IARPA STONESOUP Phase 3 - Test Cases Test suite #102
DownloadDescription
A collection of C and Java test cases based on 16 widely-used open-source software in which vulnerabilities have been seeded. It comes bundled in a virtual machine for ease of use. This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Displaying test cases 6726 - 6750 of 7770 in total
-
This test takes in an integer n. The integer represents the number of buffers to allocate. For a large n an OutOfMemoryError will be generated. This error is caught and the program will continually try to request memory Metadata - Base program: Apache JMeter - Source Taint: FILE_CONTENTS - Dat...
-
This test takes in integer n. The program attempts to open n files. If n is large enough the number of file handles will be exhausted. Metadata - Base program: Apache POI - Source Taint: ENVIRONMENT_VARIABLE - Data Type: VOID_POINTER - Data Flow: INDEX_ALIAS_1 - Control Flow: BREAK_WITH_LABEL
-
This test takes a string, and reads through the string, printing out each character with ASCII value greater than 48. If it encounters a character with ASCII value less than 48, it will fail to increment the loop counter, and loop forever. Metadata - Base program: Elastic Search - Source Taint:...
-
This test takes a string, gets the first character, and uses a recursive method to look for the index of the second occurrence of that character. If the character does not appear a second time, it will recurse indefinitely. Metadata - Base program: Apache Jena - Source Taint: FILE_CONTENTS - D...
-
This test takes a number and attempts to determine whether it is prime by dividing it by each number less than it. For large enough prime integers, this calculation takes an excessive amount of time. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - Data Type: VOID_POINTER - Dat...
-
This test takes a number and attempts to determine whether it is prime by dividing it by each number less than it. For large enough prime integers, this calculation takes an excessive amount of time. Metadata - Base program: Apache POI - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data ...
-
This test takes a number as input and calculates it's factorial in 20 concurrent threads, without setting a limit on how large that number can be (as long as it's within Integer.MAX_VALUE). This can cause significant resource use when the input is large. Metadata - Base program: Apache Lenya - ...
-
This test takes a number from the user, and attempts to allocate, initialize, and print out an array of that size. If the number is too large, memory allocation will fail and the program will subsequently crash. Metadata - Base program: Coffee MUD - Source Taint: FILE_CONTENTS - Data Type: ARR...
-
This test takes in integer n. The program attempts to open n files. If n is large enough the number of file handles will be exhausted. Metadata - Base program: Coffee MUD - Source Taint: SOCKET - Data Type: SIMPLE - Data Flow: VAR_ARG_LIST - Control Flow: INTERRUPT
-
This test takes in integer n. The program attempts to open n files. If n is large enough the number of file handles will be exhausted, these files handlers are never closed, and stored in a global arraylist, causing the entire program to fail to open any files from that point on. Metadata - Base...
-
This test takes in integer n. The program attempts to open n files. If n is large enough the number of file handles will be exhausted, these files handlers are never closed, and stored in a global arraylist, causing the entire program to fail to open any files from that point on. Metadata - Base...
-
This test takes a number as input and calculates it's factorial in 20 concurrent threads, without setting a limit on how large that number can be (as long as it's within Integer.MAX_VALUE). This can cause significant resource use when the input is large. Metadata - Base program: Elastic Search ...
-
This test takes in an integer n. The integer represents the number of buffers to allocate. For a large n an OutOfMemoryError will be generated. This error is caught and the program will continually try to request memory Metadata -Base program: Coffee MUD - Source Taint: ENVIRONMENT_VARIABLE - Da...
-
This test takes a string, gets the first character, and uses a recursive method to look for the index of the second occurrence of that character. If the character does not appear a second time, it will recurse indefinitely. Metadata - Base program: Coffee MUD - Source Taint: SOCKET - Data Type...
-
This test takes a number from the user, and attempts to allocate, initialize, and print out an array of that size. If the number is too large, memory allocation will fail and the program will subsequently crash. Metadata - Base program: Apache Lenya - Source Taint: FILE_CONTENTS - Data Type: V...
-
This test takes in an integer n. The integer represents the number of buffers to allocate. For a large n an OutOfMemoryError will be generated. This error is caught and the program will continually try to request memory Metadata - Base program: Apache POI - Source Taint: FILE_CONTENTS - Data T...
-
This test takes in integer n. The program attempts to open n files. If n is large enough the number of file handles will be exhausted. Metadata - Base program: Apache Lenya - Source Taint: FILE_CONTENTS - Data Type: VOID_POINTER - Data Flow: INDEX_ALIAS_1 - Control Flow: BREAK_WITH_LABEL
-
This test takes a number from the user, and attempts to allocate, initialize, and print out an array of that size. If the number is too large, memory allocation will fail and the program will subsequently crash. Metadata - Base program: JTree - Source Taint: SOCKET - Data Type: SIMPLE - Data ...
-
This test takes in integer n. The program attempts to open n files. If n is large enough the number of file handles will be exhausted. Metadata - Base program: Apache Jena - Source Taint: SOCKET - Data Type: VOID_POINTER - Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE - Control Flow: INTERPROC...
-
This test takes in integer n. The program attempts to open n files. If n is large enough the number of file handles will be exhausted. Metadata - Base program: Apache POI - Source Taint: FILE_CONTENTS - Data Type: ARRAY - Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE - Control Flow: INTERCLASS_50
-
This test takes a string, and reads through the string, printing out each character with ASCII value greater than 48. If it encounters a character with ASCII value less than 48, it will fail to increment the loop counter, and loop forever. Metadata - Base program: Apache Lenya - Source Taint: E...
-
This test creates a connection to the MySQL database, and creates a query string based on data in an array passed by arguments. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Met...
-
Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata -Base program: Coffee MUD - Source Taint: ENVIRONMENT_VARIABLE - Data Type: array - Data Flow: index_alias...
-
This test creates a connection to the MySQL database, and creates a query string based on data in an array passed by arguments. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Met...
-
This test takes in data from an argument, that is intended to contain parameters for an 'find' command. The test does not perform checks on the parameters, however, and it is possible to include other, unexpected commands as part of the find parameter set. Metadata -Base program: Apache Lucene -...