A system() is called with user-provided data but the data is strictly scrutinized first.

CWE: 775 Missing Release of File Descriptor or Handle After Effective Lifetime BadSource: Open a file using open() Sinks: GoodSink: Close the file using close() BadSink : Do not close file Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in th...

CWE: 758 Undefined Behavior Sinks: alloca_use GoodSink: Initialize then use data BadSink : Use data from alloca without initialization Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 591 Sensitive Data Storage in Improperly Locked Memory BadSource: Allocate memory for sensitive data without using VirtualLock() to lock the buffer into memory GoodSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory Sink: BadSink : Authenticat...

CWE: 590 Free Memory Not on Heap BadSource: static Data buffer is declared static on the stack GoodSource: Allocate memory on the heap Sinks: BadSink : Print then free data Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 563 Unused Variable BadSource: Initialize data Sinks: GoodSink: Use data BadSink : do nothing Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 506 Embedded Malicious Code Sinks: file_attrib_accessed GoodSink: Do not modify the files last accessed time attribute BadSink : Modify the files last accessed time attribute Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 426 Untrusted Search Path BadSource: Dont specify the full path in the OS command GoodSource: Specify the full path in the OS command Sinks: popen BadSink : Execute the wpopen function Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using open() Sinks: w32CloseHandle GoodSink: Close the file using close() BadSink : Close the file using CloseHandle Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three ...

CWE: 401 Memory Leak BadSource: calloc Allocate data using calloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three different...

CWE: 400 Resource Exhaustion BadSource: fscanf Read data from the console using fscanf() GoodSource: Assign count to be a relatively small number Sinks: fwrite GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file count number of times Flow Vari...

CWE: 253 Incorrect Check of Return Value Sinks: fread GoodSink: Correctly check if fread() failed BadSink : Incorrectly check if fread() failed Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 253 Incorrect Check of Return Value Sinks: remove GoodSink: Correctly check if remove() failed BadSink : Incorrectly check if remove() failed Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 21 C...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: printf GoodSink: printf with %s as the first argument and data as the second BadSink : printf with only data as an argument Flow Variant: 32 Data flow using tw...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: vfprintf GoodSink: vfprintf with a format string BadSink : vfprintf without a format string Flow Variant: 04 Control flow: if(STATIC_...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 124 Buffer Underwrite BadSource: negative Negative index value GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the lower bound Flow Variant: 44 Data/control flow: data passed as an arg...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using wcscat Flow Variant: 16 Control flow: while(1)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the ...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = inter-file/inter-procedural, Container = no, Pointer = no, Index complexity = N/A, Addres...