The SAMATE Project

Department of Homeland Security

Back to the previous page

Test Case ID	47573
Bad / Good / Mixed	Mixed
Author
Associations	Test suite: 68
Added by	SAMATE Team Staff
Language	C
Type of test case	Source Code
Input string
Expected Output
Instructions
Submission date	2011-04-08
Description	CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Benign input Sink: w32spawnvp BadSink : execute command with wspawnvp Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fifth; all five functions are in different source files
File(s)	CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnvp_54b.c (2.29 kB) std_testcase.h (2.94 kB) CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnvp_54e.c (2.66 kB) CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnvp_54d.c (2.29 kB) CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnvp_54a.c (5.02 kB) io.c (2.51 kB) std_testcase_io.h (979 B) CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnvp_54c.c (2.29 kB)
Flaw	CWE-078: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') • 1

There is 1 comment

Have any comments on this test case? Please, .

CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnvp_54b.c
std_testcase.h
CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnvp_54e.c
CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnvp_54d.c
CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnvp_54a.c
io.c
std_testcase_io.h
CWE78_OS_Command_Injection__wchar_t_listen_socket_w32spawnvp_54c.c

File Contains:
CWE-078: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') on line(s): 65