Deprecated test suite
C Test Suite for Source Code Analyzer - weakness suppresion Test suite #47
DownloadDescription
This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RO-2 specified in "Source Code Security Analysis Tool Functional Specification"
Displaying all 21 test cases
-
A file is accessed multiple times by name in a publically accessible directory. A race condition exists between the accesses where an attacker can replace the file referenced by the name. PLOVER: RACE.TOCTOU
-
gets is never safe for untrusted input due to lack of buffer length checks.
-
malloc\'d data is never freed and all pointers to the data are lost.
-
An strcpy overflows a heap buffer.
-
Test if tool can detect a heap inspection vulnerability.
-
In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. (from TCCLASP-5_6_9_10)
-
This Cross-Site Scripting example shows how a CGI program in C takes the arguments and print it out.
-
The SQL Injection is possible because the arguments are not validated before the MySQL query.
-
The use of a hard-coded password increases the possibility of password guessing tremendously. (from TCCLASP-5_5_9_10-C)
-
This test case shows an improper null termination; fread don\'t add the null character at the end of the string.
-
The test case expose a leftover debug code. Basically developer can debug his code and get the root promotion for debugging...
-
The test case shows how it is easy to get a buffer overflow if a string function is misused.
-
The test case exposes an OS Command Injection.
-
The test case shows a resource injection.
-
Unchecked error condition; if we don\'t check the return of [em]scanf[/em] we don\'t know how many parameters have been passed.
-
Using the value of an unitialized variable is not safe. (from TCCLASP-5_6_4_10)
-
The test cases implements CVE-2002-1869: Don\'t check if you can write a log file allow attackers to avoid logging.
-
This test case shows a null pointer is dereferenced.
-
This test case shows a block of memory is freed twice. This test case replaces 1446
-
Attempt to return a pointer to memory that has been freed. This replaces test case 2108
-
Format string problems occur when a user has the ability to control or write completely the format string used to format data in the printf style family of C/ C++ functions. (from TCCLASP-5_2_23_10)