Deprecated test suite

This test suite is marked as deprecated. Deprecated test suites should not be used for new work. However, They remain in the SARD as a reference to redo previous work.

C Test Suite for Source Code Analyzer - false positive

Download

Author: Michael Koo
Language: C
Size: 269 KB
Sha256sum: b675c70f63daf234cc40e86f7d1a304d85f89067b4817d2954434dc3a50a3509
Number Of Test Cases: 73
Submission Date: 04 Feb 2007

Description

This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-6 specified in "Source Code Security Analysis Tool Functional Specification"

Displaying test cases 1 - 10 of 73 in total

CWE-134

149046-v1.0.0

Added 16 years ago

deprecated

good

Printf is called with a programmer supplied format string.
CWE-121

149056-v1.0.0

Added 16 years ago

deprecated

good

A string decode function properly checks for termination and no buffer overflow occurs.
CWE-121

149058-v1.0.0

Added 16 years ago

deprecated

good

An ad hoc gets with bounds check does not allow a stack buffer to be overrun.
CWE-121

149060-v1.0.0

Added 16 years ago

deprecated

good

An ad-hoc string copy with bounds check does not overflows a stack buffer.
CWE-134

149062-v1.0.0

Added 16 years ago

deprecated

good

Syslog is called with a programmer supplied format string.
CWE-134

149064-v1.0.0

Added 16 years ago

deprecated

good

Printf is called with a static format string. This is not a defect.
CWE-121

149068-v1.0.0

Added 16 years ago

deprecated

good

fgets is called with a correct bound.
CWE-122

149070-v1.0.0

Added 16 years ago

deprecated

good

integer overflow results in a short malloc and an overflow. A guard is put in place to protect against the overflow.
CWE-401

149072-v1.0.0

Added 16 years ago

deprecated

good

malloc\'d data is freed.
CWE-401

149074-v1.0.0

Added 16 years ago

deprecated

good

malloc\'d data is freed in the caller.

Results per page