MS Test suite #27
DownloadDescription
No description
Displaying all 25 test cases
-
Omitting a break statement so that one may fall through is often indistinguishable from an error, and therefore should not be used. (from TCCLASP-5_6_15_10)
-
Tainted input allows arbitrary files to be read and written.
-
Tainted input allows arbitrary files to be read and written. (fixed version)
-
Two file operations are performed on a filename, allowing a filename race condition to occur.
-
The credentials for connecting to the database are hard-wired into the sourcecode.
-
An exception leaks internal path information to the user.
-
An exception leaks internal path information to the user. (fixed version)
-
Tainted output allows log entries to be forged.
-
Tainted output allows log entries to be forged. (fixed version)
-
Tainted output allows log entries to be forged.
-
Tainted output allows log entries to be forged. (fixed version)
-
Memory resources are referenced indefinitely but never used, resulting in a memory leak.
-
Memory resources are referenced indefinitely but never used, resulting in a memory leak. (fixed version)
-
Tainted input allows command execution.
-
Tainted input allows command execution. (fixed version)
-
Tainted data spliced into a SQL query leads to a SQL injection issue.
-
Tainted data spliced into a SQL query leads to a SQL injection issue. (fixed version)
-
Tainted output allows cross-site scripting attack.
-
Tainted output allows cross-site scripting attack.
-
Tainted output allows cross-site scripting attack. (fixed version 2)
-
Test of tool to identify potential resource injection weakness in source code.
-
Test determines if a tool can identify a hardcoded password weakness in code.
-
Test of tool ability to identify an unchecked (unhandled) exception in Java.
-
Private Array-Typed field returned from a public method.
-
Test of tool\'s ability to identify an assignment of public data to to a private array field.