Description
CWE: 591 Sensitive Data Storage in Improperly Locked Memory
BadSource: Allocate memory for sensitive data without using VirtualLock() to lock the buffer into memory
GoodSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory
Sinks:
BadSink : Authenticate the user using LogonUserA()
Flow Variant: 83 Data flow: data passed to class constructor and destructor by declaring the class object on the stack
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.