Apache Lucene 4.5.0 Test suite #14
DownloadDescription
Lucene is a Java full-text search engine. Lucene is not a complete application, but rather a code library and API that can easily be used to add search capabilities to applications.
This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page.NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Documentation
Displaying test cases 26 - 50 of 480 in total
-
This test takes user input for the size of an array to be allocated. If the array fails to allocate, an exception is caught, but no action is taken resulting in a subsequent exception. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - Data Type: VOID_POINTER - Data Flow: ADDRE...
-
This test gets the index of the character . in the input string. It then uses that index to get a substring beginning with . If . does not occur in the string, the index will be -1, and then the substring operation will fail with an IndexOutOfBounds exception. Metadata - Base program: Apache ...
-
This test case takes a value and attempts to convert it to upper case. If the value contains anything other than a-zA-Z, then an exception is thrown, but not caught. Metadata - Base program: Apache Lucene - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Flow: INDEX_ALIAS_1 -...
-
This test takes a filename and attemps to read and output to the screen. If the file does not exist, it swallows the FileNotFoundException, and subsequently dies on a NullPointerException. Metadata - Base program: Apache Lucene - Source Taint: ENVIRONMENT_VARIABLE - Data Type: ARRAY - Data ...
-
This test reads data from a sensitive file without checking the return value, and then repeats the operation on a non-sensitive file, then printing the second file. Technical Impact is information leakage. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - Data Type: VOID_POINTE...
-
This test takes user input for the size of an array to be allocated. If the array fails to allocate, an exception is caught, but no action is taken resulting in a subsequent exception. Metadata - Base program: Apache Lucene - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: VAR_...
-
CWE-584 Return Inside Finally This test takes the name of a file as input. It then attempts to get the absolute path of the file and open it for reading. Since GetAbsolutePath.getAbsolutePath has a return in a finally clause, any generated warnings are dropped, eventually leading to a null p...
-
This test takes input in the form of an integer and creates an array of that size. If the input is too large an exception is raised and the array is initialized to a default size without ever changing the size variable. This leads to an ArrayIndexoutOfBoundsException when the array is access...
-
This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...
-
CWE-584 Return Inside Finally This test takes the name of a file as input. It then attempts to get the absolute path of the file and open it for reading. Since GetAbsolutePath.getAbsolutePath has a return in a finally clause, any generated warnings are dropped, eventually leading to a null p...
-
CWE-584 Return Inside Finally This test takes the name of a file as input. It then attempts to get the absolute path of the file and open it for reading. Since GetAbsolutePath.getAbsolutePath has a return in a finally clause, any generated warnings are dropped, eventually leading to a null p...
-
This test takes user input for the size of an array to be allocated. If the array fails to allocate, an exception is caught, but no action is taken resulting in a subsequent exception. Metadata - Base program: Apache Lucene - Source Taint: ENVIRONMENT_VARIABLE - Data Type: VOID_POINTER - Da...
-
This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...
-
CWE-584 Return Inside Finally This test takes the name of a file as input. It then attempts to get the absolute path of the file and open it for reading. Since GetAbsolutePath.getAbsolutePath has a return in a finally clause, any generated warnings are dropped, eventually leading to a null p...
-
CWE-584 Return Inside Finally This test takes the name of a file as input. It then attempts to get the absolute path of the file and open it for reading. Since GetAbsolutePath.getAbsolutePath has a return in a finally clause, any generated warnings are dropped, eventually leading to a null p...
-
This test takes input in the form of an integer and creates an array of that size. If the input is too large an exception is raised and the array is initialized to a default size without ever changing the size variable. This leads to an ArrayIndexoutOfBoundsException when the array is access...
-
This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...
-
This test attempts to insert a new record into a MySQL database. In the event of a SQLException during execution of the insert command, diagnostic information about the database connection and SQL statement will be dumped to the output stream. Metadata - Base program: Apache Lucene - Source ...
-
This test attempts to insert a new record into a MySQL database. In the event of a SQLException during execution of the insert command, diagnostic information about the database connection and SQL statement will be dumped to the output stream. Metadata - Base program: Apache Lucene - Source ...
-
This test attempts to insert a new record into a MySQL database. In the event of a SQLException during execution of the insert command, diagnostic information about the database connection and SQL statement will be dumped to the output stream. Metadata - Base program: Apache Lucene - Source ...
-
CWE-584 Return Inside Finally This test takes the name of a file as input. It then attempts to get the absolute path of the file and open it for reading. Since GetAbsolutePath.getAbsolutePath has a return in a finally clause, any generated warnings are dropped, eventually leading to a null p...
-
This test reads data from a sensitive file without checking the return value, and then repeats the operation on a non-sensitive file, then printing the second file. Technical Impact is information leakage. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - Data Type: ARRAY - Da...
-
This test case takes a value and attempts to convert it to upper case. If the value contains anything other than a-zA-Z, then an exception is thrown, but not caught. Metadata - Base program: Apache Lucene - Source Taint: FILE_CONTENTS - Data Type: VOID_POINTER - Data Flow: ADDRESS_AS_FUNCTI...
-
This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...
-
This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...