SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #156492

Back to the previous page... Back to the previous page

Test Case IDCandidate156492
Bad / Good / MixedBadBad test case
AuthorIARPA STONESOUP Test and Evaluation team
Associations
Test suite: 102  
Application: 11  
Added byCharles Oliveira
LanguageJava
Type of test caseSource Code
Input string
Expected Output
Instructions
See src/build.xml and src/maven-build.xml.
Submission date2015-10-06
DescriptionUsing Hibernate to execute a dynamic SQL statement
with built-in user-controlled input can allow an attacker to
modify the statement's meaning or to execute arbitrary SQL commands.

Metadata
- Base program: Apache Jena
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: VOID_POINTER
- Data Flow: ADDRESS_AS_CONSTANT
- Control Flow: INFINITE_LOOP
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-564: SQL Injection: Hibernate on line(s): 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, 684, 685, 686, 687, 688, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700