0F&XW6*6~gRnmDmwVf<
zfImu09&JdC*LU15UKb(tK*Vu5d}~G?Elw;&M@q(u$=%L=QMy#2wR8xTdDM53z@lx0
zA+L@)hW}vdTYMkYV|2si`qqL_^c)8}3Gn*tBDq3$AY}yOlXqEnx1(hf&B})+C{=k)
zB5f0gd;=_spt+UALL-;1FO|dmh{ADu*5>zsy0kxRpzmVL<I~WvyoeVRbrTsEmSroU
z3{*g+3(yLG*O2y^V6mNRvR<dyM(d4WP~MrJQ}VGtQLNZw)XYQUbNzJEV0x>3ZN>pw
zW;j0V33xcOhtWn@!eajA$#j2pbD4E%g)*T^ahD*wL+zcyQVzU6JIC5vKIWdXQAdi#
z^imoJ-@%}V&n2-Q9=6hd9$Y#R|FUssJc?wo=xvvyW@fvca)%rcDecZAPhb{7NOTq)
zqeAq`--3S>LU-)N#bp=9>1oo}M|wFUm<8N`OV;D)##+1bl5=}z>oU|v)-a#qnvU_s
z8{e$FPbjOT|LmTfP|k(Ue8zNeC+_&HYrfv%i~jC<8H{BM%G@TRF&5iL7ZG@3ZVN&f
z3>9=}W2rxKcfVgh%Z>MITZl9OqG#LhSOr;5S<&pDCv;C);7mDoR>Vjp5@|~@JwEJ0
zDf&aJ7%FyqGvx(;<2n^dT|+xJtsIwcCWlqE0T<{-Gesr>A29T6n>H0~4|2XEauY&l
zaksM+4Sw8#VQ*+cxnwFFj(mJ5jel?jJDYGPKLQI+gi~CKk5dl>A2;Z%o({5}wD6&R
zU34;w$qUJ(wrrxBe!t8-)a}uewI^52@R>gGseh8STo46FPdm&g0s%WXCCI0fNm9wH
z*HNC9*r(oBlKC{N3@5~NZY{8!UOFzSiXs7RVAXICVeyMZ7IiB!JAz1}j;CHp*G&|g
zvs{138*dHQ?_-S91L=i7io1hu$itoHvumd62jRAhrm~cWVNb*cOFLk<T{(U9OuQ(x
z1$OXQI+46Hm%Bwo{x8mbnshiJiVt5IzqFypsQx*Lo1Ue<?Lq;zKwy%vC><C|C3~Ep
z4#yUj0y{{1eE_rS8{u-ORA|gfG@E@df*kPggzF3FFTNZzA%@bzzs|6E9K==>W=OxW
z@wk6X%&U7Nt-L;qZ=EbzJ63X!As(_Qybm|M5==N7z%F5u4lVaz!6CYD6_n2rG1NSx
zLHu$O_Nza4Re)nhgtLj)x;WJ-Oa`lv3@?P{smjM;qm^$w0X$@}nC0PTh~=3&4UY@f
z(Gw#O_jhqcIV>s#h@H=ny_aB(p)zMf!2-ADcvW(Okj_GmeX0qU;QreQiANn^xef=S
z55nLWrnQtzIz4Ucu}Eu23M3uHhoI7l`dNHd3Pxu2e8h#dXN7M&0V#|JJluPc-KRL3
z2pIW5R~6ER+8+eO&;tZs3TM3WDvYi?`>q^N*mgNE(ovkTJ?I;LPWv2v=|naHQ*t^T
z+qplivhCJZneYX{S5dSC877YVpip6UWe~G4o2s3Y&;l-r%@f=?i|yMuQO%R(Zi0Kf
zBs&qt!v?vj;h|Eq91fhIXHP05z#S5D9qlfuO%yMPZFV*7EiUXtSI?zSJdXn62TE&{
z3{aCeOj2Slj1UGM%QH99#*RRnx9B>$ahLL+*EI*8Q%Y@O)neT=fF}%1%al(DWBP{u
z5f|;YX)9M)Dm?n1r+*i2EYw2*QbzZ5l=3c0+`6fA5hMfM{6{ZzE4ez~adK|G0Ld!k
zUM5ZD-h1NFS>M?+GBAalDIFFZ_2>eCd*(0TzTy;%`!{d@@sqbV`2f7VKnAsic%00Y
zW`-N-U0K%9)xMRyccrnMkLQJ5PsRH1z?o{T1;<yRU{n`k!5_T!UCzlt*i@~P$W$hO
ziQc2j`tGnR3jGf^M$JM?EA|*$UZ}`&tt?x$amy(f<`cT)AvOHyi2T^E;5@*JAun8K
zm)1QfTw*iK$tfo^hFv7QPaXzIJO-2WImqu#z?rTIc>|gr*^z5o2onP|klM|F4eg{)
zRWpjU81ia3FaeaG$!c|6kruO&_AJmibzWU-<PpgVPVsW-gV}WTEZ5T647bT3NP|wO
z4)|Lh$z>GD{2MgrBF`ifFdrZ6ILf?ynB&e08sXQHY*L9fOvF7CvMKJzbDDhGyMYpA
zdu$+hJSTU26JTqhYBNM{uDtvTfVYdPF+l7Kys~b3!G>+=Eg8||(A4}q8`FpqRCt36
zR^OTsa^Tk#DUtwg2_81TAXUJVn)*%P`?!|oLs=Knq^!b>uxk=(?`+<87hZF4_<8P-
zjt-Q4T-F>OmtHcZJ)USOV&uS;EPa#HKO+-(Xx+!VLz?uA{lp4kTJ0?2fk_2NYKm?r
zq@l$*Vo3YgSrc$AfXR8H-X!H#;@?k{xmUB*b`lB}q^ahpwO!;@tj9+eip1M}uNV8c
zx%9X*ZC#vROsai$K0ZgIZVhUiP|grzjS{_&_@rB_NP+_DeB!N8&{_i4Q5*kw(pY+j
z7ens)l|D_XQJbUU#s60b@9QjNR0{JustFFlnR^B3Bi0K=tGCA%2~}}1(%1DE`&(p=
zYCe+w(3fk?W0u@m^5N=+QMqe!7{|&_F+R@md^U5X1pt0gY~EZ(-7CQn(mb!2<(LrZ
zA7rXJs8^;BmW4VT={MqkswD^8H)*BAm4<=o>Lx?*-IA&Y?nT_Aw-VV?i-JaigR~Zo
zJli>M9CQ=zfZ@sdaQR_@pOJSHu+rT$?^*2_{OU=i40o9DXCB!?{+r8#6QsL+gVu;`
z0{`V+EK6d&)WdCU*2g<$fGi+c2s0)er_dOdS@=Mb$SRamu()5+@MP3CyC$?N7l<w3
zE+auZOg&H-aI_QQf>f=?l|Qi!!8c)n5l!j7+`P?B9V&+sQrm?S#KCPe5j3?X4o*Hf
z;0r@vaBIv==PhhYf7(3prWul?&7yF~hu^t-4w<7<bzxQ4<h_Eff<|ku>c%{hBiT1K
zikC(=wQ${*i!`*@f1e=UpZ(8dp76RZJP8pHiO6l#_<5=n1TRi$8F_J+swU`+g}gh9
zPwAHV%${_>-`8oc#WZAsfzEmW4mW%Z1{X-hSTXBgSv()C<0cr}^hb|9-l<39az?Ro
zj-KXs>3J)t6ol~j^kr>OI>S#t6aS&`t^lwW*yV<io*kC2oXQuvW6hMbLKd(_hLB!4
z2`38|+1REBOP79h4SLvJyUgBK7=J>>Ve1mh+v+js-_Vvt_``spDOP6Ea@+4!Ar%ik
zwwva%JKnf0$}Km-P2s<~>r<tEqKTTP<sb5J%PrQisp`fpA^BH#{`~&^fTxsgyHEss
zw2*zfa!XZo_$0q+o$}(e_{@H+8LoZTEW(h_b7r{UFWy8eEef!%gjbJkI$HUnw^|-d
zou9yM4J_kB6~7i(FZ@KzEkp6=aD~&p$oZZ3*rR3B4|lGv0ccX2wj=7eWqi>_q4|o}
zYA2Y7yuo%GsV4T%!|ej+W&5R2C_XUuEA`~%0dVA7efJAqQY26j+%F*PL2oEP=@or^
z{Ll)%rCrQoK|C7!7dZ+qKa7`a8f1lwHl&{x>}dm((>=2-sFRMQ&{cPIU+*IewGBSL
zh4Eo)B2<Dq^9Q#5#RA&J29o1^>@qG{EW<I*lAVmlq*l*T472ZitU(h}XYD8&?jA74
zO80!`C}@lHcrwb{(EE9HQ~7o^@WvB)n13F6Hq%*;ZF}sgD;{Tlt7Yfad&ezm*Bdd$
zg$U%Sn5a_ZPe>1<!O4M}m%F>j5(ePxEzLMgUM*rBx#nVA<XgvyaiQwPR^o1))Kpz>
z9gBQHp!}lv1^-7BU$2O1=_07ijqb+unJN@_i(fCVI3~LmtP&Uc#S#(DG6rZ0z|{kL
zc305%0c3ZG*Mb|ztXY)a%~f$0j-7mAv<Ez8Zi$y{$h3dnXhj(~U+?b-E}5r9yr){O
zi+1NI`%>gv&zR6+1JV!xur%rkk=&KN6t|v>bv$hWbh?#tr-lB=-#&Fd75z}+6))n+
z4vXeyrwp{ZKyqLFjqK+C3F*iFFQk9DBxU9jpd%phM<)g3uH*19iJ{H{+kBnqv02ak
z9>#0{0+yvtsVER!3SkBRQ%ZT4M%BtxEx%qM4lN+$jq`OgZP7RQ&Iq|`Cpf?UNqljN
zc$mDtK!M!hq>@pe-yk`KrBh}uSn9TSxy+FpcYko4+a5jqM%zYeTcB8R>%RSzb*tRe
z_p|X%m55Ot-+2XTF>m>+<1lvnQ*l37+M#{y<w&*urq(kflQPa?kM`@D$5LN60hUUd
zw>jZ(<hEfq?Yh|CTSj+{l(}i}fhKP*v@I(w3`#|y97GpG8Seb6Mv<rc)za1y8j1MK
zGak{^R4c#2_l_p#WY)YKXMm${$~m_YafqK%@5A@w1TyIG-j|;Ht&V&t%$+=U`TJsJ
zud80wNDT>0V>D>9sRR>}{J`F1v{wa&Dy5Y@ue10H7nla&`!*Q~vC>jQXSNCL*aBD7
z`6|A}GPotVV7=H<`T~1jjHWG$Mink3Nw4SF+W_58ZIBftW_Q1*E8*<-<(a^$VU8?m
zsyfzg=>|QJIJ=gMX_rbw^+eCVt4QA?UXFS3LN84Cx>-`V-YXmJHc84@77@Op7Wfc$
zA?>HtEO5>(Q+Lj>z%xWT#A5Wi#o%V{ZoVzFL40%Qs9y|~Tt%isj%p0clZ=_mgqNBQ
zBxuKzANVCMqWGe|Lb%mCXl>Y>)g0<G-%O#2;qWrPmH~8<3Sjo%U$b;7;(sk8BpTVb
zJ<hMiQ_%C>^OXx<3<{Q3eb%glx}O~B2r)SOjRkHRRU4Ur!_sh3fRQ?2p0JuzWf#}!
zFiH7(5)fv(dl5&l{QrA#K=;dE;sC9L$^TXx`2D#5ss}Kt{ktA;v;n)=;z4hHKtZ#2
z<!sM6-7>JCps7H^PwG=Pq>!VcfW2tnycra9;7xJ?=zR8jCMJhvCR5q_{IU_ljRRxR
zLO(^+0_668PzVaNUNk7AJ~Uk10x&!q5vv(2kZ_ITs@xpX`*(UZp!AsFYEDh!h#707
zvu=1<sylwnNO&i4M%<g;04&2<r@Psk`L=PF&Y3mWFv$zITx6@kLEB-ZZ~Xk-k<{-a
z?VSh!wu6fs!!lOb|C^%0GUgl{GAMX*yY(Rnvs1L|W!4lE7%UuH6p~VF)sdn5LgDX@
zzvZx@P9DHLW5?Upt%^FLg;fLNFvf5Zz+T|;Lg7q^-oMIp6xM%1^Z{8J*n=&cxuKD+
zlym)U&rliE$>+x6Hs{NSS)AzfC}eAeh;MilUSgPHITKyA0@Mfx>xqCZX(Bj?r@YHq
zJ6IAnp;v5dbck5@)3ho%SE{_MCI?kqbMGYnCCHzr*|obgX7O`!iC*gif~Bhy<aA-4
zT8VLUWpu0IGumyciVKYHi7JK(@;{%rb#*kV@w1k|p>|>z>_V@UBZ{r)vUzUuvC=;>
zD}P&q`|&>?x%Cn6U-$Q!GIvoN$g*?EO~eBR@1NP~c!2q5P{^!P6T!$=)6UHxe3;^|
z=7DJog6ZR%v?npkln1f6E4DJLlZQIT8}M>U5?B<JI>509+WEc8Cyw{8b#fdK`xAYH
zUd=PGQa1kX9kIBr{LOAoI`g|-mvtMvPfRB?G_xAUp8fW(1+92m>XN9f-V+9ZoztCI
zDI2R!c44G4lerfO3H;VWCzLvaXSAd)G5lImRiD@WoE1q!sTEt8N%4$7cJ>hDjG>;V
z6hO1x6)YN>e&R}Jr$!&wEDub31_Y5hiB@M%^VPviigj>yjjU{V=-_zgOZyiK`hc^F
z6a-S>&RjGb<P8h31<5cC*(6Xt;@mh4O$lFbJrxd3Y=Pg~_TSJ&l;4%Xp_sZH%n%uj
z8cU^4tY(-}_3Nq<UiB@Zv(0C5<Gf*<-K^0Ueu|xRM6+3}Yg1gOdGjkAo5i(T6|vk+
zn7<0Jnn{!?{M9et3%59fI7m|F13{!dqF8;8%Yk$ps~g$n!l8uFP*R|&RWF6b9`U`F
zAcz+QD{q+3D?1maJpuzX;qW*-{vx1XT|m8i<po(|=_v7CDLwe+2|eYgJk!W){4L(m
z?>}w>@v*aX=ormGra-DN5JF>yhki^%E^J5lSc{vl<A2dF3-24A)KBT`FRnpSu}&Au
z{}=L)E>qz&M#~H)O;R^?qj&TumH-5nskiiT2|3v3*CC8l&_((+fAl*e6XDMVUV{7(
zrO@oER7#YC!l~E8-KPuRbL^y4HTGFd_><SXlz92PiYuO+IIL`1Gk@8+JUWx#%d@!9
zOtzaMxoqulNflTwkORh)l&6cL#7R8C{ujFL%JFXcXdSoD3Ai)M?^&@&_O<Y7b#fb;
z9=1QB>v~croivifySW=Qula+!_4>nK<X`h<2=`jEd`$nhDs`#W_jExebm?xo1nEf{
z{z_||#Yb0PfEKJRN@ema@JeF`4PP1MxNnzfBVHZ&f}qIkaC@QWg3c(emg^s^0VSwF
zq12;XR*=b!a+^{B5x9$i9s;0LnKyxA!rvT4TM2|-U#lUpFfvV21+r^s4&$+(`IwjS
zM|t+UC{?#9w!88Ga6wT6prt0TWV+TNk&#pOdG;+r2ySfiO0*Pn80pqwJf{^rN)@-N
z#4gNETK_@Jj(B3>6-qL$-Pjt|77@Ac*8}!?oZ2>s_Q`6`$M=sqHDitUtj2D{>I!_&
zul){d;~b9st2g4&K4&Vqc-H}iZ2wXN_Swd0Tt3xZQy~0{yb1PX@-(_#G8Zw0oCL{!
z-^wz(L|4sLFcN8C?XefJDA(FGvFyDsJce6Bt_x$j!=TvOSJ(U_%b~x__}PbIvxwJk
z;LN#qd!Z8F+-;4nTXS$ezA(*t>g$tMpdg=2gN}|$0|+3_lDUQ9A24LMC(89x#94k^
zfW!N!Y;zngO8l8$7?D_$ofd$>g1I4`MGOP_wI%{U1IV@-mloaqcle*sRlmxGqSNA^
zE7JIb4oTKOA?xBEh4N}y)l7ec_~eo55lz6CTTJHp5@X7CK{*b~)Go>YLjTQP*_la4
z0%-o(>D#rZKk@(W$m3`x5j}f;`ttHDTp@`@T#T+`sZ-%(Hc+-Pa&5E5d4jX6oTJg`
z?g7-RA6<%n6UB=pV2wljK<)L4)hXJOk8Err<wL<5UeEY8g+`6;jUXG^^vYi!pi2Gd
zW;}?M1GjQ=aHNjM^$dGmAkOZO_Lri5Ie1*3XD!i>EXkxAy`{J9&RH~kmu`~PsA>HH
zkM$6rvoa5MFZ-z>zTrr%-myrM{+J9=Ysk)vIBNCx$_EGhoH*d~zr6qxPqyFwTEiV|
zpXe<}rTeQvr~%1wQ>YrkA#E3n66&hUt6I({V<}<?-*wIF*#9g$;vhxjr*9V=-W~ya
zzX!m@c)&*p(|6Wc>JX>!NaeBav@_4~?je<7%B19s;jiT`F&b5o-`liV_})IWX!kHa
zLfRNPPJN)Ch#!8yDMSqFsjK9OhUGq!GLvoH^pRDJE#jIDq*_{21XPBS;buMM70!hA
zM-NrKUS|<k$GYAwA;;pUWR4wbT>$KN*=secOh^tfBI?J2i2P0-ZA4GHS*^P4J<y;~
zuX|)>+rGEf*114Wc-V;ljW?n40oG6ZDL+ft3p}Z{(ZfD*vDbji*QS-CtmneMkL{Bq
z9jCn-5Ix&M2he@sJ;cL^I|(up;>v$X&y)z(L5GUQ(R>pPeM^?at$n-O&ykPP>1iCf
zX#S1=7sUQ2{_pEo;3oKRhaiXdwlk{$TcSO#q2d!T_-f+FEi;XjHF2v%Hpgr$UXGJw
zQNNF}YWxedt{bmr;%TpOr)~mYWAMP&t>)@uclZx6=M9Y0s0rm<OvW$<W`-ieqz2lV
zCln433Z*7Rhh|u<T@JnS9i#j0{RYCJej<iUjiXfa8lSOUuz&9qG|GxNKOKxTIfT^0
zubZhlGWQ~6%EO+x<d!`PcBXX(bf@qz28~t*1-=h#PE%0C)57N==pSvHN>JX3MGvEt
zst)($-oY=lb16p`E*D6BX;7zxwlU~i(wZv*29KAakFOPPd4itfp2;Qd(&*-b1t)Go
zlNa7+X6tArJrD%x)0PM)IyItX+A!eSI^Z6BWH!2#-+uqipQ3qwWvW|_jV)Wza7t;(
z6&A3`SFYsTQBo7Lt1wjzy3<(d!V4hF>98mDYI=+RPW-=KmkvuLwzsGAvbSLt+HFpT
z@xL&(V_X`y?#_tu!6j?Tcnbs~&!|9klaceofdrajuM`%%D##ZxXId>A2yv2Eu8o1=
zP^s62Zp??gr307Qi!`)*A8D;?`@LB2-3lmV;|^yO$>y8KW%19$L%%(%67XQ92?O{S
zySy>H*T~b1_=Ks~q!DM>j?+-W+iY;TcYG}EfIDGdVl`muP8?mDf9q)fq@IQP(DCpg
z%2%_Z?|f;Qn>SSN30$=4%M7tqBWJx1{H8=_D)Zg5nEB5I6v+j46SUaUAE5v{Q7cvS
zb{(N<F~M)}%-<~ARHe5yD*MJN-ER~F){ganuE?l-LENloWxe$)dXXxk-zQ7M+O?3p
z<Zj-B7<2hFdFVK?6cX#%T8083<t6SkTlRhOZEr`QZqb79A@%sWL%5+22lWI*$z#P4
z7eG<^&TuhoUQ<T=xaNxZF77ik&d*Nq!`t_fS)9Hxdq%7?nVh5jD51iHDMl+-KlF1q
z<hf=VhC2*38n)ynaKb;x-b)Sk3ZasiqggiPvv|3%!RTIQYn7K>YXeH>1BU)tz5Ehb
z&VH?x@NjX9@hx}$fSWh*prC&EQ>o8BX#<jxlxaLR9L$|J-RL!50Tvu5w*tE6wp1FD
zPZO25(iBqj17*dzJ}=BJ`EbyVF`@rtW+Vr&$4MVN`y0Kdd$uNtlQ;OMF-MrKg!|UD
zl388mi+uIAb8%BqW1VmK^Opd}2}ab?*;e=U>cKPT5s~7Rg!yv_RZ=eYT?VPrzk|t7
zNm_p+{*`?=cJ%{_bzmvfg4pM0Qq~U3JnIyLF6Qm~tk1S6i0lg)Eu8D*diUal%TD()
z$Ub~EX|NOVVr5Pnh;#tG-RTKypwa!zHz|eR@&yTf1XDfDJal`Wf+u$)kL_`*d0F5$
zU3ChDyD9AH*B{*&$P#c!iaU>LHXoCX);;4%_tyV`NWUC-IjpkHRK>&o0UGtT{=-G9
zr>kUGZAab@Tdb%}E-aYPztR1i!2c!PKgN`%dNqd|M6EsvK_FATWpEmMb)NQ8>HtWw
z6|HA^?%I)NvjmuLsT0L=X-8$kQcEAiN|EUQ$xN^8DA%ynmaD-e#svB>f_~kFZW-;p
z0h0#nanRcACSvPaemjSdXkC%~&4)F>*iZ74D*=5o(Lz~2h)suxPxq!z>0zZ1`__J>
zZtra#b76Rd?=|H!xE#;Eh^q3M%G38BpIx*a-bc3n+P47JD;SoGJQmAgiLcVN6hY5$
zSJms(zzH;!4`|*<-<NB$I;frPqa;A<1H`dSlpz`MxnaUZ!mi_h3#H~E6xVZz*Kwd#
zT9WgQNrbd_oHOS_#Z-N2qwfpk&KuGbsX^}^9$yM@ZS}JROAuz_`)DA(h280+yfb~g
z;4GGs9HACJ&9zUMI|K7sE@1k(75;6h58W)hI&bA1?-OGWD%{9(jY!z{mvGenUINVx
zxre^w)l5CAr3_+X6D+!zRsKxqOXVI|3M|3eg-=UsrOQ?73V7&VE)Ysr)F`kFEqvj1
zGS;dxGWP7D)S2&Xk4r~|H<rlfMR`u^RE+4RJCs|0cqwiR*Bl+%-Mj>qLw6n#6EQY%
zE(6*NLUZ75Q3r1Y6RG%ckJdNe)OFiN(X74<KV|*cnJ#qO=(rV_bSpvXgZHbm(+n>+
z$UfT)l;X*a@az07!hoSALL>c1y^reQ@hc_0oD;#W96Q(2T&k{d%S!95Y+Fwl{Ec@X
z)>@;^Ix;`LFhD({%m8*C`<566h4K%prj*t4i)AJZr}V$-?tB{E{}0Z3hRfF_*eQFP
zwp<oOxiY!-rRo?4PNr%H?R;LtFIg6p<$ekz3>UQ)3DG$;)pbCKu-2u2bxJ=pHC!c^
z;h1Lal?zwi`+!~DC_Hr92-RyOv`7VUlA%}E2JHEire<8VClr8RIPvc=<1%hzyQoYY
zIH`5M$wOs!IpP$S6WS?Fe)?|&9Dv%Beg3?pMvl$bSgLM4^pSJr00QTJ{%hPt&H<kK
zbD++C2GK#ciCTw4r{lJ%D=tfF`kv7)<froZ9G#OrLuIaaQ;`DKPUiz(CM7cwSTMZr
zEJ=Tfn=!_a&DST^5!A_Y9|VGAN>s;`x^X-*oJn|Qa@_hz^5SIXVM6`AYToW`BDkIl
zX`aZ!ySI%tYZP*Tg#vb$B$)UBN>w{77V2_7VeOJL+VI$Xd_H&Y@y6PY03f~YUH$N{
zIJ0tVjnpXh*LB#^Y-ss?EdG?V%n5M5!tO`?eNM;cQ-DKlIDjiiiqnUk^k3P%I=0>G
zzuxrwB%3rF{lEGG`FnUYr`#KQ|J3RRe8P^2%J?Uvss0<I_$QOcTWRYTikh}Rjm4MT
zyY1#6Kh!FPjI-xXkXiujt<4qj5Ffd2*jQ2alVM+ctiZ&#*g#&4B)3|MtKio3!XP_n
zU6|6=!2g)zSM_UPfT|7I5!Ibs6snc%gu+Rd$_uxMk~}RB+v^4QqXFjWZcX+F72W#2
zz^OSE@!rl<G&~0xD<cD-ezN6fkBnSYfcsu3nWXSI-v2a$5`(Dus=kEE;g?A>YOwq<
z)*D~q{Ct?Ty;Q5NcEGk-UWbbVdpr%8(D7W0^|6O~sg7EwuTPt=&)Ea{*lzR;LJep1
zrX*3&CJU%E23wd3F4#ByY8&hJgDG!tij7rX*KH6@ifvXhpbb4Ew(>Hbw)RD>Dp#iX
z$N4IK(rq$TjC;;vrQ*L3ei5}lp>Td3riGws*bDop6iLa(p-f!zB^hW8K(SbA^g-9y
zhE*Pv;>jZ`sf&?Zl`&}t^A$`|`)f2B5X5U=QE_()P;5&n_-fdE6R3n}nOCxwyMCqV
z2+!`yMY0p|J2ET9>|cqfG(_I8dFTIU!#y=RI;?VIM@5Sk{gIgWQ$%8F<KxF|J&vt#
z?0{<EHo${}#mY1C--X?PQNrK%MF=a@oru~UGha=dai#ULIT_1Sauc>jnt^$SVP$J+
zT6Gh>-e5h!xDdCXW4X0XFYE}}WXgM2<G@bMhZoY{GN4_zD}{-e^UdvOK;!<w<tB2d
zO~Jyd^rl2vyAgTMa4W*$e89*NqruU>BOkRV^!~<PuPeFO#9Hm?0P>h>4^^A~FFXDl
zJ>sd_*hAe5DJDsp+7Z^hH^q%8OL5vj0!N^sNOgG**Qr1CzdGC@6^j#9D$ZVPL^vR*
z+Kt_HbDsBqp!9ILJE%sL#Xk}w7USYu))ERZgu)$%|M>DLNB)y9KbtKs2kB<@P<8kO
zB5OjL-Y^89ab9g~>krzgJ-)oy?$G-bf_Cu`LJUPa(>kXH+uChDD+B$Bmp40EHySMk
zAAo!m>pV-t%v%MH-D3sVpH2SUeELaagsHizri%XkLfw3BR*{vmL)7{dg@Mo!;bs0y
z61<g&i!7s}f(P2?r~@<ccYO_4Uff71_I&=Cf6{G{Z!3b=P(U>9r3)*mSf(l%D@Z8E
z!;f!~ZS831WMZ2gp<G&%;ATyV&p6oN3Ssa(S5PU(&`xF2f%tZ_=tI?ZFvvV7rN5Nh
zz(wLwia+CYg|~qh@#=!i)wjDfel3u|cZZ8eEJQgGiQe)cpbkmv0tR9Ye1)CLyPDvQ
zPZ94+Ww%=R$nqLdO2tUr@k2atkF=Y`1AO3?H)1j-N}}!*eh?!4L@_WJkXy1oKTo~#
zMk^b!y`nCb9u>5Ix$7sMDBf7`nl@%Y6SzAY9k*n`(DubtUcmHDIV&}vi$tMYuH%Nl
z3nD%gO#69@Z~rYgUu#U|$<9&oel@2UT{1KTHv`CRsWW{MY#PW)ucyCoju-(X$geyw
zn5eq(G%q1=sQ_S*Sz+%+=!~h4_fG1=D(}}U=2@(_PK?INr4y^W2Apg$HOiG*u4uj_
zXIq=kp?IAOH%|zqz=8m3=CyRZRvD)+5$|i_KUadxVi$Y<%)of&j|LCUg|3cZIjU9b
zKw$b`fYgyA#Fbs54<PMDoL<-0#?yPTMsqmTQRf*gdEX1Ms}Ub=mwg&|z0Q6N<-y12
zrNg(+xeSumwY6Yj(;G<lZZ6rVtVK)eL@Q`0R2#Y0zT&ZG+YUc1$;D|kA6|Wj=U6-5
z7StmGQ%y}3;gWLSnvAgiN1UTm6~;MX6CRv^81^`60z)|3Q2)6cP{?Sl5DNsXtu9uf
z)+G26q&G9!1@78I$(asH|C51#rF)R={|6Qy;`o2T;^(Ps@Ogf+_$VlT6pCrT?f0j`
zd$)nTXv{^^rsi6~FMS>Dr_7tOxgfHDo%oRveIwiZ`MBHloSf?xO&mGi3e3`p&{7zz
zV+VdwS@IRL$yG@e7@i$7!{*vUT6t&Q(tg~-QB8i-0YGwx-RYT}+dn&#d0T^UDz5b7
zi(hqf{>{Sg@9eh)zX#~w{uO`MskwFQtvdkXiQF$4ucB9U7U1Kwz3Hg5Hx{QAcSioq
zvE9DCoh05rzuvkP{Xp~2B5~^z`xX&k3Oh^ObWd;Wn)`W^E5iD2giT1CRkUS55dD6y
zKYBgjQkVrNh%Ssjz~5hykl!NdNm2l;)4q#@6e`kEau4G-XcKpYSoWng^DFA>_+zLO
zi|dX{Mdpg^7xH@04x9(|oN2hNrMf1+Gx6_mT?)h<kK(R_E-V^(Fa7I(zy3_*f1vT$
zY`<u{ApDj$>ne)Yv5x*n;<>I%bZY>(k5Xazruo@AiL#7*50B%PFUCI<g4W93<jlHx
z;b*mkpB#QczxeQwVp~0czfQO%{Ab=TozxFsS=;n9O0x9Q2)b=bL?2+lGVGT5e?sGn
zZxTQ!mqb6-KQYgwSuvaw{Vo%Fs>}ORx&h3!p7+qR=arM$s9(x$Yjj@P*2u|*0y#@2
z{zyuc#)qES9+<wA##fR&#=vp$v*>nl#7tsnSD%SR)(K$$&_nntEL;19&W>*c-=<*J
zICjPkH>SqT?GbkFV}0|}$9X;zMta<Nncbfy1K3>drISXloK$h^9mEgDoqwIhrCYK-
zI*!R=vdP=F7niiBRUoj)L`X|iD^rIdMs4gz^T6Qnd_o|b0lgy=5|{LT<|D0~86gIH
zaF<@@x)<DCM?xIC`u(|<=cjTuGS6TypOih5pRiE8>5_(Bw0d;pRm1-)GT+WkCX;5S
z+PjqBk%Mj2aGD%LiYK+R*^v}nFs!sWWIHhQYoWRxe@UAY3|N@O#l{ZmqOtRIWW@nU
zzf2z;oa^7V?#8-g*7g($&}+PD#{(Y_{*=ygAG>6v^->zW6<~v`)6=Wqa<}sv&ktO|
zqER$nysW?!PP2uGmfc;;b)5USP-c5EPFMkX<KH<9$;7KvAD)oqF{P8WB5@nqwgj-X
zYWa1M7P+cn=1Kq!bhPt(M0p$w^T|XoU{#k6U?RS!T?O6;U_3=)^g?Yg`;fN4hiAF$
z)0M$XC+Ef`Ea%gbK;pnQ*NWgQ)nEC(egCQeeMIA)PvtmF0MwY!9~IVPNB##gmOJJ1
zy}#Ci-SbE_e2DS;vg*cD>iO(>UDE?WN0QB_%3&qKxS#t$PIew?GceKhUhC#sNBcUN
zy>Eu2ufAzbKOVqC#th$H2`o4+l<H|v!nzx9%S=}kOlq5-@)+vtW1yr7q#78jxTbrC
z23tkBa$qW?B+pQ!xJYHowN6Gs<C8z&$IvwXCojI9=0me@p>FRbI-~ce+m*<S74Cl4
zzRBTYyo3E4#oH^|j44!u76~;s6g5&`f9h7H!L*B<{wa-ZqmMWoZvq8xj{IC{ijBwY
zLd2zB?S3A_J$B%*oXy92qZ`=0?Kbr+_MZL=#{2rBw3FO(_+GKa<~>qSdueX{>X#Hs
zrXS(C&$*h`ym^x?JP(k>h%p}Q_Uc#H&3B?<Ju+J?i;!dw;1;TKyw67`JH^U$?Jgde
ztk&Ii%P(XspFQg}IM%baor7Dt{qJ1(u-KxS+kI1Ied;g!ybe&^CWK>;3SzDXR&ecp
zh*+L-lQl$v#F#H2<p*v?47)_cnv+Z^p9EW+^VgJNS@UQ^BSTB~k-tv|H#~i`Id8C`
zi#4*AB73gI;m%$MI+-!A#~~x73LBVM_ThT+d?A^QI%jVg&3fe@s?AAkg45u!B1Sx!
zXsyiLqT*muR?>sapL9S<FBXu}cuO$M)598N5;=8i*#Wd3N*N;;9^aibO>lN0`<FRC
zD)@h8&R>82e`wBEc=QD?v~acMi;g6<+Xp?CO#e1W+>tCWEp_3Rp?vZ$z6QiuJ0b$&
z-cQ@r1L|X%fBX%tbkGu7>%@^)EEPpQ_6-_u$uiAxeoOLPxSQlnUidvgF|(y5kJUxk
zlemA*Ixpk=+UtWNH3cj|CmBvzEVwCCniJK^s>}EharuE-Y9xTD>@rP#I7b@@=!Y}(
zx90Jaf9R4)>$k2M6Gn?J-b%@y{{$ZslB&5>7qfuAzOeFq_0oWoVe<uG!Iv2rHea2s
z7c8gvSSZ|%IG`u#G5QQ()Y_Sy@bEO?|0#+O=O<WG>w8{q;@)RhE%J|27KFq#I!adO
z4N>4QO%%Cuj9&LeaT%IJ@7&088{2~P_H~!<vuzzjwK~t;>zf@0#F>d&y}%%N5i1(z
zxm2=CMyx5WEmi<8=J^b&Nf$23Q(EZqjkTg6c2aTTQt*wPQ)AGtbd68$e!5<k!+;W-
zvYxEv=3YuOZ|I^czqNP=sg!>g;9BYs?uSchl|G3L@1k^;t@qX!1sJ?tAvW(L(86Ja
z_EDDZxrbkMF~5Yq$;H&G%!z~CXH(w-lDsTL{tLxdP96C?r9Fuv^tzLYYTrwPN|g+6
z@H*-#fksV6%vfe)a67L5AKSh#fqL$$CoZcS^$A&jYnbMqwb?Qiew=(Ri&@@2T=<Ud
zZ_|EvC1BduX!p=R1MU^Zszs1RPBzc02m0heR_9&hFJC#*SXRV#VB%Jntt>kLjNa85
zP;h$aGkBZ>$5}8LQ^8{|e1KSmSjf|UQWh}vYm@n=8rAiWc)B#za%_*@B{`gO&-Yi`
z7%}10>RG}6)Xh#k!_;F2Bwgh_;~1e`RU@^60@|A=f$--@%rCMSfT(Ry1SGLlyPVFt
z3YIT#<O#37v|?E3ei<NR8WpDV(p)T#TVFe@cgLoaIhon&iAhB;{Ywo&^Pe3)2?091
zrt!{2aAL_#Cavu*thzq~YNGrFyO+j_#1UC>o!oo5`b0VAQKP*d=d6k<=6-j0P~+-&
z&yD&M6%$@;*WXU2OA<P=0HE&2<Kc*Zhxx+^qH%!j9MxTdt)@|bbyN+h;=6e(cN`0u
zC7NARA{Y;+c{M1RYnKzjE2g<;^!fmT)h8v$?ca`2*byGL`MUVIEarKrZ${`I-?soC
zCSAx3COSGm^94`tno=fVX0<7AsqeyK!=iBu6&GA%OL+<~|HZzaZByr-8#V-Yo6Ia@
zq)bkGBuxB-L@v4s(mm-iON$uQzBbrcR08llSlsockI%kycBe1k=lADb?U>a5WT%pP
z^-M6$yO$C-{tmiWY8-6{E=e36cYVrUz<-D4OZ<0ee(39zMKj>8mqn80Z0jJxxq~Oz
zJi5Ht&VM&NGhH%U!OuLCBej{6pONsi18MA8W@5^wq6jA?g>6V_CrOS6CWJst>IVrP
zsY1C?1z_TL85TetUr*j>)J?BRm`Q!cQ86%M&D#?YZFNxOG<5Xx6o2@!)VsGD?^L~c
zo_p&+cJdu|T!>}{ujxrDy%8tsF_oS7)ekemZ@PBU(=cnRl510F&<6@;-Cj?A&OF==
zn5YWppGZ;Zf<A~^d5{An!T!utLb<>owGUIy-k|<EW=oCdkB3gy^)Mj^eO+=B3#ve{
zq^?BOF{^w{NEI_iadaq8#@y#mnUsxJ$g|}uoVb@YU+$`V$?JsUg}y0)m<<pBv@rS0
zeiOp&q{=3GW357t90G136=~x|6Yb2!rP(SyzG{Q@fAjB?SjQhuy49VNg^`ln(IuE`
zc!lomST%DB*7^Eb;NgGYzrPwZKg;dq;}hz8wYj@EcGP(Kqq=)f-Ji#P=IE(njr%`~
zUjUiT!g{4^C^agDnKBSjuOTC2_OZWe<6|xCI(5XodNJ|w3q8Fuvjbk}-i!4w{HZoP
zJou39VhRZnDldpLplnVuZ)>AUQyi{oU`=p$hPZ84uOuuE%`L0<RuS0l7+8Q>Pq?3U
z)Q25vGE2{+444%N>c_Wxu3#)%AK9gTXZCwrd3CBDYG6QytzQ{f*Op^Xl2V<dlK5}n
z-+USX{|XJHJZ+=4BXCM7boGon#*gC#!=hh&_M0>#jEiZ}aYyOLTzB){2DOCqw~cpZ
zO%y}Ej!$Q*(5XWbU;0}HQK(K+$F5m664tXas+F@g>AhgG)L-lwe1QC@Og-|x2^iBG
zCBOp6N%<t53t6;b=wRm-GErdf`JXNP=-vO-!ryanXDklTgJ0hg1HY3;WX=c5Fp=5p
zZe#l&g}$v>RfbV*5S5T?(si@+1-PWpkAsX?&6(dYi1%76ue>sC=Zm+$p-9MwOIp(&
zX~i9TMYXb?dQ4Y8*sa6$axMGn@<MJE=+y3-$E-PSj#7GiE<3EClXRP2*BLhEy4kj0
z8s>L?1aK;TOPD<hRM|PZ*lDQMVBDzbCAxNy#OqVf^pJu6Jle1Uszk;pf;DI}tZ+Tc
zG7G&g7WA{a&N$L*qeULtu{3<!UP6O!qs=~M`G2tYo?%UGUAwS*+qMPSfPi#2Qj{Xn
zJ8ZWU>C!uhQlxi65fD*&5s==LPC`Nngc5r1>=23pLJPfw8am`G1fTbPukSlQ&Uc-k
zAAh)H#g(<@9CM6&+~b~O!rIgM`W~fo8WH-!f@?ZSgi_i`@qBmoKG0Ei(Pm&0`vIK|
z+HXi%mpMhcMl$vPM99yd^52B~{eY04>CD^sqM%-D|6j?vl_gHGU9<o6^F2R4egoR#
z8~*XV0`WkD0oS+S|Ji2exxoLYHaj<H{~v93{`fy>vy;icmiQyM!DRFzS0GAnrr8;N
z(6zj_6nKal$N{#`TYlAd>waGQ*9@j=^A0}|-3e2=vdMqa>Kjsd@qZe%cFb|i5&tE`
z-9-0Nw4d&;-u*Aa<4VS2a)q<MB%mlK{y_TwK%m^V_6Hc(6r6=WNRH>E{9E!zL3cm6
zTHEpuy;qNv5sw;~4WE4!r<OK)VBM+FO!`MHb>*Lak>CHi$9DZU_tXH|=QolRb|B^a
zuxqb^mJ0{dN(0uoT~ZCdkP}0`S{Rni9~?I|Vf2`%_PtCs80WgOgBu)(d+WR7X-%0^
z+6`jGCufy-|3%5^V^rzcu-yJzeB~HVTJcm*2lay0t+NyS=1zFtNs;uCl0bj<+tXEl
z682!)OvFS-eyFQ3bjl<tQ?uo|zn|{ufaA%U5p{nYJUx1O<5>Dk|1>UEbkJw}Epf`<
z(T^iaf<dEuvEiPdAu{0?(XRoEYxg~YAI)i*L-?ZrL3tb#U3BcNCVu2xH8ZnD5_`I6
z4{!rqX-LQxZ_HO^#x!4$Wy0f<G_AtUHa#Iwv$T}hNW)p;$(gW!?TqB1x^I?jC@O1c
z9eB`CdS%`Hr6P92n_XMdr@3bYY4=0J{RZK=9XS3#-=$!o!;u1Vpf8oroLQeOrFyU6
zkSQ~TD5aa3)|Uf<msT*H5~gvrFJ#D<$L0(e8CKPvieK&xZcIm73gYu06KF=tfsu%H
z^j7nGa=HhS?$$j+pQXhm#LIWAcQD79zuQ~{o%$28#0Lu@{xIJop~FAFPJnhS4@ZbO
zKXOg^G(SHN3o$%O4C!3#3+vp3_=8PDLmp)QUa=ca7{B9Mn(JeF3OPBRLQ@veEjaqe
z75fv;#BYmxzBeJBCWo*nfn@uSvIJWA7rr)~j{_i=Q=9TQ+wJ$-bz@^qr|5Ny{H~zk
z$!{>4?XTTZ5gzjLWO2aX*zR)Q*A;v}Nh-%<;%PI{F{VQr89hr~5zWJ<@FTxMZP3r{
zuh=J@bxs*+BmPsgXHOW}yB+;BBG?<!B*?jAkiEX30R36?&20yw8Z+_iX{A6FjSgHY
z#n);?pSWeYyx-NCDJ<`Qr0?%STfueU?YcS6FWY~QSY8dhjiyj#ONGQeIpUOQ^M}+1
z)}UUkV?V!<bgfagk)%bGvtc=&9WXox)B2r`IM_W*-fgX4eXI5{VLrGF0+Z4qE~xYK
z4nf+77)8r<&EIe8=p>RT`tH<vA)+JT*vocPpD(|+HdS0HCOli(euU^d8E2mTLt*2y
z`Q(l>xcd3YqQWqEztz<Ot>~VLU5OxOz!=WjeBJN~XRMh-u><?JW4(WQx|y6wknoM`
z{ssGTngiH}D%ch<`Fa}vbct;@18duphQ$`*i=hsU!&67Bnw9qxhYxfNJJw@7z!C8m
z9$|XYz=C$a`Eblt+S)HKyBU`W@gJi-+0$aYxg1Euc(ZIP?D(gy-w<EKe$<a;OedJT
zs<BDllp?xsj>FOH8>(}?XGd>9V|qe%wsh&So$IO)9VUiKCVQI90o)@dz%0!<1u+=2
z-MR8R$E$Z@ly4K{_aO>qcIuzkbeYwYcYs0iiOKKVno5m>_DIYY9WMRw+U-4IVGf<<
z=UY|OxolK$Mb96ih*M>HL^V9<kkoLBy-y|z&rCCH@D-1fOQYXBSS-+7UtE4ty|K`*
zaliL)6J?Ey2|3Xu4sd(98E~H}nWK+<ClyKu25QVmKgnwl52(GirM5=UH7DL2<UEVc
z4+~YBLRpGrFf(1*gSR=%rTbR1zX%lmIMrPZeZWN2Ia<ktx|#lg!%d}T#(i$#cMWA>
z(!M--?==IICGz;diV$jUK=SFMG;y}O`u*u!+ik@PH`;s)*7vZ{==Bb2O9xA#Lx(Lc
zxYc21JqcZ>hjjXKblz}P@{dUdKfjnA0U@%DE@a%4X;NlJvdc`)B<9E2`!W9$sF36;
zx>Ds(KQl)&I^*O=7*fE_puzE8KFRw<9o$o98)f=xr+P(J^FZka@vmA>9DrqgOsswq
zopa*ly8q~U^`-NdEd3~e|GYC?xWyZ1oGw(OV$R4!Eb^n2qF8G_JQ`h}svnk_LpdLB
zS)Nv!iyL?O3tJ^9-EBC^Kg#dx&fbA&<N9+?eIQ%ITljn@%8hy49sVtRe@8<q6NR+&
zSv4UuPMXIkQXE)=?}WE>AtIe64#2^VQ#B2l%WCHPAPmo`NSep5{Q)KYIx+1G(&YPH
z(fGKoJDCFhlRF(U<}D{xg^7N4A%H{O+E`drn(9kum3|^>E%nUn{tt>|Eu5778Qb>K
zf%j@!@3H-&nzT-)-2s!u$vgO-{#?w@hmG%CY`|MGd$}<Rzt$_D-LEAOqM>RASt~*d
zl82>Rp6H|X4ZmHPDt|%6{I07J(PkFA*7N%fhd2_lm=a|XE)?ML4YuEbFGlT35pq7q
zS=u+%vstf(ZcQc&Wk0E(X_fhJ{8D7<j>8#Ob@ReiAX2T%^Q1BPon{}ugY0beKJ|jV
z1n&9SF=xA(*#^w?&&<JCM*}G1q#!{?%G&H@p?q3shzv!jodN36ScZ^)58dhx+`*{M
zhu2SlrvvPJg3RP1#MkEC&a5W@-|c^vb{WC16h%v?Wo8aY&-SGX7n{^6)^7uL*R?FB
z<180opO>=!^u-VzsPOG&1p9EZ*+N=u+K}Pj>kf7vMTEIp1Xwef7U?!$_7iAq*<u3y
zIt=&9YsSG}t%OQO7+=zk!lgYix|3rjXHCFXFU!@A03(s3w3g<#d{61c{Yqaa+>!T(
zh*L9LA&zwV4jVGlUVEGGE;b%^?a9=V*6@3|7&sNN_m{1cUJsPGABW9w*kHJmmZ^2T
z2Fngn*=X-^@Z-WO3Xj)JB;PT>lB{9E@hy@y)}wqwJ{~<k$>4=*RY#+Zz%da@%*w$)
zOH^sbDT4RN@?YOP8TmBKijS_0497?~tU5+o`G{-4Z`?^%CZfM*L79Cl4HWpc?x^RP
zw?70YJ(|@h1Z~>Sixo2-$No#eL9b$>)ySNuf}Sg~(!3uG!kqT&_`78NhI4OwThP!d
ztyNFsmYG~}XIN?{RgG1|0m+xvPtI2l{G$(l2Q{_4t>RS^*;MLRg|e4YiDXP8$cVm_
z%aepu0++IE9YVH?R;86Pe%MK=t^K&!WjIKWR#7#XC<jJMc+y9IwZT3yR(G!%<)09^
zhTwT2fLr4(<wHdv*`>7&w|0mwjy>YBAx<aM()Ct4HM+py+FCEfxw~!|TfJYj!V^DF
zydSP~ivFxw`<UCmSNoG>byI@W<}P*TwtT;8sZi#~b?nk;f26d`xdneXo))t<3MIlG
zhyZtA3@VL(kB0kmlb9T-Pwu4GrSDUtrmNP&wAiFYr3tn?r<O^N&R!`k{<$+HS@*zl
zuz1XM%HIakuyCzNLcG9VBzDo5h+*lhJT+i0(b5nh&wmGTG%Oq5$`n3L>{~h^J?fIH
zX3yPj^Wab48p;42NsBfGt=%Lv^*HdYQ_`;n&twYq;*~V}*G6PrY=$Wn=IZNOOuKz}
z&|Yv7`0+oxZwDgSNTQyuAZM~-tB2tA67~yrGBNyyz8kbthiB*|`BP6@p$djH!d&WA
z71d+i2S;*j{3fzhmBJZYEXfq2z$WDtJ`I+DxURZMu4bQp_>>S!&Fb%q?BhP(^K0Yo
z_%EzcB|rM8R7$_U6RzUl=`b2`@_ID2cB7|y*l~usGZtZSD-#Xr1D%?RyGqLlA6xv)
zc=R}h?ZDrXrjE~gENc*owyH{d86$UT(tG`~cbYMzD<e8CX-ke7W127e)dsOwZclML
za+%N;Bn_y{H>0vMu9E0ZwC4~%__B4wVZ^~`;)ZzkcHcunH;eA7@2lZT8=`fRHP%{c
z9pb1hI9&eR)~~_$z@b+6Rn3xbCp}MS^^K8*xnX!cQa{BmwyaKc#sA;oO7Ia(P{Lm3
zl)nF-51sfHSL(RB{SKz!tLe4$9{3cp(7Xw4Y2sA|ItU-ieA+PUq56824~NbpHq+Lb
z25%@%on;jDwspNjk455Z4&M4v3Qt8E{ut0!F0Coqz;#xNwsA~MkM@&GU7C?uTb=X3
z5$tQFFdxIw?~98%hdc`&lQfgbhUy;oyBt@j8#tS~s;f4#5hbp1wgEeF;CgKW?r))9
zhp*i058k-3JsErEOGCffwYIXE*s>I?5IFWMU|fU}ScZ@lAJBo4pbgw<?9~)_B^YlG
zgD&(e=#+uh)l?t4c=O&TTd$sqk@JSF%yljc+ejYQaWdz}J*Ulop}Uu7J&)&?WpVOz
zZ*c{_?`eBkDJyE>YbAyC1g6z_kFPEC!>3+WkyT_WA-$)pB{ZrIy*i7D^G$N2xHs<L
z4U{jp`&0UX)luk7H_LB$y39lb&BjmbsR{lbB~I(JXNVO=pf%ZXsPwnu?)Wr8hqWPL
z?3q3)>~_MR!8u^2vAuB{&RWN81)MXv6|0cd_Q2iJHrPK7pLR%*Ypw$DG!ewm^)Md!
zy%HL_@%fz*vwp+srp3CXACbwY1CwtPBd0Nr?u%Su7^!eW-Hw|Bu%+!(ZeH24(LEC2
zU=X@q80UW3(~`!u&cg5HzZrQGefTSndOOkm(_6)PbW`P{lL<qgd#*`u$knWAx*itS
z*Gj5AKB%A=Fg*B+JSKP2<);%sdi3SpzEkbAyARt+&wO%kTT08P``fWrEqu3W!{7xO
zPP`#CRjs!k0+{$rqAcJ##q3Q}U+^~U_wgGxh`4Lm-^5K;sf%N+jDfQsr8{#rN9>t4
zZ0Lelj$;T}kdVg%zQk%PqFY&NI;WGL*hEzKx83x&zW&?oIjzHRe?{Nt`abw$W)~{o
zN)Z$Tvy<N#b<A{?<QN~vVi|$U<{BCO>Ty|o%HCRuyGf~uTi+eShCgqio6sh8j@agm
zhSAyd>UPr;r68o!p8pe&i3bHW7Cwbg;(71?qPdu3oKAgm!gp$;b~lyTWo8Kj*Wgd_
z=QU_xygs08u{}#<ZGfOSo7A5PoDFKT2&ePe8Lu7kqynGZ*h|khc73$NFb58CuMk{-
zy?g61LjgEkKl8dxBpvgB>DO5vTlw|xr<=6tm=!~xvD^HUX@EC!RHOS~&g?b?S$61a
zKatGTe`$85?e|5!dwIs1K$EG&zSiq0CQ)fEmU1I0Q#30+!zzR;eI!y0D{jA`v7Oah
zgX51ABY~4|?M@AtYIoy-I~La%rgx>gE=k(jBo+fjtJL&2qCQCvTs@3kpRS%<Uyw-!
zF+Fu7+Vb4Ybu;}4v>fvp_Q<eaXeW0VTXj@AY8KRNy1C<!<CU3m-H$N8?iG;b1^6#`
z!a?cJ)P5pTJJ<O<B8KbnoGd-jL*MhY^1w~dN@O0=t<GK92n3(mkkkvun`<^;Kot2L
z1A7ssWAfCNP4J;SMDNDwI^fyibDE=r)|h-1qV>>Y#CD|iSuWVYATY5{t7;LtGCtBf
zEywQIEz*OqUJnb=YBsq!d9#8z<QS$UgkXvDiw|RU;UENBl@VRvB&)5uyypmAOz^Ub
zT~Ry{aKLh+_|aK`*+pC0tUOJh(NcnY83U3gGD3)+L7Q5JwrGU-Dw6LjXvM9EgIfJG
zaSO}x{F#rAWqZCL&et=v?yOMV=P7fX?py)LVU2Pxsz`4@Af}`MO5FyxCdnf{*rd)D
zw9k8gNXwZU`H@nx&+uai03QnP=YWp!d4frK$r*Tq)ZsIIO`nv>w7FG&vOEJb0O}x}
z1zegkc&Hk8Llvr{A8Yk4S~?X$)L&S=U~vwZ?TG;;^+ueOFE`lT=<p^$X(jb|gb$Pp
z;t1`?7@s?=m0N>k%?0&>l%X|EU$exmkX&_fcThqux?crc;q%JQJCe%LqDYw6{xC4V
zldt*rzZ=b;Wx|KyOucm2a^dj=%$-CX&quk^2+S*<)8RxoKb)<>BWxl4^w0S!4EN9E
zL+>i50?wOhD9G(35$>OSH_g;oG*O1O9DJj&ylAiXZ7p|iSHC}qw?$`mW0)Cz&GtU>
z6fxuAezGCc@WZ<P3ko?hlbp<Pd%Slcrp0Drq6;|iJ}_=aaXHzu!{N|c(`$^7nalKw
zjd?)1+DYTBy<MW(@uVv^4CFKUmGsDb;?c1^=hNPa@}j=)TvbZWvE`dzri+9p#!{8*
zw8!Y9cvu*TZzR5IJkZ+7ow`e>|0%vXw&Csaj8*?wXK%r}A9_;yjz`YA!@8iXO!=5j
zwlCFM=OE+m*9_-&jG59(AW2O41mzRB(w}7e@3qK6UCa|9y&Lb|D|}KACChk9|F@^;
zpr&brIh@K}+-o$}@y3}Ft1A6~Nz}&{OL;1?dHqrU1&kxzo@PTb-TTQzBtPgS{%ipB
z`IO5DRgqVPVl?5ki&5HuC}pKrY@Yg8#5lU4VNQlH>HhhKBiOdB6~4BRRJ}>q0Oosv
zM@O1&d*e(*)-|)^p8OG3Qxp^}6Mj|<XN?EGdOr{FC~<osP0r#dc@5B08JDT}he;<D
zBgg;h6&b!OcvJUMqH4{;%D~}1{p!lNANQ63Kjs;drwDcImfgOiBk1rd$@(4LPE@*P
zvd4yfPQ#&}Si(_%(5N&Ckr9uH+xslfv{3$N$i~n?Ji>esCTy0U{Qlwie&I+<;%+;o
z{XU&_of4v{f`EI7q7xRm9n_9q7S#6m8g?v&GTQc?K>ZM<AZt7Ed;Pg^GGFi!ss?rZ
zWmM5+uV^hIO9HCo<oV#GmN0vkB)nM{wkMOVB@wW*y4!7TrF@I-kuoQZmF`#gH8L_B
z4;CNpy<t3Q;cLL(Z+Pq+H`0>OT3PBNRJXWqxG1;2Y(WN`wfA~}=gvcJ;33TBtBfLo
zQ%9QkWt;B~&4sMZKNjI)-9k~tJm!w4d%q$(AbPJ1sa`_7?h`BAoJ*yzuG4g1c&ueN
z3BFp>Y*8mMmUg_!u}@?@{^EvC^>80Adwpfp5H;+#KG&Oi{8!34S3_$w_j!<;jw<>_
zyZ=Vwe&v=>zaan@`wsmLC!diDxe@FiN!0G}8P{uV;!y)OUnTkqJ-gk_i7dH&CpPEl
z#pHtno*ks5CzBT8#ev1}iA!_D4A1Zx=nOB*Lr4d0-BatSSezMsYm4l#2f?L&{JHT0
zxtj$EMN?tCq`qXjSv_h<c;z#>+yEV;^V4i^=}TdD5qt6!_8y)pB_twB{lrf2ORmJ~
z5gkGdn+%O28ilSlJdN^x!yuu;Fjf63Usu$j8ENLg1X(%mdZ;EVV_RRc3j%X6&-6VL
zKV8%3=kE@xt}GPlhc>xc33;px+Sq%XK<3}XZfO-cMifXmc(l8zMaVct)>6)MNkr8i
zyNvrmz;E14gg{>vSL;>)C%w_P&=Ym)F{bv&eUWZZZDL0S`mp)>h+fI!j9J@n%3e%E
z?S-8>>^9wpZlgyPv{Xa7hzP~n-rf1fVq8xMC@LJX<ff9tW*2p2e@~u~NFg=}P89t$
zV{#}~WEZ1lN1A@(<8Y&q>)CzPq||l9_yZlH4%Ls9RBXA@WP;4*)CSl6MuLu8uBmwS
z&VpZv%NfmEFDAqDxoc!NY&kqsX0RSh6?QbK^NxSdy0Tj1d4v-J!ftUcrpUpmNcTMQ
z3t9L%PAqkPH?N5b3Jy9f5=Drex%Ty_#)vqd=XoFB`kLO`d%CBV;STEGZHdI=KbxFd
zJg5+?b=t+PI~)X?r+&6>bfm+x)V_lOAmhinDwFTdB&EIt(zp6qM_p@vuCZf#{3qUO
zGgU|5$hP0vPwfi+T{r#g?y-Zd`h41}>I|TUb{}CM%b}I#`shbf3-=)<+a-z47yiMa
ziB$Sz^N6r|*kJ^x9VN+h$sj(C7pJgL5{6<bzXIqf8DKfr(F!&2?Y_Ue#9b2hCiZ!J
z+Y>|fB#tE@y`kN32VI#QNN6YAK~si>cR2{-D|OhiFWSQ16Odgkl!9G8UcQ;m9XKit
z9WtG;^kZ>s-+cZze11@uN<^B$!JlbCP~y1G@X+#G2*`8XwiZ0zaC>!a0qK0_I60kJ
zWR*mC)liAS)eC=t@QWnYEG8}>qPugtjnQ<%=UYdZqb1uKr(F=VWc}^Ly*H6_y0}@!
z@H5oAvBWESybhx06IP{5RoKq@pROq&%NPN?|Agw}^J~D*ht<FSbImqV;OWI*uM`RX
zH-6zi$MH29Jo^7X{C{CI)}zDecUwrMi^T3-j`!cNbFyg4{qk^(D<A$5_|@>@Lxmje
zFTL^zt@SVUsh(}luZB;rp)u{3WuXrhdmT#Ao;wSD+^xUV#H8re(c(oWCofuE8DPa$
zM7)Om<+QuvIpAmmauNGA;r~jXZABN?AFT|wP$}Xj8QRv4K%ie&jZ_M?3^qH7N5w?o
zm!R4&7QIoDpD{X7{9&|+q2BZo7=I1K(C&UM3I+z-_&`#d;ksfH7x&-%fPF(N+|4St
zO`g^Dh-%<gkX2vQBIY`JqP`KOJsy5G>b$G06<4V%1hf~K*gECh`=j1ct5DE;FU9Ec
zJ*F9vxdIN;OE&JciyeFI!&)#Q9~r1L4>3`NSBGOzygNs39PcvvEy=jSmP1#X*J;m(
z@LZEZ9ns^p!9-{s8`eqalVl*}%!NWS1VdNA8n#0zf!>apGM6^*L{S;rPFS-kmfB2B
zu?mhyAfS7;XN|OiS>+a5&r%*!52xrVBqyx8TQjg}d}~ry<Lc2HBX?*Nw~OD;vn~9J
zu$oFd>K7br;dGBHh_%(~t#euFz8u}EtnrsPZ{N`${PB$_y1^~qsp3$>C-$Ll@H7rn
zaY~%h*=rj)@*k}r!y~UI<g%=q5!F^z>(&^nq)*Ch$`mAYY?Q@j1Y3y%*5Zz~vJB`-
z)Y}2K;G~Q!@&5AEzn%EPY|SbxM~8YH_+G3Nu!_F&U0fVwFGN&TPY%t@@9o-E%ygFs
zLVf$~EWPW{>RAOErysJJVr5&ruD4<Y9pX8%DON6xY4b}V*gFpG_*djA!8kjQRkOk{
zSJBJx7V#l7b3SfncT<E!R7D)26j*|8{x%62%NW_csUsT^m1*blZ8*YAYmY|6e)NYD
z)y|Fn@ARMEy4|fLvtq=`HF(62vIjw(`}TePUn_9h(N1G*zUJ<oUR_oZ7fXu@o_P}v
zvKr80u~JvRYpnSs!k;a|n#o9d<ugR^H0m!(+v#H!ZYzHDYPzyys3PxvgxL^`S!9I-
zjjVZKfs~-nG$C+Z4E3}U*@BZ}Y*$?yK-?-1CZmh&`FzE{Ct;r%(wr?3vJEt}wTEqN
zAAgQdAA@N-kE=eMG~+ZJha{<JHlH{>8s-~aQl=Gshty#$BFWf4l3`8x8&jyu=B$$!
z$FVS(llcPt03<hEZk(<2Du}-0)dQmPgKiJ~2|1K&TbM9EudWyelxp5NFnhA(*--W4
zj*Dg4*b?76$F*1SOA9b*A|B^+$9h5}oZ9`B(^0nd3cvDQRoBne93v06?8;{os@0bZ
zDE6+ttfvsE0po)SMOPtZIiI=B9k^Gr3Q?S`#eyv^)2D6?!G+g__!+d_>|w{P{MF@*
zG#7(#pwYKrU!2%g_gMf|rkObMJwNH@NWpjTO8pw+kUWXD_IU1dt*hX5gF)~@E(1j!
zxlAkE>X^=))S;T+^i&#HBqITZFO#yBYx$vYlC)DDW-tBSqmx3?eD;bsLAY#1!5!)<
zst#%X9GoX}RuVQqJGqOAr#u-`P;RW`9UNRYM=_8^X-uvxFxj;<`1azVKJdh3F4E#o
zoR?$zG<qF6bhNRwZod59+-K<B2mT!>hz(GNX`>YY@{5JWL5O<P*wTSYOiAe9knc5=
zw*O)k?q;tWP=X}lXofwY9)k49HxIgObY2{R$C9F;#(UnS=4q5Yd^yy0Cj7LgnlTuc
zq3Htlk>?U_sH}yy%-p2$;Lt`ZA!bMZMS05k8N>OgVi`?(y}D;9N*`~fM-^itF8$1h
zkdTv^lau#nWR8=yUWAol^1SUeEz{93!N>S$C(hsHi=*}}UCU*QO=S<bN}U1%vNw8~
zdf&ta7e!mhYnOOl+Tk5-j`()m7PGwH!RCxVaf5g|tZQ25cj|o>Q>h+Fhf47?AuJ{`
zJMFftJ0u+w)`AR6Z>X<m@RF{04^OJH2i4UZ7Ltx|Bdg~MB#>he(wbF-;^nPPs@nwc
z)T+Fsibpw_&+~@#c#-@JJmm|@J%NHHa|I)=F&7_fTsax_KOG(Hc;9I~Q9HL%J4#J6
zP<!(1;_4OC0{;^n6Xe0(U-|!uB*|x^#3NJOmWW+6a++AlwK`}<#8Lgz5O(gRQ+=`U
zmc*;_y6)^%gsOz4y@XdK$@@N}z+bcl_t~0e*_a+n+&6MIYBM;sdISA<KA<128wmy@
zr(6CV;f_RdnUy*2@%Uw=9|OERg0?zPS>Y?tQ*Xw9^xVj*amULYZGECAI*x(K)%HB>
z$tJsMly|C6#kt*me3$n}HJsW?tB(CDi+BbyTz9;MD$md9{-9lBbFWg1gPU*7R|&^q
zIjSZlVV9vO>n&f{kbhlu+}KY!11gk*JFee24%84oS#{l-YAY`L^qH-AZ{?~qU%@^&
z@$~vx_isjzik-5xTIus~X1V3=xtb2ELND*6otpSMDU^v;D}}G=;nNYfF|Q-uX*6g$
zXgi8amxFzlYaGZ)b?L*AXrx6oF}>!y?e%QIn}kU}Kk&#ZQqIag;XL`Dz9S=ukB|Qu
zI?g!g=n1W55v*zyX%QSF4quBkd+~4FvwCJQk-JlJl<;xhi5p&tKe(|stS8MNwUuiu
zO~#YfWKhJI?~B{OR~ZH(E&3iWn1~XP{>&mY#)QnP=L0>hh<6lp(32C`u^8}*mus84
ztHMCTlt5hXw09kF8b?>wwj>OJ5d7H|Y#bp%!1-R4U)Q&v?dZx5=s=*~t0JG3wI<b2
zv?^`dX@lr}EN`JP?j6bdb+5LL98UK4Zb2<Omsq5%@coM$X4`EJ-rV8kPtuSlC-wtV
zVZ8ys2piELz&5o3$<tN~vDX~}TSaVatQJhuH`{hSWTtS&EJ|M{Sdabhuj}#UrHOM3
z=k!XQ;D{q=!<0JjWOUscWi&8XDqL%^sqB8)n=Kjq{~Tovkg)kcH-s{je3NzGFQ6qB
zb(bim-ibD_JU#r}@b77f5X!_R7o?=xh|#?*MSbTaD1y6+oAa(EL`&hU<L5?Vhn_I7
zGqGx=>V-r0)YfU<r$P~=P-VsPo0~p}u?PBB{T;fpb@*u`UkupUke>&x9m-O6$Mev2
zP|wG&?tCR6Ti5VKOqk#wYWK-dDGV>{3t$h@mtI1bNfo`_YpKuZbK38w$$V%T@f_Gs
zB^U8_pTaDsbkBvC8VIC!&Xa<b#yPZuaGGTEgMC00HV)GPJ~KSImpazlo<g*G!#%Ta
z2%<OE4rbnp)kI1;9)2E|f>V<3HLbVfgioUi)(5}Ya$IjxvV=YU=2iLJyDkF?_Q-$C
z!s<9EnLR9ZTUql~0~oo;IU5-~Z!p{LMrTtK8ORG)LQVk#U8@8K8K7i)jgF><A2&}I
z2n+1hgek{KdgU(~)jvB66Wm00vkDK);YmP3KCUctktOkUO9mWCMXePk;hy9Hk`bIz
zaB0jcdGS04Q#oe9ZwtJ$SVxLt`@IT_wD4g1c#@tRQF7qe+3F?wcGCM<w};mc>BzIU
z55yTrEx!9No^MD0U|Z8LT*b^RXSH3aXg><BI<1~MG+laKyrEMRsMLUf0WQ6A{n{)8
zf<?0md>(|snQ|*UsKeg?6bVqLz@o(n`5K`2PXh#P3S{Szp}d-GZROpnb>zjIXK&Uf
z3H2!Y(Sg2k<zl8`1Q-m~F?>Ojel6U-=#2+E$pdPi1l2c(vgd>PGfJyJF?86(RI@Ei
z+(;(mc|6%z=~V>-u;qvED6m>pdJens<>-Qq<FiJvQN7u9YKJ{lLvyA)vK#Vs-_?7#
z8m4#Mo&k@<@JM}4_x+A?<$ml2ZZYZ^F>3&mO9){n`_WQ0d;K^Lp1|q*uVt{Yz*_Zw
zONwkNW_=uKXn8fmHPh6ZGnQ&1VfaRzW)z)>_ltKwC0?&9@E}1vR=xLpQeC<oa;09L
z)^R)S+9)-bjWwbmiR+`~w=4dt)-DLc5c;l%MJ7I0x1im*XV~Im)zpxsQ}leH7=C9C
zXew^b%N8GX2ic6U?JGbiY6rsu7OwNiR>#hcKkS(B`$II21F7RfeEcH@VY?=nTXM}#
zUjt;|_cGb{UmLk>-}`GX)rtbw2nL>XEpHkQ_Uae<`2B6>W5fM&QFx(@dHpF)zwFcG
zo#&~CYl{O?{s%sk>)TvTmA&{EljOI#f9QHN+3Q<B%TMN!d->z<Ngek^7>xAX3U1E$
z>EcxHSpII+K&cxnYr)r~?&x{gWNpB${&+#uHEg~-h1aga=+SX&A$rS6V-)Um#Y?*&
zAUl6W-EnW}>rl<_`Ro1C-hll?$_#5vFOdlAM~OM|Yr2M7jhpPX)kc!g8)Fj#OI+4g
z4p(OFGt)b_WMp`eS2^t{V!qOy(92c^=<o+Y51bdw7ALYAu++-nwV_;)CjeBBCd(ha
z?f=|Uho&08X+L`VQ7>%WW?TenV=}kUHBraUv^PPvV7lw|9jY&(3*ssEY&x4OnpXrC
zgjq4ct3eoLf{nx{U_LBPEb5Mh<y^0{$ZfjDUTv?1Pz=|SI9D$=60jRKMlX)cC~b{8
zz)3fCiVd_4nJHTedZk5zN9gsuwYAxUDb>!G0)TEvMgVjpLL9#Osu$*{N__unki8=u
zbql%oM4X^_35A|S*`L*LBv`yulWAriNefC-4|S@F*!=2-oUXQ2=oiGcrbVh0wQ0rL
z@@Unb0OLW^G9jhhD&=~*{V_9pTIf&cGRV%oCNS=f-m{lyIbqehI&_b0HI^X55$(Uv
zS9KZl@rx%AW4fx($HXH4DHMp!Rxi3G>o&J#GYx#k9jPWH)Iq8W*t$cey;?Gtr`|S+
zFi&e8`hkEo(@8er3V+ivN}hu+3#Vh%-8Z?desKCvjy@gxI5pFz<54+xO=3s!r1+KY
z5s4S!r@i2^{QvmrE#eK-1@TP%0|SdpTMK=uy2U2ghufUQd4eibzkKGAS+kWbA#te4
ztS{lfBFUs+X|WNtKR=x^HFl~2d*z{t9~;E!kL7PGRnIc-+jCbw;0E>BbDnY6wh}YW
zbrydIKrCJS4`zZ#i%kcZb`nxJUYm6}wtIWDK!-s0W2Vi^i?Xr+M_H?nyJ>!1RU8d_
z4&br6mF)(lNWrpJHP(913GT{XIHb<I2`yHU60;)rvm2rkBFkoi=Zws1Uv(w56ul9{
zX}Mp<L&nnx9}e>Q?AZ3^x0$?t4_{zL{e{V961WyMLxTg5^9j~{qR~@BDN+p?=MlW<
z-!O07<Ug9f6rP@c!qg*e^{G@Sfs5xq(+Nd@N@g<O`Kr8{Ta}Vf0*RLgLb}ij;%b=S
zjlf?6V#}5p9DTo@E-E2O99kl7dQ`h6#_F`|`RBM2ltX&A5jC7e*=Ci~u5$B1yUB#A
zlclDF`2NyC)f%l8X^z)l7hi*q4<4lx-VwpuN~If)b1&Dx-5(wgk2oEHAvH5hd3{#!
z`|$BnZLI!D^`1Ho6GBT=H>v<yH_LT6-YZhyU0Z8Jkyh@vYimbFrv>2%@&xQ$YyMk>
zhKIlhY?uSGnJlxusCuLVKzeT_u)iwBM16V*ZEsy*Hf}UU`eIe?E#UeQK{KD~6GWeo
zy*!iBYN-JF4^EfM69SX_`XU%JOiORvEHhmnrf#6Wc;d!&L%?p1@_@W6L+_?RQ?vq5
zS4);`lPDOMA6z@KJODClKnJmv)TbEM8anzc@}1jBUQTQr^Rf&SwUr8lmsHdTXYwI9
zAr5OkD<BDYM{O1{5vN^Wg`DRt5AXKSRx}@E6+}c$O#po^zq}j`R@$-Btb)39Y}hc*
zh66E~Z^K4!q=1?|;TY`>b`VGe+_W-6q<_L2F{aj91mrK%q>5Yju0>_^8iHE>m91?V
zaT4j;W|PzI?TSyypb_z|sBt7YdHUp%-6^UF)`?tYK;%fhy6wm1BE}fS@+Y_Zw>Lt4
z%4Hq~k>V<vY?l2jCfT}i*K-SH)&*LCoZKN1TR%D^Kt=||3`-bddD`4_T6EkEGB|;_
z>_#p}PdUNSr$wtJ(>l?glL5y}clKsiOB&io6a{Q>hQ4?|pfijRTuKRhgAW~hz!qk*
z-=1w<ko?b-XnEeo2Afcu#N%Z|zM$X$ENcH`q4)F7S`Zz3V7{SLsz&rq?F@`ELG41R
zeFd};pbc;xm9f3EdH%|&InQ6TY!$xT)%;3Xq!$PiRT;5_I9ueIwUoFoB|8VKHGTAY
z(YA)ifWd6YyE1WyZy*TjI$8_nY?fsmg`<4tuxsqu1uzj2+EEaQ9y^H_s>}=RvtALk
z<Ne|`yTmQ*^(h3k{4)Em^Z-F{o}x+iZ+n2{Ri0T@3-U#D7r6b46)lVQP@W%(5}I>D
zB2$07AiH(PjZ-II%8H^aSnYSUj){$EuAU`X>Zc+!ZH7sJ;7j4%AmYNVs(2W61Yx6~
zNJ-Nt2fWK}Tzudaa!WZiIc9PzcS`tbY6dhj%@Qo3`2+<kOfsH=Ya6mH>sGF>*^CF9
zQ8{n1WQ~GkTMPR3{9cZ9<$;}LF@@3hBvFVc?|B1VnO5<&cn=lPl&5As2q_V#*lfpC
zY`@<6=#5;Dvar#8AP=@a5|dOsfE9*&B7l&gQR?9`a^F%XjvI6}U$?}s^1EWkzHb+B
z9B4@O$ePV;<hmxA1!BVy%m%8_$1v7ju8lFTm%~*7XphJ`%ckh%7ix0zb@--GlZwhy
zY+Qz(PBrL$Qu6Qp&|33%V#PFU27pOaQTA|Df^FJpS;l{B#f-kH5yrDPE|1z(tPiPr
zM_Mzx#PY*{seFR5nRpyc_mxe5V%l6FUD3U5$*q;4#<_B`N*MOCx;)-!frV8<!NVI9
zRG+Laki3Vs5A#HT#dY*$=G-K{t{(^tIE1S^)2%!<_@|v^!^Z8zz*L(qZj^3|k%qxv
z*fl|i0((nfN5C)5@PSjVM)GociD%%YkaN0U;+xIHPfT0>kqI8GxcvA1b$~Un(dHOw
zoM42+W&A;dktxzDlCePnPT1D%Bx;FWye}XE3>^{yig4P!FrEx3qU}qmOy6%8o+w#9
zjg|41rQ69uM!|4~;8Iv;dFkISQA-$WX5f=b$dr&IY@Vk__An<&jf!k*ct19-$|q1c
zvxX`|e0)bZ>}~8jA+a-$1`u;oSAoVDrD*6qo5Xwf%uU7opv7a8uK~F$5YdCi|8(z)
zG*oXz-(Y9<HFP)T6*Kch6864JddQ>wXw(~lRLWB9xpM!dE^uVzJcD^V>}+c6G(^XC
zL~ib<ymilTUQ&~ctZjln=M6(r*gND%ftinJux?R6=D)mot^jAWXIszYZ)*xbAlso=
z?(E97Hhs-h&@haB(C1p4h6PY+#r6_Q_Xy+OO1k%k6S=Zpg_xc8vEUSw9%VKT;M&&O
zp3!Hvmll8x>`AaeU~mmiv<58xJgFs8vpE2r5Y-?IQ~f7mcJ1XOzc%<V2D-V{RR+*D
zV3~2g5)PEue1R}M;$EGTnThEhIcrbizTh9K9ej4$+SpqXhW3f~vTo)v5Q1PsSzgWQ
z<4=(=+qFKt-Gatp7yQC#Ke!WK1Lf^s-aG^QKtIs(K)!;v?1tH$Yi$xGyI?#^*z0IJ
zW5xLsn~7)QD+7qhNU>EgxbBsv4wS|tHC>{F(`naZ`5WX(p7IzzFJqcgISLG9{8QBO
zq|sq_ys~X39{yO4fM{#yyisA=p%OW+J9@5r-`**U$=gyzMwPyfcXB5+kivJ6TklRL
zjBV@pX13edR`0<&Z}#8Z)$Fy`K__`5cB<LwPIO)Qg~NQud4fnkG<;aD;xA_MVF5KN
zrZi>hNpgU?%twF`{3`b?pT@tsET4QJ?7sp#*PUnNUq3Qw%J0eR=q=GKxKddE-L~e@
z4F#_&4B2=Xt)`4$AFeV$ld46oyry&T63=*Ldvr%yuLs`3H|FAHq&-|!{9$C*)>k_n
z8tzU9Fyqv!#Yx!bh3T5&oMBn-RHpWCCdk;5pF8a=6hJKueT<8#k`&!!zlDYsewrx&
z)Na7!l7N1I+oi$ie{eE_4pUKA2UE_z4XMT-snVqHvUwwboJwOXWr$q9tq;h3{Gdz&
zl%WgBs&h=8em4FEmz9S`-*Ny0{SU>fK|48Bj5Yn2!>ynfYANNaV(5Me`CmI)9Ol5u
z6HI;wGlbPqK-*WDciR9x8V2mW_%}}V_d<66b3g?AG`awg2eh8Taq-V9jgo{{-v3p7
zkQH<YXhgwD|E*bg>_z$)l05-_i?aj~&_^B2AaW#G&52*uxd=<|^%=DUVOEfs@vd*z
z`_F3(z75sos<oq0<|%?khismE)R}vC=zZ5+cH)%iMQUusqZo|?wHL#!U>?uXkGwUu
zq(Asv^bUFb7im5qxE&61dp`xx*{^JZ3!$?tiElhkVTBX#y3t!D8e=u6Kb6SNP3l`A
zwx8`?-}Ac4hOxPEK3IRV<sQ4pibC$}Ufs#t1V2sgFJX~9rDewTD+jLF6&)qEv+=6L
zi?_uG-qehw`^ge%Q9_ci;yhpKB+oe^D-IXi)Ne^X^CL6fl#r+DPD61=O&KxWxJl>%
zd3cDH;y8%54>&WE*u25|^Hv|OOD5SE0Ze&sPN0M#6cIElq@@k|Sg?SC19W)$L)eF1
zfc8l%pnN{dIf=$!tHI5^-ya8Fk+VfdTic$8-*aWx+~?|mj(f))x)m^jnkoKxc)MW7
z;h#yfrmlAy6z^?QOSHiesxJS8UR8Z6N_VnmhSAj^6t;;cQ#iTIR44LKs9E~6bkE`+
z8}tEel#-}q`x(=nbt?~8s~Ep*9sIXmyxuH%_`5z>VKUZ>vb<Vcr-VIm>gs1I<OC*K
zPUvj8PA1Xh=gVw<IDZ*{jcKuG;a4<313rsa>}=N%=a6l>bDGQ(Lu!aiInUu^bq**u
z%t0ToE?0Z)95TG%7<oNLE6iJE1&NFi{9|BWd@v-N7BS{BeeCzZ-e1g7RW=Kl#PZq+
z?6Rlcq>clK0-(s8-lyC$ALICuiMX?O&fp--UTtW%EWj`=E~;rM$T-XgO{;lXDY}8)
zGtXe|!i~qw27M3qqCWOA3K279_g%NW-Jsz$Z05grj+YLx)@z}njQx}bu!A&rOz_o)
zEE-Nc7p5-pj5H4@&;e-c_}pjT$yBp&b2+}NEJpTNoDdcg;^`}lNq;?{XMX1C^picY
z?pGYIm{o<u374mk4IqsZYF9>Nb2tPY?J2gqo#WTbsv@<x9i_p#zzhO2&L?)u<zA|<
zEcv5eOqX)wGTeoEAku1Y=qQRgwinm0Tap<%s%bV5PiMA3ZYuT<K8o8-iP~|w=sHhj
z$bH9{kk<V{d(iSlZld>y6Wo4^1LNw2fHGm86@&ztz`a(hIqF4aFugQ9@=P#Hu#>F@
z7`+mIj@b9^gj6Rn#sphTMC!=yspWz8u~{3fTi?eJc<>W1cB&eT=Df?S0-H@;J?D!;
zFm#zSIKvCMudez@H1R<3Q366nwHSogDdeMPUzB1XWj)EyxX!bm>$N#?xge*_yq*CN
zCp$k(%`ssOZ6h~fF61;;J@t3P-0p$WGJ0d#6!k`hQYKG3x)N~<u-CnVM(5gRD*==X
zXBv+}tmJ(i;lX|Nu~BBI^fVz|?l1}A43^@JFjVM1@@*%9$xTR--)YbAMK%>{V0Jhq
zJs}9bcwer{sni3Q%$)=skCk{C`9B66l)>@TwG)Zmb(iaxF$q||kffWe#@ci<YH}UI
zl(*tuL4#HRz6P|&(PG^fkgKb$EtB&`KWG<rKXPPO93jTNlJ*HsZqWBmrXmG+*nFG_
zx9EB8BCabks@OvA&upCV4sZe%tE#?<BYQaWKsbA;G!ecQhEga}g3t^u`KYKUt$nYa
z_M;tCD*_jWhP+|atFzIz57oN+cChlHS3qy=9~6lq(c`bObL>R^Is5qny$)7Ic~-BQ
zg{f*L5>qCX0M@g^$5#8rId^mAij$#^R^)N;&d$!Ee682c!Z1X)N3WUo4<>9m!dLvN
z{8VC~b}+SL^LlTkgstBpRp~CbX`-Y8S1)|{%-j8+3-hj0(e0Z%yWHa-y>KL`tygC5
z^Rbn>Yc%c+<B-pATYa-1<zebHX4vF(x_`&t6$|O93}H2zb)SfvtD7TWF}EFmKF)`m
zA8jU96(vl$7OPcATTii{j_D3pO4xs1ykcudIa~#_Ndzt52k<$Fq171Kkm}_B$dqC4
z;^2bU#!w)M4tM;uYvfAh99VQ>%d@t#WM4Xx4!}<0O~%2O;b*$Z=hbjk22?JASjAJ6
z2oymGj3)U1RICM$@;_<4%;;<QDa^QXWg;V3GjbJU^Fj;=l=ae&D_VLdS*(SWc#&t4
zzMYy|StDb8E&UO%N^i^zBjh5*6+}&ZWdq<-5Ym*CkTPQvZ9Ux>qklM9prQr)dkS+G
z5O5;uR}_FzoqYo^s7K`%&_Qk?gLjPq8yJxd`oXcGLR|l*F;<U$=fd(r11LPNZl0Z9
zb`xv#-36djJiztGxoz83jM0XTzXD)bR`ZJiz%hV6R^0_+0M<Fn?`|l#-#YvT*7<h5
zS;m1SF(>Ez!dBL(Jr5(B<6Ns(S6Qc5sRfnx{U|Yh>y-jeropZI*F?P@Nq3%*4f^o2
zuVwl6M~FJkxE6QzdON-!zCD|a{nR`36Agz2p;L@C`H|?bO~I<fvcK$snsZ!N6za{z
zK)?RXs4NJ3*B3P-MBc@PN&)!S5Y$%wI>m%s!@@B?_C8QL=05SRFK_0FWj7R{e>u>X
z%IkD*{-H$9+p5Ur+7=zdds)=l719icPO&Ps5m_Er>ZfAbS*LmiS`**}PXI4vEo=XX
z{1_-ZBkzCa2Z}z3ME&|H-i0>y>POcAJRm{yt#IBrysNtUSVG)#tNCjFy3UHY;ufU>
zY=2DG-cO=>JSq9eO@hmD(ez6NGEt`4pOz-GpYF0>X;0}n`hkhzSN~0^pSnw52L@DK
zC$)&%a_p6u<{XB=GR@*$8JXI8pvs4)BJq)fNctoI={&&5j69<kXIyX8l97SX@NvjK
za!kwxk%xGUfjCEArwE`upo$e6f)&s#?Y>sT-7P6kU)>-LZA0{->hCdg+b!<*qvORt
zB8(GsUNGnfR+EH;?}_^N_I9=CxczOxr-Y(ZFxg)<sW{xaf0JH~0l*Tu*po=T0iP!v
z9mD4<<PQDCBL84}PQ4lAIm@yXy%YqJz#kP8GWhLlQ6~1Gf}6gwK#uhEE3u!#ALU0w
zMxyz`G**sVWC={7?wY55{>I|h?^1`o3E&M>iqe}4Gdczv(+=d`d^|pHMg*$*>?0c{
zz@}0F8W|xIqkp?tiB(pN%8nC_C{5GH4f;}m_j1n1Hd-$VYKt(CvRA|c6mgQP%uMI8
z^VJ{cKsifU|3}C!M|Ljvq}E>)1LgT8Ke^xDZL5#H41YP%^F+LRt!-JKEWKV~AfS#<
zN;H@Yo0taog<GLMWMd8AXmQpg%E)|-6P5jO;VSg9ZldXQfhy{H7d(S@FtpyHL9^Is
z`&H3<1J~D)v@`FHH3nAiLC&k>LGlqj@on;Z;`2+j<~a*Z=2bm%$i1xFv!S{`s%3V4
zryS+veR%kMA@W<&`03_n8wfpuvXcb)F4Hx;#%?CuD8|;bLTR>3@}c<4zQ;@DE4I47
zv;cz0jQzo7&v!!tT@wA5a-g2d{}(Jh^7p|B7$SV*;Gc=H?S=#2d-Q;U4&U)RMJYfs
znYu@lUwX%N+Tp4Mi=UO|l2zSEq<I%3Ne0%56YU6jo6Pt_igV$4oo*fJXK04;`f!U7
z=_~<T!f`1u;w%HcnBd!riG95ATtRm@D1__a+cTq%z;UZ{JrF|+b9r9z{OP6408)}Q
zS!Md3R=Bq^8Su2;de*ejz86i18w1Z@fv3LkGL5}55lg9!n<SnKcz()+<laF)Hc@{N
zzy0&6r%k*r{4BoZMUIneKsIDWvUUmhg`hqy#x2<<I;&h?z~p?o@D@6&Gg>&{rN2Z0
zUUmbRzi0Wv3W<QI0M;NhfHr`<)`1*^8M%G}%67%of;JNhWm_wpx6ezt{|?Cjpv2~5
z%`!v$ZDregD|No)mzypjJLef^oO;_>WJYUl5_VyQvHP=oPLfZ13CNAqCGs413#*js
zoMUU1@8+)o(%gYzGSkNDV%U!tnzV2nfVs1w<}fxDg7+)GgKH>cwBvw^9q_`=B)L|Q
z8l24O19Czd-~a%C4fq_%*DGHqob!14Yss(2*}O|RF!T5X9BXZsJ5O0?B6@HTX?|!8
zzAtF?N#+?Mv5q-8JRUio%)1!zrQ!PW-xRBTqV2ytbVlugO@F)Va@%cHx%fdHfwYme
zloU+lZL86xD8-v>W#`!Z_wTD0Qm016a~?Sw5_P;%ZrSmQ4$LXnL8|0jkth9ld3ej@
z!1W>XMY%NOn(FL?nQiUjvC1v_x|)qOHx-M)tmhOlKuwBS2Vb=HVHWVG0-L_9Vr@WC
zGvz0+-o$NGE;1k}>vNL;H|KjlDUTUg%J0_P<4?@^HS-@^jtWzcmC1h0wEO4@6k+>l
zxIo4~6EY;a`yIEtZ0zC!-eWR}e^dad$X04FJ!TGYeSC990U$=!#>^3|-r-R+h%o}d
zS^|I30^~aQu=Db5Vh6mlZM(h21zLq|qMcM{o{^5*Rg-0uS-f;`hUXS3sEi8((qhLO
zQ6}2MB8jP%ZZ4_Z%456$##U65X<bE9+CH;Kl~|RJ9lEw(^}h7A&((g9IrrRMjJegp
z_9}_5_-WU(8wCKCLtwA`Bd$W!w)*4ekD0yShwmoGwf9B4BDtVJVr4g6kISjnJ+{Uu
zf}l$uy3MKD>{0-mhMHA%rxB<aHB0X)Ta=AyxarzmxO{JYiEyK$X>+Y7>r{^IHIwS<
zqA<ik!^OhB^4bhYJB70Vno*hBY%--=xrVPYb!pAaS>5`p`*_Sb@r~Nz+Yny|&|CJJ
z`OK$L(lf<JA%hX!`r7VQukPQ8pfPfh0pNLp-qk5x7NEK~NmAFzI~u+?con8KQo{)P
z8WNJ$&%=DVf>k7vCIL`A-gRGh!f#g$NHRcUBxwkrHqBPJJ<oC0qR8_zvo13a?qvqX
zy`1{&`}f4pbKvqGcz)u|Ow6YeHSjh0x|uYx-#fONLvH9;h)AiZiLI9z2%v^Xp8~RL
zMpYXd+$PMqw@3-6FEIUXAI6V0o=|57__Nxm%U!Qk$^QdFv#&7#g*(pw9fo!bdyrnz
z@ou|qQ;>C|WbU7H0d~B2J)hN&T+TnFY=pTARbKU8h3G=T+%aKhS_=_?w+@c8edG3C
zMMHP)A!u*TVNuQ<BX}+_dSJ{~3t@sUJ!Qr5Qdj8#h@49&3aJVjI``FVb>UVibQjFR
zwB`Q>9^ZB+BwR85YB>Ih$FK4yOg=7elxfX??m0G?UQh{*i5vfe25HE<t(35an#Pb+
zlKVblfNVB;82+q4z3IC<5@4n4Lnyia8OQ{Sx-W%g<N%ljou+Vb>4W84Dj54ew@FrE
zb$~k4C@+_)?UBJ`=7q~F;Udiw#t%LL7T<<gh<n-KHAdt`gXs@9?PP}mFaDphQxz+a
z-2InexaYaxr9cu81%v-16oRV%Hzn||9tBtQZ2!|>q0u1wzsXjI|7*AMFUIH!AZ-1=
zb8Fj&PHq5_HB9N+!$13wySY{?`<_hVSjzbF9FK`u0G6L4`-Qnqpx!l~x@{-ua+9XR
z2}(BjvC@)F$>fVrLwiXjaIhRz*m{iJ#R90ZAcfFYYQ#*cbDZ86u?HRQ0PgC)LQafs
z+Ms4HY)UYGUd3d6_@<vZzzgswv6_f}n9pH%v{PxWBB^v=?Weq8fvnFdAT{QTI6FNe
zk!E8=7UNR)6xt#)$s@87YC)rv!6rhZU1ZFC@|+i`V&6s4JA)w^U1D)53&X5GaKHta
zi#O<1x~=xlGa$NsX3_!oI<F;i31xDFwIeyl7cyoL`4*ohfekt0<Dpl{*Z*J(9a!G)
zToh9HgWmTjq0E@k(#0qP3Wy|}>1HaYDc-KA{z)AVP<-N1l4ue$F(h8Zwc%ep0V@(H
z0XQ?7^w!1RB3A8T+J;o>4`6ZZt^t)DG}XkVNd~j7b|Znij!<T1&Zg88zA=c6GEv_B
zb8~Gu&$t5qcRw`#IHfa2@_39JTf?_#bAvrw(b{$!ty4%oskvWN%J=iR8|!vUfT{=p
zeB<uh0;0;dJQ$^i=dgZF_6zK_JKd?l<f`+wo$0;z{=iAPg5p8rFBkgC^Q22S0B~)+
z|M6X~9e<#it<jDzKwJ-wWtx-abJO0-0Yy3vI>vLfY%S;7-deOtyx}Z<V?6x#2l^<8
zvE~3w7D&g=>(sYJO6O`r0ZD>(6xE8UL30{BR};`zpl^H2&EY+SN<5Ei&kD#bc+Qo0
z8@=~dfYbzMWBZ^k4P-lCEPSsp_T_jt@OG}Sg>$+n3Xp2`Y)M|M%MZieuL0Rh*1Fs>
z??wr0a<ewz`pMZUX$$QNQOTC?K+v%9=x{v<uC7+#`^YY!iH)Rf3+?ml{i?tV1yY5O
zmwAmky!)_y$)l<$K7Ve$WThaeO<Ev*`ZcpFHxtYI(^*t+=6X1D2xo|am@SZ84mcep
z@f{Bzwr3XkjQF@wrvJs<TZToohGC;_-O4tAO-t+0tu#ZaFmy;aC|yI&P(!FF9nuZb
z4bmNobT<PGNXO7IG@OOv{=V;=?>g7{an5xefAGgOYrX4T?^E}4-|st$i|J}efAJwg
z$%a@XNLrs)rd5Jt1*Lt0PP%Wg?qq|qD@W$Xv9|?x+s8~HZxT9JDqS9%*!z^2kVK?q
zSMy-{<PYQ9HZxMFXM<|5Kjp=uro+dHWK^x&fP$+u#Gx^OM{4mYNngLbj3DqTcbP37
z(htSIZQb>JN%HX%+nDOxx#q|uHxn4X%Y~AMB$8QryF+kY+J@L!{{>gonA$kPs>)_&
zv?qEtEAXaT{VIc7Os0{hYsRu)2*VQq3IUVs>q5ZAOuLMX|Ew@oDR4Nl1|Ara+!d4=
z@VJ;{a}IWiInR1<P39%{Pki%>8*-vkA8k!M@jFcQWRc&IOv(6{L~d?bk&r)x0Th6w
z)U+q@%gMK04(O?}Q~A_-n*d-rG+b2b%&31CttyUg?QN>q8%Mahu++m%E=T2Hnm7s)
z4}bgyuis^AUb7T5D35vpo^UJWc<Fsf=(wduzNM@<vribS1$RbqUhqz6(zINrp_7N>
z>56x_h=6`j2({B^RIY|L_GqD|_f}t28We~1;>v7$OG|hB``vy~GyXYuETYQhxi1Iw
zA2<~f9};4lCp<V+R;oe{NTv3C3O;i(G`+n*6Dw8jz|eO0Lw81&n76ge>>I3$zrX`$
zfwOrV%;QB@9Q<Z6Y{eDj2aN}-N(O2WaqcNz6DAO-#O%PiKe&xi{a;}>2~P4(#W5w<
zf$i1$NHo49Ud<uyaKFsHA=8qpSGSzWCuVgseam=u(AbDRePBkVc(`jJ_riB#-GQ&h
z6waK_Qw}#~yXOwVALwWlMxO|0f6*zb?G=@UKk6A=SEG&F9@hiYyT1|sUFS6up%}@I
zif5a=s8i+v=7p%|d377>^kfpY3SIHf2ds3kk<p*v-r6#)A5pr9nzrQU(H3u*GQB#9
z#>IZSHwvdUsjcgy$oE(J7ffcHl|ON0C8j@xNm%HQxHR#Qzl^gj_-Rt(YA}!G{xE=t
zlKo8KG5BKXna7%5^<HrW)$bzY=Vx-r!i=l(r{c`;^r!vQUo_vJU6zVTQl3EOv3@eP
zJ^<l`f$n_VN{+$4sam#ogdG?3X~}C&7wL85-7!M7<PeR=*ll{X-fA}$)3{x_xo-G>
z?Fsla@T&b(ZP=7Nit1-?4f|gM(t4K50=FALDZ{U=fuqDMM<ModcK=aJ;BbF?#0)3^
zbY$r-g;t}8UF|yb32`fb_4~bV!NnIEC3#of3h@nX>nV!#^u*T=n1>s-c(sq_gn4*I
z^3CCgZg6K|-4N1_-=61IpCtDd<^7e2nX=3bFAG#(A<OwY=6FJM4PRVD`pqc#$B+Em
z<mdIpB-P5YPsJqVmqJgn{om{xe_eWmbX$e4=3I12oQG-46THroVl#<?GUchis-Gne
zE3PHitR?z88iWsC?}+II*13WUOhQJ$T1=9s{#g<=18Y_nxlU2qXz+TJZ&4+x-9q&9
z4a9Sce+~gzI87gY5|GxcObZ*)a;AhR5kk;&r75%-@&w-`R%pFPQRYx9L-z37Q_Mj7
z>g{Q|m@A1TUHuksgTmD3ye)}`D%^;qsyr}FdSOzZbopnc=V`TZJ;w2sFV!N53!wsn
zgc$Wh=A;?ZBR75Wn>ln(G1tYza}2}o^U3G#QB?y_B4mdXb>PsNzi6$5ySY->rLooJ
zdZPWX%(E@zk}r!vS@sEV;#cj)LytEBrlM;gX^ClCLJV7xsx5IyzUE8Ee{N_eFGhpY
z?5`T(b;U2r#t)y0w+4gwIt#uIZouDo7$YJTY|Gq;T#s^=D`r1AUAP%IC(OJX{3W6T
zs60ZmEM!$*aC_v#bf3V6<f`=<K><VsP&Tg((cq`S2GI#Lch!gMm*3}>@FiRKy!SL!
zifQj$zvIY7x<cf;@BfHe^v%Zu;lsAG&ECnIFMsaZs9`gWkJ6i(Qabf48f_khh?ju#
zS$kjE&aHz2cq-^R8=lP^mb*ReT6k?$KQAZ#BU1ULlD3PE(h~l``xBqYl3H>$H!Zh+
z;Ix5NCQLa^&70AOjax%un}IAh&uB~sZ0Pdv>}Y#I<s4AYwTDuV$9_T(ASAqw+)s%t
zHbp7B4^&E9eL`x<>T?HUn0pu7)qdCbx7^>_`n6R+&sO?V+5;P|%%|%zG>7L(uSj=u
zcRdrbJ*#sE);N6E@&~_1T|JMwF+qb#V2+!<v-E9+8{Qpc7)5(ZL2Aj@pjW?>v|Dx^
z!43<aD{rU!$^37|xMNnU#LX`KA8QJ1Ll}H!hP&Vsa!Pt)RSd#B8r_-iw`q%ORJZzV
z5bvg*kR3JtNKOU6J@xA6+Om1HZ$mx?f<3--QwycMGoL={xTjaF_G%+Irllf3kTGfI
zEMZ)t<OAc^$f~PLb!@BRO})ZV)S;b#>607ZU_d!o?M$1f=+=MoC39@k-O>uDcFKo`
zY0S}<^D6KD4G;g_kN;te44c1<ai%>v%wzeZGIn&K?~G5#WQz3<>fBMuBUvJ%yA{N0
zEKg@_E4IY61Ger(+uXHaT-OS=J^Q*VtqrGJvtA1|y?>aOkBvZRc*$8UrRGDAN<N$Z
z8PUYeik)qvE+kf34DkCH0!A05OW}o0aGfeJI8fK`0-GD(z9{$(<I{EyzT6UUAQxq1
zen1Ide56fp5&bV<ir?nG4H5*81CA5A30Dm&uIw|~i!u~Wh(O9(YX$t^=ng)iVBBmS
z%M%%IC|6%Q;LX<vtIEF7B-|320*0^+dpxdd+>$%j6%%|gDvgP%425hT7;`FDVNQjS
zM)^c*ij`vqpNcN+*7<fl^WiBo(=J*k@eS-%b@0-9($i*&UVX#v@R+4G_c7c<>5BC-
zl)TljovvQVhmKl1`rnrSu5PCx&7P%v*}QOGA}qmJeZm|AJ|1}66gV%D5Ns=dYbvpz
zgZXnvkVu#EMy{v1Ta5(Shkol#^zP%|pw6wImmVq8)oQ2B(}dfN50bbEibw+d4DVX$
zOl{~#a72vc;Wx4JNj@mZ(m&L2C7#|jHo`gJ3Y1}RkzHV+_DLqGQdDPO?u=e?Z;YHv
zclbJSbT&N(SghLe&Eh^5n&l<aa2~H5)KCMq4JHX=0R@c4<*zfINs-`LS#q3tz(Hwo
zS?V0(t`wFLVe3{HH|>+}k!rb5G)V9=D{_?Yzvp=-x$<eDlBaR+?OxmvuU5qgXWRjC
zm_x=yy5aT<ho5y8n`m}Qh-iN9?@4JE28?6Npvmh>M5GniZ_4xh*gjaRns56tN06`)
z>+li%^2LkP^dg-4rcL%p@WD*NjrCGE{x31uL;2I$FZ1=vG`>guWX5*?Bc3xO?6iB1
zo0Je&<5HOK#{T%{B?haHQdH*@nAHFEa3b%^*8H~i<6(-VGfl(h?9HIY_n?joGkxR#
z*|6O<V6?KzHx_-XI^^2zAX}<a(>;^U0Ugz^e~tXWN|N0m%_GRVIudHRHfrT%oP-e&
zY~;-5$?t3Io~PN*(vZU%)bE$@>EnzSv8Tb@wryw5q7s}L<So_8Rh-9LmSW%E5bw^V
zfdEZ2=RSm}j6C2doH`j9E3a;$|827jH|@_`mlU%MWPJB09#N|GCfDLp@<fUHP$MKT
zaRf3vWEE6y<X}s$QarB=b?OBUHC4h9ZPmh$E={AgxE4&m11K`brokk98TX&z{-m$5
zsmhK4ra6UN%IAVG)t3D(x)HOlGa25f^Ulr4Ur}_eSgPdr>%8OG{=bQ$l!|VFi)9_7
ziiBBpgOg)FbZPHasu4m4zaL2Y?y--^xS*hJNtmZY6A9hrna#b%^uq^YYVzy4Q{ng0
zeL}#KlWTGk4@r|cZk5Ds?BTcRyIbGGtqyhi9Z=Q1Z=5B^&ol9b0KeEkYdc=ulhU|@
zh}gbMW11-sR+(&u%T==71PJ6bqVOc&k!rX2?}ahOXe(*_e(;`biWO!=SzMetHVvs*
zD;3`2R2K^Q9+l$Zr7ydOPvtvFirqNtWI9(JK$Iwa`{wwo>B4QIV4c*Z-4rFVR2Crr
zQsRy($@4sKIhHh(GU|UlYLCBCTRF@BgBj#tmv{``%1n}+kG~md@d_|m#0T$dm}b0*
zz!vnn9E5nS55_8^adYV{)ag96Y(fY%<y+z<Bid$MN}pq$#z8U(Mu7B6tA5?zG;-}%
zxP?AgAs`iDj_Dc6+{#GW^+a6$`28)KQD>Ed)wOk%Rp|$r+WGJE1N{u)>RR!iX1<R?
z2(2t-!x3-m(LCQ}quNu)Tw3G&{FpL7q?PYfrghP+-r0Y_UvwFHQC>mnyYgK7ptJ{X
zU5eOZePV$NKK6)L|JX@!(;bybvr-uRJBz;682|qu^vW7LVpGC-T!!Ulv~vlztNtj#
z?#}!hY&C`HPZ13zL0kc0NxCGf#pH_RM`+s_G?{t6=%a#{fZS{hanbpiHSLY*gk3+-
z1MPH`OUU9UQir|rx}f=DgSUJLC1rcY_xqw9IEs;P%bBX}f|=%KjoxbX0e%>+dXsG4
zDp~+MfEVVO&1#OpQ?Fk;Kmd{e(c6GqpaWv@{oyM_@>`c(Gd`yMm+}uN4?|4<fPZ)X
zH|g)pY&{yBExo<{@8JIuY&-CR5t83eGLEd7)(o_(_Hzp@cAv{D7p%+}D~#RvuqTHe
zY4#B>1_zWzH&QPKlvGYs&P&XUQv^~~(`C_NS*ht52J&4=OP+@>a?{ejjHOx9{WvQe
z^N^AqL^Tf;K9Q1y_uFVXX7!z9D0xmXRM7K`m}L*mk#K7+UdLH`FdY-|&9tDdYo2YL
zsx#>Mpd}up$WLlDr)&!xK#1oroW2bM9epDQjFoYqpIOd19X`IgolH};>z$T1pd{J%
z#U$MH{+!J)c{xs4n;9=FY-DguU$XUu6`H}U=eUN4DlSR0>*8Mo7TL79T)46!kY)-z
z)4!39yK?}(2_To=gxB7Tl#lO$w?b|iDS?G|CCC4{Vr3pmvF<fUig@}3KS&2|+VVZB
z7&+|l)f&yP(sLYDo3`pJhHb+uk?~KvTEP?W<BJ>4mOH_9&iV>Sb@5(Zr@GP%e^T9$
zPhZx@ttSMyinuN72Q@7b$YQKJ5jRG-{htx)rvpa#UF*gOE0GQK23dG%yWI|s8O@f&
z<3g9bn6`*ufq{Nj=0FK3p{IHaGZ&GYzWaJa3)hVPf*_@>-PmJ1|D&mV)f;5*9Ip||
zU9?pMO)t&^fehI}8sdccTpFWFn6O{9E9PunT%1e3P~UHle}tZ9bbRBmeD4!ezVgc=
zc94vfQYQXwt2ZH&z$v{@P1me&SLF~-2kSQS6xCLJ9qpfc8$x5IbE@8DZGIg<5Iwai
zzKKW2`qwGt`1Wj5sNyaluBR6D)HNdB>J{{%GU|WaeIQHg4Ok)kXD@VHZT%DZ*iE>1
zr;7<$yabM?67{+i(qBd~s8uWes#g01IK<D4uan?_>Y`ssunzKjlvld;@5S_vWAXnK
zLsK>1BND>lRZ?@WFaH=K)MIM8x@uod;!nZlj?EX)M)zL_PPZLMyhz&`Y6p~>UJc#E
zyIbQD|LyrO&68%|ZP;IZ^?96QQ0n)iZ)u4AkN>aOCJ0XWyTm6XFVBZ05J(;4IqNln
zN)B-Tmr`oj9PI7&#8*W`_~5)bSB2cqvMjyyGJt8dK+&mHy%LpbH|yvpu0y){bdxP=
zt7=y=A3_Lh(43mySBqv;7N^AoH4ghvo1=J6>sC5OA%@$Duf%yHP>zH(_&|xVA$%{|
z;cX`FjLVRY_<PSWid8e-o9;+6^|hCA1_xQOPs7T&fw&ab2<~hg!jvTPg=-UnK-Vz`
zI6{GcB-%Ewd^n<03N?w2e)^LDaBT$-y>7VcKLbzn2djy+9e*BR*6wRFt4(vqYpC(X
zH{d*ux%u|5F&+*J>erzm&P>`&EIZMQw+ht`0$nfTIvJz>hd|Nwp`sA#R9uyN<Hwp~
z;J^#lQMVEOuFXtKMw@%NXfkYZRSI(1A{z7Z)?LPjZ8UO$@X?8NA$?u0G32rHlwRKE
zzWEGZU;cN_-xhEUqfZ?AyVw3qt(BV?cM){z*8<zPkX*RD|2@hU=W)x;;4kffC2{ef
znE&h)#%K8NO;vEbaJ_VHp0vXQKo~Lq9dcHUllBMm|5@ZQYCb)|r8;`wR_`V}-*T@k
zCJWBj{Pz7oBj^t=^LQAzP#4d2)pE+?{4b)LIMB>+nm730Q{>&}fJ=}Y`l4B&n<pQ$
z8t{{8lzjLU^eD9c#$(^QG`=43+1MsAP@zba`mrwES-&x-cl~>x(gE}s4V*>@`7?U0
zMkkv;Ya4j4IrHgpRMz;@^gq85oz@6$3l=s4cBQ-+JG}W-GeaGa6!#j~XKB7PM%CUd
zsawbH20Z`uFdF?i63K5S>{g?9oj-6FF`oM4)ux;G`*~KAV6NNxAT2jYjX~)AH(BY{
ztz*w?Us0)%2&BJBr#HrW%bmlS;CBPX!-jG54;KI!j=3XW&7TRs1@-%HUyr)~)lUCB
zvk33MHjHzy`JWfBwi5sIEt>Uc{(FTjvj67aZv20`HHI?HUab8(eZEOGZq@hdK^EGQ
zl^#|5gsgwuB&hHTyI?kPNj1v>B$hN@Tx;1WtrmDu_{@hl^V+OelWjhIY{DcKN3PFW
zVix4SE7=-r4elaCEOcfaK%xlNZGc2{a;$tV-R3R;`wV^`*?<#59&!~*m1LoS#F<yU
z06+sAk{@m0*Zx_}jn`<}HXk>Tsdd>+BH1(?jpl8|dmxMJ0RAME%mxvsg|*27c+2N=
zEqrj>B~wS%I)^X%=cv+|C#IoTVd#ou6aI#2tn9IVfv8i(rU<d{*;M#N<#;a14b$RQ
z$_n5%Y#+B_uS5h-fIz71Ck}MdpP%9P>PsSbHVOniqAzn&LORvWF)GR-T;UL7CXfwb
zO(#R=zqYP98Zf>A$f7;tz6KuMg&-z+C`o_D<z`J)M<F_c$q{9RS#(!3y%C9(Wm|4<
zWunK&?!)=M5{A)=y^>FU_Ea~s^KpEQy`-mhl+vQbYp}3a)Ji7+|8Tmqey|sl6b|?O
zv*bjY8-Q%6Ysa-Z(O-%fxU)o)XxX?Dt$hJw>%_XL11p(^qM@Bw`-CX4hNXGtKKS_&
ziL0+ZM&RKMrfeW50^zcqL*UQKf2>isCT6<2)}(cY^Ni(pf)R#~@BxP@^Xj64iPQRO
z*-il4GVG6azJ2tzX%pVnX+Jz&&E^UxLf2&XiFJGIv_;G~s$Qx)r>_nP+}!nDer=5T
zG&3p~)G1+?E(O$NS)IpLtF)bXWOy~5{}k@=Plq(vRc~P5)(ah?r~}-IDKs!DFAuZ~
z8k!xq`!jWwz|<uSqnecg{B*QLE}e0;N3Eg>fx}9NSV4jU(mq+RGrQXNLcj|7n*9x(
z=0oJGsp)x9)72IMsQNsOekuILwzEP%zcG&-9-sd_n+VE7Vu4xuR9j80RhRZ@1qgqu
z4$Ua-_NDHQq?%;s$}-4OeDIVey-vXki62Z}bRN8YL>$JV)nohRBM|bIK@RsjZ~Um8
z=oTHH4J4dDmHS=70Cnr@QTaVdR~J6&K^~Haq`kEk$|#4KyP{WBHGaB!&gmV1t59q0
z^YMwOO8*p+7gAcH>+r`wk73si4t=ye+n#+4kl{nAMT?%_7{IL^2E_m5&!-&!{ODE}
z;8ePw{b|esq1|DDGw5Nx{OV)<b7U}(UCXTID7YK|VeMTyKjM}hR^tn9n+;Or3@7H%
z;TQLv`~&ZvwbYUcuEb}UptRU|$yAm6JY{!Ytqs!c$6kU~J4GT&g<Ud7{BM_D5FpwT
zaKH?cL<paS3ic>BlhMY)m@q|mtoF8{d4+_bMsq7Y0x;I{c0t}F4!Jt}MO*rdJu*Fm
z6x<^7Q4Vch@AN4}PJ1Ig(c0IcyxHIcEWxj(KXiz_GSByUE9-yq70F7<aGbW^58Zwo
zQjB{Dt=MzM)S23rvyNz^`{EXiORJ9h+g;G?=+AApEw&2@M%$9#@+*`O;&6l=QT{vg
zbB7(%yVQ_<MJ|d<Il3DXtz~`p@PxmLD^xza?jh+?H}5spyt!`1+qm(;TXnU3lh>%<
zb>W=Sesgo_GgnnQL76K0XL>fL!v2>?ISOzuSHptGX9}{u%{+i}7jfHS>jiGgb1DJP
z<Ut=6_AygYYJCaG{)_nT?bY{Z&D<;HM|o%EG^6$QCnNPs+&ck9e84U;v-&?>WxqB|
zX)7pck4<nXSoK#s2zf5+Shn#flx+{JY?}269#>FH_frt?yT5TclMWGicA?dPjG;pI
zuO8BjBVv*v^&Twwp06oLwL|b)M_b?XG&w<>?P{jCD{oIn{Hn|>1P%LF6?u^cz{+i?
zS1x!`y4UmyZ~%9sl@k~f6?q$TJTX<K96qv5M;lZH?BgVO$b(V6^h@PHz^r5Pb)dj;
zs#52rk#prUv5u{0(Bg<Ie%Of8%w^hELEbc4A&=U4cx-Alhelu^n_+beX8U-CdvnDy
z#TTd*b+MuiwR$<wWlurC3D^-5MnqPVJdd`YevO<+I59PmrhLs@tI6H!i!>WuDnO#k
z;l3gqRU6;9mXk8xw8rBEHx3I-de_#?q$K9-CNMhCVS-A8)}x8Eln)G7AD<OqisnAn
z=KBIDvUm{>CE5Of!y&-%;gDTBY|GQuF4^w|5cl_L+up7WQsg??Z{r)n0EklU#K>-}
zfSzU6jbCt*FOzPbA-Jd_J+`@jEVU6VFs+RTI5r@hnX!L96-h14lNn1>n2fOSipnpx
zhNW`t={#UkG?-N{+upmIQlRW}^m!zPgEg0}{vol%d}_YG-<E_GhgQiXeeEtiW*5eX
zFR7N4G1tkc|GC!<YQUp>aoRtu<$~(m>D=tW=J5P%4-U*LMxs|xE?3+@Z>+o+l7b?l
zPIaf~QztGwGq0hPgwr}4R;GWg@k=v=3Ry+C&m3Awl3ECKMFuc)OaUWyueEPRV&!gB
z*J<YZXlShl@Jy&3$(d0aZnX?<uGTl?WCCF8%oBc1U&Fg$QQM2J+GBvwh{OWIZ$y?5
z9J>XP1BH23zQeV#3?O1nG)#@;yS&39=8&P_)Q1ZKdN}EY4UhYVq6FerU87jXVCxxT
zZJZ4;Y$BdonB+T4%_(YgUEA0=Mauz)tUe^@)*4A?x380nw+;_{?y+3A5q;K$X6?HD
z8m=+p4-Z-Vgwvbq%Jq69=4FpWC3Rrmf~L#qKJ7<;*<x2;pFkAYFar2ZYC74Oif_*y
z?0!Y9e2ow+?a#JlM4eQ<6pM&zbfRe$_aQDARckCtlLol<<?qFjE2O|M^*2r{Xx0Q|
z)x~LNY<s^oD|Ij2jyY25CY4>gm5oF<gReTMfC2%80XsyUKbv&>rlK05ACrYh>h1^4
zG)6Iv!OSW2#B&EoJ3&K`157UyB@<~M_BNA?`*R7;slNn)!c!h?QQZM`Qu&>&2m0E}
z3N8#h$IO#jnmFg4nr*=&8l*BbM3iL_A2(j;OcANJL-rQ3i`h31%lr(Gsj-3cW@Vdp
zd9);j38#>5EhszAXdVYrQ|aWZFo$Af(A&7mh9uQ{6+rePvdG1`sorIPohR&&Wj*rD
z#pw|T5Zhp;C<`ZUc1jnS>?anEL;4~^e{}{$c_KBOv)1@9s9rrMz!aORXK*Q75dRd6
zFNO=q2o^q0VwU(uS>gUs(4N)LAiCk3<4LuF_NU82zLR3){4*dL5v{b)j5ci$KBau<
z1t0O$m*Q1k%a=t^Y9i@|jWnjVj0X2*8JU7FefOoe1svd2)t&`G=l&gqAArKku(i0y
zZG-eenq$q}W0O=;k*Eg}8LBGk(pK$GKdiy93<@}~o~W(n$6*P~`HYJ>U3YbUwx>5R
z_;Qfu$k)J`d`(LGyOf+thOQhic31XZ_Yy^E3<HG25~JceyqYgK#V((W9h|w8NTqJs
zU=?+wEqgWXPJkFD+DTC3(3Cxk@hsWz@wHgb9<E3W*Rkjtw&V4}4k*dO>VNE<{XVTj
zz-kbh=n8R^+aGFln-)a)7}{1=j4Qe681kx&hWQaDn5?d!cH;L>(Pp|g*cp$o7Uy%y
z+dHoJxZ<v0u|LZbya4(h-KkLaqY|{l{D_1D+_{9a-mZy4jkl*@!mY`D1LM#kFg55J
zD5vjC?xhT-LkKCsJ+`xvpm1G1Fvom!A65Qn<>u+0nD@b`e{7)nXSTWlC5`-3%K;4r
zpl$>^8eI{>_LL*YCk)katN@QEc=B^uI;D)fr=N@3Ae!7urP0UJJ=ZB_R<k!hTd)x<
zeTR-WVV=sP5o1H|kxfujy4U-jrPNEOj)=uie9;MYSUY8o@|E=>YGQ3o)}M@?_iV-v
z!6oVKkk?U;;`sKe`$?(l_GyMy*p`Hw$DVbmJ7gdC(Xn5w_Yt>HZe=}RW2*&*+N~CD
zENUd(?O7uN$|DT!w^fMTexm=R#wrJ`#NBbn;FTnty{QVeN3mK@gJ=|qVNc4ye-WK>
zu38LNWurV6&M)f9wAhl@i3=CU6?QV~{J;{D=IKBPKRgvisY}=Em{sZa2KzUK&1au1
zDXj(p8<-4Wy*hfgy`i6GAGpaiV~e1yg1ww{NEA};vCM~hsP&2tSl6wX;XMJm|GAm8
zSd(3AwWd=IK+1l>W8u3M?R@O8*fx}PR3Nn)<PPu^_Iw)TYVsz4cv5MAwkh9IKl`>m
zqS!R4NF7djP`7IHg@I<VUumdzf-8J5<k=&5gXevn9|ST>;n@}T4?Cml0T;<~WyBDz
zrGbXvy=TX7vaUE!)GqlDy_AV7r^O>`L(&)1lKny>tplp}7h6lO268}v^DKMa{<;Q*
z&_2A!D7mnVR_2V@<BvSa_Y3bWk7;lIG1D{dqj*STe=_q4q)cfa)%5~mZ#!QB9Z@XX
zoJo!2xBDUAFHbGhGNE{f<ze@0#HQJ+licc*<SUc+6l?1d*b~ud_Rg)xI!H)eP@Aop
z4q|<Ie?SwjjEWUIJqwkIwBnoM2Fc>_!BpW<GcQsOn4M#o#cVo5m;&^>jr?SwZ3TB|
zV25ur_oAFj-Y_Th_+OrUk>6N|6kFSq&#NG~#sW4ibAtT{&1P8)Y890et{TjOocd2X
zD-uhHQH4X5x|^vqVdB`S!v;7cEhXzhlHQ|E{MffM4`0|F@6~Z`xRrAy(7-pxy+><h
zh8HzX&3X_Uz2}uIH3Ld!QTO~CLT*DA2Z5y04z-$EiI(MMW+~lbGu;2WUzM(c_Nwl>
zcM_<Q+?%l}kQ0d{3kKR<OWGA`%^WtN5Sz_02{inT=8PHkG$VN$6G!aC6b39)KZ{vx
z1<=v`&+QvuO=<Hh4QsaRqa4JL50YVT_ziF(qEt&GqW5hQ#RpX=SOP%ydrbpMd?z~}
zOS~N5_bH9&(txu{y6h_(txG=*@zb2-eLoTRL30Q{Oku+H6fWIoL8%BocXi$DrnYc<
z0Cqgw%%<s#gIz37A1agux?O%9F66>+ftD5!r6f#*!z1^q=@340YGyGTFMu1>TH%G+
zE!mzMPnVQDVOIl3t2)K3P#~waQy0?@gB{}y;W8S9?#GAXdK%MRLs73o3r?M)B?e55
zZnsOk{C;9gQ|Tvl#MDvyg3>=a8Q1S)-|u?!gf=weDf_Jl&JpAq&MD4D9K^0D>7%)V
zM^X^{K@d@&w;*MJX)#HbImQiY1q!t(U)|J)EW)d#jYt5OOIoe;^ea_eDI&N*i|&mL
zA78)^>!ptz7T`?afm(}$g6zXBqfW;;QoQ?x^D(HMwWrdH5wO+{60ecydyFMVLF<Gh
zizb%Rngn1PEuqcf)-=tRoL_m#3cn9=N2#ycIOq|GtB~gVki^8~8IE#X5VFK}@#i~l
zlR_PdirjlWEuAWc)}ZwJM*AcPuB(mLpDsLgF84J>n`EnHNR+tvY}}$_i!c^d&TgKA
zv%B5O;fM4d_vliQXvToFio&?S18T^pwV0)C@?jy(mm~jbCY5)FXltFEM#w`2Vc!Ah
z9$=6RWsrVTZ98!zfOxC%iY7>lGIhpo|IigzDu2d<(6i}B+t4IPUwIGFwgONgLd4BY
z)5-v>C{4l?4kZJiI?sdxaPZ6B$wpT6_b?8K{^FJB>=<^tMekLVwNj^rjp19FUCEiW
zdzr&iTV=E%!O0CL^u)h=dXcvBOXAvCL)OHzA2UA=X?<WH-4R+rk(+PyR$?O5v@S@p
zfX>*#pkEwEDFs8X9NB1!^|>^d55kL%uu?Kw&fA|!Y>)0-Pf;E6uW(wc0I!cc>a8@j
z70|{R_g14a!s}y5>)gv!wlIMfc2bKA55~#3x)wqUCtB62-qja%aX;MuAn-8hQn|eA
zdBtk$;xy3gytFa5Li$XnSck8j0c;|&0sx`ws)L11kaPGBpCc!h4Qr-=Qb#3_6&Zrx
z$`oo^JdV<u{4&s4*SCXN!{bMHd%8_VIUAKcP{q7+-GSFc1bArXmJMe{Q8+5r<9;!^
z8^#hf;$;*k@ohoYwIsQ(=D0Hu&R3j_R!>kDg%^}F!A>t+8S$I?+I>jexSsbez6+<r
z3Ot(9uVMk=hN22*b-4TZ*{NF!;Tol?Vhkyx(I|6-?+Crzy+z&#&;7$&t;E{-vf=5*
z4tr`R(mX#7Ms7pd&b`etW;&^>?k&3&rm}!)$>mMXLkQz)6X-{Bi#y>^K@{zys?)?X
z9>ub<fXkiXLd=Dn{Rs(T!E^IKq{a^D&FaCSg(WoWioAw6CIw_yo3s7erE^{V2y3h2
zbn~~3PftZ6Qn*B6Wy5g*i44na({S@=SVO&t`cYZuUwu1<nf5r^0{Q-F9Uj#?tn+$0
zTBZ0D24kI{6gNoAw#vC|b%+%n1Ncs~&7C^eA?#~-XPHDqA(r)`?U8|J<vn*?0OCua
zBX*Q);<KAlF5#vkh1RS^pnj}}ii@9m;Dt2~YdKf#zox?IaCIIMZC7a@<-*!!%f`Pg
z*iCKQZXS+sJ&L=RbkZ?Pi#rUhLpQs@6Rl-rg;pT67*oTkNd-cdj<WhF+m__BN0!Nt
z`Oey{9OLa8H$=4d!kr=6(5>#KRn2dP*+uuzTN^_IKlnFu&lPOl(&aV8-7LeSdDtP3
zeXwlr`(F2b(NDCTO2*w-rO)Kb#)m<sG7*Q9R8{TtRfDKcxgn}egJ{?HPM(t0d#+Y*
zq_QKuFmQ%U!B0ysrhxVmt(r^O0mcld+I(RbMa5(4pQkV6vb;*o77kK-m3f!P^=wO4
zdohswA?lT~*eIt}O?{O*@<bC56OX_+RTY66RT_)!Q|bF4&|9`D4ZL8%&dEdyOvRj|
z^KyY(aC`JhZx;OtXT-p%Y%!sctq?NyVFSM99CaXd9z@R^QyZDB1i)aCSD>0T*6<CI
zF2%n>E2Vw<wH>_ej%JTaI)FCX-!^1V)O7@2t-LmO)WZviHHAtqR}peKPgd}jEDnA+
zXKE_P+G8uY9MHvhd=3c*;G3#8{V*(RE~Id_Yu4FH#*QW4HH=yHx+~=|Kr1xxn{x-n
z)3;b~dpuuW`zx2U$_}YL65jU}N<~c;LD}u?k|A3>pp>1VQwP9wURDhK6PZsXy`x90
zC6hLK`sz>YY<PlbbaWIY7n1RdDlrGHd^3uH4P({3@|BKdmMhHb1!oz7X$-Sup-2uR
z+j<0!E@Y1;PiH$(5T%bJP}4zW5G`C*<?hcW>wnal)UkN_3~~N_P27f1n5f2{fo-r_
z#>u!qR9IOk^s_Zo{ohXtOrHux_mdC$gao*hWC&!!--<b>Xh;+14(UdfzIcp+zo`)V
zTUkIk#u&?gvhwPFU<IstXv1P4F2*gh{5(iW7N?B$OlpJFHJlxV{o^@ixY+|96f@x_
zr?S`v)Z`-F>e?yUUJ2UHt)Tf(^*|waYxdy`(N~g`0^VYEf)*RRDD$UF=Whxrb&6zZ
zU9D+6xY<~R&y!g*>svzD2f`H-!@~QKC6UAV#sL)^S|019k7cav-3+ybbhJDs>exU{
zheIV0BiP}3Hd4}KZn#k8EUr!9ENfRa#I)GEE3Di#%|r{dXK?AbWVY#j+b}+yBG$NC
zoz@eH0S6=!g^gw4_6#z^;CjEgNT5N4+d0_YSfe!mZF&<z-`VV<vrU)Pcm#7SHmDNe
z#{98ty{jI<B1=WeE<aqFw6=ylEj1{M`z(e;cXczxw|lWBla`DR6XfY-TAVJG_Yzql
zo1ZoaK<-3G;p7_PLw`@xIL-w`I#{N3#j9rlHfTo65sws>^i~6ZC)}=b+%`!Nd7m8Y
z)v#!x71VG|nDRp^>1%LOG(PVB_I-Mbn#h%n%E(SuEF^S~xg}eYR6}r)4L1<rC0q_6
zh6MMeZ3jI2$hWIbY~&AHby;aW_-Uh7+KATFY`K|3TQ-FVFV5|!pFt(@%7^-?Nyh;6
zS18i=!bLz=(t^xyr5-p32*4cY&;46K2y;k$B($F5h%bSb?^7+AW`IktMd$#E_RcE<
zwQe&J$a)e?Q@tyNI?`FETi2w0Oh`lW;<Mvc34H^*$Am2+$-!aT!Dnv0D?_ut^Tnx{
zTeF-QDrz8Zso^!VPH_m&NV1{GUbzMja9YjO4s@+-IlV9V0}JjybmPqxKQdCe*047>
zm8lAvu_-Gq6N76QZMIcsFw33mYKx_t&w?vfqfU2>mGAaeB4j%qp@rapG-?-YBiG|P
z*mq;oaaASNM+fwGzUyf<v?<pus3wZi0lT5Hj(=P<;G3D>sqId7m5*5x(@-xi;bR&5
zvajn*AbV!GWQ746ET2Xc9%@*utA<6TpDODX_^=o-Gj&vWu+|dB=mP9W9d(u*QF}do
z?*MdiF0HKBHtDFikye*v?`2i$#k5{uK=EF9Aj#`hvm%H<=C5WVae~{K5HG#e<xT;+
z@Q_mH#+Z}Irofz{Ol_O4xO8RWrFi(Ru1AUTna{|+8J`njtJ=5RJ{Swhqy4_Jo*{X5
zO5g-SoFD+<O-^=3VZ-hxbs4v2o|QE6$J*BHy;ASh&o+vb<Yb+8M+k6|lUPgol4xzP
zA-vx_X_K{vhu008uq}8V*1sOD`>;3Qq*3Q4Y#?)yjdZddD$aOpJ&@v4=4x(YrfP9N
zjAac>pF9WqknJJT;|^0@t=FJ+|6y1tvXR(WPz3&t557PRjL}0$2A5xi^8>x&V4Ltc
z2cCa)A>y^1i2HPPCDwP}|Cr%qD_J_(&#%v<_mFx;+gXT5Vms2|T}ejiU|hu{39i)D
zz{iTqOjjh<#UzP5GtoIcAGqBRL7IE9NZ`b}>!~v(6270aXW*R!Q=XFBBirKT{0B51
zHRjtOdv{!<jytZGO`$Aw{OGP?mAJyTS*atY?Y4{2Wp27GM$Jdj8-UbKOE=h(ojqF0
z5Do9?Y&#@(Ya_Odo`;-$uFqdgJ%lGohHjjcz(y4J`wkgEjoN)hcv-G-B&O(F+eo;-
zt_h1QE!v|bHcvxO!mBjQ=&!O`6BFONOk0n|Wj09H#bww=SdKDoQ8-BsR)>e&u_^VI
zaVz!QrSWPoW`)QorF8)zI^}@4Q-15jfghXDzgtqr%epvybyR6I%(Pgq`!r_k4(5wH
z^;D_lUtet_gW(}R^r`;|X0iFX6jtFXTPj73$6`kZlZY^JrmU9X#R1wF${wjp_HR#L
zJ;0Mz=3@2DELZ{_B8Z`tiVg;NYuWF6%s|pZ0WX(cYwKc`wwrcXvbn>~J_m(20*uTR
z^IDD-18efbQLJTi48D%9)0Tyw0#ne_i=?_|<kZPaaE6xbdGlC}aLHw2Z{ys3#|8Q%
zQk=5$v)~`zY%u2%U{mxTy5;o3eK;kZOumsEZY*qU#j;w)=$cZU#--CTZuKax3d_lS
zW8F-``Oi2%%{X?aCa*J+5!c4pTFh{IP|R9T%J|E0x)k#!V=!$Z(1n8(d#x|BBgDie
z4MM&3MM>5BX>_das4V>zdY~)gJdWY@P-&KuAGRbRsnfF7w5{{nlqpW{&<6mfN92T8
zQ8HD26yS#nR3bS?{W)H5uuqTW3yNIkduMHU!eor$-CsJ;gG1UgL}8a|ZZc0{LB?y&
zAz3CIN#0w+M)YDT<jY1rjsjk6%(UGcm`7?TZUdNJ55$8rbJG_KIF@OS$6>)#spmb&
zb;K?V-wB$HC$vUoIU9?zHa|@3liU7lEkLT&t3aHkf`KG*{olE`{h3l&UV`RS2Mp6J
zy&2<%51&*leoMwz+UI}*a_jEO^z@}_(B8Ae-lSw9Y6{t2wYvQQ{x>vk*$x~$f?&2E
z6QZ?NNDRa1^Uq_v>V3iyFW(FkuF)R3M7``c__Wm`;?WDWkdaL811pKF(-7xx6&?8y
zte?~@7S!QT83ZkTGoN162;;Zptd87p0@(c7A@s{>t~y@@=HVX5q%=mEEi%gcyg;b6
z!nT>JMOQSi@-6Q#?c29092=P}p5L3b#D26=!SKd%{v59hwmt(IN>~x_JVD)xV*FMR
z*V!`jGLydbL2{BTdvF(a)0hP&#i@3*s4@i)FKl2<kvENKKe?VU!(K`0v~E+aD?7Tt
z2I#nga63hW@g?=5(jwVELk<=fssZZ#A(`wH<5n0AVz2*Dn-C(6wHBcg1<;z(xn-;(
zaqNJ`)O=Ob&U{eqkWGD`dbB+1^55Ah1rIv%Z^5A5M=jmoordquR>vJ5M&#Yma00sF
zbWJll9jlc7&lWB!J9r{8P;#7G#2RWATT$Gp+TleVx{FMW`4)9DuGV|3&RC8Qq?3&c
z<9Qij3R(ZUp`ZYY>3IgzVkxDkjZ?+uh@PYp#F&=)B|DEgz?`3^1G}qEMbJjd97pWQ
zS{U{}6Y6yI@=*|#Zcnd!p9$bOBwiWdw@gen!iDlYbMoP(Z-y~{hl?tYhS}nfwf}q3
z87;#{7q>C5&0M=oT6QfY*r<2clYTWk^CD&<0lH5JaE~u4)wL==WXf(%OaiB!{ccyf
zKFE{lS{br6DElb6*7+mV>NYC)9*dIF!`44s05vtqU?(%u#J-4P^dX-Afj%^Bzzda>
zYq|I4?Pe@>V^I5=?vLcKjDK0b?*u$sIS8v}eQB*-F(*vOPz4DnlEI?X3_W}wM~@d0
zD5R9Fe#WJMt9_@Bgj0FcGdV6#bJxlrJYK1;KiVr~^k&bQ*CP39EtREibj})S#sW25
zDrCd%wlMv0{#m}@c(8d|uI(fg06YSS#@%r~9NHoKdH?o!6OG^YsgF)F02Bq&Vd>L4
zC8A{crywNK;Y(v~;>7+dJf(s+P^$zK`n{{Q!q|C6Y@Csv+ep~5MtB_cY$PFzCT`4v
zaS~}aw=0!MFT*yVPEvZqgkN+{(4U+<6$gl9)~yqudbJ705#7rIMN1Oaru*vH93qGr
za-RIW$&`*AB^jo*$?!{F{JI9W<OSL|we)5;dHjHs_$3`14zt7@U8tZkSa^0ed7|co
zMvX_GD)7Q$rZ{*>sXJ2x=CnbYDYq$&QvV9@Hw{f$YV37@=_JH^WK4tfc;)ftlx5pQ
ztMg8M+`(|&I?2gb)Em80n{2E~_uWyx&l0mjFdjT6&O?S1hT%xG8F=CEHM!!tU{i+n
z*~OAt8aUN7v@4F19H57{`l~K6WES+>PTluf4JtohG#YQ7NZ`S5QSZxMh%w<nuPvtD
z(}+2s;8Uci->cxB%WVh&7^++D!v&Z%`7w~AIXnvmcg92?{2T}OUK%M@tuvp+WdIpm
znmO}=HOVjq_edbg#E3#xV4YtK8*=diYfVPANms!B7=g<4i1L{W*pk>1vmj#25^^#g
zM*+R`vx~-f)1H3tTb_;(Xl+9O+uVoo<Nq?CWz0@4bhMOW2SrEbND@!8#O_IqZT0D@
zoz<;a#|qZO2N9dD30b~fPAJpepZLq&{)ix$9DKpOu3}IS#C@@{6lwWvR5R<_LSU+b
zTcCMK*U&9G1343+Xp7gbe6}=V@_6?IXAZ?PR=NkzQlNZ+^B3yfcfeCC!retti`3ex
zHXI3odt!`hg(!Yc-HlTZHSx0j@g>u5B>{~y<og3;QoF>5hcg{irou?7&TSu}I{7fm
zYUt$hxrk--YbKjU3GN>K6Ees=X<jW;>yUA3Qw8A><lLvESokoK_MZCw6wEXnt0Uei
z_&g5AWvjX5tAao(a>`RB9i_RZrnCE^=Ot{}W;De^>c8^W<O-n3vsJW@0Xje*^-JjA
z3G~Gpn`|JBQk|Ih0KqMf$~}bH16EF<s#0Hc$QqnxFnndE*g)*ug_f>$s3lre=e#|Y
zm_@j(>nV8r9?|Sd{1!f@_sIE7va00cz6&dWU@Kw@iopPkqWHwU&(iBva!9p%QA~22
zO?1@ffM^P}iq$<s0!6BFmhYWI{G5Pm7D^XgBNtSeEDcL!K>jGrG-00xysFM{WEg>j
z^s7+q>}gK|6@W!;oI%g@7-g<hSfFh;8GrEYl{1taz}KhXrVJT>r4?GOC0LvJ)Vk?M
zrcl?@CJSe4Cb=?MI5?b6U*l3_DTFMUo@uhP=mR`x@-o_mqU)Hhl9levcZ=Tls6FPO
zX0e(Fd-CMOvJ7iK{MN}q%?bRo(9duxtGpUK4v%PzpUn5m0SgMs5Tu+$17tA^4;~R*
z;|H>zoc(t3e5#ui(ZK?hL>4x`PtTKxZ|2SM5JmdAJ~?t64K$Lf8m9`@QP|Q9yIYgn
z2O?8-T&OfRc9Zh1K9r(JKa1oOCRKjGx>VoX9y)`q?x3#Tn45y6=nGD`6cl)iO*y&~
z?!IGKoZeR-{d_6sp~7eUrLDYW?ctOSEz#Z=*73bZQc+#zTT(1{leQ)RrV>V#<AS#L
zEi)({no!y!;?<&XOk<XzbR<dP_fYGnz3`Z0RoDiIi=9eC(dMc~hK}3o-x{~-y^1;Q
z&OXIqxry~0DUGNr-r^c}uEr%E)-_tQjh<Prcs8&3wXu`4xCf$E^GL}U*%*KXHK2d#
z-(mm&<ui`)yU#_nTiHm7`uI!His*`b#%n6mp;hr9KM40yq^gJoY6A3cE7O7-+P^q(
zX4aWee8KGu{bp%l6lIq}{T1%~Gm`JUA&2vB$(>`P|BJA)<I0+}jtN6s@mHp|0eAMm
zMys6w^KF@Yv5G?m-n~Sz{HyMn%kfT$9!U7RdY98W0%Jwd6<4M1e*X&5ZI5%No#?<W
z%YebjmZZaM_u;{`XtO8t^UnhxPO9kM7i}C#!R`$$$=qFJy>D1JkJ^7FA$?TInzcdN
z{;g}m84=;1Vis-PSiGK|lG<@va{9Q35t0Am^rO04lz=AXR<~iE*uteN(dK<n=CpI6
zEEl?+`{nGLY6>;Wo^I&!fFkkSu*j_H&_ks6HnufuTHxMP#bSfJWnS^{;V3^+B-!}_
zM##xL2F81S#fDU!(vFxF=|~<HxX=#-I&Oxio>r>SrdK+)Cr!!WF|kql#gSu)P(Epu
z?gW_=`G8=_uwgH0;le2^ku9<s+(VRH?Wf9y+1!fWR_knypP35h`_w93ZOQBT@C&?I
zhpyrbBeX}vR)OGtIRT6B=lPkD-HO$G*wLKt7e#BCB{A*G?fDj<|8%utcP6@jc-67H
zecsoj+?h1Pki->)So~|})IzL`2kU4V;wXz1cY2mF6RkN%rm*>x0~r#s1!1^K-}_rB
zy{b!g_qCa6Cp3JRS|FLc%7IqM3R@ao(D;!{fJm2C5*Z)uZG%V<g-&tQ($3z_lb)2#
zj%&TAEIKo;@nLedHD&aUv)<a@`^>HmqCG3nWUt5}S3gz0xGwsbEp6tfcUtq7>xFQf
zE)Fgj4)=$?!ft1hM4eVB$M;&={2O(@$Ugo;QqW9vxYCy>tjnZt?hZ8VyqiFl7Z!9e
zykBH6<3PURVy2hP#}V+*)J?{vEv&(0NhrrbDEIuQvEC>jLz5W`xfzL7`>czy2;9nm
zzV+ME0I5z*cx5nO9qp-GJI+ty|5<skdrett9(Q{4=(zqUeSxiugU_<*&K=#q(g9-V
zPkmi*_*uW`)w5rRB3zTfsIQ67wr;IA`t)00<|JwW4)YBQ>mAxfjC)I<6<|KyFvrGU
z{tvb?z-In`l_mNAAp!IMkGHN%FbCpG(ra4Gql)0U*3OuAdWY`?ImT{b1JYMd@xe%6
zd@x%p3AR*Vjbw@0qT_B@)6HkuaowW7R<)tx*6aNM$z7iIRJ@-bqxxrgWA?N=1pcdA
zlhK{kLWZQ^b#p6GQBwl(!S8ZiQkT@4U9D{FB>Lo1Meecg#NZ`c2+pJY=z9q_pYg?_
zDWD^1N@WTl630ih84qbN9CGl~fd_52Nz*&CVw=l1EtR7EI;>9LZ%GW2$HTM%&cUp%
zcv$kKg$wTc!}S~*Y0)6zmiurG>R3+gPen!9O+i2heqW&4`j|hZ#IZGba8_8d=+bBQ
zhSggA5a8xDz#dm|Pcp_g*x-g>M|@KPq<3p0Sae1JsN0e^nsO5L@@?<sl~4DTAn7fP
znnCGRLYC{>1PComqA{*QN?hFejvjzST4J~_UYFbkj*R3DNeG%>XZv*Xj2FnH#kSrd
zx{n}0Ni|irAX2R)5~j*Ez3l%Fj8D4c>oW*9qCu+7RF>)SZL~qblK>z&q_yn`XQ}p%
zHs#@Zs@kM~5`Qs55ugTc=rz{A0^pWbgUpmR096#=2M3V<BIBFfE8A$Uz+qf^%jor(
z|F<{|;P6u)7iyn;RigQAJ@5Ljt1U>$2O+X5DQBHW&G({};~B%;b&Olt^gS!d#DVl2
zSFcxBeDIALdHJJjRh0TGPk5E?-r4FFAThIqKGO6mt$<M+1t|fWoAes<NiBbkMr&Ma
zz4<nCfT}^!v|CAXs^IK)w_SQgp?{5EUZ)pJ1O(uyYzis=Hwt^v8vAP*1&nzpf<%mM
zXeP@aH+=f;i8$8CepBOC#u;N;wbCMSicg;uv68U8Saj&ivT>xOtzvF|ozh}kG9aex
z9A;+>6@!*O(7TxH33{MaP<&1NA8jjgM@ljIe+AU0>W!wwij9SA1qxZBNNv$>j9s<F
zjT1>(RB%`b=s+v@D0ZRUX;1*Q$NVd&I*9Y1WK5rXRWJSI!M%Wu;o0MK*k?Y(9c_Rg
zvlrMe4$yeV-!DmIT34by_HZ~Gz+;Ge9&bWSIZEK>KUD!?>Ms#(`1@&Kf^reT_0_!;
z-+hNg6It`mcKXI{o?RU!*cr@%zg^W30{mJ2sU(h>$rJQg57=m^5fX;)`!nbMvlsag
z>5^r5SLyBBfGmrpo@!*|(#Tf;!=_dX-%-c!r2_778o?IfxrF6I0>~qy42Zll08n$^
zY$3BebEM&;$TQhBXR-GCXlkFC)Wm-Pd21vmeK~FH%^2(?x9G_DJhfz;$@(N4Uecb$
z!3w^0#RhgXlNBV!*jS`(Ft{;gRkBNe{sJ(s)Mx=Rf@%h@lvje}46t{@_TRSMfq+VW
z#C}Am<~_iFh5U$j!d9bPN+Eh#28<#>?niQ?^MvXz)$3^e<f-qP8Stq%l|6d(6=j=(
ziAN<;<Zcvpw|)*^Gr<3sts^?F9#I-y9n_O=r`(n;wI98vfS8eH(v*gB02*|P8aMb)
zo^A`4_=e=JYEfi49R;KE>}9rB)YZ{dE}edk#mR|>Uqksrk-DchuPZW?NmB#tEzy51
zj*D>xLR23f(6te$AAV|jb4k^%kGbwtr6SHk;~bG0KQlHx{a-icyR$hhYonX^x^MXp
zX<e{J$!7X$VQllacKp^mTabT|@Kw|G;hAm<B{A1R^!1Oxb{sj-M;r=`LcC!FV-I>g
z?Y>B~1d?MP`;-cV3X2uOIvE6NM?_vWn!3-bEuOM#BezU?g@!lPe+~##Q8y0AoWbKy
zlMi>2&^shkziInbL&8&D=j~pJTFXl<fG%;XPjv+%4m8I`C&$Fa0ac1M$Pte+Hb?GS
zVli3l`I`k`#DC<F>ge)BAPQ%LTLRdzqI$66q&@Ug7SCAQ#I}WQ*2s66GMh<_mC$-U
z-L13Q;|s@&zt9tGdDVJlO@^J+TCHrV@u*ssB3q_Zm08oh=R-Qsf?xBd+rK5WLUJ6P
z@c?kxTj?F9L&XpP0ZTX)FD-^Ff;m7?`&ybN^*0W2RERQbLO$|7j|iZ>AGT=J<*kNh
zd~se%cqZ*-MQ6JcO$KnEKJYcYDAYB2-T|D24)<{=e%5iYD?4ZUDq9mhhC=FqmoFN2
zi}3q&kVDKfRi>3Ou1Vi*lpMPAF8|8k+9dN*fs{=-x3cL3T>HmQQJlQX`=sdcR`lCk
zzL^>v131C2F@M<@(n!3C1MDEc=Qrug7k2>rZe##Wa5WY~2AMsJ4bpvupX*W7<Y(FS
zfaIZOO_(9Q`m*h4)ZfqVIFF-Ud%$|IgRhL(-*44sfb(DcJ_b%*7ErNSq$`nYFg1N~
z2{@pzZm`zsAnBQdDB}F!#lxmFKpnhcF_{`bR6mDu-Zl^uc|%zTA*!;%Y^s07op|ql
zPPM?iXG%Rm)Xwqi6->$>=n0<)k+xoJpni`$WogKKnpN)=BXqFZf^gHDe2GAM>95Jt
zh_3*ST$lIpqneRTi!0eIAW4A6x4eD3{4(R@vCaPORDj)*74$Fb3L&4lu5ksd^XS|D
zI>~r_0kYrgUP-cLKC}_hNg30GO0MR#d7T{%F&x4IA*-6JIX)`_!HvCBMlSk?y9+e?
zIYKxULdS&yl31px=Sf_Szf@t2S6Z%fD^1LBg|h1X=vP(`LlvD~mfL%%v&eoqUeFBn
z^Yi<~6^Sm^CZELspMtDnbi71`?qi6h%UkUL0^$e~0=|{igD&;FG>Z9?K9Pcgd%Y)?
zdIe@ZZyFY5l$O}`M^34E)ej{)ITX^Tor}wDx1zf~<nvrk1i&ow1sc%#+-Czt)gH3B
zKNfz4MDz1<Xob+{=DFrdVpX?=*L%K37g`Rj^1r_RyF5NxwbuntLfhDeP{g4tSib|{
zR5+1_E5-l8+;@gGnRV^*jx+MA6crKa3JB5#=~V|1q)L|-q)G3P&;lw-FVZ_Gz4y>U
zQ=0TnfItusB7}ra=$r=$^S$49&iQ+;^JgyRGI_H1e)e8#-S@ipS`L;SADyE9esI()
zAb2YnkXpJj<U$jimNI-zg#q~}NT{rv4!A^($u+8A;5j<Tsgu?xjV7}`(5`>p;Uy&8
zn^3pE(Q=Glh*^xh?Z^s$Hd4<|?Omb8sFvO{(&E8jfd19Wl^ugm07|;n4?0xW2=Y;N
z+uQ_Vq?EFUH>l$R*hdC}f7e7Ad8!Nhc$$Atp8X+KWD*@tEjszO&D4=+R1w*8<B>64
ze|NGQ1gM=dy{~M$$f?4OQ~TNE{P`@@ea#$5vZr(_=UV$~yT_G@ZkIzlZId|-szNY3
zCIx-VKJ<FUU6$oJFni3rD5eEuG>&W#!*KRzSkNwe>rU4~lq|l&1Wt!S+}w&p%@7bL
z(gN#Q4Ozd+Dg!0r=gtPpIP)8}MwSBJi(~IaG|X@z@LRu^RTd=>mePVPV&i=-)fi7+
zyY%ioy6OFM;0E%N$c=wt0FlbV--p@(qj?Ve+D<!qezPUy-03-~U61$PoW4_k-=lVZ
zaTRtC#q_xTymU*3uO&~Vkf5J-kvgL}0zc1j@c8WK_l=K13U`sYz%DG7lxs`@>QP_?
z86K4!IlYe1w|pk6)BV}mz$Fye>);9rB^my>0d_x>mB|vN=K=I>8`KwcMRB-?yG4@=
z5zX?qLoDh0TCRwi?&OCU;M$U{w?WuTm{9YCmi12OyHnnV&GUtvx^vjdHIb^yi*1<@
z<*+Tb<JN9$AuqBJLSrVq+<mSZ=$3bSc?=)=Wf!H;F2i-E@$O2lU$yBCqY6{(n+n(<
zP;N=rr>;s-Bg}tvf&Bx~xMTYgcN}UsV}16*pj&ygJ;niHNMsM7X98}wW_~P4%6-F=
z3A1OdsAAe`K<<cjxV!LwH}JZmA8h*9ApHC$VX=XVdy&CX_O+xa;}2Hp2Q^!!pLRa4
zKKd%73skM(e3B*zTu6BolFQGdZQTA)_m2m?+*YTB`dO#uy;~1?!acIXn-`Q~R7w5~
zRGBgVGQ{mVCbY<O3NE6*7ip8_&WIZRruc&G=vd)Ov}eIF56bbOp2hh!{LQmB>ydi2
zfzxjXj~W<pE-43pUf=u|!l8z;z0R5UWf31c*tudY`JEhx1?V2hy1@s?4dy@99==@f
z6uF=Hh653>coXV>@NWZ!N*064wDuRNNoQqA3a)N$D+=*xoLvc()GkYZZuyT6kF1qj
zcAtV?rrAP38{WDKi~EfD_nUT-nY!2o6|?<s<#MVZUA9d7U+XiNGYiR<l}u=ti6>Or
zl1`m_O|y34L{~AY3wlt|a{t@*k=Iv`X6(b?o3!;yLZ0(zo(g_KAwy{IhpKG)Hw#Pf
z+%3=RXqSxsG|CqlLjA5Bk*9Z!22*vg(Pj-gw6(`0xXtN0Qxu#Zi%?{~EBIi0>%%VB
zJ7?iF?dG{;kE~243z~pnbHVqsT;sN6Yl_-k?Y1F{PDTEyVa~#_9X_D$sbsuE&2p+@
zMVwhlXG{P&oEjwm<iQkG5abCpd1U_lO<CDBXS%Y0P~Xvwlq=pwCphRs6|T7Ggn9Gi
zE_ZP0aw?xR<x``>x>x8I$!Kgt;>QFj9<U$Kh>@PVf3+z<hr1et&V9H)-NQmco@-JY
z=GU7ju<JA;D(~j>p&#xsdJmUVMjnCrD{t4WniMgwRC-3S_;Pn5bnhf!sgDQ*k@aRC
z_2rcE$q7>M<@HT$#6{|%n<w;ZB_R@cOoH)_(C;|tyk{;xhc-L%#!6rGLB9CV*3SLf
zf!Egka^^os;!$RKBl(l<JMPH!x!}C#>hVjvRdRyS>2NP(YQfb23XFl;?zn(K%@r)|
zQq1aT*T=Q=nDkom8k_7bIxFhv`I&(@8p^apCeuSs#40BYQ)i7oGN4~mC$XH-&I&h>
z`iQEd?QxqX-RZrWMWZ(8Zm%c6m=z>D&OFvUJS5{ROG*rS&H(%f`$O>O6S#?^n1=eG
zQAb3X|KaBZ^mx2Qj`*Bi@J5)K9rbpxo;Q*Bl3e0Rp69yMPL;hEd}YbSNo+b<n|h$w
zj54quDPy)V9tZvmebF{;MMr%Wz-PTWpY0l9rG{kp?!AY@dpa4Krn>46hSkiAN#GBK
zdz7H8mL$7Kp6MIpN)Pw<amDAWs!}@vH2f84*62~lTNnUsr#qo+RkFP}dhLxNNlOOC
zxc^#Lpj?u4m%;Jz!8TBJ3Et6Om5%E|c8@~W6s-Ck&E{eSs+VicsKc37>WlVq!>f*6
z)54>f&zh}4$7Sf!H~cGV2#bYm4$_iSx3oM}jM2|oF5<F+4@e$wvVjiQF5cNi_y={j
z!{hm`NgmSe8`(8`i-X?;y^pMXT0L;<nFsC7C4;>OA(DPSc~EWW571!D1_t~4VzZNq
zSlR#>E}6G<UPtEa^aP8n1#ZIAIUX!b)#Wm#Fx^gJVp2_2Y2mMAbmOD#4R&`wanLkM
zDy6i|v!DvlJZSNv@)V{zr4-eB-Za0;OhKyRt=ty)ouS2P**?Z*S$y+3@Sdon`=k%=
z8L$55sF<LJ#olcxp?jX9#uezunGWy$)N)>Ddfz6a-xs-0y?E2ZL-C(fv>Z}Xj%f~j
z-rVv`xK8QV83t=n)k}I`6*9OTjCgR-dE;q^ci(^1JEhuYu%0<{4sQKz6@dS&FS%RK
z2vj$+oIS&KpUTMIR?{=lpXJ)@Ipg;3p<RNqg6h?qAcNbh-qRR*!k12;J7$F25;s)4
zc*D;gLnTprknV}Ks3mXhE5P<9Sue~n=s%jz%y2Xlah}Mdw<-Y|!mqs`2IKdpZJG(l
zqP3$*Bs|4KvEbB=K0H<fWu{c*!+?EsTTktX<E(zaBDGvR1Kj0J{)0c&L(s4fQUxCE
z!fv3ryk`4bRpR-7JiDl|Nknw&dj?&(np+0T@URgbYG${#QjzB<6e_>cy*w-i*ABLn
zob4L;Ix}TXy(@-4c<+py<&w0$Q&MG7R24!m6Mc~BY7Exy1D=^O8&8<u29>unP-J3c
z<3Y50Hp>v63H-TN@tU<&{~(ri^Lf<H40>o)ZF{U_^4-L^XpQy$%@RaZvLbNkY7JIq
zEHD{Du;}Z6CD0(fyl{MayG&s*HxgMoiy>S1I+7gv9cvP5^G1lOz}ljlOeZZc+#WCF
zqNzNiB4f)W3=5AwaGQ12t=L}EQ)ANm7+@sLv07gg@S^#j@p(Ga2$Qmf4tUh*g(Uj=
zQ0SkuWnSNnzHV)`n>Tw>Q2AnC0G`mDZD=+_YH`Y?k!ul?GYPh!9Ysu+?TPcg`I+22
z!7KUCMeysO<De=_>Vedhp6lX6IdMp&ZAL(hweXPt60ZIY^{8m#bK4nkmIW+s<;dS<
zWmuC^XTNSXW#f{U^!q}U=S(|NCeH%$<1;+SO+0;Fu*Y8?2qj<p^*~upc4VlsG6Re|
zR&0LNr3y=wSty8U`n{6@wp4d#K>+v8N-K%kfIawpKP)|^>abNYCXZkBs2Sh!$5pRC
zWEw=epORGVR+o)E60=H?vPaR06PCiTsTTO@5RN<4hE2NUh#i<zRIebE{<}hfx;c5J
zy*Ew~^I3yQcylYPq7MJ2ehPKDhCkLfGJrY)bdH-q)kUDxg`e_eF@lX8cd;}q*ju$1
zIQJ)~Cr8LyN1&*q2x<#kb;-FBtq1)>#Tp8ZT;BV48V99!s>mqmnRx9D5=Qt|*u#?s
z;bbZq6TB6@M<`fKL`1bUr)zH^QXzF%MPZ9B`9fd;iSqxs@ve)5j?`IOVM92xzvQ@p
zn7rLxdq19Bf_9=Pd`5UmfNPR<32fpWeR!iRiKSf`Rb)Ys0^lx@W?fcR1cXj>)ALNA
zbbdd=oWfpSy?KD{r{~O$b43mD8>J_NF}A{i;9y9@CR(N1sJ_X^KD|qYk!k^zQqoWO
z0MU9{ClpocjqBrMN%1l$7Fsvb>qFn5Mp4TXsu2+pp+v)N&tnD7oY-VL_>ut7vFMTd
z7`=Gs@a32{29MUo@s1)DU~p};uJ)xCK*_iFaN?iOlzAsi)vYX=&SGX7<q?G6--xW=
zv72ev%u;A4a|0223K0=)+)Yqj1orZn?B!yIdZOi1FV_;aY;(SX?3~Kd;$eLj?_bC$
zvF9{;APg4RdFy50t}k%QpKRu>W4#*-l?XTHtssKdGmr!i4m@Adm_VvB{N2R#nKAFU
zh3CKH%qFEv+mX`Wj2ieiOZn`R0(5R|$Y*5Xo!mZAs2MG?UyPwO4xS7wce|Kxx7jeq
zRLkgXwQ!apecKY<v_L!f9s`I@*&hgH5cSq8Sh=sE3h_iU^zSG9Eus=<rFmRmD^(Zo
zq)G8i?CpnTdG@k<>;~n`n*)bxnJqO-DRt>@>bw;oUV7nLD5Uos>{MWMVNQR{IiHU^
zPRia3*ObJ4PjxLNgLW|VA?i`(6{Al3!wNG2Mg)jK81O9EuP_ED{tR%{o$Ul^dGUZJ
zI8`)hJ$lDF#&Yjs;oc_fzZGy0Qs3M-+KSuNNn9SKw%t|i{n*&I=CIwad9tFPIgAru
zwKyX+))#hwW18BhLFD0I6;3G+hQxn)){1kI&^F5f=J-yx*R*br(w=2(I)#s9x;b?m
z`@mw?LvPQScrJ%g=kWzQy1~_+I`AECWZ`sATU0TNkn}NKcQAu~DRMPxS(-6*C`HwA
zTXuzDM-6+3`#Zy*_deTmKWL43ZlU_b*w}Y)#;J49Ycny2GSr61S|mZw-gOkgS<43g
zWS`=(`lYI;B~sdOhrBt!@envBg?b%L3^e}T#d*kg6Z&O_Nva`iaoFZl=@>aTkH*}x
zD+XSG$!OEdL0_G_J-E4e`xf8&EGWH8lAj8{Q3s}xQIrszt~;2XtRN#UpRBRVy+R#V
zL66(?gyT>&_FY@e=wGSBR&WQv&I<rbgWY}xM`I7Q?p^GSr~c%Mi__1d`iryg*<v7l
z&(gcNpL_~f6p!xjq8D6RjJA;4)@IK+9EAxee-wb0?Dovk{gg;~U(CMzl?KuVs(`N|
z&bs!3{iRDK_v1ZQX(D^;Xy5qz6lZ?>>P%10uJ>FL0<J8@fU2ffq$U?Zaqk8t<omOR
z!L#WjkLiU;OQK%hBUD@{bN&c(-j;AUtoy_Tiw}s`h_REx^<V`Z#*qDIWAd!!G^##6
zpe3{j^)U}@cHu|emIMxiSx6U7x7-`oC$F)dSdB~1N+=lMAD~vH`=0-0fzZ3ssYjkt
zdos?3lx<WqNp2ez*WuIrX+G@%(^jJq6@|oTms}fur2m}}dr`6n@wHZgY8wn{?{mR4
zZe(NrC)M8IdI`Hnl$}EEiT*62QQxlDnHre*&SQ4|d8&UG)bL+JjzlfDf^-XSvus;C
z(-_>T(ka`bgBjL(_Vw##1!b$H<c<rcEw?-)ScER9mik|Mca4YFuaYjAV#45GWYr<5
zga7JxNmOLdVMRKW*^O~Ba9A83=x)Yo*ocb!nsa)S7Pz3U4KJ(F_4bHb#j*1H$f<u!
z_%nm?S+T!^`md)2OZUNH@r%<~lP0OCza`N`kO$hjJdX5P7DOs7G{1ty{#b71$z24^
zir%(vbRf0VF^u5W&HBE*7Z>xHaKu>84gkNic^7a&$AF8W1xE$w_=!s;!A~kH(eF<F
zl2emjlFj)d7&YY`iLxCSE(**#`E*;2o7iuilVIMMn9@`&;j`(ZTR_!epyJ`_9u^6d
zSBR)>{5D;OC_6kkYp0cKLiBq!@dM`cq(<>-nTbf%e5T)lSX~A<;&xffy&8$@19X$O
zmI!Wb!}RQAji{NaEy<lL=Q$J8h-=HKGQsNZu+at2w;xJ+on*V3A2vX1N>(rs5uJ-w
zKE_Jj4?mK!ZWshS8dyp^sFx2~axzG^FoN=mIPJvTz4(|hg&bvhOu*f_eZpQT9WahL
z_m^q;<<rwFn`5^?E|tL=I*E!4f^5$y%4V=8B>e_h3#}B2;_-+a5ZT^+bKY+Kb-_Zu
zRA-2owRpg4^T0iO!keaY>3{)V>^DT9rP>x8b$5@63hDWndEbUcpCYLv!bIc=BKbo>
zQd!zur=BA$`49Lq>~#+-oRk7s*Kv<_M&7uDF&*ra)K_fjTiGKvlGq~a(<*waxjQcy
zsb-xUZ<sh%1evCur0Ul6|73nmJdKC#Q4D%D@CJNA)KhsDc4#7nbf0Us13)(_w#^m^
zt}YGRn|sMXIQ(@WL`vtmUmfU+?=bZKgKx7~!o(T~(6$oAA|3=hq1E4R-&FBLDWXfQ
zygv05zu~XadLwCR$nrRAEs%+1lssN1v8SeG&Llh2C<1);;MEbadV5ypvGh6v6~@X)
zDOt)9G3*xWZbz&aQlFf}^BikE+SK3Riz-E^`x?U2)3QV-0W`%F{X4X)%4<9ls6GUL
zChk2E5V}~xw|FO*^^Cbx+<cFf-kn>w+JXU|Uqzbdc37N5Dd1B=gIId|H+&IBf^qf2
zw8Cl@A+b+1@s^A6)QhtYwrV7tdDz@9Id|K%*Y52WJ88WM_r}>6W+-rV`|ugA`0zW_
zRP9*1>M-qk!Xt7yZi~Ni7t%x3q+<k+C+$+BQ#x)QF$LG&D>c<@4<k;eM1|FMY^`>0
z-HwqZ6av|3E)@(<;mQIDh8h^(iONmB?hWpqvSARO+c9~PN~r{ZGHa`X6@6Jd1Z9-G
zno1~jk#kg3cuz7Zah3CW=!<HV`VsoJ;9VmtcE`rmJFc$1mBi72i*U94UenMIKE1#D
z{yNjjBG_a7`?iL;AHOqn0Ozt;x-*+4IJeZ8a(!+hMDgbpBt2DDoMmp+j{91WLe%}T
zzRNgk!=Y3F7#_2Cad>=3*nInR0hjRDokuAH0TV2Zz355SZEHvwT;DPxNF;(cob<Mu
zq+9ap&3nxg{&uE7yx`yTM;$Bz03FZL|F(@?`ob*Of4fZVZdA5DcP)Bg0eJv21{?*`
z78jF}Bg;FUA^|P=2T6_r_~(apH&^s+v~n9UIrnWU=^V<bJVA+*7u+PEF~D(*)&US@
z%B;o0xy9agtER`P(<ttt3x#8~v+lTjGJVDv=g86ADdfQK^lV%RHeIim(v+INQX5P6
zU6E@h^m_?~t-KBSgY8P00xIpBqX?Hzlml$@(?IvoX9eo^j2zMFN78|zDtE01jSeE#
z*U7+C7zeVgba&D9Is!sB6~1d6RC(&zP7pc(E5#R{avtPN+UZGHai-~2Xt8?_rRrjf
z3WDf=_4uu+tlBHxI5R%W(<+*|Yk!1vHgKNKBv}Wws-=L?p!5XWddgc-DG^~I#ZH4p
zf{bsHC<pFVJ^e$y_nmd3FwRtWpf*f;v!-q8WX+ks#XY2<fr1*|l=EFe8QLY1IMnF(
zwxhw}rklJHACz9fg2yF?fe>N5g=|YpiNBQr45mFfa7-J_rHsmI2Rkz9f2FnUENs`<
zkJv91{O#8e@x1Vx5;*FEnko8h<zaB%Vd(toq{NR#q`Fq{nI~tPI5Tv5N9?w~&b@)E
zmGUM~86svy!Wz@(WI7kSV-3)qhr2X4HkDa*UX^*<9yT*a#&m2*@!A)~`%l*2iZVc-
zmU|XWH!B-Q)<Vk!6)!Cu1ZoY0?hkNHQ<bk`;^hBro*jW^0RndbHQiU*AdBDKDGpK?
zG_o$yb>Qv&lX%ZTZmQFXZf+1Em!-~9nXdCB+1e^RbJwjhv}0#G)+OnxN`}y^0dtZX
zd=a@+Ee>|r{^=@#>v39hVECqGE{UZQU22l?M3us8Nk@%I*&GU8#q~%mBOV0jvGNyv
zh<fO2oDg1;_le+;8f%L<3qSSc@f%Wehr;4f3YA;`)@MuaS-qWagVhoLx4A$_C7u0L
z;EF9)X@Onvb_G6T8Mghaz?#LBcxnJ_VS;ITn68nP4i8B~ADGsSR73$`N%*!e_Vu`)
zf+d}l-As}r&GelY8D5_3LFw=<`mQ@K8k?r;V6(_)N^w6jRn(InY=YzNDjPG>nKdo9
zIS`l33S(CrCkV@j`g!hcMNta?=L7)0vqUS|+hrQwyRR?LN~wO{=#)b(y80NXR0Lqc
z7U<F5VprrMcbUBq4%IlEYn@Ga)CO;T^YkU^dwcyq0ARB(fXulqKCX!GmBwyGQ&l@!
z&D=F#5bQ$LoC@+x5u&fRk&rZNz_Zp@ZReHE1}6NJ7RV7Bb>hcf)wezC)%wL9h@<bq
zS={DjoE4~!r3#o>Dc%z0maeQ7-uZO);J)tJ;54hXmC>N+1&nUhuKy<Buuu^7CxA0{
z3%5T#tkHi{9})zh5O5e`t(&ZRPh}J#R!&PR;fQD&=(lY^Z3o;pzQ3s@>ZVT~ugiBs
z7(f#@#RGzzk&><{uKK>_j%8~PNV&)7BHXPTvAQlWm<kCS*_zc02Eq)8OL>7K48RSj
z)X})pLfMmBdoky5!@sB9WYq7hZ_|2ZG&lPCy1T>R3@$Z3+<s(8OnJYh;d}-jCml{X
z(5l3JtS3O(a6+DNTq(A98C|hYFTKBg0mR;Nx<aiD7i-|@1Gb)Z7obCZFK5T@jl+V)
zoH{Rhg*CnM+mQJF-eKv$Tgm|5e2SFcfTJNrO0PiorD}dLaaBuKrjb3rb54f3*4%vX
zZU;khgn-_2i^HSVEM4;aJ&QBb+0zOEfr5P98&*Y1>Sh2;5_66+k{W3P^}2eA`?Zu=
zZHF*KTbM`EGn1D11nfM`1fidkST?4(A*ZoNIzAT&yOrvEtb8W`BpDz3vVw_2Qiu=1
zd;T1@5*<4H{PL?;13-c8_Qb8QDCdAOO;|$}2HqTsmFJ*Kf!Ffl98VM-!#CfBaU}IO
zz21^5aepnJ)%2&8V7d)=ATx$h?7%^{O|In^ZbKpR5iLG5@G)hSKx%I>`}eI^;E(Uz
zU7cUI1-l!WMQ?k;9d2Oy7@Bj<si&@Jj&yzeIklUj3K$r3>1u}>l$77gw-@_&U##?T
zIH&2MJ|+%MEvR;d@>Yd^r|FFjAFV})M2j99S1nS@8N)01YJfDGnd0fTLcyCV!&X3#
zmrR?co=KRJt&L);u6<QxAI~Vw*&jLi8pYr`IqBphU)fy_OKOSx5soaC&8qFc)}Nc{
z`_e@y12&UUnl<cM<*&B4n=5r)4_6aC<j`+N3m}K@*GI`YaxcoezU5s2ycJWl+PGcf
zfR`Z8_D0o{y{eQeK5os0qUDItt|zV$0G=1@US2GniI*r}vD8dt>!0d#4dICO?4Ec8
z(uto><N`Ihc!M`4>YF@`9e-sNyQVzc8g;6lI<fxBAfVH-KU6Gyu?o!*7^Ov=^p{op
zDGk@x331@jjrqUiD9Mi4L#bG{3rN=WEA8P2wbmj@r5I{>jmLmKZ!m-<&;EBp#O9CM
zH*y)Z7*iML!#b;U+T;KeCZ+%&W(BoDP6oMxowDDz8XIYSJ?HMz?+tLJ=txB!O*uW$
zP?U7j!46`N@}&us!w=4bbxUHWR;M@gN(JgQ=ET!{ES$uT=?n7Fr3>%`H_P97frmge
zZe(z`>_+d7`;UU=<cUQa)85LUIkLT?o@C$GMNuJpi`K@*oxDI2VDBa=+eGc|J*dpj
z`V}kOY@qK1&`q-6Q>U#yO*bM-aC853<UCGR+4YpptKIf`oGP*rTREd$oaSS6FbXHW
z=-&0V<vU<54_q5N0E+$`U+@h#!q?uJRG0;^r0bJ~Na$He@)QdVWsJ44b;fwWR@)@;
z-z{{&K2tJ;b3wf7CWgfBrN#q1+TqC&zSeQ>ydZny(k`WTUAawoz&Sus<o;ll9h<;{
zIyGx{da>LZq2Ifh4tUS%vFMXj6lkKYv<FvEc?)n{A({2qB|;~i4c<fIH;cJn#xve5
z8Aqyqy!79-UXfFE2whtI0ttF8<kDO_xt|_pUe?^)fJOZyu`GK2Px;7F8tZ=wOxk2$
z5`8}k|KERj1`-_*PnnxR-+}17N1)4@jKu-Ayhn*l2g?S$JPr9fl56hq0Xpt{o2y9k
z5<JcLy@5LMGy&EJ6l&V|xPXbT&Z#-^OLoCI>=e`GxF1e<nlT*#OI^-DXFJ2fezhel
zUZDW=pM+&IEIIQ96JdXEifLh5D!KL@|D3Jc*trinehsLSbs#JYntX=x!pmSHmTMQ+
z&;S#czfVqyJ>0y2K#}w^ETknsX!f&ULd_o8^s47Ez@FcZQXj6jm&drMd*L|1VH7g1
z_csqmcX@u;8ROMD^0oZ)|D15u-NZJA>B)^$*#~FBf)uiIM?~DZeHuVi(0D*kTuh<n
znR${@b06PjX%yN=R?SOAD^p;6XZ)+@>^%a9oU!CJ3NVI$&m>J%Ci0!Uw*I(M{9rcG
z!^U&cdZA$HwKU&Bqmle*RFEu3<&_d>w<g@V#N@Dg1x3?w7xQS4r%)lJeZJ!OHI2UO
ztru<G)wI8+G*M6*eW>`5zlDq;uq?^n?P?5uId<ty9`H%I;Z*qgUWx1VdcB0XH&6IN
z4SkGn4^l`+vT~1niJHDTP30*19Uli|Bl36c4yW%#O^DXWcUnT4c?1KjmooFy`vt05
z?KcTQlkSSmXkE7tM_b%*WgXyw*sUK8D`3?Y?syLkIhMIr)v`jTQ{xl>@-?d<q#ei=
zsPN5KC0}Bu99A=9mQ4V0*@Yx-wpM*h*{pd5lGFp4rYC(DO!ZhR=+0$plXqmQ(zeW$
z7;aATu&JKv^)Jl}taA2t*mD$|R*)OP>`q|puG?0pgwWaMB?hH>pjz?UDvV-9bwT)z
za$9s3y4195XOaI&s!Fk{gkbd3qc>6iidTv-Imyf)=#=EIxv-|K<Mk5)4wYeE<6I6<
zb#q~*>T~lI<4&=<(qp7ib^br+37jbOk}sTp6LFs2Xq>6zgyOCGJDe6?WqVE(tR!rk
zhCYHXGL<A-@>flLsbFT3W7_fLOoM01xRht40Pi7<k(P<ywWL`?Lz%TyED@!j6qzh{
z?)l^T0d}MV<%YvscCexzg@hcJDoDiwnanD$N#Z5m+k;-yCy7|aqvsW8?V2`P;_s-a
zW!i#antSEawS+>(fLHtnz{%a}9(B`uzu^f-ad8RiBg6}S@`kp*)<c04`UU9bZbez%
z((_`zR?TxmRIAdj+viE6FyL<$YHNzP5Xe{8@ApdM*b=w7@|YcC0i46{gR-cC31zdJ
zd3p(z(pzEkzT`B1fhR5B0{$5DN&p$D9mT`->r;yHE?&52*pPF6zAKJsB(LAWnAG#l
z=pf!f(#VM<QjJ_HYWI>n>Cw)09^H6Q+2z~2V6vU3Qii0YF6}%|p8AO6+gto>9=+3N
zcjRPZ>i9c-yNbAIz+WS4TIdq5?G=}t$I#Ne8OV%M$N^HIdd!VCii@d|r)6r+Rrg8K
zPM&QA?G0jCy)#QmUrtgq(n0N~HT>?>;CNyF$Y8-#9sbL>E(bYSKN!Gy)n-4t;&!70
z@~-q&)&=J=h{5S0j^U=pM~iS;8hTnPx;EshGr|?wZ*f^Ty~sV>dZuY5mAFbAFCooi
zE`sCAw3hZ(O;XUA5=?Q?Kgfjw+~k0r-_hD8=w1F&t3V$uq{91DH|a#F5$gn&_D=0{
zOk>&>kE%c#g!HwILBggJ_Bl@&Bs@xJ|C}AxP&Ovk=yuaVU(4W=oi`UxbQhwi--fvw
zd%l_CSyoisaT3DuJWR766A*>ve|S0I#lryB$<_*8y%RNFz@p5i>8zW3FSq#`_fj~F
z7YUnrlcIICpkV0hUtNzy6F(ZJgd??t2za(m<7~0&ipcq!-fIOAZMhLogBkjHHoEi=
zIJ(sBHS!&(Uh>wh7xC&+XdzOzxa&nsgHsYZd?z;PLrx1x%Ejd%JkTajo`EfN9tw)r
z<|eLiWoD`!I5FAQfkBg+861y5Ba{4_THa+Vi$bA475V^G!8aS2*!~OKrd}F(X7?W(
z56mng-*Gpk)6(t4Jao1^$OH%o;fK&^Iw@To=>UCOI$V4#4p{{mUTtkQB=qKKC9Z20
z02tt#c$A%9@ry?F>WEAnPq!@)2M4X_rkBFP*50v4dlX7zug3Y<dxM9a7IJAyVmh3b
z??rpqFjXnC@+oE3n478P=Y1-Idr$8KK<r&zNxSB5l=Hpm<{wbpJ=$h!><ZRU#O4HX
ziVnnd5439nlzhk{(xNE=2<kgFKC{RI;nSlSr)T|UiAL9XCohZ%QJuc7uGWJjHH$ia
z{kyi@O@RZ7w#=JaplSCOkEiQ=IENW;=}oPJwaUuRHiP!Kx)C5)+FCLi|6>$EEc&!9
z_@phogKYZ7VY<~xW8C~n66IZeGo36e{I4p04Xi>sYF1K|i>AQ8zLrT64+^>6YD$dP
ziwl^Q=^-(mTVwDSdQ}+prx?#RI<5f*zDYZ>GghJh#b4h#P$}%e#RxYN_JOd-FQRrI
zAaa57w$iLLQHL=VdsGCw{-f~!mPMR?vxw_=w@*I23`owRF-8Am{qpbs^QSIW44`hT
z*mGhNe2yJT9ydMZ<-I0FT9Vso|CI&g8fK3%UW|s)zxKHp(c6UjP5}oR)!f;qw%C>$
z9*2k9zw=lx=4*-1=6fC-zU4FZ*=ukZBxXxzG9dI*h{7l@0=yxB2{E;5ZQZ7ITPjiQ
znt)-O(8p+_A1Hl;_2KRSM4<cHy|THgM#=rqtFHPB1uj9=3|w>Kj^FpSl1^>v5(OYh
zT+HGgXUrD?MJtsPaJYpPmq&4ve6lP66*6<=Gm$snZfyC-FJfS$nG?qaSLCXp$``J5
zb~$y<t~Ab<U0)ep=09+_n2ZlpH=$ESLNMf<g_wI?=9ANuDx1=uuOi{T58GBe?5)F=
z;x)_x;$;*jn`PJLCA}mu+pei|Z`r$a&4en9GJte0&`)NAxP#FqCV=xKEc1{|t(bRj
z$W6AJpJQ}}n4!t*DZH>|+#So7Speo<93A?ZJBpN07bCnsc|#)_#E$!GC4f%BrU2U=
zV9O44r>{_J_dJlzT6&7{=beytM9dmw{o*RmQWqS3bLh3S*G|?$YH+BhR(quc2CC=p
zZ{7oO4?m8PV<867`!wgn00dpFyY;2Pn0^vn?Dy*@+=!IwBop4oES70E6AF+nvLjAB
zRk`;Ku9kmok&=RcYi-b=n*`=sJ4h_<fhtuaWxH6PQ%YccN&t&8n1&tkUv5H%#>;v2
zktK()tU;+}cVH8o5Y67D2|+w_hlKK?!z8CayOKZ{HXs~C>r?;A5nOJ}N4&SPJM}>~
zCw5g0q0zT1A(ClEMoSy9t{{|DEmQ@wAX1wsJt6Mus>3P@OlM@z{Eq}uJw|m=NJN{r
z+S(y&zCC<YM0!S^QXGq2u3I%5HSd4d1d>QUfSv;MMY8#}iY{(N0&RP|yJ&VerG<L|
zdoAmJ>M`K7@bvlmNu4O+ol_#xIt7XM8n#aM&PnLm73z?VnNA=>6pXC3xCZ2mbf#6>
z0s}Iy2Vw_Fe1%&CfE*J{GJinU9=WcEdAJ$zv$Wq^7swo8=O)JHx4}lr=>XrJ*RnCE
zMO)jv?dRw-@)&3f=d=)q<UF1JBxRpGjdDY=X%i?1-d`;l^sUZ767aWRtNIFb%X@jb
zm4Q1$j^x%wPGmPc{2zrCg!jgqC4Fd)tgKh5ZSR8VS7asELiLp<-K^G~D+b|O)h%;-
zyB4XY#M6%C!%n79gUDfF+4Pi%Wfb(6C8>7}H2BV9i?CFHt9TimJow%q66ltCu@L3x
z|4CHw0Q^I69|~S>wfC8;Ct*Qlns=gIv-hiS4<UBZEgN02t3|r%p8{>`0CP0g3_aRh
z?AnY+7-`MBlUNEF?(iBD*Xn0I0Axq&seh0^g|}mP1FDv#|4O_fo+-g|@yoKM&H3Lr
zsa1>TvJi^l0qMQUhK+G6n7yf*+_JfOj!V8{2a@YN7YcZogSGn?UnDv<IPLr|h(&d9
zc&;iMbJx1rl&(O-lHT9}`vGhP4KzL_Ku2@2##yOxdEU<8j3#0223tnY+NBoY;%Odi
z#?s-Tk+9y5+<Eh9(&`CcZ%+hgj7Q-Hk6NoH=$^i(eqD`14I#1OxVbx82Y5s!NxNc;
zhF=MxKTooM=gf11F6gem4jX^g!IUI&p5Oj8^V)NzvCtW5ZzOOs?!@;X>O#cw76FXd
z(C4$c6gFZ`a`BMtw&R_tXBG?PD=jk1b%=U<1A+6DQ_Ht@iHjjNzb(t?<VKgA(@>Ak
zP(FMJ{-gCR<j%nz#Ht<Q7(htpdGaW+<3D^rf7N7~@Sx%H8Y>TsjrYK&yxhc^2Xk$u
zG-7_!KPj9j)WVqn*;Ap!&$jn}1^x@6FBJ9^25?r_4tEX}CyD(txU$l{=X8$ehl_~E
zL}bIeGzd%;1Ii%wJV74Y6Nh+7csGKFz{)4@x`__~<PPWPmiQV#Lw#>nWSkt%FVT5N
zV5b6&H-%GQA<~k24?s~rCEL#_T?VnDV)(ez@SHoujTcCyPo18zrqkHZXfF-Xi2I$B
zz|R>>3HETe-~E1;qHo>pjqXW+L&e`OAJm%@`J><8Z%cU>V5sbAGXu;#sR8~DCDmdo
zbFpN{+ozQR4tz@^b+mguFz`#CBvd2Bdw7evdHNI-6)VZo>mydIp}3o8+r8|SJ{@{4
zS&31BjOxc&jJaBl|1>v4FPYCYH1%V|x&1|{4WI+XqUCC3jtuXXzdAZk)>#K7M=X5|
zS*c^xyg}F+eo^PZ)>wu{|74}1As1aLB~6LA*<P@|ng>t^A@GsuPe2k3nc(J&G~&&W
z8xUFRl{j7tJE6OJFf-IgH<=aKH71G)OOux6-EK635NANUFXr-t^RV~Lq7btGK)J2k
z&7ORVI__Ym9|+qWkd+%-nb#9SvrA&nIjbd^s@r8-vuDdqK|$XElhl{W4bjDLTx+Xt
z+MbP_J5lIa`0E`0!Q<ye?;6<W0jZiMbEy5FWHOBqi|H~Fvjtduo;_V=tx|?i!YUzT
zI7{?16)NRc%6UE&`EF0;7GG)-{1<*)E87y;A-sNJqK4rrFsKSkRn361-?^Cr&(cpR
z)ekoveZrPBz-@H()Shdi0qZ8H(gg^nJUB3dwkR>LE>nt8ayvndC?JmjC{0uK=lK5!
zB)MRdvMg2|7H?{2e*suwyub94XNqNsaV^1kpPKyljCPmoHd!f~<sM&D<2L9VL9cE1
zzVInLH(ECW>-e3@rsytK()jr~=|0FYb^x>*0%&=^qdhFpceBgj6v!4k@d0^Jo<sRU
zs^cpoc`8l!+O2~T#w6Q;tq*&D<)mB?06!S<YIn3-{{qaGw0HoJg5Hc;B@I_LPEnC2
zFa+p*%xE1V#{D=^p%m>w@bHFL<p@pui2fVP1O6?Dj6JMn{6e_$Np$XP1ye=JvmSb0
zazr<yIF*5GbSinZo{G}qm!VwUbwuJNxkR*PXiWoYf}XD3yqGD`4-P{!KneypJskz3
z%V&Q&-=U-<Lo_cw(*r1iFu1paknk#JxokxJ!GC_;`X9RL6A<j-w!yPaIhh2Ch$zSq
zsMteV0tnyw1|tYFCn{|lms|kSPFNrC<uIHCOC5v=2A}A2$p2Z$rf}Jep;eptzarA`
z|6e{_8WaSm;))-itP!vb(GQ~k;O~q9ARiFF72UgQDN+$ZzsLkN5+fwJiOy<xlP}-V
zTfYv<T<5B(;@~_j^-`ftt%2*BK>YjLbOSmB9k!Nu>2>#LkDlu?Wg{;}rM98;HN`u*
zu^JtxG+^jG+J_Lr`)ce4o+BrlIqdQo7C|p_p4`<r&&Al({qhbb7~QTL546N?Mg3!&
zyNAbYTzeaZe-r*Sh1bxX7dD)T$np?igopabe4ZQunx4w|=H$C)<KBuLJ|=8T0ANAg
zxy6SIXzCcoCL6>zCE*>)T9kdZm$m*30HlP)uLwi>+!2@SZ0m)y@q5GRez`%9IZLba
z|L&%n#H=(vGWp~YK29Q}cA*(;F}OeMqWc$w-w1hSdl5`ZFm%S?-SgxIkSJIhylX&q
zY}Dj`%x4<##MNS2SFxbG2I*ZZVyE|pZzpf|=}~Twz<R@NgI#JX!j|9Q_@8FMwd8_k
zlrCd+WZxWf+1R=i8Tx4d-vlkEQ+39#D#O4Xgya*^5BKJ8%md9_qX?Eurnd2x^^EJi
za}#j6if4~PI0(b|Z<`o9`x{m*JzQ_P?4rD{)Z~4BGFv0!e_lTDhqhE^{<n(*{#yQW
zKKL*H934X#pymQ1bH*xW!oTkK`pEuo2i&9L%(qpFaKNwZU7mZtByx_zA<T?VUj*UX
zKX}`i2QL3Egv!$3&sAj_>V)@61X}z(@Ng#Y*Ufm}%MY&a;37o;&5HPX)5TReped8B
z`aiv#{u`~$s|HZ!z^Rcuyi|Vv_#05H3Z}jqG|z0zKCvV`wDn^n?v^DGQfXdVP$HhU
z|KvNJ#{XX%2W;U;U9jcH6-(mFwa~qgt@nJe1+<*j4r9lR9Xg_%%6|g_&#_1PYDWhR
z0_&L*GWIQm8Ex=-Xwv}l$L}wf0eKOPewIR}dQwb(Rq=Uthx1Gw{SZ))PjJ>EXi-V3
z#jpvnazHw4OFwxKL1H=KxpAA_rQ_TaE$f*k6u=43JiT@X?GOTp=YT3C)>O1McUZrj
ztlCi#$is%w%gC~9vfco0Er=KtD@b5gq<HjqsoJ!UfmXa)$9~zl2Q4=slz{s3E~j!o
z{5*yW(c==|0!V2bgpBZfzck%!=a>UGZlJv)T56)%{IA>3M_hFq6b7Z--k7aK9(t<Q
z<f2iQCmsM^Hw)U=KblJB>M&5*4O!{R4f?J8HvQRa4UlMSl*9zQPh{L18p@G9-<FH$
z^+gR-CD)LrX}?xdM@%RwOM^+GivRwWZuIqoc@mYGNO8D$$d-|wMcUQH8d`3MyUTBJ
ze@{2S??sHw6ZY}jGE7I6bB2Wo0}q32b|PSQbz07Tlvc+J2!`?3Hl#D8gxkJxbvoBc
zIh$e?ntlMCn<#AAHjCMSmcZ+?fiDu1Bh+KvKW7uX*jvBW(9ycw#q9aaSHHEEoF(A^
zkkH~7cTzDX&SVfH-39C{5Kzo@p7xLCdK+*@q#!!&^NVan7E6=aBK#--0;Hn!v~0!p
zWQ3WpUEY@c5R4QldJHYe`ToO(`-{cLDz39+4?X7({?zq)0TXq!4y-2phHk_a)~k)3
z4p1T7JnDUph9dAf4{BNo5BU-5;cP!cKYE@F=FVZ|9~Em(;{-w>v#v+!o_DQEt{};5
z+?}!a2S;guR1Cce{K}Kf*uwG7ex)@Wc$ZFJ@7>I~@?!)uv-X#a{bd~CS0p^pDOkA$
zQ)I93w^J+$Vo^(r8wg=YJZ;sqi7lzU0(~4RM5C9c-E7fjH)Bp+l9f+uWgH^fQW52$
z$Syu4rRhQ#-|;RgzO(;2o7U|*;0iBS&cxK;f=%$=U(?U-X9cQ)v}*Ms52jD-h^K{B
zjBTZXDYSEIv`vi;-&QM7kLu02G;42L#{Xy9@6swHOsu%oAhDv{ekX_LP0}6bnossO
z7d?6rh)ah`<U{lyVhF%aoK*@`pS$Ttz(btI_lNcq6eT#7A8rELh{1>@jY_jW-nNX`
zp3Ai3gb#Wow|*?Q;NQ%hqA~*Fr)>*jH9(C986Jq^=1Ru1BS&wPPB3CDe_rMA$JpB8
zpjrn5Z`59GSAc6AkO>?A8V{q)lVVO6HRYwBj9lMKWAf4SZli|e#ne#fNyfksP_ymj
zH0_$A)af4WkvbC^{dhFCM!E5@1L2iqexk!uw{_hYFaG_M6Ehi<M$^Ad=T{=oT$}<)
z_89-ywD+})ZAIy|!?7;(GF(#=zHH1*Rx?MAt_$!Ui*j0p`)#g^=Cu_VPQ;Z$5Y9CE
zaxqOQ)(k_wYyG@1GXn+hMa^lU!Viag#<>G@ZL6QK(0q}tm28ujk+}7rIVc}dn6Wu;
z<5Z0(K21Q}EDpYU>YPR~h%ynbu@0GcGP2)S^C9v$fo7qcsiAEv;$l*ao*B|4^OGMv
zoIZ7V*?V`V9}j^HJb%LcPT#d)n?Boz@f>@Vt#@uoV9NVVxW=OjjiCMFV*BPkd-v06
z+Wdt}+Qnz)Jn<{cj5NLJbB8O-zmAS>!8MP*pfMWw_|EW%#$4WQ(aM1xKu_W{iNRFi
zseIRcO++x(EeDj~cY{QE>w|GpAt|~@Pig1Ye&%iK7pt||lB=`T_-K#axn+GOk?7n<
z)7a8-J4<V;ah{K}O1Sc(rrPADpIyV%I+~O6Wd)T*YLdeVhaX&VWms?F#?IPG7ZF=#
zkBKrNzk@mYv!f7u0D1)HjqwjPCzUA56ahrEe#&kDaL_+M&ePB!Kk<p?;fcj_MPD&g
zbL3n=BPR5av_!WZaes5{QIBsmL_LAC%KiK{4uhuetI&B4aJuB~kY0zX*-pk6DN}o8
z=~p<_rxqo^&lKk|6Pt@vH1EbzmM**!2fh=9ZAe+snwizfl?HL}ir#(d{zL9RGL;&V
zv`ehpD_-1CLCRYz^?}dQA!}%%qjm@05$)fI^HpKEuEE)OjK=pa1KE(6Xh0Ym6sC1b
zQ-QTI;t@(u+AF_EZ}KnOQ^&4ECiGk<Kg5vvoJmy|Z?J;5${qf;^|f7|9SG2wg9GKI
zY0f238GZ5?1uYgPNn|{rlv-yf@pScZY!Z!qw%$?+NOT%=nR`zi;~0^cb&hk_^yC`1
zHs}u~ja2%!B+`;q44`f<6}+bDT06L~RdJ={q-HjCTd^#4$*5?zy0Mtdc%>hbw|CF&
z$N2llQ0{aM(1dgJY-Z@001#lr_0tYaeEnA#+$LSbTV2Q47#`YUD7I};&Zt^)7Tgyi
zb=#5Y36?fEFW!IcWtOS5KCRqm(~ku!_jVD!VEO(lip!z%Tmz0{SG=p0ulB0@%He0U
z*HT?ofo){J_O(@WX@ibL={zrs(-~WTO6vHB3UE@Y?WAe-1KFx4mz^KX;$#bYZdg+J
z0avY5v5$W{0Z(1)S2Idml5;xVs^@OD*;Yd9R>7PtFSM%UuaQI5<a6i9Zd%j0Iv9+e
zqLsrO7us5x0m(2KU(bn%I=YWW%H2NGfap-puMe|MON?(5V(UaRuW#oX-*^D8i*VOI
z8k>DYS~A>e^cV8f<on8Erg#J(@SIhoCPV9ZFwRK=u>^})-Ah2dWwbuW2O$G(IzoA^
z>VP`4BSu4xK25r+ay0te27dQbX1gDO5l+qe5t;LHX#o@2&Br&V7HjZJhgfM%znmpT
zpGqA`NRI6~waWTIH~%VGGT37xu+xZH{K%-hVK@nLFfxqCA65wCPktZLySJju>#0$?
za6mH*l{<*nJyOtx+o;)y<uEPL8;x}Wmq5pOt9&>4%vfV67z-2=eAY`d4o`9T?<t3l
zl$7?4843F&P6H=XeGyG{HG8O#@k*0d)2Xh0C`i4r6HRH7ds|*og7v|VG^_))y%;{=
z3FZ~Z6eS&JDMj1<WaN%TyZWYsR)7Sy2y60vJS)E?oTc}>L!)G~^5z%bmUJ+q4+kV;
zP;!{+_=D>}8TLroZ`Z9+-PdQg%Jpz`-*{Ef+AwNOK=&>NveJ~`b&x4~T&=s#bhH9Q
zz3vWVaLOouk|F9!Dm+g|s)vpTh4|o9N3lxx=y9$inH@DZ#oSEOdqyf-Z#r70!7j+~
zDeHKq%N<@+O%0++yWg=dkX?-L<U~!+qH2Mx9Ko8bDkqx@73B85b|Ir~K`6-S$xo#i
z?otWNCA4q1^Uje~8MtQGyxZ$AAlt%s08GWRUds;wW_~hNYHNEcM)aq<ESs?!<B%`Q
zr;*uzZPA*Y*2Ye0o~p(G$CGU5wcd%!(S}Q?zVu{5+3B%ZFG{oOm5Sf)Pssq3oBle_
zoN2m<KUZCs9OQB7awxdv(cX-<kN7%oK+*nGl^AD}SKr@rXXE+Hw}k`6MiIFz>8rvs
z|H22Htf`&ahv4^|%FtV*Pit;C8XRwCGel0l+cU$ip-74{K5dU`r+$tp+nF`WsfILK
z&ZM1^iyxi|o-DM$OPL<NW8f;H*Vg#U(>Rck6$mEniH|Ic9(>MEhLm5yrT_`L6@ebi
z()^t+8qX_GW6?xFA%52DwC$(1E$wgb543`T^?&o)8{3+=8D-9HHkY41^y`cApFn@V
zJWB;Y75~gGS)Ux7730BiqeZM|YEB!NlmWOU!M;A9e;&GFe15iU=XQ!(&<MYONm;tQ
zPJcvMaBSrA(pKY4uq?fr7m@B<CAl&K8EN{UV5XM0_@eRj{G`1Ae><1*Uup6xB+V*F
z%VkCxB%EPY(i7sc^35|G(NqnN`)|@2>Ns!rsV`NnR3A&C+xLTfenL<08|Yq5TmL01
zRYs$_8TCL&E<2f(g59_Pj#!ypG^H=WOTjGt#2aUM;$3ZNN^DygBC1YUQ0BwO53=g~
zKx<9+BPDGV?;)Sn&)sN5aVB85b;KYpqftv$K@T*FJ%d*nMU^CLk42Mev%iJ5jC3BB
zy3obpb9;z!J3n-q{Y>|GGk(1e1Z4G=K307x6VG9NuLK;X@_n5JT3Qkudx7hy^v4ek
z<RtNaWK?H!<PyeI^|i4r4i=7VrSPP?j{D<-LY=cOStAP;?~TWzd&z8guOzLXZg5))
zkHM*)0$$~`-DpKKI0s?tw~jjLG;C&|P-7o=)rDJ|9@Qq~gO|a6tIh3}Z=c`>z4v%o
zyvye@J3R5|HWi-38>&mZ?kX7;Ah-LJfsBoEEP4)rqBbb#$z5K)<JF|WG*!*iMrTS|
zc^ezRKAxs@<Lp_EK3Arcy{yj<X?fB6Ropp;4Zbp4xc@-<G~Jt5*Cmq|e+~Vs411P=
z+d1P27$y6II!?FKAyfI_+Dkc8;v&^i(7=JfX@Zv=4L)q9e;(PE2PFTrj?7H}p-Z%s
zgBOm=*jl85m#Gr+&N2b7bXK!d0A}|4c{e5YN$8+8Ph8~6l(^3>vz}0LC7!r@R{q^8
z>~?{IR};!BZFVVh);P!%8_S4mdUl$d>|uG#vwI5K!(++gehW+?Ew`s?=)0emiRql}
zbBT{e_AjUEpL>qAP!^PFU5Lu9Ck%jHd4jszTa>rfe;=bjTnSH(wjs+qe(ZtD^K09r
zztzQFmgV)0OD{x$-<V|GY;<Va@$fsPR~m3~b$j3Kg;!NRP5^vwS@9N`hXfYiXjGOp
zam}BtEkg}{1-ej`JKtUrwBIlM6HpY(%bCJ)JO|BmR&&LvpBKw^1gf?6h-Y)DGnt}|
zh%ILvj{UpkN%O=qzH89VFqe%TO9&q$M5)kUIhV$|cJ3ZA;%RfU$LEA82EB`YUY}nR
zL2bgA55A{t?Yx|mOP4?ML&8(2<OjTm7h66Y|BL>6H|vevxYbwJK-NJ};pMy3UzA=}
zeoy@OhfUKv!z3j38LA_R9@&_WWdcIEX(Y|2uWwSq9^8BPo-H(n)$j`+B}qd2n`-{x
z+b`rhOoT*1I~h(?YE2TmOxo_XZ*s9d(kV$ep19Rr&x7%G&mM<J&a?<`$pJKuK50-c
z<9%){ihAm#^bRW%)1HS2eW8@?&8N4jDB2-u&q^`|y;^T)GqnBNwQO3ct|j%E<EuiP
z++fL`tU}tjLLlcD3zhR#$<4}v>KnskmWXyUyWxK$3o~-cRpM;T^IxPrQ;Acjz0N8Q
z_103<V`g)yE{0);QCrzo;mWr(m-;^liL#&Gl9f*VYNA^>aYg$kDY-$+3(QdDT{^|i
zH;TC~GRIppBxKsZb}YoC)ap_ZW#2b)uMV>L2TDf7^sc1bk{Au$*^v!TXBZ>NLYK@P
zF~J<*ej2+nf+(*wUkC^Ht*CFP@7w{TSu3pGg%7<yW<lA7W4?hL<lT$VTG7}4Xi92G
zJCgiW93oxwy2h=&ZzYQ~6Az!B`_p==Zs4=9GRNFn%`J{SnP-8Y9Y)^E$YAyG>OL~Z
zb(5WybISGt0WC!i{ha7NqivoDm0kFmu%#&HGAzHe`N#Mag@myIyFuT8kH)`^7sGu<
ztcMrsd}#&aJ5pGy*K;P!-C!?W{9MXD&XU3s8ua*U-_>Y9x@<;YyUwH_3`$xKe`#ay
znj_gMSSsB#4(RNv8fqHf&V8XPU|Ww)UAP(YurP0qy2o;MG1#}b+SLhVIKxHiXgNfC
z7cb7fr129;(RRm{U!n2sXVl-6mP1Mdo!X>vF9z)T&}ly;<VU;x$;+s}QYy|E=zfu$
zrD&SHJFx5kSID|crwUJtjWP!>Z#R9$ERc9r@ODqqoVkd}--F0}0vin?=#h(e4QNM`
z8r9;*{i8sSb|;R^M(-W!DWIsV5m3(x#}`$iTrk$7P?G||U}ODyALr>XBlj;id{ji=
z)P{q;Xlr@;>kEBoN!wHjIUeyo{=B!KKo%oKTN+?Gm-x(C1v0hP2hn`K1>cPjE@rV}
zBRgSDt}Ow@#m>~}AVOw^l4Y85pLA+uP@3w#n{^-y1o`Mfjf7ziLHOuF;Xih7bTN=)
zj<!>u<kt@(*J}7U*Io?Fl+hlJ)|f{jUs<fId3W`bZscn~#%|u?CA;bQqwIOJwaKDF
zL*o>6QWTq4bAuqGdm}~SmuuyQ13Qc`T&VcB+)<~if)#sR0mE8;j{|bNjLiE-;hW$a
zfg}(eyDO_D6U7Osj}yO9?*wSL9oY;kyeNQCHH5kj4>qu|BVKmb;n-cT!sNca$(>vI
zdQ2bl9>USq{jBMmHk5fHP8EqJvFSG{(4s*OR8mFUOH3Pf@cH|Cg5R?MTx_VtVgT{4
zhxUb_`0)}?`RV6QNeFJ<Exyt|&P9D=bFm$@<Dp*-CSNz5MCb~MryRUO>Jh7Pq%y~0
zaa=hNp*@dBBe#WhP52#)r(sK_T;F=@PLyhQUZrirWi=vAWCzF}|M^z}&4y9oYSA__
z;Y<2K=fC1qAIW^X@i|t%#MJG^-z9q<LmUaP@_suRmFauoGjG2Q`_4U%J`~#C!Sad6
zSoHH+%#vA_^D~d-1r3(pqBC1JTq~T9TI|V>a=nVduQ4qJfcwjgUhs@=dPXlbDpY$Q
z7@0k3v23yQ@$in9+J%KKaC?EAagG<l59+H>(K1;&X={PLKz@ux>dUv!!klr9f7x_8
zacJ166noWAk#-74_Pz4!iyI@JeQs3FP76`O!}pp0&Jm3H7Ii&mSC>f?@)Y2#itlP-
z7mURf=Il*A)(;wv6Zf)dB(K6L?Tmf}S<`=fDdb>x&C%eSuIA&a7vcia&+T@jC#=F8
z!siDVK9i(8H`O{!?fYN7eP>jY+tUBJ9y=fhQ2`^MC?H)$2uM33MY<?Ox`1>DO+qIs
zT?9l3y@=ERAyNZ`kON2;BE5x#9$FH5XbEr5z3RRH4|o07dOy7R_#|s*X7--hGxPjr
zrjK4H?V-kED8R48;^#$l3AF1WhpPHeRz8jN#aCZnxii2R)5gedO{EX#RpB+8mtIn(
zQ^mONwsBw2Etm}mltukXU77Xq4Z^v%lQz68%KVG+7F}>p)2@FsRXn`OZunSpxSVX&
z$mZH#&-L*{%8bdM>^;QwO*8Uz9e8+awn~vais@E3wR&)IC07L_2R(?Wd3pYspN3Y&
zg+j^Vof<7|m6uY*J6q~q<8`^3x7dlz(U)xWdOxc5g=xKgettPoso#v$Rp>J*8T>|u
zRk!e-+f|!=Z^?FgcCHkC;T2xv^1yPUcUczbws_JsM{Gl>Iy5BdagX#xhflo)cU|Me
zDE{OLO2vxWAZG*x<c%;CE@cXOBr8o4-z9oqe*Kg+FwB~g@)HXX9Gx+5B<+3t&Q0Fx
zd$y=!&hVA0oefZhyEbaqIA-|^z)A2VF!rhwZ?N*hs7k@e*WOiqB|)XdO&)95jv?Qm
z&1uwq18)!6(DeTDT6+s*$_%q}1e*$_aLNlVl~!$!cfCs=LnRdn5p$AeV|ud+I=C{U
z4jbK&PoDN3S{x??sNo;??1fU==m((yof@NKXLbQcTN3akG4Rpvty1Ps_cKNXzL|=t
zpbT*$!=Mz@Kzb?*)lwtJ;KukqQ)Jb*gj|8944`m~kK`k_qjhUv;aTpyeD%~2aP|Q-
zP!O!`c{&mlkY#H4<e>mD_htQH+oZ3<_r!%yBSUH@l1&r)gYw1db6>ry@zR8Mh4lC2
z%F0nc%6x2Xn!lPy%hynszRaruFJC{476a?>55c6{KYCF7057AY2xcSpI}MLjr6SM<
zqnQEVDQx^^h(pCty0&TL0_elT#O2IFuhR;!QT|TDKZwm`so3zAx{#GbYR+(dTyMBz
z;#T<;)gIwpgS1@gUq`kJ!H%}Cg*bRd0rJQ0IVVY3)k6F=`W*nK$+ZEOrw$%tVq~m$
zVR9rlOK3hwZ?An^#?kJXG-%2E*4eB#Ov!){*+QKZj;njulH#2@h|$ok+$?7I2;+)2
zaPU<or;<ZP`$0A?9+Jd>W7L=%$pC7qo)@HKDqfb~V5Okn>jjNnWp-ZhLP(`y`7_UE
z%AZw8C)LF^T({dJB$IvFJRMRbd<&$yq92o;eMXRNIF`?E`@D>VPX?y`LDMRE`g!Hd
zj>)Pc#IsKRyv^f&`}dg7UtP_)O1><ETo+c>Biv1PzDSP1@!#pXp!=tlx5x@{Mh)px
zXbaveB3U)90Xakam5XM=W^20|)`%OdI5=<b)+!GJv16jc=FxnHuRcgW`C>-2<g2r9
z0gfo0oShc-Rdt|{!MD8(17XoeG<MIMC;C1aCFbde#Mmio?ysH6?d|J)rR?<kD*m@Q
zQHOg;VFsB)o3a@(DoQFUUvsAS-}<w#nWlYKk}$tH)I6RUD-z9m@b;B6<095As#<yZ
za<LKizSV5^g?`raw$`--QTHgwOY+qBR9L6rQD>b($ckV<pjhS*2o+Ul40gO^wI{+O
z`flfGg_prn4Jj|Ix=b6sAyK*&<_R=%p=ae1q+B{+=1~ef-S_V+doD-8r1@G;xq}Tn
zDqK06RkKm1Vm=+<4&2m}IH+kLy+v?2<JKJGBGwRFT3ff7fY&Yq5@mZ#f-Ji|mo7`r
zb(;f5YdxE0q~hz9zv&MA_C$gUe`g3gSbh@Cd<<oZ$dRlQVkMp%WK^79lH!2FkDwq)
zTbU?bZGPSZz0W>K%Kh!6wZ|8FreH(tbAMRkt!``eJ6_N#2-qpkqZn_#xRPar@q^{!
zZ*H(dWpg*uXA0RvT8L!hXR1jCvLX56IF|7`KqkuLiEpwZ2jqJ;D>8r-Vm!n?gf^nA
zmqnYFxJ-PLxA}^VF>bZmNp(NYe=c!Z<R%oqOoh=Hjd@*6C5I-beAv2xYFiOu?c6mr
z*Rh2IU8S)*C1YGCpG|0NpSaLr(E4aL^C4We%xvq^3;l#^z$5_g9nRc{m_C5%IWBGG
zLqEJfSAd8)|IlqQ#?c(N65SPqTPk5B(9I>nZQYi+qe#`7&ZDN~PY}LV*j*-UB&t>f
zy_;ERs^NpElrb;o$-D%osn$z7UXFoAM1|OuUm2X~dV&3hs(LMdD!@5xd^u{03_CvU
z^FmobH-DKI@C0V{uB*y(nN7gq$tsarz=6BW=r#6LuHGr!ZKdW)caxP_;sF8LRLC;<
z?0DwY9;H7%9Hr4L?cUu!+^0GgTHDX936ttq1Xp<7oaTtIL<nu?ZqMD+E6+4;Ve6kh
zE=aCjt@yqsd$F*^Ru)|${r8B_`<ZVDCwK0#E|zc=p`Q!fn;9_WP$*iyTiYN-n4pQz
z)}Cl!s$r`y9Uh-~@kAa*uEz=)$H1hOTPA;_UAsjxs(kWXLEf#riI1Xf++MSg9Z--4
z7Rdabf4+<RF3Q5vz^nlDbQ*1$P!`*+Z^^K!sUuR)ulLmCphJLiBV&#YwgyMV_AmEZ
z7)~)Chqzhh!Z#&i`;(PqezJ<{IkO^k?{^T;0p2Am@a3%d{!=X#Fw+17<7z*A(<cZg
zI`>ov_6Ni@aUxQ6@G3g#WGNnJ&}2dS2H=MH2P+B6cDdDPk3Cm(DXJc-ENS*OgV+!p
z(=(<hSH!d~dI6sG5X<^_X@BT@##w*3o^8I7^=7p1_9@cv@aH;=#JHSHM(ZU2aozKD
z%_G=|)-YPFW%9G?S2;3R?tY$%AIMy45oeW09k}Z7MDo3-=p*}HNnMCQW)b8wa;!yT
zxi$s$j5Kbu`PV?J>O%1y@4+GxSi<RpX@JX7&x*V?F4jG3TWi<belA;Q;FW4_&Nof;
z_@H{WN*z}1z5OJd6~`2W@WA_fvS&Ny*ou)GhBEMd-^jj2sxHBSttNfdvZZSwNXOpZ
z9XLIy!@PWbFD&e`N^L({_^rA#V|tDiXDQ16`Q#8s6z~p`ozI7f9_yq=v{;s2yP{cD
za1+JXS}}E3$Kg&kG@tL|u5|AhDdQEMR67%KE^n$Lti4PwsPE%M<!3dAl`L8J$Qs!+
z+bwFn7V~Ko3&yW+0eH)L1wr;%jWD;pAD<-U<I*Gqpx(W7fn0%2dw52qo<z~Lp9dR{
zVoH3tFVoi{+9iiJj1cj5fl+BOPf)-hb8pGvaAF0p?R8li02pL`QCtEDx0Bk<zOi=Y
zYYw+QYezm*cZ1Ty5ji1x;~b*S19E-}hS&a3k+%}zH8naJ&~w_(YzaJi!lc)+c^*?G
z>+Q+@Kxf0j`e5QnzBm`ykD2_7RQyobx%OlEymxHy-HF}&?{XW5mNc?<Z^6PXX)ShX
z|3}N{gmK5HsVn1#IXPOBoW_d@n%K2(#J*4V_ZQ3+dcSPjE_uD>Sbq@ON`7T()n*%j
zPoqY<ot}I7D9>&5Lh*K_78$lIG~yO(c9bTYP+`saS$Fxipd~`g)*5A5n7$34)$p;o
z+>_CuK3-eoEjW{RU_DTd&KHjv-7=~24G}aalrcd8{bD;2Eb2|SXnURPqQqg)W7rCH
zWqYpF&=rirWoZf(_q`2+y-1L1MM!6zIX<Vi$xHO!;H%rJXLhb>POu8`ugVKoVm~Nn
z${BQY5fFP7Jaah3buHU~@iGKptKYiI@$l-)mW);3L}`@;2n%~lVE`05)VwjM9$JWy
zqxE^13d^uit?PgzZa{fhi}PJEqZSu~L<g(jCvqkku^F)b+cuFvf@S8(D*2&gW9*Z-
z`a@)Hh;Mv&=Mahq_l%4D55@7V1&Kg>W!sd0utTfZ68gI@%(wy7)kIv`RuM4lw18_O
z&8mmO4r&(goq_5;E!v|Q&IA<>1S<55x($*=A(=Cse*KcT=Bkgy7wyL)IW--wv?GT5
zx#lpp0`~#(xp&`lGCeNVS=ic@lL1-2DmL?d<BGGs<0=^t!N;A+JQ5*f!<v^TA?WyC
z4Kz|{)CXVQryLX{PDZo%*mJXSA!DuYl$i1l0Z3<N96U6n$cwohdb=u0*;o3~L4mCl
zWTZnKn}l}t$CYd$)&RQTO`*+@)A}PLdnw<Hc_-5&by}ex<9tE(1&X9yH2w1wNU%+-
z7oGg7r{;|na*{Oh7n{QqCNZ9q+TO;c1=f^x71KbWQ;s7#=V=2x%$Y1X3fsrdRMgYn
zvGsG_r_t6zl{<Z2SJpmnP3J$qiw<`|x8&QtiyBWeZjV0G4+H@s^vRlDe&Zk%5oLLf
zw_)1!>{rA)hNc;pH6&?@_0XJ}Dn6c7ggR|V#NviaULAtVJ%`ezSXyP0(0MCmPMi_G
ziV`hrOSX3&Y|&I@H@d$}Mp(ZW@pfOHYIh8|6&ax)W4>5YIxStvb1gX!!oh{ih<P&8
zX!arTOq@(;x~bpT{r6tT=lZ{c?o9#aYOSwjM`d0Uu&gnYxVGlGHla6<9BO1)em?O2
z+C>z%T+}Mml$~_p3*SBuLvc7GJa4OS?HBhieIt5nrK`D3cRK6i-2G63^=frf7ilJw
zwPRULrjK`=`%L;YPjL-7hdv|(!ymy6grlu~D@@is_f0ccrglnUgZ16k^h>vM%XN}!
z?wlL2A~=7xG|Fx0G%9N!S5o>gkuA{(20GQIle~5Lfll<KG%5M!Lf(P%PX2=+)_@E*
zu&7hAUWxidD?4;CSGV3!qDFweTP|`Vu@4qF<63^{J|l_qj3{mJI;!}_iF+gg+}?~^
z-TGZ~vBHujA&K4L><N+=!@SNRQ|qAF)||c1-^_|Sq>&dmtJr0m{$>=NCbtlqnpJPe
zA+&Fm`madXGzMfodm-OFKCngwiXt}yoqz9lUhH~#@zAQU#1z_D+3WSF@piL*3$jDk
za?{8SmWc&JV9#C*o!*`PvWmpr8s&7FbY`Sj>PrHlen~oFvrvnJ;G~h3mDGzm`FG_?
z9&eUFg9vxJV}cp)afX;GiAEM8vhaq-Qv*#dF2o^_OUDy;w|3B844wkUnBm-0WAj!t
z2w;hPo8S?1@AK>f@#Y&~m#4jOgr<dvTD{0{>Am88V5(t?^|P9mG8?4(q?_R`Y_{Lu
zV^%8YTVHX7W}O$!1&;`lt{xcl2TauV_R(iOri(4Xx8@$8-Kt<AzL=%&VxyykKlSKA
z7R9dTbSs6`U49RIBI&%sDNtC8xZ>i~UzH^G@KAhoOagpZoBm<Q;^ETsFtgN>v*+Ne
zT|-m$9TM>BS#3AnKPFAY3fmePX6=na@$l)mDe1=0)F-#itF=1~6whFoQ~qLXd44cl
zGnz}vi?6<2KQ|?p1T|MI6`KT~aj5z5wr;f8Sb3=+0y*(Miv!_x*5Z5!6aw0~6K=&6
zF5I-lFUt3s_ZmhZI_D(HLY(Tx=4nK0UEei&(0_h-?VDV}TECxuhUJ)I7dslAy=Kxt
z+UT}|rWNvh8gZ`9SBQza)Zjqs54xMF007#hRv$-+rN^!+%$R2F10H!X^uC<>uBtD8
zfprXF)}@ET72U|)5Ax!R%~M`~7xz6;Tk5R3sYAA?rOH?BiCeT3GUY8=W<XI6*#ZcN
z^UDYBNpJQK+pNTkj-Dn=kTz`~_^$A$rXu85O^*`Br&l_&-cDu3pxGNY@mxdct*~!L
z<7p#`JGi7+z(TJn!K5a3!pm$fc`B^m4Le`mHk|EmSl{013{Znhox8}-GkL!muX6Oj
zH^#O|o>&y>Cs`yLI#G9TW&Z6cfu|y)DoUu<w1BJzrPE(PIweoZlg3P+7bmvM`A}||
z27=AsEc%Z=o*^xI2)9-yX~MgMnt;XJ-Tm^O@AkwvF3gBhr5gVMoMAF6Fm#Ok%1~=A
zE4eZ>XPa4C`gAXYT1g>pMVWUNob+!#S#eQ`_e}YEvdVc9CTJi}!c}0*;nq>zssb-U
zOhlNw9k9-bl{fd(06s4GahIKLwaN5Lx+>_lR;|&o^*#SBMW;g}qdc~Yd)%R4flFZ*
zH3zW9YxmolR6kaF1}9K0VCP^D@E4x9*?a64Z#IH@)eFZ+n`IBWPMK&5_r7pX3(*~x
ziOsXq>7Dq{4noNBTk7X7vN{ss-`RHJXQktEt1`n0nx8MIbX>YCsO5GdI4k3GxkKJR
zli>ZQMxRjv&+DAH{@IQdhWqW<Ek{^kJXOFjP9vNoD;xzM&excnV^j(O55GQp-dGrp
z$zZ(@`{ECaS?aPxz*W{5sBW@Rtox(-8E9l^Y2K4Jse1>XS!xaY955II_R8_gY)W|o
zZFl_GJixg^`^pfF&ROQlprO|~N)KI@(L9VetN=cmKM`JC;Jq@U%U9K$eYH2u+L0nl
z@ukjug6#&mKaosVby2*hDh$#R4fw(yKM}C&SFAU5^`d4}&E%ksU4bRHnR|`q&XInu
z1Lr{cT6~YrIh(n@-x2KwavxF!R%8cpb?3|w_yjQL`}g3}RZd9PJqhBr^i8x|;!{kF
z)nqDPp;S4)uF>W#>?pW9`N`s9vF$sVK0_CMaRB+{Z@F3CRxE2xr`qqN2O#8XT%+IH
zGJ>n_F~@gOIifBL6E7-xA6(JM`)em?qR7Y>wLOxcz%#-W-U{-BG@<0#Fg2^p_6%1t
zrLmBy<{y<w*a|B2AaaQN5gR~h5xh~IBAZzeg!ek5j#fboI)>rzrF_WukLc5SZ?@oI
zCjBUtFF`s<sdC|OZ%w$SW!^DZ=krIUVU9%{^_ByKJ2fibVNQ{e(eBN59RZ>0U@?hF
zJp$Gj*8Kv==_7k4f%mO0Ik3)wuIBy$2wlbSROSs|oe@^p0N{SV_Nu)Vv&EDUw$J_X
z!Mes|V~BH97{-yC3#~V2sC`hC`gNy01a_=EiT@g!u^sDDhZPU?<ed=7YfMQ#qmP>&
zuI5KC4D-lTKFK>_z@(rtRXLykAT8d@()Yd-m#@~x(Cf~(qX}2XpV{7_k^j_1i|Ge4
z#@ETB0=K$CCu9Sv0A~O>keW#o=y)3TX3>%;H}E)GdxATy@zoOd75(N@Jlr#@ZiR--
z_z|S(<JHcL)W@nhDk?9Lh9W7EJ}zWz4UC_EiJfJ2l9wwkWA_EMCH&F44ms;`@IV2k
zeiv>-&3~W~@F)8@(CVC?w27ST3)qg4eymoHM<nPab&#^HF{5(+uq4HCaj`I}O0=FD
z43k>Ef3<MT?I!%yfN=D>iPQVC@P5%!aEkOinXfT5T{_rR+={u4Lymqtdq&uN(oVr@
zqG)PLkD10|xbJAR(wk4x=g6p0l764d!R>i7RJG@0_O)K3tkQN7sOSYj6COQ9vAd0?
znxZT9lN+Es?C~#|oT{>5|KOeAlw>2dH6Q5X+V8%<B(JLQD#_(qjdSz7g$U-R{5{pH
zv2l<)jOej7;3)hqouh$JG<;ztSnoiYd@Trc!%3pBwLDj0cVcfO$FD!r@?j=IU|6eP
z=WgPBNsEZQ+hzTyT49QpnlQ?5-c8HqpeoTuh-*&nNv4T?wcRWzNZjU~nLSrTrXB{f
zjqr`n<36c2<#s{fOUyMlMi9vCN!*DkunL>K=j=S#nG}>8{2qC+QA7CV<zj!sx4)M~
z`qEesX36)F-nvsAw{F7W516H--g*c0A6i%_6=GH|CW+ZQC~jC)UYi1p-wLvPYu^wR
zWg;ZNY)9p|?@jL=C7o`5Mh$LhH?W9o3x>pkkMjenH=x7{?)a=7mRPka+u=yi1l;ru
zM7E&_ufXB75EOA>p~E#R{z<tYS5}~LD)=eU#mr7iTRf%5f6%O9a#cxg(A|f&aAtgk
z{P@&7v$GxbZm$2(1EG|R+-I56Kr(wd>gMVnZ0;|RQ3}~LyANW`A2H6AupP<g_Yrfi
z!jZWqkF*cDLD`oAEJI%`j3&;AQ$zJphXM0Cr}_BslXlE`CdfsoWHPo{xOSj9x@ixD
z*5-Ir2ZxV;=Vl??1uH3N-=(CUi_dKhT%LLoUfa)7$+E3m3f>aX7R+lQxydaDf6Ubx
zkr)r#H&J=%$gBnLq7N$cPrA(bA(qC!yHPXX+=22g+&<D)(g|l0@KOfOI+fM!{Js%9
zy&Rp!x_Wv*iH$xv%F(=_lK(xkty47x#Xljc5{=5aU!IFritcZ8@E$MgK@JW^G4u%+
zgq!82JVNHtUwS}A!qMgr*yM+ZJLI-}^vR#-Z1JU1y}+O48NX%x@e?}vS}XSN`EmdJ
zm^+94f}uaX`D*}N%2n&1xY4?yv%e}d3e<jf_54j-s-^D78XhpV|LxLEyVbxStNhj^
zkB1!7;E2Ru#JP5$C{2elMq0oAwRVoEbiALIjOE<r|3$3Xv)h;MiKhi0occx57oC_k
z8<fb=3fTC}kM+mIe|`I332vPIiC*SmYP~ay$;1*JELg{XGP?f!>&;qX)Xe!`!to2*
zt|Kv8h$;V~kVoV)TEUmu_}@aC11E5n|A+A7e)0GJ2>)<m5dTvYdz*g8G%B)5_ZP`u
zxEYcl&pmf5yhBDnXsaC?Q$K#ZZnwF^c;Z>MD^gTc6mN_E@%%M>`tnbh{eNZn|G)YF
zxkHRr7>PybbMadB=DHRUKiPOK@tP7sMd<~y*HQ-clzJ;U6Mt1h{I>&B5b4=*My??=
zG&C#Jb6t>foS|r0j~WUwQWB#WZCeRGwwg8P2{!kyfKc`4kyW8#Rssh{WNgD32>!qx
z&gM#5n{Fc%TyyysuhTh`-3`fFy9eqn$$IqApzVOYn;ZP25My$B&BO?g&@w`%6vt(u
zM5nRpQViP9KrxsAqCLHD?*;Ks9>uLbIjp=qI*o%ZVPUEpYL;^==;&Z+ds}yXZjYK{
z5hx{5dDI$Q50>DyQmp(eB8OC&ub*V4Fs6f15enA`+I!zja|pC?w3*1xv4c7<z1S-P
zYZ*pI>+O~P3o!i};%tonLIL`=V$4iN$>AZL1juS&KWllJixSidhAl6n(hu4Z`0gW%
z8LZ{uvMTtxMgS+!Cg{sExhn~CB7DN#0l}{Viaugw717HQ>*J((ztv5$T#f}Qg@X&@
zyPBwn<AhTfM0Ef|FEa!P>O^n!9&Lgax}g9hZ+0B^VoUJ0=fdT~ajR<G9AhQyg^*p(
znG}h6%udT*D~F28DYIiE_bGq6tNQi4Rm@m>dMNw{>iz?HCc~cGyN9rPpxF9Av4OgX
zwDJL~8jVP8^+wVu-n_*SM58sqy}e0f?-&Z~tL=r|i|~whk?Y{w#F30ee0B9GQSVuW
zArPsnCEUDgLvcIXlm8SmHcppPY(BKWONMN&x%hMO4#gqjbt#Wu@%NyhSsuFXe=MVY
z?1;%6D>{T}ETzds32;9D3gxIW)y?4t5IsmA-rG)F+QA*ua&+aHfcAE1!44{hSUC2e
zuN?W#;{s)6({9d^w?0w0%%UZSxjA<4AV+Seh@F!mH1>M&9uy@Ad^l6bn6R)S^|<Zw
zc;={_;utKNmp9ITd-Tu-ucaOFx8R^ytHX6U3}gez;0jFj8x7j)fv~ad4^qG(TWL{I
z`*VX3kpL}v@x`F-9Dp_WlVV6j+2nY03?yiggHV55ON%~8Isy?%SjN#waer@h6oGWx
z6+CdxBmA6pRtC<X5=>1-%Q=BVSYC7LrnBnXYi7Wh-Mm0|#iKvHcsrrMwZnz38uJfv
ztK$0u6#$l|>hU`4wKd#>-H>JbZZ&(uvo>Yn3s14t!RjDF2-%%+Tz2P>Ik@u!Ziqnr
z@$cJp%_l}j)!l4)g6Yvgt%n$1z%a2`48OnLF4>%aUNQlKJHQ@$9?Zng_jf>z>3-CX
zwv1>Oqd@wul^Sm?IjS=Ug527rgnYPUuMmO?ETb2_ZQ<iPu9G_IYh^XtS2|{JNUqqo
zrK~FQVD|Ff1%*(NUX)g&kU8fc8&+0jM$b)+P85#n)avLfk6M$a$mvjx1LEK*s)uOg
zHDZJvO}%Pgfvx{aT!^usLWneZ&SS(CM<K|f{nb@X*)3%jbu(9q)8hEa`q_m+@%f2T
zLJ9!F6ny=j`rCseZ>$1GhMcuOax<IW+?_Qz_#U;SD<LQ6w;=&YIb0<1a;T~_?T}nh
z87WDtnDrB7Sd2#?6;C-n%F`6R0Tj}rW*{MSWlNRp<368#gaZz7nBuS?0fF3tx(ClK
zV$ffXzF@X8AdCvzDiiRJ@|izh0B@|NdrF5-Ez%D8nuF@xn}jw8D%={2uyG=vKYAXU
z`3;z}^;dbK3kC!|I+wm7WY`&|hL@}qcsN0zf4QVIvVuO)zI6}r7S~YeeZ1Sc(VGFZ
z^Y`5fphf%oIwy?gM0f7!@3I8Z<wgngIbI&L$ClZ+(pI&?LEYv%F$sbUZ5`k&9$tig
z_%D0-7e}Y?jmnk7>(n<<Kpo|mAI%8r2rDyu9f4W(t?@`;?(4Pg2C$y;%q-N0RJ7&Z
zW3@0zkOnpG_+9kEr2BVmJS6QUni+#HwBHM%&})p{@kh-B5Y8e1QjU{lk#D5oypg=8
zl?aFQbZCgzYIj`G#WHQ>9PlXTczRY==oqfy&1|Ve58U{`m)8!Dd3n4;Rp;aDQKG3r
zwk9@?GhoM}N{tYgoi)~by|EdK{luKLbgJc%+R^HdyDNX(4exuc!*dO28PE#8-yzYZ
z)e$!*qq}RuYBW+~&hQP<iW(M6MVqCEKxVeNc9wl7@svPXp4ghUN`N$Z?-N+mtMO)D
z{|=T;U)i%FO!^bkBIg<()B9X71Q>3oQ0X}yZeGuS;Cgm0G;1Q`@Fe4=JaJh=<)J}E
zI`54cF+08rjmtp?nf2LKFX!IPTjAtr6kcP?<%3dx@&dqDIVNcCP$Fn6nf|US${p=N
zS-_b47X)g}%Wjz{ybrRVS8mO^tKO0)fF9ogmIrO^9*=8bnL_B{ldXZqmeu^bK0g?}
zXG&AYr)Jc<xQ`JtOLp@{y+@VmHX}$fD89<dax_=KjdX^l^oPIX=d*lAR!0!MMv;sR
zxUsGz_O8fWXg5VQZb6D<Xv;8}B9K7Rj3lLw4HphXD({8cfnNDC6akNkqv^%}(*WOi
zpRs<}DfmMdkJ!_+1qd{<FLpQWMe-?y{02{QxJbn`f_||&KZi!hrd)Q&2{~~3`>tOT
zwZ=)r@zN0l`5E^k>M?CIaUV>J`4<zfAs30~=Cae|fMl{Q{pysG&rfIQuaqwKb90KP
zxLWJRtvr8LOZuJvw{KLiTT_JoLC|j>$PD)(cp_tc=nnAT{;77!4_W>8f8~_^Cwa&J
Y2-udCEy<|=r&Fz=s;g42{NnBZ0Cf)J5dZ)H

