Java Test Suite for Source Code Analyzer - false positive Test suite #64
DownloadDescription
This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-6 specified in "Source Code Security Analysis Tool Functional Specification"
Displaying test cases 1 - 25 of 27 in total
-
The code tries to execute a system command, read from the input buffer. Validation is done by ProcessBuilder before execution.
-
The code, with a inter procedural scope complexity, tries to execute a system command, read from the input buffer. Validation is done by ProcessBuilder before execution.
-
The code, with a local control flow complexity (switch), tries to execute a system command, read from the input buffer. Validation is done by ProcessBuilder before execution.
-
The code, with a loop structure complexity (for), tries to execute a system command, read from the input buffer. Validation is done by ProcessBuilder before execution.
-
The code creates a FileOutputStream from a file which is allowed to use (by comparing with the table of allowed files).
-
The code, with an inter procedural scope complexity, creates a FileOutputStream from a file which is allowed to use (by comparing with the table of allowed files).
-
The code, with a container complexity, creates a FileOutputStream from a file which is allowed to use (by comparing with the table of allowed files).
-
The password to know if the user is authorized to do high-level work is verified by checking the matching with the user name.
-
The password to know if the user is authorized to do high-level work is verified by checking the matching with the user name.Moreover there is a local control flow (switch).
-
The password to know if the user is authorized to do high-level work is verified by checking the matching with the user name.Moreover there is a loop structure complexity (for).
-
The password to know if the user is authorized to do high-level work is verified by checking the matching with the user name.Moreover there is a container complexity.
-
The password to know if the user is authorized to do high-level work is verified by checking the matching with the user name.Moreover there is an array index complexity.
-
It checks the state of the file myfile.txt. Its state can change with the function sleep, but is verified before using it.
-
A FileInputStream such as image data is tried to be created. Exceptions and other error conditions are no more ignored.
-
Suppose the file /tmp/resourceLock is used as a resource lock. This program grabs the lock (if available), and later releases it.
-
Here we try to get the system property from a specified key and then remove whitespace. If the key is unknown, cmd is null and the null dereference exception is caught.
-
Here we try to get the system property from a specified key and then remove whitespace. If the key is unknown, cmd is null and the null dereference exception is caught. Moreover there is a local control flow complexity, which is a \"switch\" conditional structure.
-
Here we try to get the system property from a specified key and then remove whitespace. If the key is unknown, cmd is null and the null dereference exception is caught. Moreover there is an inter procedural scope complexity.
-
Here we try to get the system property from a specified key and then remove whitespace. If the key is unknown, cmd is null and the null dereference exception is caught. Moreover there is an address alias level complexity.
-
Basically developer can debug his code by typing \"-debug\" but here debugging code is removed.
-
This servlet implements a fixed Cross-Site Scripting vulnerability (XSS): the data provided by the client in the field "data" is encoded so there is no more XSS.
-
This servlet implements a fixed Cross-Site Scripting vulnerability (XSS) with a scope complexity: the data provided by the client in the field "data" is encoded so there is no more XSS.
-
This servlet implements a fixed Cross-Site Scripting vulnerability (XSS) with a container complexity: the data provided by the client in the field "data" is encoded so there is no more XSS.
-
This servlet implements a fixed Cross-Site Scripting vulnerability (XSS) with a loop complexity: the data provided by the client in the field "data" is encoded so there is no more XSS.
-
This servlet implements a fixed SQL injection vulnerability: a SQL request is sent to the database after testing if the current name takes part of the allowed ones.