CWE: 780 Use of RSA Algorithm Without OAEP Sinks: GoodSink: Use RSA with OAEP BadSink : Use RSA without OAEP Flow Variant: 18 Control flow: goto statements

CWE: 606 Unchecked Input For Loop Condition BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Input a number less than MAX_LOOP Sinks: GoodSink: Use data as the for loop variant after checking to see if it is less than MAX_LOOP BadSink : Use data as the for l...

CWE: 591 Sensitive Data Storage in Improperly Locked Memory BadSource: Allocate memory for sensitive data without using VirtualLock() to lock the buffer into memory GoodSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory Sinks: BadSink : Authentica...

CWE: 590 Free Memory Not on Heap BadSource: declare Data buffer is declared on the stack GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 535 Information Exposure Through Shell Error Message Sinks: GoodSink: Write to stderr, but do not write the password BadSink : Write to stderr and include the password Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 321 Use of Hard-coded Cryptographic Key BadSource: Copy a hardcoded value into cryptoKey GoodSource: Read cryptoKey from the console Sink: BadSink : Hash cryptoKey and use the value to encrypt a string Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 252 Unchecked Return Value Sinks: snprintf GoodSink: Check if snprintf() fails BadSink : Do not check if snprintf() fails Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 194 Unexpected Sign Extension BadSource: negative Set data to a fixed negative number GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 194 Unexpected Sign Extension BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 08 Control flow:...

CWE: 190 Integer Overflow BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Fl...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: printf GoodSink: wprintf with %s as the first argument and data as the second BadSink : wprintf with only data as an argument Flow Variant: 06 Control flow: if...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fwprintf with %s as the second argument and data as the third BadSink : fwprintf with data as the second argument F...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fprintf with %s as the second argument and data as the third BadSink : fprintf with data as the second argument Flow Variant: 42 Data flow: data retu...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with %s as the third argument and data as the fourth BadSink : snprintf with data as the third argument Flow Variant: 41 Data flow:...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy string to data using wcscpy Flow Variant: 16 Control flow: while(1)

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 51 Data flow: data passed as an argument from one function to anothe...

CWE: 124 Buffer Underwrite BadSource: fgets Read data from the console using fgets() GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the lower bound Flow Variant: 10 Control flow: if(global...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sinks: cat BadSink : Copy string to data using wcscat Flow Variant: 67 Data flow: data passed in a struct ...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: cat BadSink : Copy string to data using strcat Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: ncpy BadSink : Copy string to data using wcsncpy Flow Variant: 16 Control flow: while(1)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int64_t array to data using memcpy Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: cpy BadSink : Copy string to data using wcscpy() Flow Variant: 51 Data flow: data passed a...

CWE: 121 Stack Based Buffer Overflow BadSource: Allocate memory without using sizeof(int) GoodSource: Allocate memory using sizeof(int) Sinks: memmove BadSink : Copy array to data using memmove() Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function ...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...