SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security

View/Download Test Cases

Test Suite #17: CANDIDATE Source Code Analysis Tool Functional Specification Test Suite

Results: 34 test cases in 2 pages. Pages: 1 2
Go to page:

Select Test Case ID(up) Submission Date Language Type of Artifact Status Description Weakness Bad
Good
Mixed
17612006-09-11C++Source CodeDeprecated Test tool ability to identify potential problem of the use of staticiCWE-500: Public Static Field Not Marked Final
Bad test case
17602006-09-07CSource CodeDeprecated Test of tool ability to identify a NULL pointer dereference.CWE-476: NULL Pointer Dereference
Bad test case
17592006-09-05CSource CodeCandidate Simple test of tool ability to identify a double free weakness.CWE-415: Double Free
Bad test case
17582006-09-05CSource CodeCandidate Test of tool ability to identify a memory leak.CWE-401: Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Bad test case
17572006-09-05CSource CodeDeprecated Test of tool ability to identify use of an uninitialized variable.CWE-457: Use of Uninitialized Variable
Bad test case
17562006-09-01CSource CodeCandidate Test of tool ability to identify a potentil write-what-where ...CWE-123: Write-what-where Condition
Bad test case
17552006-08-29JavaSource CodeCandidate Test of tool's ability to identify an assignment of public data ...CWE-496: Public Data Assigned to Private Array-Typed Field
Bad test case
17542006-08-28JavaSource CodeCandidate Private Array-Typed field returned from a public method.CWE-495: Private Array-Typed Field Returned From A Public Method
Bad test case
17532006-08-24CSource CodeCandidate Test of tool ability to identify improper pointer subtraction.CWE-469: Use of Pointer Subtraction to Determine Size
Bad test case
17412006-08-23CSource CodeCandidate Test of tool recognition of pointer scaling weakness.CWE-468: Incorrect Pointer Scaling
Bad test case
17382006-08-18JavaSource CodeCandidate Test determines if a tool can identify a hardcoded password weaknessiCWE-259: Use of Hard-coded Password
Bad test case
17372006-08-17CSource CodeDeprecated Test if tool can detect a heap inspection vulnerability.CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Bad test case
17342006-08-15JavaSource CodeCandidate Test of tool to identify potential resource injection weakness ...CWE-099: Improper Control of Resource Identifiers ('Resource Injection')
Bad test case
17322006-08-14JavaSource CodeCandidate Test to verify that a tool identifies a potential path ...CWE-020: Improper Input Validation
Bad test case
16532006-06-22JavaSource CodeCandidate Tainted output allows cross-site scripting attack.CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Bad test case
16452006-06-22CSource CodeCandidate System() is called with user-provided data.CWE-020: Improper Input Validation
Bad test case
16432006-06-22JavaSource CodeCandidate Tainted data spliced into a SQL query leads to a SQL injection issue.CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Bad test case
15922006-06-22CSource CodeCandidate A strncpy generates a string that may be missing a NUL termination. WCWE-170: Improper Null Termination
Bad test case
15382006-06-09C++Source CodeCandidate Reading of an uninitialized variable. . . . These test cases ...CWE-457: Use of Uninitialized Variable
Bad test case
15282006-06-09C++Source CodeCandidate Incorrect pointer arithmetic to access a data structure. . . . ...CWE-466: Return of Pointer Value Outside of Expected Range
Bad test case
1 2
Total of selected test cases: 34
Total pages: 2