Description
CWE: 319 Cleartext Transmission of Sensitive Information
BadSource: connect_socket Read the password using a connect socket (client side)
GoodSource: Use a hardcoded password (one that was not sent over the network)
Sinks:
GoodSink: Decrypt the password before using it in an authentication API call to show that it was transferred as ciphertext
BadSink : Use the password directly from the source in an authentication API call to show that it was transferred as plaintext
Flow Variant: 84 Data flow: data passed to class constructor and destructor by declaring the class object on the heap and deleting it after use
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.