C++ Test Suite for Source Code Analyzer - false positive Test suite #58
DownloadDescription
This test suite tests against Source Code Security Analyzer based on functional requirements SCA-RM-6 specified in "Source Code Security Analysis Tool Functional Specification"
Displaying test cases 1 - 25 of 39 in total
-
users cannot add the arguments -debug -root to take advantage of leftover debug code
-
The test case is a basic CGI source code which allows Cross-Site Scripting (XSS).
-
created objects are never destroyed
-
user can input more then the max number of characters causing a stack overflow
-
The test case is a basic CGI source code which allows Cross-Site Scripting (XSS). The code has a Scope complexity.
-
The test case is a basic CGI source code which allows Cross-Site Scripting (XSS). The code has a Index Alias complexity.
-
Integer is not initiated before use
-
By using a wrong pointer type, the program will output a non-sense value due to the pointer scaling.
-
The test case has a SQL Injection weakness.
-
The test case has a SQL Injection weakness in a Scope complexity.
-
integer p is not initiated before its use in a for loop
-
The test case has a SQL Injection weakness in a array index complexity source code.
-
Throws and uncaught range check exception
-
The pointer p is dereferenced even though the value is null.
-
The pointer is dereferenced even though the value is null in the \'function\' call.
-
The pointer p is dereferenced even though the value is null.
-
Null Dereference in a Index Alias complexity
-
Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system.
-
Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system.
-
Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system.
-
A software system that accepts and executes input in the form of operating system commands (e.g. system(), exec(), open()) should examine the input before its use.
-
A software system that accepts and executes input in the form of operating system commands (e.g. system(), exec(), open()) should examine the input before its use.
-
A software system that accepts and executes input in the form of operating system commands (e.g. system()) could allow an attacker with lesser privileges than the target software to execute commands with the elevated privileges of the executing process.
-
A software system that accepts and executes input in the form of operating system commands (e.g. system(), exec(), open()) should examine the input before its use.
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack. In the case of C++, misusing container vector could also cause stack overflow.