IARPA STONESOUP Phase 3 - Test Cases Test suite #102
DownloadDescription
A collection of C and Java test cases based on 16 widely-used open-source software in which vulnerabilities have been seeded. It comes bundled in a virtual machine for ease of use. This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Displaying test cases 6201 - 6225 of 7770 in total
-
This test takes in a value from a taint source. The value is truncated to an integer, and then used to generate a random number within a range. If the converted integer value is negative, SecureRandom.nextInt(value) will throw a RuntimeException. Metadata - Base program: Apache POI - Source...
-
This test takes in a value passed as an argument This value is originally signed, but is converted to unsigned when stored in a char. This value is then used to index an allocated array with a signed value. Metadata - Base program: Apache JMeter - Source Taint: SOCKET - Data Type: SIMPLE -...
-
This test takes in a value from an argument and uses it as a array accessor resulting in an ArrayIndexOutOfBounds exception. Metadata -Base program: Elastic Search - Source Taint: SOCKET - Data Type: simple - Data Flow: address_as_function_return_value - Control Flow: indirectly_recursive
-
This test takes in a value from an argument and uses it as a array accessor resulting in an ArrayIndexOutOfBounds exception. Metadata - Base program: Elastic Search - Source Taint: ENVIRONMENT_VARIABLE - Data Type: VOID_POINTER - Data Flow: JAVA_GENERICS - Control Flow: INFINITE_LOOP
-
This test takes in a value from an argument and uses it as a array accessor resulting in an ArrayIndexOutOfBounds exception. Metadata - Base program: Apache Lenya - Source Taint: SOCKET - Data Type: ARRAY - Data Flow: BASIC - Control Flow: SEQUENCE
-
This test takes in a value from a taint source, which is then used to allocate an array. This value is positive when stored in a byte, but if the value is between 128 and 255, becomes negative if stored in a byte. When this negative value is stored in a larger container (an int) it becomes a ...
-
This test takes in a value from a taint source. Math is performed on the value such that, if the value is 32767 or 32766, the resultant value 'wraps around', and becomes negative. This results in an infinite loop. Metadata - Base program: Apache Jena - Source Taint: SOCKET - Data Type: VOID...
-
This test takes in a value from a taint source, and creates a string array based on the value. Math is performed on the value such that, if the value is 32749 or greater, the resultant value underflows and becomes positive. This results in an infinite loop. Metadata - Base program: Apache Lu...
-
This test takes in a value from a taint source, and creates a string array based on the value. Math is performed on the value such that, if the value is greater than 500, the resultant value 'wraps around', and becomes negative. This results in an exception being thrown, due to the invalid a...
-
This test takes in a value passed as an argument This value is originally signed, but is converted to unsigned when stored in a char. This value is then used to index an allocated array with a signed value. Metadata - Base program: Apache Lucene - Source Taint: FILE_CONTENTS - Data Type: SI...
-
This test takes in a value from a taint source, and creates a string array based on the value. Math is performed on the value such that, if the value is 32749 or greater, the resultant value underflows and becomes positive. This results in an infinite loop. Metadata - Base program: Apache PO...
-
This test takes in a value from a taint source, which is then used to allocate an array. This value is positive when stored in a byte, but if the value is between 128 and 255, becomes negative if stored in a byte. When this negative value is stored in a larger container (an int) it becomes a ...
-
This test takes in a char value from a taint source. The value is cast to a byte causing an unsigned to signed conversion. This value is then used to allocate an array. If the original char is >127 this will lead to a negative index for the array causing a NegativeArraySizeException. Metadata - ...
-
This test takes in a value passed in as an argument and uses it to compute a divisor which is later used in a modulus operation. Metadata - Base program: Elastic Search - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE - Control Flow: INTERCLASS_2
-
This test takes a string, gets the first character, and uses a recursive method to look for the index of the second occurrence of that character. If the character does not appear a second time, it will recurse indefinitely. Metadata - Base program: Coffee MUD - Source Taint: SOCKET - Data Type...
-
This test takes a number and attempts to determine whether it is prime by dividing it by each number less than it. For large enough prime integers, this calculation takes an excessive amount of time. Metadata - Base program: Elastic Search - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - D...
-
This test takes a string, gets the first character, and uses a recursive method to look for the index of the second occurrence of that character. If the character does not appear a second time, it will recurse indefinitely. Metadata - Base program: Apache Jena - Source Taint: SOCKET - Data Typ...
-
This test takes in an integer n. The integer represents the number of buffers to allocate. For a large n an OutOfMemoryError will be generated. This error is caught and the program will continually try to request memory Metadata - Base program: Apache POI - Source Taint: SOCKET - Data Type: VO...
-
This test takes in an integer n. It creates n temporary files, and fills them with data. It then attempts to clean up, deleting the last 50 of the temporary files, leaving any files created before those in the temp directory. Metadata - Base program: Elastic Search - Source Taint: ENVIRONMENT_V...
-
This test takes in an integer n. It creates n temporary files, and fills them with data. It then attempts to clean up, deleting the last 50 of the temporary files, leaving any files created before those in the temp directory. Metadata - Base program: Apache Lenya - Source Taint: FILE_CONTENTS ...
-
This test takes in integer n. The program attempts to open n files. If n is large enough the number of file handles will be exhausted, these files handlers are never closed, and stored in a global arraylist, causing the entire program to fail to open any files from that point on. Metadata - Base...
-
This test takes in integer n. The program attempts to open n files. If n is large enough the number of file handles will be exhausted, these files handlers are never closed, and stored in a global arraylist, causing the entire program to fail to open any files from that point on. Metadata - Base...
-
This test takes a string, gets the first character, and uses a recursive method to look for the index of the second occurrence of that character. If the character does not appear a second time, it will recurse indefinitely. Metadata - Base program: Apache JMeter - Source Taint: ENVIRONMENT_VARI...
-
This test takes a number from the user, and attempts to allocate, initialize, and print out an array of that size. If the number is too large, memory allocation will fail and the program will subsequently crash. Metadata - Base program: Apache Lucene - Source Taint: ENVIRONMENT_VARIABLE - Data...
-
This test takes in an integer n. It creates n temporary files, and fills them with data. It then attempts to clean up, deleting the last 50 of the temporary files, leaving any files created before those in the temp directory. Metadata - Base program: Apache POI - Source Taint: SOCKET - Data Ty...