National Institute of Standards and Technology
Package illustrating a test case

Test case 61103

Deprecated test case

This version contains mistakes, making it deprecated. Deprecated test cases should not be used for new work. However, They remain in the SARD as a reference to redo previous work.
Type
source code
State
mixed
Status
deprecated
Language
Java
Submission Date

Description

CWE: 89 SQL Injection
BadSource: getParameterServlet Read data from a querystring using getParameter
GoodSource: A hardcoded string
Sinks: executeUpdate
GoodSink: prepared sqlstatement, executeUpdate
BadSink : raw query used in executeUpdate
Flow Variant: 11 Control flow: if(IO.static_returns_t()) and if(IO.static_returns_f())

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.