Test Values: String (Format String)

In a prior post, I described various values I use to test strings. However, there are some special characters which may result in unexpected behavior or security vulnerabilities when they are encountered within a string that is later displayed in the application. The specifics of how these works depends on the capabilities of the programming language – so research how strings may be formatted for output in the language used to develop your application. A recent article that describes this well is Programming Language Format String Vulnerabilities” by Hal Burch and Robert C. Seacord. printf style formatting strings are ripe for these types of errors.

Special character values:

“\\” Backslash related strings

“Backslash\\Backslash”

“\a” Alert (bell) related strings

“Bell\aBell

“\b” Backspace related strings

“Backspace\bBackspace”

“\f” Form feed related strings

“Form Feed\fForm Feed”

“\n” Newline related strings

“Newline\nNewline”

“\r” Carriage return related strings

“Carriage Return\rCarriage Return”

“\t” Tab related strings

“Tab\tTab”

“\v” Vertical tab related strings

“Vertical Tab\vVertical Tab”

Format value strings:

“Decimal: %d” Signed decimal

“Decimal: %i” Signed decimal

“Octal: %o” Unsigned octal

“Decimal: %u” Unsigned decimal

“Hex: %x” Unsigned hex

“Hex: %X” Unsigned hex

“Floating: %.5f” Floating point

“Exponential: %.5e” Exponential

“Exponential: %.5E” Exponential

“Unsigned Char: %c” Character (converted from integer value)

“String: %s” String

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Test Values: String (Format String)

Leave a Reply Cancel reply

Recent Posts

Recent Comments

Archives

Categories

Meta

“\\”	Backslash related strings
“Backslash\\Backslash”
“\a”	Alert (bell) related strings
“Bell\aBell
“\b”	Backspace related strings
“Backspace\bBackspace”
“\f”	Form feed related strings
“Form Feed\fForm Feed”
“\n”	Newline related strings
“Newline\nNewline”
“\r”	Carriage return related strings
“Carriage Return\rCarriage Return”
“\t”	Tab related strings
“Tab\tTab”
“\v”	Vertical tab related strings
“Vertical Tab\vVertical Tab”

“Decimal: %d”	Signed decimal
“Decimal: %i”	Signed decimal
“Octal: %o”	Unsigned octal
“Decimal: %u”	Unsigned decimal
“Hex: %x”	Unsigned hex
“Hex: %X”	Unsigned hex
“Floating: %.5f”	Floating point
“Exponential: %.5e”	Exponential
“Exponential: %.5E”	Exponential
“Unsigned Char: %c”	Character (converted from integer value)
“String: %s”	String