Deprecated test suite
C Test Suite for Source Code Analyzer - false positive Test suite #46
DownloadDescription
This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-6 specified in "Source Code Security Analysis Tool Functional Specification"
Displaying test cases 1 - 25 of 73 in total
-
Printf is called with a programmer supplied format string.
-
A string decode function properly checks for termination and no buffer overflow occurs.
-
An ad hoc gets with bounds check does not allow a stack buffer to be overrun.
-
An ad-hoc string copy with bounds check does not overflows a stack buffer.
-
Syslog is called with a programmer supplied format string.
-
Printf is called with a static format string. This is not a defect.
-
fgets is called with a correct bound.
-
integer overflow results in a short malloc and an overflow. A guard is put in place to protect against the overflow.
-
malloc\'d data is freed.
-
malloc\'d data is freed in the caller.
-
malloc\'d data is freed only once.
-
A strcpy does not overflows a stack buffer because a check is made to avoid an overflow condition.
-
A strncpy safely copies a string into a heap buffer.
-
A strcpy is used to copy a string into a heap buffer. The caller shortens the string to prevent a buffer overflow from occuring.
-
This Cross-Site Scripting example shows how a CGI program in C takes the arguments and print it out.
-
The SQL Injection is possible because the arguments are not validated before the MySQL query.
-
The SQL Injection is possible if the arguments are not validated.
-
The SQL Injection is possible because the argument are not validated. The code complexity is in the call of another function to perform the MySQL query.
-
This test case shows a double free in a local control flow complexity.
-
This test case shows a double free in a for loop structure.
-
This test cases exposes a format string vulnerability with a container code complexity.
-
This test case shows a format string vulnerability in a local control flow; here, we use function pointer for control flow.
-
The test cases shows hard-coded passwords are not used; these passwords are in a array
-
The test case exposes a password which is not hard-coded in the source code.
-
This test case shows no hard-coded password in a local control flow.