SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security

Test Suites

Stand-alone Suites

Link Publication Date Title Version Description Contributor # of Cases
Download Nov. 2012 Stonesoup Phase 1 - Memory Corruption for C 1.0 This is a collection of test cases in the C language. It contains examples of memory corruption issues, including input triggering the vulnerability. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. IARPA 212
Download Nov. 2012 Stonesoup Phase 1 - Null Pointer Dereference for C 1.0 This is a collection of test cases in the C language. It contains examples of null pointer mishandling, including input triggering the vulnerability. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. IARPA 115
Download Nov. 2012 Stonesoup Phase 1 - Injection for Java 1.0 This is a collection of test cases in the Java language. It contains examples of various injection issues, including input triggering the vulnerability. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. IARPA 36
Download Nov. 2012 Stonesoup Phase 1 - Numeric Handling for Java 1.0 This is a collection of test cases in the Java language. It contains examples of numeric mishandling, including input triggering the vulnerability. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. IARPA 59
Download Nov. 2012 Stonesoup Phase 1 - Tainted Data for Java 1.0 This is a collection of test cases in the Java language. It contains examples of tainted data mishandling, including input triggering the vulnerability. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. IARPA 35

SARD Suites

Results: 20 Test Suites.


Test Suite ID Creation Date Title Description Contributor # of Cases
62006-06-23ABM 1.0.1 Fortify Software's Analyzer BenchMark v. 1.0.1Jeff Meister112
92006-07-11Test suite (2006/07/11 18:32:50) NoneRedge Bartholomew5
172006-08-09CANDIDATE Source Code Analysis Tool Functional Specification Test Suite This test suite contains all test cases that can be used to test a general purpose, production source code analysis tool implementation against the SAMATE Source Code Analysis Tool Functional Specification.SAMATE Team Staff34
272006-10-18MS NoneEric D.25
312006-10-24Web Applications in PHP The PHP Test casesRomain Gaucher15
452007-01-24C Test Suite for Source Code Analyzer - weakness This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-1 through SCAN-RM-5 specified in "Source Code Security Analysis Tool Functional Specification"Michael Koo77
462007-02-05C Test Suite for Source Code Analyzer - false positive This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-6 specified in "Source Code Security Analysis Tool Functional Specification"Michael Koo73
472007-02-05C Test Suite for Source Code Analyzer - weakness suppresion This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RO-2 specified in "Source Code Security Analysis Tool Functional Specification"Michael Koo21
572007-12-06C++ Test Suite for Source Code Analyzer - weakness This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-1 through SCAN-RM-5 specified in "Source Code Security Analysis Tool Functional Specification"Michael Koo41
582007-12-06C++ Test Suite for Source Code Analyzer - false positive This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-6 specified in "Source Code Security Analysis Tool Functional Specification"Michael Koo39
592007-12-06C++ Test Suite for Source Code Analyzer - weakness suppresion This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RO-2 specified in "Source Code Security Analysis Tool Functional Specification"Michael Koo14
622008-10-02Defence R&D Canada 25 C++ test cases (plus a main including all of them) created in 2006 by Frederic Michaud and Frederic Painchaud, Defence Research & Development Canada, http://www.drdc-rddc.gc.ca/SAMATE Team Staff26
632010-02-04Java Test Suite for Source Code Analyzer - weakness This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-1 through SCAN-RM-5 specified in "Source Code Security Analysis Tool Functional Specification"Michael Koo27
642010-02-04Java Test Suite for Source Code Analyzer - false positive This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-6 specified in "Source Code Security Analysis Tool Functional Specification"Michael Koo27
652010-02-04Java Test Suite for Source Code Analyzer - weakness suppresion This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RO-2 specified in "Source Code Security Analysis Tool Functional Specification"Michael Koo10
682011-04-08Juliet Test Suite for C/C++ (v1.0 - Deprecated) This is a collection of test cases in the C/C++ language. It contains examples for 116 different CWEs. NOTE: This package contains only individual test cases. We recommend to download the full test suite at the top of the "Test Suite" page.SAMATE Team Staff45309
692011-04-08Juliet Test Suite for Java (v1.0 - Deprecated) This is a collection of test cases in the Java language. It contains examples for 106 different CWEs. NOTE: This package contains only individual test cases. We recommend to download the full test suite at the top of the "Test Suite" page.SAMATE Team Staff14184
812013-02-08Basic CWE Effectiveness, CWE-121: Stack-based Buffer Overflow, for C. These allow a prospective user to understand that a capability is effective in locating CWE-121: Stack-based Buffer Overflow in the most basic situations in C code.Michael Koo5
862013-05-15Juliet Test Suite for C/C++ (v1.2) This is a collection of test cases in the C/C++ language. It contains examples for 118 different CWEs. NOTE: This package contains only individual test cases. We recommend to download the full test suite at the top of the "Test Suite" page.SAMATE Team Staff61387
872013-05-15Juliet Test Suite for Java (v1.2) This is a collection of test cases in the Java language. It contains examples for 112 different CWEs. NOTE: This package contains only individual test cases. We recommend to download the full test suite at the top of the "Test Suite" page.SAMATE Team Staff25477


Archives

Link Publication Date Title Version Description Contributor # of Cases
Download May. 2013 Juliet Test Suite for C/C++ 1.2 This is a collection of test cases in the C/C++ language. It contains examples for 118 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. NSA Center for Assured Software 61,387
Download May. 2013 Juliet Test Suite for Java 1.2 This is a collection of test cases in the Java language. It contains examples for 112 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. NSA Center for Assured Software 25,477
Download Sep. 2012 Juliet Test Suite for Java 1.1.1 This is a collection of test cases in the Java language. It contains examples for 113 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.

v1.1.1 supersedes v1.1. It added methods needed for building test cases after adding/removing test cases. Does not affect using test cases as is.

NSA Center for Assured Software 23,957
Download Jul. 2012 Juliet Test Suite for C/C++ 1.1 This is a collection of test cases in the C/C++ language. It contains examples for 119 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. NSA Center for Assured Software 57,099
Download Dec. 2010 Juliet Test Suite for C/C++ 1.0 This is a collection of test cases in the C/C++ language. It contains examples for 116 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. NSA Center for Assured Software 45,324
Download Dec. 2010 Juliet Test Suite for Java 1.0 This is a collection of test cases in the Java language. It contains examples for 106 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. NSA Center for Assured Software 13,801