Juliet Java 1.0 Test suite #24

Author: NSA Center for Assured Software
Language: Java
Size: 134 MB
Sha256sum: fb195e498bd147caad3f9e929c639458074e1e3419d4625845ca4ab154c0cb7b
Number Of Test Cases: 14,184
Submission Date: 01 Dec 2010

Description

A collection of test cases in the Java language. It contains examples for 106 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. All documents related to the Juliet Test Suite can be found at the documents page.

Documentation

Juliet v1.0 for Java cases.pdf

Displaying test cases 11676 - 11700 of 14184 in total

CWE-80

59256-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 41 Data flow: data passed as an argument from one method to another in t...
CWE-80

59257-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 42 Data flow: data returned from one method to another in the same class
CWE-80

59258-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 45 Data flow: data passed as a private class member variable fr...
CWE-80

59259-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 51 Data flow: data passed as an argument from one function to another in...
CWE-80

59260-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 52 Data flow: data passed as an argument from one method to ano...
CWE-80

59261-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 53 Data flow: data passed as an argument from one method to ano...
CWE-80

59262-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 53 Data flow: data passed as an argument from one method throug...
CWE-80

59263-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 54 Data flow: data passed as an argument from one method throug...
CWE-80

59264-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 61 Data flow: data returned from one method to another in diffe...
CWE-80

59265-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 66 Data flow: data passed in an array from one method to anothe...
CWE-80

59266-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 67 Data flow: data passed in a class from one method to another...
CWE-80

59267-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 68 Data flow: data passed as a member variable in the "a" class, which i...
CWE-80

59268-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string Sinks: Servlet BadSink : querystring parameter not sanitized Flow Variant: 71 Data flow: data passed as an Object reference argument from ...
CWE-80

59269-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 01 Baseline
CWE-80

59270-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 02 Control flow: if(true) and if(false)
CWE-80

59271-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 03 Control flow: if(5==5) and if(5!=5)
CWE-80

59272-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 04 Control flow: if(private_final_t) and if(private_final_f)
CWE-80

59273-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 05 Control flow: if(private_t) and if(private_f)
CWE-80

59274-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 06 Control flow: if(private_final_five==5) and if(private_final_five!=5)
CWE-80

59275-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 07 Control flow: if(private_five==5) and if(private_five!=5)
CWE-80

59276-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 08 Control flow: if(private_returns_t()) and if(private_returns_f())
CWE-80

59277-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 09 Control flow: if(IO.static_final_t) and if(IO.static_final_f)
CWE-80

59278-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 10 Control flow: if(IO.static_t) and if(IO.static_f)
CWE-80

59279-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 11 Control flow: if(IO.static_returns_t()) and if(IO.static_returns_f())
CWE-80

59280-v1.0.0

Added 14 years ago

deprecated

mixed

CWE: 80 Cross Site Scripting (XSS) BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: Servlet querystring parameter not sanitized Flow Variant: 12 Control flow: if(IO.static_returns_t_or_f())

Results per page