From f918706b99ade9af2d24bd94052d512083cbd7be Mon Sep 17 00:00:00 2001 From: PauloASilva Date: Mon, 24 Jun 2019 09:30:34 +0100 Subject: [PATCH 1/4] refactor: rename A1:2019 Broken Object Level Access Control Category was renamed "Missing Object Level Access Control" --- 2019/en/src/0x00-toc.md | 2 +- 2019/en/src/0x11-t10.md | 2 +- ...control.md => 0xa1-missing-object-level-access-control.md} | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) rename 2019/en/src/{0xa1-broken-object-level-access-control.md => 0xa1-missing-object-level-access-control.md} (97%) diff --git a/2019/en/src/0x00-toc.md b/2019/en/src/0x00-toc.md index 5dab10529..54467b6fe 100644 --- a/2019/en/src/0x00-toc.md +++ b/2019/en/src/0x00-toc.md @@ -8,7 +8,7 @@ Table of Contents * [Release Notes](0x04-release-notes.md) * [API Security Risks](0x10-api-security-risks.md) * [OWASP Top 10 API Security Risks – 2019](0x11-t10.md) -* [A1:2019 Broken Object Level Access Control](0xa1-broken-object-level-access-control.md) +* [A1:2019 Missing Object Level Access Control](0xa1-missing-object-level-access-control.md) * [A2:2019 Broken Authentication](0xa2-broken-authentication.md) * [A3:2019 Improper Data Filtering](0xa3-improper-data-filtering.md) * [A4:2019 Lack of Resources & Rate Limiting](0xa4-lack-of-resources-and-rate-limiting.md) diff --git a/2019/en/src/0x11-t10.md b/2019/en/src/0x11-t10.md index 8c2c61e10..73ed4ae7e 100644 --- a/2019/en/src/0x11-t10.md +++ b/2019/en/src/0x11-t10.md @@ -3,7 +3,7 @@ OWASP Top 10 API Security Risks – 2019 | Risk | Description | | ---- | ----------- | -| A1:2019 - Broken Object Level Access Control | APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue. Object level authorization checks should be taken in mind in every function that accesses a data source using an input from the user. | +| A1:2019 - Missing Object Level Access Control | APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue. Object level authorization checks should be taken in mind in every function that accesses a data source using an input from the user. | | A2:2019 - Broken Authentication | Authentication mechanisms are often implemented incorrectly, allowing attackers to compromise authentication tokens or to exploit implementation flaws to assume other user's identities temporarily or permanently. Compromising system's ability to identify the client/user, compromises API overall security. | | A3:2019 - Improper Data Filtering | Looking forward to generic implementations developers tend to expose all object properties without considering their individual sensitivity, relying on clients to perform the data filtering before showing it to the user. Without controlling client's state, servers receive more and more filters which can be abused to gain access to sensitive data. | | A4:2019 - Lack of Resources & Rate Limiting | Quite often APIs do not impose any restrictions on the size or number of resources that can be requested by the client/user. Not only this can impact the API server performance, leading to Denial of Service (DoS), but also leaves the door open to authentication flaws such as brute force. | diff --git a/2019/en/src/0xa1-broken-object-level-access-control.md b/2019/en/src/0xa1-missing-object-level-access-control.md similarity index 97% rename from 2019/en/src/0xa1-broken-object-level-access-control.md rename to 2019/en/src/0xa1-missing-object-level-access-control.md index b7d7e3b8b..759501b97 100644 --- a/2019/en/src/0xa1-broken-object-level-access-control.md +++ b/2019/en/src/0xa1-missing-object-level-access-control.md @@ -1,5 +1,5 @@ -A1:2019 Broken Object Level Access Control -========================================== +A1:2019 Missing Object Level Access Control +=========================================== | Threat agents/Attack vectors | Security Weakness | Impacts | | - | - | - | From 0992e8b77c82dc212b708dc40949d50f18484e28 Mon Sep 17 00:00:00 2001 From: PauloASilva Date: Mon, 24 Jun 2019 09:34:11 +0100 Subject: [PATCH 2/4] chore: update distributable formats --- 2019/en/dist/owasp-api-security-top-10.odt | Bin 500782 -> 494729 bytes 2019/en/dist/owasp-api-security-top-10.pdf | Bin 