SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #156456

Back to the previous page... Back to the previous page

Test Case IDCandidate156456
Bad / Good / MixedBadBad test case
AuthorIARPA STONESOUP Test and Evaluation team
Associations
Test suite: 102  
Application: 11  
Added byCharles Oliveira
LanguageJava
Type of test caseSource Code
Input string
Expected Output
Instructions
See src/build.xml and src/maven-build.xml.
Submission date2015-10-06
DescriptionUsing Hibernate to execute a dynamic SQL statement with
built-in user-controlled input can allow an attacker to modify the
statement's meaning or to execute arbitrary SQL commands.

Metadata
- Base program: Apache Jena
- Source Taint: FILE_CONTENTS
- Data Type: ARRAY
- Data Flow: BASIC
- Control Flow: INTERUPT_CONTINUE
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-564: SQL Injection: Hibernate on line(s): 681, 682, 683, 684, 685, 686, 687, 688, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733