Test cases - NIST Software Assurance Reference Dataset

Displaying test cases 1626 - 1650 of 113211 in total

CWE-89

146748-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146747-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146746-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146745-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146744-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146743-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146742-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146741-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146740-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146739-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146738-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146737-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146736-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146735-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146734-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146733-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146732-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL...
CWE-89

146731-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could result in SQL Injecti...
CWE-89

146730-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could result in SQL Injecti...
CWE-89

146729-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could result in SQL Injecti...
CWE-89

146728-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could result in SQL Injecti...
CWE-89

146727-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could result in SQL Injecti...
CWE-89

146726-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could result in SQL Injecti...
CWE-89

146725-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could result in SQL Injecti...
CWE-89

146724-v1.0.0

Added 12 years ago

candidate

mixed

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could result in SQL Injecti...

Results per page