National Institute of Standards and Technology
Package illustrating a test case

Test case 55856

Deprecated test case

This version contains mistakes, making it deprecated. Deprecated test cases should not be used for new work. However, They remain in the SARD as a reference to redo previous work.
Type
source code
State
mixed
Status
deprecated
Language
Java
Submission Date

Description

CWE: 566 Access through SQL primary
BadSource: user id taken from url parameter
GoodSource: hardcoded user id
Sinks: writeConsole
GoodSink: user permissions checked
BadSink : user authorization not checked
Flow Variant: 13 Control flow: if(IO.static_final_five==5) and if(IO.static_final_five!=5)

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.