Java Test Suite for Source Code Analyzer - weakness Test suite #63
DownloadDescription
This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-1 through SCA-RM-5 specified in "Source Code Security Analysis Tool Functional Specification"
Displaying test cases 1 - 25 of 27 in total
-
The code tries to execute a system command, read from the input buffer, without any validation.
-
The code, with a scope complexity, tries to execute a system command, read from the input buffer, without any validation.
-
The code, with a local control flow complexity, tries to execute a system command, read from the input buffer, without any validation.
-
The code, with a loop structure complexity, tries to execute a system command, read from the input buffer, without any validation.
-
The code creates a file from data read, without filtering.
-
The code, with a scope complexity, creates a file from data read, without filtering.
-
The code, with a container complexity, creates a file from data read, without filtering.
-
Authorization is given by an hard-coded password, which is built into the code. So it can be read from a copy, be changed easily, and every copy of the code uses the same one.
-
Authorization is given by an hard-coded password, which is built into the code. So it can be read from a copy, be changed easily, and every copy of the code uses the same one.
-
Authorization is given by an hard-coded password, which is built into the code. So it can be read from a copy, be changed easily, and every copy of the code uses the same one.
-
Authorization is given by an hard-coded password, which is built into the code. So it can be read from a copy, be changed easily, and every copy of the code uses the same one.
-
Authorization is given by an hard-coded password, which is built into the code. So it can be read from a copy, be changed easily, and every copy of the code uses the same one.
-
The code checks the state of a file to use but its state can change while the thread function sleep is running. So results are invalid.
-
This test illustrates the potential to create entry points in the application (and possibly expose state information) that would otherwise not be available to a general user. This is possible through evaluation of user input for a \"debug\" command.
-
This test is an example of a \"potential\" null pointer dereference. If a system variable \"java.class.path\" is undefined, then any attempt to use its value will result in a null pointer dereference.
-
This test illustrates an \"unchecked error condition\" weakness, where an exception is \"caught\", but no action is taken within the \"catch\" clause.
-
This is an example of what could be a critical resource lock weakness. A temporary file is locked by the application, but not released. If the file is used by other processes could be delayed or denied, creating a potential \"denial of service\".
-
This test is an example of a \"potential\" null pointer dereference, with a one level of address aliasing. If a system variable \"java.class.path\" is undefined, then any attempt to use its value will result in a null pointer dereference. Code complexity: adress alias level
-
This test is an example of a \"potential\" null pointer dereference, with a local control flow complexity, which is a \"switch\" conditional structure. If a system variable \"java.class.path\" is undefined, then any attempt to use its value will result in a null pointer dereference.
-
This test is an example of a \"potential\" null pointer dereference, with an inter-procedural scope complexity. If a system variable \"java.class.path\" is undefined, then any attempt to use its value will result in a null pointer dereference.
-
This servlet implements a Cross-Site Scripting vulnerability (XSS): the data provided by the client in the field "data" is written as is, without any filtering, to the output document.
-
This servlet implements a Cross-Site Scripting vulnerability (XSS) with a scope complexity : the data provided by the client in the field "data" is written as is, without any filtering, to the output document.
-
This servlet implements a Cross-Site Scripting vulnerability (XSS) with a container complexity : the data provided by the client in the field "data" is written as is, without any filtering, to the output document.
-
This servlet implements a Cross-Site Scripting vulnerability (XSS) with a loop complexity : the data provided by the client in the field "data" is written as is, without any filtering, to the output document.
-
This servlet implements an SQL injection vulnerability: an unsanitized SQL request is sent to the database.