SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #248722

Back to the previous page... Back to the previous page

Test Case IDAccepted248722
Bad / Good / MixedMixedMixed test case
AuthorNSA/Center for Assured Software
Associations
Replacing: 122742  
Test suite: 108  
Added byCharles Oliveira
LanguageC++
Type of test caseSource Code
Input string
Expected Output
Instructions
Submission date2017-10-06
DescriptionCWE: 78 OS Command Injection
BadSource: listen_socket Read data using a listen socket (server side)
GoodSource: Fixed string
Sinks: w32_spawnvp
BadSink : execute command with wspawnvp
Flow Variant: 84 Data flow: data passed to class constructor and destructor by declaring the class object on the heap and deleting it after use
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-078: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') on line(s): 137