SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #123326

Back to the previous page... Back to the previous page

Test Case IDAccepted123326
Bad / Good / MixedMixedMixed test case
AuthorNSA/Center for Assured Software
Associations
Test suite: 108  86  
Added byCharles Oliveira
LanguageC
Type of test caseSource Code
Input string
Expected Output
Instructions
Submission date2013-05-21
DescriptionCWE: 90 LDAP Injection
BadSource: listen_socket Read data using a listen socket (server side)
GoodSource: Use a fixed string
Sinks:
BadSink : data concatenated into LDAP search, which could result in LDAP Injection
Flow Variant: 84 Data flow: data passed to class constructor and destructor by declaring the class object on the heap and deleting it after use
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .


					
				

					
				
File Contains:
CWE-090: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') on line(s): 154