JTree Test suite #16
DownloadDescription
This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page.NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Documentation
Displaying test cases 51 - 75 of 160 in total
-
This weakness takes an integer, two file names, and an integer "int file1 file2 int" as an input. The first integer is the size of the array to sort for timing in benign cases without FIFO files as inputs. The two files are used for thread "scheduling", if they are FIFO files in the order "fifo1 ...
-
This test takes an integer followed by a filename as input (int filename), and checks that the file exists, is in the current directory, and is not a symbolic link. However the weakness takes some time before opening the file allowing a time of check, time of use vulnerability. This vulnerability...
-
This test takes a string. It locks a lock upon encountering the first '1' in the string, then unlocks the lock each time it subsequently encounters an '1'. If there are three or more '1' characters in the string, this will cause multiple unlocks and an exception. Metadata - Base program: JTree ...
-
This weakness takes in an integer and string "int string" where the integer is the size of the array to sort for timing and the string contains the value that is acted upon by the treads, passed as a global static class. A divide by zero error occurs when the string starts with 'A' and the array ...
-
Algorithmic variant: basic Root cause: none This test takes a string. It separates the string into a number to use for an array size to sort and a second string to share between threads. It then creates two threads and runs them both. The first thread calculates an increment amount that is used ...
-
Algorithmic variant: basic Root cause: none This test takes a string. If the first letter is a lower case letter, the main thread will get a lock guarding an integer, and count the number of lower-case letters into that integer. A second thread will get a lock guarding a second integer, and will...
-
This test takes a string. It locks a lock upon encountering the first a/A in the string, using one lock for lower case a and a different lock for upper case A. Upon encountering a second a/A in the string, it unlocks the lower case lock. If an A appears before an a, then the lock is unlocked with...
-
This test takes a string. It locks a lock upon encountering the first '1' in the string, then locks the lock each time it subsequently encouters another '1'. If there are three or more '1' characters in the string, this will cause multiple locks and an unexpected state (DOS). Metadata - Base pro...
-
Algorithmic variant: basic Root cause: none This test takes a string. If the first letter is a lower case letter, the main thread will get a lock guarding an integer, and count the number of lower-case letters into that integer. A second thread will get a lock guarding a second integer, and will...
-
This test takes a filename that is used as a representation of an externally accessible and unrestricted mutex lock. The weakness will then attempt to grab this lock by checking for the files existence, and creating the file if it doesn't exist. If the file does exist, the weakness will hang unti...
-
Algorithmic variant: basic Root cause: none This test takes a string. It separates the string into a number to use for an array size to sort and a second string to share between threads. It then creates two threads and runs them both. The first thread calculates an increment amount that is used ...
-
This test takes a filename that is used as a representation of an externally accessible and unrestricted mutex lock. The weakness will then attempt to grab this lock by checking for the files existence, and creating the file if it doesn't exist. If the file does exist, the weakness will hang unti...
-
This weakness takes a string in the form: '<qsize> <data>' where qsize is the size of the array to sort (used to delay execution) and data is a string that is used for processing. The contents of this string are unimportant. Two threads are created, one of which fails to check for a mutex lock le...
-
This test takes a string. It locks a lock upon encountering the first '1' in the string, then unlocks the lock each time it subsequently encounters an '1'. If there are three or more '1' characters in the string, this will cause multiple unlocks and an exception. Metadata - Base program: JTree ...
-
This weakness takes an input of "<qsize> <string>" where qsize is the length of the array to generate and sort for timing and string is an arbitrary string to use as data to pass around. The weakness uses a double checked lock to initialize a shared static data class in an attempt to be efficient...
-
This weakness takes a string in the form: '<qsize> <data>' where qsize is the size of the array to sort (used to delay execution) and data is a string that is used for processing. The contents of this string are unimportant. Two threads are created, one of which fails to check for a mutex lock le...
-
A file name is provided to the application. This file is assumed to be a binary payload with at least 4 bytes of data. The first 4 bytes of data are an encoded 32-bit Integer. This value describes the length of the rest of the message. If the length is not eual to of less than the remainder of th...
-
This weakness takes an integer and string as input (int string) where the integer is the size of the array to sort for timing and the string is the data that is acted upon. The weakness spawns two threads, both of which in turn call the function 'arrFunc' which is non-reentrant. 'arrFunc' uses a ...
-
This weakness takes in an integer and string "int string" where the integer is the size of the array to sort for timing and the string contains the value that is acted upon by the treads, stored in a global static variable. A divide by zero error occurs when the string starts with 'A' and the arr...
-
This weakness takes in an integer and string "int string" where the integer is the size of the array to sort for timing and the string contains the value that is acted upon by the treads, stored in a global static variable. A divide by zero error occurs when the string starts with 'A' and the arr...
-
This test takes an integer followed by a filename as input (int filename), and checks that the file exists, is in the current directory, and is not a symbolic link. However the weakness takes some time before opening the file allowing a time of check, time of use vulnerability. This vulnerability...
-
A file name is provided to the application. This file is assumed to be a binary payload with at least 4 bytes of data. The first 4 bytes of data are an encoded 32-bit Integer. This value describes the length of the rest of the message. If the length is not eual to of less than the remainder of th...
-
This test takes in a value passed as an argument This value is originally signed, but is converted to unsigned when stored in a char. This value is then used to index an allocated array with a signed value. Metadata - Base program: JTree - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIM...
-
This test takes in a value from a taint source. The value is truncated to an integer, and then used to generate a random number within a range. If the converted integer value is negative, SecureRandom.nextInt(value) will throw a RuntimeException. Metadata - Base program: JTree - Source Tain...
-
This test takes in a value passed in as an argument and uses it to compute a divisor which is later used in a modulus operation. Metadata - Base program: JTree - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE