SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security

View/Download Test Cases

Downloads:  Download the selected Test Cases Download these 112 test cases Download all the test cases on the page  Download the manifest  Download all the test cases in the SARD

Test Suite #6: ABM 1.0.1

Results: 112 test cases in 6 pages. Pages: 1 2 3 4 5 6
Go to page:

Select Test Case ID(up) Submission Date Language Type of Artifact Status Description Weakness Bad
Good
Mixed
16552006-06-22JavaSource CodeCandidate Tainted output allows cross-site scripting attack. (fixed version 2)CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Good test case
16542006-06-22JavaSource CodeCandidate Tainted output allows cross-site scripting attack.CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Good test case
16532006-06-22JavaSource CodeCandidate Tainted output allows cross-site scripting attack.CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Bad test case
16522006-06-22JavaSource CodeCandidate An unsafe function is used causing the entire container to exit.None givenBad test case
16512006-06-22JavaSource CodeCandidate An unsafe function is used causing the entire container to exit.None givenBad test case
16502006-06-22CSource CodeCandidate Sensitive data from getpass is output with syslog.None givenBad test case
16492006-06-22CSource CodeCandidate Sensitive data from getpass is output with printf.None givenBad test case
16482006-06-22CSource CodeCandidate Execl() is called with user-provided data but only if it matches ...CWE-020: Improper Input Validation
Good test case
16472006-06-22CSource CodeCandidate Execl() is called with user-provided data.CWE-020: Improper Input Validation
Bad test case
16462006-06-22CSource CodeDeprecated System() is called with user-provided data but the data is ...CWE-020: Improper Input Validation
Good test case
16452006-06-22CSource CodeCandidate System() is called with user-provided data.CWE-020: Improper Input Validation
Bad test case
16442006-06-22JavaSource CodeCandidate Tainted data spliced into a SQL query leads to a SQL injection issue CWE-074: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Good test case
16432006-06-22JavaSource CodeCandidate Tainted data spliced into a SQL query leads to a SQL injection issue.CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Bad test case
16422006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. A guard in ...CWE-121: Stack-based Buffer Overflow
Good test case
16412006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. A guard in ...CWE-121: Stack-based Buffer Overflow
Bad test case
16402006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. A guard is usedtCWE-121: Stack-based Buffer Overflow
Good test case
16392006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. A guard is usedtCWE-121: Stack-based Buffer Overflow
Bad test case
16382006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. The length ...CWE-121: Stack-based Buffer Overflow
Good test case
16372006-06-22CSource CodeCandidate Sprintf is used to copy a string to a stack buffer. The length ...CWE-121: Stack-based Buffer Overflow
Bad test case
16362006-06-22CSource CodeCandidate sprintf allows a stack buffer to be overrun.CWE-121: Stack-based Buffer Overflow
Bad test case
1 2 3 4 5 6
Total of selected test cases: 112
Total pages: 6