National Institute of Standards and Technology
Package illustrating a test case

Test case 53167

Deprecated test case

This version contains mistakes, making it deprecated. Deprecated test cases should not be used for new work. However, They remain in the SARD as a reference to redo previous work.
Type
source code
State
mixed
Status
deprecated
Language
Java
Submission Date

Description

CWE: 352 Cross Site Request Forgery
BadSource: getCookiesServlet Read data from the first cookie
GoodSource: A hardcoded string
Sinks:
GoodSink: using CSRF prevention nonce
BadSink : no CSRF prevention token
Flow Variant: 12 Control flow: if(IO.static_returns_t_or_f())

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.