548146 -> 527192 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/2019/en/dist/owasp-api-security-top-10.odt b/2019/en/dist/owasp-api-security-top-10.odt index 58759d9cc854e161421f1474797270e1a0769241..06f0895a87942b7f5233adbeb32886e6baae1614 100644 GIT binary patch delta 45306 zcmb4pbyOX}vnCFK;FjP7cL?qf+#&cygI(O+2G?LggS)%CB)Gc*IiX#b=SFbr>D#Ni9&x8AuGy2!(c%`AV5H{iO$C$OGCdERiJLdzhx{b(a66t zjhHmCJQMys(*HI#ww{DE_J$bae+JBF{9gmkiAWP8GvHDF4=pzmo_`wkBuw!C@%qn_ z5y^jBV*l5FPQ(h2fPnCqRqPQ7A&|n16?prM9WshzY51k{)AwnynI08Fv(H~$Vhs7Z z%M8g3zdW2;q>J!qI_^7kc#NIX0j=qIF6;T|pkq(0FRPnj`(F#qcRNlx;EG-~JO{6r zQuI^flIy_bmbN}tr3!XgE)%H07PP|izx&mdeVZx`fJd^f)jb!wZZhJ;a(S` zA2Zyhdp@0V!o><4LAbAsBm**|pG$_9&Em^JCs{|5LPM0&mdJ;!0BjYwVO#S$nshU| zy4z1%fjeuAEH}t>oZPngtw0FLAXMYKapx#BVVW+@5X{t1NusXF4ofkK-%CNUBw@GA zWFKNb1et|#O2Msjz_ZR?y0DgCv3z9G(N%>twt(x{aEog1Svp-9!rFqiUFv&b9!N15 zc#abIg{}VQeZInm>0Q*iwlGGvEv7iC!k4_Vb{m`RL>Cn7JSF3Qt6}4NZV@YX?@=;VV*VKVdnyA-NnF+SMdD|xzkf;cq$l;WB zXsju%(_&mrv(z`9fuk)@(zeOZc=2;>m6IPWv6ZbwG!E9p^QJA!cbWZNBOWlfFW%?4 ziZbvB^t5*}7myGT+%TvR5dW2_|H+9O3^G2*e~F?*P75I3FCfL{8cLcr{pf_S+IgTn zf_03kBa%WnTV0igONLHW#J}E7|6u8+4m$RJJeHoz*s0=jhs@(1Oc@*q25lo4g`g+K zrVKWGJG>hkELajOx8vI(ohExf^&yvgR{uTngv3?T^!3rT9EECiq^yHZB0ZcA=Ql#k z=#sI63JG8?t@>y{+xFg5`6piNbji$u<;^$e8_1blcY7x%RVN#D5s^4UfdzF{j)yv0 zQEj?vVxw5QL3xY1OY@r!``Xkkx~Wt(YjtN0hSwYSB9ce$9XJDvl$>ot-ntaTqS6lA zq_Q%#h3jRY<6eFf8rCvI%J{mM9>bkXQJ%J;?hrVr4|(o!*0=QR_u7d0d4lEX?Bryp zD}RT(7Q269mN6@ku7?#XkhD>Xihlortw2^@$j0;oDWZP0y@d*5k7KQ|$hz!rXz^$& zui=0dttY$TABK!%Ng}mYrOPNg?OEfB;m@)wksSHO5gW7fvxy4fHpbKjZe48lS9aoeT%MI&Rq&`*RCO8nWE@aPHYu^oLWazv$elF?zW|b65sbQhD`k~@ zEE1=ADCH^9m|lC-!zvh5K+)AdPZl|(B)J_alQMi}Q;Ov@Wn$n5&H8~RIS2UMJkk&;mM2{pX&w*(si z3=rP78bo)fHy)Eh^eK4_Lo9sZ_wEE4Us2bw-2YYI%-}Fh?%V2 zHpGkS6b_`afv&@RP6`^jgiDlVxPhdR-u9!wJK5}}PbLwKqH%U5V<>@y!Vuy5@_2?_ ze=*B6`jiq>9+Hsn3gNds4&Q5H?s)>3po!f&fc%ZJq3PX4r0gD1X}S}dsL5;?cc6|H zdzA0$oPr~S{xB@T6R};fM?Hk3WDk&q@Mq|yVVCKpP)mKLPT@?)l4-8yeF#SD{*9qM zy0>{m=Y#r5WW$LVW}+0AHuAIO1v6IfjYz2TNS)w` zHk#2?7>)(=!