<!-- 
	Samate Reference Dataset : http://samate.nist.gov/SRD
	Downloaded the Mon, 23 Nov 09 08:15:05 -0500 -->
<flawclass>
<flaw name='Any...' id='1'>
  <flaw name='CWE-485: Insufficient Encapsulation' id='52'>
    <flaw name='CWE-495: Private Array-Typed Field Returned From A Public Method' id='56'/>
    <flaw name='CWE-496: Public Data Assigned to Private Array-Typed Field' id='55'/>
    <flaw name='CWE-500: Public Static Field Not Marked Final' id='54'/>
    <flaw name='CWE-489: Leftover Debug Code' id='53'/>
    </flaw>
  <flaw name='CWE-388: Error Handling' id='41'>
    <flaw name='CWE-389: Error Conditions, Return Values, Status Codes' id='42'>
      <flaw name='CWE-391: Unchecked Error Condition' id='43'/>
      </flaw>
    </flaw>
  <flaw name='CWE-254: Security Features ' id='38'>
    <flaw name='CWE-326: Weak Encryption' id='61'/>
    <flaw name='CWE-255: Credentials Management' id='39'>
      <flaw name='CWE-259: Hard-Coded Password' id='40'/>
      </flaw>
    </flaw>
  <flaw name='CWE-227: Failure to Fulfill API Contract (API Abuse)' id='35'>
    <flaw name='CWE-251: Often Misused: String Management' id='37'/>
    <flaw name='CWE-244: Failure to Clear Heap Memofry Before Release (Heap Inspection)' id='36'/>
    </flaw>
  <flaw name='CWE-019: Data Handling' id='2'>
    <flaw name='CWE-020: Insufficient Input Validation' id='3'>
      <flaw name='CWE-021: Pathname Traversal and Equivalence Errors  ' id='29'>
        <flaw name='CWE-022: Path Traversal' id='30'/>
    </flaw>
      <flaw name='CWE-074: Failure to Sanitize Data into a Different Plane (Injection)' id='4'>
        <flaw name='CWE-098: Insufficient Control of Filename for Include/Require Statement in PHP Program (PHP File Inclusion)' id='59'/>
        <flaw name='CWE-089: Failure to Sanitize Data within SQL Queries (SQL Injection)' id='33'/>
        <flaw name='CWE-099: Insufficient Control of Resource Identifiers (Resource Injection) ' id='32'/>
        <flaw name='CWE-079: Failure to Sanitize Directives in a Web Page (Cross-site scripting XSS)' id='31'/>
        <flaw name='CWE-077: Failure to Sanitize Data into a Control Plane (Command Injection)' id='5'>
          <flaw name='CWE-078: Failure to Sanitize Data into an OS Command (OS Command Injection)' id='57'/>
        </flaw>
      </flaw>
    </flaw>
    <flaw name='CWE-118: Improper Access of Indexable Resource (Range Error)' id='6'>
      <flaw name='CWE-119: Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer' id='7'>
        <flaw name='CWE-133: String Errors' id='58'>
          <flaw name='CWE-170: Improper Null Termination' id='60'/>
          <flaw name='CWE-134: Uncontrolled Format String' id='11'/>
    </flaw>
        <flaw name='CWE-123: Write-what-where Condition' id='34'/>
        <flaw name='CWE-120: Buffer Copy without Checking Size of Input ' id='8'>
          <flaw name='CWE-121: Stack-based Buffer Overflow' id='9'/>
          <flaw name='CWE-122: Heap-based Buffer Overflow' id='10'/>
          </flaw>
        </flaw>
      </flaw>
    </flaw>
  <flaw name='CWE-361: Time and State' id='13'>
    <flaw name='CWE-362: Race Condition' id='14'>
      <flaw name='CWE-367: Time-of-Check Time-of-Use (TOCTOU) Race Condition' id='15'/>
      </flaw>
    </flaw>
  <flaw name='CWE-398: Indicator of Poor Code Quality' id='16'>
    <flaw name='CWE-470: Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)' id='51'/>
    <flaw name='CWE-465: Pointer Issues' id='46'>
      <flaw name='CWE-469: Use of Pointer Subtraction to Determine Size' id='50'/>
      <flaw name='CWE-468: Incorrect Pointer Scaling' id='49'/>
      <flaw name='CWE-467: Use of sizeof() on a Pointer Type' id='48'/>
      <flaw name='CWE-466: Return of Pointer Value Outside of Expected Range' id='47'/>
    </flaw>
    <flaw name='CWE-411: Resource Locking Problems' id='44'>
      <flaw name='CWE-412: Unrestricted Lock on Critical Resource ' id='45'/>
    </flaw>
    <flaw name='CWE-401: Failure to Release Memory Before Removing Last Refrence (Memory Leak)' id='17'/>
    <flaw name='CWE-415: Double Free' id='18'/>
    <flaw name='CWE-416: Use After Free' id='19'/>
    <flaw name='CWE-417: Channel and Path Errors' id='20'>
      <flaw name='CWE-426: Untrusted Search Path' id='21'>
        <flaw name='CWE-476: Null Pointer Dereference' id='22'/>
        <flaw name='CWE-457: Use of Uninitialized Variable' id='23'/>
          </flaw>
        </flaw>
      </flaw>
    </flaw>
</flawclass>

