National Institute of Standards and Technology
Package illustrating a test case

Test case 61208

Deprecated test case

This version contains mistakes, making it deprecated. Deprecated test cases should not be used for new work. However, They remain in the SARD as a reference to redo previous work.
Type
source code
State
mixed
Status
deprecated
Language
Java
Submission Date

Description

CWE: 89 SQL Injection
BadSource: getQueryStringServlet Parse id param out of the querystring without getParam
GoodSource: A hardcoded string
Sinks: executeQuery
GoodSink: prepared sqlstatement, executeQuery
BadSink : raw query used in executeQuery
Flow Variant: 41 Data flow: data passed as an argument from one method to another in the same class

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.