CWE: 390 Detection of Error Condition Without Action Sinks: fopen GoodSink: Check to see if fopen() failed and handle errors properly BadSink : Check to see if fopen() failed, but fail to handle errors Flow Variant: 17 Control flow: for loops

CWE: 369 Divide by Zero BadSource: zero Fixed value of zero GoodSource: Non-zero Sinks: divide GoodSink: Check for zero before dividing BadSink : Divide a constant by data Flow Variant: 16 Control flow: while(1)

CWE: 259 Use of Hard-coded Password BadSource: Use a hardcoded password GoodSource: Read the password from the console Sinks: BadSink : Authenticate the user using LogonUserA() Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 253 Incorrect Check of Return Value Sinks: w32CreateNamedPipe GoodSink: Correctly check if CreateNamedPipeW() failed BadSink : Incorrectly check if CreateNamedPipeW() failed Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 252 Unchecked Return Value Sinks: w32CreateMutex GoodSink: Check the return value of CreateMutexW() and handle it properly BadSink : Do not check if CreateMutexW() fails Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 197 Numeric Truncation Error BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Less than CHAR_MAX Sink: BadSink : Convert data to a char Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 191 Integer Underflow BadSource: min Set data to the min value for short GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow...

CWE: 191 Integer Underflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an ...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 61 Data flow: data ...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for short GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 42 Data flow:...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an overf...

CWE: 190 Integer Overflow BadSource: fgets Read data from the console using fgets() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 52 ...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with %s as the third argument and data as the fourth BadSink : snprintf with data as the third argument Flo...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 63 Data flow: pointer to data passed from one function t...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: vfprintf GoodSink: vfprintf with a format string BadSink : vfprintf without a format string Flow Variant: 51 Data flow: data passed a...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 127 Buffer Underread BadSource: negative Negative index value GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking to see if the value is negative Flow Variant: 68 Data flow: data passed as...

CWE: 124 Buffer Underwrite BadSource: fgets Read data from the console using fgets() GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the lower bound Flow Variant: 22 Control flow: Flow cont...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncat BadSink : Copy data to string using strncat Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a differen...

CWE: 114 Process Control BadSource: file Read input from a file GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = arr...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = struct, Pointer = no, Index complexity = constant, Address complexity =...