CWE: 89 SQL Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 66 Data flow: data passed in an array from one me...

CWE: 89 SQL Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 05 Control flow: if(private_t) and if(private_f)

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 11 Control flow: if(IO.sta...

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 06 Control flow: if(privat...

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 19 Control flow: Dead code af...

CWE: 89 SQL Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 17 Control flow: for loops

CWE: 89 SQL Injection BadSource: getCookiesServlet Read data from the first cookie GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 14 Control flow: if(IO.static_five==5) and if...

CWE: 89 SQL Injection BadSource: fromFile Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 17 Control flow: for loops

CWE: 89 SQL Injection BadSource: fromFile Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 54 Data flow: data passed as an argument from one meth...

CWE: 89 SQL Injection BadSource: fromFile Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 01 Baseline

CWE: 89 SQL Injection BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 68 Data flow: data passed as a member variable in the "a" ...

CWE: 89 SQL Injection BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 54 Data flow: data passed as an argument from one method t...

CWE: 89 SQL Injection BadSource: fromDB Read a string from a database connection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 41 Data flow: data passed as an argument from one method t...

CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 66 Data flow: data passed in an arra...

CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 10 Control flow: if(IO.static_t) and if(IO.s...

CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 02 Control flow: if(true) and if(false)

CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 66 Data flow: data passed in an array from one ...

CWE: 89 SQL Injection BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: executeBatch GoodSink: prepared sqlstatement, batch BadSink : untrusted input to raw update batch Flow Variant: 13 Control flow: if(IO.static_final_five==5) and ...

CWE: 89 SQL Injection BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 41 Data flow: data passed as an argume...

CWE: 89 SQL Injection BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 53 Data flow: data passed as an argument ...

CWE: 89 SQL Injection BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: prepared sqlstatement, executeQuery BadSink : raw query used in executeQuery Flow Variant: 45 Data flow: data passed as a private cl...

CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 04 Control flow: i...

CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 01 Baseline

CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 13 Control flow: if(IO.sta...

CWE: 89 SQL Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: prepared sqlstatement, executeUpdate BadSink : raw query used in executeUpdate Flow Variant: 01 Baseline