Downloads:
Back to the previous page
| Test Case ID |  156492 |
| Bad / Good / Mixed | Bad |
| Author | IARPA STONESOUP Test and Evaluation team |
| Associations | Test suite: 102 Application: 11 |
| Added by | Charles Oliveira |
| Language | Java |
| Type of test case | Source Code |
| Input string | |
| Expected Output | |
| Instructions | See src/build.xml and src/maven-build.xml. |
| Submission date | 2015-10-06 |
| Description | Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata - Base program: Apache Jena - Source Taint: ENVIRONMENT_VARIABLE - Data Type: VOID_POINTER - Data Flow: ADDRESS_AS_CONSTANT - Control Flow: INFINITE_LOOP |
| File(s) |
|
| Flaw |
There are no comments
Have any comments on this test case? Please,
.
- LexerPath.java
- J-C564A-JENA-10-ST01-DT03-DF05-CF03-01.xml
- northwind_create_northwind_odzwdeuizllgiibv.sql.zip
- service_mon.sh
- northwind_create_northwind_zqobjtalrlzlnqfb.sql.zip
- northwind_create_northwind_fhqnveoqwtdmofcy.sql.zip
- northwind_create_northwind_ddssbvfcauqtlgow.sql.zip
- northwind_create_northwind_ukebsfsfazjdafix.sql.zip
- runFifos.py
File Contains:
CWE-564: SQL Injection: Hibernate on line(s): 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, 684, 685, 686, 687, 688, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700
CWE-564: SQL Injection: Hibernate on line(s): 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, 684, 685, 686, 687, 688, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700