Back to the previous page
Test Case ID | ![]() |
Bad / Good / Mixed | Bad![]() |
Author | IARPA STONESOUP Test and Evaluation team |
Associations | Test suite: 102 Application: 11 |
Added by | Charles Oliveira |
Language | Java |
Type of test case | Source Code |
Input string | |
Expected Output | |
Instructions | See src/build.xml and src/maven-build.xml. |
Submission date | 2015-10-06 |
Description | This test creates a connection to the PGSQL database, and creates a query string based on data in an environment variable. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Metadata - Base program: Apache Jena - Source Taint: FILE_CONTENTS - Data Type: ARRAY - Data Flow: JAVA_GENERICS - Control Flow: RECURSIVE |
File(s) |
|
Flaw |
There are no comments
Have any comments on this test case? Please,
.
- ResolvedRelativeIRI.java
- northwind_create_northwindlower_nikpvhtqyzbezyno.sql.zip
- northwind_create_northwindlower_vpefbmuxnflxeqpi.sql.zip
- service_mon.sh
- northwind_create_northwindlower_hukxfvcpchjtlfkq.sql.zip
- northwind_create_northwindlower_nrubviftjdjgqxqn.sql.zip
- runFifos.py
- northwind_create_northwindlower_fselvdsqnuxbzxwt.sql.zip
- northwind_create_northwindlower_ftbqagcfrvuuptzn.sql.zip
File Contains:
CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') on line(s): 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119
CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') on line(s): 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119