National Institute of Standards and Technology
Package illustrating a test case

Test case 153879

Description

This weakness takes a value and converts it to upper case.
If it contains characters not a-zA-Z, then the function
used to covert to upper case will return null. After
converting the value to upper case it is compared to a static
password. This comparison will cause an error if the
value contained a number, punctuation, space, etc.
Metadata
- Base program: Apache Jena
- Source Taint: SOCKET
- Data Type: VOID_POINTER
- Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE
- Control Flow: FUNCTION_INVOCATION_OVERLOAD

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.