CWE: 90 LDAP Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 16 Control flow: while(1)

CWE: 773 Missing Reference to Active File Descriptor or Handle BadSource: Create a file descriptor using open() Sinks: GoodSink: Close the file before reusing the file descriptor BadSink : Reassign the file descriptor before closing the file Flow Variant: 51 Data flow: data passed as an arg...

CWE: 475 Undefined Behavior for Input to API Sinks: GoodSink: Copy overlapping memory regions using memmove() BadSink : Copy overlapping memory regions using memcpy() Flow Variant: 17 Control flow: for loops

CWE: 369 Divide by Zero BadSource: listenSocket Read data using a listen socket (server side) GoodSource: A hardcoded non-zero number (two) Sinks: GoodSink: Check value of or near zero before dividing BadSink : Divide a constant by data Flow Variant: 65 Data/control flow: data passed as an ...

CWE: 272 Least Privilege Violation Sinks: RegOpenKeyEx GoodSink: Open a registry key using RegOpenKeyExW() and HKEY_CURRENT_USER BadSink : Open a registry key using RegOpenKeyExW() and HKEY_LOCAL_MACHINE Flow Variant: 16 Control flow: while(1)

CWE: 253 Incorrect Check of Return Value Sinks: w32CreateMutex GoodSink: Correctly check if CreateMutexA() failed BadSink : Incorrectly check if CreateMutexA() failed Flow Variant: 16 Control flow: while(1)

CWE: 197 Numeric Truncation Error BadSource: fgets Read data from the console using fgets() GoodSource: Less than CHAR_MAX Sink: BadSink : Convert data to a char Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 197 Numeric Truncation Error BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Less than CHAR_MAX Sink: to_short BadSink : Convert data to a short Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 194 Unexpected Sign Extension BadSource: fscanf Read data from the console using fscanf() GoodSource: Positive integer Sink: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 22 Control flow: Flow controlled by value of a global variable. Sink function...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand(), which may be zero GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an overf...

CWE: 190 Integer Overflow BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Fl...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an overflow ...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 07 Control flow: i...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fwprintf with %s as the second argument and data as the third BadSink : fwprintf with data as the second argument Flow Variant: 02 Control flow: if(1...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 08 Control flow: if(staticReturn...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fprintf with %s as the second argument and data as the third BadSink : fprintf with data as the second argument Flow Variant: 54 Data flow: d...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: memcpy BadSink : Copy data to string using memcpy Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 61 Data flow: data returned from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sinks: loop BadSink : Copy array to data using a loop Flow Variant: 64 Data flow: void pointer t...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: ncpy BadSink : Copy string to data using strncpy() Flow Variant: 07 Control flow: if(stati...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: loop BadSink : Copy array to data using a loop Flow Variant: 16 Control flow: while(1)

CWE: 121 Stack Based Buffer Overflow BadSource: Allocate memory without using sizeof(int) GoodSource: Allocate memory using sizeof(int) Sink: memcpy BadSink : Copy array to data using memcpy() Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)