CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sink: system BadSink : Execute command in data using system() Flow Variant: 22 Control flow: Flow controlled by value of a global variable. Sink functions are in a sep...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 42 Data flow: d...

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: execl BadSink : execute command with execl Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 253 Incorrect Check of Return Value Sinks: snprintf GoodSink: Correctly check if snprintf() failed BadSink : Incorrectly check if snprintf() failed Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: cpy BadSink : Copy string to data using strcpy Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==...

CWE: 401 Memory Leak Sinks: GoodSink: Ensure the memory block pointed to by data is always freed BadSink : malloc() and use then realloc() and use data before free() Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 194 Unexpected Sign Extension BadSource: rand Set data to result of RAND32(), which could be negative GoodSource: Positive integer Sinks: malloc BadSink : Allocate memory using malloc() with the size of data Flow Variant: 66 Data flow: data passed in an array from one function to anothe...

CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sink: system BadSink : Execute command in data using system() Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 758 Undefined Behavior Sinks: malloc_use GoodSink: Initialize then use data BadSink : Use data from malloc without initialization Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 32 Data flow using two pointers to the same value within the same function