Oracle® Database

Database Security Assessment Tool User Guide

Release 3.0.0
F21286-08
November 2023

About the Oracle Database Security Assessment

Tool
The Oracle Database Security Assessment Tool (Oracle DBSAT) analyzes database
configurations, users, their entitlements, security policies and identifies where sensitive
data resides to uncover security risks and improve the security posture of Oracle
Databases within your organization.

Benefits of Using Oracle Database Security Assessment

Tool
Using Oracle DBSAT, you can:
• Quickly and easily assess the current security status and identify sensitive data
within the Oracle Database.
• Reduce risk exposure using proven Oracle Database Security best practices, CIS
benchmark recommendations and STIG rules.
• Leverage security findings to accelerate compliance with EU GDPR and other
regulations.
• Improve the security posture of your Oracle Databases and promote security best
practices.

Note:
DBSAT is a lightweight utility that will not impair system performance in a
measurable way.

You can use Oracle DBSAT report findings to:

• Fix immediate short-term risks
• Implement a comprehensive security strategy

1
• Support your regulatory compliance program
• Promote security best practices

Oracle Database Security Assessment Tool Components

The Oracle DBSAT consists of the following components:
• Collector:
The Collector executes SQL queries and runs operating system commands to
collect data from the system to be assessed. It does this primarily by querying
database dictionary views. The collected data is written to a JSON file that is used
by the DBSAT Reporter in the analysis phase. Note that if the collector is executed
remotely it will not collect operating system data. It is recommended to run it in the
database server to collect all relevant data.
• Reporter:
The Reporter analyzes the collected data and generates the Oracle Database
Security Assessment Report in HTML, Excel, JSON, and Text formats. The
Reporter can run on any machine: PC, laptop, or server. You are not limited to
running the Reporter on the database server or the same machine as the
Collector.
• Discoverer:
The Discoverer executes SQL queries and collects metadata from the database
to be assessed, based on the settings specified in the configuration files. It does
this primarily by querying database dictionary views. The collected data is then
used to generate the Oracle Database Sensitive Data Assessment Report in
HTML and CSV formats. The Discoverer can run on any machine: PC, laptop, or
server. You are not limited to running the Discoverer on the database server or the
same machine as the Collector or Reporter.
The following figure shows the components, sources, and reports of the Oracle
Database Security Assessment Tool.

2
Figure Oracle DBSAT Components, Sources, and Reports

For more information about the Collector, Reporter, and Discoverer, see Using the
Collector and Reporter.

Prerequisites
The following sections outline the prerequisites for the Oracle Database Security
Assessment Tool:

Supported Operating Systems

The database configuration collection queries run on most supported Oracle Database
platforms. However, currently, DBSAT will skip OS data for databases running on
Windows platforms.
Oracle DBSAT runs on:
• Solaris x64 and Solaris SPARC64
• Linux x86-64 and Linux 64-bit Arm
• Windows x64
• HP-UX IA (64-bit)
• IBM AIX (64-bit) and Linux on zSeries (64-bit)

Supported Database Versions

You can run the Oracle DBSAT on Oracle Database 11.2.0.4 and later releases on-
premises or in the Cloud, on Oracle Database Standard Edition 2 and Oracle
Database Enterprise Edition. You can also run Oracle DBSAT against Autonomous

3
Databases (Serverless, Dedicated, and Cloud@Customer), Autonomous JSON
Database, Oracle Exadata Database Service (Dedicated and Cloud@Customer), and
Oracle Base Database Service (BaseDB Enterprise Edition and Standard Edition).
Some findings will do different checks and provide targeted remarks for these
databases. For more information about the target-specific checks and
recommendations, see Appendix A.

Security Requirements
Oracle DBSAT output files are sensitive because they may reveal weaknesses in the
security posture of your database. To prevent unauthorized access to these files, you
must implement the following security guidelines:
• Ensure that the directories holding these files are secured with the appropriate
permissions.
• Delete the files securely after you implement the recommendations they contain.
• Share them with others in their (by default) encrypted form.
• Grant user permissions to the Oracle DBSAT user on a short-term basis and
revoke these when no longer necessary.
For more information about Oracle DBSAT user privileges, see Collector
Prerequisites. For more information about Oracle DBSAT best practices, see: Best
Practices

Caution:
This tool is intended to assist you in identifying potential sensitive data and
vulnerabilities in your system. Further, the output generated by this tool may
include potentially sensitive system configuration data and information that
could be used by a skilled attacker to penetrate your system. You are solely
responsible for ensuring that the output of this tool, including any generated
reports, is handled in accordance with your company's policies.

Oracle Database Security Assessment Tool Prerequisites

DBSAT on Unix/Linux systems must execute under the BASH shell. If the server does
not have this shell, you can install it or run DBSAT remotely from a different server that
has it (or from a laptop running Windows, from where you can connect to the
database).

Zip and UnZip

Oracle DBSAT uses Zip and Unzip to compress or decompress the generated files.
Oracle DBSAT searches for Zip and Unzip utilities in the default locations shown
below. In order to use other Zip and Unzip utilities, update the following lines in the
relevant script.

4
Windows (dbsat.bat script):

SET ZIP_CMD=%ORACLE_HOME%\bin\zip.exe
SET UNZIP_CMD=%ORACLE_HOME%\bin\unzip.exe

Note:
The Unzip utility is not included in Oracle Database 12.2 and higher. Ensure
that you have installed a utility such as WinZip or WinRar, and add the path
to the utility in the SET UNZIP_CMD parameter.

All other platforms (dbsat script):

ZIP=/usr/bin/zip
UNZIP=/usr/bin/unzip
DBZIP=${ORACLE_HOME}/bin/zip

The following are the prerequisites for the components of the Oracle Database
Security Assessment Tool:

Collector Prerequisites

To gather all necessary data, run the Oracle DBSAT Collector on the server that hosts
the database. The collector uses operating system commands to gather process and
file system information that the database alone cannot provide. Besides, the Oracle
DBSAT Collector must be run as an OS user with read permissions on files and
directories under ORACLE_HOME using SQL*Plus (through Oracle Database or Instant
Client) to collect and process file system data using OS commands.
The Oracle DBSAT Collector collects most of its data by querying database views. It
must connect to the database as a user with sufficient privileges to select from these
views. Grant the DBSAT user the following privileges:
• CREATE SESSION
• READ or SELECT on SYS.REGISTRY$HISTORY
• Role SELECT_CATALOG_ROLE
• Role DV_SECANALYST (if Database Vault is enabled or if Database Vault Operations
Control is enabled)
• Role AUDIT_VIEWER (12c and later)
• Role CAPTURE_ADMIN (12c and later)
• READ or SELECT on SYS.DBA_USERS_WITH_DEFPWD
• READ on SYS.DBA_AUDIT_MGMT_CONFIG_PARAMS

5
 Note:
If you plan to run only the Discoverer component, you can assign only the
following privileges:
• CREATE SESSION
• Role SELECT_CATALOG_ROLE
In order to successfully collect Database Vault information in a Database
Vault protected environment, you must connect as a non-SYS user with the
DV_SECANALYST role.

Sample Script to Create a User with Minimum Privileges

You can create a user with required minimum privileges to run the Oracle Database
Security Assessment Tool Collector with a script.

Purpose
Create a DBSAT user to run the Oracle DBSAT Collector script with required
privileges.

Sample Script

create user dbsat_user identified by dbsat_user;

--If Database Vault is enabled, connect as DV_ACCTMGR to run this
command
grant create session to dbsat_user;
grant select_catalog_role to dbsat_user;
grant select on sys.registry$history to dbsat_user;
grant read on sys.dba_audit_mgmt_config_params to dbsat_user;
grant select on sys.dba_users_with_defpwd to dbsat_user;
grant audit_viewer to dbsat_user; // 12c and later
grant capture_admin to dbsat_user;// 12c and later covers
sys.dba_priv_captures, sys.priv_capture$, sys.capture_run_log$
--If Database Vault is enabled, connect as DV_OWNER to run this
command
grant DV_SECANALYST to dbsat_user;

Reporter Prerequisites

The Reporter is a Java program and requires the Java Runtime Environment (JRE)
1.8 (jdk8-u172) or later to run.

Discoverer Prerequisites

6
The Discoverer is a Java program and requires the Java Runtime Environment (JRE)
1.8 (jdk8-u172) or later to run.
The Discoverer collects metadata from database dictionary views and matches them
against the patterns specified to discover sensitive data. The Discoverer must connect
to the database as a user with sufficient privileges to select from these views. For
more information about DBSAT user privileges, see Collector Prerequisites.

Note:
The Discoverer relies on table statistics to get row counts. In order to get
accurate row count results, DBMS_STATS should be executed by the Database
Administrator before the DBSAT user runs the Discoverer.

Installing the Oracle Database Security

Assessment Tool
To install the Oracle DBSAT:

1. Log in to the database server.

2. Create the dbsat directory:
mkdir –p /home/oracle/dbsat
3. Download or copy the dbsat.zip file to the database server, and unzip the file.
unzip dbsat.zip –d /home/oracle/dbsat
Where -d refers to the directory path.
These commands are for Linux / Unix. If the installation takes place on Windows, you
will use similar commands for Windows.
The Oracle DBSAT is installed on the database server.
You can run the Collector, Reporter, and Discoverer from the /home/oracle/dbsat
directory.
You can also add this directory to your PATH and skip the step of going to the directory
every time you want to run the tool.

Using the Collector and Reporter

You can generate the Oracle Database Security Assessment Report and the Oracle
Database Sensitive Data Assessment Report with the Collector, Reporter, and
Discoverer components.

Oracle Database Security Assessment Report

7
The Collector and Reporter components are used to generate the Oracle Database
Security Assessment Report.
The following figure shows the components and architecture of the Collector and
Reporter.

Figure Collector and Reporter Components and Architecture

Running the Collector

The Collector queries the database to collect data that will be analyzed by the
Reporter.

Note:
The Collector connects to the database. Ensure that the target database and
listener are running before running the Collector.

To run the Collector, do the following:

1. Specify the arguments to run the Collector:

$ dbsat collect <database_connect_string> <output_file>

The dbsat collect command has the following options and arguments:
• database_connect_string
Specifies the connection string to connect to the database.
Example: system@ORCL
• output_file

8
 Specifies the location and file name for the Database Security Assessment
report. Do not add an extension.
Example: /home/oracle/dbsat/output_ORCL
2. Run the Collector.

$ ./dbsat collect system@ORCL output_ORCL

The following output is displayed:

Connecting to the target Oracle database...

SQL*Plus: Release 19.0.0.0.0 - Mon Jan 30 10:19:15 2023

Version 19.13.0.0.0

Copyright (c) 1982, 2021, Oracle. All rights reserved.

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 -
Production
Version 19.13.0.0.0

Setup complete.
SQL queries complete.
Warning: Exit status 256 from OS rule: dbcs_status
OS commands complete.
Disconnected from Oracle Database 19c Enterprise Edition Release
19.0.0.0.0 - Production
Version 19.13.0.0.0
DBSAT Collector completed successfully.

Calling /u01/app/oracle/product/version/db_1/bin/zip to encrypt

output_ORCL.json...

Enter password:
Verify password:
adding: output_ORCL.json (deflated 88%)
zip completed successfully.
$

9
 Note:
DBSAT can display warnings informing that some checks were skipped.
These can be safely ignored as the execution proceeds. Some reasons
to skip checks include wrong permissions, missing .ora files, not
applicable to that target type, and more. For details, please refer to My
Oracle Support.
Running the Collector in the root container in a multitenant container
database collects data specific to the root container and not from its
pluggable databases. If you need to access specific pluggable
databases, you must run the Collector for these pluggable databases
separately.
If you do not want to encrypt the file invoke the dbsat collect script with
the -n option. This is not recommended.

Running the Reporter

The Reporter analyzes the data collected by the Collector and makes
recommendations to improve the security of the database.
You can invoke the Reporter with dbsat report.
To run the Reporter, do the following:
1. Check that Java Runtime Environment (JRE) 1.8 (jdk8-u172) or later is installed.
$ java -version
A similar output is displayed:
java version "1.8.0_191"
2. Specify the arguments to run the Reporter.

$ dbsat report [-a] [-n] [-g] [-x <section>] [-u <user> ]

<input_file>

Where the argument input_file stands for the full or relative path to the data file
output_ORCL produced by the Oracle DBSAT Collector. If this file was encrypted
during data collection, you will need to supply the encryption password when
prompted by the Reporter.
The Reporter supports the following command-line options:
• -a
Runs the report for all the database accounts including locked or schema only
accounts that are Oracle-supplied.
• -n
Specifies no encryption for output.

10
 Note:
For security reasons, this is not recommended.

• -g
Shows all grants including common grants in a pluggable database.
• -u
Specify users to exclude from report.
To exclude multiple users use a comma-separated list, for example: -u
SCOTT,DEBRA
• -x
Excludes a section from the report.
Valid sections are:
– USER: User Accounts
– PRIV: Privileges and Roles
– AUTHZ: Authorization Control
– ENCRYPT: Encryption
– ACCESS: Fine-Grained Access Control
– AUDIT: Auditing
– CONF: Database Configuration
– NET: Network Configuration
– OS: Operating System
To exclude multiple sections use a comma-separated list, for example:
-x USER,PRIV
Or:
-x USER -x PRIV
Omitting this option will include all sections of the report.
The same path name is used to generate the report files produced by the Reporter
in HTML, Excel, JSON, and Text formats with the appropriate file extensions.
3. Run the Reporter.

$ ./dbsat report output_ORCL

The following output appears:

Archive: output_ORCL.zip
[output_ORCL.zip] output_ORCL.json password:
inflating: output_ORCL.json

11
 DBSAT Reporter ran successfully.
Calling /usr/bin/zip to encrypt the generated reports...
Enter password:
Verify password:
zip warning: output_ORCL_report.zip not found or empty
adding: output_ORCL_report.txt (deflated 82%)
adding: output_ORCL_report.html (deflated 86%)
adding: output_ORCL_report.xlsx (deflated 3%)
adding: output_ORCL_report.json (deflated 85%)
zip completed successfully.

4. Specify a password to encrypt the output report .zip file.

The .zip file is created.

Note:
The .zip file is used for Reporter and Discoverer output. To avoid
confusion, it is recommended that you use the same password while
creating both outputs.

5. Extract the contents of the .zip file to access the Oracle Database Security
Assessment Report. When prompted, enter the password to decrypt the .zip file
specified in Step 4.
The contents of the .zip file are extracted.
6. Use the appropriate tools to read the recommendations from the report files.
Example: Use vi on Linux to read the .txt files.
Example: Use a browser to display the .html files.

Oracle Database Security Assessment Report

The Collector and Reporter components are used to generate the Oracle Database
Security Assessment (DBSAT) Report in HTML, Excel, JSON, and Text formats.
The HTML report provides detailed results of the assessment in a format that is easy
to navigate. The Excel format provides a high-level summary of each finding without
the detailed output included in the HTML report. It also allows you to add columns for
your tracking and prioritization purposes. A report in text format makes it convenient to
copy portions of the output for other usages. Finally, a JSON document containing the
report contents is provided for easier filtering, comparison, aggregation, and
integration with other tools.

Oracle Database Security Assessment Report —

Summary
The Oracle Database Security Assessment Report — Summary section contains the
following information:

12
Section Description
Assessment Displays the date on which the data was collected and the date on which the
Time & Date final Database Security Assessment report was generated. The DBSAT
Reporter version is also displayed.
Database Displays the details of the database assessed by DBSAT.
Identity
Summary Displays a high level summary of the resulting analysis.

The following figure displays an example of the Oracle Database Security Assessment
Report — Summary section.

Figure Oracle Database Security Assessment Report — Summary

The Summary section is followed by the Basic Information section.

Oracle Database Security Assessment Report — Basic

Information
The Oracle Database Security Assessment Report — Basic Information section
contains the following information:

13
Section Finding Description
ID
Databas - Displays the version of the database assessed by the Collector and
e Version Reporter.
Security - Displays the security features and indicates if they are in use.
Features
Patch INFO.PAT Displays information about the patches installed.
Check CH It is vital to keep the database software up-to-date with security fixes as
they are released. Oracle issues comprehensive patches in the form of
Release Updates on a regular quarterly schedule. Patch Set Updates
and Bundle Patches were available for database versions up to 12.1.0.2.

The following figure displays an example of the Oracle Database Security Assessment
Report — Basic Information section.

Figure Oracle Database Security Assessment Report — Basic Information

14
The Basic Information section is followed by the User Accounts section.

Oracle Database Security Assessment Report — User

Accounts
The Oracle Database Security Assessment Report — User Accounts section displays
the following information:

15
Name Finding Description
ID
User Accounts Displays the user accounts and the following
information about each account:
• User Name — Displays the name of the user.
• Profile — Displays the profile assigned to the
account.
• Status — Displays whether the account is, for
example, Open, Locked, Expired, or in
-
Rollover.
• Authentication Type — Displays the type of
authentication used.
• Default Tablespace — Displays the default
tablespace for the account.
• Oracle Defined — Displays whether the user
account is oracle maintained or not.
Users with Default Passwords USER.DE Displays information about the user accounts with
FPWD default passwords.
Default account passwords for predefined Oracle
accounts are well known. Active accounts with
default passwords provide a trivial means of entry
for attackers, but well-known passwords should be
changed for locked accounts as well.
Users with Expired Passwords USER.EX Displays information about the user accounts with
PIRED expired passwords.
Password expiration is used to ensure that users
change their passwords regularly. Unlocked
accounts with an expired password can present a
security risk, especially as those accounts age.
Although the password is expired, because the
account is unlocked, it can easily be used by
anyone who knows the old password. You should
investigate accounts that have been unused for
an extended period to determine whether they
should remain active.
Inactive Users USER.IN Displays information about the user accounts that
ACTIVE are not in use and also accounts that are not
configured to be locked when inactive.
If a user account is no longer in use, it increases
the attack surface of the system unnecessarily
while providing no corresponding benefit.
Furthermore, unauthorized use is less likely to be
noticed when no one is regularly using the
account. Accounts that have been unused for
more than 30 days should be investigated to
determine whether they should remain active. A
solution is to set INACTIVE_ACCOUNT_TIME in
the profiles assigned to users.

16
Name Finding Description
ID
Sample Schemas USER.SA Displays information about the user accounts that
MPLE use sample schemas such as SCOTT, HR, OE, SH,
PM, IX, ADAMS, BLAKE, CLARK, and BI.
Sample schemas are well-known accounts
provided by Oracle to serve as simple examples
for developers. They generally serve no purpose
in a production database and should be removed
because they unnecessarily increase the attack
surface of the database.
Application Owner Account USER.AP Checks the database for the account that could
POWNER be considered the application owner and for
objects accessible by the application owner. Any
user not "oracle maintained" that owns most
objects in the database is considered the
Application Owner. This check:
• Lists application owners
• Lists users who can login into database
• Lists app owners and the objects owned by it
along with the non-app owners who can
access those objects
Shared Accounts USER.SH Displays users that have multiple administrative
ARED privileges and proxy users.
Users with Objects USER.OB Displays application users who own objects and
JOWNER can grant access to those objects to other users
Users Authorized for Object USER.OB Displays non-oracle maintained users who own
Ownership JAUTHZ objects
Users with Security Objects USER.SE Displays users who own security objects
CURITYO
BJS
Users with Grant Option USER.GR Checks for users that have been granted
ANTOPTI privileges with WITH GRANT OPTION.
ON
Users with Sensitive Data USER.SE Displays users that own tables with columns
NSITVED marked as sensitive with TSDP and users that
ATA can access those tables.
To ensure secure access to sensitive information,
review these users. It is best to grant access to
data through roles rather than directly to individual
accounts.

17
Name Finding Description
ID
User Schemas in SYSTEM or USER.TA Displays information about the regular user
SYSAUX Tablespace BLESPAC accounts that use the reserved Oracle-supplied
E tablespaces.
The SYSTEM and SYSAUX tablespaces are
reserved for Oracle-supplied user accounts. To
avoid a possible denial of service caused by
exhausting these resources, regular user
accounts should not use these tablespaces. Prior
to Oracle Database 12.2, the SYSTEM
tablespace cannot be encrypted, and this is
another reason to avoid user schemas in this
tablespace.
Case-Sensitive Passwords USER.PA Displays whether case-sensitive passwords are
SSWORD enabled.
CASE Case-sensitive passwords are recommended
because including both upper and lower-case
letters greatly increases the set of possible
passwords that must be searched by an attacker
who is attempting to guess a password by
exhaustive search. Setting
SEC_CASE_SENSITIVE_LOGON to TRUE ensures
that the database distinguishes between upper
and lower-case letters in passwords.

