This test reads data from a sensitive file without checking the return value, and then repeats the operation on a non-sensitive file, then printing the second file. Technical Impact is information leakage. Metadata - Base program: Apache Lucene - Source Taint: ENVIRONMENT_VARIABLE - Data Typ...

CWE: 89 SQL Injection BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(),...

CWE: 89 SQL Injection BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could result in SQL Injec...

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), which could result in SQL Injection F...

CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into U...

CWE: 78 OS Command Injection BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 16 Control flow: while(true)

CWE: 789 Uncontrolled Memory Allocation BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: ArrayList BadSink : Create an ArrayList using data as the initial size Fl...

CWE: 789 Uncontrolled Memory Allocation BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: HashMap Create a HashMap using data as the initial size Flow Variant: 68 Data flow: data passed as a member variab...

CWE: 789 Uncontrolled Memory Allocation BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: ArrayList Create an ArrayList using data as the initial size Flow Variant: 08 Control flow: if(privateReturnsTrue()) a...

CWE: 506 Embedded Malicious Code Sinks: file_transfer_connect_tcp BadSink : Send file contents over the network using an outbound tcp connection BadOnly (No GoodSink) Flow Variant: 02 Control flow: if(true)

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: Environment Read data from an environment variable GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow Variant: 10 Control flow: if(IO.staticTrue) and...

CWE: 400 Resource Exhaustion Sinks: GoodSink: Size of uploaded file restricted to 10 MB BadSink : No restriction on upload size Flow Variant: 08 Control flow: if(privateReturnsTrue()) and if(privateReturnsFalse())

CWE: 400 Resource Exhaustion BadSource: Property Read count from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: write GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file count number of times Flow Vari...

CWE: 383 J2EE Bad Practices Direct Use Of Threads Sinks: BadSink : performs thread management BadOnly (No GoodSink) Flow Variant: 11 Control flow: if(IO.staticReturnsTrue())

CWE: 36 Absolute Path Traversal BadSource: Property Read data from a system property GoodSource: A hardcoded string Sinks: readFile BadSink : read line from file from disk Flow Variant: 61 Data flow: data returned from one method to another in different classes in the same package

CWE: 369 Divide by zero BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 73 Dat...

CWE: 369 Divide by zero BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 03 Con...

CWE: 369 Divide by zero BadSource: random Set data to a random value between 0.0f (inclusive) and 1.0f (exclusive) GoodSource: A hardcoded non-zero number (two) Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 42 Data flow: ...

CWE: 338 Use of Cryptographically Weak PRNG Sinks: math GoodSink: stronger PRNG BadSink : weak PRNG Flow Variant: 10 Control flow: if(IO.staticTrue) and if(IO.staticFalse)

CWE: 23 Relative Path Traversal BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: readFile no validation Flow Variant: 05 Control flow: if(privateTrue) and if(privateFalse)

CWE: 209 Information exposure through error message Sinks: printStackTrace_Servlet GoodSink: Print a generic error message to response BadSink : Print stack trace to response Flow Variant: 06 Control flow: if(PRIVATE_STATIC_FINAL_FIVE==5) and if(PRIVATE_STATIC_FINAL_FIVE!=5)

CWE: 197 Numeric Truncation Error BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_short BadSink : Convert data to a short Flow Variant: 61 Data flow: data returned from one method to another in ...

CWE: 197 Numeric Truncation Error BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_short BadSink : Convert data to a short Flow Variant: 22 Control flow: Flow controlled by value of ...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can cause a...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an ...