Test cases - NIST Software Assurance Reference Dataset

Displaying test cases 8001 - 8025 of 32356 in total

CWE-89

147577-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147576-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147575-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147574-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147573-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147572-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147571-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147570-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147569-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147568-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147567-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147566-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147565-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147564-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147563-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147562-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147561-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147560-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147559-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147558-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147557-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147556-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147555-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147554-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
CWE-89

147553-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...

Results per page