literal 66038
zcmZ6y1yEeU(l)#?h~Vx74<6hh3GTt2#ogUWAh>&Qg1fth;1Jw(gR^MR#di4)x%a;H
z*MF)g&Y7K^=`%Ck{q)nlVV@NwQC}0i27y4R(o$l|AkedY5a_AL%cnq#FHN*3@b8s_
zl$J9Hgx34`_auoCjTmUebP?BdQL#63aW`}_1*zCsIv6^;nCjt=t%5*rLDFI$RXs8e
zSA9Q|m}k*lgUxW`58Ze!F4umqU7@H2C)N}ZTX)ad1y);O=yW3ec!SwgV93{xs%PFz
zL*nFU&iJ&nJUaHH*x+$azEbs*Xshb<X$K?wiD-<AQao%LDkv>=k4*h?vb06~VrnxK
znpJityNvbO(|=3WRNYh^_vEdw$fl**_DF)FI;|r7tOP7Pgo7_^+@M)bNJ!Ym&V)BI
zb><X2+uF{=BAG(Id>&;ld|DA1i9%Vc$s{W~LMiTUY9c0ndOj|qqpj_Ae>%{48fDMK
z%F4>ZvexDA@94-z6vf{Ao=H|rtQUg{o@WpmDi$0nh9$0qBaTHcLn+?(4pSOiEKVwo
zN?Dbf(vnb#S}EUxlPD^Da(ml?lR-i}PAr%p*_3$-iAjBAV<WfEXsBAV0`GvQ>!x?p
zn+&Y4{W_!vay!?ASak0^kLiLRo%q4pA|oTKx)A#Z$mqF~1$0^0v?J`37OFU@tew{z
zWmR2%hcyFYlx##a!3}06hieVXX@)dLp<>Am?@@YcnR?z&t+Anuya#%qu$^UvqlBUK
zyl3hW%L7E}D=4sVNi`%Wn;m{1S>Kf_l}nH$@<KeAOO%0?A$&x3WMtA5s)FsB{kBAh
zJ)img*TwMMTDy(2T)S7RL{o){4>WOVB2PWje4eM|DwXw7Vlgu_W3u5zm|F6AJs{w$
z{tw=i5|rV&1W{O+J&!UkeJi%pk}D4^Mp!rY$oY&W_^{U`)n~`mY6V|Bu#OsTk(%f0
znI)<*GqqW3^jAir<h~ORGbK!>P}2X*@DcGX-&bRdQG)&>e+Plm>Kh4!h%M^IL+wl#
zZ-ZBw5T<yXA@j({2#RqS3#<R>U6p1qnZFHsPppgZfp9}JI=`Ftdq9TLjCbKoBk@w`
zc;qV&w}{Hsw&dhwf?!iEH%m*U$Z**a*)zJll6;q694Kw|?bH(D!AWRBY$(PJ)zlJ%
zl*y)K-uI{Wz6Uyl>SgVGP;82u0;e;~k@vap*ipiaTs$o;9id;F+vOrH8Z_D2%cnS#
zO*NB~5Y*d&v=ZV43{IC@U1HD$HW|@6CU^z55@#z@xKgmGrcr*ObZHC$Zb5J;MKA%a
zjGQWt7Ps+yrO=#STUbqKZ|p5ORVi{PrnnM+C$O8n?@_`i<D|~4!zEJu&(r<yH%3^m
z4j0d(2D;+nYOEa{Cyh+C=CGnzB9tbrM&DwkBq!$?B{pd0Dz&g_={{c6M&;^mDM<tp
z)JlnnoZLsrJv}}7h;S<i34s+1-#Bw}akNY|ToCfU5^VGycLI)Y9%a~uQ=%cXX5dN?
zam~}&>HpvkoY6C<i!gg%6&z^YxCmHRw^oxma%XT~kw}TZDom`TFIkvvn^jFaE6H75
zIOl9#DIBW+J#fn&Meio&Xsy8;W*6MMU0@nap`Q3~OJFp^8n<_LHg#6(Vm0L7eVeRm
zRZTbwAsJ!EoBO3rfMv<o%9QDi7jXfn^k>8Dky*wf+$p;QLmqCQutmO`)l763Ls((w
zO~t9F^HRo-a|A09fhf1Dq;ErWbMG%H!YRWh^$6SCPR17M%wsMxrE@I|34=}hEL=Q2
z7b!aoXS<k;jL1vcy^U1)Zz)A1XRQpkSivm{lf}*L?M!gyx+#2~9`-Z*`Lh(TFR5NM
zR+xI(c8!p?+sRsAEmPPApwsvG@8G8FVkjen-en?#HL$cMqjG7b&W~c0Mq08G62Y@p
zYQ$~D7a@eWz@{W8;}M3->~=e;>gq?cFiYkcsYb@X^Ic?-)OvHbkR=4zEozA{Qx0~w
zn(`o1P5RHVV;{~>BqeadOtqjVp$*ltva;E}SBtyZ{*{%$iPMY_f9=Zdb`(#HdSm>y
zz)*uIX~CTOgi+R{M!S3tB_b$k8RTkdlsmb1Hl?hp8bHQYYUxfmmB^S~J4|aV@Uv7U
z{}}~&*lL@5m>8h{!05T}WFQig7Kw&hQyT1zm3HBF0y1qSS`z$6iCxr6udFqL!$@tE
z&Y5Y4>58=L>l?Xxa_>vt%TQ2S4pU$LRtHC<HR`DJE$kMS$Nz1p1k0VDh7aQvh}e!w
z{%91-ZG3yloF_nZx}Ip4C(}nzpcWoKIOy-Qzx#oyhv=Kla4T^9-D4o%Wxk^W-UkF)
z9_d2Nzo_xE{`a&nmk(}jYQ_8a5KAQ5%l;Db<nh7nC7{ffWe5L009nS_Ya>72ez8@+
z5vLyi*Lp~xPP<63ek$AoyKC#Z-w3nU%o_FIi0N$e-Yk9bugfVxa1uFlTrk-0VjB!E
z^1mOo$J^cM+J6{%fSo)b5W#b(|N3oI%Pp0h@F21W$r0TwabgiczBcFruCNGB4H8=u
zB1u$8?_YCtixfVGWFGoR5$~VHAcT$aF9zClnIRMGgAXN`{#PL5&WOjss<q{m({&Tj
zMeg4_-iDC-HQ%O%=5lS9qT}T~-0X|2`o9%MG;gCL-cn&{-QGv+@nl!~T;A<f2_xXg
zt8!xrF@)-W4xjWpi+WD?T=ed|vk!+;4X~*9;!Uw`#^I&5AZB#rg3Qn`)htr-gE4E`
z?q~D5jEE%rj?Yx@o;?bH&NWHR=abL_TW+$)Cw<rA>ATUgo25eMcfB4Wjx1vb>Fn4y
zTHJFA-%169^tsJrHQ((tA~+>Stbg39+pg-;M;xBhL<F_C+>k$1JzS^9f$zs0`ZTH{
z;^UC42ryCCbp0E2wJiF<<$8q+B6&=|Fyn5yCnLKwmvlX0FB^_x$!w2j56-e4H}Yo>
z6qvlt(>HhTL)a2BYu~Zs6L@%Nu7#eiHfK8g&&P|kB5;t1j^7kw0UyjHq=`eA3%TFv
zPPiKI6MC2>N5I-T?^xYL5Y48JY<;6u+p9)=z+(T5*;_rRa*Jq1JDcp+oadjWa&78b
z^6k(~bA=W!=;^a`B++jVcC*6vFYR0f<|kojk1MkrMAQvw7yc+_9l1(#7)Ud{2J3>`
z!&qbP-S)fu5C=C^zv2pn+L-a)$clmeS`y>B*ZeWyZCza=Jr4*#P6Y*DyJ}(ot1q<E
z7FE0bsN?#h&*^X4+I1l7esHyD5%0IcY(Djq<s@7wx-80dCgSLqs(Ve1Piq2Dre-CH
zFJI7(+1kv=g^jz$n9j#=vm=jX*~%5?wO&3mALpi2Bm+b=2vMfGb`4vVrcUM}hppNz
zpI6vx70gFOZ0u&U3L$t$FaTR|*3@aKgs&5={1@(jdwcM01f(FJ9apD&!S{Y1ylsT(
zCmw^9K+Y>*tV-yrXUiwEg96)k-H!6%i;b<X`=y(d6)r28r0m5&BpK#CJMXZ$flD7r
z)-f~vXBzK2Z&RB9cTktpX|SJX1#uRbG|4SkP=tRZ;UePs5SM=n%N0S@qbgQs+GKl6
zkQ-5Arf*HxYktp@L@e?oNx_@Cbab_`oSn(*7OzZ9wa5iAW?fTKpyYn%Z-0RFVBS6_
zcVFw;iPmE{dpFJxs*brzBU>vQGdgOP^)+OsJ8Wm_R^R8YJl8?Ab~W!#y;HhTq9G#(
zWOLwTQKWOM<bM=R;@25lA7XwaEVQ|2AU`5*QdVe~6Z*@b;qK+5WS+l|RTFJoj~XM>
zPRLS_yR4YR6MWPBFIHC{mPa7Ih!*>uBj5X&2MZYdZW4lUb6mFvAQ;<KSyl4Gb&T6`
zE$n+$1=KJ5lm`bNAD^f97Gk`*o)=~7zhU3JzL?G=O>KE{$57mH0d*fq={hco(C|Rm
z=onqtacV?EZW!^Uqxv6@{-3xX9U5Gx3Ug`(p@u5@DDV{61N15+8<Ktlhrr?Rhbwnj
zPh3G&XSlEj2K?cd>>K|(u95g4)2nTfIO^!#aWVrxG07NAQUMu}aAM_55$~KM#Wmkc
zdWNg<&=cC<>IJKJmBb(YX1!RV82aFYc^8?^Au*GEO>697{n)$7UB@YfBm(X6zcbJB
zP<aIHOP1|L&rkrtevT#Zj{R;G`^!`yBYwLr36^2am2tYmhQyv2(&Qqe_onTO2<jq8
zH<KiZ34?DiJIeBV4}C9NJuZ})OoK%3^1wGnaL7v8eBZGXpy*+G8<v-ykiUnfSBT*z
zw7@Q&37YNK>vvT97H2DEohPu1@8X+b&MiFy#YMY!g_b9@!)@mGU5WOsa7@zwO7z+$
z;r<SAfx@TyYV-mAh?`vvz4F;%?ReI>CfF$$u`hdh<c?^IJn?gfty<p1m2od;i6HV;
zgBclk4BQ6fSx@l#>=1`ff^QI^3%){r+?c24=u+@~;FKh}q6~bSi6oNdJTD_gr8+oW
zp#_Ad#B_BhR*eb`Pq->L*mbJX#|KAsFsDe4CN|}yQYv=XRj*m(nHP8i%LV#dyd>;-
zWya-s+_I~#CmknNc!B)l1d<_FJF$^_4L<R6eDJ$y>hk?7a(}+s(h{Rba2>+hsY{!C
zD6)2L{&0oP&Q6x96LwRF3@nhjTUe~m@i6!KoXUKGlLT>UIQZ85Z!F#8L<<l1UG?md
z(4TSfktk*l&X5@e%X{#{3z55|zF%8Hm)Ch5uVXKKN`f&b-}5U9y9YIEK;Q|_P*gsO
zojI3dwEZ*xVbtuVedF+ygQlid+Q(5rvA@p8kBlqkA}cD9{x#&&hErPC<TtzG{(EeE
zrbK;(n1?mB68(FQO?wx9n9}tCSJ(JAB53MuxQ(hW5%#}NZHy@~tsAueuQQ(8o#6M!
zI1~hmHzZ)h6sL@<sC?8z5GbFr&})m~->nV#{~S9~oLI8y_x}?m$TUvm-z?Qsp}n<C
zUjKFfNdM>L51m{*{|^Tkgwkwv{_B2-G3fgb5-hN3BCQKNPVzJQEf(X(oZ9347t&w1
zu`f={$1)c8A0_zN=)BPz)*EJQY@7~G7*$eNZ=6-rObEH2piVja8Ah!Q{UMuWX>Skt
zPjBvxORrHgp@;kPbghI@$GfYeippR79`DfQoh-?ClRy5`BS4XUR;!npmNEW=ET9rL
z%KwS~+6;Hydm<re5SueI3AnZo(_~w{T1TYPJ@X^E*`xBrdha4qjYPU;XDQaeOlmJ*
zW&>L@xbsY{vGiyAS*xiooX(HUGnx70uV2Kr%$TdXDMi-Np*yV^P;nb)Jq6q1CZ{FE
z>$sFTDvbu@Nl}CYFA17r)*6_HK>a%NEH}+Ed}#Xavadk5AF8PNmIMubuEGo%Q0E}6
z44MIhyeP+0wiDL1oG+f|dBUC%?Oop|7Zl=(t~jK5amsK7ZW&k9dba^nisc52b;xj6
zeX(QNemAof#GgJ&0XME&v^jMwS{1_K*V3G(dv|M9ywf)oRkhP9?!qS@BEo#}oW6+u
zyJoOzBmyg^`Vw!|irHtz+jKris{DJuk%B+3peGPrPA9Bai)gftG1zp>?k?rTK(3X?
zW}Bt}oggd>kPus(lnrL15b=rQ2eX1hyo#*3bhZR}dWp&GNE;V&{N7Tj)(BJF^FMDR
zcEFJ!HkS0?N#((edItI#%y5JeywYV?LPgIskF+OhClJ-t`{_2>vCVt0uS{7}WX(um
zAc&uv!V5eeItI=5*_WBmz^Stw`7FbB92pgHI&JQb{z}yD?zQ{1Ar7v1a<9u%j}CYd
z-6;PU7qX&vM?r!U;f=CgRL4nP6s`~|l~EHBR<b*BUss+z*L2PBY=2)_jcudm8uOTo
zf`&~<v)eOaY{Z&NoY%*no^~$wJGg+F3Ce7ld@ubenB?}7_N#}bBvby$JDS|7{sfm{
z!@5}|h<aavb@-lB+Pyp<pM1B2M>UIjY$HzHOj>z)1I^T-ocqa|yt9#0E`dCwXa9t5
z%Jd&1+tDG8!bNqhN@1v~lT3<NN%Y-bK^A4+@k%rG8Q>ztOEx9sr^1L1`>{9@H}Vzs
zCM8VcC$;zSE-wjeO~QTkM-#7gVVcM=3o4aE7|%XWMTKGwq)Jg(x;934yCyeFHqVh}
zugoynk8;%7r!H=B*(bq^VP=-|m26D|C%J-=qqG$P_}MBlws(T25)12t*|`o<3N2Eb
zB|Dp^Jj&}8G>uQdk%Ar`Q+(VjqsTqQ<4Vy>7sO6kWC^(&ouPjj@V4E<HKG<m!x*!-
zRlQQ;(%E)v<jLkF*<NQoRxZL#f)>)#T}V=pe?fV3^C9W>iRCe=1z}Nh`}IQlbzkEY
zKG^5<Jp18(f3|EXOruI4elzZm=)(t>7Z+Qo>iS-He%$c4n$(|wqFvt-0FdIZL}>=j
z+JmxlXS@@o>qay;yS*?66`dJLTeC*gvKIpjDX#cwa0rK{Y@7JlxkS%sM30Y+k&d^`
zYZ0H*LeD-sZhs$D9C63Ogf#HkdA=f!XAH|#xd%BaY|sRMs}H6x$W0Z#YVQ)kktsg&
zo-&+AkR*zm9d|mDBkevzQ;yM}H}_pM=Y@qAeAIgI4w4IVDYFpaxm1zSjSL-blO*zD
z*a)!dc~(?bCmkNYP8)xO1Du-x8G(9F4qvVyI#K1@$R!&8A7f?*V}$W4R)Fzf-kg#N
z&}xETB~0Ta8hcKIgccI(lsZn%zuMijO74}le4b}laD$zu4XxLBQs&;&tPiDa+O>5X
z=|IB(T53qq4+{lp_9X&X!ES@UbRsuH*ouNRxw&FWCYHX)(Yi5PsVyu;+;{tP6RcZQ
zBo~7T&S?Q<(HjlYTkQ{{S;2Yq2@K8cKKmu12X#g1quvE9^Bto+mbY1gRfb}(oU!M_
zmyG~Ghep~#Ew5Viw+G*zw&eR+-BS(Ea;cISZl$d#q)q0u#H-)>2}0~EFDP57^_U2D
zDE0Q~_k9#Il@MO$<?i6~b&DdpGKyX3RqV`x-Vfab0v{QP2uvl<rgz~SnbS1{YYse{
z`!>H#u+0R3FfgVXe4fw>+hlG`{`w(lbcdHqYntvQsUidX*AmMu^9jYAG+izgWe<T~
z*r*Duvx+viu1#Qt+V_hq{+49{>+tE_{ledT7yRl;BOMvy?kavaI?CW5Nn4!|E9T$B
zPFZ)VUOad7LP_b>zr7*_frUp2K?e_=c?fD{F^V;56SwUIWR;h5D9RW5r-(A~au=Y-
z!-Q2_&Nm514^w088BASeJC;~2ofyMs$js_kbOIYLbeQ}*5?IjA)BdVeUhuCCq;7or
zknU_(Eh!<OFvB6Fhtp;tU9y+j!B|G&Z=ZH{&KrNOrXTOsVa^}1b@M7a{?v$l%vp4v
zE$j9t;T-$oBMLC;*Vz~5TP!}2X5I4pLx%NjV(1fPe4XvaiT!H(80<294<%)m#WV}6
z<JM3SI7wD(ac7>TkMI6oI=kc4NJlQ}j|OR*>=cnF?cUHZgAIJm0B||TaD+iMJ>8z;
zC1B%S+(x%KUud}OI(Y4v3FmgkWTjn@7s87a{i_=O4jalZ$!Vu5Z&$f1pX=*+IoD**
z7s?)NN>rX{#?jsw*4KO*8rXp&lqfd@dCd3=FuLw70%@zf>L=fsQaV<AlS(QRl)#60
z$zqqKbgj|LYc2X_wBG(j@XQ{s=TEjJa!|So5Ff{NvtVFywL5P1|E`Jfj#BOziQ!&J
z#P$l^u$NYAEA)Jj9d+tJ$%U;)@NCEW?`)>abn%M#D7B=?TqmO7Z^HXpZ*hg{=1q89
zu_fWbEhn^GY>V_DkjK{Vao<nM6CTlThMIDPhbHMmM$O9Z@@s#S>C7;F^xF*K0>eUC
z_D=69p-)fgC!Eac*}ZXlx*yWAnFJT1jR`Zem2xb$g3>*!t3A~IGqe%5eDnce*+T_N
ztv*gKNG8Hzf!v$;!ldPPAF0RCQ*OMqdtpMvx3avm_vuykT&HZ!Z{3u->dRzRVWrqm
zzdiJa>XFnW*PV+k89#${z%8~*n6XYXb=VVNw(%(&bNF3Tx^`+*>iBIL7Y4)`LvqIm
zTdb4Mw>tXX<H}HMi>a;&O>4DlC<p@ad|MPZd6)Vxys-23xN%iE_p#y{ehtsawDfby
z-lV8sxfO~^=H}1zIM*a8_a~2kEQ}H+<{ZX#M-N!}iT<`WAqXat=sg}b79YixQ&igh
zjjGthoBJ?f3|~fdkyg=l_xyw^37}lEQ5j(CJ6kju%8Gwb%<YoG=m}Z+J=eSoH5W6q
z^Vh#lD<l@4o|4a?CZrJ@KUzAgejSpc;_8V>UtNsgnGyhr{87+tt{27N&rdo3T6&!E
zL;k=W3<*6}w_Z=3PFS5;AZjW%E77S4(yBn>DiLU3@_lD3=sC7tok^MdD=kg4skNg#
zULn(~Rk4~*&xTmj_YaF<s3SjO_K$ySnwQeh;|eETC|v;m|4w6{f#4cwbdei;^V>H0
zcBWCPBgN-|WS;r3g_eAzs~!9h09yipQPEr@-<v=~B=L5b(9Th`^al=q9rVs38is!Y
zzmB^8>vkRkq+|pG+VxMuu<5XhVxpoRVWl;ze|v#drBW;QtmANXQBz@6%>F*h=k=jj
zx5Poz*ARP1r=GfcvP~G5q{}{~v)-7qHy8YBsUU!C_xEXUrN-vQ<p%nwPtI^RIfSnX
zR;jT6Oj7kCko^6a2z)*;1#!MJV~L$l+G!6ECA@`tFV?{K>T9U3su|(XF<ZP2;uD5k
zcOc+EAqKkeK*hc;>#qDrMOWnuW)wxg3rwHlbLbPf{+eXkw7L+Np4+aovc(y4%`6i}
z>BvW4RxpC2H09SU4;e^Wy3Yfw3rJwtBckH?sgiv5-`Ig;s1X5UTjw*$PfNpX;(3WT
zvw%vAjo;!n9rKPyC5b@rfp3sGrs=%+5=xMJNd_Z*90J6RG*Yd;^WzPqL;plw;}KH3
z1p^e8y({id0<<W?oxc&t591O39ka9lx_`lu2@hWksrt{i|NNj1r~C!H5&-=(KT;bJ
ze!Big`2bNx%ude9zi$X&{a**1SBkcenKIA<Awh5r3#%j$&Ky90r*i1%y#RfwZ~<Zk
z0PyesKt=u{sk_geL2=;ZVyVJV=ee}J+|&w0J35;b9(JTl4j>Pcg6Uw6-nah|!yv>U
z)KrVQ>pvk1h!Rtl+Rl~h-|TOh4>ydwT227;uJ~DiVsFUFZM09G4O@qOZ)hqd;q!aU
z7ebEW<F0(0h56h|gE)6LNfqZ98}Pns63~bFa0c6QHzT7r$A@VNIyQN3+S)w^wRWd~
zH}3r01B7vJ^-wU|>YJN$U1#vtW+j`n-)!cdw{};5?dIPMAd5E3fZ=mQ<(b(x{lMV@
zC{2u$XM*MV4okCiT#%rOrhNRdO1>fy60-6HZAU1?Kt*9?=@tVrD><_(b6D~!%esR`
z-ra3<zZ0KU@dOg!iv;p$eh;{8XGkF6+dh@>xs8#a1K~#%_dr4s>_kK;bz!jTH?E>C
zd4~~K$Fa1f==|lY`kVELnH#T`q2-DJPrFbaL0y{wPgGBTwx0JX#fH-i$e{EeBPA01
zLD^X^LwW*T?-UhFnLT)IFiO&6@ih3&wyK_%5b$xMd+Fx;h(1qu;&JK%j?qUTMP@@3
zIL-?<q%lM1-u|qh0#h*;{7CuQ>$QkboLim9{5IgGFO{-o5%BtPnoGpR<z&v3B>6?J
zS8#@2T^XcBp8ZyxgS2c*Zp}_q+G-GxEqB4!rLOEbh`5ZNAWN_V{JI0aCB5ehdp@i0
zS)!+oxYV7*-?~7CWsRIY-)+sv%9$n?_UYR^H8JH<b_e`n5j}y;@GJcriw8*-+uX>)
zz|QK+xnV2er9r6;KdfFCxd9hB2>tXtx#*V5J!76v%5&vwyQ`61ASPO>{Qhk#RWl^2
zK2}v>HAlO;5MQb-fL*C>6^KBL!D6qpb#%lRrJmusx-ke1p;G1YVjZZnSQSTi9A{tx
z0HD~Ay75C#sP3?wd7RynoH-`0>)0N5Zl}uHK7Kr{j7}&nL&uz&vbMO&mQ<j2f=Q4?
zuLh4HTOJWDgbuXu5f~jc-GMKp#%|(Wx{_tfteK|m=r(?uoA$Y1wSvC8laq2L?);v$
zf5mJ{LM`fiqq*5Ad!aFZq48~FR;RL=ZL>N8mTgMNee?rzr>nJlg_OjtiC<d9=}lWi
zZ}AuRtfNC(Mk(z!$!6c|d_Zy=y<t~g1iV&(RL9f$z<#Bzzzi*Ec2T|kD*?b?fS(M7
zb<Jc{kpvv~eoFvi7*zXSc9q1YjNPc<bo>y{Jkxm9_($+v4@=EWCm)xxR=~%Vhin#n
z3Ri~hpCg*~I-2#~S5`L$-~a7Pm$rTh5?IllPmQ@cf%tp<E#b&wbo}aE?oRDdnN;dm
zY;Bl{sD==Frvn)7E)!tHl6ux17EY+sgyt8-<-4VC+!tMcp@Z8?d?C)3IMZyT(`>$y
z@{o5-3H{Y4PHQHs2G@U+7FctZ1d`_#Ou)ctz-^pTftpG0aK4y+y&17ZVh?~FrBc%{
zB8fy$$NlBlV@xHct1o=1YT=JGSr~tg;PEDk?w?xYvLA_Im^|I1Ibyd|jV}|Vwe`7}
zx~PGz4R-PV#`d@8kJ`)RRcs2m?*nqdxI#$hsMdpkWU1}Jpz698;|+dQrQxAY=>dqI
z8YN_xSIi${B9O3&)S+f-1-{7xaV<_BXBU3*>X8R|rQ|yp0BVD`wCWgV>UCXTB>#&1
z&iB7sfRAT#t+u=%5P?A|=LW1WXX+!BdAGH*VZM!w`S7QBzC-ko9z*&f<y7wF?cZnj
zM)G}?foFC~IDN1^nn2yc=4OqD#`{Z!R^HzO;@6hz3^9+pBgraHUbb~5EQ%i@8Nyna
zpfr9LLAXOx@*s4qL6S!#b9&d<Hjf9ITU9BFdHC#kbTL5JEXCa1n70bm@R~|02$bg&
z>jr;@8LT3v2QvB2<^y!as_7-kBG`-Qi|GXx>NV!)yK>{qH}3Qj=idBhpNixl?{UYT
z(I?n!scQ@;r;?N}D~i=WTx=O+RvIes!1T25Tr!1WLRV@SBa<^bodf<a@>A}}Mvjy9
z(`jPHUGU<%(^JRBnuClzHyow6UzO|uL7g}%s<;d(=c}ExC_;7R3@8%=1A}tHQA9W=
z2i6-UI;+>y<4KK4rNI*9B%nj4LeB&zMl0TE`$GhcN>~#uA#B@XO)g7Vhyd15UAyA0
z<UF9PoA(X+JsSGGQ>Cy<iofLq^57?|hKOO!*Hu{FFO90xm6V^($cN6a_*?miCbavl
z<{;t?R(sqFG+K+DC175Kb)iH=SSPx(E5}3;Uz3s=2I!6}S}V<RmnigSCO#)}`poOe
z@7XhPy%X~nH{{glKnpGVahxlzWBcs{B%oUQS7>hKSVYL9b*!3{%kGB?_r>i-*i|-J
zWSgwjHo&s|q@t<#3-`Xc5J`Hl9Nx~~;pZ;5|1?3yqyBN@R^rHIqpG;IK+fNU%kJE?
z%=Q*F#8JB6V=y&;#HPYljS#f(mj0JJ&2=<<hra6}V#bnLdU@>{thLSdi_>^1U*#p>
zpFQde_|78LBEw6TY@BX;47)Da3GCRvmvpi#e09GKMB;Et!+Im@e}zZfF{9#Q6U^Z$
zD|Y6aYahC7@&P}O=;_ZqD!}?uQ!48?dm5Ez!q2%HnwQ-4Z`dtfGb}Hyq4EQ)ossD@
zIWLyca9f|#c@yW-pz6ivp3vrQcb0tC&frI9UA+lpsAxW2D@=LB9%$+Uk)>Oe@ncC1
z2qY%PG@{+u`VU-yV$-B@FT?BwYi4IP&GoC?%gTTrW#70-KyP0K6EGH>FU)3c_J(0U
zq6&~EP5n9uL|+p(Xs)C8kGcd&y|G?Rs+o2DH}aPmg5ZTcCzrCa|Imq+hF#~GCpNDC
zK}P_50Qm9F|Mjicq>39<pEnfB<a0KAoVGg2?cxu!MbDEzm?;XxcB>uUFj`epj)tZt
z06>92js2qUE%^U~R~CcofFcWGJ)jx5H1TaDkdUIEKi)48YDV<c{%;PKP#aY_`xRKu
zz#<o2N5+AZnP&jbg^6dt@L>y!dGave@A_2cvJRX|Uz7w{(IH{axw?%GEvFqg^>eqB
zc=)ra9PVmxxeGOpzL(qFv!I&hZ4JPcB-T)8%-dEuBsyVLD4y>3BLY<uwIb<EXB{k?
zcz#lk4|WS_TrV@3=`9#4f1+M=(q5<xN7II;V1mjy)FZ<gb!j{*FTDf(==k7)TguuS
z8HEOqe4_s<5RYDw)0PsW4A9DDt&wYl;vBc#+BM*rnF4lrEnc6uZ6^Z(Flh?f;9DMm
z7a?nF<pQ|IR4vgg6BbO&6aNxEe=!^&j~Z1$4-#Ct)s+#f;Ox*+J}(0^718tF%n<rY
zW$(pV_PB#Cy`NKX{mcu9k^mS3cfMKmrRiDMLd6?AhmtBRom=6QnS92F_?4BB3ZL~N
zx?k&mA5B$)vIlF&LSu#CZVScQUkAoafu-vm4vyS+;kmr=kanI*+iiH?BRfRvY|23n
zVe&FN(LS(eP=hF+k%Ft#Kn8()a6{v;4n{FP`BgR1s8^%6v`y<}dpG)`<~KV!*@f{i
zd@w(Q?-1vO>f!fH<Sz{dno4r3cWXGR+R&k*U~PNp3YYSAZkt+EF9^WftOE?O<pXrc
zVL>tLTNbh6=cCEEU;f+R@g&s6yC{vd3huFONn(rJtj35;@=lMsbyQ2gn}bYop_GZg
zPk;7*PB5Pl#OFJu0sK0K^SGbaf%-v9vtWv3H7W$bJC1r&wAjl^2=dUZVbtdLu-o%?
zy-Nb?admZh1$>NIS_FVB+o3NVWg7hAkssz9^;3;^$ba)}8(H(g5UvcM<Uq6sv9uYS
zE^bsdwmj4NIQpv?8R;FlO$!@L&##)<V-|U;X{RgHt}Qd7H=aw;$pD$cO`^tb1Q1Yx
z!S3~OC3`;r3To3IH|c!cRV0N-o{C7}tZv_es;=pV7Vx<7?i<O9ott55RwVMqxOJQH
znnJ6F0N&oWi{zGJEr{w%7K31a$jza<GA_Zf^bY7|OhZY#Hi7*~>TI1Z65&r+_-&_7
zoVCDTV1u#7X)&=eqH8#kU7cGP#P&NfQr?8Y3q>|m9^6!@taYobI9Vgpvv&W@K7`Y4
z<(l{fsPRd#X0YLu?zOu0kFpbQMImvdjuXG4=_<EI<n*hwt<G`ROaMP3;6=#U{F^Pg
z$=DBX?EdO9s=+_c6K`FFz{hZpR{*B=BbD;bu(wN%B!}LpMJk`0(x_I;;yrB#-2-Uo
z{Zv&PN9N4E`llY(x*KEHV_C~p4<PZt=tU&q0zJ6zfF>R!xkpf;s?PA`Df;fh?I*o+
z5xdG<lKL|{Lj$GSGv{WX)JEF+QpYF(q97^TA%WGtb2BgM_gch&85YL{wg#I3iz5me
z_HGN?)WmsVcF|-%5MUCT>ImVU*$-Tw68wyvu0on}vN$SY<SZ6j1W<kU@GO(?ylY|A
zv4hHV*h!!JPkVi0vU&c3>9_516FHU@o!dNChA6Vr+;$sMfo{{m(+%pYs{I>>vXb&n
zj=wue<Bysrn@~VD#6Z?jw&i5%q(Fq4{m^&50t2Ev(lv(k|3yFf(3{DN31lG_BDrg3
z4Wf~p>ZGjUq+!`qBR;Q^qT+McmLD5}_ME+iva5>#lJZWsFZEp$&ph$ujraSaI>&j8
zt+A_4#uyH<+NdaQ@6vp2yGg0T!V0NgqqjGs*$`YMi`TYkpb8loDas1JZon!_Yrm&%
zGZTizUoabA_r+C*FFJ;meIGJpI3XLdUmH=C8$pf;4K<n<AN=_AebH4XHvE_KPRXVd
zmC(HF4wYUtso=a!QH(%X#=s{3AD#x(d2Q*yoXP}+gm{G!`-xu!$%WP{#rMTKvI7pS
zV^--h@lJa{?P83+%zZ)b!g#vB0QItCo;~1cxz%IuDm%G=bz!NBrYxZze}{?qho`ip
zTH+WwacuWaE)<1b`>|)3I#^)hxUR#Qw7Kty+@{O*J)1gbCMC>H2JFAvQD432hNLGu
zS#QX`|M?%7W^Pib@+!Xo7m}9}AA+z<?D`}$JuQ9^>zMkv231fF6hqkn%iIe=7^sY`
zum;<$65YOlCO`toG{CE`EI%puAm8IPt~1(Ua5qaY)*=npqq3fmSvGq*epl3`9koYB
z-Fy@uk04HyZPXDmJ+nJJ?1b0|`FJ^?3VkDLHJ>SO)k8{5s3{PTnut<D%BAW31cP{k
zHgg5`nC70%7V&&Y7m}E^taqgH$KHb5_ZR)P=)Yz57rJ_Ow5KzQbC4x%_>cH|^~mBY
zm-{D%0<1*p*kk-q4$;q_`r98x%rU@nEYB)3b=XX;!{qiopL}RD-hBq)24oBBcKn`#
zq$mL=q^_r@>nAs{dAoOEQZCvLC8thVTC%euu55@$G8CuD@5u>bV`8pgB|Vp5)e0J&
z2W(4JS`bPCMC0_x;F|dvX!&_hK9_?DN#Is$Ik|U+mR3*&gjlZ5UHmwVusjdYe8qXF
zMD-+^LtzI<({Nng6DGIo5_IuwL)N9d+k)R2x+j5FBz#`uLYyS?5Y_FuredZ1kqQc1
zOYB;cJ{xaj_00h1<0QLF-_Y=gAmY180G@sDUZJYqF^hQPrCPpoOv0k0bnSPa?-In@
z<U@Sp-kCVWmUUk_y`xW0pU7Fnn_E<lK=;dtFYdV3Z*)^Q7}-wxpxNa_4053jJU@Ww
zPr;J=r8H6fY}362bEKi=_Np?O=SE8O>BZKRH3Kl-cspTP);esEp_3G)%M@hbZ4mb3
z%>TS-T{XWqwRzoFo-m4%q^mPNoQmgQpTX7Nu-54lAMIm^D>_V?Q{7R1+5FDE^vM^%
zM=mTaS<OY38P@Y(8{4cQru~&t@*QW(Yt(G7snEcNpcte&Zrua0aNBs=7>C9qqsrPf
zX8F3%W6M=R<^4*cja_W$J9VRb27kNGv+%!&ji$4$CytWDj9%gV=CMK@sDGM4HcyH~
z%FTLvd8W?V3q^SJbn5zd8rEZYIg>yJpKvO4^n#*#9x2Q3h76&h#l_A@Fkw4%UKRk=
z{U~`3!bZ`WCh#yD_{VmsYdpm&-*p7IS+Wfd0uY(u_3LLKDiln{%KQIhs6h))QH)Ks
zM%3qxGCe!iDk=d!svHYIXkVxauu{+bo%dKDHo>;8@{hm_^fpK|I`B|^{y)%g>eoam
z+44Wg2GV)j@n3rDx#(e!`@z3_`_G>62F-~l|4QzvIjT_t|NcXf2FM1XHMKU{>vsza
z3lj542H1&7NrVamglOo<8S8%?dVm|AIu2dg{Nkig>AGG3ar)V+JzX$rvWF<J<D2sy
zy72a_uLpCGkl785JK&0<0Q{DV?LP?(j+pS?^#3;}Psq;BzHkRSvHwSYxqSiBbrq&Q
zW!6tXG4-o$ZZ+s+Z+*aZr+7NbPSzr8%DCU>%el#mrxYjHZqmM^*Hf2stOc;*ELben
zF=cYF+(6}ddkl%C>rm-x+hXQ*o6{WFqnj3Nm^UT*>YqPV+b4#y8tHS;d^{5&`l3c;
zA12ZSq%fq@W`Svkh6uW{T!hoJnumCvl^Hi^R}A`skqbxzCO(R7GOIa9iQ2Vssy#$o
z_#I=fYHzOgBxQ=a9VO!FtiD)fcjZ31OB4Q)Hv^}%w<g5rmzj4)2gRqOXWVU>m?L9i
zMm5doy=}!1;IY1)5+rvF?zzgZU$4FHPY<;a{=Ci0Mc>hB(Dp%fdS24?>_!(zI~9nj
zGQ1?^Tr&bPo8*})5e{v$%G<y4MN)4*sJV}QmMp0co=_^)du|{EB!(4{N=u(6DQ5E*
zSh~z2H5V#+oLc$Z2|}wg!#fg)Z^7riL!x=VkxNO6_DrNO4mX*(bt2B>bFvm4fwv!>
zA%vy8DEs-|q(Sp^W_I-4C0fsuZ_O$CfTVUHa~wz?nweku<dmj|hRO)sR;s_)kv+u+
zrJDh1{^@}iuT|BQwx^4P>6yy;SQ<vpzcL^{<SxmS8HN&OtXB(J<~dVRw&ozQOi5e2
zyJwLk8^;4Lz`>QQ?0#QR=JnO<hXTW|t#4fzZFXw<gY!K>bj0(nT_7Ac*aQY<%j#5;
z)u%`yKQ8GzL0~0_?ik}9_+P(y6Gp2z^wCd#R4x5zWoRPS+ZgsNRE&}_a11t@!@b}5
zMhp;oz?07dI0OQWWoge$MeV#T2V!?3-X8PM9+N41g<On0v8lfK$+u6;Kx)sY;o0tV
zZ3UV53<b#PeJfPG=D#lSS?&#5bbQZ$5uz<?GPzA&bdDpJrfuK2xzlN=;d<02q}^<a
zlDe_Wy()$t<T*P>4czRs;4_Ad6EYbBRRLCCjOP?zRY!9cr6NA5wRn|7vH54*+=0#h
z6C*2vytrSixc9DL3JnS?z)<5t$5tbP{cs=DKq7AA`G68OS0Cbw%yBCc{ALM~HX}Qe
zKta)~=DLgGDo9vtMP^r-o)M{2>%Fq7l=fW@<Bh-7?YC%UQ=NZr9pWa<l|(VL&GFMJ
z(mgw^{X^p$pk1`U&7B@I3f%D_!R4#fZG7LN#4hES!$M_!O8V`Z`&8pO8Zu_w(bL(P
z8H={blD{T<yqKfVX=?w9n}BzMi{BSU71L0VD78Pb6MblP%0lFisk^dsZmCz1p;nO$
z=-9a8zg7(Xh9(e~sK&i!R5wd+z6~Tpr<0PhQ4+2cKUpR;(CAOlNLW3{aJxy86QVdl
z=2_;F;+bH+!td`dB1FYD1=ZZppvr4u7VUj*EEAghjn)C!wvhaI4Fg~`?Meis63SEA
zjh`5x$_PCF!8XCJzSGD!=`NrB)@2aJl&NFL8^uA=NLR;Emnt<qW=(W;n*3&l&Ly#*
zHmYeNNTmo6@32=ft28|^0GID94r}@7n4;S@Q8(tCggdgM-uPXw8duB<550YFrb-q;
z&mE`=9m}A6o4RGlTNglcY}A~8C=k&e^ZMpi;t)AKv=&$?+}7=>@)X^Cl_s9H_8SRk
zsAb>t1M{513it2R{BOm1Chu416n7V}@4!~K&s*r{VIa#p+WD4N5R}N?k_=&TmUyHJ
z$p4ab>K&5v4~iz7Fbg{^nP<SRWc?nKE9v^|f3QzaFWdiR%6*OEWz?;KcnWqQMAPO7
zf4&wOw6iq>BSCyx5zoajXp<d+n@4?RNUs<(*#4D3VK}I;$()dYzfT)BsMI$<vGpS4
zXy&!uLTnkxy8pe&>OQ}qoZqOTFg$nF#0(l?QnwgdT&VaqZQ2x63_HXu*h_!D@N`py
zRZe)7&cY~WDtbaUsmCq+@tC1~)ReY-w6V3jg7QI0VSFGf{~sOYwSNI)5QJZ)u1AxL
zAHtu7qKfPE$}vLN@<TR54%CHbh^ehL>+X3D#Y3~`>FztF@^i6iTf6T%c^ADrD!ZQ-
zHD~FpPTCaWiTNY_-2;-0LTlLfe86<)U!C!-qTRobu^wUE4ywDaC$xBau}kw=!sIuS
z=@zI9l)tb*#xFM1bXJ4Xgbk$}WS`Ym{hjv%Ob<|w`f|poPA&7Wj70eI!f`uZ70Q}{
z&WWxO94upb&)^s(%D1Za<k+&*rhXtLZ%8*r5qARdA!5yaK^J)Snf8T`oLLU;eGL4H
zw2FK-JwZVU35*B6A(y}2qj*8)2Y`$kMZ;0ymO!(pvsyGBKOw|p;8RNdEiE0;y9n6v
z$nodtpWH=MO5V0FP{NbNxO{)f^jHIu$tSseQ&8vISHM)#lhwuYS{X+akY+lojV5JY
zeftCqE|QvFq}+x;*1qWMDOApN&o${dp)V#hdDLT5W1yeR31H4X(~lz0H4Mk%{DQgW
z^d3w5p{Jp%W^R58SXNNwr=IZ1v0C8u>^JEZ9R2Pk*0n>&#`(mC49cUi3YV*)OIqBT
zL@}Zow#eEQTe4QA*Y5_*T#VNhUKYx$0KKgI(I=IF!OBWBPD$%T+g5sc)myva4asII
zqYgO>`8+*OP+Tibe}NzA1%U=|_F~t*G0+2y3&zL=JJeUvr<{yNP~Be2!P;MKqpi#a
zpVs=8f6MiaVsJj8qsGfLp1o2q-R}s0uRj|FjPxnQ#Khh}9VgF^PaxvmtD|L8Q`6u&
zhu|JjkU6j5ibHT!s+kYfk?8@g9vdZ0D2Up;Sv~5&U*hDkl<#NW2R}soJ-c7xU=)O(
zY^X_Lp`!91$^hjD8Djjm0+4`_&~pbEnOFn!3v<XLCix#YA%(6zCh34n=fI!u%05o;
zKP847|4Y-+8Hy{d?DPNY^1%wFC+ENEy8#2j;Kl#7Yfs$$Cx>X9&vks4%3;pk`dFe3
zl$11M(<$WZ_NVPsl!+itV;by5v31|4+m9qeUQbun3Tz3nYi1Mb^g9@3Og!I3^B!P0
zuze$ZY<H|_+7b1RvpaK~g!p$;A9F_i&)BL5pGr<y71gId+^@O3J~C5m5odX8={a@p
z<~26j0F9X$!zsJLBTGF?u4T^}Y&lo0#|!6$bDCxwC_5^l8QoYRW<@?9TT{|SG|5j}
zC|L)NLf;>G(K%N$r(1Ln=n=oa*DOV6$hOU&FIZLoMaQa^uH$e<6Fu?GT4B}V>Ml(?
z$g61A?BqAUb!PV~D@I4DS&yhSh5Oh?q-k&tzbF!cUo~}Qj>SWRPo%%m^76d6)|MO&
z3nQWVx{m;U$$~by`sB5WmVX<2Q6zS|@ohC%=2Ml_Y}8%8Q5L$|%$adVF%$H^V$P~L
zEvgt^ArJ~mNk1WRFIQ{Rovl%1Q5v)cv*>v4G>6fllQr07(?GxlQx%VOc;aiE!-Oj3
z`tEw*ZOm!fsKt)e%$qP@IU6RtC=5(I$`_~;i*AgMt;$x}SLt7+m^ykaa{-mdtgNhX
zrue{C-KSZ(E4ETiC_8p{%bqzZH4KT(Z^wmG1zzGDRN@tmqnoHjnl9NS`E=A8l*9Du
z!ashceu<gRtfJi~6uV6-iyQcQdKdYysy=nhy?z#{7$Ss`g*}+%1xaeiaD&}IQ%IGA
zL~@!K54fDs8)oOMn+Vb@veonzSL2>qNFTahc3+3X(7F;-7R_9aDBD>-AHTtAV-K^~
z4fcU|`**U!q-g1hUF&DhZ1?_Q<^_+sy1Ej4ZHlty{y1~WIu*`8$1#_z8suBcgBH0&
zI_7g-nb3{f)v1gR6^6;OL^?x-Fp)o7_sL9E(v5PF?~fR;8TuI#E+8R3a6A6N7;#-w
z?5%>5s}Wsq8#~vZCR~!zZx_HjBU{TBZVV%qRB0M>%nL9lUFMx%Vlw-(+8rnBSG9<%
z{Xicf!mxG`tTAtzgiqMVPrQHr8K!20N%?g|ecJK<_j4J6Z&Gs&J7XqIrww5r^VWNB
zyS4eAH*BMy-4u%R%Xskhj;X2-aWYM)gDtUUXg?dls3|%p1bl>HFTvT;Vu6CMI(n$W
zhB(aB?8;EDZ~3B&Z*x?~pPpdSqv~mijk=7VMN6-HyDjG^X*J$=FH}mH6&*h5?7fH=
z)g(x*?fRr_7Ux#;JEPr`het6#0ve>R_o-_NlHK3;FWRv|{`~_#9I=09aTYX|!I$81
zQ0kra&eEiXW-FY6?D1zoUzn59)6>n)e)snFLheT)K6lFy1-`T2*$=7KNi8SQSXr!E
ztEI%&%j%EC@*sl>0>S?jN*mNUkTmsUY0epGrIbE?1p0ubeAwCeGRu(pFb}Kq%`}VM
zC&DkL-MeXc`6)kMv2bUGO6`%lT}u33+n-As(fw;F184wWB^WWzv#tVWe4sB7_tNX>
zaQcXICSBEljgK`)dW^ee3oKA)1))6c)WQC||6Ay|9^*~jCG$5QIO7sL*50&%U0b-X
z66lm+Zz%qlarj9kM%++E6JW08#x=z8<5l#5M(&zsVo8`P3Xp{QJLHTVSpBFdo0|lA
zPlGHqnCdfM_A%hSi7>Xg3G{LM+|(ykRhIq6?EIG4!S-@|r@{Yi3P#$ybl<td5{Vz~
z$6GICND^1^-Zo*iF77jWB0`&flKrv1X|$pA{!+C)aD}T%zIC(2X0NVGp)9pe_OdDE
z(s^b3iXPhMP!+q{KaW&e!vA^X9Jy?W?2r2eycwE>Rd`zY9<J@3d{**UhH*#|c6wV%
z<-s_~;0!5<n-BZc+16s*&>j_v=d)r8R<KR)@yM0gBSqu4zTvja`TnYi+v`z<F>rhB
zN1K1%3?}lswDv0fI$sn%u9PmQTfWvFUH-kGnVcW3ofj(f)J@-0&T_8H9;i#grOkbE
ztkB>N>3EVx^jR`51y7dbLW1aLT&NU7(a$o%pGrj2nd4|T!MpmE<xTYHeoLK(tq4(B
zZ@XcYU%vJbf^2(^G{*E8Ib4&ad2N4{PbUtGhjlyiNJH*E9qNG5{1SpWetw{qsFu%#
zc7JT4LjEoBsJ!sp8PmyxNI_MjW>#a^I8LCp40@dL0gX>P>Y|fY)#FHo%F;F{^c^e5
z=m(yy19$YjLKKTE4{g$7TUq;=w1-W9@L#~TqnmY|v<l|v3cl-ZS|_>!fj2M;^-fIC
z8cpAH^i)X;U4+d1*u(eHeE?yizQac`h1Y#uO4&`s0JnT1__I^8q@THlu;Y<d3>&<o
zTHn`TuoV+qWc98a4tQgW=2G+MBdM#yC%J-8h~9KR8Gd7uCKq|p$`YeWGD(yB4G-zH
zjj_xO<AvWu7K|yoF2}{2xFUBk{5^i*lNRfCeuEis*}6s9HY%A6gRO=iwTf;i_>T~~
zhs8%PvV9-jFJx(CLv{ElEA%Q=PqzLnlf8`9+3(xkdDDJ(1^|w*&>bojoGga)!S$$3
zRUKa%aFts>>vi)BI`Br$3&_t;_qjiM2e@gNau2n?x`XxGV$1HuFqXF$3Zx!xRswOU
z=9h}L%=d=TGve_>0ink`DdGK7{=z`lJJOz(9jx($!NbJWl5(Swq1?F85BY6G%6`Q3
zo5!liR+(w8-g+s^MWOGmA~0S(dhoOQg|M1Go5v^^gu+!HZb&K}pJ}bt43h+IC!91V
ztI~LX8PAq&cqDhR{l9;+)L6_Ew46`Ovp*qaN%!UcFuz4JtN6H_WVAM_k(G+lar*NO
zU-tuVn@1fehopCPMeu*`%udj8DsdYT%VIk0y{@0tIP+m1pFcCcJ8p?OTh*xK|IC;|
zSe?$o>00z#C_5!x`o&%UwRTn&s;ar?Kt8T4Ni-H0%(q&2ni?iF<t?oHId&V>Bn!q|
zye;+6ceW`yePkk#AF*4ztd1xykFA2pBNzOF&>DW=fcqR{dgkGNN{#Onne|IqtK7Z`
zoP9RWYu7zAe|C?_y6Q={E)i6670M55$Vk%;_+KqR{qZCxKh3wnj>H2#nd>ilw>cMD
zJkuAA7cHdaWX(HoFqQIQ4FaCSj;i?4Y7GVmpHFI}whhK>Or^quj64L?;5DBCe4mv^
zAMEqXP)4`!u(_9wR}Qf8Uwr@E*ME2;?7kpSXk-0Hdx8*V`DoTezfshNPrAN@05)rp
z^o(r1VRh>iyTSA4@WI6Mfz?ZySJcPV?&V^T^I}C(?v?P~<Oi9{OaPPY%OA6;X=Jmf
zYLUi*QJQCU-5CDv45UzOmzN3U97%MXv^F!h$wOM~%Bo1Hb0@^SvqrrY-+ChqmIGqi
z)C-5Ul=kcXIIDb#IapK^Fsf@e9;TL*o^mM-`tu>#ok^$UXWi_PdlHmWJcVz20F5E^
z<ymysXL~C8k!^ju&cM)j9CR@fJCyk`(r?<&Rzz{N90?WE{7koD*mYDEBfqIO)3r8b
zr3}hgOYjTzGN$G$RU1}U{S~{^jnooSvQ6fH@3LGsd%m7QBhoXVDK~P{-C)3D6O`lr
z=feAyzQUx^y~2AdBVq#q3b1;1%@?*B^=^(x&-t3=!3}&M#m5$xNBw!#9|0evXchQi
zIJ%mv+W)H6`@=NT`&T-Mx8&r}vNKzRQ#;z<Xmy=mna*gOUA_@c!Lly=?K=<VaIjJj
z<e0v5;_jdoA6c~Zu}yF9^N}YhL50^X_fxV!0`iyzr12((Y1S-c&ks~xe1ud;x~sk3
zd;=^&yA5$1^JSKV7obm;5CSmc?vVvI^97o-F0b@nS7kOeCMN2)6I=}F$%W<%-#*IV
zkXOJ?H#TG=E{ceiSwz*9bajrs^I`Wsu5VdrIa1%z)v8ok^P5-qew^av(84uN<<_C8
za;poWZ9Y%6qHJjY|G_pLmEY9TYj>Sk=XQ3TKfT2|%|6@dshQ8K<fnvgU?1-$Da<jQ
zXqv*?{oa#YKK-EgK_N#W>n`i4ymQCT{6{Bqdg!;cwr65%-=H{Yf0d-q?vUr+-q6Rv
zYhiY&x(Pw<OVURP3R;JUs=zsbNQnLVHHfn<-FGFie^6(8nPkkV%S}w79fD28JUb3p
z<*QZ}=Q`+CW;$t#Nkku-ip8S`Ss>_8zxsGWu`NfS`Le-O)?cftA*Afto)=IPut2G&
zrw0JRmX;RiL)E-B&MRt7?`vU!f;XN8>7-G#r4*`W@a0sNN(l4ltC_;d3XA3>8?T3F
z3PkBNuCT2DpNE21T%NR@u+?M{UMZ6~I-#WRf};PAvbPM1tBZm~2MBHnBm{Q}?yd>$
z1b26Lw*Wzd1Pku&?k>UI-QC^c9+G@l-hJ=KtD*{unwmMY&yrr<z4r+ytSmwB%fH9x
zjZ-`&cB=M&UA%9>y^HCQvthGLzH7wlpsbNG$F740DnuI9)g>j#FYESuZ5HUAM0q$r
zb|I@t_mWW}4}Uc~4P@b2z#UGVJ7>mUu}@$-g$4#5f<<xqqRt`B!Od6KmXt^tK51Ko
zm8Ndwaaa?x?qwMEko4)E>%d7`%T~mPE?>hL7@)Gd2PFp<kmubE%$J4G0|6jnkX`<8
zcxawL!We*r_A;eKmUF$I#BR6U!~0zBC}!*fZ)i1RLk*w-jmmdi2mtmu*_0RS^nH_D
zZGpr-U5YeW!#?><@)ai%gnDIcx3mgb^@MX|WMjM+6mFP}5Q=eetT~(q<!|_PvCOO?
z*7klRGgSN~SH3<1&C;zJE?!`B0Q7Ec)M6&bU#=_CNo+rxW`8{|r55wJJB?r=wbgb5
z@KH%wxS5B5TxmyhT{)l(a{8tY-~IKbX)0p2zZ@Fzij%nm3&66+y=Dw=z7T9duJ#09
zU*ahxRzQcIi(La12LD>r%sw=qn8cbJ#32^5n<L*7u<0}^k8J1`ma5n0(gRJS4bwvX
zn6okc3fK__SkK>BsGo3(U*_4j{=t_n2wOfQ%+$yi?-EvZCxU=*)%mr}o?v4|&eTpW
zO*R$7|5NkVb6;r#HR(7t-d|YhuFjkLU{$B2d}@PAK$!02Y{V@mw~I6FZb@0Ox`BX~
zUnmuR*>JC6!hPY;2y=Iz-I?10e6)8!|L?1oQidB1rvp=S385h(+gCg(1H~zgy*#{$
z%aaN2fGjxv13?b}+0<SUTBkNo?Xze^%_RdzF3@+k(3w1mJ>+^O0i^wgsZ&TcA_7d-
zl8nzBh+VjG3E5c16F`iz9N9`PL~Sz-NZV%5jz-B(uSmT%T9%e+3@ikrc5;vTZNYX-
z5_am>aa2(o!fr)LgUlt3AMWmWJ8bHlg;4d>=9dRM5Ct1S6zNWEyYf(+PSR}Eoii}N
z^cD!WUTdhn>aI_5?9VF<J7V-u*GL*OY`I~^Y;_giL-52HsT=N{tmJd`S`?c1mdb%f
z4ShCYerKhG&^n!n;{=8ZKR0l{P>6i)UUR;vXu{OzfXia^K`-(!Pe)>!%$IA<<h6j6
z5n|0g&;*ZFPYsPJ<_oaT4V!ZCek2giSrc&hpyrYN=#4Mz$h?${+Djl@_;Y#253baM
zLWfv<0{ntu0>S<YnU!SxDnY!tcrR2nGt8wl>;V^;h_{fZji!+mNoja^u~IPOkfsiF
zKLg0f%XnUaRQ`v;^a9!|)Z24iF@mV39qD%6g5HE1k*jXzXny)0!@&D@&5S!;R|E^u
zH5TNQs?mHPqCfUB#iQ>zXyE3Ll8yfZbrHn>@1Ty$pvL#nT8`+;$tkC-!zF>|x0~M8
zbVzcc)L*VWJK4Cd)x0VF?(tv=shDv)n_@ko-&@~em$@~sT{OQFR)-pM*AMQH1Ja!|
z9I_e!I9H}dO{6Y{_yoROOzri3<_Mk!xtlvd(+f<E`8-|)hf*n*VEzEZ;8L*jbgv-M
z{{ztp{roC*gj<>3w%9|=lOZqZFzdyIxF+NLAXLZXy%&|Pim1@UYrs{Oits*Mrj9KA
zn(;Jh%c=rDX=!pK=$`m_nVTI(swK{`H9l)IG||ZPXM{zr3_bMFD&+v$6fm41pNB=G
zlB10RQw(&BG3g&rhBcTY6N!cG067l~Jmf}S;v8cTZ%TSH6Lf!prNhpscbE&q;^AwY
zxM4MKaI$STKVUY~{o!96ht|KGEPdNIy1PGAp(%mj`HRgI&cwD|R=%Y0{8peP`^2;)
zWn-i7h?OcS0Oe$xU|ls8w)LAq=S$1;MZK^ykKDXWJZ+TK03L!s-NghgC&P+OK(k)V
zRZS#OeNG>v5Q#qOnEb<1aJlMo&FTh#O@T>ZK?n%lEvGMc=fWJ;)aVg389=dQPL)IS
z+7O4oyI;y$jCz}}x~SvuYN*JWCo27v7&{(YWd@W|1A*nPslXr719gy^jZq)-a3)hn
z`kd5vlXGgPnrK~0fz(?is7>E!DedfK?5HX{L~;o~ok!Zf4Vr&ru;pOvvvKU2{RRa<
zZ;Bbntyk<r{%SvG&$aSf?4F-QJl3h6_T@+!3n9)!z?@p=Yt>eVST$9f9jdig9)Ky2
zR%!gfDM)0u*{yUPa)^eiX+mnb+?>#L&h3WT0@~fUfqP`TnJj|atIPsmvnVI@&p%zM
zoYs@K^{iYM*b@U-I9fCeg=gtq>qj350FcG3zy-n)g8v-)iUM=}%SL{cd)#n&MiUrB
zl=0}Pz6HWH(M~Ri^jiXi*$F;j|6pI{JLZY}`!tk#!`8zg3V50-_TIdzSD<%U|4uZY
zN+<i=f5HK-={yHnK|hqZ$e_@xrs1h%%+mlfIreN|bMtFs<4el3<>4l$<$r+A$ja3i
zC<?0t6*|o)KVl4KI4&EL>c9Sf0<)@6CU}XCSl(W&fQ|Cy<LKs-^Dod-%QyTMF)YEC
zVSc&B-=HX=nZ>`m|A|%>LKh}1U~O`4w#;26gWZ5}cb>&1<SwC3=Ggd`7C`;9Knkll
zMpC6+qVIGPr?2RCmHFLW6^-ow{-sVoAuY>JeQ?0I5&Lr)uDKKYBMY`H`RA+|hx+8}
z(6ee5@;;-d{Z}ewVFoJfVYtHVz$5%JCAAc(%RnPhA{u%p?6M(xZ1nry1%%3n00sc{
zZ~;ul$1=J07J5xge?gV*G(MC!26-o=es1`M>oWby6xCq0480AG?-Mq^OdQEw?>BLt
z7(<^TN!FblVVO;It$^7U`gU=iPkA$MhFI7XJXIJ5I^|<2$E!ISnXV>yBHYf_)agSE
zni+5wb{?I4I<qnUf@`l{a5T$f`qF0Xcf}+o($nVSx~OG_ti)L<DK;Vb-t~l{H6Tt>
z>oefHU|^$0jNQ|~Csgy;ieoi1Wl8?IO;jnTvRr#%AwW#^Bkt+`byh=;N8I-?3M?99
zUT(mQPaY>p5^*}gkd*gLAH1(+)KG6#OF+$&%p{w&rkuNchE8H)5#Pt%nk_r?pWKYU
zU3OA?Ud8{aeo{f|;_qkj%dLe&W?{Sc+Q#;|d6ZLqI^{#^&H5*dL@XM+uZt1awl9{(
zKAfo-d4YpC6hTLUl8oqKe`s541y-K<S1c9tAhQtWtnrIoYJS1DpDjq|L^)_k$ja?|
zMMV&HOINyv;7dCPinxdzGbD45#(ff^xLp-a(e@^CeOqIxs^}GKVoH)D>b6<7ovPvV
zj)dJJGa+FGw8Sy{^nmA_Tdl;sN`9MWG9BToUw|u#rQ{}=+#}t1_aAR|v4QuZ%qfV&
zWy1+{SSL9I>I|~WS2~k?NhqI-Xm8#dTeqOo{}X?|@r{NIwAZA015x3Vu3?8>uI>T_
zR(UAm_Cl7;`ikdY*rgZw7j{))Z91A2u^~b!+PDIr3o808Ms%C{bZA5-l_a9M9S$Ha
zdIM<W#}zLRk~>@fHMhh3!UfUD+>(w=v1Tr!38VX0x~Qm7;j+c8dD*_>Mga*sej7E6
zWu>MV-5lpXycI&uclb)(V_8A;c&v=NLYTwfzY}?d5G?ahVO*6+nSUh&@87>exjM&P
zxoS+vVD8of6cO(3qmW$dR_!F=-|sn)s7R=iN@dM_OpG(76sTGaL4?kKCYzeJR^;sw
z-7rZo2in5jy8kP9n*2su{aPqN+7RZua!N{a1WUz*<@6ZL$QATSdE|U9aR%mTLPu1Y
ziSQGu-GBw8XCR(trs~PURr29*3e12`Y$AGh@V?!5KQO`{LI%kgFHW`0%ABrs8Dq^I
zempaI7<qJ(uhlYU-?zz*fThI!>T^n|#l(tEzK*q5*(m3u>fzAko!i5*l-K3&QG3q0
z-w{u*WNn!Z3*Aj}y25qK00fR~uM?|NQS2}Ng@Kl&d6s}PftXQFY<mjd<VLcj`BV8g
z9$vm^IxfeCLN+mHo`s$z=DafMm!sgIn|uL}>jDM|{UYpNEEQyg7RH(YPy@OSAumBp
z*0(jr3!zV}w2>1z;bk}^-&O(EPqY;FgI=}oys}E1V>8hdW9!TnSTi+ma)HKj8TKxj
zW=0%rvmMz<jA|kiakgQasEfX9|NV{RC0;|vIL!}dWW^tY6Ypb8XxXFrU-1>_Ko7!g
zWhRMh!?;j>ebC&9IXN{Xf@s1zqanDsMK;VEXYPg9%?fpaEtbR-SCC`M_aoG&p5Gw>
zZy`gx72$HHNfH^SjnRCPIl;U5#+D?wuhQUugG%RnL+i3wU}uW_JmEh}$_Joz8PoBa
z{9^S%7@a0n5>umuh$diAT-FaX-r=t;q~L;omitv<&Q5sLe?bsIuC<hEM@yS;hdjdl
zE8s#LM_H|%d5gPQUK}y3qnInLm#He^V^iBcXtlECA~7M_ff+bWgic_%2u1QdHZ*l*
zlK5@-AT{}%{(MYYd{Ru!XLBc~fpK-m<F*5E4IXn>tx(EA=LWtKLjxQZ?aEHo>sv(0
z%%ZMQFzJ^|PR`jo)ykz$N5(iS18>dPzu^PB=V5%f2xFN&o?o5;!A3(xB|djMyXVrK
zwE<3FRbC*2+zwheJB=vR^b`BYPyS!h2l1@)314ebab^5|Sj5+GsU_hP>l|<@Lpj^c
zOm#pTNitKG#}en3wNn3hNSO$+yDrd8MmIf}8@3UzztYU5+T#zip}r4NwNgV*gn(&8
zaVbU}R!H9B%48XVf}?}mH04aD?wpC$^QfgdC`boQf|T<I{TtZ%ao>D?3;b-h4_e8*
zbmBeJc~ys~t>8$+bAG**3~gq7*HkHZCs_>KY139~fg27{8U6(tJoPSLv>N92x9oP<
zmvm=ECpAx;3u6dB_k1(yDMNK)vJ(dT1TAv;Ax2#!2MX8M444nqPHxn9YW$N9l8#+4
za5RTw&!5X=RSJ=|Y!tP@@Gr01_>aQC(lmEVO<bnWYfWO7%p%1z@5BDA<T-5IN~VV=
zZqI!Qa(xHJq$AU}V5!TVWk;Su4}bR3s~X7px0F$;w0QDCcru$vvK=)w(>pYko*|wx
zIMQOO<I5QdYNZCla1t5Q@ONzz``@ptnp3TQCfNVD1O=&nSY6&fr`o~jS$Qe~MoY(W
z#8j;aYFQOAM68eGJglN8WQ`f^ibGK5j<Wn;rNrdag5UjFvj{Q?s%w~Or|J>;wCtEU
zPSjkT3+k37HkR5|^>47Z_Uqu8(!${`+CRymt{_O$JQjkhsT*fYKIO;Oz$Vp`9JO_S
zZZ?4dOGW#lpP1I!5Uw(PBicM#vLnmIhY9*knw47{F>ITX{@r4TGpsin>)T+Bh~B3o
zBb}4?_~fEFgBXp;R3P~^8Ts0saAn`W5%+jb<-T7)&idP(GAl=zcs}e9->$P-YT35K
z@>7s(c!o(TX2Eql)YO6gUcmeK5E&|Q>GJ6S^);#q3NsWCx&{a&wtEP2YO{Xsjl57<
znMy}^bI?d#R(&_+@CKZp>IXF4wstPjqIjX>Qt-4{*U4NFD97AslnwI-bPD?mord^g
zCi%a3`bZ2__NKNLeo7|{Dox(qX6Q~*5?nT;kVdY9r<?vL_)4;nE1>xiOt2R_Bp^a6
zqWEMQlaEq*N)k4?BJCO@$7-%drEmPih=GmLp0&Eb<vqec9!pQWF79ko&Q|lFX=?tD
zJ4F?}&mR^LHdr%8Y*W5=I|_<U9-=4b4C44P1Sq|?pXJs3g)D5g`{nQIoJ%Or-ltry
zr#;}4x`rLfiRpt_fDIkl$6CagOHJrW?UpJ&&+o?Wj}_OUymwfeHOpKi?M4a{J{M$f
z&6V$QJUJCnH2LH!Y8wN|k=NPKXkO-+X}f$qr!vea2M-&0fdG4hK;<njo;XMFZxQz1
zK4{g<zFfRKzZe?bA2*(~+-+ldiLFjf<qBNp7d~?hPb=)eO!X2e{SB$No1X{0Voh6D
zUe*He6crU)o~{?>*uTHTXf=35TuAiZZ0ym6Yn!*|m9qDiBE9A<@Uuy73x7(8=5{6?
z@~`mV_o_EJ7s)05d%>H#$tLe^@DVON`SMbKx%mvSVL(gs??rT=Gq4n5p_GP^Lu>BB
zDBe9!zlx#3V~|*Q84*+J<|8CaoG|cZMq=NVNkK72l8A?&4F6Zz1aWsCaAzC#%|VD=
za%80U6xM{Pr^OXrQXUTP>VGkv7Gn`YwV{!^9#E)dvsuQ?2XL3dc&`i8{#a}lgH4wF
z$sT<K*X-%yKxed!2b3=|%J-5&Oibjk_hspAd?wJrZ}>&$x7;(cf{#j)4-W$8cW9`=
zeq_W-yAYuu`7^?FWqG+Sg#1fG=*r8p>y1t^*MOju+@rb;|6c4sGlL)!vWDGrom%B-
zV)3iPk5Bj6Jm#N3^?^eCD`7*QMUD(F5@O%S+kH{tXw=%r<6lPP%MU)X93xZKrq|xc
z-~R51BTG$va^$G+ut*Za?qmO3J<5lIA<@bK*&x}6yLpn*>2UzuqnG)~qWXi#>2!JF
zeZ+$AlN1|I4h`OMyO0sJu7rC*YqFhbITLgXdh(x!fZsbojHbqQ%vm;GlUYw1!o@@*
zsZFk%q2}i({lOrLD@kj=Z62<K{A4d%)zn(RJowVWKY@3Zh<X$9=7%i&49&2WsqCk!
zCIVZ-7+}N1h(rt@7ej59ew2xlkE5mHJXHD861BL%-LARt!2Y?8orRiiGutt8_ey?S
zko*KK>)&{YFdEGCPo@X@P=~N{LlE(a>6DD^Wo+i^{y9K737rlOej}7y@$qB_+v+-@
z!u@`vK8)y)<|m~x(Vw7bdDd2YI8wtJ!n28<8uGYWl;04E-Ou4YZxmN^RFsiKHy8wD
z?Cdeq2Hb>UoM(>-B}q*7WW+_%46*@^wmDMA_+8zIX%{q!eZMLt<YUef&Q5A>BT&X+
z-CiC}8*dXCc6zBWuXpQdo>SaB*sxyvC_c=2eh_sxF6HG9ayv4(Rt&DE=s1{^>bR9j
zj<An)^R(Dw%~B}xku)Oru|QWESmVdDg`D9|22q=v`4HG{EAvoIk}ZEsQEJ#SNI5e0
z-%WOg6Vp>R$S1Y4{kpI>3bNOnI4^K^Rza-YN*D+8Ucj_1VPCpn;ApyZ=&@0@q6F2e
zgNy0+QRkouPN3^TswPZ~Mmt|*4)D)9;iO7+>8hYCpI%+)aZ`?_;T=FcO9qe{@H6uM
zx%A##Lz^88&_WcJDQCjU0Y}pAP09b&wkFw^2)nF2M&~r1i)_r{oa#Mt{VXhoxE-cQ
z^G--fs7<WC4i(QZ7(tSLJ^1dfO?uUKErZn}Xe!IDb4c<fLlF|xn@xV;Og?kB?3jX)
z2(cwW6&unH_d63-fU||ugYG>#<>0KzB-)5wiq1uXqY?>7yB-|?4CS?8ryx)tq1QMY
z3nW-rIO(G$1L1#59;D*)ok+OABL|$icyKwM4KdN`?C5uSJ>(9YL|ZQENAxAchKzyA
z77viGYuo2Vg(8c&*9u%+CAm6CZ30b$v@gjI(-ll0P&2mGNm@>yafJhFYia@snrKZr
za&$OCOT;Ihx`Tt1`*<z4w;=gMGH+_#*!zmUK5rO)tZYeSaFPkQN>R*dkFJL}$kM8b
zD_}zKfDhC5NDUqI|67LKRncl%5^ePcYrmMf3J^M3%g^t@{ONcpkd%=U8IzgD^ESR<
zpz0B(JWVojH^IOapOQo-NtK`vBwr7Puxv=)4~)wdT@fg;4OI0fya5S)1bL%yaJJ#l
zCGmC*xlcPee1d4dKlW4ut|S&G#6oI$E?^>a{5MY$%TYPU_a}?b^M+GAQ7Wa(^Xh$(
z@sU-;pt|y<9wL!a7e#BV?hhk#GG?@S#|VTbVNgM;Bf$eE*ogRgB$acj8&z{}K3R-1
zRuKHH45`uGQ#WIv=wR9s_SSq+J~8_#1F_j$;IN4D7Lyn}bAf;jx!;cZWO1E+BwhR>
zWWCc)W;$sxxdrJ!V#+)qOw>+lDOOxQ#3KyDElC!e;zDLN6%N_t#MLUXH5y=g$M%!o
zmA&G(_q{11W>tlDMk;ASgJ95d?=G)&Hhh+URrt^v4(m?e=vO;xmZ6c=zdsQ?&8iWT
zDJ4_IWM=#?D9BZu4@}2He2;zOcJEpy(%*)Do^7g}ih2KI@nO2w!2#F)Lf0Cq(E#>d
zSm2;htr9CbdF9eo=Ppb-`6rX$|Jg`m-=rahi*e#iKNnaFEaW^@`!ye~u`;`{>%>1s
zMb?lr@GJCc&eId3R^#sWxEeaS(Fi`_wwyeF9TLtGHst?X%y<ZpYg;JEew<%QUD``)
zBtQ3SFglN+CKJiq9dIW^+hL}L+)>TC2O#FYfxBnCMI&xE@6+zWHIt?;dnO6R`n<9d
z{n6gb(tg7@;#2mq8p5BB`sS{QOU5HrF68NPkSH#fBT5VBvA=AF4&H_SzuOg%jm{;z
z=(HK{V}|~x4M*&Bh6r{F5&pfMFy}6H-#@li!K5N892Txc*W^VqLV&ypZ219Xo%nO8
zAGIS|kd{8<gWUFfk~ug!;e;W~3zEUokcrpy7XMdBnTI6v`Kew0VI{Hm5AR|gRjq{<
zaF(^uHF)#|#>qQc#Zs<~7tMybVqmX9@-{YoUirsZ>w`w~8sYX`>tQ<XNRQ_l)?^FZ
zMoWyI_W064v;0#|Q?jVk-)H6cJfb4wb_@CJnTGRSN`oy7RmqTc^HT_MOM1|LSnE|P
z6tp8cXmNjlj1HC~`wU;3<~K|#zX-=afBjn7Z{_OJk)mao;A0aqkg=W>i@Y*)zDLpG
z;8<6{MwpryNK%?LUtzcAtE4iMoo8BNgEep6h#6H%eKz}5tRxe8E_GIs6Qky?dz5l~
zc<g)+%^ujC5-$thWbj*$(GBtnR&8>N|K+=zSi(0i3EZP!gN^q$@)dZZv|5i}y!`Xe
z$rGHrICx)%7!q?yk$(!mJ6E}63idv=dxYa+PstpFIk(n*>*l<PaY8qCVP9G_2GR~3
z{8pzJt8AMQLWAcRVjx)o-hCPJe98<U4Uk07JG?~Sq?gsKKvw`(k_c`m;nO8A(O!iU
zoCw7LfU<TMbujef9>31;q4YmQ;1XQuaU9u?{h33rM6?}-%e-ZZJK6#6`ck%Z5f+Af
z^Ke3?xGc_Jne|Ch&4{ZWT0DQKa?tYA`(}s8Ntq9aLRWf~^3@z$NjCxz-ecc4J(A`T
zf3gFkmZbQ+mu;uKbsJdGR@Xfb{KheNfhJ6D_X8gs`@J_BZL^DI>7viqM?B?bcV+Zu
zm8bRovH!dPc_{%u`f&1e8^N!qW`OXK6ia0<m|Ra*&GWz8{;~8%uo7N^&Nf-vUN<7{
z;rU+Toa%Qb%pH|0=6AA3_f~M}5aEcscb3gADu=bOpQ(73mucM1qj)8BDth@h#^1ye
zk~Rn$vn~=OZmvDbLQl6$Nw`SUPRaTb$%<o8*z*g`@cW~kgU40iumam!-tU-`d&)(9
zIU_{;$ynHx>-`}m@_!qyKfw5n>1SKKU07PG5O{BLk08IYF7ONa1{<S6jPNLFO01NG
zrop3xp{9GMXu>FT`<=p73UpYv1~bk0So>8j35s;Iw`D>!N0#{z<ENuh(8gV%CPHoZ
zi2s7_Xhw2$RWg$ke!<pA@r=|N?C-9oCXvbOqeAH@@JLTnw3A7rIEvJapuoEt83k#-
z{}n-SO1JD@kSXs+z8bz!i4(r|cpcKG^8y7T2Y$WI=Zpe>=JSq(hiWB()+BFRl)cWk
zMMjtl@Ezyodvz@&ZME1+s0Z6K0ZA`Y3;!@t!$y)GPFq$I+b|;;9H_0XqY5Ku#b#bi
z)PQ{J=8iqu!Mhwd*ny?AIt|5qz@dYDR=CfHBIOf^&XFSj2Q=Ja!!dm_6=K@JP7MSy
z>ts7NSWHEOJ3Fj8d^PVyamJVeO7(u#5rO^GkCMnw7GLG&zH}a4C7gblK9j59qLClN
zz>p=c71ZFlWM{)5w7Y$H>HL*}T<;ALbVH;3VIhg@eXe?zx(k~Nx;;<)n6PPKv`mAL
zd^lmlYET#5lm9HuWO1K4>%QC3LCiVga24wS0&KBj6X7?T3nB6(L~qpriG4{Q2!!;+
zcR`gT1oG%p`T05s(jO{7nurCn+xneod`w)ath5(Z&Q2p3TBx2zzR=+=X;N43$o%J>
zAY}wu!&mzH9l(j%2>p*?BGEN(c9Qb!)Zf{9`R<Voi!QI7k#Xt_JGi-i8D<<JH1u4J
zO;Vt^6-nYIMNatb#Czu6iH^dvue3_;w5G!VO@X}RTA9<XK@;utGRVE1332xU)$L5z
z=AhB{A7C^Ij5E&0n}h~E=1kjIay^`m5$E~A?kAt+1B62QV&x;h$W=tzcMC~?5yBn_
zD6vHVXd?a$K+^-TG^0Qca+rp?2|^*&l)e;=DJKr5_pq6&<_Bcj!iDrtdkyZh>I*f8
z6^qjmc85DWw3(gaUSJRC@|})f;%izCI)4iWk4WNgHKC0LEaGN?4`B}76Duw3!Q}MD
zgQgkUY;M2RFl^aWy)8&TwW{JQVBBi1lqfvptrPpO5PBJwGuQeP@@K`2c)w_^!Zb06
z&VWXpVl?B_zcdx^K;@ewiWf8<I;SA-H1uO45@MI|L7L^UsR1l7qs~S};e3N*4}K3a
zouD4Zh5Ztqw-?5VPWXy?$2i{ed6FG9=P7hMZs{(utIfQPubH(idRSfsUO?Cora6YP
zfByDbBexp0TshW#V>=9m01LjTs*jQE2e|uyTQgsi_2+mn5koy))C-4TIxinc9aZl=
z9gN8l@#YF4EJ8gTIwNWCoP?NJ<Fhtu+!V&IM6JDX(EHK-&BBT3@|N0RV8(O}AA_*t
zI6%diVqwQ)bV%1F1V(eaoVu~-e&UQ~8N)4vUlH#hApnMjln(l)j+=kRew!)8J?xHx
zAT}7Yb576J$Uje%`61{d?r-)KXX$46n^<;bm(%G9BT3&tHSO!m)2VHvF=6O)v+a=V
z?2pzDFzG~B1U=Z;F^=FRdTRn=yU|BlpJ(1^G9{7Z6DX2aKSgBh(XR6uIo<V*m1BGz
z!O8NoD30l$a{QvkWyY=aN++dMFYehMR1d0rW0$`9qARfvX~mAq5FcQpi7B7-{R@pn
zKDdV)NphwvUqwrJdR3|<^nD7|H}>n?Jg8Ihl@-yx8QS976g%#)*{16VBHO25ZP8eI
zEzY@4_|>ss*(eorooSw{SH~Syr5{@NxPo%TzpF~1B_EVH77MU;bMYh$zNJzcr~t(t
zE&l9boE`1JN?FtuurQ&>5bmP!z8d^KJt^Txa+c#!p?XpD(9(XEI}#ZI)MsT<p&1TA
zbP`#XGBRnar;K$>gP<jZJ_*u{AQz4g^glE|XMomp`leXk%<s3bf=x46+n5Zaj8Nhx
zF#3^ZxN*G132O{>lR_m^ZT;5xz{gA@hSiAiqzwIJ8%arGVtbNt92l=#H^}<cNb_f&
zzfX+<%U+{`5#7rXJM(j8j>@FnpcZVo{3iNvO16_>V8ZXpQY&lp9hU;$Ga4?w?Y%}$
zkxiz+I>^H$r{_UP<-@UWj}0ooQ)2)E>gczI;fX|&|4{9%<Hqcwj~yhbjPXpe72J<w
zx%`ukd|`ZJkv9OxmUApEGFh;USMYz4Y~LiQgG}b^@5)5YsXFdUw4`kJsPgzpqM~>8
zg$JNmQ^5HYL2^iwg2e{EHJC>lI{UXtcI~8^dvqI*msWyQsp-Azq2A!DY)T)a^DVJq
zW;rJ3$nAA$>-#9RvSWHz&uV8^kg6bwPbY%mhbx!e=gZ3H3Dz_$&oW+88-L2zfCXI6
zITVQeD?Y*tOlamdaG5Frvf<!#LEIU+jUZ6}CL#3O#b<g5HwV^MzXlhupo|9wxM?@l
zcqqATBq0zVI*BbyF7jMhERd{%5~e5-4eTQe3-OYRQ{){Iby1u&i@NJWrn=?yt>Lpb
z@#vF^<Tmyu1(~AxV%Z?f9w_Y3CSJq2?cll*TQ1i8$YG_dD@QI?1h7*)X}K3+YdBoS
zm;o>_ygjAfol$!oJHK3nxPdx)=lr9G`Mi(>Erj~;!LmP;eg!Vxfe6Kd)>LjAJ3!oH
zRt6=TIvA~nJJE&`vi>TihI*7|#c9bUtnev##}l)}NGd(I=w$fgeT3fplJ1;QUXI_e
z)X_Te?jBp}l?G0~p3l{iE|<?ZTDD`)bY)uzj@x4D+RAS<IWaxsME4wUW=m0?iN>0v
z1wrfF6V9?JhdjJDU%WVUPL9N_i;!=#+$8s?IdYS3vEihXj-Yd>ut0q93(X1H>trEK
zBc-ZGQ4nhZ;@{QYaHxPc&rP=1B!kN45@OclKI{<Thts4sDv>Vgf(F2TR})L#1dak$
z^k>Q3N;wV=e2r=SpQ)2KTqj3{I87!+=*O4Kg$uE9Ca_m}9@@=qV0KK_2!ahZo5v$a
z;VATpCzjx#2eRPVA-)U>RF4%R;`l<jcb({%RcRnb+C`795Fo(>f4lq7hDaf}hWKYr
z_(v*d7LV+#-BwNvz5Aa@gEA$vSq!&2>jbN0y}V$T6EQLI;}IKP5#{UtFugm>h4h9?
zs`EPltTn)=DsSH%#6K~zHs4sK1GTM?3{6dS(&0BYz+qK2=TiKgAC0(34&|^XN|aZs
z`t9Op!=*9QcpX31A?NQXbNSi(n0qKaNcirXY~`DNN|!^M<mtRDR;G`2I7Nao`hJ|F
z$Q<sI4mGvSCO4>7x*0sB!!H```abVT$ThdqXAv~pf3q49MP4!XbEvlA$VbEk<p)#{
zAtIflCh6vMVSCg4)*J0(5oP<D%&&wSVG_XLXEJhcfQ$DHE52)Zg#qJ+!cFQrx{O6X
z4mCHD7*sYc70RiN4k|P1eLs<%qxwc{R+278w0LJIyBKBiASl+cb*DlrMcpE~R+4yv
z8vGO4kEKq5;+^hygja#1Hqz%(E|TVq2mk|FCAhOs_9HS6&;;@qQ5KFJzqc`MrynFP
zqi~X>e*lA(rCy+AR4GpWSfr%<I^${~hN94`ty+S6%Aw{3T0)@!q_S<3pa(=X4nZGw
zasu-YzxEw9pq;whcMK7lrWx`jU{w|*7!7thjE6JRx2YbaOx>{-UEJkW(QklZ*a(9-
z`4N7(Y}SY5`7csqd~W}w<MouM&3yx-WZklGfkcqI!!DV}q7IusiLH10_Lx4D$p7c1
zJQ*;+Y|(Iq4L++`Q7#@gT@9Ww?il_2dvim&gI^{LcV6y19a~OX9*z^OTF!FwJaQ5r
zsXoi%c@r?~m~>DM|0OX{F6#%1wAhiX1RXNVq@nL>KIC9zsj8+ZbV}aB<p6(70T|@)
zB*E?1+;D6=bH3EnCY%uj=Y1AAAQXgMwVz0Bz%7=13UhW;%b^|2CYYD9%~EPc?o?fH
z9|pB`q45Tx5Bp(wUGoU>hw(oGkLWPcK9lnB*MVi#>0fL&b}HxAM@D(5l=u-SoEI?j
zWW@CqPq5c$Y~oW&_321VkF!1gNQgZLH|EgR)#S;I7w`}i;5>G#)+a~DVXwykFXy_G
zM%^PquQtnG>7Zf~GSdmIF{wv1tzJ5{p`qd%W7%PoSN{J5&37nZ1IrI?d`=1)l-3E(
zS3?8_y2Z@)lUlwjlgwMTdahl_aBsJaTAq^)_nXJr;jue)_!5${h<>rgUxe$!D-i);
z?fNTRMAHkqo3j@8=fYDA<tDjQ9pw(m-QQ#QU&XjhlUt1yx;P0rZg7^o&`__w`njWV
zhpwx@zo@(X5Qg??J32aoC_aHXk3S3Rca3)9X_;umWv$sJI>V3#6FC0fyuCx@)8k>v
zGuIV&5eDOgM@Hc@*hBlc%jZeY^Zn|{tMKuo{K|jC|JmL9{RdumIhS`K-MIW*f2sX9
zpLwWjts5^t^{{XwOWa-E%|9UCRL4B;r<F1EdE7Q!ppsjPy7v~#BvY=7>&SU}fGcr!
zAnukTC9ra$B-x&^I&z;8+}sPZwxD_?%f|M!R0PdG;H;6#Bm-}8y48SYIS{QBT3ooQ
zcDN<CO@h;(U(#~${HWLv7R&WX);qD(^&~av;2)*&#c*%Kck*US&d>oN!ZegcnXaqK
z^!tyC{EjXGWQQva0}PONtL^2mcd*Hn1kHLWU6L`pkjzi8!FR-maWa3d<My<gC1Y~R
zX^_H<vg<2_8*u3zErr{^Ly1I=9u8VP<y@b*p|zYmGge6#Fbtj)M3t~wG?O|cwcQu3
z;tagL7dghf_e`NH{2i@|7hC-9#q`Bg5e<}@aC{;Tyw$S8+rRXU3kQ|Q<L#LaNvTDQ
zk_NYUt5@M1#oo>OklJ2C(r!j8$1d<48!KYLa=Q-@(Ln1_pQ}iey&PnMyr!@WOtijd
zbs-)lpiLM}bi-4kf@H>d!9k0}wjke_lX&2iu4h%Faii)R&JK4CB_+>6cW12VD3oO{
z#L|(e)I)`U7A|s+GQvLR99K{#d=(C=q5m8w&!%G0=Vjw&u857k{A`%d=(XW!!@Br7
zH<ZtM?fbwUOXpOpmW0xYzboB~s=Y_+bvK~PT&Bdi{LOA=G%ykLo_>t_%S)ABVc85*
ztE(dh^t7zBRUQm2(#7qT-^*%}<ORW3XA_Z`_vAm#^K!iA_uAW+#l2HmgGv}84VuG7
zCiF5JlSI6%O<P3Oo4B?Vd#>GlXM&a=s1SuN3^MMc)QHOs9jsMaZzr$-1F+bMhk}36
z1M6Ivp5#p^anNlUnE4Lor4qDTS$-(?Npjf*g6hA}P2sJrEdvyoZ_`fTLQWVAO0VK}
z>+|#OP8!irMag28D=P@(>JC1jN4olT1C3tzOn$6<Wr7vf*<>Ho)wK)BmvMQq3G=AQ
z5f&b*wW5K<R_>gNLs{KWKoODmUBhD;YPj6XA*YK>>|VI;uHYucHres=me_8?k@t{y
zL#3-!<%nWWc>=Zi<{)$CIZ1D(V)*5zZ<QCU5}_Vh%c%sB=7_y+!KFl_6~C&5=+6ps
zxmo_gwb&^jZ&i#jQ*3Nu920wK!G*3ftiGxF8TV`=Tsb)P8n1jUXY8dtL-5|Zc}Tjt
z?`<|<P#RZnV;9}0+){B$an*eYT38B8HtM!&kiyVQq)t@xH#&v5x>qEclFkTf;qv+P
zgeI2XnFW_hdPnR(N~zc&tbIj0`{2X}q%tg@EM{}{ijstdM$9@td&-9rur@OHK$+IZ
zSkHgDUj6AA8m{Ml0iF|C-bw|oRF>b370!<B&c%8Dk^S+_QA^*k=F6-y%lFhpLU}0C
zx9k4V=;UkqZ}F7YL8sg|25{>eU+#sy1&%tCNi2SH#FmO<iz!)YUv=FmRJ_^IYn}2^
z2{?!@Et9^3a#L6}{}x&ns5Ro2=c||gQr-ghI5o2ub8_(c1@C#k*q$GTbHnOa-B<K~
z85T@MjeG5J7p?L=;s%D@CgC7-dcY|*$5V+Bbw*G#Tzb_%hX}O~(PRcI*4KGwes#U%
zirX6plHn29ILxQPUH4c<q;3RBx7EfvIX_g_*wo&TUBXJtwuQ}n?|h}Pbn#nsl7|@T
zn8iDO`o`r{Qw0QyI~U`7H=~8aM4;^o{5tfA_h!?#M46&wYWsIrDJ`w6w3-5&mGh9~
zG%+re2o@{^)(@N(DN);^wNeWdRo!QmrJ_s7L8BWv$u@UYx?~N4kyFSrT7c)h&A5c`
zh@XM*3<-*Ig|SdC@I_f<;T_q>fG76sA_RxVaA@1n=Vpg1MXdT4pA(FAUbOL(xJ%CM
zt8j>yoqSRtGjy}6avtw-qC9(wFd6+OwQ%V6oZQOh?jk@U^1N-!8iN1SH?kht!*1Pe
zC%gC123N`JP;~W%)s*-o4c880bz;_gPC$iOEnS|+JUWNf>)|FAu*mhAFKT{H5rqzZ
ziyBn-`NI))O5v*VO4PWU_pNn0eH~C&+?ABGt0>XCQM<9c>ri9Pw+l^0B5%9ws^SOk
zdGcF5m0Arw6dnH*Y4)#`diDwD2Y8fw<-8D9!aLYIJnlzb+2sktjzTKRJO<+w93%f!
zUS!?!+3}E%Au21rVM|C|0wXt1{$+g(yU@CyZGVLi(!m$nK25c!B-5F+c;<G=6;pCP
ziXV5*On>~Q5WssrC?V`}y>DT5g%br;XILBtT~h*nyFN&4dTqI+eJJu#Yf=Pc_dYdS
zty0OVy6u}J@lN~!;*qOf!Kb#v(*G7qm<sJ7^`$5D<=}-oF8K&h&>yxFtscq0$tk6x
zR7z=Rz%1N6eLWEP`}${7(cFp5G2@h^C(jq)X>ZCZDtFflRz^ETFfk;~qsvodX4Oyn
zK1(+4D1U`TA9qt-dS|e3v|F6Nf&Do`T9oQ~ov7gCKO!GH5UdHL%y#;~*b!aNuL2Dk
z{YTIr9@0z&U{4q(d1cHRxqC7E&=?H|)bn-wLqR#TfVC!5FOFP_8o?>8r3m;f*x>iK
zJ#&(Ix&lyIxL?!&`Q6w6p2@U-(S8^jg`OvtEB%Z~fQHMMAYP&TNP|j?u>53#9q;Sy
zNEkt6&Pvo;P{>aDK!6<Tvs}%U{5JBdCaTm00FZI5=kqf#k|`cJ42V~p2g$E51svDj
zJLSmX^8x=4(QmE<{G&x7mMYiQqxZvbQpAqp&?aG}YB{9%r0YV*Wx7Cv&6~>>-sGWJ
zOla&w`!{f}`mqnsW`ex17`Qj_mPhf;H>9dv>yF!(ZB}M-@;_R=i6OSD$84SQN-EMQ
zDq-#NfxZdomESsi;91~~=*KKa(ZU5~x|M6jEW#W81eAeBV|<*nair^agaP)XRb@*k
z3rP}jpw*g%v_mA0jNn0+hFa>;n!#fSXplEV4ie~^O&B(3Ai&MqO1@m9UKttAF12E<
zkG*i7Z(W1YixhBqOhUKk^nHl5?0aD1Ub$Vg+2H-5J%Q}93IgqRHoInITU3HJZ7xXe
zNoN;P{BeydPqQ4(Q4>iA>_%#UaEWN8SwExw#pCH7c#pI^5=4=b>t-;dXo1{SUC|YZ
zssXSCYE))5EOWG~Vx6<tn}jhC8azenMK@Jc9>SC^lH$RG>|gb(U1H~`p$~HXhLNoK
z70Nz*e43?FC{Byb8BFeI$;QOg5SdS~tcplOt_L>6m)$Ae$V^8uUTP=-N)8}OTQ*dp
zivTwP90bUAgYgf=H|({?@{>jleRBo=G+292T)hE<yOJSzP9a<STRJ+?`WhPXLuRVD
zAo=no5nlBJxU25=v3f8N%FC_Vt<?(`7)WORYSGmS?>g?eB=${Nm8hN4f+0@4iT7Dm
zLdJD`$wN<;rtu7cM2VwSxeJd&I79pTMAXEc<*W?IHXXdZE1uDdrNCKc#N0HQ7?><_
z&!=nnq9}=1A}?4a4`Dv1sIWdmz_L7fLx&9kYmyhO0jsm<6GWzKqq)|HTqRPJI2<{B
z^gi80cb$9T3$V)1`?ra$cZu2GxmQ$77Ve%z&|Hkw6WV0E1ZrWZ%@+#j{)r0rBm*+<
zO#NKknbw?YO+eoI)v=%K5rZU$Ee+r@3yH^v$;B>J*E1G&DD)OCdsSGpGhGA}nnlio
zn8op@>O|ByJY@H83og~Vz`TbYvH9zySy1lFz!Gt$D^RVB6ZGI55MHEe8jDZtw3&oO
zMd`NQEm2~Ahx69Om`T2Ya_gk-DVbA{&7LRk^iw!xKXR`sD~8Pq1N1t>DU3X?`(!VZ
zH#mr(A2guRxv=eDb8j&qoMm!WpiV8f!nHkWyA>b$yFG&EBFJ*DVw!S)ndY~D#pflU
zx7{B3y-NWIzdS-|s+=pFERbe<%nCZ2Lkvn2U14wQcBt8r*K+Vq+u{jr7jJdX!8(L_
zMn!hd?*uLQ6Z-kgT{+G)EnXEzukTbIXWg=gpT80Hp=&@gP*V_&Mc4ag%8phP{-I7m
zAYkH-rbl%qKLik#ul(4ZN6rk2wf_F{TJ~2-Xqj$QNR(=uUbVDCB{7FPbqtC3+X%J?
z%}C7Prts!-3}%*FIxiR_gs=XR@p3*g(`MF8AKsnW>Y|H<sCI&X_Ca4g^`F=WjSnS{
zQU{!%PoJT2KT?L9e(G2Lic-DIBI%oBU|?A{O@Mx6-u)%*jTM+);9yXP)$)kH7@7D-
z{tuCw1XFdN?j)M_%XqvOHQlNjVLw;}zAtpDzgjNY>u;LI=D%G3Rwt41-QtB1ev(J-
zn;S<qo1n%FPUMXbw=^MXE=}q*qg54i=Zmd2$4{mU-(p~g^tMYf9eO-SUj94M@{q04
zut@yQ+YvAE;f?4o!~Et6lU;`bBiu!8NoU1Fqrax>%BQY=FUuHJGNEgbR2P0-OW`ov
z+k2n;;p7_{jhRzF7mtsuNiUtAmyPbk*Yk*Z*Sdv2wRW(s`RUeqzwwWpkYDaZ>T{#l
zsaEO_rVjr}8TWla#Y$E|;zv;T12c{Q9t(}EyCrx&P(<g84?j~x^chc+)z3=_(+Lj0
zfyp1X=zhu%s|aLW3X5ZKf{TcL9Nzl;@#9|WUn^wWI}^<L8-?ESlYm>_Bh}rxrW^x@
zWWc#+7n03A`&#0s0^F`d`A)_H)IZZguAGlRS1TkO_K_Ymyk{lN_9!*1hUel16Csbe
zP_6Ui-;~h4Xr9li2iUnZaCIi6c(K#(e3nmI;`b{k*bd-S``ATE_G;79;H~2P3pO!;
zXWBy~CFwt_XXso|SA1#k5uCYctn|-$WTzE>u^rN@90CzhvukiXm3019!}xf+*g>bD
zkH&((0?JNYYa)_mdtCzcL`-!J34xO5QVcmP1TRM#isgM0J5sE)lyXnYO8)(p4+4J}
z&yFeXQ#@-zY^~T)pXfpc{gk}`VS2HP&@0Nkqg>nQ;icsU9*P)2ne^F07&UMAm9NJs
zEV)oQVjOgtz56zNd~Ot~C-?Rh{}O@+y-iFpM96-kI!wM-6^+$qyG}e+fB;_};n~76
z4|vOI7cH2Ctag=QJ-J)S0a}?CWyKzdhghKyCw~d?$*%z&&zgxCafZRFen4IfjZq!J
zr-qPlIWY%C)MMMm@MS_QR6csDDVgYGcDc}W3uh;X<vw3hMwqv6RwT?2^Xtz`<XKxb
z7a-s4M}bwvs0RlKkV3>S*_JOrlh17p?(-ZTwR_bljCiXdVX%~%T!`VexgD*#cJnET
zPP(>i8?SFNb@gXW4@@|b-Jcq^>|Gp}EfSkQu~i8x?wW_8A1sMyD2i`+2j`70<cYPY
zxU>68#&v}W1PPmeM?3f7vDczM%L<D)7eJm-M^3_c2nyOT?03_&Q851~AQqKFQ@eCC
z>K@{p_H!GVFGEpsKHE|5%0C^xPw&gbd(jl)a_V)MR~YS8O?CWm>`eNmNv1bwqU;WB
z<$5wiMM9lc`pFhNo|xN<64Yi0;C4Qg>R1e?DXs%F!wZ0O5`QSwE7!PrfSN>sP-0Cm
z@koUp*@p#b_lJ5DmJ9?)!o)2*+*w;id&BqY=M^x$;0nua`<o@}E1i+A6tJWJ@E8Dm
zlLM9er+HNq{n++1KG)A>@DGnNUv@&X69S^io={Auh?$Cyy4#siye&L#?kximvc#hr
zww_CVfbo$#xA3R5$_0+>e|ejdgr7=D2ey(j51#q5VWq=y)^Y~0$%rlxdBH~#^wLz2
z*5QfWD}FSok@}u?sfvHRoUYQ86WRcO6*&6t3vM!#fAw+=UCPZjRE%g?Z#v8SQ{#yF
zqgm7#>YOy4ed`@N^4=w6CJOH6CnZ)G$pcbR+|>GZGx$KF9{_HCbU0rZJnTL?(j8`e
zrJIT)5ZMTSR%X~FGR)L=x*T-+zsj|sw1Y5Mxg(`Rfm)FYRbST$*Kd|g2Qr1EM5^`B
z=JeT2MamnRT+Y9!^NUQ5TP<{kZkASyw7WmjCLuni<|dS74n)x#SaKY4q(k|eoJ>1T
z15bm*2Z;)NmTwoz6$6u*qBvY4vaV*w1o6p^tK*DCV@0V_#}pnJtJZh(m&6)?c@K?X
zSqL35%7M)rF``5Mn5c?KmDZ{57*GAgZi?t_1$Z<HvMtU5Z>H6f!Z%}`1*iBVuVQ&+
z!yG&p9K$s9V}YeY>04bCKolVxmVcvwyPwsE5m6B1v*;?l@SMBy4h1rS?E(Vul(O5H
z@#lrdgj^MD6@6)n5n+WVHv;Jjzu^$$IuGT=BsP7RMwwwtXb~km7hvLkfiU7(w8@Oh
zUaVWg{+Q<26OnE_zLg?Iz&i>Gya<@5`0O#_a>(?%UN(}HMKU&EcAD$&vR9v;(R!(X
zD-S+fhC#Kr;Xme(f{~9+A$-zFU5|6@zRyvpiK&0}P#KWknv8Y`z4Fao?{p__=<6!(
z6lXjIc`%8CncC1_btGJSUP#bD0i4v9oyrQ?)tAO$tNWru+*e%*w&!R8=)7WW7&y1F
z&2uzL3pVTH$`C(~j9*<?cDh)@a`O62yi+pHl*`#$w28f2q%wdhZ8FxqmkzZ>;doJQ
zYmAnxeq3YQ>qObRLjS2R=`Dn1B!uMlbYU2M^`{!FJ$<-iC(;OjvmAf70DBCHtg#|c
zjZL6z(!=|K1cWa!{J@uR2k5X1%Qz8*#TW00RuR*@oMAr*EmARBHDCw?3R`BYa?&ab
zU8)C@Nl&|+^Vy?zK@T6w6ijRwx=i{Zqs6r>UdqGWeS_M(<A+};{<`4#)NQ5OLf@6s
z7vxv7jmQ0JD!#LGbHjQVvO4#A+*mtwUja@vU|n(Fkd7yszNHOtJC^>${kCYd+cBcr
z6K9IYDZaX<M6uJTE8;S-_bAK17yVnrV5QI?!gn9Q{kJ{u=zO7~uhx==s#COjHjOlC
z0p_nhG5ATZ+s4=?$=6~AN5R}Fnc7z|4r!b~AmG=O2=~Zza7N8I+A!2GozRTl8>m#q
z!epvjC}Qj8$Lz;7Z(K~FzZ2W$n8@qMr_K}l{}}lmmtLM10t!!-^9!Ye=5kB^IkS3q
z*5vX|8i6NSXm4WdL=2PlM1A<@`udEvx$=CpqDh780`=cCIMU{|xY%@?ZNT?;!hEYw
z)8c&Ay@9=O$wjv{vtxF`+Juu)iUda)wHQ#!$@^26^mo7_+*Ez=toi-@n-WJqtWkio
zuyO>rjdiO-*LD8mtMFq**=LSys&EejfVJZ6kWAxvn)<vp;6S|?OJ0hprqoUyH;_9h
z&JiuA;W6`cS8R_%?IM!}V%54@-k_2GXE$pL`B)BJa00w=A02-R)1pi}&}0hkeogLs
zP!R6^eq%oa2;{Z3n+*10q99(qODP>7<yvrWNalUs$?Jpc-ULyf&if#1nGuO;c=Qxi
z)O^9tuILF^q&RFewOnNLnQUo&K48tBSpkUi9Wpq}isY};S~2$3YX{xri*J7SJo&3!
zEA^TxiLULyR+>uWU+K(Yo|Rsg8XAC|=I=eXbOkK#Ye4?DQ=&tQXPIa5-qWJ6X@6hk
z{z+{}QMC1=)w0;kroczw%irwO&c{?Euu*GTm4V)-B4kjv-xvCdJr*v15{Fj3Yw_$f
zJ&6MO$MO6ub@BsP0)U-eV`QV|2Vm$P9vH|Hh26Wo|7H+4WzMUZajy~}xn%<#!T0;a
z<B_d8b8}i>Ff~&PdFKj|JX~b&wZG%uNL&GCPvZytUJS#N+X%ICD3{EubG|UL+*ral
zI*UB2Y$4zLmP&8KAq!6cKE|Wv&a_49FU^GC%2pnry5a$FvtjXEDoy@Ei*M2bgDl_O
z=i;b+Z_c@!svKY|i*<G77j(9X>!BrkgchHZROBUwqea}qY#0cdcN<_xF7jksP-B72
zz(N2$O-LalU2B3rHi_ED{G>W?a8JR-TG|r0_m#VlTwmWJujQy&!D^DaTsAVHOQ1!a
z0_eUV=0e|r`|i{th#i0j(uyHCc$Tc$P@eE05+&p@2QAb?0mKZhxhYYP8`&Y3@3hmu
zppm9RQw!$S_4xlw)V`hWfYyRSgZ(_X@hfP2B#P+NZI6wI#nZ!yeYI=d!?9>`zo39G
z1I_Wu<v^+8O36sfJtND@?^Qq`pD_^*mu6rs@%uAkcn$$E)02>r*Q|xte7%F+80+xd
zDh>4l8)wi9C>nMa)+QtEOT%_Y_mJsV|5E(!!dXp8@~*l-y>k94IcW8+NK37R76iJK
z=1eds2}7=*fj$o%apAVq1ikO1mfcGf_2_<E5(yHrGXP&xbngP>g+reWHQNh?6A#BG
zS8G`R+xen~u#MOS4mRC7j%Ks$Fl4N=_g;)=wm|YyWPyibNV*9Zk+-mbeJQx$H0Y-H
z6ISU`S_Grtnjr&;np{qMYSC9aC<G&KIV;vdfl^NizC4|)-T#YrqfTlnFfN~`r6t(?
z+M)nd^0g<mp8CbRCU;;H)`Lf*RYl_rFH5ZC8d)t&%r{uSbibR!PZk&hsMW~%>REd@
z_&gY0Juz$`_YseHpWC{K=XdyDAKt1Ewn^6L-8FQj+h0K`O1o>3h+FeOomQ<G;FQR<
zbO0FlP~lr8BufXOC-=$Mny~NBJ@*u+N?N%}hoMb0k5g)U{%;+Buh7_J(*5PW&ff#=
z@^Uo?5Oh9#Sti=-GAUtIrCnjp@R;_HQ2*${&GQXw{@mAzSq~6*ws%5%$7itSul%?0
zm+M*T>dZWlwS~VCtDH?u`3@j+b~wB`DBSsrmwq%3U=^wD{}0;EGN`VuY10sa1Oh<<
z1c!qKC%8*+cemhf!QFzpySuw<a3{FCyBu6+lRVG+)yy|FQ}bii52_BE+Gn%&lJ2YT
z?&ZYmB|9RW6{ff{#bJ@mcf_l`N=2uyva<8bSq~C049Ow+)!c1=|Mb{XcegFS)_b)c
z-XJVj_8a1FiphEZ4Umj>x@)`KgKD4pbt~qpJBrK%AU_baJ6$j9^$XeJ+v9i(;k1}d
z*><`$G4LbvYWajJ4VYHs4sNuohf20eoF!dt`%CETV}Xod+K3>@V*}T;_xIL?m9)hg
z21ZPM!6yqPMRi`9<y#YXaU(koB`0*#D4denWyWLQoOq78J};61;8x>qsr@oo@bBu6
z6S49P9H^B!|G6u+^+vnGTX9$#D|*U45VL(VajMiKdUt+?bdBs+&Wb!xu%pe%#Ce1w
zjmB<~_uHi1UEc8g!AXKmx<4A(S!tEuV)7O0sJvzIiSQl=w@dx+&uSLc8m;8TGV>_G
z>jCR<+=~Gsj$nBPLSdJ6miZw)*R)B^wj#|cPVy$d#=FwW<ovm>tm3zqVKEo8X`Xdi
z)}hw8t#*JhB5uHzMM059YlM<w@Xuo>xIgW<<Aez8**HBtPaD&TRWNG0oOO>M^>!y4
zc>Q;_+m`hXojmVp|NE#!JiTU{?0Ug;4E7Vz^_s~+P<vq~uA_c#L28TBf{JTzHe{)C
z(S~P95kxC9oksZ}_kSb1Y|xS5p-W#o>@@}Y4f20t8^0D6?Quf{z;gG%k-%MU;G~s@
zvoQDMl#~Ap;YEP(czFfn<m4-E_eY1OF>TLHISUJZ0EaA|x{7*l*Lx=X54l|@Ns$;$
zuznIR{pwHIjT*}SPm&y7AH8*B*U)J1LKwAn7~=JRk>BB?-UT#-dxnA&fG!TOLU>T&
z29kNq@8}xX7jSOIGj2Q}cXMvsM`;~;x!K%?Bf@<nU#Ce{Jd)gz>#oheE5iJd!Oj!$
z>Y2Iey?k)r>L9NnEJQm(iK(Z6ctX<1EjOsAH<E-t)wj<Fnv$@JthOa+OO)`+m360c
z^Wgx{GM<tS>YuR?x!h&FByv4;bZJ-Q_@S@-zrfv2o|448M3e=<-qs*NAfOF5gpCEn
z5I%d{k^fi9d*KOxF}U{g?0Fc#Kr&wvgAEPGhr;*o%B?C|xv<ko_(t{;IXADquUyX^
zd&*7w$K0Gld|m<!`_0fWK-(X4l<8^XA;LB*=#Mp?@VmoK)YO_*>y^iXxi^f46tC{c
zM2nect)5*TuuEgn*g}-|vWU>Ab1r)Oycg?}%EEu~#6G@r%+)WBi*nGsv0}qXiBekN
zNUR5Q!VOxlC58NKy3`OK)tz2-re%{1^O;Y{(xi(=BF^;nFJf7W>t1N=Wq1j)q~cbf
zRpdY)sl7dQ6PG_@Um`cDHFm};jUkE!g1>`)OWMj+HT`a5cT?y|-fBt=*Jz}ZB<yL8
z1Q7sPmC+pu02RGRwpo<8h-~aUFblmN$%}B4atcu<$D<o$XY1s6vtWf)Cqht>F7Rin
zyA6SiFb)>p6<ePQr?p(RAWy!MI!cK4Re(7)tT?4vA4u>6QjO#mx!-yOEosoV;pi<!
zXB*}fYAx&(!I8y9<W)e9>}wA)!1DKd-t@a$U)^1VfCzAZpnRxvPlbT^a^z&*QuonW
z%w19RmD0X{Ly=ik=n#FogG!b3z1Ym7jtq760RpkT{o-U(d8{=fFm!_hH+dAgy`A)B
z4+trTg(+f*V%c@PStPeg`cNXMa22QkZCNbw5)YkmQrmm~dPjmc7>u7hlEEZ<<}Hd7
z_6RID)4?^mZozgtyNdL0wEP+P)Wl`ZeE!qHq@oqG+P#dB<YsJb@cp2VA)?4if$_Vj
zK(4APivHg`HkCFmbh3TFU?3q2lKY4p&7M#|$0mkvo`pX^LsZS?UQN$*p_F+L%9K7V
zzYtA>vqJxUHU^rJXo8Rkwq}f55c3Oa)p>Uv0`cB;)?*mnWG;Y-KBUsb`X7)BwrOS&
z5%D4o+tnERA_wtlu>QE2X%^FbPMxMvq)?7cFTNax)6WQ@y#+LZ4avJXR7fWUWNJT;
zzhlJ!GF{7~8QX>cH>KU1_L0%Up8Q#N+Ma8_Jauj|Q_!O>M%1D<ia75@WSyE)^#|Sh
zysNr98~eGklzWsM@NFi1_V>D{QWA?jG6W(MwKUE@ig-<x8}pPl`|B>In?@Hm>4orD
zaMa_+?2myz2|rXoolgZ*v`VRhHDzBsEN}<SkWFT;(RCSVZFTiU_xh{3|0CNy&BsS^
z{8H$U$(_jv-(pU6FHft^sR)Ja!{WW@RK^?PG5<=nb_iq5wa&)?aR&(0>?x%q*DNPV
z|4OqyRGGd#>R(0p{Pssp3LyOXnwsX3(rb%SKXC^SA@bX^w|gK9Bal`h8W_Cd6X{0E
z37Dm}?=&E51M#H1>O8*kZS$=$ofxzOj(Jc9jBr`Fv0AhX<2PF+TyFC+j`^jZflPdX
zQ%ykRVa7&J!z2{n>5N;Ac&ww=J>o5ps@t9tijW#7F)Q5jCr?|lFG2Ohw$jwLrGja4
z4p1N{3LhDRC1!s0y-Cj{&;Er4C&MqO=0pi8n0uTu&6ZW$N33s$05aFWROc))ST;2A
zy^r;_sT)~gdj*DTb#!@?GajzhLuU-OPgwjZd#dr67#U9S;fzI~F|q2dl3UeHU;R&y
zTW1-m2zk4QAHzeGzX?Ne?1^qb_W7v%B>*rf3(u#?Eg)trVPm1YGhEyy50rQRBixRj
z`6Jv;2-bIvEIP7zBfBXE1oRgb7Sm?G1UXC``IB1bK?wJssNvXHMLZoy;TXI{g?Mm#
z#q&V*24A!dH&e3KB*OqmIGwT$%yk{1jK%pLWo+cAfO|Ye;)&}FMCC5Vo2joKrBrkJ
zQ%x&Nne23A=C6$vn%cq09?>!^Wj+T?d?RldSBk_FO%`6kk+t)0gcrQge78CMT$BAw
z`AeFlJ((IPFcBSPJ~+?6%F?d1d*0B|X5~|@o>Q~xW0@yn-U1^nwYQkPO#g<|NStx?
z2nKTx`v5MO3Kx}6q$m+U*KCBu(*ow&cF<WTvPGSb9f(T@gglqEa*@Z=eancx<Xz3)
z7NJncL|}o5^JzL=NeR23yHxjVUnzT<9|K?dI|B+&L;S}X|H64A6FBk3-EMp52KV%<
z(fPyoy;1k4iS_Ya-cn1b8f@|OOk~mwS-axK5rdjhnjNhjXx65|G=@-do>MgC;IGkF
zRps{kCPd0!YqJ((a&Ye)$nK*p%CWy44oRb0xminC0WyJqa`g>1vR)8wLBW#q(+k2?
z5&Re7npyuJ5$^Kr3&J%}IaI`(^Xk`QC=>SWtL{9B{Ba=fTCbS)A-!Z%hMkZWz3(tK
zXo*v(pUObtTFc_&Q&maRo5de}<+n{1h$nEoeahYEE|!Xdu|>XZEV9es?FO=1SP)7D
ziYF3l5<!oXd}RKV3`;r%@?Luz2cE$`eGH@*DM$5VgdFBqD}CrZ^X2d4xq1(wSj+88
zB8TdR^+HL^JJ>D|fRb6*na2JPq*d0A<86sY>WpvGL_~`8$q;5hC?l@8SvP~^V-E+M
zj_^E>oL^i@_H{~kH)nP{ET*GBJ<woStS}f?))zv0&m&T%q+ZN(LTQr(E5+feQh!qo
zFHU=-XIqNegH%Bg04#q{6F1Dgbj4w>0#sb2Os@j#sc;!zlonf^Ez+;3@S-vb$CK~(
zA=;xG)>KI5<Xr~pjNzelR%r32#?Omc*~yNoX`z>D(p$I=J2<(be>>_FY-gOJ-4Ox*
zhM~$rkhcjT#KPV2<q`tAP#m%C;G;VFYY&-I7e99QJcI~o?c)H};!Y=v9`@;wEFR-J
z9s6(qwtnp#>pmzWtEKB^_YhXWK!-rKm-KgI@f3@MO7E2R%{2)U3EszE<Gk#p9p93D
zOT4;(rS|<|*9WV@UJIl{gxCcO#~Cw%2u5tgG9{w$rAk}L)8xziiBIdwa3cS}nXuz>
z^=FuVg55tx@J6e6yYWvpDdVa?-$-DO*?`&#{7%V7Op(lLen^i}Hm(Zewine1=llO>
zM*Ck}R=#Vc3n)k>ENp#=Bx^2aTq9Rnn`N|x`msSJ_ALY>*9jDm@F4cqFipIVBnkB#
zOe(CPbcakNSOR%k@*_wRNU-Gu!tEtZ10N_&@2R4|Wic>=Ll*>P-agv()<4QPt!gv9
z0D34QoYveA;woS|I#b-rkRTClu<A_6F}7!)Sr)9(Y)~qzT!Y~`3L=9bEMl-k3em^L
z8azm;;U__26>64z{l>TMFUv(WTwijsKape6-X3DRnN)bc?>xe>@Xi(UD?B&C>*ED#
zub;YFLcoC3x6wp3J~%cB1WZ?Udu`FWkD*vbK=FtFu-He>yq~UtI`b$8NeXic+o6)^
z3o*C&_&vC<fUJ5-Md;6PNc<SzKX~6k%91$H9K<0*2>K+x=vUC@ZQW!E9G`&%w@gB;
zItxG)PX=jVv#M%GaiwO~8zA}`B2-ud2nhw4F-uBE__F+^uQhXc5rg9C)f0&Ml(*qp
z#4bgP4Lc{zZY=#V$F$GRy|1E)4kWjK){li_8Pe8i*i!iO13`5XS<AA^SNTg;RM-_M
zcrZAPtt@*E)bVj>;iOPDvI_GBR?x9K7{H1H@y)=xOAI=jWc6}}3F8T-WC0q&P^)tV
z=FARnT0ks#7w>F4<s{}UU{h7uPg^3!JD(b9H8B`3oP^$p53&$e4svcI5oBsgBO&?V
zPjfdXZmtK_*0ldMVPPv)9*CcNxo}2CE|%<9T*1RkPth#eA<sYRcb<NZzy1ZIZi=gX
zASiKU9j9z^P`Dv+)RTY@goW#(FhDw=9z*y3C-^$52f$Z4?+&G38ztEJ3$H#j<R(b>
z1aACZzkyyTWh<OLR%wDtkxkAGbCvGy9NaH9-1502{6TKEX1e-8$A&}T`zcG+e7~0k
z_p6yf%>i8aU7U=jzqErB4sa^zF@~e6R!*KzJ3s#GnI*@x-8cR3@N34($!MCR#N}h#
z!{Z7yhZx5H3}J6CPwxQ_4|$5c?Cy#B`J6gU=+$4J5r_!t=;>|A$~m*;-MQtV<NnKN
zC5O|VFY<tF+YkSEeqKY}ZO`{@|CW#O!W;Dt!{y5Sr<%;mN9qmDR{vkx|DnR~&XsSH
zZk|tHNxA;x>WA-e1FS4j(D@lC+rimF^Utl%i?)v)!YUdzTKy#cm2@F&A|~u4=X~z6
zJRti=R>Y3^UpF%N_CW*C3R6?Q{pTW{z4r*+zxQ+T{{`#+FX;lD7sv{w!|t@_hdAdr
zS$+XINSg#5A<Ig0R~GW9d{%koTS&RFCy4Yw2~a*L!$}gNDG~aj-OOGgb&sNOcK{wj
zgG+em4*s8>IUa@exK~|KE{HRyS^vsiIz8caVGJZ4ru&3O1y~p%CICf%6us|KHANNp
zbAhC=r6070DnWJo<xeY!yFQJ@fgdJ>uIbI}<@_g0<s%BXixgSOe*P$r%tdKR)sTcu
zL6z$xhcx+ctVHxzFoxH+NWpP9DX+3?m_Df1qVauyjoP~Ad+u1yko^8@>ere@Z;Oy1
zAbRXxksHmw=1Y97z72B;xiU@<B*?_li=&|DcGS@a!08Pt8JS9Me?G26Q=%)6>;dX-
zyzLgX?!i}t-OTZMM5-gPplsa!7sx{>HMTrDjDi}6Pz0J{J1}JwI4BNkN>IvJFdEAO
zBVq*KqsqPt@>Dz06cuzgA$@|$@&LQ1?wpWTO(~R4A52}rp!Ccb1AQ}{SPEYjD8|30
zniw0&a{Qx>;P*Gdg-90Pe&!XX@s?2T*W`0W5K{cdl^6wSVS?VC<8p7GUqSxc*ODKA
zHSZc8OBgmKb?7VTVw?s~d4;k>!<vpqN_KS0=^g^2^p&aO;Dw!_Pv9#AS|8ZN^g%!`
zW&cJ6CBb}5CNsvoez@IB3r2DdzJw4^B;Jje{u&{%xzY=bx@LPN4vQ@=#qVo0>4a^j
zx&7ISsW5}Iq7g>3NS$6ch5t4C-?3GR@Kwo4iUoK95RHqc#V3tJ3^S~dDbxMBk9q}L
zjYCIs06C?YW=edMKFHEK6~V0=4|6k+Kg=5K1UVHKLyrn^yd!(8`fby=Wn{WysW}So
zXN#R-#>D&Tg4;U=+{Q(z8+Gw7p`ZWNT;jokAr9C)a(<qiyw+Wf*I}=-TOjYwD>yk3
zRQTqnX52#{WTA|+7a3O=h+=4@)mf7jxMR#gVuTat*vsSFbnz&xCd2p17UKl9W<Q6k
zXyX#u#Xg<!K<c0ZLaKz}>R%e@MbS6z{?OaD(l+VvCWnl}93D^oRcj7PlNuUCV9I{Z
zES5TR0#pJBF3t|U+ls~Bt~OF`tNg^dj6liP4yXc`vrI%%Slm^~gZ(^K9{Z`WbfUV*
z@PJm4nM_`tbh5MqjVN8&;1Y4`zBCZU$HJ&u{>&T-?)2{z?E`f|Xgu7Gx&ucGKc0iC
z1P<cRT&!RrsJ6_V+7hAaqm!gca+kzh#`20A*9frr<4{>!l_Du|el)1j^kv6P;NG@K
z;eLs+^mh!h<hDanP+oCUmairoF20SnxOA`>4HYXJ#Hxb6fBGI{toZ(d97euaZPF>y
z;s_D_JJLUcYa1Vmx>YT3r7qgd<;`C7e6c~G-S>ob!!njiPWrINgk(_hr<SP+nNiHW
z<>%4mg^R`!(_2?j)*X%Oqx7h-_7KWfjdob}RU~J@9-r`ikqCt#USXlHYQ5<U#i(fV
zp~Lt4guyIzEwqdCj{OZSsJ&s8JH2s_`D$252QnJZ&G*Jmb7hCcz(C4{G?Kr?><DdX
z=Q%04sz7_H5G}Gup+p7c4G+7Ll>zJ4^*Q9mTbQT0a_1$Gxj1mxCG*rfFJ`;`=%PZl
zDFdQ!NRm<FKgh=mB$(B%GJd@jdW7&WF>-zArgl3SPl9K|2!$`oVff*H+mkPGx@rU)
zsL*;6rR@`49G7&gRA^2;To*>B5YICDMd5RALh4|%cBajJ;W_m)%HyS`yzAJOOm)BM
z^`Y>JJ%e?pbP6{|%Za@0`fPxyGWcdTzTasM`^{x~oX<>{_M@YHBbG0NyQ?;jv(SOb
zB!W2*LVtOhtm>yd_j}3bqvuPDFp|6Tt-(CWGz~$#KUX2#yj&jdF2Osay%P^X&%>tf
z&re4{ZLGf++5J#!=4ZM>{vHJh(ac(+P~<AVX#e+WyUB!c&3xO_Wf^rVbtO1I5JXR{
z#f2j(7jzcC^jk`s^t&ioyJUFrc0gYL3BK>}n8tnoS*z+s=2x%=)GP|$6`07qXg@9d
zG4Fo8DOmM`C)4&(QTWGNSivRiHdcswOwOl6-h21qndpDD0Ezc<B!@$K&M5*Rq=+go
zh!uF`Mwv4Cy)q!2{&yI!vjmHd%6qljxxg*$ZzC+62y$4JjxG}%=3!f+H8c-IMT>_@
zmZS9B>-vXVb@@*;m8LK+e}k(WeKO9G_!ntLuNnEBEY9CG1ccj5PY{cAq@AHS*e_-c
zL3p5LKRUPFbfeS>3m~v@WDZwrRuo!87w88VYF4x_n1CYGmoLcCX>%ygwiB*W3(gdO
zbx3bp2mBJrM<zZXQqG!T$GS{JA|j}#-*x2;=-wP40yC!hV!G^TrlWzHb|1^>+`TPU
z!Q_|4SR<HpMu?-B-`Ck!_SzAw>@GE*ZLQuiA)Zqi&-39wIBI%ccf;wrbvMk2Yhpuq
z5OY2)bJf!yJFgo(F2$$VM88!pi`W;Da4MBWz>J}=BdjP2$fLyZ9&ZqiC^-^zY;}C+
z7^v{nGYTrc|AET=)U3#_o78&T^YAs_b5->dWiI^(qRdWo$K{{RU5W(M6%TMyDa?n4
zu58Af+6Ofbo{Yj*s@;h>C{e-f4SL%KXAdGR9a4?~AdH@cs!Au4W+um<i+p`e`9{bM
zrv`3smr<_2&_S$rH)tOiZ=)hd^xdVZ4C5v<OY-H!v=!q1oWwL&B&y<`>%pOvadulD
zt}7@DE!q*-P_qv^%*x#`+#&}pNOwz9tK1G4z2>U3#8V0%uGE1F>x*qTg1Foot?sJC
zil8)cKZ{$8Ddf`95__2$>`l|P4eW_KF)5OvlhXTeDDLtH)sdgY$?Ff9oXrOx_k3OG
z+Cokq9;iyK_UEu8%E@>Nv;w*Iy+p#6hHdaa<9Qh~s<BfA;C1GTOqrL!qf|if!vo)<
z5xuP~$bSy9Qg5En@g?`Fn^s@i&SB5Og#R#-66k#FNK#az-qf}ifDj-p_dMk3BoO9*
zpxT<6_EypC`L5{bu(t}~JXvd+=3F#vv!ZFBtZT#U#}p0cV^7qe;J#G{lk3}MYn0Nc
zhG@sFF*e2z5+!Y^PeV)RQ;-mbxsQ+c*MldK!FYA8Xvc>>m;&F0)Id=8@~f9rm%a;*
zXHev7dX;T9>iBlcdp9|8o0&0XX%vKK#1rNUiVB^5u{$Z%q#bLOX>Hyv)(qd_K=nb?
z(zHEy`VA6+LGD+1-7&f?i}bLy3CB>yRz|F6NMvk*Lx#$C@hS3xS|J#P;lwA@ep*;;
zIwbIvJ~nZ1-hHvdW}G5wv<=tR^UPLQO^p^moD{Nt2Gpf1@1eFXohuZQ5P+tvY*(U9
z5@lO9L};0ckKP3_m&w2lD}9K8f*csGOc*hWjRg%Bxj;~4X01!RIol4=*F0FyCy&au
zthGDreo0#LRG%jsuuGE??xZlzy8&lOc76T&V+1q5*EzcYPosQx%0w@yVfC!|VsA`q
z`UYo%7IArM(zkbEQ`ak($Mzva(X5AV+2N!G25nGnp!s|k8xu-Aj9X#7U{sCt(fVZq
z>8H+@C>)$GoU13RtK>~=KiO;~<-EU`Q{^DiVN{c#rQ>#INk*~od<|!i1uu$%b-5>%
zQYhkx+MK1aKJ4mhN&9iHLbO%6Vh#-!5g1wVoIHGuN&RwdMKYPJeHx}?f$BqLga=#O
z{@)X<1oq)##8NxH6QJuH%UU*uitJ=$2y~Dkj0L*d^97n$pQ9A*O4{n8OuLp^-5m51
zMt|tV(=X^Rk@Zpl77s?g_22WTtj*<#C<)#4pR6QuFcK^3rN403C|7>k=ca~g*I~kT
z3Ry>~Q|t*&_uo!TUD+0Ixo!50C_~~eI<jOurkZ(AbZ=&k%XuHbOeQem`1;Z?j2=a<
zwxrM-d~prN9aXu<#ncx+`O1mBrXFJE;1ZoG_M1L9?AoFMeblk24NRtnZ~eGOHNpG=
z1ILqotAA82V5bE*=T5MJ?EC|^9sQxO-;%GtkiCwgqK*345_7eUJ~>Hdr}=~{#qzmW
z!;W3;4<P}X<x4$fU_4fmHyNLfd|m9&=2T?1Mw86IVv<pagng~4u_tCTrN!9%UeSdG
zDoiK}Wl^3=8e6$qjbw3$80F44sYgQWO=fpA3`)KNfpmAk!;u2%@+OHi>&H0Z_`|v`
z0hx89N_MT-L~ZQ6X_0kZ(n!SUVD>yVi7#6fAPISq#o)M2OP#Y&l(S~WHoikqDBnp;
zvIW<UheI6JYBj+FA`TtR`#Ej@EysQ@jAPD&vt}isu?<T{@ifJn<RV`yhL0LIbgi$@
zPjX?(sKF5~R8FeP>$Y$ZhMA8CZB6XQ&Xp^6xH-CQQ_vLU0H(*Z^}ky75*SjDh(4@C
zDH>%Nby3#Y)>_GR(W{7EdcR^XBZw+~PsG(Z^pWPWjodvuds%7?^&GT7!7kL|KZ^qq
zRB*G;z4K5=ph_tCSUPV2ENMm!N|ud{td+AdgP)=z*#nqH#W4iAx=axn>IkPy2=iYd
zMsUJ=S=Jv0C2C^tVlK0IC*dG$38Z!<iODv+nZI{x5N;#!TOy|WM0B9XiCA14Nu#`O
zM06WH!pqAbibf!rugN6zL*ZqFjT`DgQcb2OcAMm8`0rHTB37ia(PS@&$3``*xJJ)D
z?+D^X=8~-Ee`eW%o6Mp|nY_tI+NwQq`j~p}fP+%WIn;GhF|a7>GSko4><jigYp`hc
zEo*No?SLJ0apUaevc9xD8FjLSfCxRycwE~E<9c$~GwXK}PEoF=Y4VQ0vUZ|}A~)mV
zd#zJmIfG3lZ5OoPC63$J7b~7-bPazm%QzZFVhtII*cDd0C`m9Ae%uo(_oh>5T6BOQ
zDtm7!#dKiLq#8k(76+};R6ik~FPk+Z=TeVlR7uX|vQ#C25PhT6)Vu`L?mdY)ZZmJY
zF^J(ECs;v|61&cd6frtOV@JpXuN?9Qg_`i=x}a*T-uTk&9$ZWT>3tvylrM7AmH_pg
zd>%?%O4c+XMGsVyFt#$7b5OKj(Q&_oP>dM8Dl`@)&Vclg`3ck%D~CyD7`_=Sf^8ze
zvvFX4D78MtcKlf!&i2jNEOYD>i<!o-Y~xgW-{4HI@zwK|rQIgJkpoDG10*oQa-N)7
zfH!4zc}Us$o*13Zq#r|W(tC#^mE>n}n6+@Y83Xc|x<U0CgBndRW}@_k0-DRqZemVA
z_q+>86;qQ&(bF1a&JCJ@>6&NwSb0CF`PkORnz}m}N1ev$I`AB9YQ}|eLVPd%T?+N;
z>sfX8M!eVrNjHr5GHVExawu%Vz7Ag?%8223n)&&ORzTOp-Gq1{?F_G|Ky5R|B4acD
zLJT-@&De*i)&H|{uAgF=4xP)*nAgmSkK*cWjFXRk0V@7++Rm0EY8fq!gubGXRqyLd
z;&03R;z{);YbP<Pz?0pOf-etdM$@=(CBYU?o9@pJ-P2R_hZI2^NpF8k5E%8&1uwqS
zesXd%84{l(A6sQ1<dkvY5V}Uxd5Ym9*L2)kJ@7(8wm3f6fTcVF-JnYXwvDzA5`WN4
z=|)bo8+G%m(XvT$deItxV7L3y>6f&9o2&dj&3}86q|hDhzda5_-tEoBG*a_Nb1wY)
zYQ9<;e7oHG_{cn=?JI&7Cv57iOXoEd2e%xJ4CQ)IA&zKWAGm>?i+l|kf4z8rrJK9u
zuO)e`a>KT%Uj`4+Zlv;j8uxt4^|a50BPnN<`cl#xXp6CQDF&rMf6oI2l4oDfOG?f(
zjBZ-p)PqC2dzs?akNNE=o4;E%%O;Wp1;sq~8JI3?MUI3d!fE(89hNt3+ZVH<;W>zv
z^>5_OIRJNThn>j9R9XRlJ_Kr2%aP!m+}$cBcSGhM3P~FGmgHxx(ZX7jqeBkL+HWx1
zVNu;UV>Pk5Q%$}XL555oOqNc?U218)JT8oKNHi5J%N?j(*T_f*dt!WidDw7;qN&`$
zl9PzxP{~Vi<=7)z-ok9=w=8Uia}*<LR39#ajO^9sc0uSo%xc>^yi%3Ra1-9aFtQxd
z)tQ6v97CbOuq7q$Lo)Hw+!~gQp0&5aCO#7pFyAkZFG$NPuSnY>SyW>Ah8D7}S+Y2u
z;m4s|cXX@ukWT@{xFBx&f48pVOs&Cl+B)&I_A9gB%i5V^R3)MLo}XI{I^x~LXeR%r
z;IOMBSB<Kg<0;e@4AS$X8#O?^Hmqqm4>s)ooaPFDDG6hn-d6LjZgaS(b6A{6XOU8Z
z!sTpz8Kq46#kX0_<GoiIy>5_fO-LlgOfir^oXeHu^Bdaub-~0L0xo{VtIhv4sb!nU
zW>&heisas`-<B9SK{%ja9rK4^kUzL|r;5DPx|CZU7jDFspry`@U(JcM+d7+U$8Ao+
zvn$CUigY<s{ei1eZy0P!Ro54LKLK}}OJSlRBaEJdR1OEnfFAmO^s&$p=fq9Ap@^dW
zzEGla1=U*CY4^*5Yf0)<6O!a$Q#|H)M{S|nW{?Sn$|a(*-6@(wBYiN(S>HBNl3RqJ
z#&z1U-HRW$s_)XgU#i=3urFed@IhhT%OB@}bhe^^=;2UF9|Rg-DyLi7Z>-GmI}Fe5
znjpTAY9v(=V*(bpo?p{fd_%}2qa+;ekKep?)`urH*pWcz!!b!X#3*x>4K*F~#%8*M
zl}A0HDh;Vmj3+;>C~|CTaCLTmC5bheW96&yOp!ALjuWUd9z9UZ6=jo2v)=80adVTg
z{|rqs|ATHRWMei1SV)k|(3q`e`#;W!Hp>j$(gf>}R_e)K*)lbmAfk)isJuoU{xnx9
zY>rj5SH`Dc*J6i8%{`xSlFjP3l*`ulHXNrZY05L7eXDp$@6EA9sx!f*m6mx4jZ}BP
z+^={F6cQX2z$!%_ByBPbzT9(3`RvR0sbsc73y~zl^6>q+v}jAuF}utkr&g`Mmz=Sb
zcv*K2{bL<DXzD!<dr8{9D0-vn7&fxxfn<~U7S>kZ!l(d!!Y4&w4@8B2BF8Ne+Tp+(
z=&dDAt?i>YEky1mc{9rJ963_f)JzhFvdxuGAi7ru63jWbjg4gN8YYN#{kE?Ymz&#6
zNgHRZX#6Q>r@LTA#Fo;D6Z3oH?$=L2N8iGoc=a4XTSMXg4dte6d+K58D#yq&A3LCi
z_B#rbVL<3QuB@Y_u*XhiQ;xG1F(dhX_zXNdHKzHY*{sJR$Aj5Q83YVOMb~aJq!P^4
zgq>djOfgYVBT+0sJh74$Q}*!&IW(y!l_pK5tirBv=JAk)2pB04KdV({lvX~{C!>En
z__i?S*v)=c&ClX$?2S`=D6~~WIz=-8B>~#2IM~6UK#bUDj!s+(Ff<#S(9TR(Qm`i|
ze_;CIlcTZ6j(|NfB=$ols+gh*<+X5$dPDxjV9t6zwFg!lx2;-A-E$lLOpV_vRRwtu
zTfRj1rc1t3FXk~THMlWpmId_~7!k6S9n7&`&Z?h6{rx8+7}AQPZ~$Zb5UU~O3%2vR
zODJ9;P-FlAkn4pdMLk3+in`az^dF|sizS@$ie4|J?MSZ{X;ikzEcUgp%3l|`teE&%
z<njjx8-CTpr=0R^?XO$rPmPN%lhV!8=+fY$Fb~Z!wSyju!FVFG?@twDYQ&2kxs{0_
zJ;5HiM#3t3?vtsUCdr(XWmBeR5;SiN^@S3{&Jt}SUS8y~Q?y36P{S^j0%hu^VPthr
zQ5*-FTATP}@EeuEMg=&xZK_d!Rsl>cRsPilo<Eiw1*v+_ml;u-tDm>@ml&FVMjm@o
zSjiOwh6{SzF*`5c(Bsq$?25%yK!2>BY+2)&CCw=0{a3p$471p@d1&1jF%!i1lw+%N
z>tLVWQpz23n8u{Lhe8QMBUfb!YF0iZd!iP;$g}!zJ-ViBB<V*HloSOu7_F*g>M84p
z;Dnk(I<!OJXO;fUWmZx|&azZOVr7}q+TlZ{9M9`OcX<lYysd~PW=OAP=fY6d-@_d^
zZnIPR23}1v2G)X+U(hs?9bLs@1Cik=ZFPs0>7o~SXnWM>7FD!t-DYU6x^BzghM8{g
zjG3q{A(zeOy}T%oL8F@d%dn?0_eb2P&Sz`(r8sI$PS-oR)>w!6^{<wb>s&dwP~^D{
zux%3wDx=4#zl)7gLrv!{U`h1NxU^Lj1$kP1MuzN2THTV*k|5Q$*=MJRoey`l9fF|m
zL{aVMemnIuZtvsFo$pUQB)ohf+s466SsIr+XX^Io(`A}kNvrqH>&uq+ZW8hHStruY
zdBtJsw3-I5BH;@B27RYRL;2jaA&y@580L<I{d-$a0!RmGLY?U`+R?Bk4ef|vJYo=%
zlSGS}6&jy{fv7TEt2z_6ZD8{4^9%G_Wle8w!%rxEyN}ngT2=quFh-~1&*IwxesC?S
zBdW9_CV*&L;IktVk~``UjVW^Mr_`2v+5Rp1r}mvmi*+Vu;<$=h;oY~L?eJRmEOK3+
zEN{9dL|EQ+2y2kqP@0gXywTh-=eq3{zJ$X@nJcr4bgdb43`o4cy5TNdx-I4bt)uSi
zE%)i|1->u(zCSQPiSx<r3l4VCgU1%w%s4?5<MiUw{iK5ocHB@ie}c8k8p2AnyI%gJ
zKE#e)!+w{RfyT*bR!r+zQI-)mN$L@i<I^73`j}#$W#xW^db3nmj^`f00gr#0q!>hA
zM*4R8Y=?L)tI)ZExL|P-n#f3&bsO;u`C^8CFEO)C7=GiJqS5yL0!v50Kc_4n`Srli
zE}PZ3@n|?6uI7S%*dJEFy7c$bF<)#$`$~f)u-iaUyRqa-xM9fe(P!)6(`d%C-@%VH
zS%0KX`)perA+qCwV@Hqm-UJ_=XV)n48n0BZQp2v-bMkb@nU_|d*KGY#;z~(3X|snc
zg3QL^>nr=XW0>LEpZd?0O4OGMVW<;u?j9!73~2P<0m#%jhuB}`*^iAZnp5|UlktX$
zS2I<AJ%7Z3Xkl!OM3mNxxl%8wUhXzypjg`*<=W%ZjU$E~25pQalW3Nf%33h-;}(rO
z+T!{Y&s^GJAGu&5^g~22qLCf_0m2c7nM4(LPS-;0Xa^A})9~vN{D@_^h`n3y*{@i=
zdm##%ADwH-Z^<}P$bmu1v?X%Mp-gSW?7T>+2y3=)aRXGaN`7mfOwnzuCkF#LrwQM=
z`hD>6K{m<tyQ`y-k0(C5&UiE5(bi6BRU6#AMN?QD7G6!fU2jDe>t0?t#(Ct((plUT
z*;#e#c1y~7a-F&EU~g+v*|FdV%ICTHRCaNyl;;8MYD|C#lra2oFk2}rh;>Yb6S2sp
z8sMxT-Ybd2beByMZzUjPgg&y}E?(x(adlK-7X?dv#*)vO<$<yL6bH}M*U=}GTzEJr
z+g;f>!Hz{P${@8j1Vu60H&E#K7523H$tJ7G%E+56Nz~Fc{MwW>QD1kks9ED!1dKF)
zSp-v0jmD6F>|JtY<2p|8!6hneN-Yss^dAFIdTu{#>z9SPj1P-5<WrxBzzI!~faVdT
zSKMrj8qW$?ljoucDDaB3$1o2a-jIY6{HnkV$h*v2sut#zjH-FOch&}`RCK+B>&qKg
z=Hp9|MqulT)ex5{rWtAN29KDExmKNL80bRNd<AFXBkC>eI2<^eD=DUM6J@?^=OEHY
zwzJqtmS^3RuB7_`OS!MA25H^v6Qc{K{&W>6dD2@#JxXaKGyVK|zgypY#P*R$Rees}
zT#7raTN3n3;yewM1gH>3sEpb3rpka;-Q3Myhv<8ARtEe))IqIM$E_mflMnsxus||8
zS^11J5CM65`j^Nd9X7Lu-RfkuB_aX{m<b9ZskN3HN_t_&Mou;wuNjLob$hme{u$Kz
z3=N&6N{rYYMU4yY;V^gNgcHWSjeMnHm<urWAzF=8`A-w+HW(d``AS;9558<Q;|%0p
zN7BzJTWS4PT{)bJI6|h9Bt#0Mq|ul3GAN5}m7H7WW}K<nn!>}x%_IsJLo~4aq*>AN
zJMls^q(n*Up}x=d=I~AE&98~-M+zE30)OXJ;=!dlRYhPau#7ZuSwXgFl^;J@HUGuV
zxs&pHiWIC`M=<sNLx3x#alKQbboF^ZlTYi(o+7R77d_5|aUCWuXijyAT@=mo4a{*F
zK^y@xc|+31q^CR~W&h-74N-zVji@7k`>$J%F^&}ue$Ux!FeidZ%c^Z1ajhEq&`#%^
zHMh^*p|#0Bi7*Y+Q=N_^GFUg3x<viq+4kA#9Z&>=_I&-}Ys@}QZ3{(}xhz%If;W&3
zQNgB<ett#YauACsRZTw$VP=sz@{R^N3;pgp96$4o4))l~1&<tBjqQr3?3m|%l)0kT
zOuPJ1m2jo!_>FGo*M#l_iTX@Hy}@2E6nlv78>{a^#o+sd(I;bs8GYPaSriqKvwFR<
zx23LcsJ0!Y=@QFfavK_)Qe%puB3m)Waf9;gn<Qs3hcF5#vd)7F?s{N8G)@(HUx!lL
z%egn64L1**?^{jcFJYe$Yg8}W+RkJ9f0+a9y4Qn-GO5<t!_&YzaABiP61veIK5(fs
zGaD9~cqM_wR*bJtFT7GEfY9rWqP7MJvD$KeVH0xs$lZBn$wHDjbO#*r-Nsed!JJDN
zk-cuBULmNLJ$*g-31x2n37_G&LP>}~`(YGcSEzBCLx8bR!u`mcN{`lz?b5M}W)vAy
zh8`*PX|ER4qm(xJPHV#tFvFW|i$v$Q*%EnM2YVL4n$Vk|SpN8#?c=iUysgfN1*ky1
zV3N0@V^B<QXpX`5hrj9EBI96|OoN@lFRXa8r4x9pj15s>1#T=g-NR=<RBS;UAY5LY
z>8<!W+t2WteI_lC0Tu^MFKstC6DEQ(>B=MJt|=Y8$lNYMQzk&6l{1uRz_u?p6=gGv
zk-l=j>#TkHDw(qGkezqVvn$HT9!r$Wz`HbM$!VP7i^^eRBQ4h3o?o$BM#r=3%o5we
zUzw{QAAQv+E^SF|bxB=ia|6*rn6nBmIV^BN{qLY^>**#Ke7lk+mM4Z5`TZG$u@K%r
zC};Ol9UYWD5+S>decChb9M-@t5Jd-@!LWf}RynGKWOU9-hQ#jBXa{SMExlTabLa&4
z(Ds{gE!_)!FD<pWEoPc%Er`=ZSQPQJB<he#so!L!M(2@wkbeYf<Fq?xieK35aTIE?
ze{$!qrI0j4?d7p3>3{5RyfG}4INS%px*X$w7wmc<hqu#@84xdjwGgHo+%&--?bb2C
z_-!g6jN-ab;wfogPF$A=Sw-uU4r9f77`rersIDf&--hY=U71TaS+eU?M9xi7zFkVr
zkaZN`aGG7e7Y<V&2(~h6F;VpQue-|G9;pJlSUcn#75(%8pTUu=h7E1Xs{eXI9<o0k
zE)H4ask4*~$2PF7zP2>6Jm8CpSU*Mq-+sQi$LKu%k>FGSG&zs;C;2|-pMb;Rugni7
zdS{z%5qt1+Jfy~@Cdo-5UQ(6-4K6y-rRYjWu*CGKB@yWB@8Kvr`_27v4M6ZZWx>OT
zqk+#+J#cPBHqNb-#_bTNu2m6J_%o63$KG?pH!cTnTWqzeB>DU1&og)jeK?fiC(O0R
zE5%vGYZ|wT2+rsmxR$~#t^le5&jz0SkOouCYC7g~#1{LZH{3s4Fp(<LaI0$X7cj(A
z76-pnPK17Heu(#XY?@X8h4KwHEPMef*_<M;?xFTF7D!;pt{a_47t@6HPtaS$p5%Y(
zN>3ls{{n<t0?^>%mUz+&6Vxy2%gXla$(3XGSn~Mv-SYgf0Wi_Lv{%0H38yt=ji7WE
zuD}MzAHG9#KS5Yo2uFFjJZ)+|<_GaUcit^$2Bt$1Ol8}T_Z)K;0gOd`(((hCETf{f
zSR&1iPiO}7VWxA08fKxU6EjOnAZ^+DM#xsL{h!Xmp_8&jZyi5{#~*=pG2i`{gXBU6
zn*;tGJ&I1a>|!$fMvFhT^Y_t}Vy1IolH~Cc=WomGaqU#i)yJ8zBUt7-NXG=TxeH<G
zPu+>~f(VLo`<K*YG7o$~7D895Idqww#=K#Cd>6m*qf~=MqEPN_Nci|<EQBVEW<tOv
zP<wZ26tmf~3kT;ziqNWaFuak3q=3~y0R*?L@c3&@6DuVf4<Zvrp3dJfd*T-mm@G5(
z!(dNKz%LwH3aKwu)xZph=%`|kc$7dB=Ag*d`e@mBGXaOOd7x!28P}AyvQ(kyZD05L
zP+Z$@*x;rPu|sPs?hM(LN@O?f&8XA%EETXE!OM*V#94c6i*fr6IkN&?D3eprb?a9_
zvyn-Wq`GXMs<f?Va$uYP+Lew{Y<Nt2p!ouD{t~Dv4QKxG{+4HO=ystp{(65fV*}K&
z$Ff0=l^TqR7NT2#dxxezx`}ATD&w+$x)JFpP{vm~)Q~#LMx?5(o1_{P1Y62Vm5}%F
zgNVR#(zKf9hrtN|*yr>;JI$k%CvLYRop@EKP(>@rjKyR}VZcVln^?J|!*A$**&Ot}
zpY8F|$)7nXM5SM~iZ^m%WRJ`?K01<Qig|?ZkdA4^7IP!rEYH%C6aiiaZ)&b1&Vmq6
zVCEN?3Vj3l?=f0~c6)ZPpu)*R|H~Gc-UChSLS*Q$Ah$N^LE4F?4RrC%$=4jAI)d_o
zvEO{uH6_tLe`Fhrdiegv>#ZOar7FZKV=W(}$;Eg!wTdM153A_*pZX8xKGlQYLx6Hc
z_T7S+2UGSS5lZF=%0b#aAA6hXQTBXcTPUMqSZ&yP+ccFDWChTuC6^$%`^LRGliio9
zGiVtA1w9n!9|Y>z<~`Cg>Zy!ti=>?1m>FcSR+tPnBbP)l^8c?MY99uLx^BKEJ{ilp
zzBoQWwdV}J(%G~))|KqnHzqgYk;mpt&^Bqr336AikilhmiU0{Df9nF^&!Zc0OT`G;
zDylSUW}r_6Y((Vcj0FwM^ST2N|NN*B`M9Q4z-S=yz>ahUh(KX)E{j*MV?>ypVJd^&
zjCVJaME`MG<@bG4QFbPN_XXr7sLBv)P=9%QA(mB=JlGF$2zn5~LPCYyZ-!!@xmK@V
z<F637e3#3h_;gsfXJMFh67z*}INRuI;W!Hjoi9~1(Kc<|STPKH6&T)o)+9f7YmPkM
zmBExS!M%|*#{wQ`+egRE@SPs2(n?jM+T*^Ipw_Ms5-?i^IFlGoYa}=349W)OH-87d
z^&<_r(T{wLZG0WDE5!#MHUoS463T>dGsNqco&KV&a<W}=sGUJYEGX}L4eTLn8+5@Z
ze9@E%)`4uiM-j1URvkr`b{RYkx|L>;0eNS*qawQiPS7DaqgT#d*U4kGN<L{B^rlQk
zy>532oG{by{YAT+eO~SwsP}_<(}usbxsyD{e=3g2V^@?E<`)&rfJWPGGP&17a-dDJ
z_qSWOPK0GmH8M>j&hG*KHy-KHMmauob;p7Cq?Glu@QLEDv^{$O04yYy=2+atkv(3^
zu|!G6VyWF*u+=$L`;aB0q~zEOuhq%4NnpHb7}3j4k@89oFFtmgLFSyaJAe~`z%G@g
z3{vt<=n!JPraDp^U686{v1`XjB&*K0L$*kTNc3ThjZ=nFhR$a)#K*a`*z7}Dj71lH
z%6r!;dU|8p8Dm>-MQB8RSk!^ms}3=DiPxO^Wh`#sDhwb_M8RtC4cmrgCCvuYnNxRS
zM{+XU1!oVoCbEsSa@)0G<>oiwyF0+Dl(;{HJtw(8pFE#z6tueBp6^ZM%|yKOK*M7j
z*cE%d?$iGV;HQqxlxcFgKe@0Er#<1ipPK^JgxXX$4}^a&y<9(ia&T%rVS_kHYkZa@
z5Z4d}eg^?@;%OqG4peD=Y0dAYR{q=x5WS@TJv$V_l7yXu#}zpL9cZiOhR7T(HNYWf
zFU@13TBU>$H2U|GB^vuL$3JJeLwGc;?XgY%qs}>gt?%jweCwZf-Hu$7mfrG5o&;fu
zR-OO&=J5q}05@|^=l{=_qp6f!`F+G)Rsk~FURt|RtLuFzkP7*yEkbiW-4Fmp@BVzU
z#C-tNu}2E9dH?<bTCJ#6u+~(N5Aa3)kpk%oDl1TMNbBZ3;|Crdg7|Ck?!S4^Cy^V6
z$2n7oa|rA1R3b}DOCt8V{e866Z>{dn)8=*5iYxMels@9wN?K~f)t^8hK=~k=-DJfJ
z0;nuyqJ#q_OQoK*Nr<yDpvJO|g}!H^$u^i`t<-Z|e!t<+e86Np1K5w7zMXn)k>70B
z9m>frociCX(RR~8PD7FC|2g#&0wTG00@;<YvByz>)+-)KGD+h8y!tLnI|ljaDpg;C
ziT~A7<$y9eAD`ca7hr6nfKqq>na!Sn{l+XlC^DHj)Kr<#mdS2Xq>`#B*Ef~e<i4EV
zKq^Hk2SEC6R+J{t-DEj2!E;hc4lO$)fKK(L8P@G>Y}pf~POpR{bf`)zz{X#)P6gu9
z!KDmp_m1CeEj*0ta#uW!uAQgRb+5#^4m?fSKFVYO4BfRGhSy}ANv~9{8)l=IzqAwR
z?7K$H-jAudM+N{G;8_IID<A8(jk0Nd7s_VcqwoN!E`(uRf;-Kt&d?%$Nh17xg8F2I
zqRX=%Gxq)OzDY&_hHN#W@=AgN?oL2{aRIpkGXZD-<@+`za;UxQ1W93hN64%YyV<v@
z_HdA@23$PSQCXp0Eb#{h7`-OiC_E78N+*#wapavoutfoX1GtDGeX&~&C{SlZ6S~fe
za#G^OF=eXLcE?0yAArNTfVP_8(oANVt^4My^!hOD0iaw8>P^p{&<~i^6r+@6H;a54
zQd6F#uHcP!2t0;@pQ|)QvX`umAE%)xXe~r8;<HJRWMT4=DyG>jnOLua6__#+r1eUd
z(;u2TU`Kk1{mp(p)cw5rXF|1uZ=Nn5VRq0#xj#qs`P5ZReymNWI^|d<-kDCv2gq3!
zupH)3=-}*0STR(J|JW#8W0mbjAs?bj*`Q5h=`#fCf~-Ynu1y!8PT}Dk-DW4uNID+j
z0hTX}JP1P>{Qlp6Ntt~NWrU8;W_HYy5E~V9|AVmo#xD_7#4)_jM@QY}NksED&`3uU
z&JROd><e>bGBHK1CtBZWc-asU3nc1i4ux#xYKk{jJ}~A8Me;@d;AaES_YdZQ9Dl&)
zu@sW2niGsVasDIJLK<{f^nt|r)06DLWaX+ZYoMM3K#)x3%Dy)a;!%sd0pmWxQOny9
zffV)#&eiBCb{E~;T@iuy?noP3nNK-bx{*1X1Z~%Om@CD;@dk3QD}%mY|G3v9NYa~k
z-Hbjl<VeVl*h7|#BB9^#mKPvzlPe<zEi9^JbPjW1ycYXs`a^L&-;ORQ-n5b&5ZU5n
zc2~0ry&n8v7u6m5Xi%|@tXG#W0alRA1&k#vgg0m3yHoa}R|cVj(Z1XmbROFV)iWqB
z6RpV+yj!0ok}WMfmP?CyC(JI+*k2-)2L%4+{GeW9jR4`_FyOkM>&+XyyzUJ3&FVBZ
z3c=ED{aT33?lA9_8FO-<t%Of>u$9XeTeu(!KFSJ2(I24;MCq~0-Jvau|FYCt_%P_s
z@BXMLuW8fp$&7Y^!+HE#eR$DQjzmiG#92Ot*$$*S&CbcF5AZ~29*$kTwaY9e_vI8S
zKdoWSG^O7-<98SgKNtQ=Akz~*;?9@2pG!WSt~@p&bCPHRyTZlZ#6jQR>ww&`Ota1H
z>EYHP(H%_koVnC!eDZPxHqcgMZcon)6wUs#=mTm>*q2(#FYTJ=9w34LKSY$R?)THJ
zJ(udX9V2SBGe(o~NEtZ@h_IEB#AH5B6h!M0!RcRVoT}&HohhIm=vH9W5N>msWD32f
zG|~d{T7HY}UDmW#cMUA=a~MInBrP6_DqKAI$hSy;<lstD{7gnI-314Bv5?KaCJqZv
zdgqA7V3tYvfUfCj-^(%Z0m6ZF{^%-Zgbt8rNQ4>E9Vr&?FY**BgXR?}POlP$bmN#F
zMSR7KM4KIRTMUdJ<jXCiZ`HKRk@kNA3XththL3_RxqSWasNkGdq_n>_{OE5U&Rc_8
zxkcOc>7#PuIviSA#k_eC;UM<|_lT)<fuZ7=N9|c@_>$EhXWZ4*eu@8V4oYN{e&@cd
zxaw;4IziLw*mgn@8iKoTl+*1-$fn?y1DI*%LlUe5UZpcawnQWxGo=0@BB*SUvr}CY
zs9`)nj$z;QRTldS`%iX$z}huHoOWe_#dBXS0#%A@+Uq=hp5#6S&W(`8@I@M13ud?Y
zrm<cW5vTM7l`ny1SKW%ufLn2?(#)MicweGDJRT@4u)0VKu6j`oXyrHaA;N7ODJ!=i
zFDJ2oGY4&|PgV!0-O#nYItg@+Mu#}9eAs4kclWvEunr0k(sh+A+5RYzOp-Z1pgHyN
z+df=fQKWLZsZJPb0SDLF_QIrM@04|xRcVvpmGp!aASa7B%3se%D{<MX_DoY{Mxf}^
zpZn@9s5`i5=W%y#prWlD+80~Xb|ZQ$GL=?Nlgn3I?3k)<vY>`D3?3LE5!?rS-N3d&
zTNUBpTokpdB#yeRCmY_@gq0q9H#f8y=F7uSA*Gn~Nt$k4Tb`WWWBo>i4+uOAm{d4%
zeBoNMImUGget}9JAius?25J%OiY$<0L_O8=-q%i)U#bVC=3trBF*s<b9f@v^>*lDb
z`O>A83qJp@FNN;g+#FegU6+)aqoZC$weF8oc2^t9?;J;HOg`V{2%gWXZz-;yF*X=~
zPIKGn-y*nVUQ23yb<zMc)Bmr`FK=2?(tX?fb{_(Q{xt1r;@Lh09IX4M;j+cjfO?VU
z74JII*V(dHW%dP3iz7iyN^4|Mk2wc06<~>8>J~zv&mML01DF!*sv0XX1Zvq&vc(bM
z;~pQdH<OAWO%Q&my97jjon{)el~H@B;-V}CB!0Qd<-;~i-$O(v0^+3Rq;&-b$9oTp
zSz$~jrF`fe-B~_t%%Zbd8Ioo<nSSQ0H8lrIuSfQ`q)qe$Y|Ku%Mom;<5Q#Ov9TurO
zJ&LW9;Xp?$2ratLRhvlO$5xDN&@vNL>T--RHtf;Pr++799y@F!QC0m(S!3(<cSLNI
zu=9l?o!o-0w25t()O|SU9$vw@L-@mS1?k%RpCTCg(rn#nxUQhkfC%elZjNOF@waDQ
z-K84jszYzX400sH;H!GBKgR`}mgX|DFB6j>)58^RSTq~crJnUTpUBrMZOd%O2%gN+
z7&^VFM3Qvf7THS!vL_+v&oY+Gxi~n~-E>-mszeWL<`>h<U8?9kIh~90bccKgh4rC!
zsr{<fDJ|32OeeJpys|j43uWa=N4@MPMVlMSK1yukbJ+DWku%<F<7aX$Axw|}`a!yc
zeS3KkIq10{N|lPB+ZSyr79s`Rh)_#LWWVfZQ$n2~R~U&I={<J(Ng<`TAeD-fP@%C9
zfL@^hwJ3`_8b=x6-5=wBMy`GCqF`vS75OcasoUi%gr&0Z%@0kX3RD&E3mPeq<E2Ao
zf_a<IC>r|>d$$|H;V_rCOuBjfY9Jo*)0o->c%iv~DUFHdTt3sV279DuX^S=Ef0Xyu
zeQ_+$!!{=dApt@N9z3{1a7%C}xI+l;&f*fmB}gDR!F_Sp;I0cS?y|T$+_R9J^Zk9E
zm+<sIu%q48Jw4S`SJfCa_HDNq3!sa&b#hs!5N?NOe(tVNcC<;l@w{15H^0?y$=~2>
zHzuviD@F+m8;*P$=exguL(j3qWql0N`9^C{C@^D)=l8ya?0Y8fc`WUI9WWiG#9Gfa
zXlFGL{r?@Id~qN=YNd_N#qw99d5EQE1c?pd7Iw3KPX@rGk|$GvkhKKkhJ5D3B5TEl
z61AS4ue&@sWI>tN5y^V1h(9mpeh4TiSZCWja|yS^B23p2wm|c4Q*w7qvG;_8(?_Iv
zs&1D86I+=U9jCT7f%;arVW5NrKt`@ngrpIDs_>7~jDWGdRPyl`Cqe`erW27qFzOM?
zZbGvRn!g>H+@efoj@E;1kNWBKxk$j!gBuue%#w_xqABr{Zoe$T9S-%zWdwy&j)L*u
zaOJ^yXVbD01Z=YpeT!@(A6o4vuly$l2yg&XT2I&XF2Cf~?O__4#0ZA1QgFiI6PSD)
zvYES5fZY_R9&x~fHw;;w$Y}9Y&2WdhVbcI#r{%omY??!-MRi_Vb>W*Kzd-U*a<yyK
zsWF_x?J%jFA_9Myi#(3tE;Z3}LS)`vJ2JV0ex9^{Gz9Z#rEXzC0^<1{fW;C2$PU3t
zmPHbg-0A~BZ6~s<P8KaBnF%4tLGlgHkBJhakQk}ufkustn~+2p@G=-cds*ZI#2p2t
zHhb)ninGsP+T|}L?u{rS-iSFI=^JI6?J;am7{flPbJMpuz9CHp>urgDeqDn1ltxFK
z5We#6Nv|y)!KYDFJi(-W{+!aOCq(BcPnMQ}N31|XEf~cq621bDj)?#ti~<6cW-%h5
zr)3yWn6SM92)G<}r9t8@+#lRy!Jpg5X8?964>ZjjhX+GSEw-i0v!ASs%W}x`36BAX
zLAGvt7PdNthWCWOy9x&<*e`R5D8A2Kf<ZNXF@VdCMX+UOBM!Ln$|0!}twj(|nNg(H
z_M5brSAE3cc$>Cfz;K3Kw?;E9YIHNSsocZIk<7|(pRqjP3<p&Yt~YXy{k+b^<c}&l
zMm)|BRz|Yq&XeH*7E3b*0?5z1fAa%0kn`(E(+gk$JE)m8MBZadqUaGUUi=$Z1^_2-
z_~^o&HN0vhlviC%x;mp(zfAdZ7}VP7uxb?)wPK@_^&IWN94&m&1T^+8>i3X&8x_EV
zbP&?k>%%(Ufkovf?Oj{Q)H}{8v-iOkAo{C%yC7gD5io4<yuLU;Tw5}|slI7+zXCqI
z&d|q=!qf9<!04Z{5%Eb|b~297KO2+g@az>&B;Put286xRMH}{L{pm$M)UB$+bykzo
z3OGM6&IF}ukv!WmpqXH`U&2F+<-ix2!E?{RO+cIqa-RY{DFDNC?=57yG?=RVrcC8J
z4*0*!quUA=oOyiec@1j3IRn7nhH{);pD8&c2KsP%Y5zoOhRkK^i0W%`uug}R%e9X4
z<0Rc2RTHd2|J;sY`U7`{fdR=gVSmoN3lQ@M>wDd(7V8GJ8k+YI!RGVa&7RO^OykuG
z*z-7VX@jPp^<I_sp0W!)?7h7bIGQ5jcXuc7x!;U1uy8q|c)8TE3496*l?XIje0H{~
zFkRnS_zjyb6eM|QU|W1ZbRKM3t2JCLU;2+T>aovNu;wQESm9TJ#4GYnB9&&v%g`!y
zx7h^EvME;I*&%7`sZ#5odKUpE;ztdB3<wBXZNO(cti$C9ztp?#0TzQLZGqdXB2I)K
z1RE0DRhWQx$VktMob00u%<6SVXv<@-Fn!gvfp6UJO-a2uE@V27IzU4ejHzo^sQbg+
zH!{?yrfyu}BP?4~*K*9Rq?gy~PhQHkxaG+LQ;;@C1FUtM+u09}WT;$jY+Pn=h_LhU
zLpTi8E5=cBA{JjQZ>1QPa@toj4KilV*czq<89Z9BiA_d(-{s07jmAPFeJnf_$iQ>N
z#KXc+RzWd4JV3Ee(WA$X?{-<CoM=;(FkQHgtq6jnnGWOe^00i6tU(V&28B-%E2GMJ
z>&$-e$><EHlM-N7jNwV+*Ep}aoJ~cM6rG2mWI=Dga&56!a+^n4-J<>j81)x6Ha74!
zYhgBs$=rOTbIVui7yln}v(5w1A)O4(?bvz5Ax$R5TQ;lby^Dke6{-!D<ofO>T%##Z
zhgvr+r&Iv*|Dw{nCX$`}QwhK@d|urWfnIl#KnAt8&PJd8?iU(C*ov%!TqlHp0BQpI
zM6<yB?HMqpm*aD|@`qejUxiy<2s?DTGfI0cjc^XoFuhTERSGrN5%eR-&>b^qq_6H5
zKEX8a=}pImwhg<qx{Mz}F~_-7Q*sgc*MuVgcQh$Oebl05#>*|E7qKI9G+fs5&x$`|
zKucCdOwB54Q&qr{0paw(68k`gVQ8{2%1Jh4Sic*F68UU(|98|?Rkc7I^5S8yS5772
zocgg~Pv&-zDuFO=VCy_DMwMUr4w#tFi31ZQcbH)1mt#I3ZG=e@DBMkW1Ve+!-4M~;
z2SZc{Es&@!Z7C~Ubpv`DMe<CkD)yvW*2G<0SO9sJwT)-_dM5_~;cC>ha&lWG&+$B@
z%XJ)rITM0NYgvqunVs#OnOxoX3Ov{fBrDJ+aqWD5{3}CA`L_x443&ynzLoKL`Yg|Q
zoh|@V(^fauTNggr&>{gWZt>ukRR&mQ?``>*(tAS$ez;a`v7+sbqOj`fWb5XHM-z4w
z=Up1@54i~CbZ=6)tYV_phM251PgN8gP0Vbeem0twUVAHruO6))>4%k}@u^-I5+Ec+
zGSf%f7`roE`^qaRCoP1n+g(6X7MC>80v?IvxeuRdF3!Y9423JEby0=Jo~MrGIjLj}
zF1<_=;uG@0K_ejFPB1A~Rv@6(ux%k1aa7~Lgye$|1<GV4BS0O&(OKmSEmkeJ)UJXU
z*6&M)+lF%$%MOl*HN+Ir#twfiEs62ggel*~)@?plrgU;#tz64qZ0~(h$M99II~;@r
z7-+F4x6#I9XDNI7Q-pvBg63>8yCmv7Z$M-gN48tph<N>?1pLOpEASwmRU^FLt7&w2
z7BZ+{S0L;tYo*)GcDwSOr$PkeB1dQ*eVY<W*QP5{zDZ}86c4D&Cbe?nu3Hh-2N;1D
zKk!60Tx@sW<&G$Y?Cz#p#$P=vVHx$2jWzZ?n#kDZH>E005^`0w&Q2(lU%h+}o3Faj
z=}{p_H~UzkV|C;+sr5p?Evi1h@0(+elS;wh8mU=A9H43ZEFW~@#0SNgQ>ZJuWgRi2
z6<A96F)BVUh>X}P<XplS$!Q&trr~M`O8U@c^PGnLv`Du!G|gmXGeeszgpaB_%jHU3
zbbfe0k(_a^beEy!wY)x-z?cqph@8g>s!JpvVB)ZOB6l>}@cYa&Wue!3o*}^|NdkrF
zi}H$4KAz*iMu(LPC>qB3Wf9C)i9p{ISIIEdCHpHXxNdD`c%4Y$WCiUxb-ZS;Nd#m2
z7<l??%numdT5N6zEV0b8C9cU-9Y(IxETfgF$i}43m@~MD_w1ljGlOL&dwfOadEf(P
z0GF+mONBU1MBYX4lou(!jzIU{%4Y1rrLnvCD*ZF3(s>Th5u-QX?5|>OYkwVfG3j1Y
zEB=x5n2K}gXX^O3vz*2g0>HEdZW}qxVjpU|sC~E1F9=|zozLJ{DK~rWLq10ts>iVs
z8$T>|efHI8)}XeKQJ;ndEQhqVs0}P204u?kY(T18m8wK>Kq^dq^z+~+s|UxlYzI(D
zV8X^9GQNdma1XfnikqZcEjpToZ&eygDTNnkELxgHIUn}EaIT;&;4U$#R$C6VRD3Ti
zoF4Xt_%*{Nbiz8nr>kEQ16X2;*f08WBeel|u!iia=c)Xs+vK3K(<||Ss5P0uxSF(B
zKUs-W4BlS=Zd#go*hhZso4=GhQkY5jYSmt8K5ud{lkd`s)nYv=>S8l>L!x@;uF0LJ
zSy}O~t6}kW8~ACpTXR5YjV@@3Skv9<Q;8vTbjFAS-~d$Z<~)N5CN1F(sdw?Fx=Amo
z$FdXH0jKMeMfXBM$4}$Ymj`e2#CnfZ00VsiW6y?&pZH>7dW`se<V}ncX|8Tg>PVmz
ziA6NWcUVFN-uf!+ox_gwj<T8U#8cyUS%!Hr;(+2VEdy1}XL5cu2T>wZjTsRWga_kb
z2a+B8zD;zRsoHynffbd-@%d~h+A!9E!%5hY3!)yuTpI0h61Cx)hRX>z=(wx+Tk1t-
zvW?uw(Wpd9z%|Lu$+`-6(2;BmWAt*|&I{gOu+F&BF&d5-fTw`t>}H90t{)NxaF^Du
zLaST`8m6AdbCc6%oYcHP8(Ji=Yc>IVqpBGqas>i6O9DFJ_)nEtfKv#r{H>V7qii3F
z(cdUu=oNj6tKFN4$vNKIdD@pdri~>}e61l`Q9<;$-RGLjwh@C`#ks@03v}c0;&cZ8
zVCRvm*mSxj+`7KwRQFQ8LYH}pRD0C7w*T5@AEVp&@MTGs-Ao;s=V#o&g`~(ipCMF)
zDxv?>ybiCEIc*P^8DUs8-p|<U0&d$wS%n?3E~H0uH4a~Bq*A$a4(-F4=9-X|w^71_
z)zQHV+W}jEdAY^=g?&&zu%a>_W1q#D#ilIjQ%J#|>y_1B;o!-AIMWE*DsGKe73`l5
zZ5`?D&AM47*vIJofOLzRWBKk0;3gId(g-~0@H*sBRhw%*thNXIULe3j0@bs_W*FDr
z`&xq8tnUfeznZA~iyP2xFK1=k=b9bGMPD=m&aA6KGTiqTS{`e$63UeQby<MH-Wz*)
z<Faxy)Y6rU6n|~n2m2dJG5#Z(JCn1sCBOUG1chr2Y*s<7qZ2Dnuw$TURW83jw2V>K
zm_BrrVTBlp(xtEt`rdD)v{a;o10qHztlVlx;uva>$RQCfN+qRF`&PzFl7%pqtazC8
z@<A+Xb-eGF6c@A8q`+*o{#z`#$!-<9%z`Wn2I9~1or!f}I`6@xuF)Di@8G^(7hm;z
zl5DL=rcyW_!G<E;pa<KHYG3Fz8~tf$X)&JZ;L?9w!3Csx0E*7nFgaDT-A!^7zh`~;
zkL$~gE`&X?cv(P<GId=JLP`NNvA=4IF*;DEU~`HnWbFPWOson9=5C~tX`Rq;ShguK
zf<F5wR(SIw<Ev&9SrXjlrm;G|lo-*n01KCLNwSGEIznwHn+)w-xfwlnU{ah)>}0{#
z;*<lZy^m2=G;OOAyq4jay-RCRc;9q=!jRA7mLzAtcd~bdD3dC0AvJNK$1JSK)}4>V
zVOC1jFI0eC1e2Gpn9je@_nd^k69GJDE_0rBWltYjN((O=lU#|<YUq9ZQ2ojDjEgp5
z=qmx4rmPJbVSfZOz8MA>ba2i&v>`gbGi*YmP8GVPi<OZ!`*P@04fF#c1+z5}eX<q$
zMJu5@8F+Ut{jd-d!&m(a*_s+a^NWV~x9Naj5V}Xi0#<-SO+hyXu(_hC^H|V>IM+%T
zmZ^F5U(5pU;ijo!vvPi&HJ-?P*xs!8Ult(dZ35p;blx}iV-AsEF=)Ci*0gQOtKC;Y
zk|e~J05$pAqB_}JJ=SWaM+#VUcHu;>lADDk8WtFN;g`+nIB+My9?_s%2jX)UD-Nms
zH2dw5cUfzjfjsnSlAt3L_9{T~7i*4IC%UY4dXK`Jq>2f*xGq`}IF8%Al$x7@Rbz_R
z&#9<qs9Tx8?NGDu5|cEYc{emC;~R!;F6ddhaRHe!=9*0IM_Wvo97pveBbV*#r~Qw_
zc?$%#OU%vIO-m{oO?H1Zk*VXLF@V(y69MPou3SEo5wg(&Kfyh;+ovyi*a-UEYE)C-
zU#APRJ88TM;Dc;z*rEVDZm3$PlcQvU-5(zJQ%NkawB-1Z^HaQwzgT`ylab>llVwAd
z0F>eKbo&CLjxF#_Iq|^sF{DEE%fviock4hEF!>aFm0weZtS39;#b-(wM2W@%pwX1n
z=qaQW7|x#EfX_KhHKC@v*W3Ud-BI+tS!;x0<SW`>R&ATv*pM9S6E1BQN*?b3+?(eC
zR3jyKSgo-u2ViI6d?67_xI>@ATB~-_Vg+Q}A5H=By3N@?r{3Rk9AHjYYTN7Cd~9(}
z%t7L6uZtU+>pOE4Ef_ve|G8CtEl9DT-={|e^hN92vW&Ov)=TUjZgUP<DZr(xBn^Dz
z+tVKIKD78oTw0W*G1QrQV!wJK*d|-YRqfLq3JTL#epN$OVmJc4P|7H-hlhhdecN9m
z9bY*7Ovo!UHSj=)<#W}VX~}eb(}i|P9gPak(SZ=#2!(5Q0re}s7y=xuP!Pr#Lzm~2
zheK80_s`HNxA!a${QO5J<~u}Yo7X_xBQa^pT)S0g$>Aa52W8*zJ80ZUqOfSHVyC`R
zY0&vWr~MDwDz5avg@Twq6NZ__G4!zMsN-H2r9Uyk+rt{0yY1%-c2KI3p8yuv?>MD%
zHxUAM)pBrA1Ldqc5H~ew)vTrem#<BGD_ILbRw$}+tbr>0K;YPchaBe8=wY-=3Xs6y
z3gOV<A8#I;>vf%0(qteAc}D3)2a{;oUW7?8KF&*#lLQBHY$$|U4p&1mdMJGmcR2l5
zM$uOnnjNv5Q;oR%`rKDLHR=q%GTzp{%9G`tJ?`0AO~nuk{L*Y*baok#)yGrXA(9qv
zy=a=l6Q+JOJQq@ma}7M{`!eb~Kz!7yR(PMQ9aPy*WGf~(g_r5)Ia_F~mv0?jdhsne
z+0UUj1drgfDnz7k&vX-8rg4TcCvresrj#zEA6A6&T*9%vHX!B&fzzmq$vX0Cj5env
zcAxf)EnqBhDSgMrF*{W=TzZ_RwP+#g(!0yE)GIq+&oR=$b{PX6aIJ<)UzYIxial%+
z4Jh0cp2p}Y)$Gl|B2J8~HWl(Qc(fl(kv~|btDWd&^g|C+&{aZr3jGje*vIqQ^iir9
znLh!IOC^9`BG$8=9#k)2!P$#>t}=~n0CPrr`x-6Ap0qoE7r@Og?P-JcC0|O=G<0KP
zIEb2g$noI=u6BX+)!tl!L8PB6-~A_wCn6ol<EwWQYSZZr&-1YrCuue|pn<6t?D%mP
z!pqhLOh}?h><g`1yrZy&%^E9E0~o?k*<egPu)nD{3o)Fs1V{sIPwTD=ohsI~oO5z-
ziy`82;Y?r4nUF+8YnB-cla=;|n$eYk!vxR1O4W6h@r089kc@Vm9f?6}?$8?6Un7w?
z=v6XWPaf=*C(}%_a+YG3->K^l=)0n#!Lk!_TvTY~??U>#2!?^N0TaBb?r9x^y8XEd
zBah%z%^U%z7;le<{fdzlq{I|$0{Z(|Tw8Ig_S^OghX&c_LZ1*@gY^T>w!2rOHM_b`
z9wQydmwJBOc>|agr}6`yR8*|R)xfFT;tool>*rsb$|f8g4LOm6fw#*@?^?p^jxMd#
zCs%4J`RaRBR6IrYELob$xsApICXbjk*Qlqvt{lSO_&+3N`9wyPWU*6~zw*1_w`n31
z(<56VDMq5ueA3+kU1Z>WAm{B=>)4l*cTdl<v#KzgD|?kNY<c8j)Yf!9NCwYL$=3vW
z6tO<kwF<{lLj__z6B$yaN9a7bm9x%&jwj4m<%M-<13<-~Ld_C!s8A5@bSavx4nJjJ
z0<BYSWK1~GHBChW_DR?DbG7cA?3b~1Kb%;$Yee`Y$4-y7dLJ7<>iyOk!}dyqk*(@*
z-V_5*GjOM5#HNMB^2(*$79W%`CQ(qF_udR&fUc@PaLc098}>>HXG1{GIEm6gCK}v2
zO1CWbDM`!hv5clb-kgwM^fR}T*P(XCChE~p*^mQHdPk~oSk<zz7_(%%MODIRM|RR_
z5_icfBX@vlC00pvFUdeX>a$DyKJVNCq)Sn;_1xNb2a<oNk(GCrlcM31v?(Z9<vEQ?
zabM#EaAY+T)AmE8%vs?!y)*?&I^YpkBiN9Fp!+^qTpHxX`$sn|rE=_mlhb|}bIwA?
zt1~G9kWARJsgn}UgxptfAI*aqfE;RyxA}1>jSG=r17)_Z>7YhI)gBX)<`4;6S0%a)
z0cnY{p&e10NZ6jQl{+$~xt8qoc+#5WV*_V_<*s3momUO;sIsiZg?o;=7#5~>tUyZ1
zx~HkB>_v%5xwqKKy>P=1r6YFgloN|sjaS6jRf}6k0&#^44JCXh`nZqTZ5{DYO@5ox
zN1#7y7YaWpnp)p+9%nR_9s0!ed?pu0Nk`7H8dv?fT|?<G;x`dZjJNJ@D!ldQYPw%Z
zzzTlRf(a$A6hCr&M)4zdOQE_3=CfZgI&5DD*OrHCKrAD#qwNv7YS{x~_z2u@^Zu+F
zjbHZ{IuOPka7lTO%4PSuBqk+HlX#}+aUB9#Dly*v6N1Mr#5)#wt+K&8s26kGC**gK
z^_4FmoNu>Rlwf!!P*wdYR<T1d*$It?NDc_d9a34RIV%r_8!hL5=#8Cj9)loyg{86Q
z*R~`*vD-f^we5k>Y{wn*9T<>M#EdV3c}KR-6qI7OQ=Wj@=D~^<3$`tpdl_)0!NBE5
zS>7<x)P;E*L5c;vUa>KHZAX@1@Tgx1a{eP0%@CUJz7-I0eUdI3ogb4kCKrMJwZ%}E
zLFIBJ@7skn!O$3KeCaogAt4wMT^VoY<fjIe;u%WmZ+uc1^thL_iV4nRJs4l3OP~b)
zsXufTt~n7uWiH#tdy&Oc_h#Uy9vhHiqjyri&6C}H<hewSOu(dB8-P`<k`$U5g)s)I
zV0l@4WhRlRRVxQ5zG-MmKspcrj*SF-Cg|ezB=p!p<jQR304SdMO;12W8p?pC#}9iq
zCynhAd#LeK8cW%bVqNDrUv|JaD<r!eVq`MLvtl(bKKG15pqXpSWFj&G5c&5k)1(-u
ztW>H%!4VPRq1?SZRf2^$ts0&;p<n*7q?%GqLv`?4DTvAVR^L}9u=_feIWtfA!yfRW
ztwWWQlOqE2RZvqp(#9CZhTRZs^N`pNlS6RR<*Bm$TYHz{H7N6ilNLNffwW1dwN_i-
zv%28nsQ?ZYy(0D7+W5WUR>y>1F}<2nXrL<FAtmwZsKyO3krTdazHvSf7dt7Zua#*?
zpE>$euCo-tn0iwij<WEFwPU0e8T|BnAG|#on=H)HSRR{kDm5Vnh|=D=<Wq0J+;hE<
zdKT|~`HD1M4<jR=1)y3`T{M!X6+rfuKSg2|1VfP)L-Rya@T7wj4~Rp_T~0I&In7=+
zE)t~H?tdf)V&N8aHqCW7XDw^KTp10?hVV*%z*|%zSD5)R_FC#gmNNTf=|12sbrEok
z89V+YN_?LQqbM#C)>=q^cyme@_=|}MNa4dZv!0?BE!&e1TaAti7^i)JRlMBMBCH}_
zcYbokM?vjLp7J7yRr$b!F+(7IrU@$n0As0N1V637dGS9`EPeZMlSY5N{Jc11zJNUZ
z=sh|IC3%QQPP>75qWq1hzlyr>U?%RTvY$?W$W~Q4B>2KFX8-8uX#etbEoWDnek>0!
zeUgk`V9Z~2b6c>|wkrVy1PZ^DTRNs_be{z>gA@ZP3+N($$UL0@)xV;;I&*3_X{&fp
z;^K=mg91csMA3dB<W@p<&#84GK#T1rK%@!RWBP}~w0=Uim8F^@M~x)Xm|esCz@a6$
zfzCx`L}rqoqS}_X$k3(Rik6)eW<{5n>sT`sHIt^MXK-4nLfu)(y&ku!1ln|2eoS5M
z6l=P(^_@IcqWM#s!S&(V%m!fSH^Z7|bQ<2lTQ|b;8X;k@0r6oq`sY_Z_7ecqoc#Kj
zipfkiacs^}AR_lvra^8~6Fq2fLBxMVaNXVPgOxzD-UCDCZULIMVHBc%EzVfe&a8wn
zCVz#FpBA>#>$40$uaLQ~oiEv&jJ2f)yM4&c7l-x2+ah==>?hO}jC*CDC}yaUOP)yP
z#?z{-<M^t5E9~$XxR5KJ4yA~9cWE2bfk+^-Zf;m053b3|;HV!qOj8aC!EvVPq^zv0
zF{116gG#SUj(`1JU@{B@P!Lu3^>)Nv<SQutU*zfb*z3ZWD7n!8^-~0A!t-2AhdUTG
zVE~{kE%<njo+EhspGAtxkvfC|j~)<d+dQI({}+J*HDmCVClj6BbEyb>$X9zyVdDuk
zz-t~}oF8gDI{w3~UZ%`gRX+Xe@R@$Ntx}7!@@HS|{N)Hn{_g!r_sHu1`GumXdUtPx
zDzt{B3E(5P@Urs_jflSqNF5I^O&)tex>x-Fg0x?(=jQ*U=4eXXo0_}90%C*jj;uoC
z_q;*^tR8pew7CO~2>ATQ-4E|epdO0x>l+1a_j?f%G9hN=x6K3mfE(<769DpN&)k4-
z=Fw&~{;<7G>SY4%XM1D7x32C=f9f^J>-N-|{+^FTn14H$+)(Lt7=L>;_UZ32^8u4{
z4PI{M)PFW)nU-sAXYC>Zy#Oyw1cRwqe_3MyC9bsD0qnK#a@rI&*HE7G_^(`f=KYAg
zOhz!=|I)}0Juj2JrhE_n2u6Evd+PM$Kj}WE|NQq<pi3?g=KiwBUsQr#{DqP)=L52@
zkN)jDo)nR<ivM+ifQR3|Vh1vB-q#D%0;E@GeH3~R)y?yt0of{1|L#0(_H)9w{aZt{
zq@<*ee=%wPvzu%De=CosQGoSd*Z(UGKKQp??#eXc#GldCH1l8GeSy@vg8zF(w|EU}
z`ah)h{B!uHUCNSE8t*&A2JH&)Y}))u<Z@rrS&F|I6Xyxf&Pu~9Ki~Y3U*h2Zh;pgY
zdhdU3v;996PxAk-NzSCdi)H@SSK#UdQSINR1MT~-v7TrD{7Yg}@_Kmv&sjwLo?rj%
zr};~czt2=t;-Fdie|I{&p1Zwvdgk-@`iM6@0%wf>?Kdf3;C*;=d$L3MHk4Lw{%rR&
zm)wONHxn&M%l*5`QZa_RIo*I>Jz4Mu`FAd1Qs1^SVx}+eKFU!(qfk*Js#9b4mHCQ=
z*P1fu_wmWAQT}|A+7M=BUqjNgc-t*$*Ed+&EVI8Td16}?#@*bq3wK~%3O&VX9<jR}
ztvd|$uE#aCxffZwp2zU{Ajzg5{f?9OL~8lI2Y=%BzLXo>Ra}nA_6_iR9z|*!KAPr(
zn9ACpp58&1yzlNep-_H>&kx=lRSrM^9>N~t!rhUG6n6uz?)@3OyPSpCh~42!z^fF=
z`_lr5#sA#&gK}D`8{gd{%fsp`bvK&5Uffs6X4>)YqTlTMKirM%v(H<1mq+;xe>$4b
zWLy2GHsyhT5!O+l_nZDS=H|~0=aKGOV$I1MYJPWZB2L@;##!SmRKN$XH=0t^|GjGN
zr?2<*Aj($Yg^x{Vp%Aijctg&-?~e@0K7k9$8+(*$<i4u&g?HDYOq~P`-w6a!>2Hm+
z?jDS@ulKTj!a4w)i7-oiHw`+sa8`~B!8Z&(#P}oarz;ikLF&z@1fd$g3kcx%-?_U+
z6JqEhF0iYK=w9fQop(2Huvz>g{V&KdcPAv-gihXx10(wWFaCX-b-&*|C3SiQ<oEsY
z0p;m^Pk*>;=vm9lyDKIkQQtj=?s}HucRhIK6Kf2wr8TG7-SJ`fJ=E~06~Dvpue*?7
z+rNEG1wV2t_+C`#_b2@6(j=QdBa0I~E%#5i^O4+(f()WxdphTJTOA6Qc@t{FCbfH`
z&BE_PLipV4O(1_?MV~2l_#1<txtHgzZv;^eMd7+l()_*H1nzrWfHVA6IebO1*S0-X
zdFqNZ(9;!339?wy8mP2{AAcjj>3X!TgSG&z1?}pD(TCu{?wZKRbO;}f^G}tT`>X2-
z;o%_Oi8;)ou1IrI)eZ^_F;Z)iAw+Fqm709<jFd@Y1KsBqcD9H-mCiKypwgwrerw<(
z@IN<;iqbmHD+`zTT~=FQsmzmp)%)>0b>qO*UZ`v0;BRd$CNgaE+`ik<ve3z>H$1gO
z38l~H%Ts;DoSUO#w+n@~1^g};rzwRh0B);uXwCxgPhuoQXdFzWQ6P;H<S)*Z+$Rlo
zQ1kdytPpF-OFvU1;N+>6ekCv8zUntMRp}5VAs5uy*$b<aHVV|w%g909bU5a`9lJWx
zI6CWG9NvU#=U-aBsk|hx#sg{<QC+6R%QISMVX0@)u+e3+4+|K>9LH*(jXF(r9LHMa
zuRofFBvnG{b|&KIRv$a0=2EY1S*g;l3}+#eDs=h_4;{CDGGyoBRnC=$;7=!Syf%(G
z9N!J=Lko&p%~Vw}D|VUb>@_pZ9g^otPK-Jq9<>1)U_fE4LYp!3bq5gLT69?5wd{)8
z(Usm#L9Kwx>DivoQbxuS>C4B^u$%ovsD7;*qU+oJlhXBSW(}aqM`p(d>+>roZCTH1
z*O&UQR$>OgXaV{3!67<21&l;>=-2V^Mgjiv_NCs8nGhG_+?=G{X(i4d4E}&%&bKTw
zSZEcx4F!1S@KR&!HWa@Z)YK;o7-fdhsTieA+n=W`c85P}QRq&jkp{M8lt<d}$6NI;
zaFAYYNV{^Q?t=*TmaZBZh)j`F&;}aZsw%Oc0o7`B>}!~-<~&QjEt*Yov@We+qWrcP
zpdsnu;X$>N%4G~VM~&v%YG&6wlGXAt2OKQr8C`QkE{>0Bj!VLar;h@q#kst$Z+gwB
zX@^z1XT<A+ERs7I0Xe7NxV?`Lkqctso?||*x8-o#+5eWIY8B$8_9EO|6<H`PZ}&z`
zc)5~eglHNY9oHl6Ag{%?XS_6|9LC0kW<Lb0?JN=K4e@ec-&PGAk5)}BUpBg!^gzeu
zVpYeRBMP&0A%|LSIss4Do`Y{c7Pyc;*br4#bii7=)x{xPRJJ~vt&!Es<=FT6?DyV`
zmBp?p{VyR$ZUrkFg4>neyL6X@x%Ga#$6J@bv|MXmFy<S!Yvvl`6(7rWuNW9z*Yx%V
z^F}P>DDYY7##*J1Q!bj+<y_SdeN1&Ln>AY658MhP8rNSmK)G0eW^@UKEXMkg>Pp|9
z4$w-0d)jBVs>2SgUnjvP?2o#^d}>;*#wx=6)v*muhvl*hjti4N1dpgL4BrVa2W`yN
zmDC*d?@@A$j2FHVo%81aRldD(RUupxh&s;z`BrXY0lhSZ&wc(3cUz5@j5O=nrVuHM
zLq(NmMFmx?Vp!=aWnm#$j)Cs#W($fz8euYBQ?Tj@gPyK6b6>uKo~jztDwfKBommhZ
z*3fh3Te~^e;>K7T5Qr&01a~i|WnyZW>7^cviHc5|8FZg-Y1y>_BW-wT!hB^3&3*~3
z!t!*u7vE1r7`2X<z05-@)|m%2Ka3z5H?HxxYZF@W$UQ6nN{aQ?!Cg%_w4Q~;i&JT8
zIxMX7%K-Zuw~x1@;Lw;D&%~SgXXxl$!#zR3B=|1x7wUpjm@=!7aga#3X#M3%574L{
z#I*>>E~)&%wRL>ZqR5+Ak1)+`t?Uuj7`p?9!-g0E8p2pyw<CFV7_*bRM4q_Rb+EMY
za9b>7cyu%>>Tv2*lQCZ|*{nKWS(pOLjcC4Dm7>t&YN&lb=V3j#bew(1Xn?*awyS&i
zCfmpej0h;0^NHoC=#DcX&G@9YT+$r@#=^_}ZN&!$`xYbC2<Ff1Wqh11U&gnBpPE0@
zx4zjiJXg~3JfB~NtVMcr<Qj1dxlx01i&zpR)+80;XhRc|<6O6g4D@wQ0P*QL8W|WE
zmG8UXKo}AWrHx^%-ISCr)*7{A`aLEU$#yq;=d3Iqg&jH5mHU1J?83s`jUM0YQY-d!
z(b5oCG8T^}!^e}lrrGerRDDI)I!-IC;qUW$Ty9M*U3h75xEMZg6<jDwV8{mp<y2?p
zr5wz2|0Fa7m;nPL5k*jCWxM0Gjep)c{bt(Aan6k5QGP+4ZfI+}cw@XKC6FkkD^R9^
zhlQI|Z$q2d*I~%8;?B-W-<2Dqz~GVl0@CadOP4t%%+eKiHepq=OWLy3n18ipbu#_K
zm4nQf!Z<!|%j@_|YNSg_Rr56`zt`&f)#)Fm;o(DMUAjaR%kN#UgwUZzvZtckwRLX~
ztsAF-WJ#}i_z&aHd(TSBEa9!GEjhVd_|k|^@OqQ!9~tW%t=9=v;niiYWw?Mj$f<fm
zaNGp7dsVcAg49;>roXMZIlx$pw^Vs%I6OT0hve<hCSHctNwoNThBpi(^lPQDV%REZ
z+F+5L<PNsCeb}jEsTX$qJf|ZH9^0X%a!xw4CGZvB4Qv_+Y+N5otJTbsmx+9yQCU!I
zn(SEO_`9>8!^0IOrMf#)3p!ZtB8b19nM<B9JlhG=y*fmk+sC@S*6nxa(3G<Rypi+Z
z?vby%wLngEBG>+S2^h2c?fH7wtZ~wQ?`(UO@C0zDS#I0%v*&ApF72*$EAUm9H(#dY
zy?!aEoa{OaS9m_6P1k~~!G1-?O3QAVaJ|BNH(94}_li(aIq+VC*@E4vY6vI6xi~}h
zgz&|PH{rzKAMJt!>A@e}vK{BoKmGT+oJpSx{n^rcudt+n!D07G-NSpWH-s4JXuXpe
zeW-mV{$-`DLKZ#9QIcO3T^=)}^_j48NMK+#cN!i}B(gLO@cjTL(GdUgU;aOdKZFlz
z;A^azReCDx2Q#NG<_9HdP>xkIl|hO$3Vii&G|USkn{X%>VdmV9{akCQ`ywq4Lquy@
z*JC9^sjD$cx9atb<0gy3tz5SK>i8O)!Dgei7`E)I3FRtyn?c#>pOtbMA=r<Go;j3z
z=KJRk0Y868K7Rkg5`6M|DMZt}g{e$$n@!U^gWU%E8nb>b*DMW`dy_V~)PAO|PanWv
zBwQ-ngYV`onw)80cw(EKEqP6k5-hKbuc3^KgX6qltut}@#iytSbNl(2dKv}hqg=BB
zg7w|GTouKfQ8eAFU%8&=Spt?;Ry&u?4a7_y9@k!1$pSa$c>=fVVy2WkJ&d>GkD8w`
zHk>VYt-{OL*y?JuBLj@RjD5eW>?ZPTZ%K8bl^g$OQ$Xpj?cH6p&-3w=bHY3#`k)W;
z%IGMT%EG~TY<NG3k)%I9NTVSYg=7c#lJw{JD`G;J%Eq8dAD=uq$+-AjgvSqcFDWly
z5l&E~?Ek6s;*spAFQn1^u)LIgvQnf~oi^9!sn+&mv#YK#fyRruu7Pr=t@28xfRneB
z<*E}kimixdmVHe)0lM-9@2_oC*xH5VHa#@V)9SmqH}gZB978&m64cBSIWdd-p@U<t
zOu4z`d|95n6rjlotC6P#JeG?`N&@8Mgu>P(L31X?(na9LMz4>=lh<sXZi{KWJ0CPJ
zEaoJa3M}2<^o4C+zfBb8VKXr$i<|bYptl-gX|M{x(=>zHta;U1l{tP$<QSij0=dLD
zF)Uecapscld#>c;l#k)*C-|3_6BOWSg!C6tWYF}RF21ssd6EA4T?qPGzT-ai7@LRY
z+eymC*Kvemh~5PRuAf?p@O(WUKD@qu*#5p)j1~dmA6g0F_ewZx`MKz8g68JN;`ko>
zkba9HpM8jKgWcH4F;GrL5Cfk|J0P>Qe}(LAS~ob20oxu^AX!qSLd@9mRkYuRYw`X_
zXs0}C1?e7+Yi<Wq9*@-e9|5PL9pST$X(*$7Cgu(iOPk5H`Ud$R9L&sMTQ};8ff;`G
z^;fEfz~GeA@8yM296k5v?5;s#vu6Wb1>5fnj6+@LEIYCtG`_3NI`l)@hcBqv3FQwE
ztb>B%!d%A<ooAekl~Gzg2rJ~gOW$`s>@srr9n6oK21_WNdM%>OJ`bDo+s`T}XFRRI
zFg`Rlbs?E)C$bcZxYX3F9M+RtAC?LWDyNS#x5$<{?HVzwtS7CmlDd_n#Py_Tc!Yrx
r*KZc0D8Fs4n2He;Bug+hdHax6vh5mQB1#&VNf0DNWQ7X_KYspya{0sU

diff --git a/assets/img-02.png b/assets/img-02.png
new file mode 100644
index 0000000000000000000000000000000000000000..45072577f8d191e03d2f3cbf2d9069c202aa4201
GIT binary patch
literal 61561
zcmYgY1yodB*Tw)8q(r*AyIYiymhO`7mJU&R5a}F{M!KX+x)Fx%9=e+W{)^)K{dX-E
z_udn8VxJw)vu8ry%S)ml;UmGp!J$aK6H|hNgExkQdxHAxG4KZaeZnH}@45XuO(!@w
z)b{(oN3jg31i(uSXK@W@Wjj-6S3^e=IAvQ4dqXE@6J4CaIXE~{I4Lnv6}Oa~IepM-
zH<;#3pS7Ugtj<&Y8ajB8b}Y=uZpE36zq^$sRFH_ga9cYTs##axzLx>ZL4dV*)%UyS
z<uW`%$blKWS~N|)iQ@En-Nz#F2r<h>^(D7G8bUEIuXeestEH8^I5T#WKpO%mHm5E-
zar1|CAjt)b{|ojWn6jpC6Un2bVp;ZEws)paKV$4PF2L|Ra4E>;Q=A6zAh?+Z__8I%
zyil?B)^OfzT!nL^7~8jp&3HzPSBMxEvJ~Xlw=C0iFxMK3i#x$f9t)Jg%fL=%mgb9q
zTm|3ViQDn$>V>8T*c-^CS(<mgMK~fFiJqRG{AUBBl}C_D(gdHgDKk6aJHcoEf#U`s
zH}nI8D}&5*wj}wICbwfew44ZHVYlrf$#99c5d0VkIl)099FCq5K{mNe#?(C$v*eDB
zmaHT6r;pe=agoFLpZSwM<AtKg8G#}@gK=pFLwMQ9JA-Yk1r0zB@`BHpo88)gPc~Zl
z6?k@KR>IQkmdO_Wc+kBC*GNpXg%3(VKoBwS5yp159>x=|4hhUTBsFMH$g#kOBuIdO
zu5*5^tx?fr9I#5dn{6VB2|nY+fO4YvZ*m$WjZd1JYkkH%B&DzN!=&Lxd7NW`Mk4HS
zaex8g{D4o<S&0z#l@Ib|rPu-=Di|z7`plnIevr?oJwZYYvgz#M(h-u-84URxgvM3$
z3)k~{x0+bQ2iCDRwyj>`b6b(dAvZH=&WTST#tGJge`F>GG3X5`&iQphU(-+r+o>4J
zfo!$~5i}q5HG8?Z@PXw&TcF!_N@e=Vg*c43Id-?djmMVqDCEO1!e=8Vj>9w)!#Bdu
zEGUrabbCu7M-h&p*z%clQF-vma!N2fu<;?7z}i{hBR?MGW9tkqV-=JD1;al=%TXSz
z%_$2)BWbwV7;Xc`+6gQQ15X&5(yJ8v(dAM0&dIScDu=4FGEq=*F(5Sr;o*n`;XHQ2
zX$ZeQBcc&o3qEsW1<QxfK6{*TQYmNUsKq^!rUaq{BlqrNtsZ}Mx|CstMOPRHm9~m4
zaY%@XYK)`=(e&ZO$EP*BA9vvB%YOC?4z_T3r^DOBmwnnqNwkR?9*9l-#z-qOor^OZ
z6JE6C^Y>wMb9@T<c3vY8FMNumi*UY(<1ev0lU9<WQ_4YZGqDtmu#(@v?lG4XGqbP|
zgd<=C#O4oA0t@_juq`?X(*oa$6CWi<d;*W0Se8p}#@yN*B|O;Q!k(+KAqhc|ja?!I
zQSpXSVpxihxIJ$xa3aXy>ZAuEk$HHWb^{6)@wwhbfZ!8oy|w!C+}b>;DxIy<zs4tb
zjI)W9wKL}zC%rB+sgDa+_%@3XW1ZRo={xz3(yuu|bkE#W@|QNnmjXB!dn^Vt9b;)m
zT9f4xwh!J}B;|1V8zd1P)5<BiVB~*s{zgmFK&;&IgxJ0_*aC!stN=COpEKvgRb&No
zbM9_!NgIutn=7OVdtaT<8Cmm#1Gz3MhJ>Ml=GNA%8AA&VWaM%X<`U+G26s$*`78{h
z6m$H8i}@bM=gV*QAeKZE0;xs*DQ-Pe^fBQHF4!cstL4MLIg5r9<V!LN_{HOSsoN8G
z21fMZdrCg>E~O|NhPrvFlU-&|WvK{zFy;phs~@5S>&vf%wrXe;@g9;sOUTKVddaRJ
zi;PU#5RYj@5Z>7-K~X&7WdvNAzxbN#8dBs-fTNCXTWEogsc>{~i*d(N2Oo&zlu=Mn
zz@zWQ)>t=!A1(=;DYt_~K$c`7yimv{XTLC-f5E0o7#h71V?zgroY62!8W(;z>->Qv
zB2@5MhOc?j_;391z)oBTc{Fa~_c5M>%bw3L<T43#9r=wFLiz(38a^v~a8@8v^Ov=)
zzLaxEC;ob1-{lhZT=M;uMGjZx0itZnXI6fuCNGO{1fa_tl%ipCPGR5U%k2q~`i2H+
zpW9#_iowrW#;s1xKndsWZuPt+C%#l|2VaP7EyPbDR~>Y(3#_d<gK;r^MU1m~ybdSC
zbn4xewsFfgov#jt+lEB$V7VeUJy5%OK=R13pF&pE^U2MBXsq}?btsJ)Ez8KF6Nwl+
zT;-K$9?uc=Vvu4X`S5yaGb7+s$0$Xa6^tO-qB@ayaJLNM5e4B!_~<xVB!4)H)$IRi
z4~{G*Kink;X<t;w@YV{_))q?AWgqAf+7pAPmvq^mC1Br#t_wa36Sp!?%7KS$>>&I5
z(H3ek23O%Q2Pz(iD0*owr|_b=eN!Qe!$yIMjsC6#_U@VgMllwRYC|#gMC$6BnE8<C
zLiSEv_(v0*;mc=87>&Sb1r&a2CyuUsK&RgA7J+x-t(UykJA$Q4eCl@>?(LkrM`3*|
z%q+POx(Jry6v<qf%6faLcV9K8^I}k$(d=pfWjs7oaq>M>q`h^kCxlZ1<WyIe1Q-uJ
zUA+!>B`BkUk=9ufE)N@If#c}(eG`G0B$x2-<(sgPLdB}Uz%f}x=KMR>55sn5%b>^{
zww!?YWta<pxu}@$t?w<#7Rw{RI0M&W>gAQ4k81LiF5=%8aOa3Ly%7ZuPkx>#VEBgu
z(!~wNhg-PBIIuh6!^0liU~QakO!}nnnf@IQ)g9Wyd)Lou*(Hl<?sw-Tw}-wTV8bNd
z1=lpb=lgeUb}o0TcD|la?Ku&Pn|Tr+;C=If_U_%$>d-B0wOQZW@?m%eYm=V(H(P0U
zQ)#i*Y-_OQn~f5mI}w;G^XJ6@PB#t|K((gn%8Aq``FOaWUXGpIU2f7uaGo9b-q74_
zklaD6WO!O!oIG}q8>4-k<~IKhO{1v9`&2006ou*HPT2c642|b8@zY1}kJ1pl@Sj3R
zpShu<ry;<$EUy^sntzUd;S(Bn%JMA)L5z0O6~t~!iEfbh9{EmwwTy!pxeL+UiFbWO
zWZI0@@jeW)86~^_2*2ys!yt4WCuyIPOp-N`yWt3*%6HP78F&JB+v;hz;ngHJtIJ~w
zdiq{RS7S6Kdb$lBr(0tM>LvQkKBrg9rv+hQ3aO<Ad#`5MEs&M0v8dCKNb;*rf^2F<
zwTQbwzeCSrtKSExnRFqsVH@YZ0rj>(7S$G(ZO`;=i7JDHBiWYmFr$Ny^krq|j<OV3
z`~OUPk+`pl^20<5h~)MlXlS|_yvcF_4D6)vW<~_Iga$=bOP(4!umfC@cw!+p*a;4?
zi2KzUL?5{A(N;)nIz8FU>{1{Wa=$t_RNnoS$#REyw>L{yLzi?Dop%UDn-NEG&vh-u
z`iVm`^I5GXR>ay>zRlG5D&0}$XmGaj7azNd;^;G`Y6>H3+4cV4`8yg^5+)z>+w)$`
zZvI4=iN0uqChqx1eP%z_{%Lx*wl};40=Ms>yBmu-?sV+6jkgSdgj-%e`7;-dA0@sw
z+a#$l<g#Yc9lDEyRei6UZT&O>4V&?n$5-1!^MX^87n=p@B8_gR5Cvu*$HT4VXmy+t
zJzvMetFeNK620atK!xdlI5)l#H;NII<*uU!r(TQQ9!6U21(6VV#@R-I{h307%{?nl
zESv{^KOMMz4)q!Z6KMqyF?8hh%4g%MeiAU!u0Cr;MKl`9$Xto7E>FI}bO{P?Pg#}3
zc8g1W8hJ({kwz_GaPU`}br8#%4d{g6+Y>vbJ&~CKTh8o$a28EtC*poI4*UaFcB3ac
zD1xN<boH>UO94NE*n2a+>BP$SSY5?aKxmwpf4D;ZkjZ}S;A+|7^2qsd595>2qE)|k
z=)g#Y8QI8Jxe)~Uh@S||Q{cq5v#yVmN@s&Q6$I6M$;mUdfiC4#m(W~eS7{Dyib^EY
zKs9kgQ2x$ncp0nxdA|(LOSDi9Ynov`p-zv+{2<wPweRUvqcJHDs}O8c-Z~hIS}m?0
zt)Zo*?P}H8+JvhM4k7&6iPsV%`lVk|A7}X0s5Nyod*4j42zgv|a9(V76f`%vokjzq
z%*^a_wKYbAQ^LZm=X-RuY$nn;SyR{Gc2h?R=W73&g%64e*<<D23q&)pu*a<)Sti>~
zIezXkDz{<kyWqS+GcY*$HBBcBwnWwlN`spLN3AD8jEJPuu+5sdBxWm|*=e%T0&WcJ
zjgq4yF{%<|o@s{;r3-CWW?D{-KewsEOIJn8pp+2*xYa?6Fh4yqm#6j3iPyekH|z6<
z69wuVZ`PBZO&574JI;LP?jt&!uZ@CuqDKLOR-bsyM2qKn8^@<^&4Yr?%|?k<cK^tq
zAC_VEIJi#0e`tsCVxmOkCR>s~9kN)It1$0zv^u<!i<T<resOWXiQL2@^KRFNpR4Du
z&hOS2F4pv69sY36+a}FYOXkOJG44kVQ+P9n=VDZu;~^m1S?xv8?m>@>DR!f&?`ZCU
zyTg%zh7{o*aZZ8rHcZF+wsb&CvR>~b%E!s6-W=K=N1lH7HZ()tyaI~B_^fC-CWz~U
zY`L;fr}g5%t<+>@JFdWFxvY1AY67bf=M-_J22>?aNLtk?2_-cGbTo$E>f4phFZ8i=
zEn9L5cQ@_lZ~Z^JT8h*#TBlsi-7|xjc!|7@`P3`ZE6n%!3Zj44K@<PzuBSjf9<n&#
zeC3Yr<$&eogXJX*_VK{;y1g1J5xE^pYx4N{j{m8+oS4xNznjm_{_jsVdlA8{xlNg?
zp1zZ|DBVZAc2OeM)q`;{#C&ni8ve6aB0}dq<}U*j#;fZGTA9owmQ>N0lDWCW%?IcO
zia8}*ma={c2vyC2i6F9LFH-<@GqkxT#XSsYcJrM#S9U<JM7th|Y$%<<$`NJrSqAtr
ze`eyB-P5m(eul$%!u~jot9)^J0Ly46%umDv=C-oiMPMf~<+dGiHa;^wV`pV2G(PWP
zwKAMp)O@;+6~Rbr;w-10a5m3J_<K+OSM>7wATtpWF|i^){p(e5?I9`r-NifHHsVID
zR3CHa0pl8h%eK!WhR^VB4@gBQ7ba!&3P_>$=+y6PsV;r^58rf+t0op<Xu<dX&d+<5
zNiU%KAqA@jvYirm-BY33P2iR)UMr4ic^uTZRJ#?nJ78*R{YkK#R9<S^IxWqbnA!=i
zeWr5gJXF8%uR76)f`I}rPcgQZ#Z18PfHUSX`8zl-y-dOPtYXObwt^?^78a)9>vOr8
ztDffFDRLLnbg^^V(ZOQrH6IDz8LUtRLBN%hp69bWJFm8>&*S+uSwV}maXIyoUG=8#
z0&?<}U82X{^(^J%aS0ix>qnPUYxnuY<o=B=+%W2Ht22GATp~W?EvC&2_ml}`hHF;-
z9<#OI^nhIw|B0(Q^#eVV|G?S5_j8fgR2HJiWZ1k&Fsj`Uoq+M$j{J7v%tDN*G9~%l
zMR1jt>N;cayhbq338T>bde*`VL~aA)KXYuEYe&*?VsAPOw_8QT_;LfkaM8)LjuKn3
za1p+60TH=TUW>omqA9scJhvk;pKc4xVe90>IP?qVUHHvOUYCS$x37P<+I-Pw_i|X|
za_A1?dlGTC*|3>M>BT{4HT+9StOWlgc}W}N=ozN6moMq%bjqpPCv@sRlG9>y8tb~i
zw9SZq>3iyXvsH5I*n@C4=gXyGWA^D@cFzvKWB;iMXAoO8e{%$Sj*3Zg2e>!-?k3(y
z&Bp=@S`tyCt&;WY#%I=_{?>#mMVD8Vd}s#O;$3>W#xkUV@^?q!;Pzti3dkO6wg`P0
zyoXorFLVdze{KAp{?8*5HT&1_8LvfB=Q#Ktpt-+l=y=<@|26(*A%?5@_dOgOU3hxQ
zzx$_d|9vneK2(+am<fEE;?Dw3wY^+U>qur+q{h$f%2Mf;0t$N6z+z?Zy=2t0<Qjt@
z+TPRBnBVSVVrx>f;?(Ij7XxR0R6Km%n7Np$2XfLA*Ed8iPx|qEE3d)Su~om92N7zA
zi?!p*L-YeUZZ|qoBe_ikxV<lY7$9Hdq9nwI^xOp38{N1WYzm>TPG678Z!KMu<X9vR
zw{S~%y&*Eh{E;RhZIo2W2T9yS+?f18zw!)(p&%z)hRX+~cq?z#RMJ*`a*5^~)B08J
zBMrR(*|0_MI;F3UQ~ML9Y_?kizMy+N3h;PQFQzAaq6=cU>w{@+y**h{#do`E$oSY+
zs*-<mM^qi^3HEs<`ltt;w}L1JB(S|X**db4Ot}RP^-L_1Iov-C3wa*4zRCz&`KFYM
zy+_t5!j{d9w%@^_%Dv9Pme%NIC=8VMV~e^!5yZJ`r~L6MT1l5OU|I3&Ez?tIqgxzy
z313f4QK{<iCwUQ#O5DFYxaa3O?;hlH%rgdtPp>43`$oc?yUVD0%`@To-SQj5^mT=7
ze_n@8Qm>k8O2!mQGoD2<i@TtWOD8;Tyu8%=&~j{wp{mx3w1N0RUK2xiVb7)KzEFrd
z?ps6t4)D5^VUAir<LmWy&qKytp2#{5b|OqEB3gmpVbm}GE{eRn*)bT9J<jHe>tPLi
zRpzfdXp)nd7?F0~2a2O^m`U1u-=$XXE;7ybt3p@I8?SdVNha`NyC9qTwn@Z&kIdq7
zT><uBuk9yS^R7PMyD%TEZp4Xj*f>!|1j9%O1MG;s;+sS)HTkzE4Z8w`ijSk3zX_UI
zi+GlqbuSR;MlZJyD1sWzgGDf=z!zL!PWJo1-;H0Bbh12&!O9%wg6Ld{@Lv7ik@%6C
zOW77r8s!snQ53Y^vbK=BPi=>}s{ht)A54vLDRN6I-M#Zf$d~+KS(7v$=7hNEIoovl
z>9_i#Hi_3O)Pr+h`;+-|1UVD*`7V+`rs{Vii=cTlyQbs$AQDfPmo}gVoT2^@0*Q-Z
z#Hk+SMBB?-w6DUI0!8*!erWUFWJ0X+A6aCzuarD*Rx$X3NSbkkM{ei4n8vRzJX4&6
z@xytcb8JS1&{b2NQ6>*)qcsOtazn~^{SYuwWl)2`h4?Hl3Em+Hem)E*l!volYLbjH
z8!`#(&lc0SE2Q;zhC0$k=OUo5AlsXS;LgUpV{&Y72A@~Rm}*|%IqC<TYW__y5ttz2
z!h+D1?PQ^=M^Wb7ey;ap;$0u#{W*IESL3`V-9ivK{9Q$(=G!)%1)!G4sOL&VYU8;c
zFaKQ17p8@SLr15@BV)lj0XIoYlFp*G<;v$A=L3-qXn8XzcQzpEoKg1ON#J-=P{^kK
zR&zxh7_X<~QDzWARj5ihPjoX?d#jo`Q{8lZdp#uzzbTRE%-vi;aE9IO4eyjy%4g4)
zme50hcqsFHPH~;qL;~B5BwELo3NguS-l*mGgU(1g#D9#T=(Omwzk+Q9@;)erhPEMs
zL}Br~gCgL%RJOSzGm(7oB}^wWBd<PPhNS6yuin^IqpM0_>9t2$_O>@{DQLgC6*_#>
z?a%t1J|fbJW++ql()&@Fi5B}$!(;IIYW1u3RXp9}wsSO&eOBI}{alLz@L;fq@u$*H
zc0|N<^JnjPda;d0wZH8$Bv1tSTp&o!rVW>gc-?s$ntaJ<^noc-r{b@`uQN&fIWc|$
zVn!97$S*r~nH;=@971a@<UW;4{_OEw``OMiE8=-hqy%C-XnnLp;-$i0ZeTjSF0D5m
zq~zLFj2E#`eX>CnPU+q`A7)ln<B@H*Ni>tvjy3^hkVxVxZ>c`nADKU&?^94GMHBfJ
zT6PJZGdn|E5F)pT3*b|lB&<1F4H+3h_b1WzfYtfW3kZ6YB$GguY#Lf-JD&X+oPAJ#
zLIo*48|z*mQ{^5nKJ$ATq)e+g;jvTUxHOTW^^;agIa!aYYoayY8#UgG#q0V_$)gMu
z!+L>a?sRcNXt~dk<LU%DyFRteY3f^Gm=XMi&<hdXjJbWzwN)-e=JSscQE}ee<`bCn
zaS0sY4?GdHNRxc93s1ucg`RGI7@4h)+4)ouNfayAI*hJgx;{i}DGiY4%7~3?hy3na
zTD+;qh6vVzm&^i@e?|;fJu}giqsPx?{hVGsGE6IE>Fqqs-}kZu+N)NgZ(wr0!B>&s
zpT|IYDeywq3yFxOh^8=89s6#!N4aP!-Y1o_@)(|wn)_>|CG0q>Vm16(Z&tB^vPDQc
z-XV+q_kdSJNaXb@CUxG~7x9tr{%)Z59(cfYQhmX59{?SOpu3iNz11h<T?;F<Qs`hk
zTk<d4i`rL90*5gmaSLtzBTA|snOT_gJnYrTz&px6U9?O$R@C+YmcQPNB&|q*>hDb8
z>?yq5kBN4VwjAer9$xtod>%%C!cMm*w&nkB5ggp?GtgvUj)f?C;s084uulKx+?CP4
z8mYtlXTBL692^ww5asb5nvwu+<<Heplm-7E8smpcQ)~e$62N;Xv{yElg|HSsJi&?K
zr&s^GfBL`s#Z<f(2muRhBf+fyyoeT|muIhHPH@aO7#<qbh_nm)XWTwU@&1Pbor{eK
z7-*`kV`AvN{Z~o9HPt_>nN)!y@Snrtcl~CEf_96=p!s&Y`8MA7GJYcV@0tO=i5d<L
z&d(~}vjICxG-5#=MazeN7P&__WgY%4&*R-K%ep<zhq4xw3>$0Caq!=u6X=AEH%|WP
zLt!E}Sg%L`<>ATxvpImT)<GT~;dl@z!h=f$u>M!PE&s1<mK21`kNoiTI>VtM;9tq}
zzzOt!@8dQZ?L7*iqmy%+WoN%jaIzaBM66{Lui8G&p;w49hCqx8S#^9TO;0QIl0~d5
zG&HS`34?URrqEMT(SKNeHm-=Bc-Wg7c}KHP3)Aeos8(n<r9X5St@kdA8hg&ZcTB(4
zw;spdNAFk)yf(&ML7OS$`o24`8r`aLlCs9dpZ!kl_cp7x;gV2pyx^H*E-zfBRo!Q(
zxXq<zkk|m;jPc%ia>a-bip#?S701qM{<c1o^!iXI*(Hpz8P^p{ZCdUP!F3qQ__gGa
zO|;B=(e8{G<XAsTB24ma?JznrlJk8y2J}xj?eN-=lER4Z@;u09oKFt2YeS^6#cY12
zz$=nC6;({un=T7Vp90+#nH#%Wle_-z^_g{QC0})9>-?nLlkmdKI(mwUaozZ7x6A0i
zc?+jFb)>*|(pqNH<EL5lsr=qaJ5cN~vcocpu{z+nrs=csQC}oP)tU21?3~_7V=N%~
z@H566neUBWO4}n%Pu1gfG&Ji*H>cbQ{F>H<2_>_?d$Y)2+TZQp@AW7E&3i?1{_+xD
zaIEEMb?T?(q`TE()SM!kXhanb_vWO7Q>Bm~OTT*KbNE?~k`qrud+)1PdZFYVwIZ{u
z;nnloDEV)?v4iQ;0#<RsWlTR;`@*{T2y3qPzScoINvZ^@Y~AzuOHcU!!cTA$AU5g<
z#>rV~L+($lx$O>4keR6kp(s-l^HT+BVmls=1$kNaqMb#zbQ3(Av<6So+vBWesW2;>
zO|g%;H5QhxlQqd%<9n~F%OX-qtlb@=6H<sV_3aYcOHOe(Xn;L1v6`uH&e$E$fe2}*
zI<SYls}^+l@<l|j6ryy-sEd_S>2m10JKn-Y(}VjB>p$tTO&s*kVdKXz#r!r?^d?%!
zc91|W)3=po23~nP*1-c*=D>p=D!hj!vV9hWSan3^%6=l0d-dh<z->?ai?pqROdR~V
z&eUw>6HA{|nflF{7q<s3)ajyfo#r2uY~upGEYFUW`P%oTV;Wwfi-evB?bd|78Ek|h
z`TKgU#tljw=y-Izwm(VviBQakF?}?l@!u{P>%S!>cjx|OWJu~QN!*!=`YN7aw>JGS
zG52hE66T=p=4Gwy`XMwutnDTZZ5GMtXlMvGKw+hAqr&J#JL18>z;2ZN7p9vPiujYF
zxL0x$l>9<z!>_r|80Un)B@N4$7|B5B^VnM&i=K1>@JOwXKkFA|GB~LH`|&?g<&=@4
z_uEBx?&y`mjk?Z%qbl>d59IpLrdEcxmz6)1(QQJ_MimemJmZ*sm_Y;a`f|8<Jt;Sb
z2{#*xm&cDno@`}Hn9g=u$8!4=JTr>u#O<#((9f}ZeL4Ml>EzjbBEc>RDziBiyw<F$
zJ@e1fwo8NxmPcQ<@jl8I#e1_@w7K@0GE<s)(Kr8k{i@mX^`RiVW<epxUrDyVaRkH9
zCl>7Qao!v&PtVU%lJn!_WF0#~AeUW|w#Df>Ex3oXpZ9g%a@f{Iyf}UQT%KiK&&|Y_
zuB3*5VlTGQ;(dhWD^XF=fPguW@{(rVoS{%q3i0;j^302jft`ZeqXgff5vhea3;q>*
z713!DC4SjYAVq5aTpU;NS6U|Ezy74(cBc~<-l3k$dt5I0Ci<oVy0rYH=(gupvw%n5
z^<Z#zq~|EB1zGLw`@v8gA@{-EXrk$+QHSj{JA4&X6EpRpujKZfRUVbVVj;KAUDFu)
zigv~2Akt3jQE3joHit<T;KsOM8Nb~uW5vivydB0zUsLFB{Fe*BQ2gI&u!G?bIrI-T
z&uh9+tMmfH&<M{bYx*STj1kSOmG_AJjImn!F*jj5H>ugt#S9a0!T3G3-j31hYm(S1
z`uxM2QaAU)o6}15q`>Ozd@UO@MX!t6DT5F$GVRwefHyNI#$_`sgnmOH&*L*nUQHxU
zA+|!HJth{d@Kxfcr65{SH1MpbUH;#JcS_x43`UFzJ6>~@oZnMCiE%SqwIQl(^TiC<
z9f!TOwV-QX&M_VJ@pgAyHc^Arb9V;2cD1qwW$Knpvm;?WK4X-Yc<n47i}~cGI3|+B
z?v**Nco22Uv0}4tYi+gX=m({VE>Opd<&A)i)<=)UIZ!E0g?Hi+WO$7P1WzWk9)#9l
z3=osS$s7P4`q%_By<4U9l1{nRUa%C0-1gb@YoZm<c~^XQvJ{s)Hog0Dd{coPo!s%2
zwan+z>e*4jv$1&jtcy)|vDqG6ljNdK+Nn38Z!QFtU-tS@4Nh{?P*5;Nk5Bnjl@SKK
z#F8IM{F(5HJW#J|oXLgeol+|YO^Eg0&erD2-2rdH_02lh*gx&goMQeKHiI{lrOjk!
zy&acp+W>GTWq{IZppJA}kE+!l?GLNYHorEP_a>h^x{xYfvjp*yi0eLQ#z@2@_HoR`
zqp(HCI8|_K_NpkQP0^DS=9T)<i75VayWhafDqp!~nO~X7=I=o%6$Ax)U-oH}_`-0u
z<)8n330K(O(IH;6dup~YIvG0h&vmL+^w|`9s8KV-8!3US_3#8omvgv0wg2$6NUY_0
zuL{D#s2-ZOc(9GU+hX`*_Mf$EGEI&GD4Cq=?<9;L<uZm#HJ^gJH_K`WZw!;?irG(t
zY}86R=Sko6$lL|a82pM}I|ExCYsz$d^ssK~YXyr??Rz2YSBax)Zc3F6_9=?y?Db*2
zgj)<W62oUR9C_UQ(`1@xocL;~C|kn~<6PS_dRH{;XHb)fwfdy!FI+j<@-CC+9oPzm
zI&gen2DrwlR-&$*3^hqoRnPmMZOt~TL!IXiRjF}etbcCmjzuid2l)_*IF1iHk?T^&
zVV~2}AEWSz7W3h4_n!7HGYQn%wvy>N;M?jv5lLI9a~-MwaF$M2Ob|AXZ*e!K6U`v5
zdkA19HF62mXISqmrbrG$Hi?O@#j>=C)sqr>&g6{Rg~AYmx++|0w-h!e?=70=FA-tK
zfg7Jmb=E2ut04_bvWqruqoPb*vcqdL4g>*SqvW{MZ}5y%LiaQZjiD%u47H&WR^ofJ
z01+D4F(mejCj|9o8fdhgl7l!p!>=(|rX&8GMX3K$K8_NvfOkSVqu!Juta>M_={e1M
zD5NysYI=4RHt0mt$UskspJ^3!R2$4u71F;q`;%G-=~yos+Dur)s662m@D$E(>Xi%)
ze&)u@T~w_t#m7Y2)9F(pOPSy)2d--x3+ShEBf}3!13eeQON6Mi7pW_tT}n+NZRw>3
z5vdeCtHmVD%PM2gMcyhi6mUX9yZC3}c$kDjj=tbg4ASJx)yhSX*jg*<3qb7`x5oQU
zDlN_wdgYVy)f8KKR`Yb7*vDhHf3|yKq8`e<YjcS@78nAb_&g^VN36x6$JsV~`L#8_
zxW_~-n(iL9V|T*7XshD=T5SLQ^=#CTwSrix<-zMFx=Dbx;9!X-yn}I`EBBEQPcAnP
zg#4}`&3Ru#GwwDsu<2sWP7}bRV)7nfuw)K3f-FbUKPee38z84AWMG6Z$q%E#lXY+Q
zM8J?g<C}`8LuFvBsM5Hj34GsLd3Mt|%tY}3t9Lg_OB+4%@>^A~bTOCx3Mz}?bt_wv
zVj@nb9-pK;M=N7bFM!02yd$;%SsKc{-&1<yf?bd?gh1uRlQ~F>TDP^6hheJnxOH7f
za$Z;7Ml^9$P_w+JJJpYYSL3oyOGPZ3MjTvDA6#9@t|Gh;rm*GzP6oA0TE1rutA>89
zcLyg0*-2N(au)RJ66``#6nALJRn+>^BlTsfE~*P^_|~+^jwZkO6CTLM7vgxBxBGgZ
z$&{A*N4dcm*`BdNiEJ(LoL8Q@ZM!ev;6|HZgY{CLGsy}3;^3z}1qcDoR?BjXLeujV
zCnFQ+tNSt948kXj;NakXDb798T?SghRP<fd@iDSMvH(pwT6dbE5mnJ(0x1EvI4+Dc
zP+MG8VuDy*aqc1Z7gh@T)URXTI<4O+A}_3B#z<kBD8<0=Yy|7SzmgQcYABT*r6R@l
zNeJZJzr4sd77czoG!fn#BphzisfgY5Em|pN@Pnfxbq+sD2Uog%eAGthVCu4t88WwW
zvJ+K|$VP2NrdmQ`9lpL{6bd^Y3u81tO&B{*opXD<Zz+4ce+GHJgWeE*LDUE{f01SC
ze!y6{;D{`-y0bKMSqnq9pj4I@bN>td#9#P46ed1q^HTAe5L1=>>{xr@pfNPLF(gLc
zZzT&OszOde@7tBV<e24rnP*(+$BsB+7p&H*IRN^4IXbCoelCh1nHMS*EjaOt#X31i
ze{`F%`zI_m?Tev2Be?%LG?nVkfNqa5&$?JUc<W4MTJ!t-o11!;#wTjQZ(~z4nvc?u
zn|qN3kVAdoRxz_KE_ED9Sh`<3B)*DyeN>iVk%l6RAy(|71PjYym9*?7F-#;y@~Ihm
zXI2)ar35>s_Z_GENcZyYw%=AQY8&s@Isq$uuG*mj<cRgSerV5FNkZkuSdlvO1LHAC
zq2=(HART?o7-%FeqtLqvXU#}0D*%zX;+Q;lRT{}ltwN^J+x<cuuh5M{X}$Wx!g7@5
z^o}%_+4Bkdppm!AZft5c>S{Kol?6^|uXLlWj2mpTwLEf=&Xjz9w$I?fwKTr3uQ0G;
z5Hb72CLMG_g8XENUHNHNW?d8?YVbR@FvDLPEJi~k9m7z-6*WU-^Dr}R+^NoJ2AFXI
z*0}+~l5B3C>X03IQ~Tq?NQNND^hh?@mzm^&5%kebwmMUO%HIG52-g9Fs^$>C96_gk
zBMVcLnJoVqYr#9D_@2r{N$GJ+6O%UokeKkm5@27UQdBX~GqbaCO{&nm?`#4bl3`gD
z#JM<MBe5PQt75X(zj{ss4whV?M$BcLm`~K!VPL1y`S`mdNt31@wpYZYn-naQ2aQTJ
zQL-<Op)xXMJSHx*c7_*M`B6Sb$6&%8CSOoHbZ*UTO0*37X|<WV8j93V${qS;7h3Nz
zT8AfIKibg1(wGygo_{G_qsJFRoYaamJ3EDiusd|Br7i973aPlq1)^V~#Kfh{QMmUJ
z2uhJa8pRbYBvoq@eP3?%4P_G=-mb^R;5ihI?=)AM{|;S{?RUjO$IC3&3%1_xAPnPF
zy`-Wpa3KNhmvnYloS6SYq>EL$;;81>T-U*UBP`T9pj_vI?JZnAyDuqq>VGt((9wd_
zn^pQWct<{WOGi4NGroBx(MRB1;d^<ejsQ3j^1X&Dw#krxuh-1lP>yysn^DQ=l|Dv>
zxVnrJm~XON=Q$3E^Wjb&j;UNnhejXBnDN-)M+O5^#ubftdT%y3Q2)*=O+bn4$|N-^
zpHoNu6Q*Jn9*^Bcteu3|B}}b8nwf8<LzL;|Frmxa?9#_!DBGpD&?YRLF<6F`BMKM8
z*h`M=svQOZ1ySiZDj;(+D{iWXoD3;gcsfM~Z|Ed+{_c~r*dQUPttF7*x(~=I1wduv
z2KBHq)(|VY1FwB}=y6dwWV%;wK)IKXkaqubMe0>x$T=f;R+NG17fgAx_09XB@6rm6
z$NeYIadkNw>RED2zUwH8u9^61y^50(#e12EIW#gS8cS8D()FX^jCw(BNKq|3Q}EB~
z&{F13l&w@yREO75$Lz2R0INfsc%nn!<ML}NgMO*?bE+yuKfZKWnLKZHkH+3FdQkBO
zx$0dOtx{tp<X}5(-$^n_Yl}`ZA#e<*X4-3Mf-c(2hha`iJ>`%yPn<j{(>4!Fb<xyU
zr0y-tWMQh}@$tl}ct7n(wu!XGraFMh<%O=r%fAqKp0o<4(uMmQe6%@{XQ<s7-xZD#
z<O;Z%?SahtO+dDz3k6zv=lEZ$YknPvg7@>+{91)ica)LM3URZhcG4(a_tyuD^+YB<
zJcHkSzHne4@ik~l_z~bE2z`wEt&aY+>=oud2}wwV0ewmGDjE=Qy7keUMA3a(Z3~fF
zvtrHv8qHCaElKT|H^P=;N0rC-)iKsN-`%XoV0h=VoSAi)cD`jRNSB^c(7i?@%F4YV
zKP&4?ETZ=>)&h+hS$Zm?O+*F~T}6xm{VA2ua!qHg0q-XDkV@7Ttdyv2`UAcwtp@dQ
zcEy;>LV?W@4n3_O>mc){<RcI(78dW;5Xm~h^}v9Q`wOx4PWt@!$J=ONl|ZE*@8YBB
zvR!5eflw(D2t>M`w|gUqiLDR|OnOW$0I}j;nL~U;T@Pw+oEh(#Z6|4yz4`GkHBOoE
zIXWU0U77G~%(h|wz3;KwKN(=!FY*_;27ufO%6bZxBS;x!>C<g#JV4O&Ce1K4qi263
zQ+*at63z{9zULboDqQO=!o1zydiphshDQ=PB3{hIo1yy^S8d!@0FfWXM%H1H!Tg9#
zoFa9TrTbQ_2fkQiN9N)ufe!&uTP@D}5~moeEahJ$#95oMo=z!xG{-VhikPOmQPC+B
zZ(xcTv8()+Dp_r>VN1WsT%HdJZa9osebJQJWmim!1yPYOnmCJ#bDEhHBo1Ui@^3Fw
zg?>O2-<VG2u5w|!6;G*h{D?iLXNdM^PjjHr{UC>|TCBo#FKv|dy+Jv!X@J6aM0_G{
zw6KvB!%US@TNWB4nZBCT5Ns)47b8pOTdUjk$6er6H0AnYZr+T;^csDDX<M_-R<lRF
z&ZNU>Fvp6t{Vvos_MP1e<M;z9N)E!+39<Kb_Sy~jt%Mv4rt{{?a>v?rl%l2|5ynD2
z(_uQDp?0Iu#Aa0tG7%pf;K&j(q#BNu$<=j{TT=R&X*-@`XUhoE^-`W&Q0LQz&d%Z|
z62)|p_kz*osAr>o;vV6>mw&J87*lcmDz~Dh;V4(G&Q~<aa#!i)Px@H++QIeW%0XJR
zI)1~`)>p!VHgRd|x~kN%3fL~}uatkVKn(`8FyA_e^(ushnyC7)(<(5qIrUb&)%0wS
zu3IJ>oJgcfjbdOr05V0=283~9)N9@Qj3s<3(qmMoFRip<rGJ86s;PD-1xaXr3b2Wt
zQ11xmYPNs9q)6L99iJoO%2lBJBQEYoR4iTb3ZU2RSw?kH3_Z6QDr+z0@n4VfeJd29
zU>1u`Tzp^MFzYWKFtIFEUiV?iTVh_T;b>x?Q6mJ___0wM0%V=4kryHH6n&?szhrZe
zadHkT%=lv0t;q1M6GS~xo~d2?Kc~6w`K5T<J~d$gmiE|v;FMZ0r+E-t0_2o(M-eX^
zP}Rh7RJrsiqfI+`6dDCF-9AK}oDD4V+*@Sk+{rWz`lUtPxDLY7ch+YLZof<?c<l!K
z?L=5~Ej<3jRo?F5+p-eJ>;ya|-?3fK9i1T$qmh>2<#czCo*oFc9UFhSFUQ-?LxwW3
z*|c_UT8AcSDE>!tg<xLyj-PGndsXgzX<-Lq-}J;j8Akk$Uux`Aen6^{HV!pOO#pz#
zq|EOzwiJDuMqp)05ppH@$_CeBsiUJaI(=JxTEz{PSC7H3@mVU21S|JxA6klb2Jfd)
zZ7aH3JF!oU#KN6RyZN)jP!Zs|f8DP_r(trDtB==h$v7Brc>i1)A?^~`w7Cx`CE&<~
zumLF%|0}Pd!=;deRJzdot6_^Cenf!`GfX~B;ZNrkT0`x4bP1emv>Sehhb~)O7V%lq
zDoIn5xg~d=9%$=sSGKVeJ&`ZrB0be=0iun2$O^&>;Mc>oizn=5RY70bMNhA|ADVxM
zqsV7B`^2}zJ~Wbzk_5n!%K$bdg}-}SI#)Ij;;~C`chSvteyq=R&9WwsXcW_qL%p13
zccO6gW4Kz&<rwv$A0$x1xH)H3bEe_bqE9j(X}mu83Q`0+uL5~#N)6g)ESIrQprz*R
zkAR5I>jM%PRZMZ=4bPOYz-^0wQ#DT+G0We6TB6JW&f(pyd7#2BjVXJQK_!RLUCx%M
z$YvakFD;1mAPA9Ls_1%sox9dd50=Ze>_zEJWqgGc9NZrHbZ~MImGL0RCXf!}VN~mx
zHrCe0!hrX&hBor(@p9=WKE9wWumT#p6GnUZ%`ETJec2Z+A|g~T{-w@pyp$Jg#(y)J
zBqC%^6R~bKsQDfYz`8EFG*Q$nJCkC?^+Jj-B<wwik^!?0?s~sR^!|lFaG*e5?%#YS
zAi0!1#VH)|(@7!+s`hbxJ&<eZxq-EVZ<C^1M2i3MTjkzb<m20eO9Rg%$N1o=9%T2U
z<+oKm3X1BYquOL=@3V}EMlP{RN&f*IO2!gE$oW~>$~PX!bre~S-pxGJoSOgeS)b7P
zTXF>{A>AU_MnNJ!1Vvk$ADjwZ#{~dBi=;%f;|j_z;D4k`X^o##IPEU5Izxyv*Ehyh
zuZ^6`t5vNAAKz~;P4w=s^ew(-Hl>eP=v;ry3h#`z0T5GblabtB(ixsUpfr9|iz!yi
z3-gJNQf<BWp)mAG`PmC2&UE>riN{IFGg%u<-O3FYtlPT(fS)`NTh8+*$lbV1tPJ0Q
ztQ-Wu^X3WZ#+A!cHp72pH1x9TKA`s4ZG(lO!Lrhbl>M?X|3aN`>+K<&otH1)IC>Ov
zk@m?55P&e!-sgHmH%=|^%>6nxciQjAiW4jq;8^f(ISP5$@xGSY51Z``M|{XB#72cq
zmhQD3NZ}X&AF8EFazv0BvWcn%WC;&WVyjDb7X^NkAf%Fv*Gp>|`PbfQ+MJV{-r7{Y
zMvyK2K8q;h4pqmgwbo<4wRCD8fYh-GRzLT!NzBezR%?L(*q`DSL?dcay`G8GgZOt0
ze!bkpf(Ff}uBkV6cje}OA`e5Gwf#e^-Q6tQ5ZRomJ-oHIW9|H{`S1YulIfYhOYXx0
zz}X_nXX)zd{y*yQv$=Y_e&PSPG-XzD8-6fS8m~~N#?X(mToG#y0H~UX`G=!v2uTot
z*p{9cwbQioH!_ppaojzya(?we7D;iM=)Z8?$1P~^Sl=I+Rrt1EN;SI|(LIn<eq$fB
z^`~ybAQAu5P#Pg&VPRS`cfS^{J@F4~Gy4WL7tv-IF%)dRB|=Fn;vI1wrlLV0kFWo|
z`t|ZjDny3(h;i=gyeexQ_3)<qbf&%6Y82pIGtU2GEyv9xBjMSNV&wII&rXf?2=RaQ
zM9%PiiQ#U>oOrzyCtm;1Y0LD%S~%l7K!fAg^rR`-ed4I<*;yY~>fZSWDOzO?%x973
z;tUC~?l}sxLF~TFKdvqL?)KlXkmYrZ+T$={Als95YYu~aBqoTcxVq7^94rv^_jUic
z#=<8wO<9rffb0*SnF>C7#Al=po8Cw=jv)F`V$jL_Fq~3inJq?hTU*Sj7311=`J5#?
zXSs4TRQUi`bkp5`Bbtb?m@Z#uWR*zGo&nn<_<v?%5qR`zn5)M{*TJ?;^S`P6TuHHG
z#FscC2O#d&Yo*1JkDbBCilz&A|J86=@k*aSZ{Pq(mhq9Oe<otPlTZ75MGJuL0*c<u
z?%%<y4pQ@769ZUJ5ZgH4&xUB>tAEL7d+2gj{cL8UA9Mc6Sq(>}#9O1&pno}RExH|*
zo#p=#xPJAotpvsXvCwc?08o2=!}S#CyHMz40{nFwda`HH2?gW;befW3XKTim@ptlm
zFQGd16uR*85!vk$MEGJ8<n+EKPDxQ%oS{vDy;)Z~C!t6`FOp+}uYf@J&tPUTQijT$
zm&5M~R^adoF53`M4p82~oIB_5kx7lmj?bNStI=ZQ#G&@D>wI>f*I`d+`>tMDJIj%K
zrtD+dcXCHgaTU`k-fO0YNJEfd7{bu7?w|d#?_=xa?6mc?`vhbcyKI|G>sXyBNKA~%
zJ{~@++9M`{YJ~!n1h=c}L}W%i^A1z@>2ClRb++11l79?fhe_8<mlHet$$N|F6n|3`
zZ0iNsf2Dh_uZcK&fB?!OQoy{-&C8iniJy>rf%xi30D8D#vs4t=uVK5CeD<5pU0(<X
z1A}Viu!2nT5NY9z(0yB$Jq}CW;XTKP9<y+BD}^zolZXhNiu!1V?@?~?ub=7izYf?h
zP`Ti)*Y(_BSZB;jC^-tvLK0I=3m1~fl|>5&Ow&DQl>eCFos!Rbz$_z*_@!fK6>spb
zjigP3AZ@|)KVs4%l#8M7`VxC=dIW$unlOw(yg*<IXfI|IED;Z%(%8#)1_0+t&@{}-
z*0YxtPL$ilUq#$}Q0hC5SF>gjO>q>oJMNb;2f(S3+O{8|e2uGuvXyg&pr3<h?kArT
zKqdii#rD2q`QrH`BXCh*o8U<^b>#J<BF6Z33sD?&0Kl;oN)^qp6&=ea?~9pDwnOjO
z5DV7?XM33@ET>T;qU8RN{414yb$4<4XJVRZ$pZC>^Y^9+>l!IVPlYH3>$^uJ_9_EJ
z{d?hGxwpUeGO<ct@WABg2c^pEpkv^xx8^J(j$mgmc*MyY%k#3J7VZd`C}jY-PC<Cm
zE4@@k&zESGSXN8r8JDY5v%~bMe5C`_v1{r`v9c)0y5UoYQeIVlTWGa|lnBYhuM~Tj
zODmJdnOl&C_L~UP_ckqSlP$vZK9I{q#qiDR-2C-03dd-;ZpJH`3xJ$@dlw;$i4NR=
z-FSPivmLY1nPijW;gAIYSz7T8RIskrYK<!@!mBuYE^0z@5$GAVukehZy2{zYzfOl8
z8;yn%{*{ln$KC`;d=x-xsF@EUBBCaylq;U#;8D2Puq4H|3iLf?mY^qUI*9cpYZhOi
z{)2r-``0k67c`KMF%b5CWda)M^y0Y3Tpe%))|pb#DPsXf*<|yNn)OSLVB6h{&fS*p
zaQtG^8zQB`=_MFx@oHRget?xDqm+k&UA@hwc8Ru4e%jrn>{VPkZwDASDPilY`l{Ff
z39#Ij1z@Mc$(M26d(Nf`gc@x6Ygj+jmVz7M4fQ{%tZuG8Td_Ul4NpXhS_L!xJo<B>
zTjW}TD`_G~N(Auwj6pT=X-B)A-Du!6ySYG<fXt|mKn7~qFjpJi6}U`ywz8P8hI7;4
z=OrS?%A;Npg=6horbxa+#yO%&>7Zi9wcn%2S%C3xqfgrhs2||-kjEnZDF+C3{>nr(
zx=~Wj+*vkeh2z`Zc)Vgxr(|C*m76k4Co^^Z&UU*#BpS-|eBKo|{F{IeYydee#J@u{
z89MPO&vubZ|84is1&t4L#8=nOk0+pJ*bL`40OiTbut5H^zyqpB5)+i?8*XmA-6vSa
zU7EZ`^}KQ)Znr7vAU(@zY0T_yf9?PHSByVNLwLxJ9*J1<?Ex!};osqL0r;M=ei1Eg
z0$*@pXTQ&i;iBzK5EH_}kn&Byjd*|ig#Y7F-SwNY`%LbMDl7<AAvtn>O9%As)_x<8
z9OYQxxd2gbGZrp|-lYEfC>95dUq_)TTD;<?QyWREs0g*yl&fE#=T0b|V~JsMP9iD_
zjzwoBd<VSimD`ZntFXTsP{zF7_PYDAQG317lFL@6u7bwsAZ~zMy$R#_{7%}JKIA|Q
z@NSUu%7oNryX?Y^k37qm6_1`eFTgF$-)g>k4{*hM+LUqk&;)%_u|ciodjw`e8XyH7
zbmAmUzMG<znz9gOw|0;zPIs)DuhnF#l2!gXbgN>RE2JD#t<xghh=1}32?`j)B>`-g
z=ooD}MID)8fxf}-e=TbDBcmOGg*}+U;9(u6qs(R7N2^j@PCnt+;?;HJ_i-EL?y~+7
z&!5Vr%zxdfvq6%%Mmpr;$PZiYepj}x;_PRPLO!4F0gY&_D`;*tkNThb=L8eD>DAxq
zb7{WbeDo;#Bw$4*<kuje7MXMtkBy=w)CI84#*LtbL?DrdHUCeO#gEGb+w#9`K7e>n
zHTZizhhU7eMhK__EimV4$d|q5r2fdbpNRp%&bWfTTM-BYn(0FG*j7XZz!8C~rVKZ-
z>i;E4wGRK!)BE}_84C{Gei^^{MmdU4h+3Yx`6EDH^#S(JmDS4i+-**8LI<*E+Ce?~
zhhI$~pxGr>u-AYFRYHu?&+HR!oj#E)N%?`wQlqb@Nvg7OTbrpu8*M{%EcfL+srU=U
zyQt|Cw)vbd`75T~tkgEO`$($nPNu5qW%6e>n*WRu3)e^s{pq%RXVL{U_w*wxP0De!
zk8eBQIivTdg!>GmpMu0aEXhzp)Do*x>wmcbvoIfzI%Fv3*6a@P6Q?N3F=xc0Yl!e~
zmpS40>*IWc-<n=`B+{@+fq~<@SD4@0ubpj2;(OusI?lB|zAk0v<yIBj5hK1}Gf({e
z>GjhNb@GW2Kpv;Ev`INh?$9Qj<oL`ck)qH)#&s75#0#>H5nuOZjtxAu)z`)Wf^B_o
zk6%elY!tA_V!2QTUL=|Pk?MQPK5(-Pns@2Tn;E!m+C)XQgSp&0b&Gn*db)Ff`_!&D
z;qYX7(<H4a=(9nPP^Z?D_->*~q@Zh-NhFqM0CEc?70EkTQCPdn<-gEnJ!1rC(RiC|
z;xt7QABVMdISD-1$3|r;QPbH=<Z<fSaC`pOjx+Wl<qEP;l~o4$Xo$UuwB7xI|MvdN
zY9C#(>DvN;g%z7gwit+>SMCN=g(j7c&<pv>)pv#h3EJ%Sf#?!VkH6avfhPWVn1-3x
z90&Jlc8hT}b#+<32fL`vYt*I*V7FP%i_q5>6YZ1^uLXgu-EQll5e|y$Y=u=Jnw(cJ
z&KY&*t3P<OKc#iQw}9n8`e@V+-KDOwIqml})shIwW=BLay{LR~Byr5%B=(jQt<jFS
z3T5o8W6EzHCSipYZ!a5$pxIS5*$cBtRX11<#}JkW^wjo`eGk#hri@NfY8XgS)nd1k
zt6vWV^A(07`PJzb*&=_68T;ckYs4v7UiF?W<oKHJ6bej*^>RL~8P$l@W?$ByTF46>
zkAZ1dtC@+4dSv*9C=(lh#^O$y(<G%Vr@YD5MX6o5Ih4G#>qv>kif@1x7CsX&4P&<6
z&YK|t*0tewG(;T6tt=WPlAS?U<f!RT&r(q8O2$(nA@y1IT}Xyf47JNVJs8C+HR<C3
zmVoCtlpb#D<5->U$4B?3&krkaM)P1WzS%>4o$;HbC=Xzgt1H5b59%5?s(x$)7y*t(
z>}Ly`&7;XnldPcN?mfZW_$9JvQ?L`DC#>YxlLd+xZ{{`E864t^;w}=0!}YDzy=JCI
z*1Y>d`}V|EBDBq}Q)u=phUOJ<=@zC(q;SuOuvZ=1o?{V}Xq5#g3Dmdt%>mM|EO+jq
zI*9vY=;~;Tyo$aWk!j7|E*B6j3gh{`?#wYWDwp(o!O(u&F-T;$^kj6my|4xNa-fsG
z&b^{p#0L<yN()w9S9UeZD?0iU>~0o9hI72ik?IufK5&!JjYXk0%gVy|z^#l7n*M@|
z2a$G(z<|fPkh9B`6H7suN?JT;`08$NC<9TJt!ug5s7dVcDPc*u2D{uy3~yNSy|t&G
zr>`JIh9=6+^C;*~lelI(Am0-_c_otk_Eb{34bnr(kmC9eo@SSA(FJgMGZvf^YSs6n
zGnfK?6e3?&j%5N2!V2--qHct*xJG*Qwl2O}EU9TsN$?CAoGQ@vL>uP9B-^aPz6}Pl
z(n8(orF@4uFY<?wwV&guhW6pQ$L*QMNo%X|mB8GXUf%l#Q#9bRB5hCjdKFZiq+*5l
zMoR7Dal|ACc|;{&OQ%Gh2R-{%xt`7cL#BAdk|*;6@)PuRX-lT_AGY^;rDdQEA79@U
zKklvGU?1L0E4l_i1kPoy7`p3=0&anV*@m8`2dJ11t@(6NCu0}DzsPU$vGp#QV4rsH
zsfUYP52-7_9j&w6Y&~#tXDsEY%Iqp$vUg^CeJ?d<MQS>Lo{^Gr{Z-z3>G5^qP1zT$
z{Zdzhf(fKNoC~iKvUeGE<NYGhuAP^$D8TnmheGM)HI;CRN1P@qT~v0;f6^#cV^%yq
zA5vg&1%7h{7%)F;&S5>9*`wz}#b7<j)Fe``uCoo5Jq94ol-a)Iy1qUNcK4l3^%X5?
zJpsIm)FzC*6Mk+iktBw7AZVguvel2e&8wZ4Cf>MeOV6C9lC?Yub+2JHic;~t&>?)M
zlUtMZ=%9}ty3MDD+%W=#+qyGq4I_=AjQ!-}T(!S;PWUbKKZ)#6Nxg$UrIp#zQPt96
zwcEQtSf1-)XL&QK6^r0n2Q%RN!zFIR@9&44@PAZ&by!s07cR;Ns0gSiDIrKoiFAsT
zbjQ%r4BZ`y(ulNl=g{3DT|;+wcMlBQGoZhF@BHC&@R>Ph$J%SX>s{~O2Q3X+*^uF(
z<LoLlY=&;B30b%4_k6t{22uzvNgC6}Na5iX{?K8>-bMF@RAEmw;zsgWHU13x+4IH`
zdKu1^YF(8!{gW>rt0`ugxeakudr%@Y8FcU$d-=2|iuIq+ormTwQ5!BXQs4Yo*$#SH
z=w@7sk}4_NHl>s!{tlNsM{~GDuCPki2s6v&@X5$7=xa~yTC^^L=kQvE)Drx$<h|lO
zLu)*Dz3t(@UAOB1V8ymEyZaOEIDq?&O>fD<#e9Zjk+kyzY3)rEnfOcKhYM==v@cc=
z|Ja<{jiGQ(wE%*MhJ)#mJ{kZT%xScDu1YIf03W%T=XZ0tnP+mBAM0S?g=U%r+f(VS
z#<vJ8Ldsbuh}u<MId;AfF?qS>PI{VzGD$ofSvgTdexWkO)0~Y+l)d8op1YnoHf-MX
zV2vmIQaS{ZttN`uKj`<c7Ric#)B_{sxPws03~0w=1p3f+Bm;hk_*h_xNa{(dJ2Kz@
z3DC|u>E<kK|Ic1C&fgC9_T_tjDLf=Vs%=u~ss9yFMF+R_CUbdCG!WUZ?TziK+dcwU
z*LK`F^F3T>b^C;7;zE&P0?C<l$d6Q@K;>CbCx;+=mJRbKecA`VMWAe8P1|GI$#ag5
zlIIDTyk&2Y7qiK!XCI~i3p`M;G&8zMm5X`>s4vBTl6g)%0ap)W4<*k~k{F%lzFAk9
zcw<Ypw)CupLCm=ZWZl&(mvO9V`sH9y6vdj8*I)sK1QO`?SX58MtL11}UP~$6GVPIy
zgJTz}M%b#_VlPFmR8{0dphvC#rj~PcAV=o0R(}5cN^j1^_@t97a%i>DCPXaqn}st#
z=1H$6F+)^pp9*Bse!RmWD&~j4LNZJkF7sJAx4}fS@Mt8|$a&c-7N$5%RJPY|3Dz9n
zMK-WVXnC+HQS(SC=jjlehMIrH$~&?nAkQKL07<m{K#-go;pe>9tJ}*!!R<~`ReWWX
zAEw5*(o<?Ykn8Ca5z+fe34mtYY%$pHKMQLB#uLuXVYlLrWj2%_y=wY6E5$j=!Z9^3
z8f_xUU1J0#tlrOA9gWx5FDTS#aN%;O-{I6;B4HJ_I3g+GR<5mN2zXnZCeCrd-PY~t
ze*|{a9{Ynfv!2d~Ll>J^&wD((J5se{fekF4PCETh*Km|*^;q6VPaf25R#e(6S-=;8
z&AxjDWbG6xr~s`IR<OOzXAG1JtX9`pL*L7v6y&g6G14bIftlkd){1l2k2Q@#?5NnT
zt|+^@95B%sl<FJOzr-hA^*muhNU-Jig-bnOtmXrGS!n_`gv!9VycGg>VFt`d_M2^i
zIgeA(o<5yFM+DPN!aEETDZa;Ok`?z{N$Q&^^lQ~9A6COZG(luUew@qi!;7Qgi)vA3
zi?tjx#;tlhVfL!B;vPpKsU=ELi+{SsWg-*Ag{hv}(!b92#C`(EGV~pS|Gf1(<nToX
z#CJ3|F~km(lDSX4K~?e;&a^WoH-f)b6P-Ue20`5yrxVF7HGzmqB<-vvuKOIUD4(wG
znv41!2t%>62|v1vBpaA}ff$jl&M0#>KHatqxYd|&FfXz=pl_zgq>{-UqF53@SxuvU
z5mSsbNbOb6wYrd$^upYdEgC0T{L5Kzf!JA9HUoNe#MwYs1LXa=xkTsDk;kWO3;7sG
zeZ*ufCj=Ok8HS)LHjGRFZ!=eUD{q_ev-=Hf#J+`(0NmAPEjL{5gi?UxgbB8|iZz}8
zK-l{^u2a<-f<(0zN;{GGMDzo2THM4{mtj98$SwAEp2%#8hwUQvBTW44@D^Vr=H;Jw
z@?oBlI>XR;lD5andNm`fQ~F0LqVz`9B3Zi}#ln0``6@ZJFj?o^jLsP-MF2)~l`p>9
zV3lFxBKca9=l$-_nWPW%Z#oUPt|LCrgO#QS_k<$5O6^Jj$wL)2B=I+EOG?->>xZZ^
z5r3J+<9rH$jJrIWEMd?Vn(St3Ob;N?{J`!3hXM52k)~C7r_@?Tx8f%ADB7#m)?%ca
z1Ls{i;NQ!pSFXr77)*ub8Q7Bv-=@@N)Je7F&-%HP7-(KusLMx1pJ0D-5AW98?Wq+3
zyxZ8K<IOVvLgh?rdT-CK#EgzYNomPL?nA~!>B4LEDJR{4eH|ado_%ec=ic-`KYg|y
zgjVzTCPlxkwcG!bC+-;;WiIyAM)ApI9c^S(BAGzj*U##HlQnWEzw=cLYDI5fWc7C{
z%Y6~t44!$VNZa=1*_=k=)ieFG_{hkxFf3EuSRXKzVZBv1mScjd)7nyUF8OL!ss=@%
zV)oO3aMgk>6m9Fvk{HNC6sm%ghO3}(?qdtLT}hl36}S=1u`7sGNj$SmJbLvb<5bBt
z_4h7TssJu!Je4mxkq;G#qf3O^=W`yus~U%TigkH{Vpk2Wzsrv62}5&li-5lWZlPjz
zhsQNSW<$%Lt)S%r7I_gVnD#En)4ttdQSaG51RIIwi(};?>GVzQg)nde!OEhze~G@U
zkwsUy(IE}UgyvP0`KwKR{Sw-c_LZS`-O%1t^uW(9R^tGcwX~FfU`V1JwU@|q1pUeN
zNP95Ra_024K`QmiLCVZ#bz|onKU;i^1@nYmbQxr$ed-7UQ;FzA2K43b=vUI&8&0DE
z|ChRYX{(mEazqiP#&mQ%ky?1Y`1N3+Y;wNQKt`(N!CFwUacfZg_BRVmF|m|aikm|x
z&sMW=^PZ`&;3N+h=NwTZ6~AfZHSTIzTz_1|6S^pbZynk*ezdk$kxItsB9@bg7#->c
zF$1WxJ;ED~i6SB(f%4m$)hCrMtJ@1le4G7(?P|H870738>DP|7{BO`xnMAsf)@k3F
zbm{4ieu=`0kMuMerOnu4oPeffpFAm5$l2&ddp7_3;R%#>v>G@NPq)bUMMW`oL#n1}
z5%VB3ZRFN5OV07@Z=Xk);(kZqAMu-Z5JbKD$-I;PtXr4nwLb&YZ4D5prcRZ&($Rex
zaj$y%X^7e|PfwxE|5<KuSD_j7616pIcWAC8AW~^F^<<}kC#TfCdjg##p`W$-BgccZ
z8PQ@{uOEl4ybMEE5(YR`>Ajx=e&1QbTsp1RE~2MC*uyNl1r9i^{2bxx?mt8{ZcOCh
zqNQ?z`NsQyr~yIS!68$hhFA}v_if9Icw4)L=f#zwxZdG57`q{i{J=0Gk&Bx(Kzg_R
zW%7ZQ+1eh8RPwN`k&{kfquLMWDsi6zx)k{wzCtyn+;|rN_uH|T)=e-&Ck=ek!f^h?
z7X!K_Gb3)j+N!S=b#(ggTH*!t(G=IS;Eho<>n&7u>^6@v3?dWj-6sP=X!{a0dAZjz
zYQ~}xdF2C9RR7@pz&)aPoi8knM$;p4`8cIYOsQ@Pz&Lr&huH`K%%qFIGLLiAYY9Zi
zTG5V{BSQB(;*NT9hn&+Wo=#JRBEaxgf6S7?<R&AGX<JHOSwq~wfE$q56u#-DtuNVm
z`AU=HKSjD!<IQuH2|^{W$uot;J(2MUUuq{KhQYJULH^KgHK)jmgYl!(NZM-+V#dXw
z-3=Y6`y-pd^K&WjDdiq6qkChfe<`6_i|LA1QL{(Kie4?YyY_hbqO*_pGE&42k}J8p
zEx~G2UJcsHq$l`jm#`f#G9IZUxtATbiE`R6^GfrlL~VL@7f5SP#&1T7*0x;52&k>-
zNO8Q+w`S);Z`D>`WCs0l{jtd1D4KN?+)!OjkAa3YpA$*-Icb@u{F=Od)Bd}`USQgR
zZ~aP33HxeG%tqId^icEqkFK8{J{8})CVbl(^+z&<6qPF`nKdSQhkA@eHSLya6c#^O
zb)ly%zMQiuV$VQ|EX>2%v)BQ-#4=`$$5_59%}~spVHg72+md{HZSwsf3_6+d1DlrX
z|E2<xDooty(uFYbfXi+s+;yvDf>_dX9R2Xuh3HiaJ22Wq?8_Oj!}$0LLps5_b|#R2
zp>1pT*SOeftK^E368*4ZZ9hTXNT8^fmZ;8EsWM+JsoRiwbSfooUEXhahN>t7uwwf+
zUk8==VfDPJG`>HoA4CjezT<=TH`7To{Yn_CIs!lXGt(_sV}m`jp7x9n+Iz;J0EKHt
z>_|Ra+F27mmRP6y&A>Qa;+(fGujL{<*=4B3DQ902Y%{eLC+B4&6<6;%sQYMAN?9w%
zM!*Q&xIr-aw<yn3>dDNV?=KvBQ54r(^9ZC*Tk`!V6m+UX6mj3QxgAtDm0tPNDxtQ8
zQGS4a|6}mPChIfhgBbUhT|Go40qBry8?qg>27+&7*ju`^AdD29uUK!A+QtX2!ya3A
z{SF_h3P7fgU_AbV40@?kKKkql^h;YRsX<^zx__RnQgmU>tGi)Xh4VUs13aS>Dgd8;
zoCD-0<2PyZMhTX1`10+gXYXv=KHl9)DGUciy_?0DQbTex=x9#ZG|a0fs_S-xSwZLR
z@=uu5N0D%Bs0x*=WJao91KS);i|SJ))&rnqoUTjSRaih0`Q$!*acqQ(5|B5fj?9n(
z^h52p>fd{K5kudi6uf{nrV{soIQilJ(=65*>6?RO{ZIY96@fC{AmR&JDA^&H(O`^U
zr4Dh7kk#%5>UwhxcCiftU{X;9&TZ^smWoy8?KU@2k_|aV|Eh@76U(skq=x{y!00hK
z$mn#d0);BTGv9ii?PXTmXYw9gp(N_5R8x{5%Z_#)ZR@#$n|k%A&LmM~Ddm*9yVGeu
z<aR$)eL=WeHnL~tMNvGg{LVrsFDzFqCcE`)0^4`+Q<Lw(<fO;m6)8HB&~hXrnXowQ
z7U$eu=wa|4>c<j76-Qg5MWO(W7Hs}a=iemNQ}D|zInNaWEi)LFZ}kY)`DzucEGaM_
zM>&a(uUYRkQd7?GTSE9U|8+}osr5$_rZJX2EsNR}w;r(kZJWM4{Mef%?_60TX|&;;
zY!cmBwH3($ryauxjBOZcuT6dJmS`lBl?WD9o;f*dTg{Va=nK7mrrqUxYeUDk>x+(#
z)Fc<gGT82U!FapGxO_T&R}uAcG@j-}zuB3;!Ac`Z(!skglTHlu^Lr3<8U0?k-_mNf
zww~m{8ut9}K_bb&;3tq!<Ei4(2Ri~QiBs1ah*a-@!GPa`m7x9>`pvCDH<Hl2WS$|v
z=UUZroYK7($7(zjjBN;sgoP5Uk>t=3E_!f|gw8d?!%&x{`p={M_iV)KBh}zZ&@SLs
z90s5$_urilhh+j@VPMZc-No?8%Vg}y4+-PrZ6|xd&*xq?ADch**}K?~QKdYVV*MP#
zHJh;|Jt|7ugHxrgweCL0XkxY8^%dtUq#&EFXH7RrHbkKQCf{T!&{5D42wP30QiQ=}
zSnLL0`KoP&q8QOG=<(c-b>B-JlUH~Uq*@{-X|$#vrf;47Bhy-PhVklvVJ~_k4wu`}
zvN)=iwXdYQRE}!o`9?T5)mcM=?ikQ&=`QLkC&-(0Mv2hC51Ij03sd`}JgBTztbGT%
zp%Wj#UxvUR&9@ybSkT)}NN^mbA*Tx8E7q(#mq~YBGD5Fu;SG`%aVo1(;#H+3+Qll4
z&xdqoK9@fE{L=+Y?jb!@J`Io@U(jevONnzI(puKaxgVDYhZK14?K5YCJwm?rwq)54
ze-gIfRUt%+w{3I_yP}Bwv7`ao4kzmEZLjpQ-;R4R_l^)llfK*4pe9)D39SFBDQAZd
zG!{v|NGFfk*8~t0UNv+*t=DP%-E-Bg?2)7sFl}2=q4-PibakmqX~UQ8$hE|+2HyRc
z%rK3sNVC0>Z;dJ)1fA(e{WgLI)79jCCA9mL4Iuca!qli--2OWEIQpcf9PbaJ?A`_!
z)mH+%g5c1pAF@whdGbdK&_}kOb8j1>wPcmE^Pifg+5cIS?%!PY*z`D0n`i7pPvxI9
zxBS|0RdNRV_`sA^J7YR8<K~#piMIAQYovXl1CS3ii5{M-*Hl&g^1SpVNh|$03Il1G
z^4i@v?OxOto9<RR)Gz)jpK?qnv|FjE^iR9VwqWt_QO9%NjWZ|Y2c4qVY5GBPxB69U
zN!?9Yhr3E;l}-lwVa-eX%gn|JC&UKztfzZis;<balXN~Nv8O(VABQ8aR!e6Y{Vg#^
z_6?&o`soK;)s-{ws23LI;xyyEvr4WWwTuD=c5rA0P`uNP@aZ%Xeh)i#^Ev!e+~Xfc
zd8y+0?<i2YVt)*=8?w8*1hv&Q<jt`_`)ErzF!mzxwA^j7z86Ow$?h$x*o4OUw&Sot
z^*>0#cT#T*^N}v6xkE(yJBXqWYqyc7B7^dCdLu=6%ZA=VrR2!7)K|?n=x_KKkl{O@
z-j<Cke`noo;Pv$_I*%VqiB;TYasJu2?aQ6TGrQR%-)oz8ZZ*S5cC@({oe0aPs`XV*
zHpuqsvR%%fqr*x(r<cj_a2VvZK#*2sWJk;ENunLlmItcC)#Q*%NCe66{P(r=m;2Y>
zV5K}sW4vW5mQyJs9n0dP(|L#DtW%B-N}fpdN|co+x!SGHEslGB-_K&d)aNgqD;s+9
zzWyk8?XH13#&X!VMCLU72FiOm$XM8y`k1)y(=kk*9okp-Yjap{W*!N$?2!|_={?8T
zWt$fLg=w;W=3%!P9^8bD4V*nb6t$iJ=$nzeW({J3_-0Og$l8!Aj*5r2(AH4-8K<9D
zTrMx1Y`(W>&x1}6S6~EaaMKMN^Xku0hN}~}G}OH@jitC5vz<CuT+`v*(FP%!lq!P*
zB5r=|Dx$3?79(9~c<#S=b(E&96<6XW*3<A1Xyx(Tw-x8*hKGwDIhWbzf!11t?j@9y
z<FgN|fk!FJNL$9n`P!N}&YfG)0%pKh8Zrs`#naK<Lc2Z2zTA<ebFrRr^t*xrn0a-q
zM)3RMZB~+G;nJe0DUlcrNMedHPSjvEY*H95rhc>IsJD%Z#8R<W*voo)z*XNC4YUwq
zP8pa|v0%~i%%NLmkn>qRUC*$avw3^J*rapOo4x2QJQA2k&eRHW*WMz|v*%*ogp6$P
z>0EUPw-o%yCD0=hSVDIDjs})}97Mp-^-B+zg-n2+RXb3x7Al68h@DpD-PW10p&eO|
zI+%m1bW=(#wPpt2P8OVoW1T1D<D8TbHeS|#s4kzVr9ppIUBR3?USkvS@qnc&C&b-i
zOk`y&@q1Qt{n2vmXc&02u-E>+<>T6@CJO~xuZfN7W#E_3X?pB#@uGM6089OIb!FhG
z<A{D9XcH9T+Bkx?iA8Y*Qzyk}k6rXnqU)ZvTworfa{SqvSe)C)@(AWi3+s2it)ExA
z?K;loH(eGML5y>FC|j8J^%7Q1l6M11{^acRVL@<4nfUHy&uC~ZJn&Dsg1L;=-1~&;
zFu7qFH9|Xs5<Q3W#MMpZTjhX(&N4MQXq~GM%&<Bxa<Ja|d}dcOl2Ze#@1et*wGQj|
z=B36X=IqA0e*Y0)neC4rxs?Ry-53Q^P4FYJ{pj|G_${Ngee?qjsWpX-Uwc%gQe8~~
z+cPz@>=)+txj@^vm_Q3JK2~UAEIN8@JC*_M#Px)ad(K|xoDZfqPdL>TB-$pVj~g=E
zu)1z0IlT$l($qlBTF_K{dEQe&rc!EfgY)6XYxxf6d6;4@>*0GaP(;#6*q?8-EQgca
zLbN?vN1shq#1P&X&k0k`vx1!j_fu1WOPN5x=?7EL%q8*0pR-h9sVrLzMUP_|Ae!^5
zM6v-q)v?d$*Wg_IK|9`|bV*bHNHfic{e*#b3%DHF2uHgeWSS{Gzj_TnUFWsIkhxBe
zmHKk{fNBr8fm69;k4UU>2ekb`MziWLi|Zy8)%Ehl|9=m~&G5FkJXIH@E3W-9mL9&r
z32eaT5=^E@ZkkEptJ?7S4(Po|fy2*yo$g|l@z&`r30DcQsDY1}sgO4CB;X?({8rC_
z>i!bnJ+a_h=V+Pre90FRCSoUCG~rcS>%@X)1q3_orkW<nC+R4#0?uW>`8p3)sM91*
z+x}eMZIz~{kN$)K+HOkaVV&7rl~|r%pG%jefY8lcl!@?ryyix~`h~jeCYPTVaj}FS
zcRM#m6*!)s71=-stma5HUukdaeCDv@E2YwPzssG|t!{pEjrelhxt6vVRQAL=3;%}k
z$hKI@1}Anqgt%|vv&YThvC1y8q!nJZ4{n@CYDLyb7a6xL>$Fw>+-AuVcOWqGn^Z~$
z8{usyzwu!sRUD>sZEg4f4l!!r0PjZv(1hnoo#j#=7g2nb7Ca*-G@06%m~_ej<`TdV
zQ!-ll>hlo?4L42<80|#Q2lBrx&c>C`5u%w8e=u_@{=9?l{$?#Sjw)S9=Uo?$TnFKr
zlz-?Rx7~HT-Fiy7we<#%HUxeZSlBR3_iat2d)h*AzK%V+R=H_0z@`3l(=oDs1`-uu
zBMnO(tLB(rY{T#SWL-dDej-&6z}zCBop8QZmwO4;+wKmv!Z{s9Y{j?w99wsu`0%+{
zqTc&L##&<Jt>|&Xe3KWhK8J29?cd^3W@n#Cc^5B=J*VY$9O)a<$-|#(t9z8{@hj_d
zo=Fr%1C1_BjO`^8@zm4~?K}C%fdcr&Jd>rprY{>*Ds;eNe>SPVBkt;WE92{u=w2|7
zzBuLfZu9`doU|Ln+d}D|7C_;X`fypvXCgu@yu57Q4VlKQ9RTH&xPi=1OCr?L*qwh)
z?@BB#xrN{wiE0bT9Ol0h%{_A~hB&)(Zqi9uLdjK11&s>g%TmQh<`9s0fj(Fy?HrI{
z!%ALOa}YklFPL&7Gh}@RO5(XN91l5UsXAQRGAUwB;9ezPSjq=8mGZ@yJ*UXqF`0#B
zwuZ=<tk>2%Pk-kF^%8{+%w5Ro(~Xao?tfhhR2|NJ6<z5-C`|1z4EQ)dzYmN7BgKba
zivjYil$bm23k@I`+@P``o)#Afh-R_fkGI@#=r!WavplUc871EL2fI+Z1k7&;(!!o_
z$vApKhodtTRYF{bf^17A;okk*!20nD5AXV1;yABa^aIA|3?PX)HSEwj3f1`m4n~p(
zSUl8o->1w*`WY(vr!#>$=u2RJ>H-(kq0kd-QxUcxHkpn7X>AcO<z*4+*m9jWIT&l0
z;3MjCp3bl6P>vI}K2hgUW!sHCGTAUgfV(~wR6p7_xih~>?~#v10|3w&d-e@9n}Q@w
zJ2Z7a1f(!TEK`mmx*ie!Iai}*m`~3__-rD{va?`j5!f-$Q?^dK5KO(&x3Tno??7Qj
zS+KJ9B9*T*NpscTlY`e_oUyQHy=#z;rI68nd8T*T9|06*#n+d1tpDH|9nI_*Y$(3e
z-lX3^X9UIBn${5DHJ2ek3<t*4=PM-O97|`*-!8C|3El{eLAX%WYk`@=Y?pPa+-X<%
zFt|7q#EjQ5pObYFYU*qFegh^%X)<q)_vcrGLLrb=2rLR~f8B^4ceWHbni*DUYUA8_
z%P74(GoxQxasiq9cIu7-r;<*hJDPm<_UtJPQMj^l({6NwBVoVZ3g;Hp-B+)*|IIk;
z0J-)kWS6M%#d{a>OWk)0ya11KInGSd97$TvlnEi^y{0o`MbgQ>=rbB0q?;jIY?&~}
z`xNrE1b4qZL}sw3gy%i5tghoD63`N^tgJD)`vOZR*O~3WdFt~)BuU>E8@??{Kqd@J
zvd<HCjGPedD5_8Lygqrrg&x2(C&FP%5X8!DMz4nJ$_^3h*Q|B*E9R><?fa#DEmsDA
zYH)K&dTRt3EUTZZTMaLW9<Iu0mU8ECI35U9cP&UPoKvYVA6qYNytrK08cp{oaKCQ&
z#!JX?Du0GE!{2TYr^sLX>)^(N^Ci5$?GnlWh5A4Ak(TlR@i1(=qx6-Wtn*;Zj0T=M
zQ-!Tp)s?}<))4c9`6)c4$S(Es^LFk=S)c#b-*vKPVX?zk_Npg3F%z8ok&R7b`x3xj
zhrv8~FS^OIjt|=aZC$4Ur}wqp-pcY%$EW1PopG#EZl%2;hi=gq<)1g(Q}Rt5SQXku
z__e6Sh0T8T&n-n`XiEWn<qglJmo3iIcvvbCeuq-pK#k27qaEN6v~i6(0)Dh)i8R)+
zO{)k%=-fHSsZ<Q6V(U-BmF%;T3I8=#aJXz9UeA9q-FOMnGg{dg(lK+wb>A)Z4xDlM
z@F3gDx}msp)NC@fVOYnEM{B><XGFs+jvVM_^4`_?zPdS3_`O-(sF$&<qUy5k-O!1r
zWPq|8&cfEf`fV<7$d|fL1T(%6PWqu}3TuR7#7QB>jn@H3S`d*uo?qLNOrQZj$dVzx
z7HzTWXLF7sxr-VTwu)Z?&=isK1g0-gh){*kO`xfA9kK$cBr)yN_=gNo@*%3gQwi{j
zQKuHHtDyr;b@(hEA+v5G91@w@zusfK>6yPdE&g!N1YqhS=z$BFn-%XoAK+WS=WMBG
z1N|=(@G;|`evCFopG0S~l?Bgq%4yjiifIvjEwtCfkfr<)@tY>mC<FXZ6iad&)=@%s
zIQJD9;Q37~SSDod;`@aipNP>{K2ZD#vz`ePG+L!c+@CSA*clx@iXy2UMO0mL*ea75
z1x)Ut#m2qX-OsP{Ghy&s*IVT0(x5w1#eZsIoGQ?4uQhQ|M6_p&ozY?Mh-dRIKPRHU
z+s)&paJ1Spj`a*AOE^SQ9h+GlN^mwmOvd<U{}@9>=5knPrZf#E{h@CzEu-0;I`eh_
z6TQg7UE$9a3>m(cR=GyE(XYQ-Z~bcx^r24m?O9N6@*v&I^=>tTwYvcL8WYjggBZ8V
zBZG7zZfvw?h#(enk;MIC3Qj+d2wQL8d0zt-;Uph~`<pvOleLZfT!dIT?U5vFU+3t~
z0G%klM&DCLt&Aj|4qYv6hhWkH#zHCor0`MnVk5kM$L=>ZwVbHTF{pZd2MlY%d?YJ0
zFHB<%{4E1kID65jHr^SZAf^(LcDO;mg^X+Jz`DweAFEe3&>Su+I9dt-VMp*55v*vR
zG{r&_wgwwn^V^@V^j(wnAs|Ie;aqv9tx=@MeVF@gu5&5BD%n-R=X}stuy*y4GO$wF
z#E&mVwGXZ`$=r`|O0hgccWkp|`|<9nnC9v3bq(Ltjy3peC(L?IHjAI5=){kcz}LxC
z6m-#!>cJS6fU~3-KYjEcA`C?qv4tbcJtZR0!~-%OQP7<&B!y&lq5UphctsF0-t!fX
zV$UPM`mTA0wkKlYLFm_suX{MRBDHIin`RA;MmFv*Tf~oE7tSN_5z+z3g#6Mk1%=zT
z`|#$Sf`kxRWo)F*6w%atAICn?f1v<(bn1^hrIvs%81oV|{9dl-{)o2(7AZm#JDio1
zo^2@TVLE((FZKtd9?Fp3paMHl<*ghC0<#^11cDzLZd8Ij*-CgaNVkKh$n>jgO7h7z
zYt1XJ%=dQ#;3giM>7M)LQA^;%t?*jd&||=uZ?n%I2^A12yRJ%*PVIqbn+XeXmMx`@
zBQatnNT$A+3bz4?6g!ZczFaTh?a}e1?D_dv5cK*@=WPxU4}4hcBxQm8(ZKODL6GZs
z9Kur~xj7}}m+BDR`9l#eLT73m6l(SB*i4ftxN|BLlq`eO9mjt3>*AEu)4im#<njme
z;Kzo#FSgAOhGq5=1A})4V$PpBZS<x4vGzse8ME7f3Ld{t0IXDPQfWwyMov@Wy|WfK
z&z%Q2NHJ+Vzw*3bzrAD(Nx*mtaBhp5C-%fUls2sD%3`^mqw{yuR_8e1=s6E|oxX7t
z!ijHKsjlW)-Ud}R;Loiu;|?wGX-FmgYM}FfhiJc7zvOUP;bifLudJyc>dg80t%LHD
zF7I1oyuC>cGa$=&-3|0X<L;!{gBbYraldv*0@{ff@aQ%&03X_Vc)Je(OP!1?Y>*pq
zLnPJ9EKgWgVa$Lcj})Yx=kEV3sd_yAom7~OSd&6JcP&Ly#Sd->D$_H%_i*t)B|U<K
z=3E^GfS70=U-+;JEwr|O<n9(u+8)=}A8c{ziUGeCOE^ezcLNTkNrX@3%_sN;;QouQ
zks*r1j&><4XFuWRcVCzQMLh<b9Sv-)4XQcEn=G>zKXHXa#0^v$fKPS_9bs3kHf9Q&
z5s;<Cu8CaU+U|XH<-urQHLUl37?B?9uVguTrYxVo`wW4%^NwWh0JeR^U4y-ryZH3=
z1&mEgA#^<@baBA6&6*zo?elSb-_PDlypl5uc~%{3$OwP?P66G#T>B3YJ#F_{@CXxM
z*7hb0Xr1D+z@8A)-%0S1;{C8DL3dsv{I8dQRFYy?)TvI&o^-W>&232nJ``rYD$2AK
z4Jbwic%$43&uYie9l_#20PMb)Lo+G%cDBeyV}eS78q%E~2GZ$0MBqE5rpFh*5>RlB
zl;YI+Yd2;noqqyE*K2TmmQ09ssk5afXISO_X(@W>KtYH^r=wgrD-_}9e#XCwfy~_*
z`NB(Maw%>H;-6&hpo-YNgqn)3>2rWFl6t&57J*W1q!|7hPfMdNo~I)}0`Wj34&F36
z*M02Qdj)t8icZ-K%7B2P4~n|TY)zCq#f><|Q_PH7d4Io?ES^K^sw@EowrYQ_ftqi=
zmG)mMXd;LWFsk%;JOLp1`>xTM+40&*>fPPCso1@f6CIY_gMEkM`c?Zlf1wJL1{ccg
zZ3WT*t2^LBk{VeU>fY8V_~G|41`{TRkcq@(Qs<vNiM}j&ScOM-4ytMTqRbY@4_I|C
z=6ly)0|$4CFvLOLyqxX?V?G4(XHc=nH@<2YWo_*|oR6Jr(yZpq0N9x`DTv4}$oS3E
zacckS-T+_hI(qKodS0=6y6>2|y$FR&GBef^jx=uV-!-?0@op_%@xy@=&s#%LM0I9i
zhE7Q#;-9^*22L!G=f0j8h}{V|krspiSb@ri>wdJrPvGOqhC7YTPlHPB#|LujcBZ_0
zTGqz)y2jH*Cm?r?^YfEEL_ER^`!q*c@a|zq+y8?Aps0VB;D0BSXP1TgO{oL+m{~n&
z=y`9zAtC?*JNLN7x>@7DjXcs_0ax^v=9G6O-Q8~?-Tn5)9kP47(|?o4YxI>>>N<lL
zb4cpu&MJ^dBt`F!dPln8s0g9EV3)MI8(XB8ps|1D3O8_!{w^m1^#XQil=-hww6P+8
zw~WaKv6#ONBjP5!f1<welwZTWH%KNh`G<4FftL&cYya*mUft1!+P_Qhu92vj-~1&g
z6g_nRR!n5wFOMSs>gQ!Ijc#`u2@DAS{rHdNb-U%Wze0Oja&wj!gFpXngtg)-k!z>E
z@0x6PiP^}g3NTn}BBS#_{ij`EDoJ()+(MWaj=DVcJThW>^UUIY=eE|nt7=m`L^=xK
z4><meQ*moziV~RqqO)Ak#B88Bct}S>hTJC5lTeE;CErYqSY4<tZb>IJjzk4WStV+>
z7^t=HiI+mwA^r4nF7%<Sj)`jKqmFYECbl}&cxUBUZnCx03@r=dYKQE)SxfL{xG*n<
zsajq1g`sm$D?6laW9+0Ex8I8V`Fm*J1?ThUgH(>vPTF?QfC5N0$MC&>shf&sOgjTV
z8f0f=Sbn1Qjc{K#k>X|unlvj~0Jtdq_cT*$fcd6m3q0TzKq)7$a@gp_jh0c0|M~({
z1T!iQM?jBN3EI>o&CVl={Wky}b9NIK76Q^v9(GJ+vAY>@qttE;QnSSoDlLL7o0W8C
zMs0)(+rWW0%++UoBpcU)i7mweVMF_)0KNRjw;1ifGmaHa328!6pgcV#CY;Yc0V$gv
z!MdTw$umVpk<uc3Re%Umfu`Kuy=i?^72^%YUdx$CC<I@NF4JV~19rsMhhr@7Trg27
z>6q$NrEc4SWpnkQ2G|f+QJBd=?fsOYu;=R|r8&bCuI78oathw*2no%U1OY)~?nj}}
z!``FzYXH`i(5cfAhrR77sh;R7Mj;fzNtX#3RrFsbB}yzM#p0Dc2NK@CQ4JKbAz-f=
zz)mZpe7tLxmy}8B=o;PU#J0wIMXjn>90hEgkV}kZ^|!i8g;8ulblD=ry$KDHo0kK=
ziR_GpkkCiYq~AB^U)*m#X}THVLeDelSiaEBZUT4|P?S_gxpWF2=w<({E3Pm#!7bp#
z9H3MLzeYK{+lTyv@t>Qb)!HuEyl(@lU=Z~Ca~HkF34^(Cgk*&*I8nc(W&u2)Sq#5M
z1zYzrnhS7~8eC=T2SCt>hk$8>?eRXn1E(~{LXY>p0aiNfsZ)06UyxjZH;^?vt+$j?
z(R&uK@GU2!XV~eLCL)IU>c$#&^rBq4Aw%n)s!}gKY-iWn(ZCm2AM&p+Mv;?!{b8Sh
zX@mA|JQkk004GP~AdgslYZL0{MhoiLu9cwSdJ^RkW-zH++*yKFO+x@HFGdId_5wne
z_3OBs{LxZ7T_dw*38t}~j-x^w=Z>}RM-+c|nd*qf=#$Gu3mW&RpE&D(1R}Lz4^Iyc
zw#0Z~3?{?`6Id^93@rl{fn#;&`OisZ^ZM{y+u8aq2aXxml#G55aUBD7M``0>ntLNk
z#E@2%rCs`OuRnZ^{8kZPTo(FOmC)D9qfk=gSyk+zQ$j@ZfAaJx1H?YEm_nbEi1mhL
zN^+F!l)ppkI=>_8jp2-~vV`UTHiiS1Q|5WdcpG>7?uI{N9LPU;=2!a;fiSN{2X!-U
zZ)Oi&Pp2XW*484;${mvOQaFZRo#$8F&fhG18aw`VY$1BS&~Krg3-R~sbs>Dx_^%r~
z5Ys=>i+KLmZM_t_{{fQlKPQ?!omon1Q*Qmsp>gmS`c9}I)5Kx~Zb%Sx?$BAHYQnU~
zsRaxgn^oOhz@)})Gk+C;Q3%yWt!qn$bn1p_HuBC`@EkMB4{6jqxp!h`%}*l8Y{qeP
zv7&A12`$|{WYTT`^YC(%3YVh<?N4`O!M~!407-G?Ez@9+h`l9wvbuSpf-zI&6#MzQ
zSd_tJ%PQXsZV%8n3#uvS-fWRl0g*%+uwE3F;+A^V85t>Ew6y?SquamHEwwHT>NiV!
zkgu&3Xtd+ufM8APEs-62hxK-5^2LX3{p%`NU7g(*@lS<-f%Sz}zmG4nUu_j!Ei7M!
z@YfXjc_+>PyiO8<BcRUyM93P`_xAoZ0El~b%H%f)rCKIlU}0+t<(WX<FgXe_KwStP
zTt3*%NXm<SzJ5-~I&{*dn`~W-R$d`#O{zIwJDupDYT1=dA6rr!agq63N#K~v{g^5~
zG|s3}n_$KX*I;p7ddAE$7reUJ_=&A2^3Q?p<6Y>Q`%3P9ZK$760YI&;>h1aczR8b`
zyVeKNIuiS_{Km3K-L3Gpna8`qP)QYu;R9WhSIJ;^k@=CMRTNVV0)NXrjW~lhCtWOu
zZMC3CG6cP^&owxDm6?X*K&^S{nC7-UwMlc^8CYCn4o2Zvx#XRMAwtGnX&&cO0q3W`
zFV<w=HAbMGOWb}*UFV;Q!+`T_EI4GRy<rPX^kGIWG`4F%F`aTFRjc5g?iYuo3KcAB
z_Tq-8RxVP%M+t?PltO-1*aY)|6fY|Pcv(X-MA?6+Wt%mob=*}Nre~Vlz+XP3<K~%|
z$NaiFmi}0oeW-V|y*bdY?mxZ0gmTOR8Dh7bSHnOWdvRz|>Jbl%k#Q?sF22ltYGTzm
zqd+AQt+qUw&HJlTFvlLOr1C}7!?mPP2Iq8G;ik9%&zGk$OYs)y4p2g_d5k%{uy)9`
zPg`}^%IG=5sGTe7Bwl4%dBKVArtM4zDz^aJ;=I(0IL7Gc_8vL&?tuqtsJ|AK>;TQ3
z^Y}}97uRbj{X_s2_wRcTO=|>uIyv}PMe{;Uor<S!%3HQVOXS;BhRxn{Vn45T>&#Rk
zq8WvK77}WWwRl+rR2(OFdsK&KvV%Gs>$n@oM<(3ZbHjkz0PePh|G4qVdHK{}_d93j
zX^Q=!Iwx=_3R-FNC2#rNT<`^`*dqc)o6O~?tt~*h(-3z7LW!d+cNw8dfVBONOus%b
zW~c%Y^%e|W3}L_Qedx>pB;&s9Kqf#Oa2~>|_v)Gl^Tp;9-Mtxpo81ggR|>NAO04k^
z&5(s@<bq>l^Fd9kGM)d#0EYyS&1Zy+J<W#{>I(1b@H6MQE&jwB+8Vw3RB&BNERvXI
z;QPYGCzR?ujNhw}#N@RQWc_HjG=ZlBVo?;!!)N%4KW%$VKNL`F0I6#Gv1XK1Fe$aP
zHj6r!&3r>PL5nKp)PE}G?{9T>33iArnFf5VnvSm$w@H9W;*bmGL?1CaBw7w26g-}#
z_6&%*^(o|y?<F4(^o>VGCID8{-U^2QUS?fb5m56QBE%=|IrV1Nn{=m!*10h8Jd@TY
zHatDCfB#;n^>Esju}r9-J`Yt6kZ){mJlu#~qz8QU1g_rzK*1SWGr(X^UDl%9G)V;K
z`Ugn}<uyqP_q!*UB<q={-Jmx=InklHrlnj%y1J{3jzmoEAP1jjAPJxqGzrjp)aO(u
zT|(DWU^q45?&3km1<Bjg<<eBdR*e|nC~ogP*Gxzd#2!N<Jvn*P`JjLQs=yQI-vSHk
zI-P9CvSY7m0nem5E76fat5PYCJ1AiDN?d^hC>AF`<_vvU`v}pU*@a36a~zmAjBt?+
z<SKStUR!8#4#735IwmK7d@p6@zN5xX&DY$ln!Trf0ZR)%7Doo;qtilq{%JBjj$8Pu
z&i>b#;*+?FeN<+^LOG71Z%0H7m*QH!5?;LmDpeBHDsiL9tmew!jsSAyosqNb(d)R(
z$%gMhae$uEU;U)edG+L%uwM^dL?EQgF0_v^q8e5G3_ra%oPJzl=h2&qaXOsor1=op
zyY-c`N#p}C7@CXg_9j+^Pszq+vW?$sXmPgLUb``S-_T$Rr<-l!yhp8N<x+Rvg`LiG
z^ZudL`Lvl=R1gn7`k}1-m09mg{oCWf_FUWU54SGH?U*R^HUGWP=2`xQj7_F8ydx{g
zKbc-Bki_#8#of%Xh3T|&)KJCWvisw$!ffu%ZV@Mn2QhsSh(sP%5)rs<Y7$lAx6G(K
zPPeQdkr(~o$oX70k<fmrxjwOd?8N7EA$jdx_ghjxZbZ-vfAb$NroD#@<SrIrkzwP*
zJ4<G<jsJTulW&X@;Ow5GK3t7GW$|prjH&HQbF5+4Heo_W0gjI4zV9a0u3?D164ZBo
z=bfL1R7`OZLsFxx$v5i$>+KYL?!0SN7B>u;*uD#1OhLbyk~E#=*IP!o+eW!NMw+8~
z$^>udf+vqgSt-FpOx^q{$1>?k@Is$Ac@G&7Nc|A5jOIl~FH$QyUpG-5tHA~wPm<;4
zJeZox^^j*P^0#GjK^kXy*!q}Xl4eKmxJ9QSYemZsWu?jIH^cGedT9;$dz|Q)P9EOF
zxp(&GJs>19Gz)sx_eUy;C2DuX`d5@YN|+4xGZ(EH?Djcxr}XCb91X3wzD!dVboQUD
z4BoVP@2Ji!z9qALKoBR~c2fc<ql;95z-U~#>4W%~Dg=$@1|NnYItOrDS@p05s~fE-
zWX<>6py3tRpsJLP=e*zYhI&Ve@<v@@7N3n_)iY=G>e&ZHFREh~d80u`mh?bIfqP1U
zLq+5}!JMwGCb)LaZ0HfE^Yv#JVVo_F;s@Wchse2xS9FR2a*R!j(ESy=J8$9CA(F<J
zwpaDd7{}t-qj*Q`m(QCfmv-WaqJ|eUnmMo-h~v-rZA_)MSgN$`+3I}wsv(RCvSnV}
z>d<^PrPFT!JS<+%`G741jBSjOf~l3$SJu8Y=)e>PB#42{BoY^GHs`SMfjv<-U;~r9
zX6eNm8EUm6uEeeMDpm+$iopS&{jkVjM3^851Cj8op9hN<N{4ej{qj0pxX6nFwpw1c
z-Vnq~t}UYn9*sgOFNhzb&@7l7&njd%>hUb~sLoeur4Fq83Xrl=3IxkWT(5S|$;1U?
zs1J6W55{;WF6rlZ_2JQ)_D@w2A#6R=UK9rq5@53XKk8J+6gFi~isYe*9du52Q-*ep
z51UnFPL4`GzHzUcBRg}Kf*yT^3v*jfa>MxCUGik0$t)#DH280o4MiZt-wN=xe)ZRm
z(RNGQ;+*h0^ZsgQwn^xFYYHP}hbTL_+IaW5#DQI_ASv6<sBC#jo%DtAITSGcLsE9I
z4^WMM*>Ns4EVK6W_YIGyaePGcL+5$<d}Pw3?&L>>#&Z~LkK$C=U+eW3Mc?F?e`%bF
zI*pkRHeGu{Qwd-5zb)!q{xZhyPY%S&n0bPn`z$WVyD1;`7|llU+BRw3(I{@r6M>12
z=_IaKiJ@FT_Ye540nudI^-beNxEj*lOsIpRg-Tpi!E20!3qx&L%MLZOj;tUpXrOEX
zK^BgFvUJH3e9qCd=TCX1{2X5wY*Ma6jbJwSsFH2}5lX*|Ott;ZJ~Wn*&2|m66qlLw
z5?{^0bnmn4#P!w>-K4yA8wRZc<~p$f7u(GyveD{c=e4-gN^5uJjQ!l`pZWyCn_BHf
zTDSQTqxytYCkyM9R2lHmMp)NbsD&KRST_dG#*D*@#;Ez*H2#7Y#ucx(e5P9Wl|~tQ
z)scUaL+fUvcFdKMdp23}xC$pr1dV3{6Q*DJSVm&}96$XzB|l$Ys6(x{Ysa_5JA2d(
zQ{iR;Zt8VzG7bGUe+$<(ZanvGypC(UmN6yiy-TmW&Nu#6oV0Hasl!$167KmDJ_7T%
zf8P=3H8jqsEy90$aXB#w+zt3-Aw1p1;qw3fCMP7~zUK=TBJ`PIN2}Y#w)feabXy1=
zp*#F&_1|}?$N^nQ`{%!$1|Cp2r_=j;sJbkkJASYbK)v2kgh=rLz^i(x+DY#o=@mfv
z=`TH#z0z{8J4Je;-Qbq;mv&KP3I6+ry5!DvIvv)(4;W%0yJvbn8vHvENY-HNpcvqG
zNRh;Z1QbF4OIYyV>)p3m_Fq;*8=Dy{L|$>%03=1fzh|zo{u`Gkf8VX=6-zRS^^fn0
z1S;16cm22bpDEMm(*7QZ6v49g_YU^G|JWW7<-bd?$Ycmf2lT${9B=;dR$!6Xf2VCd
zi2+)J_qWVOo3?`%dY_afC;JEekIGgZWTE7^@B1q$eY>4|vfB$g)!=Wdk%TGn{|R;f
zF#R2+4+JI%Hub)C*0kBF|MrvReGjPh`8}AP-d|@k`@FfIjPB?`-2Yt{-ogrlw=@CF
zUOk8d(4B0UL%ToK=BY5+%LOx=ou*&Li6u)A1eFiTV(i<9tD}K4pH+7Y)Uv6XI~?=?
z;%_7*rk!!m-Eq<Krf(x0j-S*C(Q<&hytPcrXy3j5^P$Z8SFZWs4N-tz>m^^`b$YYv
z2cBvU_4=VWboMDxiT5%MgM7g=YPK~|DE7l@$QSx2iN1u+o#I&0@W-ku(mS&!<*VZf
zvlfVIoJDG3&lRDD2jZz-tRmWFa#1vl8!&yKc6@P2^XfT}RZH6%mDgKHmA2yUPY;W5
zM|1#G>yA5weQ0<ApmDlz6ii2R%Q8U-F$%O!lA6DBWJ(kTA$)u>B~J2jWh&+OO^Z-;
z-KsewL>?hMmKu&;<twpzBy2EBA5l?L5PiF6tUsLssBikBXQ}xKLGYjm|DKOdqCoAo
zdW%;Nq7znGb&Y5s(zZT-h)_v;;8>ZlszVtbWGx+_qDnTKO1Bus%0?G}dZt?7nbgZ!
zl=C+4b(X5ankR38q5_0JfNn1<dMVxRjJ}K-C8WW5Y2HHZxrr4?EIdxMV6m-x-qPms
zZc1HD$bijkgvTf+d^z+<3YF`)pKDT^A-;!1`vd?pI7`H?WmagW>uW%0^SbUN>K#UV
z99klx5+M9r@T4!0@bKu+c4&^u=2+uZOc$2YQ;AOG4O8S3^;d%h!D?pSK+2z9w<~hm
zHy*sbpWAOZ>!1WGggr<DshW0SjoSft=-ckulTK#An@-uJ(u^LSW8_ElyUDN&Hso)F
zo7zh`aAjO+Mot;+I37|yi5AqQyAV@0=L85wm)XguBG+_^;ozOGu>Q6c$umKKy3G83
zF0e3_!g0LyyvEvs4VC6)o(XY)w!VnJuTxz$f1#E*P$lZ3-A~ah*C4Nq6(T+C8z`uB
z6|8mQKJ2SIwB(sTHJ@4OEp27zR-Xn6r+|VhcCSxCVXVUMw@0dvLVB~iYC=&fdu<rR
zeD-#3;sDTM<u)K|-y4*aacmHafsf#9EJMWPe_O#)8C_az>-4j+bS0O<{ccWz030ow
zRC><O2kEC#4M#oyvL3#vROb>1lp>~sj0dQ&8t`4U>LDM60LGCMgYBn+-)ap(IY0?+
zF`=4rIp#jV8Y}Bg_HZ^Ae=pxyG$oZZ!$~H;ny0r6C7Ufb`azAR{PgK#YLYg9YI~Py
znysSm{^%3z1P==;Vx>T+o9t9K_>|FMO<es3<9?t&GD?*V0%HDx#%w6%L3*#4<+xry
z#AxMI#PwZby=ndfsW?rVemBADSZ?svC?6o2ZzGgUzZLJYoy*j0V2Mo_WASWCG_r6P
zsy&L}1@e%LvA!?yaYQWyWGWxjq`(wJ%QG+SJwC#BbltxmExv*j_#b_CP>u6WDeq_L
zDOtJJ8U~0sWqyIgKk{Ovur-X+S9hq&QJN920}#Iv$-uGP?oD-UsBBQC5vH`8!GbqV
zk{11D9XJoD93EYf)vPU?L)DPeKwP~#ywyJNJ*Pa@xG`v)G0}3~DOIF-T+PRzWdP5t
z*n+gXgQS;e(+N+TC8d<CU5BH!iHCiQafF}>ob<7rZD9wTbbLzHZyoB-Q`IDk%6DS_
zs%}JW!kHn?8|mou>2Ag?lbAB7($|n7!nh(YMCTbz2k~c48G+$9f6bPXB@`IVQEqgE
z?5SY{5L;=)C;0o-Q6G0w<a4e9$h>M)Xzz<u>Dcg=@^+C~yiEQc$_ui}87+LH+gR((
zwkMA&qk#N0LE&XYwfHp#D$+=KmfmkQdA6Bwct}ovf1H*f=V6~)>UTg6AR9xRyq3o~
z(nx%q1kgg`(Jm}KX-{&Y;mu4xraq%Tms|U><JfucV2hqh#Y#{`1@~<|D36!IaqMTm
zTtaTww>~$kDh2zla1zHa7DPGqgC8X*OujNd8{_M9I#EH5gJ7fQWpeFoVoq2geXKrR
zEvH$`duO!SQ^Gbx8hZ+TSVgf~=kEvLusLlV-}21|u!{W>HRwl^Yg`E4Q~Ose3fAR3
z*qT_^fj{12{+&j)6o0lMaL=0vEbu7W$On~Le$P%^5+|GTNhP*=HAG3%B=~_U{p`3?
z&`hEY|Dn|TKB)gy&*imGl8d7Vj#-19E+4WsD-}=)vwh28)EhXX#wbMmO;-9-a+2l=
zU7qTzbLeyX)o-I}p0LRuittCFru#XC$-MabfC_}}=YCv*AT{{wqgkM!rz!;qYFonF
zIUc%~;01+d{}Fc4h~GqOxc9w;1f%29bZJeaVta*|U8j17#^*M%@$(_ao`EaDeP`jD
zYCG<pS4GBld~`TsdXMYa<;&7d-;t_THh>&(Rfl)Lng0p!Xi;@%`?=X8s}pWS7iCV)
z<Sda|tfWlTza~vK0pv+ZR97*jq%dVERFIJV1ap6h8CMKl30<`Z%T~2!>2CoL>gwyY
z2M^spVCLnyPiSu&_#1xlcvZi-dWW?(PU9Lc)yuQamU??`4MzD(#-7>&c=W;QC93~C
zKFI((s+JHJPKRk-l_qu#FK-jo2glZ!!raPAt^hTqe%lVpgmvbmtmLb=5GqKNF?aD#
zf3(q_-KJ;~gbQ|K27u`8jrQ&4I2{CdpR!@f?}q1npN3^>k~&2S41Jx$wQ&6t^{n?`
ziL+7DIGRW<@1J|j&1sYo^QsTi#o>gsF4w_-H-76=9qxVc9OzZofuVE0NP#AQKLlGb
zalSxvoU%4?E};eRopGyo$G(!LCfpv+U*9H1cR=s!upEB(BIaAz`t9&%A@#<4_;JCq
zbxe3)ER?Z4Sr*-=wnH=->0r`07TB2ii2m*`q{vW*8S6)Pg)*1kzsPGeo3HW93fQ8o
zZ7=kyJF@|>BHeyf+W{!U4;2zZGO|!e<mqozy<PWF69BR77EEBLj=1g4J7H-#m)149
znzM^m7m=$>@9HhK%!iRQc##lhnW@Ua-J-D6kvM*Z>UYPZ<XG>0uK+O6^|^B6bvQe#
z#X4?cO0YKzMmyoo08rl`dTb=vxP!>j0T&^BROl^OhPizSya>Gn#yd5vHG6r!^>Ys9
zL<mt)oc(g_nysxI7Z20BX66*>7u(g-wd~+)ZF3`I?<6!@R?Xm>u=cemP~d1ogSK>)
z<4mv4p2eM{sd|C|NH(s;+IDl9Wlf&YnV;Y@C$qDxt>z0ML25D$VlFTJI8HSTsG&k+
za)8JdW*^H9*|i6DJTy4XCywn8j3?>%lBLYf*Z%@!G0@q!`|p1L$n-SbEyqMCv)Y%-
z!!B#rS(`Bj=_2ZlR$iTjkszcb!din@L!GL-FJc1So92-=dyYsq6Q^?cV*zgetb{A2
z>k{q(U3~*~+BeyAD9tOe_H#8~u(I6I=^(1fky&i#u_DGijj1Sgady0<gj2I|umZB&
zgnnT_2C}5F>oyu;gc!fj0c9|c&91B@KrHthP@O&2P(y<xRbCdMcww2oRkLON&s5E=
zpgnPrhyw6RM2Nz)Rsnw$z$62DNFsDwQ4{GXl08Jpv5`6zRMj0tG-gw^Efdzs3gq+S
zjS_h#Y(y7eaqlbHZdG4wEAS-<ANm_nV!@u;-;8PQQa+6X=vV8@cZxzn0I|4{IXUtM
zd?5s#x}TA5YnjEDNuP-4<m>Bd-NHQ>oJ}tpSd)+Jc_p_%)HUecf-9DhBtyQi*15Qr
z5iF#INRcfP6DH;50T*PH?kG1s*XLq2-_WL{1eRxllERe@hoTL(vy_3_##UoO^-yW@
zn(XD+w632T05v&|=L&nF>3}h*0&VS6Z1yZ~9nlG#T1JurRNf5=#ey<VPOr;aPLI;R
zt!>Y)%4^ew%m2ZtT_WtE6XsTq0AkJQJQ}Y(vnp~qeL(Dox~iQ6`3h~^ACs;p!4e}C
zlzm@Q>vGBSaJm#I2Wviosp@T`A80ySk1xiF(d_3}8*)jzjL#Me#|mRm#{pZ;&Rr~A
zxAc4BGGc<)Fr2)?M;nx{a*Yo%Co&6MesVj#H*;$|pC92xBjO-JtEM<tS=8j*r}OBq
zFB;D3z|j^VTGc$4ssS~#*AB5=<jrOHjE}dlWo2%c_SBq8(L7{_w9xP}?C!6Yd-o8i
zXnH)_SAXlg|8Y5U<GOWjX=tnPxFICX9J=#nD@(7C{o?<y^_Fo_b>I6iqJV;cfPjdE
z7>KlVi_+cQ4MTUQqLip~D_ui(Bhn=`baxItH2*zte}A9n#WSz;Ftg7-JJ!0^wXU^~
z$vt1(<%^4y!imYwDdvo|mulE-YsO~>Mmq_u$Dl$B=VNx`Xth&&2*7zrW%UA1ZiD~K
z?k9u7-vu~qVH)wIuaswL_Ie9m4u@IrylfCqJ*FEfuwro$k{ZhYHW~3J{-d#Sz6iZZ
znzPw*l5^lwx1S>4RD6g?3k$Qql`44DSIX2t-a{{Vah1m>+b7fScQN-ImlyBl6n+Ee
z>(bf`mk!4CdmnA}B<=7X>OQEiefX>ZzO&BgRBAw~>W~*WL0#|UVi{$!s6j8FuR_X-
zIipEEIYpP0!3;6=yr$0ElmDkGtT{Ehxnc3E;@moq9u8jeYk%@9>>c@9^pxReo5%y@
z*PDnx6NfxlRjo1drf%Rp<vRxwnhx^Y(7?%8Qy0UQ?srCY&2(qWWsllc1vfd%g)UZj
z5_}8_zm4oMPhRHCT-%jRn|91>X3>7cxB>$jag5MBbGe=d1jR+~Y(BLDYp164-b{tt
zRhx4X8Z_ExmDVlZVfL|UvT=~^b@Sk?dQou_Kccol5uFFCrgH7dzM!Fkol`{B`|Qf1
zvEbq@e4B3V9A<5ry|{YN6k{WM=WH`Q3tffLg>^e2$m!*PMbhE*!*zQ3%D&geFM^UO
zb|CxXHgj*+uce0@Ho2YG6|cOlt=Z)^*g7jnnfNMIuHl{Ytdq5caH9?0e=8i4rtIvz
zT|3l}(iST>MN2tVh()b)2NaHIu+Qf)g9kyjF5)%!DG3`2pu_c-wr5^wQ@h>SrFEpo
z^gHVknm+Q|YAu>0Eps{RmrUf=&upfj>{ye>%t}EY9(ozrc$yz6^}W~7^bXvr_I5ws
z@PvfVhN9TkIIqz?G1stq`GNm?UFa)M1%uP4iuaU$tL1Uw2&EemwIqM12jyNPYX=?W
zEhdi)_vx-${=T^a%3FfiG?Op-IY91c2zyTBj{#YKvT8yvw!0ujA@!R_02Za#x(BMk
zLO)nGHgtLlN|5hMWyc9{MAC;Hh_twU34WR#;rH~rMcLLIFTpnNs^QBRaEe+{vNn)Y
z9$UKvxj!w1NFK&}T7!t~iQ=nbC)E#zG5n|L1jdIJY^t#LIT5Q>*STiHyZ^*h3wx{v
zE#cOQ3FYIZk(+fUR!N6bbRWmnJR-GaRSs<Vl*<NME2OoZh)UrV6Q|xb(FW5r);`YL
zm(jd(pAkA?Z;j8V`S~i&-o14m-(U2Ct4{0+muq6%sNx1>Wg<{vjD=BR=ShL(%4dBa
z_7i=`%lh2=shta98Rb`P>lcYr7d<=W-Z0K7ju$AN&*D48hRP-&=1c|Q4-~nrqTUyr
z;e;_JiTt(W0Meuo)5yiq32ihgm}53^>bOU7ONl_j1%BS-Mt9ytr-3xVEFF<&_Hs$|
zb(@RaHbTY*bNk}WtZO;Ewqeu-c6O;&>L#4QD9Kiw%)Ji1^W$FyM-oa7ZGXV_z2)g7
zpUQ_x%g}@ID(o|#9p$?wrm9Cg6$pv7Y2&qDu(AuGH$>WGbWV##qvaM=*XemK?at=b
zIgL*%OJ0+n^QvoqA<a+Swh7iD9d(YnI!2uLVJPD?_G^~V;@T+BQw>^@z~islbVaDP
z_pOhmYgYXc)JO4mw{5K)*Xw;pV75A8JU)a7t<%;+Jcq2r+Fx;{JF;6i(1RIGE|0Us
z$a<J;rI*hbYSR}E{2Ujem;J>c=a7XI*zgeGxyffTOKB)R1tkM^o3zF(XGY9`Tp40*
zseR&2N4KGYsa}hq>UP$A+74b`k;U>Rg*p3jxqK(bCi(O)$19*;MxT_;@Sy$8^SR(6
zzhUpG7b+|&;#zM)R=2sRA=m<PMZN}&NalWQw-RL2HuGB2(J3iwKF{T7XXTZ}!~$Jm
zzv&|Tnk0?=c2OOV#-yX}gS)l)0@-Z6{ZdYh*pW4>*6X?RGZ8ao!tt6<^4qKiNqXA6
zWmVwwXZ-0EjWlPLI+Mz0le2Ihin5YX%@PjWFNM3-wHb}lNoC!&103sqSURu%8>`J)
z-=j|LJ?zV_3R{G-YQC>6WZ3}&A-q~9P|Pu)$aQ{}`1l7OOg5_?IaZ=s=4ts2_69S6
zmfEk|K;=xJ+ex<Z2S;5SmQ;DLPpOxG1fpTLHr~HAZ@JBDRYtw;o+5s_l<LcU7=6m`
zChB^SBh0#aA9t8KWCT$Pf^lnI3%1Y67fUaA7uvIajZ^DsbK&=;@*NT`F-Kdh3}uNP
z;q|nIkYzN75yxm+D^Q0$RjcQ8F>=LjD>!)E`)5Ki+da43p=xqpnkR8tdVieWO{aC1
zox)P2RBpOtQ$nq@8=XX#PwUwmC%%p{lV5>6vS+kIQ-AX|jnXW)E{)1@M^%MubuG2e
zg2!Dnw>=we?ElT&!?l$p&->%jVR5aaIV>)kRCxY++M^kRF_#RtY%*p)o|T7TE>%Fl
zjN|yIG{pU(&|--4h}$x;ZZ<9fAMOk*Pc&6NndO21p=w_PKegm}PKr!B(xW1*BS+k^
zx;Xtx`riu~tymydaU)ppeo(6>Xd4gZjo>8F_wycGOFz;jpYZh2k)kJ<2oN0690%_>
z;MHI{4u$1vpUzq+@ZG(4)S2|+x3+FvJ5Jti6RWK%T=}EAW^FlfsuJdK)CYKx{N?^c
zC<R4~HZ#WjrPt=sHXFG{dUKe2Cdae>c%;JpudE95^Gl~e?YkD=GS$->f1TE*M!B{d
z=ynxOUraAN+o|(CV>fjR@pJ~d#<z_}Gl?DLqyjeF1)rR1%kp>dmQREU!7?;cQqre1
ze<U=h-2#zyk2|6toa%x(4Vr7SAA6Q?BZrnp$5Qjg%3XQe%na8`Juii8?qk!|ji^k#
z%Oi!eDN*w|HLN5!hO25=FNRozAh&P6Gc+ZBzMla|bH@(2pPmC8t9;(D*P6S*i*<TD
z()7ulxUY%&SSALRYkz#el`|%J>3DVDGsH#&<wTAZk4xa1{#9oF{cYJ`wEMvi^a*BJ
zy?l;T8s3Dn^miR$;xFqi7qFG%-R*t#RYis6S=p%2T6|Q658EfQ%si`yA2&57AhzQE
zZCekuX?K<<97tU1hWOU)3~PU1IMU(#dO5@qglOs#Bdb;j+3FcpRcgOSlvGWT9RbS=
z`$+i3tQR^k_WMBVafTw!keG`eeW3Fl4e>&*?q096gK=G5vQ1OyF}!m~1pt;B+8DkJ
z>uBrU_;ud(76M<J=*)e4Na-;vT-&K+uXivh>|4$-!l48P4H~c$3A72u-n2L|S*wE%
z|8bfjO9G{6iZ-snlcPQ4Hk|<~u0DMSqp(@5q!jyFSZDk`yCO-AnM>m!dv*4)e2X^m
zQgl}40jf&Hwyva}azXO=Rc+sg(RQI98ruQ6jG75r8eS<ImnnLaUNbv+-snWtuE_D^
z)SfH|+!eT*^ihP<z2U}C32DpDYX>Yj>t%Ymo;)05&9l75V3zp3A>?S${k+dV!0cLu
zv!MCnVRBeNHp6Gdyliaj3sl#vSMH)X@-5W%F!z$;%+7Ln3)z(XHxJCLlgInJ(K5g5
z%3w0{bafP8&Oji7F#D20(3ne0y%I1NYDN_AJxEqYTpdrgLhr5p(*0X&^(Gdawvyic
zzN5CTQADzpGAMt|97#Dd`f+4=92n7CXMcDwgS|oxC^b-&-;&QU?D6+PfwLSGUWTit
zDmr|9%KxJj78AzH>gE$M0p*(dO}1Q>Wg9H}9M@*OGz!6LM^s_|3k0PnbY&s4XWQ2Z
z_*Du>teigvS{X=8jO+IEoqp8_Y#|WJXTCda;sMv|J!gfRYMV#Uw}NXiH0SK^ptK_3
zvy~H90vG*0{DV&=sTcUVO~cA!yzS>+dFPuuBkDBl$8nNQWh7NmQzX0tEG}Hpd_OL<
z5TP8u9}+r;&YmSTp4VR6ZzbLY<h}u8>?LyoSLXs0c(*D;l*b!~fw#dr)qesq-+1}x
zOS6V(u*1VD#9!I-xU9*(!ET%26szPyzxk>wL7MJ)xh|=DW1?Jz@b*2iFj^mTNZ2>O
z4mRF(9W108qIXlWp1X}xjE9?;s?u)Q?vay;S#84&$$;|D<`ANb!Gk3v1VpSrtZH>v
zyYh9&UyhF+BWAJz#Xy+1g9brH=hcwL3|aDxBpjHdQynisND!NPnS)_6=_Jv!n|?Tw
znrpB@1o1@lT#G+BU;Vu@@4Zr9@|$l}*nwT-@h?%H!HDfB!Ho8jWef?XuW43kSj~nC
zh$SzEun-O0q;B+NMI=DQ;Hlzyb!qVHSe=4#UAX%{#>|vqT_viApe!O%V^arI%bjr1
zT!WMYyK)WwQ!g|sDvOtbtXK(tXn@;@#lIo)eWybkLK|3hBy^*Xh;vcyuvzMf4pi<W
z#UR3}?{~F%)8agLQy~!3jsEaomBTs9Q#NAR9?gU9^SzCMiwQ0)_84@;Z}WJn@=mO6
zxtHG<SIC+HdG-b0Lxe3{zux87i>+VxUDlErZtjPY&)ij#fBb>9Tk~LalsK6g=V$U|
za9Bbf;bVP_JeU`s0<ugX<g}&yYyNA-9+kTk@zUNjHJHIOnB`wmgPpQhRP_XJlTXJ6
zF9nAC{6Vt)%w?2{*fheNz0oz14|f~Nelqea0G5d6mi~U<lR3p%+R`i$oU~xx%M573
zcDtvH6{g}H|EaW_bV9w4hGg>u2Ityps}k}}u*xz+CJ&%M0t>WBru>b&4NiQkm6=HZ
zCW8Dri2y&F2N1Zj*H8R<1SF_xe0a!7^}T#@+2NgkC6>$+!#d@P?A6}i#`64itu1IE
z8qm}X4ru;^G4JY6tKGi0q$q5_j8)@OUs{)$Ru81}WiP%2F#sIOaLhh*A8>(BHGx!k
zryO_kE=5UeI*H={=`*d<%_q*FuwX5uBg^eW2h}>QGj*K>$YPLM8g|)aL*veXe>yzJ
ze#^J-7aEJuFcJ)(=fVOx1Y|Wmv=tL-9<3$tG=YDqGSh+jIMnXD1S{6a2%bjXb0rLh
z5<^&^Y>^|?&06IdWIe4BH1%WY-yk5!1V;)mT)|s`y18bRz9(Tj0?0z+M`bcwfk5SS
zjENOw!SeUZEu)kiHZ5xyZi@!=Bqtbq_k1)iTEVeCH*Ml9+$4^D4jQ$>8$3_le@)$7
z_H_{>6_19_-U`t@pQeTWCm8+p<Z>fRmyG8o<A*Z$3CtHQ_y2OU>E;`QK|u5uPil2+
zimbGGmTnUX>b1dVm#6_8%_w|21jJ+mmWa0r8j%0q2}JQvi~xESj8xXuV?KFuq6m^>
zmdpdQtSvV`oGU83cD^XQLNuNTfZC*+YqpPWYabGPeE0@gtu6zn;~juBLQRt<i`}fp
z;on%E1M%$_h0-i_X@rqA<lv~A7K40$r{%A7y1C?^0oT$4?2FI;eUENZ(Z!Dqn#p)m
zjYpBvHRHdKLPgc-K-Z_;U_5)9RGo7bnON&SgH{j#`3gwULF&<v`N-Vz=nsbfwZxhR
z((LErH1^%q7$&Of>@K-3ku(18x`NmLHKB$~!WV}-QjOwB3v>b%S!Qq39e^-SxXcd;
zAMV@=$-fyL4#^5^KaV>!rm?qEk$F!!K&LcYQSj`6sXVk$ulK*UI7P0@V){^#N5LdQ
zqb18ov3)>Gpe#2hR8Xz*c3L=ty`X`5Abfhb?TPMxevr;}$Ioe5>{<K9RN$ub?J8*B
zWgF6oX|kY1meUX{hlx-l)yU?Cvuw9nZ(oiq^A|soJU~iBt;fMIh2*xE?d%ivg_QB1
zK^f!5X63CRfPbnON<`W;R_URwj1;=phqncIyTzWDdxk*4up)Jv9iLnL2lBR;od3&L
z=lpv|;zi=c<;;FFbxocBK;rwB@CAwQ2T5pfwc91t-q&71h0r#+DeT}64{#!igfQmH
zhW$?q@LFlgEC4D~iZ^aCBVujyLrA4{!{hvAMsrn<9kLb+z1|D&^!%JgYg5hf74lw9
z17xYC$fHP10M#F7!Qd=QFceo<VQ0|KSs!h1R<h+f!rHsrz*0ECAuDz8uNoi8lJe2(
zAWwt<m0|dxHbR=YpRu0-sDLLrMN0vv37crQn`|%13}T$=?bN;*ncbkRdgNU|371W!
z0oe7RM1tJ?rIqyRH^AS*(|)_!={qm8VefogJv)2CHK7g?t4XzCXJo*GJU%$HXY_iU
zbl90h;4wR+sCMH-J?T8ai<bF*6|_C6D#$apetEXk3_PIpJ&%jTY#Nojgip^24e#u`
z4BxrfZoZHRy^J@?6UxhWZ3z)J=r?;9!P&TNF%06$Vh5-30utk<&-Q<*HX5h}0^qP<
zbsX$$WeHs;0G?EYk!#$7@GZ#AJidO{A7;XpOb&7euiZVE{=5|+9ln-WEzYME{X=qF
zZ)W>&ynzQR5@R^;egKfi;|B_B%B4(Um)`}Mv<V9-kh%>@d2IOj!z;Sy_G~<?A(bV0
zar3RDrllO?AR$)tjBt-qR-WXMe(+LzZo8x-t3{eka@og2WEE|2F;S3Bpfi+)40+Z>
zR-Gn96}M570F>b7J{x$xA-^%=gs{vT8Cj!!RGc|(kh*$p^>`_Pn0Qh{^;^fjvGO-?
ze9z4DrC$eXw>7j)%-euNH+K|4iojO!&<&=~M(%qrPAMhC<^rc-Fy!+_BP>h+x<2*8
zAlmn~dUhfP=D1@S-+g6-Jca>k;`L6Qhi<m!2tq&%^2%c)Iu)79ifW*|jMR|6=iQT!
zfZ1^W=yswVRg&SfsVYiRP;h8Gj`!hT4!gFWlQJpGPhR5Z80Sp3Q8&vThi=l;)NgRj
zk}t0yvny|*Px806P&+9o3oboBj<5iSA+*0)vbnt8o|d(Ip`JX4n8l*W%QYo(J_CYG
zg-zwo5NN#k^@C;}o*8KyG_=Xw&yqZ9dil>7r6wMvb@CaJzFCsb{<!>V?906l#f@Cv
zNCpGeUwm5yqGi+7ieYF<++Vlqj@bxew|6dH@KY?zhBUr>C6S&E&+^-NO!Bb76)*HF
zB4pNsai9TOAj6re*J(jZ3!yUf5Pzw}UJ>et6^P-nSaaop9VPBB7D)V-77|2#ybOOG
z+k*G>h*!{Q8QUoK2YCS{9(~97GO?Vxx}>w{jS139l1$)c9^fQP{M);@HH<1a<MY;T
zW;OirBXk0M=vL4~B^sv6rXzX***(VBKyvmhtlwi|W3@77aS!#Fqdb`sE4A*oXR?W-
zol~4gmK3j+V8>UY9(I+RL5-#08`2YeXWC@;&;5Lw)0v5LebvR%h5PR4PS)$*kSyhg
zP9_7C^jcOKZcDh>lmxO1YnJHKPwFnMuR{HGUXU~D{aJ`{!HO*!YWnnAs*5R*_A6(C
zlaD9?EwXvvgbz96CPYfAEs>rMzTAbyFOGJx3*|S7UT>(z%WmL*#(GPtDLj2}d4;;7
z*%DCiy>E4}UVCcYX%XiC414OZ3H5Vgd%^Uq$3zE30cA%96Zw|M`ScQMCw%WXLXjZ4
zktc|G<dwoy@$;kBI5n}Nw1{H=!LyW}$BS=np3cN7v)R9^Et)KSi6_a=V=G*^sI+F%
zt<Ly7?wV~qiciahyT0a=`sG#61Cjnu`W}2IEpA&AZEL74$Ihu={7cn|gV4#P>NV>o
z^lJy$zieWWF2}Xm%s9K$3bzoxoZQe!gGn>$FDbf)X>hQ~=$+O^yeTXYZ^ID7Ree<G
zUdk|?l(Z<MBWQjpYh*jvC?`OG>{Sz5k8_W|gab!B@jux$TocmJt0xJ86lIW0Snbe2
zy*qD1Q^i(b3&mOgRm*R@JZf3=f;dSENAql=`h>;_35SE1p2f~vI6q4<93h`ykSKwH
zR7ebjJBF6*<l_t)5{>Q5iJ!EVTk{dh(D=B#TOMKaPW`iGixz~7IL|45+O_G!>&|x5
z5#F401UNqFa^pH_`R$kOBa1x792My3lNe>D02{(IKObq=Fe5F4co#;!F`dE+Sn4IS
z3EVZz;R{XQatZEDK}?nOOr0Cc$o}<a<H>5Yf<;@#Zs~n@e3`FL`cdC6+Q^^8q3)%5
ztQJE=r_tZ-f1$0a`%~_MDH42R_qFb1M3=*2N-VO{oK_WJq3dqg<)u$wy>Sh*$g`=f
z6>+E=oN_|sj<iYW2(_<k4GR8jhbU<-;1sC)--!68o@s1KViD>6;3T8Rei8ICOHwey
zEj>Y1yWpAX)3}=zu=H<37JePW=yP=4TYDSV%qd9mm^ABNhCn5s{HLwc(v+a_zZIKN
zn$Q^2JV(k(!3Pz@0B$kQ=hz}O7~^aDJzd6h7&Z6twJtfLX$s#+!7C_`nnslGsgWfj
z?yPVFtp|m_4X_zc+nlVcuqQV=vES*)bTCAe4jaIP+$p3h>{R8lN!^4pdTbr=^Wx3w
zuac8nZr-_Q&GyQmlPw{uV32q4EL%Npg{9@VCYP-CF4>d(9iiUv`Srb5o{Lc=6_w!e
z@ee3*CO0LN5f!Q1BN~wD2o1r~yqS>b9E9dbD`a&A{(@)XH`u_if-+&Zfbi_Hy#$9o
zWv(PYTIhC3n$_5h^^rs7DRKsE$ICJbHOuteXNFW}on02&)HB>1KgLsl|2AIzwR8rz
z8G&gqPCjws*1(-w926-ZS|7=1bSW|$@MnJ8OYQVyafp`o7@I$}Kq2Eaea425o}V0p
z+AGIKp%^sZq&%cS2Q?+4yT2dY`)sdDKYlwaDMldWdb|gJ{3uj16`t~NA4|*XNcaqD
zak#EWd-3w%=$Pp=Os9o0?nglK+pN7l_et7~B=Q34TI~pBrK0Fd>k{TDG1jlNnFD5T
zMt0M|0@=2<>R~w%(vI5tAw(A2nyg2FsY+VNIztxc70J%aN2IQqvs6I6D))BGBQ8lH
z`fa0`sFD&fn!uMq9Rf78H~AO-(;P>+iM=(Bh;<|6bkZfOyL?=$%pHlKUhT#aXgB?`
z?X)Z)HmU)sr^Vn($u5|na+5Z?)~_WqDI@J)KvcM>C^C}Nu$4EGyxx(lB;rV|3(R#&
zyEvhyE>{s~oa-~$S3lX+D`Y%|wJGJS$Eo@KFneVD#0=^&xE)-t5jFSR)9%31)t#>S
zCw_sDfA9K8FW=9p!QM-Yf#?-4$pMRc&|HfS-c=vnjA+|Ng{Ie}*E8i$qjDzHemeD<
zio)j|bk(KmF+$6(=hIV3C0|9A<cg~WzU*VtFucE7iF`&lR1j>2^d&{#BY(#A2ZD6;
z8f~xkXmTbE)3#}Viouj&<Dlir5}j(iXnl=XCHvlcE3feh`gH|s&y0hy^0dE~`W{)d
zM>@mgj@<R`1Kf$dLVvF3(iuCi?k!@=hKB{#zx2mIE}9uEiFID*ZL{ASx!RG%6vL)f
z>p22RGKIhr9@}=&lO52vS$xTA#}^gYcQNVl5rRhMzCOQ~-c96KaDQ-GQZgBH{&6cN
z(ZScZ7hI95Vs3XZ8(+b*W1W?$GQPY358zuZZvkueH=4{XDPb4Z-Omx=;fy;puNxYu
zQN<;VU5p_6NwaMXS5ble0rHqTCY#ef_q63+vS@to#EXqofBeGrdufBMcv_R6HN6-~
zVKOf>xtD1KS#DlMikHB2^y{eniV~1UY2sJqZTh_fEzgyw_-Z*GO4$_q)6_*m9>w%d
zc(#AaN4L+B#FTkP2<h5fv!E$*GW>gxpJ+(UiY?*rRsb4Ta6BsUm8FdA(K{LHj?ic+
zeCG)?jW>#s)Yh@dj4Di=G~E{*mCai3cxt@9BT~A25W?Z`0MU~+%?KNFm1c{izNYek
zxmMPQcSht<t5Nj)(Gn8;BQomwFLDo8<#e78z2$mq(gw+%DCVhRh!6qyMd1kkIqveY
zqo$*@c`qf2{qy+xTJzY{THd@R>=J#F>i}~QH!dRFE-X`T;lcJ?dP+*zJU|T7vc1N{
zvUyM9JF~Ap=RsM+FYsuMYQ&%A<yE-REs+sMkbRLa(_2U?c`vH8*FS$j_;dB=x8QqO
zX&#Ue&L7ms2gahy$xz3@`YHW7ZOFygnEsT`!L?{KWw#U!xb{_xw6Oj#ehPt*nP(=?
zYr`HiuUU7RtluLv7Gp)t%X5|^TdA_sF%;dHCk3vQUJ6>snlk(flNbP|V3DvVr5PCs
zawQsRl%k3ijTqFIb9>c3N-rtm0S4HeE<W!7zWTC0;F$GJ;%Cm(U~imd!go$TUXOVV
zbv&%o|C(x!9GHSwd`T02vJZ!56OiFhnb|A3gLyGC;NRIjszE3H+pO3&nE5R$9W<DA
zUa&!Czu^UTuv#)Ufwo0b&Zn%Ty!HO`<E4)N!9TOtf_|#9S8P#|%&tG2GW4PIPa2u-
zTcn?qB`Xv!+@i6iN|{aJ`W+n$URb_g;3+A|@!Pe$#rcK%z?QFoGlg52hU%ZwNAETf
z;Td{m?R)3hCB?=F#PK&t1GEq~A;QaNU9?7thqrrH;_qxf@%lexKskr6*7cL|YDsp8
zrge2BFJx?|=}949Q~@s&`f?!xKtD$LtMR#MGqScZ=b)(gLepTCDy5Um>zY07HsY}X
zDZBMv3Hp@Mu+JI64LnIOzJ}BVfuAX4=byQBBTEC9RF_n>PNSnOKLFqr6QLVDCA!k(
z5MH)~zkbFvQ#LJF(RG0+tv=2a=0gs1E8)8el$>618!vZ+bb0O;UcO=q!|V<J@OsZ(
z;<|fOHwW3*>y_EYNOe82l2Cn*`UwqMuUMbwIxiAvnJf!cHNA4Eb^A2!qXPl#khE@_
zp{N+m^Uw^brit+q(uOjNE*n#nfd_B0+FR*O$cerlzdlxlg?c=1V&xs%OtF#p`+zH4
zn}@lx{*&Ro<Md3a^Mn{?%;_-jSK23c?XMUvzt%{!9LsQQ@&3%Kv5@8SM;0RchA7$-
zDpJo->41as`vI1?9Blj7svKWi@ML=U#Z{R%Gb&odesaaxqDXhuJ5?VcZIVKHtDss<
zm4W5~Xvr52WE+whMs730Rq~17q5~D)UetP{(F{ke{IJ&9cbUQ$#K4&(dqywe;7Kkz
zOlZgL?x{i`iu@T9t_00dmXG`Oa<^`8?MrY4%<2siX*`>~&R~n5+atfZSoJDWA^P=y
z0OW%NbJO#i%S?~{Q+Sz2lZUNnqvI9+j+Bu7zQPvyZYAs>=0R+TJGKL}Rt0HEY2da~
z#?zUF$2S;>=*!Vn%NMs8!N2Q=8&uQr1Nnzf%L~SuS-1Yb2qOeXHhfiKMRQYRD_`HE
z_SMd>MNTAMu=;b$;}-StC-&Apq>{&Sq&6$Vp5(FHRIJN_dLMrIDh42fqDeyIw}R_F
z<j@^ady~-iQXhG5=5XxXl*!vlnhn6j7~gZ;!@~neQ1YMI0r(z1`-<mfgy1oY&c_@8
zJO^!*(^yX^i>LZOg}>_oV05bPWQphPUX>Qj$ZlvQsgC`gi1*zgT`F&uJ(t8^0xe63
zU)d(dKDm}|2^8LMi;2>d1XI0dh;<H<mbYCp8c2khZd^LwBI#P}&0rHL!hT*%H=ZL7
zQ=e2-eBG{b!plJ@6jJMUdA{j#AFZ$XYBjkc8D#7pG=kXJ^Y2tX+MvR}B#V50Wwzom
zWQ<9?HIlZBughmUJ%!Ev<yZDVu7?wIw@TTmNT;I=Jz_)H$vXd#dnbP@kfbnjTNQcF
zs&6{7>$+FVx*a}O2$fZB%a3DS-K=aaE4CGcF_Tx3e_*CnLe>sUlQL{X2O*DQ^2?M-
z>bY#Ujd;qcPLsyR%Kn5$TibW8BoH#&S`}OIkl4MU-*TE(zdI^Z$h>;P&{Wa%;n5XE
z$3*u>McHzpQ+wgzaq&xM`0<c6-dW2kB3`;Cg{h?GpUgMw=x#y7IHenEELM%WJg@~M
z8_f7dlr?*nj=H)u_7KQ`Y|zH4(5CY2NavqvBk+SyNtjZGI%gY~wXefc<Be%2Jxi&;
z9XucialZWX`Ss$lypf-bb$vYD`T29(Qw=xajqUjxJczlQ`Aq9q5EiL!)az*5V<a9-
z{=1U9Fm#VH)u{HaWz%D4S+u@7PiXBw>~97Oa}eJC8x_wEgq_jWR&5`NLRE`Sqr&KU
z)}Zihmu+a6gwx0lob2JHibv`|va^?q%9Ev=UGW&4qZsc(g4+D+ESwCiEn)#*7jE~t
zi3JXG>ge7qIOjs8Ys=vQ3GTRnCEQVXFzz1MsmG-==THlI(upToO!^lrXH;kja8ayp
zvS0M`-vg)RU8ZNN@RYWyj|UizaNV0-WX+gC^h$vexDD22os8<uiM?S@k_<AG63O=P
zeimJK_rwk{#BuFVRL#Gl`ss~P5BKl2&!bl4)k)7hrypTPT6*tV`@oxc_;5bl1<zIM
z^X`5C#w$%1sEbPO=HC<k8-~<2K`nJv``(XVN9H|^#LlM(&0jh%_T;90a>>|@0hfU0
zaP%1oy4PU~tKem|HP>GRzBYNYM(J6J6#M^Tz8u?27@QA$I2o4xFd#x{_Civz?vzTu
zOwY8Cg1rU&esFr6OU7k0TpN)T#qz#+E}g>Krt{Me<UrbL(g~UPjb>Mz8946{+mY8g
zkD)qoyF1LTwKi0;{S(z!9HDsjOOuuqy=i?-hi~UWBYkaiI})c{GT)1wP$%m#>On1(
z4@<5Um0q`Ki9klFbRW0J$o@{+R%3GLzBJ=TobT!R_L=aVei+0aQwRTutDoC;NgH?s
z;su%sXJjv`up_^oT^tCU&VTU{fd52M?Sy2<AO7(sThZ-wL4IKl-SuFlR|y;*IDTFH
zC=RV@#2$2&v*%Ay{ZRRIySJmBtGkrW4QoQzUyIW8Oewy0N2h#3ZCxDtYKM~CXWr~N
z`W~_+UoM4Uy*t)f5(i=&!a}SAH@^}4eXF`f5u^Oi{^H-iiE>d;B1(jS{X_l|MNj|D
ztLUju^V3K>8>x^x-&=djHfXtU{3i8B4&qTVOv5En@+vd&D}d<|(8@1+sGpfbD6{eE
z`78^=)lcx#D0E)DJ(f~sYdN|hj92~)j`Ej-?$asE)=e?__5WwBKOvCTddIpHzrkSA
z*@e2Yc#F>}$V&ED8LUOgspe&2fxxWxn9{ddEVdct(p5J-EPy5qV9#&doA+mW!ej|g
z|A0nSQelEX;JmY120&hOb|QYu18Kf5#SO|wMQ<aw49T07t|e>nyyp4I`03u_+22_~
zlg6%IE5uU?WlgUi*7RL)+`&0;s%1*hXv79J2#Xc48J{93T{$jYkYEg-^>cj|w83cN
zFfaUIq6<mrcsUrBJl#94T{n7=#v2s;q*8kYb$(L5{77@;?^!6Le9&PKjq0)`ETa}q
zLYrZDGZtDDSa@{VtS;I-eLD!?DJoL@fCvG)i7Wc+sNh*Tg$fTD6r+ItCwYmUjfbhz
zuX271mA^Ivuy50TjpWmLE|44;q_Tp(R^uG935!$!VH~&XZ%r0r9EsW?YYq$T9E80)
z=F5pLeCx=naOy3k@81X?PHyH-XkcwTFZe26A-Qc62$!gOE?+)wttI{riB|CQp{j7$
zPx+tbDp9I8B)u<0kVgG`4nZ3F$-n+B++-N_mlxTr2@%J0@NShUwkBOe_#1bmY5VDU
zOyTq@8vtA3mpG^Z*;<M_(;}a)cGiOM6Xsu80VWKFClxL=AUgb1j|pbepipHI*G6<8
zV(vVl@9!j`SC4E^$2!H2ljx#}L=Z~_6%)VKjruC)G!nfy^jmi-jWhUW+SNRxHA2n&
zX2sx@6{D4!msP(TfDM<mRe;dSPdWlr&M`Sdbrk?FqEFBPUVs{1DnCEpSVe$yJw(i&
zu(Nl3>>WD86Y?!-9#lX1U(MpW_EgwI)~Y*!=`a&-NpQETPQ5c_VaeE(8;)IzKw}fF
zlkU-jln})E%8+{&ffH72?x;sDc9P|KVBd7~(Zv-;T>HsuhwlP#^E`oGM{NB!e>iyg
z`WPEKLMv&XxKPSj9kt({ie-D3Udlx9yE5atl)uEmn<wJGW^<E$BJ1iN`$`Gv2is5V
z7`D4vek=PvZ;9@9G2=a&>{^BTgR=5@&YRErK<hc*ft%T#P=kjYh@$M_KSo3kCnura
z^{co{RS`ItO7Wrr#nVezCjmGwQz}6Gu#k1M*iGWN%^{-Eu?Qm8tC^uT))qpcg*Wf}
zem!X0ES)F-ydhur^9PEHw;81Ztc<_-d~k)YLejhKGMuh+&K_^50J69E+Rlf_N(wF<
z^u!OJVZ?WO!P%~Opzp!MtZu+L_`zErxD@Bc$t340e@CC|Imujk%$B0*V}?5Is3^8h
z&yea0eGjic5;BDV?rRGU8;t45N(<a1U)9WDW~{)w{e>un`JIGS*kx3^;UA|KlGO$r
z;N-v^51XQ*t8))tj(GsSEX5-1oZ#-`PgoZ@gl!L1=fXQ4Y1rVF65w)^`JlJ!#aWHp
zGBjvkd192ivfc*)+>z^;ztwnBSp!R+gwz!$=X!YF&AM))lJ~iWUk6<8Qh4*h4JccY
zCb(ex`yG?L!qZIT@HROiZXtQ&)yTDZm<ZMY?j7+y!%>E35A_ECG~E0Ct!2n?AH1Fd
z7;JZS71&^1x9_v4m4aGTD7#9*^b0p6rsnzj#fg*Z*$uoL4Kk)@q*p&+K(kkl7p>uf
ze@F}%8W6fE0-4h&jnw#FeVZe0qWTxT!i+5WMM1f5PJbwP^Dh);VGbml1x)kcJuD^y
z04R?j+yh9y0EJRmcgXs_>LlmUQ;8gr+In)Y9AJ=h0%Nr47@``bnzS6}HDFiAZi@9R
z&Q2yyH*TN+H)Giy$Ci_quc50juVBKU&^kXqC?5*s@W|~q2qoDz10;6v_6|EO6)+EZ
zAP)cM*SsN9wnj+ojoN3TonD&~_Q3UA`^Q-(%k)Oc$jwt$@s}|*&AXw^`zOr}oEFs+
ze8Kz+h<Z_<uV2CPOrlAcQtb>U+Dacnsk;Owe-Vv=6Zr&l@8~4J&WML+?TB`6wj8^^
z{xJ)AqkK!6Rc$dv?DJa|QVaala*NfmaU^^rUQw8zk9J+6nm3RKW+fWnaB6SI_ZzbD
zZ4QT5os>Q-L!VO&CQISjLe>Gmdy&|1)GaN1o?Nr(p7A50-(958B#m0*34yq3IT;J!
zAiJQZgvIW(Fmv3u@gCy!ICCG^!}NW`#&rBFE0P%0(){bZXq=@}{Z*_o^O(b_$bB6a
zOj;@<O2I~Z<+G@Yq?)34WNN3goib)Z958b8oO2^S)TR3WkuBS%qS7(cbZ(i!E=Xc<
zt|Y4Cv$a~kHQK^hq?0AZQNctHagWdB^Yyq-{~O2GL>9g+4VJBO=Pkz-ab0jn_oGCi
zQ-^{n)7pR{uM~ul7b;k75QHYwDEoc-An$%VYwU^L+0x{W<HBp#iXaM?&$s57LA~$K
zN@n^@{rh}Mo9*5-ngwJ%J&NzCM!KFK*E5|8sD^g=f#P|Vu3I0i-NuFE|KN3bbJ90h
zz5Cd#-o+=>)iLM7c^C6H8nR9!G7n|d8p1lwns@aWrwebq8Gu#_MNQ8hy%+iu=uA1u
z&@k3z+I(<Makw!*h9)jUy|zF(JrVmjptF*X+(h4JNcS`}b^ujCg=w4h#v%JA=*y#X
z_9(;GBR|J0P{!VwFGd=ysppvB1RcQg940-(teA!j*ElmpH|Nu)4SFgdLd5ft4}xON
zCP~8vf47ulX*oVPO_5MfL04ZAo#?ISTIBMZ_tS&eyI4XW$%sDP&D>m)E7@)tS`?DK
zYtzW1ozu;g;Is}WD@&;uEcSOBzS(km42K`EZDZxk`NjL>KoBqLV-#NiR{KKRSy8=L
zF+bMgsV<(&1|YO5D=zU}!~VWO3lhIy`nmtj%yCy&{9n6!h4KmJ`IKLY$~3(H2(2U?
zjN0z;h9EoYi<UO>#{`@WiA;b@Ir(ThFU}ucK0vj28*kOL{!oiYtIB=fXl^1#jTIP=
zBSjX<6N0xV^Qc*A9Eh;z7{?XpHR-$RpTP_RQVV*@2+zkc;WY8PZcT8)>r6nO|G>t}
z`CIeGz-duz95C)&?{YN8yD;0PxnV0u%ov1m-t7F!)&vflOpPnMgMkmYwqFzU{|`=T
zQMkL!ylU!IH7CdWft*)g$VbNG;UHw^QRX)2w=8ca3q=oy^}hq}zB4_=`!8gF01_iJ
z#y4L@!TQv5vn){b<Sa~@{q;SxL40dc&VTb)CJGiTB47-V<o*4dm;lALzPE(*gRx;Z
z@b&W#Rc{;vN<lO%8s<Keaoc3b2Z&V=(|^$QtC`8i+sn)XrFzaF%{VyAqjy6hp`h@>
zH4Fcz1t`b^v>jMLGa7j{Gp}`Se$!N*E;<pv{vA!{<H)z^X8F>0E#P&&;NzReI@IHj
zjQBK3g>Ec6N>zc$4ED{ap=jCMyA@Qt{|SqZU;lMu?!YUXhukv_Z+34<#h>rD7qtxC
z-Bch?0oenbv&&MC1<)pd&s>)|{q3XIaOFkawCd}o?|b_sdjB*uLv3!ym+D2P%&o0|
z@ZUXs#Y5CmdsXWKfi06hMskuMkg$7K`ka$&nm`$1x$%wVSoY?s?c$qG=a07BcM(+;
zGvqS+|9w|JQelI_)9!lI=OE85=C*OIU=EuZsq%}o#xqIu|Bf4A&iJd4x}tp>1Qc;T
zj=Oy#O27XUXa5&87)a1ah9tW%-`unbwfO6;%mamB`u11{UvYx}pM?QtvG|kP?SL|=
z-SYK-Hezz3x@qTY80+0<w{!9Gf2pd>&i~q>`QP||ur6wXfV{{;Bgk2l&yW)p0{^{_
z)<#k>N-%4d&s96~=kv`inm#W(e|(ZmF6lKCbY%%*e!#yd(+&6|!;N&Jj)7gk%Pn!&
ziR{7wH!~eyY<4nDH8_FO&;vP{)imF!X)ov0dem^^9Z(n~HtWFRXx3?LP(PxW#RW+t
z72OR!vW*d8z&J=$RgGplg;j<)B?4eqjgv)C$6>p@%L7Qun2ZHSXKiz3(&Vp7s@qqc
z?}gHV^@8u*yMtV6z~SCbMvwn1?xSEt*$D0drVK!J<;mn#?QGZM^`mm-hAy_l4<}Z@
zdaW^djrRB@;md~K@|!RZQBn-MWWOKkk1knG<d6Y-d)CJvzz97{Im1I;EvEIr_=xwT
zS$tLps$)QQGa|MjOFe-gB3%?v0T^Tv&|0ix6M1i=LLYw}%?6Om4-&GC6O50EABRc>
zyf9P~ehQJMGcqC?_R!dr8N*8jj;67+#sU#=U+^Nea#oreK+sL%XCH4@v*ueKrv(tE
z_A;!pDV2{9PgY$1c<@K)PF7k#hhV2K+K9@m)-{Oe1fO7Zkd{*F@RKi4O1&E!!{nj*
zYdi^$zk55?z9C{5Sb^Kyuy}|O>ehMK>7_KZ940CX`Uk6_E_a;uf53uN8tlmhZEowI
z#-e#|_?@02Q{Z9BlvHTN09=c0a^AT$K~fUoWv|{|dDv3zEMgn_^~x}@>hH!jYItn~
zaqi{)1}!ZlW7NCL|9<N|`o*7vqhcZXzBkpUZT{E5ihz$ViMS~dXHsJOo}j9q)%b|U
z<~O4intax9|JCcy5mfiWu8}GAB7uLtLYEH}6sa>sgrq#jBiscNr3L`<Ng%kP2T^>n
z22<&cGl`7c!isP|lmbLW3vBX^h{<ySpI^2LpD61dEu%e@4F{y2Y=)Wh#||U<bk3w?
z3Wi;<ShsfuCvQ6w*VPmFeZeu6|GuETV0%tSvwNgA2vKvLS}V2_e_&ngp>NbP=|Atl
zQk%6t+DsU6-Wd-1T#cr~b0Q<4CHG3{rj@2wa-W<1_0~{Wq-=-tPn!KUW?&K64^YwC
zcL4TrbWA@gu*AT=6q-e2k!}Lf-KF=eGX)QtBK67&QDViYvK8Y6ZQ=|wAIpcYIk%XV
zlbYVZ9NJB^r+MgY;tRm%NP5<h{7{aP{|}r+eH<`XS89RN8uVtpmC2d-_x!6#&Y>Hu
zy{FcB<*<+d!gA~Stn!_aS~maNIqQj3iB`xkB>F1G+BV;}L3!EXW9Inke*1f=!;fmy
z%;*ee97;|$kVmfx#CSh{s383?hNllgzshO99ZtcbR82VAXIpL!#Kx7-!yp|jsoT?V
znoe`B&l*o{u2ZfWS#*H00IGwFm6M`+9jl`Z@X|cHU5S%dG;h9w4YxxTd3&6uFkoVk
z#C%@kn8NjL|J7dOCCByIPt4mry8@ZeYi?;AD~XPdX2@Z^8QVGT5{WPWA@#~{8KP-!
zF}LQ9?vdo{*#CUV6nV56H`3%unT+YEVl&3_b2B>~7-$af>x`b=^CguDQM1?wT+?sZ
zWXlBy=1jHmpQo6G9@Ua>lod2TJMmU8Fs6JTjXgA|e>CYKsqM-!%MNzyidwe^{pfIe
z&gdJSt-|P0xhZc(Ky+)<I1TWXHI2@J5Ujztc4^VaP!(6jCAd+)xNrC-Cr%;D+j+Qz
z5k1;5*|T2ht>q=ND$%7|BWH{ISj`4Eg7Jxslw5}-QBr8z<F!8sD>v1dzXeYn%#-&m
zlId*RU4RGxOa8nGm3BK&FOf?^CI+M=Mx9*}2s;HHL{~g6&6AlnriPg_)HJz>G9OIk
zMJiYz2@O~+X{nmJcdOLJ@6>uE+S`#?m!Zu)iL-_i#vaD6+Kg5SAHYmt9a8WoNUq%)
zY7~Xm*j8MtYrTSt%)b>1n5(qaM_<oxWYR)6(i7M$3rA}ztPq-$Tq$p^#Mvj-EB^%7
zH}yTX<E|m5pyjYzl`)J?_+Cnzb@2lkP3pqUp-!d?=u`I~z1D{F{PhNkBiC-^ET#>V
zZWsN7d+Ty<qk;iY8QN~Fa<eBiz3XtQp_)FMyW*v5Em=)8H5ImM39Bt1P9_72g?Dad
zslWKCCub6|t2XwDi>LiyU;!G~SSc+KQ`Ng0obJk`E>(wBcP#lw5t2JjmXJo}Y-RS2
z=dbEcbz!our~(eyI5n?W%8QLcMRoI1g{|-&GI>#9WM%xb5Y3vN{(7yS;%`>IA0z>u
z*=JVozVa-_%L%Z+v*$w8f{Xo$xFP8=;V|HKgq{PpLm%&L^Zb(&p7MuW_IHx9JzAYj
z<)xbBjj<PfQ=eJT7-(ecV?0}C3!0lQPL{3V%l9Q&I+-8SX_lB>O_YcppjALhHY9iY
z{*D@ZH@<3b3p>-#lz|Kc8tLNB#9oN?j;DyAMZ)*}Ad@>y*ETcfD>$sjN!6o0vzk}y
zT=MxR$ww<&Q|7&n1SPcH!`t_0V_Q25R5>tz(x{AsaUL4>Ic<g1^lKYwM_^f$Z{1UX
zpDN42u@z<=%uNHBv(S@#QrJzp4`8vJm@GcYwfrm@-8(&rJmK9mjma1LdY|t9=?>n;
zv3C*O&+uo=M%b&c>j;iW*`daIrewesu^KsQF%)^Y>faxB$DUavUj~*Kpj0-`N-Z93
zj$RMN;Qmyk2L5lp2EBkDLTi}j*>c=hTsxV+B!Idbfg`a{B9o;`97Jx2JISLRgxc)=
zClQaZfHmCY<j{C0QN|r3kT__|Z7Q@xRTEO5W@5a5g?fsMAGuG#61%)UqG%WB-haJv
z@@c|OC|x1$%@t3`cKt&Tu3z?w7oLHwQMq-QTK+2BBnPl%8JvcO_=^mXp-+Zg(^V8E
zHRg0wGea<qGaOdLUB%&wQMr-ms(>^TVWGFZX?`AB3B3+eyQ)A;LU6qUv-j>+M>74A
zP6y6AsCGz$H%+pAKvJD~KI}0OPq#-6MIw#LWcSX|)J2~zCo;n8D;DadUn&GKHAZPU
z)NI!e2kiRnu*0-=Etz0N_2e0K>G$Tz7j1*dm9hqj@O{u_o%)qi8tTrIQgKjXRJ`{P
z*2h0Wi$elxvxnzb0I{9M<t1sd!%!&CgR}8`+&6hs*12TNUtS2l&dNn%7>}uw21I&9
zCM9{*Ur)~ImA|a=(V|p_zznp_7=RMZ!=@XT(6aI`*}cZUi;CA}+?}m6NQPBw3^1(T
zZ}D<`-gS7lK~9L<<{~#!S_76o3Osl_a6l7Tm-+HtacHGK&bM`jClOAaRgVhgBiyyO
z+%K!L#kqhP_?G7G3?Q(p|5n#vkN>?a7PV>l&F$X+tBlk`n~il+UXRU4{&X05vqUjb
z|8vZJeWJ%Vp;WzJ;1}_L^tHZw*u-8s;$4KX48VE0Fen1wg#wK9jyQcnPayy{@XFjP
zpY|vL0<&(fBGx^te(8y7y9tN^@p9C28-fzP4FWs3-rcMX=_O#+jMSJAi}L0d=sG9v
zf`nl-rm5WTYQ-^+&DHlx;Bi3*h7dabmkZ0K#@#s7kFH^W7a8VAs(O^ub^p4L2jwQe
zXX^C3&qyWZfQS<Dkome)P=`5>-VVdvL0}c3X$3thp=Fdckeo3~Eagx7wi7fik5sZH
z^A3dPjW=w@Xm~&HxU=$j3X-i+$?((LaBOBBU9>dP`6H7dW<;0dC51~fW{ZR{rowT^
ztIa=?@Yf%xmRt7#B`t^>mj8>T^VgCuLqq&()OcvFw4!m7)$!`}v`@-pXiw+!E@?v?
zl64y{H^Gc>p#ZT$%^1t45syE!vW$n`WEyjNGF;<y436sE>-6lEJ0lNVN&Um4P2@8f
zXq@E%0KD7hjB(|IRU#Bp(!5c>Z+$-lf4uz^t4f%}CZ?_)ZI-k4-h@Bv$B(hEdByiF
z-K`8G{IVFgTo>J=q)H$P%k{?sJ(i<yCY?4F3P%aLiI+`ezUQvRWLo|f%Jgv@ZVzfd
zUDdqKFvk~p&0lBT)+e3sGgnie7)9OvJ>o}-hEpo!J@;uRqXr+`BX}bxooU?q{%2)Y
zK`yM?=TZ%_4jWw;L)#ewa&q_w-^CbG&Kz_3L$}3}Hwc88*(>HyVz;BH>{cTtR~ZWY
z)`zwjuPvFBIqof{1PJzzX}0oNzMfbyiog7OMB;NG6y^46x!+P$>98(-XC#0p?I(_5
z5L=X$zBk9GL544_(|3XkEZ0jF%nQ*PH5Bt`#OmI3T=&;{24bc62@*HNBQ_LVvNk{8
znc^IB{&+%hy?z&BB$Z^=M(yBlQ*M-9G=EBBeC0;7XEx$vLijQ<Z2O-a2w$8VM>a&n
z;q#k7??iDYiD_vx2Fh7&IX1%{!I&h|-+}7FZ5LYtv>B2hYj+a7W*D^+F^5kONoP8L
z@8FZuaDK3njC8dsKiJ*h2o^z7?q>w^_mt+*yqM(*V$)0E&-v-ZQpu*_@w8lgB!Bqq
z<0cc3%F<?i^)k-^6rNSrr>w}Jt24kJ6SQ3Ocf1HmWr@3xE4qAqB48qTiazy=!lX+?
z)P*|%0^JyEF|hQG1QrkM(59$AJNyzOHAgdg5Js2KjHQ~M11RI9Pu9tm&q8|;hruey
z<qM~-Iz^cbk!S`UFcsJ!*|2agGi`PCkYG-2{Whh6)5xu%p9^R<tue<%-tCgl@G}y7
z-4lb?1i}wfn85E_b)antMWmUKhm$-5VrHipzQ}X~JIsRw5DN1gfRXz{gTBvD)$GQV
z<)z?lUR_h_*DMy9r<AxN@2GPSu^1x3yBu-)?DQzEw(}IK)o7-w=A9K$Fuz6XXJOB~
z@W=XoXA3piy;!?cQymvF5*~dK-VZy#%&I`_^CGk#0aSd+nM0Mf)MjR*d732NW_e<y
z>Hs7U6SKof*myrK(c%m5tJ!Kerjq)*$&jb0|FiomTk})LGZVzLA=@<~=T1FwAB2R^
zsjoVz9PAJtzJaT-y<WZ-Z<v96M3SmB2V}ut8oFaE_a^3r9x16>Ejqunqu~4vIQc~o
zQNS|~pcj2;LAA755mHr>Ea)?gRs3N|=+7JXbemk4Rw)QyRX&d?uK%%XFp-DB9MJP+
z-#W9;={Gj|+r}m|?k9nhh4UMo5#wPrawlG;+rBOi-mxNcEISk%h{XrtzibT^2QoD(
zS&d8QxyYd5@liciIvds%ivUrr;F{VF_G6`Hrc{s~{h(7m3v`$;8^a!}20i<6$cc!E
z);H)pPz6e>tiIsHMy6_IM{Bh6vV7Noh+$2|SiP#WBE5toPRgH8AMq7OQy$mUTcg`L
z;QFp5N$wmdg9F8E-h@)46VGdmGC;C|J2FzRgWKsPk_cX1vVo}G{(P=qOWw=G#<=Il
zQv)spZYiVBj@QUbx9uSDOiP#VU+-xhCkg&Yj4P~bi+%7i@f+-FDH^Owsl@k#vi=wK
z>Qkt@NDYXNHQM31*Cg4}g>`0C{5hI}#OYm0VcN|ulR|59p%B)NhefXWsT_b$eNmv>
zL~%xcw#;5PM_p4)f=)*r=iUbBOmBZ>nMfAP3p82qX3mH>d}@X_D^OKWXp-lz+907>
zvqTTDWO=`R%-psNRWq~au6Ilyt`ZcRAzK;=jyslrh7$aYjdoyzAf|zN^<VeY%sWA`
zCLc>%l2y0sc(-{$($IgO8*@8t(ip8T7^{Y*&-97XYfk!AemcA-siotHaT7_CA=`4<
zO!%gx0t50?omwUyA`v^2PRGuEDh}gS?j%1526dhg4OTZ3sbTzYkn%W);TP6t*#7gf
z^_;cQHODHpi<O%Eg@#_J!uP82@UGcB$;OoXb427QEJUO7b=Ur)^GN-8dt|`$6Z!=6
z@k~bb7%%qNU!?vtmiS+!ixZ=5EwJz<jr@t@^!~CQ#Yw|D`stW<Xc!7FPCw)QsO$Oh
zS6c=UgY5mJD^@>;24rRa<hU)m3cZu#t6k)2s6{aP?s=)&WzVtVz1l-)oE7QV;I_y$
zQ*!?pk-*?W9EX>>s9)_yDsaj)KL&dX@3ny03*im1&2NVMD*F^0kC;$`Uz&c5RoVDE
zZuf`oL)H+;tcE#zcx*lT(yTTWPUfSQooeZrm4>l1EFOo}vW0=&eDZm`cv|q-VA~S5
zIQd&>avV6;zRtmGC2F=v_Yy)wEjr1MD>>c!=IrmtwLYbeQ2S$&nYy}bc@DY8O=`Zb
zA&qccb9+7g=z>WtcjL9!poZGY<<99Od|u}XOQHQm&+Z|oM@xj~@49jO7VlVLkc}ZH
z<S%vsT$Ls5FWa#dOa2ctNlNLn7HEswrvkM>8t1Ly7+F?0vx!NYx&Z*vg4m&8K{8n{
z<HD2|7=i>hJObjCx8JU}_~~h8mS68<pkbz=ndCS1(~DzfWr&j(pkXwHW(4Ye?HaRD
zj-Y;U%`3MV?HJk@=)2;{&UCsw8$Dejip8~@@Gi_};Y{n_{+A18qD%P16r;dJs5cQ6
z)dH{cE6>b|0*m&Yh%hC)g{s5DfjRsj9&V7YxAMss@v&{&3V4Qxr!Fok{xgadsC+8f
z-_A6oC_fT?EjjcU|FS^n?-R5m-V#-ZtTYym4iL+7?=KJ|o=V}}?Fq^NI`gJUxXhW-
z^Eyc|y^G{u7C<({8e;jha@=@uEjkubgM$(k22E|qST}t=bA`4_^7gUF|10at<Dpvr
zzgy9bGN>rqR1ykf%bww8$x=$h2&3$mj6$-^j4W9uM7FYKEFt?^mdO?xamSi#mwg-i
z7_<Ej>h^uTe)HGNnRA}=*`DX~oag=iJjX5Nn-8vH#8qUytg$2-le8N*LukpF(6fvO
z2*C3ML}T8K<L*e_l-nYDG9UAnBfw{mn39rD1ylKgawU(<&mR3!Y%yD(p83Qj$95?=
zBS$lgFT6n)>RBY$m&mL@4RN}>&?;*-n3qHG1|BB$pCC|1A(powlg$ZJIi}g(5zUAP
z_ueooAZCFljXP}Bna91;EMWSVSb?-+<dxTM7WOzA&(m87Hhh~WWw$r$5aA{Q>FRW3
zq7*(RG&GHEWK6{|sRVe<Zt&%RKWsP8k=(9=n9yreiAQ;26t4rL=$*8kxU16I{j0os
zS1&4pJmfRqQ;g(i(S;6y9hKQ#CN^hHjB4-M#P#$#2tgE6$4+R7Rg4x|X^^j5T{kgI
z)dYJg*OXd5*@*F8;4;WfZ#>4EywPz(Krcr-_QnW-j7xF-hRgk$8+vSo2|IuM<rlOR
zrXdKM5PHOkX(ZtJUm{7bMeB0H?XS08^J^1l3O9@46JM1XSXM<PT08XN>;(!`3tA3?
zDh8aD4F52qzPmZeV*Fi#02RtCjG#9auS!a|x5i9#IU_uR0A3^wN{x)15QrJ5o=a}N
zbF7CaaEBS_jR3x7U|N{EqL?+p7T`*>F^p+B`NjSuJ^2>mThSE2;;Z1cNTNNx9ZRa{
zR^@eBHsM>|zGeT<bMhlZF&8pg+c#|KgEbG#;KlL_=_Cso0Z47=&1cBVH;HYJ--*9S
z+HOj21Ns}xpw($tfnHN804}m?C=|;iny{v2C7#G0RMoFtQ5o3TIt!J;Vvvu|uFE$J
ze$XG@?GSi`zwv0x7jfzZH3K#j$yIURI5D>S^4s*}u&pygW~GMu;XM32kHgmi7(83N
zeWx_+$gzKYeOu@6Tz=Uy`KN)D%<R+lKRD<nK8>5acMU7wI>xcry%@X1=Jg#A2-zd&
zZQn55$-)ztG#~%kG)u;`rhTF8E(fJcf%cJHI}NZ^`Y!fW0#BtZ`6^1SeeFG-&=WFo
zF*6<kQ_ppY_TeGIdSK^Z6X}j&f;X_%0r4EDaHk~SbR$M1IVP_fiToA4cIQn=7fGa^
zIlOR&8ELjO?0qf(k-9#5y!wQAmho-{b#sV6?3~AN>rj_aj9dNN#>W+bca0}80mnX9
z4PEElN2RWekM@67JiPlue!y5a|JxpIN^Ks2cU@hR+Rzir>g`;xmbbhfa@4mSs5LLu
zf2HB{^nJL>`N(-Ij^pX^^iR?@+?wlL^yE%!=b{Cj@*maDcAYPO6RPtz`W`(MUZqeG
zvzXrP$6qOX_q7V;4sXHHl{L*CbpsiL_aCdJt)G3Y%_rWZJP1E^Jj|9?aOre~Bo}A^
zBKH9$j?9UnNJ$|R<S`Cm3V#EAFiB*Br!Vq{N>8KA)T4l&v(-<l-Co^Iwyp^jnHZQ-
z^^;9Hy;lW-+`fFpAbUkG&(THco7Tx8vrm8{XGvzEDCMEj34{AFC3YvH&zb*Ym^uMu
z=3duLUK5*67NPJv9!xLM!_tEr92@OZ^z1d?p?~vPqSUb#)nYQM-7`<+tE-1K>l;7v
zs&slU$ogcfx)g;-DE>$bTT6x1P`Pd$I#)M*KU#024NQX&dM%KCnV!4N0Q^`~m2aa0
zPpuq?%VPnpU=%V|D@CvFhA8>iDl+A4miMRFZ?uh_Z1165Bnh@3+BtS8ScpC7OC|NB
zwARL2E4gS!<G2lJ?!B99h7<9d|IkDiovN`b2lF_4IjKNl>0G?ZnumQ}FJJo^kJh4y
z;-)t+5#hf4KoZ;7&0!_`1esAm*@-gfB4RW=!_(Ft8d^n2W+fX{kuJ%iAt$L)Mm^RE
zZ5?JQX1ex4VM%msula0O2fsko{3rcCuMDYbyU%DOWenbzH}R=U;8!Iug1543HgIv!
z9Q+TjPg!~p*h;A9$0p1z`z0L_)irLEJc*QM_P`s193F0zy~bzo6s2d<S{-^FwtUkI
z2ELmXRuyqsmtS^pY+g7HN(y@ACAYQEkdSH0eOi3$jL0lsS;$)Yc&CI!$yP4j)Z_I%
zqho6(g{wKn#=3Sn1{*iT!NM7C7GWEf-`p>ch#J~63?3s`EUu$vBL<4#3=m^8tu2j)
zMROIMbML=ZU2vl2*a-`j52??c_3Nxah84Nyn8FM0qVIY~jHm2}O|UMH*y`)pBuFe}
z&tMyc?_D|$EqJqJ+<!ayuQ=2s5{|Y~@2d_=nu_E$^|x*?X#<bc&rNR>N>(%rGb+Pz
z7y785sAUa1Dpkqc6V-nla^MjcjZ-7M6~5}KQ405on}%4zt%}pnNfrCgQc9yE?VmlY
z{qRLg<5jw2?lTMB!usm=Y!J8V?f;ggl?56PGmSrG%SL=$5}QFN6h$x7m-+TU$cpwF
zj}T`YU?KX|YzP>Y=r>^qrENkOWJax@cNVZb-DYR-K9!ICy<C)s`&Uop6zbVjfC8hm
z$HqQ)RH94YGu0YctggOnj%i6bfcK<C7nhb?MuYd)yqPf9?}JBiX<p~|e*$Qrn%|BT
zQD*;_Kl8&nUy|#8&~Wpo4MNKAMRELI@!78xa%VZ-{|JcB&EhZotXymU5Cx?_`=1uv
zL;hgjzefF~+5u#G?)k4Hhwh3TAc#j6T|DG}3lWy;wNIR4`h1}zHVYt^?@L##{-Fx}
zOy&1!b!Z0a_nmfkenidwJ{7u)g{FF){iWrM<^DIOVzZwNO8+DJ&ewjo6|w2~yQvE$
z2PY?rXZ6<N559AU+QELInlD{{YSO^PbpSN`H@x*au*~O&zl!yKaW(yq{K7~7A2Mt3
zZ}*1e0ghtEuO}w+6SY3{3$nKk%N9ELJ2d*|4)*`Q)d$}DC3}FF33I?s1S#7>wg)6p
zKt<V~D7=(e&;d%Wt{G;gm+Q^5Pd#7~=lChw=kzn<`_bZmAKUkL1X4>={2H&NuJ^v~
zpQ&#M&xdb3{{`t+MSz7w!%u~Z{*<>`!eU^H!KuZXVR}LDX9=VKQ1eT6TOnZYl#Bvl
z%(DaARD}W;hMo!yHPhGEH#Iw`FOWhDM<3!W89n4J3TI*hecF3RK%K9boz}rMm@Xdx
z*!k^+t(E1W-%+^OnG*Fs@ewWfD<;Q{k`b%Vr#F!63OMpNrTXIlrq8_#?9>1dnwglg
zZD4x8&a?)iSF8BI$<5-NzkF3`(arX*?{6~0&5{%zeqgRkPjw}{^rJRSQ2Sf<G9|{n
z|0Y;5>CmXmH*Jt|BXhqIf9DCAN#=g^dK%p!HzD-Y{z12h4pl2_<ofG0i|u{pFq1!C
zb|{Cghw<E=5T~%L9eBAg7(WNLc4`NYzxru1wv`xdE;B3h((qB6pF|DrLE(yFiGmH;
zgJ}7@Yzw>h!2ZBm)xjTt{Zal4>r%h^DCF*ZPMO3$ca6!61Fx4mM&GX5kUZ#9W`CO7
z!WIdJ=-r-QR0DBVXSs*+d#IVZW>D-<OI0GpQ5smczTIVd<9<BQ8xLZ?Sp645cBb46
zM;Rf`SRO<e&`rk}E2Is{J)60W)cS0XyDmztkpdlxB&)ld`bYZT@mH>7C&E3ln0>dF
zG(L%YVJqr<wyoa=ylc*P0Il4rO=7?Q8p4*$XR{y2cU7n@3Xo~?z#V7$AOwdduO~si
z-Y10=)Yui&HuVpzHzLo0h6lt}0+miLjbfXC1c9SZ3{gPvpkO7x&7}T^RVHOgCtKhh
z3GP<M;WFGcZg^^O-1}`~GwVFjhQ1pwl3xB}vieXa;1rLVK=xNj^3oG5{~OEGEMH3}
zs%i?FCQr1F1q^YYxqBg=>wwIX{rLOtZYu)r=gXj1L3d8fMf4DHK5NU!V@bX9{dHqA
zimyV1^J^(1UqN>@nG5r*FRU*ljN!lL@LU<}Ya2;6?Gp5(Vd3W?YLpo^93g=;`C!r6
zdu<oMJfMDC$R>ocU}b$gPe{~?Wx4@KUhr#F;Cn3^o(TVnC!){NX-Pc^B;4-$Xq`?7
zP{nz*Y<&UtgHjZ5c&*rz<a%2eFaWCVF~`;S*zb2Nu*@BzJwghFgZZakj9IC6P&qm#
z?eZAKTP+G{b$_buQWuA~B{`fA#*o4{O@UzCvZ~MO-0Ex&3O~E5j-t;sV4J}A>hb6&
z3($973as~b76t=}_fU#{9>mp$T}uvDQaBI$Cyfsk64&Kt`}SP4I*Za@ZRo16V^GJX
z7%irOV6dwy2j@pqnt|q|MHGhYF^%FE*!eb(4*`MeRcSYGS2sifDm~#0IP$y+?zaKE
z4GAeIN`v}6XigBU9%R`Hj0oxZKp(}Xp|`(5xOdO!u||d(x6Q^MFyjqopZl88T1INT
zh$z}HLK96JHl#8plM)~}rPkLyzESKT@CXoX4PI9S(BHgaJ?^53p<{l2oN90C(AQ*+
z8{m|XXDfH8QlFy&O+P|L^HJN>@!OhHtK(#cKHsuqr$dJ+>-m%i9^=4~riiqHVNm_t
zzNWCP)HjXj@9P^|?w_s))uUWLj2M)FBDsVF#^w%l)|<bDG5%h)sm6dnsbh?72OD`t
zUl}pg(96K@(-X$Oa-YD|r6Dkm&B%Z~HKZZy{`LFjJ^RRWVx&@`dWH@I6EbV@Bi|tc
zp++HNeRHoK6=1#OTGsi=x+oP%`ccJ~#&RMX%(Ec2qiJ;lmAtCuJzoE+h&T%5acA!d
zJv;-U8?voC0tkOj+3ndXb>d5)FC2ARF7c!^rVWp{r9h>LXavm`+j$(7+Mar_==%N5
zBoKv=sl}Rt>(ICc&@FyJ>NDt0UQ^)ge#il$h;F}jH>S<>f~;Pij0`8d>P%cYN!U57
zaT+ii_q2()zsH(PK=Rw7oR?w4f5!L!gw?C<J4y)kJ2Q5w8P=1zM7ewl;2t)!;yrH<
zny!!VpaSQ4zp!RVGXH?bD)w>(vj$w+#bBm8LkQ1TKho+TxELautj7*|l9WDim<DL!
z3D@ifk$-eB_GMeve6&>z)jE}|sJgS3-`NGF&=ZO>=<KAtwDyf6%-b*84>gpae{M}q
z;7hi+g7X^_8y{wIU&JKvZ>;x~eNo_g@$d_Kr`t*D?f{OyRfJw<+{c(*JQ#s|w(vyk
zJ<at$P%G+AKltgBlp>U(*R4i7?j?1r>L@`0V8^7%cZtj0i!Ep1ZmZZMQJwDaO=ba(
zNsZ%zE~>S+4-cS|>A(<x0lOZf*9ZN<)@a>K10OA-8oV+zoua@6wc*RH*Oj~5eBZjN
zZKI3V{y7sWJ#d)B|AT(>ZLL(DBK873Z@!;ndYWJDQ^J{n$*1h*)?)Vi)U)i3q`Nk1
zjm?Lt?MKf@O-1l0Aci$jvXDfIdSmY4jN1)UEtW?>sO^HFE*uEG7U4%JJIV}U=_q04
z3Or+x$-xIo15+oB8^5dX5=+t|!4o*2?Gg8lt!JX)fNxH+2-Q>d>Jfe<YT3dy#@JYJ
zNq}irsz7)fF!(_Ie4$lP_1+7p)iT6%5`?Sil5J$&Q7C1bzCp~M$3~AGw!O51B=;eO
zp6(5qWUT;cQa$zS_e#KJPjodRTh_?4X=plmmXOvzx8xGJH^XHrJZ~c@|B<o!j?Bae
zK@j1iq(~(9HA(=GB*s^G#?V_$p5dU2Bfh=lZ5^m1S65&nC1dAtw3IOi#C<KA9qgj&
zM;{JV%wz~|IFVYKo+bJh34STUq1Irh_+{j$Mib!ecx%-lAcBM;O~uW1I(>msv74}`
zSV5O&*{gec%`6ZFU2H)CzER3!ddcbFqdDOZ&B;x29bbSyA72}x0fRr}Y4517#~B2D
zVEy5G^!36w?@7-GPiTa_uc*KQ+&vm`##|my#`-*Uy9!5}H$*GDirM%-4}n<KfUK_h
zu3{G6T`91(@Tbf=V}XPy=u#Vbsk+N@;K5?UxI^$2T+qJ0n4Yv8b6o-{*<BxETZ;7P
z<1RCvT?5A77ao$%RaQX3Ku#)882H={b)yT54sF}+hu(Egqw%1To9M2O9)JL!52cHh
z?r^(<CG2xMMHJNKP6C;8tiVFF-sAOxcf%tDt!%nX_9sa*bf*p^>F^CmrwVe>4D+v-
zP9?r!&S){}w_rO+``jJtwFmPKrb1)6HH~dBFvF85*osTo%l>AX9wAmh2|*Mfr2=Tn
zFRs@i-#Me%2&fyl%*y9jpj93!nkAm4DMt7gjm)fIOgd)jV9QkSUTWm2*HKWit;cr5
z9z#bQ-2ei2j@Hwfi1gKvD7D?W*M@2(v7Yk0Vp-+=h_O0>l!$UiPJK;rJUq=vFC{{I
zvTHCsHi#i1%^Ojw|91h+Ka`cMpKT?_BU`EbA=|n_BkhF5#C<x0CszM-owP(8uCn?}
zZVTJfsT<CmCF0IbPC$hqES5K-6Zpg@Bw+i*IPG$?vV?Jg;oOhJ@aCnPj+@&fH6-FF
zaI=`5(Q4K&E9v8hAGDaq3%C1hlL8n%4>8oMN8zXaFf#NM%C*aqN!)ib${nY{wO?i@
zjjm*M`x=LZn&~-7%PW5u$k3#;_6**L(l*D4;!ESj^_is=uPA=jEDsfwfaHUSqvr8I
zCCV&dlARxAWn~~DG<0s&xdJU}9$zZ1FE&k#evk4n)-b=4rI`y%_;yz{oMGmBmMeF>
z*6o0m<@{LY*J@rmileNCK&ilvYz&$X80{jqNTY!C+FR57o;Wy>X^s~&)RI%kL+cYw
zlq$qnq_#tR>B{iOlXPxzH2kGDmf*NKu@qR^J4RndTUc4qfhVkrw)OROU>~|M9Ag!*
zhYB8#_gbm-r2soxVO79l!g?^kJG9k_K%;mrCB6tvjCrZH1JKY#J#lAUu`C^*Or4C_
ztPf>`H-b*+C~_;-h^vl^VHz8HZ_+d{oE^kKH$0vuN(nHUpqDbxSA<boQQE*Y1f}zN
z&J5B+{-uUH=`kTXn+)Y=T?}}2Il3c@UBDgLK<?xc_L1X_(?r}QYUbZWUflXb_B}Rg
z`UXwLv<@K(WfUpGmFMXhZipS+pTZaP_4{Kg%57nKVU7~YJC-lYQKXd=N7`Ntwu_{R
z!{WO$G@Y)6%iq$W+{h)|z#&O1OD-O>olo2%S=lxK#Q}4n6e%1Q{(G@APn$DvM$Q<r
zeCP$HGn$J)z&gtD?nRBb1Yp~cG7vb{ZUkmk2{<Srfi|GkY;;-m$yDe1I(W3+<boG*
z^mNu}J(9B43QkLj@bGIRL+|Q~0Z#_ki(4!DWxCB<O;aqCl~azimiK4qn8OG#N!9*9
z-g^!XV4%f{mw=nyX0a-1e(UXngN{y4?a%_Pqn71R<J-K;2_{igSsH9*UdEG!oqk>q
z*5BP-T2X$Ax<rNBO)lj|Fj~^8V%H4==@p`C`IjPvI12)Ww8aSK%sgfl<>i?=4tiqf
z92}YfRBe;~Es_@)^}aDvtPllah{{NgH=qN*mc$xmh%?O7n*ziLgx02wpvZ00@)m;6
zU0kXyXSrjXm+-BA<C(JTJDntLF!$;HfM$m7aC|1wsG~c`;l+~YH=J#7&38uCP6$<0
zH95l+=>@zqaISj_c%L(zW=lH!!uDEXj!l7%ImOhK5g^5zg4`tNAgpk78WD{K)P|C$
zMCb#s_^aJ?q>bOxZH7P*<kQXLhJAG5X21cv%ivMKRjY&)72u`J*uV9u3#B<jF+R7=
z!&vWSzl29K1m+>EQQBE{Q)zs$rIS6k%WeJwEQ=!5j4|ufIO5HDBeW+<xkl_oFex^2
zdQr~YmYn60s1at*)1xMTa~>Ny(QuxNp88tB=JLP1_-Zi5P(vw>i%MK_u{91vcV&56
z91<8+X%1G9Yzt!~^4Sa{7w6K~4cD;I+=K=veb|gAF8!9#i5I<2;+{@7QQbQQ@z9Bz
za_E->uN8Q5-BE5+K{}Sj@R*@@9Zjm97FUGL7lrX$cW{&_G$o`8!RQ3j)(q)$BEY1N
zwu6lVx@~ui@C9sH+4S^uR#p}eU6K+K`Ne+)J`J%G(}zu5OF_q(Oenl1nG%jYxOhS6
z8kYq9QRZW}mz~-K!7yTLBSrVhclcL$6uYYl;J(_t`8jLpyj#=D!*k2jD%P$;WMZbN
tOv8NnW^vo8?74Fh?2p|m%%>Pff3({y7ATAl0*Qc0SL>E$;a}DP{|9o8Qkeh%

literal 0
HcmV?d00001

diff --git a/audit/__init__.py b/audit/__init__.py
index 9bc8d7d..51b6837 100644
--- a/audit/__init__.py
+++ b/audit/__init__.py
@@ -1,3 +1,4 @@
+import json
 import os
 import re
 import uuid
@@ -12,8 +13,6 @@ from langchain_community.document_transformers import EmbeddingsRedundantFilter
 from langchain.retrievers import ContextualCompressionRetriever
 from langchain.retrievers.document_compressors import EmbeddingsFilter, DocumentCompressorPipeline
 from langchain_text_splitters import CharacterTextSplitter
-
-from audit.rules import FROTIFY_RULES
 from logger import Logger
 from audit import callback
 from audit.prompt import SYSTEM_PROMPT
@@ -23,12 +22,12 @@ xml_pattern = r'<root>.*?</root>'
 
 
 class Audit:
-    def __init__(self, base_url, api_key, reasoning_model, embedding_model, process_output_callback, result_output_callback):
+    def __init__(self, base_url, api_key, reasoning_model, embedding_model, process_output_callback,
+                 result_output_callback):
         self.raw_chain = None
-        self.source_files_list = []
+        self.directory_tree = None
         self.reasoning_model = reasoning_model
         self.embedding_model = embedding_model
-        self.fortify_rules = FROTIFY_RULES
         self.process_output_callback = process_output_callback
         self.result_output_callback = result_output_callback
         self.chat_history = ChatMessageHistory()
@@ -73,10 +72,6 @@ class Audit:
         ])
 
     def audit(self, event):
-        if len(self.source_files_list) <= 0:
-            self.log.error('没有找到源代码文件')
-            return
-
         self.log.info('开始代码审计流程')
         self.log.info(f'当前推理模型：{self.reasoning_model}')
         self.log.info(f'当前嵌入模型：{self.embedding_model}')
@@ -98,10 +93,20 @@ class Audit:
             if xml_match := re.search(xml_pattern, result, re.DOTALL):
                 try:
                     xml_content = xml_match.group(0)
+                    xml_content = re.sub(
+                        r'(<content>)(.*?)(</content>)',
+                        r'\1<![CDATA[\2]]>\3',
+                        xml_content,
+                        flags=re.DOTALL
+                    )
+
                     root = ET.fromstring(xml_content)
 
                     action = root.find('action').text
                     content = root.find('content').text
+
+                    if content and content.startswith('<![CDATA[') and content.endswith(']]>'):
+                        content = content[9:-3]
                 except Exception as e:
                     print(result)
                     print(e)
@@ -109,30 +114,35 @@ class Audit:
                     input_content = 'ILLEGAL OUTPUT'
                     continue
 
-                if action == 'QUERY STRUCTURE':
-                    self.log.info('请求查询项目结构')
-                    input_content = '\n'.join(x for x in self.source_files_list)
+                try:
+                    if action == 'QUERY STRUCTURE':
+                        self.log.info('请求查询项目结构')
+                        input_content = self.print_tree(self.directory_tree)
+                        self.store_messages_in_faiss(input_content)
+                        continue
+                    elif action == 'QUERY SOURCE':
+                        self.log.info(f'请求查询源代码：{content}')
+                        input_content = open(content, 'r', encoding='utf-8').read()
+                        self.store_messages_in_faiss(input_content)
+                        continue
+                    elif action == 'OUTPUT RESULT':
+                        self.log.warning('输出代码审计结果')
+                        dict_content = eval(content)
+                        json_content = json.loads(json.dumps(dict_content))
+                        output_content = f'漏洞类型：{json_content["漏洞类型"]}\n漏洞文件：{json_content["漏洞文件"]}\n相关代码：\n{json_content["相关代码"]}\n修复建议：\n{json_content["修复建议"]}\n'
+                        self.result_output_callback(output_content)
+                        self.store_messages_in_faiss(output_content)
+                        input_content = 'ok'
+                        continue
+                    elif action == 'FINISH TASK':
+                        self.log.info('代码审计任务已完成')
+                        return
+                    else:
+                        self.log.error(f'动作指令未定义：{action}')
+                        return
+                except Exception as e:
+                    self.log.error(e)
                     continue
-                elif action == 'QUERY SOURCE':
-                    self.log.info(f'请求查询源代码：{content}')
-                    input_content = open(content, 'r', encoding='utf-8').read()
-                    continue
-                elif action == 'QUERY FORTIFY':
-                    self.log.info(f'请求查询规则库：{content}')
-                    input_content = '\n'.join(x for x in self.fortify_rules if x == content)
-                    continue
-                elif action == 'OUTPUT RESULT':
-                    self.log.warning('输出代码审计结果')
-                    self.result_output_callback(content)
-                    self.store_messages_in_faiss(content)
-                    input_content = 'ok'
-                    continue
-                elif action == 'FINISH TASK':
-                    self.log.info('代码审计任务已完成')
-                    return
-                else:
-                    self.log.error(f'动作指令未定义：{action}')
-                    return
 
     def send_message(self, input_content):
         self.response_callback.temp_content = ''
@@ -166,18 +176,58 @@ class Audit:
         text_embedding = self.embedding.embed_query(message)
         doc_id = str(uuid.uuid4())
         self.messages_db.add_embeddings([(doc_id, text_embedding)], metadatas=[{"id": doc_id}])
-        self.log.info(f"代码审计结果已缓存，文档编号：{doc_id}")
 
-    def load_source_files(self, path, lang):
+    def build_directory_tree(self, path, lang):
         if lang in LANGUAGE:
             suffixes = LANGUAGE[lang]
         else:
-            self.log.error('不支持的编程语言')
+            self.log.error(f'不支持的语言：{lang}')
             return
 
-        for root, _, files in os.walk(path):
-            self.source_files_list.extend(
-                os.path.join(root, file).replace('\\', '/') for file in files if any(file.endswith(suffix) for suffix in suffixes)
-            )
+        absolute_path = os.path.abspath(path).replace('\\', '/')
+        tree = {absolute_path: {}}
 
-        self.log.info(f'源代码文件加载完成，共：{len(self.source_files_list)} 个')
+        for root, _, files in os.walk(absolute_path):
+            relative_path = os.path.relpath(root, absolute_path)
+            current_node = tree[absolute_path]
+
+            if relative_path != '.':
+                parts = relative_path.split(os.sep)
+                for part in parts:
+                    if part not in current_node:
+                        current_node[part] = {}
+                    current_node = current_node[part]
+
+            for suffix in suffixes:
+                lang_files = [file for file in files if file.endswith(suffix)]
+                if lang_files:
+                    if 'files' not in current_node:
+                        current_node['files'] = []
+
+                    current_node['files'].extend(lang_files)
+
+        self.print_tree(tree)
+        self.directory_tree = tree
+
+    def format_tree(self, node, level=0):
+        result = []
+        indent = '  ' * level
+        for key, value in node.items():
+            if key == 'files':
+                for file in value:
+                    result.append(f"{indent}- {file}")
+            else:
+                result.append(f"{indent}- {key}/")
+                if isinstance(value, dict):
+                    result.extend(self.format_tree(value, level + 1))
+
+        return result
+
+    def print_tree(self, tree):
+        formatted_str = ''
+        formatted = self.format_tree(tree)
+        for line in formatted:
+            formatted_str += f"{line}\n"
+            # print(line)
+
+        return formatted_str
diff --git a/audit/prompt.py b/audit/prompt.py
index 7a7d98f..f3205ee 100644
--- a/audit/prompt.py
+++ b/audit/prompt.py
@@ -1,58 +1,51 @@
 SYSTEM_PROMPT = """
 You are a professional code audit security expert, responsible for helping users audit possible vulnerabilities and security issues in source code.
 You will perform code audits according to the following process:
-
 1. Query project structure
-You input the action command in the following format, and the user will send you the absolute path of all source files in the project below:
+You input the action command in the following format, and the user will send you the project structure below:
 <root>
 <action>QUERY STRUCTURE</action>
 <content></content>
 </root>
 
-2. Query the vulnerability detection rule base
-You input the action instructions in the following format, and the user will send you the vulnerability detection rule library extracted from Fortify as a reference for your code audit:
-<root>
-<action>QUERY FORTIFY</action>
-<content>The language you want to query, options are: c, cpp, go, php, jsp, java, python, javascript</content>
-</root>
-
-3. Query the source code
+2. Query the source code
 You input the action command in the following format, and the user will send you the source code you need below:
 <root>
 <action>QUERY SOURCE</action>
 <content>the absolute path of the file you want to query</content>
 </root>
 
-4. Output code audit results
+3. Output code audit results
 You input the code audit results in the following format, and the user will send you "ok", then you can proceed to the next step of the audit:
 <root>
 <action>OUTPUT RESULT</action>
 <content>the audit results you want to output</content>
 </root>
 
-5. Finish audit task
+4. Finish audit task
 When you are sure that all source code files have been audited, you can output the action instructions to end the task in the following format:
 <root>
 <action>FINISH TASK</action>
 <content></content>
 </root>
 
-All your output can only be one of the five actions mentioned above. Any other form of output is strictly prohibited.
+All your output can only be one of the 4 actions mentioned above. Any other form of output is strictly prohibited.
 
 
 Some additional information, which are some specifications when you perform actions:
-1. The format of the vulnerability detection rule base provided to you is as follows:
-{
-    'language':
-    'vuln_kingdom':
-    'vuln_category':
-}
+1. The project structure format sent to you is as follows. You need to construct the complete absolute path of the file you want to query based on these hierarchical relationships:
+- C:/Users/yvling/Desktop/test/
+  - dir_1/
+    - 1.php
+  - dir_2/
+    - 2.php
+    - dir_3/
+      - 3.php
 
-2. When you output the code audit results, you must use Chinese output and follow the following format:
-漏洞类型： 
-漏洞文件：
-相关代码： 
-修复建议：
+2. When you output the code audit results, you must use Chinese output and follow the following format(Python dict):
+{'漏洞类型': 'SQL Injection', '漏洞文件': 'main.java', '相关代码': '```java\nString id=request.getParameter("id");\nres = st.executeQuery("SELECT* FROM\"IWEBSEC\".\"user\" WHERE \"id\"="+id);\n```', '修复建议': 'your suggestions...'}
+
+Most important: Only output audit results with vulnerabilities, and prohibit output without vulnerabilities!
 
