CWE: 284 Improper Access Control Sinks: CreateNamedPipe GoodSink: Create a windows pipe using CreateNamedPipeA() ensuring that the pipe wont be created over an existing one BadSink : Create a windows pipe using CreateNamedPipeA() potentially allowing the pipe to be created over an existing one...

CWE: 272 Least Privilege Violation Sinks: CreateProcess GoodSink: Create a process using CreateProcessA() with quotes for the executable path BadSink : Create a process using CreateProcessA() without quotes for the executable path Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 259 Use of Hard-coded Password BadSource: Use a hardcoded password GoodSource: Read the password from the console Sinks: BadSink : Authenticate the user using LogonUserA() Flow Variant: 66 Data flow: data passed in an array from one function to another in different source files

CWE: 253 Incorrect Check of Return Value Sinks: puts GoodSink: Correctly check if puts() failed BadSink : Incorrectly check if puts() failed Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 252 Unchecked Return Value Sinks: putc GoodSink: Check if putc() fails BadSink : Do not check if putc() fails Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 197 Numeric Truncation Error BadSource: large Set data to a number larger than SHRT_MAX GoodSource: Less than CHAR_MAX Sinks: to_char BadSink : Convert data to a char Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 197 Numeric Truncation Error BadSource: fscanf Read data from the console using fscanf() GoodSource: Less than CHAR_MAX Sink: to_short BadSink : Convert data to a short Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different source files

CWE: 194 Unexpected Sign Extension BadSource: fscanf Read data from the console using fscanf() GoodSource: Positive integer Sink: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 01 Baseline

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...

CWE: 188 Reliance on Data Memory Layout Sinks: modify_local GoodSink: Modify the second field of the struct using the field name BadSink : Attempt to modify second field in struct, assuming the first field is an int Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fwprintf with %s as the second argument and data as the third BadSink : fwprintf with data as the second argument Flow Varian...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: vfprintf GoodSink: vfwprintf with a format string BadSink : vfwprintf without a format string Flow Variant: 31 Data flow using a copy of data within the same f...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 15 Control flow: switch(6) and...

CWE: 127 Buffer Underread BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking to see if the value is negative Flow Variant...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 126 Buffer Overread BadSource: fgets Read data from the console using fgets() GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 07 Control flow: if(stat...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cpy BadSink : Copy data to string using strcpy Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using wcsncat Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: ncat BadSink : Copy string to data using wcsncat Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: loop BadSink : Copy int64_t array to data using a loop Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

Vulnerability to an exploit using the unlink technique. The programs allocates trhee chucks of memory (lines 29-31). The unbounded strcpy() operation is susceptible to a buffer overflow. The boundary tag can be overwritten by a string argument exceeding the length of first because the boundary ta...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...