CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with wspawnvp Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source files

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sink: w32_execvp BadSink : execute command with wexecvp Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: execlp BadSink : execute command with wexeclp Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sink: execlp BadSink : execute command with execlp Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sink: w32_spawnv BadSink : execute command with spawnv Flow Variant: 15 Control flow: switch(6)

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sinks: w32_execv BadSink : execute command with execv Flow Variant: 61 Data flow: data returned from one function to another in different source files

CWE: 476 NULL Pointer Dereference BadSource: Set data to NULL GoodSource: Initialize data Sinks: GoodSink: Check for NULL before attempting to print data BadSink : Print data Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 459 Incomplete Cleanup Sinks: GoodSink: Clean up properly BadSink : Dont unlink Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snwprintf with %s as the third argument and data as the fourth BadSink : snwprintf with data as the third argument ...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy data to string using strncpy Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 758 Undefined Behavior Sinks: alloca_use GoodSink: Initialize then use data BadSink : Use data from alloca without initialization Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 617 Reachable Assertion BadSource: fixed Fixed value less than the assert value GoodSource: Number greater than ASSERT_VALUE Sink: BadSink : Assert if n is less than or equal to ASSERT_VALUE Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 590 Free Memory Not on Heap BadSource: static Data buffer is declared static on the stack GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 18 Control flow: goto statements

CWE: 377 Insecure Temporary File Sinks: w32GetTempFileName GoodSink: Create and open a temporary file, created with GetTempFileNameA(), more securely BadSink : Create and open a temporary file, created with GetTempFileNameA(), insecurely Flow Variant: 10 Control flow: if(globalTrue) and if(gl...

CWE: 195 Signed to Unsigned Conversion Error BadSource: negative Set data to a fixed negative number GoodSource: Positive integer Sink: memcpy BadSink : Copy strings using memcpy() with the length of data Flow Variant: 17 Control flow: for loops

CWE: 194 Unexpected Sign Extension BadSource: fscanf Read data from the console using fscanf() GoodSource: Positive integer Sinks: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same da...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy string to data using strncpy Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 124 Buffer Underwrite BadSource: fscanf Read data from the console using fscanf() GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the lower bound Flow Variant: 42 Data flow: data retur...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize the source buffer using the size of a pointer GoodSource: Initialize the source buffer using the size of the DataElementType Sink: BadSink : Print then free data Flow Variant: 53 Data flow: data passed as an argument from one functio...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: ncat BadSink : Copy string to data using wcsncat Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three d...

CWE: 114 Process Control BadSource: console Read input from the console GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = variable, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = data region, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity...