CANDIDATE Source Code Analysis Tool Functional Specification Test Suite
DownloadDescription
This test suite contains all test cases that can be used to test a general purpose, production source code analysis tool implementation against the SAMATE Source Code Analysis Tool Functional Specification.
Displaying test cases 1 - 25 of 34 in total
-
Miscalculated null termination occurs when the placement of a null character at the end of a buffer of characters (or string) is misplaced or omitted. (from TCCLASP-5_2_14_9)
-
The use of heap allocated memory after it has been freed or deleted leads to undefined system behavior and, in many cases, to a write-what-where condition. (from TCCLASP-5_2_19_10)
-
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. (from TCCLASP-5_2_2_10)
-
Sometimes an error is detected, and bad or no action is taken. (from TCCLASP-5_6_19_10)
-
An ad hoc gets without bounds checkes allows a stack buffer to be overrun. PLOVER CLASS: BUFF.OVER
-
Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...
-
Buffer overflow if the input is not validated. Every operation may write outside the bound of the statically allocated character array. From "Secure Coding in C and C++" by Robert C. Seacord. Page 28, Figure 2-2
-
Null-termination defect. There is no place allocated for the null terminating character. Thereby, the strcpy() writes beyond the character array. From "Secure Coding in C and C++" by Robert C. Seacord. Page 31, Figure 2-7
-
A null pointer is dereferenced. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.
-
A C++ array is not deleted correctly, which could lead to memory leaks. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.
-
Incorrect pointer arithmetic to access a data structure. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.
-
Reading of an uninitialized variable. These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier. Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.
-
A strncpy generates a string that may be missing a NUL termination. When it is copied with strcpy a stack buffer can be overrun.
-
Tainted data spliced into a SQL query leads to a SQL injection issue.
-
System() is called with user-provided data.
-
Tainted output allows cross-site scripting attack.
-
Test to verify that a tool identifies a potential path manipulation code weakness.
-
Test of tool to identify potential resource injection weakness in source code.
-
Test determines if a tool can identify a hardcoded password weakness in code.
-
Test of tool recognition of pointer scaling weakness.
-
Test of tool ability to identify improper pointer subtraction.
-
Private Array-Typed field returned from a public method.
-
Test of tool\'s ability to identify an assignment of public data to to a private array field.
-
Test of tool ability to identify a potentil write-what-where weakness in code.
-
Test of tool ability to identify a memory leak.