ABM 1.0.1 Test suite #35

Author: Jeff Meister
Language: C
Size: 456 KB
Sha256sum: 33507084ed0354a6e1e0b159ad4b2ee6129838b18f81d281b1704d59f10b339d
Number Of Test Cases: 112
Submission Date: 22 Jun 2006

Description

Fortify Software\''s Analyzer BenchMark v. 1.0.1

Displaying test cases 1 - 25 of 112 in total

CWE-243

1550-v1.0.0

Added 18 years ago

candidate

bad

A chroot() is performed without a chdir().
1551-v1.0.0

Added 18 years ago

candidate

good

A chroot() is performed with a chdir().
CWE-502

1552-v1.0.0

Added 18 years ago

candidate

bad

Tainted input allows arbitrary files to be read and written.
CWE-417

1553-v1.0.0

Added 18 years ago

candidate

good

Tainted input allows arbitrary files to be read and written. (fixed version)
CWE-362

1554-v1.0.0

Added 18 years ago

candidate

bad

Two file operations are performed on a filename, allowing a filename race condition to occur.
CWE-134

1557-v1.0.0

Added 18 years ago

candidate

bad

Syslog is called with a user supplied format string.
CWE-134

1561-v1.0.0

Added 18 years ago

candidate

good

Printf is called with a format from a table. This is not a defect.
CWE-259

1567-v1.0.0

Added 18 years ago

candidate

bad

The credentials for connecting to the database are hard-wired into the sourcecode.
CWE-259

1568-v1.0.0

Added 18 years ago

candidate

good

The credentials for connecting to the database are hard-wired into the sourcecode. (fixed version)
CWE-259

1569-v1.0.0

Added 18 years ago

candidate

good

The credentials for connecting to the database are hard-wired into the sourcecode. (fixed version 2)
CWE-209

1570-v1.0.0

Added 18 years ago

candidate

bad

An exception leaks internal path information to the user.
1571-v1.0.0

Added 18 years ago

candidate

good

An exception leaks internal path information to the user. (fixed version)
CWE-122

1572-v1.0.0

Added 18 years ago

candidate

bad

integer overflow results in a short malloc and an overflow.
CWE-122

1575-v1.0.0

Added 18 years ago

candidate

bad

integer overflow results in a short malloc and an overflow. A guard is put in place to protect against the overflow but it is incorrect.
CWE-122

1576-v1.0.0

Added 18 years ago

candidate

good

integer overflow results in a short malloc and an overflow. A guard is put in place to protect against the overflow.
CWE-122

1577-v1.0.0

Added 18 years ago

candidate

bad

integer overflow results in a short malloc and an overflow. A guard in the caller is used to protect against the overflow but it is incorrect.
CWE-122

1578-v1.0.0

Added 18 years ago

candidate

good

integer overflow results in a short malloc and an overflow. A guard in the caller is used to protect against the overflow.
CWE-117

1579-v1.0.0

Added 18 years ago

candidate

bad

Tainted output allows log entries to be forged.
1580-v1.0.0

Added 18 years ago

candidate

good

Tainted output allows log entries to be forged. (fixed version)
CWE-117

1581-v1.0.0

Added 18 years ago

candidate

bad

Tainted output allows log entries to be forged.
1582-v1.0.0

Added 18 years ago

candidate

good

Tainted output allows log entries to be forged. (fixed version)
CWE-401

1583-v1.0.0

Added 18 years ago

candidate

bad

Memory resources are referenced indefinitely but never used, resulting in a memory leak.
CWE-401

1584-v1.0.0

Added 18 years ago

candidate

good

Memory resources are referenced indefinitely but never used, resulting in a memory leak. (fixed version)
CWE-401

1587-v1.0.0

Added 18 years ago

candidate

good

Memory resources are referenced indefinitely but never used, resulting in a memory leak. (fixed version 2)
CWE-170

1592-v1.0.0

Added 18 years ago

candidate

bad

A strncpy generates a string that may be missing a NUL termination. When it is copied with strcpy a stack buffer can be overrun.

Results per page