CWE: 400 Resource Exhaustion BadSource: fscanf Read data from the console using fscanf() GoodSource: Assign count to be a relatively small number Sinks: sleep GoodSink: Validate count before using it as a parameter in sleep function BadSink : Use count as the parameter for sleep withhout che...

CWE: 369 Divide by Zero BadSource: fgets Read data from the console using fgets() GoodSource: Non-zero Sinks: divide GoodSink: Check for zero before dividing BadSink : Divide a constant by data Flow Variant: 63 Data flow: pointer to data passed from one function to another in different sour...

CWE: 321 Use of Hard-coded Cryptographic Key BadSource: Copy a hardcoded value into cryptoKey GoodSource: Read cryptoKey from the console Sink: BadSink : Hash cryptoKey and use the value to encrypt a string Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 284 Improper Access Control Sinks: CreateNamedPipe GoodSink: Create a windows pipe using CreateNamedPipeA() ensuring that the pipe wont be created over an existing one BadSink : Create a windows pipe using CreateNamedPipeA() potentially allowing the pipe to be created over an existing one...

CWE: 252 Unchecked Return Value Sinks: fwrite GoodSink: Check if fwrite() fails BadSink : Do not check if fwrite() fails Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 252 Unchecked Return Value Sinks: scanf GoodSink: Check if scanf() fails BadSink : Do not check if scanf() fails Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 252 Unchecked Return Value Sinks: fputs GoodSink: Check if fputs() fails BadSink : Do not check if fputs() fails Flow Variant: 16 Control flow: while(1)

CWE: 197 Numeric Truncation Error BadSource: fscanf Read data from the console using fscanf() GoodSource: Less than CHAR_MAX Sink: to_char BadSink : Convert data to a char Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 195 Signed to Unsigned Conversion Error BadSource: fscanf Read data from the console using fscanf() GoodSource: Positive integer Sink: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 195 Signed to Unsigned Conversion Error BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sinks: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 64 Data flow: void pointer to data passed from one fu...

CWE: 194 Unexpected Sign Extension BadSource: negative Set data to a fixed negative number GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 194 Unexpected Sign Extension BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Positive integer Sink: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 41 Data flow: data passed as an argument from one function to anot...

CWE: 194 Unexpected Sign Extension BadSource: fscanf Read data from the console using fscanf() GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 65 Data/control ...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: printf GoodSink: printf with %s as the first argument and data as the second BadSink : printf with only data as an argument Flow Variant: 45 Data flow: data passed as ...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: printf GoodSink: printf with %s as the first argument and data as the second BadSink : printf with only data as an argument Flow Vari...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE...

CWE: 126 Buffer Overread BadSource: large Large index value that is greater than 10-1 GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 54 Data flow: data pa...

CWE: 124 Buffer Underwrite BadSource: negative Negative index value GoodSource: Non-negative but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the lower bound Flow Variant: 65 Data/control flow: data passed as an arg...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate memory without using sizeof(int) GoodSource: Allocate memory using sizeof(int) Sinks: memmove BadSink : Copy array to data using memmove() Flow Variant: 67 Data flow: data passed in a struct from one function to another in different so...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: ncat BadSink : Copy string to data using wcsncat Flow Variant: 15 Control flow: switch(6)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different s...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = struct, Pointer = no, Index complexity = variable, Address complexity =...