Displaying test cases 4401 - 4425 of 113211 in total
-
input : direct user input in string Xpath replace char sink : SQL query
-
input : direct user input in string Xpath replace char sink : SQL query
-
input : shell commands Xpath replace char sink : SQL query
-
Command line args filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
Hardcoded string input filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
input : direct user input in string filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
input : direct user input in string filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
input : shell commands filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
input : shell commands filtering : remove all '\', '*', '(', ')', 'u0000', '/' in parameter sink : SQL query
-
Command line args filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
input : direct user input in string filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
input : shell commands filtering : remove semi-colon and all invalid filenames and chars in paths sink : SQL query
-
Hardcoded string input filtering : check if there is only numbers sink : SQL query
-
Command line args no filtering sink : SQL query
-
Hardcoded string input no filtering sink : SQL query
-
Hardcoded string input no filtering sink : SQL query
-
Hardcoded string input no filtering sink : SQL query
-
input : direct user input in string no filtering sink : SQL query
-
CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), wh...
-
CWE: 89 SQL Injection BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which ...
-
CWE: 89 SQL Injection BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), which could result in SQL In...
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), which could ...
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could res...
-
CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could result in SQL...