>VNMvz4hYXv+qclh>IR#{&s*t%j8tk$>bO@FmLpemn`Xa7lN$)T7MvuVE4I8J z_8WYVX!U1_ou(!M1hvpPau$NNJj`l5+q4Gh4?QJS(xt~$1v?ega=WeNF4l%mh1<7( zWxz(xH#b+WZ~wj;QK7-;xR8D1?NkZu;mj`U_*#Z<`s=qYtw?Nj!^7v`6nD(cqyf{u zs*n;~B#xK4E&pyR#99Ug6z_}AAwSXN684CqxAU?}UEJ=Mkm=Q23v`AmQ1QO^gmlLG z&|m|E{e`3-0tp!U^JgeAztMWS*~4p2!{cOOiOGB1EK=Ds#nM(%%Oe!ER5y&2p==oX zQTgfyj~r+mN=+!vU?918?=Xap=Le3>K6{!rZZ768pSW6DHAn=}bV*TvwYt!$qapa> zO8sd&m4GjRIP=Wgdc{m3K_Cay9w_<33)EGdm-OcjE|m6zGc??{EL9j-MS(UvV>niiU}O?N@R?sr=k(Afo~n=4-aywXAmw zV?pvr8-dz#^MTGt3k>kc^!G{jDOzBB5Do%Doaz61ki~-NhyeSg{`i*;1z!W&A|n@J z3O^)}9^|bAroYdHy0S#HnY49LUe1sGdGMdM4_3WDg$M4gAtiF9 zKm>>4Q85WbVgt!s-imBteT4jJzGdna!&-02Y!Vp?`EmbY3p2X+RoPPE2V#2 z_n2N?U9ow74k8CdvMtq1@NraB#txNn#*F1@g9E&V^%27*78UW0t0CplYQ1IaHS%mR zhwWfa@ZvHT3wxtvD#iI2wVHc1vk*%0wHx_bgOG@Ie>3DGD^{C-j9u7^6u%HWv2JKa zgB`C8eF|z}^|vN9QAib&xZ~`WG?YnV&-V zQAx5W_&nrVId}{XH60`=(HwsA*kyX=vCIDww&N7->AN<*I25()d-O8r?zLi|Ty zgb^TRItiK79IZrG5<9k(39(3K_ETg;uGw9?7hx4w{0PysK>jusrJR>-{75v?7jPe} zedU2cUsQ!RMgjw>TDOhbz)%+$boiL4FJFkLM3*21oBsMW^pDA}VU_P@{24PE-I2{m zO_6-laUBS&F?akgu+I)Te{z^-@h^##T@zqcqUD7$}3tEOBU z>hgB)>UX?!6B()5SQ~w!NqJng$;AOiuu4iHDN;yyP9=Hu4MyWkUzuEhlgs zI42slbeNV@iU6g;`w7x~`pAoY11->XX3*(dF3{1Vpi4lkoPw&f1KQTzfPoJ_w<<>FcgGXfKea2d^$HL)uU?)}^d|@)6PHdSn?VRWA3*%6FAO0-!Y7nVb_eQm3KgGQV<>jZK_f@kLVXHP4GFJ-Q8em8P0334sD^%~Y>XVF`aFdkQIqc2CUZ+$EBbnGG%bLHa5gJAri7EYmg0RmN7iykH)TLkZmFolFY!O zR6{B{l8{umfR=4CBr{E7O;3Jf0BL7HT7`-ff`k;xuOURBA$imRwbA~?;1nBe7aQZT z+^4ZTdfoxH+b*!%n~ubqj{F7$X$K;$8bb^jLJZ|s6CzNPJgR`&DF0$$gN+7&-*k$7 z8jGXnm0`P;-gIb5tZB(_zCzl4C9R4=3<-bJQ4u0gkvz(P(&s91j`a#do8+;0dIULX z&abG#qS1#Enh8CbN*;+rZ-|K)P~o8w<6*Rn`?!ur&-=o413}# zhwnpn--i-{g`P|#k2s(Kea$U)dbC6m3=bGzE|{2kVuWtOknR;Bl2IY@8(1hi*iThd zXdz^1q0c@-e|#j5U|}|3L=A{Z&~V>WAbhzXV&-4ryPt!*R|H8$1<7xoA?=;Ly@mdGOCDWAZ(NBOWDuhz5@UEg`EWf&&#%IFFTbe>kN~3s^3RwxKt+L=1?D(Qw~%?tHlJqUSr{yW8G$_(?|j$#0G!?T$&Sz^EaHZz}FW zPr8yvH&7ebUknOx(K2u`T3UTvTchXKVY^oYyH6NNRv5{hogvSiNUKVaLJE*V33Y^? zv?Y&rpn#3-F9uY&XjEtzk3K$)KGE~gFx`*=-7mx>C&c78FZ$3L;S5X`Rgk4U35j*{ z5VHnDLm*2Ci>hs71`eOP`HN~C{7%pjXBWtI9hXrzGa{q#De==U9O|>D#G$UwUk>AU z-+x}XYG{t^$CC&RHl*;@HqqHa%MeZUU;T(VBntdI*LH2s=#zEwSf_^@^wZ{>C{?MJ z=fluN`I23|s##DPEt9TNtCy-b(C$*UxMaQ(9eIkf&O8&--H@(#;kMfSYiGV(uc=NciR4Kp}NOVt;U~$8? z!T^2^W*QzeB_SwnRj5*d&J@{VA(RQvS5s5F~hzmPo0^z>E~x zM?1-uaF|zUF^BK#mz^A;~R!j-Cdv83NpYYWt%IoM!i*LL9Z-U6suORn*lMEk&?