CWE: 90 LDAP Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 41 Data flow: data passed as an argument from one function to ...

CWE: 90 LDAP Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 22 Control flow: Flow controlled by value of a global variable...

CWE: 690 Unchecked Return Value To NULL Pointer BadSource: realloc Allocate data using realloc() Sinks: GoodSink: Check to see if the data allocation failed and if not, use data BadSink : Dont check for NULL and use data Flow Variant: 67 Data flow: data passed in a struct from one function t...

CWE: 681 Incorrect Conversion Between Numeric Types Sinks: doubleNaN2int GoodSink: check for negative sqrt BadSink : explicit cast Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 590 Free Memory Not on Heap BadSource: alloca Data buffer is allocated on the stack with alloca() GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 590 Free Memory Not on Heap BadSource: static Data buffer is declared static on the stack GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 01 Baseline

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : Initialize and use data Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 535 Information Exposure Through Shell Error Message Sinks: GoodSink: Write to stderr, but do not write the password BadSink : Write to stderr and include the password Flow Variant: 16 Control flow: while(1)

CWE: 457 Use of Uninitialized Variable BadSource: no_init Dont initialize data GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 427 Uncontrolled Search Path Element BadSource: environment Read input from an environment variable GoodSource: Use a hardcoded path Sinks: BadSink : Set the environment variable Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a differen...

CWE: 366 Race Condition Within a Thread Sinks: global_int GoodSink: Acquire a lock before attempting to increment a global integer using another function BadSink : Do not acquire a lock before attempting to increment a global integer using another function Flow Variant: 17 Control flow: for l...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication API ...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication API ...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: connect_socket Read the password using a connect socket (client side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication AP...

CWE: 259 Use of Hard-coded Password BadSource: Use a hardcoded password GoodSource: Read the password from the console Sink: BadSink : Authenticate the user using LogonUserW() Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different source files

CWE: 253 Incorrect Check of Return Value Sinks: w32ImpersonateNamedPipeClient GoodSink: Correctly check if ImpersonateNamedPipeClient() failed BadSink : Incorrectly check if ImpersonateNamedPipeClient() failed Flow Variant: 18 Control flow: goto statements

CWE: 253 Incorrect Check of Return Value Sinks: w32CreateMutex GoodSink: Correctly check if CreateMutexA() failed BadSink : Incorrectly check if CreateMutexA() failed Flow Variant: 15 Control flow: switch(6)

CWE: 252 Unchecked Return Value Sinks: putc GoodSink: Check if putc() fails BadSink : Do not check if putc() fails Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 195 Signed to Unsigned Conversion Error BadSource: negative Set data to a fixed negative number GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 51 Data flow: data passed as an argument from one function to another i...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...

CWE: 191 Integer Underflow BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which ...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fprintf with %s as the second argument and data as the third BadSink : fprintf with data as the second argument Flo...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 16 Control flow: while(1)

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy string to data using strcpy Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 31 Data flow using a copy of data within the same function