CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow Variant: 06 Control flow: if(PRIVATE_STATIC_...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow Variant: 05 Control flow: if(privateTrue) an...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow Variant: 04 Control flow: if(PRIVATE_STATIC_...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow Variant: 02 Control flow: if(true) and if(fa...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow Variant: 01 Baseline

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow V...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow V...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow V...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow V...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data...