National Institute of Standards and Technology
Package illustrating a test case

Test case 48522

Deprecated test case

This version contains mistakes, making it deprecated. Deprecated test cases should not be used for new work. However, They remain in the SARD as a reference to redo previous work.
Type
source code
State
mixed
Status
deprecated
Language
Java
Submission Date

Description

CWE: 113 HTTP Response Splitting
BadSource: getCookiesServlet Read data from the first cookie
GoodSource: A hardcoded string
Sinks: addHeaderServlet
GoodSink: URLEncode input
BadSink : querystring to addHeader()
Flow Variant: 13 Control flow: if(IO.static_final_five==5) and if(IO.static_final_five!=5)

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.