C++ Test Suite for Source Code Analyzer - weakness suppresion Test suite #59
DownloadDescription
This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RO-2 specified in "Source Code Security Analysis Tool Functional Specification"
Displaying all 14 test cases
-
Test of tool ability to identify an unchecked error condition.
-
users can add the arguments -debug -root to take advantage of leftover debug code
-
The test case is a basic CGI source code which allows Cross-Site Scripting (XSS).
-
user can input more then the max number of characters causing a stack overflow
-
Integer is not initiated before use
-
By using a wrong pointer type, the program will output a non-sense value due to the pointer scaling.
-
The test case has a SQL Injection weakness.
-
The pointer p is dereferenced even though the value is null.
-
The test case shows a resource injection.
-
A software system that accepts and executes input in the form of operating system commands (e.g. system(), exec(), open()) could allow an attacker with lesser privileges than the target software to execute commands with the elevated privileges of the executing process.
-
The test cases shows hard-coded passwords is used.
-
Created short is not deleted after use.
-
The test case shows a Heap Overflow by trying to insert out of the bounds of the buffer a character \'a\'.
-
This test case shows debugging code is left in the program