SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #248705

Back to the previous page... Back to the previous page

Test Case IDAccepted248705
Bad / Good / MixedMixedMixed test case
AuthorNSA/Center for Assured Software
Associations
Replacing: 122725  
Test suite: 108  
Added byCharles Oliveira
LanguageC
Type of test caseSource Code
Input string
Expected Output
Instructions
Submission date2017-10-06
DescriptionCWE: 78 OS Command Injection
BadSource: listen_socket Read data using a listen socket (server side)
GoodSource: Fixed string
Sink: w32_spawnvp
BadSink : execute command with wspawnvp
Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three different source files
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-078: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') on line(s): 69