Secure Coding mailing list archives
Insecure Java Code Snippets
From: coley at linus.mitre.org (Steven M. Christey)
Date: Wed, 6 May 2009 14:41:32 -0400 (EDT)
On Wed, 6 May 2009, Brad Andrews wrote:
Does anyone know of a source of insecure Java snippets? I would like to get some for a monthly meeting of leading technical people. My idea was to have a "find the bug" like the old C-Lint ads.
CWE has many snippets like this for various languages, but primarily C and Java: 1) Load the CWE full dictionary (CWE-2000): http://cwe.mitre.org/data/definitions/2000.html 2) Click the "Slice" link in the top right 3) Go get lunch while your browser loads (well it's 10 to 30 seconds but that's a lunch in Internet time) 4) Search for "Java Example:" 5) Tell cwe at mitre.org if you notice any errors or oddities I stopped counting at 50 snippets. If you speak XSLT, you can easily construct a query to pull out the Demonstrative_Example elements that look a little like: Demonstrative_Example//Example_Body//Block//Code_Example_Language = Java For a little less data, you can use the CWE Java view (CWE-660): http://cwe.mitre.org/data/definitions/660.html but this doesn't include language-independent issues like XSS and SQL injection. I'd love to hear from others who have repositories like this. - Steve
Current thread:
- Insecure Java Code Snippets Brad Andrews (May 06)
- Insecure Java Code Snippets Jim Manico (May 06)
- Insecure Java Code Snippets Brian Chess (May 06)
- Insecure Java Code Snippets Steven M. Christey (May 06)
- Insecure Java Code Snippets Goertzel, Karen [USA] (May 06)
- Insecure Java Code Snippets Brad Andrews (May 06)
- Insecure Java Code Snippets Ben Livshits (May 06)
- Message not available
- Insecure Java Code Snippets Brad Andrews (May 06)
- Insecure Java Code Snippets ljknews (May 07)
- Insecure Java Code Snippets Brad Andrews (May 07)
- Insecure Java Code Snippets ljknews (May 07)
- Message not available
- Insecure Java Code Snippets SC-L Reader Dave Aronson (May 08)
- Insecure Java Code Snippets ljknews (May 08)
- Insecure Java Code Snippets Wall, Kevin (May 10)
- Insecure Java Code Snippets Brad Andrews (May 06)