Test cases - NIST Software Assurance Reference Dataset

Displaying test cases 7851 - 7875 of 32356 in total

CWE-89

147727-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147726-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147725-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147724-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147723-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147722-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147721-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147720-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147719-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147718-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147717-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147716-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147715-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147714-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147713-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147712-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147711-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147710-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147709-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147708-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147707-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147706-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147705-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147704-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...
CWE-89

147703-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used...

Results per page