National Institute of Standards and Technology
Package illustrating a test case

Test case 154100

Description

This weakness takes a value and converts it to upper case.
If it contains characters not a-zA-Z, then the function
used to covert to upper case will return null. After
converting the value to upper case it is compared to a static
password. This comparison will cause an error if the
value contained a number, punctuation, space, etc.
Metadata
- Base program: Apache Lucene
- Source Taint: SOCKET
- Data Type: VOID_POINTER
- Data Flow: INDEX_ALIAS_1
- Control Flow: RECURSIVE

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.