Displaying test cases 29801 - 29825 of 32356 in total
-
CWE: 78 OS Command Injection BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 72 Data flow: data passed in a Vector from one method to another ...
-
CWE: 789 Uncontrolled Memory Allocation BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: ArrayList BadSink : Create an ArrayList using data as the initial size Flow Variant: 53 Data flow: data passe...
-
CWE: 789 Uncontrolled Memory Allocation BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: ArrayList BadSink : Create an ArrayList using data as the initial size Flow Variant: 45 Data flow: data passed as a private c...
-
CWE: 643 Xpath Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 11 Control flow: if(IO.staticReturnsTrue()) and if(IO.s...
-
CWE: 613 Insufficient Session Expiration Sinks: GoodSink: force session to expire BadSink : set session to never expire Flow Variant: 14 Control flow: if(IO.staticFive==5) and if(IO.staticFive!=5)
-
CWE: 606 Unchecked Input for Loop Condition BadSource: Property Read data from a system property GoodSource: hardcoded int in string form Sinks: GoodSink: validate loop variable BadSink : loop variable not validated Flow Variant: 42 Data flow: data returned from one method to another in the...
-
CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 11 Control flow: if(IO.staticReturnsTrue()) and if(IO.staticReturnsFalse())
-
CWE: 533 Information Exposure through Server Log Files Sinks: GoodSink: log non-sensitive information to the server log BadSink : Expose the session ID to the server log Flow Variant: 04 Control flow: if(PRIVATE_STATIC_FINAL_TRUE) and if(PRIVATE_STATIC_FINAL_FALSE)
-
CWE: 477 Use of Obsolete Functions Sinks: String_getBytes GoodSink: Use of preferred java.lang.String.getBytes() method BadSink : Use of deprecated java.lang.String.getBytes(int, int, byte[], int) method Flow Variant: 12 Control flow: if(IO.staticReturnsTrueOrFalse())
-
CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: database Read data from a database GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow Variant: 17 Control flow: for loops
-
CWE: 459 Incomplete Cleanup Sinks: temp_file GoodSink: Delete the temporary file on exit BadSink : Dont delete the temporary file Flow Variant: 06 Control flow: if(PRIVATE_STATIC_FINAL_FIVE==5) and if(PRIVATE_STATIC_FINAL_FIVE!=5)
-
CWE: 400 Resource Exhaustion BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: write GoodSink: Write to a file count number of times, but first validate count BadS...
-
CWE: 400 Resource Exhaustion BadSource: getCookies_Servlet Read count from the first cookie using getCookies() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: for_loop GoodSink: Validate count before using it as the loop variant in a for loop BadSink : Use count as the...
-
CWE: 383 J2EE Bad Practices Direct Use Of Threads Sinks: BadSink : performs thread management BadOnly (No GoodSink) Flow Variant: 16 Control flow: while(true)
-
CWE: 36 Absolute Path Traversal BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: readFile read line from file from disk Flow Variant: 06 Control flow: if(PRIVATE_STATIC_FINAL_FIVE==5) and if(PRI...
-
CWE: 369 Divide by zero BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 13 Co...
-
CWE: 369 Divide by zero BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero number (two) Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 14 Control flow: if(...
-
CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_tcp Read password using a listening tcp connection GoodSource: Set password to a hardcoded value (one that was not sent over the network) Sinks: driverManager GoodSink: Decrypt the password from the source before using...
-
CWE: 259 Hard Coded Password BadSource: hardcodedPassword Set data to a hardcoded string GoodSource: Read data from the console using readLine() Sinks: passwordAuth BadSink : data used as password in PasswordAuthentication() Flow Variant: 21 Control flow: Flow controlled by value of a privat...
-
CWE: 23 Relative Path Traversal BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: readFile BadSink : no validation Flow Variant: 66 Data flow: data passed in an array from one method to another in different source files in the same ...
-
CWE: 197 Numeric Truncation Error BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_byte BadSink : Convert data to a byte Flow Variant: 67 Data flow: data passed in a class from one method to another in ...
-
CWE: 191 Integer Underflow BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multi...
-
CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can cause a...
-
CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an ...
-
CWE: 190 Integer Overflow BadSource: max Set data to the max value for long GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 05...