Downloads:
Back to the previous page
| Test Case ID |  123227 |
| Bad / Good / Mixed | Mixed |
| Author | NSA/Center for Assured Software |
| Associations | |
| Added by | Charles Oliveira |
| Language | C |
| Type of test case | Source Code |
| Input string | |
| Expected Output | |
| Instructions | |
| Submission date | 2013-05-21 |
| Description | CWE: 90 LDAP Injection BadSource: environment Read input from an environment variable GoodSource: Use a fixed string Sinks: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 81 Data flow: data passed in a parameter to an virtual method called via a reference |
| File(s) |
|
| Flaw |
There are no comments
Have any comments on this test case? Please,
.
- CWE90_LDAP_Injection__w32_wchar_t_environment_81.h
- CWE90_LDAP_Injection__w32_wchar_t_environment_81_bad.cpp
- CWE90_LDAP_Injection__w32_wchar_t_environment_81_goodG2B.cpp
- CWE90_LDAP_Injection__w32_wchar_t_environment_81a.cpp
- io.c
- std_testcase.h
- std_testcase_io.h
File Contains:
CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') on line(s): 51
CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') on line(s): 51