Back to the previous page

Test Case ID	123300
Bad / Good / Mixed	Mixed
Author	NSA/Center for Assured Software
Associations	Test suite: 86 108
Added by	Charles Oliveira
Language	C
Type of test case	Source Code
Input string
Expected Output
Instructions
Submission date	2013-05-21
Description	CWE: 90 LDAP Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 32 Data flow using two pointers to the same value within the same function
File(s)	CWE90_LDAP_Injection__w32_wchar_t_listen_socket_32.c (9.39 kB) io.c (5.3 kB) std_testcase.h (3.91 kB) std_testcase_io.h (1.42 kB)
Flaw	CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') • 1

There are no comments

Have any comments on this test case? Please, .

File Contains:
CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') on line(s): 158