Test Plan 2009 07 22

1. Testing Regular Expressions

1.1 Requirements to be tested

Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names.

1.2 Oracle

  • Success: Program correctly identifies attack surface and has the correct variable name

OR

  • Failure: Program fails to identify attack surface OR pulls the wrong variable name

1.3 Test Execution

Sample code (Attached below : source1.c) contains a scanf call which is known to be potentially dangerous (as it takes input from the user).

1.4 Result Summary

Failure: The program failed to locate the scanf call because the RegEx was not constructed properly. A new RegEx for the scanf call will be created.

2. Testing Regular Expressions

2.1 Requirements to be tested

Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names.

2.2 Oracle

  • Success: Program correctly identifies attack surface and has the correct variable name

OR

  • Failure: Program fails to identify attack surface OR pulls the wrong variable name

2.3 Test Execution

Sample code (Attached below : source2.c) contains a variable name: file which was also located within a string "Could not open file\n".

2.4 Result Summary

Failure: Program copied lines because of a variable name that was within a string, strings should be ignored.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License