Displaying test cases 226 - 250 of 113211 in total
-
Hardcoded string input filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
Hardcoded string input filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
Command line args Xpath replace char sink : SQL query
-
Hardcoded string input Xpath replace char sink : SQL query
-
input : shell commands Xpath replace char sink : SQL query
-
input : direct user input in string filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
input : shell commands filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
Hardcoded string input filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
Hardcoded string input filtering : check if there is only numbers sink : SQL query
-
input : direct user input in string no filtering sink : SQL query
-
Hardcoded string input Xpath replace char construction : concatenation with simple quote
-
Hardcoded string input Xpath replace char construction : concatenation with simple quote
-
input : direct user input in string Xpath replace char construction : concatenation with simple quote
-
input : direct user input in string filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter construction : concatenation with simple quote
-
Command line args filtering : check if there is only numbers construction : concatenation with simple quote
-
input : shell commands filtering : check if there is only numbers construction : concatenation with simple quote
-
input : shell commands filtering : check if there is only numbers construction : concatenation with simple quote
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted SANITIZE : uses of ESAPI, an OWASP API construction : prepared query and right verification
-
CWE: 89 SQL Injection BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could res...
-
CWE: 89 SQL Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could re...
-
CWE: 89 SQL Injection BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement use...
-
CWE: 89 SQL Injection BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(),...
-
CWE: 89 SQL Injection BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), which could result...
-
CWE: 566 Authorization Bypass through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id BadSink: writeConsole user authorization not checked Flow Variant: 04 Control flow: if(PRIVATE_STATIC_FINAL_TRUE) and if(PRIVATE_STATIC_FINAL_FALSE)