Juliet Java 1.3 with extra support Test suite #109

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 21 Control flow: Flow controlled by value of a private variable. All fu...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 22 Control flow: Flow controlled by value of a public static variable. ...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 31 Data flow: make a copy of data within the same method

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 41 Data flow: data passed as an argument from one method to another in ...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 42 Data flow: data returned from one method to another in the same class

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 45 Data flow: data passed as a private class member variable from one f...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 51 Data flow: data passed as an argument from one function to another i...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 52 Data flow: data passed as an argument from one method to another to ...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 53 Data flow: data passed as an argument from one method through two ot...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 54 Data flow: data passed as an argument from one method through three ...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 61 Data flow: data returned from one method to another in different cla...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 66 Data flow: data passed in an array from one method to another in dif...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 67 Data flow: data passed in a class from one method to another in diff...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 68 Data flow: data passed as a member variable in the a class, which is...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 71 Data flow: data passed as an Object reference argument from one meth...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 72 Data flow: data passed in a Vector from one method to another in dif...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 73 Data flow: data passed in a LinkedList from one method to another in...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 74 Data flow: data passed in a HashMap from one method to another in di...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 75 Data flow: data passed in a serialized object from one method to ano...

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 81 Data flow: data passed in a parameter to an abstract method

CWE: 643 Xpath Injection BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 01 Baseline

CWE: 643 Xpath Injection BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 02 Control flow: if(true) and if(false)

CWE: 643 Xpath Injection BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 643 Xpath Injection BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 04 Control flow: if(PRIVATE_STATIC_F...

CWE: 643 Xpath Injection BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 05 Control flow: if(privateTrue) and...