...
- We added the following new attributes for the testcase field (attribute and entry values provided in parentheses):
alternate-taxonomy
. (alternate-taxonomy=“CERT-C-Standard"
) Purpose is to indicate which alternate code flaw taxonomy (eg. CERT rules, CWEs, MISRA rules, etc.) that information will be provided for, as opposed to the code flaw taxonomy that the test suite was originally designed to test.SubmissionDate-alternate-taxonomy
. (SubmissionDate-alternate-taxonomy=2018-09-28
) Purpose is to indicate the date of submission of this manifest to SARD, for potential publication on the NIST SARD test suite website. The similarly-named attributeSubmissionDate
is specific to the testcase itself, and that was used for all manifest entries.alternate-taxonomy-author
. (alternate-taxonomy-author="Lori Flynn and David Svoboda and Andrew Kotov"
) Purpose is to identify authors of the new manifest entries. The similarly-namedauthor
attribute is specific to the testcase itself, and that was used for all manifest entries.
- For the
False
verdicts, we did particular things for the following fields and attributes (in bold):- We added a
fixed
field (same as in the original SARD manifest) that identifies where the identified CERT secure coding rule is not violated- For the
verdict
attribute, we use the value False (verdict=”False”
).
- For the
- For the file field, we added fields and values similar to those for the “mixed” tag (i.e., True verdict entries for Juliet test cases, in the original SARD manifest Juliet entries). Many of the files did not have entries in the original SARD Juliet manifest entries.
numberOfFiles. (numberOfFiles="1"
) The purpose of this field for file entries withTrue
verdicts is to indicate how many files are in a testcase. As an initial estimate, inFalse
verdicts, we assume this count is only the file identified, in each case a single file.checksum. (checksum =”<SHA1_HASH>”)
The purpose of this attribute is to uniquely identify the file. The other SARD file entries for checksum were derived using SHA1, so we derived a checksum value by running sha1sum.size. (size =”<SIZE>”
) The purpose of this attribute is to identify the number of bytes in the file. To get this number, we ran the following command in a bash shell: wc -c
-
id
, (id="10000000"
) The purpose of this field is to uniquely identify the testcase ID. Initially, we start with the first ID at 10000000 (a number larger than any id in the current SARD manifest), then increase each by 1. These are placeholders, as SARD assigns their own testcase ids. - We simply copied these attributes and values describing the test suite, for the
testcase
field:id=”86”, submissionDate="2013-05-20",
status="Candidate"
- We added the following new attributes for the testcase field, the same as described above for the
True
(“mixed
”) verdicts: alternate-taxonomy,SubmissionDate-alternate-taxonomy,
andalternate-taxonomy-author
.
- We added a
...