Note:
In 21c
USER.PASS
WORDCAS
E isn't
expected to
be shown as
SEC_CASE_S
ENSITIVE_L
OGON is
desupported

18
Name Finding Description
ID
Legacy Password Versions USER.AU Displays information about the user accounts with
THLEGAC obsolete password verifiers.
Y For each user account, the database may store
multiple verifiers, which are hashes of the user
password. Each verifier supports a different
version of the password authentication algorithm.
Every user account should include a verifier for
the latest password version supported by the
database so that the user can be authenticated
using the latest algorithm supported by the client.
When all clients have been updated, the security
of user accounts can be improved by removing
the obsolete verifiers. HTTP password verifiers
are used for XML Database authentication. Use
the ALTER USER command to remove these
verifiers from user accounts that do not require
this access.
User Profiles - Displays information about the user profiles.
Users with no Password USER.PA Displays information about profiles with and
Complexity Requirements SSWORD without a password complexity verification
FUNCTIO function. Users not subject to password
N complexity verification are also displayed.
Password verification functions are used to
ensure that user passwords meet minimum
requirements for complexity, which may include
factors such as length, use of numbers or
punctuation characters, difference from previous
passwords, etc. Oracle supplies several
predefined functions, or a custom PL/SQL
function can be used. Every user profile should
include a password verification function.
Account Locking after Failed USER.NO Displays information about user profile failed login
Login Attempts LOCK attempt enforcement.
Attackers sometimes attempt to guess a user's
password by simply trying all possibilities from a
set of common passwords. To defend against this
attack, it is advisable to use the
FAILED_LOGIN_ATTEMPTS and
PASSWORD_LOCK_TIME profile resources to lock
user accounts for a specified time when there are
multiple failed login attempts without a successful
login.

19
Name Finding Description
ID
Users with Unlimited Password USER.NO Displays information about user profile password
Lifetime EXPIRE expiration enforcement.
Password expiration is used to ensure that users
change their passwords on a regular basis. It also
provides a mechanism to automatically disable
temporary accounts. Passwords that never expire
may remain unchanged for an extended period of
time. When passwords do not have to be changed
regularly, users are also more likely to use the
same passwords for multiple accounts.
Users with Unlimited USER.SE Displays all users that have a Profile Resource
Concurrent Sessions SSIONS Limit for SESSIONS_PER_USER set to UNLIMITED.
With SESSIONS_PER_USER = UNLIMITED users
can have any number of concurrent sessions.
Unlimited Session Idle Time USER.IDL This check lists users with UNLIMITED IDLE
ETIME TIME
Users with Gradual Password USER.PA Displays information about the Gradual Password
Rollover SSWORD Rollover.
ROLLOVE Gradual Password Rollover allows administrators
R to change database passwords for applications
without having to schedule downtime. Prior to the
advent of the gradual password rollover feature,
the database administrator needed to take the
application down while the database password
was being rotated. This was because the
password update required changes on both the
database and the application side. With gradual
database password rollover, the application can
continue to use the older password until the new
password is configured in the application. To
accomplish this, the database administrator can
associate a profile having a non-zero limit for the
PASSWORD_ROLLOVER_TIME password profile
parameter with an application schema. This
allows the database password of the application
user to be altered while allowing the older
password to remain valid for the time specified by
the PASSWORD_ROLLOVER_TIME limit. Try to limit
the use of this feature to application schemas that
need to undergo password maintenance and keep
the rollover period to the minimum.
Temporary Users USER.TE Displays users associated with the DEFAULT
MP profile.
Users specifically created to execute temporary
tasks should be on a profile tailored for that
purpose.
Development Users in USER.DE There should not be developer accounts in
Production Databases V production systems. Verify if such accounts exist
in your database.

20
Name Finding Description
ID
Advanced Replication Users USER.RE Checks if Oracle Advanced Replication is being
PCAT used and lists the dblinks used for replication.
Checks to see if
enable_goldengate_replication is set to
TRUE. Also checks if DBA_REPCAT% views are
present or count(*) from DBA_REPCATLOG >
0.
Minimum Client Authentication USER.AU Displays information about the user accounts that
Version THVERSI do not have minimum client version specified in
ON the ALLOWED_LOGON_VERSION_SERVER
parameter in the sqlnet.ora file.
Over time, Oracle releases have added support
for increasingly secure versions of the algorithm
used for password authentication of user
accounts. In order to remain compatible with older
client software, the database continues to support
previous password versions as well. The
sqlnet.ora parameter
ALLOWED_LOGON_VERSION_SERVER determines
the minimum password version that the database
will accept. For maximum security, this parameter
should be set to the highest value supported by
the database once all client systems have been
upgraded.

Note:
Predefined Oracle accounts which are schema-only or locked are not
included in this report. To include all user accounts, run the report with the -a
option.

The following figure displays an example of the Oracle Database Security Assessment
Report — User Accounts section.

21
Figure Oracle Database Security Assessment Report — User Accounts

The User Accounts section is followed by the Privileges and Roles section.

Oracle Database Security Assessment Report —

Privileges and Roles
The Oracle Database Security Assessment Report — Privileges and Roles section
displays the following information:

Name Finding Description

ID
Access to Password PRIV.AC Displays access to password verifier tables granted to
Verifier Tables CESSVE users.
RIFIERS Users with these privileges can access objects that
contain user password verifiers. The verifiers can be
used in offline attacks to discover user passwords.

22
Name Finding Description
ID
Users with Administrative PRIV.SYS Displays the administrative privileges granted to user
Privileges SYS* ADMIN accounts.
Privileges Administrative privileges allow a user to perform
maintenance operations, including some that may occur
while the database is not open. The SYSDBA privilege
allows the user to run as SYS and perform virtually all
privileged operations. Starting with Oracle Database
12.1, less powerful administrative privileges were
introduced to allow users to perform common
administrative tasks with less than full SYSDBA
privileges. To achieve the benefit of this separation of
duty, each of these administrative privileges should be
granted to at least one user account.
Users with DBA Role PRIV.DBA Displays the user accounts that have been granted the
DBA or PDB_DBA role.
The DBA role is very powerful and can be used to
bypass many security protections. It should be granted
to only a small number of trusted administrators.
Furthermore, each trusted user should have an
individual account for accountability reasons. As with
any powerful role, avoid granting the DBA role with
admin option unless absolutely necessary.
Users with Powerful PRIV.BIG Displays the user accounts that have been granted roles
Roles ROLES with maximum data access privileges.
Like the DBA role, these roles
(AQ_ADMINISTRATOR_ROLE, EM_EXPRESS_ALL,
EXP_FULL_DATABASE, IMP_FULL_DATABASE,
SELECT_CATALOG_ROLE, EXECUTE_CATALOG_ROLE,
DELETE_CATALOG_ROLE, OEM_MONITOR) contain
powerful privileges that can be used to bypass security
protections. They should be granted only to a small
number of trusted administrators.
System Privilege Grants PRIV.SYS Displays the system privileges granted to users.
TEM System privileges provide the ability to access data or
perform administrative operations for the entire
database. Consistent with the principle of least privilege,
these privileges should be granted sparingly. System
privileges should be granted with admin option only
when the recipient needs the ability to grant the privilege
to others.
-g option reports all grants including common grants in
a PDB. The report displays (*) for privileges being
granted with admin option, (D) for privileges being
granted directly, and (C) for privileges being granted
commonly.

23
Name Finding Description
ID
System Privileges PRIV.SYS Displays the system privileges granted to PUBLIC.
Granted to PUBLIC PUBLIC Privileges granted to PUBLIC are available to all users.
This generally should include few, if any, system
privileges since these will not be needed by ordinary
users who are not administrators.
Roles Granted to PRIV.ROL Displays the roles granted to PUBLIC.
PUBLIC EPUBLIC Roles granted to PUBLIC are available to all users. Most
roles contain privileges that are not appropriate for all
users.
Column Privileges PRIV.COL Displays the column access privileges granted to
Granted to PUBLIC PUBLIC PUBLIC.
Privileges granted to PUBLIC are available to all users.
This should include column privileges only for data that
is intended to be accessible to everyone.
Objects Accessible by PRIV.OBJ Displays objects that are accessible by PUBLIC.
PUBLIC PUBLIC
Broad Data Access PRIV.ANY Displays data access privileges granted to users.
Privileges SYSTEM Users with data access privileges (ALTER ANY TABLE,
ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE
ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY
TABLE, INSERT ANY TABLE, READ ANY TABLE,
SELECT ANY DICTIONARY, SELECT ANY TABLE,
UPDATE ANY TABLE) have very broad access to data
stored in any schema. Most administrative tasks do not
require access to the data itself, so these privileges
should be granted rarely even to administrators. In
addition to minimizing grants of these privileges,
consider the use of Database Vault realms to limit the
use of these privileges to access sensitive data.
All Roles PRIV.ALL Displays all roles granted to users.
ROLES Roles are a convenient way to manage groups of related
privileges, especially when the privileges are required
for a particular task or job function. Beware of broadly
defined roles, which may confer more privileges than an
individual recipient requires. Roles should be granted
with admin option only when the recipient needs the
ability to modify the role or grant it to others.
Account Management PRIV.AC Displays account management privileges granted to
Privileges COUNTM users.
GMT User management privileges (ALTER USER, CREATE
USER, DROP USER) can be used to create and modify
other user accounts, including changing passwords. This
power can be abused to gain access to another user's
account, which may have greater privileges.

24
Name Finding Description
ID
Role and Privilege PRIV.ROL Displays privilege management privileges granted to
Management Privileges EPRIVM users.
GMT Users with privilege management privileges (ALTER ANY
ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY
OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT
ANY ROLE) can change the set of privileges granted to
themselves and other users. This ability should be
granted sparingly, since it can be used to circumvent
many security controls in the database.
Database Management PRIV.DB Displays database management privileges granted to
Privileges MGMT users.
Database management privileges (ALTER DATABASE,
ALTER SYSTEM, CREATE ANY LIBRARY, CREATE
LIBRARY) can be used to change the operation of the
database and potentially bypass security protections.
This ability should be granted only to trusted
administrators.
Audit Management PRIV.AU Displays audit management tool access granted to
Package DITMGM users.
TPKG The DBMS_AUDIT_MGMT package allow for execution of
Audit management tools. Access should be strictly
limited and granted only to users with a legitimate need
for this functionality.
Audit Management PRIV.AU Displays audit management privileges granted to users.
Privileges DITMGM Audit management privileges (AUDIT ANY, AUDIT
T SYSTEM) can be used to change the audit policies for the
database. This ability should be granted sparingly, since
it may be used to hide malicious activity.
Access to Audit Objects PRIV.AC Displays access to audit objects granted to users.
CESSAU Users with these privileges can directly access and
DITOBJ modify objects containing audit information. Access to
these objects may allow a malicious user deduce
privilege settings for other users and to manipulate the
audit information by replacing or deleting audit records.
Access Control PRIV.AC Displays access control exemption privileges that are
Exemption Privileges CESSEX enforced.
EMPT Users with exemption privileges (EXEMPT ACCESS
POLICY, EXEMPT REDACTION POLICY) can bypass the
row and column access control policies enforced by
Virtual Private Database and Data Redaction. Most
administrative tasks do not require access to the data
itself, so these privileges should be granted rarely even
to administrators.

25
Name Finding Description
ID
Write Access to PRIV.RES Displays access to restricted objects granted to users.
Restricted Objects TRICTED Users with these privileges can directly modify objects in
OBJ the SYS, DVSYS, AUDSYS or LBACSYS schemas.
Manipulating these system objects may allow security
protections to be circumvented or otherwise interfere
with normal operation of the database. Object
permissions granted to PUBLIC must be restricted for
objects in the SYS, DVSYS, AUDSYS or LBACSYS
schemas.
Users Who Can PRIV.IMP Displays the user accounts that have been granted
Impersonate Other Users ERSONA rights to impersonate other users.
TEUSER The BECOME USER privilege and these PL/SQL
packages (DBMS_AQADM_SYS, DBMS_AQADM_SYSCALLS,
DBMS_IJOB, DBMS_PRVTAQIM, DBMS_REPCAT_SQL_UTL,
DBMS_SCHEDULER, DBMS_STREAMS_ADM_UTL,
DBMS_STREAMS_RPC, DBMS_SYS_SQL, INITJVMAUX,
LTADM, WWV_DBMS_SQL, WWV_EXECUTE_IMMEDIATE)
allow for execution of SQL code or external jobs using
the identity of a different user. Access should be strictly
limited and granted only to users with a legitimate need
for this functionality.
Privilege for Data PRIV.EXF Displays the user accounts that have been granted
Exfiltration in Bulk ILTRATIO rights to access or copy any data from a client or server.
N These PL/SQL packages (DBMS_BACKUP_RESTORE,
UTL_DBWS, UTL_ORAMTS) can send data from the
database using the network or file system. Access
should be granted only to users with a legitimate need
for this functionality.
Code Based Access PRIV.CBA Displays all program units granted CBAC roles.
Control C Code Based Access Control(CBAC) can be used to
grant additional privileges on program units. CBAC
allows you to attach database roles to a PL/SQL
function, procedure, or package. These database roles
are enabled at run time, enabling the program unit to
execute with the required privileges in the calling user's
environment.
Java Permissions PRIV.JAV Displays the user accounts that have been granted
APERMIS privileges to execute Java classes within the database.
SIONS Java permission grants control the ability of database
users to execute Java classes within the database
server. A database user executing Java code must have
both Java security permissions and database privileges
to access resources within the database. These
resources include database resources, such as tables
and PL/SQL packages, operating system resources,
such as files and sockets, Oracle JVM classes, and
user-loaded classes. Make sure that these permissions
are limited to the minimum required by each user.

26
The following figure displays an example of the Oracle Database Security Assessment
Report — Privileges and Roles section.

Figure Oracle Database Security Assessment Report — Privileges and Roles

The Privileges and Roles section is followed by the Authorization Control section.

Oracle Database Security Assessment Report —

Authorization Control
The Oracle Database Security Assessment Report — Authorization Control section
displays the following information:

27
Name Finding Description
ID
Database AUTHZ.D Displays whether Oracle Database Vault is enabled and details
Vault ATABASE existing protected objects, realms, command rules, and users
VAULT granted Database Vault specific roles.
Database Vault provides for configurable policies to control the
actions of database accounts with elevated privileges such as those
accounts used by administrative users, applications and utilities.
Attacks (originating from external as well as internal sources)
leverage privileged account credentials to access sensitive
information. Database Vault realms prevent unauthorized access to
sensitive data objects, even by user accounts with system privileges.
Database Vault Command rules limit the accidental or malicious
execution of SQL commands. You can use Database Vault to enforce
separation of duties to prevent a single all powerful user. Also it
provides trusted paths to further restrict access to sensitive data
using system factors such as IP address, program name, time of day
and user name. Database Vault operations control can be used to
restrict common users from accessing pluggable database (PDB)
local data in autonomous, regular Cloud, or on-premises
environments.
Privilege AUTHZ.P Displays Privilege Analysis policies and users with privileges to start
Analysis RIVANAL the capture proces.
YSIS Privilege Analysis records the privileges used during a real or
simulated workload. After collecting data about the privileges that are
actually used, this information can be used to revoke privilege grants
that are no longer needed or to create roles with only the privileges
that are used by the user or role. This helps implement Least
Privilege Model and minimizes risk from intentional or accidental
abuse of privileges.
Authenticatio AUTHZ.P Lists password-authenticated users whose passwords can potentially
n for Client ASSWO be embedded in client scripts, jobs, and application source code to
Scripts RDSCRI connect to the database server.
PTS
Data AUTHZ.D Lists tables with sensitive data that should be masked when
Masking ATAMAS transferred to non-production systems.
KING This check lists tables marked sensitive by TSDP or in DBA_TABLES
and users that can transfer data via
DATAPUMP_EXP_FULL_DATABASE or
DATAPUMP_IMP_FULL_DATABASE.
PKI Based AUTHZ.P List user accounts identified externally where the authentication
Authenticatio KI method is TCPS. This finding is targeting mostly customers looking
n for STIG compliance.

The following figure displays an example of the Oracle Database Security Assessment
Report — Authorization Control section.

28
Figure Oracle Database Security Assessment Report — Authorization Control

The Authorization Control section is followed by the Fine-Grained Access Control

section.

Oracle Database Security Assessment Report — Fine-

Grained Access Control
The Oracle Database Security Assessment Report — Fine-Grained Access Control
section displays the following information:

29
Name Finding ID Description
Data Redaction ACCESS.D Displays information on Data Redaction policies,
ATAREDAC exempted users, and execute grants on the
TION DBMS_REDACT package.
Data Redaction automatically masks sensitive data
found in the results of a database query.
Virtual Private ACCESS.V Displays information on Virtual Private Database
Database PD policies, exempted users, and execute grants on the
DBMS_RLS package.
VPD allows for fine-grained control over the rows and
columns of a table are visible to a SQL statement.
Real Application ACCESS.R Displays information on Real Application Security
Security AS policies, exempted users, and users granted
ADMIN_SEC_POLICY and APPLY_SEC_POLICY.
Real Application Security (RAS) is a more modern,
advanced version of Virtual Private Database and
provides fine-grained control over the rows and columns
of a table that are visible to a SQL statement.
Label Security ACCESS.L Displays whether Oracle Label Security is enabled.
ABELSEC Oracle Label Security provides the ability to tag data with
URITY a data label or a data classification. Access to sensitive
data is controlled by comparing the data label with the
requesting user's label or security clearance.
Transparent Sensitive ACCESS.T Displays information on Transparent Sensitive Data
Data Protection SDP policies and the users that can manage it.
TSDP was introduced in Oracle Database 12.1, and
allows a data type to be associated with each column
that contains sensitive data. TSDP can then apply
various data security features to all instances of a
particular type so that protection is uniform and
consistent.

The following figure displays an example of the OracleDatabase Security Assessment

Report — Fine-Grained Access Control section.

30
Figure Oracle Database Security Assessment Report — Fine-Grained Access
Control

The Fine-Grained Access Control section is followed by the Auditing section.

Oracle Database Security Assessment Report — Auditing

The Oracle Database Security Assessment Report — Auditing section displays the
following information:

Name Finding ID Description

Audit Management Displays information on audit management configuration
Configuration - parameters
Parameters

31
Name Finding ID Description
Audit Records AUDIT.ENA Displays information about audit trails.
BLED Auditing is an essential component for securing any system.
The audit trail allows for monitoring the activities of highly
privileged users.
Unified Audit AUDIT.UNI Displays whether unified audit policies are enabled.
Policies FIEDPOLIC Unified Audit, available in Oracle Database 12.1 and later
IES releases, combines multiple audit trails into a single unified
view. It also introduces new syntax for specifying effective
audit policies.
Fine Grained Audit AUDIT.FGA Displays whether fine grained audit policies are enabled.
Fine Grained Audit policies can record highly specific
activity, such as access to particular table columns or
access that occurs under specified conditions. This is a
useful way to monitor unexpected data access while
avoiding unnecessary audit records that correspond to
normal activity.
Audit AUDIT.ADM Displays whether the actions of the SYS user are audited by
Administrative INACTIONS enabled audit policies.
(SYS*) Users It is important to audit administrative actions performed by
the SYS user. Traditional audit policies do not apply to SYS,
so the AUDIT_SYS_OPERATIONS parameter must be set to
record SYS actions to a separate audit trail.
Audit User Logon AUDIT.CON Displays whether Database connections are audited by
and Logoff NECTIONS enabled audit policies.
Successful user connections to the database should be
audited to assist with future forensic analysis. Unsuccessful
connection attempts can provide early warning of an
attacker's attempt to gain access to the database.
Audit Database AUDIT.DBM Displays whether the actions related to database
Management GMT management are audited by enabled audit policies.
Activities Actions that affect the management of database features
should always be audited. Each action or privilege listed
should be included in at least one enabled audit policy.
Audit Account AUDIT.ACC Displays whether account management activities are
Management OUNTMGM audited.
Activities T
Audit System AUDIT.SYS Displays information on whether system privileges are
Privileges TEMPRIVS audited by enabled audit policies.
Audit Roles with AUDIT.ROL Displays information about unified audit policies that audit
System Privileges ESYSTEM roles with system privileges.
PRIVS
Audit Privilege AUDIT.PRI Displays whether the actions related to privilege
Management VMGMT management are audited by enabled audit policies.
Granting additional privileges to users or roles potentially
affects most security protections and should be audited.
Each action or privilege listed should be included in at least
one enabled audit policy.

