CWE: 590 Free Memory Not on Heap BadSource: alloca Data buffer is allocated on the stack with alloca() GoodSource: Allocate memory on the heap Sinks: BadSink : Print then free data Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the same so...

CWE: 546 Suspicious Comment Sinks: FIXME GoodSink: Comments show no indications of broken code BadSink : Comment contains the word FIXME Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 534 Information Exposure Through Debug Log Files Sinks: GoodSink: Write to the log, but do not write the password BadSink : Write to the log and include the password Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 457 Use of Uninitialized Variable BadSource: no_init Dont initialize data GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 17 Control flow: for loops

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using open() Sinks: fclose GoodSink: Close the file using close() BadSink : Close the file using fclose() Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 401 Memory Leak BadSource: malloc Allocate data using malloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three different...

CWE: 401 Memory Leak BadSource: calloc Allocate data using calloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three different...

CWE: 327 Use of a Broken or Risky Cryptographic Algorithm Sinks: RC5 GoodSink: Use AES for decryption BadSink : Use RC5 for decryption Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 253 Incorrect Check of Return Value Sinks: scanf GoodSink: Correctly check if scanf() failed BadSink : Incorrectly check if scanf() failed Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 253 Incorrect Check of Return Value Sinks: putchar GoodSink: Correctly check if putchar() failed BadSink : Incorrectly check if putchar() failed Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 253 Incorrect Check of Return Value Sinks: fputs GoodSink: Correctly check if fputs() failed BadSink : Incorrectly check if fputs() failed Flow Variant: 17 Control flow: for loops

CWE: 191 Integer Underflow BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multip...

CWE: 191 Integer Underflow BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multip...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 54 Data flow: da...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cau...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 45 Data flow: data passed ...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 11 Control flow: if(global...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 54 Data flow: da...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 34 Data flow: use of a union con...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int array to data using memcpy Flow Variant: 16 Control flow: while(1)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int64_t array to data using memcpy Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sink: ncpy BadSink : Copy string to data using wcsncpy() Flow Variant: 06 Control flow: if(STATI...

Attempt to assign memory content that has already been freed.