CWE: 90 LDAP Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed string Sinks: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 34 Data flow: use of a union containing two methods of accessin...

CWE: 591 Sensitive Data Storage in Improperly Locked Memory BadSource: Allocate memory for sensitive data without using VirtualLock() to lock the buffer into memory GoodSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory Sink: BadSink : Authenticat...

CWE: 590 Free Memory Not on Heap BadSource: alloca Data buffer is allocated on the stack with alloca() GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 534 Information Exposure Through Debug Log Files Sinks: GoodSink: Write to the log, but do not write the password BadSink : Write to the log and include the password Flow Variant: 15 Control flow: switch(6)

CWE: 511 Logic Time Bomb Sinks: w32CompareFileTime GoodSink: After a certain date, do something harmless BadSink : After a certain date, do something bad Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 400 Resource Exhaustion BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Assign count to be a relatively small number Sinks: fwrite GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file count number of tim...

CWE: 284 Improper Access Control Sinks: RegCreateKeyEx GoodSink: Create a registry key using RegCreateKeyExW() without excessive privileges BadSink : Create a registry key using RegCreateKeyExW() with excessive privileges Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONS...

CWE: 256 Plaintext Storage of Password BadSource: Read the password from a file GoodSource: Read the password from a file and decrypt it Sinks: GoodSink: Decrypt the password then authenticate the user using LogonUserA() BadSink : Authenticate the user using LogonUserA() Flow Variant: 10 C...

CWE: 226 Sensitive Information Uncleared Before Release Sinks: declare GoodSink: Clear the password buffer before releasing the memory from the stack BadSink : Release password from the stack without first clearing the buffer Flow Variant: 16 Control flow: while(1)

CWE: 197 Numeric Truncation Error BadSource: large Set data to a number larger than SHRT_MAX GoodSource: Less than CHAR_MAX Sink: to_char BadSink : Convert data to a char Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 197 Numeric Truncation Error BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Less than CHAR_MAX Sink: to_short BadSink : Convert data to a short Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can cause a...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: printf GoodSink: wprintf with %s as the first argument and data as the second BadSink : wprintf with only data as an argument Flow Vari...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: memcpy BadSink : Copy data to string using memcpy Flow Variant: 63 Data flow: pointer to data passed from one function to another i...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the same source file

CWE: 126 Buffer Overread Sinks: memcpy GoodSink: Copy a string using memcpy with explicit null termination BadSink : Copy a string using memcpy without explicit null termination Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 01 Baseline

CWE: 123 Write-What-Where Condition BadSource: connect_socket Overwrite linked list pointers using a connect socket (client side) GoodSource: Dont overwrite linked list pointers Sink: BadSink : Remove element from list Flow Variant: 32 Data flow using two pointers to the same value within th...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: loop BadSink : Copy int64_t array to data using a loop Flow Variant: 54 Data flow: data passed as an...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cat BadSink : Copy data to string using strcat Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: loop BadSink : Copy data to string using a loop Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = BSS, Scope = global, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...