1. Testing Regular Expressions
1.1 Requirements to be tested
Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names.
1.2 Oracle
- Success: Program correctly identifies attack surface and has the correct variable name
OR
- Failure: Program fails to identify attack surface OR pulls the wrong variable name
1.3 Test Execution
Sample code (Attached below : source1.c) was scanned successfully except for a bug found in the previous round of testing that has not yet been fixed..
1.4 Result Summary
Success: The program traced the variable: name through the file.
2. Testing Regular Expressions
2.1 Requirements to be tested
Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names.
2.2 Oracle
- Success: Program correctly identifies attack surface and has the correct variable name
OR
- Failure: Program fails to identify attack surface OR pulls the wrong variable name
2.3 Test Execution
Sample code (Attached below : source2.c) contains a scanf call.
2.4 Result Summary
Failure: Program looks to have failed to find the scanf call. (Program returned no output for RATS to scan)
3. Testing Regular Expressions
3.1 Requirements to be tested
Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names.
3.2 Oracle
- Success: Program correctly identifies attack surface and has the correct variable name
OR
- Failure: Program fails to identify attack surface OR pulls the wrong variable name
3.3 Test Execution
Sample code (Attached below : source3.zip) contains a scanf and a fixed size array call.
3.4 Result Summary
Success: Program looks to have correctly identified variable to track through program.
4. Testing Regular Expressions
4.1 Requirements to be tested
Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names.
4.2 Oracle
- Success: Program correctly identifies attack surface and has the correct variable name
OR
- Failure: Program fails to identify attack surface OR pulls the wrong variable name
4.3 Test Execution
Sample code (Attached below : source4.c) contains a memcpy call.
4.4 Result Summary
Failure: Program fails to identify memcpy [memcpy(session->peer_challenge, reply->challenge, reply->count);] call.
5. Testing Regular Expressions
5.1 Requirements to be tested
Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names.
5.2 Oracle
- Success: Program correctly identifies attack surface and has the correct variable name
OR
- Failure: Program fails to identify attack surface OR pulls the wrong variable name
5.3 Test Execution
Sample code (Attached below : source5.c) was scanned which included a vsnprintf call [vsnprintf(buff, sizeof (buff), fmt, args);].
5.4 Result Summary
Failure: The program did not locate the vsnprintf call.
6. Testing Regular Expressions
6.1 Requirements to be tested
Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names.
6.2 Oracle
- Success: Program correctly identifies attack surface and has the correct variable name
OR
- Failure: Program fails to identify attack surface OR pulls the wrong variable name
6.3 Test Execution
Sample code (Attached below : source6.c) was scanned which included a bcopy call [bcopy(hp->h_addr, (char *) &(aconf->ipnum), sizeof(struct in_addr));].
6.4 Result Summary
Failure: bcopy was not located within the file.
7. Testing Regular Expressions
7.1 Requirements to be tested
Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names.
7.2 Oracle
- Success: Program correctly identifies attack surface and has the correct variable name
OR
- Failure: Program fails to identify attack surface OR pulls the wrong variable name
7.3 Test Execution
Sample code (Attached below : source7.c) was scanned which included several strcat calls [strcat (full_filename, "/lib");].
7.4 Result Summary
Failure: strcat and strcpy functions were not found.
8. Testing Regular Expressions
8.1 Requirements to be tested
Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names.
8.2 Oracle
- Success: Program correctly identifies attack surface and has the correct variable name
OR
- Failure: Program fails to identify attack surface OR pulls the wrong variable name
8.3 Test Execution
Sample code (Attached below : source8.zip) was scanned which included several gets calls.
8.4 Result Summary
Success: Program located gets calls and traced variables.
9. Testing Regular Expressions
9.1 Requirements to be tested
Testing the ability of the program to find attack surface (user input points) and pull out the proper variable names, then display them to the user by showing the variable name and the lines where that variable was found in the code.
9.2 Oracle
- Success: Program correctly identifies attack surface and has the correct variable name and displays the information properly.
OR
- Failure: Program fails to identify attack surface OR pulls the wrong variable name OR displays the information wrong.
9.3 Test Execution
Sample code (Attached below : source9.c) was scanned containing many different function calls that the program should find.
9.4 Result Summary
Failure: GUI displays variable names [f] [pid] with no associated line numbers.