Juliet Java 1.0 Test suite #24
DownloadDescription
A collection of test cases in the Java language. It contains examples for 106 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. All documents related to the Juliet Test Suite can be found at the documents page.
Documentation
Displaying test cases 8251 - 8275 of 14184 in total
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 06 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 07 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 08 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 09 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 10 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 11 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 12 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 13 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 14 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 15 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 16 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 17 Control flo...
-
CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 19 Control flo...
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 01 Baseline
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 02 Control flow: if(true) and if(false)
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 03 Control flow: if(5==5) and if(5!=5)
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 04 Control flow: if(private_final_t) and if(private_final_f)
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 05 Control flow: if(private_t) and if(private_f)
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 06 Control flow: if(private_final_five==5) and if(private_final_five!=5)
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 07 Control flow: if(private_five==5) and if(private_five!=5)
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 08 Control flow: if(private_returns_t()) and if(private_returns_f())
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 09 Control flow: if(IO.static_final_t) and if(IO.static_final_f)
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 10 Control flow: if(IO.static_t) and if(IO.static_f)
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 11 Control flow: if(IO.static_returns_t()) and if(IO.static_returns_f())
-
CWE: 566 Access through SQL primary BadSource: user id taken from url parameter GoodSource: hardcoded user id Sinks: writeConsole GoodSink: user permissions checked BadSink : user authorization not checked Flow Variant: 12 Control flow: if(IO.static_returns_t_or_f())