CWE: 606 Unchecked Input For Loop Condition BadSource: file Read input from a file GoodSource: Input a number less than MAX_LOOP Sinks: GoodSink: Use data as the for loop variant after checking to see if it is less than MAX_LOOP BadSink : Use data as the for loop variant without checking its...

CWE: 605 Multiple Binds to the Same Port Sinks: GoodSink: Do not allow multiple binds to the same port BadSink : Set the SO_REUSEADDR socket option allowing multiple binds to the same port Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 590 Free Memory Not on Heap BadSource: alloca Data buffer is allocated on the stack with alloca() GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 590 Free Memory Not on Heap BadSource: static Data buffer is declared static on the stack GoodSource: Allocate memory on the heap Sinks: BadSink : Print then free data Flow Variant: 44 Data/control flow: data passed as an argument from one function to a function in the same source file ...

CWE: 457 Use of Uninitialized Variable BadSource: no_init Dont initialize data GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 427 Uncontrolled Search Path Element BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a hardcoded path Sink: BadSink : Set the environment variable Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using open() Sinks: w32CloseHandle GoodSink: Close the file using close() BadSink : Close the file using CloseHandle Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 400 Resource Exhaustion BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Assign count to be a relatively small number Sinks: fwrite GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file count number of tim...

CWE: 272 Least Privilege Violation Sinks: SHRegCreateUSKey GoodSink: Create a registry key using SHRegCreateUSKeyW() and SHREGSET_HKCU BadSink : Create a registry key using SHRegCreateUSKeyW() and SHREGSET_HKLM Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 191 Integer Underflow BadSource: min Set data to the min value for short GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 2...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int64_t GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an o...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: vfprintf GoodSink: vfwprintf with a format string BadSink : vfwprintf without a format string Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: vfprintf GoodSink: vfwprintf with a format string BadSink : vfwprintf without a format string Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFiv...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using strcat Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncpy BadSink : Copy data to string using strncpy Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three diff...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: loop BadSink : Copy data to string using a loop Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the ...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy int array to data using memmove Flow Variant: 68 Data flow: data passed as a global variable from one function to another in differ...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

snprintf with incorrect bounds allows a heap buffer to be overrun.

integer overflow results in a short malloc and an overflow. A guard is put in place to protect against the overflow.

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = variable, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = variable, Address complexity = con...