CWE: 761 Free Pointer not at Start of Buffer BadSource: connect_socket Read data using a connect socket (client side) Sinks: GoodSink: free() memory correctly at the start of the buffer BadSink : free() memory not at the start of the buffer Flow Variant: 65 Data/control flow: data passed as ...

CWE: 617 Reachable Assertion BadSource: fscanf Read data from the console using fscanf() GoodSource: Number greater than ASSERT_VALUE Sink: BadSink : Assert if n is less than or equal to ASSERT_VALUE Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 605 Multiple Binds to the Same Port Sinks: GoodSink: Do not allow multiple binds to the same port BadSink : Set the SO_REUSEADDR socket option allowing multiple binds to the same port Flow Variant: 01 Baseline

CWE: 590 Free Memory Not on Heap BadSource: static Data buffer is declared static on the stack GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 16 Control flow: while(1)

CWE: 506 Embedded Malicious Code Sinks: listen_socket BadSink : Send file contents using a listen socket (server side) BadOnly (No GoodSink) Flow Variant: 07 Control flow: if(staticFive==5)

CWE: 400 Resource Exhaustion BadSource: rand Set data to result of rand(), which may be zero GoodSource: Assign count to be a relatively small number Sinks: for_loop GoodSink: Validate count before using it as the loop variant in a for loop BadSink : Use count as the loop variant in a for lo...

CWE: 390 Detection of Error Condition Without Action Sinks: GoodSink: Check if fgetws() failed and handle errors properly BadSink : Check to see if fgetws() failed, but do nothing about it Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 325 Missing Required Cryptographic Step Sinks: CryptCreateHash GoodSink: All required cryptographic steps are present BadSink : Missing call to CryptCreateHash() Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 272 Least Privilege Violation Sinks: SHRegCreateUSKey GoodSink: Create a registry key using SHRegCreateUSKeyA() and SHREGSET_HKCU BadSink : Create a registry key using SHRegCreateUSKeyA() and SHREGSET_HKLM Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 256 Plaintext Storage of Password BadSource: Read the password from a file GoodSource: Read the password from a file and decrypt it Sinks: GoodSink: Decrypt the password then authenticate the user using LogonUserW() BadSink : Authenticate the user using LogonUserW() Flow Variant: 63 D...

CWE: 256 Plaintext Storage of Password BadSource: Read the password from a file GoodSource: Read the password from a file and decrypt it Sinks: GoodSink: Decrypt the password then authenticate the user using LogonUserA() BadSink : Authenticate the user using LogonUserA() Flow Variant: 21 C...

CWE: 253 Incorrect Check of Return Value Sinks: fputs GoodSink: Correctly check if fputws() failed BadSink : Incorrectly check if fputws() failed Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 252 Unchecked Return Value Sinks: puts GoodSink: Check if puts() fails BadSink : Do not check if puts() fails Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 195 Signed to Unsigned Conversion Error BadSource: rand Set data to result of rand(), which may be zero GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 190 Integer Overflow BadSource: max Set data to the max value for short GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 63 Data fl...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 17 Control flow:...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 15 Control flow: switch(6) and switch(7)

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: printf GoodSink: printf with %s as the first argument and data as the second BadSink : printf with only data as an argument Flow Variant: 34 Da...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 41 Data flow: data passed as an argument from one function to anot...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy string to data using wcscpy Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cpy BadSink : Copy data to string using wcscpy Flow Variant: 66 Data flow: data passed in an array from one function to another in different source files

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 17 Control flow: for loops

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: loop BadSink : Copy int64_t array to data using a loop Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (with...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = variable, Address complexity = con...