Test cases - NIST Software Assurance Reference Dataset

Displaying test cases 283476 - 283500 of 291048 in total

197284-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : get the field userData from the variable $_GET via an object SANITIZE : use of urlencode File : use of untrusted data in a quoted event handler in a script
CWE-79

196447-v1.0.0

Added 10 years ago

candidate

bad

Unsafe sample input : get the field userData from the variable $_GET via an object sanitize : none File : use of untrusted data in a property value (CSS)
CWE-79

194893-v1.0.0

Added 10 years ago

candidate

bad

Unsafe sample input : execute a ls command using the function system, and put the last result in $tainted Uses a number_float_filter via filter_var function File : use of untrusted data in a property value (CSS)
CWE-79

193093-v1.0.0

Added 10 years ago

candidate

bad

Unsafe sample input : use proc_open to read /tmp/tainted.txt Flushes content of $sanitized if the filter number_int_filter is not applied File : unsafe, use of untrusted data in an attribute name
192509-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : get the field UserData from the variable $_POST sanitize : cast via + = 0.0 File : use of untrusted data in a div tag
191192-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : reads the field UserData from the variable $_GET Flushes content of $sanitized if the filter number_float_filter is not applied File : use of untrusted data in one side of a quoted expression in a script
191068-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : reads the field UserData from the variable $_GET Uses a full_special_chars_filter via filter_var function File : use of untrusted data in a quoted event handler in a script
187013-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : use shell_exec to cat /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : concatenation with simple quote
CWE-601

186839-v1.0.0

Added 10 years ago

candidate

bad

Unsafe sample input : use shell_exec to cat /tmp/tainted.txt Flushes content of $sanitized if the filter email_filter is not applied construction : concatenation with simple quote
183412-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : get the $_GET['userData'] in an array sanitize : cast via + = 0 construction : use of sprintf via a %d with simple quote
CWE-89

179565-v1.0.0

Added 10 years ago

candidate

bad

Unsafe sample input : get the field userData from the variable $_GET via an object, which store it in a array Uses a full_special_chars_filter via filter_var function construction : interpretation with simple quote
178846-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : get the field userData from the variable $_GET via an object sanitize : use of intval construction : use of sprintf via a %d with simple quote
177358-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : get the field userData from the variable $_GET via an object sanitize : use of ternary condition construction : interpretation with simple quote
CWE-90

176968-v1.0.0

Added 10 years ago

candidate

bad

Unsafe sample input : get the field userData from the variable $_GET via an object sanitize : none construction : use of sprintf via a %s with simple quote
168884-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use of preg_replace construction : concatenation with simple quote
167662-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : use proc_open to read /tmp/tainted.txt sanitize : check if there is only letters and/or numbers construction : interpretation with simple quote
163922-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : reads the field UserData from the variable $_GET SANITIZE : use of preg_replace with another regex construction : concatenation with simple quote
CWE-90

162048-v1.0.0

Added 10 years ago

candidate

bad

Unsafe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : use of the function htmlspecialchars. Sanitizes the query but has a high chance to produce unexpected results construction : interpretation with simple quote
CWE-90

162042-v1.0.0

Added 10 years ago

candidate

bad

Unsafe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : use of the function htmlspecialchars. Sanitizes the query but has a high chance to produce unexpected results construction : interpretation with simple quote
CWE-89

160456-v1.0.0

Added 10 years ago

candidate

bad

Unsafe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : use of mysql_real_escape string construction : interpretation
160400-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted sanitize : use of intval construction : concatenation with simple quote
CWE-89

159392-v1.0.0

Added 10 years ago

candidate

bad

Unsafe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted Uses an email_filter via filter_var function construction : concatenation with simple quote
158332-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : backticks interpretation, reading the file /tmp/tainted.txt sanitize : cast via + = 0 construction : use of sprintf via a %d with simple quote
157816-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : backticks interpretation, reading the file /tmp/tainted.txt Uses a magic_quotes_filter via filter_var function construction : use of sprintf via a %s with simple quote
157254-v1.0.0

Added 10 years ago

candidate

good

Safe sample input : get the UserData field of $_SESSION SANITIZE : uses of ESAPI, an OWASP API construction : prepared query and right verification

Results per page