Back to the previous page

Test Case ID	156978
Bad / Good / Mixed	Bad
Author	IARPA STONESOUP Test and Evaluation team
Associations	Test suite: 102 Application: 15
Added by	Charles Oliveira
Language	Java
Type of test case	Source Code
Input string
Expected Output
Instructions	See src/docs/howtobuild.html file for instructions on how to install.
Submission date	2015-10-06
Description	The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forcing the software to wait forever. Metadata - Base program: Apache POI - Source Taint: SOCKET - Data Type: SIMPLE - Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE - Control Flow: INDIRECTLY_RECURSIVE
File(s)	HeaderBlock.java (23 kB) runFifos.py (2.67 kB) service_mon.sh (100 B) J-C606A-POIX-02-ST03-DT02-DF06-CF02-01.yaml (2.78 kB) J-C606A-POIX-02-ST03-DT02-DF06-CF02-01.xml (51.37 kB)
Flaw	CWE-606: Unchecked Input for Loop Condition • 14

There are no comments

Have any comments on this test case? Please, .

HeaderBlock.java
runFifos.py
service_mon.sh
J-C606A-POIX-02-ST03-DT02-DF06-CF02-01.yaml
J-C606A-POIX-02-ST03-DT02-DF06-CF02-01.xml

File Contains:
CWE-606: Unchecked Input for Loop Condition on line(s): 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109