32
Name Finding ID Description
Audit SQL AUDIT.STAT Displays information about SQL statements audited by
Statements EMENT enabled audit policies. Applies to targets with Traditional
Auditing policies.
Audit Object AUDIT.SEN Displays information about the object access audited by
Actions SITIVEOBJ enabled audit policies.
S
Audit Conditions AUDIT.CON Lists all audit policies with conditions and, if enabled, lists
DITION users/roles it's enabled for.
Audit Shared AUDIT.SHA Checks to see if users listed in USER.SHARED are being
Accounts REDPROX audited.
Y
Audit Storage AUDIT.TAB Displays information about tablespaces used by different
LESPACE audit trails. Checks include:
• Audit trail is SYSTEM
• Audit trail is SYSAUX
• Tablespace is non-autoextensible & 80% or more full
(MEDIUM)
• Tablespace is non-autoextensible & 90% or more full
(HIGH)
Audit Trail Cleanup AUDIT.CLE Lists enabled jobs that cleanup audit trails and checks
ANUPJOBS cleanup jobs that are not present
Audit Data Pump AUDIT.DAT Displays whether data pump exports and imports are being
APUMP audited.
Audit STIG Actions AUDIT.STI Oracle provides out-of-the-box audit policies that aim to
GPOLICY answer DoD- auditable events requirements -
ORA_STIG_RECOMMENDATIONS,
ORA_ALL_TOPLEVEL_ACTIONS and ORA_LOGON_LOGOFF.
This check will validate if these policies are audited.
Audit Database AUDIT.DAT Displays users that can administer Database Vault but are
Vault ABASEVAU not audited and lists policies enabled to audit Database
LT Vault actions
Audit Oracle Label AUDIT.LAB Displays information regarding enabled audit policies used
Security ELSECURI to audit OLS.
TY • Checks to see if Oracle Label Security (OLS) is enabled
and no audit policy is found with OLS action
• Reports if OLS is enabled and audit policies were found
for OLS actions

Note:
The details of the audit findings can vary depending on whether the database
has unified audit or traditional audit in place. Starting in Oracle Database
12.2, the best practice is to use Unified Audit.

The following figure displays an example of the Oracle Database Security Assessment
Report — Auditing section.

33
Figure Oracle Database Security Assessment Report — Auditing

The Auditing section is followed by the Encryption section.

Oracle Database Security Assessment Report —

Encryption
The Oracle Database Security Assessment Report — Encryption section displays the
following information:

34
Name Finding Description
ID
Transparent Data ENCRYP Displays whether column or tablespace encryption is in use.
Encryption T.TDE Also, shows encrypted and unencrypted tablespaces along with
the number of days since the master encryption key was last
rotated.
Encryption of sensitive data is a requirement in most regulated
environments. Transparent Data Encryption automatically
encrypts data as it is stored and decrypts it upon retrieval. This
protects sensitive data from attacks that bypass the database
and read data files directly.
Encryption Key ENCRYP Displays wallet information.
Wallet T.WALLE Wallets are encrypted files used to store encryption keys,
T passwords, and other sensitive data. Wallet files should not be
stored in the same directory with database data files, to avoid
accidentally creating backups that include both encrypted data
files and the wallet containing the master key protecting those
files. For maximum separation of keys and data, consider
storing encryption keys in Oracle Key Vault instead of wallet
files.
FIPS Mode for ENCRYP Displays information whether TDE and DBMS_CRYPTYO run
TDE and T.DBFIPS in a FIPS-compliant mode.
DBMS_CRYPTO Federal Information Processing Standard (140-2) is a U.S.
government security standard that specifies security
requirements. It is used to approve cryptographic modules.
Setting parameter DBFIPS_140 = TRUE enables Transparent
Data Encryption (TDE) and DBMS_CRYPTO PL/SQL package
program units to run in a FIPS-compliant mode. FIPS mode is
mostly used by departments and agencies of the United States
federal government looking to meet FIPS and/or STIG
compliance. Be aware that this setting and thus using the
underlying FIPS-certified library incurs a slight amount of
overhead when the library is first loaded. This is due to the
verification of the library signature and the execution of the self-
test.
FIPS mode for ENCRYP Federal Information Processing Standard (140-2) is a U.S.
TLS T.TLSFIP government security standard that specifies security
S requirements. The SSLFIPS_140 parameter configures the
Transport Layer Security (TLS) adapter to run in FIPS mode.
SSLFIPS_LIB sets the location of the FIPS library.

The following figure displays an example of the Oracle Database Security Assessment
Report — Encryption section.

35
Figure Oracle Database Security Assessment Report — Encryption and
Encryption Key Wallets

The Encryption section is followed by the Database Configuration section.

36
Oracle Database Security Assessment Report —
Database Configuration
The Oracle Database Security Assessment Report — Database Configuration section
displays the following information:

Name Finding Description

ID
Initialization - Displays security related Database initialization
Parameters for parameters and their values.
Security
Authentication CONF.AU Displays information about the user account initialization
Configuration THN parameters.
SEC_MAX_FAILED_LOGIN_ATTEMPTS configures the
maximum number of failed login attempts in a single
session before the connection is closed. This is
independent of the user profile parameter
FAILED_LOGIN_ATTEMPTS, which controls locking the
user account after multiple failed login attempts.
RESOURCE_LIMIT should be set to TRUE to enable
enforcement of any resource constraints set in user
profiles.
Control Files CONF.CO Checks if control files are multiplexed and lists all the
NTROLFI control file locations.
LES The REMOTE_LOGIN_PASSWORDFILE set to EXCLUSIVE,
allows passwords to be updated using the ALTER USER
command.
Redo Log Files CONF.RE Checks if the defined redo log files follow best practices
DOLOGS and lists their location. Redo logs should be multiplexed
and stored on different physical disks.
Archive Log Mode CONF.AR Checks if the database is in ARCHIVELOG or
CHIVELO NOARCHIVELOG mode. If set, also displays the
G archive_log_destination or the
recovery_file_destination. Also displays the
archive_log_destination or the
recovery_file_destination for the standalone
databases.
Database Backup CONF.BA Displays information about Database backup records.
CKUP Database should be backed up regularly to prevent loss of
data in the event of a system failure. Oracle Recovery
Manager (RMAN) allows performing backup and recovery
tasks on your databases. Unencrypted backup data
should not be transported on tape or disk to offsite storage
for safekeeping.

37
Name Finding Description
ID
Instance Name Check CONF.IN Displays whether the instance name contains the
STANCE Database version number.
NAME Instance names should not contain Oracle version
numbers. Service names may be discovered by
unauthenticated users. If the service name includes
version numbers or other database product information, a
malicious user may use that information to develop a
targeted attack.
SQL Firewall CONF.SQ Checks if SQL Firewall is enabled and displays the users
LFIREWA that are affected by the policy and whether the policy is in
LL observing, blocking, or enforcing mode. Also, details if the
SQL and context allow-lists are in enforcement mode or
not. Only applicable to Oracle Database versions >=23c.
Read-only CONF.RE Checks if the ORACLE_HOME is read-only. Only applicable
ORACLE_HOME ADONLY to Oracle Database versions >=18c.
HOME
Access to Dictionary CONF.SY Displays whether access to dictionary objects is properly
Objects SOBJ limited.
When O7_DICTIONARY_ACCESSIBILITY is set to FALSE,
tables owned by SYS are not affected by the ANY TABLE
system privileges. This parameter should always be set to
FALSE because tables owned by SYS control the overall
state of the database and should not be subject to
manipulation by users with ANY TABLE privileges.
Inference of Table Data CONF.SQ Displays whether data inference attacks are properly
L92SECU blocked.
RITY When SQL92_SECURITY is set to TRUE, UPDATE and
DELETE statements that refer to a column in their
WHERE clauses will succeed only when the user has the
privilege to SELECT from the same column. This
parameter should be set to TRUE so that this requirement
is enforced in order to prevent users from inferring the
value of a column which they do not have the privilege to
view.
Access to Password CONF.PA Displays whether the password file is configured correctly.
File SSWORD The REMOTE_LOGIN_PASSWORDFILE set to EXCLUSIVE
FILE allows the password file to contain distinct entries for each
administrative user allowing them to be individually audited
and tracked for their actions. It also allows passwords to
be updated using the ALTER USER command.

38
Name Finding Description
ID
Network CONF.NE Displays information about initialization parameters that
Communication TWORK determine the database server response to malformed
packets. Also, includes details on usage of a remote
listener and if database server version information is
hidden from unauthenticated client requests.
REMOTE_LISTENER allows a network listener running on
another system to be used. This parameter should
normally be unset to ensure that the local listener is used.
The SEC_PROTOCOL_ERROR parameters control the
database server's response when it receives malformed
network packets from a client. Because these malformed
packets may indicate an attempted attack by a malicious
client, the parameters should be set to log the incident and
terminate the connection.
SEC_RETURN_SERVER_RELEASE_BANNER should be set to
FALSE to limit the information that is returned to an
unauthenticated client, which could be used to help
determine the server's vulnerability to a remote attack.
External OS CONF.EX Displays whether the Oracle Database roles are defined
Authentication TERNAL and managed by the database itself or by the host
OSAUTH operating system (for local and remote authentication).
The OS_ROLES parameter determines whether roles
granted to users are controlled by GRANT statements in the
database or by the database server's operating system.
REMOTE_OS_AUTHENT and REMOTE_OS_ROLES allow the
client operating system to set the database user and roles.
All of these parameters should be set to FALSE so that the
authorizations of database users are managed by the
database itself.
Unused Components CONF.DB Checks to see if components like XOQ, CONTEXT, SDO,
COMPON DV, OLS are installed/enabled and not being used.
ENTS
Job Details CONF.JO Checks the scheduled database jobs and users who can
BS administer them. Checks include:
• Users who can create database jobs
• Jobs that can use privileges of DBA/PDB_DBA
Triggers CONF.TRI Displays information about logon triggers.
GGERS A trigger is code that executes whenever a specific event
occurs, such as inserting data in a table or connecting to
the database. Disabled triggers are a potential cause for
concern because whatever protection or monitoring they
may be expected to provide is not active.
Disabled Constraints CONF.CO Displays information about disabled constraints.
NSTRAIN Constraints are used to enforce and guarantee specific
TS relationships between data items stored in the database.
Disabled constraints are a potential cause for concern
because the conditions they ensure are not enforced.

39
Name Finding Description
ID
External Procedures CONF.EX Displays information about external procedures and
TERNAL services.
PROCS External procedures allow code written in other languages
to be executed from PL/SQL. Note that modifications to
external code cannot be controlled by the database. Be
careful to ensure that only trusted code libraries are
available to be executed. Although the database can
spawn its own process to execute the external procedure,
it is advisable to configure a listener service for this
purpose so that the external code can run as a less-
privileged OS user. The listener configuration should set
EXTPROC_DLLS to identify the specific shared library code
that can be executed rather than using the default value
ANY.
Source Code Analysis CONF.SO Checks DBA_SOURCE for non-oracle maintained
URCEAN procedures and functions using
ALYSIS RAISE_APPLICATION_ERROR and
DBMS_OUTPUT.PUT_LINE.
Directory Objects CONF.DI Displays information about directory objects.
RECTOR Directory objects allow access to the server's file system
YOBJ from PL/SQL code within the database. Access to files
that are used by the database kernel itself should not be
permitted, as this may alter the operation of the database
and bypass its access controls.
Database Links CONF.DA Displays information about database links.
TABASEL Database links allow users to execute SQL statements
INKS that access tables in other databases. This allows for both
querying and storing data on the remote database. It is
advisable to set GLOBAL_NAMES to TRUE in order to ensure
that link names match the databases they access.
Network Access CONF.NE Displays information about Network Access Control Lists
Control TWORKA (ACLs).
CL Network ACLs control the external servers that database
users can access using network packages such as
UTL_TCP and UTL_HTTP. Specifically, a database user
needs the connect privilege to an external network host
computer if he or she is connecting using the UTL_TCP,
UTL_HTTP, UTL_SMTP, and UTL_MAIL utility packages. To
convert between a host name and its IP address using the
UTL_INADDR package, the Resolve privilege is required.
Make sure that these permissions are limited to the
minimum required by each user.

40
Name Finding Description
ID
XML Database Access CONF.XM Displays information about XML Database Access Control
Control LACL Lists (ACLs).
XML ACLs control access to database resources using the
XML DB feature. Every resource in the Oracle XML DB
Repository hierarchy has an associated ACL. The ACL
mechanism specifies a privilege-based access control for
resources to principals, which are database users or roles.
Whenever a resource is accessed, a security check is
performed, and the ACL determines if the requesting user
has sufficient privileges to access the resource. Make sure
that these privileges are limited to the minimum required
by each user.
File System Access CONF.FIL Checks for UTL_FILE_DIR for older database versions
ESYS where the parameter is not deprecated.
Trace Files CONF.TR Displays information about the initialization parameters for
ACEFILE trace files.
LIMIT The hidden parameter _TRACE_FILES_PUBLIC
determines whether trace files generated by the database
should be accessible to all OS users. Since these files
may contain sensitive information, access should be
limited by setting this parameter to FALSE.

The following figure displays an example of the Oracle Database Security Assessment
Report — Database Configuration section.

41
Figure Oracle Database Security Assessment Report — Database
Configuration

The Database Configuration section is followed by the Network Configuration section.

42
Oracle Database Security Assessment Report — Network
Configuration
The Oracle Database Security Assessment Report — Network Configuration section
displays the following information:

Name Finding Description

ID
Network Encryption NET.ENC Displays information about network encryption.
RYPTION Network encryption protects the confidentiality and integrity
of communication between the database server and its
clients. Either Native Encryption or TLS should be enabled.
For Native Encryption, both ENCRYPTION_SERVER and
CRYPTO_CHECKSUM_SERVER should be set to REQUIRED. If
TLS is used, TCPS should be specified for all network ports
and SSL_CERT_REVOCATION should be set to REQUIRED.
Client Nodes NET.INVI Displays whether the database accepts connections from any
TEDNOD client.
ES TCP.VALIDNODE_CHECKING should be enabled to control
which client nodes can connect to the database server.
Either an allowlist of client nodes allowed to connect
(TCP.INVITED_NODES) or a blocklist of nodes that are not
allowed (TCP.EXCLUDED_NODES) may be specified.
Configuring both lists is an error; only the invited node list will
be used in this case.
Connection Limits NET.CON Check value of parameters governing termination of
Configuration NECTIO unauthenticated connections:
NLIMITS • SQLNET.INBOUND_CONNECT_TIMEOUT
• INBOUND_CONNECT_TIMEOUT_LISTENER
• SQLNET.EXPIRE_TIME
Network Listener NET.LIST Displays information about network listener configuration.
Configuration ENERCO These parameters are used to limit changes to the network
NFIG listener configuration.
ADMIN_RESTRICTIONS should be enabled to prevent
parameter changes to the running listener. One of the
following restrictions on service registration should be
implemented:
• Prevent changes by disabling DYNAMIC_REGISTRATION
• Limit the nodes that can make changes by enabling
VALID_NODE_CHECKING_REGISTRATION
• Limit the network sources for changes using the COST
parameters SECURE_PROTOCOL, SECURE_CONTROL, and
SECURE_REGISTER. CONNECTION_RATE determines rate
enforced across all the endpoints that are rate limited

43
Name Finding Description
ID
Listener Logging NET.LIST Displays information about network listener logging
Control ENERLO configuration.
G The LOGGING_LISTENER parameter enables logging of
listener activity. Log information can be useful for
troubleshooting and to provide early warning of attempted
attacks.

The following figure displays an example of the Oracle Database Security Assessment
Report — Network Configuration section.

Figure Oracle Database Security Assessment Report — Network

Configuration

The Network Configuration section is followed by the Operating System section.

44
Oracle Database Security Assessment Report —
Operating System
The Oracle Database Security Assessment Report — Operating System section
displays the following information:

Name Finding Description

ID
Installation Account OS.INST This check specifies the Oracle installation owner.
ALLATIO
NUSER
OS Authentication OS.AUTH Displays information about operating system group names
and users that can exercise administrative privileges.
OS authentication allows operating system users within
the specified user group to connect to the database with
administrative privileges. This shows the OS group names
and users that can exercise each administrative privilege.
OS users with administrative privileges should be
reviewed to prevent any unauthorized, malicious or
unintentional access to the database.
Segregation of OS.MULT Checks for databases/instances running on the same
Production and IDB server. If there are multiple databases/instances running
Development on the same server ensure that it is not hosting production
Databases and test/development databases.
Process Monitor OS.PMO Displays whether Process Monitor (PMON) processes are
Processes N running under the ORACLE_HOME owner account.
The PMON process monitors user processes and frees
resources when they terminate. This process should run
with the user ID of the ORACLE_HOME owner.
Agent Processes OS.AGE Displays whether Agent processes owners overlap with
NT Listener or Process Monitor (PMON) process owners.
Agent processes should run with a user ID separate from
the database and listener processes. These processes
should run under a user ID separate from the database
and listener processes.
Listener Processes OS.LIST Displays whether Listener process owners overlap with
ENER Agent or Process Monitor (PMON) process owners.
Listener processes accept incoming network connections
and connect them to the appropriate database server
process. These processes should run with a user ID
separate from the database and agent processes. These
processes should be administered only through local OS
authentication.
CMAN Remote Admin OS.CMA Checks if Oracle Connection Manager is installed in the
NLOCAL server and if yes, if CMAN remote administration is
configured.

45
Name Finding Description
ID
Diagnostic Destination OS.DIAG Checks permissions of DIAGONSTIC_DEST:
NOSTIC • Checks file permissions if DIAGNOSTIC_DEST is set
DEST and is either ORACLE_HOME/rdbms/log or
ORACLE_BASE <= 750
• Checks file permissions if DIAGNOSTIC_DEST is set
and is either ORACLE_HOME/rdbms/log or
ORACLE_BASE > 750
• Checks if the value of DIAGNOSTIC_DEST is not
equal to ORACLE_HOME/rdbms/log nor
ORACLE_BASE
File Permissions in OS.FILE Displays information about file permissions errors in the
ORACLE_HOME PERMIS ORACLE_HOME.
SIONS The ORACLE_HOME directory and its subdirectories contain
files that are critical to the correct operation of the
database, including executable programs, libraries, data
files, and configuration files. Operating system file
permissions must not allow these files to be modified by
users other than the ORACLE_HOME owner and must not
allow other users to directly read the contents of Oracle
data files.

Note:
On Windows, the DBSAT Collector collects data only from SQL queries.
Since the data from the operating system commands is missing, the DBSAT
Reporter runs a subset of rules on this data. Operating System findings are
not available for databases running on Windows platform.

The following figure displays an example of the Oracle Database Security Assessment
Report — Operating System section.

46
Figure Oracle Database Security Assessment Report — Operating System

The Operating System section is followed by the Diagnostics section.

Oracle Database Security Assessment Report —

Diagnostics
The Diagnostics section displays the checks which could not be executed.

47
 Note:
This report provides information and recommendations that may be helpful in
securing your Oracle database system. These recommendations reflect best
practices for database security and should be part of any strategy for Data
Protection by Design and by Default. These practices may help in addressing
Articles 25 and 32 of the EU General Data Protection Regulation as well as
other data privacy regulations. Technical controls alone are not sufficient for
compliance. Passing all findings does not guarantee compliance.
Oracle Database Vault, Oracle Advanced Security, Oracle Label Security,
Oracle Data Masking and Subsetting Pack are database licensed options.
Oracle Key Vault and Oracle Audit Vault and Database Firewall require
separate licensing as well.
The report provides a view on the current status. The results shown are
provided for informational purposes only and should not be used as a
substitute for a thorough analysis or interpreted to contain any legal or
regulatory advice or guidance.
You are solely responsible for your system, and the data and information
gathered during the production of this report. You are also solely responsible
for the execution of software to produce this report, and for the effect and
results of the execution of any mitigating actions identified herein.
Oracle provides this analysis on an "as is" basis without warranty of any kind
and Oracle hereby disclaims all warranties and conditions whether express,
implied or statutory.

Using the Discoverer

You can generate the Oracle Database Sensitive Data Assessment Report with the
Discoverer component.

Oracle Database Sensitive Data Assessment

Report
The Discoverer component is used to generate the Oracle Database Sensitive Data
Assessment Report.
The following figure shows the components and architecture of the Discoverer.

48
Figure Discoverer Components and Architecture

Using the Discoverer

The Discoverer executes SQL queries and collects data from the system to be
assessed, based on the settings specified in the configuration and pattern files.

Configuring the Discoverer

Configuring dbsat.config
The settings in the configuration file determine the behavior of the Discoverer.
To configure the Discoverer, do the following:
1. Access the directory where Oracle DBSAT is installed.
2. Navigate to the Discover/conf directory. Make a copy of the
sample_dbsat.config file and rename the file to match your site–specific
requirements. For example, you can rename the file to custom_dbsat.config.

Note:
Creating a duplicate file ensures that your custom settings are not
overwritten during reinstallation.

3. Open custom_dbsat.config.
The following are the contents of the configuration file:

[Database]
TNS_ADMIN =
NET_SERVICE_NAME =
WALLET_LOCATION =

DB_HOSTNAME = localhost
DB_PORT = 1521
DB_SERVICE_NAME =

49
 SSL_ENABLED = FALSE
SSL_TRUSTSTORE =
SSL_TRUSTSTORE_TYPE =
SSL_KEYSTORE =
SSL_KEYSTORE_TYPE =
SSL_DN =
SSL_VERSION =
SSL_CIPHER_SUITES =

[Discovery Parameters]
sensitive_pattern_files = sensitive_en.ini
schema_scope = ALL
minrows = 1
exclusion_list_file =

[Sensitive Categories]
Identification Info - National IDs = High Risk
Identification Info - Personal IDs = High Risk
Identification Info - Public IDs = High Risk
Biographic Info - Address = High Risk
Biographic Info - Family Data = High Risk
Biographic Info - Extended PII = High Risk
Biographic Info - Restricted Data = High Risk
IT Info - User Data = High Risk
IT Info - Device Data = Medium Risk
Financial Info - Card Data = High Risk
Financial Info - Bank Data = High Risk
Health Info - Insurance Data = High Risk
Health Info - Provider Data = Medium Risk
Health Info - Medical Data = Medium Risk
Job Info - Employee Data = High Risk
Job Info - Org Data = Low Risk
Job Info - Compensation Data = High Risk
Academic Info - Student Data = High Risk
Academic Info - Institution Data = Medium Risk
Academic Info - Performance Data = Low Risk

Note:
Keep the [Database], [Discovery Parameters], and [Sensitive
Categories] entries for the sections. If you remove these lines, DBSAT
discoverer will fail to execute.

