IARPA STONESOUP Phase 3 - Test Cases Test suite #102
DownloadDescription
A collection of C and Java test cases based on 16 widely-used open-source software in which vulnerabilities have been seeded. It comes bundled in a virtual machine for ease of use. This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Displaying test cases 5101 - 5125 of 7770 in total
-
This test attempts to insert a new record into a MySQL database. In the event of a SQLException during execution of the insert command, diagnostic information about the database connection and SQL statement will be dumped to the output stream. Metadata - Base program: Apache Lucene - Source ...
-
This test gets the index of the character . in the input string. It then uses that index to get a substring beginning with . If . does not occur in the string, the index will be -1, and then the substring operation will fail with an IndexOutOfBounds exception. Metadata - Base program: Coffee ...
-
This test gets the index of the character . in the input string. It then uses that index to get a substring beginning with . If . does not occur in the string, the index will be -1, and then the substring operation will fail with an IndexOutOfBounds exception. Metadata - Base program: Elastic...
-
This test takes a filename and attemps to read and output to the screen. If the file does not exist, it swallows the FileNotFoundException, and subsequently dies on a NullPointerException. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - Data Type: VOID_POINTER - Data Flow: I...
-
This test takes user input for the size of an array to be allocated. If the array fails to allocate, an exception is caught, but no action is taken resulting in a subsequent exception. Metadata - Base program: Apache POI - Source Taint: ENVIRONMENT_VARIABLE - Data Type: ARRAY - Data Flow: B...
-
This test case takes a value and attempts to convert it to upper case. If the value contains anything other than a-zA-Z, then an exception is thrown, but not caught. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - Data Type: ARRAY - Data Flow: INDEX_ALIAS_1 - Control Flow: ...
-
This test case takes a value and attempts to convert it to upper case. If the value contains anything other than a-zA-Z, then an exception is thrown, but not caught. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: RECURSIVE
-
This test takes a filename and attemps to read and output to the screen. If the file does not exist, it swallows the FileNotFoundException, and subsequently dies on a NullPointerException. Metadata - Base program: Apache Lucene - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: ...
-
This test reads data from a sensitive file without checking the return value, and then repeats the operation on a non-sensitive file, then printing the second file. Technical Impact is information leakage. Metadata - Base program: Apache Lucene - Source Taint: FILE_CONTENTS - Data Type: SIMP...
-
This test gets the index of the character . in the input string. It then uses that index to get a substring beginning with . If . does not occur in the string, the index will be -1, and then the substring operation will fail with an IndexOutOfBounds exception. Metadata - Base program: Elastic...
-
This test takes input in the form of an integer and creates an array of that size. If the input is too large an exception is raised and the array is initialized to a default size without ever changing the size variable. This leads to an ArrayIndexoutOfBoundsException when the array is access...
-
This test attempts to insert a new record into a MySQL database. In the event of a SQLException during execution of the insert command, diagnostic information about the database connection and SQL statement will be dumped to the output stream. Metadata - Base program: Elastic Search - Source...
-
This test reads data from a sensitive file without checking the return value, and then repeats the operation on a non-sensitive file, then printing the second file. Technical Impact is information leakage. Metadata - Base program: Apache POI - Source Taint: FILE_CONTENTS - Data Type: SIMPLE ...
-
This test takes user input for the size of an array to be allocated. If the array fails to allocate, an exception is caught, but no action is taken resulting in a subsequent exception. Metadata - Base program: Coffee MUD - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: BASIC ...
-
This test takes a string. It locks a lock upon encountering the first a/A in the string, using one lock for lower case a and a different lock for upper case A. Upon encountering a second a/A in the string, it unlocks the lower case lock. If an A appears before an a, then the lock is unlocked with...
-
This weakness takes an integer and string as input (int string) where the integer is the size of the array to sort for timing and the string is the data that is acted upon. The weakness spawns two threads, both of which in turn call the function 'arrFunc' which is non-reentrant. 'arrFunc' uses a ...
-
This test takes an integer followed by a filename as input (int filename), and checks that the file exists, is in the current directory, and is not a symbolic link. However the weakness takes some time before opening the file allowing a time of check, time of use vulnerability. This vulnerability...
-
This test takes a filename that is used as a representation of an externally accessible and unrestricted mutex lock. The weakness will then attempt to grab this lock by checking for the files existence, and creating the file if it doesn't exist. If the file does exist, the weakness will hang unti...
-
This weakness takes an input of "<qsize> <string>" where qsize is the length of the array to generate and sort for timing and string is an arbitrary string to use as data to pass around. The weakness uses a double checked lock to initialize a shared static data class in an attempt to be efficient...
-
This test takes an integer followed by a filename as input (int filename), and checks that the file exists, is in the current directory, and is not a symbolic link. However the weakness takes some time before opening the file allowing a time of check, time of use vulnerability. This vulnerability...
-
This weakness takes in an integer and string "int string" where the integer is the size of the array to sort for timing and the string contains the value that is acted upon by the treads, stored in a global static variable. A divide by zero error occurs when the string starts with 'A' and the arr...
-
This test takes a string. It locks a lock upon encountering the first '1' in the string, then unlocks the lock each time it subsequently encounters an '1'. If there are three or more '1' characters in the string, this will cause multiple unlocks and an exception. Metadata - Base program: Apache ...
-
This weakness takes an integer, two file names, and an integer "int file1 file2 int" as an input. The first integer is the size of the array to sort for timing in benign cases without FIFO files as inputs. The two files are used for thread "scheduling", if they are FIFO files in the order "fifo1 ...
-
This weakness takes a string in the form: '<qsize> <data>' where qsize is the size of the array to sort (used to delay execution) and data is a string that is used for processing. The contents of this string are unimportant. Two threads are created, one of which fails to check for a mutex lock le...
-
This test takes a filename that is used as a representation of an externally accessible and unrestricted mutex lock. The weakness will then attempt to grab this lock by checking for the files existence, and creating the file if it doesn't exist. If the file does exist, the weakness will hang unti...