=@xoHB$$oHptLoE zG$tm7tAaRYsIFUg$9J$<(B(`bvlgro;JF2#<}NMaC#r(|`_4WSsnx^r=u)pF@ftu3 z_6$%ZZek=P)>X1b^kh1_sE2g&YI~PvME2PzKfoFC7>j46r7L>Bp_%>1qGE=%?*o?G zI}v*!?O}I)O`(0wrPbDY+-qcTZ&`5wI!ZKd@hIYUvc}x>HKneqD2flp3~z^#v6uEV zIgu?36*@G$GCz;MBLBq%kBPaLX%}EFnob)y6^$4~%&c4TPIJR3u;}IUhZEXHjZDQ; z4@6pAv6IZ1I3xevoFoteToFU(!TmEfSp&q;?2#!%%HkbrT@x*-h>g-3KC(W!wfvvN zeDmYa?vP=H6InX-CR5L%yHn2`p7K8eU{c?i@`PW!8;Li!>bGAd>EMCi_3s4SzVy36 zU1W^Qv<|`4&EuNKH0)3uHVbC5hrVi~WBO9aBDy(+ikN>UFqg<^c;VsQzmVQ(xI(<(gmamBP893rO7!pcGQJzfd16x%dH6eHV3 zr#oU$#|ld}c_CVnX^7K1ntDRX*{Y$349d(cb!Rf3xt&w99s5Jlj>ea5JzgH7sNj&c zxFs^oj?{s`30arxDTkeC*mx0QnrzYX&So9>By0K6)$v$LeP>M=$14HoE@E|!?Jti?t8nruDBqD)l6B<3}C@5=S5=ARoYI(*gybaN;CWT0xz!2co zDrp`hh%w8Hw4Jkl9udu^Xf(1{4hr*Bjnfi~6U<{BPQA0{?Jo=S4pGr`bXa6~0)5?u z;^R++c9rr~Iuac8;^GE$!pru}T?#&j$ib{?eXj1Sf3EiQUg!>Oa8+9P5r%Uos;*TR z(RlK03fvYfN50@Pzxef(+wwNW?IK8`oKM8U@DKs1SbZ9uWq6Ovmi@$~jO(k4+EWkj61F`NM^dECj+s~3vQoqFT=bQxOgs;9y3NZxnE zA7c?%GC1~ur@L`&S;{;tF=;W!VWS1YL6+xWeiH@+>%yMz-Pi)(CJZ(_ti$_bcdH+> zo){%+L_w1`J72BwO6I)N8>YnWR}>__Xv@T-8j3XYMHaxIp0`AthU=aZ=#kEHH|j54 zxkZS?C@s@tZz8^1h|l^kwZEkqaabjmGWkPzA=NPv_#su77=P>JV%E}KePQ3!+U-r{ zY)xMH;FtJhAsZvW!cQE@qSY%X@IjtG*C+xB;7dK+n9%4U6T-+MMd29Ab}vqR`{ zW9?sW0v8+HTJ_@{9dQZF8!J_hUk)p+ZB+mHHdg z(?SC~2kw4}Kpk`GST*?k5Alq5D$SMabjYc?!1&EXs`w@Us}Dy5%~F_TGAF7w+A5WT zW9|;qhC8;-4R&)*l{H&^*+M7E#2De%6SU1gq}wPzQ+ad$knS{z3=$fo{jE+p1jq3j zIiEz^2hZ=K6rt6e+Z0L+D)m?+O8FUz_u#JB$Ck5SBCs#>>Y@FpT$SU`&+ALrh&Ttx zE;x_&o$!(C`N-^777)R?e^+b$1TeB6Zj8ftdNt#%=nA2 znQHDYsg_n4Ba_{!MvRt_jv#0vF27Lyf)qsfd>A#O>7u0LmgV2T-`4Mcz{|c(l`5dK zIMT2b%Qx`(qOdx@fV_wR;MD|9)o1}v(WOJ~eV)(*t%q2vipl!PI%AxPdbRD_RC7*S zXFe2JEsA>kx`pxjd(vW8)+Ak*jkJYRwM2nd>r#XzxD}Xhc>< zAi%v~7-F~A@iyQjiab8j)@>DLusPst4IK?*irau?%XahwReY$0KWTR)FxPt~Mv56Edq#g$>>`HmtWw07erF67ylW51YP3Ji4Qjr()wrP4BNRtL= zi&jZIMmvXdi%q$)nDFwb{`|7EhT2`7jdZ?kwFBqt9o4cZV~UQBcQ!w5CkJ&cGE6l7 z^9VZaDXa(8E#lYeRgjbpQd1~+xFplW2Fh@*_Ln!Z244SM&p=EAk{%y$%gsAiq5Wx@ zWjB3dfjDhPV2@A1vhRxha_7uNT#*&(s9}^danF*|QV1p^#ydf;u;SC3W9nl0 zPc>x$N0aOh(!J4x{PH-?4q2+jRybFdUPJ78&xb3KGi0l_&5vqY$H(R#1)v-1MscG@ zXZPQu5XqqV6Xj4m+`ZCn7U|NT;bd$c*1XnC??