National Institute of Standards and Technology
Package illustrating a test case

Test case 94384

Description

CWE: 321 Use of Hard-coded Cryptographic Key
BadSource: Copy a hardcoded value into cryptoKey
GoodSource: Read cryptoKey from the console
Sinks:
BadSink : Hash cryptoKey and use the value to encrypt a string
Flow Variant: 83 Data flow: data passed to class constructor and destructor by declaring the class object on the stack

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.