Back to the previous page

Test Case ID	148719
Bad / Good / Mixed	Mixed
Author
Associations	Test suite: 87 109
Added by	SAMATE Team Staff
Language	Java
Type of test case	Source Code
Input string
Expected Output
Instructions
Submission date	2013-05-22
Description	CWE: 90 LDAP Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 54 Data flow: data passed as an argument from one method through three others to a fifth; all five functions are in different classes in the same package
File(s)	servlet-api.jar (86.16 kB) AbstractTestCaseServlet.java (3.39 kB) AbstractTestCaseServletBase.java (3.5 kB) CWE90_LDAP_Injection__getParameter_Servlet_54a.java (2.12 kB) CWE90_LDAP_Injection__getParameter_Servlet_54b.java (1.25 kB) CWE90_LDAP_Injection__getParameter_Servlet_54c.java (1.25 kB) CWE90_LDAP_Injection__getParameter_Servlet_54d.java (1.25 kB) IO.java (3.34 kB) CWE90_LDAP_Injection__getParameter_Servlet_54e.java (5 kB)
Flaw	CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') • 1

There are no comments

Have any comments on this test case? Please, .

File Contains:
CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') on line(s): 31