IARPA STONESOUP Phase 3 - Test Cases Test suite #102
DownloadDescription
A collection of C and Java test cases based on 16 widely-used open-source software in which vulnerabilities have been seeded. It comes bundled in a virtual machine for ease of use. This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Displaying test cases 676 - 700 of 7770 in total
-
This test case reads the taint source. If it contains a non-alphanumeric value, the source taint buffer is set to NULL. Subsequently, strcpy is called with the source taint buffer as this source. This causes a null pointer dereference. Metadata - Base program: OpenSSL - Source Taint: SOCKET - ...
-
This test case reads a space-delimited string from the taint source. The first element in the string is the number of elements following it. The test cases reads in the following elements and outputs them. If there are fewer elements than expected, a segmentation fault occurs. Metadata - Base p...
-
This test case reads the taint source. If it contains a non-alphanumeric value, the source taint buffer is set to NULL. Subsequently, strcpy is called with the source taint buffer as this source. This causes a null pointer dereference. Metadata - Base program: Gimp - Source Taint: ENVIRONMENT_V...
-
This test case reads the taint source. If the length of the taint source is 63 bytes or less, it allocates a buffer to copy the taint source into. It then copies the taint source into the buffer, regardless of whether it actually allocated any memory or not. If it did not allocate memory, the buf...
-
This test case looks for the substring 'aba' within the taint source. If it finds the substring, it sets a pointer called stonesoup_second_buff to the beginning of the 'aba' substring, and the weakness continues without incident. If it does not find the substring, stonesoup_second_buff retains it...
-
This test case reads the taint source. If it contains a non-alphanumeric value, the source taint buffer is set to NULL. Subsequently, strcpy is called with the source taint buffer as this source. This causes a null pointer dereference. Metadata - Base program: Gimp - Source Taint: SHARED_MEMORY...
-
This test case reads entries from a comma-separated-value file. It expects to read 3 strings from a file in the format: double quote, up to 79 characters, double quote, comma; double quote, up to 79 characters, double quote, comma; and double quote, up to 79 characters, double quote. The test cas...
-
This test case reads entries from a comma-separated-value file. It expects to read 3 strings from a file in the format: double quote, up to 79 characters, double quote, comma; double quote, up to 79 characters, double quote, comma; and double quote, up to 79 characters, double quote. The test cas...
-
This test case reads the taint source. If it contains a non-alphanumeric value, the source taint buffer is set to NULL. Subsequently, strcpy is called with the source taint buffer as this source. This causes a null pointer dereference. Metadata - Base program: PostgreSQL - Source Taint: FILE_CO...
-
This test case looks for the substring 'aba' within the taint source. If it finds the substring, it sets a pointer called stonesoup_second_buff to the beginning of the 'aba' substring, and the weakness continues without incident. If it does not find the substring, stonesoup_second_buff retains it...
-
This test case reads the taint source, and converts it to an integer, then an unsigned int. It uses a wrapped malloc to allocate a buffer of the size specified by the taint source. If the size is greater than 512, the wrapped malloc returns NULL. The program attempts to use the buffer, and if the...
-
This test case looks for the substring 'aba' within the taint source. If it finds the substring, it sets a pointer called stonesoup_second_buff to the beginning of the 'aba' substring, and the weakness continues without incident. If it does not find the substring, stonesoup_second_buff retains it...
-
This test case reads the taint source. If the length of the taint source is 63 bytes or less, it allocates a buffer to copy the taint source into. It then copies the taint source into the buffer, regardless of whether it actually allocated any memory or not. If it did not allocate memory, the buf...
-
This test case reads a space-delimited string from the taint source. The first element in the string is the number of elements following it. The test cases reads in the following elements and outputs them. If there are fewer elements than expected, a segmentation fault occurs. Metadata - Base p...
-
This test case looks for the substring 'aba' within the taint source. If it finds the substring, it sets a pointer called stonesoup_second_buff to the beginning of the 'aba' substring, and the weakness continues without incident. If it does not find the substring, stonesoup_second_buff retains it...
-
This test case reads a space-delimited string from the taint source. The first element in the string is the number of elements following it. The test cases reads in the following elements and outputs them. If there are fewer elements than expected, a segmentation fault occurs. Metadata - Base p...
-
This test case reads the taint source. If it contains a non-alphanumeric value, the source taint buffer is set to NULL. Subsequently, strcpy is called with the source taint buffer as this source. This causes a null pointer dereference. Metadata - Base program: FFmpeg - Source Taint: FILE_CONTEN...
-
This test case looks for the substring 'aba' within the taint source. If it finds the substring, it sets a pointer called stonesoup_second_buff to the beginning of the 'aba' substring, and the weakness continues without incident. If it does not find the substring, stonesoup_second_buff retains it...
-
This test case implements a single signal handler that is associated with two signals. The test case takes the names of two control files and an input string. The control files are used for timing within the test case to ensure that the test case follows an exploiting or benign execution path, an...
-
This test case implements two threads that each use a separate mutex lock object while accessing a shared resource. The test case takes a control integer, the names of two control files, and an input string. The control integer and the two control files are used for timing within the test case to...
-
This test case implements a singleton struct without synchronization that can lead to two threads receiving separate instances of the singleton struct resulting in a deadlocked state. It takes a control integer, the names of two control files, and another integer as input. The control integer and...
-
This test case implements a time of check time of use vulnerability that allows a DOS due to the input file being deleted before opening. The test case takes in a control file and an input file. The input file is checked to see if it is in the current working directory and exists. If both of thes...
-
This test case implements a singleton struct without synchronization that can lead to two threads receiving separate instances of the singleton struct resulting in a deadlocked state. It takes a control integer, the names of two control files, and another integer as input. The control integer and...
-
This test case implements a singleton struct without synchronization that can lead to two threads receiving separate instances of the singleton struct resulting in a deadlocked state. It takes a control integer, the names of two control files, and another integer as input. The control integer and...
-
This test case implements two threads that do not use synchronization while accessing a shared resource. The test case takes a control integer, the names of two control files, and an input string. The control integer and the two control files are used for timing within the test case to ensure tha...