Deprecated test suite
Juliet Java 1.2 with extra support Test suite #87
DownloadDescription
This is a collection of test cases in the Java language. It contains examples for 112 different CWEs.NOTE: This package contains only individual test cases. We recommend to download the full test suite at the top of the "Test Suite" page. All documents related to the Juliet Test Suite can be found at the documents page
Displaying test cases 21976 - 22000 of 25477 in total
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page without any encoding or validation Flow Variant: 61 Data flow: data returned from one method to ano...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page without any encoding or validation Flow Variant: 66 Data flow: data passed in an array from one met...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page without any encoding or validation Flow Variant: 67 Data flow: data passed in a class from one meth...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 68 Data flow: data passed as a member variable in the a cl...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page without any encoding or validation Flow Variant: 71 Data flow: data passed as an Object reference a...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page without any encoding or validation Flow Variant: 72 Data flow: data passed in a Vector from one met...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page without any encoding or validation Flow Variant: 73 Data flow: data passed in a LinkedList from one...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page without any encoding or validation Flow Variant: 74 Data flow: data passed in a HashMap from one me...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page without any encoding or validation Flow Variant: 75 Data flow: data passed in a serialized object f...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page without any encoding or validation Flow Variant: 81 Data flow: data passed in a parameter to an abs...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 01 Baseline
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 02 Control flow: if(true) and if...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 03 Control flow: if(5==5) and if...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 04 Control flow: if(PRIVATE_STAT...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 05 Control flow: if(privateTrue)...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 06 Control flow: if(PRIVATE_STAT...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 07 Control flow: if(privateFive=...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 08 Control flow: if(privateRetur...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 09 Control flow: if(IO.STATIC_FI...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 10 Control flow: if(IO.staticTru...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 11 Control flow: if(IO.staticRet...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 12 Control flow: if(IO.staticRet...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 13 Control flow: if(IO.STATIC_FI...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 14 Control flow: if(IO.staticFiv...
-
CWE: 80 Cross Site Scripting (XSS) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string BadSink: Display of data in web page without any encoding or validation Flow Variant: 15 Control flow: switch(6)