 Some Mandatory regulations:
 1. Output Format:
@@ -73,4 +66,5 @@ Some Mandatory regulations:
     b. High-risk vulnerabilities (such as injection and RCE) are handled first
     c. If multiple vulnerabilities are found in the same file, they need to be output multiple times
     d. For vulnerabilities that may span files, the audit can only begin after the relevant files have been queried as needed
+    e. Only output audit results with vulnerabilities, and prohibit output without vulnerabilities
 """
diff --git a/audit/rules.py b/audit/rules.py
deleted file mode 100644
index d8b3d0a..0000000
--- a/audit/rules.py
+++ /dev/null
@@ -1,10845 +0,0 @@
-FROTIFY_RULES = [
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"(?i)(NONCE_KEY|LOGGED_IN_KEY|AUTH_KEY|SECURE_AUTH_KEY)\"\n      and fc.arguments[2] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None:]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"(?i)(NONCE_KEY|LOGGED_IN_KEY|AUTH_KEY|SECURE_AUTH_KEY)\"\n   and arguments[2] is [Expression e:\n       e.constantValue is [None:]\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"(?i)(NONCE_KEY|LOGGED_IN_KEY|AUTH_KEY|SECURE_AUTH_KEY)\"\n      and fc.arguments[2] is [Expression e:\n   e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"(?i)(NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|SECURE_AUTH_SALT)\"\n   and arguments[2] is [Expression e:\n       not e.constantValue.None\n       and not e.constantValue is [None:]\n       and not e.constantValue == \"\"\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"(?i)(NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|SECURE_AUTH_SALT)\"\n   and arguments[2] is [Expression e:\n       e.constantValue is [None:]\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"(?i)(NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|SECURE_AUTH_SALT)\"\n   and arguments[2] is [Expression e:\n       e.constantValue == \"\"\n   ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Android Internal Storage",
-    "predicate": "\n   FunctionCall call:\n      call.function is [Function f:\n   f.name matches \"put.*\"\n   and f.enclosingClass.name == \"android.content.SharedPreferences$Editor\"\n      ]\n      and call.arguments[0].constantValue matches \"(?i).*token$|^ssn.*|.*ssn$|.social.*security.*|.*encrypt(?!ed).*|plaintext|cleartext|.*creditcard.*|.*card(num|no).*|.*cvv.*|.*pin$\"\n      and not call.enclosingClass contains [Function anyFunc:\n   anyFunc contains [FunctionCall:\n       possibleTargets contains [Function:\n    name == \"create\"\n    and enclosingClass.supers contains [Class:\n        name == \"androidx.security.crypto.EncryptedSharedPreferences\"\n    ]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Android Internal Storage",
-    "predicate": "\n  FunctionCall call:\n     call.function is [Function f:\n         f.name matches \"put.*\"\n         and f.enclosingClass.name == \"android.content.SharedPreferences$Editor\"\n     ]\n     and call.arguments[0].constantValue matches \"PUT_REGEX_HERE\"\n     and not call.enclosingClass contains [Function anyFunc:\n         anyFunc contains [FunctionCall:\n      possibleTargets contains [Function:\n          name == \"create\"\n          and enclosingClass.supers contains [Class:\n       name == \"androidx.security.crypto.EncryptedSharedPreferences\"\n          ]\n      ]\n         ]\n     ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Android Internal Storage",
-    "predicate": "\n  FunctionCall call:\n     call.function is [Function f:\n         f.name matches \"put.*\"\n         and f.enclosingClass.name == \"android.content.SharedPreferences$Editor\"\n     ]\n     and call.arguments[0].constantValue matches \"PUT_REGEX_HERE\"\n     and not call.enclosingClass contains [Function anyFunc:\n         anyFunc contains [FunctionCall:\n      possibleTargets contains [Function:\n          name == \"create\"\n          and enclosingClass.supers contains [Class:\n       name == \"androidx.security.crypto.EncryptedSharedPreferences\"\n          ]\n      ]\n         ]\n     ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Android Internal Storage",
-    "predicate": "\n   FunctionCall call:\n      call.function is [Function f:\n   f.name matches \"put.*\"\n   and f.enclosingClass.name == \"android.content.SharedPreferences$Editor\"\n      ]\n      and call.arguments[0].constantValue matches \"(?i).*pass(wd|word|phrase).*|.*token$|^ssn.*|.*ssn$|.social.*security.*|.*encrypt(?!ed).*|plaintext|cleartext|.*creditcard.*|.*card(num|no).*|.*cvv.*|.*pin$\"\n      and not call.enclosingClass contains [Function anyFunc:\n   anyFunc contains [FunctionCall:\n       possibleTargets contains [Function:\n    name == \"create\"\n    and enclosingClass.supers contains [Class:\n        name == \"androidx.security.crypto.EncryptedSharedPreferences\"\n    ]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   (constructor or name == \"init^\")\n   and enclosingClass.supers contains [Class:\n       name == \"androidx.credentials.CreatePasswordRequest\"\n   ]\n      ]\n      and arguments[1] is [Expression:\n   constantValue == \"\"\n      ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   (constructor or name == \"init^\")\n   and enclosingClass.supers contains [Class:\n       name == \"androidx.credentials.CreatePasswordRequest\"\n   ]\n      ]\n      and arguments[1] is [Expression:\n   constantValue matches \".+\"\n   and not constantValue is [None:]\n      ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privilege Management",
-    "vuln_subcategory": "Overriding Permission Verification",
-    "predicate": "\n  FunctionCall fc: fc.function is [Function f: f.name == \"invoke\" and f.enclosingClass is [Class: name == \"android.webkit.GeolocationPermissions$Callback\"]] and\n        fc.enclosingFunction is [Function: name == \"onGeolocationPermissionsShowPrompt\" and enclosingClass.supers contains [Class: name == \"android.webkit.WebChromeClient\"]] and\n        fc.arguments[1] is [BooleanLiteral b: b.value is true]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "Android Permission Check",
-    "predicate": "\n   FunctionCall call: call.function is [Function f: f.name matches \"checkCallingOrSelf(Uri)?Permission\" and\n          f.enclosingClass.name matches \"android\\.content\\.(Context|ContextWrapper)\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Code Injection",
-    "predicate": "\n        FunctionCall fc: fc.function.name == \"addJavascriptInterface\" and fc.function.enclosingClass.name == \"android.webkit.WebView\"\n      and fc.arguments[0].type.definition is [Class c: c.labels contains \"AndroidJavascriptVulnerable\"]*\n\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "Android Permission Check",
-    "predicate": "\n   FunctionCall call: call.function is [Function f: f.name matches \"checkCallingOrSelf(Uri)?Permission(s)?\" and\n          f.enclosingClass.name matches \"android\\.content\\.(Context|ContextWrapper)\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Overly Broad Certificate Trust",
-    "predicate": "\n  ReturnStatement:\n      enclosingFunction is [Function:\n   name == \"getAcceptedIssuers\"\n   and enclosingClass.directSupers contains [Class:\n       name == \"javax.net.ssl.X509TrustManager\"\n   ]\n      ]\n      and expression is [NoneLiteral: ]*\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Android Socket",
-    "predicate": "\n   FunctionCall call: call.function is [Function f: f.name matches \"createSocket\" and\n          f.enclosingClass.name == \"android.net.SSLCertificateSocketFactory\"] and\n        call.arguments[0].type.name is \"java.net.InetAddress\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Android Socket",
-    "predicate": "\n   FunctionCall call: call.function is [Function f: f.name matches \"getInsecure\" and\n          f.enclosingClass.name == \"android.net.SSLCertificateSocketFactory\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Android Customized Implementation",
-    "predicate": "\n      Class c: c.supers contains [Class sc: sc.name matches \"javax\\.net\\.ssl\\.X509TrustManager|org\\.apache\\.http\\.conn\\.ssl\\.SSLSocketFactory\"]\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n\n   FunctionCall call :  call.function is [Function f: f.name matches \"fromParts\" and\n            f.enclosingClass.name matches \"android\\.net\\.Uri\"] and\n          call.arguments[0].constantValue is [String s: s matches \"(?i)http.*\" ]\n\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n\n   FunctionCall call :  call.function is [Function f: f.name matches \"fromParts\" and\n            f.enclosingClass.name matches \"android\\.net\\.Uri\"] and\n          call.arguments[0].constantValue is [String s: s matches \"(?i)http.*\" ]\n\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Insecure Storage",
-    "vuln_subcategory": "Android World Readable or Writeable",
-    "predicate": "\n   FunctionCall call: call.function is [Function f: f.name matches \"(getSharedPreferences|getDir|openFileOutput|openOrCreateDatabase)\" and\n              f.enclosingClass.name matches \"android\\.content\\.(Context|ContextWrapper)\"] and\n        (call.arguments[1].constantValue matches \"1|2\" or call.arguments[1] is [Operation o: o.lhs.constantValue matches \"1|2\"\n                 or o.rhs.constantValue matches \"1|2\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Unreleased Resource",
-    "vuln_subcategory": "Android SQLite Database",
-    "predicate": "\n     /* An Android Activity class */\n     Class: supers contains [Class: name is \"android.app.Activity\"] and\n      /* ...that invokes the SQLiteOpenHelper class */\n      contains [Function: reaches [Function:\n   constructor and\n   enclosingClass.name is \"android.database.sqlite.SQLiteOpenHelper\"]* ] and\n      /* ...but does not have a stop/destroy method to properly close the connection */\n      not contains [Function: name matches \"on(Stop|Destroy)\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Unreleased Resource",
-    "vuln_subcategory": "Android SQLite Database",
-    "predicate": "\n     /* Find the pause/stop/destroy callback */\n     Function: name matches \"on(Pause|Stop|Destroy)\" and\n      /* ...of an Android Activity class */\n      enclosingClass.supers contains [Class: name is \"android.app.Activity\"] and\n      /* ...that invokes the SQLiteOpenHelper class */\n      enclosingClass contains [Function: reaches [Function:\n   constructor and\n   enclosingClass.name is \"android.database.sqlite.SQLiteOpenHelper\"]* ] and\n      /* ...but never invokes close() upon terminating the Activity */\n      not reaches [Function:\n   name is \"close\" and\n   enclosingClass.name is \"android.database.sqlite.SQLiteOpenHelper\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Unreleased Resource",
-    "vuln_subcategory": "Android Media",
-    "predicate": "\n     /* An Android Activity class */\n     Class: supers contains [Class: name is \"android.app.Activity\"] and\n      /* ...that constructs a media object */\n      contains [Function: reaches [Function:\n   (constructor or name is \"create\") and\n   enclosingClass.name matches \"android\\.media\\.(MediaRecorder|MediaPlayer|AudioRecord)\"]* ] and\n      /* ...but does not have a stop/destroy method to properly release the resource */\n      not contains [Function: name matches \"on(Stop|Destroy)\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Unreleased Resource",
-    "vuln_subcategory": "Android Media",
-    "predicate": "\n     /* Find the pause/stop/destroy callback */\n     Function: name matches \"on(Pause|Stop|Destroy)\" and\n      /* ...of an Android Activity class */\n      enclosingClass.supers contains [Class: name is \"android.app.Activity\"] and\n      /* ...that constructs a media object */\n      enclosingClass contains [Function: reaches [Function:\n   (constructor or name is \"create\") and\n   enclosingClass.name matches \"android\\.media\\.(MediaRecorder|MediaPlayer|AudioRecord)\"]* ] and\n      /* ...but never invokes release() upon terminating the Activity */\n      not reaches [Function:\n   name is \"release\" and\n   enclosingClass.name matches \"android\\.media\\.(MediaRecorder|MediaPlayer|AudioRecord)\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privilege Management",
-    "vuln_subcategory": "Missing API Permission",
-    "predicate": "\n  // anything that passes validation. Will be replaced or deleted entirely.\n  FunctionCall call: name == \"_FORTIFY_NON_EXISTENT_\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privilege Management",
-    "vuln_subcategory": "Missing API Permission",
-    "predicate": "\n  // anything that passes validation. Will be replaced or deleted entirely.\n  FunctionCall call: name == \"_FORTIFY_NON_EXISTENT_\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privilege Management",
-    "vuln_subcategory": "Missing API Permission",
-    "predicate": "\n  // anything that passes validation. Will be replaced or deleted entirely.\n  FunctionCall call: name == \"_FORTIFY_NON_EXISTENT_\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Android Bad Practices",
-    "vuln_subcategory": "Leftover Debug Code",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n   name == \"setWebContentsDebuggingEnabled\"\n   and enclosingClass.supers contains [Class:\n       name == \"android.webkit.WebView\"\n   ]\n      ]\n      and arguments[0].constantValue is [Boolean: is true]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  Class:\n      functions contains [Function:\n   name == \"onReceivedSslError\"\n   and enclosingClass.supers contains [Class:\n       name == \"android.webkit.WebViewClient\"\n   ]\n   and reaches [Function:\n       contains [FunctionCall:\n    possibleTargets contains [Function:\n        name == \"proceed\"\n        and enclosingClass.supers contains [Class:\n     name == \"android.webkit.SslErrorHandler\"\n        ]\n    ]\n       ]\n   ]\n   and not reaches [Function:\n       contains [FunctionCall:\n    possibleTargets contains [Function:\n        name == \"cancel\"\n        and enclosingClass.supers contains [Class:\n     name == \"android.webkit.SslErrorHandler\"\n        ]\n    ]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Android Bad Practices",
-    "vuln_subcategory": "Encryption Secret Held in Static Field",
-    "predicate": "\n  Field f:\n      static\n      and type.definition.supers contains [Class:\n   name == \"javax.crypto.SecretKey\"\n   or name == \"javax.crypto.spec.AlgorithmParameterSpec\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe Deserialization",
-    "predicate": "\n  Class exportActivity: /* TEMPLATED */\n      functions contains [Function:\n   contains [FunctionCall:\n       function.name matches \"getExtras|get(Boolean|Bundle|Byte|Char|CharSequence|Double|Float|Int|IntegerArrayList|Long|Parcelable|Serializable|Short|String|StringArrayList)?(Array)?Extra\"\n   ]*\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Fragment Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  Class exportedActivity: /* TEMPLATED */\n      supers contains [Class:\n   name == \"android.preference.PreferenceActivity\"\n      ]\n      and (\n   /* since it must be implemented, it indicates its a pre-KitKat app */\n   not functions contains [Function:\n       name == \"isValidFragment\"\n   ]\n   /* function always returns true in at least one path. No whitelisting is applied */\n   or functions contains [Function:\n       name == \"isValidFragment\"\n       and contains [ReturnStatement:\n    /* see bug 57773 */\n    expression.constantValue is [Boolean: is true]\n    or expression is [VariableAccess:\n        variable is [Variable:\n     uses contains [VariableAccess va:\n         enclosingStatement is [AssignmentStatement:\n      lhs is [VariableAccess va2: va2 is va]\n      and rhs.constantValues contains [Boolean: is true]\n         ]\n     ]\n        ]\n    ]\n       ]\n   ]\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Android Bad Practices",
-    "vuln_subcategory": "Leftover Debug Code",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass is [Class:\n       name == \"android.os.StrictMode.ThreadPolicy.Builder\"\n   ]\n      ]\n      or function is [Function:\n   name == \"forName\"\n   and enclosingClass.supers contains [Class:\n       name == \"java.lang.Class\"\n   ]\n   and fc.arguments[0].constantValue == \"android.os.StrictMode\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: \n  \tfa.field.name matches \"(?i)token|pin\"\n  \tand not fa.field.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyPassword\"\n  \t]\n  \tand fa in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === fa.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand rhs.constantValue == \"\"\n  \t]\n  \tand fa.field is [Field f:]*\n      and (\n   fa.field.type.name == \"java.lang.String\"\n   or fa.field.type.name == \"java.lang.StringBuffer\"\n   or fa.field.type.name == \"byte\"\n   or fa.field.type.name == \"char\"\n   or fa.field.type.name == \"kotlin.String\"\n   or fa.field.type.name == \"kotlin.ByteArray\"\n   or fa.field.type.name == \"kotlin.CharArray\"\n      )\n  \tand not fa.field.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t] \n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: \n  \tfa.field.name matches \"(?i)(.*token$|.*pin$)\"\n  \tand not fa.field.name matches \"(?i)token|pin\"\n  \tand fa in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === fa.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand rhs.constantValue == \"\"\n  \t]\n  \tand fa.field is [Field f:]*\n      and (\n   fa.field.type.name == \"java.lang.String\"\n   or fa.field.type.name == \"java.lang.StringBuffer\"\n   or fa.field.type.name == \"byte\"\n   or fa.field.type.name == \"char\"\n   or fa.field.type.name == \"kotlin.String\"\n   or fa.field.type.name == \"kotlin.ByteArray\"\n   or fa.field.type.name == \"kotlin.CharArray\"\n      )\n  \tand not fa.field.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t\tor type == T\"com.fortify.annotations.FortifyPassword\"\n  \t]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: \n  \tva.variable.name matches \"(?i)token|pin\"\n  \tand not va.variable.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyPassword\"\n  \t]\n  \tand va in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === va.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand rhs.constantValue == \"\"\n  \t]\n  \tand va.variable is [Variable v:]*\n      and (\n   va.variable.type.name == \"java.lang.String\"\n   or va.variable.type.name == \"java.lang.StringBuffer\"\n   or va.variable.type.name == \"byte\"\n   or va.variable.type.name == \"char\"\n   or va.variable.type.name == \"kotlin.String\"\n   or va.variable.type.name == \"kotlin.ByteArray\"\n   or va.variable.type.name == \"kotlin.CharArray\"\n      )\n  \tand not va.variable.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: \n  \tva.variable.name matches \"(?i)(.*token$|.*pin$)\"\n  \tand not va.variable.name matches \"(?i)token|pin\"\n  \tand va in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === va.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand rhs.constantValue == \"\"\n  \t]\n  \tand va.variable is [Variable v:]*\n      and (\n   va.variable.type.name == \"java.lang.String\"\n   or va.variable.type.name == \"java.lang.StringBuffer\"\n   or va.variable.type.name == \"byte\"\n   or va.variable.type.name == \"char\"\n   or va.variable.type.name == \"kotlin.String\"\n   or va.variable.type.name == \"kotlin.ByteArray\"\n   or va.variable.type.name == \"kotlin.CharArray\"\n      )\n  \tand not va.variable.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t\tor type == T\"com.fortify.annotations.FortifyPassword\"\n  \t]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: \n  \tfa.field.name matches \"(?i)token|pin\"\n  \tand not fa.field.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyPassword\"\n  \t]\n  \tand not fa.sourceLocation.None\n  \tand not fa.field.sourceLocation.None\n  \tand fa.sourceLocation.startLine != fa.field.sourceLocation.startLine\n  \tand fa in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === fa.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand rhs.constantValue is [None:]\n  \t]\n  \tand fa.field is [Field f:]*\n      and (\n   fa.field.type.name == \"java.lang.String\"\n   or fa.field.type.name == \"java.lang.StringBuffer\"\n   or fa.field.type.name == \"byte\"\n   or fa.field.type.name == \"char\"\n   or fa.field.type.name == \"kotlin.String\"\n   or fa.field.type.name == \"kotlin.ByteArray\"\n   or fa.field.type.name == \"kotlin.CharArray\"\n      )\n  \tand not fa.field.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t] \n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: \n  \tfa.field.name matches \"(?i)(.*token$|.*pin$)\"\n  \tand not fa.field.name matches \"(?i)token|pin\"\n  \tand not fa.sourceLocation.None\n  \tand not fa.field.sourceLocation.None\n  \tand fa.sourceLocation.startLine != fa.field.sourceLocation.startLine\n  \tand fa in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === fa.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand rhs.constantValue is [None:]\n  \t]\n  \tand fa.field is [Field f:]*\n      and (\n   fa.field.type.name == \"java.lang.String\"\n   or fa.field.type.name == \"java.lang.StringBuffer\"\n   or fa.field.type.name == \"byte\"\n   or fa.field.type.name == \"char\"\n   or fa.field.type.name == \"kotlin.String\"\n   or fa.field.type.name == \"kotlin.ByteArray\"\n   or fa.field.type.name == \"kotlin.CharArray\"\n      )\n  \tand not fa.field.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t\tor type == T\"com.fortify.annotations.FortifyPassword\"\n  \t]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: \n  \tva.variable.name matches \"(?i)token|pin\"\n  \tand not va.variable.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyPassword\"\n  \t]\n  \tand not va.sourceLocation.None\n  \tand not va.variable.sourceLocation.None\n  \tand va.sourceLocation.startLine != va.variable.sourceLocation.startLine\n  \tand va in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === va.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand rhs.constantValue is [None:]\n  \t]\n  \tand va.variable is [Variable v:]*\n      and (\n   va.variable.type.name == \"java.lang.String\"\n   or va.variable.type.name == \"java.lang.StringBuffer\"\n   or va.variable.type.name == \"byte\"\n   or va.variable.type.name == \"char\"\n   or va.variable.type.name == \"kotlin.String\"\n   or va.variable.type.name == \"kotlin.ByteArray\"\n   or va.variable.type.name == \"kotlin.CharArray\"\n      )\n  \tand not va.variable.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t] \n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: \n  \tva.variable.name matches \"(?i)(.*token$|.*pin$)\"\n  \tand not va.variable.name matches \"(?i)token|pin\"\n  \tand not va.sourceLocation.None\n  \tand not va.variable.sourceLocation.None\n  \tand va.sourceLocation.startLine != va.variable.sourceLocation.startLine\n  \tand va in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === va.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand rhs.constantValue is [None:]\n  \t]\n  \tand va.variable is [Variable v:]*\n      and (\n   va.variable.type.name == \"java.lang.String\"\n   or va.variable.type.name == \"java.lang.StringBuffer\"\n   or va.variable.type.name == \"byte\"\n   or va.variable.type.name == \"char\"\n   or va.variable.type.name == \"kotlin.String\"\n   or va.variable.type.name == \"kotlin.ByteArray\"\n   or va.variable.type.name == \"kotlin.CharArray\"\n      )\n      and not va.variable.annotations contains [Annotation: \n   type == T\"com.fortify.annotations.FortifyNotPassword\"\n   or type == T\"com.fortify.annotations.FortifyPassword\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: \n  \tfa.field.name matches \"(?i)token|pin\"\n  \tand not fa.field.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyPassword\"\n  \t]\n  \tand fa in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === fa.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand not rhs.constantValue is [None:]\n  \t\tand not rhs.constantValue == \"\"\n  \t]\n  \tand fa.field is [Field f:]*\n      and (\n   fa.field.type.name == \"java.lang.String\"\n   or fa.field.type.name == \"java.lang.StringBuffer\"\n   or fa.field.type.name == \"byte\"\n   or fa.field.type.name == \"char\"\n   or fa.field.type.name == \"kotlin.String\"\n   or fa.field.type.name == \"kotlin.ByteArray\"\n   or fa.field.type.name == \"kotlin.CharArray\"\n      )\n  \tand not fa.field.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: \n  \tfa.field.name matches \"(?i)(.*token$|.*pin$)\"\n  \tand not fa.field.name matches \"(?i)token|pin\"\n  \tand fa in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === fa.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand not rhs.constantValue is [None:]\n  \t\tand not rhs.constantValue == \"\"\n  \t]\n  \tand fa.field is [Field f:]*\n      and (\n       fa.field.type.name == \"java.lang.String\"\n   or fa.field.type.name == \"java.lang.StringBuffer\"\n   or fa.field.type.name == \"byte\"\n   or fa.field.type.name == \"char\"\n   or fa.field.type.name == \"kotlin.String\"\n   or fa.field.type.name == \"kotlin.ByteArray\"\n   or fa.field.type.name == \"kotlin.CharArray\"\n      ) and not fa.field.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t\tor type == T\"com.fortify.annotations.FortifyPassword\"\n  \t]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: \n  \tva.variable.name matches \"(?i)token|pin\"\n  \tand not va.variable.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyPassword\"\n  \t]\n  \tand va in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === va.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand not rhs.constantValue is [None:]\n  \t\tand not rhs.constantValue == \"\"\n  \t]\n  \tand va.variable is [Variable v:]*\n      and ( \n   va.variable.type.name == \"java.lang.String\"\n   or va.variable.type.name == \"java.lang.StringBuffer\"\n   or va.variable.type.name == \"byte\"\n   or va.variable.type.name == \"char\"\n   or va.variable.type.name == \"kotlin.String\"\n   or va.variable.type.name == \"kotlin.ByteArray\"\n   or va.variable.type.name == \"kotlin.CharArray\"\n      ) and not va.variable.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t] \n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: \n  \tva.variable.name matches \"(?i)(.*token$|.*pin$)\"\n  \tand not va.variable.name matches \"(?i)token|pin\"\n  \tand va in [AssignmentStatement: \n  \t\tlhs.location is [Location l: \n  \t\t\tl.transitiveBase === va.transitiveBase\n  \t\t]\n  \t\tand not rhs.constantValue.None\n  \t\tand not rhs.constantValue is [None:]\n  \t\tand not rhs.constantValue == \"\"\n  \t]\n  \tand va.variable is [Variable v:]*\n  \tand (va.variable.type.name == \"java.lang.String\"\n  \tor va.variable.type.name == \"java.lang.StringBuffer\"\n  \tor va.variable.type.name == \"byte\"\n      or va.variable.type.name == \"char\"\n      or va.variable.type.name == \"kotlin.String\"\n      or va.variable.type.name == \"kotlin.ByteArray\"\n      or va.variable.type.name == \"kotlin.CharArray\")\n  \tand not va.variable.annotations contains [Annotation: \n  \t\ttype == T\"com.fortify.annotations.FortifyNotPassword\"\n  \t\tor type == T\"com.fortify.annotations.FortifyPassword\"\n  \t] \n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: \n      call.function is [Function f: \n   f.enclosingClass.supers contains [Class c: c.name == \"java.lang.String\" or c.name == \"kotlin.String\"] \n   and (f.name == \"contentEquals\" or f.name matches \"(compareTo|equals)(IgnoreCase)?\")\n      ] and ( \n   (  \n       call.instance is [VariableAccess val: \n    val.variable.name matches \"(?i)(.*token$|.*pin$)\"\n    and not val.variable.name matches \"(?i)token|pin\"\n    and not val.variable.annotations contains [Annotation:\n        type == T\"com.fortify.annotations.FortifyPassword\" or\n        type == T\"com.fortify.annotations.FortifyNotPassword\"\n    ]\n       ] \n       and not call.arguments[0].constantValue.None and\n       not call.arguments[0].constantValue is [None: ] and\n       not call.arguments[0].constantValue == \"\"\n   ) or (\n       call.arguments[0] is [VariableAccess var: \n    var.variable.name matches \"(?i)(.*token$|.*pin$)\"\n    and not var.variable.name matches \"(?i)token|pin\"\n    and var.variable.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n    and not var.variable.annotations contains [Annotation:\n        type == T\"com.fortify.annotations.FortifyPassword\" or\n        type == T\"com.fortify.annotations.FortifyNotPassword\"\n    ]\n       ] \n       and not call.instance.constantValue.None and\n       not call.instance.constantValue is [None:] and\n       not call.instance.constantValue == \"\"\n   ) or (  \n       call.instance is [FieldAccess fal: \n    fal.field.name matches \"(?i)(.*token$|.*pin$)\"\n    and not fal.field.name matches \"(?i)token|pin\"\n    and not fal.field.annotations contains [Annotation:\n        type == T\"com.fortify.annotations.FortifyPassword\" or\n        type == T\"com.fortify.annotations.FortifyNotPassword\"\n    ]\n       ] \n       and not call.arguments[0].constantValue.None and\n       not call.arguments[0].constantValue is [None: ] and\n       not call.arguments[0].constantValue == \"\"\n   ) or ( \n       call.arguments[0] is [FieldAccess far: \n    far.field.name matches \"(?i)(.*token$|.*pin$)\" \n    and not far.field.name matches \"(?i)token|pin\" \n    and far.field.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n    and not far.field.annotations contains [Annotation:\n        type == T\"com.fortify.annotations.FortifyPassword\" or\n        type == T\"com.fortify.annotations.FortifyNotPassword\"\n    ] \n       ]\n       and not call.instance.constantValue.None and\n       not call.instance.constantValue is [None:] and\n       not call.instance.constantValue == \"\"\n   )\n      )\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n      FunctionCall call: \n   call.function is [Function f: \n       f.enclosingClass.supers contains [Class c: c.name == \"java.lang.String\" or c.name == \"kotlin.String\"] \n       and (f.name == \"contentEquals\" or f.name matches \"(compareTo|equals)(IgnoreCase)?\")\n   ] \n   and (\n       (\n    call.instance is [VariableAccess val:\n        val.variable.name matches \"(?i)token|pin\"\n        and not val.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"]\n        and not val.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"]\n    ] \n    and not call.arguments[0].constantValue.None and\n    not call.arguments[0].constantValue is [None: ] and\n    not call.arguments[0].constantValue == \"\"\n       ) or (  \n    call.arguments[0] is [VariableAccess var:\n        var.variable.name matches \"(?i)token|pin\" \n        and not var.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"]\n        and var.variable.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n        and not var.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"]\n    ] \n    and not call.instance.constantValue.None and\n    not call.instance.constantValue is [None:] and\n    not call.instance.constantValue == \"\"\n       ) or (  \n    call.instance is [FieldAccess fal:\n        fal.field.name matches \"(?i)token|pin\" \n        and not fal.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"]\n        and not fal.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"]\n    ] \n    and not call.arguments[0].constantValue.None and\n    not call.arguments[0].constantValue is [None: ] and\n    not call.arguments[0].constantValue == \"\"\n       ) or ( \n    call.arguments[0] is [FieldAccess far:\n        far.field.name matches \"(?i)token|pin\"\n        and not far.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"] \n        and far.field.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n        and not far.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"]\n    ] \n    and not call.instance.constantValue.None and\n    not call.instance.constantValue is [None:] and\n    not call.instance.constantValue == \"\"\n       )\n   )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Erroneous Zero Value",
-    "predicate": "\n  VariableAccess va:\n      (va.variable is [Variable v: annotations contains\n   [Annotation a: type == T\"com.fortify.annotations.FortifyNonZero\"]]) and\n      (va in [AssignmentStatement:\n   (lhs is va) and not\n   (rhs.partialConstantValues contains [Number: == 0])])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Erroneous Zero Value",
-    "predicate": "\n  FieldAccess fa:\n      (fa.field is [Field f: annotations contains\n   [Annotation a: type == T\"com.fortify.annotations.FortifyNonZero\"]]) and\n      (fa in [AssignmentStatement:\n   (lhs is fa) and not\n   (rhs.partialConstantValues contains [Number: == 0])])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Erroneous Negative Value",
-    "predicate": "\n  VariableAccess va:\n      (va.variable is [Variable v: annotations contains\n   [Annotation a: type == T\"com.fortify.annotations.FortifyNonNegative\"]]) and\n      (va in [AssignmentStatement:\n   (lhs is va) and not\n   (rhs.partialConstantValues contains [Number: < 0])])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Erroneous Negative Value",
-    "predicate": "\n  FieldAccess fa:\n      (fa.field is [Field f: annotations contains\n   [Annotation a: type == T\"com.fortify.annotations.FortifyNonNegative\"]]) and\n      (fa in [AssignmentStatement:\n   (lhs is fa) and not\n   (rhs.partialConstantValues contains [Number: < 0])])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Field",
-    "vuln_subcategory": None,
-    "predicate": "\n  FieldAccess fa: field is [Field f: annotations contains\n      [Annotation a:\n   type == T\"com.fortify.annotations.FortifyDangerous\" and\n   elements contains [AnnotationElement: key==\"value\" and value is [String s: s matches \"(?i)high\"]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Field",
-    "vuln_subcategory": None,
-    "predicate": "\n  FieldAccess fa: field is [Field f: annotations contains\n      [Annotation a:\n   type == T\"com.fortify.annotations.FortifyDangerous\" and\n   elements contains [AnnotationElement: key==\"value\" and value is [String s: s matches \"(?i)hot|critical\"]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Field",
-    "vuln_subcategory": None,
-    "predicate": "\n  FieldAccess fa: field is [Field f: annotations contains\n      [Annotation a:\n   type == T\"com.fortify.annotations.FortifyDangerous\" and\n   (\n       elements contains [AnnotationElement :\n    key == \"value\" and\n    value is [String s: s matches \"(?i)medium\"]\n       ]\n       or \n       elements.length == 0\n   )\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Field",
-    "vuln_subcategory": None,
-    "predicate": "\n  FieldAccess fa: field is [Field f: annotations contains\n      [Annotation a:\n   type == T\"com.fortify.annotations.FortifyDangerous\" and\n   elements contains [AnnotationElement: key==\"value\" and value is [String s: s matches \"(?i)info|low\"]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Method",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.function is\n      [Function f: annotations contains\n   [Annotation:\n       type == T\"com.fortify.annotations.FortifyDangerous\" and\n       elements contains [AnnotationElement : key == \"value\" and value is [String s: s matches \"(?i)high\"]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Method",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.function is\n      [Function f: annotations contains\n   [Annotation:\n       type == T\"com.fortify.annotations.FortifyDangerous\" and\n       elements contains [AnnotationElement : key == \"value\" and value is [String s: s matches \"(?i)hot|critical\"]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Method",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.function is\n      [Function f: annotations contains\n   [Annotation:\n       type == T\"com.fortify.annotations.FortifyDangerous\" and\n       (\n    elements contains [AnnotationElement :\n        key == \"value\" and\n        value is [String s: s matches \"(?i)medium\"]\n    ]\n    or \n    elements.length == 0\n       )\n   ]\n      ]\n  \n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Method",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.function is\n      [Function f: annotations contains\n   [Annotation:\n       type == T\"com.fortify.annotations.FortifyDangerous\" and\n       elements contains [AnnotationElement : key == \"value\" and value is [String s: s matches \"(?i)info|low\"]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f:\n     (parameters contains [Variable v: type is\n   [Type t: definition is\n       [Class c: annotations contains\n    [Annotation:\n        type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n        elements contains [AnnotationElement :\n     key == \"value\" and\n     value is [String s: s matches \"(?i)info|low\"]]]]]])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f:\n      (returnType is [Type t: definition is\n   [Class c: annotations contains\n       [Annotation:\n    type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n    elements contains [AnnotationElement :\n        key == \"value\" and\n        value is [String s: s matches \"(?i)info|low\"]]]]])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Field f: type is [Type t: definition is\n      [Class c: annotations contains\n   [Annotation:\n       type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n       elements contains [AnnotationElement :\n    key == \"value\" and\n    value is [String s: s matches \"(?i)info|low\"]]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Variable v: type is [Type t: definition is\n      [Class c: annotations contains\n   [Annotation:\n       type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n       elements contains [AnnotationElement :\n    key == \"value\" and\n    value is [String s: s matches \"(?i)info|low\"]]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f:\n      parameters contains [Variable v: type is\n   [Type t: definition is\n       [Class c: annotations contains\n    [Annotation:\n        type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n        (\n     elements contains [AnnotationElement :\n         key == \"value\" and\n         value is [String s: s matches \"(?i)medium\"]\n     ]\n     or \n     elements.length == 0\n        )\n    ]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f:\n      returnType is [Type t: definition is\n   [Class c: annotations contains\n       [Annotation:\n    type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n    (\n        elements contains [AnnotationElement :\n     key == \"value\" and\n     value is [String s: s matches \"(?i)medium\"]\n        ]\n        or \n        elements.length == 0\n    )\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Field f: type is [Type t: definition is\n      [Class c: annotations contains\n   [Annotation:\n       type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n       (\n    elements contains [AnnotationElement :\n        key == \"value\" and\n        value is [String s: s matches \"(?i)medium\"]\n    ]\n    or \n    elements.length == 0\n       )\n   ]\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Variable v: type is [Type t: definition is\n      [Class c: annotations contains\n   [Annotation:\n       type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n       (\n    elements contains [AnnotationElement :\n        key == \"value\" and\n        value is [String s: s matches \"(?i)medium\"]\n    ]\n    or \n    elements.length == 0\n       )\n   ]\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f:\n      (parameters contains [Variable v: type is\n   [Type t: definition is\n       [Class c: annotations contains\n    [Annotation:\n        type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n        elements contains [AnnotationElement :\n     key == \"value\" and\n     value is [String s: s matches \"(?i)high\"]]]]]])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f:\n      (parameters contains [Variable v: type is\n   [Type t: definition is\n       [Class c: annotations contains\n    [Annotation:\n        type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n        elements contains [AnnotationElement :\n     key == \"value\" and\n     value is [String s: s matches \"(?i)hot|critical\"]]]]]])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f:\n      (returnType is [Type t: definition is\n   [Class c: annotations contains\n       [Annotation:\n    type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n    elements contains [AnnotationElement :\n        key == \"value\" and\n        value is [String s: s matches \"(?i)high\"]]]]])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f:\n      (returnType is [Type t: definition is\n   [Class c: annotations contains\n       [Annotation:\n    type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n    elements contains [AnnotationElement :\n        key == \"value\" and\n        value is [String s: s matches \"(?i)hot|critical\"]]]]])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Field f: type is [Type t: definition is\n      [Class c: annotations contains\n   [Annotation:\n       type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n       elements contains [AnnotationElement :\n    key == \"value\" and\n    value is [String s: s matches \"(?i)high\"]]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Field f: type is [Type t: definition is\n      [Class c: annotations contains\n   [Annotation:\n       type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n       elements contains [AnnotationElement :\n    key == \"value\" and\n    value is [String s: s matches \"(?i)hot|critical\"]]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Variable v: type is [Type t: definition is\n      [Class c: annotations contains\n   [Annotation:\n       type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n       elements contains [AnnotationElement :\n    key == \"value\" and\n    value is [String s: s matches \"(?i)high\"]]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Dangerous Type",
-    "vuln_subcategory": None,
-    "predicate": "\n  Variable v: type is [Type t: definition is\n      [Class c: annotations contains\n   [Annotation:\n       type ==  T\"com.fortify.annotations.FortifyDangerous\" and\n       elements contains [AnnotationElement :\n    key == \"value\" and\n    value is [String s: s matches \"(?i)hot|critical\"]]]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement:\n       lhs.location is\n   [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec:]*] and\n       enclosingClass.supers contains\n   [Class: annotations contains [Annotation: type == T\"com.google.inject.Singleton\"]] and\n       not enclosingFunction is\n   /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n   [constructor or name matches \"init.*\" or\n   /* EXCEPTION: enclosing function takes ServletConfig as one of its parameters */\n   (parameterTypes.length > 0 and parameterTypes contains [name == \"javax.servlet.ServletConfig\"]) or\n   /* EXCEPTION: enclosing function is only reachable from a constructor */\n   (not public and not protected and\n       (callers.length == 0 or callers contains [constructor]) and\n        not callers contains [not constructor]) or\n   /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n   (name matches \"set.*\" and not callers contains [not constructor]) or\n   /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n   (callers.length != 0 and not callers contains [Function: not name matches \"init.*\"])]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Immutable Classes",
-    "vuln_subcategory": "Field Mutation",
-    "predicate": "\n  FunctionCall call:\n      (call.instance.location is [FieldAccess fa:\n   fa.field.enclosingClass.annotations contains\n       [Annotation: type == T\"net.jcip.annotations.Immutable\"] and\n   fa.field.type.definition.supers contains\n       [Class: name is \"java.util.Collections\"]]) and\n      (call.function.name matches \"add.*\" or\n       call.function.name matches \"remove.*\" or\n       call.function.name matches \"retain.*\" or\n       call.function.name matches \"set.*\" or\n       call.function.name matches \"put.*\" or\n       call.function.name == \"clear\" or\n       call.function.name == \"poll\" or\n       call.function.name == \"offer\") and\n      not (call.enclosingFunction.constructor or\n    call.enclosingFunction.destructor or\n    call.enclosingFunction.name == \"init^\")\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Immutable Classes",
-    "vuln_subcategory": "Public Mutable Fields",
-    "predicate": "\n  Field f:\n      f.enclosingClass.annotations contains\n   [Annotation: type == T\"net.jcip.annotations.Immutable\"] and\n      f.type.definition.supers contains\n   [Class: name is \"java.util.Collection\"] and\n      f.public\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Immutable Classes",
-    "vuln_subcategory": "Non-final Fields",
-    "predicate": "\n   Field f:\n      f.enclosingClass.annotations contains\n   [Annotation: type == T\"net.jcip.annotations.Immutable\"] and\n      not f.final\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Obsolete",
-    "vuln_subcategory": None,
-    "predicate": "\n  FieldAccess fa: field is [Field f: annotations contains\n      [Annotation a: type == T\"java.lang.Deprecated\"]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Obsolete",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.function is\n      [Function f: annotations contains\n   [Annotation : type == T\"java.lang.Deprecated\"]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Obsolete",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f:\n      (returnType is [Type t1: definition is\n   [Class c1: annotations contains\n       [Annotation: type == T\"java.lang.Deprecated\"]]]) or\n      (parameters contains [Variable v: type is\n   [Type t2: definition is\n       [Class c2: annotations contains\n    [Annotation: type == T\"java.lang.Deprecated\"]]]])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Obsolete",
-    "vuln_subcategory": None,
-    "predicate": "\n  Field f: type is [Type t: definition is\n      [Class c: annotations contains\n   [Annotation: type == T\"java.lang.Deprecated\"]]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Obsolete",
-    "vuln_subcategory": None,
-    "predicate": "\n  Variable v: type is [Type t: definition is\n      [Class c: annotations contains\n   [Annotation: type == T\"java.lang.Deprecated\"]]]\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"PUT_REGEX_HERE\" and fal.field.type.name == \"char\"] and\n      call.arguments[0].constantValue is [None:]\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"PUT_REGEX_HERE\" and far.field.type.name == \"char\"] and\n      call.arguments[1].constantValue is [None:]\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"PUT_REGEX_HERE\" and val.variable.type.name == \"char\"] and\n      call.arguments[0].constantValue is [None:]\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"PUT_REGEX_HERE\" and var.variable.type.name == \"char\"] and\n      call.arguments[1].constantValue is [None:]\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"PUT_REGEX_HERE\" and fal.field.type.name == \"char\"] and\n      call.arguments[0].constantValue is [None:]\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"PUT_REGEX_HERE\" and far.field.type.name == \"char\"] and\n      call.arguments[1].constantValue is [None:]\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"PUT_REGEX_HERE\" and val.variable.type.name == \"char\"] and\n      call.arguments[0].constantValue is [None:]\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"PUT_REGEX_HERE\" and var.variable.type.name == \"char\"] and\n      call.arguments[1].constantValue is [None:]\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"(?i)pass(wd|word)\" and fal.field.type.name == \"char\"] and\n      call.arguments[0].constantValue is [None:]\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"(?i)pass(wd|word)\" and far.field.type.name == \"char\"] and\n      call.arguments[1].constantValue is [None:]\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"(?i)pass(wd|word)\" and val.variable.type.name == \"char\"] and\n      call.arguments[0].constantValue is [None:]\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"(?i)pass(wd|word)\" and var.variable.type.name == \"char\"] and\n      call.arguments[1].constantValue is [None:]\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"PUT_REGEX_HERE\" and fal.field.type.name == \"char\"] and\n      call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"PUT_REGEX_HERE\" and far.field.type.name == \"char\"] and\n      call.arguments[1].constantValue == \"\"\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"PUT_REGEX_HERE\" and val.variable.type.name == \"char\"] and\n      call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"PUT_REGEX_HERE\" and var.variable.type.name == \"char\"] and\n      call.arguments[1].constantValue == \"\"\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"PUT_REGEX_HERE\" and fal.field.type.name == \"char\"] and\n      call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"PUT_REGEX_HERE\" and far.field.type.name == \"char\"] and\n      call.arguments[1].constantValue == \"\"\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"PUT_REGEX_HERE\" and val.variable.type.name == \"char\"] and\n      call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"PUT_REGEX_HERE\" and var.variable.type.name == \"char\"] and\n      call.arguments[1].constantValue == \"\"\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"(?i)pass(wd|word)\" and fal.field.type.name == \"char\"] and\n      call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"(?i)pass(wd|word)\" and far.field.type.name == \"char\"] and\n      call.arguments[1].constantValue == \"\"\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"(?i)pass(wd|word)\" and val.variable.type.name == \"char\"] and\n      call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"(?i)pass(wd|word)\" and var.variable.type.name == \"char\"] and\n      call.arguments[1].constantValue == \"\"\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n        or ( rhs.constantValue == 0 and lhs.location is [ArrayAccess aa: aa.index.constantValue == 0 ])\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n        or ( rhs.constantValue == 0 and lhs.location is [ArrayAccess aa: aa.index.constantValue == 0 ])\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n        or ( rhs.constantValue == 0 and lhs.location is [ArrayAccess aa: aa.index.constantValue == 0 ])\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n        or ( rhs.constantValue == 0 and lhs.location is [ArrayAccess aa: aa.index.constantValue == 0 ])\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n        or ( rhs.constantValue == 0 and lhs.location is [ArrayAccess aa: aa.index.constantValue == 0 ])\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n        or ( rhs.constantValue == 0 and lhs.location is [ArrayAccess aa: aa.index.constantValue == 0 ])\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"PUT_REGEX_HERE\" and fal.field.type.name == \"char\"] and\n      not call.arguments[0].constantValue.None and\n      not call.arguments[0].constantValue is [None:] and\n      not call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"PUT_REGEX_HERE\" and far.field.type.name == \"char\"] and\n      not call.arguments[1].constantValue.None and\n      not call.arguments[1].constantValue is [None:] and\n      not call.arguments[1].constantValue == \"\"\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"PUT_REGEX_HERE\" and val.variable.type.name == \"char\"] and\n      not call.arguments[0].constantValue.None and\n      not call.arguments[0].constantValue is [None:] and\n      not call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"PUT_REGEX_HERE\" and var.variable.type.name == \"char\"] and\n      not call.arguments[1].constantValue.None and\n      not call.arguments[1].constantValue is [None:] and\n      not call.arguments[1].constantValue == \"\"\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"PUT_REGEX_HERE\" and fal.field.type.name == \"char\"] and\n      not call.arguments[0].constantValue.None and\n      not call.arguments[0].constantValue is [None:] and\n      not call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"PUT_REGEX_HERE\" and far.field.type.name == \"char\"] and\n      not call.arguments[1].constantValue.None and\n      not call.arguments[1].constantValue is [None:] and\n      not call.arguments[1].constantValue == \"\"\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"PUT_REGEX_HERE\" and val.variable.type.name == \"char\"] and\n      not call.arguments[0].constantValue.None and\n      not call.arguments[0].constantValue is [None:] and\n      not call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"PUT_REGEX_HERE\" and var.variable.type.name == \"char\"] and\n      not call.arguments[1].constantValue.None and\n      not call.arguments[1].constantValue is [None:] and\n      not call.arguments[1].constantValue == \"\"\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"(?i)pass(wd|word)\" and fal.field.type.name == \"char\"] and\n      not call.arguments[0].constantValue.None and\n      not call.arguments[0].constantValue is [None:] and\n      not call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"(?i)pass(wd|word)\" and far.field.type.name == \"char\"] and\n      not call.arguments[1].constantValue.None and\n      not call.arguments[1].constantValue is [None:] and\n      not call.arguments[1].constantValue == \"\"\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"(?i)pass(wd|word)\" and val.variable.type.name == \"char\"] and\n      not call.arguments[0].constantValue.None and\n      not call.arguments[0].constantValue is [None:] and\n      not call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"(?i)pass(wd|word)\" and var.variable.type.name == \"char\"] and\n      not call.arguments[1].constantValue.None and\n      not call.arguments[1].constantValue is [None:] and\n      not call.arguments[1].constantValue == \"\"\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is [ArrayAccess aa1: aa1.base is\n           [VariableAccess val: val.variable.name matches \"PUT_REGEX_HERE\"]\n           and aa1.type is T\"char*\"] and\n           not operation.rhs.constantValue.None and\n           not operation.rhs.constantValue is [None:] and\n           not operation.rhs.constantValue == \"\" and\n           not operation.rhs.constantValue == 0\n         ) or (\n           operation.rhs.location is [ArrayAccess aa2: aa2.base is\n           [VariableAccess var: var.variable.name matches \"PUT_REGEX_HERE\"]\n           and aa2.type == T\"char\"] and\n           not operation.lhs.constantValue.None and\n           not operation.lhs.constantValue is [None:] and\n           not operation.lhs.constantValue == \"\" and\n           not operation.lhs.constantValue == 0\n         ) or (\n           operation.lhs.location is [ArrayAccess aa3: aa3.base is\n           [FieldAccess fal: fal.field.name matches \"PUT_REGEX_HERE\"]\n           and aa3.type == T\"char\"] and\n           not operation.rhs.constantValue.None and\n           not operation.rhs.constantValue is [None:] and\n           not operation.rhs.constantValue == \"\" and\n           not operation.rhs.constantValue == 0\n         ) or (\n           operation.rhs.location is [ArrayAccess aa4: aa4.base is\n           [FieldAccess far: far.field.name matches \"PUT_REGEX_HERE\"]\n           and aa4.type == T\"char\"] and\n           not operation.lhs.constantValue.None and\n           not operation.lhs.constantValue is [None:] and\n           not operation.lhs.constantValue == \"\" and\n           not operation.lhs.constantValue == 0\n           ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is [ArrayAccess aa1: aa1.base is\n           [VariableAccess val: val.variable.name matches \"PUT_REGEX_HERE\"]\n           and aa1.type is T\"char*\"] and\n           not operation.rhs.constantValue.None and\n           not operation.rhs.constantValue is [None:] and\n           not operation.rhs.constantValue == \"\" and\n           not operation.rhs.constantValue == 0\n         ) or (\n           operation.rhs.location is [ArrayAccess aa2: aa2.base is\n           [VariableAccess var: var.variable.name matches \"PUT_REGEX_HERE\"]\n           and aa2.type == T\"char\"] and\n           not operation.lhs.constantValue.None and\n           not operation.lhs.constantValue is [None:] and\n           not operation.lhs.constantValue == \"\" and\n           not operation.lhs.constantValue == 0\n         ) or (\n           operation.lhs.location is [ArrayAccess aa3: aa3.base is\n           [FieldAccess fal: fal.field.name matches \"PUT_REGEX_HERE\"]\n           and aa3.type == T\"char\"] and\n           not operation.rhs.constantValue.None and\n           not operation.rhs.constantValue is [None:] and\n           not operation.rhs.constantValue == \"\" and\n           not operation.rhs.constantValue == 0\n         ) or (\n           operation.rhs.location is [ArrayAccess aa4: aa4.base is\n           [FieldAccess far: far.field.name matches \"PUT_REGEX_HERE\"]\n           and aa4.type == T\"char\"] and\n           not operation.lhs.constantValue.None and\n           not operation.lhs.constantValue is [None:] and\n           not operation.lhs.constantValue == \"\" and\n           not operation.lhs.constantValue == 0\n           ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is [ArrayAccess aa1: aa1.base is\n           [VariableAccess val: val.variable.name matches \"(?i)pass(wd|word)\"]\n           and aa1.type is T\"char*\"] and\n           not operation.rhs.constantValue.None and\n           not operation.rhs.constantValue is [None:] and\n           not operation.rhs.constantValue == \"\" and\n           not operation.rhs.constantValue == 0\n         ) or (\n           operation.rhs.location is [ArrayAccess aa2: aa2.base is\n           [VariableAccess var: var.variable.name matches \"(?i)pass(wd|word)\"]\n           and aa2.type == T\"char\"] and\n           not operation.lhs.constantValue.None and\n           not operation.lhs.constantValue is [None:] and\n           not operation.lhs.constantValue == \"\" and\n           not operation.lhs.constantValue == 0\n         ) or (\n           operation.lhs.location is [ArrayAccess aa3: aa3.base is\n           [FieldAccess fal: fal.field.name matches \"(?i)pass(wd|word)\"]\n           and aa3.type == T\"char\"] and\n           not operation.rhs.constantValue.None and\n           not operation.rhs.constantValue is [None:] and\n           not operation.rhs.constantValue == \"\" and\n           not operation.rhs.constantValue == 0\n         ) or (\n           operation.rhs.location is [ArrayAccess aa4: aa4.base is\n           [FieldAccess far: far.field.name matches \"(?i)pass(wd|word)\"]\n           and aa4.type == T\"char\"] and\n           not operation.lhs.constantValue.None and\n           not operation.lhs.constantValue is [None:] and\n           not operation.lhs.constantValue == \"\" and\n           not operation.lhs.constantValue == 0\n           ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \"(?i).*pass(wd|word|phrase).*\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"(?i).*pass(wd|word).*\" and not fal.field.name matches \"(?i)pass(wd|word)\" and fal.field.type.name == \"char\"] and\n      call.arguments[0].constantValue is [None:]\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"(?i).*pass(wd|word).*\" and not far.field.name matches \"(?i)pass(wd|word)\" and far.field.type.name == \"char\"] and\n      call.arguments[1].constantValue is [None:]\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"(?i).*pass(wd|word).*\" and not val.variable.name matches \"(?i)pass(wd|word)\" and val.variable.type.name == \"char\"] and\n      call.arguments[0].constantValue is [None:]\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"(?i).*pass(wd|word).*\" and not var.variable.name matches \"(?i)pass(wd|word)\" and var.variable.type.name == \"char\"] and\n      call.arguments[1].constantValue is [None:]\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"(?i).*pass(wd|word).*\" and not fal.field.name matches \"(?i)pass(wd|word)\" and fal.field.type.name == \"char\"] and\n      call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"(?i).*pass(wd|word).*\" and not far.field.name matches \"(?i)pass(wd|word)\" and far.field.type.name == \"char\"] and\n      call.arguments[1].constantValue == \"\"\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"(?i).*pass(wd|word).*\" and not val.variable.name matches \"(?i)pass(wd|word)\" and val.variable.type.name == \"char\"] and\n      call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"(?i).*pass(wd|word).*\" and not var.variable.name matches \"(?i)pass(wd|word)\" and var.variable.type.name == \"char\"] and\n      call.arguments[1].constantValue == \"\"\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n        or ( rhs.constantValue == 0 and lhs.location is [ArrayAccess aa: aa.index.constantValue == 0 ])\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n        or ( rhs.constantValue == 0 and lhs.location is [ArrayAccess aa: aa.index.constantValue == 0 ])\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name matches \"(_)?(str|wcs|mbs|lstr)(n|i|ni|case)?cmp(_l|i)?\"] and\n    ((call.arguments[1] is [FieldAccess fal: fal.field.name matches \"(?i).*pass(wd|word).*\" and not fal.field.name matches \"(?i)pass(wd|word)\" and fal.field.type.name == \"char\"] and\n      not call.arguments[0].constantValue.None and\n      not call.arguments[0].constantValue is [None:] and\n      not call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [FieldAccess far: far.field.name matches \"(?i).*pass(wd|word).*\" and not far.field.name matches \"(?i)pass(wd|word)\" and far.field.type.name == \"char\"] and\n      not call.arguments[1].constantValue.None and\n      not call.arguments[1].constantValue is [None:] and\n      not call.arguments[1].constantValue == \"\"\n    ) or (\n      call.arguments[1] is [VariableAccess val: val.variable.name matches \"(?i).*pass(wd|word).*\" and not val.variable.name matches \"(?i)pass(wd|word)\" and val.variable.type.name == \"char\"] and\n      not call.arguments[0].constantValue.None and\n      not call.arguments[0].constantValue is [None:] and\n      not call.arguments[0].constantValue == \"\"\n    ) or (\n      call.arguments[0] is [VariableAccess var: var.variable.name matches \"(?i).*pass(wd|word).*\" and not var.variable.name matches \"(?i)pass(wd|word)\" and var.variable.type.name == \"char\"] and\n      not call.arguments[1].constantValue.None and\n      not call.arguments[1].constantValue is [None:] and\n      not call.arguments[1].constantValue == \"\"\n    ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is [ArrayAccess aa1: aa1.base is\n           [VariableAccess val: val.variable.name matches\n           \"(?i).*pass(wd|word).*\"\n           and not val.variable.name matches \"(?i)pass(wd|word)\"]\n           and aa1.type == T\"char\"] and\n           not operation.rhs.constantValue.None and\n           not operation.rhs.constantValue is [None:] and\n           not operation.rhs.constantValue == \"\" and\n           not operation.rhs.constantValue == 0\n         ) or (\n           operation.rhs.location is [ArrayAccess aa2: aa2.base is\n           [VariableAccess var: var.variable.name matches\n           \"(?i).*pass(wd|word).*\"\n           and not var.variable.name matches \"(?i)pass(wd|word)\"]\n           and aa2.type == T\"char\"] and\n           not operation.lhs.constantValue.None and\n           not operation.lhs.constantValue is [None:] and\n           not operation.lhs.constantValue == \"\" and\n           not operation.lhs.constantValue == 0\n         ) or (\n           operation.lhs.location is [ArrayAccess aa3: aa3.base is\n           [FieldAccess fal: fal.field.name matches\n           \"(?i).*pass(wd|word).*\"\n           and not fal.field.name matches \"(?i)pass(wd|word)\"]\n           and aa3.type == T\"char\"] and\n           not operation.rhs.constantValue.None and\n           not operation.rhs.constantValue is [None:] and\n           not operation.rhs.constantValue == \"\" and\n           not operation.rhs.constantValue == 0\n         ) or (\n           operation.rhs.location is [ArrayAccess aa4: aa4.base is\n           [FieldAccess far: far.field.name matches\n           \"(?i).*pass(wd|word).*\"\n           and not far.field.name matches \"(?i)pass(wd|word)\"]\n           and aa4.type == T\"char\"] and\n           not operation.lhs.constantValue.None and\n           not operation.lhs.constantValue is [None:] and\n           not operation.lhs.constantValue == \"\" and\n           not operation.lhs.constantValue == 0\n           ))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and fa.field is [Field f:]*\n    and fa.field.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue == 0\n    ] and va.variable is [Variable v:]*\n    and va.variable.type.name == \"char\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Out-of-Bounds Read",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.name == \"memchr\" and not fc.arguments[2].constantValue.None\n  "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.name == \"memchr\" and\n  ( ( fc.arguments[0] is [ArrayAccess ac0: base is [VariableAccess va0:\n  fc.arguments[2] is [FunctionCall fc0: fc0.name == \"strlen\" and fc0.arguments[0] is [ArrayAccess: base is va0]]]] ) or\n  ( fc.arguments[0] is [VariableAccess va1: variable is [Variable var1:\n  fc.arguments[2] is [FunctionCall fc1: fc1.name == \"strlen\" and fc1.arguments[0] is [VariableAccess va2: variable is [Variable var2: var2 === var1]]]]] ) or\n  ( fc.arguments[0] is [FieldAccess fa1: field is [Field fi1:\n  fc.arguments[2] is [FunctionCall fc2: fc2.name == \"strlen\" and fc2.arguments[0] is [FieldAccess fa2: field is [Field fi2: fi2 === fi1]]]]] ))\n  "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Arithmetic Operation on Boolean",
-    "predicate": "\n  Operation: op matches \"[+-/*%]\" and (\n   (lhs is [VariableAccess: variable.type.name matches \"bool.*\"] and\n    rhs is [VariableAccess: variable.type.name matches \"bool.*\"])\n   or\n   (lhs is [BooleanLiteral: ] and rhs is [BooleanLiteral: ])\n   or\n   (lhs is [VariableAccess: variable.type.name matches \"bool.*\"] and rhs is [BooleanLiteral: ])\n   or\n   (lhs is [BooleanLiteral: ] and rhs is [VariableAccess: variable.type.name matches \"bool.*\"])\n  )\n      "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Value Never Read",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: (not isIncrDecr) and (lhs.location is [Location l: l.transitiveBase === va.transitiveBase])]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and variable is\n  [Variable var: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and not sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp and not const]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Value Never Read",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: (not isIncrDecr) and (lhs.location is va)]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and variable is\n  [Variable var: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and not sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp and not const]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Redundant Initialization",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: lhs.location is va and rhs.constantValue.None]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and variable is\n  [Variable: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Value Never Read",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: lhs.location is va]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and variable is\n  [Variable: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and not sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Type Mismatch",
-    "vuln_subcategory": "Negative to Unsigned",
-    "predicate": "\n  AssignmentStatement: lhs is [Location: type.name matches \"unsigned.*\"]*\n      and rhs is [Expression: \n   type.name matches \"char|short|int|long\"\n   and constantValue is [Number n: n < 0]\n      ]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Type Mismatch",
-    "vuln_subcategory": "Signed to Unsigned",
-    "predicate": "\n  AssignmentStatement: lhs is [Location: type.name matches \"unsigned.*\"]*\n      and rhs is [Location l: type.name matches \"char|short|int|long\"\n   /* is not a constant value */\n   and constantValue.None\n   /* not some sort of length, which are usually false positives */\n   and not l is [FieldAccess: field.name matches \".*len(gth)?|.*size\" ]\n   and not l is [VariableAccess: variable.name matches \".*len(gth)?|.*size\"]\n      ]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Type Mismatch",
-    "vuln_subcategory": "Signed to Unsigned",
-    "predicate": "\n  AssignmentStatement: lhs is [Location: type.name matches \"unsigned.*\"]*\n      and rhs is [Location l: type.name matches \"char|short|int|long\"\n   /* is not a constant value */\n   and constantValue.None\n   /* not some sort of length, which are usually false positives */\n   and not l.name matches \".*len(gth)?|.*size\"\n   /* not a binary value from a synthetic if-else block */\n   and not (\n       l.constantValues.length == 2\n       and l.constantValues contains [Number: == 0]\n       and l.constantValues contains [Number: == 1]\n   )\n      ]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Type Mismatch",
-    "vuln_subcategory": "Signed to Unsigned",
-    "predicate": "\n     ReturnStatement rs:\n  rs.enclosingFunction is [Function: ]* and rs.enclosingFunction.returnType is\n      [name matches \"unsigned.*\" or indirectionLevel > 0]\n      /* Needed because literals are always signed. */\n      and not rs.expression.constantValue is [Number: >= 0]\n  and rs.expression.type is [\n      indirectionLevel == 0 and\n      name is [ == \"char\" or == \"short\" or == \"int\" or == \"long\"]]\n  /* Don't duplicate results caught by the \"Negative return value\" rule. */\n  and not rs.expression.partialConstantValues contains [Number: < 0]\n  and not rs.enclosingFunction contains [IfStatement:\n      expression is [Operation o:\n   rs.expression is [VariableAccess: variable is [Variable v: \n       (\n    o.lhs.location is [VariableAccess: \n        variable is v\n    ]\n    and o.op matches \">(=)?\"\n    and (\n        o.rhs.type.unsigned\n        or o.rhs.constantValue is [Number: >= 0]\n    )\n       )\n       or (\n    o.op matches \"<(=)?\"\n    and o.rhs.location is [VariableAccess:\n        variable is v\n    ]\n       )\n   ]]\n   or rs.expression is [FieldAccess: field is [Field f: \n       (\n    o.lhs.location is [FieldAccess: \n        field is f\n    ]\n    and o.op matches \">(=)?\"\n    and (\n        o.rhs.type.unsigned\n        or o.rhs.constantValue is [Number: >= 0]\n    )\n       )\n       or (\n    o.op matches \"<(=)?\"\n    and o.rhs.location is [FieldAccess: \n        field is f\n    ]\n       )\n   ]]\n      ]\n  ]\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Redundant Initialization",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and rhs.constantValue.None]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and variable is\n  [Variable var: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp and not const]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Redundant Initialization",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: lhs.location is va and rhs.constantValue.None]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and variable is\n  [Variable var: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp and not const]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Variable Never Used",
-    "predicate": "\n  Variable v: not enclosingFunction.None and uses.length == 0\n\t\tand not isTemp and not const and not sourceLocation.None and not sourceLocation.isMacroExpansion\n  and not (v in v.enclosingFunction.parameters)\n\t\tand is [Variable:]\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Function Not Invoked",
-    "predicate": "\n\t\tOperation: (op matches \"[!=><]=\" or op matches \"[<>]\") and (\n\t\t\t(lhs is [FunctionPointer: ] and (not rhs.constantValue.None))\n\t\t\tor\n\t\t\t((not lhs.constantValue.None) and rhs is [FunctionPointer: ])\n\t\t)\n      "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Variable Never Used",
-    "predicate": "\n  Variable v: not enclosingFunction.None and uses.length == 0\n\t\tand not isTemp and not sourceLocation.None and not sourceLocation.isMacroExpansion\n  and not (v in v.enclosingFunction.parameters)\n\t\tand is [Variable:]\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Type Mismatch",
-    "vuln_subcategory": "Negative to Unsigned",
-    "predicate": "\n     ReturnStatement:\n  enclosingFunction is [Function: ]* and enclosingFunction.returnType is\n      [name matches \"unsigned.*\" or indirectionLevel > 0]\n  and expression.partialConstantValues contains [Number: < 0]\n  /* If they've explictly casted the value, then don't report. */\n  and not expression.type is\n      [name matches \"unsigned.*\" or indirectionLevel > 0]\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Memory Leak",
-    "vuln_subcategory": "Reallocation",
-    "predicate": "\n  FunctionCall call: (call.function is [name == \"realloc\" or\n            name == \"_realloc_dbg\" or\n            name == \"g_try_realloc\" or\n            name == \"CoTaskMemRealloc\" or\n            name == \"GlobalReAlloc\" or\n            name == \"LocalReAlloc\" or\n            name == \"HeapReAlloc\"]* and\n       call in [AssignmentStatement: rhs === call and lhs == call.arguments[0] and\n         lhs.location is [VariableAccess: variable is [Variable:]*]])\n       or\n       (call.function is [name == \"g_try_renew\"]* and\n       call in [AssignmentStatement: rhs === call and lhs == call.arguments[1] and\n         lhs.location is [VariableAccess: variable is [Variable:]*]])\n       or\n       (call.function is [name == \"realloc\" or\n            name == \"_realloc_dbg\" or\n            name == \"g_try_realloc\" or\n            name == \"g_try_new\" or\n            name == \"CoTaskMemRealloc\" or\n            name == \"GlobalReAlloc\" or\n            name == \"LocalReAlloc\" or\n            name == \"HeapReAlloc\"]* and\n        not call in [AssignmentStatement:])\n      "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Memory Leak",
-    "vuln_subcategory": "Reallocation",
-    "predicate": "\n  FunctionCall call: (call.function is [name == \"realloc\" or\n            name == \"_realloc_dbg\" or\n            name == \"g_try_realloc\" or\n            name == \"CoTaskMemRealloc\" or\n            name == \"GlobalReAlloc\" or\n            name == \"LocalReAlloc\" or\n            name == \"HeapReAlloc\"]* and\n       call in [AssignmentStatement: rhs is call and lhs == call.arguments[0] and\n         lhs.location is [VariableAccess: variable is [Variable:]*]])\n       or\n       (call.function is [name == \"g_try_renew\"]* and\n       call in [AssignmentStatement: rhs is call and lhs == call.arguments[1] and\n         lhs.location is [VariableAccess: variable is [Variable:]*]])\n       or\n       (call.function is [name == \"realloc\" or\n            name == \"_realloc_dbg\" or\n            name == \"g_try_realloc\" or\n            name == \"g_try_new\" or\n            name == \"CoTaskMemRealloc\" or\n            name == \"GlobalReAlloc\" or\n            name == \"LocalReAlloc\" or\n            name == \"HeapReAlloc\"]* and\n        not call in [AssignmentStatement:])\n      "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "Insecure Compiler Optimization",
-    "vuln_subcategory": "Pointer Arithmetic",
-    "predicate": "\nOperation op1:\n(op1.op == \">=\" or op1.op == \">\" or op1.op == \"<=\" or op1.op == \"<\" )\nand\n(\n    op1.lhs.type.pointerDepth > 0\n    and\n    op1.rhs.type.pointerDepth > 0\n    and\n    (\n op1.lhs is\n [\n     Operation op2: op2.lhs is [VariableAccess lhsVa: op1.rhs is [VariableAccess rhsVa: lhsVa.variable.name == rhsVa.variable.name]]\n     or\n     op2.lhs is [Dereference: expression is [VariableAccess dLhsVa: op1.rhs is [VariableAccess: dLhsVa.variable.name == variable.name]]]\n ]\n or\n op1.rhs is [Operation op3: op3.lhs is [Dereference: expression is [VariableAccess dRhsVa: op1.lhs is [VariableAccess: variable.name == dRhsVa.variable.name]]]]\n    )\n)\n "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Type Mismatch",
-    "vuln_subcategory": "Integer to Character",
-    "predicate": "\n  AssignmentStatement ass: rhs is\n  [FunctionCall f: f.function.name matches \"^(getchar|f?getc)$\"]\n      and lhs.type.name matches \"^((unsigned|signed) )?char\"\n      and lhs is [VariableAccess varacc:]\n      and enclosingFunction contains\n      [Operation: op matches \"[!=]=|[<>]=?\"\n   and contains [VariableAccess varacc: ass.lhs is [VariableAccess: varacc.variable.name == variable.name]\n      ]\n  ]\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Undefined Behavior",
-    "vuln_subcategory": "File Pointer Dereference",
-    "predicate": "\n  AssignmentStatement stmt: stmt.lhs is [VariableAccess va:  va.type is [Type: name matches \"(?i)_*s*_*FILE\"]]* \n       and\n       /* Pointer deref is being translated as 'array access' for some reason, cover both potentials */\n      (stmt.rhs is [ArrayAccess ac: ac.type is [Type: name matches \"(?i)_*s*_*FILE\"]]* or \n       stmt.rhs is [Dereference d: d.type is [Type: name matches \"(?i)_*s*_*FILE\"]]*)\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Signature",
-    "vuln_subcategory": "XML Signature Secure Validation Disabled",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"setProperty\"\n   and enclosingClass.supers contains [Class:\n       name == \"java.util.Properties\"\n   ]\n      ]\n      and arguments[0].constantValue == \"org.jcp.xml.dsig.secureValidation\"\n      and arguments[1].constantValue != \"true\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"getBundle\" and\n     fc.function.enclosingClass.name matches \"java\\.util\\.ResourceBundle\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"newUpdater\" and\n     fc.function.enclosingClass.name matches \"java\\.util\\.concurrent\\.atomic\\.Atomic(Integer|Long|Reference)FieldUpdater\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"getBundle\" and\n     fc.function.enclosingClass.name matches \"java\\.util\\.ResourceBundle\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     not enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"newUpdater\" and\n     fc.function.enclosingClass.name matches \"java\\.util\\.concurrent\\.atomic\\.Atomic(Integer|Long|Reference)FieldUpdater\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     not enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "sun.misc.Unsafe",
-    "predicate": "\n  FunctionCall: function.enclosingClass.name == \"sun.misc.Unsafe\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Signature",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc:\n      (function.name == \"getInstance\")\n      and fc.function.enclosingClass.supers contains [Class:\n   name matches \"java\\.security\\.(AlgorithmParameters|KeyFactory)\"\n      ] and arguments[0].constantValue matches \"(?i).*DSA.*\"\n      and not arguments[0].constantValue matches \"(?i).*(ECDSA|EdDSA).*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Signature",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc:\n      (function.name == \"init^\" or function.constructor)\n      and fc.function.enclosingClass.supers contains [Class:\n   name matches \"java\\.security\\.(AlgorithmParameters|KeyFactory)\"\n      ] and arguments[2].constantValue matches \"(?i).*DSA.*\"\n      and not arguments[2].constantValue matches \"(?i).*(ECDSA|EdDSA).*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Signature",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc:\n      (function.name matches \"getInstance|init\\^\" or function.constructor)\n      and fc.function.enclosingClass.supers contains [Class:\n   name matches \"java\\.security\\.(KeyPairGenerator|Signature)\"\n      ] and arguments[0].constantValue matches \"(?i).*DSA.*\"\n      and not arguments[0].constantValue matches \"(?i).*(ECDSA|EdDSA).*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Signature",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function: contains [FunctionCall: \n      function.name == \"getInstance\"\n      and function.enclosingClass.supers contains [Class: name == \"java.security.KeyPairGenerator\"]\n      and arguments[0].constantValue matches \"(?i).*DSA.*\"\n      and not arguments[0].constantValue matches \"(?i).*(ECDSA|EdDSA).*\"\n  ] and contains [FunctionCall:\n      function.name == \"initialize\"\n      and arguments[0].constantValue is [Number: < 2048]\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe Deserialization",
-    "predicate": "\n  Class c: \n      not interface\n      and directSupers contains [Class:\n   interface\n   and directSupers contains [Class: name == \"java.rmi.Remote\"]\n   and functions contains [Function: \n       parameterTypes.length > 0\n       and parameterTypes contains [Type:\n    not primitive\n       ]\n   ]\n      ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    not fa.sourceLocation.None and\n    not fa.field.sourceLocation.None and\n    fa.sourceLocation.startLine != fa.field.sourceLocation.startLine and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue is [None:]]\n    and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: ((fa.field.name matches \"PUT_REGEX_HERE\") or\n    (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n    not fa.sourceLocation.None and\n    not fa.field.sourceLocation.None and\n    fa.sourceLocation.startLine != fa.field.sourceLocation.startLine and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue is [None:]]\n    and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: ((fa.field.name matches \"(?i)pass(wd|word)\") or\n    (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n    not fa.sourceLocation.None and\n    not fa.field.sourceLocation.None and\n    fa.sourceLocation.startLine != fa.field.sourceLocation.startLine and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue is [None:]]\n    and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va:  va.variable.name matches \"PUT_REGEX_HERE\" and\n        not va.sourceLocation.None and\n        not va.variable.sourceLocation.None and\n        va.sourceLocation.startLine != va.variable.sourceLocation.startLine and\n        va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and rhs.constantValue is [None:]]\n        and va.variable is [Variable v:]*\n       and ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: ((va.variable.name matches \"PUT_REGEX_HERE\") or\n        (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n        not va.sourceLocation.None and\n        not va.variable.sourceLocation.None and\n        va.sourceLocation.startLine != va.variable.sourceLocation.startLine and\n        va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and rhs.constantValue is [None:]]\n        and va.variable is [Variable v:]*\n       and ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: ((va.variable.name matches \"(?i)pass(wd|word)\") or\n        (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n        not va.sourceLocation.None and\n        not va.variable.sourceLocation.None and\n        va.sourceLocation.startLine != va.variable.sourceLocation.startLine and\n        va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and rhs.constantValue is [None:]]\n        and va.variable is [Variable v:]*\n       and ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue == \"\"]\n    and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: ((fa.field.name matches \"PUT_REGEX_HERE\") or\n    (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue == \"\"]\n    and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: ((fa.field.name matches \"(?i)pass(wd|word)\") or\n    (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue == \"\"]\n    and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va:  va.variable.name matches \"PUT_REGEX_HERE\" and\n        va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and rhs.constantValue == \"\"]\n        and va.variable is [Variable v:]*\n       and ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: ((va.variable.name matches \"PUT_REGEX_HERE\") or\n        (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n        va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and rhs.constantValue == \"\"]\n        and va.variable is [Variable v:]*\n       and ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: ((va.variable.name matches \"(?i)pass(wd|word)\") or\n        (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n        va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and rhs.constantValue == \"\"]\n        and va.variable is [Variable v:]*\n       and ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and\n    fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: ((fa.field.name matches \"PUT_REGEX_HERE\") or\n    (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and\n    fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: ((fa.field.name matches \"(?i)pass(wd|word)\") or\n    (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and\n    fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va:  va.variable.name matches \"PUT_REGEX_HERE\" and\n        va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and\n        va.variable is [Variable v:]* and\n       ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: ((va.variable.name matches \"PUT_REGEX_HERE\") or\n        (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n        va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and\n        va.variable is [Variable v:]* and\n       ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: ((va.variable.name matches \"(?i)pass(wd|word)\") or\n        (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n        va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and\n        va.variable is [Variable v:]* and\n       ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.enclosingClass.supers contains\n          [Class c: c.name == \"java.lang.String\" or c.name == \"kotlin.String\"] and\n          (f.name == \"contentEquals\" or f.name matches \"(compareTo|equals)(IgnoreCase)?\")] and\n       ( (  call.instance is [VariableAccess val:\n         val.variable.name matches \"PUT_REGEX_HERE\"\n         and not (val.variable.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         (  call.arguments[0] is [VariableAccess var:\n         var.variable.name matches \"PUT_REGEX_HERE\"\n         and var.variable.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (var.variable.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ) or\n         (  call.instance is [FieldAccess fal:\n      fal.field.name matches \"PUT_REGEX_HERE\"\n      and not (fal.field.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         ( call.arguments[0] is [FieldAccess far:\n         far.field.name matches \"PUT_REGEX_HERE\" and\n         far.field.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (far.field.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ))\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.enclosingClass.supers contains\n          [Class c: c.name == \"java.lang.String\" or c.name == \"kotlin.String\"] and\n          (f.name == \"contentEquals\" or f.name matches \"(compareTo|equals)(IgnoreCase)?\")] and\n       ( (  call.instance is [VariableAccess val:\n     ((val.variable.name matches \"PUT_REGEX_HERE\") or\n      (val.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"]))\n         and not (val.variable.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         (  call.arguments[0] is [VariableAccess var:\n     ((var.variable.name matches \"PUT_REGEX_HERE\") or\n      (var.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"]))\n         and var.variable.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (var.variable.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ) or\n         (  call.instance is [FieldAccess fal:\n     ((fal.field.name matches \"PUT_REGEX_HERE\") or\n      (fal.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"]))\n         and not (fal.field.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         ( call.arguments[0] is [FieldAccess far:\n     ((far.field.name matches \"PUT_REGEX_HERE\") or\n      (far.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n      far.field.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (far.field.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ))\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.enclosingClass.supers contains\n          [Class c: c.name == \"java.lang.String\" or c.name == \"kotlin.String\"] and\n          (f.name == \"contentEquals\" or f.name matches \"(compareTo|equals)(IgnoreCase)?\")] and\n       ( (  call.instance is [VariableAccess val:\n     ((val.variable.name matches \"(?i)pass(wd|word)\") or\n      (val.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"]))\n         and not (val.variable.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         (  call.arguments[0] is [VariableAccess var:\n     ((var.variable.name matches \"(?i)pass(wd|word)\") or\n      (var.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"]))\n         and var.variable.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (var.variable.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ) or\n         (  call.instance is [FieldAccess fal:\n     ((fal.field.name matches \"(?i)pass(wd|word)\") or\n      (fal.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"]))\n         and not (fal.field.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         ( call.arguments[0] is [FieldAccess far:\n     ((far.field.name matches \"(?i)pass(wd|word)\") or\n      (far.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyPassword\"])) and\n      far.field.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (far.field.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ))\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall: function is [Function: \n   (\n       name is \"put\" or \n       name is \"putIfAbsent\" or \n       name is \"merge\" or \n       name is \"replace\" \n   ) \n   and\n   enclosingClass.supers contains [Class: \n       name == \"java.util.Map\"\n   ]\n      ] \n      and arguments[0] is [Expression:\n   constantValue matches \"PUT_REGEX_HERE\"\n      ]\n      and (\n       (arguments[1] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ])\n   or\n       (arguments[2] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ])\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall: function is [Function: \n   (\n       name is \"put\" or \n       name is \"putIfAbsent\" or \n       name is \"merge\" or \n       name is \"replace\" \n   ) \n   and\n   enclosingClass.supers contains [Class: \n       name == \"java.util.Map\"\n   ]\n      ] \n      and arguments[0] is [Expression:\n   constantValue matches \"PUT_REGEX_HERE\"\n      ]\n      and (\n       (arguments[1] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ])\n   or\n       (arguments[2] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ])\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall: function is [Function: \n   (\n       name is \"put\" or \n       name is \"putIfAbsent\" or \n       name is \"merge\" or \n       name is \"replace\" \n   ) \n   and\n   enclosingClass.supers contains [Class: \n       name == \"java.util.Map\"\n   ]\n      ] \n      and arguments[0] is [Expression:\n   constantValue matches \"(?i).*pass(wd|word|phrase).*\"\n      ]\n      and (\n       (arguments[1] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ])\n   or\n       (arguments[2] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ])\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall: function is [Function: \n   name is \"of\" and\n   enclosingClass.supers contains [Class: \n       name == \"java.util.Map\"\n   ]\n      ] \n      and \n      (\n   (\n       arguments[0] is [Expression:\n    constantValue matches \"PUT_REGEX_HERE\"\n       ]\n       and \n       arguments[1] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[2] is [Expression:\n    constantValue matches \"PUT_REGEX_HERE\"\n       ]\n       and \n       arguments[3] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[4] is [Expression:\n    constantValue matches \"PUT_REGEX_HERE\"\n       ]\n       and \n       arguments[5] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[6] is [Expression:\n    constantValue matches \"PUT_REGEX_HERE\"\n       ]\n       and \n       arguments[7] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[8] is [Expression:\n    constantValue matches \"PUT_REGEX_HERE\"\n       ]\n       and \n       arguments[9] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall: function is [Function: \n   name is \"of\" and\n   enclosingClass.supers contains [Class: \n       name == \"java.util.Map\"\n   ]\n      ] \n      and \n      (\n   (\n       arguments[0] is [Expression:\n    constantValue matches \"PUT_REGEX_HERE\"\n       ]\n       and \n       arguments[1] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[2] is [Expression:\n    constantValue matches \"PUT_REGEX_HERE\"\n       ]\n       and \n       arguments[3] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[4] is [Expression:\n    constantValue matches \"PUT_REGEX_HERE\"\n       ]\n       and \n       arguments[5] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[6] is [Expression:\n    constantValue matches \"PUT_REGEX_HERE\"\n       ]\n       and \n       arguments[7] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[8] is [Expression:\n    constantValue matches \"PUT_REGEX_HERE\"\n       ]\n       and \n       arguments[9] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall: function is [Function: \n   name is \"of\" and\n   enclosingClass.supers contains [Class: \n       name == \"java.util.Map\"\n   ]\n      ]\n      and \n      (\n   (\n       arguments[0] is [Expression:\n    constantValue matches \"(?i).*pass(wd|word|phrase).*\"\n       ]\n       and \n       arguments[1] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[2] is [Expression:\n    constantValue matches \"(?i).*pass(wd|word|phrase).*\"\n       ]\n       and \n       arguments[3] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[4] is [Expression:\n    constantValue matches \"(?i).*pass(wd|word|phrase).*\"\n       ]\n       and \n       arguments[5] is [Expression:    \n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[6] is [Expression:\n    constantValue matches \"(?i).*pass(wd|word|phrase).*\"\n       ]\n       and \n       arguments[7] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n   or\n   (\n       arguments[8] is [Expression:\n    constantValue matches \"(?i).*pass(wd|word|phrase).*\"\n       ]\n       and \n       arguments[9] is [Expression:\n    constantValue matches \".+\" and\n    not constantValue.None and\n    not constantValue is [None: ] and\n    not constantValue == \"\"\n       ]\n   )\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \"(?i).*pass(wd|word|phrase).*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.function is [Function: \n   name == \"setProperty\"\n   and enclosingClass.supers contains [Class: \n       name == \"java.util.Properties\"\n   ]\n      ]\n      and arguments[0] is [Expression:\n   constantValue matches \"PUT_REGEX_HERE\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.function is [Function: \n   name == \"setProperty\"\n   and enclosingClass.supers contains [Class: \n       name == \"java.util.Properties\"\n   ]\n      ]\n      and arguments[0] is [Expression:\n   constantValue matches \"PUT_REGEX_HERE\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.function is [Function: \n   name == \"setProperty\"\n   and enclosingClass.supers contains [Class: \n       name == \"java.util.Properties\"\n   ]\n      ]\n      and arguments[0] is [Expression:\n   constantValue matches \"(?i).*pass(wd|word|phrase).*\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    not fa.sourceLocation.None and\n    not fa.field.sourceLocation.None and\n    fa.sourceLocation.startLine != fa.field.sourceLocation.startLine and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue is [None:]] and\n    fa.field is [Field f:]* and\n    (fa.field.type.name == \"java.lang.String\" or\n        fa.field.type.name == \"java.lang.StringBuffer\" or\n        fa.field.type.name == \"byte\" or\n        fa.field.type.name == \"char\" or\n        fa.field.type.name == \"kotlin.String\" or\n        fa.field.type.name == \"kotlin.ByteArray\" or\n        fa.field.type.name == \"kotlin.CharArray\") and\n    not (fa.field.annotations contains [Annotation:\n        type == T\"com.fortify.annotations.FortifyNotPassword\" or\n        type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n       not va.variable.name matches \"(?i)pass(wd|word)\" and\n       not va.sourceLocation.None and\n       not va.variable.sourceLocation.None and\n       va.sourceLocation.startLine != va.variable.sourceLocation.startLine and\n       va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue is [None:]] and\n       va.variable is [Variable v:]*\n       and (va.variable.type.name == \"java.lang.String\" or\n     va.variable.type.name == \"java.lang.StringBuffer\" or\n     va.variable.type.name == \"byte\" or\n     va.variable.type.name == \"char\" or\n     va.variable.type.name == \"kotlin.String\" or\n     va.variable.type.name == \"kotlin.ByteArray\" or\n     va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation:\n     type == T\"com.fortify.annotations.FortifyNotPassword\" or\n     type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: (fa.field.name matches \"(?i)pwd\") and\n    not fa.sourceLocation.None and\n    not fa.field.sourceLocation.None and\n    fa.sourceLocation.startLine != fa.field.sourceLocation.startLine and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue is [None:]]\n    and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or \n     fa.field.type.name == \"kotlin.ByteArray\" or \n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\" or type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    not fa.sourceLocation.None and\n    not fa.field.sourceLocation.None and\n    fa.sourceLocation.startLine != fa.field.sourceLocation.startLine and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue is [None:]] and\n    fa.field is [Field f:]* and\n    (fa.field.type.name == \"java.lang.String\" or\n        fa.field.type.name == \"java.lang.StringBuffer\" or\n        fa.field.type.name == \"byte\" or\n        fa.field.type.name == \"char\" or\n        fa.field.type.name == \"kotlin.String\" or \n        fa.field.type.name == \"kotlin.ByteArray\" or \n        fa.field.type.name == \"kotlin.CharArray\") and\n    not (fa.field.annotations contains [Annotation:\n        type == T\"com.fortify.annotations.FortifyNotPassword\" or\n        type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: (va.variable.name matches \"(?i)pwd\") and\n        not va.sourceLocation.None and\n        not va.variable.sourceLocation.None and\n        va.sourceLocation.startLine != va.variable.sourceLocation.startLine and\n        va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and rhs.constantValue is [None:]]\n        and va.variable is [Variable v:]*\n       and ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or \n         va.variable.type.name == \"kotlin.ByteArray\" or \n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\" or type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue == \"\"] and\n    fa.field is [Field f:]* and\n    (fa.field.type.name == \"java.lang.String\" or\n        fa.field.type.name == \"java.lang.StringBuffer\" or\n        fa.field.type.name == \"byte\" or\n        fa.field.type.name == \"char\" or\n        fa.field.type.name == \"kotlin.String\" or\n        fa.field.type.name == \"kotlin.ByteArray\" or\n        fa.field.type.name == \"kotlin.CharArray\") and\n    not (fa.field.annotations contains [Annotation:\n        type == T\"com.fortify.annotations.FortifyNotPassword\" or\n        type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n       not va.variable.name matches \"(?i)pass(wd|word)\" and\n       va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue == \"\"] and\n       va.variable is [Variable v:]*\n       and (va.variable.type.name == \"java.lang.String\" or\n     va.variable.type.name == \"java.lang.StringBuffer\" or\n     va.variable.type.name == \"byte\" or\n     va.variable.type.name == \"char\" or\n     va.variable.type.name == \"kotlin.String\" or\n     va.variable.type.name == \"kotlin.ByteArray\" or\n     va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation:\n     type == T\"com.fortify.annotations.FortifyNotPassword\" or\n     type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: (fa.field.name matches \"(?i)pwd\")\n    and fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue == \"\"]\n    and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or \n     fa.field.type.name == \"kotlin.ByteArray\" or \n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\" or type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue == \"\"] and\n    fa.field is [Field f:]* and\n    (fa.field.type.name == \"java.lang.String\" or\n        fa.field.type.name == \"java.lang.StringBuffer\" or\n        fa.field.type.name == \"byte\" or\n        fa.field.type.name == \"char\" or\n        fa.field.type.name == \"kotlin.String\" or \n        fa.field.type.name == \"kotlin.ByteArray\" or \n        fa.field.type.name == \"kotlin.CharArray\") and\n    not (fa.field.annotations contains [Annotation:\n        type == T\"com.fortify.annotations.FortifyNotPassword\" or\n        type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: (va.variable.name matches \"(?i)pwd\")\n        and va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and rhs.constantValue == \"\"]\n        and va.variable is [Variable v:]*\n       and ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or \n         va.variable.type.name == \"kotlin.ByteArray\" or \n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\" or type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and\n       not va.variable.name matches \"(?i)pwd\" and\n       va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n     and not rhs.constantValue.None and rhs.constantValue == \"\"] and\n       va.variable is [Variable v:]*\n       and (va.variable.type.name == \"java.lang.String\" or\n     va.variable.type.name == \"java.lang.StringBuffer\" or\n     va.variable.type.name == \"byte\" or\n     va.variable.type.name == \"char\" or\n     va.variable.type.name == \"kotlin.String\" or \n     va.variable.type.name == \"kotlin.ByteArray\" or \n     va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation:\n     type == T\"com.fortify.annotations.FortifyNotPassword\" or\n     type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\" ] and\n    fa.field is [Field f:]* and\n    (fa.field.type.name == \"java.lang.String\" or\n        fa.field.type.name == \"java.lang.StringBuffer\" or\n        fa.field.type.name == \"byte\" or\n        fa.field.type.name == \"char\" or\n        fa.field.type.name == \"kotlin.String\" or\n        fa.field.type.name == \"kotlin.ByteArray\" or\n        fa.field.type.name == \"kotlin.CharArray\") and\n    not (fa.field.annotations contains [Annotation:\n        type == T\"com.fortify.annotations.FortifyNotPassword\" or\n        type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n       not va.variable.name matches \"(?i)pass(wd|word)\" and\n       va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and\n       va.variable is [Variable v:]*\n       and (va.variable.type.name == \"java.lang.String\" or\n     va.variable.type.name == \"java.lang.StringBuffer\" or\n     va.variable.type.name == \"byte\" or\n     va.variable.type.name == \"char\" or\n     va.variable.type.name == \"kotlin.String\" or\n     va.variable.type.name == \"kotlin.ByteArray\" or\n     va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation:\n     type == T\"com.fortify.annotations.FortifyNotPassword\" or\n     type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.enclosingClass.supers contains\n          [Class c: c.name == \"java.lang.String\" or c.name == \"kotlin.String\"] and\n          (f.name == \"contentEquals\" or f.name matches \"(compareTo|equals)(IgnoreCase)?\")] and\n       ( (  call.instance is [VariableAccess val: val.variable.name matches \"(?i).*pass(wd|word).*\"\n         and not val.variable.name matches \"(?i)pass(wd|word)\"\n         and not (val.variable.annotations contains [Annotation:\n      type == T\"com.fortify.annotations.FortifyPassword\" or\n      type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         (  call.arguments[0] is [VariableAccess var: var.variable.name matches \"(?i).*pass(wd|word).*\"\n         and not var.variable.name matches \"(?i)pass(wd|word)\"\n         and var.variable.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (var.variable.annotations contains [Annotation:\n      type == T\"com.fortify.annotations.FortifyPassword\" or\n      type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ) or\n         (  call.instance is [FieldAccess fal: fal.field.name matches \"(?i).*pass(wd|word).*\" and\n         not fal.field.name matches \"(?i)pass(wd|word)\"\n         and not (fal.field.annotations contains [Annotation:\n      type == T\"com.fortify.annotations.FortifyPassword\" or\n      type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         ( call.arguments[0] is [FieldAccess far: far.field.name matches \"(?i).*pass(wd|word).*\" and\n         not far.field.name matches \"(?i)pass(wd|word)\" and\n      far.field.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (far.field.annotations contains [Annotation:\n      type == T\"com.fortify.annotations.FortifyPassword\" or\n      type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ))\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: (fa.field.name matches \"(?i)pwd\")\n    and fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and\n    fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"byte\" or\n     fa.field.type.name == \"char\" or\n     fa.field.type.name == \"kotlin.String\" or \n     fa.field.type.name == \"kotlin.ByteArray\" or \n     fa.field.type.name == \"kotlin.CharArray\")\n    and not (fa.field.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\" or type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n     and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\" ] and\n    fa.field is [Field f:]* and\n    (fa.field.type.name == \"java.lang.String\" or\n        fa.field.type.name == \"java.lang.StringBuffer\" or\n        fa.field.type.name == \"byte\" or\n        fa.field.type.name == \"char\" or\n        fa.field.type.name == \"kotlin.String\" or \n        fa.field.type.name == \"kotlin.ByteArray\" or \n        fa.field.type.name == \"kotlin.CharArray\") and\n    not (fa.field.annotations contains [Annotation:\n        type == T\"com.fortify.annotations.FortifyNotPassword\" or\n        type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: (va.variable.name matches \"(?i)pwd\")\n        and va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and\n        va.variable is [Variable v:]* and\n       ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"byte\" or\n         va.variable.type.name == \"char\" or\n         va.variable.type.name == \"kotlin.String\" or \n         va.variable.type.name == \"kotlin.ByteArray\" or \n         va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\" or type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and\n       not va.variable.name matches \"(?i)pwd\" and\n       va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]\n         and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and\n       va.variable is [Variable v:]*\n       and (va.variable.type.name == \"java.lang.String\" or\n     va.variable.type.name == \"java.lang.StringBuffer\" or\n     va.variable.type.name == \"byte\" or\n     va.variable.type.name == \"char\" or \n     va.variable.type.name == \"kotlin.String\" or \n     va.variable.type.name == \"kotlin.ByteArray\" or \n     va.variable.type.name == \"kotlin.CharArray\")\n       and not (va.variable.annotations contains [Annotation:\n     type == T\"com.fortify.annotations.FortifyNotPassword\" or\n     type == T\"com.fortify.annotations.FortifyPassword\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.enclosingClass.supers contains\n          [Class c: c.name == \"java.lang.String\" or c.name == \"kotlin.String\"] and\n          (f.name == \"contentEquals\" or f.name matches \"(compareTo|equals)(IgnoreCase)?\")] and\n       ( (  call.instance is [VariableAccess val: val.variable.name matches \"(?i).*pwd.*\"\n         and not val.variable.name matches \"(?i)pwd\"\n         and not (val.variable.annotations contains [Annotation:\n      type == T\"com.fortify.annotations.FortifyPassword\" or\n      type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         (  call.arguments[0] is [VariableAccess var: var.variable.name matches \"(?i).*pwd.*\"\n         and not var.variable.name matches \"(?i)pwd\"\n         and var.variable.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (var.variable.annotations contains [Annotation:\n      type == T\"com.fortify.annotations.FortifyPassword\" or\n      type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ) or\n         (  call.instance is [FieldAccess fal: fal.field.name matches \"(?i).*pwd.*\" and\n         not fal.field.name matches \"(?i)pwd\"\n         and not (fal.field.annotations contains [Annotation:\n      type == T\"com.fortify.annotations.FortifyPassword\" or\n      type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         ( call.arguments[0] is [FieldAccess far: far.field.name matches \"(?i).*pwd.*\" and\n         not far.field.name matches \"(?i)pwd\" and\n      far.field.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (far.field.annotations contains [Annotation:\n      type == T\"com.fortify.annotations.FortifyPassword\" or\n      type == T\"com.fortify.annotations.FortifyNotPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ))\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.enclosingClass.supers contains\n          [Class c: c.name == \"java.lang.String\" or c.name == \"kotlin.String\"] and\n          (f.name == \"contentEquals\" or f.name matches \"(compareTo|equals)(IgnoreCase)?\")] and\n       ( (  call.instance is [VariableAccess val:\n     (val.variable.name matches \"(?i)pwd\")\n         and not (val.variable.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"\n       or type == T\"com.fortify.annotations.FortifyPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         (  call.arguments[0] is [VariableAccess var:\n     (var.variable.name matches \"(?i)pwd\")\n         and var.variable.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (var.variable.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"\n       or type == T\"com.fortify.annotations.FortifyPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ) or\n         (  call.instance is [FieldAccess fal:\n     (fal.field.name matches \"(?i)pwd\")\n         and not (fal.field.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"\n       or type == T\"com.fortify.annotations.FortifyPassword\"])] and\n     not call.arguments[0].constantValue.None and\n     not call.arguments[0].constantValue is [None: ] and\n     not call.arguments[0].constantValue == \"\"\n     ) or\n         ( call.arguments[0] is [FieldAccess far:\n     (far.field.name matches \"(?i)pwd\")\n     and far.field.type.definition.supers contains [Class: name == \"java.lang.CharSequence\" or name == \"kotlin.CharSequence\"]\n         and not (far.field.annotations contains\n      [Annotation: type == T\"com.fortify.annotations.FortifyNotPassword\"\n       or type == T\"com.fortify.annotations.FortifyPassword\"])] and\n     not call.instance.constantValue.None and\n     not call.instance.constantValue is [None:] and\n     not call.instance.constantValue == \"\"\n     ))\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n    and not fa.sourceLocation.None\n    and not fa.field.sourceLocation.None\n    and fa.sourceLocation.startLine != fa.field.sourceLocation.startLine\n    and fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and rhs.constantValue is [None:]] and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and enclosingClass.supers contains [Class:\n     name matches \"java\\.util\\.(Map|Collection)\"]]\n        ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n    and not fa.sourceLocation.None\n    and not fa.field.sourceLocation.None\n    and fa.sourceLocation.startLine != fa.field.sourceLocation.startLine\n    and fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and rhs.constantValue is [None:]] and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and enclosingClass.supers contains [Class:\n     name matches \"java\\.util\\.(Map|Collection)\"]]\n        ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n    and not fa.sourceLocation.None\n    and not fa.field.sourceLocation.None\n    and fa.sourceLocation.startLine != fa.field.sourceLocation.startLine\n    and fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and rhs.constantValue is [None:]] and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and enclosingClass.supers contains [Class:\n     name matches \"java\\.util\\.(Map|Collection)\"]]\n        ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n    and not va.sourceLocation.None\n    and not va.variable.sourceLocation.None\n    and va.sourceLocation.startLine != va.variable.sourceLocation.startLine\n    and va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and rhs.constantValue is [None:]] and va.variable is [Variable v:]*\n       and\n       ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\" or\n         va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n        /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n        not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] is va and\n     fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n         enclosingClass.supers contains [Class:\n      name matches \"java\\.util\\.(Map|Collection)\"\n     ]\n     ]\n        ]\n        /* Exclude the case where key is passed to a func and then assigned to val*/\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)val(ue)?\"]\n     and rhs is [FunctionCall: arguments[0] is va]]\n        /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n     and rhs is [FunctionCall: function.name == \"getKey\" and\n         function.enclosingClass.supers contains [Class: \n      name == \"java.util.Map.Entry\"\n      or name == \"kotlin.collections.Map.Entry\"\n         ]\n     ]\n        ]\n        /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n     and rhs is [FunctionCall: function is [Function: \n      name == \"component1\"\n      and namespace.name == \"kotlin.collections\"\n      and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n         ]\n     ]\n        ]\n        /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n        and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n     and equalsFc.arguments contains va\n     and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n         and function.enclosingClass.supers contains [Class: \n      name == \"java.util.Map.Entry\"\n      or name == \"kotlin.collections.Map.Entry\"\n         ]\n         and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n     ]\n     ]\n        ]\n        /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n        and not va.enclosingFunction contains [FunctionCall redisFc: redisFc.arguments[0] == va\n     and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n        ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n    and not va.sourceLocation.None\n    and not va.variable.sourceLocation.None\n    and va.sourceLocation.startLine != va.variable.sourceLocation.startLine\n    and va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and rhs.constantValue is [None:]] and va.variable is [Variable v:]*\n       and\n       ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\" or\n         va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n        /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n        not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] is va and\n     fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n         enclosingClass.supers contains [Class:\n      name matches \"java\\.util\\.(Map|Collection)\"\n     ]\n     ]\n        ]\n        /* Exclude the case where key is passed to a func and then assigned to val*/\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)val(ue)?\"]\n     and rhs is [FunctionCall: arguments[0] is va]]\n        /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n     and rhs is [FunctionCall: function.name == \"getKey\" and\n         function.enclosingClass.supers contains [Class: \n      name == \"java.util.Map.Entry\"\n      or name == \"kotlin.collections.Map.Entry\"\n         ]\n     ]\n        ]\n        /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n     and rhs is [FunctionCall: function is [Function: \n      name == \"component1\"\n      and namespace.name == \"kotlin.collections\"\n      and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n         ]\n     ]\n        ]\n        /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n        and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n     and equalsFc.arguments contains va\n     and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n         and function.enclosingClass.supers contains [Class: \n      name == \"java.util.Map.Entry\"\n      or name == \"kotlin.collections.Map.Entry\"\n         ]\n         and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n     ]\n     ]\n        ]\n        /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n        and not va.enclosingFunction contains [FunctionCall redisFc: redisFc.arguments[0] == va\n     and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n        ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n    and not va.sourceLocation.None\n    and not va.variable.sourceLocation.None\n    and va.sourceLocation.startLine != va.variable.sourceLocation.startLine\n    and va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and rhs.constantValue is [None:]] and va.variable is [Variable v:]*\n       and\n       ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\" or\n         va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n        /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n        not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] is va and\n     fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n         enclosingClass.supers contains [Class:\n      name matches \"java\\.util\\.(Map|Collection)\"\n     ]\n     ]\n        ]\n        /* Exclude the case where key is passed to a func and then assigned to val*/\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)val(ue)?\"]\n     and rhs is [FunctionCall: arguments[0] is va]]\n        /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n     and rhs is [FunctionCall: function.name == \"getKey\" and\n         function.enclosingClass.supers contains [Class: \n      name == \"java.util.Map.Entry\"\n      or name == \"kotlin.collections.Map.Entry\"\n         ]\n     ]\n        ]\n        /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n     and rhs is [FunctionCall: function is [Function: \n      name == \"component1\"\n      and namespace.name == \"kotlin.collections\"\n      and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n         ]\n     ]\n        ]\n        /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n        and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n     and equalsFc.arguments contains va\n     and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n         and function.enclosingClass.supers contains [Class: \n      name == \"java.util.Map.Entry\"\n      or name == \"kotlin.collections.Map.Entry\"\n         ]\n         and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n     ]\n     ]\n        ]\n        /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n        and not va.enclosingFunction contains [FunctionCall redisFc: redisFc.arguments[0] == va\n     and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n        ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and rhs.constantValue == \"\"] and fa.field is [Field f:]*\n        and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and enclosingClass.supers contains [Class:\n     name matches \"java\\.util\\.(Map|Collection)\"]]\n        ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and rhs.constantValue == \"\"] and fa.field is [Field f:]*\n        and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and enclosingClass.supers contains [Class:\n     name matches \"java\\.util\\.(Map|Collection)\"]]\n        ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and rhs.constantValue == \"\"] and fa.field is [Field f:]*\n        and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and enclosingClass.supers contains [Class:\n     name matches \"java\\.util\\.(Map|Collection)\"]]\n        ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and rhs.constantValue == \"\"] and va.variable is [Variable v:]*\n     and (va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\" or\n         va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n         /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n         not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] is va and\n      fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n          enclosingClass.supers contains [Class:\n       name matches \"java\\.util\\.(Map|Collection)\"\n      ]\n      ]\n         ]\n         /* Exclude the case where key is passed to a func and then assigned to val*/\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)val(ue)?\"]\n      and rhs is [FunctionCall: arguments[0] is va]]\n         /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n      and rhs is [FunctionCall: function.name == \"getKey\" and\n          function.enclosingClass.supers contains [Class: \n       name == \"java.util.Map.Entry\"\n       or name == \"kotlin.collections.Map.Entry\"\n          ]\n      ]\n         ]\n         /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n      and rhs is [FunctionCall: function is [Function: \n       name == \"component1\"\n       and namespace.name == \"kotlin.collections\"\n       and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n          ]\n      ]\n         ]\n         /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n         and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n      and equalsFc.arguments contains va\n      and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n          and function.enclosingClass.supers contains [Class: \n       name == \"java.util.Map.Entry\"\n       or name == \"kotlin.collections.Map.Entry\"\n          ]\n          and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n      ]\n      ]\n         ]\n         /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n         and not va.enclosingFunction contains [FunctionCall redisFc: redisFc.arguments[0] == va\n      and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n         ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and rhs.constantValue == \"\"] and va.variable is [Variable v:]*\n     and (va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\" or\n         va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n         /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n         not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] is va and\n      fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n          enclosingClass.supers contains [Class:\n       name matches \"java\\.util\\.(Map|Collection)\"\n      ]\n      ]\n         ]\n         /* Exclude the case where key is passed to a func and then assigned to val*/\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)val(ue)?\"]\n      and rhs is [FunctionCall: arguments[0] is va]]\n         /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n      and rhs is [FunctionCall: function.name == \"getKey\" and\n          function.enclosingClass.supers contains [Class: \n       name == \"java.util.Map.Entry\"\n       or name == \"kotlin.collections.Map.Entry\"\n          ]\n      ]\n         ]\n         /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n      and rhs is [FunctionCall: function is [Function: \n       name == \"component1\"\n       and namespace.name == \"kotlin.collections\"\n       and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n          ]\n      ]\n         ]\n         /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n         and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n      and equalsFc.arguments contains va\n      and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n          and function.enclosingClass.supers contains [Class: \n       name == \"java.util.Map.Entry\"\n       or name == \"kotlin.collections.Map.Entry\"\n          ]\n          and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n      ]\n      ]\n         ]\n         /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n         and not va.enclosingFunction contains [FunctionCall redisFc: redisFc.arguments[0] == va\n      and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n         ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and rhs.constantValue == \"\"] and va.variable is [Variable v:]*\n     and (va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\" or\n         va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n         /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n         not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] is va and\n      fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n          enclosingClass.supers contains [Class:\n       name matches \"java\\.util\\.(Map|Collection)\"\n      ]\n      ]\n         ]\n         /* Exclude the case where key is passed to a func and then assigned to val*/\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)val(ue)?\"]\n      and rhs is [FunctionCall: arguments[0] is va]]\n         /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n      and rhs is [FunctionCall: function.name == \"getKey\" and\n          function.enclosingClass.supers contains [Class: \n       name == \"java.util.Map.Entry\"\n       or name == \"kotlin.collections.Map.Entry\"\n          ]\n      ]\n         ]\n         /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n      and rhs is [FunctionCall: function is [Function: \n       name == \"component1\"\n       and namespace.name == \"kotlin.collections\"\n       and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n          ]\n      ]\n         ]\n         /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n         and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n      and equalsFc.arguments contains va\n      and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n          and function.enclosingClass.supers contains [Class: \n       name == \"java.util.Map.Entry\"\n       or name == \"kotlin.collections.Map.Entry\"\n          ]\n          and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n      ]\n      ]\n         ]\n         /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n         and not va.enclosingFunction contains [FunctionCall redisFc: redisFc.arguments[0] == va\n      and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n         ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and fa.field is [Field f:]*\n        and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and\n      fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n          enclosingClass.supers contains [Class:\n       name matches \"java\\.util\\.(Map|Collection)\"\n          ]\n        ]\n      ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and fa.field is [Field f:]*\n        and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and\n      fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n          enclosingClass.supers contains [Class:\n       name matches \"java\\.util\\.(Map|Collection)\"\n          ]\n        ]\n      ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and fa.field is [Field f:]*\n        and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and\n      fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n          enclosingClass.supers contains [Class:\n       name matches \"java\\.util\\.(Map|Collection)\"\n          ]\n        ]\n      ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n      VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n        va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and va.variable is [Variable v:]*\n   and (va.variable.type.name == \"java.lang.String\" or\n     va.variable.type.name == \"java.lang.StringBuffer\" or\n     va.variable.type.name == \"kotlin.String\" or\n     va.variable.type.name == \"kotlin.ByteArray\" or\n     va.variable.type.name == \"kotlin.CharArray\" or\n     va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n        /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n        not va.enclosingFunction contains [FunctionCall: arguments[0] is va and\n   possibleTargets contains [Function f: name matches \"put|contains(Key)?|get(OrDefault)|remove|replace|add|(last)?indexOf|set\" and\n       enclosingClass.supers contains [Class:\n    name matches \"java\\.util\\.(Map|Collection)\"]]]\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)value\"]\n   and rhs is [FunctionCall: arguments[0] is va]]\n        /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n   and rhs is [FunctionCall: function.name == \"getKey\" and\n       function.enclosingClass.supers contains [Class: \n    name == \"java.util.Map.Entry\"\n    or name == \"kotlin.collections.Map.Entry\"\n       ]\n     ]\n   ]\n   /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n   and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n       and rhs is [FunctionCall: function is [Function: \n        name == \"component1\"\n        and namespace.name == \"kotlin.collections\"\n        and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n    ]\n       ]\n   ]\n   /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n   and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n       and equalsFc.arguments contains va\n       and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n    and function.enclosingClass.supers contains [Class: \n        name == \"java.util.Map.Entry\"\n        or name == \"kotlin.collections.Map.Entry\"\n    ]\n    and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n       ]\n     ]\n   ]\n   /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n   and not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] == va\n       and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n   ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n      VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n        va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and va.variable is [Variable v:]*\n   and (va.variable.type.name == \"java.lang.String\" or\n     va.variable.type.name == \"java.lang.StringBuffer\" or\n     va.variable.type.name == \"kotlin.String\" or\n     va.variable.type.name == \"kotlin.ByteArray\" or\n     va.variable.type.name == \"kotlin.CharArray\" or\n     va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n        /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n        not va.enclosingFunction contains [FunctionCall: arguments[0] is va and\n   possibleTargets contains [Function f: name matches \"put|contains(Key)?|get(OrDefault)|remove|replace|add|(last)?indexOf|set\" and\n       enclosingClass.supers contains [Class:\n    name matches \"java\\.util\\.(Map|Collection)\"]]]\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)value\"]\n   and rhs is [FunctionCall: arguments[0] is va]]\n        /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n   and rhs is [FunctionCall: function.name == \"getKey\" and\n       function.enclosingClass.supers contains [Class: \n    name == \"java.util.Map.Entry\"\n    or name == \"kotlin.collections.Map.Entry\"\n       ]\n     ]\n   ]\n   /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n   and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n       and rhs is [FunctionCall: function is [Function: \n        name == \"component1\"\n        and namespace.name == \"kotlin.collections\"\n        and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n    ]\n       ]\n   ]\n   /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n   and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n       and equalsFc.arguments contains va\n       and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n    and function.enclosingClass.supers contains [Class: \n        name == \"java.util.Map.Entry\"\n        or name == \"kotlin.collections.Map.Entry\"\n    ]\n    and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n       ]\n     ]\n   ]\n   /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n   and not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] == va\n       and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n   ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n      VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n        va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and va.variable is [Variable v:]*\n   and (va.variable.type.name == \"java.lang.String\" or\n     va.variable.type.name == \"java.lang.StringBuffer\" or\n     va.variable.type.name == \"kotlin.String\" or\n     va.variable.type.name == \"kotlin.ByteArray\" or\n     va.variable.type.name == \"kotlin.CharArray\" or\n     va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n        /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n        not va.enclosingFunction contains [FunctionCall: arguments[0] is va and\n   possibleTargets contains [Function f: name matches \"put|contains(Key)?|get(OrDefault)|remove|replace|add|(last)?indexOf|set\" and\n       enclosingClass.supers contains [Class:\n    name matches \"java\\.util\\.(Map|Collection)\"]]]\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)value\"]\n   and rhs is [FunctionCall: arguments[0] is va]]\n        /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n   and rhs is [FunctionCall: function.name == \"getKey\" and\n       function.enclosingClass.supers contains [Class: \n    name == \"java.util.Map.Entry\"\n    or name == \"kotlin.collections.Map.Entry\"\n       ]\n     ]\n   ]\n   /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n   and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n       and rhs is [FunctionCall: function is [Function: \n        name == \"component1\"\n        and namespace.name == \"kotlin.collections\"\n        and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n    ]\n       ]\n   ]\n   /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n   and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n       and equalsFc.arguments contains va\n       and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n    and function.enclosingClass.supers contains [Class: \n        name == \"java.util.Map.Entry\"\n        or name == \"kotlin.collections.Map.Entry\"\n    ]\n    and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n       ]\n     ]\n   ]\n   /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n   and not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] == va\n       and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n   ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n    and not fa.sourceLocation.None\n    and not fa.field.sourceLocation.None\n    and fa.sourceLocation.startLine != fa.field.sourceLocation.startLine\n    and fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and rhs.constantValue is [None:]] and fa.field is [Field f:]*\n     and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and enclosingClass.supers contains [Class:\n     name matches \"java\\.util\\.(Map|Collection)\"]]\n        ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n    and not va.sourceLocation.None\n    and not va.variable.sourceLocation.None\n    and va.sourceLocation.startLine != va.variable.sourceLocation.startLine\n    and va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and rhs.constantValue is [None:]] and va.variable is [Variable v:]*\n       and\n       ( va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\" or\n         va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n        /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n        not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] is va and\n     fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n         enclosingClass.supers contains [Class:\n      name matches \"java\\.util\\.(Map|Collection)\"\n     ]\n     ]\n        ]\n        /* Exclude the case where key is passed to a func and then assigned to val*/\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)val(ue)?\"]\n     and rhs is [FunctionCall: arguments[0] is va]]\n        /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n     and rhs is [FunctionCall: function.name == \"getKey\" and\n         function.enclosingClass.supers contains [Class: \n      name == \"java.util.Map.Entry\"\n      or name == \"kotlin.collections.Map.Entry\"\n         ]\n     ]\n        ]\n        /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n     and rhs is [FunctionCall: function is [Function: \n      name == \"component1\"\n      and namespace.name == \"kotlin.collections\"\n      and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n         ]\n     ]\n        ]\n        /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n        and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n     and equalsFc.arguments contains va\n     and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n         and function.enclosingClass.supers contains [Class: \n      name == \"java.util.Map.Entry\"\n      or name == \"kotlin.collections.Map.Entry\"\n         ]\n         and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n     ]\n     ]\n        ]\n        /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n        and not va.enclosingFunction contains [FunctionCall redisFc: redisFc.arguments[0] == va\n     and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n        ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and rhs.constantValue == \"\"] and fa.field is [Field f:]*\n        and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and enclosingClass.supers contains [Class:\n     name matches \"java\\.util\\.(Map|Collection)\"]]\n        ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and rhs.constantValue == \"\"] and va.variable is [Variable v:]*\n     and (va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\" or\n         va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n         /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n         not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] is va and\n      fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n          enclosingClass.supers contains [Class:\n       name matches \"java\\.util\\.(Map|Collection)\"\n      ]\n      ]\n         ]\n         /* Exclude the case where key is passed to a func and then assigned to val*/\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)val(ue)?\"]\n      and rhs is [FunctionCall: arguments[0] is va]]\n         /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n      and rhs is [FunctionCall: function.name == \"getKey\" and\n          function.enclosingClass.supers contains [Class: \n       name == \"java.util.Map.Entry\"\n       or name == \"kotlin.collections.Map.Entry\"\n          ]\n      ]\n         ]\n         /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n         and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n      and rhs is [FunctionCall: function is [Function: \n       name == \"component1\"\n       and namespace.name == \"kotlin.collections\"\n       and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n          ]\n      ]\n         ]\n         /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n         and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n      and equalsFc.arguments contains va\n      and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n          and function.enclosingClass.supers contains [Class: \n       name == \"java.util.Map.Entry\"\n       or name == \"kotlin.collections.Map.Entry\"\n          ]\n          and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n      ]\n      ]\n         ]\n         /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n         and not va.enclosingFunction contains [FunctionCall redisFc: redisFc.arguments[0] == va\n      and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n         ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is fa and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and fa.field is [Field f:]*\n        and (fa.field.type.name == \"java.lang.String\" or\n     fa.field.type.name == \"java.lang.StringBuffer\" or\n     fa.field.type.name == \"kotlin.String\" or\n     fa.field.type.name == \"kotlin.ByteArray\" or\n     fa.field.type.name == \"kotlin.CharArray\" or\n     fa.field.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n    /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n    not fa.enclosingClass contains[Function: contains [FunctionCall fc: fc.arguments[0] is fa and\n      fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n          enclosingClass.supers contains [Class:\n       name matches \"java\\.util\\.(Map|Collection)\"\n          ]\n        ]\n      ]\n    ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is va and not rhs.constantValue.None and not rhs.constantValue is [None:] and not rhs.constantValue == \"\"] and va.variable is [Variable v:]*\n     and (va.variable.type.name == \"java.lang.String\" or\n         va.variable.type.name == \"java.lang.StringBuffer\" or\n         va.variable.type.name == \"kotlin.String\" or\n         va.variable.type.name == \"kotlin.ByteArray\" or\n         va.variable.type.name == \"kotlin.CharArray\" or\n         va.variable.type is [Type: name matches \"byte|char\" and arrayDimensions > 0]) and\n        /* Exclude cases where 'key' is an arg to a Java Map/Collections function call */\n        not va.enclosingFunction contains [FunctionCall fc: fc.arguments[0] is va and\n   fc.possibleTargets contains [Function:name matches \"compute(IfPresent|IfAbsent)?|entry|equals|merge|of|put(ifAbsent)?|contains(Key)?|get(OrDefault)?|remove|replace|add|(last)?indexOf|set\" and\n       enclosingClass.supers contains [Class:\n    name matches \"java\\.util\\.(Map|Collection)\"\n     ]\n   ]\n        ]\n        /* Exclude the case where key is passed to a func and then assigned to val*/\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is [VariableAccess: variable.name matches \"(?i)val(ue)?\"]\n     and rhs is [FunctionCall: arguments[0] is va]]\n        /* Exclude cases where 'key' is returned by Map.Entry.getKey() */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n   and rhs is [FunctionCall: function.name == \"getKey\" and\n       function.enclosingClass.supers contains [Class: \n    name == \"java.util.Map.Entry\"\n    or name == \"kotlin.collections.Map.Entry\"\n       ]\n   ]\n        ]\n        /* Exclude cases where 'key' is returned by kotlin.collections.component1(Map.Entry), which is used for destructuring Map entries */\n        and not va.enclosingFunction contains [AssignmentStatement: lhs is va\n     and rhs is [FunctionCall: function is [Function: \n      name == \"component1\"\n      and namespace.name == \"kotlin.collections\"\n      and parameterTypes[0] is [Type: name == \"kotlin.collections.Map.Entry\"]\n         ]\n     ]\n        ]\n        /* Exclude cases where 'key' is compared to the return of Map.Entry.getKey() */\n        and not va.enclosingFunction contains [FunctionCall equalsFc: function.name == \"equals\"\n     and equalsFc.arguments contains va\n     and equalsFc.enclosingFunction contains [AssignmentStatement getKeyAs: getKeyAs.rhs is [FunctionCall getKeyFc: getKeyFc.function.name == \"getKey\"\n         and function.enclosingClass.supers contains [Class: \n    name == \"java.util.Map.Entry\"\n    or name == \"kotlin.collections.Map.Entry\"\n         ]\n         and equalsFc.instance is [VariableAccess va2: va2 == getKeyAs.lhs.location]\n     ]\n   ]\n        ]\n        /* Exclude cases where 'key' is used as an arg for a spring redis database operation */\n        and not va.enclosingFunction contains [FunctionCall redisFc: redisFc.arguments[0] == va\n     and function.enclosingClass.supers contains [Class: name matches \"org\\.springframework\\.data\\.redis\\.core\\.(\\w)+Operations\"]\n        ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"invoke\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.reflect\\.Method\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"newInstance\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.reflect\\.Constructor\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"(get|set).*\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.reflect\\.Field\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"get(Package|Packages)\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.Package\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"get(SystemClassLoader|Parent|ContextClassLoader)\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.(ClassLoader|Thread)\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"forName|newInstance|(get(Declared)?(Field|Method|Constructor|Classes)(s)?)\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.Class\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"invoke\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.reflect\\.Method\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     not enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"newInstance\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.reflect\\.Constructor\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     not enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"(get|set).*\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.reflect\\.Field\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     not enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"get(Package|Packages)\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.Package\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     not enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"get(SystemClassLoader|Parent|ContextClassLoader)\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.(ClassLoader|Thread)\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     not enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"forName|newInstance|(get(Declared)?(Field|Method|Constructor|Classes)(s)?)\" and\n     fc.function.enclosingClass.name matches \"java\\.lang\\.Class\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     not enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Android Bad Practices",
-    "vuln_subcategory": "Use of Internal APIs",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"forName\"\n   and enclosingClass.supers contains [Class:\n       name == \"java.lang.Class\"\n   ]\n      ]\n      and (\n   /* Interal APIs */\n   arguments[0].constantValue matches \".*\\.internal\\..*\"\n   /* Hidden APIs */\n   or arguments[0].constantValue is [String v:\n       v == \"android.net.wifi.ActionListener\"\n       or v == \"android.net.wifi.TxPacketCountListener\"\n       or v == \"android.net.wifi.LocalOnlyHotspotSubscription\"\n       or v == \"android.net.wifi.LocalOnlyHotspotObserver\"\n       or v == \"android.net.wifi.WifiScanner\"\n       or v == \"android.net.wifi.ActionListener\"\n       or v == \"android.net.wifi.HiddenNetwork\"\n       or v == \"android.net.wifi.PnoSettings\"\n       or v == \"android.net.wifi.PnoNetwork\"\n       or v == \"android.net.wifi.PnoScanListener\"\n       or v == \"android.net.wifi.WifiChangeSettings\"\n       or v == \"android.net.wifi.HotlistSettings\"\n       or v == \"android.net.wifi.OperationResult\"\n       or v == \"android.net.wifi.RssiPacketCountInfo\"\n       or v == \"android.net.wifi.WifiWakeReasonAndCounts\"\n       or v == \"android.net.wifi.RttManager\"\n       or v == \"android.net.wifi.RttClient\"\n       or v == \"android.net.wifi.WifiNetworkScoreCache\"\n       or v == \"android.net.wifi.aware.WifiAwareNetworkSpecifier\"\n       or v == \"android.net.wifi.aware.WifiAwareUtils\"\n       or v == \"android.net.wifi.aware.TlvBufferUtils\"\n       or v == \"android.net.wifi.aware.WifiAwareAgentNetworkSpecifier\"\n       or v == \"android.net.wifi.aware.ConfigRequest\"\n       or v == \"android.net.wifi.ParcelUtil\"\n       or v == \"android.net.wifi.WifiSsid\"\n       or v == \"android.net.wifi.WifiNetworkConnectionStatistics\"\n       or v == \"android.net.wifi.BatchedScanResult\"\n       or v == \"android.net.wifi.WifiLinkLayerStats\"\n       or v == \"android.net.wifi.EAPConstants\"\n       or v == \"android.net.wifi.SupplicantSaver\"\n       or v == \"android.net.wifi.SupplicantLoader\"\n       or v == \"android.net.wifi.PasspointManagementObjectDefinition\"\n       or v == \"android.net.wifi.Visibility\"\n       or v == \"android.net.wifi.NetworkSelectionStatus\"\n       or v == \"android.net.wifi.RecentFailure\"\n       or v == \"android.net.wifi.WifiConnectionStatistics\"\n       or v == \"android.net.wifi.WifiActivityEnergyInfo\"\n       or v == \"android.net.wifi.p2p.WifiP2pWfdInfo\"\n       or v == \"android.net.wifi.p2p.PersistentGroupInfoListener\"\n       or v == \"android.net.wifi.p2p.HandoverMessageListener\"\n       or v == \"android.net.wifi.p2p.WifiP2pProvDiscEvent\"\n       or v == \"android.net.wifi.p2p.WifiP2pGroupList\"\n       or v == \"android.net.wifi.p2p.nsd.WifiP2pServiceResponse\"\n       or v == \"android.net.wifi.p2p.nsd.WifiP2pDnsSdServiceResponse\"\n       or v == \"android.net.wifi.p2p.nsd.WifiP2pUpnpServiceResponse\"\n       or v == \"android.net.wifi.WifiChannel\"\n       or v == \"android.net.wifi.hotspot2.omadm.XMLNode\"\n       or v == \"android.net.wifi.hotspot2.omadm.XMLParser\"\n       or v == \"android.net.wifi.hotspot2.OsuProvider\"\n       or v == \"android.net.wifi.hotspot2.pps.UpdateParameter\"\n       or v == \"android.net.wifi.hotspot2.pps.Policy\"\n       or v == \"android.net.wifi.ScanSettings\"\n       or v == \"android.net.wifi.WpsResult\"\n       or v == \"android.net.wifi.InformationElement\"\n       or v == \"android.net.wifi.AnqpInformationElement\"\n       or v == \"android.drm.DrmOutputStream\"\n       or v == \"junit.framework.ComparisonCompactor\"\n       or v == \"com.google.vr.platform.DeviceInfo\"\n       or v == \"com.google.vr.platform.Dvr\"\n       or v == \"org.apache.http.conn.ssl.AndroidDistinguishedNameParser\"\n       or v == \"android.metrics.LogMaker\"\n       or v == \"android.metrics.MetricsReader\"\n       or v == \"android.metrics.Event\"\n       or v == \"android.metrics.LogReader\"\n       or v == \"android.database.CursorWindowAllocationException\"\n       or v == \"android.database.BulkCursorDescriptor\"\n       or v == \"android.database.BulkCursorNative\"\n       or v == \"android.database.sqlite.SQLiteDebug\"\n       or v == \"android.database.sqlite.SQLiteStatementInfo\"\n       or v == \"android.database.sqlite.SQLiteDirectCursorDriver\"\n       or v == \"android.database.sqlite.SQLiteGlobal\"\n       or v == \"android.database.sqlite.CustomFunction\"\n       or v == \"android.database.sqlite.SQLiteDatabaseConfiguration\"\n       or v == \"android.database.sqlite.SQLiteCustomFunction\"\n       or v == \"android.database.sqlite.SQLiteSession\"\n       or v == \"android.database.sqlite.DatabaseObjectNotClosedException\"\n       or v == \"android.database.sqlite.SQLiteConnectionPool\"\n       or v == \"android.database.sqlite.SQLiteConnection\"\n       or v == \"android.database.CursorToBulkCursorAdaptor\"\n       or v == \"android.database.IBulkCursor\"\n       or v == \"android.database.BulkCursorToCursorAdaptor\"\n       or v == \"android.transition.AnimationInfo\"\n       or v == \"android.transition.ChangeText\"\n       or v == \"android.transition.Rotate\"\n       or v == \"android.transition.Crossfade\"\n       or v == \"android.transition.TransitionUtils\"\n       or v == \"android.transition.Recolor\"\n       or v == \"android.webkit.JsDialogHelper\"\n       or v == \"android.webkit.WebViewFactory\"\n       or v == \"android.webkit.TokenBindingService\"\n       or v == \"android.webkit.WebViewDelegate\"\n       or v == \"android.webkit.WebViewProviderInfo\"\n       or v == \"android.webkit.UrlInterceptRegistry\"\n       or v == \"android.webkit.Plugin\"\n       or v == \"android.webkit.DefaultClickHandler\"\n       or v == \"android.webkit.WebViewUpdateService\"\n       or v == \"android.webkit.UrlInterceptHandler\"\n       or v == \"android.webkit.WebViewProvider\"\n       or v == \"android.webkit.PrivateAccess\"\n       or v == \"android.webkit.ResultReceiver\"\n       or v == \"android.webkit.WebViewProviderResponse\"\n       or v == \"android.webkit.WebViewZygote\"\n       or v == \"android.webkit.WebViewFactoryProvider\"\n       or v == \"android.webkit.PluginList\"\n       or v == \"android.webkit.FindAddress\"\n       or v == \"android.webkit.FindActionModeCallback\"\n       or v == \"android.webkit.PluginData\"\n       or v == \"android.webkit.UserPackage\"\n       or v == \"android.webkit.LegacyErrorStrings\"\n       or v == \"android.printservice.recommendation.RecommendationInfo\"\n       or v == \"android.printservice.recommendation.RecommendationService\"\n       or v == \"android.printservice.PrintServiceInfo\"\n       or v == \"android.hardware.SerialPort\"\n       or v == \"android.hardware.soundtrigger.SoundTrigger\"\n       or v == \"android.hardware.soundtrigger.KeyphraseEnrollmentInfo\"\n       or v == \"android.hardware.soundtrigger.SoundTriggerModule\"\n       or v == \"android.hardware.soundtrigger.KeyphraseMetadata\"\n       or v == \"android.hardware.radio.RadioManager\"\n       or v == \"android.hardware.radio.RadioMetadata\"\n       or v == \"android.hardware.radio.Clock\"\n       or v == \"android.hardware.radio.ProgramSelector\"\n       or v == \"android.hardware.radio.RadioTuner\"\n       or v == \"android.hardware.fingerprint.EnrollmentCallback\"\n       or v == \"android.hardware.fingerprint.RemovalCallback\"\n       or v == \"android.hardware.fingerprint.EnumerateCallback\"\n       or v == \"android.hardware.fingerprint.LockoutResetCallback\"\n       or v == \"android.hardware.fingerprint.Fingerprint\"\n       or v == \"android.hardware.SystemSensorManager\"\n       or v == \"android.hardware.input.InputDeviceIdentifier\"\n       or v == \"android.hardware.input.TouchCalibration\"\n       or v == \"android.hardware.input.OnTabletModeChangedListener\"\n       or v == \"android.hardware.input.KeyboardLayout\"\n       or v == \"android.hardware.input.InputManagerInternal\"\n       or v == \"android.hardware.CameraStatus\"\n       or v == \"android.hardware.location.GeofenceHardwareRequestParcelable\"\n       or v == \"android.hardware.location.NanoApp\"\n       or v == \"android.hardware.location.GeofenceHardwareRequest\"\n       or v == \"android.hardware.location.ActivityRecognitionEvent\"\n       or v == \"android.hardware.location.GeofenceHardwareCallback\"\n       or v == \"android.hardware.location.GeofenceHardwareService\"\n       or v == \"android.hardware.location.ContextHubInfo\"\n       or v == \"android.hardware.location.NanoAppFilter\"\n       or v == \"android.hardware.location.NanoAppInstanceInfo\"\n       or v == \"android.hardware.location.ActivityRecognitionHardware\"\n       or v == \"android.hardware.location.GeofenceHardwareMonitorEvent\"\n       or v == \"android.hardware.location.GeofenceHardware\"\n       or v == \"android.hardware.location.GeofenceHardwareImpl\"\n       or v == \"android.hardware.location.GeofenceHardwareMonitorCallback\"\n       or v == \"android.hardware.location.ContextHubMessage\"\n       or v == \"android.hardware.location.ActivityChangedEvent\"\n       or v == \"android.hardware.location.ContextHubManager\"\n       or v == \"android.hardware.location.ICallback\"\n       or v == \"android.hardware.location.MemoryRegion\"\n       or v == \"android.hardware.hdmi.HdmiClient\"\n       or v == \"android.hardware.hdmi.HdmiControlManager\"\n       or v == \"android.hardware.hdmi.HdmiTimerRecordSources\"\n       or v == \"android.hardware.hdmi.TimeUnit\"\n       or v == \"android.hardware.hdmi.Time\"\n       or v == \"android.hardware.hdmi.Duration\"\n       or v == \"android.hardware.hdmi.TimerInfo\"\n       or v == \"android.hardware.hdmi.TimerRecordSource\"\n       or v == \"android.hardware.hdmi.HdmiTvClient\"\n       or v == \"android.hardware.hdmi.HdmiHotplugEvent\"\n       or v == \"android.hardware.hdmi.HdmiRecordSources\"\n       or v == \"android.hardware.hdmi.RecordSource\"\n       or v == \"android.hardware.hdmi.OwnSource\"\n       or v == \"android.hardware.hdmi.AribData\"\n       or v == \"android.hardware.hdmi.AtscData\"\n       or v == \"android.hardware.hdmi.DvbData\"\n       or v == \"android.hardware.hdmi.DigitalChannelData\"\n       or v == \"android.hardware.hdmi.DigitalServiceSource\"\n       or v == \"android.hardware.hdmi.AnalogueServiceSource\"\n       or v == \"android.hardware.hdmi.ExternalPlugData\"\n       or v == \"android.hardware.hdmi.ExternalPhysicalAddress\"\n       or v == \"android.hardware.hdmi.HdmiPlaybackClient\"\n       or v == \"android.hardware.hdmi.HdmiDeviceInfo\"\n       or v == \"android.hardware.hdmi.HdmiRecordListener\"\n       or v == \"android.hardware.hdmi.TimerStatusData\"\n       or v == \"android.hardware.hdmi.HdmiPortInfo\"\n       or v == \"android.hardware.usb.UsbPortStatus\"\n       or v == \"android.hardware.usb.UsbPort\"\n       or v == \"android.hardware.display.DisplayManagerInternal\"\n       or v == \"android.hardware.display.DisplayManagerGlobal\"\n       or v == \"android.hardware.display.WifiDisplayStatus\"\n       or v == \"android.hardware.display.WifiDisplaySessionInfo\"\n       or v == \"android.hardware.display.DisplayViewport\"\n       or v == \"android.hardware.display.WifiDisplay\"\n       or v == \"android.hardware.SerialManager\"\n       or v == \"android.hardware.CameraInfo\"\n       or v == \"android.hardware.LegacySensorManager\"\n       or v == \"android.hardware.camera2.impl.ICameraDeviceUserWrapper\"\n       or v == \"android.hardware.camera2.impl.CaptureResultExtras\"\n       or v == \"android.hardware.camera2.utils.LongParcelable\"\n       or v == \"android.hardware.camera2.utils.UncheckedThrow\"\n       or v == \"android.hardware.camera2.utils.SubmitInfo\"\n       or v == \"android.hardware.camera2.params.StreamConfigurationDuration\"\n       or v == \"android.hardware.camera2.params.ReprocessFormatsMap\"\n       or v == \"android.hardware.camera2.params.HighSpeedVideoConfiguration\"\n       or v == \"android.hardware.camera2.params.VendorTagDescriptorCache\"\n       or v == \"android.hardware.camera2.params.VendorTagDescriptor\"\n       or v == \"android.hardware.camera2.params.StreamConfiguration\"\n       or v == \"android.net.NetworkStatsHistory\"\n       or v == \"android.net.metrics.RaEvent\"\n       or v == \"android.net.metrics.DefaultNetworkEvent\"\n       or v == \"android.net.metrics.WakeupEvent\"\n       or v == \"android.net.metrics.ConnectStats\"\n       or v == \"android.net.metrics.IpConnectivityLog\"\n       or v == \"android.net.metrics.DhcpClientEvent\"\n       or v == \"android.net.metrics.DnsEvent\"\n       or v == \"android.net.metrics.ValidationProbeEvent\"\n       or v == \"android.net.metrics.NetworkMetrics\"\n       or v == \"android.net.metrics.DhcpErrorEvent\"\n       or v == \"android.net.metrics.IpManagerEvent\"\n       or v == \"android.net.metrics.IpReachabilityEvent\"\n       or v == \"android.net.metrics.WakeupStats\"\n       or v == \"android.net.metrics.ApfProgramEvent\"\n       or v == \"android.net.metrics.ApfStats\"\n       or v == \"android.net.metrics.NetworkEvent\"\n       or v == \"android.net.Status\"\n       or v == \"android.net.PacketKeepaliveCallback\"\n       or v == \"android.net.PacketKeepalive\"\n       or v == \"android.net.OnStartTetheringCallback\"\n       or v == \"android.net.Errors\"\n       or v == \"android.net.TooManyRequestsException\"\n       or v == \"android.net.DataUsageRequest\"\n       or v == \"android.net.IpConfiguration\"\n       or v == \"android.net.InterfaceConfiguration\"\n       or v == \"android.net.SntpClient\"\n       or v == \"android.net.IpSecTransformResponse\"\n       or v == \"android.net.ScoredNetwork\"\n       or v == \"android.net.NetworkKey\"\n       or v == \"android.net.NetworkIdentity\"\n       or v == \"android.net.NetworkPolicy\"\n       or v == \"android.net.NetworkUtils\"\n       or v == \"android.net.DhcpResults\"\n       or v == \"android.net.StaticIpConfiguration\"\n       or v == \"android.net.MatchAllNetworkSpecifier\"\n       or v == \"android.net.NetworkPolicyManager\"\n       or v == \"android.net.NetworkScoreManager\"\n       or v == \"android.net.StringNetworkSpecifier\"\n       or v == \"android.net.MobileLinkQualityInfo\"\n       or v == \"android.net.LinkQualityInfo\"\n       or v == \"android.net.NetworkConfig\"\n       or v == \"android.net.NetworkStats\"\n       or v == \"android.net.RssiCurve\"\n       or v == \"android.net.PacProxySelector\"\n       or v == \"android.net.EthernetManager\"\n       or v == \"android.net.UidRange\"\n       or v == \"android.net.IpSecSpiResponse\"\n       or v == \"android.net.NetworkTemplate\"\n       or v == \"android.net.NetworkState\"\n       or v == \"android.net.WifiLinkQualityInfo\"\n       or v == \"android.net.NetworkQuotaInfo\"\n       or v == \"android.net.WifiKey\"\n       or v == \"android.net.wimax.WimaxManagerConstants\"\n       or v == \"android.net.NetworkMisc\"\n       or v == \"android.net.ConnectivityMetricsEvent\"\n       or v == \"android.net.ConnectivityThread\"\n       or v == \"android.net.NetworkAgent\"\n       or v == \"android.net.IpSecUdpEncapResponse\"\n       or v == \"android.net.CompareResult\"\n       or v == \"android.net.IpSecConfig\"\n       or v == \"android.net.NetworkRecommendationProvider\"\n       or v == \"android.net.NetworkScorerAppData\"\n       or v == \"android.net.nsd.DnsSdTxtRecord\"\n       or v == \"android.net.NetworkFactory\"\n       or v == \"android.app.ActivityManagerNative\"\n       or v == \"android.app.BackStackRecord\"\n       or v == \"android.app.PackageInstallObserver\"\n       or v == \"android.app.LoadedApk\"\n       or v == \"android.app.StackId\"\n       or v == \"android.app.TaskThumbnailInfo\"\n       or v == \"android.app.TaskThumbnail\"\n       or v == \"android.app.TaskSnapshot\"\n       or v == \"android.app.StackInfo\"\n       or v == \"android.app.OnUidImportanceListener\"\n       or v == \"android.app.assist.AutofillOverlay\"\n       or v == \"android.app.TranslucentConversionListener\"\n       or v == \"android.app.ActivityManagerInternal\"\n       or v == \"android.app.ApplicationPackageManager\"\n       or v == \"android.app.MoveCallbackDelegate\"\n       or v == \"android.app.WaitResult\"\n       or v == \"android.app.UiAutomationConnection\"\n       or v == \"android.app.timezone.RulesManager\"\n       or v == \"android.app.timezone.RulesState\"\n       or v == \"android.app.timezone.Callback\"\n       or v == \"android.app.timezone.DistroFormatVersion\"\n       or v == \"android.app.timezone.DistroRulesVersion\"\n       or v == \"android.app.timezone.RulesUpdaterContract\"\n       or v == \"android.app.VrManager\"\n       or v == \"android.app.ActivityView\"\n       or v == \"android.app.ActivityThread\"\n       or v == \"android.app.ContentProviderHolder\"\n       or v == \"android.app.BroadcastOptions\"\n       or v == \"android.app.JobSchedulerImpl\"\n       or v == \"android.app.ResultInfo\"\n       or v == \"android.app.TvExtender\"\n       or v == \"android.app.UserSwitchObserver\"\n       or v == \"android.app.admin.PasswordMetrics\"\n       or v == \"android.app.admin.PolicyInfo\"\n       or v == \"android.app.admin.DevicePolicyManagerInternal\"\n       or v == \"android.app.ResourcesManager\"\n       or v == \"android.app.PackageOps\"\n       or v == \"android.app.OpEntry\"\n       or v == \"android.app.OnOpChangedInternalListener\"\n       or v == \"android.app.QueuedWork\"\n       or v == \"android.app.ServiceStartArgs\"\n       or v == \"android.app.usage.TimeSparseArray\"\n       or v == \"android.app.usage.UsageStatsManagerInternal\"\n       or v == \"android.app.usage.CacheQuotaService\"\n       or v == \"android.app.usage.CacheQuotaHint\"\n       or v == \"android.app.TaskStackListener\"\n       or v == \"android.app.AppGlobals\"\n       or v == \"android.app.StatusBarManager\"\n       or v == \"android.app.OnMarshaledListener\"\n       or v == \"android.app.ApplicationThreadConstants\"\n       or v == \"android.app.EphemeralResolverService\"\n       or v == \"android.app.ParcelableCrashInfo\"\n       or v == \"android.app.job.JobHandler\"\n       or v == \"android.app.Vr2dDisplayProperties\"\n       or v == \"android.app.ProfilerInfo\"\n       or v == \"android.app.trust.TrustManager\"\n       or v == \"android.app.SearchDialog\"\n       or v == \"android.app.InstantAppResolverService\"\n       or v == \"android.app.OnActivityPausedListener\"\n       or v == \"android.app.ActionKeyInfo\"\n       or v == \"android.app.backup.BackupHelperDispatcher\"\n       or v == \"android.app.backup.BackupManagerMonitor\"\n       or v == \"android.app.backup.RestoreDescription\"\n       or v == \"android.app.backup.SelectBackupTransportCallback\"\n       or v == \"android.app.backup.BackupProgress\"\n       or v == \"android.app.backup.AbsoluteFileBackupHelper\"\n       or v == \"android.app.backup.FullBackup\"\n       or v == \"android.app.backup.RestoreSession\"\n       or v == \"android.app.backup.RestoreSet\"\n       or v == \"android.app.backup.BlobBackupHelper\"\n       or v == \"android.app.backup.BackupObserver\"\n       or v == \"android.app.backup.WallpaperBackupHelper\"\n       or v == \"android.app.backup.BackupTransport\"\n       or v == \"android.app.SynchronousUserSwitchObserver\"\n       or v == \"android.app.RecoverableSecurityException\"\n       or v == \"android.app.LocalDialog\"\n       or v == \"android.app.ApplicationLoaders\"\n       or v == \"android.app.PackageDeleteObserver\"\n       or v == \"android.app.OnAnimationStartedListener\"\n       or v == \"android.app.OnAnimationFinishedListener\"\n       or v == \"android.app.VrStateCallback\"\n       or v == \"android.widget.SuggestionsAdapter\"\n       or v == \"android.widget.DropDownListView\"\n       or v == \"android.widget.ActionMenuChildView\"\n       or v == \"android.widget.AppSecurityPermissions\"\n       or v == \"android.widget.MyPermissionGroupInfo\"\n       or v == \"android.widget.MyPermissionInfo\"\n       or v == \"android.widget.PermissionItemView\"\n       or v == \"android.widget.RadialTimePickerView\"\n       or v == \"android.widget.Editor\"\n       or v == \"android.widget.RemoteViewsAdapter\"\n       or v == \"android.widget.RemoteViewsListAdapter\"\n       or v == \"android.widget.MenuItemHoverListener\"\n       or v == \"android.widget.MenuPopupWindow\"\n       or v == \"android.widget.MenuDropDownListView\"\n       or v == \"android.widget.CustomEditText\"\n       or v == \"android.widget.TextInputTimePickerView\"\n       or v == \"android.widget.ScrollBarDrawable\"\n       or v == \"android.widget.SearchAutoComplete\"\n       or v == \"android.widget.ActivityChooserView\"\n       or v == \"android.widget.ActionMenuPresenter\"\n       or v == \"android.widget.DatePickerDelegate\"\n       or v == \"android.widget.ValidationCallback\"\n       or v == \"android.widget.OnClickHandler\"\n       or v == \"android.widget.OnViewAppliedListener\"\n       or v == \"android.widget.ForwardingListener\"\n       or v == \"android.widget.DateTimeView\"\n       or v == \"android.widget.DatePickerController\"\n       or v == \"android.widget.TextViewMetrics\"\n       or v == \"android.widget.Delayer\"\n       or v == \"android.widget.ActivityChooserModel\"\n       or v == \"android.widget.SpellChecker\"\n       or v == \"android.util.MergedConfiguration\"\n       or v == \"android.util.PackageUtils\"\n       or v == \"android.util.Spline\"\n       or v == \"android.util.LocalLog\"\n       or v == \"android.util.apk.ApkSignatureSchemeV2Verifier\"\n       or v == \"android.util.proto.ProtoParseException\"\n       or v == \"android.util.proto.EncodedBuffer\"\n       or v == \"android.util.SuperNotCalledException\"\n       or v == \"android.util.BackupUtils\"\n       or v == \"android.util.Singleton\"\n       or v == \"android.util.jar.StrictJarFile\"\n       or v == \"android.util.jar.ZipInflaterInputStream\"\n       or v == \"android.util.jar.FDStream\"\n       or v == \"android.util.jar.StrictJarManifest\"\n       or v == \"android.util.Pools\"\n       or v == \"android.util.PrefixPrinter\"\n       or v == \"android.util.PathParser\"\n       or v == \"android.util.LongArray\"\n       or v == \"android.util.MathUtils\"\n       or v == \"android.util.FastImmutableArraySet\"\n       or v == \"android.util.IntArray\"\n       or v == \"android.util.ExceptionUtils\"\n       or v == \"android.util.MemoryIntArray\"\n       or v == \"android.util.DayOfMonthCursor\"\n       or v == \"android.util.TrustedTime\"\n       or v == \"android.util.ByteStringUtils\"\n       or v == \"android.util.TerribleFailure\"\n       or v == \"android.util.TerribleFailureHandler\"\n       or v == \"android.util.NtpTrustedTime\"\n       or v == \"android.util.TimingsTraceLog\"\n       or v == \"android.util.IconDrawableFactory\"\n       or v == \"android.util.LongSparseLongArray\"\n       or v == \"android.util.RecurrenceRule\"\n       or v == \"android.util.Slog\"\n       or v == \"android.util.LauncherIcons\"\n       or v == \"android.util.LogWriter\"\n       or v == \"android.util.MapCollections\"\n       or v == \"android.util.TimedRemoteCaller\"\n       or v == \"android.util.KeyValueListParser\"\n       or v == \"android.security.net.config.ApplicationConfig\"\n       or v == \"android.security.net.config.ConfigSource\"\n       or v == \"android.security.net.config.UserCertificateSource\"\n       or v == \"android.security.net.config.CertificatesEntryRef\"\n       or v == \"android.security.net.config.SystemCertificateSource\"\n       or v == \"android.security.net.config.NetworkSecurityConfig\"\n       or v == \"android.security.net.config.Builder\"\n       or v == \"android.security.net.config.TrustAnchor\"\n       or v == \"android.security.net.config.NetworkSecurityTrustManager\"\n       or v == \"android.security.net.config.XmlConfigSource\"\n       or v == \"android.security.net.config.Pin\"\n       or v == \"android.security.net.config.ResourceCertificateSource\"\n       or v == \"android.security.net.config.RootTrustManager\"\n       or v == \"android.security.net.config.ManifestConfigSource\"\n       or v == \"android.security.net.config.DirectoryCertificateSource\"\n       or v == \"android.security.net.config.CertificateSource\"\n       or v == \"android.security.net.config.PinSet\"\n       or v == \"android.security.net.config.ConfigNetworkSecurityPolicy\"\n       or v == \"android.security.net.config.TrustedCertificateStoreAdapter\"\n       or v == \"android.security.net.config.RootTrustManagerFactorySpi\"\n       or v == \"android.security.net.config.NetworkSecurityConfigProvider\"\n       or v == \"android.security.net.config.Domain\"\n       or v == \"android.security.keymaster.KeyCharacteristics\"\n       or v == \"android.security.keymaster.KeymasterArguments\"\n       or v == \"android.security.keymaster.KeyAttestationApplicationId\"\n       or v == \"android.security.keymaster.ExportResult\"\n       or v == \"android.security.keymaster.KeymasterDefs\"\n       or v == \"android.security.keymaster.KeymasterCertificateChain\"\n       or v == \"android.security.keymaster.KeymasterDateArgument\"\n       or v == \"android.security.keymaster.KeymasterBooleanArgument\"\n       or v == \"android.security.keymaster.KeymasterArgument\"\n       or v == \"android.security.keymaster.KeymasterBlob\"\n       or v == \"android.security.keymaster.OperationResult\"\n       or v == \"android.security.keymaster.KeymasterBlobArgument\"\n       or v == \"android.security.keymaster.KeyAttestationPackageInfo\"\n       or v == \"android.security.keymaster.KeymasterIntArgument\"\n       or v == \"android.security.keymaster.KeymasterLongArgument\"\n       or v == \"android.security.FrameworkNetworkSecurityPolicy\"\n       or v == \"android.security.KeystoreArguments\"\n       or v == \"android.inputmethodservice.CompactExtractEditLayout\"\n       or v == \"android.inputmethodservice.SoftInputWindow\"\n       or v == \"android.inputmethodservice.ExtractEditLayout\"\n       or v == \"android.provider.Presence\"\n       or v == \"android.provider.SearchIndexableData\"\n       or v == \"android.provider.SearchIndexablesContract\"\n       or v == \"android.provider.SearchIndexablesProvider\"\n       or v == \"android.provider.SyncConstValue\"\n       or v == \"android.provider.OneTimeUseBuilder\"\n       or v == \"android.provider.BrowserContract\"\n       or v == \"android.provider.BaseSyncColumns\"\n       or v == \"android.provider.ChromeSyncColumns\"\n       or v == \"android.provider.SyncColumns\"\n       or v == \"android.provider.ImageColumns\"\n       or v == \"android.provider.Accounts\"\n       or v == \"android.provider.Searches\"\n       or v == \"android.provider.SyncState\"\n       or v == \"android.provider.Combined\"\n       or v == \"android.provider.Settings\"\n       or v == \"android.provider.SettingsStringUtil\"\n       or v == \"android.provider.Impl\"\n       or v == \"android.provider.SearchIndexableResource\"\n       or v == \"android.provider.MetadataReader\"\n       or v == \"android.provider.Authorization\"\n       or v == \"android.provider.SyncStateColumns\"\n       or v == \"android.provider.PhotoFiles\"\n       or v == \"android.provider.PhotoFilesColumns\"\n       or v == \"android.provider.MetadataSyncColumns\"\n       or v == \"android.provider.MetadataSync\"\n       or v == \"android.provider.MetadataSyncStateColumns\"\n       or v == \"android.provider.MetadataSyncState\"\n       or v == \"android.provider.Validator\"\n       or v == \"android.provider.Bookmarks\"\n       or v == \"android.provider.TimeZoneRulesDataContract\"\n       or v == \"android.provider.ContactsInternal\"\n       or v == \"android.provider.CalendarMetaDataColumns\"\n       or v == \"android.provider.CalendarMetaData\"\n       or v == \"android.provider.EventsRawTimesColumns\"\n       or v == \"android.provider.EventsRawTimes\"\n       or v == \"android.provider.SystemContract\"\n       or v == \"android.animation.AnimationHandler\"\n       or v == \"android.animation.AnimationFrameCallbackProvider\"\n       or v == \"android.animation.Tuple\"\n       or v == \"android.animation.RevealAnimator\"\n       or v == \"android.animation.KeyframeSet\"\n       or v == \"android.animation.PropertyValues\"\n       or v == \"android.animation.Keyframes\"\n       or v == \"android.animation.PathKeyframes\"\n       or v == \"android.content.pm.MacAuthenticatedInputStream\"\n       or v == \"android.content.pm.InstantAppInfo\"\n       or v == \"android.content.pm.split.SplitAssetDependencyLoader\"\n       or v == \"android.content.pm.split.SplitAssetLoader\"\n       or v == \"android.content.pm.split.DefaultSplitAssetLoader\"\n       or v == \"android.content.pm.split.SplitDependencyLoader\"\n       or v == \"android.content.pm.KeySet\"\n       or v == \"android.content.pm.StringParceledListSlice\"\n       or v == \"android.content.pm.VerifierInfo\"\n       or v == \"android.content.pm.InstantAppRequest\"\n       or v == \"android.content.pm.PackageBackwardCompatibility\"\n       or v == \"android.content.pm.PackageManagerInternal\"\n       or v == \"android.content.pm.InstantAppResolveInfo\"\n       or v == \"android.content.pm.InstantAppDigest\"\n       or v == \"android.content.pm.BaseParceledListSlice\"\n       or v == \"android.content.pm.IntentFilterVerificationInfo\"\n       or v == \"android.content.pm.OnPermissionsChangedListener\"\n       or v == \"android.content.pm.MoveCallback\"\n       or v == \"android.content.pm.LegacyPackageInstallObserver\"\n       or v == \"android.content.pm.LegacyPackageDeleteObserver\"\n       or v == \"android.content.pm.DexModuleRegisterCallback\"\n       or v == \"android.content.pm.AppsQueryHelper\"\n       or v == \"android.content.pm.FallbackCategoryProvider\"\n       or v == \"android.content.pm.LimitedLengthInputStream\"\n       or v == \"android.content.pm.VerificationParams\"\n       or v == \"android.content.pm.PackageInfoLite\"\n       or v == \"android.content.pm.PackageUserState\"\n       or v == \"android.content.pm.SessionCallbackDelegate\"\n       or v == \"android.content.pm.AuxiliaryResolveInfo\"\n       or v == \"android.content.pm.RegisteredServicesCache\"\n       or v == \"android.content.pm.InstantAppIntentFilter\"\n       or v == \"android.content.pm.UserInfo\"\n       or v == \"android.content.pm.PackageCleanItem\"\n       or v == \"android.content.pm.XmlSerializerAndParser\"\n       or v == \"android.content.pm.ParceledListSlice\"\n       or v == \"android.content.pm.VerifierDeviceIdentity\"\n       or v == \"android.content.pm.EphemeralResolveInfo\"\n       or v == \"android.content.pm.EphemeralDigest\"\n       or v == \"android.content.pm.EphemeralIntentFilter\"\n       or v == \"android.content.pm.SELinuxUtil\"\n       or v == \"android.content.pm.PackageParserCacheHelper\"\n       or v == \"android.content.pm.permission.RuntimePermissionPresenter\"\n       or v == \"android.content.pm.permission.RuntimePermissionPresentationInfo\"\n       or v == \"android.content.pm.RegisteredServicesCacheListener\"\n       or v == \"android.content.pm.PackageParser\"\n       or v == \"android.content.pm.NewPermissionInfo\"\n       or v == \"android.content.pm.SplitPermissionInfo\"\n       or v == \"android.content.pm.ParseComponentArgs\"\n       or v == \"android.content.pm.ShortcutServiceInternal\"\n       or v == \"android.content.res.ResourcesKey\"\n       or v == \"android.content.res.GradientColor\"\n       or v == \"android.content.res.ComplexColor\"\n       or v == \"android.content.res.ConfigurationBoundResourceCache\"\n       or v == \"android.content.res.StringBlock\"\n       or v == \"android.content.res.ResourceId\"\n       or v == \"android.content.res.ResourcesImpl\"\n       or v == \"android.content.res.CompatResources\"\n       or v == \"android.content.res.ConstantState\"\n       or v == \"android.content.res.XmlBlock\"\n       or v == \"android.content.res.FontResourcesParser\"\n       or v == \"android.content.res.CompatibilityInfo\"\n       or v == \"android.content.res.Translator\"\n       or v == \"android.content.OpenResourceIdResult\"\n       or v == \"android.content.Transport\"\n       or v == \"android.content.ContentInsertHandler\"\n       or v == \"android.content.DefaultDataHandler\"\n       or v == \"android.content.SyncActivityTooManyDeletes\"\n       or v == \"android.content.DatabaseHelper\"\n       or v == \"android.content.om.OverlayInfo\"\n       or v == \"android.content.SyncStatusInfo\"\n       or v == \"android.content.UndoOwner\"\n       or v == \"android.content.CursorEntityIterator\"\n       or v == \"android.content.ContentProviderNative\"\n       or v == \"android.content.IContentProvider\"\n       or v == \"android.content.SyncAdaptersCache\"\n       or v == \"android.content.UndoManager\"\n       or v == \"android.content.UndoOperation\"\n       or v == \"android.content.CommandOptionHandler\"\n       or v == \"android.print.PrintServiceRecommendationsLoader\"\n       or v == \"android.print.PrintJobStateChangeListener\"\n       or v == \"android.print.PrintServicesChangeListener\"\n       or v == \"android.print.PrintServiceRecommendationsChangeListener\"\n       or v == \"android.print.PrintDocumentAdapterDelegate\"\n       or v == \"android.print.PrintJobStateChangeListenerWrapper\"\n       or v == \"android.print.PrintServicesChangeListenerWrapper\"\n       or v == \"android.print.PrintServiceRecommendationsChangeListenerWrapper\"\n       or v == \"android.print.PrintFileDocumentAdapter\"\n       or v == \"android.print.PrintServicesLoader\"\n       or v == \"android.print.PrinterDiscoverySession\"\n       or v == \"android.speech.tts.TtsEngines\"\n       or v == \"android.preference.SeekBarVolumizer\"\n       or v == \"android.preference.SeekBarDialogPreference\"\n       or v == \"android.preference.MultiCheckPreference\"\n       or v == \"android.preference.OnPreferenceTreeClickListener\"\n       or v == \"android.preference.SeekBarPreference\"\n       or v == \"android.preference.VolumePreference\"\n       or v == \"android.preference.GenericInflater\"\n       or v == \"android.preference.PreferenceGroupAdapter\"\n       or v == \"android.preference.PreferenceFrameLayout\"\n       or v == \"android.permissionpresenterservice.RuntimePermissionPresenterService\"\n       or v == \"android.accounts.ChooseAccountTypeActivity\"\n       or v == \"android.accounts.GrantCredentialsPermissionActivity\"\n       or v == \"android.accounts.ChooseTypeAndAccountActivity\"\n       or v == \"android.accounts.AccountManagerInternal\"\n       or v == \"android.accounts.AccountManagerResponse\"\n       or v == \"android.accounts.AccountAndUser\"\n       or v == \"android.accounts.CantAddAccountActivity\"\n       or v == \"android.accounts.ChooseAccountActivity\"\n       or v == \"android.appwidget.PendingHostUpdate\"\n       or v == \"android.nfc.dta.NfcDta\"\n       or v == \"android.nfc.BeamShareData\"\n       or v == \"android.nfc.cardemulation.ApduServiceInfo\"\n       or v == \"android.nfc.cardemulation.AidGroup\"\n       or v == \"android.nfc.cardemulation.NfcFServiceInfo\"\n       or v == \"android.nfc.NfcUnlockHandler\"\n       or v == \"android.nfc.NfcActivityManager\"\n       or v == \"android.nfc.TechListParcel\"\n       or v == \"android.nfc.ApduList\"\n       or v == \"android.nfc.ErrorCodes\"\n       or v == \"android.nfc.TransceiveResult\"\n       or v == \"android.bluetooth.BluetoothCodecStatus\"\n       or v == \"android.bluetooth.SdpRecord\"\n       or v == \"android.bluetooth.BluetoothActivityEnergyInfo\"\n       or v == \"android.bluetooth.SdpOppOpsRecord\"\n       or v == \"android.bluetooth.SdpSapsRecord\"\n       or v == \"android.bluetooth.BluetoothUuid\"\n       or v == \"android.bluetooth.BluetoothA2dpSink\"\n       or v == \"android.bluetooth.BluetoothHeadsetClientCall\"\n       or v == \"android.bluetooth.BluetoothHeadsetClient\"\n       or v == \"android.bluetooth.BluetoothAvrcpController\"\n       or v == \"android.bluetooth.BluetoothPbapClient\"\n       or v == \"android.bluetooth.BluetoothMapClient\"\n       or v == \"android.bluetooth.UidTraffic\"\n       or v == \"android.bluetooth.le.PeriodicAdvertisingManager\"\n       or v == \"android.bluetooth.le.PeriodicAdvertisingReport\"\n       or v == \"android.bluetooth.le.TruncatedFilter\"\n       or v == \"android.bluetooth.le.BluetoothLeUtils\"\n       or v == \"android.bluetooth.le.PeriodicAdvertisingCallback\"\n       or v == \"android.bluetooth.le.ResultStorageDescriptor\"\n       or v == \"android.bluetooth.BluetoothStateChangeCallback\"\n       or v == \"android.bluetooth.StateChangeCallbackWrapper\"\n       or v == \"android.bluetooth.BluetoothPan\"\n       or v == \"android.bluetooth.BluetoothGattIncludedService\"\n       or v == \"android.bluetooth.BluetoothAvrcp\"\n       or v == \"android.bluetooth.BluetoothAvrcpPlayerSettings\"\n       or v == \"android.bluetooth.BluetoothSap\"\n       or v == \"android.bluetooth.BluetoothMasInstance\"\n       or v == \"android.bluetooth.BluetoothDevicePicker\"\n       or v == \"android.bluetooth.BluetoothHidHost\"\n       or v == \"android.bluetooth.BluetoothCodecConfig\"\n       or v == \"android.bluetooth.SdpMasRecord\"\n       or v == \"android.bluetooth.BluetoothPbap\"\n       or v == \"android.bluetooth.BluetoothAudioConfig\"\n       or v == \"android.bluetooth.BluetoothMap\"\n       or v == \"android.bluetooth.SdpPseRecord\"\n       or v == \"android.bluetooth.SdpMnsRecord\"\n       or v == \"android.bluetooth.OobData\"\n       or v == \"android.view.InputFilter\"\n       or v == \"android.view.HandlerActionQueue\"\n       or v == \"android.view.WindowInfo\"\n       or v == \"android.view.inputmethod.FinishedInputEventCallback\"\n       or v == \"android.view.inputmethod.InputMethodSubtypeArray\"\n       or v == \"android.view.inputmethod.InputMethodManagerInternal\"\n       or v == \"android.view.inputmethod.SparseRectFArray\"\n       or v == \"android.view.inputmethod.SparseRectFArrayBuilder\"\n       or v == \"android.view.inputmethod.InputConnectionInspector\"\n       or v == \"android.view.WindowManagerInternal\"\n       or v == \"android.view.SurfaceControl\"\n       or v == \"android.view.ViewHierarchyEncoder\"\n       or v == \"android.view.OnWindowDismissedCallback\"\n       or v == \"android.view.OnWindowSwipeDismissedCallback\"\n       or v == \"android.view.WindowControllerCallback\"\n       or v == \"android.view.InputChannel\"\n       or v == \"android.view.InputEventReceiver\"\n       or v == \"android.view.OnWindowShownListener\"\n       or v == \"android.view.InternalInsetsInfo\"\n       or v == \"android.view.OnComputeInternalInsetsListener\"\n       or v == \"android.view.OnEnterAnimationCompleteListener\"\n       or v == \"android.view.WindowManagerGlobal\"\n       or v == \"android.view.textclassifier.TextClassifierConstants\"\n       or v == \"android.view.textclassifier.TextClassifierImpl\"\n       or v == \"android.view.textclassifier.LinksInfo\"\n       or v == \"android.view.textclassifier.EntityConfidence\"\n       or v == \"android.view.InputEventSender\"\n       or v == \"android.view.FrameInfo\"\n       or v == \"android.view.ViewRootImpl\"\n       or v == \"android.view.RenderNode\"\n       or v == \"android.view.animation.TranslateYAnimation\"\n       or v == \"android.view.animation.ClipRectAnimation\"\n       or v == \"android.view.animation.TranslateXAnimation\"\n       or v == \"android.view.autofill.AutofillPopupWindow\"\n       or v == \"android.view.autofill.Helper\"\n       or v == \"android.view.autofill.AutofillClient\"\n       or v == \"android.view.autofill.ParcelableMap\"\n       or v == \"android.view.autofill.AutofillManagerInternal\"\n       or v == \"android.view.RecordingCanvas\"\n       or v == \"android.view.ThreadedRenderer\"\n       or v == \"android.view.DisplayEventReceiver\"\n       or v == \"android.view.GhostView\"\n       or v == \"android.view.NotificationHeaderView\"\n       or v == \"android.view.RenderNodeAnimator\"\n       or v == \"android.view.WindowManagerPolicy\"\n       or v == \"android.view.FinishedInputEventCallback\"\n       or v == \"android.view.WindowCallbackWrapper\"\n       or v == \"android.view.FallbackAction\"\n       or v == \"android.view.DisplayAdjustments\"\n       or v == \"android.view.AppTransitionAnimationSpec\"\n       or v == \"android.view.InputEventConsistencyVerifier\"\n       or v == \"android.view.KeyboardShortcutsReceiver\"\n       or v == \"android.view.FallbackEventHandler\"\n       or v == \"android.view.ViewReplaceRunnable\"\n       or v == \"android.view.WindowCallbacks\"\n       or v == \"android.view.WindowManagerImpl\"\n       or v == \"android.view.RenderNodeAnimatorSetHelper\"\n       or v == \"android.view.MagnificationSpec\"\n       or v == \"android.view.DisplayListCanvas\"\n       or v == \"android.view.accessibility.AccessibilityServicesStateChangeListener\"\n       or v == \"android.view.accessibility.HighTextContrastChangeListener\"\n       or v == \"android.view.accessibility.AccessibilityInteractionClient\"\n       or v == \"android.view.accessibility.AccessibilityCache\"\n       or v == \"android.view.Estimator\"\n       or v == \"android.view.HierarchyHandler\"\n       or v == \"android.view.DisplayInfo\"\n       or v == \"android.view.HardwareLayer\"\n       or v == \"android.view.SurfaceSession\"\n       or v == \"android.view.BatchedInputEventReceiver\"\n       or v == \"android.view.FrameMetricsObserver\"\n       or v == \"android.view.FocusFinderHelper\"\n       or v == \"android.view.AccessibilityIterators\"\n       or v == \"android.view.TextSegmentIterator\"\n       or v == \"android.view.AbstractTextSegmentIterator\"\n       or v == \"android.view.SubUiVisibilityListener\"\n       or v == \"android.accessibilityservice.CapabilityInfo\"\n       or v == \"android.accessibilityservice.TouchPoint\"\n       or v == \"android.accessibilityservice.GestureStep\"\n       or v == \"android.accessibilityservice.MotionEventGenerator\"\n       or v == \"android.accessibilityservice.Callbacks\"\n       or v == \"android.accessibilityservice.IAccessibilityServiceClientWrapper\"\n       or v == \"android.os.MyReadMapCallback\"\n       or v == \"android.os.SynchronousResultReceiver\"\n       or v == \"android.os.BatteryProperty\"\n       or v == \"android.os.NoImagePreloadHolder\"\n       or v == \"android.os.IHwInterface\"\n       or v == \"android.os.PerformanceCollector\"\n       or v == \"android.os.SystemVibrator\"\n       or v == \"android.os.IServiceManager\"\n       or v == \"android.os.HidlSupport\"\n       or v == \"android.os.ServiceSpecificException\"\n       or v == \"android.os.UserEnvironment\"\n       or v == \"android.os.AsyncResult\"\n       or v == \"android.os.PowerSaveState\"\n       or v == \"android.os.Broadcaster\"\n       or v == \"android.os.FactoryTest\"\n       or v == \"android.os.HwParcel\"\n       or v == \"android.os.IHwBinder\"\n       or v == \"android.os.ParcelableException\"\n       or v == \"android.os.ShellCommand\"\n       or v == \"android.os.ServiceManager\"\n       or v == \"android.os.ServiceNotFoundException\"\n       or v == \"android.os.ProcessStartResult\"\n       or v == \"android.os.SELinux\"\n       or v == \"android.os.ReadWriteHelper\"\n       or v == \"android.os.NoneVibrator\"\n       or v == \"android.os.VintfObject\"\n       or v == \"android.os.BatteryProperties\"\n       or v == \"android.os.HwBinder\"\n       or v == \"android.os.HwRemoteBinder\"\n       or v == \"android.os.GraphicsEnvironment\"\n       or v == \"android.os.ShellCallback\"\n       or v == \"android.os.IncidentManager\"\n       or v == \"android.os.FileUtils\"\n       or v == \"android.os.health.HealthStatsWriter\"\n       or v == \"android.os.health.HealthKeys\"\n       or v == \"android.os.health.Constants\"\n       or v == \"android.os.health.HealthStatsParceler\"\n       or v == \"android.os.ParcelableParcel\"\n       or v == \"android.os.PowerManagerInternal\"\n       or v == \"android.os.Temperature\"\n       or v == \"android.os.BatteryStats\"\n       or v == \"android.os.ZygoteProcess\"\n       or v == \"android.os.ViolationListener\"\n       or v == \"android.os.StrictModeViolation\"\n       or v == \"android.os.StrictModeNetworkViolation\"\n       or v == \"android.os.StrictModeDiskReadViolation\"\n       or v == \"android.os.StrictModeDiskWriteViolation\"\n       or v == \"android.os.StrictModeCustomViolation\"\n       or v == \"android.os.StrictModeResourceMismatchViolation\"\n       or v == \"android.os.StrictModeUnbufferedIOViolation\"\n       or v == \"android.os.Span\"\n       or v == \"android.os.ViolationInfo\"\n       or v == \"android.os.storage.StorageManagerInternal\"\n       or v == \"android.os.storage.StorageResultCode\"\n       or v == \"android.os.storage.VolumeRecord\"\n       or v == \"android.os.storage.DiskInfo\"\n       or v == \"android.os.storage.VolumeInfo\"\n       or v == \"android.os.storage.StorageEventListener\"\n       or v == \"android.os.SystemProperties\"\n       or v == \"android.os.RemoteCallback\"\n       or v == \"android.os.Registrant\"\n       or v == \"android.os.RevocableFileDescriptor\"\n       or v == \"android.os.UEventObserver\"\n       or v == \"android.os.ServiceManagerNative\"\n       or v == \"android.os.UpdateEngine\"\n       or v == \"android.os.BatteryManagerInternal\"\n       or v == \"android.os.UpdateLock\"\n       or v == \"android.os.OneShot\"\n       or v == \"android.os.Waveform\"\n       or v == \"android.os.Prebaked\"\n       or v == \"android.os.EnforcingUser\"\n       or v == \"android.os.PooledStringReader\"\n       or v == \"android.os.CommonClock\"\n       or v == \"android.os.IncidentReportArgs\"\n       or v == \"android.os.RemoteMailException\"\n       or v == \"android.os.CommonTimeConfig\"\n       or v == \"android.os.RegistrantList\"\n       or v == \"android.os.HwBlob\"\n       or v == \"android.os.FileBridge\"\n       or v == \"android.os.UserManagerInternal\"\n       or v == \"android.os.SystemService\"\n       or v == \"android.os.Seccomp\"\n       or v == \"android.os.VintfRuntimeInfo\"\n       or v == \"android.os.UpdateEngineCallback\"\n       or v == \"android.os.TransactionTracker\"\n       or v == \"android.os.ConfigUpdate\"\n       or v == \"android.os.PooledStringWriter\"\n       or v == \"android.text.FontConfig\"\n       or v == \"android.text.TextLine\"\n       or v == \"android.text.PackedIntVector\"\n       or v == \"android.text.PositionIterator\"\n       or v == \"android.text.style.AccessibilityClickableSpan\"\n       or v == \"android.text.style.SuggestionRangeSpan\"\n       or v == \"android.text.style.AccessibilityURLSpan\"\n       or v == \"android.text.style.SpellCheckSpan\"\n       or v == \"android.text.MeasuredText\"\n       or v == \"android.text.AndroidBidi\"\n       or v == \"android.text.SpanSet\"\n       or v == \"android.text.format.BytesResult\"\n       or v == \"android.text.CharSequenceCharacterIterator\"\n       or v == \"android.text.Hyphenator\"\n       or v == \"android.text.Emoji\"\n       or v == \"android.text.GraphicsOperations\"\n       or v == \"android.text.method.TransformationMethod2\"\n       or v == \"android.text.method.WordIterator\"\n       or v == \"android.text.method.AllCapsTransformationMethod\"\n       or v == \"android.service.oemlock.OemLockManager\"\n       or v == \"android.service.notification.SnoozeCriterion\"\n       or v == \"android.service.notification.NotificationRankingUpdate\"\n       or v == \"android.service.notification.Adjustment\"\n       or v == \"android.service.notification.NotificationListenerWrapper\"\n       or v == \"android.service.notification.NotificationAssistantService\"\n       or v == \"android.service.notification.ZenModeConfig\"\n       or v == \"android.service.gatekeeper.GateKeeperResponse\"\n       or v == \"android.service.euicc.GetDownloadableSubscriptionMetadataResult\"\n       or v == \"android.service.euicc.GetDefaultDownloadableSubscriptionListResult\"\n       or v == \"android.service.euicc.EuiccProfileInfo\"\n       or v == \"android.service.euicc.GetEuiccProfileInfoListResult\"\n       or v == \"android.service.euicc.EuiccService\"\n       or v == \"android.service.autofill.OptionalValidators\"\n       or v == \"android.service.autofill.InternalValidator\"\n       or v == \"android.service.autofill.RequiredValidators\"\n       or v == \"android.service.autofill.AutofillServiceInfo\"\n       or v == \"android.service.autofill.ValueFinder\"\n       or v == \"android.service.autofill.InternalTransformation\"\n       or v == \"android.service.voice.SoundTriggerListener\"\n       or v == \"android.service.voice.VoiceInteractionServiceInfo\"\n       or v == \"android.service.voice.VoiceInteractionManagerInternal\"\n       or v == \"android.service.persistentdata.PersistentDataBlockManager\"\n       or v == \"android.service.wallpaper.WallpaperSettingsActivity\"\n       or v == \"android.service.trust.TrustAgentService\"\n       or v == \"android.service.dreams.Sandman\"\n       or v == \"android.service.dreams.DreamManagerInternal\"\n       or v == \"android.service.carrier.ICarrierServiceWrapper\"\n       or v == \"android.service.carrier.MatchType\"\n       or v == \"android.service.resolver.ResolverRankerService\"\n       or v == \"android.service.resolver.ResolverTarget\"\n       or v == \"android.companion.BluetoothDeviceFilterUtils\"\n       or v == \"com.android.server.AppWidgetBackupBridge\"\n       or v == \"com.android.server.net.BaseNetworkObserver\"\n       or v == \"com.android.server.net.NetlinkTracker\"\n       or v == \"com.android.server.WidgetBackupProvider\"\n       or v == \"com.android.server.LocalServices\"\n       or v == \"android.security.KeyStoreException\"\n       or v == \"android.security.keystore.AndroidKeyStoreBCWorkaroundProvider\"\n       or v == \"android.security.keystore.AndroidKeyStoreHmacSpi\"\n       or v == \"android.security.keystore.AndroidKeyStoreCipherSpiBase\"\n       or v == \"android.security.keystore.AndroidKeyStorePublicKey\"\n       or v == \"android.security.keystore.AndroidKeyStoreSecretKey\"\n       or v == \"android.security.keystore.AndroidKeyStoreECPrivateKey\"\n       or v == \"android.security.keystore.AndroidKeyStoreKeyGeneratorSpi\"\n       or v == \"android.security.keystore.KeyStoreCryptoOperationChunkedStreamer\"\n       or v == \"android.security.keystore.Purpose\"\n       or v == \"android.security.keystore.KeyAlgorithm\"\n       or v == \"android.security.keystore.BlockMode\"\n       or v == \"android.security.keystore.EncryptionPadding\"\n       or v == \"android.security.keystore.Digest\"\n       or v == \"android.security.keystore.Origin\"\n       or v == \"android.security.keystore.DeviceIdAttestationException\"\n       or v == \"android.security.keystore.ArrayUtils\"\n       or v == \"android.security.keystore.AndroidKeyStoreRSASignatureSpi\"\n       or v == \"android.security.keystore.Utils\"\n       or v == \"android.security.keystore.AndroidKeyStoreSignatureSpiBase\"\n       or v == \"android.security.keystore.AndroidKeyStoreRSAPrivateKey\"\n       or v == \"android.security.keystore.AndroidKeyStoreRSACipherSpi\"\n       or v == \"android.security.keystore.AndroidKeyStoreECDSASignatureSpi\"\n       or v == \"android.security.keystore.AndroidKeyStoreKeyFactorySpi\"\n       or v == \"android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi\"\n       or v == \"android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi\"\n       or v == \"android.security.keystore.AndroidKeyStoreSpi\"\n       or v == \"android.security.keystore.KeyStoreCryptoOperationUtils\"\n       or v == \"android.security.keystore.AttestationUtils\"\n       or v == \"android.security.keystore.KeyStoreCryptoOperation\"\n       or v == \"android.security.keystore.KeymasterUtils\"\n       or v == \"android.security.keystore.AndroidKeyStoreRSAPublicKey\"\n       or v == \"android.security.keystore.KeyStoreConnectException\"\n       or v == \"android.security.keystore.AndroidKeyStoreECPublicKey\"\n       or v == \"android.security.keystore.AndroidKeyStoreKey\"\n       or v == \"android.security.keystore.AndroidKeyStoreUnauthenticatedAESCipherSpi\"\n       or v == \"android.security.keystore.AndroidKeyStorePrivateKey\"\n       or v == \"android.security.keystore.KeyStoreCryptoOperationStreamer\"\n       or v == \"android.security.keystore.AndroidKeyStoreProvider\"\n       or v == \"android.security.keystore.AndroidKeyStoreSecretKeyFactorySpi\"\n       or v == \"android.security.Credentials\"\n       or v == \"android.security.KeyChainConnection\"\n       or v == \"android.security.GateKeeper\"\n       or v == \"android.security.SystemKeyStore\"\n       or v == \"android.security.KeyStore\"\n       or v == \"android.net.lowpan.Builder\"\n       or v == \"android.net.lowpan.LowpanProperty\"\n       or v == \"android.net.lowpan.LowpanProperties\"\n       or v == \"android.net.lowpan.LowpanStandardProperty\"\n       or v == \"android.location.GpsMeasurementsEvent\"\n       or v == \"android.location.Listener\"\n       or v == \"android.location.LocalListenerHelper\"\n       or v == \"android.location.Country\"\n       or v == \"android.location.GpsNavigationMessage\"\n       or v == \"android.location.GpsClock\"\n       or v == \"android.location.GeocoderParams\"\n       or v == \"android.location.FusedBatchOptions\"\n       or v == \"android.location.GpsNavigationMessageEvent\"\n       or v == \"android.location.Listener\"\n       or v == \"android.location.BatchedLocationCallback\"\n       or v == \"android.location.CountryListener\"\n       or v == \"android.location.CountryDetector\"\n       or v == \"android.location.Geofence\"\n       or v == \"android.location.BatchedLocationCallbackTransport\"\n       or v == \"android.location.GnssMeasurementCallbackTransport\"\n       or v == \"android.location.LocationRequest\"\n       or v == \"android.location.GpsMeasurement\"\n       or v == \"android.location.GnssNavigationMessageCallbackTransport\"\n       or v == \"javax.obex.HeaderSet\"\n       or v == \"javax.obex.BaseStream\"\n       or v == \"javax.obex.ClientOperation\"\n       or v == \"javax.obex.ServerSession\"\n       or v == \"javax.obex.Operation\"\n       or v == \"javax.obex.PrivateInputStream\"\n       or v == \"javax.obex.PrivateOutputStream\"\n       or v == \"javax.obex.ClientSession\"\n       or v == \"javax.obex.SessionNotifier\"\n       or v == \"javax.obex.ApplicationParameter\"\n       or v == \"javax.obex.ServerOperation\"\n       or v == \"javax.obex.Authenticator\"\n       or v == \"javax.obex.ResponseCodes\"\n       or v == \"javax.obex.ObexHelper\"\n       or v == \"javax.obex.PasswordAuthentication\"\n       or v == \"javax.obex.ObexTransport\"\n       or v == \"javax.obex.ServerRequestHandler\"\n       or v == \"javax.obex.ObexSession\"\n       or v == \"android.net.util.PacketReaderTest\"\n       or v == \"android.net.util.ConnectivityPacketSummaryTest\"\n       or v == \"android.testing.LayoutInflaterBuilder\"\n       or v == \"androidx.media.filterfw.GLToolbox\"\n       or v == \"android.security.net.config.TestCertificateSource\"\n       or v == \"android.security.net.config.TestConfigSource\"\n       or v == \"com.android.uiautomator.core.Tracer\"\n       or v == \"com.android.uiautomator.core.AccessibilityNodeInfoDumper\"\n       or v == \"com.android.uiautomator.core.UiAutomatorBridge\"\n       or v == \"com.android.uiautomator.testrunner.UiAutomatorTestCaseFilter\"\n       or v == \"com.android.uiautomator.testrunner.TestCaseCollector\"\n       or v == \"com.android.uiautomator.testrunner.UiAutomatorTestRunner\"\n       or v == \"com.android.uiautomator.core.ShellUiAutomatorBridge\"\n       or v == \"com.android.uiautomator.core.UiAutomationShellWrapper\"\n       or v == \"com.android.uiautomator.core.InstrumentationUiAutomatorBridge\"\n       or v == \"android.renderscript.ProgramRaster\"\n       or v == \"android.renderscript.ProgramVertex\"\n       or v == \"android.renderscript.Builder\"\n       or v == \"android.renderscript.ProgramFragmentFixedFunction\"\n       or v == \"android.renderscript.RenderScriptGL\"\n       or v == \"android.renderscript.FileA3D\"\n       or v == \"android.renderscript.ProgramVertexFixedFunction\"\n       or v == \"android.renderscript.ProgramFragment\"\n       or v == \"android.renderscript.Font\"\n       or v == \"android.renderscript.RSTextureView\"\n       or v == \"android.renderscript.RSSurfaceView\"\n       or v == \"android.renderscript.Program\"\n       or v == \"android.renderscript.ProgramStore\"\n       or v == \"android.renderscript.Mesh\"\n       or v == \"android.renderscript.RenderScriptCacheDir\"\n       or v == \"android.telephony.ClientRequestStats\"\n       or v == \"android.telephony.TelephonyHistogram\"\n       or v == \"android.telephony.ModemActivityInfo\"\n       or v == \"android.telephony.PreciseDisconnectCause\"\n       or v == \"android.telephony.cdma.CdmaSmsCbProgramData\"\n       or v == \"android.telephony.cdma.CdmaSmsCbProgramResults\"\n       or v == \"android.telephony.PreciseCallState\"\n       or v == \"android.telephony.SubscriptionPlan\"\n       or v == \"android.telephony.VoLteServiceState\"\n       or v == \"android.telephony.DisconnectCause\"\n       or v == \"android.telephony.UiccAccessRule\"\n       or v == \"android.telephony.euicc.EuiccManager\"\n       or v == \"android.telephony.euicc.DownloadableSubscription\"\n       or v == \"android.telephony.RadioAccessFamily\"\n       or v == \"android.telephony.PcoData\"\n       or v == \"android.telephony.Builder\"\n       or v == \"android.telephony.WifiCallingChoices\"\n       or v == \"android.telephony.ims.ImsService\"\n       or v == \"android.telephony.ims.stub.ImsCallSessionListenerImplBase\"\n       or v == \"android.telephony.ims.feature.ImsFeature\"\n       or v == \"android.telephony.CdmaBands\"\n       or v == \"android.telephony.UssdResponse\"\n       or v == \"android.telephony.PreciseDataConnectionState\"\n       or v == \"android.provider.CarrierColumns\"\n       or v == \"android.provider.WordsTable\"\n       or v == \"android.provider.CellBroadcasts\"\n       or v == \"android.provider.CarrierIdentification\"\n       or v == \"android.telephony.data.InterfaceAddress\"\n       or v == \"android.telephony.data.DataCallResponse\"\n       or v == \"android.telephony.data.DataProfile\"\n       or v == \"android.telephony.Rlog\"\n       or v == \"android.telephony.ImsiEncryptionInfo\"\n       or v == \"android.telephony.mbms.InternalStreamingSessionCallback\"\n       or v == \"android.telephony.mbms.MbmsTempFileProvider\"\n       or v == \"android.telephony.mbms.OpaqueDataContainer\"\n       or v == \"android.telephony.mbms.InternalDownloadSessionCallback\"\n       or v == \"android.telephony.mbms.InternalStreamingServiceCallback\"\n       or v == \"android.telephony.mbms.UriPathPair\"\n       or v == \"android.telephony.mbms.InternalDownloadStateCallback\"\n       or v == \"android.telephony.mbms.MbmsUtils\"\n       or v == \"android.telephony.mbms.vendor.MbmsDownloadServiceBase\"\n       or v == \"android.telephony.mbms.vendor.MbmsStreamingServiceBase\"\n       or v == \"android.telephony.mbms.vendor.VendorUtils\"\n       or v == \"android.telephony.DataConnectionRealTimeInfo\"\n       or v == \"android.telephony.SmsCbLocation\"\n       or v == \"android.telephony.SmsCbEtwsInfo\"\n       or v == \"android.telephony.SmsCbMessage\"\n       or v == \"android.telephony.SmsCbCmasInfo\"\n       or v == \"com.android.ims.ImsStreamMediaProfile\"\n       or v == \"com.android.ims.ImsReasonInfo\"\n       or v == \"com.android.ims.ImsCallForwardInfo\"\n       or v == \"com.android.ims.ImsExternalCallState\"\n       or v == \"com.android.ims.ImsConfig\"\n       or v == \"com.android.ims.ImsException\"\n       or v == \"com.android.ims.ImsCallProfile\"\n       or v == \"com.android.ims.ImsSuppServiceNotification\"\n       or v == \"com.android.ims.ImsUtInterface\"\n       or v == \"com.android.ims.ImsConferenceState\"\n       or v == \"com.android.ims.ImsSsInfo\"\n       or v == \"com.android.ims.ImsSsData\"\n       or v == \"com.android.settingslib.NetworkPolicyEditor\"\n       or v == \"com.android.sharedstoragebackup.ObbBackupService\"\n       or v == \"com.android.providers.settings.SettingsProtoDumpUtil\"\n       or v == \"com.android.statementservice.retriever.AndroidPackageInfoFetcher\"\n       or v == \"com.android.statementservice.retriever.URLFetcher\"\n       or v == \"com.android.statementservice.retriever.WebContent\"\n       or v == \"com.android.backupconfirm.BackupRestoreConfirmation\"\n       or v == \"com.android.proxyhandler.ProxyServer\"\n       or v == \"com.android.proxyhandler.SocketConnect\"\n       or v == \"com.android.proxyhandler.ProxyService\"\n       or v == \"com.android.pacprocessor.PacNative\"\n       or v == \"com.android.systemui.media.NotificationPlayer\"\n       or v == \"junit.runner.TestRunListener\"\n       or v == \"junit.runner.StandardTestSuiteLoader\"\n       or v == \"android.test.LaunchPerformanceBase\"\n       or v == \"android.test.NoExecTestResult\"\n       or v == \"android.test.ClassPathPackageInfoSource\"\n       or v == \"android.test.TestPrinter\"\n       or v == \"android.test.suitebuilder.UnitTestSuiteBuilder\"\n       or v == \"android.test.suitebuilder.TestGrouping\"\n       or v == \"android.test.suitebuilder.TestPredicates\"\n       or v == \"android.test.suitebuilder.SmokeTestSuiteBuilder\"\n       or v == \"android.test.TestCaseUtil\"\n       or v == \"android.test.mock.MockIContentProvider\"\n       or v == \"android.telecom.TimedEvent\"\n       or v == \"android.telecom.DefaultDialerManager\"\n       or v == \"android.telecom.ParcelableRttCall\"\n       or v == \"android.telecom.AudioState\"\n       or v == \"android.telecom.Phone\"\n       or v == \"android.telecom.ParcelableCallAnalytics\"\n       or v == \"android.telecom.VideoEvent\"\n       or v == \"android.telecom.TelecomAnalytics\"\n       or v == \"android.telecom.CallbackRecord\"\n       or v == \"android.telecom.Response\"\n       or v == \"android.telecom.VideoCallImpl\"\n       or v == \"android.telecom.ConnectionServiceAdapter\"\n       or v == \"android.telecom.Builder\"\n       or v == \"android.telecom.RemoteConnectionService\"\n       or v == \"android.telecom.AuthenticatorService\"\n       or v == \"android.telecom.Listener\"\n       or v == \"android.telecom.ConferenceParticipant\"\n       or v == \"android.telecom.ParcelableConnection\"\n       or v == \"android.telecom.ParcelableCall\"\n       or v == \"android.telecom.Log\"\n       or v == \"android.telecom.Listener\"\n       or v == \"android.telecom.RttTextStream\"\n       or v == \"android.telecom.RemoteConnectionManager\"\n       or v == \"android.telecom.ParcelableConference\"\n       or v == \"android.telecom.Voicemail\"\n       or v == \"android.telecom.ConnectionServiceAdapterServant\"\n       or v == \"android.telecom.VideoCallbackServant\"\n       or v == \"android.telecom.Listener\"\n       or v == \"android.telecom.Logging.TimedEvent\"\n       or v == \"android.telecom.Logging.Runnable\"\n       or v == \"android.telecom.Logging.Session\"\n       or v == \"android.telecom.InCallAdapter\"\n       or v == \"android.graphics.GraphicBuffer\"\n       or v == \"android.graphics.CanvasProperty\"\n       or v == \"android.graphics.drawable.AnimatedRotateDrawable\"\n       or v == \"android.graphics.drawable.VectorDrawableAnimatorRT\"\n       or v == \"android.graphics.drawable.DrawableInflater\"\n       or v == \"android.graphics.Insets\"\n       or v == \"android.graphics.BaseCanvas\"\n       or v == \"android.graphics.pdf.PdfEditor\"\n       or v == \"android.graphics.Renderer\"\n       or v == \"android.graphics.LeakyTypefaceStorage\"\n       or v == \"android.graphics.TemporaryBuffer\"\n       or v == \"android.graphics.InsetStruct\"\n       or v == \"android.graphics.LargeBitmap\"\n       or v == \"android.graphics.FontListParser\"\n       or v == \"android.graphics.FontFamily\"\n       or v == \"android.graphics.TableMaskFilter\"\n       or v == \"android.net.util.NetworkConstants\"\n       or v == \"android.net.util.Stopwatch\"\n       or v == \"android.net.util.PrefixUtils\"\n       or v == \"android.net.util.NetdService\"\n       or v == \"android.net.util.IpUtils\"\n       or v == \"android.net.util.VersionedBroadcastListener\"\n       or v == \"android.net.util.SharedLog\"\n       or v == \"android.net.util.ConnectivityPacketSummary\"\n       or v == \"android.net.util.MultinetworkPolicyTracker\"\n       or v == \"android.net.util.PacketReader\"\n       or v == \"android.net.netlink.StructNlMsgHdr\"\n       or v == \"android.net.netlink.StructNdMsg\"\n       or v == \"android.net.netlink.StructNlMsgErr\"\n       or v == \"android.net.netlink.NetlinkSocket\"\n       or v == \"android.net.netlink.StructNlAttr\"\n       or v == \"android.net.netlink.NetlinkMessage\"\n       or v == \"android.net.netlink.ConntrackMessage\"\n       or v == \"android.net.netlink.StructNfGenMsg\"\n       or v == \"android.net.netlink.StructNdaCacheInfo\"\n       or v == \"android.net.netlink.NetlinkConstants\"\n       or v == \"android.net.netlink.NetlinkErrorMessage\"\n       or v == \"android.net.netlink.RtNetlinkNeighborMessage\"\n       or v == \"android.net.apf.ApfGenerator\"\n       or v == \"android.net.apf.ApfCapabilities\"\n       or v == \"android.net.apf.ApfFilter\"\n       or v == \"android.net.dhcp.DhcpClient\"\n       or v == \"android.net.dhcp.DhcpPacket\"\n       or v == \"android.net.ip.IpReachabilityMonitor\"\n       or v == \"android.net.ip.InterfaceController\"\n       or v == \"android.net.ip.IpClient\"\n       or v == \"android.net.ip.IpNeighborMonitor\"\n       or v == \"android.net.ip.RouterAdvertisementDaemon\"\n       or v == \"android.net.ip.ConnectivityPacketTracker\"\n       or v == \"com.android.server.pm.PackageManagerServiceUtils\"\n       or v == \"com.android.server.pm.BackgroundDexOptService\"\n       or v == \"com.android.server.pm.InstructionSets\"\n       or v == \"com.android.server.pm.EphemeralResolverConnection\"\n       or v == \"com.android.server.pm.SELinuxMMAC\"\n       or v == \"com.android.server.pm.OtaDexoptService\"\n       or v == \"com.android.server.pm.InstantAppResolver\"\n       or v == \"com.android.server.pm.PackageManagerException\"\n       or v == \"com.android.server.vr.SettingsObserver\"\n       or v == \"com.android.server.vr.VrManagerInternal\"\n       or v == \"com.android.server.vr.EnabledComponentsObserver\"\n       or v == \"com.android.server.vr.VrManagerService\"\n       or v == \"com.android.server.vr.VrStateListener\"\n       or v == \"com.android.server.webkit.SystemInterface\"\n       or v == \"com.android.server.webkit.WebViewUpdateService\"\n       or v == \"com.android.server.webkit.SystemImpl\"\n       or v == \"com.android.server.webkit.WebViewUpdateServiceImpl\"\n       or v == \"com.android.server.net.NetworkPolicyManagerInternal\"\n       or v == \"com.android.server.net.NetworkIdentitySet\"\n       or v == \"com.android.server.fingerprint.FingerprintService\"\n       or v == \"com.android.server.am.BackupRecord\"\n       or v == \"com.android.server.GraphicsStatsService\"\n       or v == \"com.android.server.connectivity.Vpn\"\n       or v == \"com.android.server.connectivity.IpConnectivityMetrics\"\n       or v == \"com.android.server.connectivity.tethering.TetheringConfiguration\"\n       or v == \"com.android.server.connectivity.tethering.OffloadHardwareInterface\"\n       or v == \"com.android.server.connectivity.tethering.OffloadController\"\n       or v == \"com.android.server.connectivity.tethering.TetherInterfaceStateMachine\"\n       or v == \"com.android.server.connectivity.tethering.UpstreamNetworkMonitor\"\n       or v == \"com.android.server.connectivity.tethering.SimChangeListener\"\n       or v == \"com.android.server.connectivity.tethering.IPv6TetheringCoordinator\"\n       or v == \"com.android.server.connectivity.tethering.TetheringDependencies\"\n       or v == \"com.android.server.connectivity.tethering.IControlsTethering\"\n       or v == \"com.android.server.connectivity.PacManager\"\n       or v == \"com.android.server.connectivity.NetworkMonitor\"\n       or v == \"com.android.server.connectivity.CaptivePortalProbeResult\"\n       or v == \"com.android.server.connectivity.IpConnectivityEventBuilder\"\n       or v == \"com.android.server.connectivity.NetworkDiagnostics\"\n       or v == \"com.android.server.connectivity.Tethering\"\n       or v == \"com.android.server.connectivity.PermissionMonitor\"\n       or v == \"com.android.server.connectivity.KeepalivePacketData\"\n       or v == \"com.android.server.connectivity.DefaultNetworkMetrics\"\n       or v == \"com.android.server.connectivity.Nat464Xlat\"\n       or v == \"com.android.server.security.KeyAttestationApplicationIdProviderService\"\n       or v == \"com.android.server.input.InputWindowHandle\"\n       or v == \"com.android.server.input.InputApplicationHandle\"\n       or v == \"com.android.server.notification.NotificationManagerService\"\n       or v == \"com.android.server.notification.NotificationUsageStats\"\n       or v == \"com.android.server.notification.RateEstimator\"\n       or v == \"com.android.server.notification.AlertRateLimiter\"\n       or v == \"com.android.server.notification.NotificationRecord\"\n       or v == \"com.android.server.notification.ValidateNotificationPeople\"\n       or v == \"com.android.server.notification.RankingReconsideration\"\n       or v == \"com.android.server.camera.CameraServiceProxy\"\n       or v == \"com.android.server.location.PassiveProvider\"\n       or v == \"com.android.server.location.ActivityRecognitionProxy\"\n       or v == \"com.android.server.location.CountryDetectorBase\"\n       or v == \"com.android.server.location.GnssLocationProvider\"\n       or v == \"com.android.server.location.ContextHubService\"\n       or v == \"com.android.server.location.FusedProxy\"\n       or v == \"com.android.server.location.GeofenceProxy\"\n       or v == \"com.android.server.location.GnssNavigationMessageProvider\"\n       or v == \"com.android.server.location.LocationProviderInterface\"\n       or v == \"com.android.server.location.GpsXtraDownloader\"\n       or v == \"com.android.server.location.FusedLocationHardwareSecure\"\n       or v == \"com.android.server.location.FlpHardwareProvider\"\n       or v == \"com.android.server.location.GnssMeasurementsProvider\"\n       or v == \"com.android.server.location.LocationBasedCountryDetector\"\n       or v == \"com.android.server.location.ComprehensiveCountryDetector\"\n       or v == \"com.android.server.location.MockProvider\"\n       or v == \"com.android.server.wm.WindowManagerService\"\n       or v == \"com.android.server.wm.animation.ClipRectLRAnimation\"\n       or v == \"com.android.server.wm.ViewServer\"\n       or v == \"com.android.server.SystemServiceManager\"\n       or v == \"com.android.server.content.SyncStorageEngine\"\n       or v == \"com.android.server.content.SyncManager\"\n       or v == \"com.android.server.content.ActiveSyncContext\"\n       or v == \"com.android.server.content.ContentService\"\n       or v == \"com.android.server.content.ObserverCall\"\n       or v == \"com.android.server.content.ObserverNode\"\n       or v == \"com.android.server.content.SyncOperation\"\n       or v == \"com.android.server.utils.ManagedApplicationService\"\n       or v == \"com.android.server.utils.PriorityDump\"\n       or v == \"com.android.server.utils.PriorityDumper\"\n       or v == \"com.android.server.NetworkManagementService\"\n       or v == \"com.android.server.tv.TvInputHardwareManager\"\n       or v == \"com.android.server.IpSecService\"\n       or v == \"com.android.server.ConnectivityService\"\n       or v == \"com.android.server.audio.MediaFocusControl\"\n       or v == \"com.android.server.audio.FocusRequester\"\n       or v == \"com.android.server.audio.AudioService\"\n       or v == \"com.android.server.telecom.TelecomLoaderService\"\n       or v == \"com.android.server.NetworkScorerAppManager\"\n       or v == \"com.android.server.CountryDetectorService\"\n       or v == \"com.android.server.accounts.AccountManagerService\"\n       or v == \"com.android.server.accounts.IAccountAuthenticatorCache\"\n       or v == \"com.android.server.job.JobSchedulerService\"\n       or v == \"com.android.server.job.JobSchedulerInternal\"\n       or v == \"com.android.server.job.controllers.JobStatus\"\n       or v == \"com.android.server.RescueParty\"\n       or v == \"com.android.server.NsdService\"\n       or v == \"com.android.server.os.SchedulingPolicyService\"\n       or v == \"com.android.server.SystemServerInitThreadPool\"\n       or v == \"com.android.server.NetworkScoreService\"\n       or v == \"com.android.server.locksettings.LockSettingsService\"\n       or v == \"com.android.server.dreams.DreamManagerService\"\n       or v == \"com.android.server.IntentResolver\"\n       or v == \"com.android.server.GestureLauncherService\"\n       or v == \"com.android.server.SystemService\"\n       or v == \"com.android.server.NetworkManagementInternal\"\n       or v == \"com.android.server.policy.keyguard.KeyguardStateMonitor\"\n       or v == \"com.android.server.CommonTimeManagementService\"\n       or v == \"com.android.server.soundtrigger.SoundTriggerService\"\n       or v == \"com.android.server.soundtrigger.SoundTriggerHelper\"\n       or v == \"com.android.server.soundtrigger.SoundTriggerDbHelper\"\n       or v == \"com.android.server.voiceinteraction.DatabaseHelper\"\n       or v == \"com.android.server.usb.descriptors.UsbTerminalTypes\"\n       or v == \"com.android.server.usb.descriptors.tree.UsbDescriptorsEndpointNode\"\n       or v == \"com.android.server.usb.descriptors.tree.UsbDescriptorsACInterfaceNode\"\n       or v == \"com.android.server.usb.descriptors.tree.UsbDescriptorsTreeNode\"\n       or v == \"com.android.server.usb.descriptors.tree.UsbDescriptorsTree\"\n       or v == \"com.android.server.usb.descriptors.tree.UsbDescriptorsInterfaceNode\"\n       or v == \"com.android.server.usb.descriptors.tree.UsbDescriptorsDeviceNode\"\n       or v == \"com.android.server.usb.descriptors.tree.UsbDescriptorsConfigNode\"\n       or v == \"com.android.server.usb.descriptors.UsbACAudioStreamEndpoint\"\n       or v == \"com.android.server.usb.descriptors.UsbBinaryParser\"\n       or v == \"com.android.server.usb.descriptors.Usb10ASFormatI\"\n       or v == \"com.android.server.usb.descriptors.UsbACAudioControlEndpoint\"\n       or v == \"com.android.server.usb.descriptors.UsbConfigDescriptor\"\n       or v == \"com.android.server.usb.descriptors.Usb20ACMixerUnit\"\n       or v == \"com.android.server.usb.descriptors.UsbMSMidiInputJack\"\n       or v == \"com.android.server.usb.descriptors.Usb20ACInputTerminal\"\n       or v == \"com.android.server.usb.descriptors.UsbACInterface\"\n       or v == \"com.android.server.usb.descriptors.Usb10ACOutputTerminal\"\n       or v == \"com.android.server.usb.descriptors.UsbDeviceDescriptor\"\n       or v == \"com.android.server.usb.descriptors.Usb10ACHeader\"\n       or v == \"com.android.server.usb.descriptors.UsbInterfaceAssoc\"\n       or v == \"com.android.server.usb.descriptors.UsbHIDDescriptor\"\n       or v == \"com.android.server.usb.descriptors.UsbMSMidiOutputJack\"\n       or v == \"com.android.server.usb.descriptors.Usb20ASFormatI\"\n       or v == \"com.android.server.usb.descriptors.Usb10ASFormatII\"\n       or v == \"com.android.server.usb.descriptors.UsbMSMidiHeader\"\n       or v == \"com.android.server.usb.descriptors.Usb20ASFormatIII\"\n       or v == \"com.android.server.usb.descriptors.UsbACFeatureUnit\"\n       or v == \"com.android.server.usb.descriptors.UsbASFormat\"\n       or v == \"com.android.server.usb.descriptors.UsbACEndpoint\"\n       or v == \"com.android.server.usb.descriptors.UsbUnknown\"\n       or v == \"com.android.server.usb.descriptors.Usb20ACHeader\"\n       or v == \"com.android.server.usb.descriptors.UsbInterfaceDescriptor\"\n       or v == \"com.android.server.usb.descriptors.UsbDescriptor\"\n       or v == \"com.android.server.usb.descriptors.UsbACSelectorUnit\"\n       or v == \"com.android.server.usb.descriptors.UsbACHeaderInterface\"\n       or v == \"com.android.server.usb.descriptors.UsbEndpointDescriptor\"\n       or v == \"com.android.server.usb.descriptors.report.TextReportCanvas\"\n       or v == \"com.android.server.usb.descriptors.report.Reporting\"\n       or v == \"com.android.server.usb.descriptors.report.ReportCanvas\"\n       or v == \"com.android.server.usb.descriptors.report.UsbStrings\"\n       or v == \"com.android.server.usb.descriptors.report.HTMLReportCanvas\"\n       or v == \"com.android.server.usb.descriptors.Usb10ACInputTerminal\"\n       or v == \"com.android.server.usb.descriptors.UsbDescriptorParser\"\n       or v == \"com.android.server.usb.descriptors.Usb10ASGeneral\"\n       or v == \"com.android.server.usb.descriptors.ByteStream\"\n       or v == \"com.android.server.usb.descriptors.UsbACMidiEndpoint\"\n       or v == \"com.android.server.usb.descriptors.Usb20ASFormatIIEx\"\n       or v == \"com.android.server.usb.descriptors.Usb10ACMixerUnit\"\n       or v == \"com.android.server.usb.descriptors.Usb20ASFormatII\"\n       or v == \"com.android.server.usb.descriptors.Usb20ACOutputTerminal\"\n       or v == \"com.android.server.usb.descriptors.UsbACTerminal\"\n       or v == \"com.android.server.usb.descriptors.UsbACInterfaceUnparsed\"\n       or v == \"com.android.server.accessibility.TouchExplorer\"\n       or v == \"com.android.server.coverage.CoverageService\"\n       or v == \"com.android.server.companion.CompanionDeviceManagerService\"\n       or v == \"android.opengl.GLWallpaperService\"\n       or v == \"android.mtp.MtpDatabase\"\n       or v == \"android.mtp.MtpServer\"\n       or v == \"android.mtp.MtpStorage\"\n       or v == \"android.media.PlayerProxy\"\n       or v == \"android.media.MediaScanner\"\n       or v == \"android.media.MediaTimeProvider\"\n       or v == \"android.media.OnMediaTimeListener\"\n       or v == \"android.media.soundtrigger.SoundTriggerDetector\"\n       or v == \"android.media.soundtrigger.RecognitionCallback\"\n       or v == \"android.media.soundtrigger.SoundTriggerManager\"\n       or v == \"android.media.audiofx.OnParameterChangeListener\"\n       or v == \"android.media.audiofx.Settings\"\n       or v == \"android.media.audiofx.OnServerDiedListener\"\n       or v == \"android.media.audiofx.OnParameterChangeListener\"\n       or v == \"android.media.MediaFile\"\n       or v == \"android.media.PlayerDeathMonitor\"\n       or v == \"android.media.RemoteDisplay\"\n       or v == \"android.media.AudioPort\"\n       or v == \"android.media.SRTRenderer\"\n       or v == \"android.media.MiniThumbFile\"\n       or v == \"android.media.midi.MidiDeviceServer\"\n       or v == \"android.media.TtmlRenderer\"\n       or v == \"android.media.TtmlUtils\"\n       or v == \"android.media.TtmlCue\"\n       or v == \"android.media.TtmlNode\"\n       or v == \"android.media.TtmlParser\"\n       or v == \"android.media.TtmlNodeListener\"\n       or v == \"android.media.TtmlTrack\"\n       or v == \"android.media.TtmlRenderingWidget\"\n       or v == \"android.media.audiopolicy.AudioPolicyConfig\"\n       or v == \"android.media.audiopolicy.AudioMixingRule\"\n       or v == \"android.media.audiopolicy.AudioMix\"\n       or v == \"android.media.audiopolicy.AudioPolicy\"\n       or v == \"android.media.Callback\"\n       or v == \"android.media.MediaHTTPConnection\"\n       or v == \"android.media.DecoderCapabilities\"\n       or v == \"android.media.OnSubtitleDataListener\"\n       or v == \"android.media.TimeProvider\"\n       or v == \"android.media.MediaHTTPService\"\n       or v == \"android.media.AudioManagerInternal\"\n       or v == \"android.media.MediaScannerClient\"\n       or v == \"android.media.SubtitleTrack\"\n       or v == \"android.media.CueList\"\n       or v == \"android.media.Cue\"\n       or v == \"android.media.Run\"\n       or v == \"android.media.VolumePolicy\"\n       or v == \"android.media.tv.ProgramColumns\"\n       or v == \"android.media.tv.PreviewProgramColumns\"\n       or v == \"android.media.tv.WatchedPrograms\"\n       or v == \"android.media.tv.TvStreamConfig\"\n       or v == \"android.media.tv.TvInputSettings\"\n       or v == \"android.media.tv.ITvInputSessionWrapper\"\n       or v == \"android.media.tv.DvbDeviceInfo\"\n       or v == \"android.media.tv.TvInputHardwareInfo\"\n       or v == \"android.media.tv.SessionCallback\"\n       or v == \"android.media.tv.HardwareCallback\"\n       or v == \"android.media.tv.Session\"\n       or v == \"android.media.tv.FinishedInputEventCallback\"\n       or v == \"android.media.tv.Hardware\"\n       or v == \"android.media.tv.TvContentRatingSystemInfo\"\n       or v == \"android.media.BufferingParams\"\n       or v == \"android.media.Cea708CaptionRenderer\"\n       or v == \"android.media.Cea708CaptionTrack\"\n       or v == \"android.media.Cea708CCParser\"\n       or v == \"android.media.Const\"\n       or v == \"android.media.CaptionColor\"\n       or v == \"android.media.CaptionEvent\"\n       or v == \"android.media.CaptionPenAttr\"\n       or v == \"android.media.CaptionPenColor\"\n       or v == \"android.media.CaptionPenLocation\"\n       or v == \"android.media.CaptionWindowAttr\"\n       or v == \"android.media.CaptionWindow\"\n       or v == \"android.media.Cea708CCWidget\"\n       or v == \"android.media.ScaledLayout\"\n       or v == \"android.media.ScaledLayoutParams\"\n       or v == \"android.media.CCLayout\"\n       or v == \"android.media.CCHandler\"\n       or v == \"android.media.CCWindowLayout\"\n       or v == \"android.media.CCView\"\n       or v == \"android.media.EncoderCapabilities\"\n       or v == \"android.media.AudioFocusInfo\"\n       or v == \"android.media.AudioGainConfig\"\n       or v == \"android.media.RemoteDisplayState\"\n       or v == \"android.media.AudioGain\"\n       or v == \"android.media.AmrInputStream\"\n       or v == \"android.media.ExternalRingtonesCursorWrapper\"\n       or v == \"android.media.WebVttRenderer\"\n       or v == \"android.media.TextTrackCueSpan\"\n       or v == \"android.media.UnstyledTextExtractor\"\n       or v == \"android.media.Tokenizer\"\n       or v == \"android.media.TextTrackRegion\"\n       or v == \"android.media.TextTrackCue\"\n       or v == \"android.media.WebVttParser\"\n       or v == \"android.media.WebVttCueListener\"\n       or v == \"android.media.WebVttTrack\"\n       or v == \"android.media.WebVttRenderingWidget\"\n       or v == \"android.media.SubtitleController\"\n       or v == \"android.media.AudioSystem\"\n       or v == \"android.media.Metadata\"\n       or v == \"android.media.AudioRoutesInfo\"\n       or v == \"android.media.PlayerBase\"\n       or v == \"android.media.CharPos\"\n       or v == \"android.media.Justification\"\n       or v == \"android.media.Style\"\n       or v == \"android.media.Font\"\n       or v == \"android.media.Karaoke\"\n       or v == \"android.media.HyperText\"\n       or v == \"android.media.browse.MediaBrowserUtils\"\n       or v == \"android.media.Builder\"\n       or v == \"android.media.State\"\n       or v == \"android.media.MediaInserter\"\n       or v == \"android.media.ClosedCaptionRenderer\"\n       or v == \"android.media.Cea608CaptionTrack\"\n       or v == \"android.media.ClosedCaptionWidget\"\n       or v == \"android.media.ClosedCaptionLayout\"\n       or v == \"android.media.Cea608CCParser\"\n       or v == \"android.media.MutableBackgroundColorSpan\"\n       or v == \"android.media.Cea608CCWidget\"\n       or v == \"android.media.MediaRouterClientState\"\n       or v == \"android.media.ResampleInputStream\"\n       or v == \"android.media.OnAudioPortUpdateListener\"\n       or v == \"android.media.CertificateRequest\"\n       or v == \"android.media.Certificate\"\n       or v == \"android.media.AudioPatch\"\n       or v == \"android.media.MediaImage\"\n       or v == \"android.media.SubtitleData\"\n       or v == \"android.media.projection.Callback\"\n       or v == \"android.media.projection.CallbackDelegate\"\n       or v == \"android.media.projection.MediaProjectionInfo\"\n       or v == \"android.media.session.OnVolumeKeyLongPressListener\"\n       or v == \"android.media.session.OnMediaKeyListener\"\n       or v == \"android.media.session.Callback\"\n       or v == \"android.media.session.MediaSessionLegacyHelper\"\n       or v == \"android.media.session.ParcelableVolumeInfo\"\n       or v == \"android.media.session.CallbackStub\"\n       or v == \"android.media.effect.FilterEffect\"\n       or v == \"android.media.effect.FilterGraphEffect\"\n       or v == \"android.media.effect.SingleFilterEffect\"\n       or v == \"android.media.effect.effects.BrightnessEffect\"\n       or v == \"android.media.effect.effects.BitmapOverlayEffect\"\n       or v == \"android.media.effect.effects.DuotoneEffect\"\n       or v == \"android.media.effect.effects.SharpenEffect\"\n       or v == \"android.media.effect.effects.ColorTemperatureEffect\"\n       or v == \"android.media.effect.effects.LomoishEffect\"\n       or v == \"android.media.effect.effects.SepiaEffect\"\n       or v == \"android.media.effect.effects.FlipEffect\"\n       or v == \"android.media.effect.effects.VignetteEffect\"\n       or v == \"android.media.effect.effects.AutoFixEffect\"\n       or v == \"android.media.effect.effects.RotateEffect\"\n       or v == \"android.media.effect.effects.SaturateEffect\"\n       or v == \"android.media.effect.effects.CrossProcessEffect\"\n       or v == \"android.media.effect.effects.BackDropperEffect\"\n       or v == \"android.media.effect.effects.TintEffect\"\n       or v == \"android.media.effect.effects.PosterizeEffect\"\n       or v == \"android.media.effect.effects.GrayscaleEffect\"\n       or v == \"android.media.effect.effects.RedEyeEffect\"\n       or v == \"android.media.effect.effects.DocumentaryEffect\"\n       or v == \"android.media.effect.effects.IdentityEffect\"\n       or v == \"android.media.effect.effects.FisheyeEffect\"\n       or v == \"android.media.effect.effects.ContrastEffect\"\n       or v == \"android.media.effect.effects.StraightenEffect\"\n       or v == \"android.media.effect.effects.FillLightEffect\"\n       or v == \"android.media.effect.effects.GrainEffect\"\n       or v == \"android.media.effect.effects.BlackWhiteEffect\"\n       or v == \"android.media.effect.effects.NegativeEffect\"\n       or v == \"android.media.effect.SizeChangeEffect\"\n       or v == \"android.filterpacks.ui.SurfaceTargetFilter\"\n       or v == \"android.filterpacks.ui.SurfaceRenderFilter\"\n       or v == \"android.filterpacks.videosrc.MediaSource\"\n       or v == \"android.filterpacks.videosrc.CameraSource\"\n       or v == \"android.filterpacks.videosrc.SurfaceTextureSource\"\n       or v == \"android.filterpacks.videosrc.SurfaceTextureTarget\"\n       or v == \"android.filterpacks.videosink.MediaEncoderFilter\"\n       or v == \"android.filterpacks.videosink.MediaRecorderStopException\"\n       or v == \"android.filterpacks.numeric.SinWaveFilter\"\n       or v == \"android.filterpacks.imageproc.ContrastFilter\"\n       or v == \"android.filterpacks.imageproc.StraightenFilter\"\n       or v == \"android.filterpacks.imageproc.DrawRectFilter\"\n       or v == \"android.filterpacks.imageproc.CropRectFilter\"\n       or v == \"android.filterpacks.imageproc.ToGrayFilter\"\n       or v == \"android.filterpacks.imageproc.AlphaBlendFilter\"\n       or v == \"android.filterpacks.imageproc.CropFilter\"\n       or v == \"android.filterpacks.imageproc.ImageCombineFilter\"\n       or v == \"android.filterpacks.imageproc.RedEyeFilter\"\n       or v == \"android.filterpacks.imageproc.ToRGBFilter\"\n       or v == \"android.filterpacks.imageproc.SimpleImageFilter\"\n       or v == \"android.filterpacks.imageproc.FisheyeFilter\"\n       or v == \"android.filterpacks.imageproc.ResizeFilter\"\n       or v == \"android.filterpacks.imageproc.FixedRotationFilter\"\n       or v == \"android.filterpacks.imageproc.BlendFilter\"\n       or v == \"android.filterpacks.imageproc.ToRGBAFilter\"\n       or v == \"android.filterpacks.imageproc.DrawOverlayFilter\"\n       or v == \"android.filterpacks.imageproc.BitmapSource\"\n       or v == \"android.filterpacks.imageproc.ImageEncoder\"\n       or v == \"android.filterpacks.imageproc.ToPackedGrayFilter\"\n       or v == \"android.filterpacks.imageproc.RotateFilter\"\n       or v == \"android.filterpacks.imageproc.BrightnessFilter\"\n       or v == \"android.filterpacks.imageproc.BitmapOverlayFilter\"\n       or v == \"android.filterpacks.imageproc.Invert\"\n       or v == \"android.filterpacks.imageproc.FlipFilter\"\n       or v == \"android.filterpacks.text.ToUpperCase\"\n       or v == \"android.filterpacks.text.StringSource\"\n       or v == \"android.filterpacks.text.StringLogger\"\n       or v == \"android.filterpacks.performance.ThroughputFilter\"\n       or v == \"android.filterpacks.performance.Throughput\"\n       or v == \"android.filterpacks.base.CallbackFilter\"\n       or v == \"android.filterpacks.base.NoneFilter\"\n       or v == \"android.filterpacks.base.GLTextureSource\"\n       or v == \"android.filterpacks.base.FrameBranch\"\n       or v == \"android.filterpacks.base.RetargetFilter\"\n       or v == \"android.filterpacks.base.GLTextureTarget\"\n       or v == \"android.filterpacks.base.FrameFetch\"\n       or v == \"android.filterpacks.base.ObjectSource\"\n       or v == \"android.filterpacks.base.FrameSource\"\n       or v == \"android.filterpacks.base.OutputStreamTarget\"\n       or v == \"android.filterpacks.base.InputStreamSource\"\n       or v == \"android.filterpacks.base.FrameStore\"\n       or v == \"android.filterpacks.videoproc.BackDropperFilter\"\n       or v == \"android.filterfw.core.FilterSurfaceView\"\n       or v == \"android.filterfw.core.InputPort\"\n       or v == \"android.filterfw.core.FieldPort\"\n       or v == \"android.filterfw.core.StreamPort\"\n       or v == \"android.filterfw.core.FilterContext\"\n       or v == \"android.filterfw.core.GLFrame\"\n       or v == \"android.filterfw.core.SimpleFrame\"\n       or v == \"android.filterfw.core.FilterFactory\"\n       or v == \"android.filterfw.core.VertexFrame\"\n       or v == \"android.filterfw.core.GraphRunner\"\n       or v == \"android.filterfw.core.ProgramPort\"\n       or v == \"android.filterfw.core.ShaderProgram\"\n       or v == \"android.filterfw.core.NativeAllocatorTag\"\n       or v == \"android.filterfw.core.Frame\"\n       or v == \"android.filterfw.core.Scheduler\"\n       or v == \"android.filterfw.core.SimpleFrameManager\"\n       or v == \"android.filterfw.core.KeyValueMap\"\n       or v == \"android.filterfw.core.ProgramVariable\"\n       or v == \"android.filterfw.core.FinalPort\"\n       or v == \"android.filterfw.core.FilterGraph\"\n       or v == \"android.filterfw.core.CachedFrameManager\"\n       or v == \"android.filterfw.core.RandomScheduler\"\n       or v == \"android.filterfw.core.FilterPort\"\n       or v == \"android.filterfw.core.MutableFrameFormat\"\n       or v == \"android.filterfw.core.FrameManager\"\n       or v == \"android.filterfw.core.NativeFrame\"\n       or v == \"android.filterfw.core.FilterFunction\"\n       or v == \"android.filterfw.core.AsyncRunner\"\n       or v == \"android.filterfw.core.ProtocolException\"\n       or v == \"android.filterfw.core.FrameFormat\"\n       or v == \"android.filterfw.core.NativeBuffer\"\n       or v == \"android.filterfw.core.Program\"\n       or v == \"android.filterfw.core.RoundRobinScheduler\"\n       or v == \"android.filterfw.core.GLEnvironment\"\n       or v == \"android.filterfw.core.StopWatch\"\n       or v == \"android.filterfw.core.SerializedFrame\"\n       or v == \"android.filterfw.core.OneShotScheduler\"\n       or v == \"android.filterfw.core.NativeProgram\"\n       or v == \"android.filterfw.core.SimpleScheduler\"\n       or v == \"android.filterfw.core.Filter\"\n       or v == \"android.filterfw.core.OutputPort\"\n       or v == \"android.filterfw.core.SyncRunner\"\n       or v == \"android.filterfw.io.GraphReader\"\n       or v == \"android.filterfw.io.GraphIOException\"\n       or v == \"android.filterfw.io.TextGraphReader\"\n       or v == \"android.filterfw.io.PatternScanner\"\n       or v == \"android.filterfw.GraphEnvironment\"\n       or v == \"android.filterfw.MffEnvironment\"\n       or v == \"android.filterfw.FilterFunctionEnvironment\"\n       or v == \"android.filterfw.format.PrimitiveFormat\"\n       or v == \"android.filterfw.format.ObjectFormat\"\n       or v == \"android.filterfw.format.ImageFormat\"\n       or v == \"android.filterfw.geometry.Quad\"\n       or v == \"android.filterfw.geometry.Point\"\n       or v == \"android.filterfw.geometry.Rectangle\"\n   ]\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class: name == \"java.net.PasswordAuthentication\"]\n      ]\n      and ( \n   arguments[1] is [FunctionCall:\n       function is [Function:\n    name == \"toCharArray\"\n    and enclosingClass.supers contains [Class: name == \"java.lang.String\"]\n       ]\n       and not instance.constantValue.None\n       and instance.constantValue == \"\"\n   ]\n   or arguments[1] is [VariableAccess:\n       variable is [Variable:\n    uses contains [VariableAccess va:\n        enclosingStatement is [AssignmentStatement:\n     lhs is va\n     and rhs is [FunctionCall:\n         function is [Function:\n      name == \"toCharArray\"\n      and enclosingClass.supers contains [Class: name == \"java.lang.String\"]\n         ]\n         and not instance.constantValue.None\n         and instance.constantValue == \"\"\n     ]*\n        ]\n    ]\n       ]\n   ]\n   or arguments[1] is [FieldAccess:\n       field is [Field f:\n    enclosingClass.functions contains [Function:\n        contains [AssignmentStatement:\n     lhs is [FieldAccess: field is f] \n     and rhs is [FunctionCall:\n         function is [Function:\n      name == \"toCharArray\"\n      and enclosingClass.supers contains [Class: name == \"java.lang.String\"]\n         ]\n         and not instance.constantValue.None\n         and instance.constantValue == \"\"\n     ]*\n        ]\n    ]\n       ]\n   ]\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class: name == \"java.net.PasswordAuthentication\"]\n      ]\n      and ( \n   arguments[1] is [FunctionCall:\n       function is [Function:\n    name == \"toCharArray\"\n    and enclosingClass.supers contains [Class: name == \"java.lang.String\"]\n       ]\n       and not instance.constantValue.None\n       and not instance.constantValue is [None:]\n       and not instance.constantValue == \"\"\n   ]\n   or arguments[1] is [VariableAccess:\n       variable is [Variable:\n    uses contains [VariableAccess va:\n        enclosingStatement is [AssignmentStatement:\n     lhs is va\n     and rhs is [FunctionCall:\n         function is [Function:\n      name == \"toCharArray\"\n      and enclosingClass.supers contains [Class: name == \"java.lang.String\"]\n         ]\n         and not instance.constantValue.None\n         and not instance.constantValue is [None:]\n         and not instance.constantValue == \"\"\n     ]*\n        ]\n    ]\n       ]\n   ]\n   or arguments[1] is [FieldAccess:\n       field is [Field f:\n    enclosingClass.functions contains [Function:\n        contains [AssignmentStatement:\n     lhs is [FieldAccess: field is f] \n     and rhs is [FunctionCall:\n         function is [Function:\n      name == \"toCharArray\"\n      and enclosingClass.supers contains [Class: name == \"java.lang.String\"]\n         ]\n         and not instance.constantValue.None\n         and not instance.constantValue is [None:]\n         and not instance.constantValue == \"\"\n     ]*\n        ]\n    ]\n       ]\n   ]\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  Function f:\n      name == \"verify\"\n      and enclosingClass is [Class c:\n   directSupers contains [Class s:\n       name == \"javax.net.ssl.HostnameVerifier\"\n   ]\n      ] and contains [ReturnStatement: \n   expression.constantValue is [Boolean: is true]\n      ] and not contains [ReturnStatement: \n   expression.constantValue is [Boolean: is false]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall call: call.function.name matches \"setHostnameVerifier|setDefaultHostnameVerifier\" and\n   call.function.enclosingClass.name matches \"org\\.apache\\.http\\.conn\\.ssl\\.SSLSocketFactory|javax\\.net\\.ssl\\.HttpsURLConnection\" and\n   ( (call.arguments[0] is [ FieldAccess fa: fa.field.name matches \"ALLOW_ALL_HOSTNAME_VERIFIER\" and\n             fa.field.type.name == \"org.apache.http.conn.ssl.X509HostnameVerifier\"]) or\n     (call.arguments[0].type.definition is [ Class c: c.supers contains\n            [Class super: super.type.name matches \"org\\.apache\\.http\\.conn\\.ssl\\.(AllowAll|Noop)HostnameVerifier\"]])\n   )\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Redundant Initialization",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and rhs.constantValue.None]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and variable is\n  [Variable var: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp and not final and uses.length > 1]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Redundant Initialization",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: lhs.location is va and rhs.constantValue.None]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and variable is\n  [Variable var: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp and not final and uses.length > 1]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Redundant Initialization",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: lhs.location is va and rhs.constantValue.None]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and variable is\n  [Variable: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp and uses.length > 1]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Value Never Read",
-    "predicate": "\n  VariableAccess va:\n      reads.length == 0\n      and va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase]]\n      and not sourceLocation.None\n      and not sourceLocation.isMacroExpansion\n      and not va.this\n      and not va.variable.name == \"_\"\n      and (\n   variable is [Variable var:\n       not static\n       and not enclosingFunction.None\n       and not referenceTaken\n       and not sourceLocation.None\n       and not va.sourceLocation.None\n       and not sourceLocation.startLine == va.sourceLocation.startLine\n       and not isTemp\n       and not final\n   ]*\n   or variable is [Variable:\n       not static\n       and not enclosingFunction.None\n       and not referenceTaken\n       and not sourceLocation.None\n       and not va.sourceLocation.None\n       and sourceLocation.startLine == va.sourceLocation.startLine\n       and not isTemp\n       and not final\n       and uses.length == 1\n   ]*\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Value Never Read",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: lhs.location is va]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and (variable is\n  [Variable var: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and not sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp and not final]* or variable is\n  [Variable: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp and not final and uses.length == 1]*)\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Value Never Read",
-    "predicate": "\n  VariableAccess va: reads.length == 0\n  and va in [AssignmentStatement: lhs.location is va]\n  and not sourceLocation.None\n  and not sourceLocation.isMacroExpansion\n  and (variable is\n  [Variable: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and not sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp]* or variable is\n  [Variable: not static and not enclosingFunction.None\n   and not type.indirectionLevel > 0 and not referenceTaken\n   and not sourceLocation.None\n   and not va.sourceLocation.None\n   and sourceLocation.startLine == va.sourceLocation.startLine\n   and not isTemp and uses.length == 1]*)\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Unsafe JNI",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: function is [Function:\n      modifiers contains \"native\"\n      /* uses of native on GWT applications are JSNI, not JNI */\n      and not enclosingClass.supers contains [Class: name matches \"com\\.google\\.gwt\\..*\"]\n      and not enclosingClass.functions contains [Function:\n   parameters contains [Variable:\n      type.definition.enclosingClass.supers contains [Class: name matches \"com\\.google\\.gwt\\..*\"]\n   ]\n   or contains [FunctionCall:\n      function.enclosingClass.supers contains [Class: name matches \"com\\.google\\.gwt\\..*\"]\n   ]\n      ]\n      /* function is in a user-defined class */\n      /* note: cannot use isBodyAvailable on the native function itself as it returns false (since there isn't really a body available anyway) */\n      and enclosingClass is [Class: \n   /* note 2: this works on classes that ONLY specify native functions, due to the implicit default methods such as the constructor */\n   functions contains [Function: isBodyAvailable]\n      ]\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Unsafe JNI",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: function is [Function:\n      modifiers contains \"native\"\n      /* uses of native on GWT applications are JSNI, not JNI */\n      and not enclosingClass.supers contains [Class: name matches \"com\\.google\\.gwt\\..*\"]\n      and not enclosingClass.functions contains [Function:\n   parameters contains [Variable:\n      type.definition.enclosingClass.supers contains [Class: name matches \"com\\.google\\.gwt\\..*\"]\n   ]\n   or contains [FunctionCall:\n      function.enclosingClass.supers contains [Class: name matches \"com\\.google\\.gwt\\..*\"]\n   ]\n      ]\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"(deregister|get)(Driver|Drivers|Connection)\" and\n     fc.function.enclosingClass.name matches \"java\\.sql\\.DriverManager\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "SecurityManager Bypass",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"(deregister|get)(Driver|Drivers|Connection)\" and\n     fc.function.enclosingClass.name matches \"java\\.sql\\.DriverManager\" and\n     ( fc.enclosingFunction is [public or protected] or\n       fc.enclosingFunction reachedBy [Function f: public] ) and\n     not enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Restricted Method",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call:\n      function is [Function:\n   name == \"withTargetLayout\"\n   and enclosingClass.supers contains [Class:\n       name == \"java.lang.foreign.AddressLayout\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Restricted Method",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call:\n      function is [Function:\n   name == \"upcallStub\"\n   and enclosingClass.supers contains [Class:\n       name == \"java.lang.foreign.Linker\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Restricted Method",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call:\n      function is [Function:\n   name == \"libraryLookup\"\n   and enclosingClass.supers contains [Class:\n       name == \"java.lang.foreign.SymbolLookup\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Restricted Method",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call:\n      function is [Function:\n   name == \"reinterpret\"\n   and enclosingClass.supers contains [Class:\n       name == \"java.lang.foreign.MemorySegment\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Restricted Method",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call:\n      function is [Function:\n   name == \"downcallHandle\"\n   and enclosingClass.supers contains [Class:\n       name == \"java.lang.foreign.Linker\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded HMAC Key",
-    "predicate": "\n  FunctionCall fc: function.name == \"init\" and\n  fc.function.enclosingClass.supers contains [Class: name == \"javax.crypto.Mac\"] and\n  fc.arguments[0] is [Expression e: not e.constantValue.None and\n        not e.constantValue is [None:] and\n        not e.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty HMAC Key",
-    "predicate": "\n  FunctionCall fc: function.name == \"init\" and\n  fc.function.enclosingClass.supers contains [Class: name == \"javax.crypto.Mac\"] and\n  fc.arguments[0] is [Expression e: e.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc: (function.constructor or function.name == \"init^\") and\n  fc.function.enclosingClass.supers contains [Class: name == \"javax.crypto.spec.SecretKeySpec\"] and\n  fc.arguments[0] is [Expression e: not e.constantValue.None and\n        not e.constantValue is [None:] and\n        not e.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FunctionCall fc: (function.constructor or function.name == \"init^\") and\n  fc.function.enclosingClass.supers contains [Class: name == \"javax.crypto.spec.SecretKeySpec\"] and\n  fc.arguments[0] is [Expression e: e.constantValue is [None:]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc: (function.constructor or function.name == \"init^\") and\n  fc.function.enclosingClass.supers contains [Class: name == \"javax.crypto.spec.SecretKeySpec\"] and\n  fc.arguments[0] is [Expression e: e.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "JavaScript Hijacking",
-    "vuln_subcategory": "Vulnerable Framework",
-    "predicate": "\n  Class: name == \"JS_HIJACKING_PLACEHOLDER\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Incorrect Serializable Method Signature",
-    "predicate": "\n  Function: name == \"readObjectNoData\" /* don't count other variants that are called by something else manually, such as within another serializable method */\n      and isBodyAvailable\n      and callers.length == 0\n      and enclosingClass.supers contains [Class:\n   name == \"java.io.Serializable\"]\n      and (\n   parameterSlots.length > 0 /* should be no parameters */\n   or (\n       not private\n       and not protected /* in case abstract class */\n       )\n   or static /* shouldn't be static */\n   or not exceptionTypes contains [Type:\n       definition.supers contains [Class:\n    name == \"java.io.IOException\"]\n       ]\n   )\n      and not enclosingClass.functions contains [Function f1:\n   /* make sure not matching against overloaded variant\n   and class also contains correct version */ f1.name == \"readObjectNoData\"\n   and f1.isBodyAvailable\n   and f1.parameterSlots.length == 0\n   and (f1.private\n       or f1.protected)\n   and not f1.static\n   and f1.exceptionTypes contains [Type:\n       definition.supers contains [Class:\n    name == \"java.io.ObjectStreamException\"]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Incorrect Serializable Method Signature",
-    "predicate": "\n  Function: name == \"readObjectNoData\" /* don't count other variants that are called by something else manually, such as within another serializable method */\n      and callers.length == 0\n      and enclosingClass.supers contains [Class:\n   name == \"java.io.Serializable\"]\n      and (\n   parameterSlots.length > 0 /* should be no parameters */\n   or (\n       not private\n       and not protected /* in case abstract class */\n       )\n   or static /* shouldn't be static */\n   or not exceptionTypes contains [Type:\n       definition.supers contains [Class:\n    name == \"java.io.IOException\"]\n       ]\n   )\n      and not enclosingClass.functions contains [Function f1:\n   /* make sure not matching against overloaded variant\n   and class also contains correct version */ f1.name == \"readObjectNoData\"\n   and f1.parameterSlots.length == 0\n   and (f1.private\n       or f1.protected)\n   and not f1.static\n   and f1.exceptionTypes contains [Type:\n       definition.supers contains [Class:\n    name == \"java.io.ObjectStreamException\"]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Incorrect Serializable Method Signature",
-    "predicate": "\n  Function: name == \"readObject\"\n  /* don't count other variants that are called by something else manually, such as within another serializable method */\n      and isBodyAvailable\n      and callers.length == 0\n      and parameterTypes[0].definition.supers contains [Class:\n   name == \"java.io.ObjectInputStream\"]\n   and enclosingClass.supers contains [Class:\n       name == \"java.io.Serializable\"]\n       and ( parameterSlots.length > 1 /* should only be one parameter */\n       or ( not private\n       and not protected /* in case abstract class */ )\n       or static /* shouldn't be static */\n       or not (exceptionTypes contains [Type:\n    definition.supers contains [Class:\n        name == \"java.io.IOException\"]\n    and definition.supers contains [Class:\n        name == \"java.lang.ClassNotFoundException\"]\n        ]) )\n        and not enclosingClass.functions contains [Function f1:\n     /* make sure not matching against overloaded variant\n     and class also contains correct version */ f1.name == \"readObject\"\n     and f1.isBodyAvailable\n     and f1.parameterSlots.length == 1\n     and f1.parameterTypes[0].definition.supers contains [Class:\n         name == \"java.io.ObjectInputStream\"]\n         and (f1.private\n         or f1.protected)\n         and not f1.static\n         and f1.exceptionTypes contains [Type: definition.supers contains [Class:\n      name == \"java.io.IOException\"]\n         ]\n         and f1.exceptionTypes contains [Type: definition.supers contains [Class:\n      name == \"java.lang.ClassNotFoundException\"]\n         ]\n     ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Incorrect Serializable Method Signature",
-    "predicate": "\n  Function: name == \"readObject\"\n  /* don't count other variants that are called by something else manually, such as within another serializable method */\n      and callers.length == 0\n      and parameterTypes[0].definition.supers contains [Class:\n   name == \"java.io.ObjectInputStream\"]\n   and enclosingClass.supers contains [Class:\n       name == \"java.io.Serializable\"]\n       and ( parameterSlots.length > 1 /* should only be one parameter */\n       or ( not private\n       and not protected /* in case abstract class */ )\n       or static /* shouldn't be static */\n       or not (exceptionTypes contains [Type:\n    definition.supers contains [Class:\n        name == \"java.io.IOException\"]\n    and definition.supers contains [Class:\n        name == \"java.lang.ClassNotFoundException\"]\n        ]) )\n        and not enclosingClass.functions contains [Function f1:\n     /* make sure not matching against overloaded variant\n     and class also contains correct version */ f1.name == \"readObject\"\n     and f1.parameterSlots.length == 1\n     and f1.parameterTypes[0].definition.supers contains [Class:\n         name == \"java.io.ObjectInputStream\"]\n         and (f1.private\n         or f1.protected)\n         and not f1.static\n         and f1.exceptionTypes contains [Type: definition.supers contains [Class:\n      name == \"java.io.IOException\"]\n         ]\n         and f1.exceptionTypes contains [Type: definition.supers contains [Class:\n      name == \"java.lang.ClassNotFoundException\"]\n         ]\n     ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Incorrect Serializable Method Signature",
-    "predicate": "\n  Function: name == \"writeObject\" /* don't count other variants that are called by something else manually, such as within another serializable method */\n      and isBodyAvailable\n      and callers.length == 0\n      and parameterTypes[0].definition.supers contains [Class:\n   name == \"java.io.ObjectOutputStream\"]\n   and enclosingClass.supers contains [Class:\n       name == \"java.io.Serializable\"]\n       and ( parameterSlots.length > 1 /* should only be one parameter */\n       or ( not private\n       and not protected /* in case abstract class */ )\n       or static /* shouldn't be static */\n       or not exceptionTypes contains [Type:\n    definition.supers contains [Class:\n        name == \"java.io.IOException\"]\n        ] )\n        and not enclosingClass.functions contains [Function f1:\n     /* make sure not matching against overloaded variant\n     and class also contains correct version */ f1.name == \"writeObject\"\n     and f1.isBodyAvailable\n     and f1.parameterSlots.length == 1\n     and f1.parameterTypes[0].definition.supers contains [Class:\n         name == \"java.io.ObjectOutputStream\"]\n         and (f1.private\n         or f1.protected)\n         and not f1.static\n         and f1.exceptionTypes[0].definition.supers contains [Class:\n      name == \"java.io.IOException\"]\n         ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Incorrect Serializable Method Signature",
-    "predicate": "\n  Function: name == \"writeObject\"\n      /* don't count other variants that are called by something else manually, such as within another serializable method */\n      and callers.length == 0\n      and parameterTypes[0].definition.supers contains [Class:\n   name == \"java.io.ObjectOutputStream\"]\n      and enclosingClass.supers contains [Class:\n   name == \"java.io.Serializable\"]\n      and (\n   parameterSlots.length > 1 /* should only be one parameter */\n       or (\n    not private and not protected /* in case abstract class */\n    )\n       or static /* shouldn't be static */\n       or not exceptionTypes contains [Type: definition.supers contains [Class: name == \"java.io.IOException\"]]\n   )\n      and not enclosingClass.functions contains [Function f1:\n   /* make sure not matching against overloaded variant and class also contains correct version */\n   f1.name == \"writeObject\"\n   and f1.parameterSlots.length == 1\n   and f1.parameterTypes[0].definition.supers contains [Class:\n       name == \"java.io.ObjectOutputStream\"]\n   and (f1.private or f1.protected)\n   and not f1.static\n   and f1.exceptionTypes[0].definition.supers contains [Class: name == \"java.io.IOException\"]\n   ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Non-Synchronized Method Overrides Synchronized Method",
-    "predicate": "\n     Function f: (not f.synchronized) and\n  f.supers contains [Function fs: fs.synchronized]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Non-Synchronized Method Overrides Synchronized Method",
-    "predicate": "\n  Function f: (not f.synchronized and not contains [SynchronizedBlock: ])\n      and f.supers contains [Function fs: fs.synchronized or contains [SynchronizedBlock: ]]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \"(?i)CREATE .* IDENTIFIED BY ''.*\"\n      and not constantValue matches \"(?i)CREATE .* IDENTIFIED BY PASSWORD.*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \"(?i)CREATE .* IDENTIFIED BY ([^']+|'.+') .*\"\n      and not constantValue matches \"(?i)CREATE .* IDENTIFIED BY PASSWORD.*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Negative Content-Length",
-    "predicate": "\n\nFunctionCall call:\n  call.function is [\n    Function f:\n      f.enclosingClass.supers contains [Class c: c.type.name == \"org.apache.http.message.BasicHeader\"]\n and (f.constructor or f.name == \"init^\")\n and call.arguments[0].constantValue == \"Content-Length\"\n and call.arguments[1].constantValue matches \"-\\d*\"\n  ]\n\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Negative Content-Length",
-    "predicate": "\n\nFunctionCall call:\n  call.function is [\n    Function f:\n      f.enclosingClass.supers contains [Class c: c.type.name == \"org.apache.http.HttpMessage\"]\n and f.name == \"setHeader\"\n and call.arguments[0].constantValue == \"Content-Length\"\n and call.arguments[1].constantValue matches \"-\\d*\"\n  ]\n\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Negative Content-Length",
-    "predicate": "\n\nFunctionCall call:\n  call.function is [\n    Function f:\n      f.enclosingClass is [Class c: c.type.name == \"java.net.URLConnection\"]\n and f.name == \"setRequestProperty\"\n and call.arguments[0].constantValue == \"Content-Length\"\n and call.arguments[1].constantValue matches \"-\\d*\"\n  ]\n\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "readObject() Invokes Overridable Function",
-    "predicate": "\n  FunctionCall fc: enclosingFunction is\n      [Function reader: name == \"readObject\"\n   and enclosingClass.supers contains [Class:\n       name == \"java.io.Serializable\"]\n       and callees contains [Function f: fc.function == f\n    and isBodyAvailable\n    and f.enclosingClass.supers contains [Class c: c == reader.enclosingClass]\n    and name != \"readObject\"\n    and not (\n        name matches \"defaultReadObject|readFields\"\n        and enclosingClass.supers contains [Class: name == \"java.io.ObjectInputStream\"]\n    )\n    and not private\n    and not static\n    and not final\n    and not enclosingClass.final\n    and not enclosingClass.abstract\n    and not constructor]*\n      ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Non-Static Inner Class Implements Serializable",
-    "predicate": "\n  Class: not static\n      /* not an enum */\n      and not supers contains [Class: name == \"java.lang.Enum\"]\n      and supers contains [Class: name == \"java.io.Serializable\"]\n      and not enclosingClass.None\n      /* inner class, not anonymous/local class or lambda */\n      and not name matches \".*\\$[0-9].*|.*@lambda([0-9])+\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "clone() Invokes Overridable Function",
-    "predicate": "\n  FunctionCall fc: enclosingFunction is\n      [Function cloner: name == \"clone\"\n   and public\n   and enclosingClass.supers contains [Class: name == \"java.lang.Cloneable\"]\n   and callees contains [Function f: fc.function == f\n       and isBodyAvailable\n       and f.enclosingClass.supers contains [Class c: c == cloner.enclosingClass]\n       and name != \"clone\"\n       and not private\n       and not static\n       and not final\n       and not enclosingClass.final\n       and not enclosingClass.abstract\n       and not constructor]*\n      ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Constructor Invokes Overridable Function",
-    "predicate": "\n  FunctionCall fc:\n      enclosingFunction is [Function init:\n   (name == \"init^\" or constructor)\n   and callees contains [Function f: fc.function == f\n       and isBodyAvailable\n       and f.enclosingClass.supers contains [Class c: c == init.enclosingClass]\n       and not private\n       and not static\n       and not final\n       and not enclosingClass.final\n       and not enclosingClass.abstract\n       and not constructor\n       and not name == \"init^\"\n   ]*\n      ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Hidden Method",
-    "predicate": "\n  Function f: static and not private\n      and enclosingClass.supers contains\n   [Class c: c.name != f.enclosingClass.name\n       and c.functions contains\n       [Function f2: f2.name == f.name\n    and not f2.name matches \"clinit\\^|<static>\"\n    and static and not private\n    and f2.parameterTypes === f.parameterTypes\n    and f2.returnType == f.returnType\n       ]*\n   ]\n   /* and not a main function */\n   and not (f.name == \"main\"\n       and f.parameterTypes.length == 1\n       and f.parameterTypes[0] is\n    [name == \"java.lang.String\" and arrayDimensions == 1])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Comparison with NaN",
-    "predicate": "\n  Operation: (op == \"==\"\n      or op == \"!=\")\n      and ( rhs is [FieldAccess: field is [Field: name == \"NaN\" and static and enclosingClass.supers contains [Class: name matches \"java\\.lang\\.(Double|Float)\"]]]\n   or lhs is [FieldAccess: field is [Field: name == \"NaN\" and static and enclosingClass.supers contains [Class: name matches \"java\\.lang\\.(Double|Float)\"]]]\n   )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Comparison of Boxed Primitive Types",
-    "predicate": "\n  Operation: (op == \"==\" or op == \"!=\")\n      and rhs is [Expression: type.definition.supers contains [Class: name matches \"java\\.lang\\.(Double|Float|Integer|Long|Short|Character)\"]]\n      and lhs is [Expression: type.definition.supers contains [Class: name matches \"java\\.lang\\.(Double|Float|Integer|Long|Short|Character)\"]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Invalid Call to Object.equals()",
-    "predicate": "\n  FunctionCall fc: function is [Function: name == \"equals\" and enclosingClass.name == \"java.lang.Object\"]\n      and fc.instance is [Expression: type.arrayDimensions > 0]*\n      and fc.arguments[0] is [Expression: type.arrayDimensions > 0]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Class Initialization Cycle",
-    "predicate": "\n  FieldAccess fa: field is [Field f: static and final\n    and not f.sourceLocation.None\n    and not fa.sourceLocation.None\n    and f.sourceLocation.startLine == fa.sourceLocation.startLine\n    and labels contains [String s: s == \"StaticFieldDependency\"]\n      and fa.enclosingStatement is [AssignmentStatement: lhs is fa\n       and rhs is\n    [Expression: contains\n        [FieldAccess: field is\n     [Field f2: labels contains [String s2: s2 == \"DependentStaticField\"]]\n        ]*\n    ]\n       ]\n   ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Class Initialization Cycle",
-    "predicate": "\n  FunctionCall fc: function is [Function: constructor and isBodyAvailable\n   /* and isn't the default constructor (automatically generated by SCA) */\n   and not sourceLocation.None\n   and not enclosingClass.sourceLocation.None\n   and sourceLocation.startLine != enclosingClass.sourceLocation.startLine\n   /* calling constructor of own class */\n   and enclosingClass == fc.enclosingClass\n   /* constructor contains static FieldAccess initialized after original assignmentStatement */\n   and contains\n       [FieldAccess fa: field is\n    [Field field: static\n        and field.enclosingClass == fc.enclosingClass\n        and not sourceLocation.None\n        and not fc.sourceLocation.None\n        and sourceLocation.startLine > fc.sourceLocation.startLine\n        /* would like to say field was not initialize to constant value, but can't find a way to do this */\n        and labels contains [String s: s == \"UninitializedStaticField\"]\n    ]*\n    and not enclosingStatement is [AssignmentStatement: lhs === fa]\n       ]*\n   ]*\n      and enclosingFunction is [Function f: name == \"<static>\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"PUT_REGEX_HERE\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"PUT_REGEX_HERE\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"  and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"PUT_REGEX_HERE\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"PUT_REGEX_HERE\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"  and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"(?i)pass(wd|word)\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"(?i)pass(wd|word)\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"  and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"PUT_REGEX_HERE\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"PUT_REGEX_HERE\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"  and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"PUT_REGEX_HERE\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"PUT_REGEX_HERE\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"  and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"(?i)pass(wd|word)\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"(?i)pass(wd|word)\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"  and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \"(?i).*pass(wd|word|phrase).*\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \"(?i).*pass(wd|word|phrase).*\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and\n    not va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and\n    not va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and\n    not va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and\n    not va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and\n    not va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and\n    not va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String: ]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"(?i)pwd\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"(?i)pwd\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\" and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"(?i)pwd\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"(?i)pwd\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"  and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"(?i).*pwd.*\" and\n    not l.name matches \"(?i)pwd\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"(?i).*pwd.*\" and\n    not l2.name matches \"(?i)pwd\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"  and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"(?i).*pwd.*\" and\n    not l.name matches \"(?i)pwd\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"(?i).*pwd.*\" and\n    not l2.name matches \"(?i)pwd\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"  and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"(?i).*pass(wd|word).*\" and\n    not l.name matches \"(?i)pass(wd|word)\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"(?i).*pass(wd|word).*\" and\n    not l2.name matches \"(?i)pass(wd|word)\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"  and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: operation.op matches \"[!=]=(=)?\" and\n      (\n   (\n       operation.lhs.location is [Location l:\n    l.name matches \"(?i).*pass(wd|word).*\" and\n    not l.name matches \"(?i)pass(wd|word)\"\n       ]* and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\" and\n       not operation.rhs.constantValue is [Number: ]\n   ) or\n   (\n       operation.rhs.location is [Location l2:\n    l2.name matches \"(?i).*pass(wd|word).*\" and\n    not l2.name matches \"(?i)pass(wd|word)\"\n       ]* and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\" and\n       not operation.lhs.constantValue is [Number: ]\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* Exclude the case where key is used as an index: \"obj.val = obj[key]\" */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* Exclude the case where key is used as an index: \"obj.val = obj[key]\" */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* Exclude the case where key is used as an index: \"obj.val = obj[key]\" */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* Exclude the case where key is used as an index: \"obj.val = obj[key]\" */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* Exclude the case where key is used as an index: \"obj.val = obj[key]\" */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* Exclude the case where key is used as an index: \"obj.val = obj[key]\" */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String:\n     /* minimum length is 16 bytes (128 bits) */\n     length >= 16\n        ]\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String:\n     /* minimum length is 16 bytes (128 bits) */\n     length >= 16\n        ]\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String:\n     /* minimum length is 16 bytes (128 bits) */\n     length >= 16\n        ]\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String:\n     /* minimum length is 16 bytes (128 bits) */\n     length >= 16\n        ]\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* exclude key word in props for React */\n    and not fa.instance.location.name matches \"~t[0-9]*~react~props\"\n    /* Exclude cases where \"key\" is used as an array index */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String:\n     /* minimum length is 16 bytes (128 bits) */\n     length >= 16\n        ]\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* exclude key word in props for React */\n    and not fa.instance.location.name matches \"~t[0-9]*~react~props\"\n    /* Exclude cases where \"key\" is used as an array index */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String:\n     /* minimum length is 16 bytes (128 bits) */\n     length >= 16\n        ]\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* exclude key word in props for React */\n    and not fa.instance.location.name matches \"~t[0-9]*~react~props\"\n    /* Exclude cases where \"key\" is used as an array index */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* Exclude the case where key is used as an index: \"obj.val = obj[key]\" */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* Exclude the case where key is used as an index: \"obj.val = obj[key]\" */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String:\n     /* minimum length is 16 bytes (128 bits) */\n     length >= 16\n        ]\n    ] and va.variable is [Variable v:]*\n    /* Exclude the case where key is used as an index: \"val = obj[key]\" */\n    and not va.enclosingFunction contains [ArrayAccess: index is va and\n        va.variable.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        rhs.constantValue is [String:\n     /* minimum length is 16 bytes (128 bits) */\n     length >= 16\n        ]\n    ] and fa.field is [Field f:\n        /* not a key/value or key/name or key/text pair as an object */\n        not f.enclosingClass is [Class: fields contains [Field: name matches \"(?i)value|name|text\"]]\n    ]*\n    /* exclude instances where an attribute on the DOM. Common in React */\n    and not fa.instance.possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n    /* Exclude the case where key is used as an index: \"obj.val = obj[key]\" */\n    and not fa.enclosingFunction contains [ArrayAccess: index is fa and\n        fa.field.name == \"key\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall call: call.name == \"generateCRMFRequest\" and\n      call.instance is [Location l: l.name == \"crypto\"] and\n      call.arguments[5].constantValue is [Number: < 2048] and\n      call.arguments[7].constantValue is [String: matches \"(?i)RSA.*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"generateCRMFRequest\"\n   and (\n       f.possibleHeapPaths contains [String str: str == \"crypto\"] or\n       call.instance is [Location l: l.name == \"crypto\"]\n   )\n      ] and\n      call.arguments[5].constantValue is [Number: < 2048] and\n      call.arguments[7].constantValue is [String: matches \"(?i)RSA.*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"generateCRMFRequest\"\n       and f.possibleHeapPaths contains [String str: str == \"crypto\"]] and\n       call.arguments[5].constantValue is [Number: < 2048] and\n       call.arguments[7].constantValue is [String: matches \"(?i)RSA.*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"generateCRMFRequest\"] and\n      call.instance is [FieldAccess fa: fa.field.name == \"crypto\"] and\n      call.arguments[5].constantValue is [Number: < 2048] and\n      call.arguments[7].constantValue is [String: matches \"(?i)RSA.*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall call: call.name == \"generateCRMFRequest\" and\n       call.instance is [FieldAccess fa: fa.field.name == \"crypto\"] and\n       call.arguments[5].constantValue is [Number: < 2048] and\n       call.arguments[7].constantValue is [String: matches \"(?i)RSA.*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Easy-to-Guess Database Name",
-    "predicate": "\n  FunctionCall call: call.name == \"openDatabase\" and\n       not call.arguments[0].constantValue.None and\n       not call.arguments[0].constantValue is [None:] and\n       not call.arguments[0].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Message Posting Policy",
-    "predicate": "\n  FunctionCall call: call.name == \"postMessage\" and\n         call.instance is [Expression l: ] and\n         call.arguments[1].constantValue == \"*\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name == \"executeSql\" and\n        call.arguments[0] is [Expression arg: arg.constantValue.None]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Easy-to-Guess Database Name",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"openDatabase\"] and\n       not call.arguments[0].constantValue.None and\n       not call.arguments[0].constantValue is [None:] and\n       not call.arguments[0].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"executeSql\"] and\n        call.arguments[0] is [Expression arg: arg.constantValue.None]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Message Posting Policy",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"postMessage\"] and\n         call.instance is [Expression l: ] and\n         call.arguments[1].partialConstantValues contains [String str: str == \"*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name == \"write\" and\n      call.instance is [Location l: l.name matches \"(?i).*file.*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"write\"] and\n      call.instance is [Location l: l.name matches \"(?i).*file.*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"write\"] and\n       call.instance is [FieldAccess fa: fa.field.name matches \"(?i).*file.*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Message Posting Policy",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"postMessage\"] and\n         call.instance is [Expression l: ] and\n         call.arguments[1].partialConstantValues contains [String str: str == \"*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"executeSql\"] and\n        call.arguments[0] is [Expression arg: arg.constantValue.None]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Easy-to-Guess Database Name",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"openDatabase\"] and\n       not call.arguments[0].constantValue.None and\n       not call.arguments[0].constantValue is [None:] and\n       not call.arguments[0].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name == \"write\" and\n       call.instance is [FieldAccess fa: fa.field.name matches \"(?i).*file.*\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Message Posting Policy",
-    "predicate": "\n  FunctionCall call: call.name == \"postMessage\" and\n         call.instance is [Expression l: ] and\n         call.arguments[1].constantValue == \"*\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name == \"executeSql\" and\n        call.arguments[0] is [Expression arg: arg.constantValue.None]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Easy-to-Guess Database Name",
-    "predicate": "\n  FunctionCall call: call.name == \"openDatabase\" and\n       not call.arguments[0].constantValue.None and\n       not call.arguments[0].constantValue is [None:] and\n       not call.arguments[0].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Easy-to-Guess Database Name",
-    "predicate": "\n  FunctionCall call: call.name == \"openDatabase\" and\n       not call.arguments[0].constantValue.None and\n       not call.arguments[0].constantValue is [None:] and\n       not call.arguments[0].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Easy-to-Guess Database Name",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"openDatabase\"] and\n      (\n   call.instance.possibleTypes contains [Type: name == \"Window\"] or\n   /* or doesn't have an instance */\n   not call in [Location: ]\n      ) and\n      not call.arguments[0].constantValue.None and\n      not call.arguments[0].constantValue is [None:] and\n      not call.arguments[0].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "JavaScript Hijacking",
-    "vuln_subcategory": "Vulnerable Framework",
-    "predicate": "\n  Class: name == \"JS_HIJACKING_PLACEHOLDER\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n   FunctionCall fc:\n      possibleTargets contains [Function:\n   name == \"use\"\n      ]\n      and instance.possibleTypes contains [Type: definition is\n   [Class: name == \"Express\"\n       and interface == true\n       and filepath matches \"(.*[/\\\\])?express-serve-static-core[/\\\\]index\\.d\\.ts\"\n   ]\n      ]\n      and fc.arguments contains [Expression inst1: inst1 is [FieldAccess: field.name matches \"(?i).*csrf.*\"]\n          or inst1 is [VariableAccess: variable.name matches \"(?i).*csrf.*\"]\n      ]\n\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: name == \"noSniff\"\n   and possibleHeapPaths contains [String str: str matches \"helmet(\\.exports)?\"]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  AccessLocation al: al.accessName == \"secure\" and\n       al in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === al.transitiveBase]\n    and not rhs.constantValue.None and rhs.constantValue == true]\n       and al.accessInstance is [AccessLocation al2: accessName == \"defaults\"\n    and al2.accessInstance is [Location: name == \"$cookiesProvider\"]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  AccessLocation al: al.accessName == \"secure\" and\n       al in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === al.transitiveBase]\n    and not rhs.constantValue.None and rhs.constantValue == true]\n       and al.accessInstance is [AccessLocation al2: accessName == \"defaults\"\n    and al2.accessInstance is [Location: name == \"$cookiesProvider\"]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  FieldAccess fa: fa.field.name == \"secure\" and\n       fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n    and not rhs.constantValue.None and rhs.constantValue == true]\n       and fa.instance is [FieldAccess fa2: field.name == \"defaults\"\n    and fa2.instance is [FieldAccess fa3: field.name == \"$cookiesProvider\"]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  AccessLocation: accessName matches \"xsrf(Header|Cookie)Name\"\n      and accessInstance is [AccessLocation: accessName == \"defaults\"\n   and accessInstance is [Location: name matches \"\\$http(Provider)?\"]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  AccessLocation: accessName matches \"xsrf(Header|Cookie)Name\"\n      and accessInstance is [AccessLocation: accessName == \"defaults\"\n   and accessInstance is [Location: name matches \"\\$http(Provider)?\"]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  FieldAccess: field.name matches \"xsrf(Header|Cookie)Name\"\n      and instance is [FieldAccess: field.name == \"defaults\"\n   and instance is [FieldAccess: field.name matches \"\\$http(Provider)?\"]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: name == \"noSniff\"\n   and possibleHeapPaths contains [String str: str matches \"helmet(\\.exports)?\"]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall call: call.name == \"open\" and\n       not call.arguments[4].constantValue.None and\n       call.arguments[4].constantValue is [None:]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name matches \"(?i).*(MD2|MD4|MD5).*|.*SHA((-)?1)?$\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name matches \"(?i).*(RC4|ARCFOUR).*|(.*_|.*with|.*encrypt.*|.*decrypt.*)?(DES|3DES|TripleDES|DESede)(_.*|.*encrypt.*|.*decrypt.*)?\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Negative Content-Length",
-    "predicate": "\n  FunctionCall call:\n      call.name == \"setRequestHeader\"\n      and call.arguments[0].constantValue matches \"(?i)Content-Length\"\n      and call.arguments[1].constantValue is [Value v:\n   v is [String: matches \"^-\\d+\"]\n   or v is [Number num: num < 0]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall call: call.name == \"open\" and\n       not call.arguments[4].constantValue.None and\n       call.arguments[4].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call:\n      call.name matches \"(?i)RC2.*\"\n      or call.name matches \"(?i).*RC2\"\n      or call.name matches \"(?i)RC2\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name == \"open\" and\n       call.arguments[0].partialConstantValues contains\n        [String : matches \"(?i)post|get\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.name == \"open\" and\n       not call.arguments[4].constantValue.None and\n       not call.arguments[4].constantValue is [None:] and\n       not call.arguments[4].constantValue == \"\" and\n       not call.arguments[4].constantValue matches \"(?i)true|false\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n        and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n         or\n         (\n         call.instance.possibleTypes.length == 0\n         and\n         /* do not match against window.open */\n         not f.possibleHeapPaths contains [String str: str matches \"(.*\\.|\\$)?window(\\..*)?\"]\n         )\n     )\n        ]\n        and not call.arguments[4].constantValue.None and\n        call.arguments[4].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n      and (\n   call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n   or\n   (\n       call.instance.possibleTypes.length == 0\n       and\n       /* do not match against window.open */\n       not f.possibleHeapPaths contains [String str: str matches \"(.*\\.|\\$)?window(\\..*)?\"]\n   )\n      )\n      ]\n      and call.arguments[0].partialConstantValues contains [String : matches \"(?i)post|get\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name matches \"(?i).*(MD2|MD4|MD5).*|.*SHA((-)?1)?$\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Negative Content-Length",
-    "predicate": "\n  FunctionCall call:\n      call.possibleTargets contains [Function f: f.name == \"setRequestHeader\"]\n      and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n    or\n   call.instance.possibleTypes.length == 0)\n      and call.arguments[0].partialConstantValues contains [String s1: s1 matches \"(?i)Content-Length\"]\n      and call.arguments[1].partialConstantValues contains [Value v:\n   v is [String s2: s2 matches \"^-\\d+\"]\n   or v is [Number num: num < 0]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f:\n   f.name matches \"(?i).*RC2\"\n   or f.name matches \"(?i)RC2.*\"\n   or f.name matches \"(?i)RC2\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n        and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n         or\n         (\n         call.instance.possibleTypes.length == 0\n         and\n         /* do not match against window.open */\n         not f.possibleHeapPaths contains [String str: str matches \"(.*\\.|\\$)?window(\\..*)?\"]\n         )\n     )\n        ]\n        and not call.arguments[4].constantValue.None and\n        call.arguments[4].constantValue is [None:]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name matches \"(?i).*(RC4|ARCFOUR).*|(.*_|.*with|.*encrypt.*|.*decrypt.*)?(DES|3DES|TripleDES|DESede)(_.*|.*encrypt.*|.*decrypt.*)?\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n        and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n         or\n         (\n         call.instance.possibleTypes.length == 0\n         and\n         /* do not match against window.open */\n         not f.possibleHeapPaths contains [String str: str matches \"(.*\\.|\\$)?window(\\..*)?\"]\n         )\n     )\n        ]\n        and not call.arguments[4].constantValue.None and\n     not call.arguments[4].constantValue is [None:] and\n     not call.arguments[4].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f:\n   f.name matches \"(?i).*RC2\"\n   or f.name matches \"(?i)RC2.*\"\n   or f.name matches \"(?i)RC2\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name matches \"(?i).*(RC4|ARCFOUR).*|(.*_|.*with|.*encrypt.*|.*decrypt.*)?(DES|3DES|TripleDES|DESede)(_.*|.*encrypt.*|.*decrypt.*)?\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name matches \"(?i).*(MD2|MD4|MD5).*|.*SHA((-)?1)?$\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Randomness",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name == \"random\" and\n      call.instance is [Location l: l.name matches \"Math|_\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Randomness",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"random\"\n   and (\n       f.possibleHeapPaths contains [String str: str matches \"Math|_|underscore\"] or\n       call.instance is [Location l: l.name matches \"Math|_\"]\n   )\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Randomness",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"random\"\n       and f.possibleHeapPaths contains [String str: str == \"Math\"]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Randomness",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"random\"] and\n      call.instance is [FieldAccess fa: fa.field.name == \"Math\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n      and (\n   call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n   or\n   (\n       call.instance.possibleTypes.length == 0\n       and\n       /* do not match against window.open */\n       not f.possibleHeapPaths contains [String str: str matches \"(.*\\.|\\$)?window(\\..*)?\"]\n   )\n      )\n      ]\n      and call.arguments[0].partialConstantValues contains [String : matches \"(?i)post|get\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n      and (\n   call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n   or\n   (\n     call.instance.possibleTypes.length == 0\n     and\n     /* do not match against window.open */\n     not f.possibleHeapPaths contains [String str: str matches \"(.*\\.)?window(\\..*)?\"]\n   )\n      )\n    ]\n    and call.arguments[0].partialConstantValues contains [String : matches \"(?i)post|get\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n        and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n         or\n         (\n         call.instance.possibleTypes.length == 0\n         and\n         /* do not match against window.open */\n         not f.possibleHeapPaths contains [String str: str matches \"(.*\\.|\\$)?window(\\..*)?\"]\n         )\n     )\n        ]\n        and not call.arguments[4].constantValue.None and\n     not call.arguments[4].constantValue is [None:] and\n     not call.arguments[4].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n       and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n      or\n      (\n        call.instance.possibleTypes.length == 0\n        and\n        /* do not match against window.open */\n        not f.possibleHeapPaths contains [String str: str matches \"(.*\\.)?window(\\..*)?\"]\n      )\n           )\n       ]\n       and not call.arguments[4].constantValue.None and\n           not call.arguments[4].constantValue is [None:] and\n           not call.arguments[4].constantValue == \"\" and\n           not call.arguments[4].constantValue matches \"(?i)true|false\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n        and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n         or\n         (\n         call.instance.possibleTypes.length == 0\n         and\n         /* do not match against window.open */\n         not f.possibleHeapPaths contains [String str: str matches \"(.*\\.|\\$)?window(\\..*)?\"]\n         )\n     )\n        ]\n        and not call.arguments[4].constantValue.None and\n        call.arguments[4].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n       and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n       or\n       (\n         call.instance.possibleTypes.length == 0\n         and\n         /* do not match against window.open */\n         not f.possibleHeapPaths contains [String str: str matches \"(.*\\.)?window(\\..*)?\"]\n       )\n           )\n       ]\n       and not call.arguments[4].constantValue.None and\n       call.arguments[4].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n        and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n         or\n         (\n         call.instance.possibleTypes.length == 0\n         and\n         /* do not match against window.open */\n         not f.possibleHeapPaths contains [String str: str matches \"(.*\\.|\\$)?window(\\..*)?\"]\n         )\n     )\n        ]\n        and not call.arguments[4].constantValue.None and\n        call.arguments[4].constantValue is [None:]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name == \"open\"\n       and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n      or\n      (\n       call.instance.possibleTypes.length == 0\n       and\n       /* do not match against window.open */\n       not f.possibleHeapPaths contains [String str: str matches \"(.*\\.)?window(\\..*)?\"]\n      )\n     )\n       ]\n       and not call.arguments[4].constantValue.None and\n       call.arguments[4].constantValue is [None:]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Negative Content-Length",
-    "predicate": "\n  FunctionCall call:\n      call.possibleTargets contains [Function f: f.name == \"setRequestHeader\"]\n      and (call.instance.possibleTypes contains [Type: name matches \"XMLHttpRequest|ActiveXObject\"]\n    or\n   call.instance.possibleTypes.length == 0)\n      and call.arguments[0].partialConstantValues contains [String s1: s1 matches \"(?i)Content-Length\"]\n      and call.arguments[1].partialConstantValues contains [Value v:\n   v is [String s2: s2 matches \"^-\\d+\"]\n   or v is [Number num: num < 0]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call:\n      call.name matches \"(?i)RC2.*\"\n      or call.name matches \"(?i).*RC2\"\n      or call.name matches \"(?i)RC2\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name matches \"(?i).*(RC4|ARCFOUR).*|(.*_|.*with|.*encrypt.*|.*decrypt.*)?(DES|3DES|TripleDES|DESede)(_.*|.*encrypt.*|.*decrypt.*)?\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name matches \"(?i).*(MD2|MD4|MD5).*|.*SHA((-)?1)?$\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Randomness",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name == \"random\" and\n       call.instance is [FieldAccess fa: fa.field.name == \"Math\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  AssignmentStatement a: a.lhs.location is [AccessLocation al:\n   al.accessName == \"method\"\n   /* we don't want to be matching on html when DOMModeling is turned on */\n   and not al.accessInstance is [Expression:\n       type.name matches \"HTML[A-z]*Element.*|__DomElement\"\n       or possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n   ]\n      ]\n      and a.rhs.partialConstantValues contains [String: matches \"(?i)post|get\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  AssignmentStatement a: a.lhs.location is [AccessLocation al:\n   al.accessName == \"method\"\n   /* we don't want to be matching on html when DOMModeling is turned on */\n   and not al.accessInstance is [Expression:\n       type.name matches \"HTML[A-z]*Element.*|__DomElement\"\n       or possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n   ]\n      ]\n      and a.rhs.partialConstantValues contains [String: matches \"(?i)post|get\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  AssignmentStatement a: a.lhs.location is [FieldAccess fa: fa.field.name == \"method\"\n          /* we don't want to be matching on html when DOMModeling is turned on */\n          and not fa.instance is [FieldAccess fa2: type.name matches \"HTML[A-z]*Element.*|__DomElement\"]]\n          and a.rhs.partialConstantValues contains [String: matches \"(?i)post|get\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name == \"open\" and\n       call.arguments[0].partialConstantValues contains\n        [String : matches \"(?i)post|get\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: call.name == \"open\" and\n       not call.arguments[4].constantValue.None and\n       not call.arguments[4].constantValue is [None:] and\n       not call.arguments[4].constantValue == \"\" and\n       not call.arguments[4].constantValue matches \"(?i)true|false\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall call: call.name == \"open\" and\n       not call.arguments[4].constantValue.None and\n       call.arguments[4].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall call: call.name == \"open\" and\n       not call.arguments[4].constantValue.None and\n       call.arguments[4].constantValue is [None:]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Negative Content-Length",
-    "predicate": "\n  FunctionCall call:\n      call.name == \"setRequestHeader\"\n      and call.arguments[0].constantValue matches \"(?i)Content-Length\"\n      and call.arguments[1].constantValue is [Value v:\n   v is [String: matches \"^-\\d+\"]\n   or v is [Number num: num < 0]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  AssignmentStatement a:\n      a.lhs.location is [AccessLocation al:\n      al.accessName == \"method\"\n      /* we don't want to be matching on html when DOMModeling is turned on */\n      and not al.accessInstance is [Expression:\n   possibleTypes contains [Type: name matches \"HTML[A-z]*Element.*|__DomElement\"]\n      ]\n      ]\n      and a.rhs.partialConstantValues contains [String: matches \"(?i)post|get\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call:\n      call.possibleTargets contains [Function f:\n   f.name == \"open\"\n   /* do not match against window.open */\n   and not call.instance.possibleTypes contains [Type: name == \"Window\"]\n      ]\n      and call.arguments[0].partialConstantValues contains [String : matches \"(?i)post|get\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue is [None: ]]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue is [None: ]]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i)pass(wd|word)\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue is [None: ]]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i)pass(wd|word)\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is\n         [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"\\$(PUT_REGEX_HERE)\"] and\n         not operation.rhs.constantValue.None and\n         not operation.rhs.constantValue is [None:] and\n         not operation.rhs.constantValue == \"\" and\n         not operation.rhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"\\$(PUT_REGEX_HERE)\"] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.lhs.location is\n         [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"(\\$)?(PUT_REGEX_HERE)\"] and\n         not operation.rhs.constantValue.None and\n         not operation.rhs.constantValue is [None:] and\n         not operation.rhs.constantValue == \"\" and\n         not operation.rhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"(\\$)?(PUT_REGEX_HERE)\"] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"\\$(PUT_REGEX_HERE)\"]] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ))\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is\n         [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"\\$(PUT_REGEX_HERE)\"] and\n         not operation.rhs.constantValue.None and\n         not operation.rhs.constantValue is [None:] and\n         not operation.rhs.constantValue == \"\" and\n         not operation.rhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"\\$(PUT_REGEX_HERE)\"] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.lhs.location is\n         [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"(\\$)?(PUT_REGEX_HERE)\"] and\n         not operation.rhs.constantValue.None and\n         not operation.rhs.constantValue is [None:] and\n         not operation.rhs.constantValue == \"\" and\n         not operation.rhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"(\\$)?(PUT_REGEX_HERE)\"] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"\\$(PUT_REGEX_HERE)\"]] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ))\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is\n         [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"(?i)\\$pass(wd|word)\"] and\n         not operation.rhs.constantValue.None and\n         not operation.rhs.constantValue is [None:] and\n         not operation.rhs.constantValue == \"\" and\n         not operation.rhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"(?i)\\$pass(wd|word)\"] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.lhs.location is\n         [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"(?i)(\\$)?pass(wd|word)\"] and\n         not operation.rhs.constantValue.None and\n         not operation.rhs.constantValue is [None:] and\n         not operation.rhs.constantValue == \"\" and\n         not operation.rhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"(?i)(\\$)?pass(wd|word)\"] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"(?i)\\$pass(wd|word)\"]] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ))\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           not rhs.constantValue.None and\n           not rhs.constantValue is [None:] and\n           not rhs.constantValue == \"\" and\n           not rhs.constantValue matches \"(?i)true|false\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           not rhs.constantValue.None and\n           not rhs.constantValue is [None:] and\n           not rhs.constantValue == \"\" and\n           not rhs.constantValue matches \"(?i)true|false\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i)pass(wd|word)\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           not rhs.constantValue.None and\n           not rhs.constantValue is [None:] and\n           not rhs.constantValue == \"\" and\n           not rhs.constantValue matches \"(?i)true|false\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \"(?i).*pass(wd|word|phrase).*\"\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?.*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)(\\$)?pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$.*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)\\$pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i).*pass(wd|word).*\" and\n              not sl.constantValue matches \"(?i)pass(wd|word)\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue is [None: ]]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?.*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)(\\$)?pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$.*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)\\$pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i).*pass(wd|word).*\" and\n              not sl.constantValue matches \"(?i)pass(wd|word)\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is\n         [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"(?i)\\$.*pass(wd|word).*\" and not val.variable.name matches \"(?i)\\$pass(wd|word)\"] and\n         not operation.rhs.constantValue.None and\n         not operation.rhs.constantValue is [None:] and\n         not operation.rhs.constantValue == \"\" and\n         not operation.rhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"(?i)\\$.*pass(wd|word).*\" and not var.variable.name matches \"(?i)\\$pass(wd|word)\"] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.lhs.location is\n         [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"(?i)(\\$)?.*pass(wd|word).*\" and not fal.field.name matches \"(?i)(\\$)?pass(wd|word)\"] and\n         not operation.rhs.constantValue.None and\n         not operation.rhs.constantValue is [None:] and\n         not operation.rhs.constantValue == \"\" and\n         not operation.rhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"(?i)(\\$)?.*pass(wd|word).*\" and not far.field.name matches \"(?i)(\\$)?pass(wd|word)\"] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ) or\n         (operation.rhs.location is\n         [ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"(?i)\\$.*pass(wd|word).*\"]] and\n         not operation.lhs.constantValue.None and\n         not operation.lhs.constantValue is [None:] and\n         not operation.lhs.constantValue == \"\" and\n         not operation.lhs.constantValue matches \"(?i)true|false\"\n         ))\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?.*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)(\\$)?pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$.*pass(wd|word).*\" and\n    not va.variable.name matches \"(?i)\\$pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i).*pass(wd|word).*\" and\n              not sl.constantValue matches \"(?i)pass(wd|word)\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           not rhs.constantValue.None and\n           not rhs.constantValue is [None:] and\n           not rhs.constantValue == \"\" and\n           not rhs.constantValue matches \"(?i)true|false\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[0].constantValue matches \"PUT_REGEX_HERE\"\n   and arguments[1] is [Expression e:\n       e.constantValue is [None:]\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[0].constantValue matches \"PUT_REGEX_HERE\"\n   and arguments[1] is [Expression e:\n       e.constantValue is [None:]\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[0].constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto|private|secret)?(_)?key|passphrase\"\n   and arguments[1] is [Expression e:\n       e.constantValue is [None:]\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue is [None: ]]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue is [None: ]]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue is [None: ]]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[0].constantValue matches \"PUT_REGEX_HERE\"\n   and arguments[1] is [Expression e:\n       e.constantValue == \"\"\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[0].constantValue matches \"PUT_REGEX_HERE\"\n   and arguments[1] is [Expression e:\n       e.constantValue == \"\"\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[0].constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto|private|secret)?(_)?key|passphrase\"\n   and arguments[1] is [Expression e:\n       e.constantValue == \"\"\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(\\$)?(PUT_REGEX_HERE)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"\\$(PUT_REGEX_HERE)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           not rhs.constantValue.None and\n           not rhs.constantValue is [None:] and\n           not rhs.constantValue == \"\" and\n           not rhs.constantValue matches \"(?i)true|false\" and\n           /* Exclude values used by CakePhp framework to describe SQL schemas */\n           not rhs.constantValue matches \"primary|unique|index\"\n           ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"PUT_REGEX_HERE\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           not rhs.constantValue.None and\n           not rhs.constantValue is [None:] and\n           not rhs.constantValue == \"\" and\n           not rhs.constantValue matches \"(?i)true|false\" and\n           /* Exclude values used by CakePhp framework to describe SQL schemas */\n           not rhs.constantValue matches \"primary|unique|index\"\n           ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           not rhs.constantValue.None and\n           not rhs.constantValue is [None:] and\n           not rhs.constantValue == \"\" and\n           not rhs.constantValue matches \"(?i)true|false\" and\n           /* Exclude values used by CakePhp framework to describe SQL schemas */\n           not rhs.constantValue matches \"primary|unique|index\"\n           ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"PUT_REGEX_HERE\"\n   and arguments[2] is [Expression e:\n       not e.constantValue.None\n       and not e.constantValue is [None:]\n       and not e.constantValue == \"\"\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"PUT_REGEX_HERE\"\n   and arguments[2] is [Expression e:\n       not e.constantValue.None\n       and not e.constantValue is [None:]\n       and not e.constantValue == \"\"\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto|private|secret)?(_)?key|passphrase\"\n   and arguments[2] is [Expression e:\n       not e.constantValue.None\n       and not e.constantValue is [None:]\n       and not e.constantValue == \"\"\n   ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto|private|secret).*key.*|.*passphrase.*\"\n      and not fc.arguments[1].constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      and not fc.arguments[1].constantValue matches \"(?i).*public.*\"\n      and fc.arguments[2] is [Expression e:\n   e.constantValue is [None:]\n      ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?(.*enc(?!e|o|y).*key.*)\" and\n    not fa.field.name matches \"(?i)(\\$)?((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$(.*enc(?!e|o|y).*key.*)\" and\n    not va.variable.name matches \"(?i)\\$((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n              not sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue is [None: ]]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto|private|secret).*key.*|.*passphrase.*\"\n      and not fc.arguments[1].constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      and not fc.arguments[1].constantValue matches \"(?i).*public.*\"\n      and fc.arguments[2] is [Expression e:\n   e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?(.*enc(?!e|o|y).*key.*)\" and\n    not fa.field.name matches \"(?i)(\\$)?((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$(.*enc(?!e|o|y).*key.*)\" and\n    not va.variable.name matches \"(?i)\\$((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n              not sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)(\\$)?(.*enc(?!e|o|y).*key.*)\" and\n    not fa.field.name matches \"(?i)(\\$)?((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)\\$(.*enc(?!e|o|y).*key.*)\" and\n    not va.variable.name matches \"(?i)\\$((enc(ryption|rypt)?|crypto)(_)?key)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\" and\n        not rhs.constantValue matches \"(?i)true|false\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      name matches \"(?i)define\"\n      and fc.arguments[1].constantValue matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto|private|secret).*key.*|.*passphrase.*\"\n      and not fc.arguments[1].constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      and not fc.arguments[1].constantValue matches \"(?i).*public.*\"\n      and fc.arguments[2] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None:]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n              not sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           not rhs.constantValue.None and\n           not rhs.constantValue is [None:] and\n           not rhs.constantValue == \"\" and\n           not rhs.constantValue matches \"(?i)true|false\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue == \"blowfish_secret\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue is [None:]]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue == \"blowfish_secret\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl: sl.constantValue == \"blowfish_secret\"] and\n    aa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === aa.transitiveBase] and\n           not rhs.constantValue.None and\n           not rhs.constantValue is [None:] and\n           not rhs.constantValue == \"\" and\n           not rhs.constantValue matches \"(?i)true|false\"]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "PHP Misconfiguration",
-    "vuln_subcategory": "Poor open_basedir Configuration",
-    "predicate": "\n\t\t\tFunctionCall fc: fc.function.name == \"ini_set\"\n\t\t\t\tand\n\t\t\tfc.arguments[0].constantValue == \"open_basedir\"\n\t\t\t\tand\n\t\t\tfc.arguments[1].constantValue matches \"(.*(:|;))?\\.(\\/)?((:|;).*)?\"\n\t\t"
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": None,
-    "predicate": "\n  AssignmentStatement as: lhs is\n  [\n      FieldAccess fa: fa.instance.type.definition.supers contains [Class c: c.name matches \"(?i)(Data|Dbo)Source\"] and fa.field.name matches \"(?i)fullDebug\"\n  ]\n  and\n  not (rhs.constantValue matches \"(?i)^false$\" or rhs.constantValue == false)\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": None,
-    "predicate": "\n  AssignmentStatement as: lhs is\n  [\n      FieldAccess fa: fa.instance.type.definition.supers contains [Class c: c.name matches \"(?i)EmailComponent\"] and fa.field.name matches \"(?i)_debug\"\n  ]\n  and\n  not (rhs.constantValue matches \"(?i)^true$\" or rhs.constantValue == true)\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Persistent Cookie",
-    "predicate": "\n  AssignmentStatement as: lhs is\n  [\n      FieldAccess fa: fa.instance.type.definition.supers contains [Class c: c.name matches \"(?i)CookieComponent\"] and fa.field.name matches \"(?i)time\"\n  ]\n  and\n  not (rhs.constantValue is [Number n: n == 0] or rhs.constantValue matches \"(?i)now\")\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  AssignmentStatement as: lhs is\n  [\n      FieldAccess fa: fa.instance.type.definition.supers contains [Class c: c.name matches \"(?i)CookieComponent\"] and fa.field.name matches \"(?i)secure\"\n  ]\n  and\n  not (rhs.constantValue matches \"(?i)false\" or rhs.constantValue == false)\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  AssignmentStatement as: lhs is\n  [\n      FieldAccess fa: fa.instance.type.definition.supers contains [Class c: c.name matches \"(?i)Security\"] and fa.field.name matches \"(?i)hashType\"\n  ]\n  and (rhs.constantValue matches \"(?i)sha1|md5\" or rhs.constantValue == \"\" or rhs.constantValue is [None:])\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": None,
-    "predicate": "\n  AssignmentStatement as: lhs is\n  [\n      FieldAccess fa: fa.instance.type.definition.supers contains [Class c: c.name matches \"(?i)Configure\"] and fa.field.name matches \"(?i)debug\"\n  ]\n  and\n  not (rhs.constantValue == \"0\" or rhs.constantValue == 0)\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Session Fixation",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"(?i)ini_set\"\n      and\n  fc.arguments[0].constantValue matches \"(?i)session.use_strict_mode\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)off|0\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Permissive SameSite Attribute",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"(?i)ini_set\"\n      and\n  fc.arguments[0].constantValue matches \"(?i)session.cookie_samesite\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)Lax\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Missing SameSite Attribute",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"(?i)ini_set\"\n      and\n  fc.arguments[0].constantValue matches \"(?i)session.cookie_samesite\"\n      and\n  (fc.arguments[1].constantValue matches \"(?i)None\" or\n  fc.arguments[1].constantValue == \"\")\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "PHP Errors",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"(?i)ini_set\"\n      and\n  fc.arguments[0].constantValue matches \"(?i)display_startup_errors\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)on|1\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Session Cookies Disabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue matches \"session\\.use_(only_)?cookies\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)off|0\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Session Cookies Disabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue matches \"session\\.use_(only_)?cookies\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)off|0\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Session Cookie Path",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_path\"\n      and\n  fc.arguments[1].constantValue matches \"/\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Session Cookie Path",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_path\"\n      and\n  fc.arguments[1].constantValue matches \"/\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Session Cookie Domain",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_domain\"\n      and\n      fc.arguments[1].constantValue matches \"^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Session Cookie Domain",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_domain\"\n      and\n      fc.arguments[1].constantValue matches \"^(\\.?[a-z0-9\\-]+){2}$\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Session Cookie Domain",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_domain\"\n      and\n      fc.arguments[1].constantValue matches \"^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Session Cookie Domain",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_domain\"\n      and\n      fc.arguments[1].constantValue matches \"^(\\.?[a-z0-9\\-]+){2}$\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Persistent Session Cookie",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_lifetime\"\n      and\n      fc.arguments[1].constantValue matches \"\\d{2,}|[1-9]\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Persistent Session Cookie",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_lifetime\"\n      and\n      fc.arguments[1].constantValue matches \"\\d{2,}|[1-9]\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Session Cookie not Sent Over SSL",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_secure\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)off|0\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Session Cookie not Sent Over SSL",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_secure\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)off|0\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "HTTPOnly not Set on Session Cookie",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_httponly\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)off|0\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "HTTPOnly not Set on Session Cookie",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.cookie_httponly\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)off|0\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "PHP Misconfiguration",
-    "vuln_subcategory": "session_use_trans_sid Enabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"session.use_trans_sid\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)on\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "PHP Misconfiguration",
-    "vuln_subcategory": "Missing safe_mode_exec_dir Entry",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"safe_mode_exec_dir\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "PHP Misconfiguration",
-    "vuln_subcategory": "safe_mode Disabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"safe_mode\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)off\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "PHP Design Flaw",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"open_basedir\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "PHP Misconfiguration",
-    "vuln_subcategory": "file_uploads Enabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"file_uploads\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)on\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "PHP Version",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"expose_php\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)on\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "PHP Errors",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"display_errors\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)on|1\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "PHP Misconfiguration",
-    "vuln_subcategory": "cgi.force_redirect Disabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"cgi.force_redirect\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)off\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "PHP Misconfiguration",
-    "vuln_subcategory": "allow_url_include Enabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"allow_url_include\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)on\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "PHP Misconfiguration",
-    "vuln_subcategory": "allow_url_fopen Enabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"allow_url_fopen\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)on\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "PHP Misconfiguration",
-    "vuln_subcategory": "register_globals Enabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"ini_set\"\n      and\n  fc.arguments[0].constantValue == \"register_globals\"\n      and\n  fc.arguments[1].constantValue matches \"(?i)on\"\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": None,
-    "predicate": "\n      AssignmentStatement: lhs.location is [FieldAccess: field.name == \"debugging\" and instance.type.name == \"Smarty\"] and rhs.constantValue == true\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: function.name matches \"(?i)__set\"\n      and arguments[0].constantValue == \"debugging\"\n      and arguments[1].constantValue == true\n      and instance.type.name == \"Smarty\"\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Possible Variable Overwrite",
-    "vuln_subcategory": "Global Scope",
-    "predicate": "\n      FunctionCall call: call.function is [Function f: f.name == \"extract\" ] and\n   call.arguments[0] is [Expression inArg: ] and\n   ( call.arguments.length == 1\n       or\n       (\n       call.arguments[1] is\n       [\n    FieldAccess fa: fa.instance is\n    [\n        VariableAccess va:\n        va.type.name == \"~PHPGlobalType\"\n     and\n        va.variable.name == \"~PHPGlobalObject\"\n    ]\n    and\n        fa.field.name != \"EXTR_SKIP\"\n    and\n        fa.field.name != \"EXTR_PREFIX_SAME\"\n    and\n        fa.field.name != \"EXTR_PREFIX_ALL\"\n       ]\n       and\n    call.arguments[0].constantValue.None\n       )\n   )\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Cipher",
-    "predicate": "\n  ArrayAccess aa:\n      aa.index is [StringLiteral sl: sl.constantValue matches \"(?i)ciphers\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l: l.transitiveBase === aa.transitiveBase]\n   and (\n       /* CBC Mode */\n       rhs.constantValue matches \"(?i).*-CBC(3)?-.*\"\n       /* Weak Hash Functions */\n       or rhs.constantValue matches \"(?i).*-(SHA|MD5|GOST94|GOST89)\"\n       /* Weak Ciphers */\n       or rhs.constantValue matches \"(?i).*-(RC2|RC4|DES|3DES)-.*\"\n       /* Anonymous or None algortihms */\n       or rhs.constantValue matches \"(?i).*(ANON|None).*\"\n   )\n      ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n      FunctionCall: name matches \"(?i)mcrypt_(encrypt|decrypt|cbc|cfb|ecb|module_open|ofb|get_block_size|get_cipher_name|get_iv_size|get_key_size|module_get_algo_block_size|module_get_algo_key_size|module_get_supported_key_size|module_is_block_algorithm|module_self_test)\" and\n      (\n   arguments[0] is [FieldAccess fa: fa.field.name matches \"(?i)MCRYPT_RC2\"] or\n   arguments[0].constantValue matches \"(?i)rc2\"\n      )\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n      FunctionCall: name matches \"(?i)mcrypt_(encrypt|decrypt|cbc|cfb|ecb|module_open|ofb|get_block_size|get_cipher_name|get_iv_size|get_key_size|module_get_algo_block_size|module_get_algo_key_size|module_get_supported_key_size|module_is_block_algorithm|module_self_test)\" and\n      (\n   arguments[0] is [FieldAccess fa: fa.field.name matches \"(?i)MCRYPT_((3|TRIPLE)?DES(_COMPAT)?|ARCFOUR|RC4)\"] or\n   arguments[0].constantValue == 1 or\n   (arguments[0].constantValue matches \"(?i)des|desede|3des|tripledes|arcfour|rc4\")\n      )\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Signature",
-    "vuln_subcategory": None,
-    "predicate": "\n  ArrayAccess aa:\n      aa.index is [StringLiteral sl: sl.constantValue matches \"(?i)private_key_type\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l: l.transitiveBase === aa.transitiveBase]\n   and rhs is  [FieldAccess: name matches \"(?i)OPENSSL_KEYTYPE_DSA\"]\n      ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n      FunctionCall: name matches \"(?i)mhash_(get_block_size|get_hash_name|keygen_s2k)|mhash\" and\n      (\n   arguments[0] is [FieldAccess fa: fa.field.name matches \"(?i)MHASH_(MD2|MD4|MD5|SHA1)\"] or\n   /* MHASH_MD4 */\n   arguments[0].constantValue == 16 or\n   arguments[0].constantValue == 273 or\n   /* MHASH_MD5 */\n   arguments[0].constantValue == 1 or\n   arguments[0].constantValue == 289 or\n   /* MHASH_MD2 */\n   arguments[0].constantValue == 28 or\n   arguments[0].constantValue == 257 or\n   /* MHASH_SHA1 */\n   arguments[0].constantValue == 2 or\n   arguments[0].constantValue == 513\n      )\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded PBE Password",
-    "predicate": "\n  FunctionCall fc: name matches \"(?i)hash_pbkdf2\"\n      and arguments[1] is [Expression e:\n      not e.constantValue.None\n      and not e.constantValue is [None:]\n      and not e.constantValue == \"\"\n      ]\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Predictable Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"(?i)hash_pbkdf2\"\n      and (arguments[1].constantValue === arguments[2].constantValue\n      or arguments[1] is arguments[2])\n      and not arguments[1].constantValue.None\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall fc: name matches \"(?i)hash_pbkdf2\"\n      and arguments[4] is [Expression dklen:\n      dklen.constantValue is [Number n:\n   n <  128\n      ]\n      ]\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Return Inside Finally",
-    "predicate": "\n  ReturnStatement: in [FinallyBlock:]\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Empty Catch Block",
-    "predicate": "\n  CatchBlock: empty\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name matches \"(?i)stream_socket_enable_crypto\"\n      ] \n      and arguments[1] is [BooleanLiteral: value is true]\n      and arguments[2] is [FieldAccess:\n   name matches \"(?i)STREAM_CRYPTO_METHOD_(SSL.*|ANY|TLSv1_0|TLSv1_1)_(CLIENT|SERVER)\"\n      ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name matches \"(?i)stream_context_set_option\"\n      ] \n      and arguments[1].constantValue is [String: matches \"(?i)ssl\"]\n      and arguments[2].constantValue is [String: matches \"(?i)passphrase\"]\n      and arguments[3].constantValue is [None: ]\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name matches \"(?i)stream_context_set_option\"\n      ] \n      and arguments[1].constantValue is [String: matches \"(?i)ssl\"]\n      and arguments[2].constantValue is [String: matches \"(?i)passphrase\"]\n      and arguments[3].constantValue == \"\"\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name matches \"(?i)stream_context_set_option\"\n      ] \n      and arguments[1].constantValue is [String: matches \"(?i)ssl\"]\n      and arguments[2].constantValue is [String: matches \"(?i)passphrase\"]\n      and not arguments[3].constantValue.None\n      and not arguments[3].constantValue is [None: ]\n      and not arguments[3].constantValue == \"\"\n      and not arguments[3].constantValue matches \"(?i)true|false\"\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Cipher",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name matches \"(?i)stream_context_set_option\"\n      ] \n      and arguments[1].constantValue is [String: matches \"(?i)ssl\"]\n      and arguments[2].constantValue is [String: matches \"(?i)ciphers\"]\n      and (\n   /* CBC Mode */\n   arguments[3].constantValue matches \"(?i).*-CBC(3)?-.*\"\n   /* Weak Hash Functions */\n   or arguments[3].constantValue matches \"(?i).*-(SHA|MD5|GOST94|GOST89)\"\n   /* Weak Ciphers */\n   or arguments[3].constantValue matches \"(?i).*-(RC2|RC4|DES|3DES)-.*\"\n   /* Anonymous or None algortihms */\n   or arguments[3].constantValue matches \"(?i).*(ANON|None).*\"\n      )\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Inadequate RSA Padding",
-    "predicate": "\n      FunctionCall: name matches \"(?i)openssl_(private_decrypt|private_encrypt|public_decrypt|public_encrypt)\" and\n      (\n   arguments.length < 4 or\n   (\n       arguments[3] is [FieldAccess fa: not fa.field.name matches \"(?i).*OPENSSL_PKCS1_OAEP_PADDING\"] or\n       arguments[3].constantValue != 4\n   )\n      )\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Signature",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: name matches \"(?i)openssl_(sign|verify)\"\n      and arguments[3].constantValue matches \"(?i)dsa.*\"\n     "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: \n      name matches \"(?i)openssl_(sign|verify)\"\n      /* Do not report on SHA224 or higher */\n      and not arguments[3].constantValue matches \"(?i).*SHA[2-9][0-9]{2}.*\"\n      and (arguments[3] is [FieldAccess fa: \n   fa.field.name matches \"(?i)OPENSSL_ALGO_(MD2|MD4|MD5|SHA1|RMD160)\"\n      ] or arguments[3].constantValue matches \"(?i).*((ripemd|rmd)(160)?|MD2|MD4|MD5|SHA((-)?1)?).*\")\n  "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Predictable Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"(?i)openssl_pbkdf2\"\n      and (arguments[0].constantValue === arguments[1].constantValue\n      or arguments[0] is arguments[1])\n      and not arguments[0].constantValue.None\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall fc: name matches \"(?i)openssl_pbkdf2\"\n      and arguments[3] is [Expression dklen:\n      dklen.constantValue is [Number n:\n   n <  128\n      ]\n      ]\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded PBE Password",
-    "predicate": "\n  FunctionCall fc: name matches \"(?i)openssl_pbkdf2\"\n      and arguments[0] is [Expression e:\n      not e.constantValue.None\n      and not e.constantValue is [None:]\n      and not e.constantValue == \"\"\n      ]\n      "
-  },
-  {
-    "language": "php",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: name matches \"(?i)openssl_spki_new\"\n      and arguments[2] is [Expression e:\n      constantValue is [Number n:\n   n > 1 and n < 8\n   or n > 13 and n < 19\n      ]\n      ]\n      "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  \n      FunctionPointerCall fpc: fpc.name == \"enable_unsafe_deserialization\"\n   and fpc.closureExpression is [FieldAccess fa: instance is [FieldAccess: instance is [FieldAccess: name == \"tensorflow.keras~module\"]]]\n  \n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe TensorFlow Deserialization",
-    "predicate": "\n  \n      FunctionPointerCall fpc: fpc.name == \"load_model\"\n   and fpc.closureExpression is [FieldAccess fa: instance is [FieldAccess: instance is [FieldAccess: name == \"tensorflow.keras~module\"]]]\n  \n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  \n      FunctionCall fc:\n      function is [Function:\n   name == \"__setitem__\"\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"key\" and expression.constantValue matches \"PUT_REGEX_HERE\"\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"value\"\n   and not expression.constantValue.None\n   and not expression.constantValue is [None:]\n   and not expression.constantValue == \"\"\n   and not expression.constantValue matches \"(?i)true|false\"\n      ]\n  \n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  \n  FunctionCall fc:\n      function is [Function:\n   name == \"__setitem__\"\n      ]\n      and namedParameters contains [NamedParameter:\n    name == \"key\" and expression.constantValue matches \"PUT_REGEX_HERE\"\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"value\"\n   and not expression.constantValue.None\n   and not expression.constantValue is [None:]\n   and not expression.constantValue == \"\"\n   and not expression.constantValue matches \"(?i)true|false\"\n      ]\n  \n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"__setitem__\"\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"key\" and expression.constantValue matches \"(?i)password|client_secret\"\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"value\"\n   and not expression.constantValue.None\n   and not expression.constantValue is [None:]\n   and not expression.constantValue == \"\"\n   and not expression.constantValue matches \"(?i)true|false\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Unobfuscated Logging",
-    "predicate": "\n      FunctionCall fc: fc.possibleTargets contains [Function f:\n       name == \"__init__\"\n       and enclosingClass.name matches \"oslo_config\\.cfg\\.(Str|Float|Bool|Int|List|Dict)?Opt\"\n   ]\n   and (\n       namedParameters contains [NamedParameter p:\n    name == \"secret\"\n    /*if secret=False then the password, for example, will be printed in clear*/\n    and p.expression is [VariableAccess va: variable.name == \"False\"]\n    /*Check if \"secret\" is assigned a variable of \"False\" value, example: secret=sec, where sec=False*/\n    or p.expression is [VariableAccess va0: va0 in [Statement sa: sa contains [AssignmentStatement:\n        rhs is [VariableAccess va1: va1.variable.name == \"False\"]\n        and lhs is [ VariableAccess va2: va2 is va0 ]\n    ]]]\n       ]\n       /* Check if \"secret\" parameter is not in namedParameters as the default value is \"False\"*/\n       or not namedParameters contains [NamedParameter p1: name == \"secret\" ]\n   )\n   and arguments[1] is [Expression:\n       constantValue matches  \"PUT_REGEX_HERE\"\n   ]\n  "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Unobfuscated Logging",
-    "predicate": "\n      FunctionCall fc: fc.possibleTargets contains [Function f:\n       name == \"__init__\"\n       and enclosingClass.name matches \"oslo_config\\.cfg\\.(Str|Float|Bool|Int|List|Dict)?Opt\"\n   ]\n   and (\n       namedParameters contains [NamedParameter p:\n    name == \"secret\"\n    /*if secret=False then the password, for example, will be printed in clear*/\n    and p.expression is [VariableAccess va: variable.name == \"False\"]\n    /*Check if \"secret\" is assigned a variable of \"False\" value, example: secret=sec, where sec=False*/\n    or p.expression is [VariableAccess va0: va0 in [Statement sa: sa contains [AssignmentStatement:\n        rhs is [VariableAccess va1: va1.variable.name == \"False\"]\n        and lhs is [ VariableAccess va2: va2 is va0 ]\n    ]]]\n       ]\n       /* Check if \"secret\" parameter is not in namedParameters as the default value is \"False\"*/\n       or not namedParameters contains [NamedParameter p1: name == \"secret\" ]\n   )\n   and arguments[1] is [Expression:\n       constantValue matches  \"PUT_REGEX_HERE\"\n   ]\n  "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Unobfuscated Logging",
-    "predicate": "\n      FunctionCall fc: fc.possibleTargets contains [Function f:\n       name == \"__init__\"\n       and enclosingClass.name matches \"oslo_config\\.cfg\\.(Str|Float|Bool|Int|List|Dict)?Opt\"\n   ]\n   and (\n       namedParameters contains [NamedParameter p:\n    name == \"secret\"\n    /*if secret=False then the password, for example, will be printed in clear*/\n    and p.expression is [VariableAccess va: variable.name == \"False\"]\n    /*Check if \"secret\" is assigned a variable of \"False\" value, example: secret=sec, where sec=False*/\n    or p.expression is [VariableAccess va0: va0 in [Statement sa: sa contains [AssignmentStatement:\n        rhs is [VariableAccess va1: va1.variable.name == \"False\"]\n        and lhs is [ VariableAccess va2: va2 is va0 ]\n    ]]]\n       ]\n       /* Check if \"secret\" parameter is not in namedParameters as the default value is \"False\"*/\n       or not namedParameters contains [NamedParameter p1: name == \"secret\" ]\n   )\n   and arguments[1] is [Expression:\n       constantValue matches  \"(?i).*pass(wd|word|phrase).*|.*token$\"\n   ]\n  "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and rhs.constantValue is [None:]\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and rhs.constantValue is [None:]\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and rhs.constantValue is [None:]\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and rhs.constantValue is [None:]\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and rhs.constantValue is [None:]\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and rhs.constantValue is [None:]\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"PUT_REGEX_HERE\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and rhs.constantValue is [None: ]\n   ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"PUT_REGEX_HERE\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and rhs.constantValue is [None: ]\n   ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"(?i)pass(wd|word)\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and rhs.constantValue is [None: ]\n   ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and rhs.constantValue == \"\"\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and rhs.constantValue == \"\"\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and rhs.constantValue == \"\"\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and rhs.constantValue == \"\"\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and rhs.constantValue == \"\"\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and rhs.constantValue == \"\"\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"PUT_REGEX_HERE\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"PUT_REGEX_HERE\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"(?i)pass(wd|word)\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n       ((operation.lhs.location is\n       [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"PUT_REGEX_HERE\"] and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"PUT_REGEX_HERE\"] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.lhs.location is\n       [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"PUT_REGEX_HERE\"] and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"PUT_REGEX_HERE\"] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [ArrayAccess aa: aa.index is [StringLiteral sl:\n    sl.constantValue matches \"PUT_REGEX_HERE\"]] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ))\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n       ((operation.lhs.location is\n       [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"PUT_REGEX_HERE\"] and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"PUT_REGEX_HERE\"] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.lhs.location is\n       [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"PUT_REGEX_HERE\"] and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"PUT_REGEX_HERE\"] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [ArrayAccess aa: aa.index is [StringLiteral sl:\n    sl.constantValue matches \"PUT_REGEX_HERE\"]] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ))\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n       ((operation.lhs.location is\n       [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"(?i)pass(wd|word)\"] and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"(?i)pass(wd|word)\"] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.lhs.location is\n       [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"(?i)pass(wd|word)\"] and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"(?i)pass(wd|word)\"] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [ArrayAccess aa: aa.index is [StringLiteral sl:\n    sl.constantValue matches \"(?i)pass(wd|word)\"]] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ))\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"PUT_REGEX_HERE\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"PUT_REGEX_HERE\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"(?i)pass(wd|word)\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \"(?i).*pass(wd|word|phrase).*\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\"\n      and not fa.field.name matches \"(?i)pass(wd|word)\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and rhs.constantValue is [None:]\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\"\n      and not va.variable.name matches \"(?i)pass(wd|word)\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and rhs.constantValue is [None:]\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"(?i).*pass(wd|word).*\"\n      and not sl.constantValue matches \"(?i)pass(wd|word)\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and rhs.constantValue is [None: ]\n   ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\"\n      and not fa.field.name matches \"(?i)pass(wd|word)\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and rhs.constantValue == \"\"\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\"\n      and not va.variable.name matches \"(?i)pass(wd|word)\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and rhs.constantValue == \"\"\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"(?i).*pass(wd|word).*\"\n      and not sl.constantValue matches \"(?i)pass(wd|word)\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and rhs.constantValue == \"\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n       ((operation.lhs.location is\n       [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"(?i).*pass(wd|word).*\" and not val.variable.name matches \"(?i)pass(wd|word)\"] and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"(?i).*pass(wd|word).*\" and not var.variable.name matches \"(?i)pass(wd|word)\"] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.lhs.location is\n       [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"(?i).*pass(wd|word).*\" and not fal.field.name matches \"(?i)pass(wd|word)\"] and\n       not operation.rhs.constantValue.None and\n       not operation.rhs.constantValue is [None:] and\n       not operation.rhs.constantValue == \"\" and\n       not operation.rhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"(?i).*pass(wd|word).*\" and not far.field.name matches \"(?i)pass(wd|word)\"] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ) or\n       (operation.rhs.location is\n       [ArrayAccess aa: aa.index is [StringLiteral sl:\n    sl.constantValue matches \"(?i).*pass(wd|word).*\"]] and\n       not operation.lhs.constantValue.None and\n       not operation.lhs.constantValue is [None:] and\n       not operation.lhs.constantValue == \"\" and\n       not operation.lhs.constantValue matches \"(?i)true|false\"\n       ))\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\"\n      and not fa.field.name matches \"(?i)pass(wd|word)\"\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"\n   ]\n   and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n      sl.constantValue matches \"(?i).*pass(wd|word).*\"\n      and not sl.constantValue matches \"(?i)pass(wd|word)\"]\n      and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\"\n      and not va.variable.name matches \"(?i)pass(wd|word)\"\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase]\n       and not rhs.constantValue.None\n       and not rhs.constantValue is [None:]\n       and not rhs.constantValue == \"\"\n       and not rhs.constantValue matches \"(?i)true|false\"\n   ]\n   and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Unobfuscated Logging",
-    "predicate": "\n      FunctionCall fc: fc.possibleTargets contains [Function f:\n       name == \"__init__\"\n       and enclosingClass.name matches \"oslo_config\\.cfg\\.(Str|Float|Bool|Int|List|Dict)?Opt\"\n   ]\n   and (\n       namedParameters contains [NamedParameter p:\n    name == \"secret\"\n    /*if secret=False then the password, for example, will be printed in clear*/\n    and p.expression is [VariableAccess va: variable.name == \"False\"]\n    /*Check if \"secret\" is assigned a variable of \"False\" value, example: secret=sec, where sec=False*/\n    or p.expression is [VariableAccess va0: va0 in [Statement sa: sa contains [AssignmentStatement:\n        rhs is [VariableAccess va1: va1.variable.name == \"False\"]\n        and lhs is [ VariableAccess va2: va2 is va0 ]\n    ]]]\n       ]\n       /* Check if \"secret\" parameter is not in namedParameters as the default value is \"False\"*/\n       or not namedParameters contains [NamedParameter p1: name == \"secret\" ]\n   )\n   and arguments[1] is [Expression:\n       constantValue matches  \"PUT_REGEX_HERE\"\n   ]\n  "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Unobfuscated Logging",
-    "predicate": "\n      FunctionCall fc: fc.possibleTargets contains [Function f:\n       name == \"__init__\"\n       and enclosingClass.name matches \"oslo_config\\.cfg\\.(Str|Float|Bool|Int|List|Dict)?Opt\"\n   ]\n   and (\n       namedParameters contains [NamedParameter p:\n    name == \"secret\"\n    /*if secret=False then the password, for example, will be printed in clear*/\n    and p.expression is [VariableAccess va: variable.name == \"False\"]\n    /*Check if \"secret\" is assigned a variable of \"False\" value, example: secret=sec, where sec=False*/\n    or p.expression is [VariableAccess va0: va0 in [Statement sa: sa contains [AssignmentStatement:\n        rhs is [VariableAccess va1: va1.variable.name == \"False\"]\n        and lhs is [ VariableAccess va2: va2 is va0 ]\n    ]]]\n       ]\n       /* Check if \"secret\" parameter is not in namedParameters as the default value is \"False\"*/\n       or not namedParameters contains [NamedParameter p1: name == \"secret\" ]\n   )\n   and arguments[1] is [Expression:\n       constantValue matches  \"PUT_REGEX_HERE\"\n   ]\n  "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Unobfuscated Logging",
-    "predicate": "\n      FunctionCall fc: fc.possibleTargets contains [Function f:\n       name == \"__init__\"\n       and enclosingClass.name matches \"oslo_config\\.cfg\\.(Str|Float|Bool|Int|List|Dict)?Opt\"\n   ]\n   and (\n       namedParameters contains [NamedParameter p:\n    name == \"secret\"\n    /*if secret=False then the password, for example, will be printed in clear*/\n    and p.expression is [VariableAccess va: variable.name == \"False\"]\n    /*Check if \"secret\" is assigned a variable of \"False\" value, example: secret=sec, where sec=False*/\n    or p.expression is [VariableAccess va0: va0 in [Statement sa: sa contains [AssignmentStatement:\n        rhs is [VariableAccess va1: va1.variable.name == \"False\"]\n        and lhs is [ VariableAccess va2: va2 is va0 ]\n    ]]]\n       ]\n       /* Check if \"secret\" parameter is not in namedParameters as the default value is \"False\"*/\n       or not namedParameters contains [NamedParameter p1: name == \"secret\" ]\n   )\n   and arguments[1] is [Expression:\n       constantValue matches  \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto|access|secret).*key.*\"\n   ]\n  "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and rhs.constantValue is [None:]\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and rhs.constantValue is [None:]\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and rhs.constantValue is [None:]\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      // prevent 1DE90697-BF28-4DDB-A786-30E5BABA15D2 dupes\n      and not (\n   variable.name == \"SECRET_KEY\"\n   and variable.namespace.name matches \".*settings.*\"\n      )\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and rhs.constantValue is [None:]\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      // prevent 1DE90697-BF28-4DDB-A786-30E5BABA15D2 dupes\n      and not (\n   variable.name == \"SECRET_KEY\"\n   and variable.namespace.name matches \".*settings.*\"\n      )\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and rhs.constantValue is [None:]\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and rhs.constantValue is [None:]\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"PUT_REGEX_HERE\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and rhs.constantValue is [None: ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"PUT_REGEX_HERE\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and rhs.constantValue is [None: ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and rhs.constantValue is [None: ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      // prevent 1DE90697-BF28-4DDB-A786-30E5BABA15D2 dupes\n      and not (\n   variable.name == \"SECRET_KEY\"\n   and variable.namespace.name matches \".*settings.*\"\n      )\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      // prevent 1DE90697-BF28-4DDB-A786-30E5BABA15D2 dupes\n      and not (\n   variable.name == \"SECRET_KEY\"\n   and variable.namespace.name matches \".*settings.*\"\n      )\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"PUT_REGEX_HERE\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"PUT_REGEX_HERE\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      // prevent 1DE90697-BF28-4DDB-A786-30E5BABA15D2 dupes\n      and not (\n   variable.name == \"SECRET_KEY\"\n   and variable.namespace.name matches \".*settings.*\"\n      )\n      /* Exclude cases where the varAccess is in the func declaration */\n      and not (enclosingFunction.parameters contains va.variable\n   or va.enclosingFunction.sourceLocation.startLine == va.sourceLocation.startLine)\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\"\n      // prevent 1DE90697-BF28-4DDB-A786-30E5BABA15D2 dupes\n      and not (\n   variable.name == \"SECRET_KEY\"\n   and variable.namespace.name matches \".*settings.*\"\n      )\n      /* Exclude cases where the varAccess is in the func declaration */\n      and not (enclosingFunction.parameters contains va.variable\n   or va.enclosingFunction.sourceLocation.startLine == va.sourceLocation.startLine)\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where the varAccess is in the func declaration */\n      and not (enclosingFunction.parameters contains va.variable\n   or va.enclosingFunction.sourceLocation.startLine == va.sourceLocation.startLine)\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"PUT_REGEX_HERE\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"PUT_REGEX_HERE\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\"\n      and not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and rhs.constantValue is [None:]\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\"\n      and not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and rhs.constantValue is [None:]\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\"\n   and not sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and rhs.constantValue is [None:]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\"\n      and not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\"\n      and not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\"\n   and not sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and rhs.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\"\n      and not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      /* Exclude cases where key is used as the index to a dict */\n      and not fa.enclosingClass contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains fa]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\"\n      /* Exclude cases where the varAccess is in the func declaration */\n      and not (enclosingFunction.parameters contains va.variable\n   or va.enclosingFunction.sourceLocation.startLine == va.sourceLocation.startLine)\n      /* Exclude cases where key is used as the index to a dict */\n      and not enclosingFunction contains [FunctionCall: function.name == \"__getitem__\" and\n   arguments contains va]\n      and not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      and not va.enclosingFunction contains [FunctionCall fc: fc.name == \"__getitem__\"\n      and fc.arguments contains [VariableAccess va2: va2 == va]]\n      and va in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === va.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  ArrayAccess aa: aa.index is [StringLiteral sl:\n   sl.constantValue matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\"\n   and not sl.constantValue matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\"\n      ] and aa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === aa.transitiveBase\n   ] and not rhs.constantValue.None\n   and not rhs.constantValue is [None: ]\n   and not rhs.constantValue == \"\" \n   and not rhs.constantValue matches \"(?i)true|false\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "Unobfuscated Logging",
-    "predicate": "\n      FunctionCall fc: fc.possibleTargets contains [Function f:\n       name == \"__init__\"\n       and enclosingClass.name matches \"oslo_config\\.cfg\\.(Str|Float|Bool|Int|List|Dict)?Opt\"\n   ]\n   and (\n       namedParameters contains [NamedParameter p:\n    name == \"secret\"\n    /*if secret=False then the password, for example, will be printed in clear*/\n    and p.expression is [VariableAccess va: variable.name == \"False\"]\n    /*Check if \"secret\" is assigned a variable of \"False\" value, example: secret=sec, where sec=False*/\n    or p.expression is [VariableAccess va0: va0 in [Statement sa: sa contains [AssignmentStatement:\n        rhs is [VariableAccess va1: va1.variable.name == \"False\"]\n        and lhs is [ VariableAccess va2: va2 is va0 ]\n    ]]]\n       ]\n       /* Check if \"secret\" parameter is not in namedParameters as the default value is \"False\"*/\n       or not namedParameters contains [NamedParameter p1: name == \"secret\" ]\n   )\n   and arguments[1] is [Expression:\n       constantValue matches  \"(?i)^ssn.*|.*ssn$|.social.*security.*|.*creditcard.*|.*card(num|no).*|.*cvv.*|.*pin$\"\n   ]\n  "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "GraphQL Bad Practices",
-    "vuln_subcategory": "GraphiQL Enabled",
-    "predicate": "\n  FunctionCall fc:\n      fc.function is [Function:\n   name == \"as_view\"\n   and enclosingClass.supers contains [Class:\n       name == \"flask.views.View\"\n   ]\n      ]\n      and fc.environment is [FieldAccess:\n   accessInstance is [FieldAccess:\n       accessInstance is [VariableAccess:\n    variable.type is [Type:\n        name == \"flask_graphql.graphqlview.GraphQLView\"\n    ]\n       ]\n   ]\n      ]\n      and fc.namedParameters contains [NamedParameter:\n   name == \"graphiql\"\n   and (\n     expression is [VariableAccess: variable.name == \"True\"]*\n     or expression is [BooleanLiteral: value is true]*\n   )\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "GraphQL Bad Practices",
-    "vuln_subcategory": "Introspection Enabled",
-    "predicate": "\n  FunctionCall fc:\n      fc.function is [Function:\n   name == \"as_view\"\n   and enclosingClass.supers contains [Class:\n       name == \"flask.views.View\"\n   ]\n      ]\n      and fc.environment is [FieldAccess:\n   accessInstance is [FieldAccess:\n       accessInstance is [VariableAccess:\n    variable.type is [Type:\n        name == \"flask_graphql.graphqlview.GraphQLView\"\n    ]\n       ]\n   ]\n      ]\n      and not fc.namedParameters contains [NamedParameter:\n   name == \"middleware\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   name matches \"execute(many)?\"\n   and enclosingClass.supers contains [Class:\n       name == \"django.db.backends.utils.CursorWrapper\"\n   ]\n      ]\n      and fc.arguments[1] is [Expression: constantValue.None ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty PBE Password",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"pbkdf2\"\n   and namespace.name == \"django.utils.crypto\"\n      ] and arguments[0] is [Expression e:\n   e.constantValue == \"\"\n   or e.constantValue is [None :]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded PBE Password",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"pbkdf2\"\n   and namespace.name == \"django.utils.crypto\"\n      ] and arguments[0] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None:]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty PBE Password",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"pbkdf2_hmac\"\n   and namespace.name == \"hashlib\"\n      ] and arguments[1] is [Expression e:\n   e.constantValue == \"\"\n   or e.constantValue is [None :]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded PBE Password",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"pbkdf2_hmac\"\n   and namespace.name == \"hashlib\"\n      ] and arguments[1] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None:]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty PBE Password",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name matches \"PBKDF(1|2)|scrypt|bcrypt|HKDF\"\n   and namespace.name == \"Crypto.Protocol.KDF\"\n      ] and arguments[0] is [Expression e:\n   e.constantValue == \"\"\n   or e.constantValue is [None :]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded PBE Password",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n         name matches \"PBKDF(1|2)|scrypt|bcrypt|HKDF|SP800_108_Counter\"\n         and namespace.name matches \"Crypto.Protocol.KDF\"\n     ] and arguments[0] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None:]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Django Bad Practices",
-    "vuln_subcategory": "Overly Broad Host Header Verification",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function:\n   name == \"__getitem__\"\n      ]\n      and arguments[0] is [FieldAccess fa:\n   fa.field.name == \"META\"\n   /* Commenting out until TI does a better job\n       and fa.instance.possibleTypes contains [Type:\n       definition.supers contains [Class:\n    name matches \"django\\.http(\\.request)?\\.HttpRequest\"\n       ]\n   ] */\n      ] and arguments[1].constantValue matches \"(?i)host\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Django Bad Practices",
-    "vuln_subcategory": "Attributes in Deny List",
-    "predicate": "\n  AssignmentStatement:\n      lhs is [FieldAccess fa: field.name == \"exclude\"\n   and enclosingClass.name matches \".*\\.Meta\"\n      ]*\n      and rhs is [FunctionCall:\n   possibleTargets contains [Function: name == \"~python~list\"]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Insecure PBE Iteration Count",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"pbkdf2\"\n   and namespace.name == \"django.utils.crypto\"\n      ]\n      and arguments[2] is [Expression e:\n   constantValue is [Number n: n > 999 and n < 100000 ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Insecure PBE Iteration Count",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"pbkdf2\"\n   and namespace.name == \"django.utils.crypto\"\n      ]\n      and arguments[2] is [Expression e:\n   constantValue is [Number n: n <  1000]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"pbkdf2\"\n   and namespace.name == \"django.utils.crypto\"\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"dklen\"\n   and expression.constantValue is [Number n:\n       n <  128 and n != 0\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None PBE Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"pbkdf2\"\n   and namespace.name == \"django.utils.crypto\"\n      ]\n      and not arguments[1].constantValue.None\n      and arguments[1].constantValue is [None:]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty PBE Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"pbkdf2\"\n   and namespace.name == \"django.utils.crypto\"\n      ]\n      and arguments[1].constantValue == \"\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded PBE Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"pbkdf2\"\n   and namespace.name == \"django.utils.crypto\"\n      ]\n      and arguments[1] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"salted_hmac\"\n   and namespace.name == \"django.utils.crypto\"\n      ]\n      and not arguments[0].constantValue.None\n      and arguments[0].constantValue is [None:]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"salted_hmac\"\n   and namespace.name == \"django.utils.crypto\"\n      ]\n      and arguments[0].constantValue == \"\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"salted_hmac\"\n   and namespace.name == \"django.utils.crypto\"\n      ]\n      and arguments[0] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name == \"EMAIL_HOST_PASSWORD\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [StringLiteral:]\n      and rhs.constantValue == \"\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name == \"EMAIL_HOST_PASSWORD\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [StringLiteral:]\n      and rhs.constantValue != \"\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"EMAIL_HOST\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]*\n      ] and (not s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"EMAIL_USE_TLS\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]*\n   and rhs is [VariableAccess:\n       variable.name == \"True\"\n   ]*\n      ] or s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"EMAIL_USE_TLS\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]*\n   and rhs is [VariableAccess:\n       variable.name == \"False\"\n   ]*\n      ])\n      "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privacy Violation",
-    "vuln_subcategory": "BREACH",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]*\n   and rhs is [FunctionCall:\n       possibleTargets contains [Function: name matches \"~python~(tuple|list)\"]\n       and arguments contains [Expression:\n    constantValue == \"django.middleware.csrf.CsrfViewMiddleware\"\n       ]\n   ]*\n      ] and s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]*\n   and rhs is [FunctionCall:\n       possibleTargets contains [Function: name matches \"~python~(tuple|list)\"]\n       and arguments contains [Expression:\n    constantValue == \"django.middleware.gzip.GZipMiddleware\"\n       ]\n   ]*\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"CACHE_BACKEND\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs.constantValue matches \".*memcached.*\"\n      ] or s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"CACHES\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [FunctionCall:\n       possibleTargets contains [Function: name == \"~python~dict\"]\n       and arguments contains [FunctionCall:\n    possibleTargets contains [Function: name == \"~python~dict\"]\n    and arguments contains [Expression:\n        constantValue matches \".*memcached.*\"\n    ]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"__setitem__\"\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"key\" and expression.constantValue == \"default\"\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"value\" and expression is [VariableAccess:\n       variable is [Variable temp1:\n    enclosingFunction contains [FunctionCall:\n        function is [Function:\n     name == \"__setitem__\"\n        ]\n        and namedParameters contains [NamedParameter:\n     name == \"key\" and expression.constantValue == \"BACKEND\"\n        ]\n        and namedParameters contains [NamedParameter:\n     name == \"value\" and expression.constantValue matches \".*memcached.*\"\n        ]\n        and namedParameters contains [NamedParameter self:\n     name == \"self\"\n     and expression is [VariableAccess:\n         variable is [Variable temp2:\n      temp2 is temp1\n         ]*\n     ]\n        ]\n        and instance is [Expression this:]\n    ]\n       ]*\n   ]*\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   name == \"raw\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.db\\.models\\..*(Manager|Query|QuerySet)\"\n   ]\n      ]\n      and arguments[1] is [Expression: constantValue.None ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   name == \"extra\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.db\\.models\\..*(Manager|Query|QuerySet)\"\n   ]\n      ]\n      and arguments[1] is [Expression: constantValue.None ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "File Upload",
-    "predicate": "\n  FieldAccess fa: fa.field.name == \"FILES\"\n      and fa.instance.type.definition.supers contains [Class:\n       name matches \"django\\.http(\\.request)?\\.HttpRequest\"\n   ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Insecure Cross-Origin Opener Policy",
-    "predicate": "\n     AssignmentStatement: lhs is [VariableAccess:\n      variable.name == \"SECURE_CROSS_ORIGIN_OPENER_POLICY\"\n      and variable.namespace.name matches \".*settings.*\"\n  ]*\n  and rhs is [StringLiteral: image matches \"(same\\-origin\\-allow\\-popups)|(unsafe\\-none)\"]\n "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function:\n   name == \"make_password\"\n   and namespace.name == \"django.contrib.auth.hashers\"\n      ]\n      and namedParameters contains [NamedParameter p:\n   name == \"salt\"\n   and expression is [Expression:\n       not constantValue.None\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Lack of Key Derivation Function",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function:\n   name == \"make_password\"\n   and namespace.name == \"django.contrib.auth.hashers\"\n      ]\n      and namedParameters contains [NamedParameter p:\n   name == \"hasher\"\n   and expression.constantValue matches \"(unsalted_)?(crypt|sha1|md5)\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Lack of Key Derivation Function",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name == \"PASSWORD_HASHERS\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [FunctionCall:\n   possibleTargets contains [Function:\n       name == \"~python~list\"\n   ]\n   and arguments[0] is [StringLiteral:\n       image matches \"django\\.contrib\\.auth\\.hashers.(Unsalted)?(Crypt|MD5|SHA1)PasswordHasher\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "Insecure Deployment",
-    "vuln_subcategory": "Non Production Ready",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"INSTALLED_APPS\"\n       and variable.namespace.name matches \".*settings.*\"\n   ] and rhs is [FunctionCall:\n       possibleTargets contains [Function: name == \"~python~tuple\"]\n       and arguments contains [Expression:\n    constantValue == \"django.contrib.staticfiles\"\n       ]\n   ]*\n      ] and s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"DEBUG\"\n       and variable.namespace.name matches \".*settings.*\"\n   ] and rhs is [VariableAccess:\n       variable.name == \"True\"\n   ]*\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "Insecure Deployment",
-    "vuln_subcategory": "Non Production Ready",
-    "predicate": "\n  FunctionCall: possibleTargets contains [Function:\n   (name == \"url\" and namespace.name == \"django.conf.urls\")\n   or name == \"~python~tuple\"\n      ]\n      and arguments contains [VariableAccess va:\n   variable.name == \"serve\"\n   and va.variable.namespace.name matches \".*urls.*\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "Insecure Deployment",
-    "vuln_subcategory": "Predictable Resource Name",
-    "predicate": "\n  FunctionCall: possibleTargets contains [Function:\n      (name == \"url\" and namespace.name == \"django.conf.urls\")\n      or name == \"~python~tuple\"\n  ]\n  and arguments[0] is [StringLiteral: image matches \"(?i)^(.{2})?\\^admin\\/(.{1})?$\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  Statement s: s contains [AssignmentStatement as:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n      ]*\n      and not s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"SECURE_SSL_REDIRECT\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [VariableAccess:\n       variable.name == \"True\"\n   ]\n      ]\n      /* Only report on top level statement (whole file) */\n      and not s in [Statement parentStatement: ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "HSTS Does Not Include Subdomains",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n      ]*\n      and s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"SECURE_HSTS_SECONDS\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs.constantValue is [Number n: n > 0]\n      ]*\n      and not s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"SECURE_HSTS_INCLUDE_SUBDOMAINS\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [VariableAccess:\n       variable.name == \"True\"\n   ]\n      ]\n      /* Only report on top level statement (whole file) */\n      and not s in [Statement parentStatement: ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Insufficient HSTS Expiration Time",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n      ]*\n      and s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"SECURE_HSTS_SECONDS\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   /* 30 days */\n   and rhs.constantValue is [Number n1: n1 < 2592000]\n   and rhs.constantValue is [Number n2: n2 > 0]\n      ]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "HSTS not Set",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement as:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n      ]*\n      and not s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"SECURE_HSTS_SECONDS\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs.constantValue is [Number n: n > 0]\n      ]\n      /* Only report on top level statement (whole file) */\n      and not s in [Statement parentStatement: ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "MIME Sniffing",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement as:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n      ]*\n      and s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"SECURE_CONTENT_TYPE_NOSNIFF\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [VariableAccess:\n       variable.name == \"False\"\n   ]\n      ]\n      /* Only report on top level statement (whole file) */\n      and not s in [Statement parentStatement: ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "MIME Sniffing",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"__setitem__\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and fc.arguments[1].constantValue matches \"(?i)(X-)?Content-Type-Options\"\n      and fc.arguments[2].constantValue != \"nosniff\"\n      and not arguments[0] is [FieldAccess fa: field.name == \"session\"]\n      and not arguments[0] is [VariableAccess va: variable.name == \"session\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Cross-Site Scripting Protection",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement as:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n      ]*\n      and not s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"SECURE_BROWSER_XSS_FILTER\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [VariableAccess:\n       variable.name == \"True\"\n   ]\n      ]\n      /* Only report on top level statement (whole file) */\n      and not s in [Statement parentStatement: ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Cross-Site Scripting Protection",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"__setitem__\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and fc.arguments[1].constantValue matches \"(?i)(X-)?XSS-PROTECTION\"\n      and (fc.arguments[2].constantValue == \"0\" or fc.arguments[2].constantValue == 0)\n      and not arguments[0] is [FieldAccess fa: field.name == \"session\"]\n      and not arguments[0] is [VariableAccess va: variable.name == \"session\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Django Bad Practices",
-    "vuln_subcategory": "Pickle Serialized Sessions",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name == \"SESSION_SERIALIZER\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [StringLiteral: image == \"django.contrib.sessions.serializers.PickleSerializer\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Cross-Site Scripting Protection",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"__setitem__\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and fc.arguments[1].constantValue matches \"(?i)(X-)?Content-Security-Policy|X-WebKit-CSP\"\n      and fc.arguments[2].constantValue matches \"(?i).*reflected-xss\\s+allow.*\"\n      and not arguments[0] is [FieldAccess fa: field.name == \"session\"]\n      and not arguments[0] is [VariableAccess va: variable.name == \"session\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"__setitem__\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and fc.arguments[1].constantValue matches \"(?i)(X-)?Content-Security-Policy|X-WebKit-CSP\"\n      and fc.arguments[2].constantValue matches \"(?i).*sandbox\\s+allow-\\*.*\"\n      and not arguments[0] is [FieldAccess fa: field.name == \"session\"]\n      and not arguments[0] is [VariableAccess va: variable.name == \"session\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Misconfigured Content Security Policy",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"__setitem__\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and fc.arguments[1].constantValue matches \"(?i)(X-)?Content-Security-Policy|X-WebKit-CSP\"\n      and fc.arguments[2].constantValue matches \"(?i).*frame-src.*\"\n      and not fc.arguments[2].constantValue matches \"(?i).*sandbox.*\"\n      and not arguments[0] is [FieldAccess fa: field.name == \"session\"]\n      and not arguments[0] is [VariableAccess va: variable.name == \"session\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Misconfigured Content Security Policy",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"__setitem__\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and fc.arguments[1].constantValue matches \"(?i)(X-)?Content-Security-Policy|X-WebKit-CSP\"\n      and fc.arguments[2].constantValue matches \"(?i).*script-src.*\"\n      and not fc.arguments[2].constantValue matches \"(?i).*nonce.*\"\n      and not arguments[0] is [FieldAccess fa: field.name == \"session\"]\n      and not arguments[0] is [VariableAccess va: variable.name == \"session\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Misconfigured Content Security Policy",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"__setitem__\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and fc.arguments[1].constantValue matches \"(?i)(X-)?Content-Security-Policy|X-WebKit-CSP\"\n      and fc.arguments[2] is [Expression e:\n   e.constantValue matches \"(?i).*unsafe-(eval|inline).*\"\n      ]\n      and not arguments[0] is [FieldAccess fa: field.name == \"session\"]\n      and not arguments[0] is [VariableAccess va: variable.name == \"session\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"__setitem__\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and fc.arguments[1] is [Expression: constantValue matches \"(?i)(X-)?Content-Security-Policy|X-WebKit-CSP\"]\n      and fc.arguments[2] is [Expression: constantValue matches \"(?i).*src\\s+\\*[\\s;$]*.*\"]\n      and not arguments[0] is [FieldAccess fa: field.name == \"session\"]\n      and not arguments[0] is [VariableAccess va: variable.name == \"session\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Misconfigured Content Security Policy",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [FunctionCall:\n       possibleTargets contains [Function:\n    name matches \"~python~(tuple|list)\"\n       ]\n       and arguments contains [Expression:\n    constantValue == \"csp.middleware.CSPMiddleware\"\n       ]\n   ]\n      ]*\n      and s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"CSP_.*_SRC\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [FunctionCall: possibleTargets contains [Function:\n    name matches \"~python~(tuple|list)\"\n       ]\n       and arguments contains [Expression:\n    constantValue matches \"'unsafe-(eval|inline)'\"\n       ]\n   ]\n      ]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [FunctionCall:\n       possibleTargets contains [Function:\n    name matches \"~python~(tuple|list)\"\n       ]\n       and arguments contains [Expression:\n    constantValue == \"csp.middleware.CSPMiddleware\"\n       ]\n   ]\n      ]*\n      and s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"CSP_SANDBOX\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [FunctionCall: possibleTargets contains [Function:\n    name matches \"~python~(tuple|list)\"\n       ]\n       and arguments contains [Expression:\n    constantValue matches \"(?i)allow-\\*\"\n       ]\n   ]\n      ]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  Statement s: s contains [\n  AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [FunctionCall:\n       possibleTargets contains [Function:\n    name matches \"~python~(tuple|list)\"\n       ]\n       and arguments contains [Expression:\n    constantValue == \"csp.middleware.CSPMiddleware\"\n       ]\n   ]\n      ]*\n      and s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"CSP_.*_SRC\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [FunctionCall:possibleTargets contains [Function:\n    name matches \"~python~(tuple|list)\"\n       ]\n       and arguments contains [Expression:\n     constantValue == \"*\"\n       ]\n   ]\n      ]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"__setitem__\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and fc.arguments[1] is [Expression: constantValue matches \"(?i)Access-Control-Allow-Origin\"]\n      and fc.arguments[2] is [Expression: constantValue == \"*\"]\n      and not arguments[0] is [FieldAccess fa: field.name == \"session\"]\n      and not arguments[0] is [VariableAccess va: variable.name == \"session\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name == \"CORS_ORIGIN_ALLOW_ALL\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [VariableAccess:\n   variable.name == \"True\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [FunctionCall:\n   possibleTargets contains [Function: name matches \"~python~(tuple|list)\"]\n   and not arguments contains [Expression e:\n       e.constantValue == \"django.middleware.csrf.CsrfViewMiddleware\"\n   ]\n      ]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Django Bad Practices",
-    "vuln_subcategory": "Cookie Stored Sessions",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name == \"SESSION_ENGINE\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [StringLiteral: image == \"django.contrib.sessions.backends.signed_cookies\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Frame Scripting",
-    "vuln_subcategory": None,
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and (\n       rhs is [FunctionCall:\n    possibleTargets contains [Function: name matches \"~python~(tuple|list)\"]\n    and not arguments contains [Expression e:\n        e.constantValue == \"django.middleware.clickjacking.XFrameOptionsMiddleware\"\n    ]\n       ]\n       and not s contains [AssignmentStatement:\n    lhs is [VariableAccess:\n        variable.name == \"SECURE_FRAME_DENY\"\n        and variable.namespace.name matches \".*settings.*\"\n    ]*\n    and rhs is [VariableAccess:\n        variable.name == \"True\"\n    ]\n       ]\n   )]*\n   /* Only report on top level statement (whole file) */\n   and not s in [Statement parentStatement: ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Path",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name matches \"(CSRF|SESSION)_COOKIE_PATH\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [StringLiteral:\n   image == \"/\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name matches \"(CSRF|SESSION)_COOKIE_DOMAIN\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [StringLiteral: image matches \"(?i)^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name matches \"(CSRF|SESSION)_COOKIE_DOMAIN\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [StringLiteral: image matches \"(?i)^\\.?([a-z0-9\\-]+)\\.([a-z0-9\\-]+)$\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Session Cookie not Sent Over SSL",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ] and rhs is [FunctionCall:\n       possibleTargets contains [Function: name matches \"~python~(tuple|list)\"]\n       and arguments contains [Expression e:\n    e.constantValue == \"django.contrib.sessions.middleware.SessionMiddleware\"\n       ]\n   ]\n      ]*\n      and not s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"SESSION_COOKIE_SECURE\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n      ]\n      /* Only report on top level statement (whole file) */\n      and not s in [Statement parentStatement: ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "CSRF Cookie not Sent Over SSL",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ] and rhs is [FunctionCall:\n       possibleTargets contains [Function: name matches \"~python~(tuple|list)\"]\n       and arguments contains [Expression e:\n    e.constantValue == \"django.middleware.csrf.CsrfViewMiddleware\"\n       ]\n   ]\n      ]*\n      and not s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name == \"CSRF_COOKIE_SECURE\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n      ]\n      /* Only report on top level statement (whole file) */\n      and not s in [Statement parentStatement: ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Session Cookie not Sent Over SSL",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name == \"SESSION_COOKIE_SECURE\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [VariableAccess:\n   variable.name == \"False\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "CSRF Cookie not Sent Over SSL",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name == \"CSRF_COOKIE_SECURE\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [VariableAccess:\n   variable.name == \"False\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "HTTPOnly not Set on CSRF Cookie",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ] and rhs is [FunctionCall:\n       possibleTargets contains [Function: name matches \"~python~(tuple|list)\"]\n       and arguments contains [Expression e:\n    e.constantValue == \"django.middleware.csrf.CsrfViewMiddleware\"\n       ]\n   ]\n      ]*\n      and (\n   s contains [AssignmentStatement: lhs is [VariableAccess:\n    variable.name == \"CSRF_COOKIE_HTTPONLY\"\n    and variable.namespace.name matches \".*settings.*\"\n       ]\n       and rhs is [VariableAccess:\n    variable.name == \"False\"\n       ]\n   ]* or not s contains [AssignmentStatement: lhs is [VariableAccess:\n    variable.name == \"CSRF_COOKIE_HTTPONLY\"\n    and variable.namespace.name matches \".*settings.*\"\n       ]\n   ]\n      )\n      /* Only report on top level statement (whole file) */\n      and not s in [Statement parentStatement: ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "HTTPOnly not Set on Session Cookie",
-    "predicate": "\n  Statement s: s contains [AssignmentStatement:\n   lhs is [VariableAccess:\n       variable.name matches \"MIDDLEWARE(_CLASSES)?\"\n       and variable.namespace.name matches \".*settings.*\"\n   ] and rhs is [FunctionCall:\n       possibleTargets contains [Function: name matches \"~python~(tuple|list)\"]\n       and arguments contains [Expression e:\n    e.constantValue == \"django.contrib.sessions.middleware.SessionMiddleware\"\n       ]\n   ]\n      ]*\n      and s contains [AssignmentStatement: lhs is [VariableAccess:\n       variable.name == \"SESSION_COOKIE_HTTPONLY\"\n       and variable.namespace.name matches \".*settings.*\"\n   ]\n   and rhs is [VariableAccess:\n       variable.name == \"False\"\n   ]\n      ]*\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Permissive SameSite Attribute",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n      variable.name matches \"(SESSION|CSRF)_COOKIE_SAMESITE\"\n      and variable.namespace.name matches \".*settings.*\"\n  ]*\n  and\n  (\n      rhs is [StringLiteral: image matches \"Lax|None\"] or\n      rhs is [VariableAccess: variable.name == \"False\"]\n  )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Django Bad Practices",
-    "vuln_subcategory": "Overly Broad Host Header Verification",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name == \"ALLOWED_HOSTS\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [FunctionCall: possibleTargets contains [Function: name == \"~python~list\"]\n   and arguments contains [StringLiteral: image == \"*\"]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  AssignmentStatement: lhs is [\n      VariableAccess va: va.variable.name == \"SECRET_KEY_FALLBACKS\"\n   and va.variable.namespace.name matches \".*settings.*\"\n      ]\n      and  rhs is [FunctionCall:\n   possibleTargets contains [Function:\n       name == \"~python~list\"\n      ]\n   and arguments[0] is [Expression:\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name == \"SECRET_KEY\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [StringLiteral:]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "External",
-    "predicate": "\n  AssignmentStatement: lhs is [VariableAccess:\n   variable.name matches \"(TEMPLATE_)?DEBUG(_PROPAGATE_EXCEPTIONS)?\"\n   and variable.namespace.name matches \".*settings.*\"\n      ]*\n      and rhs is [VariableAccess:\n   variable.name == \"True\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Cross-Site Scripting",
-    "vuln_subcategory": "Poor Validation",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   name == \"~django~firstof\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Cross-Site Scripting",
-    "vuln_subcategory": "Poor Validation",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   name matches \"safe|safeseq|escape|force_escape\"\n   and namespace.name == \"django.template.defaultfilters\"\n      ]\n      and arguments[0] is [Expression e:]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "External",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   name == \"~django~debug\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall fc:\n      fc.name matches \"create_(super)?user\"\n      and fc.instance is [VariableAccess:\n   possibleTypes contains [Type:\n       definition.supers contains [Class:\n    name == \"django.contrib.auth.models.UserManager\"\n       ]\n   ]\n      ]\n      and fc.namedParameters contains [NamedParameter np:\n   np.name == \"password\"\n   and expression is [Expression e:\n       constantValue.None\n       and constantValue is [None:]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc:\n      fc.name matches \"create_(super)?user\"\n      and fc.instance is [VariableAccess:\n   possibleTypes contains [Type:\n       definition.supers contains [Class:\n    name == \"django.contrib.auth.models.UserManager\"\n       ]\n   ]\n      ]\n      and fc.namedParameters contains [NamedParameter np:\n   np.name == \"password\"\n   and expression is [Expression e:\n       not constantValue.None\n       and not constantValue is [None: ]\n       and constantValue == \"\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc:\n      fc.name matches \"create_(super)?user\"\n      and fc.instance is [VariableAccess:\n   possibleTypes contains [Type:\n       definition.supers contains [Class:\n    name == \"django.contrib.auth.models.UserManager\"\n       ]\n   ]\n      ]\n      and fc.namedParameters contains [NamedParameter np:\n   np.name == \"password\"\n   and expression is [Expression e:\n       not constantValue.None\n       and not constantValue is [None: ]\n       and not constantValue == \"\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Path",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_signed_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[6].constantValue == \"/\"\n      or (not fc.namedParameters contains [NamedParameter:\n   name == \"path\"\n      ] and fc.arguments.length < 7)\n      or fc.namedParameters contains [NamedParameter:\n   name == \"path\"\n   and expression.constantValue == \"/\"\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Path",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[5].constantValue == \"/\"\n      or (not fc.namedParameters contains [NamedParameter:\n   name == \"path\"\n      ] and fc.arguments.length < 6)\n      or fc.namedParameters contains [NamedParameter:\n   name == \"path\"\n   and expression.constantValue == \"/\"\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_signed_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[7].constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"\n      or fc.namedParameters contains [NamedParameter:\n   name == \"domain\"\n   and expression.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_signed_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[7].constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.([a-z0-9\\-]+)$\"\n      or fc.namedParameters contains [NamedParameter:\n   name == \"domain\"\n   and expression.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.([a-z0-9\\-]+)$\"\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[6].constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"\n      or fc.namedParameters contains [NamedParameter:\n   name == \"domain\"\n   and expression.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[6].constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.([a-z0-9\\-]+)$\"\n      or fc.namedParameters contains [NamedParameter:\n   name == \"domain\"\n   and expression.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.([a-z0-9\\-]+)$\"\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_signed_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[8] is [VariableAccess: variable.name == \"False\"]\n      /* or fc.arguments[8].constantValue is [None:] */\n      or (not fc.namedParameters contains [NamedParameter:\n   name == \"secure\"\n      ] and fc.arguments.length < 9)\n      or fc.namedParameters contains [NamedParameter:\n   name == \"secure\"\n   and (expression is [VariableAccess: variable.name == \"False\"]\n   or expression.constantValue is [None:])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[7] is [VariableAccess: variable.name == \"False\"]\n      or fc.arguments[7].constantValue is [None:]\n      or (not fc.namedParameters contains [NamedParameter:\n   name == \"secure\"\n      ] and fc.arguments.length < 8)\n      or fc.namedParameters contains [NamedParameter:\n   name == \"secure\"\n   and (expression is [VariableAccess: variable.name == \"False\"]\n   or expression.constantValue is [None:])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Persistent Cookie",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_signed_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[5] is [VariableAccess: variable.name == \"False\"]\n      /* or fc.arguments[5].constantValue is [None:] */\n      or (not fc.namedParameters contains [NamedParameter:\n   name == \"expires\"\n      ] and fc.arguments.length < 6)\n      or fc.namedParameters contains [NamedParameter:\n   name == \"expires\"\n   and (expression is [VariableAccess: variable.name == \"False\"]\n   or expression.constantValue is [None:])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Persistent Cookie",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[4] is [VariableAccess: variable.name == \"False\"]\n      or fc.arguments[4].constantValue is [None:]\n      or (not fc.namedParameters contains [NamedParameter:\n   name == \"expires\"\n      ] and fc.arguments.length < 5)\n      or fc.namedParameters contains [NamedParameter:\n   name == \"expires\"\n   and (expression is [VariableAccess: variable.name == \"False\"]\n   or expression.constantValue is [None:])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "HTTPOnly not Set",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_signed_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[9] is [VariableAccess: variable.name == \"False\"]\n      or fc.namedParameters contains [NamedParameter:\n   name == \"httponly\"\n   and expression is [VariableAccess: variable.name == \"False\"]\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "HTTPOnly not Set",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[8] is [VariableAccess: variable.name == \"False\"]\n      or (not fc.namedParameters contains [NamedParameter:\n   name == \"httponly\"\n      ] and fc.arguments.length < 9)\n      or fc.namedParameters contains [NamedParameter:\n   name == \"httponly\"\n   and expression is [VariableAccess: variable.name == \"False\"]\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"get_signed_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.request)?\\.HttpRequest\"\n   ]\n      ]\n      and (fc.arguments[2] is [Expression:\n   not constantValue.None\n   and (constantValue is [None:]\n   or constantValue == \"\")\n      ]\n      or (not fc.namedParameters contains [NamedParameter:\n   name == \"salt\"\n      ] and fc.arguments.length < 3)\n      or fc.namedParameters contains [NamedParameter:\n   name == \"salt\"\n   and expression is [Expression:\n       not constantValue.None\n       and (constantValue is [None:]\n       or constantValue == \"\")\n   ]\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"get_signed_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.request)?\\.HttpRequest\"\n   ]\n      ]\n      and (fc.arguments[2] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ]\n      or fc.namedParameters contains [NamedParameter:\n   name == \"salt\"\n   and expression is [Expression:\n       not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ]\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_signed_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[3] is [Expression:\n   not constantValue.None\n   and (constantValue == \"\"\n   or constantValue is [None:])\n      ]\n      or not fc.namedParameters contains [NamedParameter:\n   name == \"salt\"\n      ]\n      or fc.namedParameters contains [NamedParameter:\n   name == \"salt\"\n   and expression is [Expression:\n       not constantValue.None\n       and (constantValue == \"\"\n       or constantValue is [None:])\n   ]\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name == \"set_signed_cookie\"\n   and enclosingClass.supers contains [Class:\n       name matches \"django\\.http(\\.response)?\\.(Streaming)?HttpResponse(Base)?\"\n   ]\n      ]\n      and (fc.arguments[3] is [Expression:\n   not constantValue.None\n   and not constantValue == \"\"\n   and not constantValue is [None: ]\n      ]\n      or fc.namedParameters contains [NamedParameter:\n   name == \"salt\"\n   and expression is [Expression:\n       not constantValue.None\n       and not constantValue == \"\"\n       and not constantValue is [None: ]\n   ]\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Randomness",
-    "vuln_subcategory": "Weak Entropy Source",
-    "predicate": "\n  FunctionCall fc: name matches \"(wh)?seed|__init__\"\n      and function.enclosingClass.name matches \"random\\.(Random|WichmannHill)\"\n      and ( arguments.length == 0\n   or arguments[0] is [NoneLiteral:]\n      )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Randomness",
-    "vuln_subcategory": "Weak Entropy Source",
-    "predicate": "\n  FunctionCall fc: name matches \"(wh)?seed\"\n      and function.namespace.name == \"random\"\n      and namedParameters contains [NamedParameter: name == \"a\"\n   and expression is [NoneLiteral:]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Randomness",
-    "vuln_subcategory": "Weak Entropy Source",
-    "predicate": "\n  FunctionCall fc: name matches \"(wh)?seed\"\n      and function.namespace.name == \"random\"\n      and ( arguments.length == 0\n   or arguments[0] is [NoneLiteral:]\n      )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc: name == \"update\"\n      and function.enclosingClass.name == \"_hashlib.HASH\"\n      and (arguments[1] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and constantValue is [None:]\n      ] or arguments[1] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: name == \"update\"\n      and function.enclosingClass.name == \"_hashlib.HASH\"\n      and (arguments[1] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and constantValue == \"\"\n      ] or arguments[1] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: name == \"update\"\n      and function.enclosingClass.name == \"_hashlib.HASH\"\n      and (arguments[1] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] or arguments[1] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"md5|sha1|sha224|sha256|sha384|sha512\"\n      and function.namespace.name == \"hashlib\"\n      and (arguments[0] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and constantValue is [None:]\n      ] or arguments[0] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"md5|sha1|sha224|sha256|sha384|sha512\"\n      and function.namespace.name == \"hashlib\"\n      and (arguments[0] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and constantValue == \"\"\n      ] or arguments[0] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"md5|sha1|sha224|sha256|sha384|sha512\"\n      and function.namespace.name == \"hashlib\"\n      and (arguments[0] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] or arguments[0] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"md5|sha1|sha224|sha256|sha384|sha512\"\n      and function.namespace.name == \"hashlib\"\n      and (arguments[0] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and constantValue is [None:]\n      ] or arguments[0] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"md5|sha1|sha224|sha256|sha384|sha512\"\n      and function.namespace.name == \"hashlib\"\n      and (arguments[0] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and constantValue == \"\"\n      ] or arguments[0] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"md5|sha1|sha224|sha256|sha384|sha512\"\n      and function.namespace.name == \"hashlib\"\n      and (arguments[0] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] or arguments[0] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None PBE Salt",
-    "predicate": "\n  FunctionCall fc: name == \"pbkdf2_hmac\"\n      and function.namespace.name == \"hashlib\"\n      and arguments[2] is [FieldAccess:\n   not constantValue.None\n   and constantValue is [None:]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty PBE Salt",
-    "predicate": "\n  FunctionCall fc: name == \"pbkdf2_hmac\"\n      and function.namespace.name == \"hashlib\"\n      and arguments[2] is [FieldAccess:\n   constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded PBE Salt",
-    "predicate": "\n  FunctionCall fc: name == \"pbkdf2_hmac\"\n      and function.namespace.name == \"hashlib\"\n      and arguments[2] is [FieldAccess:\n   not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None PBE Salt",
-    "predicate": "\n  FunctionCall fc: name == \"pbkdf2_hmac\"\n      and function.namespace.name == \"hashlib\"\n      and arguments[2] is [VariableAccess:\n   not constantValue.None\n   and constantValue is [None:]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty HMAC Key",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name == \"hmac\"\n      and arguments[0] is [Expression e:\n   not e.constantValue.None\n   and e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded HMAC Key",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name == \"Crypto.Hash.HMAC\"\n      and arguments[0] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None: ]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded HMAC Key",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name == \"hmac\"\n      and arguments[0] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None: ]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty PBE Salt",
-    "predicate": "\n  FunctionCall fc: name == \"pbkdf2_hmac\"\n      and function.namespace.name == \"hashlib\"\n      and arguments[2] is [VariableAccess:\n   constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded PBE Salt",
-    "predicate": "\n  FunctionCall fc: name == \"pbkdf2_hmac\"\n      and function.namespace.name == \"hashlib\"\n      and arguments[2] is [VariableAccess:\n   not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: name matches \"__init__|request\"\n      and fc.function.enclosingClass.name == \"httplib2.Http\"\n      and fc.namedParameters contains [NamedParameter p1:\n   name == \"disable_ssl_certificate_validation\"\n   and expression is [VariableAccess:\n       variable.name == \"True\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: name == \"open\"\n      and fc.function.enclosingClass.name == \"urllib2.OpenerDirector\"\n      and fc.arguments[1].constantValue matches \"(?i)^https.*\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: name matches \"open|retrieve\"\n      and fc.function.enclosingClass.name == \"urllib.URLopener\"\n      and fc.arguments[1].constantValue matches \"(?i)^https.*\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n  FunctionCall fc: function.name == \"__init__\"\n      and function.enclosingClass.name == \"imaplib.IMAP4\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n  FunctionCall fc: function.name == \"__init__\"\n      and function.enclosingClass.name == \"poplib.POP3\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"connect\"\n      and fc.function.namespace.name == \"psycopg2\"\n      and fc.namedParameters contains [NamedParameter p:\n   p.name == \"password\"\n   and (p.expression is [VariableAccess va: va.variable.name == \"None\"]\n   or p.expression.constantValue is [None: ])\n      and not p.expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"connect\"\n      and fc.function.namespace.name == \"psycopg2\"\n      and fc.namedParameters contains [NamedParameter p:\n   p.name == \"password\"\n   and not p.expression.constantValue.None\n   and not p.expression.constantValue is [None: ]\n   and p.expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"connect\"\n      and fc.function.namespace.name == \"psycopg2\"\n      and fc.namedParameters contains [NamedParameter p:\n   p.name == \"password\"\n   and not p.expression.constantValue.None\n   and not p.expression.constantValue is [None: ]\n   and not p.expression.constantValue == \"\"\n      ]\n      "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"setopt\"\n      and fc.function.enclosingClass.name matches \"pycurl\\.Curl(Share)?\"\n      and (fc.arguments[1] is [VariableAccess va:\n   va.variable.name matches \"SSL_(VERIFYPEER|VERIFYHOST)\"\n   and va.variable.namespace.name == \"pycurl\"\n      ] or\n   fc.arguments[1] is [FieldAccess fa:\n       fa.field.name matches \"SSL_(VERIFYPEER|VERIFYHOST)\"\n       and fa.field.enclosingClass.name == \"pycurl.Curl\"\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"setopt\"\n      and fc.function.enclosingClass.name matches \"pycurl\\.Curl(Share)?\"\n      and (fc.arguments[1] is [VariableAccess va:\n   va.variable.name == \"USERPWD\"\n   and va.variable.namespace.name == \"pycurl\"\n      ] or\n   fc.arguments[1] is [FieldAccess fa:\n       fa.field.name == \"USERPWD\"\n       and fa.field.enclosingClass.name == \"pycurl.Curl\"\n      ])\n      and (fc.arguments[2] is [VariableAccess va2: va2.variable.name == \"None\"]\n      or fc.arguments[2].constantValue is [None: ])\n      and not fc.arguments[2].constantValue == \"\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"setopt\"\n      and fc.function.enclosingClass.name matches \"pycurl\\.Curl(Share)?\"\n      and (fc.arguments[1] is [VariableAccess va:\n   va.variable.name == \"USERPWD\"\n   and va.variable.namespace.name == \"pycurl\"\n      ] or\n   fc.arguments[1] is [FieldAccess fa:\n       fa.field.name == \"USERPWD\"\n       and fa.field.enclosingClass.name == \"pycurl.Curl\"\n      ])\n      and not fc.arguments[2].constantValue.None\n      and not fc.arguments[2].constantValue is [None: ]\n      and fc.arguments[2].constantValue == \"\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"setopt\"\n      and fc.function.enclosingClass.name matches \"pycurl\\.Curl(Share)?\"\n      and (fc.arguments[1] is [VariableAccess va:\n   va.variable.name == \"USERPWD\"\n   and va.variable.namespace.name == \"pycurl\"\n      ] or\n   fc.arguments[1] is [FieldAccess fa:\n       fa.field.name == \"USERPWD\"\n       and fa.field.enclosingClass.name == \"pycurl.Curl\"\n      ])\n      and not fc.arguments[2].constantValue.None\n      and not fc.arguments[2].constantValue is [None: ]\n      and not fc.arguments[2].constantValue == \"\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "Internal",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"enable\"\n      and fc.function.namespace.name == \"cgitb\"\n      and fc.namedParameters contains [NamedParameter: name == \"display\"\n   and expression is [Expression e: e.constantValue == 0 ]]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "External",
-    "predicate": "\n        FunctionCall fc: fc.function.name == \"enable\"\n  and fc.function.namespace.name == \"cgitb\"\n  and (not fc.namedParameters contains [NamedParameter: name == \"display\"]\n      or fc.namedParameters contains [NamedParameter: name == \"display\"\n      and expression.constantValue != 0])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n  Field f: f.name == \"cgi\"\n  and f.enclosingClass is [Class c: c.name matches \".*~module\"]\n      "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "External",
