SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security

View/Download Test Cases

Test Suite #6: ABM 1.0.1

Results: 112 test cases in 6 pages. Pages: 1 2 3 4 5 6
Go to page:

Select Test Case ID(up) Submission Date Language Type of Artifact Status Description Weakness Bad
Good
Mixed
16552006-06-22JavaSource CodeCandidate Tainted output allows cross-site scripting attack. (fixed version 2)CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Good test case
16542006-06-22JavaSource CodeCandidate Tainted output allows cross-site scripting attack.CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Good test case
16532006-06-22JavaSource CodeCandidate Tainted output allows cross-site scripting attack.CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Bad test case
16522006-06-22JavaSource CodeCandidate An unsafe function is used causing the entire container to exit.None givenBad test case
16512006-06-22JavaSource CodeCandidate An unsafe function is used causing the entire container to exit.None givenBad test case
16502006-06-22CSource CodeCandidate Sensitive data from getpass is output with syslog.None givenBad test case
16492006-06-22CSource CodeCandidate Sensitive data from getpass is output with printf.None givenBad test case
16482006-06-22CSource CodeCandidate Execl() is called with user-provided data but only if it matches ...CWE-020: Improper Input Validation
Good test case
16472006-06-22CSource CodeCandidate Execl() is called with user-provided data.CWE-020: Improper Input Validation
Bad test case
16462006-06-22CSource CodeDeprecated System() is called with user-provided data but the data is ...CWE-020: Improper Input Validation
Good test case
16452006-06-22CSource CodeCandidate System() is called with user-provided data.CWE-020: Improper Input Validation
Bad test case
16442006-06-22JavaSource CodeCandidate Tainted data spliced into a SQL query leads to a SQL injection issue CWE-074: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Good test case
16432006-06-22JavaSource CodeCandidate Tainted data spliced into a SQL query leads to a SQL injection issue.CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Bad test case
16422006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. A guard in ...CWE-121: Stack-based Buffer Overflow
Good test case
16412006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. A guard in ...CWE-121: Stack-based Buffer Overflow
Bad test case
16402006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. A guard is usedtCWE-121: Stack-based Buffer Overflow
Good test case
16392006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. A guard is usedtCWE-121: Stack-based Buffer Overflow
Bad test case
16382006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. The length ...CWE-121: Stack-based Buffer Overflow
Good test case
16372006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. The length ...CWE-121: Stack-based Buffer Overflow
Bad test case
16362006-06-22CSource CodeCandidate sprintf allows a stack buffer to be overrun.CWE-121: Stack-based Buffer Overflow
Bad test case
1 2 3 4 5 6
Total of selected test cases: 112
Total pages: 6