4. Configure the settings. For more information about the configuration settings, see
Configuration Settings.
5. Save and close the configuration file.

50
Configuration Settings

Section Key Value Description

[Database] TNS_ADMIN <network service Location from where
name location> network service
names needs to be
read
- NET_SERVICE_NAME <net_service_name Network Service name
> to be used to make
connection
- WALLET_LOCATION <SSL wallet Location of wallets for
location> | <SEPS secured connections
wallet location> via SSL or SEPS
(Secure External
Password Store)
- DB_HOSTNAME <hostname> | Hostname or IP
<ip_address> Address of the target
database server
- DB_PORT <portnumber> Listener port number
The default is 1521. for the target
database. If a port
number is not
specified, the default
port 1521 is used.
- DB_SERVICE_NAME <service_name> Service name for the
target database
- SSL_ENABLED TRUE | FALSE Specifies if SSL is
The default is FALSE. enabled or disabled
when connecting to
the Database Server.
This is an optional
argument.
It is recommended
that the SSL_ENABLED
value is set to TRUE.
Retain the default
FALSE value if you do
not require an SSL
connection to the
Database Server.
If SSL_ENABLED =
TRUE, then
SSL_TRUSTSTORE is
mandatory.
- SSL_TRUSTSTORE <Absolute path to Specifies the absolute
the TrustStore/ path to the TrustStore,
TrustStore and the TrustStore file
filename> name.
Example: /opt/ Mandatory if
oracle/wallets/ SSL_ENABLED =
truststore.jks TRUE.

51
Section Key Value Description
- SSL_TRUSTSTORE_TY PKCS12 | JKS | Specifies the type of
PE SSO TrustStore.
Use PKCS12 if the
Truststore is a Wallet.
Use JKS if the
Truststore is a Java
KeyStore.
Use SSO if the
Truststore is an auto-
login SSO Wallet.
- SSL_KEYSTORE <Absolute path to Specifies the absolute
the KeyStore/ path to the KeyStore,
KeyStore and the KeyStore file
filename> name.
Example: /opt/ If SSL_KEYSTORE is
oracle/wallets/ not specified, the
keystore.jks value specified in
SSL_TRUSTSTORE is
used.
Mandatory if the
Database server
requires client
authentication.
- SSL_KEYSTORE_TYPE PKCS12 | JKS | Specifies the type of
SSO KeyStore.
Use PKCS12 if the
KeyStore is a Wallet.
Use JKS if the
KeyStore is a Java
KeyStore.
Use SSO if the
KeyStore is an auto-
login SSO Wallet.

- SSL_DN <distinguished_na Distinguished Name

me> (DN) of the target
Database server.
Specify the DN if the
server’s DN needs to
be checked.
This is an optional
argument.

52
Section Key Value Description
- SSL_VERSION 1.0 | 1.1 | 1.2 Specifies the version
The default is 1.2. of the SSL protocol to
use when connecting
to the Database
Server. This is an
optional argument.
Use 1.0 for SSL
version TLSv1.0.
Use 1.1 for SSL
version TLSv1.1.
Use 1.2 for SSL
version TLSv1.2.

- SSL_CIPHER_SUITES <cipher_suite1>,< Specifies the

cipher_suite2> Cryptographic
Algorithms to be used.
Example:
TLS_RSA_WITH_AES_ Multiple entries can be
256_CBC_SHA256 , specified as a comma-
separated list.
SSL_RSA_WITH_RC4_
128_MD5 This is an optional
argument.
For information about
supported
cryptographic suites,
see https://
docs.oracle.com/
javase/8/docs/
technotes/guides/
security/
SunProviders.html.
[Discovery SENSITIVE_PATTERN <file_name> | Specifies the pattern
Parameters] _FILES <file_name1>, files to be used.
<file_name2> Multiple files can be
specified as a comma-
The default is
separated list. The
sensitive_en.ini.
limit is 10 files.
For more information
about configuring the
Sensitive Data Type
pattern file, see
Pattern File
Configuration
(Optional).
- SCHEMA_SCOPE ALL | Specifies the schemas
<schema1>,<schema to be scanned.
2> Multiple schemas can
be specified as a
The default is ALL.
comma-separated list.

53
Section Key Value Description
- MINROWS <numerical value> Specifies the minimum
The default is 1. number of rows in a
table for that table to
be scanned.
Tables with a number
of rows less than what
is specified in the
minrows parameter
are excluded from the
scan.
- EXCLUSION_LIST_FI <exclusion_list_f Specifies the file to be
LE ilename>.ini used to exclude
schemas, tables, or
columns from the
scan.
For more information
about configuring the
Exclusion List file, see
Configuring the
Exclusion List File
(Optional).
[Sensitive The [Sensitive
Categories] Categories] section
defines which
Sensitive Categories
are used. Valid risk
levels are:
• Low Risk
• Medium Risk
• High Risk
The types of sensitive
data are defined in the
Sensitive Data Type
pattern file. For more
information about
configuring the
Sensitive Data Type
pattern file, see
Pattern File
Configuration
(Optional).

Pattern File Configuration (Optional)

The Oracle Database Security Assessment Tool searches for the types of sensitive
data defined in the Pattern file(s).

About Sensitive Types

54
Pattern files contain the patterns to search for. A Pattern file is grouped into sections,
defined by the section heading format [SENSITIVE_TYPE_NAME]. Each section
constitutes a Sensitive Type.
The following example shows a sample Sensitive Type section for FULL NAME.

[FULL NAME]
COL_NAME_PATTERN = ^(?!.*(ITEM|TAX|BALANCE)).*(FULL.*NAME)|(^|[_-])
(CUSTOMER|CUST|CLIENT|PATIENT|PERSON).?(NAME|NM)($|[_-])
COL_COMMENT_PATTERN = ^(?!.*(ITEM|TAX|BALANCE)).*(FULL.?NAME)|
(CUSTOMER|CUST|CLIENT|PATIENT|PERSON).?NAME
SENSITIVE_CATEGORY = Identification Info - Public IDs

The Sensitive Type name [SENSITIVE_TYPE_NAME] is displayed in the Sensitive Type

column of the Database Sensitive Data Assessment Report — Sensitive Column
Details section. For more information about the Database Sensitive Data Assessment
Report, see Oracle Database Sensitive Data Assessment Report.
Each Sensitive Type is defined by the following three parameters: COL_NAME_PATTERN,
COL_COMMENT_PATTERN, and SENSITIVE_CATEGORY.

COL_NAME_PATTERN

The COL_NAME_PATTERN parameter specifies the text to search for in the Regular
Expression (RegExp) patterns of the database column names.

(^LNAME$)|((LAST|FAMILY|SUR|PATERNAL).*NAME$)

In the example above, the following text will be searched for in the RegExp patterns of
the database column names:
• (^LNAME$) — Searches for a column titled LNAME.
• ((LAST|FAMILY|SUR|PATERNAL).*NAME$) — Searches for column names that
contain LAST, FAMILY, SUR, or PATERNAL, followed by any characters and ending
with NAME. For example, LAST_NAME or CUSTOMER_SURNAME.

COL_COMMENT_PATTERN

The COL_COMMENT_PATTERN parameter specifies the text to search for in the Regular
Expression (RegExp) patterns of the database column comments.

SENSITIVE_CATEGORY

The SENSITIVE_CATEGORY parameter specifies the type of sensitive data. The risk
levels associated with exposing types of sensitive data are specified in the
sample_dbsat.config file. The risk levels are:

• Low Risk
• Medium Risk

55
• High Risk
For more information about configuring the sample_dbsat.config file, see
Configuration Settings.

Customizing the Pattern File

To customize the Pattern file, do the following:

1. Access the directory where Oracle DBSAT is installed.

2. Navigate to the Discover/conf directory. Make a copy of
the sensitive_en.ini file and rename the file my_sensitive_en.ini.

Note:
The Discover/conf directory also contains the following language-
specific .ini files to help discover sensitive data in data dictionaries in
major European languages (filename - country, language):
• sensitive_de.ini - German, Germany.
• sensitive_el.ini - Greek, Greece.
• sensitive_es.ini - Spanish, Spain.
• sensitive_fr.ini - French, France.
• sensitive_it.ini - Italian, Italy.
• sensitive_nl.ini - Dutch, Netherlands.
• sensitive_pt.ini - Portuguese, Portugal.

3. Open my_sensitive_en.ini.
4. Customize the settings by adding new Sensitive Types and modifying existing
Sensitive Types.
For more information about adding new Sensitive Types and Sensitive Categories
to the Pattern file, see About Sensitive Types and Configuration Settings.
5. Save and close my_sensitive_en.ini.
The Pattern file is configured.
6. Include my_sensitive_en.ini in the Discoverer scan by adding a reference to the
file in the custom_dbsat.config file.

sensitive_pattern_files = my_sensitive_en.ini

For more information about referencing the Pattern file in the custom_dbsat.config
file, see Configuring dbsat.config.

About Regular Expressions

56
The search parameters use regular expressions, sets of strings based on common
characteristics shared by each string in the set. Regular expressions vary in
complexity, but once you understand the basics of how they are constructed, you can
decipher or create any regular expression. You can use character classes, capturing
groups, quantifiers, boundary matchers, and logical operators to define regular
expressions.

String Literals

The most basic form of pattern matching is the match of a string literal. For example, if
the regular expression is EMP and the input string is EMP, the match succeeds because
the strings are identical. This regular expression also matches any string containing
EMP, such as EMPLOYEE, TEMP, and TEMPERATURE.

Metacharacters

You can also use some special characters that affect the way a pattern is matched.
One of the most common ones is the dot (.) symbol, which matches any character.
For example, EMPLOYEE.ID matches EMPLOYEE_ID and EMPLOYEE-ID, but not
EMPLOYEE_VERIFICATION_ID. Here, the dot is a metacharacter — a character with
special meaning interpreted by the matcher.
Some other metacharacters are: ^ $ ? + * \ - [ ] ( ) { }.

If you want a metacharacter to be treated literally (as an ordinary character), you can
use a backslash (\) to escape it. For example, the regular expression 9\+9 matches
9+9.

Character Classes

A character class is a set of characters enclosed within square brackets. It specifies

the characters that successfully match a single character from a given input string.
The following table describes some common regular expression constructs.

Construct Description
[abc] Matches one of the characters mentioned within square brackets.
Example: EMPLOYE[ER] matches EMPLOYEE and EMPLOYER.
[^abc] Matches any character except the ones mentioned within square brackets.
Example: [^BC]AT matches RAT and HAT, but does not match BAT and
CAT.
[A-Z0-9] Matches any character in the range mentioned within square brackets. To
specify a range, simply insert the dash metacharacter "-" between the first
and last character to be matched; for example, [1-5] or [A-M]. You can
also place different ranges beside each other within the class to further
expand the match possibilities.
Example: [B-F]AT matches BAT, CAT, DAT, EAT, and FAT, but does not
match AAT and GAT.

57
 See Also:

• Character Classes
• Predefined Character Classes

Capturing Groups

You can use capturing groups to treat multiple characters as a single unit. A capturing
group is created by placing the characters to be grouped inside a set of parentheses.
For example, the regular expression (SSN) creates a single group containing the
letters S, S, and N.

See Also:
Capturing Groups

Quantifiers

You can use quantifiers to specify the number of occurrences to match against.
The following table describes some common quantifiers.

Quantifier Description
X? Matches zero or one occurrence of the specified character or group of
characters.
Example: SSN_NUMBERS? matches strings SSN_NUMBER and SSN_NUMBERS.
X* Matches zero or more occurrences of the specified character or group of
characters.
Example: TERM.*DATE matches strings like TERMDATE, TERM_DATE and
LAST_TERMINATION_DATE.
X+ Matches one or more occurrences of the specified character or group of
characters.
Example: TERM.+DATE matches strings like TERM_DATE and
TERMINATION_DATE, but not TERMDATE.
X{n} Matches the specified character or group of characters exactly n times.
Example: 9{3} matches 999, but not 99.
X{n,} Matches the specified character or group of characters at least n times.
Example: 9{3,} matches 999, 9999, and 99999, but not 99.
X{n,m} Matches the specified character or group of characters at least n times but
not more than m times.
Example: 9{3,4} matches 999 and 9999, but not 99.

58
An example of regular expression using character class is SSN[0-9]+, which matches
strings like SSN0, SSN1, and SSN12. Here, [0-9] is a character class and is allowed one
or more times. The regular expression however, does not match SSN.

See Also:
Quantifiers

Boundary Matchers

You can use boundary matchers to make pattern matching more precise by specifying
where in the string the match should take place. For example, you might be interested
in finding a particular word, but only if it appears at the beginning or end of an input
string.
The following table describes common boundary matchers.

Boundary Description
Construct
^ Matches the specified character or group of characters at the beginning of a
string (starts with search).
Example: ^VISA matches strings beginning with VISA.
$ Matches the specified character or group of characters at the end of a string
(ends with search).
Example: NUMBER$ matches strings ending with NUMBER.
\b Marks a word boundary. Matches the character or group of characters
specified between a pair of \b only if it is a separate word (as opposed to
substring within a longer string).
Example: \bAGE\b matches strings like EMPLOYEE AGE and PATIENT AGE
INFORMATION, but does not match strings like AGEING and EMPLOYEEAGE.

If no boundary matcher is specified, a contains search is performed. For example,

ELECTORAL matches strings containing ELECTORAL, such as ELECTORAL_ID,
ID_ELECTORAL, and ELECTORALID.

An exact match search can be performed by using ^ and $ together. For example,
^ADDRESS$ searches for the exact string ADDRESS. It matches the string ADDRESS, but
does not match strings like PRIMARY_ADDRESS and ADDRESS_HOME.

See Also:
Boundary Matchers

Logical Operators

59
You can use the pipe or vertical bar character (|) if you want to match any one of the
characters (or group of characters) separated by pipe. For example, EMPLOY(EE|
ER)_ID matches EMPLOYEE_ID and EMPLOYER_ID.

Examples

^JOB.*(TITLE|PROFILE|POSITION)$ matches strings beginning with JOB, followed by

zero or more occurrences of any character, and ending with TITLE, PROFILE, or
POSITION.

^[A-Z]{3}[0-9]{2}[A-Z0-9]$ matches strings beginning with three letters, followed

by two digits, and ending with a letter or digit.
BIRTH.?(COUNTRY|PLACE)|(COUNTRY|PLACE).*BIRTH matches strings such as BIRTH
COUNTRY, PATIENT_BIRTH_PLACE, PLACE_OF_BIRTH, and EMPLOYEE'S COUNTRY OF
BIRTH.

See Also:
Regular Expressions

Configuring the Exclusion List File (Optional)

You can specify schemas, tables, or columns to exclude from the scan in the Exclusion
List file.
This is an optional step but often required to fine tune the Discoverer to exclude false
positives.
To create an Exclusion List file, do the following:
1. Create an Exclusion List file, and save it in the Discover/conf directory as
myexclusion_list.
2. Specify the schemas, tables, or columns to exclude from the Discoverer scan.
The following is a sample of the contents of the Exclusion List file.

PAYROLL
IT.ENTITLEMENTS
HR.EMPLOYEE.MARITAL_STATUS
HR.JOB.CANDIDATE

Specify the schemas, tables, or columns to exclude using the format

SchemaName.TableName.ColumnName. Type each exclusion entry on a new line.
In the example above, PAYROLL excludes the PAYROLL schema from the discovery
scan; IT.ENTITLEMENTS excludes the ENTITLEMENTS table in IT schema;
HR.EMPLOYEE.MARITAL_STATUS excludes column MARITAL_STATUS from the
HR.EMPLOYEE table. Similarly, HR.JOB.CANDIDATE excludes column CANDIDATE
from HR.JOB table.

60
 Tip:
The Discoverer CSV report includes a column with the fully qualified
column names (FULLY_QUALIFIED_COLUMN_NAME). This column
can be used to create the exclusion list file contents and speed up the
removal of unwanted columns or false positives from the report in a
subsequent run.

3. Save and close the Exclusion List file.

4. Update the exclusion_list_file entry in your custom_dbsat.config file to
exclusion_list_file = myexclusion_list
For more information about referencing the Exclusion List file, see Configuring
dbsat.config.

Configuring Certificates and Wallets (Optional)

The Discoverer allows usage of Secure External Password Store to retrieve login
credentials stored a wallet while connecting. Secure External Password Store can be
used to connect to Database without entering the username and password. Secure
External Password Store improves the security and allows automation of the execution
of the Discoverer.
For increased security, Oracle Database provides Secure Sockets Layer (SSL) support
to encrypt the connection between clients and the server. If SSL (TLS) encryption is
configured on the Database Server, the Discoverer needs to be configured in order to
connect and discover data. Configuration parameters for SSL can be found in the
dbsat.config file.

To establish an SSL connection with the Discoverer, the Database Server sends its
certificate, which is stored in its wallet. The client may or may not need a certificate or
wallet, depending on the server configuration.

Note:
Configuring certificates and wallets is an optional step and needs to be
performed only when using SSL to connect to the Oracle Database server.

For more information about configuring certificates and wallets, see Support for SSL in
the Oracle Database JDBC Developer's Guide.

Running the Discoverer

To run the Discoverer, do the following:

61
1. Specify the arguments to run the Discoverer:

$ dbsat discover [-n] -c <config_file> <output_file>

The dbsat discover command has the following options and arguments:
• -n
Specifies that there is no encryption for output.
• -c
Specifies the name of the configuration file used for discoverer. For more
information about the config_file file, see Configuring dbsat.config.
• output_file
Specifies the full or relative path name to create the .zip file. Do not add an
extension.
Example: /home/oracle/dbsat/PDB1
2. Run the Discoverer.

$ ./dbsat discover -c Discover/conf/custom_dbsat.config PDB1

The following output is displayed:

DBSAT Discover ran successfully.

Calling /usr/bin/zip to encrypt the generated reports...
Enter password:
Verify password:
adding: PDB1_discover.html (deflated 86%)
adding: PDB1_discover.csv (deflated 86%)
Zip completed successfully.
$

3. Specify a password to encrypt the .zip file.

A zip file named <destination>_report.zip is created. If the file
<destination>_report.zip exists, the discovery results are added to the existing
zip file.

Note:
The .zip file is used for Reporter and Discoverer output. To avoid
confusion, it is recommended that you use the same password while
creating both outputs.

4. Extract the contents of the .zip file to access the Database Sensitive Data
Assessment Report. When prompted, enter the password to decrypt the .zip file
specified in Step 3.

62
 The contents of the .zip file are extracted.
5. Use the appropriate tools to read the Database Sensitive Data Assessment
Report.
Example: Use a browser to display the .html file.
Example: Use a spreadsheet reader like OpenOffice Calc or Excel to open
the .csv file.

Oracle Database Sensitive Data Assessment Report

The Discoverer component is used to generate the Oracle Database Sensitive Data
Assessment Report in HTML and CSV formats.
The HTML report is the main report and contains the discovered sensitive data and its
categories along with target database information and Discoverer parameters.
The CSV report can be loaded into Oracle Audit Vault and Database Firewall to add
sensitive data context to the new Data Privacy reports. For more information about this
functionality, see Importing Sensitive Data Into AVDF Repository in the Oracle Audit
Vault and Database Firewall Auditor's Guide.

Oracle Database Sensitive Data Assessment Report —

High-Level Summary
The Oracle Database Sensitive Data Assessment Report — High-Level Summary
section contains the following information:

Table Oracle Database Sensitive Data Assessment Report — High-Level

Summary

Section Description
Assessment Displays when the Sensitive Data Assessment report was generated. The
Time & Date DBSAT Discoverer version is also displayed.
Database Displays the details of the database assessed by the Discoverer.
Identity
Database Displays the version of the database assessed by the Discoverer.
Version
Discovery Displays the Discovery Parameters specified in the configuration file. For more
Parameters information about Discovery Parameters, see Configuration Settings.

The following figure displays the first four tables of the Oracle Database Sensitive Data
Assessment Report — High-Level Summary section.

63
Figure Oracle Database Sensitive Data Assessment Report — High-Level
Summary

The High-Level Summary section is followed by the Summary section.

