Test case 156476

Type: source code
State: bad
Author: IARPA STONESOUP Test and Evaluation team
Status: candidate
Language: Java
Application: cpe:2.3:a:bo_zimmerman:coffeemud:5.8:*:*:*:*:*:*:*
Submission Date: 06 Oct 2015

Description

Using Hibernate to execute a dynamic SQL statement with
built-in user-controlled input can allow an attacker to modify the
statement's meaning or to execute arbitrary SQL commands.
Metadata
- Base program: Coffee MUD
- Source Taint: FILE_CONTENTS
- Data Type: VOID_POINTER
- Data Flow: ADDRESS_AS_CONSTANT
- Control Flow: INTERRUPT

Flaws

CWE-564 SQL Injection: Hibernate

Test Suites

CoffeeMUD 5.8
IARPA STONESOUP Phase 3 - Test Cases

Documentation

Overview.pdf
Test Case Creation Guide.pdf
Weaknesses Documentation.pdf
TEXAS User Guide.pdf
Communication API Guide.pdf
System Design Document.pdf
Test Generation Report
Kestrel Institute Report.pdf

Have any comments on this test case? Please, send us an email.