SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #156354

Back to the previous page... Back to the previous page

Test Case IDCandidate156354
Bad / Good / MixedBadBad test case
AuthorIARPA STONESOUP Test and Evaluation team
Associations
Test suite: 102  
Application: 11  
Added byCharles Oliveira
LanguageJava
Type of test caseSource Code
Input string
Expected Output
Instructions
See src/build.xml and src/maven-build.xml.
Submission date2015-10-06
DescriptionUsing Hibernate to execute a dynamic SQL statement with
built-in user-controlled input can allow an attacker to modify the
statement's meaning or to execute arbitrary SQL commands.

Metadata
- Base program: Apache Jena
- Source Taint: SOCKET
- Data Type: ARRAY
- Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE
- Control Flow: INFINITE_LOOP
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-564: SQL Injection: Hibernate on line(s): 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613

					
				

					
				

					
				

					
				

					
				

					
				

					
				

					
				

					
				

Contact: :: Created: Jan. 2006 :: Updated: Nov. 2017 :: Version: 4.9