IARPA STONESOUP Phase 3 - Test Cases Test suite #102
DownloadDescription
A collection of C and Java test cases based on 16 widely-used open-source software in which vulnerabilities have been seeded. It comes bundled in a virtual machine for ease of use. This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Displaying test cases 4576 - 4600 of 7770 in total
-
This test case implements an improper array index validation that can cause a function pointer to get overwritten leading to a segfault. The test case takes untrusted user input and uses it to calculate array indexes which then get modified. If the untrusted input contains certain ASCII character...
-
This test case implements an incorrectly checked write into a heap allocated buffer. The buffer is malloc()'d with a fixed size and pointed to by a local variable. Untrusted input is not properly sanitized or restricted before being copied into the buffer, from the last character to the first. Th...
-
This test case creates a struct on the stack that contains a function pointer and a char*. It examines the length of the taint source. If the length is not equal to 10, it sets the function pointer and char* within the struct to benign values. If the length is equal to 10, it does not set the fun...
-
This test case allocates a struct on the stack, with a 20-character buffer and a pointer following that buffer. It checks if the taint source is less than 20 characters. If so, it sets the 20-charcter buffer to all 0's then sets the pointer following the buffer to point to the beginning of the bu...
-
This test case creates a buffer on the stack of 1024 bytes and buffer on the heap of 64 bytes. It copies the taint source into the 1024-char buffer. It checks if the length of the taint source is less than the length of the 64-byte buffer. If it is, it uses strncpy to copy the taint source into t...
-
This test case implements an unchecked write into a buffer that is contained within stack-allocated struct. The struct contains a function pointer, a fixed-size buffer, and another function pointer. Untrusted input is not properly sanitized or restricted before being copied into the target buffer...
-
This test case implements an incorrect size check when reading from a buffer that can cause a buffer under read. The buffer is declared as a character buffer of size 64 on the heap. 64 bytes of input are copied into the buffer but the test case incorrectly uses the original size of the input stri...
-
This test case takes a value and attempts to convert it to upper case. If the value contains anything other than a-zA-Z, then an exception is thrown, but not caught. Metadata - Base program: Apache Lenya - Source Taint: SOCKET - Data Type: ARRAY - Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE...
-
This test attempts to insert a new record into a MySQL database. In the event of a SQLException during execution of the insert command, diagnostic information about the database connection and SQL statement will be dumped to the output stream. Metadata - Base program: Apache Lucene - Source ...
-
This test takes a filename and attemps to read and output to the screen. If the file does not exist, it swallows the FileNotFoundException, and subsequently dies on a NullPointerException. Metadata - Base program: Coffee MUD - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Fl...
-
This test takes a filename and attemps to read and output to the screen. If the file does not exist, it swallows the FileNotFoundException, and subsequently dies on a NullPointerException. Metadata - Base program: Apache Lenya - Source Taint: ENVIRONMENT_VARIABLE - Data Type: ARRAY - Data F...
-
This test takes a filename and attemps to read and output to the screen. If the file does not exist, it swallows the FileNotFoundException, and subsequently dies on a NullPointerException. Metadata - Base program: Apache Lenya - Source Taint: SOCKET - Data Type: ARRAY - Data Flow: JAVA_GENE...
-
This test reads data from a sensitive file without checking the return value, and then repeats the operation on a non-sensitive file, then printing the second file. Technical Impact is information leakage. Metadata - Base program: Coffee MUD - Source Taint: FILE_CONTENTS - Data Type: ARRAY ...
-
This test reads data from a sensitive file without checking the return value, and then repeats the operation on a non-sensitive file, then printing the second file. Technical Impact is information leakage. Metadata - Base program: Apache Lenya - Source Taint: SOCKET - Data Type: SIMPLE - Da...
-
This test case takes a value and attempts to convert it to upper case. If the value contains anything other than a-zA-Z, then an exception is thrown, but not caught. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - Data Type: ARRAY - Data Flow: BASIC - Control Flow: INTERRUPT
-
This test takes user input for the size of an array to be allocated. If the array fails to allocate, an exception is caught, but no action is taken resulting in a subsequent exception. Metadata - Base program: Elastic Search - Source Taint: ENVIRONMENT_VARIABLE - Data Type: VOID_POINTER - D...
-
This test gets the index of the character . in the input string. It then uses that index to get a substring beginning with . If . does not occur in the string, the index will be -1, and then the substring operation will fail with an IndexOutOfBounds exception. Metadata - Base program: Coffee ...
-
This test takes user input for the size of an array to be allocated. If the array fails to allocate, an exception is caught, but no action is taken resulting in a subsequent exception. Metadata - Base program: Apache POI - Source Taint: SOCKET - Data Type: VOID_POINTER - Data Flow: JAVA_GEN...
-
This test reads data from a sensitive file without checking the return value, and then repeats the operation on a non-sensitive file, then printing the second file. Technical Impact is information leakage. Metadata - Base program: Apache POI - Source Taint: FILE_CONTENTS - Data Type: SIMPLE ...
-
This test gets the index of the character . in the input string. It then uses that index to get a substring beginning with . If . does not occur in the string, the index will be -1, and then the substring operation will fail with an IndexOutOfBounds exception. Metadata - Base program: Apache ...
-
This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...
-
This test takes a filename and attemps to read and output to the screen. If the file does not exist, it swallows the FileNotFoundException, and subsequently dies on a NullPointerException. Metadata - Base program: Coffee MUD - Source Taint: SOCKET - Data Type: ARRAY - Data Flow: JAVA_GENERI...
-
This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...
-
This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...
-
CWE-584 Return Inside Finally This test takes the name of a file as input. It then attempts to get the absolute path of the file and open it for reading. Since GetAbsolutePath.getAbsolutePath has a return in a finally clause, any generated warnings are dropped, eventually leading to a null p...