Oracle Database Sensitive Data Assessment Report —

Summary
The Oracle Database Sensitive Data Assessment Report — Summary section
displays information about the number of tables, columns, and rows identified as
sensitive data, grouped by Sensitive Category.
The Database Sensitive Data Assessment Report — Summary section contains the
following columns:

Table Oracle Database Sensitive Data Assessment Report — Summary

Column Name Description

Sensitive Category Displays the name of the Sensitive Category
# Sensitive Tables Displays the number of tables detected that
contain sensitive data
# Sensitive Columns Displays the number of columns detected in
the tables that contain sensitive data
# Sensitive Rows Displays the number of rows detected in the
tables that contain sensitive data

64
The following figure displays the information displayed in the Oracle Database
Sensitive Data Assessment Report — Summary section:

Figure Oracle Database Sensitive Data Assessment Report — Summary

Note:
A single database table could contain columns or column comments that
match more than one Sensitive Category, causing a higher number to be
displayed in the # Sensitive Tables and # Sensitive Rows columns.
However, the Total row displays the unique number of tables and rows
identified as sensitive data.

For more information about configuring Sensitive Categories, see Pattern File
Configuration (Optional).
The Summary section is followed by the Sensitive Data section.

Oracle Database Sensitive Data Assessment Report —

Sensitive Data
The Oracle Database Sensitive Data Assessment Report — Sensitive Data section
displays information about the schemas containing sensitive data.
The Oracle Database Sensitive Data Assessment Report — Sensitive Data section
contains the following information:

65
Table Oracle Database Sensitive Data Assessment Report — Sensitive Data

Section Description
Risk Level(s) Displays the Risk Level(s) of the sensitive data identified in the schema of the
database assessed by the Discoverer.
Summary Displays a summary of the occurrence of sensitive data in the schema.
Location Displays the names of the schemas containing sensitive data.

The following figure shows the information displayed in the Oracle Database Sensitive
Data Assessment Report — Sensitive Data section.

Figure Oracle Database Sensitive Data Assessment Report — Sensitive Data

Findings belonging to each risk level are followed by a set of recommendations to

secure the sensitive data. These recommendations lists various controls based on the
Risk Levels, namely HIGH, MEDIUM, and LOW.
The following figure shows the information displayed in the Risk Level: High Risk
section.

Figure Sensitive categories grouped by Risk Level

66
Each Risk Level section is followed by a list of the tables detected that contain
sensitive data. The following information is displayed:

Table Tables Detected within Sensitive Category: <Sensitive Category Name>

Name Description
Risk Level Displays the Risk Level
Summary Displays a summary of the sensitive category
data detected
Location Displays the names of the tables that contain
sensitive data

The following figure shows the information displayed in the Tables Detected within
each Sensitive Category: <Sensitive Category Name> subsection.

Figure Tables Detected within Sensitive Category: <Sensitive Category Name>

The Sensitive Data section is followed by the Schema View section.

Oracle Database Sensitive Data Assessment Report —

Schema View
The Oracle Database Sensitive Data Assessment Report — Schema View section
displays information about the schemas, tables, columns, and rows containing
sensitive data. The Sensitive Category is also displayed.
The Oracle Database Sensitive Data Assessment Report — Summary section
contains the following columns:

Column Name Description

Schema Displays the name of the schema
Table Name Displays the name of the table
Columns Displays the number of columns in the table
Sensitive Columns Displays the number of columns detected that
contain sensitive data

67
Column Name Description
Rows Displays the number of rows in the table
Sensitive Category Displays the category of sensitive data
detected in each column

The following figure highlights the information displayed in the Oracle Database
Sensitive Data Assessment Report — Schema View section:

Figure Oracle Database Sensitive Data Assessment Report — Schema View

The Schema View section is followed by the Sensitive Column Details section.

Oracle Database Sensitive Data Assessment Report —

Sensitive Column Details
The Oracle Database Sensitive Data Assessment Report — Sensitive Column Details
section displays information about the columns containing sensitive data. The
Sensitive Category and Type are also displayed.

Column Name Description

Schema Name Displays the name of the schema
Table Name Displays the name of the table
Column Name Displays the name of the column
Column Comment Displays the column comment
Sensitive Category Displays the category of sensitive data
detected in each column
Sensitive Type Displays the type of sensitive data detected in
each column
Risk Level Displays the risk level

The following figure displays the information displayed in the Oracle Database
Sensitive Data Assessment Report — Sensitive Column Details section.

68
Figure Oracle Database Sensitive Data Assessment Report — Sensitive
Column Details

Best Practices
Collector - OS Commands
As a general best practice, you should not put username/password credentials in
cleartext in an application or file. When you provide the password on the command
line while executing dbsat collect, someone can retrieve credentials, either using
history or executing the ps Unix command or any similar Windows command.
Therefore, Oracle recommends that you enter the password when prompted.

Collector - Database User Account

It's advisable that you run DBSAT collect and discoverer with a user that has the
minimum set of privileges required to execute the assessments. The user shall also
have a strong password. This will help reduce the attack surface and the potential
impact of stolen DBSAT user account credentials, account misuse, and human error.
You can create a user with the required minimum privileges to run the Oracle
Database Security Assessment Tool with the script provided in the pre-requisites
section.

Securing DBSAT Output Files

By default, DBSAT produces password-protected zip files. As DBSAT output can
contain sensitive information, it is recommended not to override the default.
Mishandling of assessment information can introduce risk.

Excluding Sensitive User Accounts

69
DBSAT allows you to exclude users from the security assessment report. If there are
critical users that you do not want to show in the report, you can exclude them by
using the -u option in dbsat report execution.

Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at http://www.oracle.com/pls/topic/lookup?
ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support
through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/
lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs
if you are hearing impaired.

Appendix A
Improved DBSAT Target Specific Checks and
Recommendations
Oracle DBSAT can be run against on-premises databases, Autonomous Databases
(Serverless and Dedicated) and Oracle Cloud DBCS (DBSystems EE/HP/EP). Some
findings will execute different checks and provide specific recommendations for these
databases. The table below highlights which findings were improved.

70
Figure DBSAT Target Specific Checks and Recommendations

Figure DBSAT Target Specific Checks and Recommendations (continued)

71
Figure DBSAT Target Specific Checks and Recommendations (continued)

Figure DBSAT Target Specific Checks and Recommendations (continued)

72
Figure DBSAT Target Specific Checks and Recommendations (continued)

Figure DBSAT Target Specific Checks and Recommendations (continued)

73
Figure DBSAT Target Specific Checks and Recommendations (continued)

Figure DBSAT Target Specific Checks and Recommendations (continued)

74
Figure DBSAT Target Specific Checks and Recommendations (continued)

Figure DBSAT Target Specific Checks and Recommendations (continued)

Appendix B
You can troubleshoot Oracle Database Security
Assessment Tool by using diagnostics and log
files.
B.1 Enabling DBSAT Diagnostics to diagnose
Oracle Database Security Assessment Tool Errors
Output diagnostics, which the DBSAT generates, capture vital information to help you
debug errors.
By default, DBSAT suppresses errors that do not impact the report execution. To find
details on errors that might affect your report generation, please run dbsat report with
the -d option.

75
Example of a run with -d:

$ ./dbsat report -n -d orcl

Database Security Assessment Tool version 3.1 (Mar 2023)

This tool is intended to assist you in securing your Oracle database

system. You are solely responsible for your system and the effect and
results of the execution of this tool (including, without limitation,
any damage or data loss). Further, the output generated by this tool
may include potentially sensitive system configuration data and
information that could be used by a skilled attacker to penetrate your
system. You are solely responsible for ensuring that the output of
this tool, including any generated reports, is handled in accordance
with your company’s policies.

Traceback (most recent call last): File “<iostream>“, line 11865, in

<module> File “<iostream>“, line 1161, in sec_feature_usage
IndexError: index out of range: 1

DBSAT Reporter ran successfully.

Example of a standard run:

$ ./dbsat report -n orcl

Database Security Assessment Tool version 3.0

This tool is intended to assist you in securing your Oracle database

system. You are solely responsible for your system and the effect and
results of the execution of this tool (including, without limitation,
any damage or data loss). Further, the output generated by this tool
may include potentially sensitive system configuration data and
information that could be used by a skilled attacker to penetrate your
system. You are solely responsible for ensuring that

the output of this tool, including any generated reports, is handled

in accordance with your company’s policies.

DBSAT Reporter ran successfully.

B.2 DBSAT Reporter Fails With "No JSON object could be decoded"
If execute on package SYS.DBMS_SQL was revoked from PUBLIC you can encounter this
issue.

$ ./dbsat report -a -n orcl

Database Security Assessment Tool version 3.0

This tool is intended to assist in you in securing your Oracle

76
database system. You are solely responsible for your system and the
effect and results of the execution of this tool (including, without
limitation, any damage or data loss). Further, the output generated by
this tool may include potentially sensitive system configuration data
and information that could be used by a skilled attacker to penetrate
your system. You are solely responsible for ensuring that the output
of this tool, including any generated reports, is handled in
accordance with yourcompany's policies.

... Unable to process input file: orcl.json No JSON object could be

decoded Error: Unexpected error occurred while running DBSAT Reporter.

To avoid this error, grant execute privilege on DBMS_SQL to the DBSAT database user
used in dbsat collect <user>@<service_name> <output-file>

SQL> grant execute on sys.dbms_sql to <user> ;

Run dbsat collect again to ensure the data is collected appropriately and then run
the report.

./dbsat collect <user>@<service_name> <output-file>

./dbsat report <output-file>

Note: make sure JSON is not invalid or corrupt. Review the json file and/or run the
collector.
B.3 DBSAT Reporter Fails – Generic
Occasionally, the source of the issue affecting the DBSAT report's successful
execution is present in the collector-generated file. As a troubleshooting step, you can
open the file (extract from the zip file) generated by DBSAT collect and search the file
for errors.
B.4 Issues running DBSAT on AIX platforms
AIX default shell is the Korn shell (ksh). DBSAT needs to run under the bash shell. You
can either change it to bash or install it. DBSAT fails to run under other shells. As an
example, if you do not have bash shell installed on AIX, and you try to run DBSAT, you
can encounter the following:

oraprod>./dbsat

ksh: ./dbsat: not found

oraprod>pwd

/home/oraprod/dbsat300

77
At this point, you can install bash on AIX or run DBSAT collect remotely. You can
execute DBSAT from another server with bash (e.g., a linux server), reaching the
database running on AIX:

./dbsat collect <user>@<service_name> <output-file>

When collecting from a remote server, DBSAT will not include Operating System-
related findings.

Appendix C
Attribution for Third-Party Licenses
For third party technology that you receive from Oracle in binary form which is licensed
under an open source license that gives you the right to receive the source code for
that binary, you can obtain a copy of the applicable source code from this page. If the
source code for the technology was not provided to you with the binary, you can also
receive a copy of the source code on physical media by submitting a written request
to:
Oracle America, Inc.
Attn: Associate General Counsel
Development and Engineering Legal
500 Oracle Parkway, 10th Floor
Redwood Shores, CA 94065

Or, you may send an email to Oracle using this form. Your request should include:
The name of the component or binary file(s) for which you are requesting the
source code
The name and version number of the Oracle product
The date you received the Oracle product
Your name
Your company name (if applicable)
Your return mailing address and email
A telephone number in the event we need to reach you

We may charge you a fee to cover the cost of physical media and processing. Your
request must be sent (i) within three (3) years of the date you received the Oracle
product that included the component or binary file(s) that are the subject of your
request, or (ii) in the case of code licensed under the GPL v3, for as long as Oracle
offers spare parts or customer support for that product model

XlsxWriter, Version: 2.0

Copyright (c) 2013-2020, John McNamara <[email protected]>

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:

78
1. Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list
of conditions and the following disclaimer in the documentation and/or other
materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
The views and conclusions contained in the software and documentation are those of
the authors and should not be interpreted as representing official policies, either
expressed or implied, of the FreeBSD Project.

TERMS AND CONDITIONS FOR ACCESSING

OR OTHERWISE USING JYTHON
PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"),
and the Individual or Organization ("Licensee") accessing and otherwise using this
software ("Jython") in source or binary form and its associated documentation.
2. Subject to the terms and conditions of this License Agreement, PSF hereby grants
Licensee a nonexclusive, royalty-free, world-wide license to reproduce, analyze,
test, perform and/or display publicly, prepare derivative works, distribute, and
otherwise use Jython alone or in any derivative version, provided, however, that
PSF's License Agreement and PSF's notice of copyright, i.e., "Copyright (c) 2007
Python Software Foundation; All Rights Reserved" are retained in Jython alone or
in any derivative version prepared by Licensee.
3. In the event Licensee prepares a derivative work that is based on or incorporates
Jython or any part thereof, and wants to make the derivative work available to
others as provided herein, then Licensee hereby agrees to include in any such
work a brief summary of the changes made to Jython.
The following changes were made:
• Updated the Third Party package [email protected] to [email protected]
• Removed [email protected] and [email protected] from binary distribution.
4. PSF is making Jython available to Licensee on an "AS IS" basis. PSF MAKES NO
REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF

79
 EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY
REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF JYTHON WILL NOT
INFRINGE ANY THIRD PARTY RIGHTS.
5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF
JYTHON FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES
OR LOSS AS A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE
USING JYTHON, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE
POSSIBILITY THEREOF.
6. This License Agreement will automatically terminate upon a material breach of its
terms and conditions.
7. Nothing in this License Agreement shall be deemed to create any relationship of
agency, partnership, or joint venture between PSF and Licensee. This License
Agreement does not grant permission to use PSF trademarks or trade name in a
trademark sense to endorse or promote products or services of Licensee, or any
third party.
8. By copying, installing or otherwise using Jython, Licensee agrees to be bound by
the terms and conditions of this License Agreement.
PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2.1
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
• Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice, this list
of conditions and the following disclaimer in the documentation and/or other
materials provided with the distribution.
• Neither the name of the Jython Developers nor the names of its contributors may
be used to endorse or promote products derived from this software without specific
prior written permission.

80
 Note:
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

JPython version 1.1.x

1. This LICENSE AGREEMENT is between the Corporation for National Research
Initiatives, having an office at 1895 Preston White Drive, Reston, VA 20191
("CNRI"), and the Individual or Organization ("Licensee") accessing and using
JPython version 1.1.x in source or binary form and its associated documentation
as provided herein ("Software").
2. Subject to the terms and conditions of this License Agreement, CNRI hereby
grants Licensee a non-exclusive, non-transferable, royalty-free, world-wide license
to reproduce, analyze, test, perform and/or display publicly, prepare derivative
works, distribute, and otherwise use the Software alone or in any derivative
version, provided, however, that CNRI's License Agreement and CNRI's notice of
copyright, i.e., "Copyright (c)1996-1999 Corporation for National Research
Initiatives; All Rights Reserved" are both retained in the Software, alone or in any
derivative version prepared by Licensee.
Subject to the terms and conditions of this License Agreement, CNRI hereby
grants Licensee a non-exclusive, non-transferable, royalty-free, world-wide license
to reproduce, analyze, test, perform and/or display publicly, prepare derivative
works, distribute, and otherwise use the Software alone or in any derivative
version, provided, however, that CNRI's License Agreement and CNRI's notice of
copyright, i.e., "Copyright (c)1996-1999 Corporation for National Research
Initiatives; All Rights Reserved" are both retained in the Software, alone or in any
derivative version prepared by Licensee.
3. In the event Licensee prepares a derivative work that is based on or incorporates
the Software or any part thereof, and wants to make the derivative work available
to the public as provided herein, then Licensee hereby agrees to indicate in any
such work, in a prominently visible way, the nature of the modifications made to
CNRI's Software.
4. Licensee may not use CNRI trademarks or trade name, including JPython or
CNRI, in a trademark sense to endorse or promote products or services of
Licensee, or any third party. Licensee may use the mark JPython in connection

81
 with Licensee's derivative versions that are based on or incorporate the Software,
but only in the form "JPython-based ___________________," or equivalent.
5. CNRI is making the Software available to Licensee on an "AS IS" basis. CNRI
MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED.
BY WAY OF EXAMPLE, BUT NOT LIMITATION, CNRI MAKES NO AND
DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY
OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE
SOFTWARE WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
6. CNRI SHALL NOT BE LIABLE TO LICENSEE OR OTHER USERS OF THE
SOFTWARE FOR ANY INCIDENTAL, SPECIAL OR CONSEQUENTIAL
DAMAGES OR LOSS AS A RESULT OF USING, MODIFYING OR
DISTRIBUTING THE SOFTWARE, OR ANY DERIVATIVE THEREOF, EVEN IF
ADVISED OF THE POSSIBILITY THEREOF. SOME STATES DO NOT ALLOW
THE LIMITATION OR EXCLUSION OF LIABILITY SO THE ABOVE DISCLAIMER
MAY NOT APPLY TO LICENSEE.
7. This License Agreement may be terminated by CNRI (i) immediately upon written
notice from CNRI of any material breach by the Licensee, if the nature of the
breach is such that it cannot be promptly remedied; or (ii) sixty (60) days following
notice from CNRI to Licensee of a material remediable breach, if Licensee has not
remedied such breach within that sixty-day period.
8. This License Agreement shall be governed by and interpreted in all respects by
the law of the State of Virginia, excluding conflict of law provisions. Nothing in this
Agreement shall be deemed to create any relationship of agency, partnership, or
joint venture between CNRI and Licensee.
9. By clicking on the "ACCEPT" button where indicated, or by installing, copying or
otherwise using the Software, Licensee agrees to be bound by the terms and
conditions of this License Agreement.
########NOTICE.TXT OF TOP-LEVEL JYTHON
COMPONENT######################## This product includes software
developed by: o The Apache Software Foundation (http://www.apache.org/)
#####LICENSE.TXT FOR 4TH PARTY ORG.ANTLR:ANTLR ORG.ANTLR:ANTLR-
RUNTIME AND ORG.ANTLR:ST4 COMPONENTS##### [The "BSD licence"]
Copyright (c) 2003-2008 Terence Parr All rights reserved. Redistribution and use in
source and binary forms, with or without modification, are permitted provided that the
following conditions are met: 1. Redistributions of source code must retain the above
copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in
binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the
distribution. 3. The name of the author may not be used to endorse or promote
products derived from this software without specific prior written permission. THIS
SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

82
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE. #####LICENSE.TXT FOR 4TH PARTY
ORG.APACHE.COMMONS:COMMONS-COMPRESS,
COM.GOOGLE.GUAVA:GUAVA, COM.GOOGLE.GUAVA:FAILUREACCESS
COM.GOOGLE.GUAVA:LISTENABLEFUTURE COM.CARROTSEARCH:JAVA-
SIZEOF COM.GITHUB.JNR:JFFI, COM.GITHUB.JNR:JNR-CONSTANTS,
COM.GITHUB.JNR:JNR-FFI, COM.GITHUB.JNR:JFFI COM.GITHUB.JNR:JNR-
CONSTANTS, COM.GITHUB.JNR:JNR-A64ASM, COM.GITHUB.JNR:JNR-X86ASM,
COM.GITHUB.JNR:JNR-NETDB, COM.GITHUB.JNR:JNR-POSIX
COM.GOOGLE.ERRORPRONE:ERROR_PRONE_ANNOTATIONS ,
COM.GOOGLE.J2OBJC:J2OBJC-ANNOTATIONS COMPONENT##### Apache
License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND
CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and distribution
as defined by Sections 1 through 9 of this document. "Licensor" shall mean the
copyright owner or entity authorized by the copyright owner that is granting the
License. "Legal Entity" shall mean the union of the acting entity and all other entities
that control, are controlled by, or are under common control with that entity. For the
purposes of this definition, "control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or otherwise, or (ii)
ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial
ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License. "Source" form shall mean the
preferred form for making modifications, including but not limited to software source
code, documentation source, and configuration files. "Object" form shall mean any
form resulting from mechanical transformation or translation of a Source form,
including but not limited to compiled object code, generated documentation, and
conversions to other media types. "Work" shall mean the work of authorship, whether
in Source or Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work (an example is provided in
the Appendix below). "Derivative Works" shall mean any work, whether in Source or
Object form, that is based on (or derived from) the Work and for which the editorial
revisions, annotations, elaborations, or other modifications represent, as a whole, an
original work of authorship. For the purposes of this License, Derivative Works shall
not include works that remain separable from, or merely link (or bind by name) to the
interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any
work of authorship, including the original version of the Work and any modifications or
additions to that Work or Derivative Works thereof, that is intentionally submitted to
Licensor for inclusion in the Work by the copyright owner or by an individual or Legal
Entity authorized to submit on behalf of the copyright owner. For the purposes of this
definition, "submitted" means any form of electronic, verbal, or written communication
sent to the Licensor or its representatives, including but not limited to communication
on electronic mailing lists, source code control systems, and issue tracking systems
that are managed by, or on behalf of, the Licensor for the purpose of discussing and
improving the Work, but excluding communication that is conspicuously marked or
otherwise designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom
a Contribution has been received by Licensor and subsequently incorporated within
the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this
License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative

83
Works of, publicly display, publicly perform, sublicense, and distribute the Work and
such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to
the terms and conditions of this License, each Contributor hereby grants to You a
perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as
stated in this section) patent license to make, have made, use, offer to sell, sell,
import, and otherwise transfer the Work, where such license applies only to those
patent claims licensable by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s) with the Work to which
such Contribution(s) was submitted. If You institute patent litigation against any entity
(including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a
Contribution incorporated within the Work constitutes direct or contributory patent
infringement, then any patent licenses granted to You under this License for that Work
shall terminate as of the date such litigation is filed. 4. Redistribution. You may
reproduce and distribute copies of the Work or Derivative Works thereof in any
medium, with or without modifications, and in Source or Object form, provided that You
meet the following conditions: (a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and (b) You must cause any modified files to
carry prominent notices stating that You changed the files; and (c) You must retain, in
the Source form of any Derivative Works that You distribute, all copyright, patent,
trademark, and attribution notices from the Source form of the Work, excluding those
notices that do not pertain to any part of the Derivative Works; and (d) If the Work
includes a "NOTICE" text file as part of its distribution, then any Derivative Works that
You distribute must include a readable copy of the attribution notices contained within
such NOTICE file, excluding those notices that do not pertain to any part of the
Derivative Works, in at least one of the following places: within a NOTICE text file
distributed as part of the Derivative Works; within the Source form or documentation, if
provided along with the Derivative Works; or, within a display generated by the
Derivative Works, if and wherever such third-party notices normally appear. The
contents of the NOTICE file are for informational purposes only and do not modify the
License. You may add Your own attribution notices within Derivative Works that You
distribute, alongside or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide
additional or different license terms and conditions for use, reproduction, or distribution
of Your modifications, or for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with the conditions
stated in this License. 5. Submission of Contributions. Unless You explicitly state
otherwise, any Contribution intentionally submitted for inclusion in the Work by You to
the Licensor shall be under the terms and conditions of this License, without any
additional terms or conditions. Notwithstanding the above, nothing herein shall
supersede or modify the terms of any separate license agreement you may have
executed with Licensor regarding such Contributions. 6. Trademarks. This License
does not grant permission to use the trade names, trademarks, service marks, or
product names of the Licensor, except as required for reasonable and customary use
in describing the origin of the Work and reproducing the content of the NOTICE file. 7.
Disclaimer of Warranty. Unless required by applicable law or agreed to in writing,
Licensor provides the Work (and each Contributor provides its Contributions) on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied, including, without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR
PURPOSE. You are solely responsible for determining the appropriateness of using or
redistributing the Work and assume any risks associated with Your exercise of

84
permissions under this License. 8. Limitation of Liability. In no event and under no legal
theory, whether in tort (including negligence), contract, or otherwise, unless required
by applicable law (such as deliberate and grossly negligent acts) or agreed to in
writing, shall any Contributor be liable to You for damages, including any direct,
indirect, special, incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the Work (including but not
limited to damages for loss of goodwill, work stoppage, computer failure or
malfunction, or any and all other commercial damages or losses), even if such
Contributor has been advised of the possibility of such damages. 9. Accepting
Warranty or Additional Liability. While redistributing the Work or Derivative Works
thereof, You may choose to offer, and charge a fee for, acceptance of support,
warranty, indemnity, or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only on Your own behalf
and on Your sole responsibility, not on behalf of any other Contributor, and only if You
agree to indemnify, defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason of your accepting
any such warranty or additional liability. END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work. To apply the Apache
License to your work, attach the following boilerplate notice, with the fields enclosed by
brackets "[]" replaced with your own identifying information. (Don't include the
brackets!) The text should be enclosed in the appropriate comment syntax for the file
format. We also recommend that a file or class name and description of purpose be
included on the same "printed page" as the copyright notice for easier identification
within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under
the Apache License, Version 2.0 (the "License"); you may not use this file except in
compliance with the License. You may obtain a copy of the License at http://
www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed
to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under
the License. #####NOTICE.TXT FOR 4TH PARTY
ORG.APACHE.COMMONS:COMMONS-COMPRESS COMPONENT##### Apache
Commons Compress Copyright 2002-2022 The Apache Software Foundation This
product includes software developed at The Apache Software Foundation (https://
www.apache.org/). --- The files in the package
org.apache.commons.compress.archivers.sevenz were derived from the LZMA SDK,
version 9.20 (C/ and CPP/7zip/), which has been placed in the public domain: "LZMA
SDK is placed in the public domain." (http://www.7-zip.org/sdk.html) --- The test file
lbzip2_32767.bz2 has been copied from libbzip2's source repository: This program,
"bzip2", the associated library "libbzip2", and all documentation, are copyright (C)
1996-2019 Julian R Seward. All rights reserved. Redistribution and use in source and
binary forms, with or without modification, are permitted provided that the following
conditions are met: 1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer. 2. The origin of this software
must not be misrepresented; you must not claim that you wrote the original software. If
you use this software in a product, an acknowledgment in the product documentation
would be appreciated but is not required. 3. Altered source versions must be plainly
marked as such, and must not be misrepresented as being the original software. 4.
The name of the author may not be used to endorse or promote products derived from
this software without specific prior written permission. THIS SOFTWARE IS
PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

85
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Julian
Seward, [email protected] ##### NOTICE.TXT FOR 4TH PARTY
COM.CARROTSEARCH:JAVA-SIZEOF COMPONENT##### This product includes
software developed by The Apache Software Foundation (http://www.apache.org/).
This RamUsageEstimator is an extended clone of the one found in Apache Lucene.
#####LICENSE.TXT FOR 4TH PARTY JLINE:JLINE COMPONENT##### Copyright
(c) 2002-2018, the original author or authors. All rights reserved. https://
opensource.org/licenses/BSD-3-Clause Redistribution and use in source and binary
forms, with or without modification, are permitted provided that the following conditions
are met: Redistributions of source code must retain the above copyright notice, this list
of conditions and the following disclaimer. Redistributions in binary form must
reproduce the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of JLine nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. #####LICENSE.TXT FOR 4TH PARTY
ORG.BOUNCYCASTLE:BCPKIX-JDK18ON AND ORG.BOUNCYCASTLE:BCPROV-
JDK18ON COMPONENT##### LICENSE Copyright (c) 2000 - 2021 The Legion of the
Bouncy Castle Inc. (https://www.bouncycastle.org) Permission is hereby granted, free
of charge, to any person obtaining a copy of this software and associated
documentation files (the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge, publish, distribute,
sublicense, and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions: The above copyright
notice and this permission notice shall be included in all copies or substantial portions
of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR

86
OTHER DEALINGS IN THE SOFTWARE. #####LICENSE.TXT FOR 4TH PARTY
ORG.OW2.ASM:ASM, ORG.OW2.ASM:ASM-COMMONS, ORG.OW2.ASM:ASM-
TREE AND ORG.OW2.ASM:ASM-ANALYSIS COMPONENT##### ASM: a very small
and fast Java bytecode manipulation framework Copyright (c) 2000-2011 INRIA,
France Telecom All rights reserved. Redistribution and use in source and binary forms,
with or without modification, are permitted provided that the following conditions are
met: 1. Redistributions of source code must retain the above copyright notice, this list
of conditions and the following disclaimer. 2. Redistributions in binary form must
reproduce the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holders nor the names of its contributors may be
used to endorse or promote products derived from this software without specific prior
written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT
HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. #####LICENSE.TXT FOR 4TH PARTY
ORG.CHECKERFRAMEWORK:CHECKER-QUAL COMPONENT##### Checker
Framework qualifiers Copyright 2004-present by the Checker Framework developers
MIT License: Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to use, copy,
modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
to permit persons to whom the Software is furnished to do so, subject to the following
conditions: The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS
IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#####LICENSE.TXT FOR 4TH PARTY COM.IBM.ICU:ICU4J COMPONENT#####
UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE See Terms
of Use <https://www.unicode.org/copyright.html> for definitions of Unicode Inc.’s Data
Files and Software. NOTICE TO USER: Carefully read the following legal agreement.
BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE
INC.'S DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"), YOU
UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE TERMS
AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE, DO NOT
DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE THE DATA FILES OR
SOFTWARE. COPYRIGHT AND PERMISSION NOTICE Copyright © 1991-2022
Unicode, Inc. All rights reserved. Distributed under the Terms of Use in https://

87
www.unicode.org/copyright.html. Permission is hereby granted, free of charge, to any
person obtaining a copy of the Unicode data files and any associated documentation
(the "Data Files") or Unicode software and any associated documentation (the
"Software") to deal in the Data Files or Software without restriction, including without
limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies
of the Data Files or Software, and to permit persons to whom the Data Files or
Software are furnished to do so, provided that either (a) this copyright and permission
notice appear with all copies of the Data Files or Software, or (b) this copyright and
permission notice appear in associated Documentation. THE DATA FILES AND
SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE
COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR
ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR
ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THE DATA FILES OR SOFTWARE. Except as contained in this
notice, the name of a copyright holder shall not be used in advertising or otherwise to
promote the sale, use or other dealings in these Data Files or Software without prior
written authorization of the copyright holder.
---------------------------------------------------------------------- Third-Party Software Licenses
This section contains third-party software notices and/or additional terms for licensed
third-party software components included within ICU libraries.
---------------------------------------------------------------------- ICU License - ICU 1.8.1 to ICU
57.1 COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1995-2016 International
Business Machines Corporation and others All rights reserved. Permission is hereby
granted, free of charge, to any person obtaining a copy of this software and associated
documentation files (the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge, publish, distribute,
and/or sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, provided that the above copyright notice(s) and this permission
notice appear in all copies of the Software and that both the above copyright notice(s)
and this permission notice appear in supporting documentation. THE SOFTWARE IS
PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD
PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS
INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER
RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Except as contained in this notice, the name of a copyright holder shall not be used in
advertising or otherwise to promote the sale, use or other dealings in this Software
without prior written authorization of the copyright holder. All trademarks and
registered trademarks mentioned herein are the property of their respective owners.
---------------------------------------------------------------------- Chinese/Japanese Word Break
Dictionary Data (cjdict.txt) # The Google Chrome software developed by Google is
licensed under # the BSD license. Other software included in this distribution is #
provided under other licenses, as set forth below. # # The BSD License # http://

88
opensource.org/licenses/bsd-license.php # Copyright (C) 2006-2008, Google Inc. # #
All rights reserved. # # Redistribution and use in source and binary forms, with or
without # modification, are permitted provided that the following conditions are met: # #
Redistributions of source code must retain the above copyright notice, # this list of
conditions and the following disclaimer. # Redistributions in binary form must
reproduce the above # copyright notice, this list of conditions and the following #
disclaimer in the documentation and/or other materials provided with # the distribution.
# Neither the name of Google Inc. nor the names of its # contributors may be used to
endorse or promote products derived from # this software without specific prior written
permission. # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS
AND # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF #
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE #
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF # LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING # NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # The word list in cjdict.txt
are generated by combining three word lists # listed below with further processing for
compound word breaking. The # frequency is generated with an iterative training
against Google web # corpora. # # * Libtabe (Chinese) # - https://sourceforge.net/
project/?group_id=1519 # - Its license terms and conditions are shown below. # # *
IPADIC (Japanese) # - http://chasen.aist-nara.ac.jp/chasen/distribution.html # - Its
license terms and conditions are shown below. # # ---------COPYING.libtabe ----
BEGIN-------------------- # # /* # * Copyright (c) 1999 TaBE Project. # * Copyright (c)
1999 Pai-Hsiang Hsiao. # * All rights reserved. # * # * Redistribution and use in source
and binary forms, with or without # * modification, are permitted provided that the
following conditions # * are met: # * # * . Redistributions of source code must retain the
above copyright # * notice, this list of conditions and the following disclaimer. # * .
Redistributions in binary form must reproduce the above copyright # * notice, this list of
conditions and the following disclaimer in # * the documentation and/or other materials
provided with the # * distribution. # * . Neither the name of the TaBE Project nor the
names of its # * contributors may be used to endorse or promote products derived # *
from this software without specific prior written permission. # * # * THIS SOFTWARE
IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # * "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # *
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS #
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE # *
REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # *
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # *
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR # * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) # * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, # * STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) # * ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED # * OF THE POSSIBILITY OF SUCH
DAMAGE. # */ # # /* # * Copyright (c) 1999 Computer Systems and Communication
Lab, # * Institute of Information Science, Academia # * Sinica. All rights reserved. # * #

89
* Redistribution and use in source and binary forms, with or without # * modification,
are permitted provided that the following conditions # * are met: # * # * .
Redistributions of source code must retain the above copyright # * notice, this list of
conditions and the following disclaimer. # * . Redistributions in binary form must
reproduce the above copyright # * notice, this list of conditions and the following
disclaimer in # * the documentation and/or other materials provided with the # *
distribution. # * . Neither the name of the Computer Systems and Communication Lab
# * nor the names of its contributors may be used to endorse or # * promote products
derived from this software without specific # * prior written permission. # * # * THIS
SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
NOT # * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS # * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE # * REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, # * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES # * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR # * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) # * HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, # * STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) # * ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED # * OF THE POSSIBILITY OF
SUCH DAMAGE. # */ # # Copyright 1996 Chih-Hao Tsai @ Beckman Institute, #
University of Illinois # [email protected] http://casper.beckman.uiuc.edu/~c-tsai4 # #
---------------COPYING.libtabe-----END-------------------------------- # # # ---------------
COPYING.ipadic-----BEGIN------------------------------- # # Copyright 2000, 2001, 2002,
2003 Nara Institute of Science # and Technology. All Rights Reserved. # # Use,
reproduction, and distribution of this software is permitted. # Any copy of this software,
whether in its original form or modified, # must include both the above copyright notice
and the following # paragraphs. # # Nara Institute of Science and Technology (NAIST),
# the copyright holders, disclaims all warranties with regard to this # software,
including all implied warranties of merchantability and # fitness, in no event shall
NAIST be liable for # any special, indirect or consequential damages or any damages
# whatsoever resulting from loss of use, data or profits, whether in an # action of
contract, negligence or other tortuous action, arising out # of or in connection with the
use or performance of this software. # # A large portion of the dictionary entries #
originate from ICOT Free Software. The following conditions for ICOT # Free Software
applies to the current dictionary as well. # # Each User may also freely distribute the
Program, whether in its # original form or modified, to any third party or parties,
PROVIDED # that the provisions of Section 3 ("NO WARRANTY") will ALWAYS
appear # on, or be attached to, the Program, which is distributed substantially # in the
same form as set out herein and that such intended # distribution, if actually made, will
neither violate or otherwise # contravene any of the laws and regulations of the
countries having # jurisdiction over the User or the intended distribution itself. # # NO
WARRANTY # # The program was produced on an experimental basis in the course of
the # research and development conducted during the project and is provided # to
users as so produced on an experimental basis. Accordingly, the # program is
provided without any warranty whatsoever, whether express, # implied, statutory or
otherwise. The term "warranty" used herein # includes, but is not limited to, any
warranty of the quality, # performance, merchantability and fitness for a particular
purpose of # the program and the nonexistence of any infringement or violation of #
any right of any third party. # # Each user of the program will agree and understand,
and be deemed to # have agreed and understood, that there is no warranty

90
whatsoever for # the program and, accordingly, the entire risk arising from or #
otherwise connected with the program is assumed by the user. # # Therefore, neither
ICOT, the copyright holder, or any other # organization that participated in or was
otherwise related to the # development of the program and their respective officials,
directors, # officers and other employees shall be held liable for any and all #
damages, including, without limitation, general, special, incidental # and consequential
damages, arising out of or otherwise in connection # with the use or inability to use the
program or any product, material # or result produced or otherwise obtained by using
the program, # regardless of whether they have been advised of, or otherwise had #
knowledge of, the possibility of such damages at any time during the # project or
thereafter. Each user will be deemed to have agreed to the # foregoing by his or her
commencement of use of the program. The term # "use" as used herein includes, but
is not limited to, the use, # modification, copying and distribution of the program and
the # production of secondary products from the program. # # In the case where the
program, whether in its original form or # modified, was distributed or delivered to or
received by a user from # any person, organization or entity other than ICOT, unless it
makes or # grants independently of ICOT any specific warranty to the user in # writing,
such person, organization or entity, will also be exempted # from and not be held liable
to the user for any such damages as noted # above as far as the program is
concerned. # # ---------------COPYING.ipadic-----END----------------------------------
---------------------------------------------------------------------- Lao Word Break Dictionary Data
(laodict.txt) # Copyright (C) 2016 and later: Unicode, Inc. and others. # License &
terms of use: http://www.unicode.org/copyright.html # Copyright (c) 2015 International
Business Machines Corporation # and others. All Rights Reserved. # # Project: https://
github.com/rober42539/lao-dictionary # Dictionary: https://github.com/rober42539/lao-
dictionary/laodict.txt # License: https://github.com/rober42539/lao-dictionary/
LICENSE.txt # (copied below) # # This file is derived from the above dictionary version
of Nov 22, 2020 # ---------------------------------------------------------------------- # Copyright
(C) 2013 Brian Eugene Wilson, Robert Martin Campbell. # All rights reserved. # #
Redistribution and use in source and binary forms, with or without # modification, are
permitted provided that the following conditions are met: # # Redistributions of source
code must retain the above copyright notice, this # list of conditions and the following
disclaimer. Redistributions in binary # form must reproduce the above copyright notice,
this list of conditions and # the following disclaimer in the documentation and/or other
materials # provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY
THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHT HOLDER
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, # INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, #
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) #
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
# OF THE POSSIBILITY OF SUCH DAMAGE. #
--------------------------------------------------------------------------
---------------------------------------------------------------------- Burmese Word Break Dictionary
Data (burmesedict.txt) # Copyright (c) 2014 International Business Machines
Corporation # and others. All Rights Reserved. # # This list is part of a project hosted
at: # github.com/kanyawtech/myanmar-karen-word-lists # #

91
-------------------------------------------------------------------------- # Copyright (c) 2013, LeRoy
Benjamin Sharon # All rights reserved. # # Redistribution and use in source and binary
forms, with or without # modification, are permitted provided that the following
conditions # are met: Redistributions of source code must retain the above # copyright
notice, this list of conditions and the following # disclaimer. Redistributions in binary
form must reproduce the # above copyright notice, this list of conditions and the
following # disclaimer in the documentation and/or other materials provided # with the
distribution. # # Neither the name Myanmar Karen Word Lists, nor the names of its #
contributors may be used to endorse or promote products derived # from this software
without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY
THE COPYRIGHT HOLDERS AND # CONTRIBUTORS "AS IS" AND ANY EXPRESS
OR IMPLIED WARRANTIES, # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, # EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR # TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF # THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. #
--------------------------------------------------------------------------
---------------------------------------------------------------------- Time Zone Database ICU uses
the public domain data and code derived from Time Zone Database for its time zone
support. The ownership of the TZ database is explained in BCP 175: Procedure for
Maintaining the Time Zone Database section 7. # 7. Database Ownership # # The TZ
database itself is not an IETF Contribution or an IETF # document. Rather it is a pre-
existing and regularly updated work # that is in the public domain, and is intended to
remain in the # public domain. Therefore, BCPs 78 [RFC5378] and 79 [RFC3979] do #
not apply to the TZ Database or contributions that individuals make # to it. Should any
claims be made and substantiated against the TZ # Database, the organization that is
providing the IANA # Considerations defined in this RFC, under the memorandum of #
understanding with the IETF, currently ICANN, may act in accordance # with all
competent court orders. No ownership claims will be made # by ICANN or the IETF
Trust on the database or the code. Any person # making a contribution to the database
or code waives all rights to # future claims in that contribution or in the TZ Database.
---------------------------------------------------------------------- Google double-conversion
Copyright 2006-2011, the V8 project authors. All rights reserved. Redistribution and
use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met: * Redistributions of source code must retain the
above copyright notice, this list of conditions and the following disclaimer. *
Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution. * Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from this software
without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE
COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