+LroKG>1=S(>O=cL3bo#KdtmUP*g?Xke3`D;4Tp_S5PrSz<*{-8^i=<1sJt$KWlN(gVjpUqtVP8f>6hQyqKwRIb3l zcemMF4GjoyHafAb83{P{wq6TdVhGAI-i}Iad$Lt0j*R#fer}3sGUPNU=fI)e&aR8L zxVhtc?|%2`lW+4Ypwcea$Gd0&hq%<$JrervEWkQ@GRP(6 z)T7d1#_^srOQWX9Tdj0XwG>Z;SEvec6=na<03k5IG1^;W z_p+cxl%zWs>Hvn|8(dYykM$CL??(yd(cC$aE~@vR|41w)hinEq!#{m(@>i(_kTBM3o)5vVh`1kz z)NBb&{o%3@CAL`>rgM$uIjck7+cop2*6Tvcg@?2 zieZpE%_HDtK<7O~dmvLdYVh#O9C^%&f0}Iar(Nn5=RQ|c90GLgp6rn)W4c*-GFp(g zjvg@ZEz-+GO*&XcjC5sT+dt93@xiuE$ESfZ11e0k!7-LY^k@iu2Aat3ToZZRp(yWX z`8E{G=u`6+#l%csec_QZLv7vrJ6YX3_!&H-aX&(C_R!h~Ss}(8myHKI^eU|Ure2%n zYE}80@Kq`EU-Gkys$EEO6qa3W9%`s^Nbdo=Ke?xw{?o^`lqX;tizSte+D}gshAj~F zqJm35Y8bei7|?OcYeuk~Z=0`lGT1CbyAwfo#=G{DJX^?K=5nuTRJebdw)(y}`BKJ-!CxS6pCH0BElZ;M;-tu4%h1Y?Wc<7m2W1no?@cQj(H9Ly+rVL)$ElonbrHHvJs;S1AROkAO z!j~VW?DC`bUAhQ){*deA&doM1SzrOUuklm2;FJEmvybN<3EE8F$l46)X*>AKc_pzM zG+Ub&*|uw3L!(GxU`aQURVkvVYrjp}c;xgR(teAMQ32P;-`LQ;C5$ZZY%$u-u%d{( z-6b>x1~n$wEmB{8&M0v$^q>$%8GEn9gX_dg(_Ii{JX0u{jB_ksdDULD&{qNK@@ogs z%=EU;?>{icOtbqcXtRB>I)|+fXBAgPg0W3slP~Us6@Tj_{}kjR zMcM;@>Ce8&ix&49btmn_y9=gH}P9$%TZo4O7zA|QGZQ@Uu)n>D1l!~{QJN#zcaY^`W#*jC17IzOt zsC+{2_xh73lA1Rc?OR=HQ?q4kJ_;%*FL+KH(u3S}jiSgvSZ zn;TR1?`_8*W^^!|$h_D4PLD$~c61Cj$1;do7A4O8Rua-SqCqjh)BYi%A2V!D1cO1s z-#yZab5eV2BD@WzB~R(40KxD_kIEmV6O`7;ZG$onirVmwoFgWSn?z}w^nAcfuA{6~ zBTISF|I6#)6yL88Er`HZkK9Zv*eD)x`2ZRguWpogP#C?QwUgPK=sK}IrfeT0fjx+o zT-Ds(xH+XJc~h5B&W) zj6v;R`K@GDh#fPElQp%@=aPmcf?mU~tQ-P+2HbbT9^h9?&vAN>hs&*p9Z<^qxg!UL z;{*JPc_K)Zo#B~kgfF!Sar(|mYYCZ8RdQ>v3$_Tm^oPGfw%!Lw7z^GhI+pYnns|ki z>Oc#Wl@Z=1x3VrSwIN!ju+Rv7+OP%)UXTwOx>M^|9RwI0W_u%sxp%8}&}UOj?AjJm zpyte7`4F}Jy1XSH!o0p4j0y;{pgP$g%5AbH%YUbA!S0~mdqKC{AVKJ^EO%r+rTZAjvN}<09)=vMB7%Kv9+Fv_3EJ&--b|JE2O_oqf zK@~Nrlammo{5|BYXn1P1iZ*Ei&Q1GZrp7r*Ns{Z;`uaGE`8`de<>f-Dsc)3>;s71ff&ffug*I}{l26|}v4@OT=AjeRe&~Qw_{vh-TJ39?Ode)W>SW^c(>sDi8^auf$VD((ZdT8kpF59 zx5xumwDrmeH%Bg&Ki#uRGzYx;>HOh=V$%va9Y9b$ml|x1!R|PHE^O)OGarr6z3X=W zwrRWaz|9d-))jBZh6cRvhE?08wclQwe$V^4pnJNi0d?