Juliet Java 1.0 Test suite #24

Author: NSA Center for Assured Software
Language: Java
Size: 134 MB
Sha256sum: fb195e498bd147caad3f9e929c639458074e1e3419d4625845ca4ab154c0cb7b
Number Of Test Cases: 14,184
Submission Date: 01 Dec 2010

Description

A collection of test cases in the Java language. It contains examples for 106 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. All documents related to the Juliet Test Suite can be found at the documents page.

Documentation

Juliet v1.0 for Java cases.pdf

Displaying test cases 11426 - 11450 of 14184 in total

CWE-80

59006-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 53 Data flow: data passed as an argument from one method throug...
CWE-80

59007-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 54 Data flow: data passed as an argument from one method throug...
CWE-80

59008-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 61 Data flow: data returned from one method to another in diffe...
CWE-80

59009-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 66 Data flow: data passed in an array from one method to anothe...
CWE-80

59010-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 67 Data flow: data passed in a class from one method to another...
CWE-80

59011-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 68 Data flow: data passed as a member variable in the "a" class, which i...
CWE-80

59012-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 71 Data flow: data passed as an Object reference argument from ...
CWE-80

59013-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 01 Baseline
CWE-80

59014-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 02 Control flow: if(true) and if(false)
CWE-80

59015-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 03 Control flow: if(5==5) and if(5!=5)
CWE-80

59016-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 04 Control flow: if(private_final_t) and if(private_final_f)
CWE-80

59017-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 05 Control flow: if(private_t) and if(private_f)
CWE-80

59018-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 06 Control flow: if(private_final_five==5) and if(private_final_five!=5)
CWE-80

59019-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 07 Control flow: if(private_five==5) and if(private_five!=5)
CWE-80

59020-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 08 Control flow: if(private_returns_t()) and if(private_returns_f())
CWE-80

59021-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 09 Control flow: if(IO.static_final_t) and if(IO.static_final_f)
CWE-80

59022-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 10 Control flow: if(IO.static_t) and if(IO.static_f)
CWE-80

59023-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 11 Control flow: if(IO.static_returns_t()) and if(IO.static_returns_f())
CWE-80

59024-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 12 Control flow: if(IO.static_returns_t_or_f())
CWE-80

59025-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 13 Control flow: if(IO.static_final_five==5) and if(IO.static_final_five!=5)
CWE-80

59026-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 14 Control flow: if(IO.static_five==5) and if(IO.static_five!=5)
CWE-80

59027-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 15 Control flow: switch(6)
CWE-80

59028-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 16 Control flow: while(true) and while(local_f)
CWE-80

59029-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 17 Control flow: for loops
CWE-80

59030-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 19 Control flow: Dead code after an if(true) return

Results per page