This is a CGI program which take some parameters values then print it. It shows it tries to avoid Cross-Site Scripting in C. This test case replace Test case 1793.

The test case shows a use of a allocated memory after freed.

The test cases implements CVE-2002-1869: Don't check if you can write a log file allow attackers to avoid logging. This test case replaces test case 1864

The test cases implements CVE-2002-1869: [em]Don\'t check if you can write a log file allow attackers to avoid logging.[/em]

The test case expose a leftover debug code. Basically developer can debug his code and get the root promotion for debugging...

This test case exposes an improper null termination which occurred when a argv contains tainted data.

The test case exposes an improper null termination in a string which is in a structure.

The test case exposes a password which is hard-coded in the source code, the password is stored in a C structure.

System() is called with user-provided data. PLOVER: CODE.EVAL

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 42 Data flow: data returned from one function to another in the same source file

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 114 Process Control BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 114 Process Control BadSource: fromFile Read input from a file GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 18 Control flow: goto statements

CWE: 114 Process Control BadSource: fromFile Read input from a file GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 114 Process Control BadSource: fromConsole Read input from the console GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 114 Process Control BadSource: fromConsole Read input from the console GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 18 Control flow: goto statements

CWE: 114 Process Control BadSource: fromConsole Read input from the console GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 114 Process Control BadSource: Environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files

CWE: 114 Process Control BadSource: Environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 13 Control flow: if(global_const_five==5) and if(global_const_five!=5)

CWE: 114 Process Control BadSource: Environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 10 Control flow: if(global_t) and if(global_f)

test submit.php 4

Infinite loop

Unprotected string copy, unlocked shared resource. PLOVER: BUFF.OVER, RACE

Unprotected string copy, unlocked shared resource. PLOVER: BUFF.OVER, RACE, NUM.OBO