CWE: 134 Uncontrolled Format String BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string Sinks: format GoodSink: dynamic formatted stdout with string defined BadSink : dynamic formatted stdout without validation Flow Variant: 73 Data flow: d...

CWE: 129 Improper Validation of Array Index BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of index Flo...

CWE: 129 Improper Validation of Array Index BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than array.len...

CWE: 129 Improper Validation of Array Index BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than array.length BadSink : Read from ar...

CWE: 129 Improper Validation of Array Index BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of in...

CWE: 129 Improper Validation of Array Index BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array...

CWE: 129 Improper Validation of Array Index BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verifi...

CWE: 129 Improper Validation of Array Index BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index B...

CWE: 129 Improper Validation of Array Index BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index B...

CWE: 129 Improper Validation of Array Index BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that da...

CWE: 129 Improper Validation of Array Index BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_size GoodSink: data is used to set the size of the array and it must be greater than 0 Bad...

CWE: 129 Improper Validation of Array Index BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than ...

CWE: 129 Improper Validation of Array Index BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than ...

CWE: 129 Improper Validation of Array Index BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that data is at least 0 and less than array.length B...

CWE: 129 Improper Validation of Array Index BadSource: database Read data from a database GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_size GoodSink: data is used to set the size of the array and it must be greater than 0 BadSink : data is used to set the size...

CWE: 129 Improper Validation of Array Index BadSource: database Read data from a database GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of index Fl...

CWE: 129 Improper Validation of Array Index BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any v...

CWE: 129 Improper Validation of Array Index BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than array.length B...

CWE: 129 Improper Validation of Array Index BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than array.length B...

CWE: 113 HTTP Response Splitting BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 08 Control flow: i...

CWE: 113 HTTP Response Splitting BadSource: Property Read data from a system property GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 01 Baseline

CWE: 113 HTTP Response Splitting BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 81 Data flow: data passed in a parameter to a...

CWE: 113 HTTP Response Splitting BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 74 Data flow: data passed in a HashMap from one method to an...

CWE: 113 HTTP Response Splitting BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 17 Control flow: for loops

This code demos the Reflected XSS (or Non-Persistent) ==> "Loop Bad Case". The servlet reads the user input from the HTTP request and directly reflects the user input back into the HTTP response.