SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #248721

Back to the previous page... Back to the previous page

Test Case IDAccepted248721
Bad / Good / MixedMixedMixed test case
AuthorNSA/Center for Assured Software
Associations
Replacing: 122741  
Test suite: 108  
Added byCharles Oliveira
LanguageC++
Type of test caseSource Code
Input string
Expected Output
Instructions
Submission date2017-10-06
DescriptionCWE: 78 OS Command Injection
BadSource: listen_socket Read data using a listen socket (server side)
GoodSource: Fixed string
Sinks: w32_spawnvp
BadSink : execute command with wspawnvp
Flow Variant: 83 Data flow: data passed to class constructor and destructor by declaring the class object on the stack
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-078: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') on line(s): 137