Downloads:
Back to the previous page
| Test Case ID |  248703 |
| Bad / Good / Mixed | Mixed |
| Author | NSA/Center for Assured Software |
| Associations | Replacing: 122723 Test suite: 108 |
| Added by | Charles Oliveira |
| Language | C |
| Type of test case | Source Code |
| Input string | |
| Expected Output | |
| Instructions | |
| Submission date | 2017-10-06 |
| Description | CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with wspawnvp Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the same source file |
| File(s) |
|
| Flaw |
There are no comments
Have any comments on this test case? Please,
.
- CWE78_OS_Command_Injection__wchar_t_listen_socket_w32_spawnvp_45.c
- io.c
- std_testcase.h
- std_testcase_io.h
File Contains:
CWE-078: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') on line(s): 71
CWE-078: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') on line(s): 71