CWE: 272 Least Privilege Violation Sinks: SHRegOpenUSKey GoodSink: Open a registry key using SHRegOpenUSKeyA() and HKEY_CURRENT_USER BadSink : Open a registry key using SHRegOpenUSKeyA() and HKEY_LOCAL_MACHINE Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 272 Least Privilege Violation Sinks: SHRegCreateUSKey GoodSink: Create a registry key using SHRegCreateUSKeyA() and SHREGSET_HKCU BadSink : Create a registry key using SHRegCreateUSKeyA() and SHREGSET_HKLM Flow Variant: 15 Control flow: switch(6)

CWE: 252 Unchecked Return Value Sinks: w32CreateMutex GoodSink: Check the return value of CreateMutexW() and handle it properly BadSink : Do not check if CreateMutexW() fails Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 194 Unexpected Sign Extension BadSource: rand Set data to result of RAND32(), which could be negative GoodSource: Positive integer Sink: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 16 Control flow: while(1)

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 66 Data flow: da...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an overf...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 52 Data flow: data...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: printf GoodSink: wprintf with %s as the first argument and data as the second BadSink : wprintf with only data as an argument Flow Va...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: printf GoodSink: printf with %s as the first argument and data as the second BadSink : printf with only data as an argument Flow Variant: 06 Control flow: if(STATIC_CO...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fprintf with %s as the second argument and data as the third BadSink : fprintf with data as the second argument Flow Variant: 45 Data flow: data pass...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different source files

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: memmove BadSink : Copy string to data using memmove Flow Variant: 65 Data/control flow: data passed as an argument from one functio...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the sa...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncpy BadSink : Copy data to string using strncpy Flow Variant: 16 Control flow: while(1)

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: loop BadSink : Copy data to string using a loop Flow Variant: 17 Control flow: for loops

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 01 Baseline

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: ncat BadSink : Copy string to data using wcsncat Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: loop BadSink : Copy array to data using a loop Flow Variant: 52 Data flow: data passed as ...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memcpy BadSink : Copy string to data using memcpy() Flow Variant: 01 Baseline

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = variable, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = inter-file/inter-procedural, Container = no, Pointer = no, Index complexity = N/A, Addres...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = unsigned integer, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexit...