Test case 153940

Type: source code
State: bad
Author: IARPA STONESOUP Test and Evaluation team
Status: candidate
Language: Java
Application: cpe:2.3:a:apache:lucene:4.5.0:*:*:*:*:*:*:*
Submission Date: 06 Oct 2015

Description

This weakness takes a value and converts it to upper case.
If it contains characters not a-zA-Z, then the function
used to covert to upper case will return null. After
converting the value to upper case it is compared to a static
password. This comparison will cause an error if the
value contained a number, punctuation, space, etc.
Metadata
- Base program: Apache Lucene
- Source Taint: FILE_CONTENTS
- Data Type: SIMPLE
- Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE
- Control Flow: SEQUENCE

Flaws

CWE-252 Unchecked Return Value

Test Suites

Apache Lucene 4.5.0
IARPA STONESOUP Phase 3 - Test Cases

Documentation

Overview.pdf
Test Case Creation Guide.pdf
Weaknesses Documentation.pdf
TEXAS User Guide.pdf
Communication API Guide.pdf
System Design Document.pdf
Test and Evaluation Phase 3 Final Report.pdf
Test Generation Report
Kestrel Institute Report.pdf

Have any comments on this test case? Please, send us an email.