CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 45 Data flow: data passed as a static global variable from one...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Set data to a small, non-zero number (two) Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 8...

CWE: 773 Missing Reference to Active File Descriptor or Handle BadSource: Create a file handle using CreateFile() Sinks: GoodSink: Close the file handle before reusing it BadSink : Reassign the file handle before closing it Flow Variant: 74 Data flow: data passed in a map from one function ...

CWE: 762 Mismatched Memory Management Routines BadSource: realloc Allocate data using realloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 22 Control flow: Flow controlled by value of a global ...

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 84 Data flow: data passed to class constructor and destr...

CWE: 672 Operation on Resource After Expiration or Release BadSource: Add values to the list, including the number zero GoodSource: Add value to the list that are not zero Sinks: GoodSink: Iterate through the list without attempting to clear its contents BadSink : Iterate through the list, ...

CWE: 665 Improper Initialization BadSource: Do not initialize data properly GoodSource: Initialize data Sinks: cat BadSink : Copy string to data using strcat Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 590 Free Memory Not on Heap BadSource: static Data buffer is declared static on the stack GoodSource: Allocate memory on the heap Sinks: BadSink : Print then free data Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 415 Double Free BadSource: Allocate data using new and Deallocae data using delete GoodSource: Allocate data using new Sinks: GoodSink: do nothing BadSink : Deallocate data using delete Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (withi...

CWE: 415 Double Free BadSource: Allocate data using new and Deallocae data using delete GoodSource: Allocate data using new Sinks: GoodSink: do nothing BadSink : Deallocate data using delete Flow Variant: 83 Data flow: data passed to class constructor and destructor by declaring the class ...

CWE: 415 Double Free BadSource: Allocate data using malloc() and Deallocate data using free() GoodSource: Allocate data using malloc() Sinks: GoodSink: do nothing BadSink : Deallocate data using free() Flow Variant: 74 Data flow: data passed in a map from one function to another in differe...

CWE: 401 Memory Leak BadSource: Allocate data using new GoodSource: Allocate data on the stack Sinks: GoodSink: call delete on data BadSink : no deallocation of data Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 401 Memory Leak BadSource: Allocate data using new[] GoodSource: Point data to a stack buffer Sinks: GoodSink: call delete[] on data BadSink : no deallocation of data Flow Variant: 01 Baseline

CWE: 36 Absolute Path Traversal BadSource: file Read input from a file GoodSource: Full path and file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sinks: ifstream BadSink : Open the file named in data using ifstream::open() Flow Variant: 62 Data flow: data flows using a C++ reference from one function to an...

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sinks: fopen BadSink : Open the file named in data using fopen() Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sink: fopen BadSink : Open the file named in data using fopen() Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 191 Integer Underflow BadSource: min Set data to the min value for short GoodSource: Set data to a small, non-zero number (negative two) Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can c...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with %s as the third argument and data as the fourth BadSink : snprintf with data as the third argument Flow Variant: 62 Data flow: data fl...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 51 Data flow: data passed as an argument from one function to anot...

CWE: 126 Buffer Overread BadSource: fgets Read data from the console using fgets() GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 83 Data flow: data passe...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data to a small buffer GoodSource: Initialize data to a buffer large enough to hold a TwoIntsClass Sinks: GoodSink: Allocate a new class using placement new and a buffer that is large enough to hold the class BadSink : Allocate a new...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sinks: memmove BadSink : Copy int64_t array to data using memmove Flow Variant: 61 Data flow: data returned from...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate memory for a string, but do not allocate space for NULL terminator GoodSource: Allocate enough memory for a string and the NULL terminator Sink: ncpy BadSink : Copy string to data using strncpy() Flow Variant: 12 Control flow: if(globa...