Test cases - NIST Software Assurance Reference Dataset

Displaying test cases 8301 - 8325 of 32356 in total

CWE-89

147277-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147276-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147275-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147274-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147273-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147272-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147271-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147270-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147269-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147268-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147267-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147266-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147265-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147264-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147263-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147262-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147261-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147260-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147259-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147258-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147257-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147256-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147255-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147254-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...
CWE-89

147253-v1.0.0

Added 13 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...

Results per page