CWE: 590 Free Memory Not on Heap BadSource: alloca Data buffer is allocated on the stack with alloca() GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different source files

CWE: 510 Trapdoor Sinks: hostname_based_logic GoodSink: No host-based logic BadSink : Different logic if a connection is made from a specific host name Flow Variant: 18 Control flow: goto statements

CWE: 475 Undefined Behavior for Input to API Sinks: GoodSink: Copy overlapping memory regions using memmove() BadSink : Copy overlapping memory regions using memcpy() Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 457 Use of Uninitialized Variable BadSource: partial_init Initialize part, but not all of the array GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 16 Control flow: while(1)

CWE: 426 Untrusted Search Path BadSource: Dont specify the full path in the OS command GoodSource: Specify the full path in the OS command Sink: system BadSink : Execute the system function Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 401 Memory Leak BadSource: realloc Allocate data using realloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 22 Control flow: Flow controlled by value of a global variable. Sink functions are in a separate ...

CWE: 400 Resource Exhaustion BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Assign count to be a relatively small number Sinks: sleep GoodSink: Validate count before using it as a parameter in sleep function BadSink : Use count as the parameter for sleep w...

CWE: 400 Resource Exhaustion BadSource: fscanf Read data from the console using fscanf() GoodSource: Assign count to be a relatively small number Sinks: fwrite GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file count number of times Flow Vari...

CWE: 400 Resource Exhaustion BadSource: fscanf Read data from the console using fscanf() GoodSource: Assign count to be a relatively small number Sinks: for_loop GoodSink: Validate count before using it as the loop variant in a for loop BadSink : Use count as the loop variant in a for loop ...

CWE: 398 Poor Code Quality Sinks: empty_for GoodSink: For statement contains code BadSink : An empty for statement has no effect Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 273 Improper Check for Dropped Privileges Sinks: RpcImpersonateClient GoodSink: Check the return value of RpcImpersonateClient() and handle it properly BadSink : Do not check if RpcImpersonateClient() fails Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 256 Plaintext Storage of Password BadSource: Read the password from a file GoodSource: Read the password from a file and decrypt it Sinks: GoodSink: Decrypt the password then authenticate the user using LogonUserW() BadSink : Authenticate the user using LogonUserW() Flow Variant: 02 C...

CWE: 197 Numeric Truncation Error BadSource: fscanf Read data from the console using fscanf() GoodSource: Less than CHAR_MAX Sink: BadSink : Convert data to a char Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 194 Unexpected Sign Extension BadSource: negative Set data to a fixed negative number GoodSource: Positive integer Sinks: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can cause a...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 02 C...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an overf...

CWE: 190 Integer Overflow BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Fl...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for char GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 51 Data flow: ...

CWE: 126 Buffer Overread BadSource: large Large index value that is greater than 10-1 GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 42 Data flow: data re...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using wcscat Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: memcpy BadSink : Copy string to data using memcpy() Flow Variant: 51 Data flow: data passe...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sinks: loop BadSink : Copy array to data using a loop Flow Variant: 67 Data flow: data passed in...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = con...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = pointer, Memory location = stack, Scope = same, Container = no, Pointer = no, Index complexity = constant, Address complexity = const...