CWE: 89 SQL Injection BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which c...

CWE: 89 SQL Injection BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could res...

CWE: 89 SQL Injection BadSource: Property Read data from a system property GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could result in SQL ...

CWE: 89 SQL Injection BadSource: Property Read data from a system property GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), which could result in SQL Injec...

CWE: 89 SQL Injection BadSource: Property Read data from a system property GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL Injectio...

CWE: 89 SQL Injection BadSource: Property Read data from a system property GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could result in SQL Injectio...

CWE: 89 SQL Injection BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() ...

CWE: 89 SQL Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in ...

CWE: 89 SQL Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could result in ...

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which...

CWE: 89 SQL Injection BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), whi...

CWE: 89 SQL Injection BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which ...

CWE: 89 SQL Injection BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could result in S...

CWE: 89 SQL Injection BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: execute GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in execute(), which could result in SQL Injection Flow Vari...

CWE: 89 SQL Injection BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: execute GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in execute(), which could result in SQL Injection Flow Vari...

CWE: 89 SQL Injection BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), which could result in SQL In...

CWE: 89 SQL Injection BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could result in SQL Injec...

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could resul...

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), which could result in ...

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: execute GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in execute(), which could result in SQL Injection Flow Variant: 53 Da...

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection Flow...

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection Flow...

CWE: 89 SQL Injection BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in...

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could result in SQL...

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could result in SQL...