Deprecated test suite
C Test Suite for Source Code Analyzer - weakness Test suite #45
DownloadDescription
This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-1 through SCA-RM-5 specified in "Source Code Security Analysis Tool Functional Specification"
Displaying test cases 1 - 25 of 77 in total
-
Printf is called with a user supplied format string. PLOVER: BUFF.OVER, BUFF.FORMAT
-
Syslog is called with a user supplied format string. An attempt was made to preformat the buffer but the vulnerability remains. PLOVER: BUFF.OVER, BUFF.FORMAT
-
malloc"d data is freed more than once. PLOVER: MISC.DFREE
-
A file is accessed multiple times by name in a publically accessible directory. A race condition exists between the accesses where an attacker can replace the file referenced by the name. PLOVER: RACE.TOCTOU
-
System() is called with user-provided data. PLOVER: CODE.EVAL
-
A string decode function misses a termination check which allows the decode to proceed past the end of the buffer.
-
An ad-hoc string copy without bounds check overflows a stack buffer.
-
gets is never safe for untrusted input due to lack of buffer length checks.
-
fgets is called with an incorrect bound allowing a stack buffer to be overrun.
-
malloc\'d data is never freed and all pointers to the data are lost.
-
malloc\'d data is returned to the caller but never freed.
-
malloc\'d data is freed before being returned to the caller and freed again.
-
An strcpy overflows a heap buffer.
-
An strncpy is used to copy a string but the length is given incorrectly leading to a heap buffer overflow.
-
Test if tool can detect a heap inspection vulnerability.
-
stack overflow
-
Test of tool ability to identify use of an uninitialized variable.
-
In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. (from TCCLASP-5_6_9_10)
-
This Cross-Site Scripting example shows how a CGI program in C takes the arguments and print it out.
-
The SQL Injection is possible because the arguments are not validated before the MySQL query.
-
The SQL Injection is possible if the arguments are not validated.
-
The SQL Injection is possible because the argument are not validated. The code complexity is in the call of another function to perform the MySQL query.
-
This test case exposes a Race Condition error at the line 26. Many processes can access the same file in different moment.[br] We can have something like that:[br] Process 1: Open File[br] Process 1: Close File[br] Process 2: Open File[br] Process 3: Open File[br] Process 2: Close File[br] Proces...
-
This test case exposes a Race Condition error at the line 47. Many processes can access the same file in different moment.
-
The use of a hard-coded password increases the possibility of password guessing tremendously. (from TCCLASP-5_5_9_10-C)