C Test Suite for Source Code Analyzer - Secure v2 Test suite #101
DownloadDescription
This test suite replaces test suite 46 based on a collaboration with Alexander Hoole from University of Victoria, BC, Canada. The new test cases provided by these test suites contain the following improvements: removal of targeted weaknesses from 13 "GOOD" test cases in test suite 46, removal of extraneous weaknesses, replacement of test cases to align with the CWEs specified in NIST SP 500-268 v1.1, creation of additional test cases to provide consistent BAD/GOOD pairings, application of minor improvements to code, renaming of files and the addition of FLAW/FIX comments to assist automation, and insertion of improved metadata to assist researchers using SARD. Please refer to the test case metadata fields to view additional information for each test case. Note: Some test cases have been deprecated and replaced with fixed versions since this test suite has been initially published.
-
Initializing a variable to avoid using its unitialized value.
-
The test cases implements CVE-2002-1869: [em]Don\'t check if you can write a log file allow attackers to avoid logging.[/em]
-
An example to prevent heap overflow.
-
The test case shows a use of a allocated memory after freed.
-
Pointer is checked before use
-
This test case avoids the problem of NULL pointer dereference.
-
This is a CGI program which take some parameters values then print it. It avoids Cross-Site Scripting in C within a looping complexity.
-
This test case shows a block of memory freed once.
-
Attepmts to assign a character to a memory that has been freed.
-
The test case shows a use of a allocated memory after freed.
-
The test case shows protection against the use of an allocated memory after being freed with a string which is in a structure.
-
The test case shows protection against the use of an allocated memory after being freed.
-
This test case shows no double free weakness.
-
The test case exposes a race condition while writing the file.
-
The test case avoids a Time-of-Check-Time-of-Use (TOCTOU) race condition between checking file attributes and then opening and writing to the file using random calls to function pointers.
-
Format string problems occur when a user has the ability to control or write completely the format string used to format data in the printf style family of C/C++ functions (fixed).
-
Format string problems occur when a user has the ability to control or write completely the format string used to format data in the printf style family of C/C++ functions (fixed).
-
The test case avoids a use of an allocated memory after being freed with an extra allocation and free complexity.
-
The test case avoids a use of an allocated memory after being freed with an extra allocation and free complexity.
-
This test case shows an effort made to avoid OS command injection problem.
-
This test case shows an effort made to avoid OS command injection problem.
-
This test shows a null pointer is not dereferenced, in a local control flow.
-
The test cases exposes a null dereference.
-
This test case avoids the problem of NULL pointer dereference.
-
Try to dereference a NULL pointer