The Juliet test suite is a systematic set of thousands of small test programs in C/C++ and Java exhibiting over 100 classes of errors, such as buffer overflow, OS injection, hardcoded password, absolute path traversal, NULL pointer dereference, uncaught exception, deadlock, and missing release of resource. These test programs should be helpful in determining capabilities of software assurance tools, particularly static analyzers, in Unix, Microsoft Windows, and other environments. Juliet was developed by the National Security Agency's Center for Assured Software and first released in December 2010. It has been enhanced twice since then. Version 1.2 was released in May 2013 with a total of 86,864 test cases. Released in October 2017, version 1.3 fixes about two dozen systematic problems in version 1.2 and adds tests for pre- and postincrement and -decrement operators. This technical note details the changes from version 1.2 to 1.3. This note also lists the systematic problems that we know remain in Juliet 1.3.
Technical Note (NIST TN) - 1995
buffer overflow, Bugs Framework (BF), Common Weakness Enumeration (CWE), cybersecurity, integer overflow, Juliet test suite, OS injection bugs, programming language test material, software assurance, software quality, static analysis, static source code analyzers.