PHP Vulnerability Test Suite Test suite #103
DownloadDescription
Bertrand C. Stivalet and Aurelien Delaitre designed the architecture and oversaw development of a test generator by Telecom Nancy students to create 42 212 test cases in PHP, covering the most common security weakness categories, including XSS, SQL injection, URL redirection, etc. See Bertrand Stivalet and Elizabeth Fong, "Large Scale Generation of Complex and Faulty PHP Test Cases," 2016 IEEE International Conference on Software Testing, Verification and Validation (ICST), Chicago, IL.
Displaying test cases 12126 - 12150 of 42212 in total
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : use of sprintf via a %s with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : concatenation
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : concatenation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : interpretation
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : interpretation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : use of sprintf via a %d
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : use of sprintf via a %d with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : use of sprintf via a %s with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : use of sprintf via a %u
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use in_array to check if $tainted is in the white list construction : use of sprintf via a %u with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : concatenation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : interpretation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : use of sprintf via a %s with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : concatenation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : interpretation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : use of sprintf via a %s with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : concatenation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : interpretation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : use of sprintf via a %s with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : concatenation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : interpretation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use preg_replace to keep only char, number and _ ,\, - construction : use of sprintf via a %s with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use str_replace to escape special chars - construction : concatenation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use str_replace to escape special chars - construction : interpretation with simple quote
-
Safe sample input : use proc_open to read /tmp/tainted.txt SANITIZE : use str_replace to escape special chars - construction : use of sprintf via a %s with simple quote