CWE: 511 Logic Time Bomb Sinks: w32CompareFileTime GoodSink: After a certain date, do something harmless BadSink : After a certain date, do something bad Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 482 Comparing Instead of Assigning Sinks: GoodSink: Assigning BadSink : Comparing instead of assigning Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 369 Divide by Zero BadSource: connect_socket Read data using a connect socket (client side) GoodSource: A hardcoded non-zero number (two) Sinks: GoodSink: Check value of or near zero before dividing BadSink : Divide a constant by data Flow Variant: 05 Control flow: if(staticTrue) and i...

CWE: 328 Reversible One Way Hash Sinks: MD2 GoodSink: Use SHA-512 as a hashing algorithm BadSink : Use MD2 as a hashing algorithm Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication API ...

CWE: 256 Plaintext Storage of Password BadSource: Read the password from a file GoodSource: Read the password from a file and decrypt it Sinks: GoodSink: Decrypt the password then authenticate the user using LogonUserW() BadSink : Authenticate the user using LogonUserW() Flow Variant: 64 D...

CWE: 252 Unchecked Return Value Sinks: w32CreateMutex GoodSink: Check the return value of CreateMutexA() and handle it properly BadSink : Do not check if CreateMutexA() fails Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 195 Signed to Unsigned Conversion Error BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sink: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(static...

CWE: 194 Unexpected Sign Extension BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Positive integer Sink: memcpy BadSink : Copy strings using memcpy() with the length of data Flow Variant: 41 Data flow: data passed as an argument from one function to anothe...

CWE: 194 Unexpected Sign Extension BadSource: fscanf Read data from the console using fscanf() GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 191 Integer Underflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (negative two) Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an ...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vwprintf with a format string BadSink : vwprintf without a format string Flow Variant: 32 Data flow using two pointer...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: fprintf GoodSink: fwprintf with %s as the second argument and data as the third BadSink : fwprintf with data as the second argument F...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with %s as the third argument and data as the fourth BadSink : snprintf with data as the third argument Flow Varian...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 18 Control flow: goto statements

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 22 Control flow: Flow controlled by value of a global va...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy data to string using strncpy Flow Variant: 52 Data flow: data passed as an argument from one function to another...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 53 Data flow: data passed as an argument from one function through t...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using strncat Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three diffe...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncpy BadSink : Copy data to string using strncpy Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all...

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: ncpy BadSink : Copy string to data using strncpy() Flow Variant: 53 Data flow: data passed...

CWE: 114 Process Control BadSource: console Read input from the console GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fifth; all five functi...

The test case shows a Stack Overflow.