CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 68 Data flow: data passed as a member variable in the "a" ...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 67 Data flow: data passed in a class from one met...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 66 Data flow: data passed in an array from one me...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 61 Data flow: data returned from one method to an...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 54 Data flow: data passed as an argument from one...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 53 Data flow: data passed as an argument from one...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 53 Data flow: data passed as an argument from one...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 52 Data flow: data passed as an argument from one...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 51 Data flow: data passed as an argument from one function...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 45 Data flow: data passed as a private class memb...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 42 Data flow: data returned from one method to another in ...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 41 Data flow: data passed as an argument from one method t...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 31 Data flow: make a copy of data within the same...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 19 Control flow: Dead code after an if(true) return

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 17 Control flow: for loops

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 16 Control flow: while(true) and while(local_f)

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 15 Control flow: switch(6)

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 14 Control flow: if(IO.static_five==5) and if(IO.static_fi...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 13 Control flow: if(IO.static_final_five==5) and if(IO.sta...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 12 Control flow: if(IO.static_returns_t_or_f())

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 11 Control flow: if(IO.static_returns_t()) and if(IO.stati...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 10 Control flow: if(IO.static_t) and if(IO.static_f)

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 09 Control flow: if(IO.static_final_t) and if(IO.static_fi...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 08 Control flow: if(private_returns_t()) and if(private_re...

CWE: 78 OS Command Injection BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 07 Control flow: if(private_five==5) and if(private_five!=5)