CWE: 78 OS Command Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 08 Control flow: if(privateReturnsTrue...

CWE: 78 OS Command Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 07 Control flow: if(privateFive==5) an...

CWE: 78 OS Command Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 06 Control flow: if(PRIVATE_STATIC_FIN...

CWE: 78 OS Command Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 05 Control flow: if(privateTrue) and i...

CWE: 78 OS Command Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 04 Control flow: if(PRIVATE_STATIC_FIN...

CWE: 78 OS Command Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 78 OS Command Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 02 Control flow: if(true) and if(false)

CWE: 78 OS Command Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 01 Baseline

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 81 Data flow: data passed in a parameter to an abstract...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 75 Data flow: data passed in a serialized object from o...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 74 Data flow: data passed in a HashMap from one method ...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 73 Data flow: data passed in a LinkedList from one meth...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 72 Data flow: data passed in a Vector from one method t...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 71 Data flow: data passed as an Object reference argume...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 68 Data flow: data passed as a member variable in the a class, w...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 67 Data flow: data passed in a class from one method to...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 66 Data flow: data passed in an array from one method t...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 61 Data flow: data returned from one method to another ...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 54 Data flow: data passed as an argument from one metho...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 53 Data flow: data passed as an argument from one metho...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 52 Data flow: data passed as an argument from one metho...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 51 Data flow: data passed as an argument from one function to an...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 45 Data flow: data passed as a private class member var...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 42 Data flow: data returned from one method to another in the sa...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 41 Data flow: data passed as an argument from one method to anot...