Test case 249498

Type: source code
State: mixed
Author: NSA/Center for Assured Software
Status: accepted
Language: Java
Submission Date: 02 Nov 2017

Description

CWE: 190 Integer Overflow
BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter())
GoodSource: A hardcoded non-zero, non-min, non-max, even number
Sinks: add
GoodSink: Ensure there will not be an overflow before adding 1 to data
BadSink : Add 1 to data, which can cause an overflow
Flow Variant: 75 Data flow: data passed in a serialized object from one method to another in different source files in the same package

Flaws

CWE-190 Integer Overflow or Wraparound

Test Suites

Juliet Java 1.3 with extra support
Juliet Java 1.3

Documentation

Juliet 1.3 Test Suite: Changes From 1.2
Release Log for Juliet 1.3

Have any comments on this test case? Please, send us an email.