Test case 156547

Type: source code
State: bad
Author: IARPA STONESOUP Test and Evaluation team
Status: candidate
Language: Java
Application: cpe:2.3:a:apache:lucene:4.5.0:*:*:*:*:*:*:*
Submission Date: 06 Oct 2015

Description

The product does not properly check inputs that are used for
loop conditions, potentially leading to a denial of service because of
excessive looping. This test will try to access a user-controlled file,
repeatedly trying if the access fails. The user provides an intentionally
bad path, forcing the software to wait forever.
Metadata
- Base program: Apache Lucene
- Source Taint: FILE_CONTENTS
- Data Type: VOID_POINTER
- Data Flow: JAVA_GENERICS
- Control Flow: INTERPROCEDURAL_2

Flaws

CWE-606 Unchecked Input for Loop Condition

Test Suites

Apache Lucene 4.5.0
IARPA STONESOUP Phase 3 - Test Cases

Documentation

Overview.pdf
Test Case Creation Guide.pdf
Weaknesses Documentation.pdf
TEXAS User Guide.pdf
Communication API Guide.pdf
System Design Document.pdf
Test and Evaluation Phase 3 Final Report.pdf
Test Generation Report
Kestrel Institute Report.pdf

Have any comments on this test case? Please, send us an email.