CWE: 457 Use of Uninitialized Variable BadSource: partial_init Initialize part, but not all of the array GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 415 Double Free BadSource: Allocate data using malloc() and Deallocate data using free() GoodSource: Allocate data using malloc() Sinks: GoodSink: do nothing BadSink : Deallocate data using free() Flow Variant: 67 Data flow: data passed in a struct from one function to another in diff...

CWE: 401 Memory Leak BadSource: realloc Allocate data using realloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three differe...

CWE: 369 Divide by Zero BadSource: fscanf Read data from the console using fscanf() GoodSource: A hardcoded non-zero number (two) Sinks: GoodSink: Check value of or near zero before dividing BadSink : Divide a constant by data Flow Variant: 17 Control flow: for loops

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication API ...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: connect_socket Read the password using a connect socket (client side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication AP...

CWE: 284 Improper Access Control Sinks: CreateFile GoodSink: Create a file using CreateFileW() without excessive privileges BadSink : Create a file using CreateFileW() with excessive privileges Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 272 Least Privilege Violation Sinks: RegCreateKey GoodSink: Create a registry key using RegCreateKeyW() and HKEY_CURRENT_USER BadSink : Create a registry key using RegCreateKeyW() and HKEY_LOCAL_MACHINE Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 197 Numeric Truncation Error BadSource: fscanf Read data from the console using fscanf() GoodSource: Less than CHAR_MAX Sink: BadSink : Convert data to a char Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different source files

CWE: 197 Numeric Truncation Error BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Less than CHAR_MAX Sinks: to_short BadSink : Convert data to a short Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source...

CWE: 194 Unexpected Sign Extension BadSource: fscanf Read data from the console using fscanf() GoodSource: Positive integer Sinks: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 66 Data flow: data passed in an array from one function to another in differ...

CWE: 194 Unexpected Sign Extension BadSource: fscanf Read data from the console using fscanf() GoodSource: Positive integer Sinks: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can cause a...

CWE: 191 Integer Underflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, wh...

CWE: 191 Integer Underflow BadSource: min Set data to the min value for char GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can ca...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 68 Data flow: data ...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an overflow ...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fprintf with %s as the second argument and data as the third BadSink : fprintf with data as the second argument Flow Variant:...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 127 Buffer Underread BadSource: fscanf Read data from the console using fscanf() GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking to see if the value is negative Flow Variant: 42 Data f...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: cpy BadSink : Copy string to data using strcpy Flow Variant: 66 Data flow: data passed in an array from one function to another in ...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: loop BadSink : Copy data to string using a loop Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the same...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = union, Pointer = no, Index complexity = constant, Address complexity = ...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = shared memory, Scope = inter-procedural, Container = no, Pointer = no, Index complexity = constant, Addr...