A file is accessed multiple times by its file descriptor in a publically accessible directory. A race condition does not exist between the accesses where an attacker cannot replace the file referenced by the name.

A malloc-ed data is freed only once.

A syslog is called with a static format string.

A printf is called with a static format string.

The code updates database table. User-controlled data are sanitized by using SQL parameters.

The code updates database table. Data are sanitized by using SQL parameters.

The code updates database table. User-controlled data are sanitized by using SQL parameters.

This test case shows the debugging code is removed from the program. Please refer to test cases 2196

This test case shows index variable of a loop is initialized before use.

Variable is initialized before use.

This code demos the Stored XSS (or Presistent) ==> "Loop Good Case". The servlet retrieves the records from database and reflects it back into the HTTP response after performing the validate, filter, escape and encode of that retrieved data.

This code demos the Stored XSS (or Presistent) ==> "Container Good Case". The servlet retrieves the records from database and reflects it back into the HTTP response after performing the validate, filter, escape and encode of that retrieved data.

This code demos the Stored XSS (or Presistent) ==> "Basic Good Case". The servlet retrieves the records from database and reflects it back into the HTTP response after performing the validate, filter, escape and encode of that retrieved data.

This code demos the Stored XSS (or Presistent) ==> "Scope Good Case". The servlet retrieves the records from database and reflects it back into the HTTP response after performing the validate, filter, escape and encode of that retrieved data.

This code (java servlet) has a FIX to Failure to Preserve Web Page Structure 'Cross-site Scripting (XSS)' CWE-79 vulnerability, with code complexity of scope.

This code (java servlet) has a FIX to Failure to Preserve Web Page Structure 'Cross-site Scripting (XSS)' CWE-79 vulnerability, with code complexity of loop.

This code (java servlet) has a FIX to Failure to Preserve Web Page Structure 'Cross-site Scripting (XSS)' CWE-79 vulnerability, with the code complexity of container.

This code (java servlet) has a FIX to Failure to Preserve Web Page Structure 'Cross-site Scripting (XSS)' CWE-79 vulnerability.

This servlet implements a fixed SQL injection vulnerability with a scope complexity: a SQL request is sent to the database after testing if the current name takes part of the allowed ones.

This servlet implements a fixed SQL injection vulnerability with an array index complexity: a SQL request is sent to the database after testing if the current name takes part of the allowed ones.

This servlet implements a fixed SQL injection vulnerability: a SQL request is sent to the database after testing if the current name takes part of the allowed ones.

This servlet implements a fixed Cross-Site Scripting vulnerability (XSS) with a loop complexity: the data provided by the client in the field "data" is encoded so there is no more XSS.

This servlet implements a fixed Cross-Site Scripting vulnerability (XSS) with a container complexity: the data provided by the client in the field "data" is encoded so there is no more XSS.

This servlet implements a fixed Cross-Site Scripting vulnerability (XSS) with a scope complexity: the data provided by the client in the field "data" is encoded so there is no more XSS.

This servlet implements a fixed Cross-Site Scripting vulnerability (XSS): the data provided by the client in the field "data" is encoded so there is no more XSS.