C++ Test Suite for Source Code Analyzer - weakness Test suite #57
DownloadDescription
This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-1 through SCA-RM-5 specified in "Source Code Security Analysis Tool Functional Specification"
Displaying test cases 1 - 25 of 41 in total
-
Test of tool ability to identify an unchecked error condition.
-
users can add the arguments -debug -root to take advantage of leftover debug code
-
The test case is a basic CGI source code which allows Cross-Site Scripting (XSS).
-
created objects are never destroyed
-
user can input more then the max number of characters causing a stack overflow
-
The test case is a basic CGI source code which allows Cross-Site Scripting (XSS). The code has a Scope complexity.
-
The test case is a basic CGI source code which allows Cross-Site Scripting (XSS). The code has a Index Alias complexity.
-
Integer is not initiated before use
-
By using a wrong pointer type, the program will output a non-sense value due to the pointer scaling.
-
The test case has a SQL Injection weakness.
-
The test case has a SQL Injection weakness in a Scope complexity.
-
integer p is not initiated before its use in a for loop
-
The test case has a SQL Injection weakness in a array index complexity source code.
-
The pointer p is dereferenced even though the value is null.
-
The pointer is dereferenced even though the value is null in the \'function\' call.
-
The pointer p is dereferenced even though the value is null.
-
Null Dereference in a Index Alias complexity
-
The test case shows a resource injection.
-
Allowing user input to control resource identifiers may enable an attacker to access or modify otherwise protected system resources.
-
Allowing user input to control resource identifiers may enable an attacker to access or modify otherwise protected system resources.
-
Allowing user input to control resource identifiers may enable an attacker to access or modify otherwise protected system resources.
-
A software system that accepts and executes input in the form of operating system commands (e.g. system(), exec(), open()) could allow an attacker with lesser privileges than the target software to execute commands with the elevated privileges of the executing process.
-
A software system that accepts and executes input in the form of operating system commands (e.g. system()) could allow an attacker with lesser privileges than the target software to execute commands with the elevated privileges of the executing process.
-
A software system that accepts and executes input in the form of operating system commands (e.g. system(), exec(), open()) could allow an attacker with lesser privileges than the target software to execute commands with the elevated privileges of the executing process.
-
A software system that accepts and executes input in the form of operating system commands (e.g. system()) could allow an attacker with lesser privileges than the target software to execute commands with the elevated privileges of the executing process.