-    "predicate": "\n        FunctionCall fc: fc.function.name matches \"print_environ|print_directory|print_environ_usage\"\n  and fc.function.namespace.name == \"cgi\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"get|put|patch|post|delete|head|options|send\"\n      and fc.function.enclosingClass.name == \"requests.sessions.Session\"\n      and fc.namedParameters contains [NamedParameter p1:\n   name == \"verify\"\n   and expression is [VariableAccess:\n       variable.name == \"False\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"get|patch|put|post|delete|head|options|request\"\n      and fc.function.namespace.name == \"requests.api\"\n      and fc.namedParameters contains [NamedParameter p1:\n   name == \"verify\"\n   and expression is [VariableAccess:\n       variable.name == \"False\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"__init__\"\n      and fc.function.enclosingClass.name == \"httplib.HTTPSConnection\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"urlopen\"\n      and fc.function.namespace.name == \"urllib2\"\n      and fc.arguments[0].constantValue matches \"(?i)^https.*\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"urlopen|urlretrieve\"\n      and fc.function.namespace.name == \"urllib\"\n      and fc.arguments[0].constantValue matches \"(?i)^https.*\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc: name matches \"PBKDF(1|2)\"\n      and fc.function.namespace.name == \"Crypto.Protocol.KDF\"\n      and namedParameters contains [NamedParameter:\n   name == \"dkLen\"\n   and expression.constantValue is [Number n: n == 0]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall fc: name matches \"PBKDF(1|2)\"\n      and fc.function.namespace.name == \"Crypto.Protocol.KDF\"\n      and namedParameters contains [NamedParameter:\n   name == \"dkLen\"\n   and expression.constantValue is [Number n:\n       n < 128 and n > 0\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall fc: name == \"pbkdf2_hmac\"\n      and function.namespace.name == \"hashlib\"\n      and namedParameters contains [NamedParameter:\n   name == \"dklen\"\n   and expression.constantValue is [Number n:\n       n < 16\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n      and arguments[5] is [Expression e:\n   not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] and arguments[1].constantValue != arguments[5].constantValue\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and arguments[4] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] and arguments[0].constantValue != arguments[4].constantValue\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n      and namedParameters contains [NamedParameter p:\n   name == \"IV\"\n   and expression is [Expression:\n       not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and namedParameters contains [NamedParameter p:\n   name == \"IV\"\n   and expression is [Expression:\n       not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n    and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n    and not namedParameters contains [NamedParameter p:\n      name == \"IV\"\n    ]\n    and (arguments.length < 4\n      or not arguments[3].constantValue.None\n    )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Stream Cipher",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n      and arguments contains [VariableAccess va:\n   variable.name == \"MODE_CTR\"\n   and variable.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Stream Cipher",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and arguments contains [VariableAccess va:\n   variable.name == \"MODE_CTR\"\n   and variable.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"(Crypto\\.Cipher\\.DES3\\.DES3)(_)?Cipher\"\n      and arguments[1] is [Expression e:\n   constantValue is [String s: s.length <  21]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|Blowfish|CAST)\\.(AES|Blowfish|CAST128)(_)?Cipher\"\n      and arguments[1] is [Expression e:\n   constantValue is [String s: s.length <  16]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name == \"Crypto.Cipher.DES3\"\n      and arguments[0] is [Expression e:\n   constantValue is [String s: s.length <  21]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|Blowfish|CAST)\"\n      and arguments[0] is [Expression e:\n   constantValue is [String s: s.length <  16]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Predictable Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"PBKDF(1|2)|scrypt\"\n      and fc.function.namespace.name == \"Crypto.Protocol.KDF\"\n      and arguments[0] is arguments[1]\n      and arguments[0].constantValue.None\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Predictable Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"PBKDF(1|2)|scrypt\"\n      and fc.function.namespace.name == \"Crypto.Protocol.KDF\"\n      and arguments[0].constantValue === arguments[1].constantValue\n      and not arguments[0].constantValue.None\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Predictable Salt",
-    "predicate": "\n  FunctionCall fc: name == \"pbkdf2_hmac\"\n      and fc.function.namespace.name == \"hashlib\"\n      and arguments[1] is arguments[2]\n      and arguments[1].constantValue.None\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Predictable Salt",
-    "predicate": "\n  FunctionCall fc: name == \"pbkdf2_hmac\"\n      and fc.function.namespace.name == \"hashlib\"\n      and arguments[1].constantValue === arguments[2].constantValue\n      and not arguments[1].constantValue.None\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n      and arguments[1] is arguments[5]\n      and arguments[1].constantValue.None\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and arguments[0] is arguments[4]\n      and arguments[0].constantValue.None\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n      and arguments[1].constantValue === arguments[5].constantValue\n      and not arguments[1].constantValue.None\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and arguments[0].constantValue === arguments[2].constantValue\n      and not arguments[0].constantValue.None\n      "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and arguments[0].constantValue === arguments[4].constantValue\n      and not arguments[0].constantValue.None\n      "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Inadequate RSA Padding",
-    "predicate": "\n  FunctionCall fc: name matches \"encrypt|decrypt\"\n      and function.enclosingClass.name == \"Crypto.PublicKey.RSA._RSAobj\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc: name == \"importKey\"\n      and function.namespace.name == \"Crypto.PublicKey.RSA\"\n      and namedParameters contains [NamedParameter p:\n   name == \"passphrase\"\n   and expression is [Expression e:\n       not e.constantValue.None\n       and not e.constantValue is [None:]\n       and not e.constantValue == \"\"\n   ]\n      ]\n      and arguments.length <  3\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Unencrypted Private Key",
-    "predicate": "\n  FunctionCall fc: name == \"importKey\"\n      and function.namespace.name == \"Crypto.PublicKey.RSA\"\n      and namedParameters contains [NamedParameter p:\n   name == \"passphrase\"\n   and expression is [Expression e:\n       e.constantValue is [None:]\n       or e.constantValue == \"\"\n   ]\n      ]\n      and arguments.length < 3\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc: name == \"exportKey\"\n      and function.enclosingClass.name == \"Crypto.PublicKey.RSA._RSAobj\"\n      and namedParameters contains [NamedParameter p:\n   name == \"passphrase\"\n   and expression is [Expression e:\n       not e.constantValue.None\n       and not e.constantValue is [None:]\n       and not e.constantValue == \"\"\n   ]\n      ]\n      and arguments.length <  4\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Unencrypted Private Key",
-    "predicate": "\n  FunctionCall fc: name == \"exportKey\"\n      and function.enclosingClass.name == \"Crypto.PublicKey.RSA._RSAobj\"\n      and namedParameters contains [NamedParameter p:\n   name == \"passphrase\"\n   and expression is [Expression e:\n       e.constantValue is [None:]\n       or e.constantValue == \"\"\n   ]\n      ]\n      and arguments.length < 4\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc: name == \"importKey\"\n      and function.namespace.name == \"Crypto.PublicKey.RSA\"\n      and arguments[1] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None:]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Unencrypted Private Key",
-    "predicate": "\n  FunctionCall fc: name == \"importKey\"\n      and function.namespace.name == \"Crypto.PublicKey.RSA\"\n      and arguments[1] is [Expression e:\n   e.constantValue is [None:]\n   or e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc: name == \"exportKey\"\n      and function.enclosingClass.name == \"Crypto.PublicKey.RSA._RSAobj\"\n      and arguments[2] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None:]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Unencrypted Private Key",
-    "predicate": "\n  FunctionCall fc: name == \"exportKey\"\n      and function.enclosingClass.name == \"Crypto.PublicKey.RSA._RSAobj\"\n      and arguments.length == 1\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Unencrypted Private Key",
-    "predicate": "\n  FunctionCall fc: name == \"exportKey\"\n      and function.enclosingClass.name == \"Crypto.PublicKey.RSA._RSAobj\"\n      and arguments[2] is [Expression e:\n   e.constantValue is [None:]\n   or e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n      and arguments[1] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None: ]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[0] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and not constantValue is [None:]\n   and constantValue == \"\"\n      ] or arguments[0] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[0] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and constantValue == \"\"\n      ] or arguments[0] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[0] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] or arguments[0] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[0] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and constantValue is [None:]\n      ] or arguments[0] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[0] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and constantValue == \"\"\n      ] or arguments[0] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[0] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] or arguments[0] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[1] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and constantValue is [None:]\n      ] or arguments[1] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[1] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and constantValue == \"\"\n      ] or arguments[1] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[1] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] or arguments[1] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[1] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and constantValue is [None:]\n      ] or arguments[1] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[1] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and constantValue == \"\"\n      ] or arguments[1] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Hash\\.(.*)\"\n      and (arguments[1] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] or arguments[1] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc: name == \"update\"\n      and function.enclosingClass.name == \"Crypto.Hash.hashalgo.HashAlgo\"\n      and (arguments[1] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and constantValue is [None:]\n      ] or arguments[1] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: name == \"update\"\n      and function.enclosingClass.name == \"Crypto.Hash.hashalgo.HashAlgo\"\n      and (arguments[1] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and constantValue == \"\"\n      ] or arguments[1] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: name == \"update\"\n      and function.enclosingClass.name == \"Crypto.Hash.hashalgo.HashAlgo\"\n      and (arguments[1] is [FieldAccess:\n   field.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] or arguments[1] is [Operation:\n   (rhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [FieldAccess:\n       field.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None Salt",
-    "predicate": "\n  FunctionCall fc: name == \"update\"\n      and function.enclosingClass.name == \"Crypto.Hash.hashalgo.HashAlgo\"\n      and (arguments[1] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and not constantValue is [None:]\n      ] or arguments[1] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and constantValue is [None:]\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty Salt",
-    "predicate": "\n  FunctionCall fc: name == \"update\"\n      and function.enclosingClass.name == \"Crypto.Hash.hashalgo.HashAlgo\"\n      and (arguments[1] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and constantValue == \"\"\n      ] or arguments[1] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded Salt",
-    "predicate": "\n  FunctionCall fc: name == \"update\"\n      and function.enclosingClass.name == \"Crypto.Hash.hashalgo.HashAlgo\"\n      and (arguments[1] is [VariableAccess:\n   variable.name matches \"(?i).*salt.*\"\n   and not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ] or arguments[1] is [Operation:\n   (rhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ] or lhs is [VariableAccess:\n       variable.name matches \"(?i).*salt.*\"\n       and not constantValue.None\n       and not constantValue is [None:]\n       and not constantValue == \"\"\n   ])\n      ])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: name matches \"__init__|new\"\n      and function.enclosingClass.name matches \"Crypto\\.Hash\\.(MD2|MD4|MD5|SHA|RIPEMD|keccak)\\.(MD2|MD4|MD5|RIPEMD160|SHA1|Keccak_)Hash\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Hash\\.(MD2|MD4|MD5|SHA|RIPEMD|keccak)\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None PBE Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"PBKDF(1|2)\"\n      and function.namespace.name == \"Crypto.Protocol.KDF\"\n      and arguments[1] is [FieldAccess:\n   not constantValue.None\n   and constantValue is [None:]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty PBE Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"PBKDF(1|2)\"\n      and function.namespace.name == \"Crypto.Protocol.KDF\"\n      and arguments[1] is [FieldAccess:\n   constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded PBE Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"PBKDF(1|2)\"\n      and function.namespace.name == \"Crypto.Protocol.KDF\"\n      and arguments[1] is [FieldAccess:\n   not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "None PBE Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"PBKDF(1|2)\"\n      and function.namespace.name == \"Crypto.Protocol.KDF\"\n      and arguments[1] is [VariableAccess:\n   not constantValue.None\n   and constantValue is [None:]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty PBE Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"PBKDF(1|2)\"\n      and function.namespace.name == \"Crypto.Protocol.KDF\"\n      and arguments[1] is [VariableAccess:\n   constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded PBE Salt",
-    "predicate": "\n  FunctionCall fc: name matches \"PBKDF(1|2)\"\n      and function.namespace.name == \"Crypto.Protocol.KDF\"\n      and arguments[1] is [VariableAccess:\n   not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and arguments[0] is [Expression e:\n   not e.constantValue.None\n   and not e.constantValue is [None:]\n   and not e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n      and arguments[1] is [Expression e:\n   e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and arguments[0] is [Expression e:\n   e.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n      and not namedParameters contains [NamedParameter p:\n   name == \"mode\"\n      ] and not arguments contains [VariableAccess va:\n   variable.name matches \"MODE_.*\"\n   and variable.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and not namedParameters contains [NamedParameter p:\n   name == \"mode\"\n      ] and not arguments contains [VariableAccess va:\n   variable.name matches \"MODE_.*\"\n   and variable.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n      and arguments contains [VariableAccess va:\n   variable.name == \"MODE_CBC\"\n   and variable.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall fc: name == \"__init__\"\n      and function.enclosingClass.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\\.(AES|RC2|Blowfish|CAST128|DES|DES3)(_)?Cipher\"\n      and arguments contains [VariableAccess va:\n   variable.name == \"MODE_ECB\"\n   and variable.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and arguments contains [VariableAccess va:\n   variable.name == \"MODE_CBC\"\n   and variable.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall fc: name == \"new\"\n      and function.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      and arguments contains [VariableAccess va:\n   variable.name == \"MODE_ECB\"\n   and variable.namespace.name matches \"Crypto\\.Cipher\\.(AES|ARC2|Blowfish|CAST|DES|DES3)\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"wrap_socket|get_server_certificate\"\n      and fc.function.namespace.name == \"ssl\"\n      and (\n   not fc.namedParameters contains [NamedParameter p1: name == \"ssl_version\"]\n   or fc.namedParameters contains [NamedParameter np:\n       name == \"ssl_version\"\n       and (\n    expression is [VariableAccess va:\n        va.variable.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n    ]\n    or expression is [FieldAccess fa:\n        fa.field.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n       ])\n   ]\n      )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"wrap_socket|get_server_certificate\"\n      and fc.function.namespace.name == \"ssl\"\n      and (\n   not fc.namedParameters contains [NamedParameter p1: name == \"ssl_version\"]\n   or fc.namedParameters contains [NamedParameter np:\n       name == \"ssl_version\"\n       and (\n    expression is [VariableAccess va:\n        va.variable.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n    ]\n    or expression is [FieldAccess fa:\n        fa.field.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n       ])\n   ]\n      )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Cipher",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"wrap_socket\"\n      and fc.function.namespace.name == \"ssl\"\n      and fc.namedParameters contains [NamedParameter np:\n       name == \"ciphers\"\n       and expression is [VariableAccess va:\n    /* CBC Mode */\n    va.constantValue matches \"(?i).*-CBC(3)?-.*\"\n    /* Weak Hash Functions */\n    or va.constantValue matches \"(?i)-(SHA|MD5|GOSTR3411)\"\n    /* Weak Ciphers */\n    or va.constantValue matches \"(?i).*-(RC2|RC4|DES|3DES)-.*\"\n    /* None or Anonymous Algorithms */\n    or va.constantValue matches \"(?i).*-(None|ANON)-.*\"\n       ]\n   ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Cipher",
-    "predicate": "\n  FunctionPointerCall:\n      name == \"set_ciphers\"\n      and arguments contains [StringLiteral s:\n   /* CBC Mode */\n   s.constantValue matches \"(?i).*-CBC(3)?-.*\"\n   /* Weak Hash Functions */\n   or s.constantValue matches \"(?i)-(SHA|MD5|GOSTR3411)\"\n   /* Weak Ciphers */\n   or s.constantValue matches \"(?i).*-(RC2|RC4|DES|3DES)-.*\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"__init__\"\n      and function.enclosingClass.name == \"ssl.SSLContext\"\n      and arguments contains [Expression e :\n   e is [VariableAccess va:\n       va.variable.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n   ]\n   or e is [FieldAccess fa:\n       fa.field.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n        FunctionCall fc: fc.function.name == \"wrap_socket\"\n      and fc.function.namespace.name == \"ssl\"\n      and (\n   not fc.namedParameters contains [NamedParameter p1: name == \"cert_reqs\"]\n   or fc.namedParameters contains [NamedParameter p2: name == \"cert_reqs\" and expression is [VariableAccess va: va.variable.name == \"CERT_NONE\"]]\n   or fc.namedParameters contains [NamedParameter p3: name == \"cert_reqs\" and expression is [FieldAccess fa: fa.field.name == \"CERT_NONE\"]])\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Poor Logging Practice",
-    "vuln_subcategory": "Use of a System Output Stream",
-    "predicate": "\n  FunctionCall: name matches \"write|writelines\"\n      and instance is [VariableAccess stdout:\n   name matches \"std(out|err)\"\n   and variable.enclosingClass is [Class: name == \"sys~module\"]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Empty Catch Block",
-    "predicate": "\n  CatchBlock: empty\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"set_alpn_protocols\"\n      and fc.arguments[1] is [FunctionCall tuple:\n   arguments contains [Expression e: constantValue matches \"(?i)spdy/.*\"]\n      ]\n      "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"__init__\"\n   and enclosingClass.supers contains [Class:\n       name == \"pymongo.mongo_client.MongoClient\"\n   ]\n      ]\n      and (\n   namedParameters contains [NamedParameter: name == \"host\"\n       and not expression.constantValue.None\n       and not expression.constantValue is [None:]\n       and not expression.constantValue == \"\"\n       and expression.constantValue matches \"mongodb(\\+srv)?://.*:@.*\"\n   ]\n   or namedParameters contains [NamedParameter: name == \"password\"\n       and expression.constantValue == \"\"\n   ]\n      )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"__init__\"\n   and enclosingClass.supers contains [Class:\n       name == \"pymongo.mongo_client.MongoClient\"\n   ]\n      ]\n      and (\n   namedParameters contains [NamedParameter: name == \"host\"\n       and not expression.constantValue.None\n       and not expression.constantValue is [None:]\n       and expression.constantValue matches \"mongodb(\\+srv)?://.*:.+@.*\"\n   ]\n   or namedParameters contains [NamedParameter: name == \"password\"\n       and not expression.constantValue.None\n       and not expression.constantValue is [None:]\n       and not expression.constantValue == \"\"\n   ]\n      )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Unauthenticated Service",
-    "vuln_subcategory": "MongoDB",
-    "predicate": "\n  FunctionCall fc:\n      function.name == \"__init__\"\n      and function.enclosingClass.supers contains [Class:\n   name == \"pymongo.mongo_client.MongoClient\"\n      ]\n      and not namedParameters contains [NamedParameter: name == \"username\"\n   and not expression.constantValue is [None:]\n      ]\n      and not namedParameters contains [NamedParameter: name == \"password\"\n   and not expression.constantValue is [None:]\n      ]\n      and namedParameters contains [NamedParameter: name == \"host\"\n   and (expression.constantValue is [None:]\n       or (not expression.constantValue.None\n    and not expression.constantValue matches \"mongodb(\\+srv)?://.*:.*@.*\"\n       )\n   )\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Insecure PBE Iteration Count",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"PBKDF(1|2)\"\n      and fc.function.namespace.name == \"Crypto.Protocol.KDF\"\n      and fc.namedParameters contains [NamedParameter: name == \"count\"\n   and expression.constantValue is [Number n:\n       n > 999 and n < 100000\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Insecure PBE Iteration Count",
-    "predicate": "\n  FunctionCall fc: fc.function.name ==  \"bcrypt\"\n      and fc.function.namespace.name == \"Crypto.Protocol.KDF\"\n      and arguments[1] is [Expression e:\n   constantValue is [Number n: n <  12]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Insecure PBE Iteration Count",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"PBKDF(1|2)\"\n      and fc.function.namespace.name == \"Crypto.Protocol.KDF\"\n      and fc.namedParameters contains [NamedParameter: name == \"count\"\n   and expression.constantValue is [Number n:\n       n < 1000\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"login\"\n      and function.enclosingClass.supers contains [Class:\n   name matches \"ftplib\\.(FTP|FTP_TLS)\"\n      ]\n      and fc.namedParameters contains [NamedParameter: name == \"passwd\"\n   and not expression.constantValue.None\n   and expression.constantValue is [None: ]\n   and not expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"__init__\"\n      and function.enclosingClass.supers contains [Class:\n   name matches \"ftplib\\.(FTP|FTP_TLS)\"\n      ]\n      and fc.namedParameters contains [NamedParameter: name == \"passwd\"\n   and not expression.constantValue.None\n   and expression.constantValue is [None: ]\n   and not expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"login\"\n      and function.enclosingClass.supers contains [Class:\n   name matches \"ftplib\\.(FTP|FTP_TLS)\"\n      ]\n      and fc.namedParameters contains [NamedParameter: name == \"passwd\"\n   and not expression.constantValue.None\n   and not expression.constantValue is [None: ]\n   and expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"__init__\"\n      and function.enclosingClass.supers contains [Class:\n   name matches \"ftplib\\.(FTP|FTP_TLS)\"\n      ]\n      and fc.namedParameters contains [NamedParameter: name == \"passwd\"\n   and not expression.constantValue.None\n   and not expression.constantValue is [None: ]\n   and expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"login\"\n      and function.enclosingClass.supers contains [Class:\n   name matches \"ftplib\\.(FTP|FTP_TLS)\"\n      ]\n      and fc.namedParameters contains [NamedParameter: name == \"passwd\"\n   and not expression.constantValue.None\n   and not expression.constantValue is [None: ]\n   and not expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name == \"__init__\"\n      and function.enclosingClass.supers contains [Class:\n   name matches \"ftplib\\.(FTP|FTP_TLS)\"\n      ]\n      and fc.namedParameters contains [NamedParameter: name == \"passwd\"\n   and not expression.constantValue.None\n   and not expression.constantValue is [None: ]\n   and not expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall fc: function is [Function f: f.name == \"__init__\"\n      and f.enclosingClass.supers contains [Class:\n   name matches \"urllib3\\.poolmanager\\.(Proxy|Pool)Manager\"\n      ]\n  ]\n  and fc.namedParameters contains [NamedParameter: name == \"key_password\"\n      and not expression.constantValue.None\n      and expression.constantValue is [None: ]\n      and not expression.constantValue == \"\"\n  ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc: function is [Function f: f.name == \"__init__\"\n      and f.enclosingClass.supers contains [Class:\n   name matches \"urllib3\\.poolmanager\\.(Proxy|Pool)Manager\"\n      ]\n  ]\n  and fc.namedParameters contains [NamedParameter: name == \"key_password\"\n      and not expression.constantValue.None\n      and not expression.constantValue is [None: ]\n      and expression.constantValue == \"\"\n  ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: function is [Function f: f.name == \"__init__\"\n      and f.enclosingClass.supers contains [Class:\n   name matches \"urllib3\\.poolmanager\\.(Proxy|Pool)Manager\"\n      ]\n  ]\n  and fc.namedParameters contains [NamedParameter: name == \"key_password\"\n      and not expression.constantValue.None\n      and not expression.constantValue is [None: ]\n      and not expression.constantValue == \"\"\n  ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: function is [Function f: f.name == \"__init__\"\n      and f.enclosingClass.supers contains [Class:\n   name == \"urllib3.connectionpool.HTTPSConnectionPool\"\n      ]\n  ]\n  and fc.namedParameters contains [NamedParameter: name == \"cert_reqs\"\n      and expression is [Expression:\n   constantValue == \"CERT_NONE\"\n   or constantValues contains [String: == \"CERT_NONE\"]\n   or partialConstantValues contains [String: == \"CERT_NONE\"]\n      ]\n  ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: function is [Function f: f.name == \"__init__\"\n      and f.enclosingClass.supers contains [Class:\n   name matches \"urllib3\\.poolmanager\\.(Proxy|Pool)Manager\"\n      ]\n  ]\n  and fc.namedParameters contains [NamedParameter: name == \"cert_reqs\"\n      and expression is [Expression:\n   constantValue == \"CERT_NONE\"\n   or constantValues contains [String: == \"CERT_NONE\"]\n   or partialConstantValues contains [String: == \"CERT_NONE\"]\n      ]\n  ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: function is [Function f: f.name == \"__init__\"\n      and f.enclosingClass.supers contains [Class:\n   name == \"urllib3.connectionpool.HTTPSConnectionPool\"\n      ]\n  ] and arguments contains [Expression e :\n      e is [VariableAccess va:\n   va.variable.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n      ]\n      or e is [FieldAccess fa:\n   fa.field.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n      ]\n  ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: function is [Function f: f.name == \"__init__\"\n      and f.enclosingClass.supers contains [Class:\n   name matches \"urllib3\\.poolmanager\\.(Proxy|Pool)Manager\"\n      ]\n  ] and arguments contains [Expression e :\n      e is [VariableAccess va:\n   va.variable.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n      ]\n      or e is [FieldAccess fa:\n   fa.field.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n      ]\n  ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Cipher",
-    "predicate": "\n  FunctionCall fc: function is [Function f: f.name == \"ssl_wrap_socket\"\n      and f.namespace.name == \"urllib3.util.ssl_\"\n  ] and fc.namedParameters contains [NamedParameter np:\n      name == \"ciphers\"\n      and expression is [VariableAccess s:\n   /* CBC Mode */\n   s.constantValue matches \"(?i).*-CBC(3)?-.*\"\n   /* Weak Hash Functions */\n   or s.constantValue matches \"(?i)-(SHA|MD5|GOSTR3411)\"\n   /* Weak Ciphers */\n   or s.constantValue matches \"(?i).*-(RC2|RC4|DES|3DES)-.*\"\n   /* None */\n   or s.constantValue matches \"(?i).*-None-.*\"\n      ]\n  ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: function is [Function f: f.name == \"ssl_wrap_socket\"\n      and f.namespace.name == \"urllib3.util.ssl_\"\n      ] and (\n   not fc.namedParameters contains [NamedParameter p: name == \"ssl_version\"]\n   or fc.namedParameters contains [NamedParameter np:\n       name == \"ssl_version\"\n       and (\n    expression is [VariableAccess va:\n        va.variable.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n    ]\n    or expression is [FieldAccess fa:\n        fa.field.name matches \"PROTOCOL_(SSLv2|SSLv3|SSLv23|TLSv1|TLSv1_1)\"\n       ])\n   ]\n      )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"connect|create_pool\"\n      and fc.function.namespace.name == \"aiopg\"\n      and fc.namedParameters contains [NamedParameter p:\n   p.name == \"password\"\n   and (p.expression is [VariableAccess va: va.variable.name == \"None\"]\n   or p.expression.constantValue is [None: ])\n      and not p.expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"connect|create_pool\"\n      and fc.function.namespace.name == \"aiopg\"\n      and fc.namedParameters contains [NamedParameter p:\n   p.name == \"password\"\n   and not p.expression.constantValue.None\n   and not p.expression.constantValue is [None: ]\n   and p.expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"connect|create_pool\"\n      and fc.function.namespace.name == \"aiopg\"\n      and fc.namedParameters contains [NamedParameter p:\n   p.name == \"password\"\n   and not p.expression.constantValue.None\n   and not p.expression.constantValue is [None: ]\n   and not p.expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Cipher",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   enclosingClass.name == \"paramiko.rsakey.RSAKey\"\n   and name == \"__init__\"\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"filename\"\n   and expression is [NoneLiteral: ]\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"key\"\n   and expression is [NoneLiteral: ]\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"file_obj\"\n   and expression is [NoneLiteral: ]\n      ] \n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   enclosingClass.name == \"paramiko.client.SSHClient\"\n   and name == \"connect\"\n      ]\n      and namedParameters contains [NamedParameter: \n   name == \"passphrase\"\n   and expression is [Expression: \n       not constantValue.None\n       and not constantValue == \"\"\n       and not constantValue is [None: ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   enclosingClass.name == \"paramiko.client.SSHClient\"\n   and name == \"connect\"\n      ]\n      and namedParameters contains [NamedParameter: \n   name == \"password\"\n   and expression is [Expression: \n       not constantValue.None\n       and not constantValue == \"\"\n       and not constantValue is [None: ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "SSH Misconfiguration",
-    "vuln_subcategory": "Missing Authentication",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   enclosingClass.name == \"paramiko.client.SSHClient\"\n   and name == \"connect\"\n      ]\n      and namedParameters contains [NamedParameter:\n   name == \"auth_strategy\"\n   and expression.type.name == \"paramiko.auth_strategy.NoneAuth\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   enclosingClass.name == \"paramiko.client.SSHClient\"\n   and name == \"exec_command\"\n      ]\n      and namedParameters contains [NamedParameter: \n   name == \"environment\"\n   and expression is [Expression: \n       not constantValue == \"\"\n       and not constantValue is [None: ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc: function is [Function:\n   name matches \"cmd_change_user\"\n   and fc.function.enclosingClass.name == \"mysql.connector.MySQLConnection\"\n      ]\n      and fc.namedParameters contains [NamedParameter p:\n   p.name == \"password\"        \n   and p.expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: function is [Function:\n   name matches \"__init__|connect\"\n   and enclosingClass.name == \"mysql.connector.MySQLConnection\"\n      ]\n      and fc.namedParameters contains [NamedParameter p:\n   p.name matches \"password(1|2|3)?\"         \n   and not p.expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc: function is [Function:\n   name matches \"__init__|connect\"\n   and enclosingClass.name == \"mysql.connector.MySQLConnection\"\n      ]\n      and fc.namedParameters contains [NamedParameter p:\n   p.name matches \"password(1|2|3)?\"         \n   and p.expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: function is [Function:\n   name matches \"connect\"\n   and namespace.name == \"mysql.connector\"\n      ]\n      and fc.namedParameters contains [NamedParameter p:\n   p.name matches \"password(1|2|3)?\"       \n   and not p.expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc: function is [Function:\n   name matches \"connect\"\n   and namespace.name == \"mysql.connector\"\n      ]\n      and fc.namedParameters contains [NamedParameter p:\n   p.name matches \"password(1|2|3)?\"\n   and p.expression.constantValue == \"\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "gRPC Server Credentials",
-    "predicate": "\n        FunctionCall fc: fc.name == \"ssl_server_credentials\" and \n    fc.function.namespace.name == \"grpc\"\n\n    /* Match if arg 2 & 3 are are empty regardless of order (1 arg required, others have default if not \n    specified) and if root_certificates is None/Empty or if require_client_auth is false */\n\n    and (       \n     (fc.namedParameters contains [NamedParameter p1: p1.name == \"root_certificates\"\n         and (p1.expression is [VariableAccess va1: va1.variable.name == \"None\"]\n       or p1.expression.constantValue == \"\")]\n     ) \n        or\n     (fc.namedParameters contains [NamedParameter p2: p2.name == \"require_client_auth\"\n         and p2.expression is [VariableAccess va2: va2.variable.name == \"False\"]])\n        or \n     fc.arguments[1].constantValue is [None: ]\n        or\n     fc.arguments[2].constantValue is [None: ]\n        )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "gRPC Channel Credentials",
-    "predicate": "\n        FunctionCall fc: fc.name is \"ssl_channel_credentials\" and \n    fc.function.namespace.name == \"grpc\"\n\n    /* Match if any argument is empty or None as it will mean a default or empty value is taken */\n    \n    and (\n     fc.arguments contains [Expression: constantValue is [None: ] or constantValue is \"\"]\n        )\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n        FunctionCall fc: fc.name is \"add_insecure_port\" and \n    fc.function.enclosingClass.name matches \"grpc.+Server\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n        FunctionCall fc: fc.name is \"insecure_channel\" and \n    fc.function.namespace.name == \"grpc\"\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "File Upload",
-    "predicate": "\n\t\t\t\tFieldAccess fa: field.name == \"files\"\n\t\t\t\t\tand instance is [VariableAccess:\n\t\t\t\t\t\tvariable.name == \"request\"\n\t\t\t\t\t\tand variable.enclosingClass is [Class:\n\t\t\t\t\t\t\tname == \"flask.globals~module\"\n\t\t\t\t\t\t]\n\t\t\t\t\t] and not in [AssignmentStatement:\n\t\t\t\t\t\tlhs is fa\n\t\t\t\t\t]\n\t\t\t"
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  FunctionPointerCall fpc:\n      closureExpression is [FieldAccess: \n   instance is [FieldAccess fa:\n       name == \"headers\"\n       and transitiveBase is [VariableAccess: \n    possibleTypes contains [Type:\n        definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n    ]\n       ]\n   ]\n      ] and name == \"add\"\n      and fpc.arguments[1] is [Expression: constantValue == \"Access-Control-Allow-Origin\"]\n      and fpc.arguments[2] is [Expression: constantValue == \"*\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  FunctionCall fc: \n      possibleTargets contains [Function f:\n   name == \"__setitem__\"\n      ] and instance is [FieldAccess:\n   name == \"headers\"\n   and instance is [VariableAccess: \n       possibleTypes contains [Type:\n    definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n       ]\n   ]\n      ]\n  and arguments[1] is [Expression: constantValue == \"Access-Control-Allow-Origin\"]\n  and arguments[2] is [Expression: constantValue == \"*\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  AssignmentStatement as: \n      rhs is [Expression e: constantValue == \"*\"]\n      and lhs is [FieldAccess fa:\n   name == \"access_control_allow_origin\"\n   and instance is [VariableAccess: \n       possibleTypes contains [Type:\n    definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  FunctionPointerCall fpc:\n      closureExpression is [FieldAccess: \n   instance is [FieldAccess fa:\n       name == \"headers\"\n       and transitiveBase is [VariableAccess: \n    possibleTypes contains [Type:\n        definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n    ]\n       ]\n   ]\n      ] and name == \"add\"\n      and fpc.arguments[1] is [Expression: constantValue == \"Content-Security-Policy\"]\n      and fpc.arguments[2] is [Expression: constantValue == \"*\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  FunctionCall fc: \n      possibleTargets contains [Function f:\n   name == \"__setitem__\"\n      ] and instance is [FieldAccess:\n   name == \"headers\"\n   and instance is [VariableAccess: \n       possibleTypes contains [Type:\n    definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n       ]\n   ]\n      ]\n  and arguments[1] is [Expression: constantValue == \"Content-Security-Policy\"]\n  and arguments[2] is [Expression: constantValue == \"*\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  AssignmentStatement as: \n      rhs is [Expression e: constantValue == \"*\"]\n      and lhs is [FieldAccess fa:\n   name == \"content_security_policy\"\n   and instance is [VariableAccess: \n       possibleTypes contains [Type:\n    definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Misconfigured Content Security Policy",
-    "predicate": "\n  FunctionPointerCall fpc:\n      closureExpression is [FieldAccess: \n   instance is [FieldAccess fa:\n       name == \"headers\"\n       and transitiveBase is [VariableAccess: \n    possibleTypes contains [Type:\n        definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n    ]\n       ]\n   ]\n      ] and name == \"add\"\n      and fpc.arguments[1] is [Expression: constantValue == \"Content-Security-Policy\"]\n      and fpc.arguments[2] is [Expression: constantValue matches \"(?i).*unsafe-(eval|inline).*\" ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Misconfigured Content Security Policy",
-    "predicate": "\n  FunctionCall fc: \n      possibleTargets contains [Function f:\n   name == \"__setitem__\"\n      ] and instance is [FieldAccess:\n   name == \"headers\"\n   and instance is [VariableAccess: \n       possibleTypes contains [Type:\n    definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n       ]\n   ]\n      ]\n  and arguments[1] is [Expression: constantValue == \"Content-Security-Policy\"]\n  and arguments[2] is [Expression: constantValue matches \"(?i).*unsafe-(eval|inline).*\" ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Misconfigured Content Security Policy",
-    "predicate": "\n  AssignmentStatement as: \n      rhs is [Expression e: constantValue matches \"(?i).*unsafe-(eval|inline).*\"]\n      and lhs is [FieldAccess fa:\n   name == \"content_security_policy\"\n   and instance is [VariableAccess: \n       possibleTypes contains [Type:\n    definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Unenforced Content Security Policy",
-    "predicate": "\n  FunctionPointerCall fpc:\n      closureExpression is [FieldAccess: \n   instance is [FieldAccess fa:\n       name == \"headers\"\n       and transitiveBase is [VariableAccess: \n    possibleTypes contains [Type:\n        definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n    ]\n       ]\n   ]\n      ] and name == \"add\"\n      and fpc.arguments[1] is [Expression: constantValue == \"Content-Security-Policy-Report-Only\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Unenforced Content Security Policy",
-    "predicate": "\n  FunctionCall fc: \n      possibleTargets contains [Function f:\n   name == \"__setitem__\"\n      ] and instance is [FieldAccess:\n   name == \"headers\"\n   and instance is [VariableAccess: \n       possibleTypes contains [Type:\n    definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n       ]\n   ]\n      ]\n  and arguments[1] is [Expression: constantValue == \"Content-Security-Policy-Report-Only\"]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Unenforced Content Security Policy",
-    "predicate": "\n  AssignmentStatement as: \n      lhs is [FieldAccess fa:\n   name == \"content_security_policy_report_only\"\n   and instance is [VariableAccess: \n       possibleTypes contains [Type:\n    definition.supers contains [Class: name == \"flask.wrappers.Response\"]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function f:\n   f.name matches \"set_cookie\"\n   and f.enclosingClass.supers contains [Class: \n       name matches \"(flask\\.wrappers|werkzeug\\.sansio\\.response).Response\"\n   ]\n      ] and fc.namedParameters contains [NamedParameter p:\n   p.name == \"domain\"\n   and p.expression.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function f:\n   f.name matches \"set_cookie\"\n   and f.enclosingClass.supers contains [Class: \n       name matches \"(flask\\.wrappers|werkzeug\\.sansio\\.response).Response\"\n   ]\n      ] and fc.namedParameters contains [NamedParameter p:\n   p.name == \"domain\"\n   and p.expression.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.([a-z0-9\\-]+)$\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Path",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function f:\n   f.name matches \"set_cookie\"\n   and f.enclosingClass.supers contains [Class: \n       name matches \"(flask\\.wrappers|werkzeug\\.sansio\\.response).Response\"\n   ]\n      ] and fc.namedParameters contains [NamedParameter p:\n   p.name == \"path\"\n   and p.expression.constantValue == \"/\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Persistent Cookie",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function f:\n   f.name matches \"set_cookie\"\n   and f.enclosingClass.supers contains [Class: \n       name matches \"(flask\\.wrappers|werkzeug\\.sansio\\.response).Response\"\n   ]\n      ] and fc.namedParameters contains [NamedParameter p:\n   p.name == \"expires\"\n   and (p.expression is [VariableAccess: variable.name == \"None\"]\n   or p.expression is [NoneLiteral:]\n   or p.expression.constantValue == \"None\")\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Permissive SameSite Attribute",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function f:\n   f.name matches \"set_cookie\"\n   and f.enclosingClass.supers contains [Class: \n       name matches \"(flask\\.wrappers|werkzeug\\.sansio\\.response).Response\"\n   ]\n      ] and fc.namedParameters contains [NamedParameter p:\n   p.name == \"samesite\"\n   and p.expression.constantValue == \"Lax\"\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Missing SameSite Attribute",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function f:\n   f.name matches \"set_cookie\"\n   and f.enclosingClass.supers contains [Class: \n       name matches \"(flask\\.wrappers|werkzeug\\.sansio\\.response).Response\"\n   ]\n      ] and fc.namedParameters contains [NamedParameter p:\n   p.name == \"samesite\"\n   and (p.expression is [VariableAccess: variable.name == \"None\"]\n   or p.expression is [NoneLiteral:]\n   or p.expression.constantValue == \"None\")\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "HTTPOnly not Set",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function f:\n   f.name matches \"set_cookie\"\n   and f.enclosingClass.supers contains [Class: \n       name matches \"(flask\\.wrappers|werkzeug\\.sansio\\.response).Response\"\n   ]\n      ] and fc.namedParameters contains [NamedParameter p:\n   p.name == \"httponly\"\n   and (p.expression is [VariableAccess: variable.name == \"False\"]\n   or p.expression is [BooleanLiteral: value is false])\n      ]\n     "
-  },
-  {
-    "language": "python",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function f:\n   f.name matches \"set_cookie\"\n   and f.enclosingClass.supers contains [Class: \n       name matches \"(flask\\.wrappers|werkzeug\\.sansio\\.response).Response\"\n   ]\n      ] and fc.namedParameters contains [NamedParameter p:\n   p.name == \"secure\"\n   and (p.expression is [VariableAccess: variable.name == \"False\"]\n   or p.expression is [BooleanLiteral: value is false])\n      ]\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Android Bad Practices",
-    "vuln_subcategory": "Use of Internal APIs",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"FindClass\"\n   and enclosingClass.supers contains [Class:\n       name == \"JNIEnv_\"\n   ]\n      ]\n      and (\n   /* Interal APIs */\n   arguments[0].constantValue matches \".*/internal/.*\"\n   /* Hidden APIs */\n   or arguments[0].constantValue is [String v:\n       v == \"android/net/wifi/ActionListener\"\n       or v == \"android/net/wifi/TxPacketCountListener\"\n       or v == \"android/net/wifi/LocalOnlyHotspotSubscription\"\n       or v == \"android/net/wifi/LocalOnlyHotspotObserver\"\n       or v == \"android/net/wifi/WifiScanner\"\n       or v == \"android/net/wifi/ActionListener\"\n       or v == \"android/net/wifi/HiddenNetwork\"\n       or v == \"android/net/wifi/PnoSettings\"\n       or v == \"android/net/wifi/PnoNetwork\"\n       or v == \"android/net/wifi/PnoScanListener\"\n       or v == \"android/net/wifi/WifiChangeSettings\"\n       or v == \"android/net/wifi/HotlistSettings\"\n       or v == \"android/net/wifi/OperationResult\"\n       or v == \"android/net/wifi/RssiPacketCountInfo\"\n       or v == \"android/net/wifi/WifiWakeReasonAndCounts\"\n       or v == \"android/net/wifi/RttManager\"\n       or v == \"android/net/wifi/RttClient\"\n       or v == \"android/net/wifi/WifiNetworkScoreCache\"\n       or v == \"android/net/wifi/aware/WifiAwareNetworkSpecifier\"\n       or v == \"android/net/wifi/aware/WifiAwareUtils\"\n       or v == \"android/net/wifi/aware/TlvBufferUtils\"\n       or v == \"android/net/wifi/aware/WifiAwareAgentNetworkSpecifier\"\n       or v == \"android/net/wifi/aware/ConfigRequest\"\n       or v == \"android/net/wifi/ParcelUtil\"\n       or v == \"android/net/wifi/WifiSsid\"\n       or v == \"android/net/wifi/WifiNetworkConnectionStatistics\"\n       or v == \"android/net/wifi/BatchedScanResult\"\n       or v == \"android/net/wifi/WifiLinkLayerStats\"\n       or v == \"android/net/wifi/EAPConstants\"\n       or v == \"android/net/wifi/SupplicantSaver\"\n       or v == \"android/net/wifi/SupplicantLoader\"\n       or v == \"android/net/wifi/PasspointManagementObjectDefinition\"\n       or v == \"android/net/wifi/Visibility\"\n       or v == \"android/net/wifi/NetworkSelectionStatus\"\n       or v == \"android/net/wifi/RecentFailure\"\n       or v == \"android/net/wifi/WifiConnectionStatistics\"\n       or v == \"android/net/wifi/WifiActivityEnergyInfo\"\n       or v == \"android/net/wifi/p2p/WifiP2pWfdInfo\"\n       or v == \"android/net/wifi/p2p/PersistentGroupInfoListener\"\n       or v == \"android/net/wifi/p2p/HandoverMessageListener\"\n       or v == \"android/net/wifi/p2p/WifiP2pProvDiscEvent\"\n       or v == \"android/net/wifi/p2p/WifiP2pGroupList\"\n       or v == \"android/net/wifi/p2p/nsd/WifiP2pServiceResponse\"\n       or v == \"android/net/wifi/p2p/nsd/WifiP2pDnsSdServiceResponse\"\n       or v == \"android/net/wifi/p2p/nsd/WifiP2pUpnpServiceResponse\"\n       or v == \"android/net/wifi/WifiChannel\"\n       or v == \"android/net/wifi/hotspot2/omadm/XMLNode\"\n       or v == \"android/net/wifi/hotspot2/omadm/XMLParser\"\n       or v == \"android/net/wifi/hotspot2/OsuProvider\"\n       or v == \"android/net/wifi/hotspot2/pps/UpdateParameter\"\n       or v == \"android/net/wifi/hotspot2/pps/Policy\"\n       or v == \"android/net/wifi/ScanSettings\"\n       or v == \"android/net/wifi/WpsResult\"\n       or v == \"android/net/wifi/InformationElement\"\n       or v == \"android/net/wifi/AnqpInformationElement\"\n       or v == \"android/drm/DrmOutputStream\"\n       or v == \"junit/framework/ComparisonCompactor\"\n       or v == \"com/google/vr/platform/DeviceInfo\"\n       or v == \"com/google/vr/platform/Dvr\"\n       or v == \"org/apache/http/conn/ssl/AndroidDistinguishedNameParser\"\n       or v == \"android/metrics/LogMaker\"\n       or v == \"android/metrics/MetricsReader\"\n       or v == \"android/metrics/Event\"\n       or v == \"android/metrics/LogReader\"\n       or v == \"android/database/CursorWindowAllocationException\"\n       or v == \"android/database/BulkCursorDescriptor\"\n       or v == \"android/database/BulkCursorNative\"\n       or v == \"android/database/sqlite/SQLiteDebug\"\n       or v == \"android/database/sqlite/SQLiteStatementInfo\"\n       or v == \"android/database/sqlite/SQLiteDirectCursorDriver\"\n       or v == \"android/database/sqlite/SQLiteGlobal\"\n       or v == \"android/database/sqlite/CustomFunction\"\n       or v == \"android/database/sqlite/SQLiteDatabaseConfiguration\"\n       or v == \"android/database/sqlite/SQLiteCustomFunction\"\n       or v == \"android/database/sqlite/SQLiteSession\"\n       or v == \"android/database/sqlite/DatabaseObjectNotClosedException\"\n       or v == \"android/database/sqlite/SQLiteConnectionPool\"\n       or v == \"android/database/sqlite/SQLiteConnection\"\n       or v == \"android/database/CursorToBulkCursorAdaptor\"\n       or v == \"android/database/IBulkCursor\"\n       or v == \"android/database/BulkCursorToCursorAdaptor\"\n       or v == \"android/transition/AnimationInfo\"\n       or v == \"android/transition/ChangeText\"\n       or v == \"android/transition/Rotate\"\n       or v == \"android/transition/Crossfade\"\n       or v == \"android/transition/TransitionUtils\"\n       or v == \"android/transition/Recolor\"\n       or v == \"android/webkit/JsDialogHelper\"\n       or v == \"android/webkit/WebViewFactory\"\n       or v == \"android/webkit/TokenBindingService\"\n       or v == \"android/webkit/WebViewDelegate\"\n       or v == \"android/webkit/WebViewProviderInfo\"\n       or v == \"android/webkit/UrlInterceptRegistry\"\n       or v == \"android/webkit/Plugin\"\n       or v == \"android/webkit/DefaultClickHandler\"\n       or v == \"android/webkit/WebViewUpdateService\"\n       or v == \"android/webkit/UrlInterceptHandler\"\n       or v == \"android/webkit/WebViewProvider\"\n       or v == \"android/webkit/PrivateAccess\"\n       or v == \"android/webkit/ResultReceiver\"\n       or v == \"android/webkit/WebViewProviderResponse\"\n       or v == \"android/webkit/WebViewZygote\"\n       or v == \"android/webkit/WebViewFactoryProvider\"\n       or v == \"android/webkit/PluginList\"\n       or v == \"android/webkit/FindAddress\"\n       or v == \"android/webkit/FindActionModeCallback\"\n       or v == \"android/webkit/PluginData\"\n       or v == \"android/webkit/UserPackage\"\n       or v == \"android/webkit/LegacyErrorStrings\"\n       or v == \"android/printservice/recommendation/RecommendationInfo\"\n       or v == \"android/printservice/recommendation/RecommendationService\"\n       or v == \"android/printservice/PrintServiceInfo\"\n       or v == \"android/hardware/SerialPort\"\n       or v == \"android/hardware/soundtrigger/SoundTrigger\"\n       or v == \"android/hardware/soundtrigger/KeyphraseEnrollmentInfo\"\n       or v == \"android/hardware/soundtrigger/SoundTriggerModule\"\n       or v == \"android/hardware/soundtrigger/KeyphraseMetadata\"\n       or v == \"android/hardware/radio/RadioManager\"\n       or v == \"android/hardware/radio/RadioMetadata\"\n       or v == \"android/hardware/radio/Clock\"\n       or v == \"android/hardware/radio/ProgramSelector\"\n       or v == \"android/hardware/radio/RadioTuner\"\n       or v == \"android/hardware/fingerprint/EnrollmentCallback\"\n       or v == \"android/hardware/fingerprint/RemovalCallback\"\n       or v == \"android/hardware/fingerprint/EnumerateCallback\"\n       or v == \"android/hardware/fingerprint/LockoutResetCallback\"\n       or v == \"android/hardware/fingerprint/Fingerprint\"\n       or v == \"android/hardware/SystemSensorManager\"\n       or v == \"android/hardware/input/InputDeviceIdentifier\"\n       or v == \"android/hardware/input/TouchCalibration\"\n       or v == \"android/hardware/input/OnTabletModeChangedListener\"\n       or v == \"android/hardware/input/KeyboardLayout\"\n       or v == \"android/hardware/input/InputManagerInternal\"\n       or v == \"android/hardware/CameraStatus\"\n       or v == \"android/hardware/location/GeofenceHardwareRequestParcelable\"\n       or v == \"android/hardware/location/NanoApp\"\n       or v == \"android/hardware/location/GeofenceHardwareRequest\"\n       or v == \"android/hardware/location/ActivityRecognitionEvent\"\n       or v == \"android/hardware/location/GeofenceHardwareCallback\"\n       or v == \"android/hardware/location/GeofenceHardwareService\"\n       or v == \"android/hardware/location/ContextHubInfo\"\n       or v == \"android/hardware/location/NanoAppFilter\"\n       or v == \"android/hardware/location/NanoAppInstanceInfo\"\n       or v == \"android/hardware/location/ActivityRecognitionHardware\"\n       or v == \"android/hardware/location/GeofenceHardwareMonitorEvent\"\n       or v == \"android/hardware/location/GeofenceHardware\"\n       or v == \"android/hardware/location/GeofenceHardwareImpl\"\n       or v == \"android/hardware/location/GeofenceHardwareMonitorCallback\"\n       or v == \"android/hardware/location/ContextHubMessage\"\n       or v == \"android/hardware/location/ActivityChangedEvent\"\n       or v == \"android/hardware/location/ContextHubManager\"\n       or v == \"android/hardware/location/ICallback\"\n       or v == \"android/hardware/location/MemoryRegion\"\n       or v == \"android/hardware/hdmi/HdmiClient\"\n       or v == \"android/hardware/hdmi/HdmiControlManager\"\n       or v == \"android/hardware/hdmi/HdmiTimerRecordSources\"\n       or v == \"android/hardware/hdmi/TimeUnit\"\n       or v == \"android/hardware/hdmi/Time\"\n       or v == \"android/hardware/hdmi/Duration\"\n       or v == \"android/hardware/hdmi/TimerInfo\"\n       or v == \"android/hardware/hdmi/TimerRecordSource\"\n       or v == \"android/hardware/hdmi/HdmiTvClient\"\n       or v == \"android/hardware/hdmi/HdmiHotplugEvent\"\n       or v == \"android/hardware/hdmi/HdmiRecordSources\"\n       or v == \"android/hardware/hdmi/RecordSource\"\n       or v == \"android/hardware/hdmi/OwnSource\"\n       or v == \"android/hardware/hdmi/AribData\"\n       or v == \"android/hardware/hdmi/AtscData\"\n       or v == \"android/hardware/hdmi/DvbData\"\n       or v == \"android/hardware/hdmi/DigitalChannelData\"\n       or v == \"android/hardware/hdmi/DigitalServiceSource\"\n       or v == \"android/hardware/hdmi/AnalogueServiceSource\"\n       or v == \"android/hardware/hdmi/ExternalPlugData\"\n       or v == \"android/hardware/hdmi/ExternalPhysicalAddress\"\n       or v == \"android/hardware/hdmi/HdmiPlaybackClient\"\n       or v == \"android/hardware/hdmi/HdmiDeviceInfo\"\n       or v == \"android/hardware/hdmi/HdmiRecordListener\"\n       or v == \"android/hardware/hdmi/TimerStatusData\"\n       or v == \"android/hardware/hdmi/HdmiPortInfo\"\n       or v == \"android/hardware/usb/UsbPortStatus\"\n       or v == \"android/hardware/usb/UsbPort\"\n       or v == \"android/hardware/display/DisplayManagerInternal\"\n       or v == \"android/hardware/display/DisplayManagerGlobal\"\n       or v == \"android/hardware/display/WifiDisplayStatus\"\n       or v == \"android/hardware/display/WifiDisplaySessionInfo\"\n       or v == \"android/hardware/display/DisplayViewport\"\n       or v == \"android/hardware/display/WifiDisplay\"\n       or v == \"android/hardware/SerialManager\"\n       or v == \"android/hardware/CameraInfo\"\n       or v == \"android/hardware/LegacySensorManager\"\n       or v == \"android/hardware/camera2/impl/ICameraDeviceUserWrapper\"\n       or v == \"android/hardware/camera2/impl/CaptureResultExtras\"\n       or v == \"android/hardware/camera2/utils/LongParcelable\"\n       or v == \"android/hardware/camera2/utils/UncheckedThrow\"\n       or v == \"android/hardware/camera2/utils/SubmitInfo\"\n       or v == \"android/hardware/camera2/params/StreamConfigurationDuration\"\n       or v == \"android/hardware/camera2/params/ReprocessFormatsMap\"\n       or v == \"android/hardware/camera2/params/HighSpeedVideoConfiguration\"\n       or v == \"android/hardware/camera2/params/VendorTagDescriptorCache\"\n       or v == \"android/hardware/camera2/params/VendorTagDescriptor\"\n       or v == \"android/hardware/camera2/params/StreamConfiguration\"\n       or v == \"android/net/NetworkStatsHistory\"\n       or v == \"android/net/metrics/RaEvent\"\n       or v == \"android/net/metrics/DefaultNetworkEvent\"\n       or v == \"android/net/metrics/WakeupEvent\"\n       or v == \"android/net/metrics/ConnectStats\"\n       or v == \"android/net/metrics/IpConnectivityLog\"\n       or v == \"android/net/metrics/DhcpClientEvent\"\n       or v == \"android/net/metrics/DnsEvent\"\n       or v == \"android/net/metrics/ValidationProbeEvent\"\n       or v == \"android/net/metrics/NetworkMetrics\"\n       or v == \"android/net/metrics/DhcpErrorEvent\"\n       or v == \"android/net/metrics/IpManagerEvent\"\n       or v == \"android/net/metrics/IpReachabilityEvent\"\n       or v == \"android/net/metrics/WakeupStats\"\n       or v == \"android/net/metrics/ApfProgramEvent\"\n       or v == \"android/net/metrics/ApfStats\"\n       or v == \"android/net/metrics/NetworkEvent\"\n       or v == \"android/net/Status\"\n       or v == \"android/net/PacketKeepaliveCallback\"\n       or v == \"android/net/PacketKeepalive\"\n       or v == \"android/net/OnStartTetheringCallback\"\n       or v == \"android/net/Errors\"\n       or v == \"android/net/TooManyRequestsException\"\n       or v == \"android/net/DataUsageRequest\"\n       or v == \"android/net/IpConfiguration\"\n       or v == \"android/net/InterfaceConfiguration\"\n       or v == \"android/net/SntpClient\"\n       or v == \"android/net/IpSecTransformResponse\"\n       or v == \"android/net/ScoredNetwork\"\n       or v == \"android/net/NetworkKey\"\n       or v == \"android/net/NetworkIdentity\"\n       or v == \"android/net/NetworkPolicy\"\n       or v == \"android/net/NetworkUtils\"\n       or v == \"android/net/DhcpResults\"\n       or v == \"android/net/StaticIpConfiguration\"\n       or v == \"android/net/MatchAllNetworkSpecifier\"\n       or v == \"android/net/NetworkPolicyManager\"\n       or v == \"android/net/NetworkScoreManager\"\n       or v == \"android/net/StringNetworkSpecifier\"\n       or v == \"android/net/MobileLinkQualityInfo\"\n       or v == \"android/net/LinkQualityInfo\"\n       or v == \"android/net/NetworkConfig\"\n       or v == \"android/net/NetworkStats\"\n       or v == \"android/net/RssiCurve\"\n       or v == \"android/net/PacProxySelector\"\n       or v == \"android/net/EthernetManager\"\n       or v == \"android/net/UidRange\"\n       or v == \"android/net/IpSecSpiResponse\"\n       or v == \"android/net/NetworkTemplate\"\n       or v == \"android/net/NetworkState\"\n       or v == \"android/net/WifiLinkQualityInfo\"\n       or v == \"android/net/NetworkQuotaInfo\"\n       or v == \"android/net/WifiKey\"\n       or v == \"android/net/wimax/WimaxManagerConstants\"\n       or v == \"android/net/NetworkMisc\"\n       or v == \"android/net/ConnectivityMetricsEvent\"\n       or v == \"android/net/ConnectivityThread\"\n       or v == \"android/net/NetworkAgent\"\n       or v == \"android/net/IpSecUdpEncapResponse\"\n       or v == \"android/net/CompareResult\"\n       or v == \"android/net/IpSecConfig\"\n       or v == \"android/net/NetworkRecommendationProvider\"\n       or v == \"android/net/NetworkScorerAppData\"\n       or v == \"android/net/nsd/DnsSdTxtRecord\"\n       or v == \"android/net/NetworkFactory\"\n       or v == \"android/app/ActivityManagerNative\"\n       or v == \"android/app/BackStackRecord\"\n       or v == \"android/app/PackageInstallObserver\"\n       or v == \"android/app/LoadedApk\"\n       or v == \"android/app/StackId\"\n       or v == \"android/app/TaskThumbnailInfo\"\n       or v == \"android/app/TaskThumbnail\"\n       or v == \"android/app/TaskSnapshot\"\n       or v == \"android/app/StackInfo\"\n       or v == \"android/app/OnUidImportanceListener\"\n       or v == \"android/app/assist/AutofillOverlay\"\n       or v == \"android/app/TranslucentConversionListener\"\n       or v == \"android/app/ActivityManagerInternal\"\n       or v == \"android/app/ApplicationPackageManager\"\n       or v == \"android/app/MoveCallbackDelegate\"\n       or v == \"android/app/WaitResult\"\n       or v == \"android/app/UiAutomationConnection\"\n       or v == \"android/app/timezone/RulesManager\"\n       or v == \"android/app/timezone/RulesState\"\n       or v == \"android/app/timezone/Callback\"\n       or v == \"android/app/timezone/DistroFormatVersion\"\n       or v == \"android/app/timezone/DistroRulesVersion\"\n       or v == \"android/app/timezone/RulesUpdaterContract\"\n       or v == \"android/app/VrManager\"\n       or v == \"android/app/ActivityView\"\n       or v == \"android/app/ActivityThread\"\n       or v == \"android/app/ContentProviderHolder\"\n       or v == \"android/app/BroadcastOptions\"\n       or v == \"android/app/JobSchedulerImpl\"\n       or v == \"android/app/ResultInfo\"\n       or v == \"android/app/TvExtender\"\n       or v == \"android/app/UserSwitchObserver\"\n       or v == \"android/app/admin/PasswordMetrics\"\n       or v == \"android/app/admin/PolicyInfo\"\n       or v == \"android/app/admin/DevicePolicyManagerInternal\"\n       or v == \"android/app/ResourcesManager\"\n       or v == \"android/app/PackageOps\"\n       or v == \"android/app/OpEntry\"\n       or v == \"android/app/OnOpChangedInternalListener\"\n       or v == \"android/app/QueuedWork\"\n       or v == \"android/app/ServiceStartArgs\"\n       or v == \"android/app/usage/TimeSparseArray\"\n       or v == \"android/app/usage/UsageStatsManagerInternal\"\n       or v == \"android/app/usage/CacheQuotaService\"\n       or v == \"android/app/usage/CacheQuotaHint\"\n       or v == \"android/app/TaskStackListener\"\n       or v == \"android/app/AppGlobals\"\n       or v == \"android/app/StatusBarManager\"\n       or v == \"android/app/OnMarshaledListener\"\n       or v == \"android/app/ApplicationThreadConstants\"\n       or v == \"android/app/EphemeralResolverService\"\n       or v == \"android/app/ParcelableCrashInfo\"\n       or v == \"android/app/job/JobHandler\"\n       or v == \"android/app/Vr2dDisplayProperties\"\n       or v == \"android/app/ProfilerInfo\"\n       or v == \"android/app/trust/TrustManager\"\n       or v == \"android/app/SearchDialog\"\n       or v == \"android/app/InstantAppResolverService\"\n       or v == \"android/app/OnActivityPausedListener\"\n       or v == \"android/app/ActionKeyInfo\"\n       or v == \"android/app/backup/BackupHelperDispatcher\"\n       or v == \"android/app/backup/BackupManagerMonitor\"\n       or v == \"android/app/backup/RestoreDescription\"\n       or v == \"android/app/backup/SelectBackupTransportCallback\"\n       or v == \"android/app/backup/BackupProgress\"\n       or v == \"android/app/backup/AbsoluteFileBackupHelper\"\n       or v == \"android/app/backup/FullBackup\"\n       or v == \"android/app/backup/RestoreSession\"\n       or v == \"android/app/backup/RestoreSet\"\n       or v == \"android/app/backup/BlobBackupHelper\"\n       or v == \"android/app/backup/BackupObserver\"\n       or v == \"android/app/backup/WallpaperBackupHelper\"\n       or v == \"android/app/backup/BackupTransport\"\n       or v == \"android/app/SynchronousUserSwitchObserver\"\n       or v == \"android/app/RecoverableSecurityException\"\n       or v == \"android/app/LocalDialog\"\n       or v == \"android/app/ApplicationLoaders\"\n       or v == \"android/app/PackageDeleteObserver\"\n       or v == \"android/app/OnAnimationStartedListener\"\n       or v == \"android/app/OnAnimationFinishedListener\"\n       or v == \"android/app/VrStateCallback\"\n       or v == \"android/widget/SuggestionsAdapter\"\n       or v == \"android/widget/DropDownListView\"\n       or v == \"android/widget/ActionMenuChildView\"\n       or v == \"android/widget/AppSecurityPermissions\"\n       or v == \"android/widget/MyPermissionGroupInfo\"\n       or v == \"android/widget/MyPermissionInfo\"\n       or v == \"android/widget/PermissionItemView\"\n       or v == \"android/widget/RadialTimePickerView\"\n       or v == \"android/widget/Editor\"\n       or v == \"android/widget/RemoteViewsAdapter\"\n       or v == \"android/widget/RemoteViewsListAdapter\"\n       or v == \"android/widget/MenuItemHoverListener\"\n       or v == \"android/widget/MenuPopupWindow\"\n       or v == \"android/widget/MenuDropDownListView\"\n       or v == \"android/widget/CustomEditText\"\n       or v == \"android/widget/TextInputTimePickerView\"\n       or v == \"android/widget/ScrollBarDrawable\"\n       or v == \"android/widget/SearchAutoComplete\"\n       or v == \"android/widget/ActivityChooserView\"\n       or v == \"android/widget/ActionMenuPresenter\"\n       or v == \"android/widget/DatePickerDelegate\"\n       or v == \"android/widget/ValidationCallback\"\n       or v == \"android/widget/OnClickHandler\"\n       or v == \"android/widget/OnViewAppliedListener\"\n       or v == \"android/widget/ForwardingListener\"\n       or v == \"android/widget/DateTimeView\"\n       or v == \"android/widget/DatePickerController\"\n       or v == \"android/widget/TextViewMetrics\"\n       or v == \"android/widget/Delayer\"\n       or v == \"android/widget/ActivityChooserModel\"\n       or v == \"android/widget/SpellChecker\"\n       or v == \"android/util/MergedConfiguration\"\n       or v == \"android/util/PackageUtils\"\n       or v == \"android/util/Spline\"\n       or v == \"android/util/LocalLog\"\n       or v == \"android/util/apk/ApkSignatureSchemeV2Verifier\"\n       or v == \"android/util/proto/ProtoParseException\"\n       or v == \"android/util/proto/EncodedBuffer\"\n       or v == \"android/util/SuperNotCalledException\"\n       or v == \"android/util/BackupUtils\"\n       or v == \"android/util/Singleton\"\n       or v == \"android/util/jar/StrictJarFile\"\n       or v == \"android/util/jar/ZipInflaterInputStream\"\n       or v == \"android/util/jar/FDStream\"\n       or v == \"android/util/jar/StrictJarManifest\"\n       or v == \"android/util/Pools\"\n       or v == \"android/util/PrefixPrinter\"\n       or v == \"android/util/PathParser\"\n       or v == \"android/util/LongArray\"\n       or v == \"android/util/MathUtils\"\n       or v == \"android/util/FastImmutableArraySet\"\n       or v == \"android/util/IntArray\"\n       or v == \"android/util/ExceptionUtils\"\n       or v == \"android/util/MemoryIntArray\"\n       or v == \"android/util/DayOfMonthCursor\"\n       or v == \"android/util/TrustedTime\"\n       or v == \"android/util/ByteStringUtils\"\n       or v == \"android/util/TerribleFailure\"\n       or v == \"android/util/TerribleFailureHandler\"\n       or v == \"android/util/NtpTrustedTime\"\n       or v == \"android/util/TimingsTraceLog\"\n       or v == \"android/util/IconDrawableFactory\"\n       or v == \"android/util/LongSparseLongArray\"\n       or v == \"android/util/RecurrenceRule\"\n       or v == \"android/util/Slog\"\n       or v == \"android/util/LauncherIcons\"\n       or v == \"android/util/LogWriter\"\n       or v == \"android/util/MapCollections\"\n       or v == \"android/util/TimedRemoteCaller\"\n       or v == \"android/util/KeyValueListParser\"\n       or v == \"android/security/net/config/ApplicationConfig\"\n       or v == \"android/security/net/config/ConfigSource\"\n       or v == \"android/security/net/config/UserCertificateSource\"\n       or v == \"android/security/net/config/CertificatesEntryRef\"\n       or v == \"android/security/net/config/SystemCertificateSource\"\n       or v == \"android/security/net/config/NetworkSecurityConfig\"\n       or v == \"android/security/net/config/Builder\"\n       or v == \"android/security/net/config/TrustAnchor\"\n       or v == \"android/security/net/config/NetworkSecurityTrustManager\"\n       or v == \"android/security/net/config/XmlConfigSource\"\n       or v == \"android/security/net/config/Pin\"\n       or v == \"android/security/net/config/ResourceCertificateSource\"\n       or v == \"android/security/net/config/RootTrustManager\"\n       or v == \"android/security/net/config/ManifestConfigSource\"\n       or v == \"android/security/net/config/DirectoryCertificateSource\"\n       or v == \"android/security/net/config/CertificateSource\"\n       or v == \"android/security/net/config/PinSet\"\n       or v == \"android/security/net/config/ConfigNetworkSecurityPolicy\"\n       or v == \"android/security/net/config/TrustedCertificateStoreAdapter\"\n       or v == \"android/security/net/config/RootTrustManagerFactorySpi\"\n       or v == \"android/security/net/config/NetworkSecurityConfigProvider\"\n       or v == \"android/security/net/config/Domain\"\n       or v == \"android/security/keymaster/KeyCharacteristics\"\n       or v == \"android/security/keymaster/KeymasterArguments\"\n       or v == \"android/security/keymaster/KeyAttestationApplicationId\"\n       or v == \"android/security/keymaster/ExportResult\"\n       or v == \"android/security/keymaster/KeymasterDefs\"\n       or v == \"android/security/keymaster/KeymasterCertificateChain\"\n       or v == \"android/security/keymaster/KeymasterDateArgument\"\n       or v == \"android/security/keymaster/KeymasterBooleanArgument\"\n       or v == \"android/security/keymaster/KeymasterArgument\"\n       or v == \"android/security/keymaster/KeymasterBlob\"\n       or v == \"android/security/keymaster/OperationResult\"\n       or v == \"android/security/keymaster/KeymasterBlobArgument\"\n       or v == \"android/security/keymaster/KeyAttestationPackageInfo\"\n       or v == \"android/security/keymaster/KeymasterIntArgument\"\n       or v == \"android/security/keymaster/KeymasterLongArgument\"\n       or v == \"android/security/FrameworkNetworkSecurityPolicy\"\n       or v == \"android/security/KeystoreArguments\"\n       or v == \"android/inputmethodservice/CompactExtractEditLayout\"\n       or v == \"android/inputmethodservice/SoftInputWindow\"\n       or v == \"android/inputmethodservice/ExtractEditLayout\"\n       or v == \"android/provider/Presence\"\n       or v == \"android/provider/SearchIndexableData\"\n       or v == \"android/provider/SearchIndexablesContract\"\n       or v == \"android/provider/SearchIndexablesProvider\"\n       or v == \"android/provider/SyncConstValue\"\n       or v == \"android/provider/OneTimeUseBuilder\"\n       or v == \"android/provider/BrowserContract\"\n       or v == \"android/provider/BaseSyncColumns\"\n       or v == \"android/provider/ChromeSyncColumns\"\n       or v == \"android/provider/SyncColumns\"\n       or v == \"android/provider/ImageColumns\"\n       or v == \"android/provider/Accounts\"\n       or v == \"android/provider/Searches\"\n       or v == \"android/provider/SyncState\"\n       or v == \"android/provider/Combined\"\n       or v == \"android/provider/Settings\"\n       or v == \"android/provider/SettingsStringUtil\"\n       or v == \"android/provider/Impl\"\n       or v == \"android/provider/SearchIndexableResource\"\n       or v == \"android/provider/MetadataReader\"\n       or v == \"android/provider/Authorization\"\n       or v == \"android/provider/SyncStateColumns\"\n       or v == \"android/provider/PhotoFiles\"\n       or v == \"android/provider/PhotoFilesColumns\"\n       or v == \"android/provider/MetadataSyncColumns\"\n       or v == \"android/provider/MetadataSync\"\n       or v == \"android/provider/MetadataSyncStateColumns\"\n       or v == \"android/provider/MetadataSyncState\"\n       or v == \"android/provider/Validator\"\n       or v == \"android/provider/Bookmarks\"\n       or v == \"android/provider/TimeZoneRulesDataContract\"\n       or v == \"android/provider/ContactsInternal\"\n       or v == \"android/provider/CalendarMetaDataColumns\"\n       or v == \"android/provider/CalendarMetaData\"\n       or v == \"android/provider/EventsRawTimesColumns\"\n       or v == \"android/provider/EventsRawTimes\"\n       or v == \"android/provider/SystemContract\"\n       or v == \"android/animation/AnimationHandler\"\n       or v == \"android/animation/AnimationFrameCallbackProvider\"\n       or v == \"android/animation/Tuple\"\n       or v == \"android/animation/RevealAnimator\"\n       or v == \"android/animation/KeyframeSet\"\n       or v == \"android/animation/PropertyValues\"\n       or v == \"android/animation/Keyframes\"\n       or v == \"android/animation/PathKeyframes\"\n       or v == \"android/content/pm/MacAuthenticatedInputStream\"\n       or v == \"android/content/pm/InstantAppInfo\"\n       or v == \"android/content/pm/split/SplitAssetDependencyLoader\"\n       or v == \"android/content/pm/split/SplitAssetLoader\"\n       or v == \"android/content/pm/split/DefaultSplitAssetLoader\"\n       or v == \"android/content/pm/split/SplitDependencyLoader\"\n       or v == \"android/content/pm/KeySet\"\n       or v == \"android/content/pm/StringParceledListSlice\"\n       or v == \"android/content/pm/VerifierInfo\"\n       or v == \"android/content/pm/InstantAppRequest\"\n       or v == \"android/content/pm/PackageBackwardCompatibility\"\n       or v == \"android/content/pm/PackageManagerInternal\"\n       or v == \"android/content/pm/InstantAppResolveInfo\"\n       or v == \"android/content/pm/InstantAppDigest\"\n       or v == \"android/content/pm/BaseParceledListSlice\"\n       or v == \"android/content/pm/IntentFilterVerificationInfo\"\n       or v == \"android/content/pm/OnPermissionsChangedListener\"\n       or v == \"android/content/pm/MoveCallback\"\n       or v == \"android/content/pm/LegacyPackageInstallObserver\"\n       or v == \"android/content/pm/LegacyPackageDeleteObserver\"\n       or v == \"android/content/pm/DexModuleRegisterCallback\"\n       or v == \"android/content/pm/AppsQueryHelper\"\n       or v == \"android/content/pm/FallbackCategoryProvider\"\n       or v == \"android/content/pm/LimitedLengthInputStream\"\n       or v == \"android/content/pm/VerificationParams\"\n       or v == \"android/content/pm/PackageInfoLite\"\n       or v == \"android/content/pm/PackageUserState\"\n       or v == \"android/content/pm/SessionCallbackDelegate\"\n       or v == \"android/content/pm/AuxiliaryResolveInfo\"\n       or v == \"android/content/pm/RegisteredServicesCache\"\n       or v == \"android/content/pm/InstantAppIntentFilter\"\n       or v == \"android/content/pm/UserInfo\"\n       or v == \"android/content/pm/PackageCleanItem\"\n       or v == \"android/content/pm/XmlSerializerAndParser\"\n       or v == \"android/content/pm/ParceledListSlice\"\n       or v == \"android/content/pm/VerifierDeviceIdentity\"\n       or v == \"android/content/pm/EphemeralResolveInfo\"\n       or v == \"android/content/pm/EphemeralDigest\"\n       or v == \"android/content/pm/EphemeralIntentFilter\"\n       or v == \"android/content/pm/SELinuxUtil\"\n       or v == \"android/content/pm/PackageParserCacheHelper\"\n       or v == \"android/content/pm/permission/RuntimePermissionPresenter\"\n       or v == \"android/content/pm/permission/RuntimePermissionPresentationInfo\"\n       or v == \"android/content/pm/RegisteredServicesCacheListener\"\n       or v == \"android/content/pm/PackageParser\"\n       or v == \"android/content/pm/NewPermissionInfo\"\n       or v == \"android/content/pm/SplitPermissionInfo\"\n       or v == \"android/content/pm/ParseComponentArgs\"\n       or v == \"android/content/pm/ShortcutServiceInternal\"\n       or v == \"android/content/res/ResourcesKey\"\n       or v == \"android/content/res/GradientColor\"\n       or v == \"android/content/res/ComplexColor\"\n       or v == \"android/content/res/ConfigurationBoundResourceCache\"\n       or v == \"android/content/res/StringBlock\"\n       or v == \"android/content/res/ResourceId\"\n       or v == \"android/content/res/ResourcesImpl\"\n       or v == \"android/content/res/CompatResources\"\n       or v == \"android/content/res/ConstantState\"\n       or v == \"android/content/res/XmlBlock\"\n       or v == \"android/content/res/FontResourcesParser\"\n       or v == \"android/content/res/CompatibilityInfo\"\n       or v == \"android/content/res/Translator\"\n       or v == \"android/content/OpenResourceIdResult\"\n       or v == \"android/content/Transport\"\n       or v == \"android/content/ContentInsertHandler\"\n       or v == \"android/content/DefaultDataHandler\"\n       or v == \"android/content/SyncActivityTooManyDeletes\"\n       or v == \"android/content/DatabaseHelper\"\n       or v == \"android/content/om/OverlayInfo\"\n       or v == \"android/content/SyncStatusInfo\"\n       or v == \"android/content/UndoOwner\"\n       or v == \"android/content/CursorEntityIterator\"\n       or v == \"android/content/ContentProviderNative\"\n       or v == \"android/content/IContentProvider\"\n       or v == \"android/content/SyncAdaptersCache\"\n       or v == \"android/content/UndoManager\"\n       or v == \"android/content/UndoOperation\"\n       or v == \"android/content/CommandOptionHandler\"\n       or v == \"android/print/PrintServiceRecommendationsLoader\"\n       or v == \"android/print/PrintJobStateChangeListener\"\n       or v == \"android/print/PrintServicesChangeListener\"\n       or v == \"android/print/PrintServiceRecommendationsChangeListener\"\n       or v == \"android/print/PrintDocumentAdapterDelegate\"\n       or v == \"android/print/PrintJobStateChangeListenerWrapper\"\n       or v == \"android/print/PrintServicesChangeListenerWrapper\"\n       or v == \"android/print/PrintServiceRecommendationsChangeListenerWrapper\"\n       or v == \"android/print/PrintFileDocumentAdapter\"\n       or v == \"android/print/PrintServicesLoader\"\n       or v == \"android/print/PrinterDiscoverySession\"\n       or v == \"android/speech/tts/TtsEngines\"\n       or v == \"android/preference/SeekBarVolumizer\"\n       or v == \"android/preference/SeekBarDialogPreference\"\n       or v == \"android/preference/MultiCheckPreference\"\n       or v == \"android/preference/OnPreferenceTreeClickListener\"\n       or v == \"android/preference/SeekBarPreference\"\n       or v == \"android/preference/VolumePreference\"\n       or v == \"android/preference/GenericInflater\"\n       or v == \"android/preference/PreferenceGroupAdapter\"\n       or v == \"android/preference/PreferenceFrameLayout\"\n       or v == \"android/permissionpresenterservice/RuntimePermissionPresenterService\"\n       or v == \"android/accounts/ChooseAccountTypeActivity\"\n       or v == \"android/accounts/GrantCredentialsPermissionActivity\"\n       or v == \"android/accounts/ChooseTypeAndAccountActivity\"\n       or v == \"android/accounts/AccountManagerInternal\"\n       or v == \"android/accounts/AccountManagerResponse\"\n       or v == \"android/accounts/AccountAndUser\"\n       or v == \"android/accounts/CantAddAccountActivity\"\n       or v == \"android/accounts/ChooseAccountActivity\"\n       or v == \"android/appwidget/PendingHostUpdate\"\n       or v == \"android/nfc/dta/NfcDta\"\n       or v == \"android/nfc/BeamShareData\"\n       or v == \"android/nfc/cardemulation/ApduServiceInfo\"\n       or v == \"android/nfc/cardemulation/AidGroup\"\n       or v == \"android/nfc/cardemulation/NfcFServiceInfo\"\n       or v == \"android/nfc/NfcUnlockHandler\"\n       or v == \"android/nfc/NfcActivityManager\"\n       or v == \"android/nfc/TechListParcel\"\n       or v == \"android/nfc/ApduList\"\n       or v == \"android/nfc/ErrorCodes\"\n       or v == \"android/nfc/TransceiveResult\"\n       or v == \"android/bluetooth/BluetoothCodecStatus\"\n       or v == \"android/bluetooth/SdpRecord\"\n       or v == \"android/bluetooth/BluetoothActivityEnergyInfo\"\n       or v == \"android/bluetooth/SdpOppOpsRecord\"\n       or v == \"android/bluetooth/SdpSapsRecord\"\n       or v == \"android/bluetooth/BluetoothUuid\"\n       or v == \"android/bluetooth/BluetoothA2dpSink\"\n       or v == \"android/bluetooth/BluetoothHeadsetClientCall\"\n       or v == \"android/bluetooth/BluetoothHeadsetClient\"\n       or v == \"android/bluetooth/BluetoothAvrcpController\"\n       or v == \"android/bluetooth/BluetoothPbapClient\"\n       or v == \"android/bluetooth/BluetoothMapClient\"\n       or v == \"android/bluetooth/UidTraffic\"\n       or v == \"android/bluetooth/le/PeriodicAdvertisingManager\"\n       or v == \"android/bluetooth/le/PeriodicAdvertisingReport\"\n       or v == \"android/bluetooth/le/TruncatedFilter\"\n       or v == \"android/bluetooth/le/BluetoothLeUtils\"\n       or v == \"android/bluetooth/le/PeriodicAdvertisingCallback\"\n       or v == \"android/bluetooth/le/ResultStorageDescriptor\"\n       or v == \"android/bluetooth/BluetoothStateChangeCallback\"\n       or v == \"android/bluetooth/StateChangeCallbackWrapper\"\n       or v == \"android/bluetooth/BluetoothPan\"\n       or v == \"android/bluetooth/BluetoothGattIncludedService\"\n       or v == \"android/bluetooth/BluetoothAvrcp\"\n       or v == \"android/bluetooth/BluetoothAvrcpPlayerSettings\"\n       or v == \"android/bluetooth/BluetoothSap\"\n       or v == \"android/bluetooth/BluetoothMasInstance\"\n       or v == \"android/bluetooth/BluetoothDevicePicker\"\n       or v == \"android/bluetooth/BluetoothHidHost\"\n       or v == \"android/bluetooth/BluetoothCodecConfig\"\n       or v == \"android/bluetooth/SdpMasRecord\"\n       or v == \"android/bluetooth/BluetoothPbap\"\n       or v == \"android/bluetooth/BluetoothAudioConfig\"\n       or v == \"android/bluetooth/BluetoothMap\"\n       or v == \"android/bluetooth/SdpPseRecord\"\n       or v == \"android/bluetooth/SdpMnsRecord\"\n       or v == \"android/bluetooth/OobData\"\n       or v == \"android/view/InputFilter\"\n       or v == \"android/view/HandlerActionQueue\"\n       or v == \"android/view/WindowInfo\"\n       or v == \"android/view/inputmethod/FinishedInputEventCallback\"\n       or v == \"android/view/inputmethod/InputMethodSubtypeArray\"\n       or v == \"android/view/inputmethod/InputMethodManagerInternal\"\n       or v == \"android/view/inputmethod/SparseRectFArray\"\n       or v == \"android/view/inputmethod/SparseRectFArrayBuilder\"\n       or v == \"android/view/inputmethod/InputConnectionInspector\"\n       or v == \"android/view/WindowManagerInternal\"\n       or v == \"android/view/SurfaceControl\"\n       or v == \"android/view/ViewHierarchyEncoder\"\n       or v == \"android/view/OnWindowDismissedCallback\"\n       or v == \"android/view/OnWindowSwipeDismissedCallback\"\n       or v == \"android/view/WindowControllerCallback\"\n       or v == \"android/view/InputChannel\"\n       or v == \"android/view/InputEventReceiver\"\n       or v == \"android/view/OnWindowShownListener\"\n       or v == \"android/view/InternalInsetsInfo\"\n       or v == \"android/view/OnComputeInternalInsetsListener\"\n       or v == \"android/view/OnEnterAnimationCompleteListener\"\n       or v == \"android/view/WindowManagerGlobal\"\n       or v == \"android/view/textclassifier/TextClassifierConstants\"\n       or v == \"android/view/textclassifier/TextClassifierImpl\"\n       or v == \"android/view/textclassifier/LinksInfo\"\n       or v == \"android/view/textclassifier/EntityConfidence\"\n       or v == \"android/view/InputEventSender\"\n       or v == \"android/view/FrameInfo\"\n       or v == \"android/view/ViewRootImpl\"\n       or v == \"android/view/RenderNode\"\n       or v == \"android/view/animation/TranslateYAnimation\"\n       or v == \"android/view/animation/ClipRectAnimation\"\n       or v == \"android/view/animation/TranslateXAnimation\"\n       or v == \"android/view/autofill/AutofillPopupWindow\"\n       or v == \"android/view/autofill/Helper\"\n       or v == \"android/view/autofill/AutofillClient\"\n       or v == \"android/view/autofill/ParcelableMap\"\n       or v == \"android/view/autofill/AutofillManagerInternal\"\n       or v == \"android/view/RecordingCanvas\"\n       or v == \"android/view/ThreadedRenderer\"\n       or v == \"android/view/DisplayEventReceiver\"\n       or v == \"android/view/GhostView\"\n       or v == \"android/view/NotificationHeaderView\"\n       or v == \"android/view/RenderNodeAnimator\"\n       or v == \"android/view/WindowManagerPolicy\"\n       or v == \"android/view/FinishedInputEventCallback\"\n       or v == \"android/view/WindowCallbackWrapper\"\n       or v == \"android/view/FallbackAction\"\n       or v == \"android/view/DisplayAdjustments\"\n       or v == \"android/view/AppTransitionAnimationSpec\"\n       or v == \"android/view/InputEventConsistencyVerifier\"\n       or v == \"android/view/KeyboardShortcutsReceiver\"\n       or v == \"android/view/FallbackEventHandler\"\n       or v == \"android/view/ViewReplaceRunnable\"\n       or v == \"android/view/WindowCallbacks\"\n       or v == \"android/view/WindowManagerImpl\"\n       or v == \"android/view/RenderNodeAnimatorSetHelper\"\n       or v == \"android/view/MagnificationSpec\"\n       or v == \"android/view/DisplayListCanvas\"\n       or v == \"android/view/accessibility/AccessibilityServicesStateChangeListener\"\n       or v == \"android/view/accessibility/HighTextContrastChangeListener\"\n       or v == \"android/view/accessibility/AccessibilityInteractionClient\"\n       or v == \"android/view/accessibility/AccessibilityCache\"\n       or v == \"android/view/Estimator\"\n       or v == \"android/view/HierarchyHandler\"\n       or v == \"android/view/DisplayInfo\"\n       or v == \"android/view/HardwareLayer\"\n       or v == \"android/view/SurfaceSession\"\n       or v == \"android/view/BatchedInputEventReceiver\"\n       or v == \"android/view/FrameMetricsObserver\"\n       or v == \"android/view/FocusFinderHelper\"\n       or v == \"android/view/AccessibilityIterators\"\n       or v == \"android/view/TextSegmentIterator\"\n       or v == \"android/view/AbstractTextSegmentIterator\"\n       or v == \"android/view/SubUiVisibilityListener\"\n       or v == \"android/accessibilityservice/CapabilityInfo\"\n       or v == \"android/accessibilityservice/TouchPoint\"\n       or v == \"android/accessibilityservice/GestureStep\"\n       or v == \"android/accessibilityservice/MotionEventGenerator\"\n       or v == \"android/accessibilityservice/Callbacks\"\n       or v == \"android/accessibilityservice/IAccessibilityServiceClientWrapper\"\n       or v == \"android/os/MyReadMapCallback\"\n       or v == \"android/os/SynchronousResultReceiver\"\n       or v == \"android/os/BatteryProperty\"\n       or v == \"android/os/NoImagePreloadHolder\"\n       or v == \"android/os/IHwInterface\"\n       or v == \"android/os/PerformanceCollector\"\n       or v == \"android/os/SystemVibrator\"\n       or v == \"android/os/IServiceManager\"\n       or v == \"android/os/HidlSupport\"\n       or v == \"android/os/ServiceSpecificException\"\n       or v == \"android/os/UserEnvironment\"\n       or v == \"android/os/AsyncResult\"\n       or v == \"android/os/PowerSaveState\"\n       or v == \"android/os/Broadcaster\"\n       or v == \"android/os/FactoryTest\"\n       or v == \"android/os/HwParcel\"\n       or v == \"android/os/IHwBinder\"\n       or v == \"android/os/ParcelableException\"\n       or v == \"android/os/ShellCommand\"\n       or v == \"android/os/ServiceManager\"\n       or v == \"android/os/ServiceNotFoundException\"\n       or v == \"android/os/ProcessStartResult\"\n       or v == \"android/os/SELinux\"\n       or v == \"android/os/ReadWriteHelper\"\n       or v == \"android/os/NoneVibrator\"\n       or v == \"android/os/VintfObject\"\n       or v == \"android/os/BatteryProperties\"\n       or v == \"android/os/HwBinder\"\n       or v == \"android/os/HwRemoteBinder\"\n       or v == \"android/os/GraphicsEnvironment\"\n       or v == \"android/os/ShellCallback\"\n       or v == \"android/os/IncidentManager\"\n       or v == \"android/os/FileUtils\"\n       or v == \"android/os/health/HealthStatsWriter\"\n       or v == \"android/os/health/HealthKeys\"\n       or v == \"android/os/health/Constants\"\n       or v == \"android/os/health/HealthStatsParceler\"\n       or v == \"android/os/ParcelableParcel\"\n       or v == \"android/os/PowerManagerInternal\"\n       or v == \"android/os/Temperature\"\n       or v == \"android/os/BatteryStats\"\n       or v == \"android/os/ZygoteProcess\"\n       or v == \"android/os/ViolationListener\"\n       or v == \"android/os/StrictModeViolation\"\n       or v == \"android/os/StrictModeNetworkViolation\"\n       or v == \"android/os/StrictModeDiskReadViolation\"\n       or v == \"android/os/StrictModeDiskWriteViolation\"\n       or v == \"android/os/StrictModeCustomViolation\"\n       or v == \"android/os/StrictModeResourceMismatchViolation\"\n       or v == \"android/os/StrictModeUnbufferedIOViolation\"\n       or v == \"android/os/Span\"\n       or v == \"android/os/ViolationInfo\"\n       or v == \"android/os/storage/StorageManagerInternal\"\n       or v == \"android/os/storage/StorageResultCode\"\n       or v == \"android/os/storage/VolumeRecord\"\n       or v == \"android/os/storage/DiskInfo\"\n       or v == \"android/os/storage/VolumeInfo\"\n       or v == \"android/os/storage/StorageEventListener\"\n       or v == \"android/os/SystemProperties\"\n       or v == \"android/os/RemoteCallback\"\n       or v == \"android/os/Registrant\"\n       or v == \"android/os/RevocableFileDescriptor\"\n       or v == \"android/os/UEventObserver\"\n       or v == \"android/os/ServiceManagerNative\"\n       or v == \"android/os/UpdateEngine\"\n       or v == \"android/os/BatteryManagerInternal\"\n       or v == \"android/os/UpdateLock\"\n       or v == \"android/os/OneShot\"\n       or v == \"android/os/Waveform\"\n       or v == \"android/os/Prebaked\"\n       or v == \"android/os/EnforcingUser\"\n       or v == \"android/os/PooledStringReader\"\n       or v == \"android/os/CommonClock\"\n       or v == \"android/os/IncidentReportArgs\"\n       or v == \"android/os/RemoteMailException\"\n       or v == \"android/os/CommonTimeConfig\"\n       or v == \"android/os/RegistrantList\"\n       or v == \"android/os/HwBlob\"\n       or v == \"android/os/FileBridge\"\n       or v == \"android/os/UserManagerInternal\"\n       or v == \"android/os/SystemService\"\n       or v == \"android/os/Seccomp\"\n       or v == \"android/os/VintfRuntimeInfo\"\n       or v == \"android/os/UpdateEngineCallback\"\n       or v == \"android/os/TransactionTracker\"\n       or v == \"android/os/ConfigUpdate\"\n       or v == \"android/os/PooledStringWriter\"\n       or v == \"android/text/FontConfig\"\n       or v == \"android/text/TextLine\"\n       or v == \"android/text/PackedIntVector\"\n       or v == \"android/text/PositionIterator\"\n       or v == \"android/text/style/AccessibilityClickableSpan\"\n       or v == \"android/text/style/SuggestionRangeSpan\"\n       or v == \"android/text/style/AccessibilityURLSpan\"\n       or v == \"android/text/style/SpellCheckSpan\"\n       or v == \"android/text/MeasuredText\"\n       or v == \"android/text/AndroidBidi\"\n       or v == \"android/text/SpanSet\"\n       or v == \"android/text/format/BytesResult\"\n       or v == \"android/text/CharSequenceCharacterIterator\"\n       or v == \"android/text/Hyphenator\"\n       or v == \"android/text/Emoji\"\n       or v == \"android/text/GraphicsOperations\"\n       or v == \"android/text/method/TransformationMethod2\"\n       or v == \"android/text/method/WordIterator\"\n       or v == \"android/text/method/AllCapsTransformationMethod\"\n       or v == \"android/service/oemlock/OemLockManager\"\n       or v == \"android/service/notification/SnoozeCriterion\"\n       or v == \"android/service/notification/NotificationRankingUpdate\"\n       or v == \"android/service/notification/Adjustment\"\n       or v == \"android/service/notification/NotificationListenerWrapper\"\n       or v == \"android/service/notification/NotificationAssistantService\"\n       or v == \"android/service/notification/ZenModeConfig\"\n       or v == \"android/service/gatekeeper/GateKeeperResponse\"\n       or v == \"android/service/euicc/GetDownloadableSubscriptionMetadataResult\"\n       or v == \"android/service/euicc/GetDefaultDownloadableSubscriptionListResult\"\n       or v == \"android/service/euicc/EuiccProfileInfo\"\n       or v == \"android/service/euicc/GetEuiccProfileInfoListResult\"\n       or v == \"android/service/euicc/EuiccService\"\n       or v == \"android/service/autofill/OptionalValidators\"\n       or v == \"android/service/autofill/InternalValidator\"\n       or v == \"android/service/autofill/RequiredValidators\"\n       or v == \"android/service/autofill/AutofillServiceInfo\"\n       or v == \"android/service/autofill/ValueFinder\"\n       or v == \"android/service/autofill/InternalTransformation\"\n       or v == \"android/service/voice/SoundTriggerListener\"\n       or v == \"android/service/voice/VoiceInteractionServiceInfo\"\n       or v == \"android/service/voice/VoiceInteractionManagerInternal\"\n       or v == \"android/service/persistentdata/PersistentDataBlockManager\"\n       or v == \"android/service/wallpaper/WallpaperSettingsActivity\"\n       or v == \"android/service/trust/TrustAgentService\"\n       or v == \"android/service/dreams/Sandman\"\n       or v == \"android/service/dreams/DreamManagerInternal\"\n       or v == \"android/service/carrier/ICarrierServiceWrapper\"\n       or v == \"android/service/carrier/MatchType\"\n       or v == \"android/service/resolver/ResolverRankerService\"\n       or v == \"android/service/resolver/ResolverTarget\"\n       or v == \"android/companion/BluetoothDeviceFilterUtils\"\n       or v == \"com/android/server/AppWidgetBackupBridge\"\n       or v == \"com/android/server/net/BaseNetworkObserver\"\n       or v == \"com/android/server/net/NetlinkTracker\"\n       or v == \"com/android/server/WidgetBackupProvider\"\n       or v == \"com/android/server/LocalServices\"\n       or v == \"android/security/KeyStoreException\"\n       or v == \"android/security/keystore/AndroidKeyStoreBCWorkaroundProvider\"\n       or v == \"android/security/keystore/AndroidKeyStoreHmacSpi\"\n       or v == \"android/security/keystore/AndroidKeyStoreCipherSpiBase\"\n       or v == \"android/security/keystore/AndroidKeyStorePublicKey\"\n       or v == \"android/security/keystore/AndroidKeyStoreSecretKey\"\n       or v == \"android/security/keystore/AndroidKeyStoreECPrivateKey\"\n       or v == \"android/security/keystore/AndroidKeyStoreKeyGeneratorSpi\"\n       or v == \"android/security/keystore/KeyStoreCryptoOperationChunkedStreamer\"\n       or v == \"android/security/keystore/Purpose\"\n       or v == \"android/security/keystore/KeyAlgorithm\"\n       or v == \"android/security/keystore/BlockMode\"\n       or v == \"android/security/keystore/EncryptionPadding\"\n       or v == \"android/security/keystore/Digest\"\n       or v == \"android/security/keystore/Origin\"\n       or v == \"android/security/keystore/DeviceIdAttestationException\"\n       or v == \"android/security/keystore/ArrayUtils\"\n       or v == \"android/security/keystore/AndroidKeyStoreRSASignatureSpi\"\n       or v == \"android/security/keystore/Utils\"\n       or v == \"android/security/keystore/AndroidKeyStoreSignatureSpiBase\"\n       or v == \"android/security/keystore/AndroidKeyStoreRSAPrivateKey\"\n       or v == \"android/security/keystore/AndroidKeyStoreRSACipherSpi\"\n       or v == \"android/security/keystore/AndroidKeyStoreECDSASignatureSpi\"\n       or v == \"android/security/keystore/AndroidKeyStoreKeyFactorySpi\"\n       or v == \"android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi\"\n       or v == \"android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi\"\n       or v == \"android/security/keystore/AndroidKeyStoreSpi\"\n       or v == \"android/security/keystore/KeyStoreCryptoOperationUtils\"\n       or v == \"android/security/keystore/AttestationUtils\"\n       or v == \"android/security/keystore/KeyStoreCryptoOperation\"\n       or v == \"android/security/keystore/KeymasterUtils\"\n       or v == \"android/security/keystore/AndroidKeyStoreRSAPublicKey\"\n       or v == \"android/security/keystore/KeyStoreConnectException\"\n       or v == \"android/security/keystore/AndroidKeyStoreECPublicKey\"\n       or v == \"android/security/keystore/AndroidKeyStoreKey\"\n       or v == \"android/security/keystore/AndroidKeyStoreUnauthenticatedAESCipherSpi\"\n       or v == \"android/security/keystore/AndroidKeyStorePrivateKey\"\n       or v == \"android/security/keystore/KeyStoreCryptoOperationStreamer\"\n       or v == \"android/security/keystore/AndroidKeyStoreProvider\"\n       or v == \"android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi\"\n       or v == \"android/security/Credentials\"\n       or v == \"android/security/KeyChainConnection\"\n       or v == \"android/security/GateKeeper\"\n       or v == \"android/security/SystemKeyStore\"\n       or v == \"android/security/KeyStore\"\n       or v == \"android/net/lowpan/Builder\"\n       or v == \"android/net/lowpan/LowpanProperty\"\n       or v == \"android/net/lowpan/LowpanProperties\"\n       or v == \"android/net/lowpan/LowpanStandardProperty\"\n       or v == \"android/location/GpsMeasurementsEvent\"\n       or v == \"android/location/Listener\"\n       or v == \"android/location/LocalListenerHelper\"\n       or v == \"android/location/Country\"\n       or v == \"android/location/GpsNavigationMessage\"\n       or v == \"android/location/GpsClock\"\n       or v == \"android/location/GeocoderParams\"\n       or v == \"android/location/FusedBatchOptions\"\n       or v == \"android/location/GpsNavigationMessageEvent\"\n       or v == \"android/location/Listener\"\n       or v == \"android/location/BatchedLocationCallback\"\n       or v == \"android/location/CountryListener\"\n       or v == \"android/location/CountryDetector\"\n       or v == \"android/location/Geofence\"\n       or v == \"android/location/BatchedLocationCallbackTransport\"\n       or v == \"android/location/GnssMeasurementCallbackTransport\"\n       or v == \"android/location/LocationRequest\"\n       or v == \"android/location/GpsMeasurement\"\n       or v == \"android/location/GnssNavigationMessageCallbackTransport\"\n       or v == \"javax/obex/HeaderSet\"\n       or v == \"javax/obex/BaseStream\"\n       or v == \"javax/obex/ClientOperation\"\n       or v == \"javax/obex/ServerSession\"\n       or v == \"javax/obex/Operation\"\n       or v == \"javax/obex/PrivateInputStream\"\n       or v == \"javax/obex/PrivateOutputStream\"\n       or v == \"javax/obex/ClientSession\"\n       or v == \"javax/obex/SessionNotifier\"\n       or v == \"javax/obex/ApplicationParameter\"\n       or v == \"javax/obex/ServerOperation\"\n       or v == \"javax/obex/Authenticator\"\n       or v == \"javax/obex/ResponseCodes\"\n       or v == \"javax/obex/ObexHelper\"\n       or v == \"javax/obex/PasswordAuthentication\"\n       or v == \"javax/obex/ObexTransport\"\n       or v == \"javax/obex/ServerRequestHandler\"\n       or v == \"javax/obex/ObexSession\"\n       or v == \"android/net/util/PacketReaderTest\"\n       or v == \"android/net/util/ConnectivityPacketSummaryTest\"\n       or v == \"android/testing/LayoutInflaterBuilder\"\n       or v == \"androidx/media/filterfw/GLToolbox\"\n       or v == \"android/security/net/config/TestCertificateSource\"\n       or v == \"android/security/net/config/TestConfigSource\"\n       or v == \"com/android/uiautomator/core/Tracer\"\n       or v == \"com/android/uiautomator/core/AccessibilityNodeInfoDumper\"\n       or v == \"com/android/uiautomator/core/UiAutomatorBridge\"\n       or v == \"com/android/uiautomator/testrunner/UiAutomatorTestCaseFilter\"\n       or v == \"com/android/uiautomator/testrunner/TestCaseCollector\"\n       or v == \"com/android/uiautomator/testrunner/UiAutomatorTestRunner\"\n       or v == \"com/android/uiautomator/core/ShellUiAutomatorBridge\"\n       or v == \"com/android/uiautomator/core/UiAutomationShellWrapper\"\n       or v == \"com/android/uiautomator/core/InstrumentationUiAutomatorBridge\"\n       or v == \"android/renderscript/ProgramRaster\"\n       or v == \"android/renderscript/ProgramVertex\"\n       or v == \"android/renderscript/Builder\"\n       or v == \"android/renderscript/ProgramFragmentFixedFunction\"\n       or v == \"android/renderscript/RenderScriptGL\"\n       or v == \"android/renderscript/FileA3D\"\n       or v == \"android/renderscript/ProgramVertexFixedFunction\"\n       or v == \"android/renderscript/ProgramFragment\"\n       or v == \"android/renderscript/Font\"\n       or v == \"android/renderscript/RSTextureView\"\n       or v == \"android/renderscript/RSSurfaceView\"\n       or v == \"android/renderscript/Program\"\n       or v == \"android/renderscript/ProgramStore\"\n       or v == \"android/renderscript/Mesh\"\n       or v == \"android/renderscript/RenderScriptCacheDir\"\n       or v == \"android/telephony/ClientRequestStats\"\n       or v == \"android/telephony/TelephonyHistogram\"\n       or v == \"android/telephony/ModemActivityInfo\"\n       or v == \"android/telephony/PreciseDisconnectCause\"\n       or v == \"android/telephony/cdma/CdmaSmsCbProgramData\"\n       or v == \"android/telephony/cdma/CdmaSmsCbProgramResults\"\n       or v == \"android/telephony/PreciseCallState\"\n       or v == \"android/telephony/SubscriptionPlan\"\n       or v == \"android/telephony/VoLteServiceState\"\n       or v == \"android/telephony/DisconnectCause\"\n       or v == \"android/telephony/UiccAccessRule\"\n       or v == \"android/telephony/euicc/EuiccManager\"\n       or v == \"android/telephony/euicc/DownloadableSubscription\"\n       or v == \"android/telephony/RadioAccessFamily\"\n       or v == \"android/telephony/PcoData\"\n       or v == \"android/telephony/Builder\"\n       or v == \"android/telephony/WifiCallingChoices\"\n       or v == \"android/telephony/ims/ImsService\"\n       or v == \"android/telephony/ims/stub/ImsCallSessionListenerImplBase\"\n       or v == \"android/telephony/ims/feature/ImsFeature\"\n       or v == \"android/telephony/CdmaBands\"\n       or v == \"android/telephony/UssdResponse\"\n       or v == \"android/telephony/PreciseDataConnectionState\"\n       or v == \"android/provider/CarrierColumns\"\n       or v == \"android/provider/WordsTable\"\n       or v == \"android/provider/CellBroadcasts\"\n       or v == \"android/provider/CarrierIdentification\"\n       or v == \"android/telephony/data/InterfaceAddress\"\n       or v == \"android/telephony/data/DataCallResponse\"\n       or v == \"android/telephony/data/DataProfile\"\n       or v == \"android/telephony/Rlog\"\n       or v == \"android/telephony/ImsiEncryptionInfo\"\n       or v == \"android/telephony/mbms/InternalStreamingSessionCallback\"\n       or v == \"android/telephony/mbms/MbmsTempFileProvider\"\n       or v == \"android/telephony/mbms/OpaqueDataContainer\"\n       or v == \"android/telephony/mbms/InternalDownloadSessionCallback\"\n       or v == \"android/telephony/mbms/InternalStreamingServiceCallback\"\n       or v == \"android/telephony/mbms/UriPathPair\"\n       or v == \"android/telephony/mbms/InternalDownloadStateCallback\"\n       or v == \"android/telephony/mbms/MbmsUtils\"\n       or v == \"android/telephony/mbms/vendor/MbmsDownloadServiceBase\"\n       or v == \"android/telephony/mbms/vendor/MbmsStreamingServiceBase\"\n       or v == \"android/telephony/mbms/vendor/VendorUtils\"\n       or v == \"android/telephony/DataConnectionRealTimeInfo\"\n       or v == \"android/telephony/SmsCbLocation\"\n       or v == \"android/telephony/SmsCbEtwsInfo\"\n       or v == \"android/telephony/SmsCbMessage\"\n       or v == \"android/telephony/SmsCbCmasInfo\"\n       or v == \"com/android/ims/ImsStreamMediaProfile\"\n       or v == \"com/android/ims/ImsReasonInfo\"\n       or v == \"com/android/ims/ImsCallForwardInfo\"\n       or v == \"com/android/ims/ImsExternalCallState\"\n       or v == \"com/android/ims/ImsConfig\"\n       or v == \"com/android/ims/ImsException\"\n       or v == \"com/android/ims/ImsCallProfile\"\n       or v == \"com/android/ims/ImsSuppServiceNotification\"\n       or v == \"com/android/ims/ImsUtInterface\"\n       or v == \"com/android/ims/ImsConferenceState\"\n       or v == \"com/android/ims/ImsSsInfo\"\n       or v == \"com/android/ims/ImsSsData\"\n       or v == \"com/android/settingslib/NetworkPolicyEditor\"\n       or v == \"com/android/sharedstoragebackup/ObbBackupService\"\n       or v == \"com/android/providers/settings/SettingsProtoDumpUtil\"\n       or v == \"com/android/statementservice/retriever/AndroidPackageInfoFetcher\"\n       or v == \"com/android/statementservice/retriever/URLFetcher\"\n       or v == \"com/android/statementservice/retriever/WebContent\"\n       or v == \"com/android/backupconfirm/BackupRestoreConfirmation\"\n       or v == \"com/android/proxyhandler/ProxyServer\"\n       or v == \"com/android/proxyhandler/SocketConnect\"\n       or v == \"com/android/proxyhandler/ProxyService\"\n       or v == \"com/android/pacprocessor/PacNative\"\n       or v == \"com/android/systemui/media/NotificationPlayer\"\n       or v == \"junit/runner/TestRunListener\"\n       or v == \"junit/runner/StandardTestSuiteLoader\"\n       or v == \"android/test/LaunchPerformanceBase\"\n       or v == \"android/test/NoExecTestResult\"\n       or v == \"android/test/ClassPathPackageInfoSource\"\n       or v == \"android/test/TestPrinter\"\n       or v == \"android/test/suitebuilder/UnitTestSuiteBuilder\"\n       or v == \"android/test/suitebuilder/TestGrouping\"\n       or v == \"android/test/suitebuilder/TestPredicates\"\n       or v == \"android/test/suitebuilder/SmokeTestSuiteBuilder\"\n       or v == \"android/test/TestCaseUtil\"\n       or v == \"android/test/mock/MockIContentProvider\"\n       or v == \"android/telecom/TimedEvent\"\n       or v == \"android/telecom/DefaultDialerManager\"\n       or v == \"android/telecom/ParcelableRttCall\"\n       or v == \"android/telecom/AudioState\"\n       or v == \"android/telecom/Phone\"\n       or v == \"android/telecom/ParcelableCallAnalytics\"\n       or v == \"android/telecom/VideoEvent\"\n       or v == \"android/telecom/TelecomAnalytics\"\n       or v == \"android/telecom/CallbackRecord\"\n       or v == \"android/telecom/Response\"\n       or v == \"android/telecom/VideoCallImpl\"\n       or v == \"android/telecom/ConnectionServiceAdapter\"\n       or v == \"android/telecom/Builder\"\n       or v == \"android/telecom/RemoteConnectionService\"\n       or v == \"android/telecom/AuthenticatorService\"\n       or v == \"android/telecom/Listener\"\n       or v == \"android/telecom/ConferenceParticipant\"\n       or v == \"android/telecom/ParcelableConnection\"\n       or v == \"android/telecom/ParcelableCall\"\n       or v == \"android/telecom/Log\"\n       or v == \"android/telecom/Listener\"\n       or v == \"android/telecom/RttTextStream\"\n       or v == \"android/telecom/RemoteConnectionManager\"\n       or v == \"android/telecom/ParcelableConference\"\n       or v == \"android/telecom/Voicemail\"\n       or v == \"android/telecom/ConnectionServiceAdapterServant\"\n       or v == \"android/telecom/VideoCallbackServant\"\n       or v == \"android/telecom/Listener\"\n       or v == \"android/telecom/Logging/TimedEvent\"\n       or v == \"android/telecom/Logging/Runnable\"\n       or v == \"android/telecom/Logging/Session\"\n       or v == \"android/telecom/InCallAdapter\"\n       or v == \"android/graphics/GraphicBuffer\"\n       or v == \"android/graphics/CanvasProperty\"\n       or v == \"android/graphics/drawable/AnimatedRotateDrawable\"\n       or v == \"android/graphics/drawable/VectorDrawableAnimatorRT\"\n       or v == \"android/graphics/drawable/DrawableInflater\"\n       or v == \"android/graphics/Insets\"\n       or v == \"android/graphics/BaseCanvas\"\n       or v == \"android/graphics/pdf/PdfEditor\"\n       or v == \"android/graphics/Renderer\"\n       or v == \"android/graphics/LeakyTypefaceStorage\"\n       or v == \"android/graphics/TemporaryBuffer\"\n       or v == \"android/graphics/InsetStruct\"\n       or v == \"android/graphics/LargeBitmap\"\n       or v == \"android/graphics/FontListParser\"\n       or v == \"android/graphics/FontFamily\"\n       or v == \"android/graphics/TableMaskFilter\"\n       or v == \"android/net/util/NetworkConstants\"\n       or v == \"android/net/util/Stopwatch\"\n       or v == \"android/net/util/PrefixUtils\"\n       or v == \"android/net/util/NetdService\"\n       or v == \"android/net/util/IpUtils\"\n       or v == \"android/net/util/VersionedBroadcastListener\"\n       or v == \"android/net/util/SharedLog\"\n       or v == \"android/net/util/ConnectivityPacketSummary\"\n       or v == \"android/net/util/MultinetworkPolicyTracker\"\n       or v == \"android/net/util/PacketReader\"\n       or v == \"android/net/netlink/StructNlMsgHdr\"\n       or v == \"android/net/netlink/StructNdMsg\"\n       or v == \"android/net/netlink/StructNlMsgErr\"\n       or v == \"android/net/netlink/NetlinkSocket\"\n       or v == \"android/net/netlink/StructNlAttr\"\n       or v == \"android/net/netlink/NetlinkMessage\"\n       or v == \"android/net/netlink/ConntrackMessage\"\n       or v == \"android/net/netlink/StructNfGenMsg\"\n       or v == \"android/net/netlink/StructNdaCacheInfo\"\n       or v == \"android/net/netlink/NetlinkConstants\"\n       or v == \"android/net/netlink/NetlinkErrorMessage\"\n       or v == \"android/net/netlink/RtNetlinkNeighborMessage\"\n       or v == \"android/net/apf/ApfGenerator\"\n       or v == \"android/net/apf/ApfCapabilities\"\n       or v == \"android/net/apf/ApfFilter\"\n       or v == \"android/net/dhcp/DhcpClient\"\n       or v == \"android/net/dhcp/DhcpPacket\"\n       or v == \"android/net/ip/IpReachabilityMonitor\"\n       or v == \"android/net/ip/InterfaceController\"\n       or v == \"android/net/ip/IpClient\"\n       or v == \"android/net/ip/IpNeighborMonitor\"\n       or v == \"android/net/ip/RouterAdvertisementDaemon\"\n       or v == \"android/net/ip/ConnectivityPacketTracker\"\n       or v == \"com/android/server/pm/PackageManagerServiceUtils\"\n       or v == \"com/android/server/pm/BackgroundDexOptService\"\n       or v == \"com/android/server/pm/InstructionSets\"\n       or v == \"com/android/server/pm/EphemeralResolverConnection\"\n       or v == \"com/android/server/pm/SELinuxMMAC\"\n       or v == \"com/android/server/pm/OtaDexoptService\"\n       or v == \"com/android/server/pm/InstantAppResolver\"\n       or v == \"com/android/server/pm/PackageManagerException\"\n       or v == \"com/android/server/vr/SettingsObserver\"\n       or v == \"com/android/server/vr/VrManagerInternal\"\n       or v == \"com/android/server/vr/EnabledComponentsObserver\"\n       or v == \"com/android/server/vr/VrManagerService\"\n       or v == \"com/android/server/vr/VrStateListener\"\n       or v == \"com/android/server/webkit/SystemInterface\"\n       or v == \"com/android/server/webkit/WebViewUpdateService\"\n       or v == \"com/android/server/webkit/SystemImpl\"\n       or v == \"com/android/server/webkit/WebViewUpdateServiceImpl\"\n       or v == \"com/android/server/net/NetworkPolicyManagerInternal\"\n       or v == \"com/android/server/net/NetworkIdentitySet\"\n       or v == \"com/android/server/fingerprint/FingerprintService\"\n       or v == \"com/android/server/am/BackupRecord\"\n       or v == \"com/android/server/GraphicsStatsService\"\n       or v == \"com/android/server/connectivity/Vpn\"\n       or v == \"com/android/server/connectivity/IpConnectivityMetrics\"\n       or v == \"com/android/server/connectivity/tethering/TetheringConfiguration\"\n       or v == \"com/android/server/connectivity/tethering/OffloadHardwareInterface\"\n       or v == \"com/android/server/connectivity/tethering/OffloadController\"\n       or v == \"com/android/server/connectivity/tethering/TetherInterfaceStateMachine\"\n       or v == \"com/android/server/connectivity/tethering/UpstreamNetworkMonitor\"\n       or v == \"com/android/server/connectivity/tethering/SimChangeListener\"\n       or v == \"com/android/server/connectivity/tethering/IPv6TetheringCoordinator\"\n       or v == \"com/android/server/connectivity/tethering/TetheringDependencies\"\n       or v == \"com/android/server/connectivity/tethering/IControlsTethering\"\n       or v == \"com/android/server/connectivity/PacManager\"\n       or v == \"com/android/server/connectivity/NetworkMonitor\"\n       or v == \"com/android/server/connectivity/CaptivePortalProbeResult\"\n       or v == \"com/android/server/connectivity/IpConnectivityEventBuilder\"\n       or v == \"com/android/server/connectivity/NetworkDiagnostics\"\n       or v == \"com/android/server/connectivity/Tethering\"\n       or v == \"com/android/server/connectivity/PermissionMonitor\"\n       or v == \"com/android/server/connectivity/KeepalivePacketData\"\n       or v == \"com/android/server/connectivity/DefaultNetworkMetrics\"\n       or v == \"com/android/server/connectivity/Nat464Xlat\"\n       or v == \"com/android/server/security/KeyAttestationApplicationIdProviderService\"\n       or v == \"com/android/server/input/InputWindowHandle\"\n       or v == \"com/android/server/input/InputApplicationHandle\"\n       or v == \"com/android/server/notification/NotificationManagerService\"\n       or v == \"com/android/server/notification/NotificationUsageStats\"\n       or v == \"com/android/server/notification/RateEstimator\"\n       or v == \"com/android/server/notification/AlertRateLimiter\"\n       or v == \"com/android/server/notification/NotificationRecord\"\n       or v == \"com/android/server/notification/ValidateNotificationPeople\"\n       or v == \"com/android/server/notification/RankingReconsideration\"\n       or v == \"com/android/server/camera/CameraServiceProxy\"\n       or v == \"com/android/server/location/PassiveProvider\"\n       or v == \"com/android/server/location/ActivityRecognitionProxy\"\n       or v == \"com/android/server/location/CountryDetectorBase\"\n       or v == \"com/android/server/location/GnssLocationProvider\"\n       or v == \"com/android/server/location/ContextHubService\"\n       or v == \"com/android/server/location/FusedProxy\"\n       or v == \"com/android/server/location/GeofenceProxy\"\n       or v == \"com/android/server/location/GnssNavigationMessageProvider\"\n       or v == \"com/android/server/location/LocationProviderInterface\"\n       or v == \"com/android/server/location/GpsXtraDownloader\"\n       or v == \"com/android/server/location/FusedLocationHardwareSecure\"\n       or v == \"com/android/server/location/FlpHardwareProvider\"\n       or v == \"com/android/server/location/GnssMeasurementsProvider\"\n       or v == \"com/android/server/location/LocationBasedCountryDetector\"\n       or v == \"com/android/server/location/ComprehensiveCountryDetector\"\n       or v == \"com/android/server/location/MockProvider\"\n       or v == \"com/android/server/wm/WindowManagerService\"\n       or v == \"com/android/server/wm/animation/ClipRectLRAnimation\"\n       or v == \"com/android/server/wm/ViewServer\"\n       or v == \"com/android/server/SystemServiceManager\"\n       or v == \"com/android/server/content/SyncStorageEngine\"\n       or v == \"com/android/server/content/SyncManager\"\n       or v == \"com/android/server/content/ActiveSyncContext\"\n       or v == \"com/android/server/content/ContentService\"\n       or v == \"com/android/server/content/ObserverCall\"\n       or v == \"com/android/server/content/ObserverNode\"\n       or v == \"com/android/server/content/SyncOperation\"\n       or v == \"com/android/server/utils/ManagedApplicationService\"\n       or v == \"com/android/server/utils/PriorityDump\"\n       or v == \"com/android/server/utils/PriorityDumper\"\n       or v == \"com/android/server/NetworkManagementService\"\n       or v == \"com/android/server/tv/TvInputHardwareManager\"\n       or v == \"com/android/server/IpSecService\"\n       or v == \"com/android/server/ConnectivityService\"\n       or v == \"com/android/server/audio/MediaFocusControl\"\n       or v == \"com/android/server/audio/FocusRequester\"\n       or v == \"com/android/server/audio/AudioService\"\n       or v == \"com/android/server/telecom/TelecomLoaderService\"\n       or v == \"com/android/server/NetworkScorerAppManager\"\n       or v == \"com/android/server/CountryDetectorService\"\n       or v == \"com/android/server/accounts/AccountManagerService\"\n       or v == \"com/android/server/accounts/IAccountAuthenticatorCache\"\n       or v == \"com/android/server/job/JobSchedulerService\"\n       or v == \"com/android/server/job/JobSchedulerInternal\"\n       or v == \"com/android/server/job/controllers/JobStatus\"\n       or v == \"com/android/server/RescueParty\"\n       or v == \"com/android/server/NsdService\"\n       or v == \"com/android/server/os/SchedulingPolicyService\"\n       or v == \"com/android/server/SystemServerInitThreadPool\"\n       or v == \"com/android/server/NetworkScoreService\"\n       or v == \"com/android/server/locksettings/LockSettingsService\"\n       or v == \"com/android/server/dreams/DreamManagerService\"\n       or v == \"com/android/server/IntentResolver\"\n       or v == \"com/android/server/GestureLauncherService\"\n       or v == \"com/android/server/SystemService\"\n       or v == \"com/android/server/NetworkManagementInternal\"\n       or v == \"com/android/server/policy/keyguard/KeyguardStateMonitor\"\n       or v == \"com/android/server/CommonTimeManagementService\"\n       or v == \"com/android/server/soundtrigger/SoundTriggerService\"\n       or v == \"com/android/server/soundtrigger/SoundTriggerHelper\"\n       or v == \"com/android/server/soundtrigger/SoundTriggerDbHelper\"\n       or v == \"com/android/server/voiceinteraction/DatabaseHelper\"\n       or v == \"com/android/server/usb/descriptors/UsbTerminalTypes\"\n       or v == \"com/android/server/usb/descriptors/tree/UsbDescriptorsEndpointNode\"\n       or v == \"com/android/server/usb/descriptors/tree/UsbDescriptorsACInterfaceNode\"\n       or v == \"com/android/server/usb/descriptors/tree/UsbDescriptorsTreeNode\"\n       or v == \"com/android/server/usb/descriptors/tree/UsbDescriptorsTree\"\n       or v == \"com/android/server/usb/descriptors/tree/UsbDescriptorsInterfaceNode\"\n       or v == \"com/android/server/usb/descriptors/tree/UsbDescriptorsDeviceNode\"\n       or v == \"com/android/server/usb/descriptors/tree/UsbDescriptorsConfigNode\"\n       or v == \"com/android/server/usb/descriptors/UsbACAudioStreamEndpoint\"\n       or v == \"com/android/server/usb/descriptors/UsbBinaryParser\"\n       or v == \"com/android/server/usb/descriptors/Usb10ASFormatI\"\n       or v == \"com/android/server/usb/descriptors/UsbACAudioControlEndpoint\"\n       or v == \"com/android/server/usb/descriptors/UsbConfigDescriptor\"\n       or v == \"com/android/server/usb/descriptors/Usb20ACMixerUnit\"\n       or v == \"com/android/server/usb/descriptors/UsbMSMidiInputJack\"\n       or v == \"com/android/server/usb/descriptors/Usb20ACInputTerminal\"\n       or v == \"com/android/server/usb/descriptors/UsbACInterface\"\n       or v == \"com/android/server/usb/descriptors/Usb10ACOutputTerminal\"\n       or v == \"com/android/server/usb/descriptors/UsbDeviceDescriptor\"\n       or v == \"com/android/server/usb/descriptors/Usb10ACHeader\"\n       or v == \"com/android/server/usb/descriptors/UsbInterfaceAssoc\"\n       or v == \"com/android/server/usb/descriptors/UsbHIDDescriptor\"\n       or v == \"com/android/server/usb/descriptors/UsbMSMidiOutputJack\"\n       or v == \"com/android/server/usb/descriptors/Usb20ASFormatI\"\n       or v == \"com/android/server/usb/descriptors/Usb10ASFormatII\"\n       or v == \"com/android/server/usb/descriptors/UsbMSMidiHeader\"\n       or v == \"com/android/server/usb/descriptors/Usb20ASFormatIII\"\n       or v == \"com/android/server/usb/descriptors/UsbACFeatureUnit\"\n       or v == \"com/android/server/usb/descriptors/UsbASFormat\"\n       or v == \"com/android/server/usb/descriptors/UsbACEndpoint\"\n       or v == \"com/android/server/usb/descriptors/UsbUnknown\"\n       or v == \"com/android/server/usb/descriptors/Usb20ACHeader\"\n       or v == \"com/android/server/usb/descriptors/UsbInterfaceDescriptor\"\n       or v == \"com/android/server/usb/descriptors/UsbDescriptor\"\n       or v == \"com/android/server/usb/descriptors/UsbACSelectorUnit\"\n       or v == \"com/android/server/usb/descriptors/UsbACHeaderInterface\"\n       or v == \"com/android/server/usb/descriptors/UsbEndpointDescriptor\"\n       or v == \"com/android/server/usb/descriptors/report/TextReportCanvas\"\n       or v == \"com/android/server/usb/descriptors/report/Reporting\"\n       or v == \"com/android/server/usb/descriptors/report/ReportCanvas\"\n       or v == \"com/android/server/usb/descriptors/report/UsbStrings\"\n       or v == \"com/android/server/usb/descriptors/report/HTMLReportCanvas\"\n       or v == \"com/android/server/usb/descriptors/Usb10ACInputTerminal\"\n       or v == \"com/android/server/usb/descriptors/UsbDescriptorParser\"\n       or v == \"com/android/server/usb/descriptors/Usb10ASGeneral\"\n       or v == \"com/android/server/usb/descriptors/ByteStream\"\n       or v == \"com/android/server/usb/descriptors/UsbACMidiEndpoint\"\n       or v == \"com/android/server/usb/descriptors/Usb20ASFormatIIEx\"\n       or v == \"com/android/server/usb/descriptors/Usb10ACMixerUnit\"\n       or v == \"com/android/server/usb/descriptors/Usb20ASFormatII\"\n       or v == \"com/android/server/usb/descriptors/Usb20ACOutputTerminal\"\n       or v == \"com/android/server/usb/descriptors/UsbACTerminal\"\n       or v == \"com/android/server/usb/descriptors/UsbACInterfaceUnparsed\"\n       or v == \"com/android/server/accessibility/TouchExplorer\"\n       or v == \"com/android/server/coverage/CoverageService\"\n       or v == \"com/android/server/companion/CompanionDeviceManagerService\"\n       or v == \"android/opengl/GLWallpaperService\"\n       or v == \"android/mtp/MtpDatabase\"\n       or v == \"android/mtp/MtpServer\"\n       or v == \"android/mtp/MtpStorage\"\n       or v == \"android/media/PlayerProxy\"\n       or v == \"android/media/MediaScanner\"\n       or v == \"android/media/MediaTimeProvider\"\n       or v == \"android/media/OnMediaTimeListener\"\n       or v == \"android/media/soundtrigger/SoundTriggerDetector\"\n       or v == \"android/media/soundtrigger/RecognitionCallback\"\n       or v == \"android/media/soundtrigger/SoundTriggerManager\"\n       or v == \"android/media/audiofx/OnParameterChangeListener\"\n       or v == \"android/media/audiofx/Settings\"\n       or v == \"android/media/audiofx/OnServerDiedListener\"\n       or v == \"android/media/audiofx/OnParameterChangeListener\"\n       or v == \"android/media/MediaFile\"\n       or v == \"android/media/PlayerDeathMonitor\"\n       or v == \"android/media/RemoteDisplay\"\n       or v == \"android/media/AudioPort\"\n       or v == \"android/media/SRTRenderer\"\n       or v == \"android/media/MiniThumbFile\"\n       or v == \"android/media/midi/MidiDeviceServer\"\n       or v == \"android/media/TtmlRenderer\"\n       or v == \"android/media/TtmlUtils\"\n       or v == \"android/media/TtmlCue\"\n       or v == \"android/media/TtmlNode\"\n       or v == \"android/media/TtmlParser\"\n       or v == \"android/media/TtmlNodeListener\"\n       or v == \"android/media/TtmlTrack\"\n       or v == \"android/media/TtmlRenderingWidget\"\n       or v == \"android/media/audiopolicy/AudioPolicyConfig\"\n       or v == \"android/media/audiopolicy/AudioMixingRule\"\n       or v == \"android/media/audiopolicy/AudioMix\"\n       or v == \"android/media/audiopolicy/AudioPolicy\"\n       or v == \"android/media/Callback\"\n       or v == \"android/media/MediaHTTPConnection\"\n       or v == \"android/media/DecoderCapabilities\"\n       or v == \"android/media/OnSubtitleDataListener\"\n       or v == \"android/media/TimeProvider\"\n       or v == \"android/media/MediaHTTPService\"\n       or v == \"android/media/AudioManagerInternal\"\n       or v == \"android/media/MediaScannerClient\"\n       or v == \"android/media/SubtitleTrack\"\n       or v == \"android/media/CueList\"\n       or v == \"android/media/Cue\"\n       or v == \"android/media/Run\"\n       or v == \"android/media/VolumePolicy\"\n       or v == \"android/media/tv/ProgramColumns\"\n       or v == \"android/media/tv/PreviewProgramColumns\"\n       or v == \"android/media/tv/WatchedPrograms\"\n       or v == \"android/media/tv/TvStreamConfig\"\n       or v == \"android/media/tv/TvInputSettings\"\n       or v == \"android/media/tv/ITvInputSessionWrapper\"\n       or v == \"android/media/tv/DvbDeviceInfo\"\n       or v == \"android/media/tv/TvInputHardwareInfo\"\n       or v == \"android/media/tv/SessionCallback\"\n       or v == \"android/media/tv/HardwareCallback\"\n       or v == \"android/media/tv/Session\"\n       or v == \"android/media/tv/FinishedInputEventCallback\"\n       or v == \"android/media/tv/Hardware\"\n       or v == \"android/media/tv/TvContentRatingSystemInfo\"\n       or v == \"android/media/BufferingParams\"\n       or v == \"android/media/Cea708CaptionRenderer\"\n       or v == \"android/media/Cea708CaptionTrack\"\n       or v == \"android/media/Cea708CCParser\"\n       or v == \"android/media/Const\"\n       or v == \"android/media/CaptionColor\"\n       or v == \"android/media/CaptionEvent\"\n       or v == \"android/media/CaptionPenAttr\"\n       or v == \"android/media/CaptionPenColor\"\n       or v == \"android/media/CaptionPenLocation\"\n       or v == \"android/media/CaptionWindowAttr\"\n       or v == \"android/media/CaptionWindow\"\n       or v == \"android/media/Cea708CCWidget\"\n       or v == \"android/media/ScaledLayout\"\n       or v == \"android/media/ScaledLayoutParams\"\n       or v == \"android/media/CCLayout\"\n       or v == \"android/media/CCHandler\"\n       or v == \"android/media/CCWindowLayout\"\n       or v == \"android/media/CCView\"\n       or v == \"android/media/EncoderCapabilities\"\n       or v == \"android/media/AudioFocusInfo\"\n       or v == \"android/media/AudioGainConfig\"\n       or v == \"android/media/RemoteDisplayState\"\n       or v == \"android/media/AudioGain\"\n       or v == \"android/media/AmrInputStream\"\n       or v == \"android/media/ExternalRingtonesCursorWrapper\"\n       or v == \"android/media/WebVttRenderer\"\n       or v == \"android/media/TextTrackCueSpan\"\n       or v == \"android/media/UnstyledTextExtractor\"\n       or v == \"android/media/Tokenizer\"\n       or v == \"android/media/TextTrackRegion\"\n       or v == \"android/media/TextTrackCue\"\n       or v == \"android/media/WebVttParser\"\n       or v == \"android/media/WebVttCueListener\"\n       or v == \"android/media/WebVttTrack\"\n       or v == \"android/media/WebVttRenderingWidget\"\n       or v == \"android/media/SubtitleController\"\n       or v == \"android/media/AudioSystem\"\n       or v == \"android/media/Metadata\"\n       or v == \"android/media/AudioRoutesInfo\"\n       or v == \"android/media/PlayerBase\"\n       or v == \"android/media/CharPos\"\n       or v == \"android/media/Justification\"\n       or v == \"android/media/Style\"\n       or v == \"android/media/Font\"\n       or v == \"android/media/Karaoke\"\n       or v == \"android/media/HyperText\"\n       or v == \"android/media/browse/MediaBrowserUtils\"\n       or v == \"android/media/Builder\"\n       or v == \"android/media/State\"\n       or v == \"android/media/MediaInserter\"\n       or v == \"android/media/ClosedCaptionRenderer\"\n       or v == \"android/media/Cea608CaptionTrack\"\n       or v == \"android/media/ClosedCaptionWidget\"\n       or v == \"android/media/ClosedCaptionLayout\"\n       or v == \"android/media/Cea608CCParser\"\n       or v == \"android/media/MutableBackgroundColorSpan\"\n       or v == \"android/media/Cea608CCWidget\"\n       or v == \"android/media/MediaRouterClientState\"\n       or v == \"android/media/ResampleInputStream\"\n       or v == \"android/media/OnAudioPortUpdateListener\"\n       or v == \"android/media/CertificateRequest\"\n       or v == \"android/media/Certificate\"\n       or v == \"android/media/AudioPatch\"\n       or v == \"android/media/MediaImage\"\n       or v == \"android/media/SubtitleData\"\n       or v == \"android/media/projection/Callback\"\n       or v == \"android/media/projection/CallbackDelegate\"\n       or v == \"android/media/projection/MediaProjectionInfo\"\n       or v == \"android/media/session/OnVolumeKeyLongPressListener\"\n       or v == \"android/media/session/OnMediaKeyListener\"\n       or v == \"android/media/session/Callback\"\n       or v == \"android/media/session/MediaSessionLegacyHelper\"\n       or v == \"android/media/session/ParcelableVolumeInfo\"\n       or v == \"android/media/session/CallbackStub\"\n       or v == \"android/media/effect/FilterEffect\"\n       or v == \"android/media/effect/FilterGraphEffect\"\n       or v == \"android/media/effect/SingleFilterEffect\"\n       or v == \"android/media/effect/effects/BrightnessEffect\"\n       or v == \"android/media/effect/effects/BitmapOverlayEffect\"\n       or v == \"android/media/effect/effects/DuotoneEffect\"\n       or v == \"android/media/effect/effects/SharpenEffect\"\n       or v == \"android/media/effect/effects/ColorTemperatureEffect\"\n       or v == \"android/media/effect/effects/LomoishEffect\"\n       or v == \"android/media/effect/effects/SepiaEffect\"\n       or v == \"android/media/effect/effects/FlipEffect\"\n       or v == \"android/media/effect/effects/VignetteEffect\"\n       or v == \"android/media/effect/effects/AutoFixEffect\"\n       or v == \"android/media/effect/effects/RotateEffect\"\n       or v == \"android/media/effect/effects/SaturateEffect\"\n       or v == \"android/media/effect/effects/CrossProcessEffect\"\n       or v == \"android/media/effect/effects/BackDropperEffect\"\n       or v == \"android/media/effect/effects/TintEffect\"\n       or v == \"android/media/effect/effects/PosterizeEffect\"\n       or v == \"android/media/effect/effects/GrayscaleEffect\"\n       or v == \"android/media/effect/effects/RedEyeEffect\"\n       or v == \"android/media/effect/effects/DocumentaryEffect\"\n       or v == \"android/media/effect/effects/IdentityEffect\"\n       or v == \"android/media/effect/effects/FisheyeEffect\"\n       or v == \"android/media/effect/effects/ContrastEffect\"\n       or v == \"android/media/effect/effects/StraightenEffect\"\n       or v == \"android/media/effect/effects/FillLightEffect\"\n       or v == \"android/media/effect/effects/GrainEffect\"\n       or v == \"android/media/effect/effects/BlackWhiteEffect\"\n       or v == \"android/media/effect/effects/NegativeEffect\"\n       or v == \"android/media/effect/SizeChangeEffect\"\n       or v == \"android/filterpacks/ui/SurfaceTargetFilter\"\n       or v == \"android/filterpacks/ui/SurfaceRenderFilter\"\n       or v == \"android/filterpacks/videosrc/MediaSource\"\n       or v == \"android/filterpacks/videosrc/CameraSource\"\n       or v == \"android/filterpacks/videosrc/SurfaceTextureSource\"\n       or v == \"android/filterpacks/videosrc/SurfaceTextureTarget\"\n       or v == \"android/filterpacks/videosink/MediaEncoderFilter\"\n       or v == \"android/filterpacks/videosink/MediaRecorderStopException\"\n       or v == \"android/filterpacks/numeric/SinWaveFilter\"\n       or v == \"android/filterpacks/imageproc/ContrastFilter\"\n       or v == \"android/filterpacks/imageproc/StraightenFilter\"\n       or v == \"android/filterpacks/imageproc/DrawRectFilter\"\n       or v == \"android/filterpacks/imageproc/CropRectFilter\"\n       or v == \"android/filterpacks/imageproc/ToGrayFilter\"\n       or v == \"android/filterpacks/imageproc/AlphaBlendFilter\"\n       or v == \"android/filterpacks/imageproc/CropFilter\"\n       or v == \"android/filterpacks/imageproc/ImageCombineFilter\"\n       or v == \"android/filterpacks/imageproc/RedEyeFilter\"\n       or v == \"android/filterpacks/imageproc/ToRGBFilter\"\n       or v == \"android/filterpacks/imageproc/SimpleImageFilter\"\n       or v == \"android/filterpacks/imageproc/FisheyeFilter\"\n       or v == \"android/filterpacks/imageproc/ResizeFilter\"\n       or v == \"android/filterpacks/imageproc/FixedRotationFilter\"\n       or v == \"android/filterpacks/imageproc/BlendFilter\"\n       or v == \"android/filterpacks/imageproc/ToRGBAFilter\"\n       or v == \"android/filterpacks/imageproc/DrawOverlayFilter\"\n       or v == \"android/filterpacks/imageproc/BitmapSource\"\n       or v == \"android/filterpacks/imageproc/ImageEncoder\"\n       or v == \"android/filterpacks/imageproc/ToPackedGrayFilter\"\n       or v == \"android/filterpacks/imageproc/RotateFilter\"\n       or v == \"android/filterpacks/imageproc/BrightnessFilter\"\n       or v == \"android/filterpacks/imageproc/BitmapOverlayFilter\"\n       or v == \"android/filterpacks/imageproc/Invert\"\n       or v == \"android/filterpacks/imageproc/FlipFilter\"\n       or v == \"android/filterpacks/text/ToUpperCase\"\n       or v == \"android/filterpacks/text/StringSource\"\n       or v == \"android/filterpacks/text/StringLogger\"\n       or v == \"android/filterpacks/performance/ThroughputFilter\"\n       or v == \"android/filterpacks/performance/Throughput\"\n       or v == \"android/filterpacks/base/CallbackFilter\"\n       or v == \"android/filterpacks/base/NoneFilter\"\n       or v == \"android/filterpacks/base/GLTextureSource\"\n       or v == \"android/filterpacks/base/FrameBranch\"\n       or v == \"android/filterpacks/base/RetargetFilter\"\n       or v == \"android/filterpacks/base/GLTextureTarget\"\n       or v == \"android/filterpacks/base/FrameFetch\"\n       or v == \"android/filterpacks/base/ObjectSource\"\n       or v == \"android/filterpacks/base/FrameSource\"\n       or v == \"android/filterpacks/base/OutputStreamTarget\"\n       or v == \"android/filterpacks/base/InputStreamSource\"\n       or v == \"android/filterpacks/base/FrameStore\"\n       or v == \"android/filterpacks/videoproc/BackDropperFilter\"\n       or v == \"android/filterfw/core/FilterSurfaceView\"\n       or v == \"android/filterfw/core/InputPort\"\n       or v == \"android/filterfw/core/FieldPort\"\n       or v == \"android/filterfw/core/StreamPort\"\n       or v == \"android/filterfw/core/FilterContext\"\n       or v == \"android/filterfw/core/GLFrame\"\n       or v == \"android/filterfw/core/SimpleFrame\"\n       or v == \"android/filterfw/core/FilterFactory\"\n       or v == \"android/filterfw/core/VertexFrame\"\n       or v == \"android/filterfw/core/GraphRunner\"\n       or v == \"android/filterfw/core/ProgramPort\"\n       or v == \"android/filterfw/core/ShaderProgram\"\n       or v == \"android/filterfw/core/NativeAllocatorTag\"\n       or v == \"android/filterfw/core/Frame\"\n       or v == \"android/filterfw/core/Scheduler\"\n       or v == \"android/filterfw/core/SimpleFrameManager\"\n       or v == \"android/filterfw/core/KeyValueMap\"\n       or v == \"android/filterfw/core/ProgramVariable\"\n       or v == \"android/filterfw/core/FinalPort\"\n       or v == \"android/filterfw/core/FilterGraph\"\n       or v == \"android/filterfw/core/CachedFrameManager\"\n       or v == \"android/filterfw/core/RandomScheduler\"\n       or v == \"android/filterfw/core/FilterPort\"\n       or v == \"android/filterfw/core/MutableFrameFormat\"\n       or v == \"android/filterfw/core/FrameManager\"\n       or v == \"android/filterfw/core/NativeFrame\"\n       or v == \"android/filterfw/core/FilterFunction\"\n       or v == \"android/filterfw/core/AsyncRunner\"\n       or v == \"android/filterfw/core/ProtocolException\"\n       or v == \"android/filterfw/core/FrameFormat\"\n       or v == \"android/filterfw/core/NativeBuffer\"\n       or v == \"android/filterfw/core/Program\"\n       or v == \"android/filterfw/core/RoundRobinScheduler\"\n       or v == \"android/filterfw/core/GLEnvironment\"\n       or v == \"android/filterfw/core/StopWatch\"\n       or v == \"android/filterfw/core/SerializedFrame\"\n       or v == \"android/filterfw/core/OneShotScheduler\"\n       or v == \"android/filterfw/core/NativeProgram\"\n       or v == \"android/filterfw/core/SimpleScheduler\"\n       or v == \"android/filterfw/core/Filter\"\n       or v == \"android/filterfw/core/OutputPort\"\n       or v == \"android/filterfw/core/SyncRunner\"\n       or v == \"android/filterfw/io/GraphReader\"\n       or v == \"android/filterfw/io/GraphIOException\"\n       or v == \"android/filterfw/io/TextGraphReader\"\n       or v == \"android/filterfw/io/PatternScanner\"\n       or v == \"android/filterfw/GraphEnvironment\"\n       or v == \"android/filterfw/MffEnvironment\"\n       or v == \"android/filterfw/FilterFunctionEnvironment\"\n       or v == \"android/filterfw/format/PrimitiveFormat\"\n       or v == \"android/filterfw/format/ObjectFormat\"\n       or v == \"android/filterfw/format/ImageFormat\"\n       or v == \"android/filterfw/geometry/Quad\"\n       or v == \"android/filterfw/geometry/Point\"\n       or v == \"android/filterfw/geometry/Rectangle\"\n   ]\n      )\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: function.name matches \"EVP_aes_.*\"\n  ] and\n  contains [\n    FunctionCall: function.name == \"EVP_CIPHER_CTX_set_key_length\"\n      and(arguments[1].constantValue is [Number:  < 128])\n  ]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name matches \"EVP_EncryptInit|EVP_DecryptInit|EVP_CipherInit\"\n      and arguments[2] is arguments[3]\n      and arguments[3].constantValue.None\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: fc.name matches \"EVP_EncryptInit|EVP_DecryptInit|EVP_CipherInit\" and\n      (not arguments[3].constantValue.None\n      or (arguments[2].constantValue == arguments[3].constantValue and not arguments[3].constantValue.None))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name matches \"EVP_EncryptInit_ex|EVP_DecryptInit_ex|EVP_CipherInit_ex|BF_cbc_encrypt|BF_cfb64_encrypt|BF_ofb64_encrypt|DES_ncbc_encrypt|DES_pcbc_encrypt|DES_cfb64_encrypt|DES_ofb64_encrypt|DES_xcbc_encrypt|DES_cbc_cksum|DES_enc_read|DES_enc_write\"\n      and arguments[3] is arguments[4]\n      and arguments[4].constantValue.None\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: fc.name matches \"EVP_EncryptInit_ex|EVP_DecryptInit_ex|EVP_CipherInit_ex|BF_cbc_encrypt|BF_cfb64_encrypt|BF_ofb64_encrypt|DES_ncbc_encrypt|DES_pcbc_encrypt|DES_cfb64_encrypt|DES_ofb64_encrypt|DES_xcbc_encrypt|DES_cbc_cksum|DES_enc_read|DES_enc_write\" and\n      (not arguments[4].constantValue.None\n      or (arguments[3].constantValue == arguments[4].constantValue and not arguments[4].constantValue.None))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name matches \"DES_ede2_cbc_encrypt|DES_ede2_cfb64_encrypt|DES_ede2_ofb64_encrypt\"\n      and (arguments[3] is arguments[5] or arguments[4] is arguments[5])\n      and arguments[5].constantValue.None\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: fc.name matches \"DES_ede2_cbc_encrypt|DES_ede2_cfb64_encrypt|DES_ede2_ofb64_encrypt\" and\n      (not arguments[5].constantValue.None\n      or (arguments[3].constantValue == arguments[5].constantValue and not arguments[5].constantValue.None)\n      or (arguments[4].constantValue == arguments[5].constantValue and not arguments[5].constantValue.None))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name matches \"DES_ede3_cbc_encrypt|ES_ede3_cfb64_encrypt|DES_ede3_ofb64_encrypt\"\n      and (arguments[3] is arguments[6] or arguments[4] is arguments[6] or arguments[5] is arguments[6])\n      and arguments[6].constantValue.None\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: fc.name matches \"DES_ede3_cbc_encrypt|ES_ede3_cfb64_encrypt|DES_ede3_ofb64_encrypt\" and\n      (not arguments[6].constantValue.None\n      or (arguments[3].constantValue == arguments[6].constantValue and not arguments[6].constantValue.None)\n      or (arguments[4].constantValue == arguments[6].constantValue and not arguments[6].constantValue.None)\n      or (arguments[5].constantValue == arguments[6].constantValue and not arguments[6].constantValue.None))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: name matches \"DES_cfb_encrypt|DES_ofb_encrypt\"\n      and arguments[4] is arguments[5]\n      and arguments[5].constantValue.None\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall fc: fc.name matches \"DES_cfb_encrypt|DES_ofb_encrypt\" and\n      (not arguments[5].constantValue.None\n      or (arguments[4].constantValue == arguments[5].constantValue and not arguments[5].constantValue.None))\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  StringLiteral s: \n      constantValue matches \"(?i)^PRAGMA\\s+(key|hexkey|textkey|rekey|hexrekey|textrekey)\\s*=\\s*(\\x22|\\x27)(\\x22|\\x27)(;)?\\s*$\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  StringLiteral s: \n      constantValue matches \"(?i)^PRAGMA\\s+(key|hexkey|textkey|rekey|hexrekey|textrekey)\\s*=\\s*(\\x22|\\x27).+(\\x22|\\x27)(;)?\\s*$\"\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Signature",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: function.name == \"BCryptOpenAlgorithmProvider\"\n      and arguments[1].constantValue is [String: startsWith \"DSA\" or startsWith \"RSA_SIGN\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"BCryptGenerateKeyPair\"\n      and(arguments[2].constantValue is [Number:  < 2048])\n  ]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Signature",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: function.name == \"BCryptOpenAlgorithmProvider\"\n      and arguments[1].constantValue is [String: startsWith \"DSA\" or startsWith \"RSA_SIGN\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"BCryptGenerateKeyPair\"\n      and(arguments[2].constantValue is [Number:  < 2048])\n  ]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: function.name == \"BCryptOpenAlgorithmProvider\"\n      and arguments[1].constantValue is [String: startsWith \"RSA\" and not startsWith \"RSA_SIGN\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"BCryptGenerateKeyPair\"\n      and(arguments[2].constantValue is [Number:  < 2048])\n  ]*\n     "
-  },
-  {
-    "language": "cpp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: function.name == \"BCryptOpenAlgorithmProvider\"\n      and arguments[1].constantValue is [String: startsWith \"RSA\" and not startsWith \"RSA_SIGN\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"BCryptGenerateKeyPair\"\n      and(arguments[2].constantValue is [Number:  < 2048])\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "XML External Entity Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  ReturnStatement rs: rs.enclosingFunction is [\n      Function f: f.name == \"resolveEntity\" and f.enclosingClass is [Class c: c.supers contains [Class p: p.name matches \"org\\.xml\\.sax\\.EntityResolver(2)?\"]]\n  ] and rs.expression is [Expression e: e.constantValue is [None: ] ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site WebSocket Hijacking",
-    "vuln_subcategory": None,
-    "predicate": "\n        ReturnStatement rs: rs.expression.constantValue == false and\n       rs.enclosingFunction.name == \"checkOrigin\" and\n       rs.enclosingFunction.enclosingClass.supers contains [Class c: name == \"javax.websocket.server.ServerEndpointConfig$Configurator\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Non-final Public Static Field",
-    "predicate": "\n  Field:\n      public\n      and static\n      and not(final)\n      and not(volatile)\n      and enclosingClass is\n      /* do not count classes acting like a struct, with no methods except constructors */\n       [Class:\n   functions contains [Function:\n       isBodyAvailable\n       and not constructor\n       and not name == \"init^\"\n       and not name matches \"<static>|clinit\\^\"\n   ]\n      ]\n      and not synthetic\n      /* Scala exception */\n      and not name == \"MODULE$\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Non-final Public Static Field",
-    "predicate": "\n  Field:\n      public\n      and static\n      and not(final)\n      and not(volatile)\n      and enclosingClass is\n      /* do not count classes acting like a struct, with no methods except constructors */\n   [Class: functions contains [Function:\n       not constructor\n       and not name == \"init^\"\n       and not name matches \"<static>|clinit\\^\"\n   ]\n      ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Swallowed ThreadDeath",
-    "predicate": "CatchBlock:\n      exception.type.definition.supers contains\n      [Class: name == \"java.lang.ThreadDeath\"] and\n      not(contains [ThrowStatement: expression.type.definition.supers contains\n      [Class: name == \"java.lang.ThreadDeath\"]])\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Call to notify()",
-    "predicate": "\n   SynchronizedBlock: contains\n   [\n       FunctionCall: function.name == \"notify\"\n   ]*\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Incorrect serialPersistentFields Modifier",
-    "predicate": "\n    Field:\n      name is \"serialPersistentFields\" and\n      /* enclosingClass.serializable and */\n      enclosingClass.supers contains [name == \"java.io.Serializable\"] and\n      not (\n        private\n        and static\n        and final\n      )\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak SecurityManager Check",
-    "vuln_subcategory": "Overridable Method",
-    "predicate": "\n    Function f:\n      not f.constructor and\n      not f.name == \"init^\" and\n      not f.initializer and\n      not f.enclosingClass.final and\n      not f.private and\n      not f.static and\n      not f.final and\n      f.callees contains [\n        Function:\n   enclosingClass.supers contains [\n     Class:\n       name is \"java.security.AccessController\" or\n       name is \"java.lang.SecurityManager\"\n   ]\n      ]*\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Throw Inside Finally",
-    "predicate": "FinallyBlock: contains [ThrowStatement: ]"
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Castor Bad Practices",
-    "vuln_subcategory": "Query Mode Not Read-Only",
-    "predicate": "\n  FunctionCall: function.name == \"execute\" and function.enclosingClass.supers contains [Class: name == \"org.exolab.castor.jdo.Query\"]\n  and function.parameterTypes.length != 0\n  and not (arguments[0] is [FieldAccess: field.name matches \"(?i)ReadOnly\" and type.name == \"org.exolab.castor.mapping.AccessMode\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privilege Management",
-    "vuln_subcategory": "Overly Broad Access Specifier",
-    "predicate": "\n       Function f:\n  f.public and\n  f.callees contains [\n    Function:\n      enclosingClass.supers contains [\n        Class:\n   name is \"java.security.AccessController\"\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: (function.constructor or function.name == \"init^\") and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ]\n      and arguments[2].constantValue is [String: startsWith \"DESede\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"init\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ] and(arguments[0].constantValue is [Number:  < 168])\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: (function.constructor or function.name == \"init^\") and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ]\n      and arguments[2].constantValue is [String: startsWith \"AES\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"init\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ] and(arguments[0].constantValue is [Number:  < 128])\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: function.name == \"getInstance\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ]\n      and arguments[0].constantValue is [String: startsWith \"DESede\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"init\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ] and(arguments[0].constantValue is [Number:  < 168])\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: function.name == \"getInstance\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ]\n      and arguments[0].constantValue is [String: startsWith \"AES\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"init\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ] and(arguments[0].constantValue is [Number:  < 128])\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: (function.name matches \"getInstance|init\\^\" or function.constructor)\n      and function.enclosingClass.supers contains [\n        Class: name == \"java.security.KeyPairGenerator\"\n      ]\n      and arguments[0].constantValue is [String: startsWith \"RSA\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"initialize\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"java.security.KeyPairGenerator\"\n      ] and(arguments[0].constantValue is [Number:  < 2048])\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Missing SecurityManager Check",
-    "vuln_subcategory": "Serializable",
-    "predicate": "\n       Function f:\n  (f.constructor or f.name == \"init^\") and\n  f.enclosingClass.supers contains [\n    Class:\n      name is \"java.io.Serializable\"\n  ] and reaches [\n    Function:\n      enclosingClass.supers contains [\n        Class:\n   name is \"java.security.AccessController\" or\n   name is \"java.lang.SecurityManager\"\n      ]\n  ] and ((not\n    f.enclosingClass.functions contains [\n      Function ro:\n        ro.name is \"readObject\" and\n        reaches [\n   Function:\n   enclosingClass.supers contains [\n     Class:\n       name is \"java.security.AccessController\" or\n       name is \"java.lang.SecurityManager\"\n   ]\n        ]*\n    ]) or (not\n    f.enclosingClass.functions contains [\n      Function rond:\n        rond.name is \"readObjectNoData\" and\n        reaches [\n   Function:\n   enclosingClass.supers contains [\n     Class:\n       name is \"java.security.AccessController\" or\n       name is \"java.lang.SecurityManager\"\n   ]\n        ]*\n    ]))\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Missing SecurityManager Check",
-    "vuln_subcategory": "Cloneable",
-    "predicate": "\n       Function f:\n  (f.constructor or f.name == \"init^\") and\n  f.enclosingClass.supers contains [\n    Class:\n      name is \"java.lang.Cloneable\"\n  ] and reaches [\n    Function:\n      enclosingClass.supers contains [\n        Class:\n   name is \"java.security.AccessController\" or\n   name is \"java.lang.SecurityManager\"\n      ]\n  ] and not\n  f.enclosingClass.functions contains [\n    Function clone:\n      clone.name is \"clone\" and\n      reaches [\n        Function:\n        enclosingClass.supers contains [\n   Class:\n     name is \"java.security.AccessController\" or\n     name is \"java.lang.SecurityManager\"\n        ]\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Castor Bad Practices",
-    "vuln_subcategory": "Query Mode Not Read-Only",
-    "predicate": "\n  FunctionCall: function.name == \"execute\" and function.enclosingClass.supers contains [Class: name == \"org.exolab.castor.jdo.Query\"]\n  and function.parameterTypes.length != 0\n  and not (arguments[0] is [FieldAccess: field.name matches \"(?i)ReadOnly\" and type.name == \"org.exolab.castor.mapping.AccessMode\"])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Privilege Management",
-    "vuln_subcategory": "Overly Broad Access Specifier",
-    "predicate": "\n       Function f:\n  f.public and\n  f.callees contains [\n    Function:\n      enclosingClass.supers contains [\n        Class:\n   name is \"java.security.AccessController\"\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: function.name == \"getInstance\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ]\n      and arguments[0].constantValue is [String: startsWith \"DESede\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"init\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ] and(arguments[0].constantValue is [Number:  < 168])\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: function.name == \"getInstance\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ]\n      and arguments[0].constantValue is [String: startsWith \"AES\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"init\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"javax.crypto.KeyGenerator\"\n      ] and(arguments[0].constantValue is [Number:  < 128])\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  Function:\n  contains [\n    FunctionCall: (function.name matches \"getInstance|init\\^\" or function.constructor)\n      and function.enclosingClass.supers contains [\n        Class: name == \"java.security.KeyPairGenerator\"\n      ]\n      and arguments[0].constantValue is [String: startsWith \"RSA\"]\n  ] and\n  contains [\n    FunctionCall: function.name == \"initialize\" and\n      function.enclosingClass.supers contains [\n        Class: name == \"java.security.KeyPairGenerator\"\n      ] and(arguments[0].constantValue is [Number:  < 2048])\n  ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Missing SecurityManager Check",
-    "vuln_subcategory": "Serializable",
-    "predicate": "\n       Function f:\n  (f.constructor or f.name == \"init^\") and\n  f.enclosingClass.supers contains [\n    Class:\n      name is \"java.io.Serializable\"\n  ] and reaches [\n    Function:\n      enclosingClass.supers contains [\n        Class:\n   name is \"java.security.AccessController\" or\n   name is \"java.lang.SecurityManager\"\n      ]\n  ] and ((not\n    f.enclosingClass.functions contains [\n      Function ro:\n        ro.name is \"readObject\" and\n        reaches [\n   Function:\n   enclosingClass.supers contains [\n     Class:\n       name is \"java.security.AccessController\" or\n       name is \"java.lang.SecurityManager\"\n   ]\n        ]*\n    ]) or (not\n    f.enclosingClass.functions contains [\n      Function rond:\n        rond.name is \"readObjectNoData\" and\n        reaches [\n   Function:\n   enclosingClass.supers contains [\n     Class:\n       name is \"java.security.AccessController\" or\n       name is \"java.lang.SecurityManager\"\n   ]\n        ]*\n    ]))\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Missing SecurityManager Check",
-    "vuln_subcategory": "Cloneable",
-    "predicate": "\n       Function f:\n  (f.constructor or f.name == \"init^\") and\n  f.enclosingClass.supers contains [\n    Class:\n      name is \"java.lang.Cloneable\"\n  ] and reaches [\n    Function:\n      enclosingClass.supers contains [\n        Class:\n   name is \"java.security.AccessController\" or\n   name is \"java.lang.SecurityManager\"\n      ]\n  ] and not\n  f.enclosingClass.functions contains [\n    Function clone:\n      clone.name is \"clone\" and\n      reaches [\n        Function:\n        enclosingClass.supers contains [\n   Class:\n     name is \"java.security.AccessController\" or\n     name is \"java.lang.SecurityManager\"\n        ]\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is [FieldAccess:\n       instance.location is [VariableAccess: this]\n       and field is [Field dec:\n    /* We assume that a static or singleton file is meant to be shared by design */\n    not static\n    and not type.definition.labels contains [String s: s matches \".*SingletonBean$\"]\n       ]*\n   ]\n   and (\n       enclosingClass is [Class singletons: /* TEMPLATED */ ]\n       or enclosingClass.labels contains \"SpringSingletonBean\"\n   )\n   and not enclosingClass.supers contains [Class:\n       name == \"org.springframework.web.servlet.mvc.Controller\"\n       or name == \"org.springframework.web.portlet.mvc.Controller\"\n   ] and not enclosingClass.supers contains [Class: annotations contains [Annotation:\n       type.name == \"org.springframework.stereotype.Controller\"\n       or type.name == \"org.springframework.web.bind.annotation.RestController\"\n   ]]\n   and not enclosingFunction is [Function:\n       /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n       (constructor or name matches \"init.*\")\n       /* EXCEPTION: enclosing function is only reachable from a constructor */\n       or (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor])\n       /* EXCEPTION:  org.springframework.beans.factory.InitializingBean.afterPropertiesSet is only call once*/\n       or (name == \"afterPropertiesSet\" and enclosingClass.supers contains [Class ibean: name == \"org.springframework.beans.factory.InitializingBean\"])\n       /* EXCEPTION: org.springframework.beans.factory.DisposableBean.destroy is only call once */\n       or (name == \"destroy\" and enclosingClass.supers contains [Class dbean: name == \"org.springframework.beans.factory.DisposableBean\"])\n       /* EXCEPTION: @PostConstruct and @PreDestroy methods are only called once */\n       or (annotations contains [type.name matches \"javax.annotation.(PostConstruct|PreDestroy)\"])\n       /* EXCEPTION: enclosing function is only reachable from a method that is only called once */\n       or (\n    callers.length != 0\n    and not callers contains [Function:\n        not constructor\n        and not name == \"init^\"\n        and not annotations contains [Annotation:\n     type.name matches \"javax.annotation.(PostConstruct|PreDestroy)\"\n        ]\n        and not name matches \"init.*\"\n    ]\n       )]\n   and enclosingFunction.callers.length > 1\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Struts",
-    "vuln_subcategory": "Erroneous validate() Method",
-    "predicate": "\n Function: name == \"validate\" and enclosingClass.supers contains [name == \"org.apache.struts.validator.ValidatorForm\"] and not (callees contains [Function: reaches [Function: name == \"validate\" and enclosingClass.supers contains [name == \"org.apache.struts.validator.ValidatorForm\"]]])\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Erroneous String Compare",
-    "predicate": "\n      Operation: ((op == \"==\") or (op == \"!=\")) and\n       (lhs.type.name == \"java.lang.String\" and\n        rhs.type.name == \"java.lang.String\")\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Unsafe Mobile Code",
-    "vuln_subcategory": "Access Violation",
-    "predicate": "\n ReturnStatement rs: enclosingFunction is [public or protected] and\n     expression.location is [FieldAccess: field is\n     [private or package or (protected and rs.enclosingFunction.public)] and\n     field.type.arrayDimensions > arrayIndices.length]\n     and enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Unsafe Mobile Code",
-    "vuln_subcategory": "Public finalize() Method",
-    "predicate": "\n Function: name == \"finalize\" and parameterTypes.length == 0 and public\n     and enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Unsafe Mobile Code",
-    "vuln_subcategory": "Inner Class",
-    "predicate": "\n Class: in [Class:]\n     and enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Unsafe Mobile Code",
-    "vuln_subcategory": "Unsafe Array Declaration",
-    "predicate": "\n Field: (public or protected) and static and final and type.arrayDimensions > 0\n     and enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Unsafe Mobile Code",
-    "vuln_subcategory": "Unsafe Public Field",
-    "predicate": "\n  Field var: public and not final\n   and enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Unsafe Mobile Code",
-    "vuln_subcategory": "Unsafe Public Field",
-    "predicate": "\n Field: public and not final\n     and enclosingClass reachedBy [supers contains [name == \"java.applet.Applet\"]]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Static Database Connection",
-    "predicate": "\n     Field: static and type.name == \"java.sql.Connection\" and not private\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "EJB Bad Practices",
-    "vuln_subcategory": "Use of Class Loader",
-    "predicate": "\n FunctionCall: enclosingClass.supers contains [name == \"javax.ejb.EnterpriseBean\"]\n     and function reaches [enclosingClass.supers contains [name == \"java.lang.ClassLoader\"]]*\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "EJB Bad Practices",
-    "vuln_subcategory": "Use of Sockets",
-    "predicate": "\n FunctionCall: enclosingClass.supers contains [name == \"javax.ejb.EnterpriseBean\"]\n     and function reaches [enclosingClass.supers contains [name == \"java.net.Socket\"]]*\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "EJB Bad Practices",
-    "vuln_subcategory": "Use of java.io",
-    "predicate": "\n FunctionCall: enclosingClass.supers contains [name == \"javax.ejb.EnterpriseBean\"]\n     and function reaches [enclosingClass.name matches \"^java\\.io\\..*File.*\"]*\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "EJB Bad Practices",
-    "vuln_subcategory": "Use of AWT/Swing",
-    "predicate": "\n FunctionCall: enclosingClass.supers contains [name == \"javax.ejb.EnterpriseBean\"]\n     and function reaches\n     [enclosingClass.name startsWith \"java.awt.\" or enclosingClass.name startsWith \"javax.swing.\"]*\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "EJB Bad Practices",
-    "vuln_subcategory": "Use of Synchronization Primitives",
-    "predicate": "\n FunctionCall: enclosingClass.supers contains [name == \"javax.ejb.EnterpriseBean\"]\n     and function reaches\n     [name == \"notify\" and parameterTypes.length == 0 or\n      name == \"notifyAll\" and parameterTypes.length == 0 or\n      name == \"wait\" and parameterTypes.length == 0 or\n      name == \"wait\" and parameterTypes.length == 1 and parameterTypes[0].name == \"long\" or\n      name == \"wait\" and parameterTypes.length == 2 and parameterTypes[0].name == \"long\" and parameterTypes[1].name == \"int\"]*\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Confusing Naming",
-    "predicate": "\n      Declaration dec:\n   dec in [Class: name == dec.name]\n   and not is [Function: constructor]\n   and not synthetic\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Identifier Contains Dollar Symbol ($)",
-    "predicate": "\n  Declaration:\n      name contains \"$\"\n      and not (\n   is [Class: in [Class:]]\n   or is [Function: constructor and in [Class: in [Class:]]]\n   or is [Class: name matches \".*\\$[0-9].*|.*@(lambda|ref)([0-9])+\"]\n   or name == \"MODULE$\"\n   or name matches \".*\\$anonfun\\$.*\"\n   or synthetic\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Explicit Call to finalize()",
-    "predicate": "\n FunctionCall: function is [name == \"finalize\" and parameterTypes.length == 0]\n     and not (enclosingFunction is [name == \"finalize\" and parameterTypes.length == 0]\n  and enclosingClass.supers contains function.enclosingClass\n  and function.enclosingClass != enclosingClass)\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Empty Synchronized Block",
-    "predicate": "\n SynchronizedBlock: empty\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Poor Logging Practice",
-    "vuln_subcategory": "Logger Not Declared Static Final",
-    "predicate": "\n Field f: not (static and final) and type.definition.supers contains\n     [Class: name == \"java.util.logging.Logger\" or name == \"org.apache.log4j.Logger\"]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Poor Logging Practice",
-    "vuln_subcategory": "Multiple Loggers",
-    "predicate": "\n Field f: type.definition.supers contains [Class: name == \"java.util.logging.Logger\" or name == \"org.apache.log4j.Logger\"]\n     and enclosingClass contains\n     [Field: type.definition.supers contains [Class: name == \"java.util.logging.Logger\" or name == \"org.apache.log4j.Logger\" ] and != f]*\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Return Inside Finally",
-    "predicate": "\n ReturnStatement: in [FinallyBlock:]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Program Catches NonePointerException",
-    "predicate": "\n CatchBlock: exception.type.name == \"java.lang.NonePointerException\"\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Object Model Violation",
-    "vuln_subcategory": "Just one of restoreState() and saveState() Defined",
-    "predicate": "\n  Function: name == \"restoreState\" and parameterTypes.length == 2 and\n           parameterTypes[0].name matches \"javax\\.faces\\.context\\.FacesContext(Wrapper)?\" and\n           parameterTypes[1] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and not enclosingClass contains\n   [Function: name == \"saveState\" and parameterTypes.length == 1 and\n          parameterTypes[0].name matches \"javax\\.faces\\.context\\.FacesContext(Wrapper)?\"]\n   and enclosingClass.supers contains [Class: name == \"javax.faces.component.StateHolder\"] or\n   name == \"saveState\" and parameterTypes.length == 1 and\n      parameterTypes[0].name matches \"javax\\.faces\\.context\\.FacesContext(Wrapper)?\"\n   and not enclosingClass contains\n   [Function: name == \"restoreSave\" and parameterTypes.length == 2 and\n            parameterTypes[0].name matches \"javax\\.faces\\.context\\.FacesContext(Wrapper)?\" and\n            parameterTypes[1] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]]\n   and enclosingClass.supers contains [Class: name matches \"javax\\.faces\\.context\\.FacesContext(Wrapper)?\"]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Object Model Violation",
-    "vuln_subcategory": "Just one of equals() and hashCode() Defined",
-    "predicate": "\n  Function: \n      (\n   name == \"equals\" \n   and public \n   and parameterTypes.length == 1 \n   and parameterTypes[0] is [Type: \n       name == \"java.lang.Object\"\n       or name == \"kotlin.Any\"\n   ]\n   and not enclosingClass contains [Function: \n       name == \"hashCode\" \n       and public \n       and parameterTypes.length == 0\n   ]\n   and not enclosingClass.supers contains [Class: \n       name == \"java.util.Comparator\"\n   ] \n      )\n      or \n      (\n   name == \"hashCode\" \n   and public \n   and parameterTypes.length == 0\n   and not enclosingClass contains [Function: \n       name == \"equals\" \n       and public \n       and parameterTypes.length == 1 \n       and parameterTypes[0] is [Type: \n    name == \"java.lang.Object\"\n    or name == \"kotlin.Any\"\n       ]\n   ]\n      )\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Object Model Violation",
-    "vuln_subcategory": "Erroneous clone() Method",
-    "predicate": "\n Function: name == \"clone\" and parameterTypes.length == 0 and not abstract and not contains\n     [FunctionCall: function is [name == \"clone\" and parameterTypes.length == 0] and\n     enclosingClass.supers contains function.enclosingClass and enclosingClass != function.enclosingClass] and\n     not enclosingClass.final\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "J2EE Bad Practices",
-    "vuln_subcategory": "Leftover Debug Code",
-    "predicate": "\n  Function: \n      name == \"main\" \n      /* synthetic is used to detect scala companion objects */\n      and (static or enclosingClass.modifiers contains \"synthetic\")\n      and returnType.name == \"void\"\n      and parameterTypes.length == 1 \n      and parameterTypes[0] is [name == \"java.lang.String\" and arrayDimensions == 1]\n      /* Exclude SpringBoot applications */\n      and enclosingClass is [Class:\n   not annotations contains [Annotation:\n       type.name == \"org.springframework.boot.autoconfigure.SpringBootApplication\"\n       or type.name == \"org.springframework.boot.autoconfigure.EnableAutoConfiguration\"\n   ]\n      ]\n      and not contains [FunctionCall: \n   function is [Function: \n       name == \"run\"\n       and enclosingClass.name == \"org.springframework.boot.SpringApplication\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "J2EE Bad Practices",
-    "vuln_subcategory": "Leftover Debug Code",
-    "predicate": "\n  Function: \n      name == \"main\" \n      and public\n      /* synthetic is used to detect scala companion objects */\n      and (static or enclosingClass.modifiers contains \"synthetic\")\n      and returnType.name == \"void\"\n      and parameterTypes.length == 1 \n      and parameterTypes[0] is [name == \"java.lang.String\" and arrayDimensions == 1]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Class Does Not Implement Cloneable",
-    "predicate": "\n Function: name == \"clone\" and parameterTypes.length == 0 and\n   not (enclosingClass.supers contains [Class: name == \"java.lang.Cloneable\"] or\n        exceptionTypes contains\n      [Type: name == \"java.lang.CloneNotSupportedException\"])\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "None Argument To Equivalence Method",
-    "predicate": "\n FunctionCall: function.name == \"equals\" and arguments.length == 1 and\n     (arguments[0] is [NoneLiteral:] or arguments[0].constantValue is [None: ])\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Misleading Method Signature",
-    "predicate": "\n  Function:\n      /* the function is actually called */\n      callers.length == 0 \n      /* do not match on synthetic (generated) functions */\n      and not synthetic\n      and (\n   ( /* equals */\n       (\n    name == \"equal\"\n    or (\n        name == \"equals\" \n        and (\n     /* equals function parameter is not correct */\n     parameterTypes.length != 1 \n     or not parameterTypes[0] is [Type: \n         name == \"java.lang.Object\"\n         or name == \"kotlin.Any\"\n     ]\n\n        ) \n        and not static\n    )\n       ) \n       and\n       /* make sure we're not just matching an overload */\n       (\n    not enclosingClass contains [Function: \n        name == \"equals\" \n        and parameterTypes.length == 1\n        and parameterTypes[0] is [Type: \n     name == \"java.lang.Object\"\n     or name == \"kotlin.Any\"\n        ]\n    ]\n       )\n   ) or\n   /* hashCode */\n   (\n       (\n    name == \"hashcode\" \n    or (\n        name == \"hashCode\" \n        and parameterTypes.length != 0\n    )\n       ) \n       /* make sure we're not just matching a separate function/overload */\n       and (\n    not enclosingClass contains [Function: \n        name == \"hashCode\" \n        and parameterTypes.length == 0\n    ]\n       )\n   ) \n   /* toString */\n   or (\n       name == \"tostring\" \n       /* and not matching a different function */\n       and not enclosingClass contains [Function: \n    name == \"toString\"\n       ]\n   ) \n   /* finalize */\n   or (\n       name == \"finalize\" \n       and parameterTypes.length != 0 \n       /* enclosing class doesn't contain finalize function with expected signature */\n       and not enclosingClass contains [Function: \n    name == \"finalize\" \n    and parameterTypes.length == 0\n       ]\n   )\n      )\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Erroneous finalize() Method",
-    "predicate": "\n Function: name == \"finalize\" and parameterTypes.length == 0 and not contains\n     [FunctionCall: function is [name == \"finalize\" and parameterTypes.length == 0] and\n     enclosingClass.supers contains function.enclosingClass and enclosingClass != function.enclosingClass]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Double-Checked Locking",
-    "predicate": "\n  IfStatement ifInsideSyncBlock: in \n      [SynchronizedBlock syncBlock: in\n   [IfStatement ifOutsideSyncBlock: \n       ifOutsideSyncBlock.expression == ifInsideSyncBlock.expression\n       and not ifInsideSyncBlock contains [AssignmentStatement as:\t\n    as.lhs is [FieldAccess fa: fa.field.volatile]\n       ]\n       and syncBlock.lock is [Expression this:\n    ifInsideSyncBlock contains [FieldAccess fa1:\n        ifOutsideSyncBlock contains [FieldAccess fa2:\n     fa1.instance is this\n     and fa2.instance is this\n     and fa1 == fa2\n        ]\n    ]\n       ]\n   ]*\n      ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Double-Checked Locking",
-    "predicate": "\n IfStatement ifs: in [SynchronizedBlock: in\n     [IfStatement: expression == ifs.expression]*]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Confusing Naming",
-    "predicate": "\n  Field f: not synthetic\n   and type.name != \"boolean\"\n   and type.name != \"java.lang.Boolean\"\n   and type.name != \"kotlin.Boolean\"\n   and enclosingClass contains [Function: name == f.name]*\n   and not enclosingClass.supers contains [Class: name == \"java.lang.Record\"]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Confusing Naming",
-    "predicate": "\n  Field f: type.name != \"boolean\" and type.name != \"java.lang.Boolean\" and enclosingClass contains [Function: name == f.name]*\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Poor Style",
-    "vuln_subcategory": "Confusing Naming",
-    "predicate": "\n Field f: type.name != \"boolean\" and type.name != \"java.lang.Boolean\" and enclosingClass contains [Function: name == f.name]*\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Poor Logging Practice",
-    "vuln_subcategory": "Use of a System Output Stream",
-    "predicate": "\n FunctionCall fc: fc.instance is [FieldAccess: field is [\n     enclosingClass.name == \"java.lang.System\" \n     and (name == \"out\" or name == \"err\")]]\n     /* Not accessed within main() function */\n     and not fc.enclosingFunction is [Function: \n  name == \"main\" \n  and public\n  /* synthetic is used to detect scala companion objects */\n  and (static or enclosingClass.modifiers contains \"synthetic\")\n  and returnType.name == \"void\"\n  and parameterTypes.length == 1 \n  and parameterTypes[0] is [name == \"java.lang.String\" and arrayDimensions == 1]\n     ] \n     and not fc.enclosingFunction is [Function: \n  name == \"main\"\n  and returnType.name == \"kotlin.Unit\"\n     ]\n     /* Enclosing function is not called from main() function */\n     and not fc.enclosingFunction reachedBy [Function: \n  name == \"main\" \n  and public\n  /* synthetic is used to detect scala companion objects */\n  and (static or enclosingClass.modifiers contains \"synthetic\")\n  and returnType.name == \"void\"\n  and parameterTypes.length == 1 \n  and parameterTypes[0] is [name == \"java.lang.String\" and arrayDimensions == 1]\n     ]\n     and not fc.enclosingFunction reachedBy [Function:\n  name == \"main\"\n  and returnType.name == \"kotlin.Unit\"\n     ]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Overly Broad Throws",
-    "predicate": "\n     Function f: exceptionTypes contains [Type e:\n      (e.name == \"java.lang.Exception\" or e.name == \"java.lang.Throwable\")\n  and not (f.name == \"finalize\" and f.parameterTypes.length == 0)\n  and f.name != \"main\"\n  and not (\n      f.enclosingClass.supers contains\n   // only report this on the top class in the hierarchy\n   [Class c: c != f.enclosingClass and contains\n       [ Function t: t.name == f.name and t.parameterTypes == f.parameterTypes\n       and f.exceptionTypes contains e\n       ]\n   ]\n      )\n  ]\n  // and not a Spring Security SecurityFilterChain configuration\n  and not f.returnType is [Type: definition.supers contains [Class: \n      name == \"org.springframework.security.web.SecurityFilterChain\"\n  ]]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Overly Broad Catch",
-    "predicate": "\n     CatchBlock: (exception.type.name == \"java.lang.Exception\" or\n   exception.type.name == \"java.lang.Throwable\" or\n   exception.type.name == \"java.lang.Error\" or\n   exception.type.name == \"java.lang.RuntimeException\") and\n   not contains [ThrowStatement: ] and\n\n\n   /* we're not inside main(), Runnable.run(), Servlet entrypoint methods,\n    Servlet and struts init() method, or jasper init() and service() methods */\n   not (enclosingFunction is [name == \"main\"] or\n       (enclosingClass.supers contains [name == \"javax.servlet.http.HttpServlet\"]\n    and enclosingFunction is\n      [name == \"doDelete\" or name == \"doGet\" or name == \"doHead\" or\n       name == \"doOptions\" or name == \"doPost\" or name == \"doPut\" or\n       name == \"doTrace\" or name == \"service\"]\n       )\n       or\n       (enclosingClass.supers contains [name == \"javax.servlet.Servlet\"]\n         and enclosingFunction is [name == \"service\"]\n       )\n       or\n       (enclosingClass.supers contains [name == \"java.lang.Runnable\"]\n         and enclosingFunction is [name == \"run\"]\n       )\n       or\n       (enclosingClass.supers contains [name == \"javax.servlet.Servlet\"]\n         and enclosingFunction is [name == \"init\"]\n       )\n       or\n       (enclosingClass.supers contains [name == \"org.apache.struts.action.PlugIn\"]\n         and enclosingFunction is [name == \"init\"]\n       )\n       or\n       (enclosingClass.supers contains [name == \"org.apache.jasper.runtime.HttpJspBase\"]\n         and enclosingFunction is [name == \"init\" or name == \"service\" or\n       name == \"jspInit\" or name == \"jspService\" or\n       name == \"_jspInit\" or name == \"_jspService\"]\n\t\t\t    )\n\t\t\t    or\n       (enclosingClass.annotations contains [Annotation: type == T\"org.springframework.stereotype.Controller\"])\n       or\n       (enclosingClass.annotations contains [Annotation: type == T\"org.springframework.web.bind.annotation.RestController\"])\t\n\t\t\t )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Empty Catch Block",
-    "predicate": "\n CatchBlock: empty and\n     not exception.type.name == \"java.lang.InterruptedException\"\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Call to System.gc()",
-    "predicate": "\n FunctionCall: function is [static and name == \"gc\" and\n     enclosingClass.name == \"java.lang.System\"]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "Incomplete Servlet Error Handling",
-    "predicate": "\n  Function:\n      /* We're in a Servlet: */\n   (\n    (enclosingClass.supers contains [name == \"javax.servlet.http.HttpServlet\"]\n     and parameterTypes[0].name == \"javax.servlet.http.HttpServletRequest\"\n     and parameterTypes[1].name == \"javax.servlet.http.HttpServletResponse\"\n     and\n     (name == \"doDelete\" or name == \"doGet\" or name == \"doHead\" or\n     name == \"doOptions\" or name == \"doPost\" or name == \"doPut\" or\n     name == \"doTrace\" or name == \"service\")\n    )\n    or\n    ( enclosingClass.supers contains [name == \"javax.servlet.Servlet\"]\n      and parameterTypes[0].name == \"javax.servlet.ServletRequest\"\n      and parameterTypes[1].name == \"javax.servlet.ServletResponse\"\n      and name == \"service\"\n    )\n   )\n\n   /*  The function we're in does not have a try block (containing at least one function call\n       other than log functions) whose catch catches Throwable, and the function does not call\n       any servlet entrypoint functions */\n      and not contains [FunctionCall: (function.enclosingClass.supers contains\n      [name == \"javax.servlet.http.HttpServlet\"] and\n       function.parameterTypes[0].name == \"javax.servlet.http.HttpServletRequest\" and\n       function.parameterTypes[1].name == \"javax.servlet.http.HttpServletResponse\" and\n      (function.name == \"doDelete\" or function.name == \"doGet\" or\n      function.name == \"doHead\" or function.name == \"doOptions\" or\n      function.name == \"doPost\" or function.name == \"doPut\" or\n      function.name == \"doTrace\" or function.name == \"service\")) or\n      (function.enclosingClass.supers contains\n      [name == \"javax.servlet.Servlet\"] and\n      function.parameterTypes[0].name == \"javax.servlet.ServletRequest\" and\n      function.parameterTypes[1].name == \"javax.servlet.ServletResponse\" and\n      function.name == \"service\")]\n      and contains [FunctionCall: not (function.name == \"error\" or function.name == \"fatal\" or\n           function.name == \"info\" or function.name == \"trace\" or\n           function.name == \"warn\" or function.name == \"debug\" or\n           function.name == \"log\" or function.name == \"assertLog\" or\n           function.name == \"l7dlog\" or function.name == \"logError\" or\n           function.name == \"logInfo\" or function.name == \"logWarning\" or\n           function.name == \"logDebug\" or function.name == \"logEvent\" or\n           function.name == \"throwing\" or function.name == \"logp\" or\n           function.name == \"logrb\" or function.name == \"exiting\" or\n           function.name == \"entering\" or function.name == \"fine\" or\n           function.name == \"finer\" or function.name == \"finest\") and\n     not in [TryBlock : catchBlocks contains\n     [CatchBlock: exception.type.definition.name == \"java.lang.Throwable\"]] and\n     /* Exclude custom functions in catch or finally block, since they most likely are log sanitization utilities.\n      Exception can still be thrown in catch or finally block, but they are probably rare and not good fit for this category\n      'Incomplete Servlet Error Handling' */\n     not in [CatchBlock:] and\n     not in [FinallyBlock:]\n     ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "J2EE Bad Practices",
-    "vuln_subcategory": "Non-Serializable Object Stored in Session",
-    "predicate": "\n  FunctionCall: function is [Function: \n   enclosingClass.name matches \"(javax|jakarta)\\.servlet\\.http\\.HttpSession\"\n   and (name == \"putValue\" or name == \"setAttribute\")\n      ]\n      and not (\n   arguments[1].type.definition.supers contains [name == \"java.io.Serializable\"]\n   or arguments[1].type is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   or (\n       arguments[1].type.name == \"java.util.Map\" \n       and not arguments[1].reachingTypes contains [Type: \n    name matches \"java\\.util\\.WeakHashMap|java\\.util\\.jar\\.Attributes|java\\.awt\\.RenderingHints|(javax|jakarta)\\.script\\.SimpleBindings\"\n       ]\n   )\n   or arguments[1].type.name == \"java.util.Set\"\n   or arguments[1].type.name == \"java.util.List\"\n   or (\n       arguments[1].type.name == \"java.util.Queue\" \n       and not arguments[1].reachingTypes contains [Type: \n    name == \"java.util.concurrent.DelayQueue\"\n       ]\n   )\n   or arguments[1] is [NoneLiteral: ]\n   /* arrays are serializable */\n   or arguments[1].type.arrayDimensions > 0\n   /* primitive types are serializable */\n   or arguments[1].type.primitive\n      )\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "J2EE Bad Practices",
-    "vuln_subcategory": "Non-Serializable Object Stored in Session",
-    "predicate": "\n  FunctionCall: function is\n   [enclosingClass.name == \"javax.servlet.http.HttpSession\"\n    and (name == \"putValue\" or name == \"setAttribute\")]\n   and not (arguments[1].type.definition.supers contains [name == \"java.io.Serializable\"]\n   or arguments[1].type is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   or arguments[1].type.name == \"java.util.Map\"\n   or arguments[1].type.name == \"java.util.Set\"\n   or arguments[1].type.name == \"java.util.List\"\n   or arguments[1].type.name == \"java.util.Queue\"\n   or arguments[1] is [NoneLiteral: ]\n   /* arrays are serializable */\n   or arguments[1].type.arrayDimensions > 0\n   /* primitive types are serializable */\n   or arguments[1].type.primitive)\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Call to Thread.run()",
-    "predicate": "\n FunctionCall: function is\n     [name == \"run\" and parameterTypes.length == 0 and\n     enclosingClass.supers contains [Class: name == \"java.lang.Thread\"]]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is\n    [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec:]*] and\n    enclosingClass.supers contains [Class singletons: /* TEMPLATED */] and\n    not enclosingFunction is\n     /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n     [constructor or name matches \"init.*\" or\n     /* EXCEPTION: enclosing function is only reachable from a constructor */\n     (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n     /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n     (name matches \"set.*\" and not callers contains [not constructor]) or\n     /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n     (callers.length != 0 and not callers contains [Function: not name matches \"init.*\"])\n    ] and\n    /* EXCEPTION: value assigned is immutable (final) */\n    not rhs.location is [VariableAccess: variable.final] and\n    not rhs.location is [FieldAccess: field.final]\n    and enclosingFunction.callers.length > 1\n\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is\n    [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec:]*] and\n    enclosingClass.supers contains [Class singletons: /* TEMPLATED */ ] and\n    not enclosingFunction is\n     /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n     [constructor or name matches \"init.*\" or\n     /* EXCEPTION: enclosing function is only reachable from a constructor */\n     (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n     /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n     (name matches \"set.*\" and not callers contains [not constructor]) or\n     /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n     (callers.length != 0 and not callers contains [Function: not name matches \"init.*\"])\n    ] and\n    /* EXCEPTION: value assigned is immutable (final) */\n    not rhs.location is [VariableAccess: variable.final] and\n    not rhs.location is [FieldAccess: field.final]\n\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is\n    [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec:]*] and\n   enclosingClass.supers contains [Class: name matches \"(javax|jakarta)\\.servlet\\.(Servlet|Filter)\"] and\n   not enclosingClass.supers contains [Class: name matches \"(javax|jakarta)\\.servlet\\.SingleThreadModel\"] and\n   not enclosingFunction is\n    /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n    [constructor or name matches \"init.*|destroy\" or\n    /* EXCEPTION: enclosing function takes ServletConfig as one of its parameters */\n     (parameterTypes.length > 0 and parameterTypes contains [name matches \"(javax|jakarta)\\.servlet\\.ServletConfig\"]) or\n    /* EXCEPTION: enclosing function is only reachable from a constructor */\n    (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n    /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n    (name matches \"set.*\" and not callers contains [not constructor]) or\n    /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n    (callers.length != 0 and not callers contains [Function: not name matches \"init.*|destroy\"])]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is\n    [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec:]*] and\n   enclosingClass.supers contains [Class: name matches \"(javax|jakarta)\\.faces\\.application\\.Application \" or\n              name matches \"(javax|jakarta)\\.faces\\.lifecycle\\.Lifecycle\" or\n              name matches \"(javax|jakarta)\\.faces\\.render\\.Renderer\"] and\n   not enclosingFunction is\n    /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n    [constructor or name matches \"init.*\" or\n    /* EXCEPTION: enclosing function is only reachable from a constructor */\n    (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n    /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n    (name matches \"set.*\" and not callers contains [not constructor]) or\n    /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n    (callers.length != 0 and not callers contains [Function: not name matches \"init.*\"])]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is\n    [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec:]*]\n    and (enclosingClass.supers contains [Class:\n     name == \"org.springframework.web.servlet.mvc.Controller\"\n     or name == \"org.springframework.web.portlet.mvc.Controller\"\n        ] or enclosingClass.supers contains [Class: annotations contains [Annotation:\n     type.name == \"org.springframework.stereotype.Controller\"\n     or type.name == \"org.springframework.web.bind.annotation.RestController\"\n        ]]\n    )\n    and not enclosingClass.annotations contains [Annotation:\n        type.name == \"org.springframework.context.annotation.Scope\"\n        and elements contains [AnnotationElement:\n     value matches \"(?i)request|prototype|session|globalsession\"\n        ]\n    ]\n    and not enclosingFunction is\n    /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n    [constructor or name matches \"init.*\" or\n    /* EXCEPTION: enclosing function is only reachable from a constructor */\n    (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n    /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n    (name matches \"set.*\" and not callers contains [not constructor]) or\n    /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n    (callers.length != 0 and not callers contains [Function: not name matches \"init.*\"]) or\n    /* EXCEPTION:  org.springframework.beans.factory.InitializingBean.afterPropertiesSet is only call once */\n    (name == \"afterPropertiesSet\" and enclosingClass.supers contains [Class ibean: name == \"org.springframework.beans.factory.InitializingBean\"]) or\n    /* EXCEPTION: org.springframework.beans.factory.DisposableBean.destroy is only call once */\n    (name == \"destroy\" and enclosingClass.supers contains [Class dbean: name == \"org.springframework.beans.factory.DisposableBean\"])]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is\n    [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec:]*]\n    and (enclosingClass.supers contains [Class:\n     name == \"org.springframework.web.servlet.mvc.Controller\"\n     or name == \"org.springframework.web.portlet.mvc.Controller\"\n        ]\n    ) and not enclosingFunction is\n    /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n    [constructor or name matches \"init.*\" or\n    /* EXCEPTION: enclosing function is only reachable from a constructor */\n    (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n    /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n    (name matches \"set.*\" and not callers contains [not constructor]) or\n    /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n    (callers.length != 0 and not callers contains [Function: not name matches \"init.*\"]) or\n    /* EXCEPTION:  org.springframework.beans.factory.InitializingBean.afterPropertiesSet is only call once */\n    (name == \"afterPropertiesSet\" and enclosingClass.supers contains [Class ibean: name == \"org.springframework.beans.factory.InitializingBean\"]) or\n    /* EXCEPTION: org.springframework.beans.factory.DisposableBean.destroy is only call once */\n    (name == \"destroy\" and enclosingClass.supers contains [Class dbean: name == \"org.springframework.beans.factory.DisposableBean\"])]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is\n    [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec:]*] and\n   enclosingClass.supers contains [Class: name matches \"(javax|jakarta)\\.servlet\\.(Servlet|Filter)\" or\n              name == \"org.apache.struts.action.Action\"] and\n   not enclosingClass.supers contains [Class: name matches \"(javax|jakarta)\\.servlet\\.SingleThreadModel\"] and\n   not enclosingFunction is\n    /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n    [constructor or name matches \"init.*|destroy\" or\n    /* EXCEPTION: enclosing function takes ServletConfig as one of its parameters */\n     (parameterTypes.length > 0 and parameterTypes contains [name matches \"(javax|jakarta)\\.servlet\\.ServletConfig\"]) or\n    /* EXCEPTION: enclosing function is only reachable from a constructor */\n    (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n    /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n    (name matches \"set.*\" and not callers contains [not constructor]) or\n    /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n    (callers.length != 0 and not callers contains [Function: not name matches \"init.*|destroy\"])]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is\n    [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec:]*] and\n   enclosingClass.supers contains [Class: name matches \"(javax|jakarta)\\.faces\\.application\\.Application \" or\n              name matches \"(javax|jakarta)\\.faces\\.lifecycle\\.Lifecycle\" or\n              name matches \"(javax|jakarta)\\.faces\\.render\\.Renderer\"] and\n   not enclosingFunction is\n    /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n    [constructor or name matches \"init.*\" or\n    /* EXCEPTION: enclosing function is only reachable from a constructor */\n    (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n    /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n    (name matches \"set.*\" and not callers contains [not constructor]) or\n    /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n    (callers.length != 0 and not callers contains [Function: not name matches \"init.*\"])]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n AssignmentStatement: lhs.location is\n  [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec:]*] and\n     enclosingClass.supers contains [Class: name == \"javax.servlet.Servlet\" or\n       name == \"org.apache.struts.action.Action\" or\n       name == \"org.springframework.web.servlet.mvc.Controller\" or\n       name == \"org.springframework.web.portlet.mvc.Controller\"] and\n     not enclosingClass.supers contains [Class: name == \"javax.servlet.SingleThreadModel\"] and\n     not enclosingFunction is\n    /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n  [constructor or name matches \"init.*\" or\n    /* EXCEPTION: enclosing function takes ServletConfig as one of its parameters */\n     (parameterTypes.length > 0 and parameterTypes contains [name == \"javax.servlet.ServletConfig\"]) or\n    /* EXCEPTION: enclosing function is only reachable from a constructor */\n    (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n    /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n    (name matches \"set.*\" and not callers contains [not constructor]) or\n    /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n    (callers.length != 0 and not callers contains [Function: not name matches \"init.*\"])]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Format Flaw",
-    "predicate": "\n  FunctionCall fc:\n      ( fc.function.name == \"format\" or fc.function.name == \"parse\" ) and\n      fc.function.enclosingClass.supers contains [Class: name == \"java.text.Format\"] and\n      not fc.function.enclosingClass.supers contains [Class: name matches \"org\\.apache\\.commons\\.lang(3)?\\.time\\.FastDateFormat\"] and\n      ( not enclosingFunction.synchronized and\n        not in [SynchronizedBlock:] )\n      and (   instance.location is [VariableAccess va: va.variable.enclosingFunction.name != fc.enclosingFunction.name] or\n       instance.location is [FieldAccess fa:]\n   )\n      /* EXCEPTION: MessageFormat's static format() method implicitly creates new instance */\n      and not (instance.None and function.enclosingClass.supers contains [Class: name == \"java.text.MessageFormat\"])\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Unhandled SSL Exception",
-    "predicate": "\n     FunctionCall fc: (function.exceptionTypes contains [Type: name == \"javax.net.ssl.SSLHandshakeException\"] and\n        not fc in [TryBlock: catchBlocks contains\n        [CatchBlock: exception.type.definition.name == \"javax.net.ssl.SSLHandshakeException\"]]) or\n        (function.exceptionTypes contains [Type: name == \"javax.net.ssl.SSLKeyException\"] and\n        not fc in [TryBlock: catchBlocks contains\n        [CatchBlock: exception.type.definition.name == \"javax.net.ssl.SSLKeyException\"]]) or\n        (function.exceptionTypes contains [Type: name == \"javax.net.ssl.SSLPeerUnverifiedException\"] and\n        not fc in [TryBlock: catchBlocks contains\n        [CatchBlock: exception.type.definition.name == \"javax.net.ssl.SSLPeerUnverifiedException\"]])\n\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Errors",
-    "vuln_category": "Poor Error Handling",
-    "vuln_subcategory": "Unhandled SSL Exception",
-    "predicate": "\n FunctionCall fc: (function.exceptionTypes contains [Type: name == \"javax.net.ssl.SSLHandshakeException\"] and\n        not fc in [TryBlock: catchBlocks contains\n        [CatchBlock: exception.type.definition.name == \"javax.net.ssl.SSLHandshakeException\"]]) or\n        (function.exceptionTypes contains [Type: name == \"javax.net.ssl.SSLKeyException\"] and\n        not fc in [TryBlock: catchBlocks contains\n        [CatchBlock: exception.type.definition.name == \"javax.net.ssl.SSLKeyException\"]]) or\n        (function.exceptionTypes contains [Type: name == \"javax.net.ssl.SSLPeerUnverifiedException\"] and\n        not fc in [TryBlock: catchBlocks contains\n        [CatchBlock: exception.type.definition.name == \"javax.net.ssl.SSLPeerUnverifiedException\"]])\n\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Unsafe Mobile Code",
-    "vuln_subcategory": "Database Access",
-    "predicate": "\n     Function: enclosingClass.supers contains\n     [\n  name == \"java.applet.Applet\"\n     ]\n     and callees contains\n     [\n  Function: enclosingClass.supers contains\n  [\n      name matches \"java(x)?\\.sql\\..*\"\n  ]\n     ]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Unsafe Mobile Code",
-    "vuln_subcategory": "Database Access",
-    "predicate": "\n     Function: enclosingClass.supers contains\n     [\n  name == \"java.applet.Applet\"\n     ]\n     and callees contains\n     [\n  Function: enclosingClass.supers contains\n  [\n      name matches \"java(x)?\\.sql\\..*\"\n  ]\n     ]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Class Does Not Implement Equivalence Method",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name == \"equals\" ]\n      /* exclude calls to equals() within generated methods */\n      and not call.enclosingFunction.synthetic\n      and call.arguments.length == 1\n      and call.instance is [Expression:\n   type.definition is [Class:\n       (\n    (\n        interface\n        or abstract\n    )\n    /* don't match anything in kotlin stdlibs as produces a lot of noise */\n    and not name matches \"kotlin\\..*\" \n       )\n       /* and the supers does not specify an equals function */\n       and not supers contains\n       [\n    Class c: c.functions contains [name == \"equals\"]\n    /* all supers will contain Object, which contains an equals function */\n    and c.name != \"java.lang.Object\"\n    /* and same for kotlin.Any in kotlin */\n    and c.name != \"kotlin.Any\"\n       ]\n   ]\n   and (\n       /* has at least one unknown underlying type */\n       reachingTypes.length == 0\n       /* or one of the underlying types does not have an equals function */\n       or reachingTypes contains [Type:\n    not definition.supers contains\n    [\n        Class: functions contains [name == \"equals\"]\n        /* all supers will contain Object, which contains an equals function */\n        and name != \"java.lang.Object\"\n        /* and same for kotlin.Any in kotlin */\n        and name != \"kotlin.Any\"\n    ]\n    and definition is [Class: ]*\n       ]\n   )\n   and not is [StringLiteral: ]\n   and type is [Type:\n       not primitive\n       and arrayDimensions == 0\n       and definition is [Class cc:]*\n   ]\n      ]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Class Does Not Implement Equivalence Method",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name == \"equals\" ]\n      and call.arguments.length == 1 \n      /* exception for java.lang.Class */\n      and not call.instance.type.definition is [Class: \n   supers contains [Class: \n       name == \"java.lang.Class\"\n   ]\n   /* exception for java.lang.Object. Note: MUST NOT CHECK SUPERS */\n   or name == \"java.lang.Object\" \n   /* \n    * exceptions for kotlin classes - \n    * primitive-like types in kotlin are handled strangely by the language, causing FPs\n    * discussed with SCA, and it seemed like a change in SCA to remove these \n    * would cause more problems than it would solve, so mitigating in the rule\n    *\n    * match only types in \"kotlin\" package, not sub-packages (so don't check for a period -- I don't think there are any inner classes)\n    * kotlin.Any is included in this exception. Note: MUST NOT CHECK SUPERS \n    */\n   or name matches \"kotlin\\.[A-z]+\"\n   /* and not an interface - handled by separate rule */\n   or interface\n   /* and not abstract class - handled by separate rule */\n   or abstract\n      ]\n      /* and the type does not contain an implementation */\n      and not call.instance.type.definition.supers contains\n      [\n   Class c: c.functions contains [name == \"equals\"]\n   /* all supers will contain Object, which contains an equals function */\n   and c.name != \"java.lang.Object\"\n   /* and same for kotlin.Any in kotlin */\n   and c.name != \"kotlin.Any\"\n      ] \n      and call.instance is [Expression: \n   not is [StringLiteral: ]\n   and type is [Type: \n       not primitive\n       and arrayDimensions == 0 \n       and definition is [Class cc:]*\n   ]\n      ]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "Class Does Not Implement Equivalence Method",
-    "predicate": "\n  FunctionCall call: call.function is [Function f: f.name == \"equals\"] \n      and call.arguments.length == 1 \n      /* and the type does not contain an implementation */\n      and not call.instance.type.definition.supers contains\n      [\n   Class c: c.functions contains [name == \"equals\"]\n   /* all supers will contain Object, which contains an equals function */\n   and c.name != \"java.lang.Object\"\n   /* and same for kotlin.Any in kotlin */\n   and c.name != \"kotlin.Any\"\n      ] \n      and call.instance.type.definition is [Class cc:]*\n      and (\n   call.instance.type.arrayDimensions == 0\n   or call.arguments[0].type.arrayDimensions == 0\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "ToString on Array",
-    "predicate": "\n     FunctionCall call: call.function is [Function f:name == \"toString\"]\n     and\n     call.instance.type.arrayDimensions > 0\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Code Correctness",
-    "vuln_subcategory": "ToString on Array",
-    "predicate": "\n     FunctionCall call: call.function is [Function f:name == \"toString\"]\n     and\n     call.instance.type.arrayDimensions > 0\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "External",
-    "predicate": "\n  ReturnStatement:\n      enclosingFunction.returnType.name == \"org.springframework.web.socket.config.WebSocketMessageBrokerStats\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  FunctionCall fc: function is [Function:\n   name == \"setAllowedOrigins\"\n   and enclosingClass.supers contains [Class:\n       name matches \"org\\.springframework\\.web\\.socket\\.config\\.annotation\\.(StompWebSocketEndpoint|WebSocketHandler)Registration\"\n   ]\n      ] and arguments[0].constantValue == \"*\"\n\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"set\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.http.HttpHeaders\"\n   ]\n      ]\n      and arguments[0].constantValue == \"Authorization\"\n      and arguments[1] is [Expression e:\n   e.constantValue matches \"Basic.*\"\n   or e is [Operation:\n       op == \"+\"\n       and lhs.constantValue matches \"Basic.*\"\n       and (\n       /* \"Basic \" + new String(base64.encode(\"secret\".getBytes())) */\n    rhs is [Allocation:\n        constructor is [FunctionCall stringInit:\n     function is [Function:\n         constructor\n         and enclosingClass.name == \"java.lang.String\"\n     ]\n     and stringInit.arguments[0] is [FunctionCall encode:\n         possibleTargets contains [Function:\n      name matches \"encode(Base64)?\"\n      and enclosingClass.supers contains [Class:\n          name == \"org.apache.commons.codec.binary.BaseNCodec\"\n      ]\n         ]\n         and encode.arguments[0] is [FunctionCall:\n      function.name == \"getBytes\"\n      and instance is [Expression:\n          not constantValue.None\n      ]*\n         ]\n     ]\n        ]\n    ]\n       /* \"Basic \" + b64.encodeAsString(\"secret\".getBytes()) */\n    or rhs is [FunctionCall:\n        possibleTargets contains [Function:\n     name matches \"encode(As|To)String\"\n     and enclosingClass.supers contains [Class:\n         name == \"org.apache.commons.codec.binary.BaseNCodec\"\n     ]\n        ]\n        and arguments[0] is [FunctionCall:\n     function.name == \"getBytes\"\n     and instance is [Expression:\n         not constantValue.None\n     ]*\n        ]\n    ]\n       )\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "Web Server Misconfiguration",