`OsYF=vPRGILKivCu z0!7~z56zEPnA1?ohjY5vwCcR)1D+5ZYkMp<5$gr@^#J0*1Bg-zbo~fceFdcX0W*$l z6Mwoxl@c`%Tc==Z-3pr09`I*Wt%}*^y}PqC=S~+|bkDKF8Rg%%Y$@_s?Nd2joPq~g zm^S-UMIJ(z*9|{R2**>UU`8&(uBXTOfC0510z}#)kqz-!)&42ZnRgE<63*~gR&JT5 zsZ5LMcwtlvd^vT)AFpAI?~5k|3ZFjo;@{{;abGK057-afgm;^q5WZ^*IC5G0YH@#Vdmn1j4d}n^ z!qscXgE6F8Kv0(H4Z-r?hsPQEi~(`sIkY$Jb5yrJ1taMXeerVXtG=T}O5=DZ zB-*~xK6;(%=OcnaQTQ=JTa>0(2JjKR{N9a8RyFq`&x=vfLFgKjPI`_)MYn;GL9d4; zdfpRvD}>O#;yqe-iS~nvxMfJcfT^MZw)*nEw@7%_VmBY#XpS?u9nFv=$6Y4UH_FgAunk4Ktwp)a!EC(k1<4 zBm#=uRi!>2|-c&oArVef4}B=(N^$ zbv%x&=YBK!PER~G@n!IQT8C*$y<_VXBO_qqclO!w)5g_u%q2UmJF8Ag(_A~vi;1`0 z!-<*xDsJ1)a^r~PcCQ`WwtI_4(-F_vgQ0lBCj7j+X4^KVRlXF7i34DJd;9s>>#=?5 z#(zo1fsaVE7sc8`Fa& zRO^r44m)1UXseNWZ7T0UzFl8I5Q57eeVwq1&G6s*qY|%=eW>cOO*OT#;mf~q8?>3e zTQZsb^!Z*{lm9%_sd+Dq#W`Hs_}gf5j+^(qvw}Z7N}+>^YB(!~K}Gzh_i}t#&!ZH>^5h5d zo~I7CuZ-RTlK0ZkFy>^N_qw`kZfeU{g?=u_IZf&)bak3rmiARpP$_hk??#1g{>kVl zYS)EDRo}$gSwRgjLS@YrCiTHNr}f45d6U9xE_**l4&p+tsIt@jrYsCH;1z*s6V-$s z$8_W_{2>2f>YS{>wKa}~yaI(jN7 z(fa5icp(Pxf9HICu<4yiS!P;ou3b@E<)!3gq#v(?2F!MEj*9s=l29g0*KZM-mGA{wt z@-K+4p3<+~{_Mk zj&F=XY>g}D%_uW(mEzw;ZavefSzC>plvZW@obRdBVUb&yBO-RJPJKY9m-3 z9(^F*a0iLh4MGCroHIR?^dme6^0Ir+tiR?}ApTk6ZW+Ghr+T*Asz6!w*pxso`+Zpv zOZcJrrSU4Ij-V>L%Rsy2B7Xx=ChbB(Se9*J*j6pSprO>6dNYVJpM3?h z?0PBE)^dD!kT5^N0`E1WVY-`}wwjryFga>7F-m2&>teb)6@aZ^n9t|9@Da4*^zyaj z0U=4QH%A_qOy6NglsCiVe?+g~t+~zaKm@lKugwFv_R{Q$b@86<<>Rp@;OATpPVqay ztZ7NsH)0l z6w}lYBUU6m(_6=8U$XK8OeJ1MW9*Q)5wmcCzDP_I1xN zT2jnM_be3=UD&57OWUYfEQEO*I2eK` zX+zrQAfe8Sd999*Xyc`mlo6Re+E1$W;=^HC1t= z)cVBK`pD0Pj?+*oXHs`-WVL~+N3QAA>mTQm@WaQlv+wxzt-*#gX)Fyy%nh-I)^AOPZg^-1 z4?Jg>9UOo&a5PElRC4%OTPk)}*!384sKgisYN(_`6&|~)btSg%0`Txo|G4AC_E+Gn!aLce}-EVa%c)?2p@p>AAiAb{$Aev1-N-bvV4LNot? z$l5L=iADWtGArhV7>=YPNefwL7}*=ySzVFfsfX=)SYgkQoMwbzS3I~VvX8yxC zLMva|+(Ku9`A6Ti?U~i$&9D#SX9I>phC0ldRU9A2HSph?mLkKk&B8(BS@=Un)b;xG zcKVDOJ+r{UIdUWblOLh+prLuV;n?7qPDAh3Tskk(0|cho3l22O!upXS%==CWGrZ%xQaCDw%L<8cs7WTHELO@vi zV0w?JEHgu&Re+~8vBR9_{b@voKr7fB`t;{Rr$@fPS$Yv_EBN3)&6TtCcdn<}YGjma zZI>+Zv;Ue`|76kKdMuRzbnD!AQpi&Zt1R|bFx1M_#}!t{Q(%S_0rHf6y!2lFg}D{% zoG#D~HuFE#d|2~H5V%XvLv07||EIZfmk#TBs+~ZFbN0`{zvk6ldf*>Rg&x$+vn476 z$<(BC(f98%In2V{eL*G5QCZ>cUr-_H9-!)Qd=}l|NPQMTDc4i8gNYHYj~tcimoNYp z1@8Dphh*jrZFO4_q3kAHl+B{)Y5zSQ%^0z`Gg?vbiyNW%$x#+|HHT4D8`$Y#XJJ@3 z03}`r6k|OqV6#*6rw&usGXW#6c%|^TGK|7?DojJQ^%^Y}?