Downloads:
Back to the previous page
| Test Case ID |  156506 |
| Bad / Good / Mixed | Bad |
| Author | IARPA STONESOUP Test and Evaluation team |
| Associations | Test suite: 102 Application: 11 |
| Added by | Charles Oliveira |
| Language | Java |
| Type of test case | Source Code |
| Input string | |
| Expected Output | |
| Instructions | See src/build.xml and src/maven-build.xml. |
| Submission date | 2015-10-06 |
| Description | This test creates a connection to the PGSQL database, and creates a query string based on data in an environment variable. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Metadata - Base program: Apache Jena - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: JAVA_GENERICS - Control Flow: SEQUENCE |
| File(s) |
|
| Flaw |
There are no comments
Have any comments on this test case? Please,
.
- LexerHost.java
- northwind_create_northwindlower_bnolzoyxdymfzbcz.sql.zip
- J-C089B-JENA-03-ST02-DT02-DF18-CF20-01.xml
- northwind_create_northwindlower_zhntcsffyfjmlvqy.sql.zip
- northwind_create_northwindlower_eghmpeysghbyaxib.sql.zip
- northwind_create_northwindlower_lfloitkejjeoxegy.sql.zip
- northwind_create_northwindlower_kqsfewxfzeqeqzln.sql.zip
- runFifos.py
- northwind_create_northwindlower_brhaxnrrwdermwdh.sql.zip
File Contains:
CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') on line(s): 1334, 1335, 1336, 1337, 1338, 1339, 1340, 1341, 1342, 1343, 1344, 1345, 1346, 1347, 1348, 1349, 1350, 1351, 1352, 1353, 1354, 1355, 1356, 1357, 1358
CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') on line(s): 1334, 1335, 1336, 1337, 1338, 1339, 1340, 1341, 1342, 1343, 1344, 1345, 1346, 1347, 1348, 1349, 1350, 1351, 1352, 1353, 1354, 1355, 1356, 1357, 1358