Juliet Java 1.3 with extra support Test suite #109

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 41 Data flow: data passed as an argument from one method to another in the same c...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 42 Data flow: data returned from one method to another in the same class

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 45 Data flow: data passed as a private class member variable from one fu...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 51 Data flow: data passed as an argument from one function to another in differen...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 52 Data flow: data passed as an argument from one method to another to a...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 53 Data flow: data passed as an argument from one method through two oth...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 54 Data flow: data passed as an argument from one method through three o...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 61 Data flow: data returned from one method to another in different clas...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 66 Data flow: data passed in an array from one method to another in diff...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 67 Data flow: data passed in a class from one method to another in diffe...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 68 Data flow: data passed as a member variable in the a class, which is used by a...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 71 Data flow: data passed as an Object reference argument from one metho...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 72 Data flow: data passed in a Vector from one method to another in diff...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 73 Data flow: data passed in a LinkedList from one method to another in ...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 74 Data flow: data passed in a HashMap from one method to another in dif...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 75 Data flow: data passed in a serialized object from one method to anot...

CWE: 78 OS Command Injection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 81 Data flow: data passed in a parameter to an abstract method

CWE: 80 Cross Site Scripting (XSS) BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow Variant...

CWE: 80 Cross Site Scripting (XSS) BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow Variant...

CWE: 80 Cross Site Scripting (XSS) BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow Variant...

CWE: 80 Cross Site Scripting (XSS) BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow Variant...

CWE: 80 Cross Site Scripting (XSS) BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow Variant...

CWE: 80 Cross Site Scripting (XSS) BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow Variant...

CWE: 80 Cross Site Scripting (XSS) BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow Variant...

CWE: 80 Cross Site Scripting (XSS) BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow Variant...