&-T&ssI zm=Kc~yql$$bERX-9Jm?^UcBV@lZYLlbh~BmXEsj=*#mkmpB9GGxY|z(EI$S?)*xEc zzl;;D7^QpvPJaqqV6<-itt?rrS_lbp?l0|6?gCkP4)7*FsbMo+w^84xBLR0)R4?{* zw(TdL-cQdboJWnKS7|M+y(29`9IycMYg6~yAH;TA)M><-!oudJ0y9-HD6_qw8uX0;R0r0^t#m0w2Z5- zRhqovg@>|7p3TPFu{AXacw^n81zKMP`FSssZr@-YNg+MnjNm+ZcN>BGy<>t|^# zv$><^>1&&(eUa^H5Cx*9883B1bW1O#P5+%wnEY{Kk8E4|r0clPXWWNXwZm907! z-5>7k6LPh0O3FZyj9|@0;|`FIn<=L9#9>;=w-d^pOBfp<*1iX9NE=O{v=~nZKCsY@3g#V-18Yx)DDo=7aNy4l zuPPkowzRBtqsGRNy-NNLKQ-+>)9D1mQL&cPbRe-cMV4^E$6L3e8Gj=Aug|``!4T+Vao`PA)nSHn?Zf$<$V@Hs~*-sS;HucLuFsxB~T(gDX%y z3bK5~au{IoZ%q1$T3W%-Y*v?BvzAjjqgF5_`dIO$E12!%t7X>z@ zl(as5%j1>Ju?l;ylv|YvY0)o5$D6T4%f#d^tp*2!6ousIe7%@gt8=Tz)*8>yyb<)y6Tg-vM1S zxXmc-ECqbSb78U0!RBt+y1>ntI6o@>sLONMFuDx6ufAVj!fnmZIHwi^*Jw{ESbAk0 zNEW5GvVd4&opif9qAyXu!eFcIx3SE?e7|vjiv)IW;iLEWJmM&<&A-nvR9H9?R|8gL zTuLmqRgalhWocZ*qC9RBhs_IyaLm&|fovvqn@UkkrkcHhn#Z1Fn@FICt$TBL6(YUy z3#tzFeA0oR0?QTkiX5F!;sJe^$_)=!z^^O43NwMIaT{pNk0# zZ@A*=j^7Zbe-+GP!iM3zqJ_{e|ps#HVS;n}5ZpdEA;KD_qiJ zG9&-Q-5w~dFg`QdUzC+;3~yMcY;2FTI80uDD*4j}pz73mN#T|1aKW3uWdffVWR2(R z$=w5ax^3VvnhWzlU#mo8(+F^^=Hwiz{`}i(qm}QxukC0245EM*z~!WJJ9Fqjc`k(~ z-BVrJ=R%)3ob^(WG1JnTbTB8DY!Hd+Q^0ySrYphMNWW|60qix8?F#=;!>0+HZO#?X z4tx;N3^K!|Uw7jfJa8i3tF=3NbEGwkev>tRFUE}#=$uf}#4ucMeB7zoIBH4!xvhk0 z23qHoccv(tZiqMx@bKUo8&%7n_V`tId8HR<(M}ajzw;^rtjk|g`ur4o&De&CKGC_l zA6(Z%1n^JO?1KZFpd4U#!pt3d((5wIo38*TxsOFR`n(G+i_Qy;gV< z-rzVP;4-2c`q{GQGkaVXdDM=3%Bi*psdP0(c>_%!J61M1>AHK$rIrNgU<~pb)W(iw zFnx$DZj7k3sHv9fCyiB9ds-U&%e75zc=>Sy&!pHY$ZCNzAuX}Ks5);|!yadGr!~RL zaDf|~5(>JA$a@~(sH;7~ABtSEYTwNgzMuvMcMh!%OcoMoqypPkc9j1Pc5_PkrrF#P zpUP8T6l1)~wXe`?EPl?>S9OFB_80Du?XH!xroR_20Y@Bt<=@p%Fh-`F`t~!uMvjx7 zEsRc>Z+5u(W2#CneHbzE*7!YG#7Bo__0zUNDNnfEG`JL_7>SxPXhzw|8Ut0D3HUCP zC0zZPxAm}bWz)T8Z%k`<>?UItQFLkl*X5AybXNPrFM%3;3+sf;st2y%@ke+&u}|8= zT|XPv)}7}Fwne&^RuPh1A1}8c5bxt%pZPu7d^&KEs5l}NW$O2a;#sYFNSr0*2H