Apache Lenya 2.0.4 Test suite #13
DownloadDescription
This test case takes a value and attempts to convert it to
upper case. If the value contains anything other than a-zA-Z,
then an exception is thrown, but not caught.
Metadata
- Base program: Apache Lenya
- Source Taint: SOCKET
- Data Type: ARRAY
- Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE
- Control Flow: INDIRECTLY_RECURSIVE
Displaying test cases 151 - 175 of 477 in total
-
A file name is provided to the application. This file is assumed to be a binary payload with at least 4 bytes of data. The first 4 bytes of data are an encoded 32-bit Integer. This value describes the length of the rest of the message. If the length is not eual to of less than the remainder of th...
-
This test takes a string. It locks a lock upon encountering the first a/A in the string, using one lock for lower case a and a different lock for upper case A. Upon encountering a second a/A in the string, it unlocks the lower case lock. If an A appears before an a, then the lock is unlocked with...
-
This test takes a string. It locks a lock upon encountering the first '1' in the string, then locks the lock each time it subsequently encouters another '1'. If there are three or more '1' characters in the string, this will cause multiple locks and an unexpected state (DOS). Metadata - Base pro...
-
This weakness takes an integer, two file names, and an integer "int file1 file2 int" as an input. The first integer is the size of the array to sort for timing in benign cases without FIFO files as inputs. The two files are used for thread "scheduling", if they are FIFO files in the order "fifo1 ...
-
This weakness takes a string in the form: '<qsize> <data>' where qsize is the size of the array to sort (used to delay execution) and data is a string that is used for processing. The contents of this string are unimportant. Two threads are created, one of which fails to check for a mutex lock le...
-
This weakness takes an input of "<qsize> <string>" where qsize is the length of the array to generate and sort for timing and string is an arbitrary string to use as data to pass around. The weakness uses a double checked lock to initialize a shared static data class in an attempt to be efficient...
-
This test takes an integer and filename as input (int filename), and checks that the file exists, and is in the current directory. However there is a time of check,time of use vulnerability after the file is checked but before it is opened allowing the file to be deleted before opening causing a ...
-
This test takes a string. It locks a lock upon encountering the first '1' in the string, then unlocks the lock each time it subsequently encounters an '1'. If there are three or more '1' characters in the string, this will cause multiple unlocks and an exception. Metadata - Base program: Apache ...
-
This test takes in a value passed as an argument This value is originally signed, but is converted to unsigned when stored in a char. This value is then used to index an allocated array with a signed value. Metadata - Base program: Apache Lenya - Source Taint: ENVIRONMENT_VARIABLE - Data Ty...
-
This test takes in a value from a taint source, which is then used to allocate an array. This value is positive when stored in a byte, but if the value is between 128 and 255, becomes negative if stored in a byte. When this negative value is stored in a larger container (an int) it becomes a ...
-
This test takes in a value from a taint source, and creates a string array based on the value. Math is performed on the value such that, if the value is greater than 500, the resultant value 'wraps around', and becomes negative. This results in an exception being thrown, due to the invalid a...
-
This test takes in a value from a taint source, and creates a string array based on the value. Math is performed on the value such that, if the value is greater than 500, the resultant value 'wraps around', and becomes negative. This results in an exception being thrown, due to the invalid a...
-
This test takes in a char value from a taint source. The value is cast to a byte causing an unsigned to signed conversion. This value is then used to allocate an array. If the original char is >127 this will lead to a negative index for the array causing a NegativeArraySizeException. Metadata - ...
-
This test takes in a value from a taint source. Math is performed on the value such that, if the value is 32767 or 32766, the resultant value 'wraps around', and becomes negative. This results in an infinite loop. Metadata - Base program: Apache Lenya - Source Taint: FILE_CONTENTS - Data Ty...
-
This test takes in a value from a taint source, and creates a string array based on the value. Math is performed on the value such that, if the value is 32749 or greater, the resultant value underflows and becomes positive. This results in an infinite loop. Metadata - Base program: Apache Le...
-
This test takes in a value from a taint source. Math is performed on the value such that, if the value is 32767 or 32766, the resultant value 'wraps around', and becomes negative. This results in an infinite loop. Metadata - Base program: Apache Lenya - Source Taint: FILE_CONTENTS - Data Ty...
-
This test takes in a value from an argument and uses it as a array accessor resulting in an ArrayIndexOutOfBounds exception. Metadata -Base program: Apache Lenya - Source Taint: SOCKET - Data Type: simple - Data Flow: index_alias_1 - Control Flow: interclass_10
-
This test takes in a value from a taint source, and creates a string array based on the value. Math is performed on the value such that, if the value is 32749 or greater, the resultant value underflows and becomes positive. This results in an infinite loop. Metadata - Base program: Apache Le...
-
This test takes in a value from a taint source. The value is truncated to an integer, and then used to generate a random number within a range. If the converted integer value is negative, SecureRandom.nextInt(value) will throw a RuntimeException. Metadata - Base program: Apache Lenya - Sour...
-
This test takes in a value from a taint source, which is then used to allocate an array. This value is positive when stored in a byte, but if the value is between 128 and 255, becomes negative if stored in a byte. When this negative value is stored in a larger container (an int) it becomes a ...
-
This test takes in a value passed in as an argument and uses it to compute a divisor which is later used in a modulus operation. Metadata - Base program: Apache Lenya - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: INFINITE_LOOP
-
This test takes in a char value from a taint source. The value is cast to a byte causing an unsigned to signed conversion. This value is then used to allocate an array. If the original char is >127 this will lead to a negative index for the array causing a NegativeArraySizeException. Metadata - ...
-
This test takes in a value from a taint source. The value is truncated to an integer, and then used to generate a random number within a range. If the converted integer value is negative, SecureRandom.nextInt(value) will throw a RuntimeException. Metadata - Base program: Apache Lenya - Sour...
-
This test takes in a value passed as an argument This value is originally signed, but is converted to unsigned when stored in a char. This value is then used to index an allocated array with a signed value. Metadata - Base program: Apache Lenya - Source Taint: SOCKET - Data Type: SIMPLE - ...
-
This test takes in a value passed in as an argument and uses it to compute a divisor which is later used in a modulus operation. Metadata - Base program: Apache Lenya - Source Taint: ENVIRONMENT_VARIABLE - Data Type: ARRAY - Data Flow: VAR_ARG_LIST - Control Flow: RECURSIVE