Displaying test cases 51 - 75 of 114601 in total
-
CWE: 89 SQL Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 19 Control flow: Dead code after an if(tr...
-
CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 13 Control flow: i...
-
CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 06 Control flow: i...
-
CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 01 Baseline
-
CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 53 Data flow: data passed as an...
-
CWE: 89 SQL Injection BadSource: getParameterServlet Read data from a querystring using getParameter GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 14 Control flow: if(IO.static_five==5)...
-
CWE: 89 SQL Injection BadSource: getParameterServlet Read data from a querystring using getParameter GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 66 Data flow: data passed in an array fr...
-
CWE: 89 SQL Injection BadSource: getCookiesServlet Read data from the first cookie GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 03 Control flow: if(5==5) and if(5!=5)
-
CWE: 89 SQL Injection BadSource: fromFile Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 66 Data flow: data passed in an array from one...
-
CWE: 89 SQL Injection BadSource: fromFile Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 05 Control flow: if(private_t) and if(private_f)
-
CWE: 89 SQL Injection BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 05 Control flow: if(private_t) and if(private_f)
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 45 Data flow: data passed as a priva...
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 07 Control flow: if(private_five==5)...
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 05 Control flow: if(private_t) and i...
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 53 Data flow: data passed as an argument fro...
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 12 Control flow: if(IO.static_returns_t_or_f())
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 15 Control flow: switch(6) and switch(7)
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 06 Control flow: if(private_final_five==5) and if...
-
CWE: 89 SQL Injection BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 12 Control flow: if(IO.static_returns_t_or_f())
-
CWE: 89 SQL Injection BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 51 Data flow: data passed as a...
-
CWE: 89 SQL Injection BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 10 Control flow: if(IO.static_...
-
CWE: 89 SQL Injection BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 71 Data flow: data passed as an Object...
-
CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 02 Control flow: if(true) ...
-
CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 04 Control flow: if(private_f...
-
CWE: 89 SQL Injection BadSource: Environment Read a string from an environment variable GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 41 Data flow: data passed as an argument from one met...