Displaying test cases 76 - 100 of 114601 in total
-
CWE: 89 SQL Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 66 Data flow: data passed in an array from one me...
-
CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 11 Control flow: if(IO.sta...
-
CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 19 Control flow: Dead code af...
-
CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 17 Control flow: for loops
-
CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 10 Control flow: if(IO.static...
-
CWE: 89 SQL Injection BadSource: getCookiesServlet Read data from the first cookie GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 14 Control flow: if(IO.static_five==5) and if...
-
CWE: 89 SQL Injection BadSource: getCookiesServlet Read data from the first cookie GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 52 Data flow: data passed as an argument from one method...
-
CWE: 89 SQL Injection BadSource: getCookiesServlet Read data from the first cookie GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 31 Data flow: make a copy of data within the same method
-
CWE: 89 SQL Injection BadSource: fromFile Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 17 Control flow: for loops
-
CWE: 89 SQL Injection BadSource: fromFile Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 54 Data flow: data passed as an argument from one meth...
-
CWE: 89 SQL Injection BadSource: fromFile Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 01 Baseline
-
CWE: 89 SQL Injection BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 54 Data flow: data passed as an argument from one method t...
-
CWE: 89 SQL Injection BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 41 Data flow: data passed as an argument from one method t...
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 66 Data flow: data passed in an arra...
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 10 Control flow: if(IO.static_t) and if(IO.s...
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 71 Data flow: data passed as an Object referenc...
-
CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 13 Control flow: if(IO.static_final_five==5) and ...
-
CWE: 89 SQL Injection BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 53 Data flow: data passed as an argument...
-
CWE: 89 SQL Injection BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 53 Data flow: data passed as an argument ...
-
CWE: 89 SQL Injection BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 45 Data flow: data passed as a private cl...
-
CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 31 Data flow: make...
-
CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 01 Baseline
-
CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 53 Data flow: data passed ...
-
CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 13 Control flow: if(IO.sta...
-
CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 01 Baseline