92
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
---------------------------------------------------------------------- File: aclocal.m4 (only for ICU4C)
Section: pkg.m4 - Macros to locate and utilise pkg-config. Copyright © 2004 Scott
James Remnant <[email protected]>. Copyright © 2012-2015 Dan Nicholson
<[email protected]> This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option) any later
version. This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details. You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple
Place - Suite 330, Boston, MA 02111-1307, USA. As a special exception to the GNU
General Public License, if you distribute this file as part of a program that contains a
configuration script generated by Autoconf, you may include it under the same
distribution terms that you use for the rest of that program. (The condition for the
exception is fulfilled because ICU4C includes a configuration script generated by
Autoconf, namely the `configure` script.)
---------------------------------------------------------------------- File: config.guess (only for
ICU4C) This file is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3 of the License, or (at your option) any later version. This
program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details. You should have received a copy of the GNU General Public License along
with this program; if not, see <https://www.gnu.org/licenses/>. As a special exception
to the GNU General Public License, if you distribute this file as part of a program that
contains a configuration script generated by Autoconf, you may include it under the
same distribution terms that you use for the rest of that program. This Exception is an
additional permission under section 7 of the GNU General Public License, version 3
("GPLv3"). (The condition for the exception is fulfilled because ICU4C includes a
configuration script generated by Autoconf, namely the `configure` script.)
---------------------------------------------------------------------- File: install-sh (only for ICU4C)
Copyright 1991 by the Massachusetts Institute of Technology Permission to use, copy,
modify, distribute, and sell this software and its documentation for any purpose is
hereby granted without fee, provided that the above copyright notice appear in all
copies and that both that copyright notice and this permission notice appear in
supporting documentation, and that the name of M.I.T. not be used in advertising or
publicity pertaining to distribution of the software without specific, written prior
permission. M.I.T. makes no representations about the suitability of this software for
any purpose. It is provided "as is" without express or implied warranty.
#####LICENSE.TXT FOR 4TH PARTY IO.NETTY:NETTY-BUFFER
IO.NETTY:NETTY-COMMON IO.NETTY:NETTY-CODEC IO.NETTY:NETTY-
TRANSPORT IO.NETTY:NETTY-RESOLVER IO.NETTY:NETTY-HANDLER
IO.NETTY:NETTY-TCNATIVE-CLASSES COMPONENTS##### Netty (io.netty:netty-*)

93
Copyright 2012,2021 The Netty Project Copyright 2014 Twitter, Inc. Copyright (c) 2011,
Joe Walnes and contributors Copyright (c) 2008-2009 Bjoern Hoehrmann
<[email protected]> Copyright (c) 2004-2011 QOS.ch
-------------------------------------------- Apache License Version 2.0, January 2004 https://
www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION,
AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for
use, reproduction, and distribution as defined by Sections 1 through 9 of this
document. "Licensor" shall mean the copyright owner or entity authorized by the
copyright owner that is granting the License. "Legal Entity" shall mean the union of the
acting entity and all other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition, "control" means (i) the
power, direct or indirect, to cause the direction or management of such entity, whether
by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall
mean an individual or Legal Entity exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including but
not limited to software source code, documentation source, and configuration files.
"Object" form shall mean any form resulting from mechanical transformation or
translation of a Source form, including but not limited to compiled object code,
generated documentation, and conversions to other media types. "Work" shall mean
the work of authorship, whether in Source or Object form, made available under the
License, as indicated by a copyright notice that is included in or attached to the work
(an example is provided in the Appendix below). "Derivative Works" shall mean any
work, whether in Source or Object form, that is based on (or derived from) the Work
and for which the editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes of this License,
Derivative Works shall not include works that remain separable from, or merely link (or
bind by name) to the interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original version of the
Work and any modifications or additions to that Work or Derivative Works thereof, that
is intentionally submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of the copyright
owner. For the purposes of this definition, "submitted" means any form of electronic,
verbal, or written communication sent to the Licensor or its representatives, including
but not limited to communication on electronic mailing lists, source code control
systems, and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but excluding
communication that is conspicuously marked or otherwise designated in writing by the
copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any
individual or Legal Entity on behalf of whom a Contribution has been received by
Licensor and subsequently incorporated within the Work. 2. Grant of Copyright
License. Subject to the terms and conditions of this License, each Contributor hereby
grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
irrevocable copyright license to reproduce, prepare Derivative Works of, publicly
display, publicly perform, sublicense, and distribute the Work and such Derivative
Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and
conditions of this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this
section) patent license to make, have made, use, offer to sell, sell, import, and
otherwise transfer the Work, where such license applies only to those patent claims
licensable by such Contributor that are necessarily infringed by their Contribution(s)
alone or by combination of their Contribution(s) with the Work to which such

94
Contribution(s) was submitted. If You institute patent litigation against any entity
(including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a
Contribution incorporated within the Work constitutes direct or contributory patent
infringement, then any patent licenses granted to You under this License for that Work
shall terminate as of the date such litigation is filed. 4. Redistribution. You may
reproduce and distribute copies of the Work or Derivative Works thereof in any
medium, with or without modifications, and in Source or Object form, provided that You
meet the following conditions: (a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and (b) You must cause any modified files to
carry prominent notices stating that You changed the files; and (c) You must retain, in
the Source form of any Derivative Works that You distribute, all copyright, patent,
trademark, and attribution notices from the Source form of the Work, excluding those
notices that do not pertain to any part of the Derivative Works; and (d) If the Work
includes a "NOTICE" text file as part of its distribution, then any Derivative Works that
You distribute must include a readable copy of the attribution notices contained within
such NOTICE file, excluding those notices that do not pertain to any part of the
Derivative Works, in at least one of the following places: within a NOTICE text file
distributed as part of the Derivative Works; within the Source form or documentation, if
provided along with the Derivative Works; or, within a display generated by the
Derivative Works, if and wherever such third-party notices normally appear. The
contents of the NOTICE file are for informational purposes only and do not modify the
License. You may add Your own attribution notices within Derivative Works that You
distribute, alongside or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide
additional or different license terms and conditions for use, reproduction, or distribution
of Your modifications, or for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with the conditions
stated in this License. 5. Submission of Contributions. Unless You explicitly state
otherwise, any Contribution intentionally submitted for inclusion in the Work by You to
the Licensor shall be under the terms and conditions of this License, without any
additional terms or conditions. Notwithstanding the above, nothing herein shall
supersede or modify the terms of any separate license agreement you may have
executed with Licensor regarding such Contributions. 6. Trademarks. This License
does not grant permission to use the trade names, trademarks, service marks, or
product names of the Licensor, except as required for reasonable and customary use
in describing the origin of the Work and reproducing the content of the NOTICE file. 7.
Disclaimer of Warranty. Unless required by applicable law or agreed to in writing,
Licensor provides the Work (and each Contributor provides its Contributions) on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied, including, without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR
PURPOSE. You are solely responsible for determining the appropriateness of using or
redistributing the Work and assume any risks associated with Your exercise of
permissions under this License. 8. Limitation of Liability. In no event and under no legal
theory, whether in tort (including negligence), contract, or otherwise, unless required
by applicable law (such as deliberate and grossly negligent acts) or agreed to in
writing, shall any Contributor be liable to You for damages, including any direct,
indirect, special, incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the Work (including but not
limited to damages for loss of goodwill, work stoppage, computer failure or
malfunction, or any and all other commercial damages or losses), even if such

95
Contributor has been advised of the possibility of such damages. 9. Accepting
Warranty or Additional Liability. While redistributing the Work or Derivative Works
thereof, You may choose to offer, and charge a fee for, acceptance of support,
warranty, indemnity, or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only on Your own behalf
and on Your sole responsibility, not on behalf of any other Contributor, and only if You
agree to indemnify, defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason of your accepting
any such warranty or additional liability. END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work. To apply the Apache
License to your work, attach the following boilerplate notice, with the fields enclosed by
brackets "[]" replaced with your own identifying information. (Don't include the
brackets!) The text should be enclosed in the appropriate comment syntax for the file
format. We also recommend that a file or class name and description of purpose be
included on the same "printed page" as the copyright notice for easier identification
within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under
the Apache License, Version 2.0 (the "License"); you may not use this file except in
compliance with the License. You may obtain a copy of the License at https://
www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed
to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under
the License. -------------------------------------------- The Netty Project
================= Please visit the Netty web site for more information: * https://
netty.io/ Copyright 2014 The Netty Project The Netty Project licenses this file to you
under the Apache License, version 2.0 (the "License"); you may not use this file except
in compliance with the License. You may obtain a copy of the License at: https://
www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed
to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under
the License. Also, please refer to each LICENSE.<component>.txt file, which is
located in the 'license' directory of the distribution file, for the license terms of the
components that this product depends on.
------------------------------------------------------------------------------- This product contains the
extensions to Java Collections Framework which has been derived from the works by
JSR-166 EG, Doug Lea, and Jason T. Greene: * LICENSE: * license/
LICENSE.jsr166y.txt (Public Domain) The person or persons who have associated
work with this document (the "Dedicator" or "Certifier") hereby either (a) certifies that,
to the best of his knowledge, the work of authorship identified is in the public domain of
the country from which the work is published, or (b) hereby dedicates whatever
copyright the dedicators holds in the work of authorship identified below (the "Work") to
the public domain. A certifier, moreover, dedicates any copyright interest he may have
in the associated work, and for these purposes, is described as a "dedicator" below. A
certifier has taken reasonable steps to verify the copyright status of this work. Certifier
recognizes that his good faith efforts may not shield him from liability if in fact the work
certified is not in the public domain. Dedicator makes this dedication for the benefit of
the public at large and to the detriment of the Dedicator's heirs and successors.
Dedicator intends this dedication to be an overt act of relinquishment in perpetuity of
all present and future rights under copyright law, whether vested or contingent, in the
Work. Dedicator understands that such relinquishment of all rights includes the
relinquishment of all rights to enforce (by lawsuit or otherwise) those copyrights in the

96
Work. Dedicator recognizes that, once placed in the public domain, the Work may be
freely reproduced, distributed, transmitted, used, modified, built upon, or otherwise
exploited by anyone for any purpose, commercial or non-commercial, and in any way,
including by methods that have not yet been invented or conceived. * HOMEPAGE: *
http://gee.cs.oswego.edu/cgi-bin/viewcvs.cgi/jsr166/ * http://viewvc.jboss.org/cgi-bin/
viewvc.cgi/jbosscache/experimental/jsr166/
----------------------------------------------------------------------------------- This product contains a
modified version of Robert Harder's Public Domain Base64 Encoder and Decoder,
which can be obtained at: * LICENSE: * license/LICENSE.base64.txt (Public Domain)
The person or persons who have associated work with this document (the "Dedicator"
or "Certifier") hereby either (a) certifies that, to the best of his knowledge, the work of
authorship identified is in the public domain of the country from which the work is
published, or (b) hereby dedicates whatever copyright the dedicators holds in the work
of authorship identified below (the "Work") to the public domain. A certifier, moreover,
dedicates any copyright interest he may have in the associated work, and for these
purposes, is described as a "dedicator" below. A certifier has taken reasonable steps
to verify the copyright status of this work. Certifier recognizes that his good faith efforts
may not shield him from liability if in fact the work certified is not in the public domain.
Dedicator makes this dedication for the benefit of the public at large and to the
detriment of the Dedicator's heirs and successors. Dedicator intends this dedication to
be an overt act of relinquishment in perpetuity of all present and future rights under
copyright law, whether vested or contingent, in the Work. Dedicator understands that
such relinquishment of all rights includes the relinquishment of all rights to enforce (by
lawsuit or otherwise) those copyrights in the Work. Dedicator recognizes that, once
placed in the public domain, the Work may be freely reproduced, distributed,
transmitted, used, modified, built upon, or otherwise exploited by anyone for any
purpose, commercial or non-commercial, and in any way, including by methods that
have not yet been invented or conceived. * HOMEPAGE: * http://
iharder.sourceforge.net/current/java/base64/
------------------------------------------------------------------------------------- This product contains
a modified portion of 'Webbit', an event based WebSocket and HTTP server, which
can be obtained at: * LICENSE: * license/LICENSE.webbit.txt (BSD License) (BSD
License: https://www.opensource.org/licenses/bsd-license) Copyright (c) 2011, Joe
Walnes, Aslak Hellesøy and contributors All rights reserved. Redistribution and use in
source and binary forms, with or without modification, are permitted provided that the
following conditions are met: * Redistributions of source code must retain the above
copyright notice, this list of conditions and the following disclaimer. * Redistributions in
binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the
distribution. * Neither the name of the Webbit nor the names of its contributors may be
used to endorse or promote products derived from this software without specific prior
written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT
HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN

97
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. * HOMEPAGE: * https://github.com/joewalnes/
webbit -------------------------------------------------------------------------------- This product
contains a modified portion of 'SLF4J', a simple logging facade for Java, which can be
obtained at: * LICENSE: * license/LICENSE.slf4j.txt (MIT License) /* * Copyright (c)
2004-2007 QOS.ch * All rights reserved. * * Permission is hereby granted, free of
charge, to any person obtaining * a copy of this software and associated
documentation files (the * "Software"), to deal in the Software without restriction,
including * without limitation the rights to use, copy, modify, merge, publish, * distribute,
sublicense, and/or sell copies of the Software, and to * permit persons to whom the
Software is furnished to do so, subject to * the following conditions: * * The above
copyright notice and this permission notice shall be * included in all copies or
substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS",
WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT
NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE * LIABLE FOR ANY CLAIM, DAMAGES
OR OTHER LIABILITY, WHETHER IN AN ACTION * OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ *
HOMEPAGE: * https://www.slf4j.org/
------------------------------------------------------------------------------------------------ This product
contains a modified portion of 'Apache Harmony', an open source Java SE, which can
be obtained at: * NOTICE: * license/NOTICE.harmony.txt Apache Harmony Copyright
2006, 2010 The Apache Software Foundation. This product includes software
developed at The Apache Software Foundation (https://www.apache.org/). * LICENSE:
* license/LICENSE.harmony.txt (Apache License 2.0) * HOMEPAGE: * https://
archive.apache.org/dist/harmony/
------------------------------------------------------------------------------------------ This product
contains a modified portion of 'jbzip2', a Java bzip2 compression and decompression
library written by Matthew J. Francis. It can be obtained at: * LICENSE: * license/
LICENSE.jbzip2.txt (MIT License) Copyright (c) 2010-2011 Matthew J. Francis and
Contributors of the jbzip2 Project Permission is hereby granted, free of charge, to any
person obtaining a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including without limitation the
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions: The above copyright notice and this permission
notice shall be included in all copies or substantial portions of the Software. THE
SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE. * HOMEPAGE: * https://code.google.com/p/
jbzip2/ --------------------------------------------------------------------------------------------------------
This product contains a modified portion of 'libdivsufsort', a C API library to construct
the suffix array and the Burrows-Wheeler transformed string for any input string of a
constant-size alphabet written by Yuta Mori. It can be obtained at: * LICENSE: *
license/LICENSE.libdivsufsort.txt (MIT License) Copyright (c) 2003-2008 Yuta Mori All

98
Rights Reserved. Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so, subject to the
following conditions: The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software. THE SOFTWARE IS
PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE. * HOMEPAGE: * https://github.com/y-256/libdivsufsort
------------------------------------------------------------------------------------------------- This product
contains a modified portion of Nitsan Wakart's 'JCTools', Java Concurrency Tools for
the JVM, which can be obtained at: * LICENSE: * license/LICENSE.jctools.txt (ASL2
License) * HOMEPAGE: * https://github.com/JCTools/JCTools
----------------------------------------------------------------------------------------------------- This
product optionally depends on 'JZlib', a re-implementation of zlib in pure Java, which
can be obtained at: * LICENSE: * license/LICENSE.jzlib.txt (BSD style License)
Copyright (c) 2000,2001,2002,2003,2004 ymnk, JCraft,Inc. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met: 1. Redistributions of source
code must retain the above copyright notice, this list of conditions and the following
disclaimer. 2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution. 3. The names of the authors may not be
used to endorse or promote products derived from this software without specific prior
written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT, INC.
OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
HOMEPAGE: * http://www.jcraft.com/jzlib/
---------------------------------------------------------------------------------------------------- This
product optionally depends on 'Compress-LZF', a Java library for encoding and
decoding data in LZF format, written by Tatu Saloranta. It can be obtained at: *
LICENSE: * license/LICENSE.compress-lzf.txt (Apache License 2.0) Copyright
2009-2010 Ning, Inc. Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. You may obtain a
copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required
by applicable law or agreed to in writing, software distributed under the License is
distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY

99
KIND, either express or implied. See the License for the specific language governing
permissions and limitations under the License. * HOMEPAGE: * https://github.com/
ning/compress ---------------------------------------------------------------------------------- This
product optionally depends on 'lz4', a LZ4 Java compression and decompression
library written by Adrien Grand. It can be obtained at: * LICENSE: * license/
LICENSE.lz4.txt (Apache License 2.0) * HOMEPAGE: * https://github.com/jpountz/lz4-
java ------------------------------------------------------------------------------------- This product
optionally depends on 'lzma-java', a LZMA Java compression and decompression
library, which can be obtained at: * LICENSE: * license/LICENSE.lzma-java.txt
(Apache License 2.0) * HOMEPAGE: * https://github.com/jponge/lzma-java
----------------------------------------------------------------------------------------------------- This
product optionally depends on 'zstd-jni', a zstd-jni Java compression and
decompression library, which can be obtained at: * LICENSE: * license/LICENSE.zstd-
jni.txt (Apache License 2.0) * HOMEPAGE: * https://github.com/luben/zstd-jni
----------------------------------------------------------------------------------------------------- This
product contains a modified portion of 'jfastlz', a Java port of FastLZ compression and
decompression library written by William Kinney. It can be obtained at: * LICENSE: *
license/LICENSE.jfastlz.txt (MIT License) The MIT License Copyright (c) 2009 William
Kinney Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in the
Software without restriction, including without limitation the rights to use, copy, modify,
merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit
persons to whom the Software is furnished to do so, subject to the following
conditions: The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS
IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. *
HOMEPAGE: * https://code.google.com/p/jfastlz/
------------------------------------------------------------------------------------------------------- This
product contains a modified portion of and optionally depends on 'Protocol Buffers',
Google's data interchange format, which can be obtained at: * LICENSE: * license/
LICENSE.protobuf.txt (New BSD License) Protocol Buffers - Google's data
interchange format Copyright 2013 Google Inc. All rights reserved. https://
developers.google.com/protocol-buffers/ Redistribution and use in source and binary
forms, with or without modification, are permitted provided that the following conditions
are met: * Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer. * Redistributions in binary form must
reproduce the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the distribution. *
Neither the name of Google Inc. nor the names of its contributors may be used to
endorse or promote products derived from this software without specific prior written
permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

100
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. Code generated by the Protocol Buffer compiler is
owned by the owner of the input file used when generating it. This code is not
standalone and requires a support library to be linked with it. This support library is
itself covered by the above license. * HOMEPAGE: * https://github.com/google/
protobuf ------------------------------------------------------------------------------------------------ This
product optionally depends on 'Bouncy Castle Crypto APIs' to generate a temporary
self-signed X.509 certificate when the JVM does not provide the equivalent
functionality. It can be obtained at: * LICENSE: * license/LICENSE.bouncycastle.txt
(MIT License) The MIT License (MIT) Copyright (c) 2000 - 2013 The Legion of the
Bouncy Castle Inc. (https://www.bouncycastle.org) Permission is hereby granted, free
of charge, to any person obtaining a copy of this software and associated
documentation files (the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge, publish, distribute,
sublicense, and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions: The above copyright
notice and this permission notice shall be included in all copies or substantial portions
of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE. * HOMEPAGE: * https://
www.bouncycastle.org/
----------------------------------------------------------------------------------------------------- This
product optionally depends on 'Snappy', a compression library produced by Google
Inc, which can be obtained at: * LICENSE: * license/LICENSE.snappy.txt (New BSD
License) Copyright 2011, Google Inc. All rights reserved. Redistribution and use in
source and binary forms, with or without modification, are permitted provided that the
following conditions are met: * Redistributions of source code must retain the above
copyright notice, this list of conditions and the following disclaimer. * Redistributions in
binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the
distribution. * Neither the name of Google Inc. nor the names of its contributors may be
used to endorse or promote products derived from this software without specific prior
written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT
HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

101
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. * HOMEPAGE: * https://github.com/google/snappy
------------------------------------------------------------------------------------------------------- This
product optionally depends on 'JBoss Marshalling', an alternative Java serialization
API, which can be obtained at: * LICENSE: * license/LICENSE.jboss-marshalling.txt
(Apache License 2.0) * HOMEPAGE: * https://github.com/jboss-remoting/jboss-
marshalling
------------------------------------------------------------------------------------------------------------ This
product optionally depends on 'Caliper', Google's micro- benchmarking framework,
which can be obtained at: * LICENSE: * license/LICENSE.caliper.txt (Apache License
2.0) * HOMEPAGE: * https://github.com/google/caliper
--------------------------------------------------------------------------------------------------------- This
product optionally depends on 'Apache Commons Logging', a logging framework,
which can be obtained at: * LICENSE: * license/LICENSE.commons-logging.txt
(Apache License 2.0) * HOMEPAGE: * https://commons.apache.org/logging/
--------------------------------------------------------------------------------------------------- This
product optionally depends on 'Apache Log4J', a logging framework, which can be
obtained at: * LICENSE: * license/LICENSE.log4j.txt (Apache License 2.0) *
HOMEPAGE: * https://logging.apache.org/log4j/
------------------------------------------------------------------------------------------------- This product
optionally depends on 'Aalto XML', an ultra-high performance non-blocking XML
processor, which can be obtained at: * LICENSE: * license/LICENSE.aalto-xml.txt
(Apache License 2.0) This copy of Aalto XML processor is licensed under the Apache
(Software) License, version 2.0 ("the License"). See the License for details about
distribution rights, and the specific rights regarding derivate works. You may obtain a
copy of the License at: https://www.apache.org/licenses/ A copy is also included with
both the the downloadable source code package and jar that contains class
bytecodes, as file "ASL 2.0". In both cases, that file should be located next to this file:
in source distribution the location should be "release-notes/asl"; and in jar "META-INF/"
* HOMEPAGE: * http://wiki.fasterxml.com/AaltoHome
-------------------------------------------------------------------------------------------- This product
contains a modified version of 'HPACK', a Java implementation of the HTTP/2 HPACK
algorithm written by Twitter. It can be obtained at: * LICENSE: * license/
LICENSE.hpack.txt (Apache License 2.0) * HOMEPAGE: * https://github.com/twitter/
hpack -------------------------------------------------------------------------------------------------- This
product contains a modified version of 'HPACK', a Java implementation of the HTTP/2
HPACK algorithm written by Cory Benfield. It can be obtained at: * LICENSE: * license/
LICENSE.hyper-hpack.txt (MIT License) The MIT License (MIT) Copyright (c) 2014
Cory Benfield Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to use, copy,
modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
to permit persons to whom the Software is furnished to do so, subject to the following
conditions: The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS
IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE

