Test case 140906

Type: source code
State: mixed
Status: candidate
Language: Java
Submission Date: 21 May 2013

Description

CWE: 566 Authorization Bypass through SQL primary
BadSource: user id taken from url parameter
GoodSource: hardcoded user id
Sinks: writeConsole
BadSink : user authorization not checked
Flow Variant: 54 Data flow: data passed as an argument from one method through three others to a fifth; all five functions are in different classes in the same package

Flaws

CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key

Test Suites

Juliet Java 1.3 with extra support
Juliet Java 1.2
Juliet Java 1.2 with extra support
Juliet Java 1.3

Documentation

Juliet 1.3 Test Suite: Changes From 1.2
Release Log for Juliet 1.3
Juliet v1.2 for Java cases.pdf

Have any comments on this test case? Please, send us an email.