CWE: 457 Use of Uninitialized Variable BadSource: no_init Dont initialize data GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 15 Control flow: switch(6) and switch(7)

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using open() Sinks: w32CloseHandle GoodSink: Close the file using close() BadSink : Close the file using CloseHandle Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source ...

CWE: 272 Least Privilege Violation Sinks: RegCreateKey GoodSink: Create a registry key using RegCreateKeyA() and HKEY_CURRENT_USER BadSink : Create a registry key using RegCreateKeyA() and HKEY_LOCAL_MACHINE Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 253 Incorrect Check of Return Value Sinks: fread GoodSink: Correctly check if fread() failed BadSink : Incorrectly check if fread() failed Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 252 Unchecked Return Value Sinks: rename GoodSink: Check if rename() fails BadSink : Do not check if rename() fails Flow Variant: 17 Control flow: for loops

CWE: 195 Signed to Unsigned Conversion Error BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sinks: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 65 Data/control flow: data passed as an argument from...

CWE: 191 Integer Underflow BadSource: fgets Read data from the console using fgets() GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Un...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 42 D...

CWE: 190 Integer Overflow BadSource: fgets Read data from the console using fgets() GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 52 Data flow: da...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: printf GoodSink: wprintf with %s as the first argument and data as the second BadSink : wprintf with only data as an argument Flow Variant: 17 Control flow: fo...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fprintf with %s as the second argument and data as the third BadSink : fprintf with data as the second argument Flow Variant:...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all four func...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different sou...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: cpy BadSink : Copy string to data using wcscpy Flow Variant: 67 Data flow: data passed in a struct from one function to another in ...

CWE: 124 Buffer Underwrite BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the lower bound Flow Variant: 13 Control fl...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: cpy BadSink : Copy string to data using wcscpy Flow Variant: 52 Data flow: data passed as an argumen...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: ncat BadSink : Copy string to data using strncat Flow Variant: 53 Data flow: data passed as an argum...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memcpy BadSink : Copy string to data using memcpy() Flow Variant: 12 Control flow: if(glob...

CWE: 121 Stack Based Buffer Overflow BadSource: Allocate memory without using sizeof(int) GoodSource: Allocate memory using sizeof(int) Sink: loop BadSink : Copy array to data using a loop Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

Execl() is called with user-provided data but only if it matches an item in a safe list.

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...