Displaying test cases 30876 - 30900 of 32356 in total
-
This test takes in a value from an argument and uses it as a array accessor resulting in an ArrayIndexOutOfBounds exception. Metadata -Base program: Elastic Search - Source Taint: SOCKET - Data Type: array - Data Flow: basic - Control Flow: interclass_50
-
CWE: 90 LDAP Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 05 Control flow: if(privateTrue) and if(privateFalse)
-
CWE: 90 LDAP Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 67 Data flow: data passed in a class from one method to another in different source file...
-
CWE: 89 SQL Injection BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: execute GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in execute(), which could resul...
-
CWE: 81 Cross Site Scripting (XSS) in Error Message BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: sendErrorServlet BadSink : XSS in sendError Flow Variant: 71 Data flow: data passed as an Object reference argument f...
-
CWE: 789 Uncontrolled Memory Allocation BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: ArrayList BadSink : Create an ArrayList using data as the initial size Flow Variant: 74 Data flow: data passe...
-
CWE: 789 Uncontrolled Memory Allocation BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: ArrayList Create an ArrayList using data as the initial size Flow Variant: 17 Control flow: for loops
-
CWE: 681 Incorrect Conversion Between Numeric Types Sinks: double2float GoodSink: check for conversion error BadSink : explicit cast Flow Variant: 17 Control flow: for loops
-
CWE: 643 Xpath Injection BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 07 Control flow: if(privateFive=...
-
CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 17 Control flow: for loops
-
CWE: 539 Information Exposure Through Persistent Cookie Sinks: GoodSink: Do not use a persistent cookie BadSink : Use a persistent cookie Flow Variant: 15 Control flow: switch(7)
-
CWE: 400 Resource Exhaustion BadSource: random Set count to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: for_loop GoodSink: Validate count before using it as the loop variant in a for loop BadSink : Use count as the loop variant in a for loop Flow Va...
-
CWE: 400 Resource Exhaustion BadSource: database Read count from a database GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: write GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file count number of times Flow Variant: 05...
-
CWE: 369 Divide by zero BadSource: zero Set data to a hardcoded value of zero GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 15 Control flow: switch(6) and switch(7)
-
CWE: 369 Divide by zero BadSource: zero Set data to a hardcoded value of zero GoodSource: A hardcoded non-zero number (two) Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 51 Data flow: data passed as an argument from one funct...
-
CWE: 369 Divide by zero BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero number (two) Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 03 Control flow: if(5==5) and if(5!=5)
-
CWE: 369 Divide by zero BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero number (two) Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 61 Data flow: data retur...
-
CWE: 325 Missing Required Cryptographic Step Sinks: KeyGenerator_init GoodSink: Include call to KeyGenerator.init() BadSink : Missing call to KeyGenerator.init() Flow Variant: 15 Control flow: switch(7)
-
CWE: 23 Relative Path Traversal BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: readFile no validation Flow Variant: 16 Control flow: while(true)
-
CWE: 23 Relative Path Traversal BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: readFile BadSink : no validation Flow Variant: 45 Data flow: data passed as a private class member variable from one function to another in the same class
-
CWE: 23 Relative Path Traversal BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: readFile BadSink : no validation Flow Variant: 73 Data flow: data passed in a LinkedList from one method to another in different source files in the same package
-
CWE: 197 Numeric Truncation Error BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_byte Convert data to a byte Flow Variant: 51 Data flow: data passed as an argument from one function to another in different classes in th...
-
CWE: 197 Numeric Truncation Error BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_short Convert data to a short Flow Variant: 02 Control flow: if(true) and if(false)
-
CWE: 191 Integer Underflow BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negati...
-
CWE: 191 Integer Underflow BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cau...