CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sink: system BadSink : Execute command in data using system() Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; ...

CWE: 758 Undefined Behavior Sinks: malloc_use GoodSink: Initialize then use data BadSink : Use data from malloc without initialization Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 01 Baseline

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy string to data using wcscpy Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 775 Missing Release of File Descriptor or Handle After Effective Lifetime BadSource: Open a file using open() Sinks: GoodSink: Close the file using close() BadSink : Do not close file Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 761 Free Pointer not at Start of Buffer BadSource: listen_socket Read data using a listen socket (server side) Sinks: GoodSink: free() memory correctly at the start of the buffer BadSink : free() memory not at the start of the buffer Flow Variant: 54 Data flow: data passed as an argumen...

CWE: 690 Unchecked Return Value To NULL Pointer BadSource: malloc Allocate data using malloc() Sinks: GoodSink: Check to see if the data allocation failed and if not, use data BadSink : Dont check for NULL and use data Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CON...

CWE: 690 Unchecked Return Value To NULL Pointer BadSource: calloc Allocate data using calloc() Sinks: GoodSink: Check to see if the data allocation failed and if not, use data BadSink : Dont check for NULL and use data Flow Variant: 54 Data flow: data passed as an argument from one function ...

CWE: 666 Operation on Resource in Wrong Phase of Lifetime Sinks: listen_bind_accept GoodSink: Create a listen socket correctly by placing bind(), listen(), and accept() in the correct order BadSink : Attempt to listen(), bind(), then accept() Flow Variant: 17 Control flow: for loops

CWE: 563 Unused Variable BadSource: Initialize data Sinks: GoodSink: Initialize, then use data BadSink : Do nothing Flow Variant: 15 Control flow: switch(6)

CWE: 510 Trapdoor Sinks: network_connection BadSink : The presence of a network connection (client side) BadOnly (No GoodSink) Flow Variant: 10 Control flow: if(globalTrue)

CWE: 400 Resource Exhaustion BadSource: fscanf Read data from the console using fscanf() GoodSource: Assign count to be a relatively small number Sinks: fwrite GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file count number of times Flow Vari...

CWE: 391 Unchecked Error Condition Sinks: strtol GoodSink: Perform error checks and handling BadSink : Do not check if strtol() failed Flow Variant: 17 Control flow: for loops

CWE: 369 Divide by Zero BadSource: rand Set data to result of rand(), which may be zero GoodSource: Non-zero Sinks: divide GoodSink: Check for zero before dividing BadSink : Divide a constant by data Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 272 Least Privilege Violation Sinks: RegOpenKeyEx GoodSink: Open a registry key using RegOpenKeyExA() and HKEY_CURRENT_USER BadSink : Open a registry key using RegOpenKeyExA() and HKEY_LOCAL_MACHINE Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 252 Unchecked Return Value Sinks: fprintf GoodSink: Check if fprintf() fails BadSink : Do not check if fprintf() fails Flow Variant: 15 Control flow: switch(6)

CWE: 223 Omission of Security Relevant Information Sinks: GoodSink: Log the username BadSink : Username is not logged Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 195 Signed to Unsigned Conversion Error BadSource: rand Set data to result of rand(), which may be zero GoodSource: Positive integer Sink: memcpy BadSink : Copy strings using memcpy() with the length of data Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 194 Unexpected Sign Extension BadSource: rand Set data to result of RAND32(), which could be negative GoodSource: Positive integer Sink: memcpy BadSink : Copy strings using memcpy() with the length of data Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 191 Integer Underflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an ...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 17 Control flow: for loops

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: ncpy BadSink : Copy data to string using strncpy Flow Variant: 63 Data flow: pointer to data passed from one function to another in...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using strcpy Flow Variant: 54 Data flow: data passed as an argument from one function through thre...

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = variable, Address complexity = con...