Downloads:
Back to the previous page
| Test Case ID |  123326 |
| Bad / Good / Mixed | Mixed |
| Author | NSA/Center for Assured Software |
| Associations | |
| Added by | Charles Oliveira |
| Language | C |
| Type of test case | Source Code |
| Input string | |
| Expected Output | |
| Instructions | |
| Submission date | 2013-05-21 |
| Description | CWE: 90 LDAP Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed string Sinks: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 84 Data flow: data passed to class constructor and destructor by declaring the class object on the heap and deleting it after use |
| File(s) |
|
| Flaw |
There are no comments
Have any comments on this test case? Please,
.
- CWE90_LDAP_Injection__w32_wchar_t_listen_socket_84.h
- CWE90_LDAP_Injection__w32_wchar_t_listen_socket_84_bad.cpp
- CWE90_LDAP_Injection__w32_wchar_t_listen_socket_84_goodG2B.cpp
- CWE90_LDAP_Injection__w32_wchar_t_listen_socket_84a.cpp
- io.c
- std_testcase.h
- std_testcase_io.h
File Contains:
CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') on line(s): 154
CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') on line(s): 154