Test case 156410

Type: source code
State: bad
Author: IARPA STONESOUP Test and Evaluation team
Status: candidate
Language: Java
Application: cpe:2.3:a:apache:poi:3.9:*:*:*:*:*:*:*
Submission Date: 06 Oct 2015

Description

Using Hibernate to execute a dynamic SQL statement with
built-in user-controlled input can allow an attacker to modify the
statement's meaning or to execute arbitrary SQL commands.
Metadata
- Base program: Apache POI
- Source Taint: SOCKET
- Data Type: VOID_POINTER
- Data Flow: JAVA_GENERICS
- Control Flow: BREAK_WITH_LABEL

Flaws

CWE-564 SQL Injection: Hibernate

Test Suites

Apache POI 3.9
IARPA STONESOUP Phase 3 - Test Cases

Documentation

Overview.pdf
Test Case Creation Guide.pdf
Weaknesses Documentation.pdf
TEXAS User Guide.pdf
Communication API Guide.pdf
System Design Document.pdf
Test and Evaluation Phase 3 Final Report.pdf
Test Generation Report
Kestrel Institute Report.pdf

Have any comments on this test case? Please, send us an email.