The SAMATE Project

Department of Homeland Security

Test Suites

Stand-alone Suites

Link	Publication Date	Title	Version	Description	Contributor	# of Cases
Download	May, 2013	Juliet Test Suite for C/C++	1.2	This is a collection of test cases in the C/C++ language. It contains examples for 118 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.	NSA Center for Assured Software	61,387
Download	May, 2013	Juliet Test Suite for Java	1.2	This is a collection of test cases in the Java language. It contains examples for 112 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.	NSA Center for Assured Software	25,477
Download	Nov. 2012	Stonesoup Phase 1 - Memory Corruption for C	1.0	This is a collection of test cases in the C language. It contains examples of memory corruption issues, including input triggering the vulnerability. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.	MITRE	212
Download	Nov. 2012	Stonesoup Phase 1 - Null Pointer Dereference for C	1.0	This is a collection of test cases in the C language. It contains examples of null pointer mishandling, including input triggering the vulnerability. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.	MITRE	115
Download	Nov. 2012	Stonesoup Phase 1 - Injection for Java	1.0	This is a collection of test cases in the Java language. It contains examples of various injection issues, including input triggering the vulnerability. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.	MITRE	36
Download	Nov. 2012	Stonesoup Phase 1 - Numeric Handling for Java	1.0	This is a collection of test cases in the Java language. It contains examples of numeric mishandling, including input triggering the vulnerability. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.	MITRE	59
Download	Nov. 2012	Stonesoup Phase 1 - Tainted Data for Java	1.0	This is a collection of test cases in the Java language. It contains examples of tainted data mishandling, including input triggering the vulnerability. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.	MITRE	35

SRD Suites

Results: 18 Test Suites.

Test Suite ID	Creation Date	Title	Description	Contributor	# of Cases
6	2006-06-23	ABM 1.0.1	Fortify Software's Analyzer BenchMark v. 1.0.1	Jeff Meister	112
9	2006-07-11	Test suite (2006/07/11 18:32:50)	None	Redge Bartholomew	5
17	2006-08-09	CANDIDATE Source Code Analysis Tool Functional Specification Test Suite	This test suite contains all test cases that can be used to test a general purpose, production source code analysis tool implementation against the SAMATE Source Code Analysis Tool Functional Specification.	SAMATE Team Staff	34
27	2006-10-18	MS	None	Eric D.	25
31	2006-10-24	Web Applications in PHP	The PHP Test cases	Romain Gaucher	15
45	2007-01-24	C Test Suite for Source Code Analyzer - weakness	This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-1 through SCAN-RM-5 specified in "Source Code Security Analysis Tool Functional Specification"	Michael Koo	77
46	2007-02-05	C Test Suite for Source Code Analyzer - false positive	This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-6 specified in "Source Code Security Analysis Tool Functional Specification"	Michael Koo	73
47	2007-02-05	C Test Suite for Source Code Analyzer - weakness suppresion	This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RO-2 specified in "Source Code Security Analysis Tool Functional Specification"	Michael Koo	21
57	2007-12-06	C++ Test Suite for Source Code Analyzer - weakness	This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-1 through SCAN-RM-5 specified in "Source Code Security Analysis Tool Functional Specification"	Michael Koo	41
58	2007-12-06	C++ Test Suite for Source Code Analyzer - false positive	This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-6 specified in "Source Code Security Analysis Tool Functional Specification"	Michael Koo	39
59	2007-12-06	C++ Test Suite for Source Code Analyzer - weakness suppresion	This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RO-2 specified in "Source Code Security Analysis Tool Functional Specification"	Michael Koo	14
62	2008-10-02	Defence R&D Canada	25 C++ test cases (plus a main including all of them) created in 2006 by Frederic Michaud and Frederic Painchaud, Defence Research & Development Canada, http://www.drdc-rddc.gc.ca/	SAMATE Team Staff	26
63	2010-02-04	Java Test Suite for Source Code Analyzer - weakness	This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-1 through SCAN-RM-5 specified in "Source Code Security Analysis Tool Functional Specification"	Michael Koo	27
64	2010-02-04	Java Test Suite for Source Code Analyzer - false positive	This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-6 specified in "Source Code Security Analysis Tool Functional Specification"	Michael Koo	27
65	2010-02-04	Java Test Suite for Source Code Analyzer - weakness suppresion	This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RO-2 specified in "Source Code Security Analysis Tool Functional Specification"	Michael Koo	10
68	2011-04-08	Juliet Test Suite for C/C++ (v1.0 - Deprecated)	This is a collection of test cases in the C/C++ language. It contains examples for 116 different CWEs. NOTE: This package contains only individual test cases. We recommend to download the full test suite at the top of the "Test Suite" page.	SAMATE Team Staff	45309
69	2011-04-08	Juliet Test Suite for Java (v1.0 - Deprecated)	This is a collection of test cases in the Java language. It contains examples for 106 different CWEs. NOTE: This package contains only individual test cases. We recommend to download the full test suite at the top of the "Test Suite" page.	SAMATE Team Staff	14184
81	2013-02-08	Basic CWE Effectiveness, CWE-121: Stack-based Buffer Overflow, for C.	These allow a prospective user to understand that a capability is effective in locating CWE-121: Stack-based Buffer Overflow in the most basic situations in C code.	Michael Koo	5

Archives

Link	Publication Date	Title	Version	Description	Contributor	# of Cases
Download	Dec. 2010	Juliet Test Suite for C/C++	1.0	This is a collection of test cases in the C/C++ language. It contains examples for 116 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.	NSA Center for Assured Software	45,324
Download	Dec. 2010	Juliet Test Suite for Java	1.0	This is a collection of test cases in the Java language. It contains examples for 106 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.	NSA Center for Assured Software	13,801
Download	Jul. 2012	Juliet Test Suite for C/C++	1.1	This is a collection of test cases in the C/C++ language. It contains examples for 119 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.	NSA Center for Assured Software	57,099
Download	Sep. 2012	Juliet Test Suite for Java	1.1.1	This is a collection of test cases in the Java language. It contains examples for 113 different CWEs. This software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic. v1.1.1 supersedes v1.1. It added methods needed for building test cases after adding/removing test cases. Does not affect using test cases as is.	NSA Center for Assured Software	23,957