102
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. *
HOMEPAGE: * https://github.com/python-hyper/hpack/
-------------------------------------------------------------------------------------------------------- This
product contains a modified version of 'HPACK', a Java implementation of the HTTP/2
HPACK algorithm written by Tatsuhiro Tsujikawa. It can be obtained at: * LICENSE: *
license/LICENSE.nghttp2-hpack.txt (MIT License) The MIT License Copyright (c)
2012, 2014, 2015, 2016 Tatsuhiro Tsujikawa Copyright (c) 2012, 2014, 2015, 2016
nghttp2 contributors Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so, subject to the
following conditions: The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software. THE SOFTWARE IS
PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE. * HOMEPAGE: * https://github.com/nghttp2/nghttp2/
------------------------------------------------------------------------------------------------------ This
product contains a modified portion of 'Apache Commons Lang', a Java library
provides utilities for the java.lang API, which can be obtained at: * LICENSE: * license/
LICENSE.commons-lang.txt (Apache License 2.0) * HOMEPAGE: * https://
commons.apache.org/proper/commons-lang/
----------------------------------------------------------------------------------------------------------- This
product contains the Maven wrapper scripts from 'Maven Wrapper', that provides an
easy way to ensure a user has everything necessary to run the Maven build. *
LICENSE: * license/LICENSE.mvn-wrapper.txt (Apache License 2.0) * HOMEPAGE: *
https://github.com/takari/maven-wrapper
------------------------------------------------------------------------------------------------------------ This
product contains the dnsinfo.h header file, that provides a way to retrieve the system
DNS configuration on MacOS. This private header is also used by Apple's open
source mDNSResponder (https://opensource.apple.com/tarballs/mDNSResponder/). *
LICENSE: * license/LICENSE.dnsinfo.txt (Apple Public Source License 2.0) /* *
Copyright (c) 2004-2006, 2008, 2009, 2011 Apple Inc. All rights reserved. * *
@APPLE_LICENSE_HEADER_START@ * * This file contains Original Code and/or
Modifications of Original Code * as defined in and that are subject to the Apple Public
Source License * Version 2.0 (the 'License'). You may not use this file except in *
compliance with the License. Please obtain a copy of the License at * https://
www.opensource.apple.com/apsl/ and read it before using this * file. * * The Original
Code and all software distributed under the License are * distributed on an 'AS IS'
basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED,
AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING
WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS
FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. *
Please see the License for the specific language governing rights and * limitations
under the License. * * @APPLE_LICENSE_HEADER_END@ */ * HOMEPAGE: *
https://www.opensource.apple.com/source/configd/configd-453.19/dnsinfo/dnsinfo.h
---------------------------------------------------------------------------------------------------------------

103
This product optionally depends on 'Brotli4j', Brotli compression and decompression
for Java., which can be obtained at: * LICENSE: * license/LICENSE.brotli4j.txt
(Apache License 2.0) * HOMEPAGE: * https://github.com/hyperxpro/Brotli4j
#####LICENSE.TXT FOR 4TH PARTY ORG.APACHE.ANT:ANT AND
ORG.APACHE.ANT:ANT-LAUNCHER COMPONENT##### /* * Apache License *
Version 2.0, January 2004 * http://www.apache.org/licenses/ * * TERMS AND
CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION * * 1. Definitions. *
* "License" shall mean the terms and conditions for use, reproduction, * and
distribution as defined by Sections 1 through 9 of this document. * * "Licensor" shall
mean the copyright owner or entity authorized by * the copyright owner that is granting
the License. * * "Legal Entity" shall mean the union of the acting entity and all * other
entities that control, are controlled by, or are under common * control with that entity.
For the purposes of this definition, * "control" means (i) the power, direct or indirect, to
cause the * direction or management of such entity, whether by contract or * otherwise,
or (ii) ownership of fifty percent (50%) or more of the * outstanding shares, or (iii)
beneficial ownership of such entity. * * "You" (or "Your") shall mean an individual or
Legal Entity * exercising permissions granted by this License. * * "Source" form shall
mean the preferred form for making modifications, * including but not limited to
software source code, documentation * source, and configuration files. * * "Object"
form shall mean any form resulting from mechanical * transformation or translation of a
Source form, including but * not limited to compiled object code, generated
documentation, * and conversions to other media types. * * "Work" shall mean the
work of authorship, whether in Source or * Object form, made available under the
License, as indicated by a * copyright notice that is included in or attached to the work
* (an example is provided in the Appendix below). * * "Derivative Works" shall mean
any work, whether in Source or Object * form, that is based on (or derived from) the
Work and for which the * editorial revisions, annotations, elaborations, or other
modifications * represent, as a whole, an original work of authorship. For the purposes
* of this License, Derivative Works shall not include works that remain * separable
from, or merely link (or bind by name) to the interfaces of, * the Work and Derivative
Works thereof. * * "Contribution" shall mean any work of authorship, including * the
original version of the Work and any modifications or additions * to that Work or
Derivative Works thereof, that is intentionally * submitted to Licensor for inclusion in
the Work by the copyright owner * or by an individual or Legal Entity authorized to
submit on behalf of * the copyright owner. For the purposes of this definition,
"submitted" * means any form of electronic, verbal, or written communication sent * to
the Licensor or its representatives, including but not limited to * communication on
electronic mailing lists, source code control systems, * and issue tracking systems that
are managed by, or on behalf of, the * Licensor for the purpose of discussing and
improving the Work, but * excluding communication that is conspicuously marked or
otherwise * designated in writing by the copyright owner as "Not a Contribution." * *
"Contributor" shall mean Licensor and any individual or Legal Entity * on behalf of
whom a Contribution has been received by Licensor and * subsequently incorporated
within the Work. * * 2. Grant of Copyright License. Subject to the terms and conditions
of * this License, each Contributor hereby grants to You a perpetual, * worldwide, non-
exclusive, no-charge, royalty-free, irrevocable * copyright license to reproduce,
prepare Derivative Works of, * publicly display, publicly perform, sublicense, and
distribute the * Work and such Derivative Works in Source or Object form. * * 3. Grant
of Patent License. Subject to the terms and conditions of * this License, each
Contributor hereby grants to You a perpetual, * worldwide, non-exclusive, no-charge,
royalty-free, irrevocable * (except as stated in this section) patent license to make,
have made, * use, offer to sell, sell, import, and otherwise transfer the Work, * where

104
such license applies only to those patent claims licensable * by such Contributor that
are necessarily infringed by their * Contribution(s) alone or by combination of their
Contribution(s) * with the Work to which such Contribution(s) was submitted. If You *
institute patent litigation against any entity (including a * cross-claim or counterclaim in
a lawsuit) alleging that the Work * or a Contribution incorporated within the Work
constitutes direct * or contributory patent infringement, then any patent licenses *
granted to You under this License for that Work shall terminate * as of the date such
litigation is filed. * * 4. Redistribution. You may reproduce and distribute copies of the *
Work or Derivative Works thereof in any medium, with or without * modifications, and
in Source or Object form, provided that You * meet the following conditions: * * (a) You
must give any other recipients of the Work or * Derivative Works a copy of this
License; and * * (b) You must cause any modified files to carry prominent notices *
stating that You changed the files; and * * (c) You must retain, in the Source form of
any Derivative Works * that You distribute, all copyright, patent, trademark, and *
attribution notices from the Source form of the Work, * excluding those notices that do
not pertain to any part of * the Derivative Works; and * * (d) If the Work includes a
"NOTICE" text file as part of its * distribution, then any Derivative Works that You
distribute must * include a readable copy of the attribution notices contained * within
such NOTICE file, excluding those notices that do not * pertain to any part of the
Derivative Works, in at least one * of the following places: within a NOTICE text file
distributed * as part of the Derivative Works; within the Source form or *
documentation, if provided along with the Derivative Works; or, * within a display
generated by the Derivative Works, if and * wherever such third-party notices normally
appear. The contents * of the NOTICE file are for informational purposes only and * do
not modify the License. You may add Your own attribution * notices within Derivative
Works that You distribute, alongside * or as an addendum to the NOTICE text from the
Work, provided * that such additional attribution notices cannot be construed * as
modifying the License. * * You may add Your own copyright statement to Your
modifications and * may provide additional or different license terms and conditions *
for use, reproduction, or distribution of Your modifications, or * for any such Derivative
Works as a whole, provided Your use, * reproduction, and distribution of the Work
otherwise complies with * the conditions stated in this License. * * 5. Submission of
Contributions. Unless You explicitly state otherwise, * any Contribution intentionally
submitted for inclusion in the Work * by You to the Licensor shall be under the terms
and conditions of * this License, without any additional terms or conditions. *
Notwithstanding the above, nothing herein shall supersede or modify * the terms of
any separate license agreement you may have executed * with Licensor regarding
such Contributions. * * 6. Trademarks. This License does not grant permission to use
the trade * names, trademarks, service marks, or product names of the Licensor, *
except as required for reasonable and customary use in describing the * origin of the
Work and reproducing the content of the NOTICE file. * * 7. Disclaimer of Warranty.
Unless required by applicable law or * agreed to in writing, Licensor provides the Work
(and each * Contributor provides its Contributions) on an "AS IS" BASIS, * WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or * implied,
including, without limitation, any warranties or conditions * of TITLE, NON-
INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A * PARTICULAR
PURPOSE. You are solely responsible for determining the * appropriateness of using
or redistributing the Work and assume any * risks associated with Your exercise of
permissions under this License. * * 8. Limitation of Liability. In no event and under no
legal theory, * whether in tort (including negligence), contract, or otherwise, * unless
required by applicable law (such as deliberate and grossly * negligent acts) or agreed
to in writing, shall any Contributor be * liable to You for damages, including any direct,

105
indirect, special, * incidental, or consequential damages of any character arising as a *
result of this License or out of the use or inability to use the * Work (including but not
limited to damages for loss of goodwill, * work stoppage, computer failure or
malfunction, or any and all * other commercial damages or losses), even if such
Contributor * has been advised of the possibility of such damages. * * 9. Accepting
Warranty or Additional Liability. While redistributing * the Work or Derivative Works
thereof, You may choose to offer, * and charge a fee for, acceptance of support,
warranty, indemnity, * or other liability obligations and/or rights consistent with this *
License. However, in accepting such obligations, You may act only * on Your own
behalf and on Your sole responsibility, not on behalf * of any other Contributor, and
only if You agree to indemnify, * defend, and hold each Contributor harmless for any
liability * incurred by, or claims asserted against, such Contributor by reason * of your
accepting any such warranty or additional liability. * * END OF TERMS AND
CONDITIONS * * APPENDIX: How to apply the Apache License to your work. * * To
apply the Apache License to your work, attach the following * boilerplate notice, with
the fields enclosed by brackets "[]" * replaced with your own identifying information.
(Don't include * the brackets!) The text should be enclosed in the appropriate *
comment syntax for the file format. We also recommend that a * file or class name and
description of purpose be included on the * same "printed page" as the copyright
notice for easier * identification within third-party archives. * * Copyright [yyyy] [name
of copyright owner] * * Licensed under the Apache License, Version 2.0 (the
"License"); * you may not use this file except in compliance with the License. * You
may obtain a copy of the License at * * https://www.apache.org/licenses/LICENSE-2.0
* * Unless required by applicable law or agreed to in writing, software * distributed
under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. * See the License for the
specific language governing permissions and * limitations under the License. */ W3C�
SOFTWARE NOTICE AND LICENSE https://www.w3.org/Consortium/Legal/2002/
copyright-software-20021231 This work (and included software, documentation such
as READMEs, or other related items) is being provided by the copyright holders under
the following license. By obtaining, using and/or copying this work, you (the licensee)
agree that you have read, understood, and will comply with the following terms and
conditions. Permission to copy, modify, and distribute this software and its
documentation, with or without modification, for any purpose and without fee or royalty
is hereby granted, provided that you include the following on ALL copies of the
software and documentation or portions thereof, including modifications: 1. The full
text of this NOTICE in a location viewable to users of the redistributed or derivative
work. 2. Any pre-existing intellectual property disclaimers, notices, or terms and
conditions. If none exist, the W3C Software Short Notice should be included (hypertext
is preferred, text is permitted) within the body of any redistributed or derivative code. 3.
Notice of any changes or modifications to the files, including the date changes were
made. (We recommend you provide URIs to the location from which the code is
derived.) THIS SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS," AND
COPYRIGHT HOLDERS MAKE NO REPRESENTATIONS OR WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT
THE USE OF THE SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY
THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT,
SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE
SOFTWARE OR DOCUMENTATION. The name and trademarks of copyright holders
may NOT be used in advertising or publicity pertaining to the software without specific,

106
written prior permission. Title to copyright in this software and any associated
documentation will at all times remain with copyright holders.
____________________________________ This formulation of W3C's notice and
license became active on December 31 2002. This version removes the copyright
ownership notice such that this license can be used with materials other than those
owned by the W3C, reflects that ERCIM is now a host of the W3C, includes references
to this specific dated version of the license, and removes the ambiguous grant of
"use". Otherwise, this version is the same as the previous version and is written so as
to preserve the Free Software Foundation's assessment of GPL compatibility and
OSI's certification under the Open Source Definition. Please see our Copyright FAQ for
common questions about using materials from our site, including specific terms and
conditions for packages like libwww, Amaya, and Jigsaw. Other questions about this
notice can be directed to [email protected]. Joseph Reagle <[email protected]>
This license came from: http://www.megginson.com/SAX/copying.html However
please note future versions of SAX may be covered under http://saxproject.org/?
selected=pd SAX2 is Free! I hereby abandon any property rights to SAX 2.0 (the
Simple API for XML), and release all of the SAX 2.0 source code, compiled code, and
documentation contained in this distribution into the Public Domain. SAX comes with
NO WARRANTY or guarantee of fitness for any purpose. David Megginson,
[email protected] 2000-05-05 ##### NOTICE.TXT FOR 4TH PARTY
ORG.APACHE.ANT:ANT AND ORG.APACHE.ANT:ANT-LAUNCHER
COMPONENT##### Apache Ant Copyright 1999-2022 The Apache Software
Foundation This product includes software developed at The Apache Software
Foundation (https://www.apache.org/). The <sync> task is based on code Copyright (c)
2002, Landmark Graphics Corp that has been kindly donated to the Apache Software
Foundation. #####LICENSE.TXT FOR 4TH PARTY
COM.GOOGLE.CODE.FINDBUGS:JSR305 COMPONENTS##### Copyright (c)
2007-2009, JSR305 expert group All rights reserved. Redistribution and use in source
and binary forms, with or without modification, are permitted provided that the following
conditions are met: * Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer. * Redistributions in binary
form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the
distribution. * Neither the name of the JSR305 expert group nor the names of its
contributors may be used to endorse or promote products derived from this software
without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE
COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. #####NOTICE.TXT FOR 4TH PARTY
ORG.ANTLR:ANTLR ORG.ANTLR:ANTLR-RUNTIME AND ORG.ANTLR:ST4
COMPONENTS##### Copyright (c) 2012-2017 The ANTLR Project. All rights
reserved. Use of this file is governed by the BSD 3-clause license that can be found in
the LICENSE.txt file in the project root. ##### NOTICE.TXT FOR 4TH PARTY

107
COM.GOOGLE.GUAVA:GUAVA, COM.GOOGLE.GUAVA:FAILUREACCESS
COM.GOOGLE.GUAVA:LISTENABLEFUTURE ##### Copyright (C) 2010 The Guava
Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not
use this file except in compliance with the License. You may obtain a copy of the
License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable
law or agreed to in writing, software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied. See the License for the specific language governing permissions
and limitations under the License. ##### NOTICE.TXT FOR 4TH PARTY
COM.GITHUB.JNR:JFFI ##### Copyright (C) 2009 Wayne Meissner This file is part of
jffi. Licensed under the Apache License, Version 2.0 (the "License"); you may not use
this file except in compliance with the License. You may obtain a copy of the License
at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or
agreed to in writing, software distributed under the License is distributed on an "AS IS"
BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing permissions and
limitations under the License. Alternatively, you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option) any later
version. This code is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
more details. You should have received a copy of the GNU Lesser General Public
License along with this work. If not, see <http://www.gnu.org/licenses/>. #####
NOTICE.TXT FOR 4TH PARTY COM.GITHUB.JNR:JNR-CONSTANTS #####
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this
file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or
agreed to in writing, software distributed under the License is distributed on an "AS IS"
BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing permissions and
limitations under the License. ##### NOTICE.TXT FOR 4TH PARTY
COM.GITHUB.JNR:JNR-A64ASM ##### Copyright (C) 2018 Ossdev07 This file is
part of the JNR project. Licensed under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance with the License. You may
obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless
required by applicable law or agreed to in writing, software distributed under the
License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License. #####
NOTICE.TXT FOR 4TH PARTY COM.GITHUB.JNR:JNR-X86ASM##### Copyright
(C) 2010 Wayne Meissner Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so, subject to the
following conditions: The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software. THE SOFTWARE IS
PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY

108
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE. ##### NOTICE.TXT FOR 4TH PARTY COM.GITHUB.JNR:JNR-
NETDB### Copyright (C) 2010 Wayne Meissner This file is part of jnr. Licensed under
the Apache License, Version 2.0 (the "License"); you may not use this file except in
compliance with the License. You may obtain a copy of the License at http://
www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed
to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under
the License. #####NOTICE.TXT FOR 4TH PARTY JLINE:JLINE COMPONENT#####
Copyright (c) 2002-2021, the original author or authors. This software is distributable
under the BSD license. See the terms of the BSD license in the documentation
provided with this software. https://opensource.org/licenses/BSD-3-Clause
#####NOTICE.TXT FOR 4TH PARTY ORG.OW2.ASM:ASM ORG.OW2.ASM:ASM-
COMMONS, ORG.OW2.ASM:ASM-TREE AND ORG.OW2.ASM:ASM-ANALYSIS
COMPONENT##### ASM: a very small and fast Java bytecode manipulation
framework Copyright (c) 2000-2011 INRIA, France Telecom All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met: 1. Redistributions of source
code must retain the above copyright notice, this list of conditions and the following
disclaimer. 2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution. 3. Neither the name of the copyright
holders nor the names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission. THIS SOFTWARE
IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#####NOTICE.TXT FOR 4TH PARTY COM.IBM.ICU:ICU4J COMPONENT##### // ©
2016 and later: Unicode, Inc. and others. // License & terms of use: http://
www.unicode.org/copyright.html
***************************************************************************** Copyright (C)
2005-2006, International Business Machines Corporation and others. All Rights
Reserved. *****************************************************************************
#####NOTICE.TXT FOR 4TH PARTY
COM.GOOGLE.ERRORPRONE:ERROR_PRONE_ANNOTATIONS##### Copyright
2017 The Error Prone Authors. Licensed under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance with the License. You may
obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless
required by applicable law or agreed to in writing, software distributed under the
License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR

109
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
#####NOTICE.TXT FOR 4TH PARTY COM.GOOGLE.J2OBJC:J2OBJC-
ANNOTATIONS ##### Copyright 2012 Google Inc. All Rights Reserved. Licensed
under the Apache License, Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a copy of the License at http://
www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed
to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under
the License.

Oracle Database Database Security Assessment Tool User Guide , Release 3.0.0
F21286-08

Copyright © 2016, 2023, Oracle and/or its affiliates

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws.
Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit,
perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software, software documentation, data (as defined in the Federal Acquisition Regulation), or related documentation that is delivered to the U.S. Government or anyone
licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed, or activated on delivered
hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are
"commercial computer software," "commercial computer software documentation," or "limited rights data" pursuant to the applicable Federal Acquisition Regulation and agency-
specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i)
Oracle programs (including any operating system, integrated software, any programs embedded, installed, or activated on delivered hardware, and modifications of such
programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
The terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S.
Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous
applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take
all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by
use of this software or hardware in dangerous applications.

Oracle®, Java, and MySQL are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks
of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open
Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates
are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable
agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-
party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

110