-    "vuln_subcategory": "HTTP Basic Authentication",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"set\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.http.HttpHeaders\"\n   ]\n      ]\n      and arguments[0].constantValue == \"Authorization\"\n      and arguments[1] is [Expression e:\n   e.constantValue matches \"Basic.*\"\n   or e is [Operation:\n       op == \"+\"\n       and lhs.constantValue matches \"Basic.*\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Session Puzzling",
-    "vuln_subcategory": "Spring",
-    "predicate": "\n  Variable p:\n      enclosingFunction is [Function cmethod:\n   parameters contains p\n   and annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ]\n      ]\n      and enclosingClass is [Class controller:\n   annotations contains [Annotation:\n       type.name == \"org.springframework.stereotype.Controller\"\n       or type.name == \"org.springframework.web.bind.annotation.RestController\"\n   ]\n   and annotations contains [Annotation:\n       type.name == \"org.springframework.web.bind.annotation.SessionAttributes\"\n       and elements contains [AnnotationElement a:\n    p.annotations contains [Annotation:\n        type.name == \"org.springframework.web.bind.annotation.ModelAttribute\"\n        and elements contains [AnnotationElement:\n     a.value != value\n        ]\n    ]\n       ]\n   ]\n      ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Session Puzzling",
-    "vuln_subcategory": "Spring",
-    "predicate": "\n  Variable p:\n      enclosingFunction is [Function cmethod:\n   parameters contains p\n   and annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ]\n      ]\n      and enclosingClass is [Class controller:\n   annotations contains [Annotation:\n       type.name == \"org.springframework.stereotype.Controller\"\n       or type.name == \"org.springframework.web.bind.annotation.RestController\"\n   ]\n   and annotations contains [Annotation:\n       type.name == \"org.springframework.web.bind.annotation.SessionAttributes\"\n   ]\n      ]*\n      and annotations contains [Annotation:\n   type.name == \"org.springframework.web.bind.annotation.ModelAttribute\"\n   and elements.length == 0\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Session Puzzling",
-    "vuln_subcategory": "Spring",
-    "predicate": "\n  Variable p:\n      enclosingFunction is [Function cmethod:\n   parameters contains p\n   and annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ]\n      ]\n      and enclosingClass is [Class controller:\n   annotations contains [Annotation:\n       type.name == \"org.springframework.stereotype.Controller\"\n       or type.name == \"org.springframework.web.bind.annotation.RestController\"\n   ]\n   and annotations contains [Annotation:\n       type.name == \"org.springframework.web.bind.annotation.SessionAttributes\"\n       and elements contains [AnnotationElement a:\n    p.annotations contains [Annotation:\n        type.name == \"org.springframework.web.bind.annotation.ModelAttribute\"\n        and elements contains [AnnotationElement:\n     a.value == value\n        ]\n    ]\n       ]\n   ]\n      ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Request Parameters Bound into Persisted Objects",
-    "predicate": "\n     Class : (annotations contains [Annotation:\n   type == T\"javax.persistence.Entity\"\n   or type == T\"org.hibernate.annotations.Entity\"\n      ] or labels contains \"hibernateEntity\")\n      and labels contains [String s:\n   s == \"commandClass\"\n   or s == \"spring2CommandObject\"\n   or s == \"spring3CommandObject\"\n      ]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "File Upload",
-    "predicate": "\n     Function:  enclosingClass.annotations contains\n  [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n     and\n  parameterTypes contains [Type : name == \"org.springframework.web.multipart.MultipartFile\" ]\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "File Upload",
-    "predicate": "\n     Function:  enclosingClass.annotations contains\n  [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n     and (\n  parameterTypes contains [Type : name == \"org.springframework.web.multipart.MultipartFile\" ]\n  or contains [FunctionCall: function.enclosingClass.supers contains [Class:\n   name == \"org.springframework.web.multipart.MultipartRequest\"]\n      and function.name == \"getFile\"\n      ]*\n  )\n "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Sensitive Field Exposure",
-    "predicate": "\n  Field f: f.labels contains [String s: s == \"exposedWebflowFormField\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Class c:\n      directSupers contains [Class:\n   name == \"org.springframework.webflow.action.FormAction\"\n      ]\n      and not functions contains [Function:\n   (\n       name == \"initBinder\"\n       or name == \"doBind\"\n       or annotations contains [Annotation:\n    type.name == \"org.springframework.web.bind.annotation.InitBinder\"\n    and not elements contains [AnnotationElement: ]\n       ]\n   )\n   and contains [FunctionCall:\n       function.name matches \"setAllowedFields|setDisallowedFields\"\n       and function.enclosingClass.supers contains [Class:\n    name == \"org.springframework.validation.DataBinder\"\n       ]\n   ]\n      ]\n      and not functions contains [Function:\n   annotations contains [Annotation:\n       type.name == \"org.springframework.web.bind.annotation.InitBinder\"\n       and elements contains [AnnotationElement:\n    key == \"value\"\n    and not value is [None:]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe Deserialization",
-    "predicate": "\n  ReturnStatement: expression.reachingTypes contains [Type:\n   definition.name == \"org.springframework.remoting.rmi.RmiServiceExporter\"\n   or definition.name == \"org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter\"\n   or definition.name == \"org.springframework.jms.remoting.JmsInvokerServiceExporter\"\n      ] and enclosingFunction is [Function:\n   annotations contains [Annotation: type.name == \"org.springframework.context.annotation.Bean\"]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  FunctionCall fc: function is [Function:\n      name matches \"allowedOrigin(Pattern)?s\"\n      and enclosingClass.supers contains [Class: name == \"org.springframework.web.servlet.config.annotation.CorsRegistration\"]\n  ] and arguments contains [Expression e: constantValue == \"*\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  Class c: annotations contains [Annotation:\n      type.definition.supers contains [Class: name == \"org.springframework.web.bind.annotation.CrossOrigin\"]\n      and elements contains [AnnotationElement:\n   key matches \"value|origins\"\n   and value is [String s: s == \"*\"]\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  Function f: annotations contains [Annotation:\n      type.definition.supers contains [Class: name == \"org.springframework.web.bind.annotation.CrossOrigin\"]\n      and elements contains [AnnotationElement:\n   key matches \"value|origins\"\n   and value is [String s: s == \"*\"]\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe Deserialization",
-    "predicate": "\n  FunctionCall: function is [Function:\n      name == \"deserialize\"\n      and enclosingClass.supers contains [Class:\n   name == \"org.springframework.util.SerializationUtils\"\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Missing SameSite Attribute",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function: name == \"sameSite\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.http.ResponseCookie.ResponseCookieBuilder\"\n   ]\n      ]\n   and fc.arguments[0].constantValue is [String s0:\n        s0 ==  \"None\"\n       ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Permissive SameSite Attribute",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function: name == \"sameSite\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.http.ResponseCookie.ResponseCookieBuilder\"\n   ]\n      ]\n   and fc.arguments[0].constantValue is [String s0:\n        s0 ==  \"Lax\"\n       ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Security Misconfiguration",
-    "vuln_subcategory": "Incorrect Request Matcher Type",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name matches \"(ant|regex)Matcher(s)?\"\n   and enclosingClass.supers contains [Class:\n      name == \"org.springframework.security.config.annotation.web.builders.HttpSecurity\" \n      or name == \"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry\"\n   ]\n      ]\n      and arguments contains [Expression:\n   type.name == \"java.lang.String\"\n   and constantValue matches \"^.*/[^.*/]+$\"\n      ]\n      and not enclosingFunction contains [FunctionCall:\n   function is [Function:\n       (name == \"permitAll\" or name == \"anonymous\")\n       and enclosingClass.supers contains [Class:\n    name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.ExpressionUrlAuthorizationConfigurer(\\.|\\$)AuthorizedUrl\"\n       ]\n   ]\n   and instance is fc\n      ] and not enclosingFunction contains [FunctionCall:\n   function is [Function:\n       (name == \"denyAll\" or name == \"authenticated\")\n       and enclosingClass.supers contains [Class:\n    name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.ExpressionUrlAuthorizationConfigurer(\\.|\\$)AuthorizedUrl\"\n       ]\n   ]\n   and instance is [FunctionCall:\n       name == \"anyRequest\"\n       and enclosingClass.supers contains [Class:\n    name == \"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry\"\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Missing Framing Protection",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"disable\"\n   and enclosingClass.supers contains [Class:\n       name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.HeadersConfigurer(\\.|\\$)FrameOptionsConfig\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  FunctionCall fc: \n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.header.writers.StaticHeadersWriter\"\n       or name == \"org.springframework.security.web.header.Header\"\n   ]\n      ] \n      and arguments[0] is [Expression: \n   constantValue matches \"(?i)(X-)?Content-Security-Policy|X-WebKit-CSP\"\n      ]\n      and arguments contains [Expression e: \n   (constantValue matches \"(?i).*unsafe.*\"\n   or constantValue matches \"(?i).*src\\s+\\*[\\s;$]*.*\"\n   or constantValue matches \"(?i).*sandbox\\s+allow-\\*.*\")\n   and not e is fc.arguments[0]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   (name == \"init^\" or name == \"setPolicyDirectives\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter\"\n   ]\n      ]\n      and (\n   arguments[0].constantValue matches \"(?i).*unsafe.*\"\n   or arguments[0].constantValue matches \"(?i).*src\\s+\\*[\\s;$]*.*\"\n   or arguments[0].constantValue matches \"(?i).*sandbox\\s+allow-\\*.*\"\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"policyDirectives\"\n   and enclosingClass.supers contains [Class:\n       name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.HeadersConfigurer(\\$|\\.)ContentSecurityPolicyConfig\"\n   ]\n      ]\n      and (\n   arguments[0].constantValue matches \"(?i).*unsafe.*\"\n   or arguments[0].constantValue matches \"(?i).*src\\s+\\*[\\s;$]*.*\"\n   or arguments[0].constantValue matches \"(?i).*sandbox\\s+allow-\\*.*\"\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Content Security Policy",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"contentSecurityPolicy\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.config.annotation.web.configurers.HeadersConfigurer\"\n   ]\n      ]\n      and (\n   arguments[0].constantValue matches \"(?i).*unsafe.*\"\n   or arguments[0].constantValue matches \"(?i).*src\\s+\\*[\\s;$]*.*\"\n   or arguments[0].constantValue matches \"(?i).*sandbox\\s+allow-\\*.*\"\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Unenforced Content Security Policy",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"setReportOnly\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter\"\n   ]\n      ]\n      and arguments[0].constantValue is true\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Unenforced Content Security Policy",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"reportOnly\"\n   and enclosingClass.supers contains [Class:\n       name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.HeadersConfigurer(\\.|\\$)ContentSecurityPolicyConfig\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Missing Content Security Policy",
-    "predicate": "\n  Function:\n      returnType.name == \"org.springframework.security.web.SecurityFilterChain\"\n      and parameters[0].type.name == \"org.springframework.security.config.annotation.web.builders.HttpSecurity\"\n      and not reaches [Function:\n   contains [FunctionCall:\n       function is [Function:\n    name == \"contentSecurityPolicy\"\n       ]\n   ]\n      ] \n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Missing Content Security Policy",
-    "predicate": "\n  Function:\n      name == \"configure\"\n      and enclosingClass.supers contains [Class:\n   name == \"org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter\"\n      ]\n      and parameters[0].type.name == \"org.springframework.security.config.annotation.web.builders.HttpSecurity\" \n      and not reaches [Function:\n   contains [FunctionCall:\n       function is [Function:\n    name == \"contentSecurityPolicy\"\n    and enclosingClass.supers contains [Class:\n        name == \"org.springframework.security.config.annotation.web.configurers.HeadersConfigurer\"\n    ]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Security Misconfiguration",
-    "vuln_subcategory": "Lack of Fallback Check",
-    "predicate": "\n  Function:\n      returnType.name == \"org.springframework.security.web.SecurityFilterChain\"\n      and annotations contains [Annotation: type.name == \"org.springframework.context.annotation.Bean\"]\n      and parameters[0].type.name == \"org.springframework.security.config.annotation.web.builders.HttpSecurity\"\n      and not reaches [Function: \n   contains [FunctionCall:\n       function is [Function:\n    name == \"anyRequest\"\n    and enclosingClass.supers contains [Class:\n        name == \"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry\"\n    ]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Security Misconfiguration",
-    "vuln_subcategory": "Lack of Fallback Check",
-    "predicate": "\n  Function:\n      name == \"configure\"\n      and enclosingClass.supers contains [Class:\n   name == \"org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter\"\n      ]\n      and parameters[0].type.name == \"org.springframework.security.config.annotation.web.builders.HttpSecurity\" \n      and not reaches [Function: \n   contains [FunctionCall:\n       function is [Function:\n    name == \"anyRequest\"\n    and enclosingClass.supers contains [Class:\n        name == \"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry\"\n    ]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Security Misconfiguration",
-    "vuln_subcategory": "Default Permit",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name is \"permitAll\"\n   and \n   (\n       enclosingClass.supers contains [Class:\n    name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.ExpressionUrlAuthorizationConfigurer(\\$|\\.)AuthorizedUrl\"\n       ]\n       or enclosingClass.supers contains [Class:\n    name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.AuthorizeHttpRequestsConfigurer(\\$|\\.)AuthorizedUrl\"\n       ]\n   )\n      ]\n      and instance is [FunctionCall:\n   function is [Function:\n       name == \"anyRequest\"\n       and enclosingClass.supers contains [Class:\n    name == \"org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry\"\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "HSTS Does Not Include Subdomains",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"includeSubDomains\"\n   and enclosingClass.supers contains [Class:\n       name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.HeadersConfigurer(\\.|\\$)HstsConfig\"\n   ]\n      ]\n      and arguments[0].constantValue is false\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "HSTS Does Not Include Subdomains",
-    "predicate": "\n  FunctionCall fc: \n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.header.writers.StaticHeadersWriter\"\n       or name == \"org.springframework.security.web.header.Header\"\n   ]\n      ] \n      and arguments[0] is [Expression: \n   constantValue matches \"(?i)(X-)?Strict-Transport-Security\"\n      ]\n      and arguments contains [Expression e: \n   not constantValue matches \"(?i).*includeSubDomains.*\"\n   and not e is fc.arguments[0]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Insufficient HSTS Expiration Time",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"maxAgeInSeconds\"\n   and enclosingClass.supers contains [Class:\n       name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.HeadersConfigurer(\\.|\\$)HstsConfig\"\n   ]\n      ]\n      and arguments[0] is [Expression:\n   /* 30 days */\n   constantValue is [Number n1: n1 < 2592000]\n   and constantValue is [Number n2: n2 > 0]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "HSTS not Set",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"disable\"\n   and enclosingClass.supers contains [Class:\n       name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.HeadersConfigurer(\\.|\\$)HstsConfig\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Referrer-Policy",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   (name == \"init^\" or name == \"setPolicy\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter\"\n   ]\n      ]\n      and arguments[0] is [FieldAccess:\n   field.name == \"UNSAFE_URL\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Referrer-Policy",
-    "predicate": "\n  FunctionCall fc: \n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.header.writers.StaticHeadersWriter\"\n       or name == \"org.springframework.security.web.header.Header\"\n   ]\n      ] \n      and arguments[0] is [Expression: \n   constantValue matches \"(?i)Referrer-Policy\"\n      ]\n      and arguments contains [Expression e: \n   constantValue matches \"(?i).*unsafe-url.*\"\n   and not e is fc.arguments[0]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Referrer-Policy",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"policy\"\n   and enclosingClass.supers contains [Class:\n       name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.HeadersConfigurer(\\$|\\.)ReferrerPolicyConfig\"\n   ]\n      ]\n      and arguments[0] is [FieldAccess:\n   field.name == \"UNSAFE_URL\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive Referrer-Policy",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"referrerPolicy\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.config.annotation.web.configurers.HeadersConfigurer\"\n   ]\n      ]\n      and arguments[0] is [FieldAccess:\n   field.name == \"UNSAFE_URL\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "MIME Sniffing",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"disable\"\n   and enclosingClass.supers contains [Class:\n       name matches  \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.HeadersConfigurer(\\.|\\$)ContentTypeOptionsConfig\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Cross-Site Scripting Protection",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"setEnabled\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.header.writers.XXssProtectionHeaderWriter\"\n   ]\n      ]\n      and fc.arguments[0].constantValue is false\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Cross-Site Scripting Protection",
-    "predicate": "\n  FunctionCall fc: \n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.header.writers.StaticHeadersWriter\"\n       or name == \"org.springframework.security.web.header.Header\"\n   ]\n      ] \n      and arguments[0] is [Expression: \n   constantValue matches \"(?i)(X-)?XSS-Protection\"\n      ]\n      and arguments contains [Expression e: \n   constantValue matches \"^\\s*0(;.*|$)\"\n   and not e is fc.arguments[0]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Cross-Site Scripting Protection",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"xssProtectionEnabled\" \n   and enclosingClass.supers contains [Class:\n       name matches  \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.HeadersConfigurer(\\.|\\$)XXssConfig\"\n   ]\n      ]\n      and arguments[0].constantValue is false\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Cross-Site Scripting Protection",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"disable\"\n   and enclosingClass.supers contains [Class:\n       name matches  \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.HeadersConfigurer(\\.|\\$)XXssConfig\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Security Misconfiguration",
-    "vuln_subcategory": "Disabled Security Headers",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n       name is \"defaultsDisabled\"\n       and enclosingClass.supers contains [Class:\n    name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers(\\$|\\.)HeadersConfigurer\"\n       ]\n   ]       \n\t\t\t"
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Security Misconfiguration",
-    "vuln_subcategory": "Disabled Security Headers",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"disable\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer\"\n   ]\n      ]\n      and instance.possibleTypes contains [Type:\n   definition.supers contains [Class:\n       name == \"org.springframework.security.config.annotation.web.configurers.HeadersConfigurer\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"disable\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer\"\n   ]\n      ]\n      and instance.possibleTypes contains [Type:\n   definition.supers contains [Class:\n       name == \"org.springframework.security.config.annotation.web.configurers.CsrfConfigurer\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Weak Cryptography",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   (name == \"getInstance\" or name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.crypto.password.LdapShaPasswordEncoder\"\n       or name == \"org.springframework.security.crypto.password.Md4PasswordEncoder\"\n       or name == \"org.springframework.security.crypto.password.MessageDigestPasswordEncoder\"\n       or name == \"org.springframework.security.crypto.password.NoOpPasswordEncoder\"\n       or name == \"org.springframework.security.crypto.password.StandardPasswordEncoder\"\n       or name == \"org.springframework.security.authentication.encoding.PlaintextPasswordEncoder\"\n       or name == \"org.springframework.security.authentication.encoding.Md4PasswordEncoder\"\n       or name == \"org.springframework.security.authentication.encoding.Md5PasswordEncoder\"\n       or name == \"org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  FunctionCall fc: \n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.header.writers.StaticHeadersWriter\"\n       or name == \"org.springframework.security.web.header.Header\"\n   ]\n      ] \n      and arguments[0] is [Expression: \n   constantValue matches \"(?i)Access-Control-Allow-Origin\"\n      ]\n      and arguments contains [Expression e: \n   constantValue is \"*\"\n   and not e is fc.arguments[0]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name matches \"addAllowedOrigin(Pattern)?\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.web.cors.CorsConfiguration\"\n   ]\n      ]\n      and arguments[0].constantValue == \"*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Session Fixation",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   (\n       name == \"invalidateHttpSession\"\n       or name == \"clearAuthentication\"\n   )\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.config.annotation.web.configurers.LogoutConfigurer\"\n   ]\n      ]\n      and fc.arguments[0].constantValue is false\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Session Fixation",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"none\"\n   and enclosingClass.supers contains [Class:\n       name matches \"org\\.springframework\\.security\\.config\\.annotation\\.web\\.configurers\\.SessionManagementConfigurer(\\.|\\$)SessionFixationConfigurer\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Security Misconfiguration",
-    "vuln_subcategory": "Overly Permissive Firewall Policy",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.firewall.DefaultHttpFirewall\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Security Misconfiguration",
-    "vuln_subcategory": "Overly Permissive Firewall Policy",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name matches \"setAllow.*\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.web.firewall.StrictHttpFirewall\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n   (constructor or name == \"init^\" or name == \"Pbkdf2\")\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.security.crypto.password.Pbkdf2PasswordEncoder\"\n   ]\n      ]\n       and fc.arguments[3].constantValue is  [EnumValue:\n   name is [String: == \"PBKDF2WithHmacSHA1\"]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe XStream Deserialization",
-    "predicate": "\n   Function f: f.enclosingClass.annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n       and f.annotations contains [Annotation a2:\n   a2.type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n   or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n       ] and f.parameters contains [Variable v:\n    v.annotations contains [Annotation a3: a3.type.name == \"org.springframework.web.bind.annotation.RequestBody\"]\n    and v.type.definition is [Class x: x.labels contains [String l: l == \"XStreamAlias\"]]*\n       ]\n       "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name matches \"processCancel|processFinish|processFormSubmission|renderCancel|renderFinish|renderFormSubmission\"\n   and callback.parameterTypes[2] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.AbstractWizardFormController\"]\n       and callback.parameters[2].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name matches \"getInitialPage|getPageCount|onBindAndValidate|postProcessPage|referenceData\"\n   and callback.parameterTypes[1] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.AbstractWizardFormController\"]\n       and callback.parameters[1].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name == \"validatePage\"\n   and callback.parameterTypes[0] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.AbstractWizardFormController\"]\n       and callback.parameters[0].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name matches \"onFormChange|onSubmitAction|onSubmitRender|processFormSubmission|renderFormSubmission\"\n   and callback.parameterTypes[2] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.SimpleFormController\"]\n       and callback.parameters[2].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name == \"referenceData\"\n   and callback.parameterTypes[1] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.SimpleFormController\"]\n       and callback.parameters[1].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name matches \"doSubmitAction|onSubmitAction|onSubmitRender\"\n   and callback.parameterTypes[0] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.SimpleFormController\"]\n       and callback.parameters[0].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name matches \"processFormSubmission|renderFormSubmission\"\n   and callback.parameterTypes[2] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.AbstractFormController\"]\n       and callback.parameters[2].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name matches \"onBindOnNewForm|referenceData\"\n   and callback.parameterTypes[1] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.AbstractFormController\"]\n       and callback.parameters[1].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name matches \"handleAction|handleRequest\"\n   and callback.parameterTypes[2] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.AbstractCommandController\"]\n       and callback.parameters[2].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name matches \"bindAndValidate|createBinder|onBind|onBindAndValidate|setRenderCommandAndErrors\"\n   and callback.parameterTypes[1] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.BaseCommandController\"]\n       and callback.parameters[1].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name == \"checkCommand\"\n   and callback.parameterTypes[0] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.portlet.mvc.BaseCommandController\"]\n       and callback.parameters[0].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name == \"handle\"\n   and callback.parameterTypes[2] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.servlet.mvc.AbstractCommandController\"]\n       and callback.parameters[2].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name matches \"bindAndValidate|createBinder|onBindAndValidate|onBind\"\n   and callback.parameterTypes[1] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name == \"org.springframework.web.servlet.mvc.BaseCommandController\"]\n       and callback.parameters[1].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name == \"onBindOnNewForm\"\n   and callback.parameterTypes[1] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name is \"org.springframework.web.servlet.mvc.AbstractFormController\"]\n       and callback.parameters[1].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name matches \"onSubmit|onFormChange\"\n   and callback.parameterTypes[2] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name == \"org.springframework.web.servlet.mvc.SimpleFormController\"]\n       and callback.parameters[2].uses contains [VariableAccess commandObject:\n    commandObject in [AssignmentStatement cast:\n        commandObject is cast.rhs\n        and cast.lhs is [VariableAccess commandVariable:\n     variable.type.definition is [Class commandClass: ]*\n     ] ]\n        ]\n        and not callback.enclosingClass contains [Function f:\n     f contains [FunctionCall fc:\n         fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n         and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n         ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function callback: callback.name == \"onSubmit\"\n   and callback.parameterTypes[0] is [Type: name == \"java.lang.Object\" or name == \"kotlin.Any\"]\n   and callback.enclosingClass.supers contains [Class controller:\n       controller.name == \"org.springframework.web.servlet.mvc.SimpleFormController\"]\n       and callback.parameters[0] is [Variable p:\n    p.uses contains [VariableAccess commandObject:\n        commandObject in [AssignmentStatement cast:\n     commandObject is cast.rhs\n     and cast.lhs is [VariableAccess commandVariable:\n         variable.type.definition is [Class commandClass: ]*\n         ] ]\n         ] ]\n         and not callback.enclosingClass contains [Function f:\n      f contains [FunctionCall fc:\n          fc.function.name matches \"setAllowedFields|setDisallowedFields\"\n          and fc.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n          ] ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  FunctionCall fc: fc.name == \"setCommandClass\"\n      and fc.arguments[0] is [Literal l: image is [String i:]]\n      and fc.enclosingFunction.enclosingClass is [Class commandClass:\n   commandClass.supers contains [Class c: c.name matches \"org\\.springframework\\.web\\.(portlet|servlet)\\.mvc\\.BaseCommandController\"]\n   and (commandClass contains [Function binder:\n       name == \"initBinder\"\n       and not binder contains [FunctionCall fc2:\n    fc2.function.name matches \"setAllowedFields|setDisallowedFields\"\n    and fc2.function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n       ]\n   ]*\n   or not commandClass contains [Function: name == \"initBinder\"])\n      ]*\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function f: annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ] and enclosingClass is [Class:\n       annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n   ] and not enclosingClass.supers contains [Class p2:\n       p2.functions contains [Function binder:\n    (binder.supers contains [Function: annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"] ]\n    or annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"])\n    and binder reaches [Function: contains [FunctionCall:\n     function.name matches \"setAllowedFields|setDisallowedFields\"\n     and function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n        ]\n    ]\n       ]\n   ]\n   and f.parameters contains [Variable p:\n       p.uses.length > 0\n       and ( p.annotations contains [Annotation:\n    type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestPart)\"])\n    and p.type.definition is [Class commandClass:\n        /* Ignoring Jackson or JAXB annotated classes since we have specifi rules for them */\n        not annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*|(javax|jakarta)\\.xml\\.bind\\.annotation\\..*\"]\n        and not fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]]\n    ]*\n    and not p.type.definition is [Class: name matches \"(jakarta|(kotlin|java)(x)?)\\..*\"\n        or name matches \"org\\.springframework\\..*\"\n    ]\n    and not p.type.definition is [Class: supers contains [Class: name == \"java.lang.Enum\"]]\n    and not p.type.primitive\n    and not p.annotations contains [Annotation: type.name == \"javax.validation.Valid\"]\n    and not p.uses contains [VariableAccess va:\n        va.realReads contains [VariableAccess va1:\n     va1 in [FunctionCall fc:\n         fc.name == \"validate\"\n         and fc.function.enclosingClass.supers contains [Class c: c.name == \"org.springframework.validation.Validator\"]\n     ]\n        ]\n    ]\n       ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function f: annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ] and enclosingClass is [Class:\n       annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n   ] and not enclosingClass.supers contains [Class p2:\n       p2.functions contains [Function binder:\n    (binder.supers contains [Function: annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"] ]\n    or annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"])\n    and binder reaches [Function: contains [FunctionCall:\n     function.name matches \"setAllowedFields|setDisallowedFields\"\n     and function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n        ]\n    ]\n       ]\n   ]\n   and f.parameters contains [Variable p:\n       p.uses.length > 0\n       and not ( p.annotations contains [Annotation:\n    type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestPart)\" or type.name == \"javax.validation.Valid\"])\n    and p.type.definition is [Class commandClass:\n        /* Ignoring Jackson or JAXB annotated classes since we have specifi rules for them */\n        not annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\..*|(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]\n        and not fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]]\n    ]*\n    and not p.type.definition is [Class: name matches \"(jakarta|(kotlin|java)(x)?)\\..*\"\n        or name matches \"org\\.springframework\\..*\"\n        or name matches \"jakarta\\..*\"\n    ]\n    and not p.uses contains [VariableAccess va:\n        va.realReads contains [VariableAccess va1:\n     va1 in [FunctionCall fc:\n         fc.name == \"validate\"\n         and fc.function.enclosingClass.supers contains [Class c: c.name == \"org.springframework.validation.Validator\"]\n     ]\n        ]\n    ]\n       ]\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function f: annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ] and enclosingClass is [Class:\n       annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n   ] and not enclosingClass.supers contains [Class p2:\n       p2.functions contains [Function binder:\n    (binder.supers contains [Function: annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"] ]\n    or annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"])\n    and binder reaches [Function: contains [FunctionCall:\n     function.name matches \"setAllowedFields|setDisallowedFields\"\n     and function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n        ]\n    ]\n       ]\n   ]\n   and f.parameters contains [Variable p:\n       p.uses.length > 0\n       and ( p.annotations contains [Annotation:\n    type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestPart)\"])\n    and p.type.definition is [Class commandClass:\n        /* user-controlled type  */\n        functions contains [Function: isBodyAvailable]\n        /* Class is annotated with JAXB annotations */\n        and annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\..*\"]\n        /* check that bound class is not annotated with jaxb annotations to control binding */\n        and not annotations contains [Annotation:\n     type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\.XmlAccessorType\"\n     and elements contains [AnnotationElement: value matches \".*NONE.*\"]\n        ]\n    ]*\n    and not p.type.definition is [Class: supers contains [Class: name == \"java.lang.Enum\"]]\n    and not p.type.primitive\n    and not p.annotations contains [Annotation: type.name == \"javax.validation.Valid\"]\n    and not p.uses contains [VariableAccess va:\n        va.realReads contains [VariableAccess va1:\n     va1 in [FunctionCall fc:\n         fc.name == \"validate\"\n         and fc.function.enclosingClass.supers contains [Class c: c.name == \"org.springframework.validation.Validator\"]\n     ]\n        ]\n    ]\n       ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function f: annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ] and enclosingClass is [Class:\n       annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n   ] and not enclosingClass.supers contains [Class p2:\n       p2.functions contains [Function binder:\n    (binder.supers contains [Function: annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"] ]\n    or annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"])\n    and binder reaches [Function: contains [FunctionCall:\n     function.name matches \"setAllowedFields|setDisallowedFields\"\n     and function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n        ]\n    ]\n       ]\n   ]\n   and f.parameters contains [Variable p:\n       ( p.annotations contains [Annotation:\n    type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestPart)\"])\n    and p.type.definition is [Class commandClass:\n        /* Class is annotated with JAXB annotations */\n        annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\..*\"]\n        /* check that bound class is not annotated with jaxb annotations to control binding */\n        and not annotations contains [Annotation:\n     type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\.XmlAccessorType\"\n     and elements contains [AnnotationElement: value matches \".*NONE.*\"]\n        ]\n        and not name matches \"(org\\.restlet|(jakarta|(kotlin|java)(x)?))\\..*\"\n    ]*\n    and not p.type.primitive\n       ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function f: annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ] and enclosingClass is [Class:\n       annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n   ] and not enclosingClass.supers contains [Class p2:\n       p2.functions contains [Function binder:\n    (binder.supers contains [Function: annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"] ]\n    or annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"])\n    and binder reaches [Function: contains [FunctionCall:\n     function.name matches \"setAllowedFields|setDisallowedFields\"\n     and function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n        ]\n    ]\n       ]\n   ]\n   and f.parameters contains [Variable p:\n       p.uses.length > 0\n       and not ( p.annotations contains [Annotation:\n    type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestPart)\" or type.name == \"javax.validation.Valid\"])\n    and p.type.definition is [Class commandClass:\n        /* user-controlled type  */\n        functions contains [Function: isBodyAvailable]\n        /* Class is annotated with JAXB annotations */\n        and annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\..*\"]\n        /* check that bound class is not annotated with jaxb annotations to control binding */\n        and not annotations contains [Annotation:\n     type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\.XmlAccessorType\"\n     and elements contains [AnnotationElement: value matches \".*NONE.*\"]\n        ]\n    ]*\n    and not p.type.definition is [Class: supers contains [Class: name == \"java.lang.Enum\"]]\n    and not p.type.primitive\n    and not p.uses contains [VariableAccess va:\n        va.realReads contains [VariableAccess va1:\n     va1 in [FunctionCall fc:\n         fc.name == \"validate\"\n         and fc.function.enclosingClass.supers contains [Class c: c.name == \"org.springframework.validation.Validator\"]\n     ]\n        ]\n    ]\n       ]\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function f: annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ] and enclosingClass is [Class:\n       annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n   ] and not enclosingClass.supers contains [Class p2:\n       p2.functions contains [Function binder:\n    (binder.supers contains [Function: annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"] ]\n    or annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"])\n    and binder reaches [Function: contains [FunctionCall:\n     function.name matches \"setAllowedFields|setDisallowedFields\"\n     and function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n        ]\n    ]\n       ]\n   ]\n   and f.parameters contains [Variable p:\n       not ( p.annotations contains [Annotation:\n    type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestPart)\"])\n    and p.type.definition is [Class commandClass:\n        /* Class is annotated with JAXB annotations */\n        annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\..*\"]\n        /* check that bound class is not annotated with jaxb annotations to control binding */\n        and not annotations contains [Annotation:\n     type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\.XmlAccessorType\"\n     and elements contains [AnnotationElement: value matches \".*NONE.*\"]\n        ]\n        and not name matches \"(org\\.restlet|(jakarta|(kotlin|java)(x)?))\\..*\"\n    ]*\n    and not p.type.primitive\n    and not p.type.definition is [Class: name matches \"(jakarta|(kotlin|java)(x)?)\\..*\"\n        or name matches \"org\\.springframework\\..*\"\n    ]\n       ]\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function f: annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ] and enclosingClass is [Class:\n       annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n   ] and not enclosingClass.supers contains [Class p2:\n       p2.functions contains [Function binder:\n    (binder.supers contains [Function: annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"] ]\n    or annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"])\n    and binder reaches [Function: contains [FunctionCall:\n     function.name matches \"setAllowedFields|setDisallowedFields\"\n     and function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n        ]\n    ]\n       ]\n   ]\n   and f.parameters contains [Variable p:\n       p.uses.length > 0\n       and ( p.annotations contains [Annotation:\n    type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestPart)\"])\n    and p.type.definition is [Class commandClass:\n        /* user-controlled type  */\n        functions contains [Function: isBodyAvailable]\n        /* Class or class fields are annotated with Jackson annotations */\n        and (\n     annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]\n     or\n     fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]]\n\n        )\n        /* check that bound class is not annotated with jackson annotations to control binding */\n        and not annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonIgnoreProperties|JsonIgnoreType)\"]\n        and not fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonInclude|JsonIgnore)\"]]\n    ]*\n    and not p.type.definition is [Class: supers contains [Class: name == \"java.lang.Enum\"]]\n    and not p.type.primitive\n    and not p.annotations contains [Annotation: type.name == \"javax.validation.Valid\"]\n    and not p.uses contains [VariableAccess va:\n        va.realReads contains [VariableAccess va1:\n     va1 in [FunctionCall fc:\n         fc.name == \"validate\"\n         and fc.function.enclosingClass.supers contains [Class c: c.name == \"org.springframework.validation.Validator\"]\n     ]\n        ]\n    ]\n       ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function f: annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ] and enclosingClass is [Class:\n       annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n   ] and not enclosingClass.supers contains [Class p2:\n       p2.functions contains [Function binder:\n    (binder.supers contains [Function: annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"] ]\n    or annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"])\n    and binder reaches [Function: contains [FunctionCall:\n     function.name matches \"setAllowedFields|setDisallowedFields\"\n     and function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n        ]\n    ]\n       ]\n   ]\n   and f.parameters contains [Variable p:\n       ( p.annotations contains [Annotation:\n    type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestPart)\"])\n    and p.type.definition is [Class commandClass:\n        /* Class or class fields are annotated with Jackson annotations */\n        (\n     annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]\n     or\n     fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]]\n\n        )\n        /* check that bound class is not annotated with jackson annotations to control binding */\n        and not annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonIgnoreProperties|JsonIgnoreType)\"]\n        and not fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonInclude|JsonIgnore)\"]]\n        and not name matches \"(org\\.restlet|(jakarta|(kotlin|java)(x)?))\\..*\"\n    ]*\n    and not p.type.primitive\n       ]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function f: annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ] and enclosingClass is [Class:\n       annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n   ] and not enclosingClass.supers contains [Class p2:\n       p2.functions contains [Function binder:\n    (binder.supers contains [Function: annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"] ]\n    or annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"])\n    and binder reaches [Function: contains [FunctionCall:\n     function.name matches \"setAllowedFields|setDisallowedFields\"\n     and function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n        ]\n    ]\n       ]\n   ]\n   and f.parameters contains [Variable p:\n       p.uses.length > 0\n       and not ( p.annotations contains [Annotation:\n    type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestPart)\" or type.name == \"javax.validation.Valid\"])\n    and p.type.definition is [Class commandClass:\n        /* user-controlled type  */\n        functions contains [Function: isBodyAvailable]\n        /* Class or class fields are annotated with Jackson annotations */\n        and (\n     annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]\n     or\n     fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]]\n\n        )\n        /* check that bound class is not annotated with jackson annotations to control binding */\n        and not annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonIgnoreProperties|JsonIgnoreType)\"]\n        and not fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonInclude|JsonIgnore)\"]]\n    ]*\n    and not p.type.definition is [Class: supers contains [Class: name == \"java.lang.Enum\"]]\n    and not p.type.primitive\n    and not p.uses contains [VariableAccess va:\n        va.realReads contains [VariableAccess va1:\n     va1 in [FunctionCall fc:\n         fc.name == \"validate\"\n         and fc.function.enclosingClass.supers contains [Class c: c.name == \"org.springframework.validation.Validator\"]\n     ]\n        ]\n    ]\n       ]\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n      Function f: annotations contains [Annotation:\n       type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n       or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n   ] and enclosingClass is [Class:\n       annotations contains [Annotation: type.name == \"org.springframework.stereotype.Controller\" or type.name == \"org.springframework.web.bind.annotation.RestController\"]\n   ] and not enclosingClass.supers contains [Class p2:\n       p2.functions contains [Function binder:\n    (binder.supers contains [Function: annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"] ]\n    or annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.InitBinder\"])\n    and binder reaches [Function: contains [FunctionCall:\n     function.name matches \"setAllowedFields|setDisallowedFields\"\n     and function.enclosingClass.supers contains [Class: name == \"org.springframework.validation.DataBinder\"]\n        ]\n    ]\n       ]\n   ]\n   and f.parameters contains [Variable p:\n       not ( p.annotations contains [Annotation:\n    type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestPart)\"])\n    and p.type.definition is [Class commandClass:\n        /* Class or class fields are annotated with Jackson annotations */\n        (\n     annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]\n     or\n     fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]]\n\n        )\n        /* check that bound class is not annotated with jackson annotations to control binding */\n        and not annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonIgnoreProperties|JsonIgnoreType)\"]\n        and not fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonInclude|JsonIgnore)\"]]\n        and not name matches \"(org\\.restlet|(jakarta|(kotlin|java)(x)?))\\..*\"\n    ]*\n    and not p.type.primitive\n    and not p.type.definition is [Class: name matches \"(jakarta|(kotlin|java)(x)?)\\..*\"\n        or name matches \"org\\.springframework\\..*\"\n    ]\n       ]\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: function.name == \"setProtocol\"\n   and function.enclosingClass.name == \"org.springframework.mail.javamail.JavaMailSenderImpl\"\n   and arguments[0].constantValue == \"smtp\"\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe Deserialization",
-    "predicate": "\n  Class c: (labels contains [String: == \"JMXBean\"]\n      or annotations contains [Annotation: type.name == \"org.springframework.jmx.export.annotation.ManagedResource\"])\n      and functions contains [Function: \n   parameterTypes.length > 0\n   and parameterTypes contains [Type:\n       not primitive\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe Deserialization",
-    "predicate": "\n  Function: (annotations contains [Annotation: type.name == \"org.springframework.jms.annotation.JmsListener\"] or labels contains [String: == \"SpringJmsListenerMethod\"])\n      and parameters contains [Variable:\n   type is [Type:\n       not primitive\n       and not definition.supers contains [Class: name matches \"java\\.lang\\.(Boolean|String|Number)\" or name == \"javax.jms.Message\"]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: name matches \"(Imap|Pop3)MailReceiver\"\n   and function.enclosingClass.name matches \"org\\.springframework\\.integration\\.mail\\.(Imap|Pop3)MailReceiver\"\n   and arguments.length == 1\n   and arguments[0].constantValue matches \"^(imap|pop3)\\:.*\"\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe Deserialization",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class: name == \"org.springframework.data.redis.core.RedisTemplate\"]\n      ]\n      and enclosingFunction is [Function f:\n   /* Not all serializers are set */\n   not (\n       f contains [FunctionCall:\n    function.name == \"setKeySerializer\"\n    and function.enclosingClass.supers contains [Class: name == \"org.springframework.data.redis.core.RedisTemplate\"]\n       ]\n       and f contains [FunctionCall:\n    function.name == \"setValueSerializer\"\n    and function.enclosingClass.supers contains [Class: name == \"org.springframework.data.redis.core.RedisTemplate\"]\n       ]\n       and f contains [FunctionCall:\n    function.name == \"setHashValueSerializer\"\n    and function.enclosingClass.supers contains [Class: name == \"org.springframework.data.redis.core.RedisTemplate\"]\n       ]\n       and f contains [FunctionCall:\n    function.name == \"setHashKeySerializer\"\n    and function.enclosingClass.supers contains [Class: name == \"org.springframework.data.redis.core.RedisTemplate\"]\n       ]\n   )\n   /* default serializer is changed */\n   and not f contains [FunctionCall:\n       function.name == \"setDefaultSerializer\"\n       and function.enclosingClass.supers contains [Class: name == \"org.springframework.data.redis.core.RedisTemplate\"]\n   ]\n   /* default serializer is disabled */\n   and not f contains [FunctionCall:\n       function.name == \"setEnableDefaultSerializer\"\n       and function.enclosingClass.supers contains [Class: name == \"org.springframework.data.redis.core.RedisTemplate\"]\n       and arguments[0].constantValue == false\n   ]\n      ]*\n\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Boot Misconfiguration",
-    "vuln_subcategory": "Actuator Endpoint Security Disabled",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"setSensitive\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.boot.actuate.endpoint.mvc.AbstractMvcEndpoint\"\n       or name == \"org.springframework.boot.actuate.endpoint.AbstractEndpoint\"\n   ]\n      ]\n      and arguments[0] is [Expression:\n   constantValue is [Boolean: is false]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Boot Misconfiguration",
-    "vuln_subcategory": "Actuator Endpoint Security Disabled",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.boot.actuate.endpoint.mvc.AbstractMvcEndpoint\"\n       or name == \"org.springframework.boot.actuate.endpoint.AbstractEndpoint\"\n   ]\n      ]\n      and arguments[1] is [Expression:\n   constantValue is [Boolean: is false]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Spring Boot Misconfiguration",
-    "vuln_subcategory": "Actuator Endpoint Security Disabled",
-    "predicate": "\n  ReturnStatement rs:\n      enclosingFunction is [Function:\n   name == \"isSensitive\"\n   and enclosingClass.supers contains [Class:\n       name == \"org.springframework.boot.actuate.endpoint.Endpoint\"\n       or name == \"org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint\"\n   ]\n  ] and expression is [Expression e:\n      constantValue is [Boolean: is false]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Session Puzzling",
-    "vuln_subcategory": "Spring",
-    "predicate": "\n  Function cmethod:\n      annotations contains [Annotation:\n   type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n   or type.definition.labels contains [String s: s == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n      ]\n      and enclosingClass is [Class:\n   annotations contains [Annotation:\n      type.name == \"org.springframework.stereotype.Controller\"\n      or type.name == \"org.springframework.web.bind.annotation.RestController\"\n   ]\n   and annotations contains [Annotation:\n      type.name == \"org.springframework.web.bind.annotation.SessionAttributes\"\n   ]\n      ]*\n      and parameters contains [Variable p:\n         not p.annotations contains [Annotation: type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.(PathVariable|MatrixVariable|RequestParam|RequestHeader|RequestBody|RequestMethod|RequestPart|CookieValue|SessionAttribute|RequestAttribute)\"]\n         /* These args are labeled in a different rule */\n         and not p.annotations contains [Annotation: type.name == \"org.springframework.web.bind.annotation.ModelAttribute\"]\n         and not p.type.definition.supers contains [Class:\n      name matches \"org\\.springframework\\.web\\.context\\.request\\.(Native)?WebRequest\" or\n      name matches \"javax\\.servlet\\.Servlet(Request|Response)\" or\n      name matches \"javax\\.servlet\\.http\\.HttpServlet(Request|Response)\" or\n      name matches \"javax\\.portlet\\.Portlet(Request|Session)\" or\n      name matches \"java\\.io\\.(OutputStream|Writer)\" or\n      name matches \"org\\.springframework\\.ui\\.Model(Map)?\" or\n      name matches \"org\\.springframework\\.http\\.Http(Method|Entity)\" or\n      name matches \"org\\.springframework\\.validation\\.(Errors|BindingResult)\" or\n      name matches \"java\\.util\\.(Map|Locale|TimeZone|UUID)\" or\n      name == \"java.time.ZoneId\" or\n      name == \"java.security.Principal\" or\n      name == \"javax.servlet.http.HttpSession\" or\n      name == \"org.springframework.web.bind.support.SessionStatus\" or\n      name == \"org.springframework.web.servlet.mvc.support.RedirectAttributes\" or\n      name == \"org.springframework.web.util.UriComponentsBuilder\" or\n      name == \"org.springframework.web.reactive.function.ServerRequest\" or\n      name == \"org.springframework.web.reactive.function.ServerResponse\"\n         ]\n     ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "XML External Entity Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f:\n      f.annotations contains [Annotation:\n   type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.((Request|Get|Post|Delete|Put|Patch)Mapping|ExceptionHandler)\"\n   or type.definition.labels contains [String s1: s1 == \"SPRINGMVC_REQUESTMAPPING_CLASS\"]\n      ] and\n      f.parameters contains [Variable v:\n   not v.annotations contains [Annotation: type.name matches \"org\\.springframework\\.web\\.bind\\.annotation\\.ModelAttribute\"] and\n   not v.type == T\"java.lang.String\"\n   and v.type.definition is [Class m: m.labels contains [String s: s == \"XMLMapped\"] ]*\n      ] and\n      f.enclosingClass is [Class c: c.annotations contains [Annotation: type.name matches \"org\\.springframework\\.stereotype\\.Controller\"]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Portability Flaw",
-    "vuln_subcategory": "Native SQL",
-    "predicate": "\n  FunctionCall fc: function.name matches \"prepareNative(Call|Statement)\"\n   and fc.function.enclosingClass.supers contains [Class: name == \"com.sap.sql.NativeSQLAccess\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "XML Entity Expansion Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f: f.annotations contains [Annotation a:\n      a.type.name matches \"org\\.restlet(\\.client)?\\.resource.(Get|Post|Put|Delete)\"\n      and a.elements contains [AnnotationElement ae:\n   ae.value matches \".*xml.*\"]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: name == \"add\"\n      and function.enclosingClass.supers contains [Class:\n   name == \"org.restlet.util.ServerList\"]\n   and arguments[0].location is [FieldAccess f:\n       f.type.name matches \"org\\.restlet(\\.client)?\\.data\\.Protocol\"\n       and ((f.field.name == \"HTTP\")\n       or (f.field.name == \"FTP\")\n       or (f.field.name == \"SMTP\")\n       or (f.field.name == \"POP\")\n       or (f.field.name == \"SIP\"))]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: name == \"add\"\n      and function.enclosingClass.supers contains [Class:\n   name == \"org.restlet.util.ServerList\"]\n   and arguments[0].location is [FieldAccess f:\n       f.type.name matches \"org\\.restlet(\\.client)?\\.data\\.Protocol\"\n       and ((f.field.name == \"HTTP\")\n       or (f.field.name == \"FTP\")\n       or (f.field.name == \"SMTP\")\n       or (f.field.name == \"POP\")\n       or (f.field.name == \"SIP\"))]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: (function.constructor or function.name == \"init^\")\n      and function.enclosingClass.supers contains [Class: name == \"org.restlet.Server\"]\n      and arguments[1].location is [FieldAccess f: f.type.name matches \"org\\.restlet(\\.client)?\\.data\\.Protocol\"\n      and ((f.field.name == \"HTTP\") or (f.field.name == \"FTP\") or (f.field.name == \"SMTP\") or (f.field.name == \"POP\") or (f.field.name == \"SIP\"))]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: (function.constructor or function.name == \"init^\")\n      and function.enclosingClass.supers contains [Class: name == \"org.restlet.Server\"]\n      and arguments[1].location is [FieldAccess f: f.type.name matches \"org\\.restlet(\\.client)?\\.data\\.Protocol\"\n      and ((f.field.name == \"HTTP\") or (f.field.name == \"FTP\") or (f.field.name == \"SMTP\") or (f.field.name == \"POP\") or (f.field.name == \"SIP\"))]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: (function.constructor or function.name == \"init^\")\n      and function.enclosingClass.supers contains [Class: name == \"org.restlet.Server\"]\n      and arguments[0].location is [FieldAccess f: f.type.name matches \"org\\.restlet(\\.client)?\\.data\\.Protocol\"\n      and ((f.field.name == \"HTTP\") or (f.field.name == \"FTP\") or (f.field.name == \"SMTP\") or (f.field.name == \"POP\") or (f.field.name == \"SIP\"))]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: (function.constructor or function.name == \"init^\")\n      and function.enclosingClass.supers contains [Class: name == \"org.restlet.Server\"]\n      and arguments[0].location is [FieldAccess f: f.type.name matches \"org\\.restlet(\\.client)?\\.data\\.Protocol\"\n      and ((f.field.name == \"HTTP\") or (f.field.name == \"FTP\") or (f.field.name == \"SMTP\") or (f.field.name == \"POP\") or (f.field.name == \"SIP\"))]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"org\\.restlet(\\.client)?\\.resource\\.(Post|Put)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* user-controlled type  */\n      functions contains [Function: isBodyAvailable]\n      /* Command Class is not annotated at all */\n      and not annotations contains [Annotation: ]\n      and not fields contains [Field: annotations contains [Annotation: ]]\n  ]*\n  and not v.type.primitive\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"org\\.restlet(\\.client)?\\.resource\\.(Post|Put)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* Command Class is not annotated at all */\n      not annotations contains [Annotation: ]\n      and not fields contains [Field: annotations contains [Annotation: ]]\n      and not name matches \"(org\\.restlet|(jakarta|(kotlin|java)(x)?))\\..*\"\n  ]*\n  and not v.type.primitive\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"org\\.restlet(\\.client)?\\.resource\\.(Post|Put)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* user-controlled type  */\n      functions contains [Function: isBodyAvailable]\n      /* Class is annotated with JAXB annotations */\n      and annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\..*\"]\n      /* check that bound class is not annotated with jaxb annotations to control binding */\n      and not annotations contains [Annotation:\n   type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\.XmlAccessorType\"\n   and elements contains [AnnotationElement: value matches \".*NONE.*\"]\n      ]\n  ]*\n  and not v.type.primitive\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"org\\.restlet(\\.client)?\\.resource\\.(Post|Put)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* Class is annotated with JAXB annotations */\n      annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\..*\"]\n      /* check that bound class is not annotated with jaxb annotations to control binding */\n      and not annotations contains [Annotation:\n   type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\.XmlAccessorType\"\n   and elements contains [AnnotationElement: value matches \".*NONE.*\"]\n      ]\n      and not name matches \"(org\\.restlet|(jakarta|(kotlin|java)(x)?))\\..*\"\n  ]*\n  and not v.type.primitive\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"org\\.restlet(\\.client)?\\.resource\\.(Post|Put)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* Class or class fields are annotated with Jackson annotations */\n      (\n   annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]\n   or\n   fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]]\n\n      )\n      /* check that bound class is not annotated with jackson annotations to control binding */\n      and not annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonIgnoreProperties|JsonIgnoreType)\"]\n      and not fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonInclude|JsonIgnore)\"]]\n      and not name matches \"(org\\.restlet|(jakarta|(kotlin|java)(x)?))\\..*\"\n  ]*\n  and not v.type.primitive\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Sensitive Field Exposure",
-    "predicate": "\n        Field f: f.labels contains [String s: s == \"exposedRESTField\"]\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Insecure Storage",
-    "vuln_subcategory": "Missing Database Encryption",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   name == \"getDefaultInstance\"\n   and enclosingClass.supers contains [Class:\n       name matches \"io\\.realm\\.(Base)?Realm\"\n   ]\n      ]\n      and not enclosingFunction reachedBy [Function:\n   labels contains \"REALM_OVERRIDDEN_CONFIGURATION\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Insecure Sanitizer Policy",
-    "vuln_subcategory": None,
-    "predicate": "\n     FunctionCall fc: fc.function is [Function f: f.name == \"allowElements\"\n       and f.enclosingClass.supers contains [Class s: name == \"org.owasp.html.HtmlPolicyBuilder\"]]\n       and fc.arguments contains [Expression exp: exp.constantValue matches \"(?i)script|style\"]\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Weak Redundancy",
-    "predicate": "\n  FunctionCall fc:(  fc.function is [Function fun:\n     ((fun.enclosingClass.supers contains [Class c: c.name == \"org.owasp.esapi.User\"] and fun.name == \"changePassword\")or\n     (fun.enclosingClass.supers contains [Class c1: c1.name == \"org.owasp.esapi.Authenticator\"] and fun.name == \"createUser\"))] and\n       (fc.arguments[1] is [FieldAccess fa1: fa1.instance is [VariableAccess var1:\n         fc.arguments[2] is [FieldAccess fa2: fa2.instance is [VariableAccess var2: var1.variable.name == var2.variable.name ]]]] or\n       fc.arguments[1] is [VariableAccess va1: fc.arguments[2] is [VariableAccess va2: va1.variable.name == va2.variable.name]])\n    )or\n    (  (fc.function is [Function fun1: fun1.enclosingClass.supers contains [Class c2: c2.name == \"org.owasp.esapi.Authenticator\"] and fun1.name == \"changePassword\"]) and\n       (fc.arguments[2] is [FieldAccess fa3: fa3.instance is [VariableAccess var3:\n         fc.arguments[3] is [FieldAccess fa4: fa4.instance is [VariableAccess var4: var3.variable.name == var4.variable.name ]]]] or\n       fc.arguments[2] is [VariableAccess va3: fc.arguments[3] is [VariableAccess va4: va3.variable.name == va4.variable.name]])\n    )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall: function.name == \"generateSecretKey\"\n   and function.enclosingClass.supers contains [ Class: name == \"org.owasp.esapi.crypto.CryptoHelper\"]\n   and arguments[0].constantValue  is [String s: s matches \"DESede(.*)\"]\n   and arguments[1].constantValue is [Number:  < 168]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall: function.name == \"generateSecretKey\"\n   and function.enclosingClass.supers contains [ Class: name == \"org.owasp.esapi.crypto.CryptoHelper\"]\n   and arguments[0].constantValue  is [String s: s matches \"AES(.*)\"]\n   and arguments[1].constantValue is [Number:  < 128]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall: function.name == \"generateSecretKey\"\n   and function.enclosingClass.supers contains [Class: name == \"org.owasp.esapi.crypto.CryptoHelper\"]\n   and arguments[0].constantValue  is [String s: s matches \"RSA(.*)\"]\n   and arguments[1].constantValue is [Number:  < 2048]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall: ( function.constructor or function.name == \"init^\" )\n   and function.enclosingClass.supers contains [Class: name == \"org.owasp.esapi.crypto.CipherSpec\"]\n   and arguments[0].constantValue  is [String s: s matches \"DESede(.*)\"]\n   and arguments[1].constantValue is [Number:  < 168]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall: ( function.constructor or function.name == \"init^\" )\n   and function.enclosingClass.supers contains [Class: name == \"org.owasp.esapi.crypto.CipherSpec\"]\n   and arguments[0].constantValue  is [String s: s matches \"AES(.*)\"]\n   and arguments[1].constantValue is [Number:  < 128]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insufficient Key Size",
-    "predicate": "\n  FunctionCall: ( function.constructor or function.name == \"init^\" )\n   and function.enclosingClass.supers contains [Class: name == \"org.owasp.esapi.crypto.CipherSpec\"]\n   and arguments[0].constantValue  is [String s: s matches \"RSA(.*)\"]\n   and arguments[1].constantValue is [Number:  < 2048]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Unauthenticated Service",
-    "vuln_subcategory": "MongoDB",
-    "predicate": "\n  FunctionCall fc:\n      function is [Function:\n   (name == \"init^\" or constructor)\n   and enclosingClass.supers contains [Class:\n       name == \"com.mongodb.MongoClientURI\"\n   ]\n      ]\n      and not arguments[0].constantValue matches \"mongodb://.*:.*@.*\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "XML External Entity Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  Function f: annotations contains [Annotation a: type == T\"javax.ws.rs.Consumes\"\n      and elements contains [AnnotationElement e: key == \"value\" and\n   (value is [String s:  s matches \".*xml.*\"])\n   or\n   (value is [ConstantArray c: values contains [String s2: s2 matches \".*xml.*\"]])\n      ]\n  ]\n  and f.parameters contains [Variable v:\n   not v.type == T\"java.lang.String\"\n   and v.type.definition is [Class m: m.annotations contains [Annotation: type.name == \"javax.xml.bind.annotation.XmlRootElement\"]]*\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"javax\\.ws\\.rs\\.(POST|PUT)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* user-controlled type  */\n      functions contains [Function: isBodyAvailable]\n      /* Command Class is not annotated at all */\n      and not annotations contains [Annotation: ]\n      and not fields contains [Field: annotations contains [Annotation: ]]\n  ]*\n  and not v.type.primitive\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"javax\\.ws\\.rs\\.(POST|PUT)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* Command Class is not annotated at all */\n      not annotations contains [Annotation: ]\n      and not fields contains [Field: annotations contains [Annotation: ]]\n      and not name matches \"(org\\.restlet|(jakarta|(kotlin|java)(x)?))\\..*\"\n  ]*\n  and not v.type.primitive\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.ws\\.rs\\.(POST|PUT)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* user-controlled type  */\n      functions contains [Function: isBodyAvailable]\n      /* Class is annotated with JAXB annotations */\n      and annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\..*\"]\n      /* check that bound class is not annotated with jaxb annotations to control binding */\n      and not annotations contains [Annotation:\n   type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\.XmlAccessorType\"\n   and elements contains [AnnotationElement: value matches \".*NONE.*\"]\n      ]\n  ]*\n  and not v.type.primitive\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.ws\\.rs\\.(POST|PUT)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* Class is annotated with JAXB annotations */\n      annotations contains [Annotation: type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\..*\"]\n      /* check that bound class is not annotated with jaxb annotations to control binding */\n      and not annotations contains [Annotation:\n   type.name matches \"(javax|jakarta)\\.xml\\.bind\\.annotation\\.XmlAccessorType\"\n   and elements contains [AnnotationElement: value matches \".*NONE.*\"]\n      ]\n      and not name matches \"(org\\.restlet|(jakarta|(kotlin|java)(x)?))\\..*\"\n  ]*\n  and not v.type.primitive\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"javax\\.ws\\.rs\\.(POST|PUT)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* user-controlled type  */\n      functions contains [Function: isBodyAvailable]\n      /* Class or class fields are annotated with Jackson annotations */\n      and (\n   annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]\n   or\n   fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]]\n\n      )\n      /* check that bound class is not annotated with jackson annotations to control binding */\n      and not annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonIgnoreProperties|JsonIgnoreType)\"]\n      and not fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonInclude|JsonIgnore)\"]]\n  ]*\n  and not v.type.primitive\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Insecure Binder Configuration",
-    "predicate": "\n  Variable v: v.enclosingFunction is [Function f: f.parameters contains v\n      and f.annotations contains [Annotation: type.name matches \"javax\\.ws\\.rs\\.(POST|PUT)\"]\n  ]\n  and v.type.definition is [Class commandClass:\n      /* Class or class fields are annotated with Jackson annotations */\n      (\n   annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]\n   or\n   fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\..*\"]]\n\n      )\n      /* check that bound class is not annotated with jackson annotations to control binding */\n      and not annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonIgnoreProperties|JsonIgnoreType)\"]\n      and not fields contains [Field: annotations contains [Annotation: type.name matches \"(com\\.fasterxml\\.jackson\\.annotation|org\\.codehaus\\.jackson\\.annotate)\\.(JsonInclude|JsonIgnore)\"]]\n      and not name matches \"(org\\.restlet|(jakarta|(kotlin|java)(x)?))\\..*\"\n  ]*\n  and not v.type.primitive\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "HTTPOnly not Set",
-    "predicate": "\n  FunctionCall: function is [Function: (constructor or name == \"init^\") and enclosingClass.supers contains [Class: name == \"javax.ws.rs.core.NewCookie\"]]\n      and (\n   (arguments.length == 1 or arguments.length == 2 or arguments.length == 4 or arguments.length == 7)\n   or (arguments.length == 6 and arguments[5] is [BooleanLiteral: not value is true])\n   or (arguments.length == 8 and arguments[7] is [BooleanLiteral: not value is true] and arguments[6].type.name == \"boolean\")\n   or (arguments.length == 8 and arguments[6].type.name == \"int\")\n   or (arguments.length == 10 and arguments[9] is [BooleanLiteral: not value is true])\n      )\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Persistent Session Cookie",
-    "predicate": "\n  FunctionCall: function is [Function: \n   name == \"setMaxAge\"\n   and enclosingClass.supers contains [Class: name matches \"(javax|jakarta)\\.servlet\\.SessionCookieConfig\"]\n      ]\n      and arguments[0] is [Expression: constantValue is [Number: > 0]]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Environment",
-    "vuln_category": "J2EE Misconfiguration",
-    "vuln_subcategory": "Excessive Session Timeout",
-    "predicate": "\n  FunctionCall: function is [Function:\n   name == \"setSessionTimeout\"\n   and enclosingClass.supers contains [Class c: c.name == \"jakarta.servlet.ServletContext\"]\n      ]\n      and arguments[0].partialConstantValues contains [Number n: n > 30 or n < 0]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "J2EE Bad Practices",
-    "vuln_subcategory": "Insufficient Session Expiration",
-    "predicate": "\n  FunctionCall: function is\n   [name == \"setMaxInactiveInterval\"\n    and enclosingClass.supers contains [Class c: c.type.name matches \"(javax|jakarta)\\.servlet\\.http\\.HttpSession\"]]\n    and arguments[0].partialConstantValues contains [Number: < 0]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe Deserialization",
-    "predicate": "\n  FunctionCall: function is [Function:\n      name == \"getObject\"\n      and enclosingClass.supers contains [Class: name matches \"(javax|jakarta)\\.jms\\.ObjectMessage\"]\n      and not enclosingClass.supers contains [Class: name == \"org.apache.activemq.command.ActiveMQObjectMessage\"]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Signature",
-    "vuln_subcategory": "XML Signature Secure Validation Disabled",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"setProperty\"\n   and enclosingClass.supers contains [Class:\n       name == \"javax.xml.crypto.XMLCryptoContext\"\n   ]\n      ]\n      and arguments[0].constantValue == \"org.jcp.xml.dsig.secureValidation\"\n      and arguments[1].constantValue != true\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: (function.constructor or function.name == \"init^\")\n   and function.enclosingClass.supers contains [Class: name == \"com.sun.mail.smtp.SMTPTransport\"]\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: name == \"POP3Store\"\n   and function.enclosingClass.name == \"com.sun.mail.pop3.POP3Store\"\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: name == \"IMAPStore\"\n   and function.enclosingClass.name == \"com.sun.mail.imap.IMAPStore\"\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: name == \"URLName\"\n   and function.enclosingClass.name == \"jakarta.mail.URLName\"\n   and (\n       (arguments.length == 6 and not arguments[0].constantValue.None and arguments[0].constantValue matches \"imap|pop3|smtp\")\n       or (arguments.length == 1 and arguments[0].constantValue matches \"^(imap|pop3|smtp)\\:.*\")\n   )\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: name == \"URLName\"\n   and function.enclosingClass.name == \"javax.mail.URLName\"\n   and (\n       (arguments.length == 6 and not arguments[0].constantValue.None and arguments[0].constantValue matches \"imap|pop3|smtp\")\n       or (arguments.length == 1 and arguments[0].constantValue matches \"^(imap|pop3|smtp)\\:.*\")\n   )\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: name == \"Provider\"\n   and function.enclosingClass.name == \"jakarta.mail.Provider\"\n   and arguments[1].constantValue matches \"imap|pop3\"\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: name == \"Provider\"\n   and function.enclosingClass.name == \"javax.mail.Provider\"\n   and arguments[1].constantValue matches \"imap|pop3\"\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: function.name == \"getStore\"\n   and function.enclosingClass.name == \"jakarta.mail.Session\"\n   and arguments[0].constantValue matches \"imap|pop3\"\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: function.name == \"getStore\"\n   and function.enclosingClass.name == \"javax.mail.Session\"\n   and arguments[0].constantValue matches \"imap|pop3\"\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Overly Broad Certificate Trust",
-    "predicate": "\n  FunctionCall call: call.function.name == \"trustManager\"\n      and call.function.enclosingClass.name == \"io.grpc.TlsChannelCredentials$Builder\"\n      and arguments contains [Expression e:\n   type.definition.supers contains [Class: name == \"javax.net.ssl.X509TrustManager\"]\n   and type.definition contains [Function: name == \"getAcceptedIssuers\" and contains [ReturnStatement: expression is [NoneLiteral: ]]]\n  ]\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Overly Broad Certificate Trust",
-    "predicate": "\n  FunctionCall call: call.function.name == \"trustManager\" and\n   call.function.enclosingClass.name == \"io.netty.handler.ssl.SslContextBuilder\" and\n   call.arguments.length == 1 and\n   call.arguments[0] is [FieldAccess fa: fa.name == \"INSTANCE\" and\n       fa.field.enclosingClass.name == \"io.netty.handler.ssl.util.InsecureTrustManagerFactory\"]\n    "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Access Control",
-    "vuln_subcategory": "gRPC Fail Open",
-    "predicate": "\n       ReturnStatement r: in [\n    CatchBlock: (enclosingClass.supers contains [name == \"io.grpc.ServerInterceptor\"] and\n      enclosingFunction.name == \"interceptCall\" and\n      enclosingFunction.parameters contains [Variable p:\n           p.type.definition is [Class: name == \"io.grpc.Metadata\"]\n           and p.uses.length > 0\n           and p.uses contains [VariableAccess va: va.realReads.length > 1]\n           ] and\n      exception.type.name == \"java.lang.Exception\" or\n      exception.type.name == \"java.lang.Throwable\" or\n      exception.type.name == \"java.lang.Error\" or\n      exception.type.name == \"java.lang.RuntimeException\") and\n      not contains [ThrowStatement: ]\n    ]\n    /*\n    return next.startCall(call, metadata);\n    */\n    and r.expression is [FunctionCall fc: fc.name == \"startCall\"\n     and fc.arguments.length == 2\n     and fc.arguments[0] is [VariableAccess var1:  var1.variable.type.definition.supers contains [Class: name == \"io.grpc.ServerCall\"]]\n     and fc.arguments[1] is [VariableAccess var2:  var2.variable.type.definition.supers contains [Class: name == \"io.grpc.Metadata\"]]\n        ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement:\n      lhs is [FieldAccess:\n   instance is [VariableAccess: this]\n   and field is [Field dec:\n       /* We assume that a static or singleton file is meant to be shared by design */\n       not static\n       and not type.definition.labels contains [String s: s matches \".*SingletonBean$\"]\n   ]*\n      ]*\n      and enclosingClass.labels contains \"EJBSingletonBean\"\n      and not enclosingFunction is [Function:\n   /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n   (constructor or name matches \"init.*\")\n   /* EXCEPTION: @PostConstruct and @PreDestroy methods are only called once */\n   or (annotations contains [type.name matches \"javax.annotation.(PostConstruct|PreDestroy)\"])\n   /* EXCEPTION: enclosing function is only reachable from a constructor */\n   or (not public and not protected and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor])\n   /* EXCEPTION: enclosing function is only reachable from a method that is only called once */\n   or (\n       callers.length != 0\n       and not callers contains [Function:\n    not constructor\n    and not name == \"init^\"\n    and not annotations contains [Annotation:\n        type.name matches \"javax.annotation.(PostConstruct|PreDestroy)\"\n    ]\n    and not name matches \"init.*\"\n       ]\n   )\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"allowedOrigins\"\n   and enclosingClass.supers contains [Class:\n       name matches \"software\\.amazon\\.awssdk\\.services\\.s3\\.model\\.CORSRule(\\.|\\$)Builder\"\n   ]\n      ] \n      and arguments contains [Expression:\n   constantValue == \"*\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Insecure Storage",
-    "vuln_subcategory": "S3 Read Anonymous Access",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"acl\"\n   and enclosingClass.supers contains [Class:\n       name matches \"software\\.amazon\\.awssdk\\.services\\.s3\\.model\\..*Builder\"\n   ]\n      ] \n      and arguments[0] is [FieldAccess:\n   field is [Field:\n       (name == \"PUBLIC_READ\" or  name == \"AUTHENTICATED_READ\")\n       and enclosingClass.supers contains [Class:\n    name == \"software.amazon.awssdk.services.s3.model.BucketCannedACL\"\n    or name == \"software.amazon.awssdk.services.s3.model.ObjectCannedACL\"\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Insecure Storage",
-    "vuln_subcategory": "S3 Full Anonymous Access",
-    "predicate": "\n  FunctionCall:\n      function is [Function:\n   name == \"acl\"\n   and enclosingClass.supers contains [Class:\n       name matches \"software\\.amazon\\.awssdk\\.services\\.s3\\.model\\..*Builder\"\n   ]\n      ] \n      and arguments[0] is [FieldAccess:\n   field is [Field:\n       name == \"PUBLIC_READ_WRITE\"\n       and enclosingClass.supers contains [Class:\n    name == \"software.amazon.awssdk.services.s3.model.BucketCannedACL\"\n    or name == \"software.amazon.awssdk.services.s3.model.ObjectCannedACL\"\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "HTML5",
-    "vuln_subcategory": "Overly Permissive CORS Policy",
-    "predicate": "\n  FunctionCall fc: \n      function is [Function:\n   name == \"setAllowedOrigins\"\n   and enclosingClass.supers contains [Class:\n       name == \"com.amazonaws.services.s3.model.CORSRule\"\n   ]\n      ] \n      and arguments contains [Expression:\n   constantValue == \"*\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Insecure Storage",
-    "vuln_subcategory": "S3 Read Anonymous Access",
-    "predicate": "\n  FieldAccess fa: \n      field is [Field:\n   name matches \"AuthenticatedRead|PublicRead\"\n   and enclosingClass.supers contains [Class:\n       name == \"com.amazonaws.services.s3.model.CannedAccessControlList\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Insecure Storage",
-    "vuln_subcategory": "S3 Full Anonymous Access",
-    "predicate": "\n  FieldAccess fa: \n      field is [Field:\n   name == \"PublicReadWrite\"\n   and enclosingClass.supers contains [Class:\n       name == \"com.amazonaws.services.s3.model.CannedAccessControlList\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Struts 2 Bad Practices",
-    "vuln_subcategory": "Dynamic Method Invocation",
-    "predicate": "\n  Function f: name == \"_FORTIFY_NON_EXISTENT_\" /* TEMPLATED */\n   and f.public and f.parameterTypes.length == 0 and f.supers.length == 0 and not f.constructor and not f.initializer and not f.destructor and not f.name matches \"<static>|execute|clinit\\^|init\\^\"\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Struts 2 Bad Practices",
-    "vuln_subcategory": "Session Map Tampering",
-    "predicate": "\n  Class action: directSupers contains [Class s: name == \"org.apache.struts2.interceptor.SessionAware\"]\n         and functions contains [Function setter: public and name == \"setSession\" ]*\n         and not (directSupers contains [Class p: name == \"com.opensymphony.xwork2.interceptor.ParameterNameAware\"])\n         and not (functions contains [Function f: name == \"acceptableParameterName\" ])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Struts 2 Bad Practices",
-    "vuln_subcategory": "Application Map Tampering",
-    "predicate": "\n  Class action: directSupers contains [Class s: name == \"org.apache.struts2.interceptor.ApplicationAware\"]\n         and functions contains [Function setter: public and name == \"setApplication\" ]*\n         and not (directSupers contains [Class p: name == \"com.opensymphony.xwork2.interceptor.ParameterNameAware\"])\n         and not (functions contains [Function f: name == \"acceptableParameterName\" ])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Struts 2 Bad Practices",
-    "vuln_subcategory": "Request Map Tampering",
-    "predicate": "\n  Class action: directSupers contains [Class s: name == \"org.apache.struts2.interceptor.RequestAware\"]\n         and functions contains [Function setter: public and name == \"setRequest\" ]*\n         and not (directSupers contains [Class p: name == \"com.opensymphony.xwork2.interceptor.ParameterNameAware\"])\n         and not (functions contains [Function f: name == \"acceptableParameterName\" ])\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Struts 2",
-    "vuln_subcategory": "Action Field Without Validator",
-    "predicate": "\n  // anything that passes validation. Always replaced entirely or removed.\n  Field f: name == \"_FORTIFY_NON_EXISTENT_\" /* TEMPLATED */\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Struts 2",
-    "vuln_subcategory": "Duplicate Validation Files",
-    "predicate": "\n  // anything that passes validation. Always replaced entirely or deleted;\n  Class duplicateActions: name == \"_FORTIFY_NON_EXISTENT_\"\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Struts 2",
-    "vuln_subcategory": "Unvalidated Action",
-    "predicate": "\n  Class actions: name == \"_FORTIFY_NON_EXISTENT_\" /* TEMPLATED */ \n      and not contains [Function f: f.name == \"validate\" and not f.enclosingClass is [Class cl: cl.name == \"com.opensymphony.xwork2.ActionSupport\"]]\n      "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "File Upload",
-    "predicate": "\n     Function: enclosingClass.supers contains\n     [\n  name == \"com.opensymphony.xwork2.ActionSupport\"\n     ]\n     and name matches \"set.*\"\n     and parameterTypes[0].name == \"java.io.File\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "File Upload",
-    "predicate": "\n     Function: enclosingClass.supers contains\n     [\n  name == \"com.opensymphony.xwork2.ActionSupport\"\n     ]\n     and name matches \"set.*\"\n     and parameterTypes[0].name == \"java.io.File\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "File Upload",
-    "predicate": "\n     Function: enclosingClass.supers contains\n     [\n  name == \"com.opensymphony.xwork2.ActionSupport\"\n     ]\n     and name matches \"set.*\"\n     and parameterTypes[0].name == \"java.io.File\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Code Quality",
-    "vuln_category": "Fortify Internal",
-    "vuln_subcategory": None,
-    "predicate": "\n   Function:\n      annotations contains [Annotation:\n   type.name startsWith \"org.apache.struts2.convention.annotation\"\n      ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Struts",
-    "vuln_subcategory": "Form Field Without Validator",
-    "predicate": "\n  // something that passes validation. Will always be removed or replaced entirely.\n  FieldAccess fa: name == \"_FORTIFY_NON_EXISTENT_\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "File Upload",
-    "predicate": "\n     Function: enclosingClass.supers contains\n     [\n  name == \"org.apache.struts.action.ActionForm\"\n     ]\n     and name matches \"set.*\"\n     and parameterTypes[0].name == \"org.apache.struts.upload.FormFile\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "File Upload",
-    "predicate": "\n     Function: enclosingClass.supers contains\n     [\n  name == \"org.apache.struts.action.ActionForm\"\n     ]\n     and name matches \"set.*\"\n     and parameterTypes[0].name == \"org.apache.struts.upload.FormFile\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "File Upload",
-    "predicate": "\n     Function: enclosingClass.supers contains\n     [\n  name == \"org.apache.struts.action.ActionForm\"\n     ]\n     and name matches \"set.*\"\n     and parameterTypes[0].name == \"org.apache.struts.upload.FormFile\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Mass Assignment",
-    "vuln_subcategory": "Sensitive Field Exposure",
-    "predicate": "\n  Field f: f.labels contains [String s: s == \"exposedActionFormField\"]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.function.name matches \"set(Long|Int|Double|Boolean)?Parameter\"\n      and fc.function.enclosingClass is [Class c:\n   c.supers contains [Class:\n       name == \"org.apache.http.params.HttpParams\"]\n   ]\n   and fc.arguments[0] is [FieldAccess fa:\n       fa.field is [Field f:\n    f.static\n    and\n        (\n     (\n         f.enclosingClass.name == \"org.apache.http.conn.params.ConnManagerPNames\"\n         and\n         (\n      f.name == \"MAX_TOTAL_CONNECTIONS\"\n      or f.name == \"TIMEOUT\"\n         )\n     )\n     or\n     (\n         f.enclosingClass.name == \"org.apache.http.params.CoreConnectionPNames\"\n         and\n         (\n      f.name == \"CONNECTION_TIMEOUT\"\n      or f.name == \"SO_TIMEOUT\"\n         )\n     )\n        )\n    ] ]\n    and fc.arguments[1].constantValue == \"0\"\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n     FunctionCall fc: function.enclosingClass.supers contains [Class: name == \"org.apache.commons.net.pop3.POP3Client\"]\n   and (function.constructor or function.name == \"init^\")\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: function.enclosingClass.supers contains [Class: name == \"org.apache.commons.net.imap.IMAPClient\"]\n   and (function.constructor or function.name == \"init^\")\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Mail Transmission",
-    "predicate": "\n      FunctionCall fc: function.enclosingClass.supers contains [Class: name == \"org.apache.commons.net.smtp.SMTPClient\"]\n   and (function.constructor or function.name == \"init^\")\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Dynamic Code Evaluation",
-    "vuln_subcategory": "Unsafe Deserialization",
-    "predicate": "\n  FunctionCall: function is [Function:\n      name matches \"clone|deserialize\"\n      and enclosingClass.supers contains [Class:\n   name == \"org.apache.commons.lang3.SerializationUtils\"\n   or name == \"org.apache.commons.lang.SerializationUtils\"\n      ]\n  ]\n     "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n      Function f: f.labels contains [String s: s == \"GWTEntryMethod\"]\n   and not f.constructor\n   and not f.name == \"init^\"\n   and not f.initializer\n   and not f.destructor\n  "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n      Function f: f.enclosingClass.supers contains [Class iface: interface and supers contains [Class: name == \"com.google.gwt.user.client.rpc.RemoteService\"]\n   and functions contains [Function f2: f2 in f.supers]\n      ]\n      and not f.enclosingClass.supers contains [Class XSRFiface: interface and supers contains [Class: name == \"com.google.gwt.user.client.rpc.XsrfProtectedService\"]\n   and functions contains [Function f3: f3 in f.supers]\n      ]\n      and not f.annotations contains [Annotation: type.name matches \"com\\.google\\.gwt\\.user\\.server\\.rpc\\.(No?)XsrfProtect\"]\n      and not f.supers contains [Function: annotations contains [Annotation: type.name matches \"com\\.google\\.gwt\\.user\\.server\\.rpc\\.(No)?XsrfProtect\"]]\n      and not f.enclosingClass.supers contains [Class annXSRFiface: interface and annotations contains [Annotation: type.name matches \"com\\.google\\.gwt\\.user\\.server\\.rpc\\.(No)?XsrfProtect\"]\n   and functions contains [Function f4: f4 in f.supers]\n      ]\n   "
-  },
-  {
-    "language": "java",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Unsafe JSNI",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall: function is [Function:\n      modifiers contains \"native\"\n      /* uses of native on GWT applications are JSNI, not JNI */\n      and \n      (\n   (\n       enclosingClass.supers contains [Class: name matches \"com\\.google\\.gwt\\..*\"]\n       /* but not directly in a GWT class */\n       and not enclosingClass.name matches \"com\\.google\\.gwt\\..*\"\n   )\n   or enclosingClass.functions contains [Function:\n       parameters contains [Variable:\n       type.definition.enclosingClass.supers contains [Class: name matches \"com\\.google\\.gwt\\..*\"]\n       ]\n       or contains [FunctionCall:\n       function.enclosingClass.supers contains [Class: name matches \"com\\.google\\.gwt\\..*\"]\n       ]\n   ]\n      )\n  ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Path Manipulation",
-    "vuln_subcategory": "Zip Entry Overwrite",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n   name == \"Extract\"\n   and possibleHeapPaths contains \"unzipper\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name == \"exec\"]\n      and environment is [FieldAccess:\n   instance.possibleTypes contains [Type:\n       name == \"ExecFunction\"\n   ]\n      ]\n      and arguments[0] is [Expression:\n   /* not a constant */\n   constantValue.None\n   /* is constant, and contains environment variables */\n   or constantValue matches \".*\\$.*|.*%.*%.*\"\n   /* is constant, and doesn't contain a full path */\n   or not (\n       constantValue matches \".+:(/|\\\\).*\"\n       or constantValue matches \"(/|\\\\).*\"\n   )\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name == \"exec\"]\n      and environment is [FieldAccess:\n   instance.possibleTypes contains [Type:\n       name == \"ExecFunction\"\n   ]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall call: possibleTargets contains [Function: name == \"Sequelize\"]\n      and not call.arguments[2].constantValue.None\n      and call.arguments[2].constantValue == \"\"\n      and call.arguments.length == 3\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall call: possibleTargets contains [Function: name == \"Sequelize\"]\n      and not call.arguments[2].constantValue.None\n      and not call.arguments[2].constantValue is [None:]\n      and not call.arguments[2].constantValue == \"\"\n      and call.arguments.length == 3\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall call: possibleTargets contains [Function: name == \"Sequelize\"]\n      and not call.arguments[2].constantValue.None\n      and call.arguments[2].constantValue is [None:]\n      and call.arguments.length == 3\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function: name == \"query\"\n   and (\n       enclosingClass.supers contains [Class: name == \"Sequelize\"]\n       or fc.instance.possibleTypes contains [Type: name == \"Sequelize\"]\n   )\n      ]\n      and arguments[0] is [Expression arg: arg.constantValue.None]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "React Bad Practices",
-    "vuln_subcategory": "Dangerously Set InnerHTML",
-    "predicate": "\n       FieldAccess fa: fa.enclosingStatement is [AssignmentStatement as: as.lhs is [FieldAccess: name == \"dangerouslySetInnerHTML\"] and as.rhs is [Expression ex:]]\n   and fa.name == \"dangerouslySetInnerHTML\"\n   /* double check fa is non-constant, valid value is object with _html key */\n   and fa.constantValue.None\n   /* double check fa is not function definition which is considered as closure in sca */\n   and not fa.isClosure\n   /* exclude javascript object by ensuring there are possibleTypes */\n   and fa.possibleTypes.length > 0\n  "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"writeHeapSnapshot\"\n   and namespace.name == \"v8\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Poor Logging Practice",
-    "vuln_subcategory": "Use of a System Output Stream",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name == \"write\"]\n      and instance is [FieldAccess:\n   name matches \"stdout|stderr\"\n   and instance is [VariableAccess: name == \"process\"]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Poor Logging Practice",
-    "vuln_subcategory": "Use of a System Output Stream",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: name == \"write\"\n      and f.possibleHeapPaths contains [String str: str matches \"process\\.(stdout|stderr)\"]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Poor Logging Practice",
-    "vuln_subcategory": "Use of a System Output Stream",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: name == \"write\"\n      and f.possibleHeapPaths contains [String str: str matches \"process\\.(stdout|stderr)\"]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f: \n   f.name == \"connect\"\n   and f.namespace.name == \"tls\"\n      ]\n      and fc.arguments contains [Expression e:\n   e.possibleTypes contains [Type: definition.fields contains\n   /* try to verify a settings object */\n       [Field: name matches \"host|port|socket|path|pfx|key|passphrase|cert|ca|ciphers|rejectUnauthorized|NPNProtocols|ALPNProtocols|servername|minDHSize\"]\n       and not definition.fields contains\n    [Field: name matches \"secureProtocol|minVersion\"]]\n   ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f: f.name == \"connect\"\n   and f.possibleHeapPaths contains [String str: str == \"tls\"]]\n      and fc.arguments contains [Expression e:\n   e.possibleTypes contains [Type: definition.fields contains\n   /* try to verify a settings object */\n       [Field: name matches \"host|port|socket|path|pfx|key|passphrase|cert|ca|ciphers|rejectUnauthorized|NPNProtocols|ALPNProtocols|servername|minDHSize\"]\n       and not definition.fields contains\n    [Field: name == \"secureProtocol\"]]\n   ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f: f.name == \"connect\"\n   and f.possibleHeapPaths contains [String str: str == \"tls\"]]\n      and fc.arguments contains [Expression e:\n   e.possibleTypes contains [Type: definition.fields contains\n   /* try to verify a settings object */\n       [Field: name matches \"host|port|socket|path|pfx|key|passphrase|cert|ca|ciphers|rejectUnauthorized|NPNProtocols|ALPNProtocols|servername|minDHSize\"]\n       and not definition.fields contains\n    [Field: name == \"secureProtocol\"]]\n   ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   f.name == \"createServer\"\n   and namespace.name matches \"tls|https\"\n      ]\n      and fc.arguments[0] is [Expression e:\n   e.possibleTypes contains [Type:\n       not definition.fields contains [Field: name matches \"secureProtocol|minVersion\"]\n   ]\n  ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n      f.name == \"createServer\"\n      and f.possibleHeapPaths contains [String str:\n   str matches \"tls|https\"]\n      ]\n      and fc.arguments[0] is [Expression e:\n   e.possibleTypes contains [Type:\n       not definition.fields contains [Field: name == \"secureProtocol\"]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n      f.name == \"createServer\"\n      and f.possibleHeapPaths contains [String str:\n   str matches \"tls|https\"]\n      ]\n      and fc.arguments[0] is [Expression e:\n   e.possibleTypes contains [Type:\n       not definition.fields contains [Field: name == \"secureProtocol\"]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  AssignmentStatement:\n      lhs is [FieldAccess:\n   name matches \"DEFAULT_(MIN|MAX)_VERSION\"\n   and (\n       field.namespace.name == \"tls\"\n       or field.enclosingClass.sourceLocation.filename == \"tls.d.ts\"\n   )\n      ]\n      and rhs.constantValue matches \"TLSv1(\\.1)?\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Weak SSL Protocol",
-    "predicate": "\n  AssignmentStatement: lhs is [FieldAccess: field.name matches \"DEFAULT_(MIN|MAX)_VERSION\"\n   and instance is [Expression:\n       possibleHeapPaths contains [String str: str == \"tls\"]\n   ]\n      ]\n      and rhs is [Expression: constantValue matches \"TLSv1(\\.1)?\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"connect|create(Connection|Server)|request|get\"\n   and namespace.name matches \"http|net\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      name matches \"connect|create(Connection|Server)|request|get\"\n      and f.possibleHeapPaths contains [String str:\n   str matches \"http|net\"]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      name matches \"connect|create(Connection|Server)|request|get\"\n      and f.possibleHeapPaths contains [String str:\n   str matches \"http|net\"]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: \n   f.name == \"createServer\"\n   and f.namespace.name matches \"tls|https\"\n      ]\n      and fc.arguments[0] is [Expression e: e.possibleTypes contains [Type:\n   definition is [Class:\n       (\n    fields contains [Field certRequest1: name == \"requestCert\"]\n    and not fields contains [Field rejectUnauthed1: name == \"rejectUnauthorized\"]\n       )\n       or\n       (\n    fields contains [Field rejectUnauthed2: name == \"rejectUnauthorized\"]\n    and not fields contains [Field certRequest2: name == \"requestCert\"]\n       )]]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: f.name == \"createServer\"\n   and f.possibleHeapPaths contains [String str: str matches \"tls|https\"]]\n      and fc.arguments[0] is [Expression e: e.possibleTypes contains [Type:\n   definition is [Class:\n       (\n    fields contains [Field certRequest1: name == \"requestCert\"]\n    and not fields contains [Field rejectUnauthed1: name == \"rejectUnauthorized\"]\n       )\n       or\n       (\n    fields contains [Field rejectUnauthed2: name == \"rejectUnauthorized\"]\n    and not fields contains [Field certRequest2: name == \"requestCert\"]\n       )]]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: f.name == \"createServer\"\n   and f.possibleHeapPaths contains [String str: str matches \"tls|https\"]]\n      and fc.arguments[0] is [Expression e: e.possibleTypes contains [Type:\n   definition is [Class:\n       (\n    fields contains [Field certRequest1: name == \"requestCert\"]\n    and not fields contains [Field rejectUnauthed1: name == \"rejectUnauthorized\"]\n       )\n       or\n       (\n    fields contains [Field rejectUnauthed2: name == \"rejectUnauthorized\"]\n    and not fields contains [Field certRequest2: name == \"requestCert\"]\n       )]]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   f.name == \"createSecurePair\"\n   and f.namespace.name == \"tls\"\n      ]\n      and fc.arguments.length > 3\n      /* only counts if isServer set to true */\n      and fc.arguments[1].constantValue == true\n      /* only counts if requestCert is set to true */\n      and fc.arguments[2].constantValue == true\n      /* rejectUnauthorized set to false */\n      and fc.arguments[3] is [Expression: constantValue == false]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      f.name == \"createSecurePair\"\n      and f.possibleHeapPaths contains [String str:\n   str == \"tls\"]\n      ]\n      and fc.arguments.length > 3\n      /* only counts if isServer set to true */\n      and fc.arguments[1].constantValue == true\n      /* only counts if requestCert is set to true */\n      and fc.arguments[2].constantValue == true\n      /* rejectUnauthorized set to false */\n      and fc.arguments[3] is [Expression: constantValue == false]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      f.name == \"createSecurePair\"\n      and f.possibleHeapPaths contains [String str:\n   str == \"tls\"]\n      ]\n      and fc.arguments.length > 3\n      /* only counts if isServer set to true */\n      and fc.arguments[1].constantValue == true\n      /* only counts if requestCert is set to true */\n      and fc.arguments[2].constantValue == true\n      /* rejectUnauthorized set to false */\n      and fc.arguments[3] is [Expression: constantValue == false]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   f.name == \"createSecurePair\"\n   and f.namespace.name == \"tls\"\n      ]\n      and (\n   (\n       /* args length 1 or 2. If options includs isServer, rejectUnauthorized and requestCert must both be present, or flawed */\n       fc.arguments.length < 3\n       and fc.arguments contains [Expression:\n    possibleTypes contains [Type:\n        definition is [Class:\n     fields contains [Field: name == \"isServer\"]\n     and (\n         (\n      fields contains [Field: name == \"requestCert\"]\n      and not fields contains [Field: name == \"rejectUnauthorized\"]\n         )\n         or\n         (\n      fields contains [Field: name == \"rejectUnauthorized\"]\n      and not fields contains [Field: name == \"requestCert\"]\n         )\n     )]\n    ]\n       ]\n   )\n   or\n   (\n       /* args length 3. If isServer set to true, rejectUnauthorized and requestCert must both be present, or flawed */\n       fc.arguments.length == 3\n       and fc.arguments[1].constantValue == true\n       and fc.arguments contains [Expression:\n    possibleTypes contains [Type:\n        definition is [Class:\n     (\n         fields contains [Field: name == \"requestCert\"]\n         and not fields contains [Field: name == \"rejectUnauthorized\"]\n     )\n     or\n     (\n         fields contains [Field: name == \"rejectUnauthorized\"]\n         and not fields contains [Field: name == \"requestCert\"]\n     )\n        ]\n    ]\n       ]\n   )\n   or\n   (\n       /* args length 4. If isServer and requestCert set to true, rejectUnauthorized must be present, or flawed */\n       fc.arguments.length == 4\n       and fc.arguments[1].constantValue == true\n       and fc.arguments[2].constantValue == true\n       and fc.arguments contains [Expression:\n    possibleTypes contains [Type:\n        definition is [Class:\n     not fields contains [Field : name == \"rejectUnauthorized\"]\n        ]\n    ]\n       ]\n   )\n      )\n\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      f.name == \"createSecurePair\"\n      and f.possibleHeapPaths contains [String str:\n   str == \"tls\"]\n      ]\n\n      and (\n   (\n       /* args length 1 or 2. If options includs isServer, rejectUnauthorized and requestCert must both be present, or flawed */\n       fc.arguments.length < 3\n       and fc.arguments contains [Expression:\n    possibleTypes contains [Type:\n        definition is [Class:\n     fields contains [Field: name == \"isServer\"]\n     and (\n         (\n      fields contains [Field: name == \"requestCert\"]\n      and not fields contains [Field: name == \"rejectUnauthorized\"]\n         )\n         or\n         (\n      fields contains [Field: name == \"rejectUnauthorized\"]\n      and not fields contains [Field: name == \"requestCert\"]\n         )\n     )]\n    ]\n       ]\n   )\n   or\n   (\n       /* args length 3. If isServer set to true, rejectUnauthorized and requestCert must both be present, or flawed */\n       fc.arguments.length == 3\n       and fc.arguments[1].constantValue == true\n       and fc.arguments contains [Expression:\n    possibleTypes contains [Type:\n        definition is [Class:\n     (\n         fields contains [Field: name == \"requestCert\"]\n         and not fields contains [Field: name == \"rejectUnauthorized\"]\n     )\n     or\n     (\n         fields contains [Field: name == \"rejectUnauthorized\"]\n         and not fields contains [Field: name == \"requestCert\"]\n     )\n        ]\n    ]\n       ]\n   )\n   or\n   (\n       /* args length 4. If isServer and requestCert set to true, rejectUnauthorized must be present, or flawed */\n       fc.arguments.length == 4\n       and fc.arguments[1].constantValue == true\n       and fc.arguments[2].constantValue == true\n       and fc.arguments contains [Expression:\n    possibleTypes contains [Type:\n        definition is [Class:\n     not fields contains [Field : name == \"rejectUnauthorized\"]\n        ]\n    ]\n       ]\n   )\n      )\n\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      f.name == \"createSecurePair\"\n      and f.possibleHeapPaths contains [String str:\n   str == \"tls\"]\n      ]\n\n      and (\n   (\n       /* args length 1 or 2. If options includs isServer, rejectUnauthorized and requestCert must both be present, or flawed */\n       fc.arguments.length < 3\n       and fc.arguments contains [Expression:\n    possibleTypes contains [Type:\n        definition is [Class:\n     fields contains [Field: name == \"isServer\"]\n     and (\n         (\n      fields contains [Field: name == \"requestCert\"]\n      and not fields contains [Field: name == \"rejectUnauthorized\"]\n         )\n         or\n         (\n      fields contains [Field: name == \"rejectUnauthorized\"]\n      and not fields contains [Field: name == \"requestCert\"]\n         )\n     )]\n    ]\n       ]\n   )\n   or\n   (\n       /* args length 3. If isServer set to true, rejectUnauthorized and requestCert must both be present, or flawed */\n       fc.arguments.length == 3\n       and fc.arguments[1].constantValue == true\n       and fc.arguments contains [Expression:\n    possibleTypes contains [Type:\n        definition is [Class:\n     (\n         fields contains [Field: name == \"requestCert\"]\n         and not fields contains [Field: name == \"rejectUnauthorized\"]\n     )\n     or\n     (\n         fields contains [Field: name == \"rejectUnauthorized\"]\n         and not fields contains [Field: name == \"requestCert\"]\n     )\n        ]\n    ]\n       ]\n   )\n   or\n   (\n       /* args length 4. If isServer and requestCert set to true, rejectUnauthorized must be present, or flawed */\n       fc.arguments.length == 4\n       and fc.arguments[1].constantValue == true\n       and fc.arguments[2].constantValue == true\n       and fc.arguments contains [Expression:\n    possibleTypes contains [Type:\n        definition is [Class:\n     not fields contains [Field : name == \"rejectUnauthorized\"]\n        ]\n    ]\n       ]\n   )\n      )\n\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function f: f.name matches \"renegotiate|TLSSocket\"]\n      and fc.arguments contains [Expression options:\n   options.possibleTypes contains [Type:\n       definition is [Class:\n    (\n        fields contains [Field: name == \"requestCert\"]\n        and not fields contains [Field: name == \"rejectUnauthorized\"]\n    )\n    or (\n        fields contains [Field: name == \"rejectUnauthorized\"]\n        and not fields contains [Field: name == \"requestCert\"]\n    )\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure SSL",
-    "vuln_subcategory": "Server Identity Verification Disabled",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      f.name matches \"renegotiate|TLSSocket\"]\n      and fc.arguments.length == 2\n      and fc.arguments[1] is [Expression e:\n   e.possibleTypes contains [Type:\n       definition is [Class:\n    ( fields contains [Field certRequest1:\n        name == \"requestCert\"]\n        and not fields contains [Field rejectUnauthed1:\n     name == \"rejectUnauthorized\"] )\n     or ( fields contains [Field rejectUnauthed2:\n         name == \"rejectUnauthorized\"]\n         and not fields contains [Field certRequest2:\n      name == \"requestCert\"] )]\n      ]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"l?statSync\"\n      ]\n      and (\n   instance.possibleTypes contains [Type:\n       definition is [Class:\n    name == \"StatSyncFn\"\n    and namespace.name == \"fs\"\n       ]\n   ]\n   or environment is [FieldAccess:\n       instance.possibleTypes contains [Type:\n    definition is [Class:\n        name == \"StatSyncFn\"\n        and namespace.name == \"fs\"\n    ]\n       ]\n   ]\n      )\n      and enclosingFunction is [Function: name == \"~file_function\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name matches \"(access|appendFile|close|copyFile|cp|exists|link|mkdir|mkdtemp|open|opendir|read|readdir|readFile|readlink|readv|realpath|rename|rm|rmdir|statfs|symlink|unlink|write|writeFile|writev)Sync\"\n   and f.namespace.name == \"fs\"\n      ]\n      and fc.enclosingFunction is [Function: name == \"~file_function\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f: name matches \"(rename|link|symlink|readlink|realpath|unlink|rmdir|mkdir|readdir|close|open|fsync|write|read|readFile|writeFile|appendFile|exists|access)Sync\"\n      and f.possibleHeapPaths contains [String str: str == \"fs\"]]\n      and fc.enclosingFunction is [Function: name == \"~file_function\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f: name matches \"(rename|link|symlink|readlink|realpath|unlink|rmdir|mkdir|readdir|close|open|fsync|write|read|readFile|writeFile|appendFile|exists|access)Sync\"\n      and f.possibleHeapPaths contains [String str: str == \"fs\"]]\n      and fc.enclosingFunction is [Function: name == \"~file_function\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n   name matches \"(f|l)?(chmod|chown|datasync|stat|sync|truncate|utimes)Sync\"\n   and not name matches \"l?statSync\"\n   and f.namespace.name == \"fs\"\n      ]\n      and fc.enclosingFunction is [Function: name == \"~file_function\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n      name matches \"(f|l)?(truncate|chown|chmod|stat|utimes)Sync\"\n      and f.possibleHeapPaths contains [String str:\n   str == \"fs\"]\n      ]\n      and fc.enclosingFunction is [Function: name == \"~file_function\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Denial of Service",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function f:\n      name matches \"(f|l)?(truncate|chown|chmod|stat|utimes)Sync\"\n      and f.possibleHeapPaths contains [String str:\n   str == \"fs\"]\n      ]\n      and fc.enclosingFunction is [Function: name == \"~file_function\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name == \"unwrapKey\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[1] is [Expression:\n   constantValue == \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name == \"unwrapKey\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[1] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and constantValue != \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Stream Cipher",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name matches \"(un)?wrapKey\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[3] is [Expression:\n   constantValues contains [String: matches \"(?i).*\\bCTR\\b.*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name matches \"(un)?wrapKey\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[3] is [Expression:\n   constantValues contains [String: matches \"(?i).*\\bCBC\\b.*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name matches \"(un)?wrapKey\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[3] is [Expression:\n   constantValues contains [String: matches \"(?i).*\\bECB\\b.*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name matches \"(un)?wrapKey\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[3] is [Expression:\n   constantValues contains [String: matches \"(?i)(des|3des|triple[-_]?des|tdea|rc2|rc4).*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Stream Cipher",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name matches \"encrypt|generateKey\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[0] is [Expression:\n   constantValues contains [String: matches \"(?i).*\\bCTR\\b.*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name matches \"encrypt|generateKey\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[0] is [Expression:\n   constantValues contains [String: matches \"(?i).*\\bCBC\\b.*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name matches \"encrypt|generateKey\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[0] is [Expression:\n   constantValues contains [String: matches \"(?i).*\\bECB\\b.*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function: name matches \"encrypt|generateKey\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[0] is [Expression:\n   constantValues contains [String: matches \"(?i)(des|3des|triple[-_]?des|tdea|rc2|rc4).*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function: name == \"digest\"]\n      and possibleHeapPaths contains [String: matches \"(?i)(crypto(\\.webcrypto)?\\.)?subtle\"]\n      and arguments[0] is [Expression alg:\n   constantValues contains [String: matches \"(?i).*\\b(RIPEMD|RMD160|MD[245]|SHA[-_]?1).*\"]\n   or (\n       enclosingFunction contains [AssignmentStatement:\n    lhs is [FieldAccess:\n        name == \"name\"\n        and instance is alg\n        and sourceLocation.startLine <= fc.sourceLocation.startLine\n    ]\n    and rhs.constantValues contains [String:\n        matches \"(?i).*\\b(RIPEMD|RMD160|MD[245]|SHA[-_]?1).*\"\n    ]\n       ]*\n   )\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n      name == \"checkPrivateKey\"\n   and (\n       enclosingClass.supers contains [Class:\n    name == \"X509Certificate\" and namespace.name == \"crypto\"\n       ]\n       or fc.instance.possibleTypes contains [Type:\n    definition.supers contains [Class:\n        name == \"X509Certificate\" and namespace.name == \"crypto\"\n    ]\n       ]\n   )\n      ]\n      and arguments[0] is [Expression:\n   constantValue == \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n   name == \"checkPrivateKey\"\n   and (\n       enclosingClass.supers contains [Class:\n    name == \"X509Certificate\" and namespace.name == \"crypto\"\n       ]\n       or fc.instance.possibleTypes contains [Type:\n    definition.supers contains [Class:\n        name == \"X509Certificate\" and namespace.name == \"crypto\"\n    ]\n       ]\n   )\n      ]\n      and arguments[0] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and constantValue != \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n   name == \"sign\"\n   and (\n       enclosingClass.supers contains [Class:\n    name == \"Sign\" and namespace.name == \"crypto\"\n       ]\n       or fc.instance.possibleTypes contains [Type:\n    definition.supers contains [Class:\n        name == \"Sign\" and namespace.name == \"crypto\"\n    ]\n       ]\n   )\n      ]\n      and arguments[0] is [Expression:\n   constantValue == \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n   name == \"sign\"\n   and (\n       enclosingClass.supers contains [Class:\n    name == \"Sign\" and namespace.name == \"crypto\"\n       ]\n       or fc.instance.possibleTypes contains [Type:\n    definition.supers contains [Class:\n        name == \"Sign\" and namespace.name == \"crypto\"\n    ]\n       ]\n   )\n      ]\n      and arguments[0] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and constantValue != \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Insufficient Diffie Hellman Strength",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"createDiffieHellmanGroup|getDiffieHellman\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression group:\n   constantValues contains [String: matches \"modp[125]\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": "Insufficient Diffie Hellman Strength",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"createDiffieHellman\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression length:\n   constantValues contains [Number: < 2048]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"sign|verify\"\n   and enclosingClass.None\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[2] is [Expression: constantValue == \"\"]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"sign|verify\"\n   and enclosingClass.None\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[2] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and constantValue != \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"(private|public)(En|De)crypt\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression: constantValue == \"\"]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"(private|public)(En|De)crypt\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and constantValue != \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Insecure PBE Iteration Count",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"pbkdf2(Sync)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[2].constantValue is [Number: >=1000 and <100000]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Insecure PBE Iteration Count",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"pbkdf2(Sync)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[2].constantValue is [Number: <1000]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Predictable Salt",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"(pbkdf2|scrypt)(Sync)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and (\n   (\n       arguments[0].constantValue.None\n       and arguments[0] == arguments[1]\n   ) or (\n       not arguments[0].constantValue.None\n       and arguments[0].constantValue == arguments[1].constantValue\n   )\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Empty PBE Salt",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"(pbkdf2|scrypt)(Sync)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[1] is [Expression: constantValue == \"\"]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": "Hardcoded PBE Salt",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"(pbkdf2|scrypt)(Sync)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[1] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and constantValue != \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty PBE Password",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"(pbkdf2|scrypt)(Sync)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression: constantValue == \"\"]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded PBE Password",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"(pbkdf2|scrypt)(Sync)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and constantValue != \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n   name matches \"hkdf(Sync)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments contains [Expression arg:\n   (arg is fc.arguments[1] or arg is fc.arguments[3])\n   and arg.constantValue == \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n   name matches \"hkdf(Sync)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments contains [Expression arg:\n   (arg is fc.arguments[1] or arg is fc.arguments[3])\n   and not arg.constantValue.None\n   and not arg.constantValue is [None:]\n   and arg.constantValue != \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"create(Private|Secret)Key\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression: constantValue == \"\"]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"create(Private|Secret)Key\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and constantValue != \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty HMAC Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"createHmac\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[1] is [Expression: constantValue == \"\"]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded HMAC Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"createHmac\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[1] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and constantValue != \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"create(Hash|Hmac|Sign|Verify)|sign|verify\"\n      ]\n      and arguments[0] is [Expression:\n   constantValues contains [String: matches \"(?i).*\\b(RIPEMD|RMD160|MD[245]|SHA[-_]?1).*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Cryptographic Hash",
-    "vuln_subcategory": None,
-    "predicate": "\n     FunctionCall: possibleTargets contains [Function: name == \"createHash\"] and\n  arguments[0].constantValues contains [String: matches \"(?i).*(MD2|MD4|MD5).*|.*SHA((-)?1(WithRSAEncryption)?)?$\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"create(Cipher|Decipher)(iv)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[1] is [Expression: constantValue == \"\"]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"create(Cipher|Decipher)(iv)?\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[1] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n   and not constantValue == \"\"\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Initialization Vector",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"createCipheriv\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[2] is [Expression:\n   not constantValue.None\n   and not constantValue is [None:]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Stream Cipher",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"createCipheriv\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression:\n   constantValues contains [String: matches \"(?i).*\\bCTR\\b.*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"createCipheriv\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression:\n   constantValues contains [String: matches \"(?i).*\\bCBC\\b.*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": "Insecure Mode of Operation",
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"createCipheriv\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression:\n   constantValues contains [String: matches \"(?i).*\\bECB\\b.*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"createCipheriv\"\n   and namespace.name == \"crypto\"\n      ]\n      and arguments[0] is [Expression:\n   constantValues contains [String: matches \"(?i)(des|3des|triple[-_]?des|tdea|rc2|rc4).*\"]\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Weak Encryption",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"createCipher\"\n   and namespace.name == \"crypto\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f:\n   f.name matches \"(exec(File)?|spawn)(Sync)?\"\n   and f.namespace.name == \"child_process\"\n      ]\n      and call.arguments[0] is [Expression e:\n   /* not a constant */\n   (constantValue.None or\n       /* constant that uses environment variable */\n       constantValue matches \"(?i).*\\$.*|.*%.*%.*\"  or\n    /* not hardcoded full path */\n    (not constantValue.None and not\n        (\n        constantValue matches \"(?i)^.+:(/|\\\\).*\" or\n        constantValue matches \"(?i)^(/|\\\\).*\"\n        )\n    )\n   )\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f:\n      f.name matches \"(exec(File)?|spawn)(Sync)?\"\n      and f.possibleHeapPaths contains [String str:\n   str == \"child_process\"]\n      ]\n      and not call.instance is [Expression:\n   possibleTypes contains [Type: name matches \"(X)?RegExp\"]\n   // or looks like a RegExp literal\n   or constantValue matches \"^/.*/(d|g|i|m|s|u|y)*$\"\n      ]\n      and call.arguments[0] is [Expression e:\n   /* not a constant */\n   (constantValue.None or\n       /* constant that uses environment variable */\n       constantValue matches \"(?i).*\\$.*|.*%.*%.*\"  or\n    /* not hardcoded full path */\n    (not constantValue.None and not\n        (\n        constantValue matches \"(?i)^.+:(/|\\\\).*\" or\n        constantValue matches \"(?i)^(/|\\\\).*\"\n        )\n    )\n   )\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f:\n      f.name matches \"(exec(File)?|spawn)(Sync)?\"\n      and f.possibleHeapPaths contains [String str:\n   str == \"child_process\"]\n      ]\n      and not call.instance is [Expression:\n   possibleTypes contains [Type: name matches \"(X)?RegExp\"]\n   // or looks like a RegExp literal\n   or constantValue matches \"^/.*/(d|g|i|m|s|u|y)*$\"\n      ]\n      and call.arguments[0] is [Expression e:\n   /* not a constant */\n   (constantValue.None or\n       /* constant that uses environment variable */\n       constantValue matches \"(?i).*\\$.*|.*%.*%.*\"  or\n    /* not hardcoded full path */\n    (not constantValue.None and not\n        (\n        constantValue matches \"(?i)^.+:(/|\\\\).*\" or\n        constantValue matches \"(?i)^(/|\\\\).*\"\n        )\n    )\n   )\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f:\n   f.name matches \"(exec(File)?|spawn)(Sync)?\"\n   and f.namespace.name == \"child_process\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f:\n      f.name matches \"(exec(File)?|spawn)(Sync)?\"\n      and f.possibleHeapPaths contains [String str:\n   str == \"child_process\"]\n      ]\n      and not call.instance is [Expression:\n   possibleTypes contains [Type: name matches \"(X)?RegExp\"]\n   // or looks like a RegExp literal\n   or constantValue matches \"^/.*/(d|g|i|m|s|u|y)*$\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f:\n      f.name matches \"(exec(File)?|spawn)(Sync)?\"\n      and f.possibleHeapPaths contains [String str:\n   str == \"child_process\"]\n      ]\n      and not call.instance is [Expression:\n   possibleTypes contains [Type: name matches \"(X)?RegExp\"]\n   // or looks like a RegExp literal\n   or constantValue matches \"^/.*/(d|g|i|m|s|u|y)*$\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": None,
-    "predicate": "\n  /* find a lambda that calls a function that assigns a value to a field */\n  FunctionCall fc: fc.possibleTargets contains [Function: (\n   (\n       name matches \"send|bind|createSocket|createServer|get|request|addListener|once|resolve(4|6|Cname|Mx|Ns|Soa|Srv|Txt)?|lookup(Service)?|reverse|exec(File)?\"\n       and possibleHeapPaths contains [String str: str matches \"dgram(\\.Socket)?|http(s)?|net|tls|dns|child_process\"]\n   )\n   or\n   (\n       name == \"on\"\n       and not possibleHeapPaths contains [String str2: str2 matches \"HTML[A-z]*Element.*|(\\$)?window|(\\$)?document\"]\n       and not fc.instance is [FunctionCall:\n    possibleTargets contains [Function: name matches \"jQuery|\\$\" or\n     (name == \"constructor\" and possibleHeapPaths contains [String: matches \"(jQuery|\\$)\\.(prototype|fn)\"])\n     /* account for jQuery selector filters */\n     or name matches \"eq|filter|first|has|is|last|map|not|slice|children|closest|find|((next|prev)(All|Until)?)|offsetParent|parent|parents|parentsUntil|siblings|add|addBack|andSelf|end|not|contents|each\"\n    ]\n       ]\n       and not fc.instance.possibleHeapPaths contains \"angular.element\"\n       and fc.arguments.length == 2\n   )\n      )]\n      and fc.arguments contains [Expression e:\n   possibleFunctionTargets contains [Function: contains [FunctionCall: function is [Function lambda:\n       /* lambda isn't recursive */\n       not lambda contains [FunctionCall recursiveFC: recursiveFC == fc or recursiveFC.function contains [FunctionCall: == fc]]\n       and lambda contains [Location loc: loc.type.arrayDimensions == 0\n    and loc in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === loc.transitiveBase]]\n    /* isn't ~parent field that seems to be specified around lambdas */\n    and not loc.sourceLocation.None\n    /* isn't length field in NST */\n    and loc.name != \"length\"\n    /* isn't 'this' */\n    and loc.name != \"this\"\n    and not loc.name startsWith \"~\"\n    and fc.enclosingFunction contains [Location loc2: loc2.type.arrayDimensions == 0\n        and loc2.name == loc.name\n        /* the underlying declaration is the same i.e. the field being accessed is the same field */\n        and (\n     loc2 is [FieldAccess fa2: loc is [FieldAccess fa:\n         not fa2.field.sourceLocation.None\n         and not fa.field.sourceLocation.None\n         and fa2.field.sourceLocation.startLine == fa.field.sourceLocation.startLine\n         and fa.field is [Field:\n      /* do not match against the lambda generated fields */\n      name != \"~environment\"\n      and name != \"~method\"\n      and name != \"prototype\"\n         ]*\n     ]]\n     or loc2 is [VariableAccess va2: loc is [VariableAccess va:\n         not va2.variable.sourceLocation.None\n         and not va.variable.sourceLocation.None\n         and va2.variable.sourceLocation.startLine == va.variable.sourceLocation.startLine\n         and not va.this\n         and not va2.this\n         and va.variable is [Variable: not isTemp ]*\n     ]]\n        )\n        /* FieldAccess outside of lambda that isn't another assignment */\n        and not loc2 in [AssignmentStatement: lhs.location is [Location: transitiveBase === loc2.transitiveBase]]\n        and not loc2.sourceLocation.None\n        and not fc.sourceLocation.None\n        and loc2.sourceLocation.startLine > fc.sourceLocation.startLine\n    ]*\n\n       ]*\n   ]]*]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": None,
-    "predicate": "\n  /* find a lambda that calls a function that assigns a value to a field */\n  FunctionCall fc: fc.possibleTargets contains [Function: (\n   (\n       name matches \"send|bind|createSocket|createServer|get|request|addListener|once|resolve(4|6|Cname|Mx|Ns|Soa|Srv|Txt)?|lookup(Service)?|reverse|exec(File)?\"\n       and possibleHeapPaths contains [String str: str matches \"dgram(\\.Socket)?|http(s)?|net|tls|dns|child_process\"]\n   )\n   or\n   (\n       name == \"on\"\n       and not possibleHeapPaths contains [String str2: str2 matches \"HTML[A-z]*Element.*|(\\$)?window|(\\$)?document\"]\n       and not fc.instance is [FunctionCall:\n    possibleTargets contains [Function: name matches \"jQuery|\\$\" or\n     (name == \"constructor\" and possibleHeapPaths contains [String: matches \"(jQuery|\\$)\\.(prototype|fn)\"])\n     /* account for jQuery selector filters */\n     or name matches \"eq|filter|first|has|is|last|map|not|slice|children|closest|find|((next|prev)(All|Until)?)|offsetParent|parent|parents|parentsUntil|siblings|add|addBack|andSelf|end|not|contents|each\"\n    ]\n       ]\n       and not fc.instance.possibleHeapPaths contains \"angular.element\"\n       and fc.arguments.length == 2\n   )\n      )]\n      and fc.arguments contains [Expression e:\n      possibleFunctionTargets contains [Function: contains [FunctionCall: function is [Function lambda:\n   /* lambda isn't recursive */\n   not lambda contains [FunctionCall recursiveFC: recursiveFC == fc or recursiveFC.function contains [FunctionCall: == fc]]\n   and lambda contains [FieldAccess fa: fa.type.arrayDimensions == 0\n       and fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]]\n    /* isn't ~parent field that seems to be specified around lambdas */\n    and fa.field is [Field f:\n        not fa.sourceLocation.None\n        and not f.sourceLocation.None\n        and fa.sourceLocation.startLine != f.sourceLocation.startLine\n        /* isn't length field in NST */\n        and f.name != \"length\"\n        and fc.enclosingFunction contains [FieldAccess fa2: fa2.type.arrayDimensions == 0\n     and fa2.field is f\n     /* FieldAccess outside of lambda that isn't another assignment */\n     and not fa2 in [AssignmentStatement: lhs.location is [Location: transitiveBase === fa2.transitiveBase]]\n     and not fa2.sourceLocation.None\n     and not fc.sourceLocation.None\n     and fa2.sourceLocation.startLine > fc.sourceLocation.startLine\n        ]*\n    ]\n   ]*\n      ]]*]\n  ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": None,
-    "predicate": "\n  /* find a lambda that calls a function that assigns a value to a field */\n  FunctionCall fc: fc.possibleTargets contains [Function:\n   (\n       name matches \"send|bind|createSocket|createServer|get|request|addListener|once|resolve(4|6|Cname|Mx|Ns|Soa|Srv|Txt)?|lookup(Service)?|reverse|exec(File)?\"\n       and possibleHeapPaths contains [String str: str matches \"dgram(\\.Socket)?|http(s)?|net|tls|dns|child_process\"]\n   )\n   or\n   (\n       name == \"on\"\n       and not possibleHeapPaths contains [String str2: str2 matches \"HTML[A-z]*Element.*|(\\$)?window|(\\$)?document\"]\n       and not fc.instance is [FunctionCall:\n    possibleTargets contains [Function: name matches \"jQuery|\\$\" or\n     (name == \"constructor\" and possibleHeapPaths contains [String: matches \"(jQuery|\\$)\\.(prototype|fn)\"])\n     /* account for jQuery selector filters */\n     or name matches \"eq|filter|first|has|is|last|map|not|slice|children|closest|find|((next|prev)(All|Until)?)|offsetParent|parent|parents|parentsUntil|siblings|add|addBack|andSelf|end|not|contents|each\"\n    ]\n       ]\n       and not fc.instance.possibleHeapPaths contains \"angular.element\"\n       and fc.arguments.length == 2\n   )\n      ]\n      and fc.arguments contains [Expression e:\n   possibleFunctionTargets contains [Function: contains [FunctionCall: function is [Function lambda:\n       /* lambda isn't recursive */\n       not lambda contains [FunctionCall recursiveFC: recursiveFC == fc or recursiveFC.function contains [FunctionCall: == fc]]\n       and lambda contains [Location loc: loc.type.arrayDimensions == 0\n    and loc in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === loc.transitiveBase]]\n    /* isn't ~parent field that seems to be specified around lambdas */\n    and not loc.sourceLocation.None\n    /* isn't length field in NST */\n    and loc.name != \"length\"\n    /* isn't 'this' */\n    and loc.name != \"this\"\n    /* a separate function is called that reads the field */\n    and fc.enclosingFunction contains [FunctionCall fc2: function is [Function func:\n        /* function isn't recursive with original function */\n        not func contains [FunctionCall recursiveFC2: recursiveFC2 == fc or recursiveFC2.function contains [FunctionCall: == fc]]\n        /* the function called isn't called via a lambda */\n        and not fc.enclosingFunction contains [FunctionCall: arguments contains [Expression: possibleFunctionTargets contains func]]\n        and contains [Location loc2: loc2.type.arrayDimensions == 0\n     and loc2.name == loc.name\n     /* the underlying declaration is the same i.e. the field being accessed is the same field */\n     and (\n         loc2 is [FieldAccess fa2: loc is [FieldAccess fa:\n      not fa2.field.sourceLocation.None\n      and not fa.field.sourceLocation.None\n      and fa2.field.sourceLocation.startLine == fa.field.sourceLocation.startLine\n      and fa.field is [Field:\n          /* do not match against the lambda generated fields */\n          name != \"~environment\"\n          and name != \"~method\"\n          and name != \"prototype\"\n      ]*\n         ]]\n         or loc2 is [VariableAccess va2: loc is [VariableAccess va:\n      not va2.variable.sourceLocation.None\n      and not va.variable.sourceLocation.None\n      and va2.variable.sourceLocation.startLine == va.variable.sourceLocation.startLine\n      and not va.this\n      and not va2.this\n      and va.variable is [Variable: not isTemp ]*\n         ]]\n     )\n     /* not another assignment to the field */\n     and not loc2 in [AssignmentStatement: lhs.location is [Location: transitiveBase === loc2.transitiveBase]]\n     /* second function call (which includes FieldAccess read) occurs after first function calls lambda (which contains a function call with a FieldAccess write) */\n     and not fc2.sourceLocation.None\n     and not fc.sourceLocation.None\n     and fc2.sourceLocation.startLine > fc.sourceLocation.startLine\n        ]*\n    ]]*\n       ]*\n   ]]*]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": None,
-    "predicate": "\n  /* find a lambda that calls a function that assigns a value to a field */\n  FunctionCall fc: fc.possibleTargets contains [Function: (\n   (\n       name matches \"send|bind|createSocket|createServer|get|request|addListener|once|resolve(4|6|Cname|Mx|Ns|Soa|Srv|Txt)?|lookup(Service)?|reverse|exec(File)?\"\n       and possibleHeapPaths contains [String str: str matches \"dgram(\\.Socket)?|http(s)?|net|tls|dns|child_process\"]\n   )\n   or\n   (\n       name == \"on\"\n       and not possibleHeapPaths contains [String str2: str2 matches \"HTML[A-z]*Element.*|(\\$)?window|(\\$)?document\"]\n       and not fc.instance is [FunctionCall:\n    possibleTargets contains [Function: name matches \"jQuery|\\$\" or\n     (name == \"constructor\" and possibleHeapPaths contains [String: matches \"(jQuery|\\$)\\.(prototype|fn)\"])\n     /* account for jQuery selector filters */\n     or name matches \"eq|filter|first|has|is|last|map|not|slice|children|closest|find|((next|prev)(All|Until)?)|offsetParent|parent|parents|parentsUntil|siblings|add|addBack|andSelf|end|not|contents|each\"\n    ]\n       ]\n       and not fc.instance.possibleHeapPaths contains \"angular.element\"\n       and fc.arguments.length == 2\n   )\n      )]\n      and fc.arguments contains [Expression e:\n      possibleFunctionTargets contains [Function: contains [FunctionCall: function is [Function lambda:\n   /* lambda isn't recursive */\n   not lambda contains [FunctionCall recursiveFC: recursiveFC == fc or recursiveFC.function contains [FunctionCall: == fc]]\n   and lambda contains [FieldAccess fa: fa.type.arrayDimensions == 0\n       and fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]]\n    /* isn't ~parent field that seems to be specified around lambdas */\n    and fa.field is [Field f:\n        not fa.sourceLocation.None\n        and not f.sourceLocation.None\n        and fa.sourceLocation.startLine != f.sourceLocation.startLine\n        /* isn't length field in NST */\n        and f.name != \"length\"\n        /* a separate function is called that reads the field */\n        and fc.enclosingFunction contains [FunctionCall fc2: function is [Function func:\n     /* function isn't recursive with original function */\n     not func contains [FunctionCall recursiveFC2: recursiveFC2 == fc or recursiveFC2.function contains [FunctionCall: == fc]]\n     /* the function called isn't called via a lambda */\n     and not fc.enclosingFunction contains [FunctionCall: arguments contains [Expression: possibleFunctionTargets contains func]]\n     and contains [FieldAccess fa2: fa2.type.arrayDimensions == 0\n     and fa2.field is f\n     /* not another assignment to the field */\n     and not fa2 in [AssignmentStatement: lhs.location is [Location: transitiveBase === fa2.transitiveBase]]\n     /* second function call (which includes FieldAccess read) occurs after first function calls lambda (which contains a function call with a FieldAccess write) */\n     and not fc2.sourceLocation.None\n     and not fc.sourceLocation.None\n     and fc2.sourceLocation.startLine > fc.sourceLocation.startLine\n        ]*]]*\n    ]\n   ]*\n      ]]*]\n  ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": None,
-    "predicate": "\n     /* find a lambda that assigns a value to a field */\n     FunctionCall fc: fc.possibleTargets contains [Function:\n  (\n      name matches \"send|bind|createSocket|createServer|get|request|addListener|once|resolve(4|6|Cname|Mx|Ns|Soa|Srv|Txt)?|lookup(Service)?|reverse|exec(File)?\"\n      and possibleHeapPaths contains [String str: str matches \"dgram(\\.Socket)?|http(s)?|net|tls|dns|child_process\"]\n  )\n  or\n  (\n      name == \"on\"\n      and not possibleHeapPaths contains [String str2: str2 matches \"HTML[A-z]*Element.*|(\\$)?window|(\\$)?document\"]\n      and not fc.instance is [FunctionCall:\n   possibleTargets contains [Function: name matches \"jQuery|\\$\" or\n       (\n    name == \"constructor\" and possibleHeapPaths contains [String: matches \"(jQuery|\\$)\\.(prototype|fn)\"]\n       )\n       /* account for jQuery selector filters */\n       or name matches \"eq|filter|first|has|is|last|map|not|slice|children|closest|find|((next|prev)(All|Until)?)|offsetParent|parent|parents|parentsUntil|siblings|add|addBack|andSelf|end|not|contents|each\"\n   ]\n      ]\n      and not fc.instance.possibleHeapPaths contains \"angular.element\"\n      and fc.arguments.length == 2\n  )\n     ]\n     and fc.arguments contains [Expression e: possibleFunctionTargets contains [Function lambda:\n      /* lambda isn't recursive */\n      not lambda contains [FunctionCall recursiveFC: recursiveFC == fc or recursiveFC.function contains [FunctionCall: == fc]]\n      and lambda contains [Location loc: type.arrayDimensions == 0\n   and loc in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === loc.transitiveBase]]\n   /* isn't ~parent field that seems to be specified around lambdas */\n   and not loc.sourceLocation.None\n   /* isn't length field in NST */\n   and loc.name != \"length\"\n   /* isn't 'this' */\n   and loc.name != \"this\"\n   and fc.enclosingFunction contains [Location loc2: loc2.type.arrayDimensions == 0\n       and loc2.name == loc.name\n       /* the underlying declaration is the same i.e. the field being accessed is the same field */\n       and (\n    loc2 is [FieldAccess fa2: loc is [FieldAccess fa:\n        not fa2.field.sourceLocation.None\n        and not fa.field.sourceLocation.None\n        and fa2.field.sourceLocation.startLine == fa.field.sourceLocation.startLine\n        and fa.field is [Field:\n     /* do not match against the lambda generated fields */\n     name != \"~environment\"\n     and name != \"~method\"\n     and name != \"prototype\"\n        ]*\n    ]]\n    or loc2 is [VariableAccess va2: loc is [VariableAccess va:\n        not va2.variable.sourceLocation.None\n        and not va.variable.sourceLocation.None\n        and va2.variable.sourceLocation.startLine == va.variable.sourceLocation.startLine\n        and not va.this\n        and not va2.this\n        and va.variable is [Variable: not isTemp ]*\n    ]]\n       )\n       /* FieldAccess outside of lambda that isn't another assignment */\n       and not loc2 in [AssignmentStatement: lhs.location is [Location: transitiveBase === loc2.transitiveBase]]\n       /* make sure occurs after initial lambda call */\n       and not loc2.sourceLocation.None\n       and not fc.sourceLocation.None\n       and loc2.sourceLocation.startLine > fc.sourceLocation.startLine\n   ]*\n      ]*\n  ]\n     ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": None,
-    "predicate": "\n /* find a lambda that assigns a value to a field */\n FunctionCall fc: fc.possibleTargets contains [Function: (\n (\n     name matches \"send|bind|createSocket|createServer|get|request|addListener|once|resolve(4|6|Cname|Mx|Ns|Soa|Srv|Txt)?|lookup(Service)?|reverse|exec(File)?\"\n     and possibleHeapPaths contains [String str: str matches \"dgram(\\.Socket)?|http(s)?|net|tls|dns|child_process\"]\n )\n or\n (\n     name == \"on\"\n     and not possibleHeapPaths contains [String str2: str2 matches \"HTML[A-z]*Element.*|(\\$)?window|(\\$)?document\"]\n     and not fc.instance is [FunctionCall:\n  possibleTargets contains [Function: name matches \"jQuery|\\$\" or\n   (name == \"constructor\" and possibleHeapPaths contains [String: matches \"(jQuery|\\$)\\.(prototype|fn)\"])\n   /* account for jQuery selector filters */\n   or name matches \"eq|filter|first|has|is|last|map|not|slice|children|closest|find|((next|prev)(All|Until)?)|offsetParent|parent|parents|parentsUntil|siblings|add|addBack|andSelf|end|not|contents|each\"\n  ]\n     ]\n     and not fc.instance.possibleHeapPaths contains \"angular.element\"\n     and fc.arguments.length == 2\n )\n    )]\n    and fc.arguments contains [Expression e: possibleFunctionTargets contains\n    [Function lambda:\n /* lambda isn't recursive */\n not lambda contains [FunctionCall recursiveFC: recursiveFC == fc or recursiveFC.function contains [FunctionCall: == fc]]\n and lambda contains [FieldAccess fa: type.arrayDimensions == 0\n and fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]]\n /* isn't ~parent field that seems to be specified around lambdas */\n and fa.field is [Field f:\n     not fa.sourceLocation.None\n     and not f.sourceLocation.None\n     and fa.sourceLocation.startLine != f.sourceLocation.startLine\n     /* isn't length field in NST */\n     and f.name != \"length\"\n     and fc.enclosingFunction contains [FieldAccess fa2: fa2.type.arrayDimensions == 0\n  and fa2.field is f\n  /* FieldAccess outside of lambda that isn't another assignment */\n  and not fa2 in [AssignmentStatement: lhs.location is [Location: transitiveBase === fa2.transitiveBase]]\n  /* make sure occurs after initial lambda call */\n  and not fa2.sourceLocation.None\n  and not fc.sourceLocation.None\n  and fa2.sourceLocation.startLine > fc.sourceLocation.startLine\n     ]*\n ]\n    ]*]\n    ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": None,
-    "predicate": "\n  /* find a lambda that assigns a value to a field */\n  FunctionCall fc: fc.possibleTargets contains [Function:\n   (\n       name matches \"send|bind|createSocket|createServer|get|request|addListener|once|resolve(4|6|Cname|Mx|Ns|Soa|Srv|Txt)?|lookup(Service)?|reverse|exec(File)?\"\n       and possibleHeapPaths contains [String str: str matches \"dgram(\\.Socket)?|http(s)?|net|tls|dns|child_process\"]\n   )\n   or\n   (\n       name == \"on\"\n       and not possibleHeapPaths contains [String str2: str2 matches \"HTML[A-z]*Element.*|(\\$)?window|(\\$)?document\"]\n       and not fc.instance is [FunctionCall:\n    possibleTargets contains [Function: name matches \"jQuery|\\$\" or\n     (name == \"constructor\" and possibleHeapPaths contains [String: matches \"(jQuery|\\$)\\.(prototype|fn)\"])\n     /* account for jQuery selector filters */\n     or name matches \"eq|filter|first|has|is|last|map|not|slice|children|closest|find|((next|prev)(All|Until)?)|offsetParent|parent|parents|parentsUntil|siblings|add|addBack|andSelf|end|not|contents|each\"\n    ]\n       ]\n       and not fc.instance.possibleHeapPaths contains \"angular.element\"\n       and fc.arguments.length == 2\n   )\n      ]\n      and fc.arguments contains [Expression e: possibleFunctionTargets contains [Function lambda:\n   /* lambda isn't recursive */\n   not lambda contains [FunctionCall recursiveFC: recursiveFC == fc or recursiveFC.function contains [FunctionCall: == fc]]\n   and lambda contains [Location loc: loc.type.arrayDimensions == 0\n       and loc in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === loc.transitiveBase]]\n       and not loc.sourceLocation.None\n       and loc.name != \"length\"\n       /* isn't 'this' */\n       and loc.name != \"this\"\n       and fc.enclosingFunction contains [FunctionCall fc2:\n    function is [Function func:\n        not func contains [FunctionCall recursiveFC2: recursiveFC2 == fc or recursiveFC2.function contains [FunctionCall: == fc]]\n        and not fc.enclosingFunction contains [FunctionCall: arguments contains [Expression: possibleFunctionTargets contains func]]\n        and contains [Location loc2: loc2.type.arrayDimensions == 0\n     and loc2.name == loc.name\n     /* the underlying declaration is the same i.e. the field being accessed is the same field */\n     and (\n         loc2 is [FieldAccess fa2: loc is [FieldAccess fa:\n      not fa2.field.sourceLocation.None\n      and not fa.field.sourceLocation.None\n      and fa2.field.sourceLocation.startLine == fa.field.sourceLocation.startLine\n      and fa.field is [Field:\n          /* do not match against the lambda generated fields */\n          name != \"~environment\"\n          and name != \"~method\"\n          and name != \"prototype\"\n      ]*\n         ]]\n         or loc2 is [VariableAccess va2: loc is [VariableAccess va:\n      not va2.variable.sourceLocation.None\n      and not va.variable.sourceLocation.None\n      and va2.variable.sourceLocation.startLine == va.variable.sourceLocation.startLine\n      and not va.this\n      and not va2.this\n      and va.variable is [Variable: not isTemp ]*\n         ]]\n     )\n     and not loc2 in [AssignmentStatement: lhs.location is [Location: transitiveBase === loc2.transitiveBase]]\n     and not fc2.sourceLocation.None\n     and not fc.sourceLocation.None\n     and fc2.sourceLocation.startLine > fc.sourceLocation.startLine\n        ]*\n    ]\n       ]*\n   ]*\n      ]\n  ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": None,
-    "predicate": "\n  /* find a lambda that assigns a value to a field */\n  FunctionCall fc: fc.possibleTargets contains [Function: (\n   (\n       name matches \"send|bind|createSocket|createServer|get|request|addListener|once|resolve(4|6|Cname|Mx|Ns|Soa|Srv|Txt)?|lookup(Service)?|reverse|exec(File)?\"\n       and possibleHeapPaths contains [String str: str matches \"dgram(\\.Socket)?|http(s)?|net|tls|dns|child_process\"]\n   )\n   or\n   (\n       name == \"on\"\n       and not possibleHeapPaths contains [String str2: str2 matches \"HTML[A-z]*Element.*|(\\$)?window|(\\$)?document\"]\n       and not fc.instance is [FunctionCall:\n    possibleTargets contains [Function: name matches \"jQuery|\\$\" or\n     (name == \"constructor\" and possibleHeapPaths contains [String: matches \"(jQuery|\\$)\\.(prototype|fn)\"])\n     /* account for jQuery selector filters */\n     or name matches \"eq|filter|first|has|is|last|map|not|slice|children|closest|find|((next|prev)(All|Until)?)|offsetParent|parent|parents|parentsUntil|siblings|add|addBack|andSelf|end|not|contents|each\"\n    ]\n       ]\n       and not fc.instance.possibleHeapPaths contains \"angular.element\"\n       and fc.arguments.length == 2\n   )\n      )]\n      and fc.arguments contains [Expression e: possibleFunctionTargets contains\n      [Function lambda:\n   /* lambda isn't recursive */\n   not lambda contains [FunctionCall recursiveFC: recursiveFC == fc or recursiveFC.function contains [FunctionCall: == fc]]\n   and lambda contains [FieldAccess fa: fa.type.arrayDimensions == 0\n   and fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]]\n    /* isn't ~parent field that seems to be specified around lambdas */\n    and fa.field is [Field f:\n        not fa.sourceLocation.None\n        and not f.sourceLocation.None\n        and fa.sourceLocation.startLine != f.sourceLocation.startLine\n        /* isn't length field in NST */\n        and f.name != \"length\"\n        /* a separate function is called that reads the field */\n        and fc.enclosingFunction contains [FunctionCall fc2: function is [Function func:\n     /* function isn't recursive with original function */\n     not func contains [FunctionCall recursiveFC2: recursiveFC2 == fc or recursiveFC2.function contains [FunctionCall: == fc]]\n     /* the function called isn't called via a lambda */\n     and not fc.enclosingFunction contains [FunctionCall: arguments contains [Expression: possibleFunctionTargets contains func]]\n     and contains [FieldAccess fa2: fa2.type.arrayDimensions == 0\n     and fa2.field is f\n     /* not another assignment to the field */\n     and not fa2 in [AssignmentStatement: lhs.location is [Location: transitiveBase === fa2.transitiveBase]]\n     /* second function call (which includes FieldAccess read) occurs after first function calls lambda (which contains FieldAccess write) */\n     and not fc2.sourceLocation.None\n     and not fc.sourceLocation.None\n     and fc2.sourceLocation.startLine > fc.sourceLocation.startLine\n        ]*]]*\n    ]\n      ]*]\n  ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n\t\t\t\tFunctionCall call: possibleTargets contains [Function f: f.name matches \"query|execute|prepare\"]\n\t\t\t\t\tand call.instance.possibleHeapPaths contains [String s: s matches \"mysql2\\.create(Connection|Pool)\"]\n      /* arg0 non-constant */\n\t\t\t\t\tand call.arguments[0] is [Expression e: constantValue.None]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n\t\t\t\t/* queryAsync is for bluebird, but we don't support bluebird yet */\n\t\t\t\tFunctionCall call: possibleTargets contains [Function f: f.name matches \"query(Async)?\"]\n\t\t\t\t\tand call.instance.possibleHeapPaths contains [String s: s matches \"mysql\\.create(Connection|Pool)\"]\n      /* arg0 non-constant */\n\t\t\t\t\tand call.arguments[0] is [Expression e: constantValue.None ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name matches \"post|get|getJSON|getScript\" and\n      call.instance is [Location l: l.name matches \"jQuery|\\$\"]\n      and call.arguments.length > 0\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name matches \"post|get|getJSON|getScript\"] and\n      call.instance is [Location l: l.name matches \"jQuery|\\$\"]\n      and call.arguments.length > 0\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.possibleTargets contains [Function f: f.name matches \"post|get|getJSON|getScript\"] and\n      call.instance is [FieldAccess fa: fa.field.name matches \"jQuery|\\$\"]\n      and call.arguments.length > 0\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall call: call.name matches \"post|get|getJSON|getScript\" and\n        call.instance is [FieldAccess fa: fa.field.name matches \"jQuery|\\$\"]\n      and call.arguments.length > 0\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Handlebars Misconfiguration",
-    "vuln_subcategory": "Prototypes Allowed",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"allowProtoMethodsByDefault|allowProtoPropertiesByDefault\"\n  and fa in [AssignmentStatement:\n      lhs.location is [Location l:\n   l.transitiveBase === fa.transitiveBase\n      ]\n      and rhs.constantValue == true\n  ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Handlebars Misconfiguration",
-    "vuln_subcategory": "Prototypes Allowed",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"allowedProtoProperties|allowedProtoMethods\"\n      /* do not match against generated versions on a call to template compilation */\n      and not fa.instance is [Location: name == \"tag~options\"]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ]\n   and rhs is [Expression: type.definition is [Class: \n       /* don't cause duplicates with DBCF5E6D-C7DC-49D4-8158-95F7AAE15614 */\n       not fields contains [Field: \n    not synthetic\n    and name matches \"constructor|__defineGetter__|__defineSetter__|__lookupGetter__|__lookupSetter__|__proto__\"\n       ]\n       and fields contains [Field: not synthetic]*\n   ]]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Handlebars Misconfiguration",
-    "vuln_subcategory": "Prototypes Allowed",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"allowedProtoProperties|allowedProtoMethods\"\n      /* do not match against generated versions on a call to template compilation */\n      and not fa.instance is [Location: name == \"tag~options\"]\n      and fa in [AssignmentStatement:\n   lhs.location is [Location l:\n       l.transitiveBase === fa.transitiveBase\n   ]\n   and rhs is [Expression: type.definition is [Class: \n       fields contains [Field: \n    not synthetic\n    and name matches \"constructor|__defineGetter__|__defineSetter__|__lookupGetter__|__lookupSetter__|__proto__\"\n       ]*\n   ]]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "GraphQL Bad Practices",
-    "vuln_subcategory": "Introspection Enabled",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function: name == \"graphqlHTTP\"]\n      and fc.enclosingFunction is [Function:\n   contains [FunctionCall:\n       /* check if graphqlHTTP is argument of app.use() */\n       possibleTargets contains [Function: name == \"use\"]\n       and instance is [Expression inst:\n    possibleHeapPaths contains [String str:\n        str matches \"express(\\.express|\\.exports)?\"\n    ]\n    /* for NodeGoat and similar projects. Bug 54435 */\n    or inst is [Location: name == \"app\"]\n       ]\n       and arguments contains fc\n   ]\n      ]\n      /* case 1: object passed as argument to graphqlHTTP() */\n      and not fc.arguments[0] is [Expression:\n   possibleTypes contains [Type:\n       definition.fields contains [Field f1:\n    f1.name == \"validationRules\"\n    and fc.enclosingFunction contains [AssignmentStatement:\n        lhs is [FieldAccess:\n     field is f1\n        ]\n        and rhs is [VariableAccess va1:\n     fc.enclosingFunction contains [AssignmentStatement:\n         rhs is [VariableAccess:\n      name == \"NoSchemaIntrospectionCustomRule\"\n      and possibleTypes contains [Type:\n          definition.name matches \"NoSchemaIntrospectionCustomRule.*\"\n      ]\n         ]\n         and lhs is [VariableAccess: is va1]\n     ]\n        ]\n    ]\n       ]\n   ]\n      ]\n      /* case 2: lambda passed as argument to graphqlHTTP() */\n      and not fc.arguments[0] is [Expression: \n   possibleFunctionTargets contains [Function lambda:\n       returnSlot is [Slot: \n    type is [Type: \n        definition.fields contains [Field f2:\n     f2.name == \"validationRules\"\n     and lambda contains [AssignmentStatement:\n         lhs is [FieldAccess:\n      field is f2\n         ]\n         and rhs is [VariableAccess va2:\n      fc.enclosingFunction contains [AssignmentStatement:\n          rhs is [VariableAccess:\n       name == \"NoSchemaIntrospectionCustomRule\"\n       and possibleTypes contains [Type:\n           definition.name matches \"NoSchemaIntrospectionCustomRule.*\"\n       ]\n          ]\n          and lhs is [VariableAccess: is va2]\n      ]\n         ]\n     ]\n        ]\n    ]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "GraphQL Bad Practices",
-    "vuln_subcategory": "GraphiQL Enabled",
-    "predicate": "\n  FunctionCall fc:\n      fc.possibleTargets contains [Function: name == \"graphqlHTTP\"]\n      and fc.enclosingFunction is [Function:\n   contains [FunctionCall:\n       /* check if graphqlHTTP is argument of app.use() */\n       possibleTargets contains [Function: name == \"use\"]\n       and instance is [Expression inst:\n    possibleHeapPaths contains [String str:\n        str matches \"express(\\.express|\\.exports)?\"\n    ]\n    /* for NodeGoat and similar projects. Bug 54435 */\n    or inst is [Location: name == \"app\"]\n       ]\n       and arguments contains fc\n   ]\n      ]\n      /* case 1: object passed as argument to graphqlHTTP() */\n      and not fc.arguments[0] is [Expression:\n   possibleTypes contains [Type:\n       definition.fields contains [Field f1:\n    f1.name == \"graphiql\"\n    and fc.enclosingFunction contains [AssignmentStatement:\n        lhs is [FieldAccess:\n     field is f1\n        ]\n        and rhs is [Expression:\n     constantValue is [Boolean: is false]\n     or constantValue is [String: == \"false\"]\n        ]\n    ]\n       ]\n   ]\n      ]\n      /* case 2: lambda passed as argument to graphqlHTTP() */\n      and not fc.arguments[0] is [Expression:\n   possibleFunctionTargets contains [Function lambda:\n       returnSlot is [Slot:\n    type is [Type:\n        definition.fields contains [Field f2:\n     f2.name == \"graphiql\"\n     and lambda contains [AssignmentStatement:\n         lhs is [FieldAccess:\n      field is f2\n         ]\n         and rhs is [Expression:\n      constantValue is [Boolean: is false]\n      or constantValue is [String: == \"false\"]\n         ]\n     ]\n        ]\n    ]\n       ]\n   ]\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n   name matches \"get|post|put|all|delete|head|patch|options\"\n      ]\n      and instance.possibleTypes contains [Type: definition is\n   [Class: name == \"Express\"\n       and interface == true\n       and filepath matches \"(.*[/\\\\])?express-serve-static-core[/\\\\]index\\.d\\.ts\"\n   ]\n      ]\n      and not fc.arguments contains [Expression inst1: inst1 is [FieldAccess: field.name matches \"(?i).*csrf.*\"]\n          or inst1 is [VariableAccess: variable.name matches \"(?i).*csrf.*\"]\n      ]\n      and fc.arguments.length > 1\n\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name == \"listen\"\n   and enclosingClass.name == \"Application\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "HTTPOnly not Set",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      name == \"cookie\"]\n      /* ewwwww */\n      and fc.instance is [Expression this:\n   /* Express JS has chainable vary and status fields */\n   this.possibleFunctionTargets contains [Function:\n       name matches \"vary|status\"\n   ]\n   or this is [Location:\n       name matches \"res(p(onse)?)?\"\n   ]\n      ]\n      and (\n   fc.arguments.length == 2\n   or\n   fc.arguments[2] is [Expression:\n       possibleTypes contains [Type: not definition.fields contains\n    [Field: name == \"httpOnly\"]\n       ]\n   ]\n      )\n\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "HTTPOnly not Set",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      name == \"cookie\"]\n      /* ewwwww */\n      and fc.instance is [Expression this:\n   /* Express JS has chainable vary and status fields */\n   this.possibleFunctionTargets contains [Function:\n       name matches \"vary|status\"\n   ]\n   or this is [FieldAccess fa:\n       fa.field.name matches \"res(p(onse)?)?\"\n   ]\n      ]\n      and (\n   fc.arguments.length == 2\n   or\n   fc.arguments[2] is [Expression:\n       possibleTypes contains [Type: not definition.fields contains\n    [Field: name == \"httpOnly\"]\n       ]\n   ]\n      )\n\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      name == \"cookie\"]\n      /* ewwwww */\n      and fc.instance is [Expression this:\n   /* Express JS has chainable vary and status fields */\n   this.possibleFunctionTargets contains [Function:\n       name matches \"vary|status\"\n   ]\n   or this is [Location:\n       name matches \"res(p(onse)?)?\"\n   ]\n      ]\n      and (\n   fc.arguments.length == 2\n   or\n   fc.arguments[2] is [Expression:\n       possibleTypes contains [Type: not definition.fields contains\n    [Field: name == \"secure\"]\n       ]\n   ]\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      name == \"cookie\"]\n      /* ewwwww */\n      and fc.instance is [Expression this:\n   /* Express JS has chainable vary and status fields */\n   this.possibleFunctionTargets contains [Function:\n       name matches \"vary|status\"\n   ]\n   or this is [FieldAccess fa:\n       fa.field.name matches \"res(p(onse)?)?\"\n   ]\n      ]\n      and (\n   fc.arguments.length == 2\n   or\n   fc.arguments[2] is [Expression:\n       possibleTypes contains [Type: not definition.fields contains\n    [Field: name == \"secure\"]\n       ]\n   ]\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Missing SameSite Attribute",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      name == \"cookie\"]\n      /* ewwwww */\n      and fc.instance is [Expression this:\n   /* Express JS has chainable vary and status fields */\n   this.possibleFunctionTargets contains [Function:\n       name matches \"vary|status\"\n   ]\n   or this is [Location:\n       name matches \"res(p(onse)?)?\"\n   ]\n      ]\n      and (\n   fc.arguments.length == 2\n   or\n   fc.arguments[2] is [Expression:\n       possibleTypes contains [Type: not definition.fields contains\n    [Field: name == \"sameSite\"]\n       ]\n   ]\n      )\n\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"exec(File)?|spawn\"\n   and returnType.name == \"ChildProcessPromise\"\n      ]\n      and arguments[0] is [Expression:\n   /* not a constant */\n   constantValue.None\n   /* is constant, and contains environment variables */\n   or constantValue matches \".*\\$.*|.*%.*%.*\"\n   /* is constant, and doesn't contain a full path */\n   or not (\n       constantValue matches \".+:(/|\\\\).*\"\n       or constantValue matches \"(/|\\\\).*\"\n   )\n      ]*\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Command Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall:\n      possibleTargets contains [Function:\n   name matches \"exec(File)?|spawn\"\n   and returnType.name == \"ChildProcessPromise\"\n      ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: f.name == \"createTableService\"\n        and f.possibleHeapPaths contains [String str: str == \"azure-storage\"]]\n        and not fc.arguments[1].constantValue.None\n        and not fc.arguments[1].constantValue is [None:]\n        and not fc.arguments[1].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: f.name == \"createTableService\"\n        and f.possibleHeapPaths contains [String str: str == \"azure-storage\"]]\n        and not fc.arguments[1].constantValue.None\n        and not fc.arguments[1].constantValue is [None:]\n        and not fc.arguments[1].constantValue == \"\"\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Path",
-    "predicate": "\n  AccessLocation al: accessName == \"path\" and\n       al in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === al.transitiveBase]\n    and not rhs.constantValue.None and rhs.constantValue == \"/\"]\n       and (al.accessInstance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (al.accessInstance is [AccessLocation: accessName == \"defaults\"\n    and accessInstance is [Location: name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Path",
-    "predicate": "\n  AccessLocation al: accessName == \"path\" and\n       al in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === al.transitiveBase]\n    and not rhs.constantValue.None and rhs.constantValue == \"/\"]\n       and (al.accessInstance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (al.accessInstance is [AccessLocation: accessName == \"defaults\"\n    and accessInstance is [Location: name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Path",
-    "predicate": "\n  FieldAccess fa: fa.field.name == \"path\" and\n       fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n    and not rhs.constantValue.None and rhs.constantValue == \"/\"]\n       and (fa.instance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (fa.instance is [FieldAccess fa2: field.name == \"defaults\"\n    and fa2.instance is [FieldAccess fa3: field.name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  AccessLocation al: al.accessName == \"domain\" and \n       al in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === al.transitiveBase]\n    and not rhs.constantValue.None \n   and rhs.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"]\n       and (al.accessInstance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (al.accessInstance is [AccessLocation: accessName == \"defaults\"\n    and accessInstance is [Location: name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  AccessLocation al: al.accessName == \"domain\" and\n       al in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === al.transitiveBase]\n    and not rhs.constantValue.None \n   and rhs.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.([a-z0-9\\-]+)$\"]\n       and (al.accessInstance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (al.accessInstance is [AccessLocation: accessName == \"defaults\" \n    and accessInstance is [Location: name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  AccessLocation al: al.accessName == \"domain\" and \n       al in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === al.transitiveBase]\n    and not rhs.constantValue.None \n   and rhs.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"]\n       and (al.accessInstance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (al.accessInstance is [AccessLocation: accessName == \"defaults\"\n    and accessInstance is [Location: name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  AccessLocation al: al.accessName == \"domain\" and\n       al in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === al.transitiveBase]\n    and not rhs.constantValue.None \n   and rhs.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.([a-z0-9\\-]+)$\"]\n       and (al.accessInstance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (al.accessInstance is [AccessLocation: accessName == \"defaults\" \n    and accessInstance is [Location: name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  FieldAccess fa: fa.field.name == \"domain\" and \n       fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n    and not rhs.constantValue.None \n   and rhs.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.[a-z]{1,3}\\.[a-z]{1,3}$\"]\n       and (fa.instance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (fa.instance is [FieldAccess fa2: field.name == \"defaults\" \n    and fa2.instance is [FieldAccess fa3: field.name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Overly Broad Domain",
-    "predicate": "\n  FieldAccess fa: fa.field.name == \"domain\" and\n       fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n    and not rhs.constantValue.None\n   and rhs.constantValue matches \"(?i)^\\.?([a-z0-9\\-]+)\\.([a-z0-9\\-]+)$\"]\n       and (fa.instance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (fa.instance is [FieldAccess fa2: field.name == \"defaults\"\n    and fa2.instance is [FieldAccess fa3: field.name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  AccessLocation al: al.accessName == \"secure\" and\n       al in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === al.transitiveBase]\n    and not rhs.constantValue.None and rhs.constantValue != true]\n      and (al.accessInstance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (al.accessInstance is [AccessLocation: name == \"defaults\"\n    and accessInstance is [Location: name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  AccessLocation al: al.accessName == \"secure\" and\n       al in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === al.transitiveBase]\n    and not rhs.constantValue.None and rhs.constantValue != true]\n      and (al.accessInstance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (al.accessInstance is [AccessLocation: name == \"defaults\"\n    and accessInstance is [Location: name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  FieldAccess fa: fa.field.name == \"secure\" and\n       fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase]\n    and not rhs.constantValue.None and rhs.constantValue != true]\n      and (fa.instance.possibleHeapPaths contains \"$cookiesProvider.defaults\"\n   or\n   (fa.instance is [FieldAccess fa2: field.name == \"defaults\"\n    and fa2.instance is [FieldAccess fa3: field.name == \"$cookiesProvider\"]])\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function: name matches \"put(Object)?\"]\n   /* possibleHeapPaths matching too broadly */\n   and fc.instance is [Location: name == \"$cookies\"]\n   and (\n       fc.arguments.length < 3\n       or fc.arguments[2] is [Expression:\n    not possibleTypes contains [Type:\n        definition.fields contains [Field: name == \"secure\"]\n    ]\n       ]\n   )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Cookie Security",
-    "vuln_subcategory": "Cookie not Sent Over SSL",
-    "predicate": "\n  FunctionCall fc: possibleTargets contains [Function: name matches \"put(Object)?\"]\n   /* possibleHeapPaths matching too broadly */\n   and fc.instance is [FieldAccess: field.name == \"$cookies\"]\n   and (\n       fc.arguments.length < 3\n       or fc.arguments[2] is [Expression:\n    not possibleTypes contains [Type:\n        definition.fields contains [Field: name == \"secure\"]\n    ]\n       ]\n   )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "AngularJS Misconfiguration",
-    "vuln_subcategory": "Strict Contextual Escaping Disabled",
-    "predicate": "\n     FunctionCall: possibleTargets contains [Function: name == \"enabled\"\n   and possibleHeapPaths contains \"$sceProvider\"]\n      and (arguments[0].constantValue.None\n   or arguments[0].constantValue == false\n   or arguments[0].constantValue == 0\n      )\n "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "AngularJS Misconfiguration",
-    "vuln_subcategory": "Dangerous Protocol Allowed",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: f.name matches \"(imgSrc|aHref)SanitizationWhitelist\"\n   and f.possibleHeapPaths contains [String str: str == \"$compileProvider\"]]\n      and fc.arguments.length == 1\n      and fc.arguments[0] is [Expression e: e.constantValue matches \"(?i).*javascript.*\" or e.partialConstantValues contains [String: matches \"(?i).*javascript.*\"]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   f.name == \"$http\"]\n      and fc.arguments.length == 1\n      /* configuration object doesn't contain xsrfCookieName or xsrfHeaderName setting */\n      and not fc.arguments[0].type.definition.fields contains [Field:\n   name matches \"xsrf(Cookie|Header)Name\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   f.name == \"$http\"]\n      and fc.arguments.length == 1\n      /* configuration object doesn't contain xsrfCookieName or xsrfHeaderName setting */\n      and not fc.arguments[0].type.definition.fields contains [Field:\n   name matches \"xsrf(Cookie|Header)Name\"]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   f.name == \"get\"\n      ]\n      /* possibleHeapPaths matching too broadly */\n      and fc.instance is [Location: name == \"$http\"]\n      and (\n   /* no configuration object set */\n   fc.arguments.length == 1\n   /* or configuration object set, and doesn't contain xsrfCookieName or xsrfHeaderName setting */\n   or not fc.arguments[1].type.definition.fields contains [Field: name matches \"xsrf(Cookie|Header)Name\"]\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n   f.name == \"get\"\n      ]\n      /* possibleHeapPaths matching too broadly */\n      and fc.instance is [FieldAccess: field.name == \"$http\"]\n      and (\n   /* no configuration object set */\n   fc.arguments.length == 1\n   /* or configuration object set, and doesn't contain xsrfCookieName or xsrfHeaderName setting */\n   or not fc.arguments[1].type.definition.fields contains [Field: name matches \"xsrf(Cookie|Header)Name\"]\n      )\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "AngularJS Misconfiguration",
-    "vuln_subcategory": "Dangerous Protocol Allowed",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f: f.name matches \"(imgSrc|aHref)SanitizationWhitelist\"\n   and f.possibleHeapPaths contains [String str: str == \"$compileProvider\"]]\n      and fc.arguments.length == 1\n      and fc.arguments[0] is [Expression e: e.constantValue matches \"(?i).*javascript.*\" or e.partialConstantValues contains [String: matches \"(?i).*javascript.*\"]]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "Mixing Template Languages",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function: name matches \"(start|end)Symbol\"\n   and (\n       possibleHeapPaths contains [String str: str == \"$interpolateProvider\"]\n       or fc.instance is [Location: name == \"$interpolateProvider\"]\n       /* matches against last function call in builder-style call $interpolateProvider.startSymbol('##').endSymbol('##'); */\n       or fc.instance is [FunctionCall: possibleTargets contains [Function: name matches \"(start|end)Symbol\"]]\n   )\n      ]\n      and fc.arguments.length == 1\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "Often Misused",
-    "vuln_subcategory": "Mixing Template Languages",
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function: name matches \"(start|end)Symbol\"\n   and (\n       possibleHeapPaths contains [String str: str == \"$interpolateProvider\"]\n       or fc.instance is [FieldAccess: field.name == \"$interpolateProvider\"]\n       /* matches against last function call in builder-style call $interpolateProvider.startSymbol('##').endSymbol('##'); */\n       or fc.instance is [FunctionCall: possibleTargets contains [Function: name matches \"(start|end)Symbol\"]]\n   )\n      ]\n      and fc.arguments.length == 1\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "AngularJS Misconfiguration",
-    "vuln_subcategory": "Strict Contextual Escaping Disabled",
-    "predicate": "\n     FunctionCall: possibleTargets contains [Function: name == \"enabled\"\n   and possibleHeapPaths contains \"$sceProvider\"]\n      and (arguments[0].constantValue.None\n   or arguments[0].constantValue == false\n   or arguments[0].constantValue == 0\n      )\n "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  \n      FunctionCall fc: fc.possibleTargets contains [Function : name == \"request\"]\n     and instance.possibleTypes contains [Type: name == \"@angular/common/http.HttpClient\"]\n     and fc.arguments[1] is [Expression: constantValue matches \"(?i)http://[^\\s/$.?#][^\\s]*\" ]\n\n      \n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Insecure Transport",
-    "vuln_subcategory": None,
-    "predicate": "\n  \n      FunctionCall fc: fc.possibleTargets contains [Function : name matches \"get|head|jsonp|options|patch|post|put\"]\n     and instance.possibleTypes contains [Type: name == \"@angular/common/http.HttpClient\"]\n     and fc.arguments[0] is [Expression: constantValue matches \"(?i)http://[^\\s/$.?#][^\\s]*\" ]\n\n      \n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "Cross-Site Request Forgery",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: fc.possibleTargets contains [Function f:\n      name == \"withNoXsrfProtection\"\n  ]\n     "
-  },
-  {
-    "language": "javascript",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Path Manipulation",
-    "vuln_subcategory": "Zip Entry Overwrite",
-    "predicate": "\n  FunctionCall fc:\n      possibleTargets contains [Function:\n   name == \"extractAllTo\"\n   and possibleHeapPaths contains \"AdmZip\"\n      ]\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  StringLiteral:\n      constantValue matches \".*\\\"(PUT_REGEX_HERE)\\\"\\s*:\\s*\\\"[^{$%]+\\\".*\"\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is\n         [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"PUT_REGEX_HERE\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"PUT_REGEX_HERE\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ) or\n         (operation.lhs.location is\n         [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"PUT_REGEX_HERE\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"PUT_REGEX_HERE\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ))\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is\n         [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"PUT_REGEX_HERE\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"PUT_REGEX_HERE\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ) or\n         (operation.lhs.location is\n         [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"PUT_REGEX_HERE\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"PUT_REGEX_HERE\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ))\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is\n         [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"(?i)pass(wd|word)\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"(?i)pass(wd|word)\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ) or\n         (operation.lhs.location is\n         [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"(?i)pass(wd|word)\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"(?i)pass(wd|word)\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ))\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pass(wd|word)\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \".*\\b(PUT_REGEX_HERE)\\b.*\"\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Password in Comment",
-    "predicate": "\n  Comment c: c.text matches \"(?i).*pass(wd|word|phrase).*\"\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pwd\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and va.variable.isTemp == false and\n    not va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and va.variable.isTemp == false and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pwd\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and va.variable.isTemp == false and\n    not va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and va.variable.isTemp == false and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is\n         [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"(?i).*pwd.*\" and not val.variable.name matches \"(?i)pwd\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"(?i).*pwd.*\" and not var.variable.name matches \"(?i)pwd\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ) or\n         (operation.lhs.location is\n         [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"(?i).*pwd.*\" and not fal.field.name matches \"(?i)pwd\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"(?i).*pwd.*\" and not far.field.name matches \"(?i)pwd\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ))\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is\n         [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"(?i)pwd\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"(?i)pwd\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ) or\n         (operation.lhs.location is\n         [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"(?i)pwd\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"(?i)pwd\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ))\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pwd.*\" and\n    not fa.field.name matches \"(?i)pwd\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)pwd\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pwd.*\" and va.variable.isTemp == false and\n    not va.variable.name matches \"(?i)pwd\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  Operation operation: (operation.op matches \"[!=><]=\" or operation.op matches \"[<>]\") and\n         ((operation.lhs.location is\n         [VariableAccess val: val.variable is [Variable vl: ]* and val.variable.name matches \"(?i).*pass(wd|word).*\" and not val.variable.name matches \"(?i)pass(wd|word)\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [VariableAccess var: var.variable is [Variable vr: ]* and var.variable.name matches \"(?i).*pass(wd|word).*\" and not var.variable.name matches \"(?i)pass(wd|word)\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ) or\n         (operation.lhs.location is\n         [FieldAccess fal: fal.field is [Field fl: ]* and fal.field.name matches \"(?i).*pass(wd|word).*\" and not fal.field.name matches \"(?i)pass(wd|word)\"] and\n     not operation.rhs.constantValue.None and\n     not operation.rhs.constantValue is [None:] and\n     not operation.rhs.constantValue == \"\"\n         ) or\n         (operation.rhs.location is\n         [FieldAccess far: far.field is [Field fr: ]* and far.field.name matches \"(?i).*pass(wd|word).*\" and not far.field.name matches \"(?i)pass(wd|word)\"] and\n     not operation.lhs.constantValue.None and\n     not operation.lhs.constantValue is [None:] and\n     not operation.lhs.constantValue == \"\"\n         ))\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*pass(wd|word).*\" and\n    not fa.field.name matches \"(?i)pass(wd|word)\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*pass(wd|word).*\" and va.variable.isTemp == false and\n    not va.variable.name matches \"(?i)pass(wd|word)\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"PUT_REGEX_HERE\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"PUT_REGEX_HERE\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and va.variable.isTemp == false and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "None Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and va.variable.isTemp == false and\n    not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue is [None:]\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Empty Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and va.variable.isTemp == false and\n    not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  FieldAccess fa: fa.field.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and\n    not fa.field.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    fa in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === fa.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and fa.field is [Field f:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Key Management",
-    "vuln_subcategory": "Hardcoded Encryption Key",
-    "predicate": "\n  VariableAccess va: va.variable.name matches \"(?i).*((enc|dec)(?!e|o|y)(ryption|rypt)?|crypto).*key.*|.*passphrase.*\" and va.variable.isTemp == false and\n    not va.variable.name matches \"(?i)((enc|dec)(ryption|rypt)?|crypto)?(_)?key|passphrase\" and\n    va in [AssignmentStatement: lhs.location is [Location l: l.transitiveBase === va.transitiveBase] and\n        not rhs.constantValue.None and\n        not rhs.constantValue is [None:] and\n        not rhs.constantValue == \"\"\n    ] and va.variable is [Variable v:]*\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "Spring Misconfiguration",
-    "vuln_subcategory": "HTML Escaping Disabled",
-    "predicate": "\n  FunctionCall fc:\n      function.name matches \"_jspService|execute\"\n      and function.enclosingClass.name matches \"http://(www\\.)?springframework\\.org/tags/htmlEscape\"\n      and namedParameters contains [\n       NamedParameter: name matches \"jspContext|context\" and\n       expression is [Expression context: ]\n      ]\n      and namedParameters contains [NamedParameter:\n   name is \"defaultHtmlEscape\" and expression.constantValue == \"false\"\n      ]\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "HTML Comment in JSP",
-    "predicate": "\n  Comment: html and text matches \".*\" and\n      /* added an exception for server-side includes -- bug 34067 */\n      not text matches \".*#config.*|.*#echo.*|.*#elif.*|.*#else.*|.*#endif.*|.*#exec.*|.*#flastmod.*|.*#fsize.*|.*#if.*|.*#include.*|.*#printenv.*|.*#set.*\" and\n      /* added an exception for conditional comments that work in IE -- bug 35756 */\n      not text matches \".*\\[if(\\s)+(gt|gte|lt|lte|!)?(\\s)*IE.*|.*<!\\[endif\\].*\"\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "HTML Comment in JSP",
-    "predicate": "\n  Comment: html and text matches \".*\" and\n      /* added an exception for server-side includes -- bug 34067 */\n      not text matches \".*#config.*|.*#echo.*|.*#elif.*|.*#else.*|.*#endif.*|.*#exec.*|.*#flastmod.*|.*#fsize.*|.*#if.*|.*#include.*|.*#printenv.*|.*#set.*\" and\n      /* added an exception for conditional comments that work in IE -- bug 35756 */\n      not text matches \".*\\[if(\\s)+(gt|gte|lt|lte|!)?(\\s)*IE.*|.*<!\\[endif\\].*\"\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": "HTML Comment in JSP",
-    "predicate": "\n     \tComment: html and text matches \".*\" and\n      /* added an exception for server-side includes -- bug 34067 */\n      not text matches \".*#config.*|.*#echo.*|.*#elif.*|.*#else.*|.*#endif.*|.*#exec.*|.*#flastmod.*|.*#fsize.*|.*#if.*|.*#include.*|.*#printenv.*|.*#set.*\" and\n      /* added an exception for conditional comments that work in IE -- bug 35756 */\n      not text matches \".*\\[if(\\s)+(gt|gte|lt|lte|!)?(\\s)*IE.*|.*<!\\[endif\\].*\"\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is\n    [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec: not dec.name startsWith \"_jspx\"]*] and\n   enclosingClass.supers contains [Class: name == \"javax.servlet.Servlet\"] and\n   not enclosingClass.supers contains [Class: name == \"javax.servlet.SingleThreadModel\"] and\n   not enclosingFunction is\n    /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n    [constructor or name matches \"init.*\" or\n    /* EXCEPTION: enclosing function takes ServletConfig as one of its parameters */\n     (parameterTypes.length > 0 and parameterTypes contains [name == \"javax.servlet.ServletConfig\"]) or\n    /* EXCEPTION: enclosing function is only reachable from a constructor */\n    (not public and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n    /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n    (name matches \"set.*\" and not callers contains [not constructor]) or\n    /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n    (callers.length != 0 and not callers contains [Function: not name matches \"init.*\"])]\n  "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Time and State",
-    "vuln_category": "Race Condition",
-    "vuln_subcategory": "Singleton Member Field",
-    "predicate": "\n  AssignmentStatement: lhs.location is\n    [FieldAccess: instance.location is [VariableAccess: this] and field is [Field dec: not dec.name startsWith \"_jspx\"]*] and\n   enclosingClass.supers contains [Class: name == \"javax.servlet.Servlet\"] and\n   not enclosingClass.supers contains [Class: name == \"javax.servlet.SingleThreadModel\"] and\n   not enclosingFunction is\n    /* EXCEPTION: enclosing function is a constructor or its name starts with \"init\" */\n    [constructor or name matches \"init.*\" or name == \"jspInit\" or\n    /* EXCEPTION: enclosing function takes ServletConfig as one of its parameters */\n     (parameterTypes.length > 0 and parameterTypes contains [name == \"javax.servlet.ServletConfig\"]) or\n    /* EXCEPTION: enclosing function is only reachable from a constructor */\n    (not public and (callers.length == 0 or callers contains [constructor]) and not callers contains [not constructor]) or\n    /* EXCEPTION: enclosing function starts with \"set\" and is not reachable from any of the non-constructor functions */\n    (name matches \"set.*\" and not callers contains [not constructor]) or\n    /* EXCEPTION: callers of enclosing function do not contain any functions other than init() */\n    (callers.length != 0 and not callers contains [Function: not name matches \"init.*\"])]\n  "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Encapsulation",
-    "vuln_category": "System Information Leak",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: function.name matches \"_jspService|execute\"\n   and function.enclosingClass.name is \"http://jakarta.apache.org/taglibs/log-1.0/dump\"\n   and namedParameters contains [\n    NamedParameter: name matches \"jspBody|body\" and\n    expression is [Expression body: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name matches \"jspContext|context\" and\n    expression is [Expression context: ]\n   ]\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Hardcoded Password",
-    "predicate": "\n  FunctionCall fc: function.name matches \"_jspService|execute\"\n   and function.enclosingClass.name matches \"http://(java.sun.com|xmlns.jcp.org)/(jsp/)?jstl/sql(_rt)?/setDataSource\"\n   and namedParameters contains [\n    NamedParameter: name matches \"jspBody|body\" and\n    expression is [Expression body: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name matches \"jspContext|context\" and\n    expression is [Expression context: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name is \"password\"\n    and not expression.constantValue.None and not expression.constantValue == \"\" and not expression.constantValue is [None: ]\n   ]\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "Empty Password",
-    "predicate": "\n  FunctionCall fc: function.name matches \"_jspService|execute\"\n   and function.enclosingClass.name matches \"http://(java.sun.com|xmlns.jcp.org)/(jsp/)?jstl/sql(_rt)?/setDataSource\"\n   and namedParameters contains [\n    NamedParameter: name matches \"jspBody|body\" and\n    expression is [Expression body: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name matches \"jspContext|context\" and\n    expression is [Expression context: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name is \"password\"\n    and not expression.constantValue.None and expression.constantValue == \"\"\n   ]\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Security Features",
-    "vuln_category": "Password Management",
-    "vuln_subcategory": "None Password",
-    "predicate": "\n  FunctionCall fc: function.name matches \"_jspService|execute\"\n   and function.enclosingClass.name matches \"http://(java.sun.com|xmlns.jcp.org)/(jsp/)?jstl/sql(_rt)?/setDataSource\"\n   and namedParameters contains [\n    NamedParameter: name matches \"jspBody|body\" and\n    expression is [Expression body: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name matches \"jspContext|context\" and\n    expression is [Expression context: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name is \"password\"\n    and not expression.constantValue.None and expression.constantValue is [None: ]\n   ]\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: function.name matches \"_jspService|execute\"\n   and function.enclosingClass.name matches \"http://(java.sun.com|xmlns.jcp.org)/(jsp/)?jstl/sql(_rt)?/update\"\n   and namedParameters contains [\n    NamedParameter: name matches \"jspBody|body\" and\n    expression is [Expression body: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name matches \"jspContext|context\" and\n    expression is [Expression context: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name is \"sql\"\n    and (expression.constantValue.None or expression.constantValue is [None: ])\n   ]\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "SQL Injection",
-    "vuln_subcategory": None,
-    "predicate": "\n  FunctionCall fc: function.name matches \"_jspService|execute\"\n   and function.enclosingClass.name matches \"http://(java.sun.com|xmlns.jcp.org)/(jsp/)?jstl/sql(_rt)?/query\"\n   and namedParameters contains [\n    NamedParameter: name matches \"jspBody|body\" and\n    expression is [Expression body: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name matches \"jspContext|context\" and\n    expression is [Expression context: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name is \"sql\"\n    and (expression.constantValue.None or expression.constantValue is [None: ])\n   ]\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "API Abuse",
-    "vuln_category": "ADF Faces Bad Practices",
-    "vuln_subcategory": "unsecure Attribute",
-    "predicate": "\n  FunctionCall fc: function.name matches \"_jspService|execute\"\n   and function.enclosingClass.name matches \"http://xmlns\\.oracle\\.com/adf/faces/rich/(activeCommandToolbarButton|calendar|carousel|carouselItem|chooseColor|chooseDate|commandButton|commandImageLink|commandLink|commandScript|commandMenuItem|commandNavigationItem|commandToolbarButton|dialog|goButton|goImageLink|goLink|goMenuItem|inputColor|inputComboboxListOfValues|inputDate|inputFile|inputListOfValues|inputNumberSlider|inputNumberSpinbox|inputRangeSlider|inputText|menu|menuBar|query|quickQuery|resetButton|richTextEditor|selectBooleanCheckbox|selectBooleanRadio|selectManyCheckbox|selectManyChoice|selectManyListbox|selectManyShuttle|selectOneChoice|selectOneListbox|selectOneRadio|selectOrderShuttle|table|toolbar|toolbox|train|trainButtonBar|tree|treeTable)\"\n   and namedParameters contains [\n    NamedParameter: name matches \"jspBody|body\" and\n    expression is [Expression body: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name matches \"jspContext|context\" and\n    expression is [Expression context: ]\n   ]\n   and namedParameters contains [\n    NamedParameter: name is \"unsecure\" and\n    expression is [Expression unsecure: ]\n   ]\n     "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "OGNL Expression Injection",
-    "vuln_subcategory": "Struts 2",
-    "predicate": "\n  FunctionCall fc: function.name matches \"_jspService|execute\"\n      and fc.function.enclosingClass.name matches \"/struts-tags/(url|a)\"\n      and namedParameters contains [\n       NamedParameter: name matches \"jspBody|body\" and\n       expression is [Expression body: ]\n      ]\n      and namedParameters contains [\n       NamedParameter: name matches \"jspContext|context\" and\n       expression is [Expression context: ]\n      ]\n      and namedParameters contains [NamedParameter p: p.name is \"includeParams\" and p.expression.constantValue matches \"all|get\"]\n      "
-  },
-  {
-    "language": "jsp",
-    "vuln_kingdom": "Input Validation and Representation",
-    "vuln_category": "OGNL Expression Injection",
-    "vuln_subcategory": "Struts 2",
-    "predicate": "\n  FunctionCall fc:\n      function.name matches \"_jspService|execute\"\n      and function.enclosingClass.name == \"/struts-tags/url\"\n      and not namedParameters contains [NamedParameter: name is \"value\"]\n      and not namedParameters contains [NamedParameter: name is \"action\"]\n      "
-  }
-]
\ No newline at end of file
diff --git a/rules/__init__.py b/rules/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/rules/fortify/__init__.py b/rules/fortify/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/rules/fortify/fortify.py b/rules/fortify/fortify.py
deleted file mode 100644
index 8a4f764..0000000
--- a/rules/fortify/fortify.py
+++ /dev/null
@@ -1,44 +0,0 @@
-import json
-import os
-import xml.etree.ElementTree as ET
-
-
-rules_list = []
-
-def extract_rules(xml_file):
-    tree = ET.parse(xml_file)
-    root = tree.getroot()
-
-    rules = root.findall('.//{xmlns://www.fortifysoftware.com/schema/rules}StructuralRule')
-
-    for rule in rules:
-        rule_info = {}
-
-        vuln_kingdom = rule.find('{xmlns://www.fortifysoftware.com/schema/rules}VulnKingdom')
-        vuln_category = rule.find('{xmlns://www.fortifysoftware.com/schema/rules}VulnCategory')
-        vuln_subcategory = rule.find('{xmlns://www.fortifysoftware.com/schema/rules}VulnSubcategory')
-        predicate = rule.find('{xmlns://www.fortifysoftware.com/schema/rules}Predicate')
-
-        rule_info['language'] = rule.get('language')
-
-        if rule_info['language'] in ['c', 'cpp', 'go', 'php', 'jsp', 'java', 'python', 'javascript']:
-            rule_info['vuln_kingdom'] = vuln_kingdom.text.replace('        ', ' ') if vuln_kingdom is not None else None
-            rule_info['vuln_category'] = vuln_category.text.replace('        ', ' ') if vuln_category is not None else None
-            rule_info['vuln_subcategory'] = vuln_subcategory.text.replace('        ', ' ') if vuln_subcategory is not None else None
-            rule_info['predicate'] = predicate.text.replace('        ', ' ') if predicate is not None else None
-
-            rules_list.append(rule_info)
-
-
-
-def load_fortify_rules(src_path):
-    for root, dirs, files in os.walk(src_path):
-        for file_name in files:
-            if file_name.endswith('.xml'):
-                file_path = os.path.join(root, file_name)
-                extract_rules(file_path)
-
-    open('../../fortify_rules.json', 'w', encoding='utf-8').write(json.dumps(rules_list))
-
-if __name__ == '__main__':
-    load_fortify_rules(r'C:\Users\yvling\Desktop\data')
\ No newline at end of file
