The code tries to execute a system command, read from the input buffer. Validation is done by ProcessBuilder before execution.

This test is an example of a \"potential\" null pointer dereference, with an inter-procedural scope complexity. If a system variable \"java.class.path\" is undefined, then any attempt to use its value will result in a null pointer dereference.

This test is an example of a \"potential\" null pointer dereference, with a local control flow complexity, which is a \"switch\" conditional structure. If a system variable \"java.class.path\" is undefined, then any attempt to use its value will result in a null pointer dereference.

This test is an example of a \"potential\" null pointer dereference, with a one level of address aliasing. If a system variable \"java.class.path\" is undefined, then any attempt to use its value will result in a null pointer dereference. Code complexity: adress alias level

This is an example of what could be a critical resource lock weakness. A temporary file is locked by the application, but not released. If the file is used by other processes could be delayed or denied, creating a potential \"denial of service\".

This test illustrates an \"unchecked error condition\" weakness, where an exception is \"caught\", but no action is taken within the \"catch\" clause.

This test is an example of a \"potential\" null pointer dereference. If a system variable \"java.class.path\" is undefined, then any attempt to use its value will result in a null pointer dereference.

This test illustrates the potential to create entry points in the application (and possibly expose state information) that would otherwise not be available to a general user. This is possible through evaluation of user input for a \"debug\" command.

The code checks the state of a file to use but its state can change while the thread function sleep is running. So results are invalid.

Authorization is given by an hard-coded password, which is built into the code. So it can be read from a copy, be changed easily, and every copy of the code uses the same one.

Authorization is given by an hard-coded password, which is built into the code. So it can be read from a copy, be changed easily, and every copy of the code uses the same one.

Authorization is given by an hard-coded password, which is built into the code. So it can be read from a copy, be changed easily, and every copy of the code uses the same one.

Authorization is given by an hard-coded password, which is built into the code. So it can be read from a copy, be changed easily, and every copy of the code uses the same one.

Authorization is given by an hard-coded password, which is built into the code. So it can be read from a copy, be changed easily, and every copy of the code uses the same one.

The code, with a container complexity, creates a file from data read, without filtering.

The code, with a scope complexity, creates a file from data read, without filtering.

The code creates a file from data read, without filtering.

The code, with a loop structure complexity, tries to execute a system command, read from the input buffer, without any validation.

The code, with a local control flow complexity, tries to execute a system command, read from the input buffer, without any validation.

The code, with a scope complexity, tries to execute a system command, read from the input buffer, without any validation.

The code tries to execute a system command, read from the input buffer, without any validation.

The test cases shows hard-coded password is not used.

The test cases shows hard-coded password is used.

Test of tool\'s ability to identify an assignment of public data to to a private array field.

Private Array-Typed field returned from a public method.