The SAMATE Project

Department of Homeland Security

Back to the previous page

Test Case ID	61667
Bad / Good / Mixed	Mixed
Author
Associations	Test suite: 69
Added by	SAMATE Team Staff
Language	Java
Type of test case	Source Code
Input string
Expected Output
Instructions
Submission date	2011-04-08
Description	CWE: 90 LDAP Injection BadSource: getCookiesServlet Read data from the first cookie GoodSource: A hardcoded string BadSink: unchecked data leads to LDAP injection Flow Variant: 68 Data flow: data passed as a member variable in the "a" class, which is used by a method in another class in the same package
File(s)	IO.java (2.59 kB) AbstractTestCaseServlet.java (4.38 kB) CWE90_LDAP_Injection__Servlet_getCookiesServlet_68a.java (2.67 kB) CWE90_LDAP_Injection__Servlet_getCookiesServlet_68b.java (3.42 kB)
Flaw	CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') • 1

There is 1 comment

Have any comments on this test case? Please, .

IO.java
AbstractTestCaseServlet.java
CWE90_LDAP_Injection__Servlet_getCookiesServlet_68a.java
CWE90_LDAP_Injection__Servlet_getCookiesServlet_68b.java

File Contains:
CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') on line(s): 43