Tree 1.7.0 Test suite #6
DownloadDescription
Tree is a recursive directory listing command that produces a depth indented listing of files, which is colorized ala dircolors if the LS_COLORS environment variable is set and output is to tty. Tree has been ported and reported to work under the following operating systems: Linux, FreeBSD, OS X, Solaris, HP/UX, Cygwin, HP Nonstop and OS/2.
This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page.NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Documentation
-
Metadata - Base program: Tree - Source Taint: SOCKET - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: SHARED_MEMORY - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: FILE_CONTENTS - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: SHARED_MEMORY - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: SOCKET - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: SHARED_MEMORY - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: SOCKET - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: SOCKET - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: SHARED_MEMORY - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: Tree - Source Taint: SOCKET - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
-
This test case allocates a buffer on the stack, with a canary function pointer immediately after it. It checks if the taint source is less than 20 characters, and if so, it sets the canary function pointer to strlen and call realpath on the taint source, putting the result into the stack buffer. ...
-
This test case creates a buffer on the stack of 1024 bytes and a struct on the heap containing a 64-byte buffer and a pointer to the beginning of that buffer. It copies the taint source into the 1024-char buffer. It checks if the length of the taint source is less than the length of the 64-byte b...
-
This test case allocates a struct on the heap that contains an 8-character buffer, followed by a pointer. The pointer is set to point to the beginning of the 8-character buffer. The taint source is copied into the 8-character buffer, using strncpy, but the length is incorrectly capped at the leng...
-
This test case implements an incorrect size check when reading from a buffer that can cause a buffer under read. The buffer is declared as a character buffer of size 64 on the heap. 64 bytes of input are copied into the buffer but the test case incorrectly uses the original size of the input stri...
-
This test case implements a heap allocated buffer that erroneously gets double free()'d causing a segfault. The test case takes an input string and copies it into a heap allocated buffer. It then checks to see if the first character is an 'a' or greater and if so, calls a function that finishes b...
-
This test case implements an incorrectly checked write into a heap allocated buffer. The buffer is malloc()'d with a fixed size and pointed to by a local variable. Untrusted input is not properly sanitized or restricted before being copied into the buffer, from the last character to the first. Th...
-
This test case takes a buffer as input and copies it into another buffer. It then converts the new buffer to uppercase and prints it out. If the provided input is larger than the buffer it is being copied into, then this will result in a buffer overwrite due to access with an incorrect length. Th...
-
This test case creates a struct that has a message_type field and a message_data field. The message_type field should be 1 if the message_data field contains a char*, and 0 if it contains an int. The message_data field is set to be the taint source, and the message_type field is set to 1. If the ...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size member of a struct that is allocated on the heap. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows ...