PHP Vulnerability Test Suite Test suite #103
DownloadDescription
Bertrand C. Stivalet and Aurelien Delaitre designed the architecture and oversaw development of a test generator by Telecom Nancy students to create 42 212 test cases in PHP, covering the most common security weakness categories, including XSS, SQL injection, URL redirection, etc. See Bertrand Stivalet and Elizabeth Fong, "Large Scale Generation of Complex and Faulty PHP Test Cases," 2016 IEEE International Conference on Software Testing, Verification and Validation (ICST), Chicago, IL.
Displaying test cases 51 - 75 of 42212 in total
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : use in_array to check if $tainted is in the white list construction : prepared query and right verification
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : use in_array to check if $tainted is in the white list construction : concatenation and checks if the user is allowed to see this data
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : uses of ESAPI, an OWASP API construction : interpretation with simple quote
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : uses of ESAPI, an OWASP API construction : right verification
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : uses of ESAPI, an OWASP API construction : prepared query and no right verification
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : uses of ESAPI, an OWASP API construction : prepared query and right verification
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : uses indirect reference construction : interpretation with simple quote
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : uses indirect reference construction : right verification
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : uses indirect reference construction : prepared query and no right verification
-
Safe sample input : use exec to execute the script /tmp/tainted.php and store the output in $tainted SANITIZE : uses indirect reference construction : prepared query and right verification
-
Unsafe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : cast into int construction : interpretation with simple quote
-
Unsafe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : cast into int construction : concatenation with simple quote
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : cast into int construction : right verification
-
Unsafe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : cast into int construction : prepared query and no right verification
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : cast into int construction : prepared query and right verification
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : cast into int construction : concatenation and checks if the user is allowed to see this data
-
Unsafe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : none construction : fopen
-
Unsafe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted SANITIZE : use of preg_replace construction : fopen
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : use of ternary condition construction : interpretation with simple quote
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : use of ternary condition construction : concatenation with simple quote
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : use of ternary condition construction : fopen
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : use of ternary condition construction : right verification
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : use of ternary condition construction : prepared query and no right verification
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : use of ternary condition construction : prepared query and right verification
-
Safe sample input : use fopen to read /tmp/tainted.txt and put the first line in $tainted sanitize : use of ternary condition construction : concatenation and checks if the user is allowed to see this data