Test case 134674

Type: source code
State: mixed
Status: candidate
Language: Java
Submission Date: 21 May 2013

Description

CWE: 315 Storing plaintext data in a cookie
BadSource: Set data to credentials (without hashing or encryption)
GoodSource: Set data to a hash of credentials
Sinks:
GoodSink: Hash data before storing in cookie
BadSink : Store data directly in cookie
Flow Variant: 22 Control flow: Flow controlled by value of a public static variable. Sink functions are in a separate file from sources.

Flaws

CWE-315 Cleartext Storage of Sensitive Information in a Cookie

Test Suites

Juliet Java 1.3 with extra support
Juliet Java 1.2
Juliet Java 1.2 with extra support
Juliet Java 1.3

Documentation

Juliet 1.3 Test Suite: Changes From 1.2
Release Log for Juliet 1.3
Juliet v1.2 for Java cases.pdf

Have any comments on this test case? Please, send us an email.