CWE: 129 Improper Validation of Array Index BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from arra...

CWE: 129 Improper Validation of Array Index BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_size GoodSink: data is used to set the size of the array and it must be greater than 0 BadSink : data is u...

CWE: 129 Improper Validation of Array Index BadSource: large_fixed Set data to a value greater than the size of the array GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array withou...

CWE: 129 Improper Validation of Array Index BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index B...

CWE: 129 Improper Validation of Array Index BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array wi...

CWE: 129 Improper Validation of Array Index BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_size GoodSink: data is used to set the size of the array and it must be greater than 0 Ba...

CWE: 129 Improper Validation of Array Index BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that data is at least 0 and less ...

CWE: 129 Improper Validation of Array Index BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that data is at least 0 and less ...

CWE: 129 Improper Validation of Array Index BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than...

CWE: 129 Improper Validation of Array Index BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_size GoodSink: data is used to set the size of the array and it must be greater than 0 BadSink : data is used to se...

CWE: 129 Improper Validation of Array Index BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any verificati...

CWE: 129 Improper Validation of Array Index BadSource: database Read data from a database GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of index Fl...

CWE: 129 Improper Validation of Array Index BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any ve...

CWE: 129 Improper Validation of Array Index BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than array.lengt...

CWE: 129 Improper Validation of Array Index BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than array.length B...

CWE: 113 HTTP Response Splitting BadSource: Property Read data from a system property GoodSource: A hardcoded string Sinks: setHeaderServlet GoodSink: URLEncode input BadSink : querystring to setHeader() Flow Variant: 73 Data flow: data passed in a LinkedList from one method to another in d...

CWE: 113 HTTP Response Splitting BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 06 Control flow: if(PRIVATE_STATIC_FINAL_FIVE==5) and if(PRIV...

CWE: 113 HTTP Response Splitting BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 71 Data flow: data...

CWE: 113 HTTP Response Splitting BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 06 Control flow: i...

CWE: 113 HTTP Response Splitting BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: setHeaderServlet GoodSink: URLEncode input BadSink : querystring to setHeader() Flow Variant: 75 Data flow: data passed in a serialized...

CWE: 113 HTTP Response Splitting BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 72 Data flow: data passed in a Vector from one method to another in different so...

CWE: 113 HTTP Response Splitting BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 45 Data flow: data passed as a private class member variable from one function t...

CWE: 113 HTTP Response Splitting BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 05 Control flow: if(privateTrue) and if(privateFalse)

CWE: 113 HTTP Response Splitting BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 12 Control flow: if(IO.staticReturnsTrueOrFalse())

CWE: 113 HTTP Response Splitting BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 67 Data flow: data passed in a class from one method to another ...